Showing results for 
Search instead for 
Did you mean: 
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Confused on ACS 5.5 upgrade procedure

We have an existing ACS 5.4, 1 primary, 1 secondary. Im not really sure which procedure to follow. On the upgrade document from Cisco, you need to upgrade the log collector, then the secondary, then the primary. In our setup, the Primary server is the log collector. There is a note that in this scenario, we need to promte the secondary as the new primary.

Lets say, ACS1b primary, ACS2a secondary:

So this is where it confuses me.When you change the Secondary to the new Primary server, does this mean that the log collector will now be the OLD Primary (ACS1b), or does it also change to ACS2a?

Everyone's tags (4)

Cisco doc really get one

Cisco doc really get one confused. I agree on that.

Now, I opened a TAC case to get things clarified. My scenario is like yours except two things:

1- I have ACS 5.3.

2- I have the secondary as a log collector.


The TAC engineer confirmed that after you de-register (that means both servers are standalone now) you need to upgrade the log collector first. (in the scenario of having only two ACS servers, one primary and one secondary).


From my point of view, it does not matter which one you pugrade if all your servers in standalone mode. it would matter more if you have more than two servers.

if more than two servers exist you need to isolate one server only and upgrade it while others are still in one cluster. In two-servers-only scenario, when you de-register then you will have no servers in one cluster so you can upgrade whatever you want. Your only concern will be the logs and how will they be kept during the upgrade of the log-collector. As per the TAC you have to use external syslog server and configure it as a remote logging target on both srevers before doing the upgrade.




Rating useful replies is more useful than saying "Thank you"

Hello, I tried to fix that



I tried to fix that situation when I was working for Cisco and I couldnt make it.


I suggest the following.


DE register the deployment in others words made both standalone/primary. Upgrade each ACS separate and then re register those again.







ACS1b is secondary and Log Collector

ACS2a is primary

then the secondary cannot be deregistered as it runs a Log Collector according to the error message. It is a dead end. Any tips?