11-10-2017 09:42 AM - edited 02-21-2020 10:38 AM
Hi!
I have some problems by registering a secondary instance for ACS, both of them have disabled the option of Trust Communications and both have the same version and patches. When I puth them into the same network the registration is successfull but when I put them behind a Firewall with public IP I got errors. I made the DNS registers with the public IP and put all the neccesary ports open, I see the interaction in my firewall but the log tha I see in both ACS this:
Nov 10 2017 12:09:16 CisACS_52032 177 1 1 AUDIT Registration request , AdminName=ACSAdmin, OperationMessageText=ACS instance server-acs58 requested to join a distributed environement, AdminInterf
ace=GUI, AdminSession=0027D2CB5CD1A9A59AE59004D1ED6678, AdminIPAddress=192.168.55.1
Nov 10 2017 12:10:19 com.cisco.nm.acs.mgmt.replication.ReplicationManagementImpl.registerNodeWithPrimary(ReplicationManagementImpl.java:284) FATAL http-443-1 Acs.MGMT.REPLICATION Unable to regist
er node.:Connection refused to host: server-acs58; nested exception is:
java.net.ConnectException: Connection timed out
java.rmi.ConnectException: Connection refused to host: server-acs58; nested exception is:
java.net.ConnectException: Connection timed out
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:101)
at com.cisco.nm.acs.mgmt.replication.ReplicationManagementImpl.getRegistrationHandler(ReplicationManagementImpl.java:677)
at com.cisco.nm.acs.mgmt.replication.ReplicationManagementImpl.registerNodeWithPrimary(ReplicationManagementImpl.java:233)
at com.cisco.nm.acs.mgmt.distributedmanagement.Registration.register(Registration.java:1278)
at com.cisco.nm.acs.mgmt.bl.framework.DistributedManagementHandler.register(DistributedManagementHandler.java:94)
at com.cisco.nm.acs.mgmt.bl.framework.BaseManagementSession.register(BaseManagementSession.java:2290)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.cisco.nm.acs.mgmt.performancemonitoring.PerformanceProxy.invoke(PerformanceProxy.java:51)
at com.sun.proxy.$Proxy0.register(Unknown Source)
at com.cisco.nm.acs.mgmt.gui.app.entities.PrimaryOperationsGuiEntity.register(PrimaryOperationsGuiEntity.java:295)
at com.cisco.nm.acs.mgmt.gui.app.actions.PrimaryOperationsPrInputAction.onRegister(PrimaryOperationsPrInputAction.java:160)
at com.cisco.nm.acs.mgmt.gui.app.actions.PrimaryOperationsPrInputAction.register(PrimaryOperationsPrInputAction.java:86)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:266)
at com.cisco.nm.acs.mgmt.gui.framework.actions.ACSBaseAction.dispatchMethod(ACSBaseAction.java:570)
at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:167)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:413)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:225)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.GUIAuditFilter.doFilter(GUIAuditFilter.java:118)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.performancemonitoring.filter.PerformanceMonitoringSensorFilter.doFilter(PerformanceMonitoringSensorFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.UserAuthenticatedFilter.doFilter(UserAuthenticatedFilter.java:221)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.ClickjackFilter.doFilter(ClickjackFilter.java:26)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.ApacheStrutsParamFilter.doFilter(ApacheStrutsParamFilter.java:26)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.XSSDataValidationFilter.doFilter(XSSDataValidationFilter.java:155)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:422)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.<init>(Socket.java:425)
at java.net.Socket.<init>(Socket.java:208)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 64 more
Nov 10 2017 12:10:20 CisACS_52039 178 1 1 AUDIT Registration failed , AdminName=ACSAdmin, OperationMessageText=ACS instance was unable to join a distributed deployment, AdminInterface=GUI, AdminS
ession=0027D2CB5CD1A9A59AE59004D1ED6678, AdminIPAddress=192.168.55.1
Nov 10 2017 12:15:04 com.cisco.nm.acs.view.dbms.DAOFactory.<clinit>(DAOFactory.java:98) INFO main Acs.MGMT.ACSVIEW DAO Factory is initialized successfully.
Nov 10 2017 12:15:09 com.cisco.nm.acs.view.proactive.alerts.AlertsConstants.getAlertProperties(AlertsConstants.java:35) DEBUG main Acs.MGMT.ACSVIEW Read file /Alert.properties Stream=sun.net.www.
protocol.jar.JarURLConnection$JarURLInputStream@28c2de88
show logging system ade/ADE.log
Nov 10 12:10:19 server-acs-gye adminacs: acsCheckFw Execution Started..!
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:19 server-acs-gye adminacs: ACS_ipv4_FW_2638_eth0 ACCEPT entry Deletion for 192.168.55.5 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:19 server-acs-gye adminacs: ACS_ipv4_FW_2020_eth0 ACCEPT entry Deletion for 192.168.55.5 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:19 server-acs-gye adminacs: ACS_ipv4_FW_2030_eth0 ACCEPT entry Deletion for 192.168.55.5 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:19 server-acs-gye adminacs: ACS_ipv4_FW_61616_eth0 ACCEPT entry Deletion for 192.168.55.5 Failed
Nov 10 12:11:18 server-acs-gye ADE-SERVICE[2181]: [17629]:[info] application:operation cars_install.c[2212] [adminacs]: Got acs dirent
LOG IN THE ACS (SHOULD BE PRIMARY)
Nov 10 2017 12:10:19 com.cisco.nm.acs.mgmt.replication.rmi.EnablingDeploymentPortServlet.doGet(EnablingDeploymentPortServlet.java:68) ERROR http-443-5 Acs.MGMT.BL Exception in Secondary. Deleting
ports from IPTables
Nov 10 2017 12:10:20 com.cisco.nm.acs.mgmt.replication.rmi.EnablingDeploymentPortServlet.doGet(EnablingDeploymentPortServlet.java:68) ERROR http-443-5 Acs.MGMT.BL Exception in Secondary. Deleting
ports from IPTables
Nov 10 2017 12:11:26 CisACS_33204 6720 1 1 BL Hit Count recollect , AdminName=SERVICE, PolicyName=All policies, AdminImpersonName=com.cisco.nm.acs.mgmt.bl.framework.copyright.LoginBannerUpdateMana
ger - Fri Nov 10 12:11:16 ECT 2017
Nov 10 2017 12:12:49 CisACS_34000 6721 1 1 REPLICATION Appending transaction , AdminName=SERVICE, 1/ConfigTransactionID=207170
Nov 10 2017 12:12:49 CisACS_34001 6722 1 1 REPLICATION Dispatching transaction , 1/ConfigTransactionID=207170
Nov 10 2017 12:12:52 CisACS_34000 6723 1 1 REPLICATION Appending transaction , AdminName=SERVICE, 1/ConfigTransactionID=207171
Nov 10 2017 12:12:52 CisACS_34001 6724 1 1 REPLICATION Dispatching transaction , 1/ConfigTransactionID=207171
show logging system ade/ADE.log
Nov 10 12:00:14 server-acs58 [ACS-View-Decap-Clean]: DecapStatusQuery : Done calling callContentSearch(). resultList=3
Nov 10 12:09:16 server-acs58 logger: acsCheckFw Execution Started..!
Nov 10 12:09:16 server-acs58 logger: ACS_ipv4_FW_2638_eth0 ACCEPT entry for 192.168.54.1 Added Successfully
Nov 10 12:09:16 server-acs58 logger: ACS_ipv4_FW_2020_eth0 ACCEPT entry for 192.168.54.1 Added Successfully
Nov 10 12:09:16 server-acs58 logger: ACS_ipv4_FW_2030_eth0 ACCEPT entry for 192.168.54.1 Added Successfully
Nov 10 12:09:16 server-acs58 logger: ACS_ipv4_FW_61616_eth0 ACCEPT entry for 192.168.54.1 Added Successfully
Nov 10 12:10:19 server-acs58 logger: acsCheckFw Execution Started..!
Nov 10 12:10:19 server-acs58 logger: ACS_ipv4_FW_2638_eth0 ACCEPT entry for 192.168.54.1 Deleted Successfully
Nov 10 12:10:19 server-acs58 logger: ACS_ipv4_FW_2020_eth0 ACCEPT entry for 192.168.54.1 Deleted Successfully
Nov 10 12:10:19 server-acs58 logger: ACS_ipv4_FW_2030_eth0 ACCEPT entry for 192.168.54.1 Deleted Successfully
Nov 10 12:10:19 server-acs58 logger: ACS_ipv4_FW_61616_eth0 ACCEPT entry for 192.168.54.1 Deleted Successfully
Nov 10 12:10:20 server-acs58 logger: acsCheckFw Execution Started..!
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:20 server-acs58 logger: ACS_ipv4_FW_2638_eth0 ACCEPT entry Deletion for 192.168.54.1 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:20 server-acs58 logger: ACS_ipv4_FW_2020_eth0 ACCEPT entry Deletion for 192.168.54.1 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:20 server-acs58 logger: ACS_ipv4_FW_2030_eth0 ACCEPT entry Deletion for 192.168.54.1 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:20 server-acs58 logger: ACS_ipv4_FW_61616_eth0 ACCEPT entry Deletion for 192.168.54.1 Failed
192.168.55.1 and 192.168.54.1 are the private gateway of ACS's. Is this ok?
Please Help!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide