cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3432
Views
10
Helpful
7
Replies

Migration from ACS 5.8 to ISE 2.7

normanzhang
Beginner
Beginner

I have imported the ACS certificate, with valid ACS GUI credentials, hardcoded hosts file, and enable migration in CLI. But when I try to export with Migration Tool I get the following. Does anyone know how to fix it?

 

ERROR Thread-21 Unable to connect to ACS 5 to begin Export. Please ensure that:
1. Migration interface is enabled in the ACS 5 server.
2. ACS 5 services are running.
3. ACS 5 IP, superadmin name and password are correct.
4. ACS 5 has a compatible license installed.
5. ACS 5 hostname matches with the name in its certificate.
6. ACS 5 server certificate is trusted by the Trusted Root Certificates in Settings page.
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
INFO Thread-21 Start connecting to ACS5 PI

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.

View solution in original post

7 Replies 7

marce1000
VIP Mentor VIP Mentor
VIP Mentor

 

 - Ref : https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/migration_guide/b_ise_MigrationGuide20/Cisco_Secure_ACS_to___Cisco_ISE_Migration_Tool.html

 >..

 The only supported direct migration process that uses the Cisco Secure ACS to Cisco ISE Migration Tool is from a Cisco Secure ACS, Release 5.5 or 5.6 to a Cisco ISE, Release 2.0 system.

 

       - Looks like your releases are not supported , at both ends.

  M.

 

  

That's only for ISE 2.0 which is many years old.

colbysunday
Beginner
Beginner

The tool is okay. In my opinion a clean install is better. The migration tool doesn’t transfer everything over. I’m currently in the process of migrating from ACS to ISE and it’s not going to be a fast process, but it won’t have all of the un-used policies,etc. 

hslai
Cisco Employee
Cisco Employee

This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.

hatim
Beginner
Beginner

I have this problem too , i don't know if it's a certificat problem ? 

Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake


hatim
Beginner
Beginner

I have found the solution , check your JAVA JRE settings 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers