Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
928
Views
0
Helpful
0
Comments

ACS 5.3 - Unable to Re-Register Secondary to Primary-Registration failed

Vinay Sharma
Level 7
Level 7

‎04-22-2015 03:10 AM - edited ‎02-21-2020 10:01 PM

 

Introduction

ACS 5.3 - Unable to Re-Register Secondary to Primary, Registration failed

Scenario

User ran a failover test between our primary and secondary ACS systems (ran 'acs stop' on the primary) and in the process decided to promote the secondary while user had the primary down. All was fine until user brought the primary back up and tried to re-register the secondary to it. User got the following error message:

 

  acs_error.JPG

 

Under System Administration >Operations >Distributed System Management on each and it showed the other device as deregistered, tried to promote from there but it failed too, so deleted them and tried to register the secondary again. Rebooting both  ACS but didn't help. The user/pass, both the IP address and the hostname is correct. 

ACS/admin# sh app version acs

Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.3.0.40.5
Internal Build ID : B.839
Patches :
5-3-0-40-5

Solution

GUI credentials of super-admin are used to register secondary to primary.

SuperAdmin:

The Super Admin role has complete access to every ACS administrative function. If you do not need granular access control, this role is most convenient, and this is the role assigned to the predefined ACSAdmin account.

This role has Create, Read, Update, Delete, and eXecute (CRUDX) permissions on all resources.

Administrator Accounts and Role Association

Administrator account definitions consist of a name, status, description, e-mail address, password, and role assignment.

Note It is recommended that you create a unique administrator for each person. In this way, operations are clearly recorded in the audit log.
Administrators are authenticated against the internal database only.

You can edit and delete existing accounts. However, the web interface displays an error message if you attempt to delete or disable the last super administrator.

Only appropriate administrators can configure identities and certificates. The identities configured in the System Administration drawer are available in the Users and Identity Stores drawer, but they cannot be modified there.

Related Information

Problem: Error: "You are not authorized to view the requested page" when ACS 5.x admin with ChangeUserPassword role changes the password

ACS 5.x GUI admin user with the ChangeUserPassword role cannot change the password of the AAA user stored in the internal database. After changing the password, the user receives this pop-up error message: You are not authorized to view the requested page.

Solution

This can occur when the ACS 5.x database is migrated from ACS 4.x. Use the SuperAdmin privilege in order to change the user password. Refer to Cisco bug ID CSCty91045 (registered customers only) for more information.

Reference

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents