Cisco AAA/Identity/Nac :: Unable To Register A Secondary ACS 5.2 Appliance

Dec 6, 2011

I have installed 2 ACS 5.2 appliances, the two appear as Primary. When I try to register one of them with the other one using "System Administrator -> Local Operation -> Deployment Operations" I get the following message:
 
This System Failure occurred:  Unable to authenticate with node.. Your changes have not been saved.Click OK to return to the list page.
 
I have tried with both "ACSAdmin" and "admin" users with their respective passwords.

View 3 Replies


ADVERTISEMENT

Cisco AAA/Identity/Nac :: ACS 5.3 - Unable To Re-register Secondary To Primary?

Jun 11, 2012

Today I ran a failover test between our primary and secondary ACS systems (ran 'acs stop' on the primary) and in the process decided to promote the secondary while I had the primary down. All was fine until I brought the primary back up and tried to re-register the secondary to it. I get the following error message: I went into System Administration >Operations >Distributed System Management on each and it showed the other device as deregestered, tried to promote from there but it failed too, so I deleted them and tried to register the secondary again. After that didn't work I tried rebooting both but that didn't work either. I know the user/pass I'm using is good and I've tried using both the IP address and the hostname.

ACS/admin# sh app version acs
Cisco ACS VERSION INFORMATION-----------------------------Version : 5.3.0.40.5Internal Build ID : B.839Patches :5-3-0-40-5

View 3 Replies View Related

Cisco AAA/Identity/Nac :: 1.1.1 / Unable To Register ISE Inline Posture Node

Oct 19, 2012

i'm stuck at registering inline posture node to primary node. I doing fresh install both ISE appliance using version 1.1.1, patched all 3 available patach version after install. AD and DNS were perfectly configure, ping using hostname able to resolve Everything  set, so both PSN and iPEP generate CSR and ready to let CA server to  signed. But anyway this is the outcome i get Error message "Unable to  authenticate. please check server and CA certificate."

01. - What certificate template to be use primary node and inline posture node?  I  having problem the CA certsrv won't show computer template for inline  posture node. can i use web server template and on the extension include  client autthenticaiton andserver authentication on this case?
 
- What certficate template use for primay node CSR?
  
02. According to Cisco ISE user guide 1.1.1, it mentioned "Creating certificate trust list in Primary ISE Node"
 
So  first action is importing Root and CA certificate . my rootCA.cer  import to certification operation certifcate store, while CSR  generated then Bind CA certificate. question, should i check anything like "Tust for client authentication" checkbox or any other option to be check? How about Inline Posture node, should i export the CA certificate and import to primary node's certificate store?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Unable To SSH To ACS 4.2.0.124 SE Appliance

Feb 20, 2010

I could not SSH to ACS SE appliance? Why I could not, however I can do on another ACS SE.
 
note that I can ping the ACS SE, after disabling the CSA, so netowrk connectivity is ok.
 
Cisco Secure ACS: 4.2.0.124.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Unable To Upload Patch To ACS 5.2 Appliance?

Jul 21, 2011

I'm trying to upload the 5-2-0-26-4.tar.gpg patch to our ACS and so far have been unsucessfull. I keep getting the "please verify the patch bundle is valid".
 
When I download the 5-2-0-26-4.tar.gpg file, for some reason the download always comes down from Cisco as 5-2-0-26-4.tar.tar. I've renambed the file to 5-2-0-26-4.tar.gpg and verified the MD5.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Unable To Access CS ACS 1113 Appliance After Enabling HTTPs

Nov 2, 2011

I've recently installed a certificate on my ACS 1113 appliance and in the Admin setup enabled management access over HTTPS. Since then I've not been able to access the GUI console. I have done some troubleshooting and I'm fairly certain that I have a certificate issue as Firefox gives me the error: Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)when I try and connect. So I want to either reconfigure the management access to use just HTTP or remove the certificate. I have logged on to the serial console and there are no options her to do this. The RADIUS and TACACS functions are working correctly - I just can't logon via the GUI.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 1121 - Upgraded ACS / Clients Are Unable To Authenticate Older Appliance?

Apr 14, 2013

We have had an active ACS unit for many years now, and we've added a second one, both are 1121 Appliances.  The newer one came with 5.4, so we upgraded the older one to 5.4.
 
We setup replication between the two, with the newer one primary and the older one secondary.  Problem is, windows based clients are unable to authenticate to the older ACS appliance.  The only problem we can see is that it indicates that adclient is not running, under Monitoring & Troubleshooting, ACS Health Instance Summary.
 
So... been trying to figure out how to correct this, yet have been hard pressed to find a knowledgebase article that works.  So far, Cisco hasn't added my smartNet on the new box so I can get some support?

View 6 Replies View Related

Error - Unable To Register To SIP Server

Dec 26, 2012

I am using PC to mobile dialer. It was working fine but now I am unable to login to my wowcall account due to error - Unable to register to SIP server.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Secure ACS 5.2 Appliance To Use Or Not To Use UCP

Nov 16, 2011

All users are located in the local identity store.So - assume I do not implement ACS but I do turn on password expiration after 60 or 90 days.  Will a user whose password is about to expire attempts to authenticate against ACS 5.2, will they be notified that their password is about to expire?Also, when a user attempts to authenticate but their password expired yesterday, will they be prompted to change it and if so, how will that prompt to change it be presented?

View 3 Replies View Related

Cisco WAN :: ASA 5510 - Ping Gets Through But Phone Unable To Register?

Jan 31, 2011

I have to sites connected togather using 4 MBps Link over the tunnel terminated on asa 5510,the call manager in site 1  and the other users on the site 2 unable to register with call mamager on site while i have a suceesull ping goes from site 2 to site 1 (call manager ip) so why this phone its not registered ,so in term of network no problems coz the ping gets through and am rely on ping to confirm that no network problem
 
----is there any udp traffic problem that prevent the phone registration

View 20 Replies View Related

Cisco AAA/Identity/Nac :: ACS V.5 Cannot Be Added As Secondary Via WAN

Aug 26, 2012

i have planned a deployment with one acs in Europe working as primary, one acs in europe as secondary and one acs in USA as secondary also.
 
I can add one acs in europe to the deployment as secondary. When I try to add the acs in USA to the deployment - Nothing really works.
 
The status shown in the primary is offline (red) and status pending. It stays like this for hours. When I log in to the gui directly on the acs in USA, it still has status primary.
 
The two acs are transparently connected. There is WAN optimization (cisco waas) in between the two datacentres..

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Can't See Login Secondary ACS 5.2

Apr 24, 2011

I have two ACS 5.2 working in redundancy Primary and Secondary my question in when my primary ACS goes down i can´t see the log in the secondary ACS. I read in the documentación that only one ACS can be configurated for working like logg collector server. Now I configurated my secondary ACS  like logg collector server now when my Primary ACS goes down i can see the logg. Finally when my Secondary ACS goes down i can modified the ACS Primary Configution by show me the logg.. Is possible to do this automaticaly for show  me the event logg ? when the ACS that is configurate like logg collector server goes down pass the event other ACS automatically..

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Re-image NAC-3315 Appliance To ISE

Mar 29, 2012

My site got the NAC-3315 appliance and we would like to reimage this appliance to inline posture mode (for VPN purpose)What's the proper migration process should deal with this? Is the NAC-3315 hardware comply with the Inline posture mode requirement?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 1121 Appliance Downgrade To 4.2.0.124

May 2, 2011

Newly shipped cisco  ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ? .
 
My ACS BOM details
CSACS-1121-K9
ACS 1121 Appliance With  5.1 SW And Base license

[code]....

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Configure ACS 5.1 Appliance To Connect To AD

Jun 18, 2011

This is a new installation.I did to configure the ACS to connect to the AD to authenticate users and retrieve the user information for group mapping as following step. Go to Users and Identity Stores > External Identity Stores > Active Directory, and enter the domain name and provide a username/password that will allow connect to the domain.Next, click on the Test Connection button to validate joining the domain.
I got success test connection. But when I click Save Changes. I got error .

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Licensing On C1121 ACS Appliance

Feb 13, 2012

01. I have one customer unit C1121 ACS system shipped with version 5.1. The customer buy the base license and large deployment license along with the purchase.
 
02. Fact is i have manually upgrade the system to version 5.3.0.40, and applying a trial license for it for administering the appliance.
 
a. If i now using the purchased base license and large deployment PAK to activate the system, would it still valid for me to continue using Version 5.3.0.40?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Expanding NIC On 3315 NAC / ISE Appliance

May 2, 2013

Is it possible to add another NIC to the Cisco 3315 NAC appliance. It ships with Four ethernet interfaces, but would like to add at least 1 extra interface i.e. PCI card if possible.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Up-gradation ACS 4.2.0.124.16 On Appliance 1113 To ACS 4.2.1.15

Jun 21, 2012

we have below softwares in the order to install one by one on the appliance 1113.

1)ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
(Appliance Management package)

2)ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
(ACS Software package)

3)applAcs_4.2.1.15.8.zip
(ACS SE 4.2.1.15.8 cumulative patch)
 
take it forward to upgrade by step by step procedure. ( is that same like TFTP to transfer these packeges to appliance or different method? ) (we are using Windows XP system)

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Migration ACS 5 Appliance To ACS 5.1 Vmware

Jun 7, 2011

I'm with problems to migrate the ACS 5.1 hardware to  ACS 5.1 vmware. In my infraestructure I have a appliance with ACS 5.1 and I need to migrate to vmware to do HA. I installed vmware as the Cisco ACS recommendations. I made ​​a backup of the ACS hardware and copied the local disk vmware ACS.
 
When I start the restore process after a few minutes an error occurs:
 
UMA/admin# dir
Directory of disk:/
    33293306 Jun 08 2011 16:51:38  bkp-production-110608-1433.tar.gpg
       5862 Nov 07 2009 01:06:32  favicon.ico.1
      16384 Jun 06 2011 17:54:34  lost+found/
[Code]....

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 How To Enable Log On Secondary Server

Feb 28, 2013

We are using ACS 5.3 with two servers in a distributed solution.All logs are collected on primary server so when this server fails all logs are lost.How can I enable log on secondary server also?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Secondary Registration Failed

Jun 5, 2013

I've just had to rebuild my ACS appliance with new hardrives but I am unable to register the devices to each I get a system error. I thought it may have had something to do with the rebuilt device not being joined tothe domain but it has now been joined albeit using a different ad account, but still cannot register to primary.

View 11 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Secondary Server Connection With RSA AM 6.1?

Oct 23, 2012

We have 4 ACS 5.3 Servers connected as Primary and Secondary Servers.We use a "RSA SecurID Token Servers" External userdatabase for authentications and are able to sucessfully authenticate (vpn-)users when the requests are send from the primary ACS Server.As soon as a secondary ACS server sends the request to the RSA server the request fails. "Node verification failes"
 
On the RSA Authentication Manager 6.1 Server, we have created a Agent-host wich contains the 3 secondary nodes (FQDN and IP's). The "sdconf.rec" file has been installed on theprimary ACS Server and are automatically (so it looks like) replicated to all ACS Servers.Still none of the secondary server are able to authenticate the users agains the RSA server.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - Error Generating CSR On Secondary

Nov 16, 2012

I am attemtping to install new ssl certs on our 5.3 cluster.  I was able to generate the CSR on the Primary host.  When I attempt to generate the csr on the secondary host, I receive the following error:
 
This System Failure occurred: Error while remotely calling Primary to create: com.cisco.nm.acs.im.certificate.CertificateRequest Object{ request=[B@144cead, privateKey=null, encryptedPrivateKeyPassword=[B@5ce155, certificateSubject=CN=xxxx.xxxxxx.net, keyLength=2048, digest=SHA1, timeStamp=null, friendlyName=null, guid=[B@1cd99ca, description=null, name=xxxx.xxxx.net, version=0, id=0}. Your changes have not been saved.Click OK to return to the list page. 
 
Both hosts are running identical versions:

Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.3.0.40
Internal Build ID : B.839

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Primary / Secondary Same License?

Jan 22, 2012

I have a question about the number of Cisco licenses needed in two cases for ACS 5.3 Virtual Machine.One primary + One secondary : Just one license for all or one license for the primary + another one for the secondary ?One primary + several secondaries : Just one license for all or one license for the primary + just one license for all the secondaries ? 

View 1 Replies View Related

AAA/Identity/Nac :: 1121 - Add Secondary ACS Server 5.4?

May 29, 2013

My customer has an ACS 1121 version 5.4. Now we want to install a secondary ACS 1121.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ISE 3355 Appliance Use Of Both GigE Ports

Apr 12, 2013

I am setting up six ISE 3355 appliances 3 in one datacenter 3 in another. They have just installed a new server farm infrastructure using Nexus 5596 and Nexus 2248TP top of rack switches.I have been looking for documentation on how to do NIC teaming on the 3355 or some way to connect Gig0 to FEX101 and Gig1 to FEX102. Or do I just setup a port channel using LaCP between the two different FEX groups?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Disable Telnet To ACS Appliance 4.2 1113 SE?

Aug 12, 2010

How do we disable the telnet to ACS appliance 4.2 1113 SE

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Appliance Integrate Multi Domain

Sep 1, 2011

I have a question. What is the requirement of integrate ACS 4.2 Appliance and AD about CA server? it has to be windows 2003 server enterprice o windows 2008 enterprice? or it can be windows 2003 and 2008 stand alone? another question is about multi domain, i have domain father and children. the installation of CA Server is in domain father to enable 802.1x with AD with all domain children integrate? or I can be install the CA server in the server of domain children and is it work (CA server installed in server in domain child and it working all domains child and father)?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Running An Inventory For ACS 1113 Appliance

Mar 23, 2011

I want to gather an inventory of all devices  that shows the AAA client name, IP addresses, authentication method and key under my Network Configuration on my ACS appliance. Is there a report to run in it that will shows this, or is something that has to be done manually?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Add SNMP Server IP And Community In ACS 3.2 Appliance

May 23, 2012

how to add an snmp server ip and community in the ACS 3.2 appliance .

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.0 0n 1120 Appliance Stopped Booting

May 10, 2012

I have an acs 5.0 running on Cisco 1120 appliance. It has worked for 2 years. Suddenly, I discovered that user can no longer login with their credentials. On close examination, when I console, the booting does not complete. Screen shot attached.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Appliance - Service Rules Missing

Sep 25, 2012

This does seem correct.  I had 2 rules and now they are gone.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Secure ACS 5.2 Appliance - High Availability

Sep 1, 2011

I just want to know if i need to support High Availability in Cisco Secure ACS 5.1 appliance, will the base license suffice or do i need to buy Security Group Access System License/ Large deployment License. Again, do we require license for each appliance or just one is enough?

I Suppose the licensing rules are same for the Vmware version also.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved