We have an existing ACS 5.4, 1 primary, 1 secondary. Im not really sure which procedure to follow. On the upgrade document from Cisco, you need to upgrade the log collector, then the secondary, then the primary. In our setup, the Primary server is the log collector. There is a note that in this scenario, we need to promte the secondary as the new primary.
Lets say, ACS1b primary, ACS2a secondary:
So this is where it confuses me.When you change the Secondary to the new Primary server, does this mean that the log collector will now be the OLD Primary (ACS1b), or does it also change to ACS2a?
Cisco doc really get one confused. I agree on that.
Now, I opened a TAC case to get things clarified. My scenario is like yours except two things:
1- I have ACS 5.3.
2- I have the secondary as a log collector.
The TAC engineer confirmed that after you de-register (that means both servers are standalone now) you need to upgrade the log collector first. (in the scenario of having only two ACS servers, one primary and one secondary).
From my point of view, it does not matter which one you pugrade if all your servers in standalone mode. it would matter more if you have more than two servers.
if more than two servers exist you need to isolate one server only and upgrade it while others are still in one cluster. In two-servers-only scenario, when you de-register then you will have no servers in one cluster so you can upgrade whatever you want. Your only concern will be the logs and how will they be kept during the upgrade of the log-collector. As per the TAC you have to use external syslog server and configure it as a remote logging target on both srevers before doing the upgrade.
Rating useful replies is more useful than saying "Thank you"
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...