Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1442
Views
5
Helpful
2
Replies

Best practice when applying ACS Cumulative Patch

Go to solution
Truong.Hai
Level 1
Level 1

‎09-13-2019 08:22 AM

I will be applying a ACS 5.8.0.32.10 Cumulative Patch on both of our ACS devices. I wanted to know what is the best practice. Should I apply on the Secondary first or apply it on the Primary and let it do a failover to the Secondary. I am currently on version 5.8.1.4. I am needed to patch it because I have been getting some bugs. Cisco TAC suggested to apply patch to 5.8.0.32.10. Thoughts?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎09-13-2019 07:36 PM

I couldn't find any documented recommendation for you, but I would treat it like ISE and follow the ISE best practice on patching. Patch the primary node, then choose the order that suits you after that, in your case that's just the second node. I wouldn't bother with failing over and promoting the other node unless something goes wrong and the primary breaks, it will just add time to the change window.

Since this is a TAC recommending the patch, you could also ask the TAC engineer if to provide guidance.

View solution in original post

2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎09-13-2019 07:36 PM

I couldn't find any documented recommendation for you, but I would treat it like ISE and follow the ISE best practice on patching. Patch the primary node, then choose the order that suits you after that, in your case that's just the second node. I wouldn't bother with failing over and promoting the other node unless something goes wrong and the primary breaks, it will just add time to the change window.

Since this is a TAC recommending the patch, you could also ask the TAC engineer if to provide guidance.

Go to solution
Truong.Hai
Level 1
Level 1
In response to Damien Miller

‎09-23-2019 06:17 AM

I was able to patch the secondary node first then primary. Thanks!! 

 

I was able to do the steps below.

 

Create FTP Session

  1. Used Filezilla for FTP

Show Repository

  1. Log into Secondary

ACSxxxx/acsmgr# show repository BACKUP-FTP

5-8-0-32-10.tar.gpg                                                            

Show Version

ACS6440/acsmgr# show application version acs

Cisco ACS VERSION INFORMATION

-----------------------------

Version : 5.8.1.4

Internal Build ID : B.462

 

Patch Install Needs to be done BOTH – Primary and Secondary

  1. Log into Secondary

 

ACSxxxx /acsmgr# acs patch install 5-8-0-32-10.tar.gpg repository BACKUP-FTP

Installing ACS patch requires a restart of ACS Services Continue? (yes/no) yes

  1. Should take about 10 mins.

 

  1. Check services are running properly

ACSxxxx /acsmgr# show application status acs

ACS role: SECONDARY

 

Process 'database'                  running

Process 'management'                running

Process 'runtime'                   running

Process 'adclient'                  running

Process 'ntpd'                      running

Process 'view-database'             running

Process 'view-jobmanager'           running

Process 'view-alertmanager'         running

Process 'view-collector'            running

Process 'view-logprocessor'         running

 

  1. Show Version

ACSxxxx /acsmgr# show application version acs

 

Cisco ACS VERSION INFORMATION

-----------------------------

Version : 5.8.1.4

Internal Build ID : B.462

Patches :

5-8-0-32-10

 

  1. MAKE SURE Secondary IS PATCHED FIRST BEFORE PROCEEDING TO PRIMARY. Log into Primary repeat steps 1-5 above.

 

0 Helpful
Customers Also Viewed These Support Documents