AAA/Identity/Nac :: ACS 5.4.0.46.3 Windows Error

Jun 4, 2013

I have the message error in my ACS 5.4 after migrate the versión (5.3 to 5.4)

View 2 Replies


ADVERTISEMENT

Cisco AAA/Identity/Nac :: ACS 5.2 Error - 22056 Subject Not Found In Applicable Identity

Oct 6, 2012

I have two ACS v 5.2 (primary and secundary) and some users are in the internal stor and the others are in the AD.The local site topology is like this:
 
PC - AP - WLC - ACS - AD
 
Authentication method is PEAP(EAP-MSCHAPv2) and all user have the certificate company installed. The OS in the client users is Windows 7.Users was working fine but some users reports intranet disconnections. I see in the ACS log  many "22056 Subject not found in the applicable identity store(s)." and "24415 User authentication against Active Directory failed since user's account is locked out" alarms.I believed it was because user wasn´t in the AD data base, but some times the same user is authenticated successfull and other i see the "22056...." or "24415...." alarms.
 
I switched the role for ACS primary to works as secundary and we see the same alarms.

View 2 Replies View Related

AAA/Identity/Nac :: ACS 5.2 Could Not Be Upgraded And Gives Error

Jan 12, 2012

I have a brand new ACS version 5.2.  Everything is working fine.  I go to cisco website and download the following packages:5-2-0-26-8.tar.gpg
 From there, I ssh into the ACS and performed the following: acs patch install 5-2-0-26-8.tar.gpg repos acs-52-patch That works without any issues.  My ACS is now upgrade to 5.2.0-26-8 An hour later, when I tried to perform this:  acs patch install ACS_5.3.0.40.tar.gz repository Upgrade_to_5.3.0.  it is not working.  I get this message: Failed to copy file 'ACS_5.3.0.40.tar.gz' from repository Upgrade_to_5.3.0 (Error -306).

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Getting ACS 5.4.0.46.3 Error

Jun 3, 2013

ACS 5.4, when I was working in it. In the CLI appeared this file to solution I have to reload the ACS.
 
 SMflag : 1Cmd str: haltSave the current ADE-OS running configuration? (yes/no) [yes] ? noContinue with shutdown? [y/n]  Func Trace: <<< vsh_mark_process_status >>>22007: Terminated by signal 2.EOL ==>completedJob is completeRestored the shell's terminal mode.EOL: abnormal exit: code: 0EOL: signaled: 2 InterruptCmd execution successful
[Code] .........

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Gives Internal Error

Oct 8, 2012

On ACS 4.2.0.124 version installed on Appliance 1113.We are getting error code as "Internal error" and also "Enabling Tacacs+ is not allowed for this Access Server" while client authentication.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Authentication Error In ACS 5.3

Sep 7, 2012

I configured ACS 5.3 and added AAA clients with TACACS+ server and shared secret key as cisco123. i did the below config on switch also. when i try to authenticate login with ACS it does not respond. Find the configuration and debug output.nd
 
In debug output it gives ruser and rem_addr is null. i did not understand why .
 
I am able to ping to ACS server and i used telnet 192.x.x.10 49 and it gives the proper output.
 
aaa new-model
aaa authentication login default group tacacs+ local
!
tacacs-server host 192.168.60.10 key cisco123
tacacs-server directed-request
ip tacacs source-interface Vlan172

View 2 Replies View Related

AAA/Identity/Nac :: 1841 Giving Error In Authentication

May 15, 2013

I have an 1841 that was working fine - I could SSH to it with my Radius login and console into it with local credentials ("Fred").I added another use ("Mike") with priv 15 so the end user could log in locally via console if needed.After that, we can both log in via console, but when we try to enter privileged mode we get "% Error in Authentication", before even entering the   password.I can still log in via Radius SSH with no problems and access privilege mode via SSH.What am I missing so we can have two different users be able to log in locally with different credentials and access privileged mode, and keep my ssh radius working?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Error Code Translation

Jun 17, 2010

I upgraded an ACS4.2 to ACS5.1, and in the ACS View Dashboard „ACS – System Errors” I see the following error message: [code] Unfortunately I can't find any documentation what describe what ERROR codes mean, so I don't know what does 32603 ERROR code mean.

View 11 Replies View Related

Cisco AAA/Identity/Nac :: Error When Joining Acs 5.3 To Domain

Dec 12, 2011

this is what happens when I try to join an acs 5.3 to the domain. On two other acs appliances, it works.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - Error Generating CSR On Secondary

Nov 16, 2012

I am attemtping to install new ssl certs on our 5.3 cluster.  I was able to generate the CSR on the Primary host.  When I attempt to generate the csr on the secondary host, I receive the following error:
 
This System Failure occurred: Error while remotely calling Primary to create: com.cisco.nm.acs.im.certificate.CertificateRequest Object{ request=[B@144cead, privateKey=null, encryptedPrivateKeyPassword=[B@5ce155, certificateSubject=CN=xxxx.xxxxxx.net, keyLength=2048, digest=SHA1, timeStamp=null, friendlyName=null, guid=[B@1cd99ca, description=null, name=xxxx.xxxx.net, version=0, id=0}. Your changes have not been saved.Click OK to return to the list page. 
 
Both hosts are running identical versions:

Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.3.0.40
Internal Build ID : B.839

View 1 Replies View Related

AAA/Identity/Nac :: Cisco ISE 1.1.1 Is Given Certificate Error While Trying To Access Any Of Nodes

Nov 9, 2012

Cisco ISE 1.1.1 is given Certificate error while trying to access any of nodes. It is started after adding other nodes in to primary node. Accessing by IP's redirect to other nodes suppose if we accessing primary admin node by IP, it redirect to other nodes (secondary nodes or other nodes).

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Radius Accounting Error Message In ACS 5.3

Jul 2, 2012

I have an error when i try to generate radius accounting.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - PEM File Parse Error In Win 2003 CA

Jan 31, 2012

I continue to export a Certificate Signing Request for our local CA.  They insist they are getting a parsing error (Invalid algorithm specified) when they cut and past or import the file I send them.  In fact, they have stated that they have had this error with another Linux-based CSR.
 
I'm not find this issue prevalent on the Internet, so I wonder is this if a user issue on their behalf or the fact that they are using a Win2003 box as a local CA.
 
How to get a Cisco ACS ".pem" file signed in a local Win2003 CA or advise to an alternative to configuring 802.1x using EAP-TLS?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 / 2851 / There Is Authentication Failure With Error No 254

Nov 22, 2011

we have ACS 4.2 and 2851 router with IOS 15.0(1)M4. There is authentication failure with error no 254. Is there any compatibilty issue with 15.0(1)M4 IOS

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2.0 Error In ACS Authentication For Accessing Devices

Jun 11, 2012

We are using acs version 4.2.0 build 124 on windows server 2003. Our domain controller has been upgraded from 2003 to windows 2008 R2.Now we are facing following error in ACS authentication for accessing our devices.Error: AUTH  06/09/2012 11:55:40 E 1810 3316 0x8f21 External DB [NTAuthenDLL.dll]: Windows  authentication FAILED (error 1326L)if we restarted services of ACS server then users get authentiated fine.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 1120 - Error Opening Acs Logs

Mar 6, 2013

I have problem with ACS 5.0 on reporting.  On "Monitoring and Report" page  in  Faverite Reports when i clicking on "Authentications - RADIUS - Today", My browser displays error "Error while reading skin-access.config. Please make sure the file exists and conforms to the schema specified"
 
I must also mention that I never upgraded the version of ACS from 5.0 also from command line all the acs services are running. It is running on CISCO 1120 Secure Access Controll Server apliance.
 
My second question is can I upgrade the version of ACS to 5.4 with Cisco Secure ACS 5 Base License?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: 3395 - Getting Error - Failed To Start DB

Oct 14, 2012

While installing ISE 3395 i am getting error failed to start DB!
 
Database is not available withintimeout of 240 seconds.this could be reason of incorrect network configuration or lack of resources on the appliance or VM, run the folloing CLI to re-prime database 'application reset-config ise'

View 3 Replies View Related

Cisco AAA/Identity/Nac :: 6500 - ACS 5.2 - Clock Skew Error

Aug 14, 2012

I have  6500 VSS Core Switch configured as NTP Server .I have installed ACS 5.2 vmware and sucessfuly integrated with the AD . I have noticed in some case, i lose connectivity between ACS and AD and when i say test connection , it shows clock skew error . Reboot of ACS sometimes solves the issue, else it comes up automatically after some hours . In core switch , i have configured time as PST +4 and in ACS it is configured as PST +4 , which automatically goes to GST.

View 15 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 LDAP Group Search Error?

May 9, 2012

I have a problem where occasionally a user will attempt to login and the LDAP search will find the user but then fail when it does the group search.  The error I get is below
 
22037  Authentication Passed
22023  Proceed to attribute retrieval
24032  Sending request to secondary LDAP server
24016  Looking up user in LDAP Server - testuser
24004  User search finished successfully
24027  Groups search ended with an error
24034  Secondary server failover. Switching to primary server
24031  Sending request to primary LDAP server
24016  Looking up user in LDAP Server - testuser
24004  User search finished successfully
24027  Groups search ended with an error
22059  The advanced option that is configured for process failure is used.
22062  The 'Drop' advanced option is configured in case of a failed authentication request.
 
Some users never get this error, others will get it once in a while and I have one user that gets it every time they try and login. 

View 3 Replies View Related

Cisco AAA/Identity/Nac :: MS-CHAPv2 Attribute Error In ASA Querying AD Via ACS 5.2

Jun 28, 2011

We have just set up a Secure ACS 5.2 VM to provide authentication for Anyconnect VPN clients.  The clients connect to an ASA 5520, which queries the ACS, which in turn queries Active Directory directly.  All seemed to work OK, but I noticed it was using PAP.  Following some docs, MS-CHAPv2 was enabled via the "Password-management" command.  This broke the configuration and the error on the ACS was:
 
11309 Incorrect RADIUS MS-CHAP v2 attribute Some references suggest that the ASA and ACS should talk MSCHAPv2 without additional config, so I guess it must be the ASA config for the tunnel-group.  There are additional secondary authentication and authorisation pages on ASDM, that I suspect might be necessary to use mschap.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: NAC 4.9 Invalid Switch Configuration OOB Error

Dec 10, 2012

I am having the Cisco NAC enviroment (Software Version is 4.9.1) and OOB VG.
 
We are getting the below and attached Error while deploying on some machines.
 
"Invalid switch configuration-OOB Error:OOB client "mac/ip" not found."
 
Some users on same switches are working fine but some are not....
 
What would be the possibilities and any work around? other than keeping the port shudown for long time means that atleast 10 - 20 secs or more or a PC restart. Customer is not feeling comfortable with the current situation.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Radius Device Administration Error 11033

Jul 20, 2010

I'm trying to configure ACS 5.1 as radius server for a catalyst switch but i can't make it work.I keep on getting the "11033 Selected Service type is not Network Access" error message.
 
Tacacs works fine but radius does not. Any sample device administration config to use with RADIUS?it seem the service type does not work with radius in this scenario ( radius + device admin).

View 10 Replies View Related

Cisco AAA / Identity / Nac :: 1310 Bridges - FreeRadius Authentication Error

Mar 2, 2011

I have two 1310 bridges. one configured as root and the other as non-root. Authentication Settings: Open with EAP and Network EAP with no addition. Set up: when non-root bridge tries to associate with root bridge, root bridge checks with radius server if it's ok to associate with the non-root bridge.
 
I can see communication with the radius server (I'm using FreeRadius) and the radius server even sends a SUCCESS back to the root bridge. However I'm seeing this error on the non-root bridge: DOT1X_SHIM-3-PLUMB_KEY_ERR: Unable to plumb keys - Eap key struct is NULL and the bridges do not authenticate.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: 5508 - NGS Guest Server Authentication Error

Apr 29, 2011

I installed NGS 2.0.2 for wireless guest user management and authentication. I implement webauth via webauth page on wlc deployed.One Branch with a WLC5508 version 7.0 wireless anchor controller is working on the NGS.But now I integrate next branch with WLC4402 version 6.0.188 and the authentication of users at the new branch gets an error, wrong user/password.
 
I double checked configuration and user/password but I can't find any configuration error. Also stopping and starting of radius service and reboot of NGS still does not work. I tried to debug the radius via web interface and watched for the loggfile and there is still a reject.I also tried the freeradius command radiusd -X but I got an error when starting the radiusd -X.
 
1.) How can I figure out, if I will get the correct password from my WLC ? Are there any debug options to see more ? e.g. some cli commands, radiustest utilities or how to get the received password from the chap challenge of the debug ?
 
2.) I have appended a part from my radius loggfile. How can I find the detailed error in the radius log file? Is it correct that the password in the debug file is empty ? raiuds logg line "[radius-user-auth] expand: %{User-Password} -> "

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Error When Changing Device Group Or Location

Jun 13, 2012

I am trying to move a device from the Default location to a sub group and get the following message when I try (either with IE or Firefox)
 
This System Failure occurred: Index : 0, Size: 0. Your changes have not been saved. Click OK to return to the list page.
 
it also gives me the same error if I try and change the Device type from default to a sub group. I'm sure I could do this previously. The ACS build is (VMWARE install):
 
Cisco Application Deployment Engine OS Release: 1.2ADE-OS Build Version: 1.2.0.228ADE-OS System Architecture: i386
Copyright (c) 2005-2009 by Cisco Systems, Inc.All rights reserved.Hostname: ACS1
Version information of installed applications---------------------------------------------
Cisco ACS VERSION INFORMATION-----------------------------Version : 5.3.0.40Internal Build ID : B.839
 
I'm suspecting it a read/write issue with the database or a database corruption. I have stopped and started the application acs via the console and show application status acs has the following to say about itself.
 
ACS1/admin# show application status acs
ACS role: PRIMARY
Process 'database'                  runningProcess 'management'                runningProcess 'runtime'                   runningProcess 'view-database'             runningProcess 'view-jobmanager'           runningProcess 'view-alertmanager'         runningProcess 'view-collector'            runningProcess 'view-logprocessor'         running

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Managed Device Count Exceeded Error

Jul 6, 2010

I've just installed ACS 5.1 and noticed that it seems to count managed devices differently than previous versions.
 
I have a 500 count license which should be fine as I have about 100 devices which will use ACS for TACACS.  On ACS 3.x and 4.x, I would set up AAA clients by using a wild card for the subnets that host our routers/switches, say 192.168.1.0/24, 172.16.1.0/24 and 10.1.1.0/24.  when I do this with ACS 5, I get a Managed Device Count Exceeded error messasge becasue of the potential of more than 500 AAA clients.  It seems to be counting every IP address in the subnet as a managed device, even if there are only a handful actually in use.  Is there a way around this short of having to manually enter (and maintain) the exact IP Address of every managed switch and rotuer which will use the ACS server for TACACS?

View 10 Replies View Related

Cisco AAA/Identity/Nac :: (ACS 5.4 Patch 3) Error On Administrative Access Control

Jun 5, 2013

Configuration: VM with ACS 5.4 with patch 3. (upgraded from 5.2.0.26 patch 10)When I go on "System Administration" - "Administrators" - "Administrative Access Control" - "Authorization", I got this error:
 
What I tried:

"acs backup" on this server and shutdown
Install  an ACS 5.4 with patch 3 on new VM --> I don't have the problem on GUI
"acs restore" to restore my configuration on new server --> I got this problem again...
 
I want to use this feature...After this error, others pages generate this error: I have to reload server or restart management service to get him back...How could I solve this? (I don't want to reconfigure manually the server )

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Guest Vlan - Assignment Error On 3560 Switch?

May 18, 2013

I am configuring 802.1X in a 3560 Switch, my Radius server is a Microsoft IAS, when I connect a station of a guest user, the guest-vlan is not assigned in the port, and I have these logs:
 
May  8 21:23:02: dot1x-ev:Received an EAP Timeout on FastEthernet0/8 for mac 0000.0000.0000
May  8 21:23:02: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not

[Code].....

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Error Message 5405 RADIUS Request Dropped

Feb 22, 2011

The error message "5405  RADIUS Request dropped", what does it mean ? We have implemented 802.1X on a C4506 switch running IOS 12.2(53), it has worked fine for about 3 months but now I get users not able to authenticate. In the loggs on the ACS I get the obove message.
 
ACS 5.2 is running 5.2.0.26 Build 3075.

View 6 Replies View Related

Getting An Error 651 On Windows 7?

Dec 11, 2012

Any simple solution for error 651 on windows 7 ?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Service-Type Not Present Error When Attempting To Authenticate WLC 5508

Sep 13, 2011

I an currently running Cisco (ACS 5.2.0.26.3) and attempting to get my Cisco 5508 WLC's (7.0.98.0) loaded into ACS for TACACS+ authentication for managment users.
 
However I keep getting the following error:
 
*emWeb: Sep 14 14:44:45.931: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed for the user:test_tac. Service-Type is not present or it doesn't allow READ/WRITE permission.
 
Now I've attempted the step-by-step using the following URL but to no avail.( there are some slight differences in ACS 5.2)
 
[URL]
 
Latest WLC configuration guide I could find (Software Release 7.0 June 2010) isn't much useful either.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: 1252 AP - 24427 Access To Active Directory Failed Error In ACS 5.1

Jan 2, 2011

I'm working on implementing a RADIUS authentication for wireless access with the following :
 
- PCs running Windows 7, protocol used is PEAP (without validating the server certificate to make it simple at first),

- AP 1252  configured to use a RADIUS server to authenticate (it's working good with an ACS server 4.2),

- ACS Server 5.1.0.44.5 running as VM connected to an AD domain and working good with VPN connections,

- AD domain running on Windows 2003 Server.
 
My ACS VM is working good since a couple of months for VPN (RADIUS) and administration (TACACS) remote access, both using Active Directory. Now, I'd like to use it to authenticate people connecting to a 1252 Cisco access point but I'm getting this error "24427 Access to Active Directory failed". I switched from PEAP to LEAP but this is the same.
 
All I can get running the expert troubleshoot
 
Investigating failure code: 24427 Access to Active Directory failedChecking if Active Directory is configuredActive Directory is configuredAttempting connection to Active DirectoryConnection to Active Directory was successful.Troubleshooting completed.Click on Show Results Summary to view results.
 
I followed this guide, at least for the ACS certificate section :
 
[URL]

View 27 Replies View Related

Windows 7 PPTP VPN Error 807 And 800?

Mar 21, 2011

don't steer the topic from PPTP to IPsec and other types of VPN which is more secure than PPTP,,,,etc have got this scenario windows 7 is acting as vpn client at home and windows XP is acting as vpn server at workAt home (LAN address is 192.168.10.x/24)And I configured windows 7 as VPN client same as here [CODE]

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved