Failed to Sync Security Config in Non-Master Nodes

From DocWiki

Jump to: navigation, search

Failed to Sync Security Config in Non-Master Nodes

Problem Summary Failed to Sync Security Config in Non-Master Nodes. The security configuration is synced to non master from master under different scenarios.

1. Update of IdP metadata from the UI.
2. Regeneration of SAML SP certificate from the UI.
3. Regeneration of token keystore from the UI.
4. Restart of Cisco IdS Service on secondary node.
5. Network partition followed by rejoining of master node into the network.

Error Message Security configuration version shows mismatch in version number between master and non non-master node on Cisco IdS UI.
Possible Cause

Check the ids.log and ids_config.log file in $IDS_HOME/log directory for the following causes which may be encountered when running the pull_ids_config.sh script on the non-master node:
1. Network connectivity between master and non-master node.
2. The sftp not running on master node.
3. Unable to retrieve versions.properties file on secondary from primary node.
4. Unable to retrieve security configuration version from versions.properties file.

Recommended Action  1. Check if master node is reachable from non-master node.

2. Check and ensure that sftp is running on the master node.

3. Check if master node has versions.properties file in $IDS_HOME/conf directory.

4. Check if versions.properties file on master node has the SECURITY_CONFIG_VERSION property defined.

5. Finally execute the command - utils ids syncconfig on the non master node. Check that the command ran without errors and the security configuration version shown for the master and non master nodes is same in the Cisco IdS UI.

Release Release 11.5(1)
Associated CDETS # None


Rating: 0.0/5 (0 votes cast)

Personal tools