Re: ACS Replication Error

mistryj · ‎07-28-2006

I have 2 x version v4.0 ACS servers. Windows 2003 SP1

Both servers can ping each other and are resolving hosts names using local hosts file.

I have disabled the multiple nics on both servers and have a single nic connected.

Replication has been configured by the book but I keep getting the following error :-

Cannot replicate to 'name' - server not responding

Any ideas what might be causing this ?

a.kiprawih · ‎08-02-2006

Hi,

This issue was reported in earlier ACS version 3.0.

Replication Messages

Error Message: Cannot replicate to `name'- server not responding

Explanation: The named destination Cisco Secure ACS system was unreachable

Recommended Action: Check the connectivity between the remote Cisco Secure ACS and the replicating ACS. Verify that the IP address of the AAA server is correct under AAA entry.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007dee6.html

If I am not mistaken, this was a DNS-related issue where both servers are trying to reach each other using DNS (name-to-IP resolution) during replication. But since you're using local host file (lmhost), both servers did not successfully read or resolved the name-to-IP query.

By right, ACS need DNS to resolve peer name for backup/replication purposes. DNS is also requred if your ACS integrated to MS-AD.

Since you're using local host file, have you remove the DNS entry in your NIC's TCP/IP confg? But this could be not the case at all.

Rgds,

AK

darpotter · ‎08-02-2006

Hi

I'd try using ip addresses instead of host names.. just to rule that out.

Make sure each ACS is added to the network config of the other ACS with matching shared secrets. For testing its best to use the same shared secret everywhere.

Check the csauth.log file on both ACSs... the slave can often reject the master if the secret/ip is wrong. Look for the string "replicat" to find all relavent logging.

good luck

Darran