Cisco AAA/Identity/Nac :: Unable To Register A Secondary ACS 5.2 Appliance
Dec 6, 2011
I have installed 2 ACS 5.2 appliances, the two appear as Primary. When I try to register one of them with the other one using "System Administrator -> Local Operation -> Deployment Operations" I get the following message:
This System Failure occurred: Unable to authenticate with node.. Your changes have not been saved.Click OK to return to the list page.
I have tried with both "ACSAdmin" and "admin" users with their respective passwords.
View 3 Replies
ADVERTISEMENT
Jun 11, 2012
Today I ran a failover test between our primary and secondary ACS systems (ran 'acs stop' on the primary) and in the process decided to promote the secondary while I had the primary down. All was fine until I brought the primary back up and tried to re-register the secondary to it. I get the following error message: I went into System Administration >Operations >Distributed System Management on each and it showed the other device as deregestered, tried to promote from there but it failed too, so I deleted them and tried to register the secondary again. After that didn't work I tried rebooting both but that didn't work either. I know the user/pass I'm using is good and I've tried using both the IP address and the hostname.
ACS/admin# sh app version acs
Cisco ACS VERSION INFORMATION-----------------------------Version : 5.3.0.40.5Internal Build ID : B.839Patches :5-3-0-40-5
View 3 Replies
View Related
Oct 19, 2012
i'm stuck at registering inline posture node to primary node. I doing fresh install both ISE appliance using version 1.1.1, patched all 3 available patach version after install. AD and DNS were perfectly configure, ping using hostname able to resolve Everything set, so both PSN and iPEP generate CSR and ready to let CA server to signed. But anyway this is the outcome i get Error message "Unable to authenticate. please check server and CA certificate."
01. - What certificate template to be use primary node and inline posture node? I having problem the CA certsrv won't show computer template for inline posture node. can i use web server template and on the extension include client autthenticaiton andserver authentication on this case?
- What certficate template use for primay node CSR?
02. According to Cisco ISE user guide 1.1.1, it mentioned "Creating certificate trust list in Primary ISE Node"
So first action is importing Root and CA certificate . my rootCA.cer import to certification operation certifcate store, while CSR generated then Bind CA certificate. question, should i check anything like "Tust for client authentication" checkbox or any other option to be check? How about Inline Posture node, should i export the CA certificate and import to primary node's certificate store?
View 3 Replies
View Related
Feb 20, 2010
I could not SSH to ACS SE appliance? Why I could not, however I can do on another ACS SE.
note that I can ping the ACS SE, after disabling the CSA, so netowrk connectivity is ok.
Cisco Secure ACS: 4.2.0.124.
View 5 Replies
View Related
Jul 21, 2011
I'm trying to upload the 5-2-0-26-4.tar.gpg patch to our ACS and so far have been unsucessfull. I keep getting the "please verify the patch bundle is valid".
When I download the 5-2-0-26-4.tar.gpg file, for some reason the download always comes down from Cisco as 5-2-0-26-4.tar.tar. I've renambed the file to 5-2-0-26-4.tar.gpg and verified the MD5.
View 1 Replies
View Related
Nov 2, 2011
I've recently installed a certificate on my ACS 1113 appliance and in the Admin setup enabled management access over HTTPS. Since then I've not been able to access the GUI console. I have done some troubleshooting and I'm fairly certain that I have a certificate issue as Firefox gives me the error: Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)when I try and connect. So I want to either reconfigure the management access to use just HTTP or remove the certificate. I have logged on to the serial console and there are no options her to do this. The RADIUS and TACACS functions are working correctly - I just can't logon via the GUI.
View 1 Replies
View Related
Apr 14, 2013
We have had an active ACS unit for many years now, and we've added a second one, both are 1121 Appliances. The newer one came with 5.4, so we upgraded the older one to 5.4.
We setup replication between the two, with the newer one primary and the older one secondary. Problem is, windows based clients are unable to authenticate to the older ACS appliance. The only problem we can see is that it indicates that adclient is not running, under Monitoring & Troubleshooting, ACS Health Instance Summary.
So... been trying to figure out how to correct this, yet have been hard pressed to find a knowledgebase article that works. So far, Cisco hasn't added my smartNet on the new box so I can get some support?
View 6 Replies
View Related
Dec 26, 2012
I am using PC to mobile dialer. It was working fine but now I am unable to login to my wowcall account due to error - Unable to register to SIP server.
View 1 Replies
View Related
Nov 16, 2011
All users are located in the local identity store.So - assume I do not implement ACS but I do turn on password expiration after 60 or 90 days. Will a user whose password is about to expire attempts to authenticate against ACS 5.2, will they be notified that their password is about to expire?Also, when a user attempts to authenticate but their password expired yesterday, will they be prompted to change it and if so, how will that prompt to change it be presented?
View 3 Replies
View Related
Jan 31, 2011
I have to sites connected togather using 4 MBps Link over the tunnel terminated on asa 5510,the call manager in site 1 and the other users on the site 2 unable to register with call mamager on site while i have a suceesull ping goes from site 2 to site 1 (call manager ip) so why this phone its not registered ,so in term of network no problems coz the ping gets through and am rely on ping to confirm that no network problem
----is there any udp traffic problem that prevent the phone registration
View 20 Replies
View Related
Aug 26, 2012
i have planned a deployment with one acs in Europe working as primary, one acs in europe as secondary and one acs in USA as secondary also.
I can add one acs in europe to the deployment as secondary. When I try to add the acs in USA to the deployment - Nothing really works.
The status shown in the primary is offline (red) and status pending. It stays like this for hours. When I log in to the gui directly on the acs in USA, it still has status primary.
The two acs are transparently connected. There is WAN optimization (cisco waas) in between the two datacentres..
View 1 Replies
View Related
Apr 24, 2011
I have two ACS 5.2 working in redundancy Primary and Secondary my question in when my primary ACS goes down i can´t see the log in the secondary ACS. I read in the documentación that only one ACS can be configurated for working like logg collector server. Now I configurated my secondary ACS like logg collector server now when my Primary ACS goes down i can see the logg. Finally when my Secondary ACS goes down i can modified the ACS Primary Configution by show me the logg.. Is possible to do this automaticaly for show me the event logg ? when the ACS that is configurate like logg collector server goes down pass the event other ACS automatically..
View 3 Replies
View Related
Mar 29, 2012
My site got the NAC-3315 appliance and we would like to reimage this appliance to inline posture mode (for VPN purpose)What's the proper migration process should deal with this? Is the NAC-3315 hardware comply with the Inline posture mode requirement?
View 4 Replies
View Related
May 2, 2011
Newly shipped cisco ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ? .
My ACS BOM details
CSACS-1121-K9
ACS 1121 Appliance With 5.1 SW And Base license
[code]....
View 2 Replies
View Related
Jun 18, 2011
This is a new installation.I did to configure the ACS to connect to the AD to authenticate users and retrieve the user information for group mapping as following step. Go to Users and Identity Stores > External Identity Stores > Active Directory, and enter the domain name and provide a username/password that will allow connect to the domain.Next, click on the Test Connection button to validate joining the domain.
I got success test connection. But when I click Save Changes. I got error .
View 5 Replies
View Related
Feb 13, 2012
01. I have one customer unit C1121 ACS system shipped with version 5.1. The customer buy the base license and large deployment license along with the purchase.
02. Fact is i have manually upgrade the system to version 5.3.0.40, and applying a trial license for it for administering the appliance.
a. If i now using the purchased base license and large deployment PAK to activate the system, would it still valid for me to continue using Version 5.3.0.40?
View 2 Replies
View Related
May 2, 2013
Is it possible to add another NIC to the Cisco 3315 NAC appliance. It ships with Four ethernet interfaces, but would like to add at least 1 extra interface i.e. PCI card if possible.
View 1 Replies
View Related
Jun 21, 2012
we have below softwares in the order to install one by one on the appliance 1113.
1)ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
(Appliance Management package)
2)ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
(ACS Software package)
3)applAcs_4.2.1.15.8.zip
(ACS SE 4.2.1.15.8 cumulative patch)
take it forward to upgrade by step by step procedure. ( is that same like TFTP to transfer these packeges to appliance or different method? ) (we are using Windows XP system)
View 1 Replies
View Related
Jun 7, 2011
I'm with problems to migrate the ACS 5.1 hardware to ACS 5.1 vmware. In my infraestructure I have a appliance with ACS 5.1 and I need to migrate to vmware to do HA. I installed vmware as the Cisco ACS recommendations. I made a backup of the ACS hardware and copied the local disk vmware ACS.
When I start the restore process after a few minutes an error occurs:
UMA/admin# dir
Directory of disk:/
33293306 Jun 08 2011 16:51:38 bkp-production-110608-1433.tar.gpg
5862 Nov 07 2009 01:06:32 favicon.ico.1
16384 Jun 06 2011 17:54:34 lost+found/
[Code]....
View 4 Replies
View Related
Feb 28, 2013
We are using ACS 5.3 with two servers in a distributed solution.All logs are collected on primary server so when this server fails all logs are lost.How can I enable log on secondary server also?
View 2 Replies
View Related
Jun 5, 2013
I've just had to rebuild my ACS appliance with new hardrives but I am unable to register the devices to each I get a system error. I thought it may have had something to do with the rebuilt device not being joined tothe domain but it has now been joined albeit using a different ad account, but still cannot register to primary.
View 11 Replies
View Related
Oct 23, 2012
We have 4 ACS 5.3 Servers connected as Primary and Secondary Servers.We use a "RSA SecurID Token Servers" External userdatabase for authentications and are able to sucessfully authenticate (vpn-)users when the requests are send from the primary ACS Server.As soon as a secondary ACS server sends the request to the RSA server the request fails. "Node verification failes"
On the RSA Authentication Manager 6.1 Server, we have created a Agent-host wich contains the 3 secondary nodes (FQDN and IP's). The "sdconf.rec" file has been installed on theprimary ACS Server and are automatically (so it looks like) replicated to all ACS Servers.Still none of the secondary server are able to authenticate the users agains the RSA server.
View 1 Replies
View Related
Nov 16, 2012
I am attemtping to install new ssl certs on our 5.3 cluster. I was able to generate the CSR on the Primary host. When I attempt to generate the csr on the secondary host, I receive the following error:
This System Failure occurred: Error while remotely calling Primary to create: com.cisco.nm.acs.im.certificate.CertificateRequest Object{ request=[B@144cead, privateKey=null, encryptedPrivateKeyPassword=[B@5ce155, certificateSubject=CN=xxxx.xxxxxx.net, keyLength=2048, digest=SHA1, timeStamp=null, friendlyName=null, guid=[B@1cd99ca, description=null, name=xxxx.xxxx.net, version=0, id=0}. Your changes have not been saved.Click OK to return to the list page.
Both hosts are running identical versions:
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.3.0.40
Internal Build ID : B.839
View 1 Replies
View Related
Jan 22, 2012
I have a question about the number of Cisco licenses needed in two cases for ACS 5.3 Virtual Machine.One primary + One secondary : Just one license for all or one license for the primary + another one for the secondary ?One primary + several secondaries : Just one license for all or one license for the primary + just one license for all the secondaries ?
View 1 Replies
View Related
May 29, 2013
My customer has an ACS 1121 version 5.4. Now we want to install a secondary ACS 1121.
View 2 Replies
View Related
Apr 12, 2013
I am setting up six ISE 3355 appliances 3 in one datacenter 3 in another. They have just installed a new server farm infrastructure using Nexus 5596 and Nexus 2248TP top of rack switches.I have been looking for documentation on how to do NIC teaming on the 3355 or some way to connect Gig0 to FEX101 and Gig1 to FEX102. Or do I just setup a port channel using LaCP between the two different FEX groups?
View 1 Replies
View Related
Aug 12, 2010
How do we disable the telnet to ACS appliance 4.2 1113 SE
View 4 Replies
View Related
Sep 1, 2011
I have a question. What is the requirement of integrate ACS 4.2 Appliance and AD about CA server? it has to be windows 2003 server enterprice o windows 2008 enterprice? or it can be windows 2003 and 2008 stand alone? another question is about multi domain, i have domain father and children. the installation of CA Server is in domain father to enable 802.1x with AD with all domain children integrate? or I can be install the CA server in the server of domain children and is it work (CA server installed in server in domain child and it working all domains child and father)?
View 1 Replies
View Related
Mar 23, 2011
I want to gather an inventory of all devices that shows the AAA client name, IP addresses, authentication method and key under my Network Configuration on my ACS appliance. Is there a report to run in it that will shows this, or is something that has to be done manually?
View 1 Replies
View Related
May 23, 2012
how to add an snmp server ip and community in the ACS 3.2 appliance .
View 3 Replies
View Related
May 10, 2012
I have an acs 5.0 running on Cisco 1120 appliance. It has worked for 2 years. Suddenly, I discovered that user can no longer login with their credentials. On close examination, when I console, the booting does not complete. Screen shot attached.
View 3 Replies
View Related
Sep 25, 2012
This does seem correct. I had 2 rules and now they are gone.
View 2 Replies
View Related
Sep 1, 2011
I just want to know if i need to support High Availability in Cisco Secure ACS 5.1 appliance, will the base license suffice or do i need to buy Security Group Access System License/ Large deployment License. Again, do we require license for each appliance or just one is enough?
I Suppose the licensing rules are same for the Vmware version also.
View 2 Replies
View Related