Reset ACSAdmin's password using Secondary admin node, when PAN is down dead?

Tymofii Dmytrenko · ‎06-25-2017

Hi all

Here's the problem... Our primary ACS 5.4 admin node has died. I have tried to promote secondary admin node to primary role but it gives me the following message whenever I try to login:

You are required to change your password due to inactivity in your account.
Please login to primary to change your password.

How do I do this, if Primary node is dead?

I tried to reset password using CLI, but no luck, get pretty much the same warning:

ACS02/admin# acs reset-password
This command resets the 'ACSAdmin' password to its original value.
Are you sure you want to continue? (yes/no) yes
Administrator password can be reset only on a PRIMARY instance.

Due to some fault, I cannot login to it using my AD credentials (could be an issue with AD-ACS integration on this node). Luckily, we have migrated 95% of our infrastructure to TACACS service on ISE 2.1... but there are still devices managed by ACS. So, I am a bit desperate. Go via full recover of Admin node? Re-deploy, recover from backup? Ohhhhhhhh. It is also a physical appliance, which means I have to go to DC to be able to do this.

Has anyone experienced something similar in the past? Thanks

poongarg · ‎06-25-2017

Hi Tymoffi,

Here is an easy way for this issue:

1-     Install the new ACS VM and make it ready.

2-     Install root patch on both the new ACS and the old secondary ACS.

3-     Get in to the root and browse to the folder /opt/CSCOacs/db:

[root@Training-ACS1 db]# pwd
/opt/CSCOacs/db

4-     In this folder there are 4 files:

·        Acs.db

·        acs*.log

·        dbkey.cfg

·        dbcred.cal

5-     On the new ACS take a backup (copy) of these 4 files to somewhere.

6-     Stop services in new ACS

7-     Copy these files from Secondary ACS to new ACS

8-     Start services once files are replaced.

Regards,

Poonam Garg