cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2618
Views
0
Helpful
16
Replies

Problems witch acs 4.2 replication

jaouad laktami
Level 1
Level 1

i installed the primary and secondary server.

i see only one problem in the logs.

when i try to replicate

i get this :

cisco acs 01/04/2012 23:50:58 NTVMEM73 INFO Outbound replication cycle starting...01/04/2012 23:40:25 NTVMEM73 INFO Outbound replication cycle starting...01/04/2012 23:29:51 NTVMEM73 INFO Outbound replication cycle starting...01/04/2012 23:19:16 NTVMEM73 INFO

further no issue

can someone helps me

16 Replies 16

camejia
Level 3
Level 3

Hello,

Can you share screenshots of both ACS (Primary and Secondary) servers Replication configuration?

Remember that the Primary should have all the applicable "Replication Components" on send and none on "receive". Under "Outbound Replication" you can select any of the options other than "Automatically triggered cascade ".

Under "Partners" you should have the secondary ACS server on the right box.

For the secondary ACS server you should have all the applicable "Replication Components" on receive and none in send. Under "Outbound Replication" you should select "Manually".

Under "Partners" you should have the primary on the left box. No entries should be on the right box for the secondary server.

Also, remember that Replication occurs over TCP Port 2000. If you have a Cisco Firewall (ASA) between both servers, the Cisco Firewall inspects Skinny packets by default (voice packets) which also use TCP 2000. As the Replication packets do not comply with the Default Inspections policy of the ASA for TCP 2000 packets it will drop the packet. Skinny inspections should be disabled on the Firewall between Replicating ACS servers.

Hope this helps.

Regards.

there is no firewall between the servers.

this is working on windows 2008 server.

on both servers these ports are open:

Scanning ntvmem74.zwolle.intern (10.128.8.117) [1000 ports]

Discovered open port 445/tcp on 10.128.8.117

Discovered open port 139/tcp on 10.128.8.117

Discovered open port 135/tcp on 10.128.8.117

Discovered open port 3389/tcp on 10.128.8.117

Discovered open port 49159/tcp on 10.128.8.117

Discovered open port 902/tcp on 10.128.8.117

Discovered open port 49152/tcp on 10.128.8.117

Discovered open port 912/tcp on 10.128.8.117

Discovered open port 2001/tcp on 10.128.8.117

Discovered open port 2002/tcp on 10.128.8.117

Discovered open port 49/tcp on 10.128.8.117

Discovered open port 49154/tcp on 10.128.8.117

Discovered open port 49153/tcp on 10.128.8.117

Discovered open port 31038/tcp on 10.128.8.117

Discovered open port 2000/tcp on 10.128.8.117

thanks for your help

Hello,

Can you set both servers to Full Detail of logging? Under System Configuration > Service Control > Level of detail > "Full".

After setting the logging detail to Full on both servers please perform a new replication attempt. After a couple of minutes check both servers Replication logs and write down the timestamp when the process started.

After that we need to collect the package.cab file from both servers. Go to System Configuration > Support > Select Collect Log files and Collect Previous 2 days logs.

Please attach the generated files with the appropriate timestamp when the replication process was triggered.

Also, did you check the Replication Partners and confirmed that it is configured as described on my previous reply?

Regards.

hi Camegia,

That post was really helpful for me as i was having the same issue, that nothing was replicated on secondary ACS server. Now at least i am able to replicate devices and user's profiles. Can you please advise as to why not all the components are being replicated?

 

Kush Srivastava
Level 1
Level 1

Hi,

Could you please check the foll:

- Are both the ACS versions are on the same version and the patch level?

- What's the version of the ACSes? As ACS is installed on a windows 2008 server, ACS installation is only supported with ACS 4.2patch 4 onwards and on windows 2008 64-bit with ACS 4.2.1? If it is on unsupported platform, the services might be stopping.

- Did you try reverse replication i.e making the secondary as the primary and vice-versa?

- Please try to telnet to the secondary ACS on port 2000 from primary and vice-versa?

Regards,

Kush

these are the link of the cab files

Time stamp of the replication 06-01-2012  betweeen 16.36 -16.42

https://files.me.com/jaouad/auy2ye

https://files.me.com/jaouad/674ysx

i am using windows 2008 32 bit service pack 2

with acs 4.2 wihout any patches

i can't telnet from primary to the secondary of from the secondary to the primary.

Hello,

It seems that you did not select the Collect Log files and Collect Previous 2 days logs as the Auth.log, TCS.log and other relevant files are missing on both files.

Something I did notice is the following:

Primary Replication logs:

1/6/201216:37:22NTVMEM73INFOOutbound   replication cycle starting...

Secondary Replication Logs:

1/6/201216:40:09NTVMEM74INFOOutbound   replication cycle starting...




1/6/201216:40:09NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201216:56:30NTVMEM74INFOOutbound replication cycle   starting...




1/6/201216:56:30NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201216:56:40NTVMEM74INFOOutbound replication cycle   starting...




1/6/201216:56:40NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201216:57:28NTVMEM74INFOOutbound replication cycle   starting...




1/6/201216:57:28NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201217:01:48NTVMEM74INFOOutbound replication cycle   starting...




1/6/201217:01:48NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201217:06:49NTVMEM74INFOOutbound replication cycle   starting...




1/6/201217:06:49NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201217:11:49NTVMEM74INFOOutbound replication cycle   starting...




1/6/201217:11:49NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed
1/6/201217:16:50NTVMEM74INFOOutbound replication cycle   starting...




1/6/201217:16:50NTVMEM74INFOOutbound replication not configured   (no components selected for sending) - cycle completed

It seems that your Secondary ACS is trying to replicate (send) components every 5 minutes. Can you check your Secondary ACS Replication configuration again?

The Partners box should be empty. Replication should be set to Manual and it should only have components under Receive and None on send.

Regards.

i changed that

now i see only this on the primary

01/10/201209:27:02NTVMEM74INFOOutbound replication cycle starting...


but i see nothing on the other server.

is there debugkit for acs

there is no firewall between servers.

or do i need maybe a patch for the acs i am using version 4.2 from year 2008

and windows 2008 32 bit server pack 2

Hello,

Can you collect the package.cab again but this time check the following:

Collect Log files and Collect Previous 2 days logs

The package.cab should be collect on both ACS servers running at full detail after attempting replication a couple of times.

Regards.

timestamp is between 16.00 and 16.30

http://files.me.com/jaouad/1odxvt

http://files.me.com/jaouad/qi8ii2

and these are the files

Hello,

There are still important files missing. Are both ACS servers configured for Full Detail of logging?

Also, are you selecting the following when collect the package?

There are still missing files on the package.cab file that I need. Please try again with the above settings.

Regards

http://files.me.com/jaouad/82eaqn

http://files.me.com/jaouad/k2xz0z

here are the files

exactly what you told me .

Hello,

I will be reviewing the logs shortly. However, I would like to confirm. Do you have EAP-FAST settings configured to send on the Primary and receive on the Secondary? If yes, can we do a quick test by only replication User and Group Database?

I would like to confirm that User and Group database is properly replicated. Deselect every other component on both Primary and Secondary from send and receive. Try to replicate only User and Group Database and let me know the results.

Regards.

when i am selection user and group database

and network configuration device tables

then its working.

is these enough when the primary fails

then secondary should take over.

but when i select these ones it is not working

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: