01-11-2007 09:02 AM - edited 03-10-2019 02:55 PM
Yesterday we had two ACS 4.0 servers installed on Windows 2000 Domain Controllers that were working great. ACS1 was the primary server and replication was configured to send to ACS2. ACS2 replication was configured to receive from ACS1.
We lost ACS2 yesterday so I installed ACS 4 on a 2003 Domain Controller (ACS3). I installed ACS3, went into network configuration and added ACS1 as an AAA server.
I then logged onto ACS1 and added ACS3 as an AAA server and configured ACS3 as a replication partner.
It is not replicating - if I look at the log I get
ERROR, ACS 'ACS3' has denied replication request
I do not have the primary as a replication on the secondary.
I have some screen shots of the configuration from ACS2 and I've duplicated everything I've could (except for name and IP).
Any ideas on what I can try next?
01-11-2007 09:27 AM
Did you configure ACS3 to receive replication ? And the same components as the ACS1 is set to send ?
01-11-2007 11:48 AM
I configured ACS3 to receive replication - everything that ACS1 is configured to send, ACS3 is configured to receive.
01-12-2007 12:29 PM
On ACS3's replication page is ACS1 set on the box which says "Replication" under partners ? If it is then please remove it and try.
Also make sure that the ACS1's key in ACS3 is correctly set in Network Configuration.
01-13-2007 02:56 PM
ACS3 does not have any replication partners set.
The key for ACS1 matches the configuration on ACS3. Thanks.
01-15-2007 04:50 AM
What do ACS3's replication logs say ?
01-15-2007 12:40 PM
The logs from acs3 report
Inbound database replication from ACS 'acs1' denied - shared secret mismatch
I reset the key on ACS and ACS3 and it still gave me the same error.
01-16-2007 04:26 AM
The keys which matter are :-
1. The key on the self entry of ACS1
2. The key on the ACS1's entry on ACS3.
01-16-2007 06:24 AM
They are both the same very easy password.
01-16-2007 08:15 AM
Thats wierd.
All alphabets no special characters ?
01-16-2007 10:00 AM
You can try using no secret keys at all
03-06-2007 02:34 PM
I had what seems to be the same issue.
In my case I have two ACS SE 1113 appliances, but the issue could still be the same with your Windows servers.
The appliance has two NIC's - I had both of the NIC's connected. Although the appliance only allows you to use the Primary NIC (the bottom one) ACS still detected the Secondary NIC and creates an additional "AAA Server" entry under the "Network Configuration" tab called "self". You should only have one "self" entry in your AAA Server list, not two.
Unfortunately I couldn't find a way to undo this. So I disconnected the Secondary NIC (the top one) and used the recovery CD to reload both of my ACS devices. Now everything works just fine.
- Nate
03-07-2007 10:09 AM
We ended up deleting all the access points from the 2nd server and then doing another replication. Afterwards everything started working. They believe the first replication was corrupted somewhow.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: