ACS Engine Hanging / Replication Problems
I have two ACS 1112 Appliances running the latest software (Release 4.0(1) Build 42). Each appliance seems to run fine on its own. However, after setting up and successfully performing replication, the second ACS will not fully reboot. It says CSAuth did not start. 'show' usually shows the cpu at 100% with the services in various states of stopped, stopping, or starting. The web interface is unavailable. Another thing I have noticed that I think may have something to do with it is the status of the remote agents in the network device table. After replication, (and before rebooting) I can click on one successfully on the original machine, but when I attempt to click on one on the second appliance, I get a 404 browser error, and my ACS session is closed. I have to log back in to do anything else. Right now, I am rebuilding the second appliance from the cd (for the 15th time) to attempt replication with no remote agents defined to make narrow down the problem. Also note that if I manually add a remote agent on the second appliance, I am able to get to its properties with not problems. I am only not able to get to replicated entries' properties. Thanks in advance for any help.
Well, forget about the remote agents. The primary appliance has a very basic config. The only things in the network device table are itself and the other ACS. They each have the correct settings and the same key. The backup ACS has no configuration settings, except the ACS settings in the network device table and the appropriate replication settings. After a successful replication from primary to backup, and a reboot of the backup--it will not start back up. The CPU is at 100% and the services look like this:
CSAdmin stopped
CSAuth starting
CSDbSync starting
CSLog stopping
CSMon starting
CSRadius starting
CSTacacs starting
CSAgent running
thanks.
Similar Messages
-
ACS Engine IP always resets to 0.0.0.0
Hi,
We have a problem with our ACS engines. We have 2 ACS Engines and the problem is we cannot disable it as a DHCP client. When its ethernet connection goes down, its IP address resets to 0.0.0.0. The static IP address that we set on it does not retain when we unplug its ethernet connection. We're thinking that this is because the "DHCP enabled" is still set to "Yes" even though we have configured it to have a static IP. We have two new ACS engines and both have the same problem. Hope you guys can help.
Thanks in advance.Hi,
Yes, we have already tried that and this is the output:
+++++++++++++after entering the IP parameters++++++++++++
New Configuration:
DHCP: No
IP Address: 192.168.1.21
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
DNS Servers: 192.168.1.21
IP Address is reconfigured.
Confirm the changes? [Yes]:
New ip address is set.
Default gateway is set to 192.168.1.1.
DNS servers are set to 192.168.1.21.
Test network connectivity [Yes]: Yes
Enter hostname or IP address: 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
++++++++++++++then ACS services restart++++++++++++++++
+++++++++++After entering the show command+++++++++++++
Cisco Secure ACS: 4.1.1.23
Appliance Management Software: 4.1.1.23
Appliance Base Image: 4.1.1.4
CSA build 4.0.1.543.2: (Patch: 4_0_1_543)
Session Timeout: 10
Last Reboot Time: Thu Feb 21 18:26:49 2008
Current Date & Time: 2/21/2008 18:31:48
Time Zone: (GMT-06:00) Central Time (US & Canada)
NTP Server(s): NTP Synchronization Disabled.
CPU Load Free Disk Free Physical Memory
0.00% 16.5 GB 794 MB
Appliance IP Configuration
DHCP Enabled. . . . . . . . . . .: Yes
IP Address. . . . . . . . . . . .: 192.168.1.21
Subnet Mask . . . . . . . . . . .: 255.255.255.0
Default Gateway . . . . . . . . .: 192.168.1.2
DNS Servers . . . . . . . . . . .:
--- Please hit enter to continue ---
CSAdmin running
CSAuth running
CSDbSync running
CSLog running
CSMon running
CSRadius running
CSTacacs running
CSAgent running
++++++++++++++++then we enter the reboot command++++++++++++++++++++
+++++++++After the reboot, this is the result of the show command:+++++++++++++
Appliance IP Configuration
DHCP Enabled. . . . . . . . . . .: Yes
IP Address. . . . . . . . . . . .: 169.254.94.164
Subnet Mask . . . . . . . . . . .: 255.255.0.0
Default Gateway . . . . . . . . .:
DNS Servers . . . . . . . . . . .:
After the reboot, the IP is not saved.
Regards -
ACS internal database replication
I have setup ACS internal database replication and it works once then the secondary config is overwritten and doesn't contain the AAA server of the primary.
primary - 10.100.253.25
ACS 1113 running 4.2
secondary - 10.100.253.26
ACS 1113 running 4.2
Example of before and after
Before replication
The primary has these AAA servers listed under network components.
self - 127.0.0.1
acs2 - 10.100.253.26
The secondary has these AAA servers listed under network components.
self - 127.0.0.1
acs1 - 10.100.253.25
After replication
The primary has these AAA servers listed under network components.
self - 127.0.0.1
acs2 - 10.100.253.26
The secondary has these AAA servers listed under network components.
self - 127.0.0.1
acs2 - 10.100.253.26
therefore after the first replication subsequent attempts will fail because the secondary won't accept attempts from unknown AAA servers. Is this to be expected or can I mitigate it in someway?Please try setting the original ip address by using "Set ip" Command from the console connection of the ACS Solution engine. Once you successfully changed the ip address, you can apply the patch 11 or above (latest is patch 16) on the ACS SE (This will fix the problem).
In majority of cases set ip command fails but sometime works too.
In case it doesn't help then we have 2 options:
1.] Open a TAC case, send the database file to delete the entry.
2.] If you are not intrested sending your database then try the below listed steps:
In order to remove the loopback entry from the Database, we need to follow following steps,
Please download ACS 4.2 trial from following link, if you do not have ACS Full version for Windows purchased.
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval- eval-ACS-4.2.0.124-SW.zip
[1] Install eval version on Windows 2000/2003 server. Please also ensure that JAVA is installed on that server.
[2] Take a backup from ACS SE from, System Configuration > ACS Backup >Backup Now.
[3] Restore the database backup on ACS eval.
[4] On eval ACS , go to Network Configuration > find the AAA Server entry with 127.0.0.1 entry. Edit it and give it some other IP for
example, 1.1.1.1. Submit + Apply.
[5] On eval, Restart CSAdmin service.
[6] On eval, go back to Network Configuration and search for the changed IP address and delete that entry, Delete + Apply.
[7] Take a backup from eval ACS, System Configuration > ACS Backup > Backup Now.
[8] Restore the database backup from eval ACS into ACS SE from option, System Configuration > ACS Restore, choose the database backup. Check Check option "User and Group Database" and "CiscoSecure ACS System Configuration", then press Restore Now.
[9] On ACS SE, go to Network Configuration, make sure that 127.0.0.1 entry is not there and for ACS SE's hostname we have the correct IP address. Go to Proxy Distribution Table > (Default). Move the server’s hostname entry that has correct IP for this ACS SE into "Forward To" column, if not already. Then press "Submit + Restart".
Reference defect, CSCso36620 - Toggle nic command changes AAA server ip address to "127.0.0.1" in GUI.
Regards,
Jatin
Do rate helpful posts- -
ACS SE Database replication fails
Hello, I recently upgraded our ACS SEs from 4.0 to 4.1. All appeared to go OK but I checked the logs recently and saw the the database replication is failing with the message:
ACS '[hostname]'is running a different version of ACS - aborting.
All ACS SE were upgraded at the same time and display the same versions when examining the Appliance Upgrade page. Does anyone have any ideas what the problem is?
Thanks in advance.Hi, I am having a related problem but in my case I am using ACS for Windows ver.4.0. I am replicating from one primary ACS to three other ACS using scheduled nightly replication.
The problem is that the data is being updated on all three ACS servers, but in the database replication logs on the primary I get messages stating that "ACS-server-name replication failed possibly due to short time-out or dead". Moreover, not all three servers timeout. Sometimes one server timeout, and other times two servers timeout, etc.
On the replicated servers logs, the only log, in case server times out, shows that "replication cycle starting....". while when replication is successfull, it also shows Replication cycle completed successfully.
I have played around with the timeouts but the result is random. I have also checked if there are any bandwidth issues, but replication is scheduled at night with minimal network traffic and the servers are also not being used for authentications.
Don't understand why I don't see successful messages all the time, specially when the data does get updated on the replica ACS.
Thanks.
MAG -
Extra server on cisco ACS engine
I'm a bit curious about the way the cisco ACS engine (the cisco-built hardware) sets up servers initially. Most of the documentation I have is for windows, so I was a bit confused when, after the initial configuration there were two "AAA Servers" shown in the configuration, one called "Self" with the IP address I defined, and the other with the name I defined and a different address.
Has anyone else encountered this? Will it cause problems? and is there a way to get rid of it?
ThanksThat is a known issue with acs appliance, but nothing to worry about. Make sure you have this setting in acs,
acs--->network configuration--->Proxy dis table---> Bring Deleverance1 in the fwd to box and your server name in the left box.
Incase you dont see proxy dis table , then you need to enable it
Interface configuration---> Advance option ---> Put a check in distribution table.
Regards,
~JG
Please do rate helpful posts -
Safari 4.0.3 + Flash Player Hang SBBOD Problem.
Hi, I feel like this is a bit redundant, but I've been skimming through the forums trying to figure out the answer to my problem.
My Safari was updated to 4.0.3 recently (earlier today, I believe), and now when I try to visit any site with flash-based content (youtube, certain news sites, etc.), Safari starts to hang and I have to do a "force quit". I followed instructions and was able to figure out that the Flash player plug-in caused the hanging/crashing problem.
As far as I know, I have the latest updated plug-ins. Also, I don't have any other plug-ins installed besides the default ones (my MBP is fairly new, I got it around 2 weeks ago. This is very annoying, considering that Safari was working just fine 8 hours ago (since I was still able to view flash-based websites without the hang problem).
Right now I've disabled plug-ins to avoid the hang, but it's really a nuisance and I can't figure out why the problem is happening. My best guess is that it has to do with my updating Safari from 4.0.2 to 4.0.3, but I'm no tech guru.
I'd really appreciate the help! I'm posting my latest crash report in the post below!edit: I decided to reboot my machine just in case and now Safari is working just fine. If it hangs again I'll edit this post...
Message was edited by: roboslant -
How can i solve this replication problem between TT and ORACLE
Hi
I have an application that using AWT cashgroup implement the replication between TT (7.0.6.7) and ORACLE(10g);
but i encounter this problem:
16:16:50.01 Err : REP: 2302682: ABM_BAL_WH:meta.c(4588): TT5259: Failed to store Awt runtime information for datastore /abm_wh/abm_bal_ttdata/abm_bal_wh on Oracle.
16:16:50.02 Err : REP: 2302682: ABM_BAL_WH:meta.c(4588): TT5107: TT5107: Oracle(OCI) error in OCIStmtExecute(): ORA-08177: can't serialize access for this transaction rc = -1 -- file "bdbStmt.c", lineno 3726, procedure "ttBDbStmtExecute()"
16:16:50.02 Err : REP: 2302682: ABM_BAL_WH:receiver.c(5612): TT16187: Transaction 1316077016/357692526; Error: transient 0, permanent 1
the isolation level of my date store is read-committed ,and the sys.ODBC.INI file is also set Isolation=1(readcommitted mode)
so ,I still wonder how the error ORA-08177!
how can i solve this replication problem?
thank you.I suspect this is failing on an UPDATE to the tt_03_reppeers table on Oracle. I would guess the TT repagent has to temporarily use serializable isolation when updating this table. Do you have any other datastores with AWT cachegroups propagating into the same Oracle database? Or can you identify if some other process is preventing the repagent from using serializable isolation? If you google ORA-08177 there seem to be ways out there to narrow down what's causing the contention.
-
We recently upgraded to ACS 4.2. All works perfectly except for replication. I now receive an error
ACS Internal Database Replication Errors
1.To disable receiving of EAP-FAST replication component, "EAP-FAST master server" must be enabled on "Global Authentication Setup" page
We are not using EAP-FAST and it doen't appear to be enabled. EAP-FAST is not checked to replicate.I looked at that when I first got the issue. It saya that the server is Master. If I tick the box nothing changes and when I go back to that "Global Authentication" page the box is no longer ticked. The issue is the same on both the Primary Server and the Backup Server.
-
Session in-memory replication problem
Hi,
I am running into some cluster HttpSession replication problems. Here is
the scenario where replication fails (all servers mentioned here are a
part of a cluster).
1a - 2 Weblogic servers (A&B) are running - no users logged in,
2a - user logs in and a new session in server A is created.
3a - after several interactions, server A is killed.
4a - after user makes susequent request, Weblogic correctly fails over
to server B
Problem: Not entire session data is replicated. The authentication info
seems to
be replicated correctly but there are some collections in the session of
server A
that did not make it to the session in server B.
The interesting part is this: If there is only one server A running to
begin with and a user
interacts with it for a while and only then server B is started, when
after server B starts up
server A dies - the entire session (which is exactly the same as in the
failing scenario) is
corretly replicated in B, including collections that were missing in the
failing scenario.
How can this be possible ????
Thanks for any info on this one - it really puzzles me.
Andrew
Yes, you are on the right track. Everytime you modify the object you should call
putValue. We will make it more clear in the docs.
- Prasad
Andrzej Porebski wrote:
> Everything is Serilizable. I get no exceptions. I did however read some old
> posts regarding
> session replication and I hope I found an answer. It basically seems to boil
> down to what
> triggers session sync-up between servers. In my case , I store an object into
> session and
> later on manipulate that object directly wihotu session involvment and the
> results of those manipulations
> are not replicated - no wonder if HttpSession's putValue method is the only
> trigger.
> Am i on the right track here?
>
> -Andrew
>
> Prasad Peddada wrote:
>
> > Do you have non serializable data by any chance?
> >
> > - Prasad
> >
> > Andrzej Porebski wrote:
> >
> > > Hi,
> > > I am running into some cluster HttpSession replication problems. Here is
> > > the scenario where replication fails (all servers mentioned here are a
> > > part of a cluster).
> > > 1a - 2 Weblogic servers (A&B) are running - no users logged in,
> > > 2a - user logs in and a new session in server A is created.
> > > 3a - after several interactions, server A is killed.
> > > 4a - after user makes susequent request, Weblogic correctly fails over
> > > to server B
> > >
> > > Problem: Not entire session data is replicated. The authentication info
> > > seems to
> > > be replicated correctly but there are some collections in the session of
> > > server A
> > > that did not make it to the session in server B.
> > >
> > > The interesting part is this: If there is only one server A running to
> > > begin with and a user
> > > interacts with it for a while and only then server B is started, when
> > > after server B starts up
> > > server A dies - the entire session (which is exactly the same as in the
> > > failing scenario) is
> > > corretly replicated in B, including collections that were missing in the
> > > failing scenario.
> > >
> > > How can this be possible ????
> > >
> > > Thanks for any info on this one - it really puzzles me.
> > >
> > > Andrew
> >
> > --
> > Cheers
> >
> > - Prasad
>
> --
> -------------------------------------------------------------
> Andrzej Porebski
> Sailfish Systems, Ltd. Phone 1 + (212) 607-3061
> 44 Wall Street, 17th floor Fax: 1 + (212) 607-3075
> New York, NY 10005
> -------------------------------------------------------------
-
System Hang up problem in CS-5 (5.0.0 and 5.02 both ver.)
System Hang up problem in CS-5 (5.0.0 and 5.02 both ver.) I have HP machine with i 7 windows 7 and 8GB RAM. Here I'm pasting information from windows application errors:
09/24/2010 1:43PM Description A problem caused this program to stop interacting with Windows. Faulting Application Path: C:\Program Files\Adobe\Adobe Premiere Pro CS5\Adobe Premiere Pro.exe Problem signature Problem Event Name: AppHangB1 Application Name: Adobe Premiere Pro.exe Application Version: 5.0.2.0 Application Timestamp: 4c731297 Hang Signature: db9d Hang Type: 0 OS Version: 6.1.7600.2.0.0.768.3 Locale ID: 1033 Additional Hang Signature 1: db9d73861cc870992719a1805a937a6a Additional Hang Signature 2: 54f8 Additional Hang Signature 3: 54f896ba0ceb58b7b8c95873e69e4a38 Additional Hang Signature 4: db9d Additional Hang Signature 5: db9d73861cc870992719a1805a937a6a Additional Hang Signature 6: 54f8 Additional Hang Signature 7: 54f896ba0ceb58b7b8c95873e69e4a38 Files that help describe the problem AppCompat.txt Adobe Premiere Pro.exe.xml WERInternalMetadata.xml memory.hdmp minidump.mdmp View a temporary copy of these files Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.Hi,
if you post message, it would be great if you could include more information on the errors you are encountering. "startsap does not work" is not useful to give advises. You also may have get a quicker answer if you split up your long messages into smaller ones. In the middle of the text I found a simple question:
How will I create the db2support file? Can you give me the command for this?
Just use the db2support tool, which is described in detail in the DB2 documentation.
I know that multiple customers has managed to setup SAP on DB2 using HACMP. In addition some customers use the new Tivoli System Automation for Multiplatforms (SAMP).
Oh, I currently see that your message is from last year. I suppose you have solved the problems already.
Regards, Jens -
Shutdown Teststand 3.1 Engine Hangs
I am using TestStand 3.1 engine in combination with Labview 7.1. Everything works fine until I run a sequence file. After this run the logout/login and the shutdown do not work anymore. The complete engine hangs. When I look at the description of the shutdown method it says;
<QUOTE> Closes opened sequence files and executions. This method also releases the TestStand Engine. <UNQUOTE>
So thissee link http://forums.ni.com/ni/board/message?board.id=330&message.id=9566
for all further responses
Regards
Ray Farmer -
Hi Friends,
I have windows server 2003 domain at two location before somw month back its replication data
and its working fine but now i unable to see replicate data i mean i thing having replication problem
i gotted some evint id error on server
Event id error :- 5002 , 4202 , 1925 ,13568
Please help me .
Thanks,
MadhukarThe 4202 is staging quota size is too small.
Run these 2 Power Shell commands to determine the correct Staging Quota size:
$big32 = Get-ChildItem DriveLetter:\FolderName -recurse | Sort-Object length -descending | select-object -first 32 | measure-object -property length –sum
$big32.sum /1gb
Take that resulting number, round it up to the nearest whole integer, mulitply that times 1024 and enter that number on the Staging tab of the Properties of a replicated folder in DFS Mgt.
More info here:
http://blogs.technet.com/b/askds/archive/2007/10/05/top-10-common-causes-of-slow-replication-with-dfsr.aspx
Run this command to tell you the status of Replication:
wmic /namespace:\\root\microsoftdfs path DfsrReplicatedFolderInfo get replicatedFolderName, State
0: Uninitialized
1: Initialized
2: Initial Sync
3: Auto Recovery
4: Normal
5: In Error
Let us know how that goes. -
My iPhone5 is under warranty but during incoming call handset is hang. this problem 2-3 time a day. pleas help.
I'm experiencing what is I believe to be the same issue with my iPhone 4, and have been suffering in silence for about a week.
iPhone 4 model MC603X with Modem Firmware 04.10.01, 16Gb, cheap silicone cover, Vodafone NZ as my carrier.
My screen locks after 1 minute of inactivity as it should with my settings. Perhaps 1 call in 5, or 1 call in 10, the screen wakes up and displays called ID information etc correctly, but I cannot swipe to answer the call. The touch screen simply fails to respond.
If I push the power button briefly to silence the ringtone, this does not make a difference. The iPhone has to be locked (and screen turned off), then push a hardware button to wake up the display, and then I can swipe to unlock the device.
This is only since iOS 4.3 and unfortunately iOS 4.3.1 has not changed this behaviour.
Any advice appreciated.
Cheers, Mike -
Hi netPro,
when i start the replication that's an error ,
ACS Internal Database Replication Errors
Number Error
1 'User and Group Database' and 'Group Database' cannot be replicated together
what does it means ?
thanks.
regards,
JackHi Jack,
Under database replication components, either select "user and group database" or "group database only"..You can't have both selected, as first option include the other..
regards
Hamid -
Cisco ACS Engine appliance 1120 software upgrade
I want to upgrade my Cisco ACS Engine appliance 1120 from software version 3.3 to the latest version (5.x). How do I go about this? Someone should help please.
It is highly suspicious that you would have a 1120 appliance that is running 3.3
ACS 3.3 was with the ACS solution engine 1111, 1112 and 1113.
ACS 5 requires the appliance 1120/1121 so it requires an appliance change. I'm puzzled about how you could be running 3.3 for 1120 since there is no installation DVD for that.
As a general thing, one has to follow the ACS 5 migration guide on cisco.com that explains the process quite well. You need to go to acs 4.1/4.2 to migrate to 5.
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/migrate.html
Nicolas
Maybe you are looking for
-
My new Macbook Pro is cutting off suddenly and I do not know why
I recently got my Macbook Pro for Christmas and recently it has been cutting off suddenly. I do not know why,
-
5.0.1 update - battery issue - check usage/standby stats
There might be more than one problem but i did find mine and fix it. Check your usage and standby in general settings and if they are the same, then you have the same problem I had (they should not be the same). If they are the same, that means you
-
I've been using a 2nd Monitor (ViewSonic 1080p) with my MacBook for several years. After recent upgrade to Snow Leopard, MacBook no longer recognizes the 2nd monitor in the Preferences. Monitor/cables are fine and work with another laptop OK. Do I
-
Help I video a 7-8 minute of soemthing at school and it has been transferrred to iphoto from my iphone BUT now otehr parents want a copy and I cannot email it so I am trying a flash drive and still cannot import it to the flashdrive. Any suggestions
-
I bought my macbook pro this morning. When I turned it on it led me through set up with voice over. I finally quit VO but my pointer is not working. It moves but does not open anything. Can anyone help?