Radius auth to standby ASA in Active Active Failover
Hi Everyone,
When ASA is in Active/standby failover i can ssh to standby ASA using Radius.
But when ASA is in multi context mode Active/Active failover i can not do Radius Auth to standby ASA?
Is this default behaviour?
Regards
MAhesh
I would not have thought this is the default behavior...but then again, I have never tested this. If you console into the standby context issue the command show run | in aaa. Which authentication database is indicated?
Please remember to select a correct answer and rate helpful posts
Similar Messages
-
IPS modules in Cisco ASA 5510 Active/Standby pair.
All, I am looking to add the IPS module to my ASA 5510's. I am contemplating only purchasing one module and placing it in the active ASA. I am willing to accept that in a failure scenario I will loose the IPS functionality until the primary ASA is recovered. I have not had a chance to talk to my SE to see if this is even possible. Has anyone attempted a deployment such as this? Will it work and is it supported?
Sent from Cisco Technical Support iPad AppOk, that is what I needed to know. The purpose of us having an active/standby ASA is to keep the business up and going for the very rare times there could be an active ASA failure. The purpose for the IPS would be to help protect and inspect traffic and is not necessary to keep the business running. If we implement IPS I am not worried at all if during the times when the primary ASA is down (hasn't been down for over three years now) we lose the IPS funcationality. This is not worth the $1000 extra per year to us.
Thanks for the responses though. That answers my questions. -
Issue in configuring Standby Database from Active database in 11g by RMAN
POSTED THE SAME IN DATA GUARD CATEGORY UNABLE TO DELETE
Hi All,
I am facing issue in creating the standby database from Active database using RMAN and getting the below issue after i executed the duplicate command.
Version of Database:11g(11.2.0.1.0)
Operating System:Linux 5
Error:
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of Duplicate Db command at 12/21/2012 17:26:52
RMAN-03015: error occurred in stored script Memory Script
RMAN-04006: error from auxiliary database: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
Primary Database Entries:
Tnsentry:
SONYPRD =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.131)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = sonyprd.localdomain)(UR=A)
SONYPRDSTBY =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.132)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = sonyprdstby)(UR=A)
Listner Entry:
SID_LIST_SONYPRD =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtproc)
(ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1)
(PROGRAM = extproc)
(SID_DESC =
(SID_NAME = SONYPRD)
(GLOBAL_DBNAME = SONYPRD)
Auxiliary Details:
Tns Entry:
SONYPRD =
(DESCRIPTION =
# (ADDRESS = (PROTOCOL = TCP)(HOST = oracle11g.localdomain)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.131)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = sonyprd.localdomain)
SONYPRDSTBY =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.132)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = sonyprdstby)(UR=A)
Listener Entry in auxiliary:
SID_LIST_SONYPRDSTBY =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = SONYPRDSTBY)
(ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1)
(SID_NAME = SONYPRDSTBY)
TNSPING from Primary DB:
[oracle@oracle11g ~]$ tnsping sonyprdstby
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 21-DEC-2012 17:39:28
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.132)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = sonyprdstby)(UR=A)))
OK (0 msec)
TNSPING from Auxuliary server
[oracle@oracle11gstby ~]$ tnsping sonyprd
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 21-DEC-2012 17:40:19
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.131)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = sonyprd.localdomain)))
OK (10 msec)
Script Used for duplicate:
run {
allocate channel prmy1 type disk;
allocate channel prmy2 type disk;
allocate channel prmy3 type disk;
allocate channel prmy4 type disk;
allocate auxiliary channel stby type disk;
duplicate target database for standby from active database
spfile
parameter_value_convert 'sonyprd','sonyprdstby'
set db_unique_name='sonyprdstby'
set db_file_name_convert='/sonyprd/','/sonyprdstby/'
set log_file_name_convert='/sonyprd/','/sonyprdstby/'
set control_files='/u01/app/oracle/oradata/control01.ctl'
set log_archive_max_processes='5'
set fal_client='sonyprdstby'
set fal_server='sonyprd'
set standby_file_management='AUTO'
set log_archive_config='dg_config=(sonyprd,sonyprdstby)'
set log_archive_dest_2='service=sonyprd ASYNC valid_for=(ONLINE_LOGFILE,PRIMARY_ROLE) db_unique_name=sonyprd'
Tried the script from both Primary and auxiliary but no luck
[oracle@oracle11gstby admin]$ rman target sys/welcome@sonyprd auxiliary sys/*****@sonyprdstby
Recovery Manager: Release 11.2.0.1.0 - Production on Fri Dec 21 17:26:24 2012
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: SONYPRD (DBID=3131093559)
connected to auxiliary database: SONYPRD (not mounted)
Listener Status from primary:
[oracle@oracle11g ~]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 21-DEC-2012 18:08:56
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 20-DEC-2012 17:42:17
Uptime 1 days 0 hr. 26 min. 41 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/localhost/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost.localdomain)(PORT=1521)))
Services Summary...
Service "sonyprd.localdomain" has 1 instance(s).
Instance "sonyprd", status READY, has 1 handler(s) for this service...
Service "sonyprdXDB.localdomain" has 1 instance(s).
Instance "sonyprd", status READY, has 1 handler(s) for this service...
The command completed successfully
Listener Status from Standby when database bring to Nomount state:
[oracle@oracle11gstby admin]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 21-DEC-2012 18:11:54
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 21-DEC-2012 16:13:47
Uptime 0 days 1 hr. 58 min. 6 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/oracle11gstby/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle11gstby)(PORT=1521)))
Services Summary...
Service "sonyprdstby" has 1 instance(s).
Instance "sonyprdstby", status BLOCKED, has 1 handler(s) for this service...
The command completed successfully
Please provide any work arounds to proceed further in creating the standby database.
Thanks,
Ram.
Edited by: 895188 on Dec 21, 2012 5:50 PM
Edited by: 895188 on Dec 21, 2012 6:09 PM
Edited by: 895188 on Dec 21, 2012 6:22 PMHello;
Script has to be run from auxiliary.
Great details, but what I don't see is how you connect in RMAN.
Example
Start RMAN
$ORACLE_HOME/bin/rman target=sys/@recover2 auxiliary=sys/@reclone
Recovery Manager: Release 11.2.0.2.0 - Production on Wed Feb 22 14:50:31 2012
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: RECOVER2 (DBID=3806912436)
connected to auxiliary database: RECLONE (not mounted)Nothing in your tnsnames or listener jumps out as wrong. I copied them into my text editor and compared against my working ones.
Generally for active duplication I start the future standby on a pfile NOMOUNT.
Auxiliary Instance Initialization Parameters Needed :
DB_NAME
CONTROL_FILES
DB_BLOCK_SIZE
( add extra parameters like DB_FILE_NAME_CONVERT and LOG_FILE_NAME_CONVERT instead of using the SET command - clean up standby spfile right after duplication )
Then start RMAN and finally run a single line duplication command.
$ORACLE_HOME/bin/rman target=sys/@primary auxiliary=sys/@standby
RMAN>duplicate target database for standby from active database NOFILENAMECHECK;Best Regards
mseberg -
Issue in creating the standby database from Active database using RMAN
Hi All,
I am facing issue in creating the standby database from Active database using RMAN and getting the below issue after i executed the duplicate command.
Version of Database:11g(11.2.0.1.0)
Operating System:Linux 5
Error:
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of Duplicate Db command at 12/21/2012 17:26:52
RMAN-03015: error occurred in stored script Memory Script
RMAN-04006: error from auxiliary database: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
Primary Database Entries:
Tnsentry:
SONYPRD =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.131)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = sonyprd.localdomain)(UR=A)
SONYPRDSTBY =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.132)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = sonyprdstby)(UR=A)
Listner Entry:
SID_LIST_SONYPRD =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtproc)
(ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1)
(PROGRAM = extproc)
(SID_DESC =
(SID_NAME = SONYPRD)
(GLOBAL_DBNAME = SONYPRD)
Auxiliary Details:
Tns Entry:
SONYPRD =
(DESCRIPTION =
# (ADDRESS = (PROTOCOL = TCP)(HOST = oracle11g.localdomain)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.131)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = sonyprd.localdomain)
SONYPRDSTBY =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.132)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = sonyprdstby)(UR=A)
Listener Entry in auxiliary:
SID_LIST_SONYPRDSTBY =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = SONYPRDSTBY)
(ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1)
(SID_NAME = SONYPRDSTBY)
TNSPING from Primary DB:
[oracle@oracle11g ~]$ tnsping sonyprdstby
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 21-DEC-2012 17:39:28
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.132)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = sonyprdstby)(UR=A)))
OK (0 msec)
TNSPING from Auxuliary server
[oracle@oracle11gstby ~]$ tnsping sonyprd
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 21-DEC-2012 17:40:19
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.131)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = sonyprd.localdomain)))
OK (10 msec)
Script Used for duplicate:
run {
allocate channel prmy1 type disk;
allocate channel prmy2 type disk;
allocate channel prmy3 type disk;
allocate channel prmy4 type disk;
allocate auxiliary channel stby type disk;
duplicate target database for standby from active database
spfile
parameter_value_convert 'sonyprd','sonyprdstby'
set db_unique_name='sonyprdstby'
set db_file_name_convert='/sonyprd/','/sonyprdstby/'
set log_file_name_convert='/sonyprd/','/sonyprdstby/'
set control_files='/u01/app/oracle/oradata/control01.ctl'
set log_archive_max_processes='5'
set fal_client='sonyprdstby'
set fal_server='sonyprd'
set standby_file_management='AUTO'
set log_archive_config='dg_config=(sonyprd,sonyprdstby)'
set log_archive_dest_2='service=sonyprd ASYNC valid_for=(ONLINE_LOGFILE,PRIMARY_ROLE) db_unique_name=sonyprd'
Tried the script from both Primary and auxiliary but no luck
[oracle@oracle11gstby admin]$ rman target sys/welcome@sonyprd auxiliary sys/*****@sonyprdstby
Recovery Manager: Release 11.2.0.1.0 - Production on Fri Dec 21 17:26:24 2012
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: SONYPRD (DBID=3131093559)
connected to auxiliary database: SONYPRD (not mounted)
Listener Status from primary:
[oracle@oracle11g ~]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 21-DEC-2012 18:08:56
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 20-DEC-2012 17:42:17
Uptime 1 days 0 hr. 26 min. 41 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/localhost/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost.localdomain)(PORT=1521)))
Services Summary...
Service "sonyprd.localdomain" has 1 instance(s).
Instance "sonyprd", status READY, has 1 handler(s) for this service...
Service "sonyprdXDB.localdomain" has 1 instance(s).
Instance "sonyprd", status READY, has 1 handler(s) for this service...
The command completed successfully
Listener Status from Standby when database bring to Nomount state:
[oracle@oracle11gstby admin]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 21-DEC-2012 18:11:54
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 21-DEC-2012 16:13:47
Uptime 0 days 1 hr. 58 min. 6 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/oracle11gstby/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle11gstby)(PORT=1521)))
Services Summary...
Service "sonyprdstby" has 1 instance(s).
Instance "sonyprdstby", status BLOCKED, has 1 handler(s) for this service...
The command completed successfully
Please provide any work arounds to proceed further in creating the standby database.
Thanks,
Ram.Pl do not post duplicates - Issue in configuring Standby Database from Active database in 11g by RMAN
-
Asa in active/active vpn solution licensing question
Hello All
I have a customer with the following requirements:
1) A Cisco VPN Solution that will be support SSL VPN and Cisco Client VPN - The solution will be a failover configuration running in an active-active set up. The solution offered will be fully supported (i.e. it will not go into End of Life or and lower level of support etc) by Cisco for the next 5 Years.
a. We would expect the devices to be similar to the ASA 5520 Appliance with SW,HA,$GE+1FE,£DES/AES (Including ASA 5500 Advanced Endpoint ASS)
2) User licenses for the above - Please quote for both the following
a. 500 appropriate SSL VPN User Licenses
b. 250 appropriate SSL VPN User Licenses
I am quoting them for the 500 ssl vpn bundle
ASA5520-SSL500-K9 and for the
ASA5520-BUN-K9.
Is it right that in active/active software 8.3 and above that the 500 ssl vpn licenses will be shared between the 2 asa's or will I need to have 250 licenses on each asa.
Also I have read that in active/active I cannot use shared licenses, is this relevant in a vpn solution?
http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license_86.html#wp2003381
Url above has this “The backup server mechanism is separate from, but compatible with, failover.
Shared licenses are supported only in single context mode, so Active/Active failover is not supported.”
Also “Failover Guidelines
•Shared licenses are not supported in Active/Active mode. See the "Failover and Shared Licenses" section for more information.
I also need to purchase the
ASA-ADV-END-SEC and
ASA-AC-M-5520 (any connect mobile) as the vpn client is eos/eol.
Do I need to buy this for both asa's or can they share them in active/active mode.
Thanks in advance.
FeisalHi Vibhor and thanks for the quick reply. We will be using version 9.3. I was aware that the ASA does not support PBR but I thought with the new code you could do some policy nat that could help influence the outbound flow?
So in this case we have 2x ISPs and 2x public address space, one from each ISP. How is the NAT and routing handled by the ASA in this design?
