ACS verison 3.3
hi, in our environment we have Cisco ACS v3.3 in windows 2003 and trying to upgrade it ACS v4.1.4. but found the data replication from v3.3 to v4.1.4 is causing a issue.
Pls let us know is there way to do data replication with this different code.
thanks
Gopinath V
Hi Gopinath,
For replication process, the primary & secondary servers should be in same version.
Kindly upgrade primary & secondary to 4.1.4 and initiate the replication.
Snippets from User Guide:
"All ACSs that are involved in replication must run the same release of the ACS software. For example,
if the primary ACS is running ACS version 3.2, all secondary ACSs should be running ACS version 3.2.
Because patch releases can introduce significant changes to the ACS internal database, we strongly
recommend that ACSs involved in replication use the same patch level."
If both ACS (primary & secondary) are in same version and still your are facing some issues, let me know.
Thanks,
Srividhya
Similar Messages
-
How enable read only access for ACS server itself
Hi,
We would like to know whether its possible to create a read only access to the ACS server. Currenlty ACS server has a generic login with full admin rights.
We need to create a login to couple of users to log into ACS to check the "Report and Activity" tab. Access to all other tabs should be disabled.
We are using ACS4.0 verison. Please let me know whether its possible.
Thanks
NachiHi,alexchy8
We can make use of 2 PowerShell commands to achieve this goal.
Add-MailboxPermission and Add-MailboxFolderPermission.
Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
You can read the following article as reference:
http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards. -
Windows ACS 4.2.0 backup database on acs 1120 appliance 4.2.1.15
Hi All ,
I am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto 4.2.0.124 ,step by step by upgrade process
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable on 90 days evalution package of 4.2.0.124 of windows platform .
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1),kindly suggest on thisHi Anisha\Devashree ..
Awsome !!!!!!!!!!!!!!!!!!!!! Thanx for your great support on this , I will try to restore database directly to my appliance running 4.2.1.15.3 and let you know if i find any diffuculties ....
My databse is about 15MB, if i found any diificutlies during restoring , i will downgrade my appliance to base version of 4.2.0.124 then i will restore my 4.2.0.124 database by enabling restore option from 4.2.0.124 to 4.2.1. And i will apply the patch , Thank you .
Devashree : There should not be any problem right ?? by enabling restoring option from 4.2.0.124 to 4.2.1 during system restore , if your appliance is running acs version 4.2.0.124 as a operating one -
Hi,
I have a client who has a mostly Nortel network who requires a RADIUS and TACACS+ authentication system to work with Nortel and Cisco equipment to authenticate administrative logins.
Does any one know please if an ACS appliance or the Windows verison 4.2 will be able to provide RADIUS/TACACS+ to both Cisco and Nortel equipment without any major configuration work?
Thanks very much for your help.
DarrelOn ACS server, we have Radius[Nortel] Attributes.
You have to configure the " Nortel switches " as AAA client on ACS server. The configuration on switch config should be :
On ACS server > Network Config > under AAA client :
- AAA client name = Switch
- AAA client IP address = IP address of switch
- Shared secret key = secret key on switch
- Authentication Protocol = Radius[Nortel]
Then you need to enable nortel attributes
ACS--->Interface configuration--->Nortel. Enable attributes you need.
Now in group you need to check these attributes
Regards.
~JG
Do rate helpful posts -
ACS 5.3 Default Backup Password
When doing a backup on any of the ACS 5.x appliances by default the backup is encrypted with PGP. What password is used for that? Is it configurable?
It is not configurable and that information wasnt made public. However, when you restore it should be able to decrypt it just fine.
You can try opening a TAC case but when I was in TAC wasnt able to find that key either.
Thanks,
Tarik Admani
*Please rate helpful posts* -
Error message telling me to download latest verison of adobe flash player even though i have it
When i try and watch videos on facebook or any other video clips i have, i cant as it brings up a message telling me i need to download the latest message of adobe flash player and adobe, even though i have already got the most upated versions of all adobe programs. I click on the link it supplies to down load the latest verison just to be sure, it come up and downloads as normal and says installation complete, but when i go back in to watch the video clip it just keeps bringing up the same message asking me to download the latest version Please help solve this issue
I am using windows 7 64 bit
i am using internet explorer 10
flash player 11 activx is the one i am having issues with
The problem i am having is that i cannot access any video clips at all on any web page, i have a message that comes up and says i need to download the latest version of adobe flash player, please click link to download, upon clicking on the link it downloads and installs successfully however i am still unable to view any video clips on any webpage and all it does is bring up the same message over and over again even though i have the most updated version of flash player installed. I have tried uninstalling and re intsalling flash player most updated version several times to no avail -
Flash player 10.3.1.8.34 (lastest verison)icon on my desktop ,does not work ?
.I>m using windows7 OS IE9 downloaded and installed fifty times and it always say download and installation was sucessful ,that I"m now using flashplayer 10.5 ect. there is the flashplayer icon sitting right on my desktop .from control panel in programs there is is adobe flash player in the list. every time i click to view a video,says to view this i need to download flash player over and over, I"ve read all the other post.tried all the answers ,been to all support sitesmore than 10 times each I"ve been up all night again it"s now morning i"m still lost.all help will be appreciated................................... penny
Yes all that u sugested i followed from the help and support at adobe.Now i downloaded flashplayer beta 11 and it"s working perfectly .I"m at peace for the moment.In my profile i "ve given my PC model and the whole works on my system.for the record I"m using windows7,IE 9,64bit shockwave is enabled and active xfiltering was disabled it just would not work..
thank u very much
From: ʇɐb ɹəuəllıʍ <[email protected]>
>To: penny torrence <[email protected]>
>Sent: Monday, July 25, 2011 8:57 PM
>Subject: Re: flash player 10.3.1.8.34 (lastest verison)icon on my desktop ,does not work ?
>
>
>1. There is no Flash Player 10.5; the currently available version is 10.3
>2. What Internet Explorer version are you using: 32-bit or 64-bit?
>3. What Windows version are you using: 32-bit or 64-bit?
>4. Have you checked the add-ons on IE9 (Shockwave Flash Object); is it enabled?
>5. Have you checked ActiveX Filtering on IE9; is it enabled? (It needs to be disabled.)
> -
How to migrate multiple ACS database into one ACS database ?
Hey All,
we just purchased several companies and as IT/network department, we need to consolidate all the ACS from the HQ and the purchased company into one ACS, I read the cisco docs. mentioned, I can export the migration file from the old acs and upload it into the new acs serve.
but my concern is we have multiple acs server, will the the muliple acs migration files overwrite each other during the upload into the new server.
thanksRaghavender -
I am not an expert on MySQL migration, but you would look to migrate the database to a local Oracle Database and then move that to your Database Cloud Service. However, keep in mind that at this time you can only access the Database Cloud Service from outside the Cloud via RESTful Web Services, so you might have to modify the application that accesses the database. Hope this helps.
- Rick Greenwald -
ACS any Version with Domain Controller on Windows Server 2008 R2 64bit
Hi All
Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?
Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.
I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
Thanks
patoHi AllIs there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our
server stuff has recently upgraded the Domain Controllers to 2008r2 and
turned off the 2003 servers. This didn't make our ACS 4.1.4 really
happy.I've read now serveral posts regarding issues with ACS and
Server 2008r2 and hope to find a solution (besides switching to LDAP,
yukk).Thankspato
Hi Pato,
Just check out the below link hope that help.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html
As per the link it says The support for Windows Server 2008 is applicable for ACS 4.2 Patch 4 onwards.
Hope to Help !!
Remember to rate the helpful post
Ganesh.H -
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
-
Can I obtain access token from ADFS 3.0 based on OAuth ACS-token that I already have?
Hello!
I have the following setup: iOS device, ACS/WAAD is IDP and ADFS 3.0 as RP, securing access to WIF web service.
I want iOS application users to be able to access ADFS-protected web-service.
I have created some users in WAAD, configured trust between ACS IDP and ADFS RP.
ADFS is registered in WAAD with AppID = ADFSAppID
I am doing the following request in order to obtain authorization token for iOS app user from ACS:
const string issuerName = "[email protected]";
const string issuerPassword = "Password!23";
var authContext = new AuthenticationContext("https://login.windows.net/ADFSAppID");
var uc = new UserCredential(issuerName, issuerPassword);
var result = authContext.AcquireToken("http://adfs.appdomain.com/adfs/services/trust",
"ADFSAppID",
uc);
_authHeader = result.CreateAuthorizationHeader();
So, I have a token from ACS in JWT format.
Now I need to present this token to ADFS in order to obtain a new token that I can use to access the web-service. I am trying the following POST-query:
https://adfs.appdomain.com/adfs/oauth2/token?grant_type=authorization_code&code={0}&client_id=ADFSAppID&redirect_uri=http://web_service_url
However, when I try accessing web service with that token, I am getting 403:unauthorized and redirected back to ADFS.
I have already tries lots of code solutions, such as
http://leastprivilege.com/2010/10/28/wif-adfs-2-and-wcfpart-6-chaining-multiple-token-services/
http://www.cloudidentity.com/blog/2013/07/30/securing-a-web-api-with-windows-server-2012-r2-adfs-and-katana/
http://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html
But somehow the problem remains: I cannot get such authentication token from ADFS that it is accepted by my webservice as a valid token.
Can anybody provide any links or code samples of token exchange between ACS and ADFS?Yes, it is. I was able to authenticate normally, if I am using ADFS as IdP for WIF RP.
But when Azure is IdP for ADFS-protected WIF WS, I am unable to get tokens that would be accepted by WIF WS -
ACS SHAREPOINT AZURE ACTIVE DIRECTORY
Hi,
I am trying to get this scenario working, I have a Sharepoint front end and a service webapi backend, I have my web API protected using AAD as IDP. And because Sharepoint only supports SAML 1.1 I had to use ACS to be the federation provider as ACS gives SAML1.1.
Now my question is how can I get a JWT token to access my backend from Sharepoint which has access to the SAML1.1 token which it got when user initially authenticated himself.
Any help will be really appreciated as I have been stuck on this for 4 days or so.
Thanks,
Bala
BalaLooks like it is working fine. Steps 1) User redirected to ACS when logs into sharepoint configured with ACS as the provider. 2) Chooses AAD as the IDP 3) logs into AAD, gets redirected back to ACS and gets the SAML 1.1 token. 4) Now when I redirect my browser
from inside sharepoint to AAD requesting a token for the user requesting an Authorization code I get it from AAD.
Here the bit I think why it does work is my browser has the cookies that have fedAuth cookies which AAD had issued in the first place. Can someone confirm that it is actually the case. For now I think it is working this way for me.
Bala -
Help adding new WLC to existing ACS
Hi All,
I need help with this.
This network has a working WLC that authenticates wireless users against an ACS by MAC address. It works fine.
I need to add a new WLC.
I added the WLC, the APs connect to the WLC fine, but the users get limited connectivity and we've found out that is because the new WLC is getting authentication errors against the ACS.
The configuration of the new WLC is exactly the same as the current working WLC and both controllers show as AAA clients on the ACS.
I want to know if somebody can point me out in the right direction to solve this.
There's connectivity fine between all devices (as far as PING goes), and there's no Firewall or filters in between.
The difference I see on both WLCs is that on the working one (WLC1), under Security - AP Policies, we see the AP Authorization List with the MAC addresses/cert type/hash. We don't get this information on the non-working WLC (attached document shows both)
Also in the attached document, I'm sending the errors I get no the WLC2 controller.
Any help is greatly appreciated.
Federico.Federico,
I didn't get you when you say that you see only One WLC under groupsetup/Mac address. Could you please elaborate this?
Also, if you don't know see any NAR configured under shared profile component then check inside the group/user setup there must be either ip based or CLI/DNIS based NAR configured for WLC's and looking at failed attempts it seem that action is denied.
HTH
Regds,
JK
Do rate helpful posts- -
Problem when try to use ACSE+ Windows AD to authenticate two kind of WLAN c
I met a problem when try to use ACSE+ Windows AD to authenticate two kind of WLAN clients:
1. Background:
We have two WLAN: staff and student, both of them will use PEAP-MSCHAPv2, ACSE will be the Radius server, it will use Windows AD's user database. In AD, they create two groups: staff and student. The testing account for staff is staff1, the testing account for student is student1.
2. Problem:
If student1 try to associate to staff WLAN, since both staff and student WLAN using the same authentication method, the auth request will be send to AD user database, since student1 is a valid user account in AD, then it will pass the authentication, then it will join the staff WLAN. How to prevent this happen?
3. Potential solution and its limitation:
1) Use group mapping in ACSE(Dynamic VLAN Assignment with WLCs based on ACS to Active Directory Group Mapping), but ACS can only support group mapping for those groups that have no more than 500 users. But the student group will definitely exceed 500 users, how to solve it?
2) Use methods like âRestrict WLAN Access based on SSID with WLC and Cisco Secure ACSâ: Configure DNIS with ssid name in NAR of ACSE, but since DNIS/NAR is only configurable in ACSE, don't know if AD support it or not, is there any options in AD like DNIS/NAR in ACSE?
Thanks for any suggestions!I think the documentation for ACS states:
ACS can only support group mapping for users who belong to 500 or fewer Windows groups
I read that as, If a user belongs to >500 Windows Group, ACS can't map it. The group can have over 500 users, its just those users can't belong to more than 500 groups. -
ACS 5.3 - Backups fail to TFTP, work to DISK
Hi All,
I'm configuring ACS for the first time and the config is complete and working, except backups of the view database. I've created a TFTP repositiory and if I perform a manual backup or wait for a scheduled one to occur it fails. I do get a .tar.gpg file in the TFTP server (but can not restore from it as it's not listed in "Restore" as a backup).
It works fine if I create and use a local disk repository. I get a .tar.gpg but also a catalog.xml and repolock.cfg file (which I don't in TFTP). Looking at the logs on the TFTP server I can see it tries repeatedly to read the catalog.xml file but fails:
Read request for file <DB/catalog.xml>. Mode netascii [15/07 16:05:52.167]
File <DB\catalog.xml> : error 2 in system call CreateFile The system cannot find the file specified. [15/07 16:05:52.167]
That seems correct, the file doesn't exist. However it never seems to try and create it.
(I've created 4 or 5 TFTP repositories testing this, all behave the same)
Any ideas?
PaulPaul,
TFTP will not work because the protocol doesnt support directory listing, what the ACS is trying to do is determine if a backup is currently running by looking into the repolock.cfg file. It also tries to see the contents of the catalog.xml file so that when a incremental backup is triggered it will add a line of the first full backup followed by all the incremental backups. Your best bet is to use ftp as the backup and this will fix the issue you are facing.
thanks,
tarik Admani
Maybe you are looking for
-
I upgraded my phones to ios 5. My wife and I merged our info to clould. My wifes phone piccked up all my saved contacts after the update was complete and then deleted them off her phone. It also deleted them off my phone. How can I retrieve my co
-
[SOLVED] Recommendations needed - Arch + Apache for local development
Hello, I'm a new Arch user, and relatively new with Linux. I'm getting to like Arch very much. I do web development, and I do most of my programming in PERL. I have already installed perl and some tools, and I'm about to install apache. The Idea is t
-
Some email script is changed to unreadable!
Not all mail is unreadable, just some. It comes in an looks like the script used to show how words are pronounced... the script with accent marks, backwards b's and unusual (to me) symbols. If I email the note to my gmail account the script returns t
-
X11 BadWindow (invalid Window parameter)
Hi everyone! Here is the issue: Im using X11 to access and SGI (Silicon Graphics) IRIX system. I had it working once, then I rebooted both machines and never again has it worked. When I run the command Xnest :1 -query 192.168.X.X the IRIX login windo
-
T410 palmrest creaking driving me insane
Hi all, Is anyone else experiencing this creaking issue on the left side of the Thinkpad T410 palmrest? Every time I type something and I set my palm on the palmrest it makes this creaking sound that is driving me bonkers. Any ideas what's causing it