- Cisco Community
- Technology and Support
- Security
- Network Access Control
- Error registering ACS Secondary Instance
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Error registering ACS Secondary Instance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2017 09:42 AM - edited 02-21-2020 10:38 AM
Hi!
I have some problems by registering a secondary instance for ACS, both of them have disabled the option of Trust Communications and both have the same version and patches. When I puth them into the same network the registration is successfull but when I put them behind a Firewall with public IP I got errors. I made the DNS registers with the public IP and put all the neccesary ports open, I see the interaction in my firewall but the log tha I see in both ACS this:
Nov 10 2017 12:09:16 CisACS_52032 177 1 1 AUDIT Registration request , AdminName=ACSAdmin, OperationMessageText=ACS instance server-acs58 requested to join a distributed environement, AdminInterf
ace=GUI, AdminSession=0027D2CB5CD1A9A59AE59004D1ED6678, AdminIPAddress=192.168.55.1
Nov 10 2017 12:10:19 com.cisco.nm.acs.mgmt.replication.ReplicationManagementImpl.registerNodeWithPrimary(ReplicationManagementImpl.java:284) FATAL http-443-1 Acs.MGMT.REPLICATION Unable to regist
er node.:Connection refused to host: server-acs58; nested exception is:
java.net.ConnectException: Connection timed out
java.rmi.ConnectException: Connection refused to host: server-acs58; nested exception is:
java.net.ConnectException: Connection timed out
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:101)
at com.cisco.nm.acs.mgmt.replication.ReplicationManagementImpl.getRegistrationHandler(ReplicationManagementImpl.java:677)
at com.cisco.nm.acs.mgmt.replication.ReplicationManagementImpl.registerNodeWithPrimary(ReplicationManagementImpl.java:233)
at com.cisco.nm.acs.mgmt.distributedmanagement.Registration.register(Registration.java:1278)
at com.cisco.nm.acs.mgmt.bl.framework.DistributedManagementHandler.register(DistributedManagementHandler.java:94)
at com.cisco.nm.acs.mgmt.bl.framework.BaseManagementSession.register(BaseManagementSession.java:2290)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.cisco.nm.acs.mgmt.performancemonitoring.PerformanceProxy.invoke(PerformanceProxy.java:51)
at com.sun.proxy.$Proxy0.register(Unknown Source)
at com.cisco.nm.acs.mgmt.gui.app.entities.PrimaryOperationsGuiEntity.register(PrimaryOperationsGuiEntity.java:295)
at com.cisco.nm.acs.mgmt.gui.app.actions.PrimaryOperationsPrInputAction.onRegister(PrimaryOperationsPrInputAction.java:160)
at com.cisco.nm.acs.mgmt.gui.app.actions.PrimaryOperationsPrInputAction.register(PrimaryOperationsPrInputAction.java:86)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:266)
at com.cisco.nm.acs.mgmt.gui.framework.actions.ACSBaseAction.dispatchMethod(ACSBaseAction.java:570)
at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:167)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:413)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:225)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.GUIAuditFilter.doFilter(GUIAuditFilter.java:118)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.performancemonitoring.filter.PerformanceMonitoringSensorFilter.doFilter(PerformanceMonitoringSensorFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.UserAuthenticatedFilter.doFilter(UserAuthenticatedFilter.java:221)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.ClickjackFilter.doFilter(ClickjackFilter.java:26)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.ApacheStrutsParamFilter.doFilter(ApacheStrutsParamFilter.java:26)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.cisco.nm.acs.mgmt.gui.framework.web.XSSDataValidationFilter.doFilter(XSSDataValidationFilter.java:155)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:422)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.<init>(Socket.java:425)
at java.net.Socket.<init>(Socket.java:208)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 64 more
Nov 10 2017 12:10:20 CisACS_52039 178 1 1 AUDIT Registration failed , AdminName=ACSAdmin, OperationMessageText=ACS instance was unable to join a distributed deployment, AdminInterface=GUI, AdminS
ession=0027D2CB5CD1A9A59AE59004D1ED6678, AdminIPAddress=192.168.55.1
Nov 10 2017 12:15:04 com.cisco.nm.acs.view.dbms.DAOFactory.<clinit>(DAOFactory.java:98) INFO main Acs.MGMT.ACSVIEW DAO Factory is initialized successfully.
Nov 10 2017 12:15:09 com.cisco.nm.acs.view.proactive.alerts.AlertsConstants.getAlertProperties(AlertsConstants.java:35) DEBUG main Acs.MGMT.ACSVIEW Read file /Alert.properties Stream=sun.net.www.
protocol.jar.JarURLConnection$JarURLInputStream@28c2de88
show logging system ade/ADE.log
Nov 10 12:10:19 server-acs-gye adminacs: acsCheckFw Execution Started..!
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:19 server-acs-gye adminacs: ACS_ipv4_FW_2638_eth0 ACCEPT entry Deletion for 192.168.55.5 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:19 server-acs-gye adminacs: ACS_ipv4_FW_2020_eth0 ACCEPT entry Deletion for 192.168.55.5 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:19 server-acs-gye adminacs: ACS_ipv4_FW_2030_eth0 ACCEPT entry Deletion for 192.168.55.5 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:19 server-acs-gye adminacs: ACS_ipv4_FW_61616_eth0 ACCEPT entry Deletion for 192.168.55.5 Failed
Nov 10 12:11:18 server-acs-gye ADE-SERVICE[2181]: [17629]:[info] application:operation cars_install.c[2212] [adminacs]: Got acs dirent
LOG IN THE ACS (SHOULD BE PRIMARY)
Nov 10 2017 12:10:19 com.cisco.nm.acs.mgmt.replication.rmi.EnablingDeploymentPortServlet.doGet(EnablingDeploymentPortServlet.java:68) ERROR http-443-5 Acs.MGMT.BL Exception in Secondary. Deleting
ports from IPTables
Nov 10 2017 12:10:20 com.cisco.nm.acs.mgmt.replication.rmi.EnablingDeploymentPortServlet.doGet(EnablingDeploymentPortServlet.java:68) ERROR http-443-5 Acs.MGMT.BL Exception in Secondary. Deleting
ports from IPTables
Nov 10 2017 12:11:26 CisACS_33204 6720 1 1 BL Hit Count recollect , AdminName=SERVICE, PolicyName=All policies, AdminImpersonName=com.cisco.nm.acs.mgmt.bl.framework.copyright.LoginBannerUpdateMana
ger - Fri Nov 10 12:11:16 ECT 2017
Nov 10 2017 12:12:49 CisACS_34000 6721 1 1 REPLICATION Appending transaction , AdminName=SERVICE, 1/ConfigTransactionID=207170
Nov 10 2017 12:12:49 CisACS_34001 6722 1 1 REPLICATION Dispatching transaction , 1/ConfigTransactionID=207170
Nov 10 2017 12:12:52 CisACS_34000 6723 1 1 REPLICATION Appending transaction , AdminName=SERVICE, 1/ConfigTransactionID=207171
Nov 10 2017 12:12:52 CisACS_34001 6724 1 1 REPLICATION Dispatching transaction , 1/ConfigTransactionID=207171
show logging system ade/ADE.log
Nov 10 12:00:14 server-acs58 [ACS-View-Decap-Clean]: DecapStatusQuery : Done calling callContentSearch(). resultList=3
Nov 10 12:09:16 server-acs58 logger: acsCheckFw Execution Started..!
Nov 10 12:09:16 server-acs58 logger: ACS_ipv4_FW_2638_eth0 ACCEPT entry for 192.168.54.1 Added Successfully
Nov 10 12:09:16 server-acs58 logger: ACS_ipv4_FW_2020_eth0 ACCEPT entry for 192.168.54.1 Added Successfully
Nov 10 12:09:16 server-acs58 logger: ACS_ipv4_FW_2030_eth0 ACCEPT entry for 192.168.54.1 Added Successfully
Nov 10 12:09:16 server-acs58 logger: ACS_ipv4_FW_61616_eth0 ACCEPT entry for 192.168.54.1 Added Successfully
Nov 10 12:10:19 server-acs58 logger: acsCheckFw Execution Started..!
Nov 10 12:10:19 server-acs58 logger: ACS_ipv4_FW_2638_eth0 ACCEPT entry for 192.168.54.1 Deleted Successfully
Nov 10 12:10:19 server-acs58 logger: ACS_ipv4_FW_2020_eth0 ACCEPT entry for 192.168.54.1 Deleted Successfully
Nov 10 12:10:19 server-acs58 logger: ACS_ipv4_FW_2030_eth0 ACCEPT entry for 192.168.54.1 Deleted Successfully
Nov 10 12:10:19 server-acs58 logger: ACS_ipv4_FW_61616_eth0 ACCEPT entry for 192.168.54.1 Deleted Successfully
Nov 10 12:10:20 server-acs58 logger: acsCheckFw Execution Started..!
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:20 server-acs58 logger: ACS_ipv4_FW_2638_eth0 ACCEPT entry Deletion for 192.168.54.1 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:20 server-acs58 logger: ACS_ipv4_FW_2020_eth0 ACCEPT entry Deletion for 192.168.54.1 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:20 server-acs58 logger: ACS_ipv4_FW_2030_eth0 ACCEPT entry Deletion for 192.168.54.1 Failed
iptables: Bad rule (does a matching rule exist in that chain?).
Nov 10 12:10:20 server-acs58 logger: ACS_ipv4_FW_61616_eth0 ACCEPT entry Deletion for 192.168.54.1 Failed
192.168.55.1 and 192.168.54.1 are the private gateway of ACS's. Is this ok?
Please Help!!!!!
- Labels:
-
Other NAC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide