Cisco AAA/Identity/Nac :: ACS 5.3 - PEM File Parse Error In Win 2003 CA

Jan 31, 2012

I continue to export a Certificate Signing Request for our local CA.  They insist they are getting a parsing error (Invalid algorithm specified) when they cut and past or import the file I send them.  In fact, they have stated that they have had this error with another Linux-based CSR.
 
I'm not find this issue prevalent on the Internet, so I wonder is this if a user issue on their behalf or the fact that they are using a Win2003 box as a local CA.
 
How to get a Cisco ACS ".pem" file signed in a local Win2003 CA or advise to an alternative to configuring 802.1x using EAP-TLS?

View 3 Replies


ADVERTISEMENT

File Sharing Windows 2003 Server?

Aug 29, 2011

can you show me some screen shots on how to share file in the windows 2003 server operating system?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Authorization Between ACS 5.2 And AD 2003

Feb 27, 2011

I am in the process of setting up an ACS evaluation that will authenticate against a Windows 2003 AD. I am currently testing this with AAA TACACS+ but will evenutally setup 802.1x authentication. My problem however seems to be between the ACS and AD.
 
I have the AD External Identity store configured and successfully tested for connectivity. I created a shell profile and a command set and also created an access ploicy for Device Admin. I added the AAA commands to my test switch and do get prompted for username and password.  This is where my issue starts. Regardless of what username and passwword I enter, I always fail authentication. At least that is what is in the reports and I have 0 hits on my Access and Authorization policy rule. I am using as basic as a config as I can get with simply using a contains from one of the groups I am in for the policy rule. I had a non-AD admin account to start with thinking maybe a rights issue with the AD account but have moved to an AD admin account with no change in the results. I saw a post somewhere that the time stamps on the AD server and the ACS had to almost be perfect and recommended that NTP for ACS be the AD server as that could cause issues and I have done that as well with no change. I am wondering if there is something specific I needed to configure or something I missed between the ACS and the AD? Is there a way I can display what is passed back and forth between the ACS, or the switch, and AD to verify content? I put a call into my local SE and he is as puzzled as I am.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Will Not Enumerate 2003 AD Groups?

Aug 4, 2011

I have seen similar references to this issue, but no concrete solutions.  My new ACS appears to join my domain with little or no issues, however, when I go to list the groups nothing is ever listed.Running ACS as a vm.I have set the ntp server on the ACS server to match my domain.I can ping all domain controllers/DNS servers.nslookup resolves hostnames of my domain controllers
 
***Update***
 
I verified that a computer account for my ACS is in fact being created, however, I am receiving some Kerberos errors on my DC with the FSMO roles:
 
Event Type:          Error
Event Source:          KDC
Event Category:          None
Event ID:          26
Date:                    8/5/2011
Time:                    3:07:46 PM
User:                    N/A
Computer: <MY DC>

Description:While processing an AS request for target service krbtgt, the account <ACS SERVER> did not  have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes were 17.  The accounts available etypes were 23  -133  -128  3  1.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: How To Install ACS 4.2 On Server 2003

Oct 17, 2011

I'm curently studying for my CCNP Switch certfification, and I'm learning about RADIUS and AAA. I need to practice this topics, but unfortunately I can't find any way to do it. I have cisco ACS 4.2 but I'm unable to install it on my Server 2003 (it says mmc.exe needs to be closed, tried some things but no luck...). I'm unaware of any simulator for RADIUS or anything similar.
 
how to install ACS 4.2 on Server 2003 (how to solve the error I'm recieving), or point me towards some other product to practise RADIUS and AAA authentication

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Can't Install On Windows Server 2003 R2

Nov 29, 2011

I have a problem when I try to install ACS 4.2 on Server 2003 R2. When I start the ACS setup, i recive an error message saying:

View 6 Replies View Related

AAA/Identity/Nac :: ACS 4.2 On Windows 2003 - System Rename?

Jun 6, 2011

I am runing ACS 4.2 on Windows 2003 and for some reasons I need to rename the server name?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Configuration With Windows 2003 Active Directory?

Apr 22, 2011

i have installed system (Windows Server 2003) and i have configure Active directory for testing and configure one user under it ( TEST01)now on the same machine i have installed Cisco ACS 4.2.i'm trying to Authenticate (TEST01) using ACS but it's not working, i can't even see the logs under EVENTVIWER.  simple and easy to configure since both AD and ACS is on the same machine.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: CSlog Service Not Starting On ACS 4.2 Running On Windows 2003?

