Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4223
Views
10
Helpful
7
Replies

Migration from ACS 5.8 to ISE 2.7

Go to solution
normanzhang
Level 1
Level 1

‎09-24-2020 10:19 AM

I have imported the ACS certificate, with valid ACS GUI credentials, hardcoded hosts file, and enable migration in CLI. But when I try to export with Migration Tool I get the following. Does anyone know how to fix it?

 

ERROR Thread-21 Unable to connect to ACS 5 to begin Export. Please ensure that:
1. Migration interface is enabled in the ACS 5 server.
2. ACS 5 services are running.
3. ACS 5 IP, superadmin name and password are correct.
4. ACS 5 has a compatible license installed.
5. ACS 5 hostname matches with the name in its certificate.
6. ACS 5 server certificate is trusted by the Trusted Root Certificates in Settings page.
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
INFO Thread-21 Start connecting to ACS5 PI

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-28-2020 09:44 PM

This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
marce1000
VIP
VIP

‎09-25-2020 12:39 AM

 

 - Ref : https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/migration_guide/b_ise_MigrationGuide20/Cisco_Secure_ACS_to___Cisco_ISE_Migration_Tool.html

 >..

 The only supported direct migration process that uses the Cisco Secure ACS to Cisco ISE Migration Tool is from a Cisco Secure ACS, Release 5.5 or 5.6 to a Cisco ISE, Release 2.0 system.

 

       - Looks like your releases are not supported , at both ends.

  M.

 

  



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to marce1000

‎09-25-2020 08:23 AM

That's only for ISE 2.0 which is many years old.

0 Helpful

Go to solution
colbysunday
Level 1
Level 1

‎09-25-2020 05:43 AM

The tool is okay. In my opinion a clean install is better. The migration tool doesn’t transfer everything over. I’m currently in the process of migrating from ACS to ISE and it’s not going to be a fast process, but it won’t have all of the un-used policies,etc. 

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-28-2020 09:44 PM

This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.

0 Helpful

Go to solution
hatim
Level 1
Level 1

‎04-16-2022 08:37 PM

I have this problem too , i don't know if it's a certificat problem ? 

Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake


0 Helpful

Go to solution
hatim
Level 1
Level 1

‎05-11-2022 08:45 AM

I have found the solution , check your JAVA JRE settings 

0 Helpful
Customers Also Viewed These Support Documents