Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with Cisco ACS Replication

We recently encountered problems with the database replication of our ACS servers -- Server1 and Server2 (separate location).

The last successful replication was last midnight of 02/22/2009 and started to fail at around 18:17 hours of the same date.

However ICMP (ping) is successful between the two devices.

error is: "Cannot replicate to 'server2' - server not responding.

Can you help me with this?

Thanks!

3 REPLIES
New Member

Re: Problem with Cisco ACS Replication

These are the reports from ACS:

DATE:02/22/2009 - TIME:00:00:05 - STATUS:Info - MESSAGE:Outbound replication cycle starting...

DATE:02/22/2009 - TIME:00:00:29 - STATUS:Info - MESSAGE:Replication to ACS 'PCGAU2001' was successful...

DATE:02/22/2009 - TIME:00:00:29 - STATUS:Info - MESSAGE:Outbound replication cycle completed...

DATE:02/22/2009 - TIME:18:17:17 - STATUS:Warning - MESSAGE:Cannot replicate to 'PCGAU2001' - server not responding...

I need a little help in here please. Thanks. =)

Bronze

Re: Problem with Cisco ACS Replication

If you happen to have an ASA, FWSM or PIX between the ACS Servers make sure that the "skinny inspection" is disabled on those firewalls.

I had similar errors after moving the ACS'es behind my FWSM's and it was indeed the skinny inspection from the firewall which messed up my replication.

Both skinny and the database replication use tcp 2000 and therefore the firewall thinks its seeing voice traffic and corrupts your packets. At least that was the problem in my case.

Following info from a doc focusing on ACS replication.

ACS Error - Cannot replicate to - server not responding - This error message appears in the replication report log when Database replication fails.This error is caused when Skinny Inspection is enabled as both Skinny protocol and Database replication in ACS uses same TCP port 2000. In order to resolve the issue, disable Skinny Inspection.

Source:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml#prs

Hope it helps.

Roble

New Member

Re: Problem with Cisco ACS Replication

Thank you for your suggestion, but we don't have an ASA, only netscreen devices and we're not doing any inspection regarding skinny.. The only thing is before, it's working properly.. We just don't know why we have come up to an ACS Error like this..

Do you have any other way to solve this? Also the possible cause of this error? I'll gladly appreciate your help..

Thanks so much! =)

791
Views
0
Helpful
3
Replies
CreatePlease login to create content