Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1127
Views
0
Helpful
3
Replies

System Failure registering secondary to primary ACS

Heiko Kelling
Level 1
Level 1

‎01-30-2012 02:19 AM - edited ‎03-10-2019 06:46 PM

Hello,

I have the following situation. I have two ACS, a primary (ACS1) and a secondary (ACS2) with software version 5.1.0.44.2.

Because of a corrupted file system I had to reinstall the secondary ACS Appliance (ACS2).

I used the software version 5.3.0.40. All informations like user data, network devices....are

on the ACS 1, only. The ACS 1 is needed 24/7 and it is not possible to stop the services.

Because the ACS certificates were expired I had renewed them after the installation.

Now to the problem: If I try to register the ACS2 (5.3.0.40) to the ACS1 (5.1.0.44.2) I get a

system failure message

acs2.JPG

Could somebody tell me, if it is in principle possible the register a server with a higher software

version to another one, with a lower version? Or is the reason for the failure a certificate problem?

Labels:
0 Helpful
3 Replies 3

integreon
Level 1
Level 1

‎01-30-2012 07:50 PM

Hi,

It's a bug (CSCtd39360). This got fixed in 5.2 version.

Regards,

Anton

Sent from Cisco Technical Support iPad App

0 Helpful

Heiko Kelling
Level 1
Level 1
In response to integreon

‎01-30-2012 11:03 PM

Hi integreon,

are you sure that this is the same problem?

I read the bug symptom in the bug toolkit and there is talk of "change policy Identity store to Identity sequences".

My failure is, when I try to register the secondary to the primary ACS.

But the wording of the failure is similar.

Thanks for now.

0 Helpful

Travis Hysuick
Level 1
Level 1

‎02-02-2012 06:10 AM

Good morning,

I don't believe that you can join a server with a different software version to the ACS topology. I specifically recall reading in the 5.3 product documentation, (though I can't find it at the moment) that it is not compatible with previous versions (due to feature changes and likely significant differences in the database schema).

I would recommend you schedule an outage so that you can stop the ACS application services on the existing primary and secondary units and perform the upgrade to 5.3, as well as the subsequent 5.3.0.40.1 patch.

Once the units are all at the same version, try joining the new secondary to the topology again, but be patient. When you click the 'Register to Primary' button from the new secondary, it can take quite a while for the connection and replication to complete. During this time, the browser may appear to have stalled; leave it be. It will complete, however in my case, it took nearly 30 minutes (and this is with a relatively simple service policy set, your mileage may vary depending on how complex your service policies, user / group database is).

Travis Hysuick

CCNA Voice

0 Helpful
Customers Also Viewed These Support Documents