Can I not identify the guest subnet (192.168.0.0/22) and NAT this to a public address from ISP1 and also identify the corp subnets (10.x.x.x) and NAT them to ISP2?
My understanding (which is probably wrong) is that the NAT will select the egress interface rather than the routing table, so guest will be sent via ISP1 since the SVI interface of the ASA that connects to this ISP1 has an IP address from the same public address space..?
Is that incorrect?
Many thanks
Rays -
Managed Standby Recovery not active
Dear All,
My database version is:
SQL> select banner from v$version;
BANNER
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
PL/SQL Release 10.2.0.1.0 - Production
CORE 10.2.0.1.0 Production
TNS for Linux: Version 10.2.0.1.0 - Production
NLSRTL Version 10.2.0.1.0 - Production
OS:RedHat 5.5
My current configuration is:
We have two node RAC primary database and a local standby database.
And TWO NODE RAC DR (REMOTE)STANDBY DATABASE
while checking (REMOTE WHICH IS TWO NODE RAC)dr synchronization we found archive since yesterday has not been applied.
But local dr is fully sinc with the primary database.
When i have executed 'ALTER DATABASE RECOVER MANAGED STANDBY DATABASE CANCEL' it says
SQL> alter database recover managed standby database cancel;
alter database recover managed standby database cancel
ERROR at line 1:
ORA-16136: Managed Standby Recovery not active
I manually copied the archive log which where missing in the remote standby database and then register those archive log.
after that when i manually tried to recover the standby database it has given me following error.
sql>recover automatic standby database;
ORA-00283: recovery session canceled due to errors
ORA-01124: cannot recover data file 1 - file is in use or recovery
ORA-01110:data file 1: '/database/ctmis/system01.dbf'
please please help me to resolve the issue.
Thanks and Regards
Monoj Dasaccording to my understand
Node1,Node2 is having node1-standby node2-standby in RAC environment right?
on which node logs ur trying to apply on which node standby? (node1 ==>node1-standby or node2 ==>node2-standby)
check it...hope it will work or not sure :)
standby side...
rman target /
RMAN>crosscheck archivelog all
then try to recover..will see ..
if not
check with support.oracle.com through SR. -
ORA-16136: Managed Standby Recovery not active
Hi
I am trying implement the dataguard in the windows platform. And this is my first time. Right now iam trying on physical standby. i have done everything as per the document. But iam getting some error. After giving the
SQL> ALTER DATABASE RECOVER MANAGED STANDBY DATABASE DISCONNECT FROM SESSION;
SQL> ALTER SYSTEM SWITCH LOGFILE;
SQL> recover managed standby database cancel;
// I am getting error
ORA-16136: Managed Standby Recovery not active
When just like that i tried to open the standby database in read only mode, i am getting error
SQL> alter database open read only;
alter database open read only
ERROR at line 1:
ORA-16004: backup database requires recovery
ORA-01157: cannot identify/lock data file 1 - see DBWR trace file
ORA-01110: data file 1: 'C:\ORACLE\PRODUCT\10.2.0\ORADATA\DB1\SYSTEM01.DBF'
When i checked the alert log file of Primary Database, it shows:
PING[ARCo]: Heartbeat failed to connect to standby 'db2sby'. Error is 1031.
Wed Sep 01 14:10:27 2010
Thread 1 advanced to log sequence 337 (LGWR switch)
Current log# 2 seq# 337 mem# 0: C:\ORACLE\PRODUCT\10.2.0\ORADATA\DB1\REDO02.LOG
Wed Sep 01 14:10:28 2010
Deleted Oracle managed file C:\ORACLE\PRODUCT\10.2.0\FLASH_RECOVERY_AREA\DB1\ARCHIVELOG\2010_02_25\O1_MF_1_224_5RD10Z5V_.ARC
Wed Sep 01 14:14:53 2010
Error 1031 received logging on to the standby
Wed Sep 01 14:14:53 2010
Errors in file c:\oracle\product\10.2.0\admin\db1\bdump\db1_arco_2156.trc:
ORA-01031: insufficient privileges
PING[ARCo]: Heartbeat failed to connect to standby 'db2sby'. Error is 1031.
Wed Sep 01 14:19:53 2010
Error 1031 received logging on to the standby
Wed Sep 01 14:19:53 2010
Errors in file c:\oracle\product\10.2.0\admin\db1\bdump\db1_arco_2156.trc:
ORA-01031: insufficient privileges
And when i checked alert log file of stand by database:
Wed Sep 01 14:13:19 2010
Errors in file c:\oracle\product\10.2.0\standbyy\admin\db2\bdump\db2sby_dbw0_3060.trc:
ORA-01157: cannot identify/lock data file 9 - see DBWR trace file
ORA-01110: data file 9: 'C:\TSUNDO12.DBF'
ORA-27086: unable to lock file - already in use
OSD-00001: additional error information
O/S-Error: (OS 101) The exclusive semaphore is owned by another process
--> The above error of Standby was coming for each datafile such as system, users etc.
Kindly Help me.
Shiyas Mhere is the pfile of Primary Database:
db1.__db_cache_size=188743680
db1.__java_pool_size=4194304
db1.__large_pool_size=4194304
db1.__shared_pool_size=83886080
db1.__streams_pool_size=0
*.audit_file_dest='C:\oracle\product\10.2.0/admin/db1/adump'
*.background_dump_dest='C:\oracle\product\10.2.0/admin/db1/bdump'
*.compatible='10.2.0.1.0'
*.control_files='C:\oracle\product\10.2.0\oradata\db1\control01.ctl','C:\oracle\product\10.2.0\oradata\db1\control02.ctl','C:\oracle\product\10.2.0\oradata\db1\control03.ctl'
*.core_dump_dest='C:\oracle\product\10.2.0/admin/db1/cdump'
*.db_16k_cache_size=4194304
*.db_block_size=8192
*.db_domain=''
*.db_file_multiblock_read_count=16
*.db_name='db1'
*.DB_UNIQUE_NAME='db1prim'
*.LOG_ARCHIVE_CONFIG='DG_CONFIG=(db1,db2sby)'
*.LOG_ARCHIVE_DEST_1='LOCATION=C:\oracle\product\10.2.0\ARCHIVELOG VALID_FOR=(ALL_LOGFILES,ALL_ROLES) DB_UNIQUE_NAME=db1prim'
*.LOG_ARCHIVE_DEST_2='SERVICE=db2sby LGWR ASYNC VALID_FOR=(ONLINE_LOGFILES,PRIMARY_ROLE) DB_UNIQUE_NAME=db2sby'
*.LOG_ARCHIVE_DEST_STATE_1=ENABLE
*.LOG_ARCHIVE_DEST_STATE_2=ENABLE
*.LOG_ARCHIVE_FORMAT=%t_%s_%r.arc
*.LOG_ARCHIVE_MAX_PROCESSES=30
*.FAL_SERVER=db2sby
*.FAL_CLIENT=db1
*.DB_FILE_NAME_CONVERT='C:\oracle\product\10.2.0\Standbyy\oradata\DB2','C:\oracle\product\10.2.0\oradata\db1'
*.LOG_FILE_NAME_CONVERT='C:\oracle\product\10.2.0\Standbyy\oradata\DB2','C:\oracle\product\10.2.0\oradata\db1'
*.STANDBY_FILE_MANAGEMENT=AUTO
*.db_recovery_file_dest='C:\oracle\product\10.2.0/flash_recovery_area'
*.db_recovery_file_dest_size=2147483648
*.dispatchers='(PROTOCOL=TCP) (SERVICE=db1XDB)'
*.job_queue_processes=10
*.open_cursors=300
*.pga_aggregate_target=95420416
*.processes=150
*.recyclebin='OFF'
*.remote_login_passwordfile='EXCLUSIVE'
*.sga_target=287309824
*.undo_management='AUTO'
*.undo_tablespace='UNDOTBS1'
*.user_dump_dest='C:\oracle\product\10.2.0/admin/db1/udump'
*.utl_file_dir='OCM_CONFIG_HOME/state'
Here is the Pfile of standby database:
db1.__db_cache_size=188743680
db1.__java_pool_size=4194304
db1.__large_pool_size=4194304
db1.__shared_pool_size=83886080
db1.__streams_pool_size=0
*.audit_file_dest='C:\oracle\product\10.2.0\Standbyy\admin\db2\adump'
*.background_dump_dest='C:\oracle\product\10.2.0\Standbyy\admin\db2\bdump'
*.compatible='10.2.0.1.0'
*.control_files='C:\oracle\product\10.2.0\Standbyy\oradata\db2\control001.ctl','C:\oracle\product\10.2.0\Standbyy\oradata\db2\control002.ctl','C:\oracle\product\10.2.0\Standbyy\oradata\db2\control003.ctl'
*.core_dump_dest='C:\oracle\product\10.2.0\Standbyy\admin\db2'
*.db_16k_cache_size=4194304
*.db_block_size=8192
*.db_domain=''
*.db_file_multiblock_read_count=16
*.db_name='db1'
*.DB_UNIQUE_NAME='db2sby'
*.LOG_ARCHIVE_CONFIG='DG_CONFIG=(db1,db2sby)'
*.LOG_ARCHIVE_DEST_1='LOCATION=C:\oracle\product\10.2.0\ARCHIVELOG VALID_FOR=(ALL_LOGFILES,ALL_ROLES) DB_UNIQUE_NAME=db2sby'
*.LOG_ARCHIVE_DEST_2='SERVICE=db1 LGWR ASYNC VALID_FOR=(ONLINE_LOGFILES,PRIMARY_ROLE) DB_UNIQUE_NAME=db1'
*.LOG_ARCHIVE_DEST_STATE_1=ENABLE
*.LOG_ARCHIVE_DEST_STATE_2=ENABLE
*.LOG_ARCHIVE_FORMAT=%t_%s_%r.arc
*.LOG_ARCHIVE_MAX_PROCESSES=30
*.FAL_SERVER=db1
*.FAL_CLIENT=db2sby
*.DB_FILE_NAME_CONVERT='C:\oracle\product\10.2.0\Standbyy\oradata\DB2','C:\oracle\product\10.2.0\oradata\db1'
*.LOG_FILE_NAME_CONVERT='C:\oracle\product\10.2.0\Standbyy\oradata\DB2','C:\oracle\product\10.2.0\oradata\db1'
*.STANDBY_FILE_MANAGEMENT=AUTO
*.db_recovery_file_dest='C:\oracle\product\10.2.0\flash_recovery_area\DB2SBY'
*.db_recovery_file_dest_size=2147483648
*.dispatchers='(PROTOCOL=TCP) (SERVICE=db1XDB)'
*.job_queue_processes=10
*.open_cursors=300
*.pga_aggregate_target=95420416
*.processes=150
*.recyclebin='OFF'
*.remote_login_passwordfile='EXCLUSIVE'
*.sga_target=287309824
*.undo_management='AUTO'
*.undo_tablespace='UNDOTBS1'
*.user_dump_dest='C:\oracle\product\10.2.0\Standbyy\admin\db2\udump'
*.utl_file_dir='OCM_CONFIG_HOME/state' -
ASA Active/Active Failover with Redundant Guest Anchors
Does anyone know how an ASA and a guest anchor 5508 will interact if I setup an Active/Active failover pair with physical interface redundancy? I see from documentation that I can create a logical group in the ASA to bond physical interfaces together, but it doesn't describe what protocol is being used to manage that bundle. Do I assume etherchannel? If I were to create this scenario, can I run the 5508 in LAG mode?
The current failover configuration example is for PIX, and old code at that. I'm referencing an ASA/PIX guide ISBN:1-58705-819-7 beginning on page 531.
Regards,
ScottIn addition to what you have, you should add to each unit the global configuration command "failover".
We generally don't manually configure the MAC addresses in single context mode since the ASA ill automatically assign virtual MAC addresses and manage their moving to the newly active unit in the event of a failover event. Reference. -
ASA active/active failover back to back
Hi,
for HA I want to connect 4 ASA's in active/active failover with each ASA having two contexts.
The reason I need this is to separate two domains. Each domain has the ASA pair in active/active failover.
Is this possible and what would you need to do it ie a switch or two in between ?
I know you need switches or vlans to do the LAN side as the failover context needs to be in the same network. So I'm assuming you would need to do something similar between the 4 ASA's ???
Would you put 2 switches trunked together carrying two vlans, one for each context ?
-| CTX1 |- ? -| CTX1 |-
-| CTX2 |- ? -| CTX2 |-
| | | |
-| CTX1 |- ? -| CTX1 |-
-| CTX2 |- ? -| CTX2 |-
Thanks in advance.Your latest attachment is pretty close to what I was thinking.
I would add a second interface on each ASA to the switches.
So (considering the "Inside" interfaces of ASA1 for example) it would have one physical interface allocated to context 1 and connected to a port in VLAN2 and a second physical interface allocated to context 2 and connected to a port in VLAN 3.
An alternative would be to stick with a single physical interface and allocate subinterfaces (on a trunk) to each context.
You could further add redundancy by creating Etherchannels (with either the physical or logical interface approach). -
SNMP does not work on the standby ASA firewalls
Hello Everyone,
I have a pair of 5 pairs of active/standby ASA firewalls running 8.4.4(1)
All the active firewall respond to the SNMP requests, but the standby firewalls do not. I'm using SNMP v3. The configuration of primary and secondary firewalls is replica of each other, apart from the ip addressess.
I want the secondary firewall to respond to SNMP requests coming in from the monitoring server. Can someone please help ?
Thanks,
RishiAssuming you can ping both firewalls, the problem is that the firewall pair shares the same config and therefore, the same SNMPv3 engineID. Some NMSs (e.g. WhatsUp Gold) do not support this and therefore only 1 firewall in the pair can be queried.
Doesn't look like this has been fixed yet:
Bug info: CSCtl88556 - ASA5520 failover pair has duplicate snmp v3 engine id -
Migrate Standby ASA to Backup Data Center
Hello Experts,
We have backup data center where I am now planning to provide backup internet service ( in the case where there is internet down or power outage at main server room) .
I have a pair of Cisco ASA's 5540, one of which I need to move to backup data center ( BDC), Presently I have ADSL router at disaster serve room with static public IP from ISP.
Currently, I am publishing all my internal resources through ASA. Now my questions, if I move Standby ASA to Disaster Server Room. How I can publish the same internal resources through standby ASA and make it standby as active during the down time of main server room
Please can anyone suggestion how to achieve this setup. Is is this scenario possible
Thanking in advance.
SamirHello,
I knew it.
I'll just tell you from the beginning hope it might help you to understand. I appreciate your help.
Presently at my main data center I'm having a leased line router and then 2 ASA 5540 (with failover active/standby).
I was thinking to move 1 ASA to backup disaster server room. In this regard, I asked earlier how I can still achieve the active/standby after migrating to backup room. But you had anwered my query
Query 2
I have got new ADSL service and router with public static IP at backup server room. Now I moved one of my ASA.
How can I keep publishing the internal resources ( like access to internal webserver, rdp connection) by using this ADSL service if the main server room is completely down .
Hope it is clear.
Thanks -
Does VPN works in Firewall Active Active failover mode?
i want to clarify these two things!
1. Does VPN works in failover mode in Active/Active mode?
2. What about in Failover mode Active/Pasive?
Regards!Hi,
Using an Active/Active Failover means that the Firewalls will be in Multiple Context mode. In other words virtual firewalls.
This means that you can ONLY use IPsec L2L VPN connections on the virtual firewalls if you are running 9.x software level on the firewalls. Any form of Client and Clientless VPN isnt supported in Multiple Context Mode at the moment.
Now with Active/Standby we have to make a distinction (if that was the word).
IF you run a normal Active/Standby Failover pair of ASAs that IS NOT in Multiple Context mode YOU CAN use any type of VPN the ASAs support.
IF you run a a pair of ASAs in Multiple Context Mode and in Active/Standby Mode you will naturally run into the limitation of VPN support in Multiple Context Mode and WILL NOT be able to use any other VPNs other than IPsec L2L VPN connections provided you are running 9.x software that supports it.
Hope this helps
- Jouni -
Active-Active Failover when different contexts monitor different interfaces
I'm trying to understand the relationship between failover groups and contexts, however it appears that the configuration is split in an way that I am having trouble understanding.
The interfaces that you actually monitor are configured PER CONTEXT e.g.
ciscoasa/ConextA(config)# monitor-interface inside
But the number of interfaces that need to fail for failover to take place is done PER FAILOVER GROUP e.g.
ciscoasa(config)# failover group 1
ciscoasa(config-fover-group)# interface-policy 1
(from the system context)
If my laptop could take it, I would spin up a test environment in GNS3, but I think the best way to ask the question is to give an example. What would happen in the following setup:
OPTION 1
OPTION 2
Thanks in advanceYou would never have a scenario where, as you put it, the Admin context would monitor Gi0 and ContextB also monitor Gi0. This is because you need to assign the interface to a specific context and once it is assigned to one context it can not also be assigned to another...unless you have configured subinterfaces, then those subinterfaces can be split up and assigned to seperate contexts. But one interface or one subinterface can not be assigned to more than one context.
Now, if you have failover groups configured and an interface on one failover group dies, then only the context that the interface belongs to will failover to the standby failover group.
The following is a good article to have a read through on the Active/Active failover functions:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91336-pix-activeactive-config.html
Please remember to rate and select a correct answer -
FWSM Active/Active Failover ICMP replication
I have an issue with WS-SVC-FWM-1 module - in the active/active failover it doesn't make ICMP connection state replication with asr-groups configured on the respective interfaces. Although other connections are working just fine (asymmetric routing is verified with 'show ip cef' on the MSFC) it seems that only newer ASAs are doing ICMP replication in failover, but I couldn't find any documentation describing replication behavior for the FWSM. Can anyone
clearly describe FWSM's behavior for this?What FWSM version are you running?
Please remember to rate and select a correct answer -
RADIUS auth-server unavailable messages
Hello,
during troubleshooting of some other WLC (WiSM2, 7.4.121.0) issues I have noticed that there is some messages like this:
hu Feb 27 15:01:11 2014 RADIUS auth-server 192.168.4.66:1812 available
1 Thu Feb 27 15:01:06 2014 RADIUS auth-server 192.168.4.66:1812 unavailable
2 Thu Feb 27 15:01:06 2014 RADIUS server 192.168.4.66:1812 failed to respond to request (ID 216) for client 9c:d2:4b:bd:82:fb / user '***'
3 Thu Feb 27 14:58:24 2014 RADIUS auth-server 192.168.4.66:1812 available
4 Thu Feb 27 14:58:22 2014 RADIUS auth-server 192.168.4.66:1812 unavailable
5 Thu Feb 27 14:58:22 2014 RADIUS server 192.168.4.66:1812 failed to respond to request (ID 128) for client 9c:d2:4b:bd:82:fb / user '***'
6 Thu Feb 27 14:57:56 2014 RADIUS auth-server 192.168.4.66:1812 available
7 Thu Feb 27 14:57:43 2014 RADIUS auth-server 192.168.4.66:1812 unavailable
8 Thu Feb 27 14:57:43 2014 RADIUS server 192.168.4.66:1812 failed to respond to request (ID 103) for client 9c:d2:4b:bd:82:fb / user '***'
9 Thu Feb 27 14:57:18 2014 RADIUS auth-server 192.168.4.66:1812 available
10 Thu Feb 27 14:57:12 2014 RADIUS auth-server 192.168.4.66:1812 unavailable
During that time I have ping radius server from console but it looks OK:
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >
(WiSM-slot25-1) >show time
Time............................................. Thu Feb 27 15:00:10 2014
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
There is only one radius configured in WLC.
(WiSM-slot25-1) >show radius auth statistics
Authentication Servers:
Server Index..................................... 1
Server Address................................... 192.168.4.66
Msg Round Trip Time.............................. 11 (msec)
First Requests................................... 31952
Retry Requests................................... 285
Accept Responses................................. 4002
Reject Responses................................. 274
Challenge Responses.............................. 27620
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 341
Unknowntype Msgs................................. 0
Other Drops...................................... 0
What I can do to troubleshoot this, some debug commands, timer tuning... ?
Regrds,
Mladenthat could also be load on the AAA server. the WLC callas a radius server dead/unavailable if it doesn't respond to 3 requests for a client authetication.
You may want to also try disabling agressive failover.
config radius aggressive-failover disable.
this changes the behavior of the WLC that the AAA has to not responde to three consecutive clients before it's called dead. but if you only have the one server it may not help too much.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered
Maybe you are looking for
-
Derive one item value from 2 other supplied values
I have a form that has 3 fields. One is a renewal_date (date) field, one is a maintenance_term (number - in months) field, and the third is an expiration_date (date) field which I would like to use the add_months functionality to derive this value ba
-
I am so disappointed with Networking Stability in Mountain Lion
I have been using Macs since '95 I have Mountain Lion installed on at least 6 CPUs. The latest CPU to the collection is the Retina MacBook Pro... The Retina wont stay connected to a network for longer than about 10 minutes. Then connections stops alt
-
Sample WebDynpro for Java for BAPI error
Hi, I have created one BAPI which will take matnr as an input and gives table of matnr, maktx. This BAPI i have used (through Adaptive RFC) to create sample WebDynpro Application (JAVA) through NWDS. I have deployed it and tried to run it, but it fai
-
Budget checking during proucerment and consumption
Hi experts My client is having two budgets. procurement budget and consumption budget.Both are having different figures. PR,PO,GR,Inv and Payment is related to procurement budget.and Goods Issue linked to Consumption Budget. While Issuing Goods they
-
Help With Burning files to DVD
I'm having trouble doing something that should be ridiculously easy. I'm trying to burn files to a blank DVD RW. I've created a burn folder in finder. The folder has lots of duplicates, which causes the size of the burn folder to exceed the size o