cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1835
Views
10
Helpful
11
Replies

ACS 5.3 Secondary registration failed

Dean Crook
Level 1
Level 1

Hi I've just had to rebuild my ACS appliance with new hardrives but I am unable to register the devices to each I get a system error.

I thought it may have had something to do with the rebuilt device not being joined tothe domain but it has now been joined albeit using a different ad account, but still cannot register to primary.

Any help appreciated?

1 Accepted Solution

Accepted Solutions

GUI credentials of super-admin are used to register secondary to primary can you check what rights we have for acsadmin.

Jatin Katyal
- Do rate helpful posts -

~Jatin

View solution in original post

11 Replies 11

Dean Crook
Level 1
Level 1

Sorry forgot to mention the error states unable to authenticate to node, or something similar.

Unfortunately I am unable to get any logs.

Do both devices need to be removed from the domain before I can register to primary?

Jatin Katyal
Cisco Employee
Cisco Employee

Have you checked the connectivity between the boxes? Can they ping each other.

Are we using acsuper admin account for resgisteration?

Here are the ports that should be open between primary and secondary.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/admin_operations.html#wp1066095

Regards,

Jatin

*Do rate helpful posts*

~Jatin

Connectivity is fine they are on the same LAN, this is a rebuild of a once working device.

I am using acsadmin to register.

GUI credentials of super-admin are used to register secondary to primary can you check what rights we have for acsadmin.

Jatin Katyal
- Do rate helpful posts -

~Jatin

Yes acsadmin is the default super admin, the permissions have not been changed.

while rebuilding the server, did you change the ip address of the server? Also, If I am not wrong you have rebuilt your secondary server?

next we need to fetch the management logs at the debugging from the ACS to see what exactly causing this issue.

Jatin Katyal
- Do rate helpful posts -

~Jatin

No it was the primary that I rebuilt, but I deregistered and deleted it from the secondary and promoted the secondary to primary before reintroducing the new build.

I'm not going to be able to get the logs as this is within a secure enviroment, if you could tell me what you would be looking for in the logs?

It's resolved, but I don't know why.

I created a new superadmin user and used that to register.

Even though the Default acsadmin account works fine for logging in to both gui's.

Very wierd.

Wierd to me as well because the acsadmin does has the super-admin privileges.

celebrate

Jatin Katyal
- Do rate helpful posts -

~Jatin

Thanks for the help I have another question.

Can I now safely delete the temporary SuperAdmin account I created to do the registration or will it need it?

I've never suggested this to anyone, neither I tested this in lab. however, I think this account is only being used once at the time of joining. We may go ahead and try to delete it, should not be an issue.

Jatin Katyal
- Do rate helpful posts -

~Jatin