Cisco AAA/Identity/Nac :: Windows Remote Agent For ACS 4.2 Appliance?

Jun 7, 2011

The problem is that i had configured the ACS appliance with a remote agent to Integrate with Microsoft active directory and I installed that agent on one of our domain controls and it is working fine.
 
When I installed another agent on anther domain control and add it to the ACS server it appear that the remote authentication service is working on it but when try to make the new agent the primary and the old one the secondary from External database configuration all the domain users authenticated but only to one group which configured in Unknown User Policy.It appeared like it can't read any more groups from active directory.

View 2 Replies


ADVERTISEMENT

Cisco AAA/Identity/Nac :: Remote Agent For ACS For Windows 2008 R2 64-bit?

Jul 17, 2012

We having difficulties with installing remote agent on windows 2008 R2 64-bit server and got the attached error.
 
Our ACS is 4.2.0.124 and remote agents we tried are :Remote-Agent-ACSse-win-v4.2.1.15-K9.zip and Acs-4.2.1.15.9-RA.zip.
 
[code]...

View 3 Replies View Related

Cisco AAA/Identity/Nac :: 1113 - Multiple Network Device Groups Using One Windows Remote Agent?

May 4, 2011

I'm working with a 1113 ACS device running the 4.2.0.124 software.  I'm trying to get multiple network device groups to use an existing Remote Agent set up for authentication against our Windows domain.   For instance, we want our infrastructure switches to authenticate agains the local Active Directory and our WLC to authenticate users agains the same Active Directory.  When I try and set both network device groups to use the same remote agent, it fails and reports either the host name is already in use or the IP address overlaps with an existing remote agent.
 
The question is:
 
Can I have multiple network device groups use the same remote agent?   Or do I have to install the remote agent software on separate Windows servers in order to have different types of devices authenticate against the Windows AD? 

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Remote Agent With ACS 4.2

Mar 18, 2013

We have ACS 4.2.0.124 runnning with remote agent installed on win 2003/32 bit ent server. Now we are facing issue like logs (daily backup) from ACS to the Remote Agent is not happening properly. We usually get logs around 1 MB everyday in remote agent but sometimes we are getting 1 KB continuosly untill the services to be restarted in ACS manually.

View 9 Replies View Related

Cisco AAA/Identity/Nac :: Upgrading ACS 4.1 SE And Remote Agent

Mar 20, 2012

Presently we are upgrading the existing domain controller to Windows Server 2008, R2 Standard Edition.
 
I'm bit confound with the information available for the upgrade scenarios. Listed out the present working versions.
 
Cisco ACS SE - Release 4.1(1) Build 23 Patch 5
Cisco ACS Remote Agent version 4.2(0.124)
 
As the new operating system is going to work on 64 Bits, I think the existing ACE SE and remote agent may/should be upgraded.
 
Based on my existing versions, provide the possible upgrade scenarios available for me.After upgrading SE and Remote Agent should be working for 64 bit OS.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Remote Agent Compatibility (2008 R2 DC)?

May 7, 2012

I have been doing a bit of reading on the ACS 4.2 remote agent compatibility with Windows 2008 R2, and it seems like the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and if I install the Remote agent on a Windows 2003 member server instead of the 2008 R2 DC.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS Remote Agent 4.2.1 On VMWare Server?

Jul 17, 2011

it's possible to install ACS Remote Agent 4.2.1 on VMWare server. Is it supported by Cisco?Do you have any experience with running the remote agent on VMWare servers?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 / Logs Are Lost Frequently In Remote Agent Server

May 2, 2013

ACS 4.2 and remote agent was working properly two months before. But in past two months we are facing weird issue in RA server.For Somedays we are missing logs from both ACS and RA server. Once we notice this we use to restart the services in ACS to give workaround. But due to this we loose our daily logs intermittently and facing risk in without having logs.This is not like communication between ACS and RA is not at all happening. It happens properly for a week or month, but again it is going bad without any config change. CSAgent.ini file is properly configured.Full version is 4.2.1.15 and patch is 10 in acs and ra.ACS and Remote Agent Major and Patch version are same.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Clean Access Agent With NAC V 4.7.2 And Windows 7?

Nov 15, 2011

I have done a ADSSO config. Following all the steps in the guide with the specifics steps for windows 7 to modify the krb.txt and the strattomcat.I restart services activate the "Enable Agent-Based Windows Single Sign-On with Active Directory (Kerberos)" option on the NAM.Then, the ADSSO service start on the NAS.I modify the local policy according to the guide allowing all encryption except the one for future use.Then the NAC client say "User unknown" contact your network administrator.

View 3 Replies View Related

AAA/Identity/Nac :: Windows ACS 4.2.0 Backup Database On 1120 Appliance 4.2.1.15?

Apr 26, 2011

I am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto  4.2.0.124 ,step by step by upgrade process
 
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
 
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable  on 90 days evalution package of 4.2.0.124 of windows platform .
 
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
 
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1)

View 8 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1.2 - Agent Customization Package?

Dec 27, 2012

I have created a NAC Agent Customization Package and sucsesfully uploaded the 'custom.zip' file to - Policy>Policy Elements>Results>ClientProvisioning>Resources.
 
However, when I try to edit my Client Provisioning Policy and select AgentCustomizationPackage, my custom package dosn't appear on the drop down list, so i'm unable to select it!

View 4 Replies View Related

Cisco AAA/Identity/Nac :: NAC 4.9 Agent Constantly Pops Up

Jul 30, 2012

We have a working L2 OOB VG deployment. The NAC agent pops up then says it has granted full access. The issue is about 45 seconds later it pops again then says it has granted full netowrk access. Then it does it again...etc.... The CAM thinks things are fine as it just keeps adding the user to the OUL.                

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ISE2 - NAC Agent Failing To Popup

Jun 24, 2012

I have two ISE appliances installed in a distributed deployment (primary "ISE1" and secondary "ISE2"), each node has the three personas installed on it. The servers are registered together and the replication is working properly between the nodes.When we are working on the first node everything is fine, if I try to disconnect ISE1 and do my tests on ISE2, the cisco NAC agent doesn't popup, unless I uninstall it and reinstall it again from the ISE2. Then it will work properly.

View 31 Replies View Related

Cisco AAA/Identity/Nac :: 5525 Ignoring Users Using AD Agent

May 13, 2013

its been a while since I configured a Cisco firewall (PIX 6.0, SDM) - I've now been thrown in the deep end with a pair of 5525-X's (Latest Software) and I need to achieve the belowWebsense integration (Got this working)AAA Authentication for various outbound traffic routes.I'm using ASDM as I'm more comfortable with the GUI than CLI (I'm the other way round with switches!!!), I have AD Agent configured but the ASA isn't doing anything based on User Name but I have a few other things to try. What I'm trying to achieve now is ignoring certain user names from being matched to IP Addresses as I believe that this may have something to do with it.We use Sophos AV and each PC requires a Service Account to run Sophos under. Each update that Sophos attempts is seen as a login and that is the user attached to the IP Address of the machine. Within Websense, it can be told to ignore certain users for purposes of filtering and reporting etc.. but I dont seem to be able to do this with the AD Agent.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Download Clean Access Agent 4.8.2

Jan 14, 2012

I have two NAC appliances version 4.8.2, one Manager and one Server, I want to know if the “nacagentsetup-win-4.8.2.1.tar.gz” software exists in my appliance or it’s CD or not? Should I download it?
 
When my client wants to download the software by clicking on “download Clean Access Agent 4.8.2” button this error appears “Failed to download (states=-2)”. I guess I should upload the software first but I don’t know how or where it is?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 RADIUS Authentication Failing / Active Directory Agent

Mar 3, 2012

I'm somewhat new to ACS and am trying to complete a migration from 4 to 5.3.Currently, I've got ACS joined to my (2003) domain, and it shows status connected (although the test connect fails). I have aaa working without issue for TACACS, but all RADIUS authentication is currently failing. Logs show the message below:  "24401 could not establish connection with acs active directory agent"I'm not seeing anything telling in the logs on the domain controllers.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Installing NAC Agent 4.9.1 Through Active Directory Group Policy

Apr 28, 2012

installing the Cisco NAC agent through the Active Directory Group Policy. (Windows 2008 R2)Currently Cisco NAC CAS servers has been installed, configured and the switches are added. But the ports are not active. Currently users are not passing through the NAC. When the ports are active and the users trying to access the network, the browser will ask the users to install the Cisco NAC Agent.I need t by pass this by installing the Cisco NAC agent through the active directory Group Policy. How to install the Cisco NAC agent (4.9.1) to all the users in the Network (Windows XP / 7 )through Active Directory so that the users will not know that the Cisco NAC agent has been installed in their computers. By this way the users need not install the Cisco NAC agent through the Web browser and will just login their user name and password and get into the network.

View 1 Replies View Related

Cisco :: LMS 4.2 Soft Appliance - Remote Backups

Nov 18, 2012

I have a new installation of LMS 4.2 on the Soft Appliance and seem ot be only able to configure backups to the local disk? There is no option to select any of the configured repositories like there is in ACS. I can backup to /local disk, after change to filesystem as below:

chgrp casusers -R /local disk chmod 0775 /local disk 

But the issue is, how to I get this off the box in an automated fashion so it can be part of our corporate backup schedule?

View 0 Replies View Related

Cisco Firewall :: Configuring Ad Agent On Windows Server R2 2008 SP1 RUS?

Jul 9, 2012

I want to configure ad agent on windows server 2008 R2 SP1 with all need patch installed.When i try to connect to DC with adacfg dc list, status is UP. Log ADOBserver's don't show any errors. But when try  to do command "adacfg cache list", result - empty.  In what may be the problem? Perhaps it is related to the language of the OS?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Unable To SSH To ACS 4.2.0.124 SE Appliance

Feb 20, 2010

I could not SSH to ACS SE appliance? Why I could not, however I can do on another ACS SE.
 
note that I can ping the ACS SE, after disabling the CSA, so netowrk connectivity is ok.
 
Cisco Secure ACS: 4.2.0.124.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Secure ACS 5.2 Appliance To Use Or Not To Use UCP

Nov 16, 2011

All users are located in the local identity store.So - assume I do not implement ACS but I do turn on password expiration after 60 or 90 days.  Will a user whose password is about to expire attempts to authenticate against ACS 5.2, will they be notified that their password is about to expire?Also, when a user attempts to authenticate but their password expired yesterday, will they be prompted to change it and if so, how will that prompt to change it be presented?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Re-image NAC-3315 Appliance To ISE

Mar 29, 2012

My site got the NAC-3315 appliance and we would like to reimage this appliance to inline posture mode (for VPN purpose)What's the proper migration process should deal with this? Is the NAC-3315 hardware comply with the Inline posture mode requirement?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 1121 Appliance Downgrade To 4.2.0.124

May 2, 2011

Newly shipped cisco  ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ? .
 
My ACS BOM details
CSACS-1121-K9
ACS 1121 Appliance With  5.1 SW And Base license

[code]....

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Configure ACS 5.1 Appliance To Connect To AD

Jun 18, 2011

This is a new installation.I did to configure the ACS to connect to the AD to authenticate users and retrieve the user information for group mapping as following step. Go to Users and Identity Stores > External Identity Stores > Active Directory, and enter the domain name and provide a username/password that will allow connect to the domain.Next, click on the Test Connection button to validate joining the domain.
I got success test connection. But when I click Save Changes. I got error .

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Licensing On C1121 ACS Appliance

Feb 13, 2012

01. I have one customer unit C1121 ACS system shipped with version 5.1. The customer buy the base license and large deployment license along with the purchase.
 
