cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect

ACS 5.x: Daylight Savings Time (DST)

4485
Views
0
Helpful
2
Comments

 

 

Introduction

 

This document talks about availability of the Daylight Savings Time (DST) configuration on the Cisco Access Control System 5.x series appliance.

 

Problem Description

 

Since the new Cisco Access Control System 5.x series appliances, namely, model 1120 and 1121 are running Linux as OS, it is different than previous ACS 4.x series Solution Engines. ACS 4.x has Windows 2000/2003 as OS, which already has support for Daylight Savings Time (DST).

 

The actual concern with not having a DST functionality on the ACS 5.x is, it would affect the Active Directory connection, Log time stamps in the Monitoring & Reporting section, and to some extent, on EAP-TLS certificate validity.

 

Solution

 

Currently there is no option to enable Daylight Saving Time on any of the ACS 5.x series appliances. This has been raised as an enhancement request in the bug CSCtr77935.

 

Meanwhile, till the enhancement request is added in the upcoming versions of the ACS 5.x, we can manually change the time on the ACS 5.x server from the CLI. Here is a step by step configuration to change the time on the ACS 5.x:

 

1. SSH to the ACS 5.x using ssh version 2.

 

2. Run the following to check the current time on the ACS:

 

acs5/admin# show clock

Thu Mar 15 01:32:50 EDT 2012

 

3. Now, use the clock set command to change the time:

 

Note: This will require restart of the ACS services and will affect the new authentications. Please take a downtime if required.

 

acs5/admin# clock set Mar 15 02:34:00 2012

Clock was modified. You must restart ACS.

Do you want to restart ACS now? (yes/no) yes

Stopping ACS.

Stopping Management and View.......................

Stopping Runtime.......

Stopping Database....

Cleanup.....

Starting ACS ....

 

To verify that ACS processes are running, use the

'show application status acs' command.

 

3. Ensure that all the services have come up properly. It takes 2-3 minutes for the services to come up. In case all the services did not come up, please contact Cisco TAC immediately.

 

acs51/admin# show application status acs

 

ACS role: PRIMARY

 

Process 'database'                   running

Process 'management'                running

Process 'runtime'                   running

Process 'adclient'                 running

Process 'view-database'             running

Process 'view-jobmanager'           running

Process 'view-alertmanager'         running

Process 'view-collector'            running

Process 'view-logprocessor'         running

 

4. Check the updated time on the ACS:

 

acs51/admin# show clock

Thu Mar 15 02:40:47 EDT 2012

 

References

 

CLI Reference Guide for Cisco Secure Access Control System 5.3

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/command/reference/cli_app_a.html#wp1889077

Comments
Beginner

Hello

is this still true ?

I had the same issue on ACS 5.4 and I tested the solution and it did not work.

I retried and only change the timezone from EST to EST5EDT and have the right time.

thnak you for answering

Beginner

Hello. I am running 5.5, Has it been fixed?