We have ACS 5.3, and trying to set up sftp backup on freesshd server. SSH connection works, but ACS cannot copy backup file to sftp server, we get following errors:
Acs.MGMT.ACSVIEW Backup failed: CARS_XM_SSH_CONNECT : -306 : SSH connect error
FTP backup works fine.
I am not able to backup ACS 5.x server by means of SFTP protocol. We use ACS 5-2-0-26-2. My configuration of repository is:
repository SFTP
url sftp://x.x.x.x/home/user
user user password hash 455ad
command 'backup acs01 repository SFTP' does not work and I receive the following error message on ACS server:
%SSH connect error
On my sftp server I can find the following error messages:
Apr 6 06:57:46 CR01 sshd[8561]: Accepted password for user from 10.20.86.72 port 47924 ssh2Apr 6 06:57:46 CR01 sshd[8563]: Received disconnect from 10.20.86.72: 11: disconnected by user
How to successfully performed backup by means of SFTP protocol? Do I need any other configuration settings except repository? Do I need to store my SSHD RSA key to ACS? I am able to copy files using SFTP from other computers, so it seems that SFTP server is set correctly.
I need opening up some ports for a sftp client at work. software version 8.0 (3) device manager version 6.1 (1)
View 4 Replies View RelatedAny problem while using SFTP option in ACS5.3.I am trying ot use host-key sync command but giving below error.
ACS/admin(config-Repository)# host-key sync
% Error: First character must be a letter
% Error: Invalid ip address or hostnameSOK-S12-ACS-1/admin(config-Repository)# host-key sync% Error: First character must be a letter% Error: Invalid ip address or hostname
As per documentation this command needs to be added directly.
After we have installed patch 5 on several ACS 5.2 server they aren't able anymore to write their backups to the sftp servers. I tried to search on the bug tool kit, but it seems to be broken when searching for the keyword "sftp". It's the same when I try to do a "copy logs" with sftp as destination.running a debug I can see,
acs/admin# copy logs sftp://10.1.115.11/,Collecting logs...,Username: backupuser,Password: ,6 [16376]: transfer: cars_xfer.c[301] [admin]: sftp copy out of /var/tmp/ADElogs.tar.gz requested,6 [16376]: transfer: cars_xfer_util.c[412] [admin]: resolved server to 10.1.115.11,7 [16383]: transfer: sftp_copy.c[75] [daemon]: Executing SFTP command: /usr/bin/scp -o StrictHostKeyChecking=no /var/tmp/ADElogs.tabackupuser@10.1.115.11://ADElogs.tar.gz,% Error: Transfer failed3 [16376]: transfer: sftp_copy.c[230] [admin]: sftp_copy ERROR: command execution failed,3 [16376]: copy: cm_copy.c[1226] [admin]: Logs archive transfer to url sftp://10.1.115.11/ failed retcode=-306,acs/admin#
I have a ASA 5510. I setup basic configuration to test internet with 2 ISPs. My first line works with out any problem. But my second line doesn't work. Even when i wipe the configuration, and setup only my second isp. Internet doesn't work. Can you tell me if there is anything wrong with this config?
CaaaA01# sh run
: Saved
:
ASA Version 8.3(1)
!
hostname CaaaA01
domain-name example.com
[code].....
I tried to backup ACS 5.1 but i found error messages as below
acs backup25Nov11 repository 25Nov11Repository
% Repository not found
% Error: Invalid repository name 25Nov11Respository
Please use a configured repository.
How to backup the configuration on cisco acs 5.2 and how to restore it , if some thing wrong happened
View 7 Replies View RelatedCisco ACS 5.x appliance?How to back up Config?What is best way, via TFTP? COPY Startup-config tftp:?COPY Running-config tftp:?I currently use Solarwinds CatTolls to back my Cisco Switches, can I use this for Cisco ACS also?
View 3 Replies View Relatedwe have ACS 4.1 appliance and will do upgrade to 4.2. We need backup user database and system settings.via Gui I am not sure what all we backed up - dmp file seems to be only encrypted user databse but it can be crypted back up file.
How is possible do complete backup of current machine (user database and system config)? Is it possible via Gui or has to be done CLI access?After upgrade will be on machine previous config and database or or will be appliance completelly re-imaged?
I've been setting up building and testing our new ACS 5.x boxes and I've been running into a spot of bother with the backup restore feature. This most likely due to my unfamiliarity with the tool.
As part of my testing for Backup/Restore, I first backup the data using the Removal and backup tool in Secure ACS View (found under data management. I then confirm that the new FULL backup has been populated my test repository and is available in the restore feature. (also under Data Management) My next step is to create a few test Network Device Groups, Identity groups, and users Then I go back to the restore feature select the Back up file I just created, I also check the box Skip View Database backup before Restore and hit the restore button.
The box goes through the expected steps including a reload. When it comes back up I would expect the test users, groups etc I created after the last backup to be gone as they did not exist at that time. Although I find the opposite is true. Any settings I made after the last backup are still present. I do not have incremental backups enabled.
I essentially want to test a backup of the database of users and groups/rules etc make changes and then restore that database to the previous backed up configuration.
I have ACS 5.2 in standalone mode in operation and need not incorporating a second server for high availability ACS, the new ACS is a version 5.1
What should I do first, upgrade the ACS version 5.2 and created the high availability or high availability and get up after the upgrade?
Due to some wrong access policy applied in the administration control settings. GUI access is not functioning. So we need to take a backup thru CLI mode using FTP server. I have tried using the backup command in the console & taken the backup using the following steps. But the backup file is less than 1kb. I need the exact Db backup to be taken.
Step 1 Log in to the ACS SE. For more information, see Logging In to the Solution Engine from a Serial Console.Step 2 At the system prompt, enter backup and press Enter.Tip You can enter the following parameters after the command or in response to subsequent prompts: [server] [username] [filepath]Step 3 At the Enter FTP Server Hostname or IP Address: prompt, enter the FTP server IP address or hostname, and press Enter.Step 4 At the Enter FTP Server Directory: prompt, enter the FTP server directory pathname, and press Enter.Step 5 At the Enter FTP Server Username: prompt, enter the FTP server username and. press Enter.Step 6 At the Enter FTP Server Password: prompt, enter the FTP server password and, press Enter.Step 7 At the File: prompt, enter the name that you want to give the backup file, and press Enter.Step 8 At the Encrypt Backup file? <Y or N>: prompt, enter Y to encrypt the backup file or N not to encrypt it, and press Enter.Caution This procedure interrupts the use of the ACS SE for AAA services.Step 9 If you entered Y to encrypt the backup file, at the Encryption Password: prompt, enter a password and then press Enter.Result: The console displays:Backing up now . . .
All running services will be stopped and restarted automatically.Are you sure you want to proceed? <Y or N>Step 10 To proceed, enter Y and press Enter.
I have bought an RV180 Firewall/VPN and try to use the Backup Software Crashplan. As per the supplier it needs Port 443 and 4242 open. Port 443 is fine and allows me to use the service to backup to the Cloud. However when I want to allow other users to backup to my computer this traffic is blocked. I tried to open port 4242 on the firewall and forward the traffic to the computer that hosts the service but it does not work. I have tried to Telnet this port from the WAN but I don't get a response. When I check the Open Ports this port is not listed as a LISTEN port either.
View 1 Replies View RelatedWhen I'm trying to make backup in ACS5.1(in log collector node) it gives me the following error:
FullBackupOnDemand-Job Incremental Backup Utility System Wed Jul 13 16:50:23 EEST 2011 Incremental Backup Failed: CARS_APP_BACKUP_FAILED : -404 : Application backup error Failed,I did it via Monitoring Configuration -> System Operation -> Removal and Backup and then "Backup now" bottom.
I tried to restart ACS services through cli (application stop/start) and different repositories (ftp, tftp) but without success.
I have ACS 4.2 on vmware machine, everything is working fine. Automatically backup is already set on local machine, but the thing is, i want to configure automatically backup on my file server (ex. \1.1.1.1acsbackup). Even though i have defined the acsbackup folder through map drive but no success. when i define the above string in the backup location directory, it shows an error (no directory exists). How do i configure file server or map drives on acs & save daily backup on fileserver
View 1 Replies View RelatedWhen doing a backup on any of the ACS 5.x appliances by default the backup is encrypted with PGP. What password is used for that? Is it configurable?
View 3 Replies View RelatedWhen I'm trying to make backup in ACS5.1(in log collector node) it gives me the following error:
FullBackupOnDemand-Job Incremental Backup Utility System Wed Jul 13 16:50:23 EEST 2011 Incremental Backup Failed: CARS_APP_BACKUP_FAILED : -404 : Application backup error Failed
I did it via Monitoring Configuration -> System Operation -> Removal and Backup and then "Backup now" bottom.
I tried to restart ACS services through cli (application stop/start) and different repositories (ftp, tftp) but without succes.
I had ACS 5.2 ( Evalution License ) setup installed on VMware with patch 11 when I try to restore earlier backup of ACS gives me error "Cannot find acsbackup_instance.log in the backup file"
I am using Filezilla FTP sever for backup transfer.
why Windows Backup in Windows 7 pro 64 would not backup over the network to a drive I have connected to the 4200s USB port? Everytime I run it I get a Access Denied error at the end, even though data has been transfered. After about 5 hours of searching both here and Microsoft's website, I just get lots of people with the same issue that hasnt been resolved anywhere consistantly.
View 1 Replies View RelatedWe have a cisco 1941 with line t1 Symmetric, (Also have Cisco 1841 unused, but works) I would like to connect the Cisco 1841 to four Adsl Backup lines in case the T1 or the Main cisco 1941 go down I know a BGP is needed on our ISP site,
How can i connect four Adsl lines to The cisco 1841 (Backup) and make them work in a Load Balancing way.
I have ACS 5.3.0.40 Primary Secondary Authenticators , of which the Scheduled backup has stopped.When checked the : Monitoring Configuration > System Operations > Data Management > Removal and Backup > Incremental Backup , it had changed to OFF mode. without any reason.Later i did the acs stop/start "view-jobmanager" and initiated the On-demand Full Backup , but no luck, same error reported this time too.
View 2 Replies View RelatedI'm doing a basic setup of ACS 5.3. For now, I'm configuring backup to a local repository
!
repository Backup
url disk:/Backup
!
How can I automatically delete old files? I need to keep only the last seven files.
So I've decided to utilize 802.1x on a switch module on a 2901, reasons being for mobility for a laptop and network security.
However, the 802.1x authentication occurs over the VPN Tunnel (over the Internet). What our concern is, what happens if the Internet or Tunnel goes down? I know that 802.1x does not authenticate against the IOS local DB, so what would be another option in case this scenario happened?
There will only be one device authenticating (maybe 2) and they are 2 HP Windows 7 laptops.
We are trying to make a restore from the backup done on ACS version 5.1 to a new appliance running ACS5.2 Before doing it I found this note in Cisco ACS user guide:
Note: You cannot back up data from an earlier version of ACS and restore it to a later version. Backup and restore must be performed on the same version of ACS. If you need the data on a different version of the ACS, you can perform an upgrade after you restore the data. Refer to the Installation and Setup Guide for Cisco Secure Access Control System 5.1 for more information on upgrading ACS to later versions.
How should I understand it? This note has conflicting statements. We can't restore to a later version but if you need data on a different version of ACS you can perform an upgrade AFTER YOU RESTORE the data. Doesn't it mean that the restore will still work? How would I do the upgrade to version 5.2 or even version 5.3 that was announced to be released very soon? I didn't find anything on the software upgrade in ACS5.1 guide.
We have an issue with View db (Monitoring & Reports) backup on ACS, version 5.2.0.26. We have scheduled incremental backup daily and full backup monthly. Everything has been working well, but since yesterday following errors have appeared, and full and incremental backup stopped working:
Alarm Name
System Alarm [Incremental Backup]
Cause/Trigger
On-demand Full Backup failed
Alarm Details
CARS_BR_BACKUP_CREATE : -405 : Internal error: couldn't create backup file
Alarm Name
[code]....
We use same repository as always. Backup to the same repository works from CLI.
After ACS upgrade from 5.2 to 5.3 we have noticed that backup files are significantly smaller in size. For example before the upgrade they were:
285633099 2011-10-23 22:01 Meduza-ACS-111023-2200.tar.gpg
285809254 2011-10-24 22:01 Meduza-ACS-111024-2200.tar.gpg
And after upgrade:
124234429 2011-10-25 22:00 Meduza-ACS-111025-2200.tar.gpg
124234425 2011-10-26 22:00 Meduza-ACS-111026-2200.tar.gpg
What could cause this behavior? How we can be sure if backup files have been regular after the upgrade?
I am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto 4.2.0.124 ,step by step by upgrade process
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable on 90 days evalution package of 4.2.0.124 of windows platform .
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1)
to backup an ACS 5.3 vm running on ESXi 5.0 our backup admin requested to install vmware tools on the acs server.
View 2 Replies View RelatedI set up a connection from a laptop (Windows 7) that goes through a LAN proxy server to a secure ftp server (Windows Server 2003).The sftp server is assigned a public ip address.I opened the firewall at the destination and allowed port 22 traffic to the sftp server. Well, the connection is failing.I know for a fact the connection from the client laptop is making it to the sftp server.If I issue this command on the client laptop:
telnet sftpserver 22
The DOS screen clears and tells me the type of SSH server I'm connecting to. While this connection is still active, I logged into the destination sftp server and did a netstat command. I can see the address of the proxy server in the "Foreign Address" column of the netstat results. I also can see the proxy server address when I look at the Application Log on the sftp server, so I know the connection is making it to the sftp server.
I beleive the problem is the control port (return traffic) from the server back to the client. Something is being blocked or is misconfigured. I always thought the router negotiated the control port, and that the control port didn't need to be put into any firewalls.
There are many software available for this but the issues is how they all function. Example: One software Synchronized FTP allows you to set a local/remote folder and sync files between them. What was never disclosed is that you need Windows Task Scheduler to run the synchronization, and you do not see a progress indicator. I also tried TurboFTP but it felt like landing a space shuttle.
View 8 Replies View Relatedhow to actually run a .bat on a remote computer through ssh/sftp in a GUI. My problem is that I havent been using command lines for 15 years, I litterally have never used a command line besides using stuff like ipconfig in command prompt.I have a ssh server on my home server using FreeSSH'd and The only ssh program i can find with a gui is winscp. Though theres no option to connect through ssh everyone says it does and theres even options for it.
Though when i try to run the bat file i get this error"Current sftp -3 session does not support command you request" then something about a seperate shell session. if i click ok it goes down to starting the session then just sits there and says host is not communication for more than 15 seconds still waiting and only option is to abort.
i am running windows server 2008 with the hyper V role installed.i have installed windows 7 Professional as a guest OS. assigned 2 GB of Ram to the machine. the point behind the VM is to virtualize my FTP server and incase a format is required i have the VM file on my 2nd partition, host OS on another. i use Cerberus FTP Server on the Win7 OS. i configured the server to accept SFTP and TLS connections. on the host OS i installed Fire FTP and File Zilla, both Clients will at max download a 4 MB file at 64 KB/Sec .. i have seen both jump to about 80 KB but was only a split second and never held.. however if i login without SFTP and transfer over standard protocol, i download at 1 MB/sec. which is my normal speeds. would this be only to the encryption process?, in the Cerberus Server there are options to adjust download speeds, i have left it default, and altered it to allow its max configuration. My ISP is not limiting any connections that shouldnt be.
View 1 Replies View Related