07-19-2011 11:01 AM - edited 03-10-2019 06:14 PM
I have a primary and secondary ACS server and am trying to replicate the database from the primary to the secondary. When I do, the seconary is reporting "Inbound database replication from ACS '<secondary ACS server>' denied - shared secret mismatch". I believe this is referring to the shared secret I entered for database encryption during installation. Is there any way to change this shared secret without having to reinstall? (Note that this is not the AAA key listed for Self in Network Configuration).
Version is 4.1 on Windows 2003 Server.
Solved! Go to Solution.
07-19-2011 11:18 AM
What version of acs are you running, and it is actually referring to the shared secret for the AAA servers and not the shared secret for the database encryption. There is a known bug if you look at the self entry on both acs instances does either one of them show a loopback address and not the actual ip? If so, then you are hitting the bug I am mentioning. The best way to resolve this is to access the console like and change the ip address (for example turn on dhcp pull an ip and let the services restart). Then go back into the box and reassign the static ip that you had before. Once the services come back verify that the Self entry now has the correct ip address (physical and not loopback) and test your replication again.
Thanks,
Tarik
07-19-2011 11:18 AM
What version of acs are you running, and it is actually referring to the shared secret for the AAA servers and not the shared secret for the database encryption. There is a known bug if you look at the self entry on both acs instances does either one of them show a loopback address and not the actual ip? If so, then you are hitting the bug I am mentioning. The best way to resolve this is to access the console like and change the ip address (for example turn on dhcp pull an ip and let the services restart). Then go back into the box and reassign the static ip that you had before. Once the services come back verify that the Self entry now has the correct ip address (physical and not loopback) and test your replication again.
Thanks,
Tarik
07-19-2011 11:27 AM
using 4.1 on windows 2003 server. And unfortunately neither server shows loopback ip for the self entry.
But based on your comments, I went in and double-checked the shared secret for AAA servers and saw that the primary server AAA shared secret was blank. I re-entered and now I can replicate. Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide