Hi Cam,

Thanks for the reply. I did select the followings: Debug Logs, Local logs, system logs and it saved on as zip file, when I extracted it shows as "filename.tar.gpg".

- is ADE.log file included in the above logs

- how do I open the ADE.log file seperately

thanks

Hi,

It looks like you had collected the ACS bundle logs with the “Encrypt Support Bundle” option checked. Since you’re using ACS 5.2, when you collect the ACS bundle logs, there are options to Encrypt the logs or not. By default, “Encrypt Support Bundle” is checked. Please uncheck this and you’ll get the non-encrypted logs. After that, you can open it as a zip file without having to decrypt it.

Regards,

Cam

HI Cam,

Yes, this time I succeeded to collect the logs and thanks for your correct instruction. However my intension was to find out the error while I'm not able to do the backup.

I have configured a repository and configured scheduled backup, but for some reason it doest not happned (nothing seen on the specified backup folder). Attached screen shows my backup configuration.

But I stil could not find the exact issue from the below error messages.

01:56:01 acs01-cc4 MSGCAT52102/root: Scheduled backup starting on primary instance.

Aug  8 01:56:01 acs01-cc4 debugd[2953]: hangup signal caught, configuration read

Aug  8 01:56:01 acs01-cc4 debugd[2953]: successfully loaded debug config

Aug  8 01:56:07 acs01-cc4 MSGCAT58010/root: info:[ACS backup] ACS backup completed

Aug  8 01:56:19 acs01-cc4 logger: [backup-app.sh] backup file acs01-cc4-Backup-110808-0156.tar.gpg successfully created

Aug  8 01:56:19 acs01-cc4 debugd[2953]: [29408]: transfer: cars_xfer.c[124] [daemon]: tftp copy out of /opt/backup/backup-acs01-cc4-Backup-110808-0156-1312768561/acs01-cc4-Backup-110808-0156.tar.gpg requested

Aug  8 01:56:44 acs01-cc4 debugd[2953]: [29408]: transfer: cars_xfer_util.c[656] [daemon]: TFTP transfer error: 17664

Aug  8 01:56:44 acs01-cc4 debugd[2953]: [29408]: backup-restore:backup: br_backup.c[528] [daemon]: backup acs01-cc4-Backup-110808-0156 copy out failed

Aug  8 01:56:44 acs01-cc4 MSGCAT52105/root: Scheduled backup failed due to internal error. Please check ADE.log for more details.

Aug  8

Hi,

From the errors you provided, it looks like the backup file was successfully created and the backup was complete, but it failed while trying to transfer the file to the TFTP server. Do you see at that time the ACS tried to log in and transfer the file on the TFTP server? Was there any error on the TFTP server at that time? It could be that the backup file is bigger than the limitation in file size for TFTP, so you might want to try using an FTP server instead of TFTP.

You can create a repository on the ACS CLI pointing to the same TFTP server and do a manually backup via the CLI to see if that’s successful or not.

Here’s the command to create a repository via CLI:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1895920

Here’s the command to do a manual backup of the ACS configuration data via the CLI:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1886805

If the manual backup works with the same TFTP server, but the scheduled backup doesn’t, then you’ll probably need to open a TAC case and TAC can apply the root patch to see if there’re any residual files in the directory that the ACS uses for scheduled backups. The presence of these files (left from a previous backup) can prevent a scheduled backup from happening, so they need to be removed. But please try the manual backup first.

Regards,

Cam

HI Cam,

After a long delay I again started backing up of ACS configuration and data. I have tried with ftp/tftp/nsf, all looks backing up when I check show backup history in CLI but it does not transfer the file to my defined location of external server.

Here is what I see when doing manual backup in CLI

acs01-cc4/admin# backup myback repository ACSBackupTest  (via FTP)

% Creating backup with timestamped filename: myback-111024-1028.tar.gpg

% File transfer error

acs01-cc4/admin# backup mybackup repository ACSBackup (via TFTP)

% Creating backup with timestamped filename: mybackup-111024-1031.tar.gpg

Error code 2: Access violation

Here is the output of show backup history

Mon Oct 24 09:39:23 AST 2011: backup acs01-cc4-Backup-111024-0939.tar.gpg to repository ACSBackup: success

Mon Oct 24 10:05:25 AST 2011: backup acs01-cc4-Backup-111024-1005.tar.gpg to repository ACSBackupTest:error - transfer faile

d

Mon Oct 24 10:10:23 AST 2011: backup acs01-cc4-Backup-111024-1010.tar.gpg to repository ACSBackupTest: error - transfer faile

d

Mon Oct 24 10:15:23 AST 2011: backup acs01-cc4-Backup-111024-1015.tar.gpg to repository ACSBackupTest: error - transfer faile

d

Mon Oct 24 10:30:34 AST 2011: backup myback-111024-1028.tar.gpg to repository ACSBackupTest: error - transfer failed

Mon Oct 24 10:33:25 AST 2011: backup mybackup-111024-1031.tar.gpg to repository ACSBackup: success

Here is the log from ADE.log file

--------------------------------------------

Oct 24 09:39:09 acs01-cc4 MSGCAT58010/root: info:[ACS backup] ACS backup completed

Oct 24 09:39:23 acs01-cc4 logger: [backup-app.sh] backup file acs01-cc4-Backup-111024-0939.tar.gpg successfully created

Oct 24 09:39:23 acs01-cc4 debugd[2772]: [32365]: transfer: cars_xfer.c[124] [daemon]: tftp copy out of /opt/backup/backup-acs01-cc4-Backup-111024-0939-1319438341/acs01-cc4-Backup-111024-0939.tar.gpg requested

Oct 24 09:39:23 acs01-cc4 debugd[2772]: [32365]: backup-restore:backup: br_backup.c[537] [daemon]: application component backup acs01-cc4-Backup-111024-0939.tar.gpg to repository ACSBackup: success

Oct 24 09:39:23 acs01-cc4 MSGCAT52106/root: Scheduled backup successfully complete

Bellow screen shots show the configuration on GUI, in the path it only accepts starting / but in FTP (3CDaemon) it does only accept the patch as C:\ftp\. I'm not sure whether this is the issue, but then why TFTP is not working..?

However I found some replies on Netpro some says its a bug: (ID:CSCtn78315) and some say it will work when patch 7 is applied.

Is there a way that we can access the root using Root patch and make sure these backup files are exist and then copy from some other way..?

Appreciate if you can provide some workable solution to this issue please.

thanks

Hi,

On the ACS CLI, when you do “show repository ” of the repository that had the transfer error, do you see the output listing all of the files in that directory? If you do, then the ACS can read the repository. If you get an error, that means the ACS can’t read the repository.

The error is the transfer error, so it looks like the write to the FTP server at that directory path (that you configured on the ACS GUI – Software Repository) is not working. Does the user that you’re using for the ACS to access the FTP server have all read and write permissions to that directory on the FTP server?

The bug you mentioned is fixed in ACS 5.3. I don’t see any documentation that it’s fixed in ACS 5.2 patch 7 or patch 8.

For the root patch, you will need to open a TAC case and TAC can provide the root patch and help you with this issue. With the root patch, you’ll be able to use FTP or SFTP Linux commands to see if you can manually transfer the files to the FTP server.

Regards,

Cam

HI Cam,

Thank you very much for your time on reply me back.

I did the show repository on each repository I configured and below is the output.

acs01-cc4/admin# show repository ACSBackup (using tftp)

% Protocol does not support listing directories

acs01-cc4/admin# show repository ACSBackupTest2 (using nsf)

% Error mounting NFS location

acs01-cc4/admin# show repository ACSBackupTest (using ftp)

% Error reading directory on remote server

acs01-cc4/admin#

Here is the repository config.

repository ACSBackup

  url tftp://10.52.21.11/ACSBackup

repository ACSBackupTest

  url ftp://10.52.25.11/C:ftp

  user test password hash 5c5e7693883c95ea7b6184e4d61e97716666823f

repository ACSBackupTest2

  url nfs://10.52.17.11:/MARSBackup

  user Administrator password hash da55242db997aaf87f78832a7e4e8901c354339e

I tested with tftp and was able to copy running-config on firewall which is in the same subnet of ACS and it was successful, but I did not test with nsf and ftp though.

However it's understood that we have some file writing issue from these repositories, kindly advise me how I can overcome this issue.

Thanks a lot once again for your time and reply me on this.

`Hi Cam,

Many thanks for your response and sorry for long delay of my reply...!

Glad to inform you that it has been resolved. As you mentioned it was the syntax error when we spcify the ftp path.

In CLI of ACS we have to mention it as follow:

repository ACSBackup

  url ftp://10.52.X.X

  user test password xxxxx

but in GUI of ACS backup configuration we have to mention just backslah (/) only and you should point the folder in the ftp server.

I have documented the same in the attached document for any body's reference.

Thanks for your time and patiention on replying my querries.

Hi,

I’m glad the issue has been resolved.

You have a wonderful day!

Regards,

Cam