06-04-2007 03:44 PM - edited 03-10-2019 03:11 PM
I want to setup replication between two ACS 4.0.1.44 boxes. I added a AAA entry in each server pointing to the other server. I configured the exact same keys in the "self" and "added_ACS" on both machines.
After completing the Data replication setup on both servers, setting up one to send and the other to receive, I clicked on "Replicate Now" on the primary to test the replication.
Then I went to check the Database_replication.csv, the replication failed with the following error on the secondary:
Inbound database replication from ACS 'primary-ACS' denied - shared secret mismatch
I have made sure that the keys in the 2 AAA entries on each server are exactly the same. (self + added server, on both boxes have the SAME secret). I even tried to restart the ACS services, and then also reboot both ACS boxes. And it still did not work.
Is there something else I need to look into?
Thanks!
06-04-2007 04:55 PM
Hi,
If your AAA server is under NDG, then move then to "Not Assigned" and then try.
If we have a key defined on NDG level it over rides key on AAA client/AAA server level.
Regards,
Prem
10-19-2007 05:55 AM
Did moving the AAA server out of the NDG group to not assigned resolve this issue?
I think I might be having the same problem.
Thanks,
06-14-2007 05:12 AM
Please take a look at this bug
I have upgraded to 4.1.1
CSCse33757 Bug Details
ACS services couldn't load after replication/restore
Symptom:
After a replication between ACS servers, if the the secondary is restarted, the server/appliance will go to 100% CPU
Conditions:
-Replication between ACS servers
-Secondary is restarted, it will go to 100% CPU
Workaround:
None for the moment
Further Problem Description:
The problem is caused by a missing checkpoint to force the database to sync with the restore file. The reload will cause a DB corruption
Status
Fixed
Severity
2
Last Modified
In Last 7 Days
Product
Cisco Secure Access Control Server Solution Engine
Technology
1st Found-In
4.0(1.42)
4.1(1.5)
Fixed-In
4.1(1)
Related Bugs
if slave unit is rebooted after replication it will have and some servic
When replicating ACS appliances running 4.0, the replication proceeds without any errors. After replication the slave unit will pass authentication requests just fine. If you reboot the slave then the GUI will not come back up. If you connect to the console and do a show command, you will see that several services are not running. csacse-1113-1.cisco.com Cisco Secure ACS: 4.0.1.44 Appliance Management Software: 4.0.1.44 Appliance Base Image: 4.0.1.2 CSA build 4.0.1.543.2: (Patch: 4_0_1_543) Session Timeout: 10 Last Reboot Time: Thu Jul 13 07:24:05 2006 Current Date & Time: 7/13/2006 07:36:08 Time Zone: (GMT-05:00) Eastern Time (US & Canada) NTP Server(s): NTP Synchronization Disabled. CPU Load Free Disk Free Physical Memory 0.00% 17.0 GB 821 MB Appliance IP Configuration DHCP Enabled. . . . . . . . . . .: No IP Address. . . . . . . . . . . .: 10.36.1.100 Subnet Mask . . . . . . . . . . .: 255.255.255.0 Default Gateway . . . . . . . . .: 10.36.1.1 DNS Servers . . . . . . . . . . .: 10.11.12.13 --- Please hit enter to continue --- NTP Server(s): NTP Synchronization Disabled. CPU Load Free Disk Free Physical Memory 0.00% 17.0 GB 821 MB Appliance IP Configuration DHCP Enabled. . . . . . . . . . .: No IP Address. . . . . . . . . . . .: 10.36.1.100 Subnet Mask . . . . . . . . . . .: 255.255.255.0 Default Gateway . . . . . . . . .: 10.36.1.1 DNS Servers . . . . . . . . . . .: 10.11.12.13 --- Please hit enter to continue --- CSAdmin stopped CSAuth stopped CSDbSync stopped CSLog stopping CSMon starting CSRadius starting CSTacacs stopped CSAgent running You will not be able to restart the services from the command line. The only option is to use the recovery cd to recover the appliance
03-05-2009 12:51 PM
Hi,
Were you able to solve this??
I'm having the same situation.
Thanks in advance for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: