ACS Replication Issue

bretcollins · ‎01-11-2007

Yesterday we had two ACS 4.0 servers installed on Windows 2000 Domain Controllers that were working great. ACS1 was the primary server and replication was configured to send to ACS2. ACS2 replication was configured to receive from ACS1.

We lost ACS2 yesterday so I installed ACS 4 on a 2003 Domain Controller (ACS3). I installed ACS3, went into network configuration and added ACS1 as an AAA server.

I then logged onto ACS1 and added ACS3 as an AAA server and configured ACS3 as a replication partner.

It is not replicating - if I look at the log I get

ERROR, ACS 'ACS3' has denied replication request

I do not have the primary as a replication on the secondary.

I have some screen shots of the configuration from ACS2 and I've duplicated everything I've could (except for name and IP).

Any ideas on what I can try next?

pankaj.sheth · ‎01-26-2007

Check out the following link to verify your configuration between ACS servers.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00800e518a.shtml

amrkrish · ‎01-26-2007

In the Network Configuration section of the Secondary ACS ( slave ) , add the primary ACS server ( Master ) to the AAA Servers table.

According to your isssue , you do not have ACS1 as a known AAA server in ACS3.

amrkrish · ‎01-27-2007

Try to check the Send & Receive components in Master ACS and Slave ACS are in sync.

bretcollins · ‎01-27-2007

Working w/ Cisco TAC I created a new network device group on each ACS server - set a key for the NDG and moved the ACS servers to the new group. Replication was successful after that. However, after doing that our wireless clients weren't able to authenticate but I think I'm pretty close to solving this. Thanks for all the help.