Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1626
Views
25
Helpful
0
Comments

Remove loopback entry (127.0.0.1) from ACS 3.x and 4.x ACS windows and appliance.

Jatin Katyal
Cisco Employee
Cisco Employee

‎09-22-2013 03:43 AM - edited ‎02-21-2020 10:00 PM

     

     

    Introduction

    The below listed steps will help us in such scenario where AAA server ip address changes to loopback 127.0.0.1

    It's little easy to fix it with ACS windows server. However, in case of ACS appliance it little cumbersome but can be done.

    More Information

    At very first place we need to try and setting the original ip address by using "Set ip" Command from the console connection of the ACS Solution engine. Once you successfully changed the ip address, you can apply the latest patch on the ACS SE (This will fix the problem).

    Establishing a serial console connection

    http://tools.cisco.com/squish/438b1

     If the first/above suggestion doesn't help then the below listed steps can be performed.

    In order to remove the loopback entry from the Database, we need to follow following steps.

    Download ACS 4.2

    Please download ACS 4.2 trial from following link, if you do not have ACS Full version for Windows purchased.

    http://tools.cisco.com/squish/bF79B

    • ACS v4.2.0.124 90-Days Evaluation Software
    • eval-ACS-4.2.0.124-SW.zip

    Install ACS 4.2

    1. Install eval version on Windows 2000/2003 server. Please also ensure that JAVA is installed on that server.
    2. Take a backup from ACS SE from, System Configuration > ACS Backup >Backup Now.
    3. Restore the database backup on ACS eval.
    4. On eval ACS , go to Network Configuration > find the AAA Server entry with 127.0.0.1 entry. Edit it and give it some other IP forexample, 1.1.1.1. Submit + Apply.
    5. On eval, Restart CSAdmin service.
    6. On eval, go back to Network Configuration and search for the changed  IP address and delete that entry, Delete + Apply. 
    7. Take a backup from eval ACS, System Configuration > ACS Backup > Backup Now.
    8. Restore the database backup from eval ACS into ACS SE from option, System Configuration > ACS Restore, choose the database backup. Check Check option "User and Group Database" and "CiscoSecure ACS System Configuration", then press Restore Now.
    9. On ACS SE, go to Network Configuration, make sure that 127.0.0.1 entry is not there and for ACS SE's hostname we have the correct IP address. Go to Proxy Distribution Table > (Default). Move the server's hostname entry that has correct IP for this ACS SE into "Forward To" column, if not already. Then press "Submit + Restart".

    NOTE that the loopback entry (127.0.0.1) will not cause issues in authentication, but break the replication in ACS 4.x setup.

    Reference Defect

    Labels:
    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents