ACS v4.2.1 to v5.5 migration vmware

Similar Messages

• ACS 5.3 to ISE 1.2 Migration

  Hi Experts,
  Good Day!
  I really need help I already did some troubleshooting but the issue I'm encountering still exists.
  I am trying to migrate my ACS 5.3 to ISE 1.2 using the migration tool. I;m able to extract the data from ACS however, when I tried to import it in the ISE it shows me always the error in the attached file. It is using FQDN to detect the ISE however, I don't have any DNS server to translate my ISE IP to FQDN.
  Please help.
  Thank you.
  niks

  Migration Tool Installation Guidelines:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-1/migration_guide/ise_migration_guide/ise_mig_install.pdf

• ACS 5.4 to ISE 1.2 migration

  Hi,
  does somebody have an idea how to migrate users from ACS 5.4 to ISE?
  I tried with migtool, but it's telling me that migration from ACS 5.4 is not supported.
  However if I install older ACS 5.1 and restore a backup from ACS 5.4 then it fail because it doesn't match installed application.
  I don't want to use backup from older ACS as we put since that time so many users ...
  Thanks for any hint.
  Karel

  Hi Karel,
  As I see this is not supported so far. What you can do is to export your users from 5.4 and import them on 5.3 then proceed with the backup and migration process.
  If you still need to go with 5.4 you better communicate the TAC. They may help you better (they may probably have a patch to fix the issue with the migration from 5.4 to ISE).
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• VM migration (VMWare to Hyper-V) with the help of Orchestrator

  Hello There,
  I am planning to Automate the migration process with the help of scripts.
  But not sure how to make a flow on Orchestrator for the same.
  I have following things which can be used with Orchestartor:
  1. Script to perform VMware to Hyper-V Migration.
  2. Script to perform VM Status check post migration.
  So how can i use these script with Orchstartor to automate migration?
  Looking forward to hear from you.
  Regards,
  Prashant Sahane

  if you have the scripts there is not necessarily any reason to involve Orchestrator.
  If you want to ex. put a migration offering on the SM portal you could use Orchestrator. As Powershell and Orchestrator does not play well you may want to consider having Orchestrator write key data to a file, then have a scheduled script pick up these files
  and start the migration using the scripts you have.
  You could also have a script to monitor new requests and launch the script from there. This is one case where a customized service request class could come into play.
  http://codebeaver.blogspot.dk/

• Live migrate Vmware to Hyper-v

  Hi,
  Is anyone aware of an available option (or 3rd party tools) to V2V Vmware to hyper-v without (or very minimal) downtime? As far as i know, both the standalone MVMC and SCVMM require for the VM to be off while covering.
  One option i could think of is to Disk2VHD from within the guest, and then manually uninstall the VMware tools/install hyper-v integration. Besides for it being very manual-labor intensive, im not sure how Disk2VHD snapshots. Like what happens to changes
  while Disk2VHD is running?

  We have been using Vision's Solutions - Double Take Move in such projects. It might remind you a bit of how Hyper-V Replica is working, where you will have downtime during the "cutover" process, where the VM is powered on on Hyper-V.
  This can be handled manually through the console, or automated using powershell.
  Please be aware that you need to uninstall the VMware tools and then install the IC components of Hyper-V.
  Another solution could be the SHIFT approach using a NetApp appliance.
  This moves the VMware storage to NFS, then it's converted to SMB and Hyper-V.
  -kn
  Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )

• ACS migration tool fails

  Hi, running the migration tool, I receive the following request:
  Make sure that the database is running.
  ACS 4.x DB is not available, Enter ACS 4.x database password(Encrypted Password)
  With the plain database password, used during the ACS installation,  I receive a fatal error message at the end of the procedure like this: "Fatal Error !! - cannot connect to ACS 4.x DB !!"
  Where can I find the ACS encrypted database password ?
  Following the migration log:
  10-07-2011 11:41:31 MigrationApplicationCLI.getUserInformation(MigrationApplicationCLI.java:953)ERROR - Could not Invoke ACS 4 Password read system.Error at C:\Work\ACS5x\ccweb_views\dgash_acs5_0_lenovo\vob\nm_acs\acs\mgmt\migration\DbPassword\Password.c line 1265, API calle
  10-07-2011 11:46:52 MigrationApplicationCLI.getUserInformation(MigrationApplicationCLI.java:953)ERROR - Could not Invoke ACS 4 Password read system.Error at C:\Work\ACS5x\ccweb_views\dgash_acs5_0_lenovo\vob\nm_acs\acs\mgmt\migration\DbPassword\Password.c line 1265, API calle
  10-07-2011 11:58:08 JavaUtils.isAttachmentSupported(JavaUtils.java:1308) WARN - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
  10-07-2011 11:58:28 ACS4Connector.checkDBConnectivity(ACS4Connector.java:137)FATAL -  Fatal Error !! - cannot connect to ACS 4.x DB !!
  java.sql.SQLException: [Sybase][ODBC Driver][Adaptive Server Anywhere]Invalid user ID or password
  at ianywhere.ml.jdbcodbc.IDriver.makeODBCConnection(Native Method)
  at ianywhere.ml.jdbcodbc.IDriver.connect(IDriver.java:354)
  at java.sql.DriverManager.getConnection(Unknown Source)
  at java.sql.DriverManager.getConnection(Unknown Source)
  at com.cisco.nm.acs.mgmt.migration.ACS4Connector.getConnecter(ACS4Connector.java:66)
  at com.cisco.nm.acs.mgmt.migration.ACS4Connector.checkDBConnectivity(ACS4Connector.java:133)
  at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.runExport(MigrationApplicationCLI.java:605)
  at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.main(MigrationApplicationCLI.java:266)
  I'm running the migration tool on a clone VMware machine, from the console.
  thank you in advance

  Hello, i have the same issue, migration utility can get acs4.x database password, entering the correct password does not change the errror message: "05-07-2014 16:19:41 MigrationApplicationCLI.getUserInformation(MigrationApplicationCLI.java:953)ERROR - Could not Invoke ACS 4 Password read system.Error at C:\Work\ACS5x\ccweb_views\dgash_acs5_0_lenovo\vob\nm_acs\acs\mgmt\migration\DbPassword\Password.c line 1265, API calle"
  It seems that there is somewhere in the scripts a coded path to "C:\Work\ACS5x\ccweb_views\dgash_acs5_0_lenovo\vob\nm_acs\acs\mgmt\migration\DbPassword\Password.c"
  tried to search within the files in the migration utility directory, but no success.
  Does anybody know the answer?
  regards
  Thomas

• ACS 4.x server migration

  Hi Guys,
  We have ACS 4.x server which we are migrating to a new windows machine. Due to standards requirement new ACS will be installed in seperate directory in new machine.
  I would like to know if there are any potential issues that I should be aware while doing the database migration from one machine to another machine.
  For example  Database could point to original directory for logs and replication could fail in new machine since original dir path do not exist in new server installation
  Appreciate your inputs..

  Once you installed ACS on the new machine, you should be able to restore a backup of the database from the original ACS, if you have any problems with this please open a TAC case and we'll help you out.

• ACS 5.2 Authentication Issue with Local & Global ADs

  Hi I am facing authentication issue with ACS 5.2. Below is AAA flow (EAP-TLS),
  - Wireless Users >> Cisco WLC >> ADs <-- everything OK
  - Wireless Users >> Cisco WLC >> ACS 5.2 >> ADs <-- problem
  Last time I tested with ACS, it worked but didn't do migration as there'll be changes from ADs.
  Now my customer wants ACS migration by creating new Group in AD, I also update ACS config.
  For the user from the old group, authentication is ok.
  For the user from the new group, authentication fails. With subject not found error, showing the user is from the old group.
  Seems like ACS is querying from old records (own cache or database). Already restared the ACS but still the same error.
  Can anyone advice to troubleshoot the issue?
  Note: My customer can only access their local ADs (trusted by Global ADs). Local ADs & ACS are in the same network, ACS should go to local AD first.
  How can we check or make sure it?
  Thanks ahead,
  Ye

  Hello,
  There is an enhacement request open already:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte92062
  ACS should be able to query only desired DCs
  Symptom:
  Currently on 5.0 and 5.1, the ACS queries the  DNS with the domain, in order to get a list of all the DCs in the domain  and then tries to communicate with all of them.If the connection to even one DC fails, then the ACS connection to the domain is declared as failed.A lot of customers are asking for a change on this behavior.
  It  should be possible to define which DCs to contact and/or make ACS to  interpret  DNS Resource Records Registered by the Active Directory  Domain Controller to facilitate the location of domain controllers.  Active Directory uses service locator, or SRV, records. An SRV record is  a new type of DNS record described in RFC 2782, and is used to identify  services located on a Transmission Control Protocol/Internet Protocol  (TCP/IP) network.
  Conditions:
  Domain with multiple DCs were some are not accessible from the ACS due to security/geographic constraints.
  Workaround:
  Make sure ALL DCs are UP and reachable from the ACS.
  At the moment, we cannot determine which Domain Controller on the AD the ACS will contact. The enhacement request will include a feature on which we can specify the appropriate the Domain Controllers the ACS should contact on a AD Domain.
  Hope this clarifies it.
  Regards.

• Can i configure a network with ACS and ISE?

  I have both acs and ise, how do i integrate these appliance to work togheter?
  Thanks

  ISE does not interoperate with Cisco Secure ACS deployments. The Cisco Identity Services  Engine can work in tandem with Cisco NAC Manager to provide the same  profiling service as the NAC Profiler, which has reached end-of-sale  status.
  Existing Cisco Secure ACS customers using network  access can easily migrate to the Cisco Identity Services Engine platform  using migration part numbers and tools. However, existing Cisco Secure  ACS customers using TACACS functions will not be able to migrate to the  current version of ISE for network device identity management which is  often acceptable for customers who prefer to keep user and network  identity on separate systems.

• 2008 stand-alone server acs software available?

    I am using acs 4.2 on a windows 2003 server sp2 in my current network. The network is being replaced and I am being given a windows 2008 software/server and to build the app. I am  a little confused as too the available software. The only 5.4 acs software I see is for the appliance and vmware. What software is there available for standalone servers that in not end-of-life ?  Or do I use acs 4.2 on the standalone server and upgrade it all the way to 5.4. I would think they would have a base package at one of the 5.x levels..Any information would be appreciated

  Hi ,
     I would like to inform you about the following things:
  1. ACS 5.x cannot be installed on the widnows server as ACS 4.x
  2. ACS 5.x can only be installed on the vmware (Linux based) or comes as an applaince.
  3. ACS 4.x is a windows based box and ACS 5.x is a linux based appliance/VMware
  4. You can configure vmware or an appliance as a stand alone ACS5.x box.
  5.ACS 4.2.1.15 is available till now and is not end of life yet.
  6. You can upgrade the ACS 4.2.0.124 to 4.2.1.15, However its not compatible with windows 2008 r2 box.
  7.You cannot upgrade the ACS 4.2 to ACS 5.4, You will have to purchase a seprate license for ACS 5.4 and then you can migrate the database from 4.2 to 5.4
  Regards
  Minakshi (Do rate helpful posts)

• ACS 5.1 reset to factory setting,

  Dear All
  i got the ACS 5.1 at work..
  after migrating the data from 4.1 a lot of data got changed into the 4.1 so I needed to reset my configuration (since i played around with the 5.1)
  after doing so, I can't access the web page, to start the configuration again
  tried the administrator-setup but it didn't work,
  I got stuck ,, i dont want to format the appliace all over again,
  can someone help me out
  Thanks In Advance

  ^_^
  Since no one answered this question..
  the username and password have been reseted to
  USERNAME: ACSadmin
  Password: default
  Thanks everyone

• Cisco ACS 4.2 Solutions Engine replacement advice

  Hi everyone,
  I am hoping to get some advice on an upcoming upgrade.  We currently have a Cisco ACS 4.2 Solutions Engine.  (That's the physical appliance).  It is coming to end of support and we are looking to replace.  Here is what we use it for today:
  1. TACACS+ AAA for all routers and switches.  Gives us great reporting.
  2. PEAP Authentication for our wireless network off of a 5508 Wireless Controller.
  3. Machine Access Restrictions for our Wireless network.  (Basically Machine Authentication)
  I believe that is all we use it for today.  That said, hoping to get some of your opinions on a replacement.
  Any advice or opinions are greatly appreciated.
  Thanks,
  Josh

  Hi Josh,
    To add up to the above post, You will have to undergo the migration process from going to ACS 4.2 to ACS 5.4.
  Here is the migration guide:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/migration/guide/Migration_support.html
  Regards
  Minakshi
  (Do rate the helpful posts )

• Problem in ACS 5.2 on Virtual Machine

  Hi Everyone !
  I have a problem with the interface on the ACS 5.2 , The inferface work fine but going down unexpectedly and only if I make (for example) a ping to the default gateway it come back.  
  Please somebody can help me ??
  Regards.
  Rodrigo

  We say that it's not tested by cisco, You will be able to install ESX 4.1 just fine but there might be some issues with services/processes . In that case TAC won't support those issues. Vsphere is a Vmware  managment tool. ACs 5.x doesn't support/run on vspehere. ACS 5.3 should  officially support ESX 4.1
  Virtual Machine Requirements
  The minimum system requirements for the virtual machine must be similar  to the CSACS-1120 Series appliance hardware configuration.
  Table 6-1 lists the minimum system requirements to install ACS 5.2 on a VMware virtual machine.
  Table 6-1     Minimum System Requirements
  Requirement Type Minimum Requirements
  CPU
  Intel Core2; 2.13 GHz
  Memory
  4 GB RAM
  Hard Disks
  500 GB of disk storage
  NIC
  1 GB NIC interface
  Hypervisor
  VMware ESX 3.5 or 4.0
  Note You  can use VMware Server 2.x only for an evaluation version of ACS 5.2.  For an evaluation version, the disk space must be between 60 GB and 500  GB. Evaluating ACS 5.2
  For evaluation, ACS 5.2 can be installed in a VMware Server 2.x virtual  machine or a VMware ESX virtual machine. When evaluating ACS 5.2, you  can configure less disk space in the virtual machine, but a minimum disk  space of 60 GB is required.
  Rgds, Jatin
  Do rate helpful posts~

• Cisco ACS on Virtual Server

  Hi,
  I have a virtual server running ACS v4.1, when i try and authenticate against Active Directory i get a failed with the Failure-Code of "Internal Error".
  Does anyone know if this is this a compatability issue?
  Many thanks
  Chris

  Hi Chris,
  Few things before troubleshooting. According to release notes:-
  ++++++++++
  •VMware. ACS 4.1 was tested on the following VMWare platform:
  -VMWare ESX server 3.0.0
  -Processor-AMD Opteron Dual core
  -# of Virtual machines-4
  -Guest operating system-Windows 2003 Standard Edition
  -RAM for each guest operation system-3 GB
  Note The Microsoft JVM is no longer supported. ACS 4.1 supports the Sun Java Run-time Environment (JRE) 1.4.2_04. This is an ACS for Windows web client requirement.
  Note ACS is supported on Windows Server 2003 R2.
  +++++++++++++++++++++++++++++++++++++
  http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/release/notes/RNacs41.html#wp140886
  +++++++++++++++++++++++++++++++++++++
  'Internal error is a very generic error and to find out the real cause i need to check the logs from ACS. Auth logs, tacacs/raduis depends upon the authen method alon with time stamp
  You need to make sure that ACS is installed on tested platform otherwise you will keep on facing unexpected errors.
  Vinay

• Migrate vCenter Server Database

  Hi,
  I have vCenter database on SQL Server 2008 R2 SP1 CU1. Now I have installed SQL Server 2012 on new server. I need to migrate the Database to this new server SQL Server 2012.
  Please give KB note.
  Regards
  Bilal

  Hello,
  Please refer to the following VMWare support article?
  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=7960893
  We used that article to migrate VMWare databases to SQL Server 2012 SP1.
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com