Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Issue after ACS server migration

Hi All,

            We had that ACS VM server that was loosing PING from time to time, after a bunch of unsuccessful troubleshooting. We have decided to rebuild the vm machine and migrate ACS from backup to the new server.

So the new server is built and migration was okey. Both machine were runing at the same time with the same cert! No new cert issued yet for the new server. After a patch install, the new server is no longer received auth request(anything doesn't show in the pass/failed auth logs). But the old server still receive the request,but client,mainly laptop, can't authen(log showing supliant didn't respond correctly to ACS, check suppliant ) while BLACKBERRY still able to auth with the old server just fine! Certs for BB were imported from Clients.

My question is: Do i need a new cert for the new server or can the new server will still able to use the cert for the old server. BTW the name of the server and IP add were changed during the rebuild which making me think to issue new cert for the it(just comon sense)?

Thanks,

JPE

2 REPLIES
Cisco Employee

Re: Issue after ACS server migration

It is not clear whether the new server is at the old server's IP address or not.

If it is at a new IP address, have you changed the configuration on your AAA clients (routers, switches, wireless access points, etc.) so they use the new ACS server?

New Member

Re: Issue after ACS server migration

All the IPs have been changed in all the device. Infact, all the device have the new server IP address as the primaire contact and the second server as a backup. It was working fine this way yesterday. The primary server got all the request and authicated all the client. According to the Server guys that build the server, it was a patch install yesterday evening and this patch suppose to get the new server OPERATIONAL. I don't really know what he means that operational.

Once again my question is, I do  i need a new cert for the server? Which I think makes sense,but I don't this is the only issue. With a cert issue, the server should still receive auth request,but all auth will fail with mentioned: auth fail during ssl handshake. But there is nothing in the logs, i triple check the log is enable!! For me this server does not receive the request come from the client!!

Thanks a bunch,

JPE

180
Views
0
Helpful
2
Replies