topic Wojciech, in Network Access Control

ACS 5.1 database synchronization problems

Wojciech Mitus — Mon, 11 Mar 2019 06:31:10 GMT

Hello, recently we started to experience following problems with our ACS 5.1 deployment (distributed deployment, two nodes primary and secondary).

- Synchronization loss between nodes. In "System Administration" -> "Operations" -> "Distributed system management" we see secondary node always on "REPLICATING" or "PENDING" status, never "UPDATED". Replication is successful only after restarting application on both nodes (status changes to "UPDATED"). After some time situation repeats - secondary node replication status changes to "PENDING" and stays there until entire deployment is restarted.

- Changes made in autorization policy on primary node are visible in web interface, but are not reflected in authorization events until application is restarted on both nodes. Only then new rules are actually used in authorization process.

Can anyone share some tips on what could we do to diagnose the cause of these problems?

Thanks,

Wojtek

Wojciech,

Javier Henderson — Wed, 24 Feb 2016 12:16:55 GMT

Wojciech,

You will want to enable the following debugs:

debug-log runtime level debug

debug-log mgmt level debug

Then wait for the problems to occur, collect a support bundle, and then review the logs.

Also, note that ACS 5.1 is quite old and out of support by now, you will want to upgrade to a newer release. The latest one is 5.8.

Javier Henderson

Cisco Systems

Hi Javier, thanks for the

Wojciech Mitus — Wed, 24 Feb 2016 13:33:10 GMT

Hi Javier, thanks for the response. Regarding debug commands - i can't enter these commands when logged in as admin in ACS CLI. There is no "debug-log" command at all:

acs01/admin# debug?
 all Enable all debugging
 application Application debugging
 backup-restore Backup and restore
 cdp Cisco Discovery Protocol
 config Configuration
 copy Copy commands
 icmp Icmp echo response configuration
 locks Resource locking
 logging Logging configuration
 snmp Snmp configuration
 system System
 transfer File transfer
 user User Management
 utils Utilities

Additionally - i've spotted following errors in ACS dashboard:

CSCOacs_Internal_Operations_Diagnostics FATAL Configuration management could not translate configuration change. Runtime configuration changes will not take effect

Database failure (acs01, TacacsAccounting) Please see Collector log for details

So, where can i find this "collector log" ? Will it be part of a support bundle?

Thanks,

Wojtek

Hi again, sorry, i have

Wojciech Mitus — Wed, 24 Feb 2016 13:42:31 GMT

Hi again, sorry, i have already found appropriate guide on how to configure debug-log and generate support bundle.

Wojtek