Jul 5, 2010

I just upgraded my ACS v4.0 to the latest available version v4.2(1) build 15 patch 2 and I've got some trouble with the CSLog service. I performed a successive upgrade first to v4.2 then to v4.2.1 and finally applied the two patches. Everything is working fine, I'm using both radius and tacacs services and they doing great like they were in v4.0. The only problem I have is with Cslog service which doesn't start. To be accurate, it starts but stops just after. I've uploaded some logs from cslog.log in cslog/logs directory.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Error - 22056 Subject Not Found In Applicable Identity

Oct 6, 2012

I have two ACS v 5.2 (primary and secundary) and some users are in the internal stor and the others are in the AD.The local site topology is like this:
 
PC - AP - WLC - ACS - AD
 
Authentication method is PEAP(EAP-MSCHAPv2) and all user have the certificate company installed. The OS in the client users is Windows 7.Users was working fine but some users reports intranet disconnections. I see in the ACS log  many "22056 Subject not found in the applicable identity store(s)." and "24415 User authentication against Active Directory failed since user's account is locked out" alarms.I believed it was because user wasn´t in the AD data base, but some times the same user is authenticated successfull and other i see the "22056...." or "24415...." alarms.
 
I switched the role for ACS primary to works as secundary and we see the same alarms.

View 2 Replies View Related

Cisco Application :: Set Max-parse-length 8192 On ACE

Jan 22, 2012

I would like to know the meaning of 'set max-parse-length 8192' on ACE.Looking at Cisco documentation I found:"you can set the maximum number of bytes to parse for generic protocols by using the set max-parse-length command in generic parameter-map configuration mode.You can set the maximum number of bytes to parse for generic protocols by using the set max-parse-length command in generic parameter-map configuration mode.' what a set max-parse-lenght is?

View 1 Replies View Related

Cisco VPN :: ASA5525-X - When Transfer File Get Error

Oct 16, 2012

IPsec VPN configured between ASA5525-X and Linksys RV042 ,While transfering some exe from ASA5525-X side to Linksys RV042 side over VPN hash-sum of this file changes, so, when you open transferred file, you have an error message "File is corrupted". If you try to transfer file from Linksys side, hash-sum is ok. Also, work with oracle application is interrupted because of unknown reason. IPsec works only if using router instead of ASA.

View 2 Replies View Related

Cisco Application :: ACE 4710 - Seeing Parse Errors Increment With KAL-AP

Nov 5, 2012

Client I am doing work for as two pair of ACE 4710 appliances.  On the pair I am trying to put into production, I am seeing a large number of parse errors for the kal-ap stats.  I am not sure what these mean.  When the ACE is put into production, their main website starts having issues.

View 1 Replies View Related

Cisco :: VG224 On Boot File System Error

Nov 29, 2012

Cisco VG224 (R527x) processor (revision 4.1) with 119808K/11264K bytes of memory. Processor board ID FGL150411MN, R527x CPU at 225MHz, Implementation 40, Rev 3.1, 1 On-Board Twenty-Four FXS Analog Voice Module V2.1, 2 FastEthernet interfaces, DRAM configuration is 64 bits wide with parity disabled. 63K bytes of non-volatile configuration memory. System fpga version is 250027, % Crashinfo may not be recovered at flash:crashinfo, % This file system device reports an error.

View 4 Replies View Related

Cisco :: RFC1155-SMI LMS 4.1 Error Unable To Load MIB File

Aug 16, 2012

when load MIB file have error unable to load the MIB file Error: can't find RFC1155-SMI.I can not find RFC1155-SMI.my Where I can find or download RFC1155-SMI.my.

View 5 Replies View Related

Cisco Security :: ASA 5505 - Disk0 Error (No Such File Or Directory)

Jul 19, 2011

I recently had some trouble with my ASA 5505 in that the running config would not be saved after a reboot. Definitely looked like a hardware problem with the flash memory. I have since bought a new flash memory card and copied the contents of the old card to the new card. 1st problem I have is that I can see the image on the new card, but for some reason it wont boot into that image. I get /file not found
 
I then successfully load a new image to the device and it boots successfully. I then follow it with a
 
Cisco asa# config t
Cisco(config)# boot system disk0:/asa831-k8.bin
 
(to ensure it boots from the flash in the future) and I get
 
WARNING: BOOT variable added, but unable to find disk0:/asa831-k8.bin
 
I have since tried
ciscoasa# fsck disk0:
Unsupported file system type!
 
%Error checking disk0: (No such file or directory)
 
When ever I try to do anything with Disk0: i get the same error. (No such file or directory). I have also tried putting the old flash card in the ASA and I now get the same response.

View 11 Replies View Related

Cisco VPN :: ASA 5505 Error Copying X To Temporary RamFS File Failed

Nov 16, 2012

[OK] webvpn
webvpn
[ERROR] anyconnect image disk0:/anyconnect-win-3.0.08057-k9.pkg 2
copying 'disk0:/anyconnect-win-3.0.08057-k9.pkg' to a temporary ramfs file failed
 
Trying to add the windows anyconnect to the list of usable software for clients and that error happened. What is going wrong? I assume I dont have enough RAM...

View 1 Replies View Related

Cisco :: LMS 3.2 / CiscoWorks - Receiving Error Backup Lock File Exists

Aug 14, 2011

Whenever I tried to do backup of CiscoWorks from GUI, I am receiving a error message"Backup failed. ERROR(292): C:PROGRA~1CSCOpx/backup.LOCK file exists, look into the log file C:/PROGRA~1/XCSCOpx/log/dbbackup.log for more details". backup.LOCK file size is 0KB.I am using LMS 3.2; RME 4.3.0;CM 5.2.0

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Private Key File From ACS 3.3?

Apr 26, 2011

I have my SSL server certficate on my old acs 3.3.along with private key file , How i can export this private file with .pem extension from windows 2000 server , This private key file is not identified under certificate mmc console  , Because my acs application is being installed on a separate hardisk partition under D drive .
 
file path : d:Certificatesh02cacsw02.pem
 
how i can export this.pem from that particular folder

View 4 Replies View Related

Cisco Switching/Routing :: WS 3560G 48PS Invalid Dhcp Options And Unable To Parse

Jan 13, 2013

I have configured DHCP snooping on a WS-3560G-48PS running IOS 12.2(58)SE2 ipservicesk9 variant.When I enable DHCP snooping clients don't get IP addresses, when DHCP snooping is disabled, everything works fine.I have set up a SPAN port and run a capture (attached) on the traffic. Wireshark notes the Seconds elapsed field appeared to be encoded in little-endian but only on some packets. Apart from that, I can see nothing wrong with the DHCP Offer responses from my DHCP server.Attachment config.txt contains the interesting parts of the  configuration. Please note g0/32 has been set to ARP inspection trust as  without working DHCP snooping it would require a static bind.Is there any way of figuring out which option can't be parsed? Is there a way to force forwarding of unparsable DHCP packets while still running DHCP snooping?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 - Convert Dmp File To Another Format?

Jun 16, 2011

Is there a way where I can just export the clients from one server and restore them onto another?
 
Is tehre maybe a way to convert the dmp file to another format, like csv, then modifying it and converting back to dmp?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 - Cannot Find Backup File

Jan 20, 2013

I had ACS 5.2 ( Evalution License ) setup installed on VMware with patch 11 when I try to restore earlier backup of ACS gives me  error "Cannot find acsbackup_instance.log in the backup file"

I am using Filezilla FTP sever for backup transfer.

View 5 Replies View Related

Linksys Wireless Router :: E4200 Media Server - Certain Files Cannot Properly Parse

Jul 18, 2011

I decided to play around a little more with the media server feature... I've succeeded in getting SOMETHING consistent out of the 1.0.02 firmware. It's not 100% useful.
 
Here's what I did - whether it's pertinent, who knows:
 
1) I made the Media Server "Name" completely unique. My router's name was "Penguin" and that seemed to proliferate throughout the settings on the router everywhere (SMB server name, FTP, Media Server, etc.). I decided to just call the media server "Server." I then checked the option to DISABLE the server, and saved settings.
 
2) With the Media Server OFF, browse to the share on the USB drive, and completely delete the T wonky folder.
 
3) On the Media Server page of the router config, add your media sources.
 
4) Enable the Media Server, save, and you'll then see the T wonky folder come back, and if you go into that folder, you'll see some files being "built."
 
I tested a few videos and some music with the XBMC media player on my Mac book and a Windows 7 PC. I was able to add music and video sources on my small selection of test music and videos. I was also able to play them. MP3 tags and embedded artwork showed up properly, and the streaming over wireless was very good.
 
Now... Here's the kicker. This was just a VERY small sample of my entire collection. I had about 5 albums in MP3 format on the drive, and about 10 movies that I personally converted to MP4 with Handbrake (ripped each movie to about 1.4gb). When I threw my entire 90gb music collection on the drive and told it to scan (it, being the router Media Server page), it seemed to populate the albums up to a certain point, and then crashed. I saw the data files in the T wonky folder getting larger for about 5 minutes, then it stopped growing. At that same time, XBMC wasn't able to see any music or videos. Even after turning off the media server, then re-enabling it, I wasn't able to see anything. If I deleted the T wonky folder, and went back to a smaller subset of my collection, it once again worked "reliably."
 
So, one of several things is happening here.

1) There are certain files the media server cannot properly parse, and it's crashing the services that run it.
2) Something is corrupting the media database files which then prevents it from showing up.
3) There's a maximum number of files or file size that your collection can be.
 
