ACS database

Similar Messages

• ACS database reporting permissions issue

  Hi,
  I have an issue with my testing of the ACS reporting in two test environments (SCOM 2012 SP1). One has SQL installed on the same server as the MS and the other is a separate SQL install on its own server with multiple MS’s. On both SQL servers
  the ACS database is running on the same server as the other SCOM databases under an instance called SCOM. When we go live the intention is to run on a separate SQL server so not sure if this would still be relevant at that point.
  First off all my normal reports are running fine from the console and from SQL reporting services. My understanding is that the reports are running under different contexts at this point – the web reporting with the account I am logged in
  with and from within SCOM console trying to use the data reader account.
   When trying from the web reporting services or SCOM console I get -
  “An error has occurred during report processing. (rsProcessingAborted)
  Cannot create a connection to data source 'dataSource1'. (rsErrorOpeningConnection)
  A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote
  connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)”
  With regard to the account I am using for the web reporting. It’s a domain admin account. However what I also did was create a global security group called “SCOMACS” and gave this group “db_datareader” permissions within SQL.
  I also gave the data reader service account permissions to see if this fixed the issue from the console.
  Wonder if anyone could help?

  Hi,
  This seems more like a SQL issue, please make sure your database engine is configured to accept remote connections
  • Start > All Programs > SQL Server 2005 > Configuration Tools > SQL Server Surface Area Configuration • Click on Surface Area Configuration for Services and Connections • Select the instance that is having a problem > Database Engine >
  Remote Connections • Enable local and remote connections • Restart instance 
  Please go through the below blog to troubleshoot this issue:
  Named Pipes Provider, error: 40 - Could not open a connection to SQL Server
  http://blogs.msdn.com/b/sql_protocols/archive/2007/03/31/named-pipes-provider-error-40-could-not-open-a-connection-to-sql-server.aspx
  SQL SERVER – FIX : ERROR : (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) (Microsoft SQL Server, Error: )http://blog.sqlauthority.com/2009/05/21/sql-server-fix-error-provider-named-pipes-provider-error-40-could-not-open-a-connection-to-sql-server-microsoft-sql-server-error/
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Hope this helps.
  Regards,
  Yan Li
  Regards, Yan Li

• ACS Database Replication over VPN with overlapping Network Addresses

  We currently have two co-locations each situated in different provinces. We have two ACS servers which we want to deploy at each co-location. All our network equipments are behind PIX/ASA devices. Getting them to replicate over the VPN should be easy but in our case we have overlapping Network Addresses at both ends of the tunnels.
  As per Cisco data does not transit a NAT device when the two Cisco Secure ACS servers communicate and a successful database replication can occur only if the secondary ACS server perceives no change in the IP header or content of the data it receives. So that means we will not be able to Implement NAT to achiever this.
  Has any one of you faced this problem of replicating ACS Database over the VPN with overlapping Network Addresses and was anyone able to successfully solve this issue using a work around ?
  All provided info and comments are greatly appreciated.

  I can help with the 3005 setup if you decide to go that route.
  You will need to add 2 network list entries under Configuration>Policy Management>Traffic Management>Network Lists.
  You will need to configure a local and remote address. The local will be one of the public ip's for the site.(Provided by your ISP)The remote will be the device you are connecting to on the other end.
  You will also need to add a Nat Lan to Lan rule under Configuration>Policy Management>Traffic Management>Nat>Lan to Lan.
  Use a static Nat type. The rest will look similar to my example.
  Source(Local address)Translated(Public Ip Address used in the network local list)Remote(Ip address of the device on the other end)
  Now just create an Ipsec lan to lan tunnel. You will need to agree with the ISP on des type and auth type. Use you local and remote networks you created earlier.

