We are in the earlier stages of moving our Domain Controlllers from 2003 to 2008 R2. The remote agents are running in 2003 Domain Controllers. According with Cisco Documentation, I can move the agent to a Windows 2003 Member Server and the upgrade to 2008 R2 Domain Controllers.
View 4 RepliesI am wanting to setup a small network at home. I am using Server 2008r2 64 bit running on VMWorkstation, which is the only way I can run a 64bit OS. I have it installed and running on VM with active directory and a domain created. My problem is trying to join the domain with my other PC's. They cannot find the domain name. The network connection on the VM is set to NAT.
View 2 Replies View Relatedi was wondering if i really NEED to install the certificate services role in 2008r2,what do i lose by not having it, and what do i gain by using it ?
View 5 Replies View RelatedWe had a power outage that kicked off our server and our network switch (2008R2, Cisco2960), before we could get it back up, a user was able to log into his laptop.
The user used the domain login - not the local machine account - he obviously wasn't able to access any shared resources, but how did he log in with a domain account, when the server and switch were both off?
What is the benefit of having multiple Domain Controllers on a WAN
View 1 Replies View RelatedI have installed the Cisco ACS 4.2 in a server running Windows 2003 Server, and this server is member server of the domain. The ACS is working whit a Wireless Platform 4400, and authenticating to the Wireless Users using PEAP and Digital Certificate. But now, the windows platform will be upgraded to Windows 2008. My doubt are the following:
1. The ACS running in a windows 2003 server, will authentificate users in the new windows 2008 domain?
2. At the beginning, the ACS and the Windows domain was 2003. Now whit the change of the version of windows domain, What happens whit the configuration of the acs server as member server? I need reconfigure the member server configuration in the ACS Server?
that big network has DHCP server which give ip addresses to clients and manage their internet.in one of this companies because of security matters they set up a domain network for themselves .problem is this if they use main DHCP their systems get ip in form of 172.16.58.x and boot up slowly it takes about 3 min to network indicator appears near clock and also they get into problem when ever they want to add a shared printer.but if they get ip address from DHCP and set that ip address and subnet mast and gateway manually the same as main DHCP server and only change dns server to theirs DC controller ip address every thing will work properly .but problem is they must set their ip addresses automatically.that is DHCP ip address sample
172.16.58.23
255.255.255.0
172.16.58.1
dns=172.16.1.1 & 172.16.1.2
see 172.16.58 is ip range of this company on that big network
We have a Cisco ACS 5.2 deployment (appliance). It has an existing integration with Active Directory. We utilize this with RADIUS to authenticate our wireless users and TACACS for managing our network equipment.The RADIUS reports are useful for other teams (outside my own) to be able to troubleshoot password and account lockouts (everyone forgets to change the password on their phone).I would like to allow this team and other access to view the RADIUS authentications report.
View 2 Replies View RelatedI'm installing ACS4.2 in our lab domain and want to leverage the corporate domain for authentication. The one way trust is in place, but there is a facet that I'm not clear on in regards to the installation requirement.
I'd like to install ACS on a lab domain member server, but I'm not sure that will work. The installation docs seem to imply that a member server must be in the same domain as the authentication server, but its not very clear. if I want to use the one way trust to the Corporate Domain, am I required to install ACS on the domain controller of the Lab Domain?
Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
View 5 Replies View RelatedI know that in small networks, one of the computers is elected the Master Browser role, and elections are held every now and then. In domain networks that implement Active Directory, is there still a Master Browser role, or do the domain controllers take over this role?
View 1 Replies View RelatedIs NPS (windows 2008R2) supports EAP-TLS? I've built an NPS to authenticate wireless clients (WLC 2504). But in the EAP types I only see EAP(PEAP) this only requires a certificate on the server side.
I want the clients also should have a certificate, for that the NPS should support EAP-TLS
I am moving a Windows Server to a new location. We currently have static IPs but are not using any of them so at the new location I requested no new static IPs. With that being said is there anything I need to worry about when I move? From what I have heard it should be a turn it on and go type of move.
View 1 Replies View RelatedI have this test windows 2008 r2 server. I can connect to the internet on this server.However my client xp machine, cannot see the server via windows explorer. I can however ping the windows 2008 r2 server. Using the servers ip of 192.168.1.230 Another thing is I cannot also remote to the server on the internal LAN. Using RDP.I ve even tried with firewalls turned off on the server for some mins.
View 1 Replies View RelatedI got a few of these NICs and Windows Server 2008R2 is not installing any drivers.
I tried downloading some drivers off Intel website and still no joy.
Since this is a Dell OEM product, how to get the correct set of drivers?
i am looking for alternatives to Windows System Resource Manager, as we do not have Datacenter or Enterprise editions of 2003, or 2008/R2 terminal servers. The main problem we have is when a user tanks the entire server with Excel in a workbook that would be more appropriate as an Access SQL database rather than being in Excel.
View 3 Replies View Relatedl have a new ACS v 5.2 appliance and l´m trying to join to my domain, but l haven´t could, the acs shows me the Clock skew error, and l was checking some documents about it doesnt work. the acs have the same timezone and time that my domain, but the problem persist
View 7 Replies View RelatedI have acs 4.2 for windows installed on a windows server 2003 box, because of a merger I need to now authenticate against 2 different domains, there is a bidirectional trust between the two domains and the dial-in permission has been set in ADUC but whenever I try to authenticate a user it says dial-in permissions needed in the acs failed authentication log.
View 5 Replies View Relatedthis is what happens when I try to join an acs 5.3 to the domain. On two other acs appliances, it works.
View 1 Replies View RelatedI have just change the DNS domain name of my ISE from CLI and restarted the appliance (its a 3395 appliance)However,, when i log in via GUI it doesnt reflect the new dns name.
View 1 Replies View RelatedI have been having some issues with an ACS express joining a domain. This device previously had joined and after a weekend we received a notice that users were not authenticating to the domain. This in turn let us to find out the the device was unable to join the domain. Further research led us to find that the account the device was using to join the domain had been disabled. However, after re-enabling the account we would only recieve domain timeouts when tried to join. I opened a case with cisco and we have tried everything under the sun to no avail. I can ping the AD server (name & ip) from the ACS express. Cisco apply a root patch that allowed us to create hosts file entries on the device. I checked the system time and made sure it was within 5 minutes of the Domain controller time. In the logs of the ACS express the only thing I can really find is:
-"Checking remote join status: SMB connectivity failed"
-"Timeout reached in getting AD Diag info"
"acsxp/server Warning Server 0 is DisconnectedMode, IOException for reason, ipc socket connect; No such file or directory:
Recently we re-imaged the ACS and tried to join the domain without the old config on it and just received the same error. I reloaded the backup after that which also resulted in no change. I am starting to think that there is more of a domain issue rather than networking but am having issues finding a way to prove this via the logs. The are other ACS's configured in the network and the settings on this device match the settings on the other device in the network which are working correctly.
I've just installed two ACS 5.2 appliances and I'm trying to get them to join my domain, I've setup an account that has the relevant permissions (tested the account on a laptop and it can join the machine to the domain).
The ACS keeps coming back with an invalid credentials to join the domain error despite the fact that I know the user in question has the correct permissions.
I have a suspicion that the problem is related to how the ACS handles the Active Directory Domain, we have a large domain that spans several domain controllers. The DNS server uses round robin DNS to serve a different DC's IP each time, however a typical windows laptop is aware of what controllers it's allowed to use whereas the ACS box doesn't appear to be.
The ACS servers are located in a network in the UK that is only allowed to talk to 2/6 DC's and I have no way of controlling what IP appears when the ACS tries to join the domain due to the round robin DNS.
Is there any way to get around this? Or any way to hard code a specific DC for the server to connect to? Even being able to add the DNS manually to a hosts file would work.
we are facing a strange problem with a Cisco Small Business SG 200-08 Switch (firmware release 1.0.1.0). When configuring the switch to act as a RADIUS Client with 802.1x port security enabled, it sends the “Account Name” attribute to the radius server with max. 32 characters. The string comes in this format: host/dns Host Name and will be cut after 32 characters which will cause the NPS to say: “The specified domain does not exist.” and NPS is right. When I reduce the hostname so that host/dnsHostName <= 32 characters, authentication is working fine. And by the way, we also have a SG 200-26 in production and it can handle more than 32 characters which lead me to think of a bug in the firmware of the SG 200-08.
View 1 Replies View RelatedWe have an ACS 5.2 server connected to an AD domain controller which has several trusted domains. (domain1, domain2, domain3) We currently have to specify which domain each user belongs to (ie, domain1user) in order to connect. We would like to only have to enter the user name without the prefix, (ie, user1) and have ACS automatically check each domain for a match. Is this possible with ACS 5.2? I seem to remember this was possible with ACS 4.2.
View 2 Replies View RelatedWithin ACS 5.2, does any know of a way to see which specific domain controller a request is sent to?
View 1 Replies View RelatedI have a question. What is the requirement of integrate ACS 4.2 Appliance and AD about CA server? it has to be windows 2003 server enterprice o windows 2008 enterprice? or it can be windows 2003 and 2008 stand alone? another question is about multi domain, i have domain father and children. the installation of CA Server is in domain father to enable 802.1x with AD with all domain children integrate? or I can be install the CA server in the server of domain children and is it work (CA server installed in server in domain child and it working all domains child and father)?
View 1 Replies View RelatedI try to join an ACS v. 5.3 to the domain. For my acs in Location A, I can join without problems using my account. When I try to join the ACS in location B to the same domain with the same account, it doesnt work.I looked at the debug log files for the ad client, and noticed, that the ACS in location B goes to a certain Domain Controller. However, I would have expected the ACS to contact another DC, which is located on the same location as the ACS ... this doesnt happen.
My question: How does the ACS determine what DC to contact ? Is it possible to force the AC to join by connecting a certain DC ?
We having ACS version 5.2 0.26 with Active/Standby. We need to integrate active directory with ACS. Domain name given by Server team was as xyzcompy.local. When I tried to resolve the same domain name I got five servers ip address against the same domain name. however we given the ip reachability to only for two servers. We we try to save we get error saying that "Can not resolve the network address".
So my questions are;
- does ACS should have ip reachaibility to all five servers
- does the username/password we entered in the ACS should have domain admin rights?.
- the given AD is configured with windows NTP [URL] but when we configured ACS as windows NTP it was taking local server as active NTP..?
When we check the ACS logs, we saw the following error;
in acsLocalStore:
AdminName=acsadmin, DomainName=qatarconvention.local, ADOperationResult=unable to create secured connection against AD server, switching to non-secured connection. javax.naming.CommunicationException: simple bind failed: qnccad02.xxxxconvention.local:636 [Root exception is java.net.SocketException: Connection reset],
in ACSADAgent;
32484]: INFO dns.findsrv FindSrvFromDns failed: res_query failed _ldap._tcp.xxxxconvention.local
Sep 4 12:43:20 acs01-cc4 adjoin[32484]: INFO cli.adjoin Join to domain 'xxxxconvention.local', zone 'null' failed.
I attached some screen print which saw the error and output of nslookup for the domain name.
We have configured ACS 5.1 for autenticating wireless users with active directory, which is working fine now.But we would like implement that single user should be authenticated through ACS . If any user try to access WLAN from multi system will be notified with multi login access restriction.Can we implement this policy in acs, if possible what are the exact configuration changes we have to implement.
View 1 Replies View RelatedWe have cross domain trust relationship established and I have added the user group in our ACS 5.1. we are using Active directory as an external Identity store. Also I have created a rule in the 'Access polices' to allow the user group. From the cross domain, I use abc@xxx.xyz as a user id, but I get this error message 13036 Selected Shell Profile is DenyAccess.
View 3 Replies View RelatedWe are currently evaluating a ACS 1121 running 5.2, we are trying to configure this to Authenticate eap-peap requests.
Our users will be using credentials in a username@example.com format, if the server sees a request using username@anotherrealm.com then it would forward the request to a external proxy radius server, if the server saw a request for our domain it would strip off the @example.com part and authenticate against AD.
Im finding it hard locating documentation to tell the server if a request comes from a NAS using username@example.com then strip @example.com and authenticate username against AD.
On our ASA5510 in the area AAA Server Groups, there is an entry for LDAP and an object that refers to our 2003 Domain Controller. This DC has LDAP over SSL enabled and I can see the DN and Password for a domain user account.I've created two new DC's, both R2 2008 but when I enable these in the same way it says it could not authenticate, ERROR auth server not responding, AAA group removed.I thought this had something to do with CA being installed on a DC, but it's not running as a service on the DC that was already referred to.
View 2 Replies View Relatedi have 4 pc's. how can i create DOMAIN in windows7?
View 2 Replies View Related