I just upgraded to 3.3.4 and I am seeing a problem with the replication. I have two ACS servers and they are authenticating to a CrytoCard Server. So I configured the external DB on both servers to point to it. I have users created and they are pointed to that external DB. Everything works perfect, even the failover if I shut the services on the primary server.
However when I replicate the failover does not work any more. What I see is if I look at a user on the backup server the Password Authentication section for all the users is "Unknown Radius Server". I can select the CryptoCard server and it all works fine again.
Any ideas how I can fix/troubleshoot this?
Any help would be appreciated. TAC is working on it also, but I wanted to see if anyone else has experianced this problem.
BTW this is running on a windows server...
Solved! Go to Solution.
I have seen this problem couple of times. This is caused because ACS refers to the database by numbers internally.
So when the primary server replicates to the secondary it sets the user to authenticate to say "Database 2". On the secondary the Crytocard maybe at "Database 1". So everytime there is a replication, the user on the secondary server starts pointing to "Database 2" instead of "Database 1".
One workaround to this is to create another database pointing to the same cryptocard and see if the the new one lands in the right number.
Since we are on 3.x the following registry entry should give us an indication :-
30 is for the Radius Token Servers. Under 30 you will find entries such as "00","01" etc.. This is the database "number" I was referring to.
If we are using ACS Solution Engine then we need to create a package.cab file from System Configuration->Support. The package.cab file will have ACS.reg
Yup, numbering problem.
On the secondary we need to create a new Radius Token Server Entry while keeping the old one intact.
Configure the new entry exactly like the old one except the name.
That will resolve the problem :)
YOU ROCK, that is it. Plus I was able to delete the old entry so and the index number stayed. Everything is working correctly with the replication now.
THANKS A TON.