Getting 2 ACS servers to replicate

timdeadman · ‎01-20-2006

We have two Data Centres with the primary ACS server in one and I am trying to install a secondary ACS server in the second one.

They communicate at a TCP level but I can’t get the second ACS to replicate the first one. They are both installed on windows 2003 server and they are both also DNS and domain controllers. In desperation I tried setting the timeout to 240 minutes and going home and leaving it but to no avail..

ANY ideas will be welcome, don’t think “he MUST have tried that” because I may not have…….

timdeadman · ‎01-20-2006

Some more information…

The two data centres each have an ASA protecting them. As we are at the lab stage the ASAs are left open and the WAN is simulated via a couple of routers and a LAN. If I by-pass the ASAs and just use a routed connection, the two servers replicate. Going through the ASAs seems to stop replication from happening and the log of the second ACS is totally blank. A sniffer on the LAN picks up a heap load of packets between the two ACSs.

If I had a beard I would be stroking it and going “hmmm” while looking puzzled.

darpotter · ‎01-23-2006

I think the beard idea works really well. You need to make sure its good and long and bushy enough to hold several pencils ;)

...but back to replication If you look in the csauth/logs/auth.log on the master server do you see replication error messages. Hint look for strings of the form "replice(out)". If its having trouble talking to the slave there will be heaps of errors.

All traffic is on tcp/ip port 2000.

timdeadman · ‎01-24-2006

Thanks for that.

There is nothing in the logs other than "replication failed, ACS02 did not respond"

This problem has moved on a bit as it now seems the ASA between the two ACSs is spoofing traffic. I have reposted the complete story in the Firewall section.

Tim