ACS 5.7 replication issues

chris.wood11 — Fri, 21 Feb 2020 14:01:34 GMT

Hi,

I have two ACS appliances running 5.7.0.15.2. Appliance 1 has policies on, appliance 2 is to be the secondary appliance. I've been trying to add the secondary to the primary for replication and the secondary appliance does not seem to be behaving/replicating. There is a firewall between the two with all required ports open & can see no traffic being blocked.

Appliance 2 appears on appliance 1 as a secondary, but offline and replication status pending. After I add it in and it tries to restart its services, they stay down for ages, in some cases don't restart at all, so I've reset the acs configuration on several occaisons and only occasionally will the services restart, but replication doesn't happen and appliance 2 stays offline in appliance 1 (I saw it briefly flick online once but then it went offline again), I have seen a bug for this issue however as the replication isn't happening at all, there's something a bit deeper going on.

If the acs services do restart on appliance 2, replication_status command says the appliance is replicated, however trying a replication force_sync fails saying a full synchronisation is in progress (and I have left it overnight for in some cases 12 hours to give it time to replicate, so its not going to). I've reset the ACS configuration and retried joining it to the primary appliance on numerous occaisons with no success. I have tried looking at debugging logs but can't really interpret them (unfortunately these appliances aren't on a support contract at the moment - this is being worked on!), but have seen some possible database errors that make me wonder if the database is corrupted or damaged in some way. On the firewall monitoring I can see appliance 1 connecting to appliance 2 but nothing in the other direction.

Has anyone else had this problem or can suggest a way of fixing the database?. I have wondered whether to reinstall the application but its on a remote site that I'd have to send a disk to, so is it possible to completely remove and reinstall the ACS application remotely using a configured repository?

Not sure if its relevant but initially when I first tried to join the appliance to the primary I hadn't noticed that it didn't have patch 2 installed - subsequently I've managed to patch it so they are on exactly the same version. I haven't tried to patch both further yet as the replication should have worked without these (had no issues doing this at my last workplace).

thanks

chris

Re: ACS 5.7 replication issues

Guy Greenshtein — Sun, 04 Feb 2018 17:57:33 GMT

Hi Chris,

Did you manage to solve this problem? What was the solution?

Re: ACS 5.7 replication issues

chris.wood11 — Wed, 14 Mar 2018 17:34:26 GMT

Hi Guy,

Yes, its important to check firewalls between them to ensure ALL required ports are allowed. Its even worth checking for dropped traffic in case logging isn't showing it..

Chris

topic Re: ACS 5.7 replication issues in Network Security

ACS 5.7 replication issues

Re: ACS 5.7 replication issues

Re: ACS 5.7 replication issues