Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
1
Replies

Applying patches to Cisco ACS Secure Server 5.7 - process

Go to solution
Jeff Sterck
Level 1
Level 1

‎03-14-2017 11:19 AM - edited ‎03-11-2019 12:32 AM

We have a global environment with 3 x ACS 5.7 servers running the base patch.  We've run into issues where a domain controller will go down and cause AD related authentication to fail for that region.  Once the AD server is back up, all is good again.  I understand there are better additional health checks in 5.8, so my goal is to get to the latest 5.8 revision.  Reading the documentation on upgrading 5.7 -> 5.8+ is fairly well documented and should be able to follow the details of moving logging servers and backing up, upgrading and restoring etc.  My question, what precautions do I need to make for just patching from 5.7 patch 1 -> latest 5.7 patch.

I understand that the patched device will restart the services, which would case some authentications to fail during that time, but should I go through the whole process taking the patched server out of the cluster and all that?  Does it make sense to upgrade the secondary servers prior to the primary?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gennady Yakubovich
Cisco Employee
Cisco Employee

‎03-15-2017 07:36 AM

Jeff.

You better off to patch secondaries first and then patch the primary  ACS.  You may to schedule your patching procedure in a way that you patching one ACS at a time  - letting it restart and recover.  At this time your devices will fail over to another ACS instance. After patched ACS will resume service you can work on another ACS in the deployment. 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Gennady Yakubovich
Cisco Employee
Cisco Employee

‎03-15-2017 07:36 AM

Jeff.

You better off to patch secondaries first and then patch the primary  ACS.  You may to schedule your patching procedure in a way that you patching one ACS at a time  - letting it restart and recover.  At this time your devices will fail over to another ACS instance. After patched ACS will resume service you can work on another ACS in the deployment. 

0 Helpful
Customers Also Viewed These Support Documents