https://community.cisco.com/t5/network-access-control/getting-2-acs-servers-to-replicate/m-p/466734#M427876 <P>We have two Data Centres with the primary ACS server in one and I am trying to install a secondary ACS server in the second one.</P><P></P><P>They communicate at a TCP level but I can&#146;t get the second ACS to replicate the first one. They are both installed on windows 2003 server and they are both also DNS and domain controllers. In desperation I tried setting the timeout to 240 minutes and going home and leaving it but to no avail..</P><P></P><P>ANY ideas will be welcome, don&#146;t think &#147;he MUST have tried that&#148; because I may not have&#133;&#133;.</P><P></P> Sun, 10 Mar 2019 21:26:37 GMT timdeadman 2019-03-10T21:26:37Z https://community.cisco.com/t5/network-access-control/getting-2-acs-servers-to-replicate/m-p/466734#M427876 <P>We have two Data Centres with the primary ACS server in one and I am trying to install a secondary ACS server in the second one.</P><P></P><P>They communicate at a TCP level but I can&#146;t get the second ACS to replicate the first one. They are both installed on windows 2003 server and they are both also DNS and domain controllers. In desperation I tried setting the timeout to 240 minutes and going home and leaving it but to no avail..</P><P></P><P>ANY ideas will be welcome, don&#146;t think &#147;he MUST have tried that&#148; because I may not have&#133;&#133;.</P><P></P> Sun, 10 Mar 2019 21:26:37 GMT https://community.cisco.com/t5/network-access-control/getting-2-acs-servers-to-replicate/m-p/466734#M427876 timdeadman 2019-03-10T21:26:37Z https://community.cisco.com/t5/network-access-control/getting-2-acs-servers-to-replicate/m-p/466735#M427877 <HTML><HEAD></HEAD><BODY><P>Some more information&#133;</P><P></P><P>The two data centres each have an ASA protecting them. As we are at the lab stage the ASAs are left open and the WAN is simulated via a couple of routers and a LAN. If I by-pass the ASAs and just use a routed connection, the two servers replicate. Going through the ASAs seems to stop replication from happening and the log of the second ACS is totally blank. A sniffer on the LAN picks up a heap load of packets between the two ACSs.</P><P></P><P>If I had a beard I would be stroking it and going &#147;hmmm&#148; while looking puzzled.</P><P></P><P></P></BODY></HTML> Fri, 20 Jan 2006 13:07:15 GMT https://community.cisco.com/t5/network-access-control/getting-2-acs-servers-to-replicate/m-p/466735#M427877 timdeadman 2006-01-20T13:07:15Z https://community.cisco.com/t5/network-access-control/getting-2-acs-servers-to-replicate/m-p/466736#M427878 <HTML><HEAD></HEAD><BODY><P>I think the beard idea works really well. You need to make sure its good and long and bushy enough to hold several pencils <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P></P><P>...but back to replication If you look in the csauth/logs/auth.log on the master server do you see replication error messages. Hint look for strings of the form "replice(out)". If its having trouble talking to the slave there will be heaps of errors.</P><P></P><P>All traffic is on tcp/ip port 2000.</P></BODY></HTML> Mon, 23 Jan 2006 21:24:03 GMT https://community.cisco.com/t5/network-access-control/getting-2-acs-servers-to-replicate/m-p/466736#M427878 darpotter 2006-01-23T21:24:03Z https://community.cisco.com/t5/network-access-control/getting-2-acs-servers-to-replicate/m-p/466737#M427879 <HTML><HEAD></HEAD><BODY><P>Thanks for that.</P><P></P><P>There is nothing in the logs other than "replication failed, ACS02 did not respond"</P><P></P><P>This problem has moved on a bit as it now seems the ASA between the two ACSs is spoofing traffic. I have reposted the complete story in the Firewall section.</P><P></P><P>Tim</P></BODY></HTML> Tue, 24 Jan 2006 09:17:24 GMT https://community.cisco.com/t5/network-access-control/getting-2-acs-servers-to-replicate/m-p/466737#M427879 timdeadman 2006-01-24T09:17:24Z