Readme File for Cisco Secure Access Control Server (ACS) Release: ACS 5.2.0.26 Patch: 5-2-0-26-9.tar.gpg ======================================================================================= This patch fixes: *Bug Id: Patch 1: - CSCth82664 ACS DB need to be compressed as a maintenance operation - CSCtg87278 ACS not able to establish SSL tunnel with LDAP server with CRL verif - CSCth78269 ACSTRANSACTIONS table is not cleaned properly during bulk operations - CSCth62139 ACS authentication rate decreases with internal user attributes - CSCti90973 Adding "User is in management hierarchy" flag to T\+ authorization policy - CSCsu69983 Restoring a configuration disconnects deployment and causes replication Patch 2: - CSCth57441 ACS 5.1 - HDD Failure doesn't prevent RT to process incoming requests - CSCtg49699 ACS 5 fails to join AD Domain - CSCti22161 ACS 5.1 AD admin password length too short - CSCti98492 ACS5 tries to connect only to 3 DC's - CSCtj15764 ACS5 will not accept two certificates with same SKI - CSCtj32663 Most significant bit is not set on the MS MPPE Keys - CSCtj31250 Windows 7 PEAP fast reconnect fails with ACS5 - CSCtj32835 Group fetch does not work for 8 hours after joining a new domain - CSCtj36382 Find AD Global catalog may fail in certain scenrio - CSCtj87187 Trust for client with EAP-TLS not stored with allow dup option - CSCtj86607 ACS 5.1 HTTP 500 errors, requiring mgmt service restart - CSCtk08342 ACS becomes disconnected from Active Directory when DNS replies delayed - CSCtk08423 ACS reconnects to different DCs if AD namespace is disjointed - CSCtk32168 Add an option to change password when password expires (T+ and Radius) - CSCtk32178 Add an option for pass never expired for specific users - CSCtk32664 ACS sends change-pass request to a wrong id-store in the sequence - CSCtk32683 Add option for checking user existence in internal before authenticate - CSCtl12831 Superadmin role has no permissions for authentication settings - CSCtj34574 Change and view speed/duplex settings via CLI in ACS Patch 3: - CSCti68031 ACS5 sees DC= in the certificate subject as invalid DN - CSCti42591 NDG Locations disappeared from GUI - CSCth77468 ACS 5.1 not including 'C' and 'V' values in MS-CHAP-v2 Failure Packet - CSCth72626 MS-CHAPv2 Responses with bad Flags value will not be dropped - CSCtf78048 Discovery of host's account domain is very inefficient - CSCtk32073 Network Device Groups are not evaluated properly in Device Filters - CSCtj38410 ACS sends TLS SessionTicket which can break compatibility with LDAPS - CSCtk31968 Getting exception while doing user attribute retrieval in - CSCtj89705 ACS 5 Import of internal user attribute fails for attribute with default - CSCth68051 network devices after migration - import/update doesn't work - CSCtl71157 ACS runtime does not send system status and health - CSCtl23615 Unable to retrieve AD group info. Centrify library error Patch 4: - CSCth12406 ACS 5 does not have option to disable local account on failed attempts - CSCtl75467 ACS5.2 High CPU usage due to failure in startup of adclient - CSCsz74681 Distribution Management MGM REPLICATION Execute failed - CSCtk96981 import process fails with FATAL error after importing high volume of devices - CSCth66302 Radius Authentication Request Rejected due to critical logging Error Patch 5: - CSCtl97325 UserInManagementHierarchy should be applied also for Internal-Hosts - CSCto34685 Speed/duplex settings not persistent across reboots - CSCtn97709 ACS 5.2 acs-config mode was hung - CSCtn25264 acsLocalStore.logs are unexpectedly deleted when restarting services. - CSCto62144 ACS 5 import should support none strict csv file header - CSCtk16271 ACS5: CLI DNIS values switch columns when Submit is clicked - CSCtc36013 ESX secondaries can't handle transactions gap during large users Import Patch 6: - CSCth08274 View not loading next page in IE if usernames containing char \u - CSCtq38322 ACS does not retry LDAP connection after silent drop - CSCto99380 ACS failing to retrieve non-local groups from AD while authenticating - CSCtq26661 ACS 5 fails import certificate with serial number in subject - CSCto15691 ACS runtime process restarts intermittently under heavy Tacacs load - CSCto76026 RT crash on PAP RSA stress - CSCtq64670 Incorrect Password prompt when using RSA authentication - CSCtq59282 AD Perf' impact 50%&more due to large amount of groups assigned to user - CSCto47203 ACS 5 runs out of disk space Patch 7: - CSCtk83179 ACS 5 View export to remote SQL DB not working - CSCtn25508 Administrative and Operational Audit logs becomes unable to be recorded. - CSCtk52607 ACS 5.2 high memory usage - more than 90% - CSCtq94551 After saving Port filter and Device name reversed - CSCtq93902 ACS1121// Port filters not working properly. - CSCtr95901 Remote DataBase sql schema need to change for export run failed - CSCtq69032 Re-submitting Remote Database Configuration creates an extra instance - CSCts17763 ACS may crash when Shell Profile name contains special characters - CSCtr32335 Secondary node fails to register to the primary with a huge DB, could be a duplicate of CSCtr32120 - Replication is not working for large amount of Data - CSCtr32511 Sybase transaction log file acsxxxx.log grows infinitely - CSCts38010 ACS Runtime crash during processing of TACACS+ request - CSCto11378 ACS 5.2 AD pre-authentication failures for AD with sAMAccountName format - CSCtr01798 Import updates unchanged records causing transaction log growth - CSCtr77850 ACS does not try next GC if LDAP service is not available - CSCtr86413 ACS incremental configuration replication fails - CSCtq76960 Can't Modify Internal User Password After Adding Enumerate-Type Attribute - CSCtn06060 ACS5 inefficiently handles packets when EAP State attribute is invalid - CSCtq81172 Admin GUI excessive page load times for large NDG tree Patch 8: - CSCts60512 Core file generated under combined T+ and EAP-TLS authentications - CSCtt04461 Update csv file not working in Device type and location under NDG - CSCtt07904 Authorization bypass on Cisco Secure ACS 5.x Patch 9: CSCtr78192 Multiple vulnerabilities in the Cisco ACS 5 web interface CSCts85741 Possible SQL Injection point in ACS 5.2 CSCtr78143 Multiple Cross--Site Request Forgery and stored XSS in ACS 5.2. CSCtu02752 ACS 5.2 patch 8 cannot display long lists of NDGs CSCtu04594 ACS 5.2.0.26.7 - only 50 NDGs shown on GUI with more than 100 configured CSCtu06690 ACS network device display filter broken big time CSCtu89783 ACS 5 password expiration policy triggered for token user CSCtg51846 Enum values are not shown in compound conditions in rule CSCtt14745 Cannot add group to LDAP identity store CSCtt17019 ACS5.x-Issue retrieving additional AD groups when referenced in rules CSCtt21122 Cannot import command sets with slash '/' in argument CSCto95888 sh acs-logs details cmd does not display localstore log file name CSCtw64212 'view-logprocessor' Process stuck in 'not monitored CSCte39351 ACS appliance snmp agent process daemon stops CSCtu36357 ACS 5 cannot duplicate user account CSCtw56498 TACACS+ "enable" request is dropped on unknown authen_type CSCtw67208 Administrative and Operational Audit logs not getting recorded on ACS CSCto88134 Temporary table was missing in 5.2 db after restoring 5.1 backup CSCtu21456 ACS 5 intermittently password change is not working in on secondary ACS CSCtx19470 ACS5 runtime error while try GUI login but all processes are running CSCtx68133 VA:Some of Secondary machines are going offline when the setup is idle Patch 5-2-0-26-9.tar.gpg consists of: * files compress_db.sh acs-replication-5.2.0.26.B.3075.jar acs-internalcli-5.2.0.26.B.3075.jar acs-distributedmanagement-5.2.0.26.B.3075.jar acsadmin.war libLDAPIDStore.so libDictionary3.so restore.sh libRadiusCommon.so libeap.so rt_daemon libActiveDirectoryIDStore.so libInternalIDStore.so acs-distributedmanagement-5.2.0.26.B.3075.jar libXmlConfig.so acs-dbTools-5.2.0.26.B.3075.jar libDBTools.so SA_ACSDB dbdump.sh authenticate.sql acs-internalcli-5.2.0.26.B.3075.jar acs-replication-5.2.0.26.B.3075.jar CLI.war compress_db.sh libLDAPIDStore.so libDictionary3.so libRadiusRequestFlow.so libRadiusAuthenFlow.so libIdentitySequenceWorkflow.so centrifydc.conf acs-bl-framework-5.2.0.26.B.3075.jar acs-bl-api-5.2.0.26.B.3075.jar restore.sh adclient libeda.so.0 liblber-2.2.so.7.0.19 libldap-2.2.so.7.0.19 liblrpc.so.0.0.0 libCryptoLib.so libCryptoLib.so.sign acs-db-5.2.0.26.B.3075.jar acs-audit-5.2.0.26.B.3075.jar acs-userfailedattempt-5.2.0.26.B.3075.jar acs-common-5.2.0.26.B.3075.jar acs-infomodel-5.2.0.26.B.3075.jar libTacacsAuthenFlows.so libUserFailedAttemptEvent.so libMessageCatalog.so libUserFailedAttemptFlow.so libUserFailedAttempt.so dataupgrade-5.0.jar start_acs_cli.exp libtacacs.so libIDStore.so libIDStoreManager.so avreports.war dbpurge-5.0.jar acsview.war acsview_compress_db.sh monit_script.sh libtacacs.so view-logs.sh snmp-status PI.war collection-5.0.jar acs-transfer-utils-5.2.0.26.B.3075.jar acs-aac-5.2.0.26.B.3075.jar Prerequisites ============= This is a patch for release ACS 5.2.0.26. ACS 5.2.0.26 must be installed before installing thispatch. Other prerequisites are same as for ACS 5.2.0.26 (FCS Version). What the Patch Fixes ==================== The patch fixes for the DDTS - CSCth82664 ACS DB need to be compressed as a maintenance operation. This fix introduced new CLI command in the acs config that should be use only on the primary node. The CLI command: 'acs-config database-compress [truncate_log]' This maintenance operation compress the ACS DB by rebuilding each table in the database and releasing unused space. The command has also option to release the replication transaction table. Before initiating the command, you should move all the secondary nodes to local mode. Then you should initiate the command on the primary node. When the DB compress is completed and all the services are up, you should reconnect the secondary nodes, one by one. On reconnection the secondaries, full-sync between the primary and the secondary will be initiate automatically. - CSCth78269 ACSTRANSACTIONS table is not cleaned properly during bulk operations The cleaning of the ACS transaction table (a table which keeps configuration change logs) was changed to be more intensive.We only keep the last 2k configuration transactions. - CSCsu69983 Restoring a configuration disconnects deployment and causes replication In the distributed setup ,when customer restores the backup on cli,it will throws awarning message and you will have to configure each secondary to re-connect with primary . - CSCti90973 Adding "User is in management hierarchy" flag to T\+ authorization policy In this solution a hierarchical label is assigned to each device that represents the administrative location of this device within the organizations management hierarchy. For instance, "All:US:NY:MyMgmtCenter" denotes that the device is in "MyMgmtCenter" which is in NY which is in the US. Permissions are granted to the user based on their assigned level within the management hierarchy. For instance, if a user has an assigned level of "All:US:NY", that user will be granted permission when accessing through any device with a hierarchy that starts with "All:US:NY". The following sections describe in detail how to configure this solution. - CSCtg87278 ACS not able to establish SSL tunnel with LDAP server with CRL verification This fix allows establish of SSL tunnel with LDAP server with CRL verification. - CSCth62139 ACS authentication rate decreases with internal user attributes The fix includes 2 parts : 1. Read only attributes value from request from DB (without user information - UserName, Password, EnablePassword, LastLoginTimae etc...). 2. Check default attribute value without try-catch mechanism. - CSCti68031 ACS5 sees DC= in the certificate subject as invalid DN With this fix DC= is allowed as part of the certificate subject when generating a certificate signing request. - CSCti42591 NDG Locations disappeared from GUI This fix enables the NDG locations to appear on the NDG GUI even after adding an attribute with name 'location' for internal users. -CSCtk32073 Network Device Groups are not evaluated properly in Device Filters The fix is in Device Filter creation. Therfore already created Device Filter using ACS 5.2 before patch 3 should be removed and created again. - CSCtn25264 acsLocalStore.logs are unexpectedly deleted when restarting services. With this fix acsLocalStore logs are not deleted unexpectedly when restaring services Because we changed New HD Limit to 97GB - CSCth08274 View not loading next page in IE if usernames containing char \u This issue has been fixed by encoding and decoding of username where ever it needed. Even if the reports username contains \u and/or \x, the navigator buttons are working fine without giving any error in both IE and Mozilla Firefox. The RADIUS_Authentication.rptdesign file was modified, so customer has to click Reset Report in page Monitoring & Reports > ... > Reports > Catalog > AAA Protocol for this fix to take effect. - CSCtq38322 ACS does not retry LDAP connection after silent drop ACS has been made resistant to situations when firewall or load balancer located between ACS and LDAP servers drops idle LDAP connections. - CSCtq59282 AD Perf' impact 50%&more due to large amount of groups assigned to user - CSCto99380 ACS failing to retrieve non-local groups from AD while authenticating Evaluation of user's group membership against Active Directory has been optimized to address above two issues. - CSCto15691 ACS runtime process restarts intermittently under heavy Tacacs load The problem is triggered by Tacacs clients [automatic tools] that do not complete the conversation and keep the T+ connection open for a long time. Fixed T+ connection management issue. - CSCto76026 RT crash on PAP RSA stress Fixed race condition causing ACS restarts on PAP authentication load against RSA. - CSCtq64670 Incorrect Password prompt when using RSA authentication On TACACS+ authentication of an internal user which configured with RSA identity store on 'password type', the password prompt is taken from RSA prompts setup as expected. - CSCtq26661 ACS 5 fails import certificate with serial number in subject The issue is addressed by parsing the server cert to accommodate for serial number in subject as per RFC-3739, sec. 3.1.2. - CSCto47203 ACS 5 runs out of disk space There are two problems reported in this bug. 1. Currently, the view database purge operation works as follows. - When the size of the view database reaches 120 GB, it checks whether the last full/incremental backup was successful. If it was successful, then, it will purge data based on purge window setting configured by the user, to bring the size of the database to below 120 GB. If the last backup was not successful, it will do nothing. - when size of the View database reaches 150 GB, then, irrespective of the status of the previous backup operation, data would be purged either to bring it down to 120 GB or to retain only last one month data, which is ever is met first. The problem is, if last one month's data itself is more than 150 GB, then, the current purge operation does not do anything with that. 2. The size of the Sybase database is not reduced even after deleting records or truncating tables. According to Sybase, it is by design for some good reasons (such as reducing I/O operations, etc.) The above issues are resolved as follows. 1. To resolve the problem in purge, 1.1 If last one month data itself exceeds 150 GB, ACS purges first three weeks data in last month until it reaches 120 GB limit. 1.2 Since incremental backup is mandatory to purge data (upon reaching 120 GB mark), ACS has been enhanced to send alerts if incremental backup is not configured. ACS sends “warning” when view database size reaches 114 GB (95% of 120 GB). It sends “critical” alert when database size exceeds 120 GB and 150 GB respectively. 2. To work around the problem in Sybase, where the size of the database not reduced even after purge, we have provided a CLI (acsview-db-compress) command in acs-config mode to compress view database file size. This command compresses the ACS View DB by rebuilding each table in the database and releasing unused space. This will reduce the physical size of the database. During this process, ACS will be stopped. Once the database compress operation is over, services will be started automatically. Note that the time taken for compress operation will vary depending on the size of database. If the database size is huge, the compress operation will take hours. This CLI needs to be executed only LogCollector server. It is strongly recommended to execute this CLI only on maintenance hours as it requires restart ACS services. The option to compress the view database is also mentioned in the description of one of the alerts that is sent when view database reaches certain limit. - CSCtn25508 Administrative and Operational Audit logs becomes unable to be recorded. This fix address the issue of Administrative and Operational Audit logs no longer reported due to the reason of missing records in ACSTRANSACTION Table. - CSCtk83179 ACS 5 View export to remote SQL DB not working This address the remote database export funtionality issue in 5.2 version. with this fix the required drivers are loaded and remote database export functionality works as expected. - CSCtk52607 - ACS 5.2 high memory usage - more than 90% The fix is in setting the upper and lower limits for the Sybase cache size by using the -ch and -cl parameters in the command line, when starting the Sybase Database. This reduces the memory usage. - CSCtq94551 - After saving Port filter and Device name reversed The fix makes the Device Name and Port to be stored in the appropriate fields. - CSCtq93902 - ACS1121// Port filters not working properly. Customer is using Device Port Filters to filter the NDG. Under the device name tab, When trying to save the port details as ANY the records are not saved and no error message is generated.With this fix, the device name and port details are saved even when the port data is configured as ANY. - CSCtr95901 Remote DataBase sql schema need to change for export run failed The issue is addressed by changing the existing column datatypes in schemafiles. - CSCtq69032 Re-submitting Remote Database Configuration creates an extra instance This fix address the issue of remote database export failure due to another job instance running. when the user tries to do sumbit on remote db configuration page by chaning any of the previously configured value or with out changing any value also there is a new pop message shown with "Ok" or "cancel" option. If Ok is selected,then the existing configuration is creared and it is configured with new values.If cancel is selected,then previous configuration values are retainded .This fix also cleans up the temp file created for previous remote export run. - CSCts17763 ACS may crash when Shell Profile name contains specialcharacters This fix addresses the ACS Runtime crash issue when Shell Authorization Profile contains non-English characters. - CSCtr32335 Secondary node fails to register to the primary with a huge DB, could be a duplicate of CSCtr32120 - Replication is not working for large amount of Data The fix introduces a new replication mechanism based on dbunload utility instead of dbbackup: the only data is being replicated, not entire DB file which can contain a considerable amount of fragmented free space for large databases. - CSCtr32511 Sybase transaction log file acsxxxx.log grows infinitely The fix includes the DB transaction log management. The transaction log is truncated on each check-point (-m option). - CSCts38010 ACS Runtime crash during processing of TACACS+ request The fix addresses incorrect authentication session cleanup when closing the T+connection at ACS side after configuration change. Following sequencereproduces the issue. 1. A T+ connection has been established and the authentication session was started by device. 2. ACS (secondary) got a configuration change. 3. Device dropped the connection. 4. ACS crashed when closing the connection and cleaning the session. - CSCto11378 ACS 5.2 AD pre-authentication failures for AD with sAMAccountName format We just set a new flag (called “salt”) in the centrifydc.conf file.This increases Centrify’s compatibility with Windows 2008 and solves someuse cases where usernames would fail authentication (when they should not). - CSCtr01798 Import updates unchanged records causing transaction log growth Unchanged Records are not executed. - CSCtr77850 ACS does not try next GC if LDAP service is not available In case there are several global catalogues, ACS checks the global catalogue status and chooses to work only against available GC. - CSCtr86413 ACS incremental configuration replication fails This issue was related to the automatic mechanism of cleaning old Transaction. - CSCtq76960 Can't Modify Internal User Password After Adding Enumerate-Type Attribute After adding enum type attribute for user, there was an error modifying internal user password - CSCtn06060 ACS5 inefficiently handles packets when EAP State attribute is invalid If ACS5 receives authentication attempts containing invalid/unknown EAP State values, they are processed (instead of dropped like ACS4) crea ting a load on system resources which results in un-responsive behavior of the server in general when the numbers of these auths is high. - CSCtq81172 Admin GUI excessive page load times for large NDG tree This fix reduces the page load time when NDG has more childerns. with this fix the tree loads collapsed and when the user expands the node then it retrieves the children of the expanded node. Furthermore, in case that the the expanded node has a large amount of children then incremental loading of 50 by 50 nodes happens so the loading does not block the page and doesn’t take a long time. Note: Due to architectural limitations once the user tries to use the filter of the tree, the tree will load in previous mode (full loading of the tree) But in any case the filtering means a lower amount of nodes so the load operation will not take more time. - CSCts60512 Core file generated under combined T+ and EAP-TLS authentications This fix address the runtime crash occurance under the stress of T+ and EAP-TLS authentications - CSCtt04461 Update csv file not working in Device type and location under NDG With this fix the Update csv file for device type or location type via the import/export interface works as expected. - CSCtr78192 Multiple vulnerabilities in the Cisco ACS 5 web interface There is a new filter added to validate and redirect to error/logout page if any vulnerable (Cross Site Scripting) characters are found in the user request. - CSCts85741 Possible SQL Injection point in ACS 5.2 This fix validates for any malicious characters which cause SQL Injection . - CSCtr78143 Multiple Cross--Site Request Forgery and stored XSS in ACS 5.2. There is new Mechanism added to prevent CSRF, if there is any request with CSRF then it is redirected to error page. - CSCtu02752 ACS 5.2 patch 8 cannot display long lists of NDGs ( Duplicate of CSCtu04594) - CSCtu04594 ACS 5.2.0.26.7 - only 50 NDGs shown on GUI with more than 100 configured All the configured NDGS are displayed as expected. - CSCtu06690 ACS network device display filter broken big time The filter and the count displayed while applying the filter in network device page shows the count properly and shows the proper devices. CSCtu89783 ACS 5 password expiration policy triggered for token user The fix disable password expiration policy for Users, what defined to do authentication in External ID Store (through ACS-RESERVED-Authen-ID-Store attribute ). - CSCtg51846 Enum values are not shown in compound conditions in rule It is now possible under the compound condition in the policy table to add values that reference a string enum attribute value. - CSCtt14745 Cannot add group to LDAP identity store - CSCtt17019 ACS5.x-Issue retrieving additional AD groups when referenced in rules The fix uses the correct element and now it is possible to add additional groups under 'Directory Groups' tab in LDAP and AD. - CSCtt21122 Cannot import command sets with slash '/' in argument with this fix ,the command set arguments containing '/' char are imported and the values are shown properly. - CSCto95888 sh acs-logs details cmd does not display localstore log file name The changes has been made for "show acs-logs" or "show acs-logs details" command, to display all the logs under localstore even When more number of acsLocalStore.log files are generated. - CSCtw64212 'view-logprocessor' Process stuck in 'not monitored This fix replaces the inmemroy database with clean db file and starts which brings up the view-logprocessor, In scenarios where view-logprocessor is going to not monitored state due to the curruption inmemory database. - CSCte39351 ACS appliance snmp agent process daemon stops A cron job command is used to monitor snmpd process. If the snmpd process is stopped, the shell script present in snmp-status file is executed which makes the snmpd process to be restarted. CSCtu36357 ACS 5 cannot duplicate user account This fix address the duplicate user issue where in UserIsInManagementHeirarchy or HostIsInManagementHeirarchy attributes were configured to Internal users or Hosts dictionary. CSCtw56498 TACACS+ "enable" request is dropped on unknown authen_type The fix allows ACS to handle TACACS+ "enable" requests with any authen_type value. The TACACS+ "enable" requests with unknown authen_type values will be handled as TACACS+ "enable" requests with authen_type=ASCII CSCtw67208 Administrative and Operational Audit logs not getting recorded on ACS (Duplicate of CSCto88134) CSCto88134 Temporary table was missing in 5.2 db after restoring 5.1 backup This fix prevents the occurance of the xml parse expcetpions during any configuration changes that has been done in scenario where ACS has been upgraded from ACS 5.1 to ACS5.2 or restored the backup taken in ACS5.1 into ACS 5.2 . This fix also prevents the administrative and Operational Audit logging issue occured because of xml parse exception. CSCtu21456 ACS 5 intermittently password change is not working in on secondary ACS The issue happens when device admin changes their password with T+ and the new password contains invalid characters. Following the change password failure no device admin is able to change password. CSCtx19470 ACS5 runtime error while try GUI login but all processes are running The issue occurs under certain combination of T+ connection load so that the ACS runtime service is stuck though displayed as 'running' in the process status. During that, T+ authentications are timed out and GUI login is throwing an error. CSCtx68133 VA:Some of Secondary machines are going offline when the setup is idle In case of certain failures within the messaging communication among ACS nodes, the messaging communication mechanism is restarted. This auto recovery functionality keeps high reliability of ACS distribution environment . Known Issue: CSCts15041 remote database settings running error message needs to be proper/disabl Version patch will be displayed : #show application version acs Cisco ACS VERSION INFORMATION --------------------------------------------- Version : 5.2.0.26.9 Internal Build ID : B.3075 Patches : 5-2-0-26-9 Instructions on how to install the patch ======================================== 1. open CLI console 2. define new repository in which the 5-2-0-26-9.tar.gpg resides 3. issue: 'acs patch install 5-2-0-26-9.tar.gpg repository YOUR_REPOSITORY' 4. verify installation by getting the following version information via CLI by issuing: #show application version acs Cisco ACS VERSION INFORMATION ============================= Version : 5.2.0.26 Internal Build ID: patches: 5.2.0.26.9 Instructions on how to remove the patch ======================================== 1. open CLI console 2. issue: 'acs patch remove 5-2-0-26-9' 3. verify patch removal by getting the following version information via CLI by issuing: #show application version acs Cisco ACS VERSION INFORMATION ============================= Version : 5.2.0.26 Internal Build ID: ======================================================================= Copyright (C) 2012 Cisco Systems, Inc. All rights reserved. Cisco and Cisco Systems are registered trademarks of Cisco Systems,Inc., in the U.S. and certain other countries. All other trademarksmentioned in this document are the property of their respective owners. =======================================================================