This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hello, recently we started to experience following problems with our ACS 5.1 deployment (distributed deployment, two nodes primary and secondary).
- Synchronization loss between nodes. In "System Administration" -> "Operations" -> "Distributed system management" we see secondary node always on "REPLICATING" or "PENDING" status, never "UPDATED". Replication is successful only after restarting application on both nodes (status changes to "UPDATED"). After some time situation repeats - secondary node replication status changes to "PENDING" and stays there until entire deployment is restarted.
- Changes made in autorization policy on primary node are visible in web interface, but are not reflected in authorization events until application is restarted on both nodes. Only then new rules are actually used in authorization process.
Can anyone share some tips on what could we do to diagnose the cause of these problems?
You will want to enable the following debugs:
debug-log runtime level debug
debug-log mgmt level debug
Then wait for the problems to occur, collect a support bundle, and then review the logs.
Also, note that ACS 5.1 is quite old and out of support by now, you will want to upgrade to a newer release. The latest one is 5.8.
Hi Javier, thanks for the response. Regarding debug commands - i can't enter these commands when logged in as admin in ACS CLI. There is no "debug-log" command at all:
all Enable all debugging
application Application debugging
backup-restore Backup and restore
cdp Cisco Discovery Protocol
copy Copy commands
icmp Icmp echo response configuration
locks Resource locking
logging Logging configuration
snmp Snmp configuration
transfer File transfer
user User Management
Additionally - i've spotted following errors in ACS dashboard:
So, where can i find this "collector log" ? Will it be part of a support bundle?