02. Fact is i have manually upgrade the system to version 5.3.0.40, and applying a trial license for it for administering the appliance.
 
a. If i now using the purchased base license and large deployment PAK to activate the system, would it still valid for me to continue using Version 5.3.0.40?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Expanding NIC On 3315 NAC / ISE Appliance

May 2, 2013

Is it possible to add another NIC to the Cisco 3315 NAC appliance. It ships with Four ethernet interfaces, but would like to add at least 1 extra interface i.e. PCI card if possible.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Up-gradation ACS 4.2.0.124.16 On Appliance 1113 To ACS 4.2.1.15

Jun 21, 2012

we have below softwares in the order to install one by one on the appliance 1113.

1)ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
(Appliance Management package)

2)ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
(ACS Software package)

3)applAcs_4.2.1.15.8.zip
(ACS SE 4.2.1.15.8 cumulative patch)
 
take it forward to upgrade by step by step procedure. ( is that same like TFTP to transfer these packeges to appliance or different method? ) (we are using Windows XP system)

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Migration ACS 5 Appliance To ACS 5.1 Vmware

Jun 7, 2011

I'm with problems to migrate the ACS 5.1 hardware to  ACS 5.1 vmware. In my infraestructure I have a appliance with ACS 5.1 and I need to migrate to vmware to do HA. I installed vmware as the Cisco ACS recommendations. I made ​​a backup of the ACS hardware and copied the local disk vmware ACS.
 
When I start the restore process after a few minutes an error occurs:
 
UMA/admin# dir
Directory of disk:/
    33293306 Jun 08 2011 16:51:38  bkp-production-110608-1433.tar.gpg
       5862 Nov 07 2009 01:06:32  favicon.ico.1
      16384 Jun 06 2011 17:54:34  lost+found/
[Code]....

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ISE 3355 Appliance Use Of Both GigE Ports

Apr 12, 2013

I am setting up six ISE 3355 appliances 3 in one datacenter 3 in another. They have just installed a new server farm infrastructure using Nexus 5596 and Nexus 2248TP top of rack switches.I have been looking for documentation on how to do NIC teaming on the 3355 or some way to connect Gig0 to FEX101 and Gig1 to FEX102. Or do I just setup a port channel using LaCP between the two different FEX groups?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Disable Telnet To ACS Appliance 4.2 1113 SE?

Aug 12, 2010

How do we disable the telnet to ACS appliance 4.2 1113 SE

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Unable To Upload Patch To ACS 5.2 Appliance?

Jul 21, 2011

I'm trying to upload the 5-2-0-26-4.tar.gpg patch to our ACS and so far have been unsucessfull. I keep getting the "please verify the patch bundle is valid".
 
When I download the 5-2-0-26-4.tar.gpg file, for some reason the download always comes down from Cisco as 5-2-0-26-4.tar.tar. I've renambed the file to 5-2-0-26-4.tar.gpg and verified the MD5.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Unable To Register A Secondary ACS 5.2 Appliance

Dec 6, 2011

I have installed 2 ACS 5.2 appliances, the two appear as Primary. When I try to register one of them with the other one using "System Administrator -> Local Operation -> Deployment Operations" I get the following message:
 
This System Failure occurred:  Unable to authenticate with node.. Your changes have not been saved.Click OK to return to the list page.
 
I have tried with both "ACSAdmin" and "admin" users with their respective passwords.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Appliance Integrate Multi Domain

Sep 1, 2011

I have a question. What is the requirement of integrate ACS 4.2 Appliance and AD about CA server? it has to be windows 2003 server enterprice o windows 2008 enterprice? or it can be windows 2003 and 2008 stand alone? another question is about multi domain, i have domain father and children. the installation of CA Server is in domain father to enable 802.1x with AD with all domain children integrate? or I can be install the CA server in the server of domain children and is it work (CA server installed in server in domain child and it working all domains child and father)?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved