ACS 4.2 backup through Console/CLI

nkarthikeyan · ‎06-06-2012

Hi,

Due to some wrong access policy applied in the administration control settings. GUI access is not fucntioning. So we need to take a backup thru CLI mode using FTP server. I have tried using the backup command in the console & taken the backup using the following steps. But the backup file is less than 1kb. does any one have any idea how to resolve the issue. I need the exact Db backup to be taken.

Step 1 Log in to the ACS SE. For more information, see Logging In to the Solution Engine from a Serial Console.

Step 2 At the system prompt, enter backup and press Enter.

Tip You can enter the following parameters after the command or in response to subsequent prompts: [server] [username] [filepath]

Step 3 At the Enter FTP Server Hostname or IP Address: prompt, enter the FTP server IP address or hostname, and press Enter.

Step 4 At the Enter FTP Server Directory: prompt, enter the FTP server directory pathname, and press Enter.

Step 5 At the Enter FTP Server Username: prompt, enter the FTP server username and. press Enter.

Step 6 At the Enter FTP Server Password: prompt, enter the FTP server password and, press Enter.

Step 7 At the File: prompt, enter the name that you want to give the backup file, and press Enter.

Step 8 At the Encrypt Backup file? <Y or N>: prompt, enter Y to encrypt the backup file or N not to encrypt it, and press Enter.
Caution This procedure interrupts the use of the ACS SE for AAA services.

Step 9 If you entered Y to encrypt the backup file, at the Encryption Password: prompt, enter a password and then press Enter.

Result: The console displays:

Backing up now . . .

All running services will be stopped and restarted automatically.

Are you sure you want to proceed? <Y or N>

Step 10 To proceed, enter Y and press Enter.

Jatin Katyal · ‎06-06-2012

It seems you have applied the secure HTTP settings in the access-policy.

Did you try accessing your ACS via https and http both?

The backup process is correct. All I can suggest try to take it without encyption if not tried already.

Regards,

Jatin

Do rate helpful posts-

~Jatin

nkarthikeyan · ‎06-06-2012

Hi Jatin,

Thanks for your reply!!!

It was working with https only. I will explain much more in detail. in the adminstartion control access policy there is an option to specify the list of subnets or IP address range alone to access the ACS application. In that our engineer selected allow only specific IP range option and submitted without mentioning any ip address range. So its not allowing ACS application access from any IP range. So ACS is serving authentication for existing radius/tacacs users. but nt able to access the acs application for adding/deleting users.

Also i have tried both encrypted and unencrypted backups. but the result is same.

Please suggest for any other method to recover or backup....

Jatin Katyal · ‎06-06-2012

Do we have any database that we took before making the changes because that way we can restore the older one without that "access-policy" config. Also, what is the size of it?

Also, while taking backup, how long does it take to fetch the database?

You may also download the eval version of ACS windows, install it on windows server, restore the recent database with size of 1KB file and see if it would be accessble.

let me know how it goes.

Regards,

Jatin

~Jatin

nkarthikeyan · ‎06-06-2012

Hi Jatin,

Worst case here is they dint taken any backup or we dint maintained any backup of the ACS db. The other thing installing on the windows server option we need to try out. I will check and let u know.

Jatin Katyal · ‎06-07-2012

ohhh...alright, give a try with ACS windows one and let us know.

Regards,

Jatin

~Jatin