Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
3896
Views
10
Helpful
7
Replies

Migration from ACS 5.8 to ISE 2.7

Go to solution
normanzhang
Level 1
Level 1

ā€Ž09-24-2020 10:19 AM

I have imported the ACS certificate, with valid ACS GUI credentials, hardcoded hosts file, and enable migration in CLI. But when I try to export with Migration Tool I get the following. Does anyone know how to fix it?

 

ERROR Thread-21 Unable to connect to ACS 5 to begin Export. Please ensure that:
1. Migration interface is enabled in the ACS 5 server.
2. ACS 5 services are running.
3. ACS 5 IP, superadmin name and password are correct.
4. ACS 5 has a compatible license installed.
5. ACS 5 hostname matches with the name in its certificate.
6. ACS 5 server certificate is trusted by the Trusted Root Certificates in Settings page.
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
INFO Thread-21 Start connecting to ACS5 PI

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

ā€Ž09-28-2020 09:44 PM

This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
marce1000
VIP
VIP

ā€Ž09-25-2020 12:39 AM

 

 - Ref : https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/migration_guide/b_ise_MigrationGuide20/Cisco_Secure_ACS_to___Cisco_ISE_Migration_Tool.html

 >..

 The only supported direct migration process that uses the Cisco Secure ACS to Cisco ISE Migration Tool is from a Cisco Secure ACS, Release 5.5 or 5.6 to a Cisco ISE, Release 2.0 system.

 

       - Looks like your releases are not supported , at both ends.

  M.

 

  



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to marce1000

ā€Ž09-25-2020 08:23 AM

That's only for ISE 2.0 which is many years old.

0 Helpful

Go to solution
colbysunday
Level 1
Level 1

ā€Ž09-25-2020 05:43 AM

The tool is okay. In my opinion a clean install is better. The migration tool doesnā€™t transfer everything over. Iā€™m currently in the process of migrating from ACS to ISE and itā€™s not going to be a fast process, but it wonā€™t have all of the un-used policies,etc. 

Go to solution
hslai
Cisco Employee
Cisco Employee

ā€Ž09-28-2020 09:44 PM

This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.

0 Helpful

Go to solution
hatim
Level 1
Level 1

ā€Ž04-16-2022 08:37 PM

I have this problem too , i don't know if it's a certificat problem ? 

Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake


0 Helpful

Go to solution
hatim
Level 1
Level 1

ā€Ž05-11-2022 08:45 AM

I have found the solution , check your JAVA JRE settings 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents