Cisco AAA/Identity/Nac :: Windows Remote Agent For ACS 4.2 Appliance?
Jun 7, 2011
The problem is that i had configured the ACS appliance with a remote agent to Integrate with Microsoft active directory and I installed that agent on one of our domain controls and it is working fine.
When I installed another agent on anther domain control and add it to the ACS server it appear that the remote authentication service is working on it but when try to make the new agent the primary and the old one the secondary from External database configuration all the domain users authenticated but only to one group which configured in Unknown User Policy.It appeared like it can't read any more groups from active directory.
View 2 Replies
ADVERTISEMENT
Jul 17, 2012
We having difficulties with installing remote agent on windows 2008 R2 64-bit server and got the attached error.
Our ACS is 4.2.0.124 and remote agents we tried are :Remote-Agent-ACSse-win-v4.2.1.15-K9.zip and Acs-4.2.1.15.9-RA.zip.
[code]...
View 3 Replies
View Related
May 4, 2011
I'm working with a 1113 ACS device running the 4.2.0.124 software. I'm trying to get multiple network device groups to use an existing Remote Agent set up for authentication against our Windows domain. For instance, we want our infrastructure switches to authenticate agains the local Active Directory and our WLC to authenticate users agains the same Active Directory. When I try and set both network device groups to use the same remote agent, it fails and reports either the host name is already in use or the IP address overlaps with an existing remote agent.
The question is:
Can I have multiple network device groups use the same remote agent? Or do I have to install the remote agent software on separate Windows servers in order to have different types of devices authenticate against the Windows AD?
View 1 Replies
View Related
Mar 18, 2013
We have ACS 4.2.0.124 runnning with remote agent installed on win 2003/32 bit ent server. Now we are facing issue like logs (daily backup) from ACS to the Remote Agent is not happening properly. We usually get logs around 1 MB everyday in remote agent but sometimes we are getting 1 KB continuosly untill the services to be restarted in ACS manually.
View 9 Replies
View Related
Mar 20, 2012
Presently we are upgrading the existing domain controller to Windows Server 2008, R2 Standard Edition.
I'm bit confound with the information available for the upgrade scenarios. Listed out the present working versions.
Cisco ACS SE - Release 4.1(1) Build 23 Patch 5
Cisco ACS Remote Agent version 4.2(0.124)
As the new operating system is going to work on 64 Bits, I think the existing ACE SE and remote agent may/should be upgraded.
Based on my existing versions, provide the possible upgrade scenarios available for me.After upgrading SE and Remote Agent should be working for 64 bit OS.
View 6 Replies
View Related
May 7, 2012
I have been doing a bit of reading on the ACS 4.2 remote agent compatibility with Windows 2008 R2, and it seems like the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and if I install the Remote agent on a Windows 2003 member server instead of the 2008 R2 DC.
View 3 Replies
View Related
Jul 17, 2011
it's possible to install ACS Remote Agent 4.2.1 on VMWare server. Is it supported by Cisco?Do you have any experience with running the remote agent on VMWare servers?
View 2 Replies
View Related
May 2, 2013
ACS 4.2 and remote agent was working properly two months before. But in past two months we are facing weird issue in RA server.For Somedays we are missing logs from both ACS and RA server. Once we notice this we use to restart the services in ACS to give workaround. But due to this we loose our daily logs intermittently and facing risk in without having logs.This is not like communication between ACS and RA is not at all happening. It happens properly for a week or month, but again it is going bad without any config change. CSAgent.ini file is properly configured.Full version is 4.2.1.15 and patch is 10 in acs and ra.ACS and Remote Agent Major and Patch version are same.
View 5 Replies
View Related
Nov 15, 2011
I have done a ADSSO config. Following all the steps in the guide with the specifics steps for windows 7 to modify the krb.txt and the strattomcat.I restart services activate the "Enable Agent-Based Windows Single Sign-On with Active Directory (Kerberos)" option on the NAM.Then, the ADSSO service start on the NAS.I modify the local policy according to the guide allowing all encryption except the one for future use.Then the NAC client say "User unknown" contact your network administrator.
View 3 Replies
View Related
Apr 26, 2011
I am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto 4.2.0.124 ,step by step by upgrade process
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable on 90 days evalution package of 4.2.0.124 of windows platform .
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1)
View 8 Replies
View Related
Dec 27, 2012
I have created a NAC Agent Customization Package and sucsesfully uploaded the 'custom.zip' file to - Policy>Policy Elements>Results>ClientProvisioning>Resources.
However, when I try to edit my Client Provisioning Policy and select AgentCustomizationPackage, my custom package dosn't appear on the drop down list, so i'm unable to select it!
View 4 Replies
View Related
Jul 30, 2012
We have a working L2 OOB VG deployment. The NAC agent pops up then says it has granted full access. The issue is about 45 seconds later it pops again then says it has granted full netowrk access. Then it does it again...etc.... The CAM thinks things are fine as it just keeps adding the user to the OUL.
View 4 Replies
View Related
Jun 24, 2012
I have two ISE appliances installed in a distributed deployment (primary "ISE1" and secondary "ISE2"), each node has the three personas installed on it. The servers are registered together and the replication is working properly between the nodes.When we are working on the first node everything is fine, if I try to disconnect ISE1 and do my tests on ISE2, the cisco NAC agent doesn't popup, unless I uninstall it and reinstall it again from the ISE2. Then it will work properly.
View 31 Replies
View Related
May 13, 2013
its been a while since I configured a Cisco firewall (PIX 6.0, SDM) - I've now been thrown in the deep end with a pair of 5525-X's (Latest Software) and I need to achieve the belowWebsense integration (Got this working)AAA Authentication for various outbound traffic routes.I'm using ASDM as I'm more comfortable with the GUI than CLI (I'm the other way round with switches!!!), I have AD Agent configured but the ASA isn't doing anything based on User Name but I have a few other things to try. What I'm trying to achieve now is ignoring certain user names from being matched to IP Addresses as I believe that this may have something to do with it.We use Sophos AV and each PC requires a Service Account to run Sophos under. Each update that Sophos attempts is seen as a login and that is the user attached to the IP Address of the machine. Within Websense, it can be told to ignore certain users for purposes of filtering and reporting etc.. but I dont seem to be able to do this with the AD Agent.
View 3 Replies
View Related
Jan 14, 2012
I have two NAC appliances version 4.8.2, one Manager and one Server, I want to know if the “nacagentsetup-win-4.8.2.1.tar.gz” software exists in my appliance or it’s CD or not? Should I download it?
When my client wants to download the software by clicking on “download Clean Access Agent 4.8.2” button this error appears “Failed to download (states=-2)”. I guess I should upload the software first but I don’t know how or where it is?
View 1 Replies
View Related
Mar 3, 2012
I'm somewhat new to ACS and am trying to complete a migration from 4 to 5.3.Currently, I've got ACS joined to my (2003) domain, and it shows status connected (although the test connect fails). I have aaa working without issue for TACACS, but all RADIUS authentication is currently failing. Logs show the message below: "24401 could not establish connection with acs active directory agent"I'm not seeing anything telling in the logs on the domain controllers.
View 1 Replies
View Related
Apr 28, 2012
installing the Cisco NAC agent through the Active Directory Group Policy. (Windows 2008 R2)Currently Cisco NAC CAS servers has been installed, configured and the switches are added. But the ports are not active. Currently users are not passing through the NAC. When the ports are active and the users trying to access the network, the browser will ask the users to install the Cisco NAC Agent.I need t by pass this by installing the Cisco NAC agent through the active directory Group Policy. How to install the Cisco NAC agent (4.9.1) to all the users in the Network (Windows XP / 7 )through Active Directory so that the users will not know that the Cisco NAC agent has been installed in their computers. By this way the users need not install the Cisco NAC agent through the Web browser and will just login their user name and password and get into the network.
View 1 Replies
View Related
Nov 18, 2012
I have a new installation of LMS 4.2 on the Soft Appliance and seem ot be only able to configure backups to the local disk? There is no option to select any of the configured repositories like there is in ACS. I can backup to /local disk, after change to filesystem as below:
chgrp casusers -R /local disk chmod 0775 /local disk
But the issue is, how to I get this off the box in an automated fashion so it can be part of our corporate backup schedule?
View 0 Replies
View Related
Jul 9, 2012
I want to configure ad agent on windows server 2008 R2 SP1 with all need patch installed.When i try to connect to DC with adacfg dc list, status is UP. Log ADOBserver's don't show any errors. But when try to do command "adacfg cache list", result - empty. In what may be the problem? Perhaps it is related to the language of the OS?
View 4 Replies
View Related
Feb 20, 2010
I could not SSH to ACS SE appliance? Why I could not, however I can do on another ACS SE.
note that I can ping the ACS SE, after disabling the CSA, so netowrk connectivity is ok.
Cisco Secure ACS: 4.2.0.124.
View 5 Replies
View Related
Nov 16, 2011
All users are located in the local identity store.So - assume I do not implement ACS but I do turn on password expiration after 60 or 90 days. Will a user whose password is about to expire attempts to authenticate against ACS 5.2, will they be notified that their password is about to expire?Also, when a user attempts to authenticate but their password expired yesterday, will they be prompted to change it and if so, how will that prompt to change it be presented?
View 3 Replies
View Related
Mar 29, 2012
My site got the NAC-3315 appliance and we would like to reimage this appliance to inline posture mode (for VPN purpose)What's the proper migration process should deal with this? Is the NAC-3315 hardware comply with the Inline posture mode requirement?
View 4 Replies
View Related
May 2, 2011
Newly shipped cisco ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ? .
My ACS BOM details
CSACS-1121-K9
ACS 1121 Appliance With 5.1 SW And Base license
[code]....
View 2 Replies
View Related
Jun 18, 2011
This is a new installation.I did to configure the ACS to connect to the AD to authenticate users and retrieve the user information for group mapping as following step. Go to Users and Identity Stores > External Identity Stores > Active Directory, and enter the domain name and provide a username/password that will allow connect to the domain.Next, click on the Test Connection button to validate joining the domain.
I got success test connection. But when I click Save Changes. I got error .
View 5 Replies
View Related
Feb 13, 2012
01. I have one customer unit C1121 ACS system shipped with version 5.1. The customer buy the base license and large deployment license along with the purchase.
02. Fact is i have manually upgrade the system to version 5.3.0.40, and applying a trial license for it for administering the appliance.
a. If i now using the purchased base license and large deployment PAK to activate the system, would it still valid for me to continue using Version 5.3.0.40?
View 2 Replies
View Related
May 2, 2013
Is it possible to add another NIC to the Cisco 3315 NAC appliance. It ships with Four ethernet interfaces, but would like to add at least 1 extra interface i.e. PCI card if possible.
View 1 Replies
View Related
Jun 21, 2012
we have below softwares in the order to install one by one on the appliance 1113.
1)ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
(Appliance Management package)
2)ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
(ACS Software package)
3)applAcs_4.2.1.15.8.zip
(ACS SE 4.2.1.15.8 cumulative patch)
take it forward to upgrade by step by step procedure. ( is that same like TFTP to transfer these packeges to appliance or different method? ) (we are using Windows XP system)
View 1 Replies
View Related
Jun 7, 2011
I'm with problems to migrate the ACS 5.1 hardware to ACS 5.1 vmware. In my infraestructure I have a appliance with ACS 5.1 and I need to migrate to vmware to do HA. I installed vmware as the Cisco ACS recommendations. I made a backup of the ACS hardware and copied the local disk vmware ACS.
When I start the restore process after a few minutes an error occurs:
UMA/admin# dir
Directory of disk:/
33293306 Jun 08 2011 16:51:38 bkp-production-110608-1433.tar.gpg
5862 Nov 07 2009 01:06:32 favicon.ico.1
16384 Jun 06 2011 17:54:34 lost+found/
[Code]....
View 4 Replies
View Related
Apr 12, 2013
I am setting up six ISE 3355 appliances 3 in one datacenter 3 in another. They have just installed a new server farm infrastructure using Nexus 5596 and Nexus 2248TP top of rack switches.I have been looking for documentation on how to do NIC teaming on the 3355 or some way to connect Gig0 to FEX101 and Gig1 to FEX102. Or do I just setup a port channel using LaCP between the two different FEX groups?
View 1 Replies
View Related
Aug 12, 2010
How do we disable the telnet to ACS appliance 4.2 1113 SE
View 4 Replies
View Related
Jul 21, 2011
I'm trying to upload the 5-2-0-26-4.tar.gpg patch to our ACS and so far have been unsucessfull. I keep getting the "please verify the patch bundle is valid".
When I download the 5-2-0-26-4.tar.gpg file, for some reason the download always comes down from Cisco as 5-2-0-26-4.tar.tar. I've renambed the file to 5-2-0-26-4.tar.gpg and verified the MD5.
View 1 Replies
View Related
Dec 6, 2011
I have installed 2 ACS 5.2 appliances, the two appear as Primary. When I try to register one of them with the other one using "System Administrator -> Local Operation -> Deployment Operations" I get the following message:
This System Failure occurred: Unable to authenticate with node.. Your changes have not been saved.Click OK to return to the list page.
I have tried with both "ACSAdmin" and "admin" users with their respective passwords.
View 3 Replies
View Related
Sep 1, 2011
I have a question. What is the requirement of integrate ACS 4.2 Appliance and AD about CA server? it has to be windows 2003 server enterprice o windows 2008 enterprice? or it can be windows 2003 and 2008 stand alone? another question is about multi domain, i have domain father and children. the installation of CA Server is in domain father to enable 802.1x with AD with all domain children integrate? or I can be install the CA server in the server of domain children and is it work (CA server installed in server in domain child and it working all domains child and father)?
View 1 Replies
View Related
