topic Hi Tymoffi, in Network Access Control https://community.cisco.com/t5/network-access-control/reset-acsadmin-s-password-using-secondary-admin-node-when-pan-is/m-p/3016362#M25940 <P>Hi Tymoffi,</P> <P>Here is an easy way for this issue:<BR /><BR />1-&nbsp;&nbsp;&nbsp;&nbsp; Install the new ACS VM and make it ready.<BR /><BR />2-&nbsp;&nbsp;&nbsp;&nbsp; Install root patch on both the new ACS and the old secondary ACS.<BR /><BR />3-&nbsp;&nbsp;&nbsp;&nbsp; Get in to the root and browse to the folder /opt/CSCOacs/db:<BR /><BR />[root@Training-ACS1 db]# pwd<BR />/opt/CSCOacs/db<BR /><BR /><BR />4-&nbsp;&nbsp;&nbsp;&nbsp; In this folder there are 4 files:<BR /><BR />·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Acs.db<BR /><BR />·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; acs*.log<BR /><BR />·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dbkey.cfg<BR /><BR />·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dbcred.cal<BR /><BR />5-&nbsp;&nbsp;&nbsp;&nbsp; On the new ACS take a backup (copy) of these 4 files to somewhere.<BR /><BR />6-&nbsp;&nbsp;&nbsp;&nbsp; Stop services in new ACS<BR /><BR />7-&nbsp;&nbsp;&nbsp;&nbsp; Copy these files from Secondary ACS to new ACS<BR /><BR />8-&nbsp;&nbsp;&nbsp;&nbsp; Start services once files are replaced.</P> <P></P> <P>Regards,</P> <P>Poonam Garg</P> Mon, 26 Jun 2017 02:26:54 GMT poongarg 2017-06-26T02:26:54Z Reset ACSAdmin's password using Secondary admin node, when PAN is down dead? https://community.cisco.com/t5/network-access-control/reset-acsadmin-s-password-using-secondary-admin-node-when-pan-is/m-p/3016361#M25939 <P>Hi all</P> <P></P> <P>Here's the problem... Our primary ACS 5.4 admin node has died. I have tried to promote secondary admin node to primary role but it gives me the following message whenever I try to login:</P> <P><B>You are required to change your password due to inactivity in your account. <BR />Please login to primary to change your password.</B></P> <P>How do I do this, if Primary node is dead?</P> <P>I tried to reset password using CLI, but no luck, get pretty much the same warning:</P> <P style="padding-left: 30px;">ACS02/admin# acs reset-password<BR />This command resets the 'ACSAdmin' password to its original value.<BR />Are you sure you want to continue?&nbsp; (yes/no) yes<BR />Administrator password can be reset only on a PRIMARY instance.</P> <P>Due to some fault, I cannot login to it using my AD credentials (could be an issue with AD-ACS integration on this node). Luckily, we have migrated 95% of our infrastructure to TACACS service on ISE 2.1... but there are still devices managed by ACS. So, I am a bit desperate. Go via full recover of Admin node? Re-deploy, recover from backup? Ohhhhhhhh. It is also a physical appliance, which means I have to go to DC to be able to do this.</P> <P></P> <P>Has anyone experienced something similar in the past? Thanks</P> Mon, 11 Mar 2019 07:48:30 GMT https://community.cisco.com/t5/network-access-control/reset-acsadmin-s-password-using-secondary-admin-node-when-pan-is/m-p/3016361#M25939 Tymofii Dmytrenko 2019-03-11T07:48:30Z Hi Tymoffi, https://community.cisco.com/t5/network-access-control/reset-acsadmin-s-password-using-secondary-admin-node-when-pan-is/m-p/3016362#M25940 <P>Hi Tymoffi,</P> <P>Here is an easy way for this issue:<BR /><BR />1-&nbsp;&nbsp;&nbsp;&nbsp; Install the new ACS VM and make it ready.<BR /><BR />2-&nbsp;&nbsp;&nbsp;&nbsp; Install root patch on both the new ACS and the old secondary ACS.<BR /><BR />3-&nbsp;&nbsp;&nbsp;&nbsp; Get in to the root and browse to the folder /opt/CSCOacs/db:<BR /><BR />[root@Training-ACS1 db]# pwd<BR />/opt/CSCOacs/db<BR /><BR /><BR />4-&nbsp;&nbsp;&nbsp;&nbsp; In this folder there are 4 files:<BR /><BR />·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Acs.db<BR /><BR />·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; acs*.log<BR /><BR />·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dbkey.cfg<BR /><BR />·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dbcred.cal<BR /><BR />5-&nbsp;&nbsp;&nbsp;&nbsp; On the new ACS take a backup (copy) of these 4 files to somewhere.<BR /><BR />6-&nbsp;&nbsp;&nbsp;&nbsp; Stop services in new ACS<BR /><BR />7-&nbsp;&nbsp;&nbsp;&nbsp; Copy these files from Secondary ACS to new ACS<BR /><BR />8-&nbsp;&nbsp;&nbsp;&nbsp; Start services once files are replaced.</P> <P></P> <P>Regards,</P> <P>Poonam Garg</P> Mon, 26 Jun 2017 02:26:54 GMT https://community.cisco.com/t5/network-access-control/reset-acsadmin-s-password-using-secondary-admin-node-when-pan-is/m-p/3016362#M25940 poongarg 2017-06-26T02:26:54Z