• Migrating a Cisco ACS Database

  Hi,
  Can there be any potential problems, if we want to migrate an existing Cisco ACS Database to a different physical Server (Keeping the same IP information etc) ?
  We were running Cisco ACS evaluation version for Cisco NAC (CTA) and now want to make it production while moving it to a different server.
  Regards \\ Naman

  Hi,
  I'm not an expert for the ACS but when you look into System configuration you will find the feature 'Database Replication'. With an eval version you should be able to test this feature.
  Cheers,

• About Secure ACS Database Replication configure

  hi
       I have INSTALL the acs and the ACS DATABASE HAS replicated complete.
  but when I made some change ,the primary ACS has generate *.csv file.
  this file can replicated to the secondary ACS.
       THANKS

  Can you please clarify your issue? The post is not clear.
  Regards

• Reset ACS database password

  Hi,
  Just asking if you guys have idea how to reset the ACS database password?
  regards,

  Open the ACS window, Choose Network Configuration --------->select the User -----> edit it ----> change the password

• Cisco ACS database tuning

  Hi
  I would like to know best ways for tuning Cisco ACS database.  Now the database size has grown up and causing performance problems.  We are running Cisco ACS 4.2 on Windows server 2003 R3. SP2
  What is the best possible way to tune Cisco ACS performance.
  What is the best possible design consideration in deploying 6 ACS servers and in replicating mode? Can i use one database for all the 6 ACS servers. Is this feasible?
  Any docs which talks about all these would be helpful.
  Thanks in advance.
  SK

  Hi there,
  About the database size growing issue, I have seen issue similar in the past and could be related to the Service Control option, make sure it's configured Low. This option is located under System Configuration.
  Regards the replication issue, in the past I have seen even 7 servers in cascade replicating fine, although depending on different factors like distance, devices in between, amount of data, etc. The replication may flow may get affected. I am not sure which will be your requierements but using one server to replicate the information to the other units is a good option, I prefer this one than cascade replication.

• ACS Database Replication

  I have 2 ACS server
  - ACS Appliance(v4.0)
  - ACS Server fo Window(v3.0)
  I want to design Primary ACS Appliance and Secondary ACS for Window
  I know the method For ACS Database replication
  Thanks
  cheolhyeon

  Hello Hanwu
  Please send a the screenshot of replication page from primary server.
  thanks
  Devashree

• ACS database users and passwords.

  Hi, i need to get all users and passwords from a acs 3.3 database unencrypted.
  How can i do it?
  Could you help me ?

  To get a list of the USers in the ACS database use the CSUTIL tool on Windows platform.
  go to bin directory under the ACS install folder and do
  CSUtil.exe -u
  this will generate a file "users.txt" in the same folder.
  But I dont think you can get the password in unencrypted form.

• ACS Database type (e. g. mysql,sql,postgre)

  Can anyone tell me what is the database of cisco ACS 4.2. And one more thing how can i access the ACS database to view the infos of the DB.

  Sybase is the internal database for ACS View server. The data retrieved from multiple ACS are processed and stored in the ACS View internal database.
  Please check the below link for getting more information:
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9302/white_paper_c07-484555.html#wp9000185

• How to migrate multiple ACS database into one ACS database ?

  Hey All,
  we just purchased several companies and as IT/network department, we need to consolidate all the ACS from the HQ and the purchased company into one ACS,  I read the cisco docs. mentioned, I can export the migration file from the old acs and upload it into the new acs serve.
  but my concern is we have multiple acs server, will the the muliple acs migration files overwrite each other during the upload into the new server.
  thanks

  Raghavender -
  I am not an expert on MySQL migration, but you would look to migrate the database to a local Oracle Database and then move that to your Database Cloud Service.  However, keep in mind that at this time you can only access the Database Cloud Service from outside the Cloud via RESTful Web Services, so you might have to modify the application that accesses the database.  Hope this helps.
  - Rick Greenwald

• Read ACS database

  Hello There,
  Where does ACS hold all the authenticated user? Is there any way to read these authenticated information?
  Thanks and regards,
  Lahki

  Hi Lahki
  ACS holds users in its internal database (pre v4 and in a SQL Anywhere DB post v4)
  The data isnt human readable, so you need something like extraxi aaa-reports! which can import the database (csutil dump file or cssupport package cab)
  Once imported you'll be able to report on the users, last authentication date, account status etc.
  http://www.extraxi.com?utm_source=technet&utm_medium=forum

• ACS database not functioning after changing secondary acs ip.

