Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problems witch acs 4.2 replication

i installed the primary and secondary server.

i see only one problem in the logs.

when i try to replicate

i get this :

cisco acs 01/04/2012 23:50:58 NTVMEM73 INFO Outbound replication cycle starting...01/04/2012 23:40:25 NTVMEM73 INFO Outbound replication cycle starting...01/04/2012 23:29:51 NTVMEM73 INFO Outbound replication cycle starting...01/04/2012 23:19:16 NTVMEM73 INFO

further no issue

can someone helps me

16 REPLIES
Silver

Problems witch acs 4.2 replication

Hello,

Can you share screenshots of both ACS (Primary and Secondary) servers Replication configuration?

Remember that the Primary should have all the applicable "Replication Components" on send and none on "receive". Under "Outbound Replication" you can select any of the options other than "Automatically triggered cascade ".

Under "Partners" you should have the secondary ACS server on the right box.

For the secondary ACS server you should have all the applicable "Replication Components" on receive and none in send. Under "Outbound Replication" you should select "Manually".

Under "Partners" you should have the primary on the left box. No entries should be on the right box for the secondary server.

Also, remember that Replication occurs over TCP Port 2000. If you have a Cisco Firewall (ASA) between both servers, the Cisco Firewall inspects Skinny packets by default (voice packets) which also use TCP 2000. As the Replication packets do not comply with the Default Inspections policy of the ASA for TCP 2000 packets it will drop the packet. Skinny inspections should be disabled on the Firewall between Replicating ACS servers.

Hope this helps.

Regards.

New Member

Problems witch acs 4.2 replication

there is no firewall between the servers.

this is working on windows 2008 server.

on both servers these ports are open:

Scanning ntvmem74.zwolle.intern (10.128.8.117) [1000 ports]

Discovered open port 445/tcp on 10.128.8.117

Discovered open port 139/tcp on 10.128.8.117

Discovered open port 135/tcp on 10.128.8.117

Discovered open port 3389/tcp on 10.128.8.117

Discovered open port 49159/tcp on 10.128.8.117

Discovered open port 902/tcp on 10.128.8.117

Discovered open port 49152/tcp on 10.128.8.117

Discovered open port 912/tcp on 10.128.8.117

Discovered open port 2001/tcp on 10.128.8.117

Discovered open port 2002/tcp on 10.128.8.117

Discovered open port 49/tcp on 10.128.8.117

Discovered open port 49154/tcp on 10.128.8.117

Discovered open port 49153/tcp on 10.128.8.117

Discovered open port 31038/tcp on 10.128.8.117

Discovered open port 2000/tcp on 10.128.8.117

thanks for your help

Silver

Problems witch acs 4.2 replication

Hello,

Can you set both servers to Full Detail of logging? Under System Configuration > Service Control > Level of detail > "Full".

After setting the logging detail to Full on both servers please perform a new replication attempt. After a couple of minutes check both servers Replication logs and write down the timestamp when the process started.

After that we need to collect the package.cab file from both servers. Go to System Configuration > Support > Select Collect Log files and Collect Previous 2 days logs.

Please attach the generated files with the appropriate timestamp when the replication process was triggered.

Also, did you check the Replication Partners and confirmed that it is configured as described on my previous reply?

Regards.

New Member

hi Camegia,That post was

hi Camegia,

That post was really helpful for me as i was having the same issue, that nothing was replicated on secondary ACS server. Now at least i am able to replicate devices and user's profiles. Can you please advise as to why not all the components are being replicated?

 

New Member

Problems witch acs 4.2 replication

Hi,

Could you please check the foll:

- Are both the ACS versions are on the same version and the patch level?

- What's the version of the ACSes? As ACS is installed on a windows 2008 server, ACS installation is only supported with ACS 4.2patch 4 onwards and on windows 2008 64-bit with ACS 4.2.1? If it is on unsupported platform, the services might be stopping.

- Did you try reverse replication i.e making the secondary as the primary and vice-versa?

- Please try to telnet to the secondary ACS on port 2000 from primary and vice-versa?

Regards,

Kush

New Member

Problems witch acs 4.2 replication

these are the link of the cab files

Time stamp of the replication 06-01-2012  betweeen 16.36 -16.42

https://files.me.com/jaouad/auy2ye

https://files.me.com/jaouad/674ysx

i am using windows 2008 32 bit service pack 2

with acs 4.2 wihout any patches

i can't telnet from primary to the secondary of from the secondary to the primary.

Silver

Problems witch acs 4.2 replication

Hello,

It seems that you did not select the Collect Log files and Collect Previous 2 days logs as the Auth.log, TCS.log and other relevant files are missing on both files.

Something I did notice is the following:

Primary Replication logs:

1/6/201216:37:22NTVMEM73INFOOutbound   replication cycle starting...

Secondary Replication Logs:

1/6/201216:40:09NTVMEM74INFOOutbound   replication cycle starting...




1/6/201216:40:09NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201216:56:30NTVMEM74INFOOutbound replication cycle   starting...




1/6/201216:56:30NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201216:56:40NTVMEM74INFOOutbound replication cycle   starting...




1/6/201216:56:40NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201216:57:28NTVMEM74INFOOutbound replication cycle   starting...




1/6/201216:57:28NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201217:01:48NTVMEM74INFOOutbound replication cycle   starting...




1/6/201217:01:48NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201217:06:49NTVMEM74INFOOutbound replication cycle   starting...




1/6/201217:06:49NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201217:11:49NTVMEM74INFOOutbound replication cycle   starting...




1/6/201217:11:49NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201217:16:50NTVMEM74INFOOutbound replication cycle   starting...




1/6/201217:16:50NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed

It seems that your Secondary ACS is trying to replicate (send) components every 5 minutes. Can you check your Secondary ACS Replication configuration again?

The Partners box should be empty. Replication should be set to Manual and it should only have components under Receive and None on send.

Regards.

New Member

Problems witch acs 4.2 replication

i changed that

now i see only this on the primary

01/10/201209:27:02NTVMEM74INFOOutbound replication cycle starting...


but i see nothing on the other server.

is there debugkit for acs

there is no firewall between servers.

or do i need maybe a patch for the acs i am using version 4.2 from year 2008

and windows 2008 32 bit server pack 2

Silver

Problems witch acs 4.2 replication

Hello,

Can you collect the package.cab again but this time check the following:

Collect Log files and Collect Previous 2 days logs

The package.cab should be collect on both ACS servers running at full detail after attempting replication a couple of times.

Regards.

New Member

Problems witch acs 4.2 replication

timestamp is between 16.00 and 16.30

http://files.me.com/jaouad/1odxvt

http://files.me.com/jaouad/qi8ii2

and these are the files

Silver

Problems witch acs 4.2 replication

Hello,

There are still important files missing. Are both ACS servers configured for Full Detail of logging?

Also, are you selecting the following when collect the package?

There are still missing files on the package.cab file that I need. Please try again with the above settings.

Regards

New Member

Problems witch acs 4.2 replication

http://files.me.com/jaouad/82eaqn

http://files.me.com/jaouad/k2xz0z

here are the files

exactly what you told me .

Silver

Problems witch acs 4.2 replication

Hello,

I will be reviewing the logs shortly. However, I would like to confirm. Do you have EAP-FAST settings configured to send on the Primary and receive on the Secondary? If yes, can we do a quick test by only replication User and Group Database?

I would like to confirm that User and Group database is properly replicated. Deselect every other component on both Primary and Secondary from send and receive. Try to replicate only User and Group Database and let me know the results.

Regards.

New Member

Problems witch acs 4.2 replication

when i am selection user and group database

and network configuration device tables

then its working.

is these enough when the primary fails

then secondary should take over.

but when i select these ones it is not working

Silver

Problems witch acs 4.2 replication

Hello,

We are getting closer

Can you remove only Distribution Table from the Send options and try with the others enabled? Keep the "EAP-FAST master keys and policies" unchecked as well.

Hope this helps.

Regards.

New Member

Problems witch acs 4.2 replication

i tried that

but it not working

replication is only working with:

user and group database

network configuration device tables

so how important are

the other things

1301
Views
0
Helpful
16
Replies