Cisco AAA/Identity/Nac :: Upgrade ACS 5.3 To 5.4 Fails
Dec 6, 2012
I try upgrade ACS 5.3.0.40 to new version 5.4.0.46. Everything looks ok:
ACS-machine/acsadmin# application upgrade ACS_5.4.0.46.tar.gz rep01 Do you want to save the current configuration ? (yes/no) [yes] ? Generating configuration. Saved the running configuration to startup successfully
% CARS Install application required post install reboot...
Broadcast message from root (pts/0) (Thu Dec 6 23:36:41 2012):
The system is going down for reboot NOW!
Application upgrade successful
But ACS machine (vmware instance) can't boot with this result: Volume group "smosvg" not found. (for details see attachment)
View 3 Replies
ADVERTISEMENT
Jan 30, 2013
I am trying to upgrade ISE from 1.1.0 to 1.1.2.145 but failed. Find the details below.
DR-ise-pdp-01/admin# application upgrade ise-appbundle-1.1.2.145.i386.tar.gz ISE1
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Upgrade...
Stopping ISE application before upgrade...
Running ISE Database upgrade...
% Application upgrade failed. check logs for more details.
View 2 Replies
View Related
Jun 6, 2012
I upgraded an ASA 5505 from 8.3(2) to 8.4(4) this evening. The 5505 is a backup and used to perform testing prior to production changes. After the upgrade was complete, a VPN tunnel began to fail. I did a limited search online to see if this was a known issue or something new. I also reviewed the release notes but did not see anything that matched the issue I received.
My concern is that this tunnel configuration is scheduled to be deployed to the production firewalls next week after their upgrade. But if it failed on the upgraded test unit, it may fail on the production units.
I downgraded the backup unit to 8.3(1) and verified that the tunnel indeed worked at that level.
View 2 Replies
View Related
Sep 4, 2011
I have a rv082 small business router and the current firmware will not apply. I downloaded the v4.04 firmware update and tried to apply it yet the update does not seem to work. I have downloaded it a second time and used the UPDATE FIRMWARE button to load and apply but no change.
View 1 Replies
View Related
Sep 27, 2011
I'm attempting to update the software on three aironet 1100 from System Software Filename:c1100-k9w7-tar.122-13.JA2 System Software Version:12.2(13)JA2 Bootloader Version:12.2(8)JA To the latest release or the 12.3x family and it fails."the software upgrade was interrupted and was not able to be completed" I also disabled the Radio braodcast?
View 1 Replies
View Related
Aug 11, 2011
We are using ACS v5.2.0.26.3 in 802.1X certificate based authentication. Now, when we added CRL functionality into ACS it fails in CRL validation and gives following error message:
LastErrorMessage=CRL PKI verification failed
Certificate Revocation list [URL]
We have installed root, device and server certificates from CA, but for management we are still using self-signed certificate.
Question is, which certificate is used when validating downloaded CRL file - one used for EAP-TLS or one used for management interface?
How I can check which certificate ACS server is using for CRL validation?
View 19 Replies
View Related
Sep 11, 2011
I am trying to join my ACS 5.1 to my AD. In the External Identity Stores > Active Directory I have put in the AD administrator details and hit the test button and the test succeeds.
However, when I try to save changes it fails with an eror saying it can't connect to the LDAP server.
Error while configuring Active Directory:Error while configuring Active Directory:Unexpected LDAP Error Can't contact LDAP server due to unexpected configuration or network error.Please try the --verbose option or run 'adinfo --diag' to diagnose the problem.Join to domain 'Mydomain.local', zone 'null' failed.
I have done this lots of times and never had any issue once the test connection succeeds.
I've checked the time and timezones on both ACS and AD and they are the same.
View 7 Replies
View Related
Dec 6, 2010
I'm trying the csv file import and getting some errors.
010-12-07 14:23:47: File Format Validation Completed2010-12-07 14:23:47: Import Started
2010-12-07 14:23:47: Record number: 1, Host 01-02-03-04-05-06: Import Failed2010-12-07 14:23:47: null Import process failed for unexpected reason: Unknown error has accurred.2010-12-07 14:23:47: Import Completed With errors
-------- Summary --------Total Number of Records Processed:1Number of Records Failed:1Number of Records Imported:1---------- End ----------Please refresh the table to see the changes.
On some other tries I get null field or missing fields.
It actually creates the host, but on editing it I get the following message:
An unexpected error has occurred. To continue your work, reselect the option in the left navigation bar.If you continue to receive the unexpected error message, close your browser and log in to ACS again.If you still receive the unexpected error message, contact your system administrator or technical assistance.
MACAddress:String(64):Required,description:String(1024),"enabled:Boolean(true,false):Required",HostIdentityGroup:String(256),VLAN:String(256):Required,attr-Expiration Date:Date(yyyy-Mmm-dd)01-02-03-04-05-06,AAATest,true,,Guest,2010-Dec-08
View 3 Replies
View Related
Jan 21, 2013
I configured WiFi connection on Windows XP and Windows 7 with EAP-TLS (using Cisco WLC 7.0.235.3 and Cisco ACS 5.2.0.26.10). It is configured with computer authentication and computers certificates are autoenrolled from Microsoft PKI.It works well!
Now I configured Windows 8 with same configuration.First authentication works but if I manually disconnect and reconnect, I got this error on ACS: 22047 Principal username attribute is missing in client certificate.In EAP packets, we could see that Windows 8 sent a TLS session ticket but session was not resumed correctly by ACS..On ACS configuration, we checked this option "Enable EAP-TLS Session Resume" with session timeout "7200".
View 2 Replies
View Related
Dec 9, 2012
After upgrading from a 1231 autonomous to an 1142 autonomous AP some machines can no longer authenticate. AP logs show authentication failure and access reject coming from the Radius server. Radius server shows authentication failures but no specific reason. Using the same account on another machine works fine. Machine settings have been verified and if we go back to the 1231 all users authenticate fine. Below are the configs:
OLD AP:
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
[code]...
View 3 Replies
View Related
Sep 10, 2012
Is it possible to upgrade the CSACS-1121-UP-K9 to be a non upgrade part? We were going to upgrade from a Windows 4.x to the above Appliance (version 5.x) but there is now a reason to keep the old Windows version running therefore we cannot give the new Appliance the old ACS's licenses?!So we should have (with hindsight) bought a fresh version of the ACS 5.x rather than an upgrade.
View 1 Replies
View Related
Jan 8, 2013
Having problems losing connectivity so decided to upgrade firmware from v1.00.7 to latest version available.
Downloaded the upgrade file and log into web based administrator. Select file and click on UPGRADE button. A couple of clicks on timeline then: UGRADE FAILED
View 5 Replies
View Related
Apr 13, 2012
I am trying to upgrade the firmware on my Linksys v1 router from 1.0.02 to 1.0.03 over a remote 56Kb circuit. I appear to be having a timeout problem. The upgrade always fails. I have upgraded several E1200s in my office over ethernet, and the upgrade appears to finish when the progress bar is at 15%. However, on my remote upgrade, the progress bar gets to 98%, hangs for a few more seconds, and then pops up a window with "Upgrade failed".
I suspect that there is a timeout on the upgrade process, and that I can't upload the 3.8 MB firmware file fast enough. If so, is there any way to increase the upgrade timeout?
View 2 Replies
View Related
May 25, 2012
I have tried repeatedly to upgrade my firmware from 1.0.03 to 1.0.04, but it always fails with a message :cannot upgrade at this time..." I've tried both IE and FireFox, and both wired and wireless connection to my PC (Windows 7).
View 4 Replies
View Related
Nov 24, 2012
I'm trying to upgrade my frmware to the lastest one (classic firmware) I've downloaded this file multiple times [URL] When I try the firmware upgrade (manual upgrade) and select the file, it always complains about the file being corrupt (using the .ssa file in the zip).
View 6 Replies
View Related
Jun 8, 2011
I have IAS set up on my organization's AD domain controller. Multiple policies set up for various authorization scenarios, authenticating based on Windows user groups and client IP, authorizing by passing "shell:priv-lvl=#" where #=desired privilege level. On my IOS devices I have:[code]
This identical configuration operates correctly on a Cisco 3825 and a Catalyst 4506. On the 24 port Cat 3560G PoE running 12.2SE (do not recall exact IOS version, but I know it is in that release train) that I am currently working on, every attempt to login via ssh passes authentication but fails authorization, displaying %Authorization Failed on the terminal and a message stating that "No appropriate privilege level found for user" in the debug statement from RADIUS.I have verified correct server addresses, correct source-interfaces, and that configs between the three devices match exactly with regards to aaa.
View 1 Replies
View Related
May 9, 2012
I have a stack of 4 Cisco Switch 3750 (1 x WS-C3750G-24T, 2 x WS-C3750-48P and 1 x WS-C3750V2-48PS) and I want to do an firmware upgrade of this stack. Actually, all the 4 switches are at the firmware version 12.2(50) SE1 "IPBase" and I want to upgrade them to 12.2(55)SE5 IPBase. According to the release notes, all the switches in my stack are supported.
To upgrade the firmware, I use the command "archive download-sw /imageonly /overwrite tftp://IP_Address/c3750-ipbaselmk9-tar.122-55.SE5.tar" The firmware gets uploaded correctly but then I get the error message "There is insufficient space in flash: to install the required image. Clean up some old images, and try again."
When I do a "show flash", I see that the switch has 5650944 bytes free of 15998976 bytes.
How can i upgrade my switches? Is there an error in my command which I use? Do I need to add an other option?
The problem is, the switches are located in a branch office and there is no direct access to them. Everything must be done remotely.
View 3 Replies
View Related
Feb 22, 2009
If by mistake I have attempted to upgrade the firmware my router "WRT610N" via my wireless laptop and after 24 hours the same screen "upgrading router" continues displayed and the router does not respond, How do I fix this?
View 9 Replies
View Related
Jan 7, 2010
I've got 2 freshly installed ACS 4.2 for Windows servers and I need to apply the latest patch rollup before I build the configurations. I stopped the ACS services and ran Acs-4.2.0.124.15-SW.exe to install the patches. The application begins running fine but fails on upgrading the database and then none of the ACS services would start. I was able to restore the files from the backup that runs with the patch utility and get ACS functioning again. What am I missing - does the patch rollup require any specific Microsoft Patches to be installed or something like that?
View 7 Replies
View Related
Nov 13, 2012
I have a user named "testuser" and trying to authenticate from the xp computer but fails to authenticate. The ACS logs says that authentication failed, the user is in the local database but why it fails to authenticate?
I have cisco switch :
WS-C2960G-48TC-L 12.2(52)SE C2960-LANBASEK9-M
*Mar 8 04:03:55.030: AAA/BIND(00000029): Bind i/f
*Mar 8 04:03:55.173: %AUTHMGR-5-START: Starting 'dot1x' for client (782b.cbc9.a027) on Interface Gi0/2 AuditSessionID 0A6A00200000001924EBD428
*Mar 8 04:03:57.010: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed
[Code]....
View 7 Replies
View Related
Mar 22, 2011
i'm trying to configure acs 5.2 to LDAP external idenity store, when LDAP failes ACS 5.2 should use internal indenity store. I configured A sequence to use LDAP 1st then Internal and i shut off the link to the LDAP but ACS will not use internal, AAA Diagnostics keeps telling me that Cannot establish connection with LDAP server and will not use the internal store.
View 7 Replies
View Related
Dec 21, 2010
I am working through the migration from ACS 4.1.4 on Windows Server 2003 to ACS 5.2 on the appliance. I have created the 4.1.4 migration server, installed the software and imported the data from our production ACS 4.1.4 box. I downloaded the migration utility from the 5.2 ACS server and am attempting to run on the 4.1.4 migration server. The question that fails is:
Enter ACS 4.x Server ID:
I do not know what this means and do not see anything on the 4.1.4 server that identifies the Server ID. I try localhost and it does not work and the 4.1.4 server is not registered in DNS or I would try that (and . are not valid characters in the ID so the IP does not work).
How have other people handled this question? Is there something that can identify the local server ID?
View 9 Replies
View Related
Apr 29, 2012
We're in the process of implementing an ISE 1.1 server for Guest Wireless Access / BYOD at our company and ran into an issue with authenticating from iPhones / iPads when the account is set with 'change password on next logon' (it's a local account created on the ISE server - not AD). It fails and displays 'unable to join network' on the iPhone. The ISE log shows a '5411: No response received in 120 seconds'. We're able to authenticate from Windows devices and are prompted to change the password during the authentication process. If we unchecked the 'change password' box we can authenticate from iPhones & iPads without any issue but we need to have a way for users to set their own password.
View 3 Replies
View Related
Oct 24, 2011
I set up LDAP store pointing to a Windows domain and am testing authenticating users via an ASA. In my LDAP config, its set for "Groups Objects refer to subjects" and I selected usernames in the drop down. I also added a a Global Group to the Directory groups tab in the LDAP store that I created.
Under my Access Polices, I created a rule that meets two condititons - coming from the ASA, and then I was able to select the group from the drop down box for my ldap domain. As a condition, it shows up as DomainName:External Groups. I set the permission to Permit Access.
Originally, I was failing authentication and I was receiving Subject Not Found in Store. I adjusted the Identity Sequence and now I receive a the following error:
15039: Selected Authorization Profile is Deny Access. So it must not be associating my account with the group with the Permit Access and using the Default Permissions.So it does match the correct Access Service, and Identity Store.
View 1 Replies
View Related
Aug 9, 2011
IP address of Primary had to be changed, to respond to a hardware failure of TACACS server with IP in many device configs.
Now the Secondary fails to respond to repeated "Deregister from Primary" requests, even after reload - apparently because it cannot reach the Primary at its old IP address.
Requesting Deregister in GUI generates pop-up that says, "This operation will deregister this ACS Instance from the Primary Instance. Management applications on this ACS instance will be restarted and you will be required to login again. After performing this operation
[code]....
View 1 Replies
View Related
Jul 21, 2011
After we have installed patch 5 on several ACS 5.2 server they aren't able anymore to write their backups to the sftp servers. I tried to search on the bug tool kit, but it seems to be broken when searching for the keyword "sftp". It's the same when I try to do a "copy logs" with sftp as destination.running a debug I can see,
acs/admin# copy logs sftp://10.1.115.11/,Collecting logs...,Username: backupuser,Password: ,6 [16376]: transfer: cars_xfer.c[301] [admin]: sftp copy out of /var/tmp/ADElogs.tar.gz requested,6 [16376]: transfer: cars_xfer_util.c[412] [admin]: resolved server to 10.1.115.11,7 [16383]: transfer: sftp_copy.c[75] [daemon]: Executing SFTP command: /usr/bin/scp -o StrictHostKeyChecking=no /var/tmp/ADElogs.tabackupuser@10.1.115.11://ADElogs.tar.gz,% Error: Transfer failed3 [16376]: transfer: sftp_copy.c[230] [admin]: sftp_copy ERROR: command execution failed,3 [16376]: copy: cm_copy.c[1226] [admin]: Logs archive transfer to url sftp://10.1.115.11/ failed retcode=-306,acs/admin#
View 21 Replies
View Related
Nov 28, 2012
I'm not able to find any clear process/documentation on how to upgrade 5.1 to 5.4, so I have assumed that it will be a 2 stage process...Upgrade from 5.1 to 5.3 (or 5.2) Then upgrade to 5.4?
View 9 Replies
View Related
Jan 4, 2012
We only need to the Local User info to be transferred to the Ver5.1.
View 15 Replies
View Related
Apr 18, 2013
Any issues migrating ACS 4 to 5?
View 3 Replies
View Related
May 8, 2013
I have some requirement where I need to upgrade the ACS 4.2 to 4.3, are there many upgrades available from Cisco on this ?
View 5 Replies
View Related
Nov 7, 2012
I want to upgrade the Cisco ACS ver from 4.0 to 4.1.1.24 running on VM envoinment with primary and scondary server. I have tried to find documents related this upgradation.
My target is:
4.0====4.1.1.24====5.3
Secondly I wanted to know that this upgradation would possible for VMs or not. and this upgratation (4.0 to 4.1.1.24) could be possible on demo license?. because I have orderd to Cisco L-CSACS-53VMUP-K9 and CON-SAS-CSACS3V.?
View 4 Replies
View Related
Dec 7, 2009
I'wont to upgade my ACS server 5.0.0.21 to 5.1 . I wont to use Active Directory . it's seem that in my curent version AD is not supported !
View 12 Replies
View Related
Nov 11, 2012
I'm currently running ACS 5.3 Patch 7 in a VM on VMware ESXi. I download the application upgrade bundle, and placed it in my SFTP repository, and ran "application upgrade filename repository name". It throws an error that the manifest file is not found in the bundle.
I tried putting the ACS.gz file in an FTP repository, and even in an ISO file to attach to the VM. In all cases I receive this same error.I did verify the md5sum on the file to make sure it wasn't corrupted..
View 6 Replies
View Related
