AAA/Identity/Nac :: NAC 4.8.2 - IP Phone 9951 Not Registered / Active Call Getting Disconnected
Jan 30, 2012
I have deployed the NAC Solution. NAC Software version = 4.8.2 and Agent version = 4.8.3.1.The solution is working fine but the Cisco IP Phone CP9951 is getting restart after applying NAC (or port profiles) at some time interval. Time is not fixed but it doesn't seem stable. Sometimes, it is just disconnected while using the Phone and sometimes when you log-off or restart the PC.The Cisco IP Phone CP8945 is working fine in all cases.We are getting the message of "Phone not registered" and active call is getting disconnected.
View 0 Replies
ADVERTISEMENT
Dec 10, 2012
Recently our ACS loss connection to AD. Notice following error message (collect from show tech):
Dec 9 00:05:31 OasPrp-Lvl07-ACS01 adclient[24514]: INFO <bg:ageBindings> base.
bind.healing Lost connection to myhqkul990003s.simedarbygroup.com. Running in di
sconnected mode: KDC refused skey: Preauthentication failed
[Code]....
However we manage to restore the connection by reset password of the AD account that used in establish connection between AD and ACS.
View 1 Replies
View Related
Nov 6, 2012
the customer has CUCM in the inventory database of LMS 4.1. He has all accesses from LMS to CUCM. One phone 7961 is seen in the UT report. When the customer click on the CUCM in the inventory - there is no IP phone registered in the CUCM.
View 2 Replies
View Related
Nov 6, 2012
the customer has CUCM in the inventory database of LMS 4.1. He has all accesses from LMS to CUCM. One phone 7961 is seen in the UT report. When the customer click on the CUCM in the inventory - there is no IP phone registered in the CUCM. What is wrong?:-( See the attachment.
View 1 Replies
View Related
Aug 19, 2011
I have seen that when ever i am using the packet data connection (GPRS/EDGE) on mobile and if a Voice Call comes, the Package data will be stopped and once the call gets disconnected it will resume sending the data.For 3G Data the same is not happening, at the time of voice call it will continue sending the Packet data.
View 1 Replies
View Related
Apr 6, 2011
I have an Orange Livebox connected wirelessly to my laptop. Everything's been working fine until the last few weeks. Whenever I receive or make a call using my iDECT s2i cordless telephone the internet drops and it takes ages to reconnect. I've checked all the connections and every phone socket has an ADSL filter. I understand that some wireless devices can affect a router and that these are usually 2.4ghz devices but I have no idea if my cordless telephones are 2.4ghz or 5.8ghz or indeed if this is the source of the problem at all.
View 2 Replies
View Related
Jun 23, 2011
I got a problem yesterday with a customer that says that the calls from a CISCO IP Phone 7961 to an Alcatel 4018 IP Touch didn't work, well the phone rings but there's no voice; I manage a CISCO ASA version 8.2(1) and I was checking the Inspection Rules in the Service Policy Rules section and when you open the inspection_default at the Rule Actions tab I find that the H.323 H.225 and H.323 RAS box wasn't checked so I ask to the customer to made a test and the same problem happen so I checked both box and again ask to the customer for a test and it works.
I was talking to a partner and he said that maybe this Inspect fix some signaling parameters of this protocol that can't work fine behind of a firewall.
View 1 Replies
View Related
Jul 11, 2011
We are using ACS 5.2 and we are trying to create a Microsoft Active Directory (AD) Identity Store. We have a user to be used in the Active Directory creation General page and we would like to know how the test communication / ACS to AD communication takes place.
Our user is a predefined user in AD and has admin rights, but the password expires every 60 days. Will this affect the communication between AD and ACS 5.2 at everytime the entered user's password expires?
View 2 Replies
View Related
Jul 30, 2010
I managed to connect acs5.1 to the AD , user's will be able to get authenticated against the AD when the state is shown "CONNECTED'. This will work ok for a day or so and goes into a 'DISCONNECTED' state , users will no more be able to authenticate . Is this a known error , or is this an error from the microsoft ws2k3 server side ?
View 3 Replies
View Related
Feb 23, 2011
I have a number of users who are failing wireless authentication. Using the troubleshooter i notice that its show message that Active Directory servers are not available. Under the Identity stores when i check on the connection status it shows disconnected. When i click on Test connection it shows successful. This ACS is a secondary. It has happened before and i removed it from the ACS cluster, rebooted it and rejoined it. Ran test connection and it showed "CONNECTED". Now it keeps showing disconnected.
View 6 Replies
View Related
Mar 7, 2011
I have installed ACS 5.2 and configured it to join the Company's Domain as an External database with Active directory 2008. I'm facing a problem that the user once authenticated using it's active directory account it's cached in the ACS and take a while for the ACS to clear this username. For example, if user TEST authenticates and then we removed this user from the AD and then tried again; it authenticates although this users is removed from the AD !!! same thing happens when we change the user group on the AD, it takes a while for the ACS to clear the old user attributes and get the new ones from the AD.
it there an aging time for this caching mechanism, or can i clear the dynamic users manually just like in ACS 4.X ?
View 3 Replies
View Related
Jul 17, 2012
I have a pair of ASA 5520s operating in failover pair as active/standby, having two contexts on them. I am planning to share the load and make it active/active making first context active on the primary unit and second context active on the secondary unit. My question is if this will disrupt any connectivity thru these firewalls when I do "no failover" on the active/standby and assign the contexts to different failover groups and enable the failover back.
View 6 Replies
View Related
May 21, 2012
I am receiving a RADIUS authentication failure stating user must change password; however, password has been changed in AD and is not requiring change password any longer on the AD side.
Is there a cache on the ACS that needs to be cleared? AD connection from ACS to domain is fine. All other accounts authenticate.
It appears that if a user lets their account expire is when this happens. Account has been reenabled in AD and password has been changed. Still will not authenticate via ACS.
View 1 Replies
View Related
Aug 24, 2011
I'm attempting to integrate an acs 5v into the domain through the gui. The connection will establish, and the status will read 'connected', just as it lists the domain I've submitted. However, I can't seem to find anything listed under the directory groups, and when I run a connection test, I simply get 'Global Catalogue port status error.' Eventually, I'd like to configure this as a radius server.
View 1 Replies
View Related
Nov 9, 2011
question 1. in the typical active directory environment and doing wireless/wired 802.1x authentication on endpoints, should ACS join as a domain computer?
question 2. for the endpoint (domain computer) join the domain, in this case is the endpoint will trust the ACS ( also domain computer) ?
question 3. what if there's a GPO policy to install the rootCA certificate toward the endpoints. In this case, ACS should issue the CSR and let the domain CA to signed as the identity certificate? Am i correct?
View 2 Replies
View Related
Oct 13, 2010
I am working with ACS 5.2 and using Radius authentication for vpn client.
The authentication method used is Active Directory in an Windows enviroment with multiple domains in the same forest.
My problem occurs when i change a user from one group to another in Active Directory. After that i receive the following message when try to connect:
15039 Selected Authorization Profile is DenyAccess
The message is because match the default policy. Another user in the same AD group works fine. All domain in the forest have trust relation each other. I am using universal groups to include users from all domain belongs this forest.
View 4 Replies
View Related
Apr 24, 2012
A customer uses Active Directory where some group names contain special characters (ç ~ '^). The Cisco ACS 5.2 is presenting the warnings: "Not all Active Directory user groups are retrieved successfully. One or more of thegroup's canonical name was not retrieved "(Category CSC Oacs_ Identity_ Stores_Diagnostics; code 24457).
What are the results of these warnings to the customer's network? Slow? Loss of access?
View 1 Replies
View Related
Jan 1, 2013
I've looked at the forum posts and the document post, and I understand the explanations. My question is, under system administration>max user session global settings, would setting a timeout (say 1 hour) purge these sessions?
Under access policies, I am not enforcing max concurrent sessions per user, due to some of our devices using a generic log in. But if I understand the explanation, and my understanding might be wrong, then setting an expiry timeout should purge the accounting sessions, right?
View 4 Replies
View Related
Oct 21, 2010
configure the Cisco ACS to authenticate the users from MS Active Directory. Cisco Acs = 4.2.1(15)Currently, i have multiple users configured as local databse. but now i want to authenticate with the domain users.
View 11 Replies
View Related
Mar 24, 2010
How to do implementation of 802.1x with alcatel phone where pc will be behind the phone and cisco switch ports are configured as trunk. Trunk native vlan is data vlan for pc and trunk carrying voice vlan.when trunk mode is enabled I can not configure 802.1x on trunk interface.
View 1 Replies
View Related
Jun 16, 2011
it is possible de use two servers ACS 5.2 (primary and secondary) in active/ active? or just in active/ passive?
View 3 Replies
View Related
Mar 21, 2011
Rather than maintaining local accounts is it possible to authenticate admins against AD? I'm talking about administrators of the ACS server itself to be clear.
View 2 Replies
View Related
Jun 9, 2013
I've successfully integrated ACS 5.3 with Active Directory for 802.1x implementation. Now i want to cache Active Directory users in ACS so that the user request from ACS does not go to AD every time.
After a certain time period the ACS database gets sync with AD.
View 3 Replies
View Related
Jul 14, 2011
I can add a ACS 5.1 to an Active Directory without using the administrator account, I have a domain administrator account by another name. I can use this account to include the ACS domain.
I have a account domain admin but when i try to add the ACS to AD have this message "can not resolve network address"
The DNS and network connectivity its OK
View 1 Replies
View Related
Sep 6, 2011
if someane has a good guide for 802.1X with ACS 5.2 with Active Directory.
View 1 Replies
View Related
Sep 26, 2010
We are still running ACS 4.1 on Window 2003 server. We recently upgraded AD to 2008 although the domain and forest functional level are still 2003. After AD upgrade we now unable to authenticate via ACS Windows Database.
View 13 Replies
View Related
May 24, 2011
I have just recently purchased a 5505 Controller and 30 3502i AP's. On my main corporate WLAN, I would like to allow users to be able to authenticate via Active Directory username and password.I am also looking for as little client side set up as possible. From what I have researched, I will need to use some type of EAP method.
I have come across two methods that appear to be the top contenders.
EAP-FAST - The method seems to be a possibility but I see that it uses certificates. If I use this method, does it mean that I would have to import the certificates to each machine manually? Also, can I configure thsi to work with just the 5508 Controller and an AD Database server or do I need an intermediary like IAS or ACS?
PEAP/GTC - This method is also a possibility and I think that it does not require certificates. Does this also require an intermediary like ACS or IAS.
View 3 Replies
View Related
Jan 14, 2011
We are using ACS 5.1 and from time to time we are getting a warning saying that the active sessions are over the limit (250000). It is just a warning, so my assumption is that its not a big deal, but how do we keep from getting the event, or prevent the event?
View 2 Replies
View Related
Oct 26, 2011
authenticate phone Mitel in ACS 5.2. I tried to authenticate a PC wich is behind of phone Mitel, but it doesn´t working.the solution work fine with vlan mapping.
This configuratión work fine with Phone Cisco but not for phone Mitel, and I had used this templace by both.
vlan 709 = guest
vlan 10 = voice
inter fas 1/0/8
switchport access vlan 709
switchport mode access
switchport voice vlan 10
[code]....
View 1 Replies
View Related
Apr 22, 2011
i have installed system (Windows Server 2003) and i have configure Active directory for testing and configure one user under it ( TEST01)now on the same machine i have installed Cisco ACS 4.2.i'm trying to Authenticate (TEST01) using ACS but it's not working, i can't even see the logs under EVENTVIWER. simple and easy to configure since both AD and ACS is on the same machine.
View 4 Replies
View Related
Mar 15, 2012
I need to change the username and password ACS uses to connect to AD. I do a "clear configuration" and reboot and am unable to join the ACS appliance back into my AD with a different username and password. I am able to rejoin the ACS machine to the domain using the original username and pass. how to clear all of the AD config off of the appliance and start fresh and use a new account to join AD?
View 3 Replies
View Related
Feb 7, 2012
customer provide quite large network with dot1x deployment - there is dual ACS5.3 servers for authentication Wired, VPN and WiFi access. Users (and computers) are mostly authenticated against Active Directory - there are several AD servers in the network.I found there is tens of cases every day with error message:24401 Could not establish connection with ACS Active Directory agent.This happens in random day and night time regardless on current authentication load. how to diagnose this more deeply? Or where to look for – is it problem with internal communication with AD Agent or is the problem in communication AD agent to AD servers? How is solved redundancy in case one AD server is not accessible – as there is no such setting in the AD connection configuration in ACS.
View 9 Replies
View Related
Dec 28, 2012
I know that our VPN users currently use Active Directory to authenticate their VPN sessions, so now I'm wondering if there is an easy way to configure my company's Cisco ASA 5510 to use either a Windows Server 2008 R2 Active Directory group (preferred method) or specific Active Directory users (less preferred) and authenticate them for management access (privilege level 15) using their Active Directory credentials. I do not want this to change the IP range used for ASDM/HTTPS/Telnet/SSH access (currently all local networks, no VPN), as those are settings that my company does not want changed.
View 5 Replies
View Related
