Thank you all for the contributions. The problem was with the Master Secret. I received the complete procedure off list:
1) verify the problem comparing these files on both CAMs more /root/.perfigo/secret more /root/.perfigo/master 2) service perfigo stop in the secondary 3) copy the files from the primary to the secondary 4) service perfigo start in the secondary Regards, Antonio Soares, CCIE #18473 (R&S/SP) [email protected] -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Speight, Howard Sent: quarta-feira, 17 de Novembro de 2010 18:04 To: [email protected] Subject: Re: NAC Manager 4.7.2 Failover Issue 1-4 are right on, pay special attention to number 2 since the appliance was replaced. Export the Service IP certificate and private key to chain.pem or whatever you'd like to call it, import chain.pem into Standby. The only other area to look at is the Failover config and of course make sure the crossover cable (if you're using one) is plugged into the correct NIC. If auto eth1, that would be port 2 on the appliance. 3395 and 3355, four ports, 1 is eth0, 2 is eth1, 3 is eth2, 4 is eth3... When you reboot the standby do you see a db restore start and complete in the event log? -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Rob Chee Sent: Wednesday, November 17, 2010 12:28 PM To: [email protected] Subject: Re: NAC Manager 4.7.2 Failover Issue Did you create a new license when the new NAC Manager was put into place? Other common issues 1. Time not synchronized 2. Trusted root certificate does not exist on both NAC Managers 3. Master secret not the same 4. Wrong MAC address added as the primary (ie The license was added to the secondary instead of primary NAC manager) ------------------------------------------------------ Rob Chee, CCIE #8188 (R&S and Security) Senior Network Consultant Chesapeake NetCraftsmen, LLC. Company Website: http://www.netcraftsmen.net My Blog: http://www.netcraftsmen.net/resources/blogs/blogger/Rob%20Chee/ Mobile: 571-437-2829 ------------------------------------------------------ On 11/17/10 6:52 AM, "Antonio Soares" <[email protected]> wrote: >Hello group, > >I have a situation where the Secondary NAC Manager died and was replaced >by >a new one. Everything seemed to be fine but when the Primary is rebooted, >the Web interface is in restricted mode. Here we see the Primary as Dead >and >the Secondary as active. After the Primary comes online, the Web interface >remains restricted. Now the Primary is standby and the Secondary still >active. Only after the secondary is rebooted, the Web interface shows the >normal state. When the Primary is active again. > >Any hints of what could be the cause of this ? Maybe licensing problems ? > > >Thanks. > >Regards, > >Antonio Soares, CCIE #18473 (R&S/SP) >[email protected]
