We had an issue where the logs on the primary ACS server states that 03/17/2009 18:36:07 jones WARNING Cannot replicate to 'barnaby' - server not responding where jones is the primary and barnaby is the secondary. We have recycled power to both, stopped and started services, but yet nothing seems to work. We have put a laptop in the same Vlan as the secondary (on the same switch as well) and can ping a device in the same Vlan on the same switch as the primary. Both devices seem to function as far as our Unknown User Policy and external authentication and authorization, but we need for replication to work.
Does the secondary server need to have the primary listed in it's network devices? If so, that is an issue. However, I do have on the secondary server, to replicate from any known ACS server on the Inbound Replication.
1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication
2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.
3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.
4) Ensure that the secondary server has it's replication scheduling set to "manual".
5) Please verify that your servers are all running exactly the same ACS version and build.
6) Also let me know if we have any firewall in between two acs servers.
I spoke with Cisco TAC about this incident and it appears that if the ACS SE appliances disables or enable the NIC, it creates a loopback address. Both primary and backup had loopback, 127.0.0.1 addresses in their network devices.
and the fix is obviously remove the loop back addresses. While that is fine and easy on a windows based system, it does not work so well on an appliance. Had to back up the device, the TAC person, removed the loopback, then had to restore just the system data.
Replication is up and running now fine now.
The patch is Acs-18.104.22.168.9. You would need to patch both Appliance and ACS agent if you have it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...