Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
804
Views
0
Helpful
3
Replies

ACS 4.1.1.24 to 5.2.0.26.3 Network Device Migration issue

michaellambert1980
Level 1
Level 1

‎03-31-2011 06:44 AM - edited ‎03-10-2019 05:57 PM

Hello all.

I'm getting an error when I run the migration.bat script to migrate data from ACS 4.1 to 5.2 and analyse the Network Devices in the 4.1 database.

hqssec01AnalyzeAndExportNetwork Devicehqsvg22417kerrorinvalid_sharedsecretCannot migrate Network Device that has Shared secret key with a name that contains any of the following characters: "'{}
hqssec01AnalyzeAndExportNetwork Devicehqsvg22418kerrorinvalid_sharedsecretCannot migrate Network Device that has Shared secret key with a name that contains any of the following characters: "'{}
hqssec01AnalyzeAndExportNetwork Devicemilswi1a1errorinvalid_sharedsecretCannot migrate Network Device that has Shared secret key with a name that contains any of the following characters: "'{}
hqssec01AnalyzeAndExportNetwork DeviceDS2000_Storm_Standbyerrorinvalid_sharedsecretCannot migrate Network Device that has Shared secret key with a name that contains any of the following characters: "'{}

We use a common shared secret key for 253 devices to use for TACACS authentication.  Unfortunately ACS 4.1 allows you to use the " character in this key but 5.2 doesn't.  Is there a way of changing  the  key in the 4.1 database for all 253 devices without having to manually change all devices individually?

I can change the AAA client's key with various tools no problem, but the issue is the key stored on the ACS database.

Any help would be great!

Labels:
0 Helpful
3 Replies 3

Yudong Wu
Level 7
Level 7

‎03-31-2011 01:12 PM

You can use RDBMS sync to update all devices' sharedkey.

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html

Refer to the follow table, action ID 224

Table E-6     Action Codes for Modifying Network Configuration.

0 Helpful

michaellambert1980
Level 1
Level 1
In response to Yudong Wu

‎03-31-2011 02:20 PM

Thankyou.  I'll try it in the morning.

0 Helpful

michaellambert1980
Level 1
Level 1
In response to michaellambert1980

‎04-02-2011 02:18 AM

Just to update.

RDBMS syncronization using csv files is only available on 4.2 so I updated from 4.1 to 4.2.

Using the accountActions.csv file, I made a copy accountActions2.csv and used the action id 225 to dump the NAS database to a file DumpNAS.txt.

I then imported the relevant fields from DumpNAS.txt into a new file accountActions3.csv and used action ID 224 to update the NAS database.

The issue I had was that the Value 3 field "Vendor ID" I could not locate the corrent string to use.

In the end I used the 'File Operations' function in ACS 5.2 and used the network device template to load the devices into ACS 5.2 with the new shared secret.  The only thing missing from was Network Device Groups, which had to be created manually and then manually move each device into the relevant NDG.

This may prove useful for anyone having a similar problem.

0 Helpful
Customers Also Viewed These Support Documents