  Hi.. im having 2 ACS 3.1 server. ACS01 (Primary) & ACS02 (Secondary). Recently we have moved ACS02 to another site and changed its ip address.
  When we do database replication from ACS01, we received error message saying that ACS02 has denied replication request.
  Any idea whats may be the problem ?

  Consider these points when you implement the Cisco Secure database replication feature:
  1) ACS only supports database replication to other ACS servers. All ACS servers that participate in Cisco Secure database replication must run the same version and patch level of ACS.
  2)The primary server transmits the compressed, encrypted copy of its database components to the secondary server. This transmission occurs over a TCP connection, with port 2000. The TCP session is authenticated and uses an encrypted, Cisco-proprietary protocol.
  3)Only suitably configured, valid ACS hosts can be secondary servers. To add a secondary server, configure it in the AAA Servers table in the Network Configuration section of this document. When a server is added to the AAA Servers table, the server appears for selection as a secondary server in the AAA Servers list under Replication Partners, on the Cisco Secure database replication page.
  4)The primary server must be configured as an AAA server and must have a key. The secondary server must have the primary server configured as an AAA server and its key for the primary server must match the primary servers own key.
  5)Replication to secondary servers takes place sequentially in the order listed in the Replication list under Replication Partners, on the Cisco Secure database replication page. 6)The secondary server, which receives the replicated components, must be configured to accept database replication from the primary server. To configure a secondary server for database replication, refer to the Configuring a Secondary Cisco Secure ACS Server section of this document.
  7)ACS does not support bi-directional database replication. The secondary server, which receives the replicated components, verifies that the primary server is not on its Replication list. If not, the secondary server accepts the replicated components. If so, it rejects the components.
  8)To replicate user-defined RADIUS vendor and vendor-specific attribute (VSA) configurations successfully, the definitions to be replicated must be identical on the primary and secondary servers. This includes the RADIUS vendor slots the user-defined RADIUS vendors occupy. For more information about user-defined RADIUS vendors and VSAs, refer to the User-Defined RADIUS Vendors and VSA Sets section of the document Cisco Secure ACS Command-Line Database Utility.

• ACS database connectivity

  Dear Sir
  I have planned to connect my ACS server to external database (oracle 10g) in order to perform this case would you please let me know how I would be able to connect ACS to oracle. It is considerable to say that I have read some Cisco document about this case but still there is some problem. I would be happy if you let me know your comment.
  With best regards
  Hamed yazdi

  Dear Sir
  Billion thanks for your kind reply. Whatever you have mentioned I did, and at the moment my ACS server can connect to my Oracle server but there is another question which I want to create a table which conation username and password of those who want connect to the network via ACS but I do not know which name I should assign to the table and where I should defined to ACS which check the username and password. In other word how should I define to ASC that which table it should check in order to recognise the users has permission or no. I would be happy if you let me know your comment.
  With best regards
  Hamed yazdi

• ACS Database Replication between SE and Windows

  I currently have 2 Windows ACS servers (4.0.1.27) in production and replicating databases. I also have a solution engine (appliance) running 4.1.4.13.7. I plan to upgrade the Windows ACS servers to 4.1.4.13.7 (same as the SE). I know that the software versions have to match for replication to work. Recently, I received conflicting information about database replication. I was told that a ACS SE (solution engine 1113) can not replicate to a Windows ACS server, even if the software versions match. Before I change my production environment, I thought would seek out additional input.

  Yes, you can replication acs windows with acs appliance. It works fine.
  Regards,
  ~JG