ACS Register error:invalid hostname or invalid ip address has bee entered.
故障背景:
ACS5.4 License替換。
ACS01爲Primary,ACS02爲Secondary
操作如下:
1. ACS02 reset-config
2. ACS02 替換license
3. ACS02 註冊到ACS01 同步配置,成功
4. ACS02 promote to primary & log selector 更改爲ACS02
5. ACS01 reset-config
6. ACS01 替換license
7. ACS01 註冊到ACS02 同步配置,失敗,error invalid hostname
//這個環節被難住了
8. ACS01 promote to primary & log selector 更改爲ACS01,完成。
排障過程:
1、抓取ACS01和ACS02的support-bundle,提交給TAC分析;
RDCA-OPM-ACS01/admin# show ver
Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.3.062
ADE-OS System Architecture: i386
Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: RDCA-OPM-ACS01
Version information of installed applications
---------------------------------------------
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.4.0.46.0a
Internal Build ID : B.2212、TAC分析發現ACS 後臺log確認有許多invalid hostname等錯誤日誌,要求抓取底層linux的/etc/hosts內容
cisco/admin# application install RootPatch.tar.gz ftp
cisco/admin# root_enable
Password : cisco123
Password Again : cisco123
Root patch enabled
isco/admin# root
Enter root patch password : cisco123
Starting root bash shell ...
ade# cat /etc/hosts
可以發現ACS02的 /etc/hosts內容結構與ACS01不一致,192.168.80地址是eth0的IP,10.79.83是eth1的IP,按道理說eth0的IP hostname條目應該在eth1上面,我們現在的環境下,ACS02的eth0 IP hostname被自動記錄在文件最下方,導致ACS主備註冊時不正常!
經TAC確認,這是ACS5.4的bug之一,CSCuf44685
https://tools.cisco.com/bugsearch/bug/CSCuf44685/?reffering_site=dumpcr
5.4: Incorrect host entry added on adding a new interface.
CSCuf44685
Description
Symptom:
Incorrect host entry added on configuring a new interface causing the slowness in secondary GUI login.
When we add a new interface (eth1 and eth2), it was adding a host entry for that IP address above the existing entry (eth0).
Conditions:
ACS running with version 5.4. Deployed in distributed system.
Workaround:
Commenting the newly added host entry for eth1 and eth2 and restarting the ACS service.
3、經TAC建議,兩臺ACS都需下載並安裝最新的ACS 5.4補丁7
補丁:https://software.cisco.com/download/release.htmlmdfid=283883834&flowid=73105&softwareid=282766937&release=5.4.0.46.0&relind=AVAILABLE&rellifecycle=&reltype=latest安裝方式:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/installation/guide/csacs_book/csacs_upg.html#pgfId-1194940
#acs patch install patch-name .tar.gpg repositoryrepository-name
RDCA-OPM-ACS01/admin# show version
Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.3.063
ADE-OS System Architecture: i386
Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: RDCA-OPM-ACS01
Version information of installed applications
---------------------------------------------
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.4.0.46.7
Internal Build ID : B.221
Patches :
5-4-0-46-7
Root Patch VERSION INFORMATION
-----------------------------------
Version : 1.2.0 Vendor: Cisco Systems, Inc.
Build Date : August 27 2010 09:34PDT
RDCA-OPM-ACS01/admin#