Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
4
Helpful
8
Replies

ACS upgrad question

Go to solution
srosenthal
Level 4
Level 4

‎02-02-2009 01:36 PM - edited ‎03-10-2019 04:19 PM

I am getting ready to upgrade two ACS servers and I have a couple of questions. Both servers are running 4.0.27 and I am going to take them to the latest revision. I have all the files and the proper patches that are needed based on all I read in the release notes. My questions are:

1. As long as I leave one ACS running, is it a problem to down the other for upgrade?

2. Will all current server certificates that are installed stay or will they need to be re-applied after the upgrade?

3. Current certificate is issued by an IAS server and is going to expire soon. What is the procedure for me to apply the new certificate?

Thanx, Seth

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
8 Replies 8

Go to solution
Ivan Martinon
Level 7
Level 7

‎02-02-2009 05:54 PM

Hi Seth, Before applying any upgrade to yoru boxes make sure you save a backup of your configuration with the backup feature of ACS.

1. If you leave one ACS running you can make the upgrade of the other device without having issues, make sure you point all of your NAS (routers switches and so) to the active ACS.

2. All the system settings will remain on the box regardless of the upgrade, so certificates should stay.

3. You will need to regenerate a re enrollment request to your IAS before your Cert expires since you need to have the ACS generate the private key.

Go to solution
srosenthal
Level 4
Level 4
In response to Ivan Martinon

‎02-03-2009 05:16 AM

Thank you for the information.

Are you or anybody else able to provide more information on the last item? Do I get the ACS to do a re-enrollment request? Does the private key generate by itself once I get the cert?

Seth

0 Helpful

Go to solution
srosenthal
Level 4
Level 4
In response to Ivan Martinon

‎02-03-2009 07:25 AM

Thank you very much, that was extremely helpful.

Seth

0 Helpful

Go to solution
srosenthal
Level 4
Level 4
In response to srosenthal

‎02-04-2009 08:13 AM

I am trying to do the upgrade and am running into a problem. When I try to extract the zip file as instructed in the readme notes I get a message asking me to provide a password to overwrite the files.

Any idea what the password is?

Seth

0 Helpful

Go to solution
Ivan Martinon
Level 7
Level 7
In response to srosenthal

‎02-04-2009 08:21 AM

I am not aware of a password being asked..

0 Helpful

Go to solution
srosenthal
Level 4
Level 4
In response to Ivan Martinon

‎02-04-2009 08:47 AM

Well, here is another bump in the road. It seems that our backup ACS server is actually down. Not sure why, but we found this out after we downed the primary ACS server. I cannot get the ACS service started for some reason.

My question is this, if I remove the ACS software, do a re-install of the same version. Get the basic configs into it and then do a database replication from the primary. Will the database replication also replicate certificates that have been installed?

Seth

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to srosenthal

‎02-04-2009 09:02 AM

Seth,

Certs are not replicated.

Regards,

~JG

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents