I have just installed ACS 4.2 on two VMware hosts. I've configured database replication but it won't work. The error message is "shared secret mismatch". This error message occurs if a NAT device is in the path (which it isn't in this case) or if the tcp header is otherwise changed during transmission. I'm wondering if VMware is adding something to the TCP header. Has anyone come across this problem before or has anyone successfully implemented ACS replication when both hosts are on VMware?
I see that you are getting "shared secret mismatch error" under database replication logs. Just wanted to inform you that this is not because of nat'ed device. This happens when we have different keys for AAA servers on primary and secondary ACS.
The primary server must be configured as an AAA server and must have a key.
The secondary server must have the primary server configured as an AAA
server and its key for the primary server must match the primary servers own
key. The shared secret key should be same on the both the ACS's.
I am sending you one link for Setting Up Replication for Cisco Secure ACS, I
am sure this example with screen shots gives you better understanding.
can you please post your solution. I have lost about 1 week with a very similar problem. I have acs 4.2 installed on VMware. When I add devices with the necessary name, IP address and shared secret and then proceed to save, submit, I get an error message "shared secret must not be blank". I have created new virtual machines, added patches, completed reinstalled, but the same error....it's driving me crazy. It is a very simply task.
The instructions tell you to create an entry on server1 for server2 and vice versa. It didn't work when I did this.
The solution was as follows. In the AAA server table on my server1, there is a default entry for server1 itself with a key of "secret_value". Change this to a key of your choice. On server2 I then added an entry for server1 using the same key.
This solved the problem and is somewhat different to the instructions on CCO.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...