ACS 4.2 to ACS 5.4 database replication

Similar Messages

• ACS 4.2 Database replication issue

  Hello Experts,
  Hope you are all doing well. I need your help in ACS database replication, I want to do replication between ACS servers. The issue i am facing is that there is no error in ACS replication log. It just says outbound replication started. and sits there no other error message is shown. I can successfully telnet secondary server's destination port 2000. But when i hit the replication button from primary server, i do not observe any hit count on my ASA ACL on which i allowed tcp 2000 for destination secondary server.I also checked my syslog server if there is any traffic denied between these 2 ACS servers but found nothing. I also did wireshark captures on the interfaces but no traffic is initiated when i press replicate now button. Initially i thought its a machine issue, but same behavior is shown when i swapped primary----to secondary. There are other applications running on both the servers which requires JAVA. Like Cisco IME etc. Can it be JAVA issue? Please help me out. i am using Release 4.2(0) Build 124 on both servers.Attached below is the Replication LOG snapshot,
  Regards,
  Rizwan.

  https://supportforums.cisco.com/discussion/11382366/problems-witch-acs-42-replication
  https://supportforums.cisco.com/discussion/11363046/replication-problem-acs-ver-42

• ACS Database Replication over VPN with overlapping Network Addresses

  We currently have two co-locations each situated in different provinces. We have two ACS servers which we want to deploy at each co-location. All our network equipments are behind PIX/ASA devices. Getting them to replicate over the VPN should be easy but in our case we have overlapping Network Addresses at both ends of the tunnels.
  As per Cisco data does not transit a NAT device when the two Cisco Secure ACS servers communicate and a successful database replication can occur only if the secondary ACS server perceives no change in the IP header or content of the data it receives. So that means we will not be able to Implement NAT to achiever this.
  Has any one of you faced this problem of replicating ACS Database over the VPN with overlapping Network Addresses and was anyone able to successfully solve this issue using a work around ?
  All provided info and comments are greatly appreciated.

  I can help with the 3005 setup if you decide to go that route.
  You will need to add 2 network list entries under Configuration>Policy Management>Traffic Management>Network Lists.
  You will need to configure a local and remote address. The local will be one of the public ip's for the site.(Provided by your ISP)The remote will be the device you are connecting to on the other end.
  You will also need to add a Nat Lan to Lan rule under Configuration>Policy Management>Traffic Management>Nat>Lan to Lan.
  Use a static Nat type. The rest will look similar to my example.
  Source(Local address)Translated(Public Ip Address used in the network local list)Remote(Ip address of the device on the other end)
  Now just create an Ipsec lan to lan tunnel. You will need to agree with the ISP on des type and auth type. Use you local and remote networks you created earlier.

• CiscoSecure ACS 4.1(1) Build 23 Patch 5 :database replication fails; possibly short timeout or dead

  Hi,
  Since some time we are struggling to get database replication working.
  On the primary server it is reporting the following on "Database Replication active.csv""
  07/21/2010
  14:22:58
  SZ0910
  WARNING
  ACS 'SZ0920' not replied to replication request - possibly short timeout or dead
  07/21/2010
  14:12:08
  SZ0910
  INFO
  Outbound replication cycle starting...
  In CSMon.log following is logged:
  CSMon 07/21/2010 14:12:11 A 1544 13760 Pausing the monitoring of CSAuth for duration 600
  CSMon 07/21/2010 14:12:11 A 1544 11640 Pausing the monitoring of CSLog for duration -1
  CSMon 07/21/2010 14:12:14 A 1544 13788 Pausing the monitoring of CSRadius for duration -1
  CSMon 07/21/2010 14:12:18 A 0641 3248 CSAuth: Paused State 0 6 Event Detected Level:2 Message:Service CSAuth has been suspended for a configured function to proceed. Monitoring will suspend until the service is restarted
  CSMon 07/21/2010 14:12:18 A 0641 3248 CSLog: Stopped State 0 6 Event Detected Level:2 Message:Service CSLog has been stopped or paused by the system. Monitoring will suspend until the service is restarted
  CSMon 07/21/2010 14:12:18 A 0641 3248 CSRadius: Stopped State 0 3 Event Detected Level:2 Message:Service CSRadius has been stopped or paused by the system. Monitoring will suspend until the service is restarted
  CSMon 07/21/2010 14:12:18 A 1544 7716 Pausing the monitoring of CSTacacs for duration -1
  CSMon 07/21/2010 14:12:28 A 0904 3248 Analysis: Level 2 'Service CSAuth has been suspended for a configured function to proceed. Monitoring will suspend until the service is restarted. Service CSLog has been stopped or paused by the system. Monitoring will suspend until the service is restarted. Service CSRadius has been stopped or paused by the system. Monitoring will suspend until the service is restarted. '
  CSMon 07/21/2010 14:12:33 E 0351 3248 Failed to log accounting packet to logger localCSLog
  CSMon 07/21/2010 14:12:33 A 0641 3248 CSTacacs: Stopped State 0 2 Event Detected Level:2 Message:Service CSTacacs has been stopped or paused by the system. Monitoring will suspend until the service is restarted
  CSMon 07/21/2010 14:12:43 A 0904 3248 Analysis: Level 2 'Service CSTacacs has been stopped or paused by the system. Monitoring will suspend until the service is restarted. '
  CSMon 07/21/2010 14:12:48 E 0351 3248 Failed to log accounting packet to logger localCSLog
  CSMon 07/21/2010 14:22:18 A 0641 3248 CSAuth: State 0 6 Event Detected Level:4 Message:Service pause timed out. Please check the timeout settings for Replication and Backup
  I have followed this checklist: https://supportforums.cisco.com/docs/DOC-8795 to make sure configs are ok.
  But still replication fails.
  There is no firewall in between.
  Both ACS servers running on MS Windows Server  2003, SP2.
  Can anybody help me in the right direction what could be possible cause of this or where else I can look for logging for further troubleshooting?
  Thanks in advance for your help.

  Hi,
  Since some time we are struggling to get database replication working.
  On the primary server it is reporting the following on "Database Replication active.csv""
  07/21/2010
  14:22:58
  SZ0910
  WARNING
  ACS 'SZ0920' not replied to replication request - possibly short timeout or dead
  07/21/2010
  14:12:08
  SZ0910
  INFO
  Outbound replication cycle starting...
  In CSMon.log following is logged:
  CSMon 07/21/2010 14:12:11 A 1544 13760 Pausing the monitoring of CSAuth for duration 600
  CSMon 07/21/2010 14:12:11 A 1544 11640 Pausing the monitoring of CSLog for duration -1
  CSMon 07/21/2010 14:12:14 A 1544 13788 Pausing the monitoring of CSRadius for duration -1
  CSMon
  07/21/2010 14:12:18 A 0641 3248 CSAuth: Paused State 0 6 Event Detected
  Level:2 Message:Service CSAuth has been suspended for a configured
  function to proceed. Monitoring will suspend until the service is
  restarted
  CSMon 07/21/2010 14:12:18 A 0641 3248 CSLog: Stopped State
  0 6 Event Detected Level:2 Message:Service CSLog has been stopped or
  paused by the system. Monitoring will suspend until the service is
  restarted
  CSMon 07/21/2010 14:12:18 A 0641 3248 CSRadius: Stopped
  State 0 3 Event Detected Level:2 Message:Service CSRadius has been
  stopped or paused by the system. Monitoring will suspend until the
  service is restarted
  CSMon 07/21/2010 14:12:18 A 1544 7716 Pausing the monitoring of CSTacacs for duration -1
  CSMon
  07/21/2010 14:12:28 A 0904 3248 Analysis: Level 2 'Service CSAuth has
  been suspended for a configured function to proceed. Monitoring will
  suspend until the service is restarted. Service CSLog has been stopped
  or paused by the system. Monitoring will suspend until the service is
  restarted. Service CSRadius has been stopped or paused by the system.
  Monitoring will suspend until the service is restarted. '
  CSMon 07/21/2010 14:12:33 E 0351 3248 Failed to log accounting packet to logger localCSLog
  CSMon
  07/21/2010 14:12:33 A 0641 3248 CSTacacs: Stopped State 0 2 Event
  Detected Level:2 Message:Service CSTacacs has been stopped or paused by
  the system. Monitoring will suspend until the service is restarted
  CSMon
  07/21/2010 14:12:43 A 0904 3248 Analysis: Level 2 'Service CSTacacs has
  been stopped or paused by the system. Monitoring will suspend until the
  service is restarted. '
  CSMon 07/21/2010 14:12:48 E 0351 3248 Failed to log accounting packet to logger localCSLog
  CSMon
  07/21/2010 14:22:18 A 0641 3248 CSAuth: State 0 6 Event Detected
  Level:4 Message:Service pause timed out. Please check the timeout
  settings for Replication and Backup
  I have followed this checklist: https://supportforums.cisco.com/docs/DOC-8795 to make sure configs are ok.
  But still replication fails.
  There is no firewall in between.
  Both ACS servers running on MS Windows Server  2003, SP2.
  Can
  anybody help me in the right direction what could be possible cause of
  this or where else I can look for logging for further troubleshooting?
  Thanks in advance for your help.
  Hi,
  Also check the port number TCP 2000 this is the replication port which needs to be opened between the primary and secondary ACS.
  Hope to Help !!
  Ganesh.H

• Problem with ACS 4.2 Database replication

  Greetings,
  I am not able to replicate Database between two ACS SE 4.2. I am getting the following error:
  Inbound database replication from ACS 'ACS_BEX_001' denied - shared secret mismatch.
  The configuration apparently is ok. I am attaching the configuration from both ACS.

  The solution posted by Nevin is correct, but I must add some explanations. I had the problem yesterday and I proceeded like Nevin told:
  - I connected to the console and made a "show".
  - The IP was the correct one, but as indicated I made a "set ip"
  - The system asked for the new IP, showing the old one between brackets: ie "New IP [10.10.10.1]:"
  - I pressed Intro, because the IP is correct.
  - After confirming the IP, mask, gateway and DNS the system asked me to verify connectivity. I did it and was correct.
  - The second time it asked to check connectivity I answered No. and nothing happened.
  - We checked through the web but the "Self" IP was still 127.0.0.1.
  - So I made the process again BUT this time I changed the the IP to another one. After finishing, (when I answered No to check connectivity) I saw that the system was stopping all ACS processes and starting then again.
  - In the web page the "Self" IP was the new one.
  - I made the process again changing the IP to the original one. This time also the system stopped and started all processes.
  - In the web page the "Self" IP was correct.
  - Now the replication worked correctly.
  So the problem was that the system is "inteligent" and if it discover that you don't change the IP (even if you change the DNS), it doesn't reconfigure it. So you must change to another IP (even a dummy one) and the change again to the correct one.
  I hope this can help to other people.

• ACS SE Database replication fails

  Hello, I recently upgraded our ACS SEs from 4.0 to 4.1. All appeared to go OK but I checked the logs recently and saw the the database replication is failing with the message:
  ACS '[hostname]'is running a different version of ACS - aborting.
  All ACS SE were upgraded at the same time and display the same versions when examining the Appliance Upgrade page. Does anyone have any ideas what the problem is?
  Thanks in advance.

  Hi, I am having a related problem but in my case I am using ACS for Windows ver.4.0. I am replicating from one primary ACS to three other ACS using scheduled nightly replication.
  The problem is that the data is being updated on all three ACS servers, but in the database replication logs on the primary I get messages stating that "ACS-server-name replication failed possibly due to short time-out or dead". Moreover, not all three servers timeout. Sometimes one server timeout, and other times two servers timeout, etc.
  On the replicated servers logs, the only log, in case server times out, shows that "replication cycle starting....". while when replication is successfull, it also shows Replication cycle completed successfully.
  I have played around with the timeouts but the result is random. I have also checked if there are any bandwidth issues, but replication is scheduled at night with minimal network traffic and the servers are also not being used for authentications.
  Don't understand why I don't see successful messages all the time, specially when the data does get updated on the replica ACS.
  Thanks.
  MAG

• ACS internal database replication

  I have setup ACS internal database replication and it works once then the secondary config is overwritten and doesn't contain the AAA server of the primary.
  primary               - 10.100.253.25
  ACS 1113 running 4.2
  secondary          - 10.100.253.26
  ACS 1113 running 4.2
  Example of before and after
  Before replication
  The primary has these AAA servers listed under network components.
  self - 127.0.0.1
  acs2 - 10.100.253.26
  The secondary has these AAA servers listed under network components.
  self - 127.0.0.1
  acs1 - 10.100.253.25
  After replication
  The primary has these AAA servers listed under network components.
  self - 127.0.0.1
  acs2 - 10.100.253.26
  The secondary has these AAA servers listed under network components.
  self - 127.0.0.1
  acs2 - 10.100.253.26
  therefore after the first replication subsequent attempts will fail because the secondary won't accept attempts from unknown AAA servers. Is this to be expected or can I mitigate it in someway?

  Please try setting the original ip address by using "Set ip" Command from the console connection of the ACS Solution engine. Once you successfully changed the ip address, you can apply the patch 11 or above (latest is patch 16) on the ACS SE (This will fix the problem).
  In majority of cases set ip command fails but sometime works too.
  In case it doesn't help then we have 2 options:
  1.] Open a TAC case, send the database file to delete the entry.
  2.] If you are not intrested sending your database then try the below listed steps:
  In order to remove the loopback entry from the Database, we need to follow following steps,
  Please download ACS 4.2 trial from following link, if you do not have ACS Full version for Windows purchased.
  http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval- eval-ACS-4.2.0.124-SW.zip
  [1] Install eval version on Windows 2000/2003 server. Please also ensure that JAVA is installed on that server.
  [2] Take a backup from ACS SE from, System Configuration > ACS Backup >Backup Now.
  [3] Restore the database backup on ACS eval.
  [4] On eval ACS , go to Network Configuration > find the AAA Server entry with 127.0.0.1 entry. Edit it and give it some other IP for
  example, 1.1.1.1. Submit + Apply.
  [5] On eval, Restart CSAdmin service.
  [6] On eval, go back to Network Configuration and search for the changed IP address and delete that entry, Delete + Apply.
  [7] Take a backup from eval ACS, System Configuration > ACS Backup > Backup Now.
  [8] Restore the database backup from eval ACS into ACS SE from option, System Configuration > ACS Restore, choose the database backup. Check Check option "User and Group Database" and "CiscoSecure ACS System Configuration", then press Restore Now.
  [9] On ACS SE, go to Network Configuration, make sure that 127.0.0.1 entry is not there and for ACS SE's hostname we have the correct IP address. Go to Proxy Distribution Table > (Default). Move the server’s hostname entry that has correct IP for this ACS SE into "Forward To" column, if not already. Then press "Submit + Restart".
  Reference defect, CSCso36620 - Toggle nic command changes AAA server ip address to "127.0.0.1" in GUI.
  Regards,
  Jatin
  Do rate helpful posts-

• ACS Database Replication

  I have 2 ACS server
  - ACS Appliance(v4.0)
  - ACS Server fo Window(v3.0)
  I want to design Primary ACS Appliance and Secondary ACS for Window
  I know the method For ACS Database replication
  Thanks
  cheolhyeon

  Hello Hanwu
  Please send a the screenshot of replication page from primary server.
  thanks
  Devashree

• ACS Database Replication between SE and Windows

  I currently have 2 Windows ACS servers (4.0.1.27) in production and replicating databases. I also have a solution engine (appliance) running 4.1.4.13.7. I plan to upgrade the Windows ACS servers to 4.1.4.13.7 (same as the SE). I know that the software versions have to match for replication to work. Recently, I received conflicting information about database replication. I was told that a ACS SE (solution engine 1113) can not replicate to a Windows ACS server, even if the software versions match. Before I change my production environment, I thought would seek out additional input.

  Yes, you can replication acs windows with acs appliance. It works fine.
  Regards,
  ~JG

• SCCM 2012 Database Replication Monitor Child Site Details Empty

  We have a Secondary site for which no data will show up under Monitoring/Database Replication/Replication Status/Child Site.  It just states "No items found." as seen in the attached pic.  All other secondary sites show various configuration parameters,
  etc. on the Child Site tab.  What is blocking CM 12 from getting this information for this particular child site?  Any ideas?  Something firewall or access related maybe?

  was there any solution to this? I am having the same issue with the same version of Config Manager.

• Problem in Database Replication in Oracle 9i

  i am trying to do database replication but am facing problems in 9i.i have two machines on network and both have a database created.i also have a common schema in both the database (testuser is the name of schema). i have created database links between the two machines and when i check the link through OEM console then it shows that database link is active.when i add object to my master group it shows the status as need generation and when it try to generate replication support for the same the status changes to DOINGGEN.i am not able to get the status to GENERATED.my database names on both machines are different.could that be a problem.do we need to have same database name on both machines.plz help me out with this and if possible give me step wise details of how to do replication.i have tired it by following the steps given in oracle documentation.

  use enterprise edition, i think you are using standered edition. moreover there should be primary key column in replicated tables.

• Cisco UP Replication Watcher has detected that database replication is still in progress

  Hi Guys
  In the Presence server System Troubleshooter, have the follow message:
  "Cisco UP Replication Watcher has detected that database replication is still in progress"
  Any idea to solve this?
  TIA
  Cristian

  was this ever fixed? and if so how?

• OC4J 10.1.3 preview 4 cluster database replication is not working...

  Hi,
  We are trying to run OC4J 10.1.3 preview 4 standalone server in a cluster mode enabling database replication to persist session details during restarts.
  We have created the following:
  - JDBC Connection pool
  - JDBC data source
  - An entry in the application.xml for <cluster><protocol><.... </cluster>
  But it does seem to be working.
  And there is no change in stdout or stderr console log as well.
  It will be really helpful if you send your comments or answers if anybody have have implemented this succefully before!!
  Regards,
  DGKM

  gday DGKM --
  I can confirm that this works with the DP4 build.
  The easiest way to make sure you get the right entries are to configure this via the "clustering" wizard in Application Server Control at the end of the deployment process.
  So I'd recommend deploying the application again using ASC and using the cluster task, setting the protocol to be Database and specifying the datasource to use.
  cheers
  -steve-

• Database Replication

  Hi,
  what would be the perfect answer if any one ask what are the methods of database replication.
  I really have doubt about the replication.
  Is it cloning of existing DB using cold backup, RMAN uutility or exp/imp
  OR
  Is it disaster recovery solution like dataguard, RAC or stream.
  Regards,
  DevD!

  user12138514 wrote:
  Hi,
  what would be the perfect answer if any one ask what are the methods of database replication.
  I really have doubt about the replication.
  Is it cloning of existing DB using cold backup, RMAN uutility or exp/imp
  OR
  Is it disaster recovery solution like dataguard, RAC or stream.
  Regards,
  DevD!Hi DevD
  The best answer as always comes from Oracle docs. Please refer to the following doc:
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14226/repoverview.htm#sthref8
  Replication is the process of copying and maintaining database objects, such as tables, in multiple databases that make up a distributed database system. Changes applied at one site are captured and stored locally before being forwarded and applied at each of the remote locations. Advanced Replication is a fully integrated feature of the Oracle server; it is not a separate server.
  Replication uses distributed database technology to share data between multiple sites, but a replicated database and a distributed database are not the same. In a distributed database, data is available at many locations, but a particular table resides at only one location. For example, the employees table resides at only the ny.world database in a distributed database system that also includes the hk.world and la.world databases. Replication means that the same data is available at multiple locations. For example, the employees table is available at ny.world, hk.world, and la.world.

• Database Replication in SBO

  What are the recomendations for Database Replication in SBO ? Any experience ??

  Hi,
  The database replication can be performed in at least three different ways:
     1. Snapshot replication: Data on one database server is plainly copied to another database server, or to another database on the same server.
     2. Merging replication: Data from two or more databases is combined into a single database.
     3. Transactional replication: Users obtain complete initial copies of the database and then obtain periodic updates as data changes.
  For SP B1, you can do the above ways but you must test in first in the server environment.
  JimM