Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
974
Views
0
Helpful
2
Replies

Can't replicate from primary to secondary ACS servers

Go to solution
jessica maitzen
Level 1
Level 1

‎07-19-2011 11:01 AM - edited ‎03-10-2019 06:14 PM

I have a primary and secondary ACS server and am trying to replicate the database from the primary to the secondary.  When I do, the seconary is reporting "Inbound database replication from ACS '<secondary ACS server>' denied - shared secret mismatch".  I believe this is referring to the shared secret I entered for database encryption during installation.  Is there any way to change this shared secret without having to reinstall?  (Note that this is not the AAA key listed for Self in Network Configuration).

Version is 4.1 on Windows 2003 Server.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎07-19-2011 11:18 AM

What version of acs are you running, and it is actually referring to the shared secret for the AAA servers and not the shared secret for the database encryption. There is a known bug if you look at the self entry on both acs instances does either one of them show a loopback address and not the actual ip? If so, then you are hitting the bug I am mentioning. The best way to resolve this is to access the console like and change the ip address (for example turn on dhcp pull an ip and let the services restart). Then go back into the box and reassign the static ip that you had before. Once the services come back verify that the Self entry now has the correct ip address (physical and not loopback) and test your replication again.

Thanks,

Tarik

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎07-19-2011 11:18 AM

What version of acs are you running, and it is actually referring to the shared secret for the AAA servers and not the shared secret for the database encryption. There is a known bug if you look at the self entry on both acs instances does either one of them show a loopback address and not the actual ip? If so, then you are hitting the bug I am mentioning. The best way to resolve this is to access the console like and change the ip address (for example turn on dhcp pull an ip and let the services restart). Then go back into the box and reassign the static ip that you had before. Once the services come back verify that the Self entry now has the correct ip address (physical and not loopback) and test your replication again.

Thanks,

Tarik

0 Helpful

Go to solution
jessica maitzen
Level 1
Level 1
In response to Tarik Admani

‎07-19-2011 11:27 AM

using 4.1 on windows 2003 server. And unfortunately neither server shows loopback ip for the self entry.

But based on your comments, I went in and double-checked the shared secret for AAA servers and saw that the primary server AAA shared secret was blank.  I re-entered and now I can replicate. Thanks!

0 Helpful
Customers Also Viewed These Support Documents