Re: ACS 5.8 - Unable to Register to Primary - System Failure occurred: Connection timed out

enable.15 · ‎09-18-2019

Hi,

I'm trying to register the secondary ACS to the primary (log collector).

When adding from secondary "Register to Primary" I'm getting the Connection timed out message (see below).

I have confirmed they have reachability to each other and proper IP is given for registration.

Other things that I have verified:

Both are running different Identifier under Base Server License Tab
Both are running identical version (5.8.0.32.7)
Both status acs shows all processes running
Rebooted both ACS appliances just in case with no luck
Both have disabled Trust Communication under Trust Communication Settings tab

At this point I have no idea what else could I do/check in order to get them synced.

Any advice would be greatly appreciated.

enable.15 · ‎09-18-2019

Very weird. Without any changes the system finally allowed to add. Very flaky.

Damien Miller · ‎09-18-2019

Good that it is working, but a little unsettling.

Time to start thinking about moving to ISE, ACS 5.8 goes end of support Aug 31 2020.

enable.15 · ‎09-18-2019

Damien,

Is there any proper migration or you pretty much start from scratch?

Damien Miller · ‎09-18-2019

There is an ACS to ISE migration tool that works reasonably well, but still requires some rework. If the ACS deployment isn't too complicated it can be easier to manually migrate.

There is a post that answers some of the typical questions.
https://community.cisco.com/t5/security-documents/acs-to-ise-migration/ta-p/3644038