Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS Replication Issue

Yesterday we had two ACS 4.0 servers installed on Windows 2000 Domain Controllers that were working great. ACS1 was the primary server and replication was configured to send to ACS2. ACS2 replication was configured to receive from ACS1.

We lost ACS2 yesterday so I installed ACS 4 on a 2003 Domain Controller (ACS3). I installed ACS3, went into network configuration and added ACS1 as an AAA server.

I then logged onto ACS1 and added ACS3 as an AAA server and configured ACS3 as a replication partner.

It is not replicating - if I look at the log I get

ERROR, ACS 'ACS3' has denied replication request

I do not have the primary as a replication on the secondary.

I have some screen shots of the configuration from ACS2 and I've duplicated everything I've could (except for name and IP).

Any ideas on what I can try next?

12 REPLIES
Cisco Employee

Re: ACS Replication Issue

Did you configure ACS3 to receive replication ? And the same components as the ACS1 is set to send ?

New Member

Re: ACS Replication Issue

I configured ACS3 to receive replication - everything that ACS1 is configured to send, ACS3 is configured to receive.

Cisco Employee

Re: ACS Replication Issue

On ACS3's replication page is ACS1 set on the box which says "Replication" under partners ? If it is then please remove it and try.

Also make sure that the ACS1's key in ACS3 is correctly set in Network Configuration.

New Member

Re: ACS Replication Issue

ACS3 does not have any replication partners set.

The key for ACS1 matches the configuration on ACS3. Thanks.

Cisco Employee

Re: ACS Replication Issue

What do ACS3's replication logs say ?

New Member

Re: ACS Replication Issue

The logs from acs3 report

Inbound database replication from ACS 'acs1' denied - shared secret mismatch

I reset the key on ACS and ACS3 and it still gave me the same error.

Cisco Employee

Re: ACS Replication Issue

The keys which matter are :-

1. The key on the self entry of ACS1

2. The key on the ACS1's entry on ACS3.

New Member

Re: ACS Replication Issue

They are both the same very easy password.

Cisco Employee

Re: ACS Replication Issue

Thats wierd.

All alphabets no special characters ?

Cisco Employee

Re: ACS Replication Issue

You can try using no secret keys at all

New Member

Re: ACS Replication Issue

I had what seems to be the same issue.

In my case I have two ACS SE 1113 appliances, but the issue could still be the same with your Windows servers.

The appliance has two NIC's - I had both of the NIC's connected. Although the appliance only allows you to use the Primary NIC (the bottom one) ACS still detected the Secondary NIC and creates an additional "AAA Server" entry under the "Network Configuration" tab called "self". You should only have one "self" entry in your AAA Server list, not two.

Unfortunately I couldn't find a way to undo this. So I disconnected the Secondary NIC (the top one) and used the recovery CD to reload both of my ACS devices. Now everything works just fine.

- Nate

New Member

Re: ACS Replication Issue

We ended up deleting all the access points from the 2nd server and then doing another replication. Afterwards everything started working. They believe the first replication was corrupted somewhow.

426
Views
0
Helpful
12
Replies