Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1386
Views
10
Helpful
5
Replies

ACS 5.5 Cluster

hdussa
Level 1
Level 1

‎06-05-2014 02:14 AM - edited ‎03-10-2019 09:46 PM

Hello,

we´ve a Cluster with 3 ACS5.5 Patch 3. Yesterday i´ve configured a lot. This morning the replication-id of the secondary Members differs.

Master: 16587 ;  Secondary 16502.

This results in a lot of problems, when the first server for authentication is a secondary. Reload does not solve the problem.

"Full replication" under "System Adininstration/Operations/Distributed System Management" solved the problem.

MY QUESTION. Is there a possibility to generate a Alarm/Syslog message when the ID from Secondary differs of 5 to the Primary?

 

Regards Horst

 

 

Labels:
0 Helpful
5 Replies 5

edwardcollins7
Level 1
Level 1

‎06-05-2014 08:41 AM

Hey,
 
The feature set in ACS 5.5 might cater to your requirement:
 
Support for new diagnostic messages and alarms for replication failures—ACS 5.5 triggers new replication-related diagnostic messages and alarms to alert the administrator of replication issues in a deployment.
New Diagnostic Messages
 
Secondary node cannot establish communication channel against primary node on Heartbeat/Replication/Replay topic.
 
Primary node cannot establish communication channel against secondary node on Heartbeat/Replication/Replay topic.
 
Heartbeat from primary/secondary indicates that secondary is not synchronized with primary for long time.
 
No heartbeat status is received from secondary during certain amount of time.
 
No heartbeat status is received from primary node during certain amount of time.
 
New Alarms
 
Secondary node stopped from processing replications.
 
Secondary node cannot establish communication channel against Primary node on Heartbeat/Replication/Replay topic.
 
Primary node cannot establish communication channel against secondary node on Heartbeat/Replication/Replay topic.
 
Heartbeat from Primary/Secondary indicates that Secondary is not synchronized with Primary for a long time.
 
No heartbeat status is received from secondary during certain amount of time.
 
No heartbeat status is received from primary node during certain amount of time.
 
You can view these alarms in your Alarms Inbox from the ACS web interface. The new messages and alarms allow you to easily identify the root cause of the replication issue. ACS displays a workaround for the replication issues along with the alarm messages. You can use the workaround to fix the replication issues.
 
Ref: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/release/notes/acs_55_rn.html

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

hdussa
Level 1
Level 1
In response to edwardcollins7

‎06-12-2014 12:37 AM

Hi Ed,

thx for the fast reply. But i´m still a little bit confused. What kind of workaround is meant?

The Alarm that is displayed is 

sorad1Wed Jun 04 14:15:06 CEST 2014CSCOacs_Internal_Operations_DiagnosticsFATALApplying configuration changes failed

 

I have no Alarms, which indicates replication problems.

 

Horst

0 Helpful

edwardcollins7
Level 1
Level 1
In response to hdussa

‎06-12-2014 02:59 AM

Hi Horst,

This workaround is in 5.5, not in 5.3.

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

hdussa
Level 1
Level 1
In response to edwardcollins7

‎06-12-2014 03:15 AM

i´m using a cluster 5.5 Patch 3.

0 Helpful

hdussa
Level 1
Level 1
In response to edwardcollins7

‎06-12-2014 03:28 AM

Hi Ed,

i can´t find the workaround!

0 Helpful
Customers Also Viewed These Support Documents