Core issue
In this issue, after you upgrade Cisco Secure ACS, multiple Authentication, Authorization, Accounting (AAA) server entries for same IP address but different name appear under Network Configuration. This issue causes replication to fail. ACS does not allow to delete the entry or reset the keys.
For example:
Server-----------------------192.168.0.2
Server.domain.com-----192.168.0.2
Resolution
Complete these steps in order to resolve this issue:
- In order to keep and delete the entry, choose Network Configuration > Proxy Distribution Table > (Default) and make sure that you have the [FQDN-name-of-server] entry in the Forward To column. All other entries should be in AAA Server.
- Return to the Network Configuration section, and click the [name-of-server] entry. Change the IP address of the [name-of-server] entry and then choose Submit + Apply. For both entries [name-of-server] and [FQDN-name-of-server], only these three options appear:
- Submit
- Submit + Apply
- Cancel
- Now restart the CSAdmin service. Note that it cannot be restarted from System Configuration > Service Control > Restart. You must open Services.msc on the Microsoft Windows server where ACS is installed, and then restart the CSAdmin service.
- Once CSAdmin service is backed up, log into the ACS GUI page.
- Check the [name-of-server] entry in the Network Configuration section, The options to Delete and Delete + Apply now appears this time.
- Choose Delete + Apply.
- Complete these steps on the Primary and Secondary ACS server.
- Try the replication again and it should work now.
Features & Tasks
Authentication, Authorization, Accounting (AAA)
Database Replication