Core issue

In this issue, the database replication fails between two ACS solution engines. These errors are seen or primary and secondary servers once the replication fails:

On Primary:

ACS "name" has denied replication request

On Secondary:

Inbound database replication from ACS "name" denied - shared secret mismatch

This issue occurs due to the wrong IP address on the Cisco Secure ACS solution engine.

At times, even though the correct IP address is configured during initial configuration, once the ACS SE is configured, the entry for the correct IP address disappears, which is not normal. Then you see an entry with the Appliance name with an IP address 127.0.0.1.

If you only have one ACS SE and set this ACS SE for authentication, then everything works fine, but if you get replication to go to another ACS SE, then it does not work.  But sometimes it works for the first time in many cases.

Also, you cannot modify anything for the 127.0.0.1, and it always gives you the shared secret key mismatch error.

Resolution

The resolution for this issue is to re-image the ACS SE and ensure that it does not get an IP address 127.0.0.1.

Refer to these documents in order to accomplish this task:

• Establishing a Serial Console Connection section of Installing and Configuring Cisco Secure ACS Solution Engine 4.1
  
  
• Re-imaging the Solution Engine Hard Drive section of Administering Cisco Secure ACS Solution Engine

Note: During re-image, ensure that ACS SE plugged into the network and that the administrator is connected to ACS SE with the console connection only.