Yesterday I blogged about how to get an automatic ACS collector scenario. I described my solution with a new PowerShell monitor and a failover scripts as recovery. One of the prerequisites of this solution is to make the ACS configuration file ‘ACSConfig.xnl’ available for both ACS collectors.
The ACSConfig.xml is a very important file in your ACS deployment. This file has a list of all audit forwarders ever known to the collector, and their last contact time, and sequence number of the last event they have sent to the collector. In a normal installation each ACS collector will have its own configuration file. In my ACS failover scenario the following need to be configured:
- Configure your ACS environment as described here
- Stop all ACS collectors
- Copy the ACSConfig.xml file from the active collector to a file share
- Grant both ACS collectors ‘Full control’ on this location with their AD computer account
- Change the follow registry key on both ACS controllers
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdtServer\Parameters]
“ConfigFile”=\\<<FILESHARE>> \ACS_Config\AcsConfig.xml - Start first the ‘active’ collector and check the event viewer for errors.
- Stop the ‘active’ collector and start the ‘standby’ collector and check the event viewer for errors.
With the above configuration you have solved the fact that you have to copy the ACSConfig.xml file from the active to standby collector.
Usefull blogposts with ACS related information:
– http://blogs.technet.com/b/kevinholman/archive/2008/03/07/acs-internals-part-1.aspx
– http://blogs.technet.com/b/neharris/archive/2011/03/22/acs-forwarders-and-high-availability-part-1.aspx
Nice Job .. Thanks for posting this. It helps many of us 🙂