If only there was a syslog we could get to on the stock firmware...  Linksys.

View 1 Replies View Related

Belkin Routers :: N150 Firmware Upgrade Giving File Format Error

Mar 19, 2013

I bought belkin N150 recently. I tried to configure with my ISP. They are surprised how I don't have DHCP option in the wifi configuration and asked me to upgrade my firmware. When I tried to upgrade. I downloaded the firmware from [URL] tried to upgrade. It is showing file format error.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.0 To 5.1 Upgrade Manifest File Not Found

Mar 3, 2011

I have successfully installed the 5.0.21.9 patch and ADE-OS 1.2 update but when I attempt the 5.1 install via "app install ACS_5.1.0.44.tar.gz local" I get the error "Manifest file not found in the bundle."
 
Here is a debug of the install:
HOST/admin# app install ACS_5.1.0.44.tar.gz local Do you want to save the current configuration ? (yes/no) [yes] ? Generating configuration...Saved the running configuration to startup successfully6 [30662]: application:install cars_install.c[195]

[Code].....
 
I created the repository by TFTPing the file to disk:/Upgrade and pointing a repository to disk:/Upgrade. I verified the checksum of the file as it sits on my TFTP server and also manually extracted the file to verify the manifest.xml file is actually there.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 License File Installation Failed

Sep 19, 2011

have a  ACS 5.2 version installed on Vmware . I  purchased below  liscense
 
Product Name                  : L-CSACS-5-LRG-LIC=
Product Description         : L-CSACS-5-LRG-LIC= : ACS 5 Large Deployment License (Electronic Delivery)
 
When i am trying to upgrade the liscense i am getting an Error " Liscense file installation failed : The liscense file must contain single base liscense "

View 2 Replies View Related

AAA/Identity/Nac :: Log File Size On ACS 5.3 With Nexus 1000v

Sep 13, 2012

how do i set limit on the log file size in ACS 5.3. I had the same issue with Nexus 1000v but there is a command that enables you to set log file nane and size. it is getting bulky.

View 7 Replies View Related

AAA/Identity/Nac :: Add User (mac-addresses) To ACS 4.2 Via RDBMS With CSV File?

Mar 23, 2011

I would like to add user (mac-addresses) to the ACS4.2 via RDBMS with  a .csv file. How can I simultaneously add supplimentary user infos, like Real Name and Description ?

View 3 Replies View Related

Linksys Wired Router :: BEFSR81 V2 Ports Become Inactive / Upgrade File Pattern Error?

Jan 2, 2012

I have the BEFSR81 V2 and every day at least one of the ports become inactive and the router has to be unplugged and plugged back in to reset the ports. I was going to upgrade the firmware from version 2.44.2 to the one on the site 2.45.10 but when it is downloading I get a message at the end upgrade file pattern error. There is a problem with the router that the ports go out or will the firmware update hopefully correct that issue and how to I get the firmware to update

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2. Build15 - Replication Failed With Cannot Access File

Dec 22, 2009

Just upgraded from 4.0 - to 4.2 then to 4.2.1 15. As you may have seen with periovous posts of mine its not been an esay ride.I have now managed to get it all working - backups AAA etc but for some reason i cannot get the replication to work! Its states the following...
 
Within the Database Replication active log - Error OutBound database replication failed - refer to CSAuth log file.Other lines in the log state  its ok eg - Component logging reports was updated - being replicated to slave...

Please note that the $ is a symbol that i have used because the symbol in the log is strange and i  cannot seem to be able replicate here with this text, for example $etworks - should be networks.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 1121 Running 5.2 - Edit Hosts File?

Apr 13, 2011

Is it possible to edit the hosts file on an ACS 1121 server running ACS 5.2? Our problem is we have a single domain with multiple domain controllers at different sites. So when the ACS server tries connecting to the domain it randomly picks a domain controller which it can't connect to thus causing it to fail.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Upgrade - Wrong File From Software Download?

Mar 24, 2011

i try to upgrade acs 5.2 with the patch 5-2-0-26-1.tar.tar.Firstly it is not the correct extension when downloading the file from the download software area.then when I enter "patch install 5-2-0-26-3.tar.tar FTP" I get the following error message:
 
% Manifest file not found in the bundle
 
I believe the file is not corrupted. 

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Import Template Gives File Format Validation Failed

Sep 21, 2011

Network Resources - Network Devices and AAA Clients- File Operations - Add - gives me File Format Validation Faliled. I am carefull to leave the header as it is. The header in the Import Template looks faulty, see attached. When exporting devices I also get the same header as attached. I also tried to change the header so its all in one column, but with same result.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved