Replication Issues

veddar791 · ‎05-25-2010

I am currently running 3.3 and TAC will not support it. I am working to upgrade to 4.2 soon (software has been sitting around for 2 years from my predecessor). My big issue that can't wait until the upgrade is:

Anytime I replicate from my Primary server, it will change any Juniper BXR devices' "authenticate using" from Juniper to Marconi. I have to go in and manually change all of them back after a replication. So I turned auto-replicate off, but in prepping for the upgrade (organizing groups, cleaning up users, correcting permissions etc.) Its causing a lot of problems.

Anyone have a clue?

Ryan

Javier Henderson · ‎05-25-2010

This suggests a database corruption issue. Do you have a spare ACS server where you can restore a current backup from the production server,

and test?

Also, which ACS is changing the authentication type, the primary or the secondary?

veddar791 · ‎05-25-2010

This suggests a database corruption issue. Do you have a spare ACS server where you can restore a current backup from the production server,

and test?

We have multiple sites (6 servers). The primary will replicate to them and I make all changes on the primary. The error only occurs on 2-3 of the secondary servers.

Also, which ACS is changing the authentication type, the primary or the secondary?

Secondary

Javier Henderson · ‎05-25-2010

Two thoughts come to mind:

Re-image the affected secondaries

Restore on the affected secondaries a backup from one of the not-affected secondaries

The idea here is to start with a known good database, either empty or from an ACS without the problem.

veddar791 · ‎05-25-2010

Ok, corruption issue and re-imaging makes sense. I've never done that and upgrading is going to be my first attempt with a server. I was hoping upgrading would fix it anyway...

Is there a way to login (web) and overwrite the secondary with a good secondary or the primary? Do I have to go through the entire "reformat" the appliance (not sure if I mentioned it the appliance not a windows server) to accomplish this? Or is there another way?

Thanks again,

Ryan

Javier Henderson · ‎05-25-2010

Restoring a backup from one of the known good secondaries can be done entirely via the GUI, you just need an FTP server as the repository for the backup saveset.

Re-imaging the appliance requires physical access to it.

veddar791 · ‎06-14-2010

Ok, sorry for the delay. I upgraded all of the servers and am still having the replication issue. I was able to dig up some info on it though. I found that if the VSA's under Interface Configuration do not match...then it will cause my issue. On one bad server I was missing a VSA (Marconi) and the other has all of the primaries but is in a different order. Apparently it checks by slot. So if a VSA is in a slot that that it expects to dind say Laurel but finds Marconi...it will change the "authenticate using" box in the NDG devices. I was able to add the missing VSA to the one....but cannot figure out how to change the order. When I added the VSA to the one having missing issues....it put it in the middle of the order...so no rhyme or reason.

I was wanting to try deleting them all and then red-adding them...but knowing it puts them in a random (so it appears to me) I don't think it will help. Our Cisco rep said the GUI display of the order is not accurate anyway. He said the actual slot order is in the database...which I don't know how to see. I know you can change the slot number in the CSV when you add a device....but I don't know the numbering scheme for the slots. Cisco said 1-10 is taken by default?

Help?