Solved: Re-image might be an option,

andrea.meconi · ‎05-14-2014

Hello.

I'm using ACS on virtual machines with a primary and secondary instances.

The primary server also functions as a log collector in my deployment. I don't use AD. LDAP is configured.

Now I need to upgrade to 5.5.

Reading installation guide I find this note..

Upgrading to ACS 5.5 may fail if any LDAP identity store is configured without groups or attributes and
an AD identity store is not configured. To avoid this issue, before upgrading to ACS 5.5, either add
groups or attributes to the LDAP identity store or configure an AD identity store.

How can I verify this?

Thanks.

Regards.

Andrea

edwardcollins7 · ‎05-30-2014

Give it some time, GUI should come up.

you cannot delete configuration from the CLI.

if the GUI does not come up, you need to get the DB fixed from TAC.

Regards

Ed

View solution in original post

gabrieleferrari · ‎10-20-2014

Hello Andrea,

You're probably facing the BUG CSCun85949
https://tools.cisco.com/bugsearch/bug/CSCun85949/

This issue has been resolved in ACS 5.5 patch 3 but You need to delete and recreate some AV pair to run runtime process correctly.

My suggestion is to delete the AV pair from authorization profile BEFORE upgrade 5.5.

Have a nice day

Regards

Gabriele

View solution in original post

edwardcollins7 · ‎05-19-2014

Hey Andrea,

Go to External Identity stores-->LDAP

Go to directory attributes, directory groups and check, it should not be empty, at least one of them should be populated.

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

andrea.meconi · ‎05-21-2014

Hello Edward and many thanks for your help.

Groups and attributes are empty. So I need to populate for the upgrade only and remove settings when upgrade is done!

And AD? What's about it?

Regards.

Andrea

edwardcollins7 · ‎05-22-2014

Andrea,

Yes populate them before upgrade and remove later.

No issues with AD, leave it in what ever condition it is.

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

andrea.meconi · ‎05-22-2014

Many thanks Edward.

So with my deployment, where the primary server also functions as a log collector and only one secondary is present, I need to deactivated the secondary and delete it from instances table.

With two primary, and standalone server, I can upgrade it independently. When upgrade is done I can register to primary again.

Regards.

Andrea

andrea.meconi · ‎05-22-2014

After the upgrade, runtime process is not monitored and application doesn't respond.

Any ideas?

Thanks.

acsdue/admin# application upgrade ACS_5.5.0.46.tar.gz patch
Do you want to save the current configuration ? (yes/no) [yes] ?
Generating configuration...
Saved the running configuration to startup successfully

% CARS Install application required post install reboot...

Broadcast message from root (pts/0) (Fri May 23 00:04:11 2014):

The system is going down for reboot NOW!

Application upgrade successful
acsdue/admin#
Connection was reset.

Last login: Thu May 22 23:13:39 2014 from 10.164.0.1
Copyright(c) 2013 Cisco Systems, Inc. All rights Reserved

acsdue/admin#
acsdue/admin# sh app status acs

ACS role: PRIMARY

Process 'database'                  running
Process 'management'                running
Process 'runtime'                   not monitored
Process 'ntpd'                      running
Process 'view-database'             running
Process 'view-jobmanager'           running
Process 'view-alertmanager'         running
Process 'view-collector'            running
Process 'view-logprocessor'         running

acsdue/admin#

edwardcollins7 · ‎05-22-2014

Andrea,

The procedure you followed was correct.

Did you try starting the service manually?

"acs start runtime"

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

andrea.meconi · ‎05-23-2014

Yes Edward.

I try starting it manually also.

Reimage maybe the solution....

Thanks.

Andrea

edwardcollins7 · ‎05-23-2014

Re-image might be an option, you might have a backup from the older version.

If you wish to share the logs, I can have a look at it.

Regards

Edward

andrea.meconi · ‎05-26-2014

Edward,

I'm trying to reimage. After a successfully restore, application is initializing... forever....

acsuno/admin# sh app sta acs

Application initializing...
Status is not yet available.
Please check again in a minute.

acsuno/admin#

Any ideas?

Regards.

edwardcollins7 · ‎05-26-2014

Which version is the backup from?

What version are you at now?

Regards

Ed

andrea.meconi · ‎05-26-2014

Backup comes from 5.3, patch 9 and Pointed-PreUpgrade.

Restore to 5.5, fresh installation without any patches.

acsuno/admin# sh ver

Cisco Application Deployment Engine OS Release: 2.1
ADE-OS Build Version: 2.1.1.129
ADE-OS System Architecture: i386

Version information of installed applications
---------------------------------------------

Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.5.0.46
Internal Build ID : B.723

acsuno/admin#

edwardcollins7 · ‎05-27-2014

After applying restore, there is another encryption patch that you need to get from TAC.

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

andrea.meconi · ‎05-27-2014

Sorry Edward, is it related to bug ID CSCum67932? If so, this bug is resolved with cumulative patch 2.

Anyway I apply patch 3 and then restore with success.

When virtual machine reboots, service runtime is not monitored again: this is the same issue I have got with application bundle.

Ideas?

Thanks.

Regards.

Andrea

edwardcollins7 · ‎05-28-2014

Ok good, yes that was the defect, Could you share the debugs:

>acs-config

login with GUI username

>debug-log runtime level debug

Collect the support file from the ACS and attach it.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/viewer_troubleshooting.html#pgfId-1057672

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

Upgrading an ACS deployment from 5.3 to 5.5.