Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1667
Views
5
Helpful
5
Replies

Cisco ACS 3.1 Database Replication error

mtumarinson
Level 1
Level 1

‎05-09-2003 10:22 AM - edited ‎03-10-2019 07:17 AM

I set up two new Cisco ACS servers on Win2k and followed directions on setting up database replication. However, when I try to replicate the databases I get the following error message in the log:

ACS has denied replication request. I could not find any information on this error can somebody tell me what am I doing wrong.

Labels:
0 Helpful
5 Replies 5

mhoda
Level 5
Level 5

‎05-10-2003 12:34 AM

This an authentication error. When primary ACS replicate the secondary one, it sends its ip as its idenfier and the password that you have defined for itself. So, if you go to Network configuration on primary server, and click on your primay AAA server (which is the machine itself) in the AAA Servers table, you will have the option to put your password. This is the password that it uses to authenticate with the secondary server. So, on the secondary one when you define the AAA server for this primary server, please make sure to enter this same password that you have define on the primay for itself. As primary server is replicating the secondary one, secondary server will authenticate the primary (0ne way authentication).

Please let me know if this ressolves the issue. Thanks,

Mynul

0 Helpful

drussell
Level 1
Level 1
In response to mhoda

‎05-13-2003 05:55 AM

I have the same issue. I have reset the keys to the same value and I still get the error message saying that the secondary is denying the replication. Is there anything else to check?

0 Helpful

drussell
Level 1
Level 1
In response to drussell

‎05-13-2003 06:03 AM

Never mind. I found an earlier post that has thesolution: Do not select the primary ACS sever on the secondary as a replication partner.

mtumarinson
Level 1
Level 1
In response to drussell

‎05-13-2003 06:26 AM

Thanks I got it to work. I had to take the Primary ACS server off from the Secondary Server as a replication partner. Now I am able to replicate database. However, if the primary server will go down and the secondary will handle authentication and I need to add a user to the secondary server how will it replicate if it is only set to receive updates from the primary. I tried to add a user to the secondary ACS server and it was not replicated to the Primary ACS server. It seem that you can not replicate from the secondary server. In ver 2.6 I was able to do so.

0 Helpful

mhoda
Level 5
Level 5
In response to mtumarinson

‎05-13-2003 11:13 AM

Hi, yes, you cannot define primary as your replication partner on the secondary server. Replication in both way is not allowed in ACS. It has be done in one way. All the configuration changes must go to one server (primary). In your case, the best you can do is, if/when the primary goes down, and if you need to make the changes on the secondary then primary came back, reconfigure your replication that is make the secondary as primary and primary as secondary, then do just one time manual replication. After that make the changes the back as it was before. Thanks, Mynul

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents