ā09-24-2020 10:19 AM
I have imported the ACS certificate, with valid ACS GUI credentials, hardcoded hosts file, and enable migration in CLI. But when I try to export with Migration Tool I get the following. Does anyone know how to fix it?
ERROR Thread-21 Unable to connect to ACS 5 to begin Export. Please ensure that:
1. Migration interface is enabled in the ACS 5 server.
2. ACS 5 services are running.
3. ACS 5 IP, superadmin name and password are correct.
4. ACS 5 has a compatible license installed.
5. ACS 5 hostname matches with the name in its certificate.
6. ACS 5 server certificate is trusted by the Trusted Root Certificates in Settings page.
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
INFO Thread-21 Start connecting to ACS5 PI
Solved! Go to Solution.
ā09-28-2020 09:44 PM
This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.
ā09-25-2020 12:39 AM
>..
The only supported direct migration process that uses the Cisco Secure ACS to Cisco ISE Migration Tool is from a Cisco Secure ACS, Release 5.5 or 5.6 to a Cisco ISE, Release 2.0 system.
- Looks like your releases are not supported , at both ends.
M.
ā09-25-2020 06:25 AM
This link shows it is indeed supported: https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/migration_guide/b_acs_ise_migration_ug_27/b_acs_ise_migration_ug_27_chapter_00.html#ID-1403-00000006
Best regards,
Rick
ā09-25-2020 08:23 AM
That's only for ISE 2.0 which is many years old.
ā09-25-2020 05:43 AM
The tool is okay. In my opinion a clean install is better. The migration tool doesnāt transfer everything over. Iām currently in the process of migrating from ACS to ISE and itās not going to be a fast process, but it wonāt have all of the un-used policies,etc.
ā09-28-2020 09:44 PM
This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.
ā04-16-2022 08:37 PM
I have this problem too , i don't know if it's a certificat problem ?
Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
ā05-11-2022 08:45 AM
I have found the solution , check your JAVA JRE settings
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: