ACS 1121 Gigabit 0 not working
Hi,
I have an ACS 1121 appliance newly shipped and the gigabit 0 interface worked initially but after reload it didn't anymore.
Any hints?
Regards
Hi k abillama,
Make sure you have connected to port 6 because port 2 and 5 are the (Blocked) Gigabit Ethernet.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_hw_ins.pdf
As you said that it worked initially but stop working after reload, it could be a hardware issue as well if the conneciton has been made as per document mentioned.
thanks,
Vinay
Similar Messages
-
ACS 4.2 services not working
The server is running with Windows 2003 SP2 and due to some issue it got rebooted. After reboot all services stopped working.
CSAdmin, CSMon and CSRadius hanged in Starting state and CSLog in Stopping state. When i chaged the startuptype to manual and started these services
i got " Could not start the CSAdmin service on Local computer. Error 1053 The service did not respond to the start or control request in a timely fashion "
For CSLog service it gives the error message "The CSLog service on Local Computer started and then stopped. Some service stop automatically if they have
no work to do, for example, the Performance Logs and Alerts service."
In the eventviewer it shows "The description for Event ID ( 1 ) in Source ( CiscoAAA ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: CSAdmin, Can not initialize SchemeLayer, 74."
While automatic startup type event viewer shows below error.
"The description for Event ID ( 1 ) in Source ( acs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: *** ERROR *** Assertion failed: 103401 (9.0.0.1271)
Unable to open file (C:\Program Files\CiscoSecure ACS v4.2\CSDB\acs.db) which previously opened successfully; error = 32.The description for Event ID ( 1 ) in Source ( acs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: *** ERROR *** Assertion failed: 103401 (9.0.0.1271)
Unable to open file (C:\Program Files\CiscoSecure ACS v4.2\CSDB\acs.db) which previously opened successfully; error = 32."
Please help me to fix this.
ThanksSince we had no access to ACS windows server. We tried to take backup from csutil but it gave schemalayer error message.As we have AV stopped, logs files deleted from the directory, killed the stuck services from the task manager and restarted the server. If it still not allowing you to restart the services, most likely you need to take backup, uninstall the ACS server and reinstall the same version of ACS followed by restore.
~BR
Jatin Katyal
**Do rate helpful posts** -
E4200 Gigabit ports not working....
I just upgraded to an E4200 from a D-Link DIR-655. I cannot seem to get my desktop to connect to the E4200 at 1 GBS. My adapter is set to "auto negotiate" but will only connect at 100 MBS. If I try forcing the adapter setting to 1 GBS, it never connects. I can swap out my E4200 with the DIR-655 and it will connect at 1 GBS just fine. I am using a CAT 5E cable. Is there something I'm missing here or is the E4200 just more finicky than the the DIR-655?
It's electronics. Maybe there is really a general hardware compatibility problem with the E4200 and the Intel adapter. Possible.
But generally, you'll find it's more a hardware issue of either one. It's electronics. It happens all the time that some parts are not of the quality they should be. Then one device operates a little bit off the spec. Other devices may well work together with it as they tolerate the variance while other devices don't work good together with it and have problems or won't work at all.
You can only try to find out which one might be more likely by connecting a variety of devices to your E4200 and use a variety of routers and switches to connect to the Intel and of course with a variety of cables.
I think, generally you'll find that all ethernet devices work quite well together (at least on the ethernet level) and that if there is an issue you want to find out where the problem is and replace that device. That's just better in the long run... Otherwise it won't help you if you want to connect the next device after warranty expired and you find the same issues again... -
I have bought WRT610N yesterday. I have laptop and PC with Gigabit interface. But the system shows only 100 Mb. I didn’t found the setting of lan speed in WEB interface of the router. What can I do wrong?
The Firmware Version is 1.00.03 B15 May. 14, 2009Good day.
I have resolve the problem.
It was my mistake. I have made a mistake in pressing out of patch cord.
Message Edited by Delphin911 on 03-04-2010 10:11 PM -
ACS 5.3 - comman sets not working
We installed ACS 5.3 on Vmware -cent os , and a cisco router is configured to authenticate to this TACACS+ server ,
i am able to login to router using the specified TACACS username ./ password and able to see the hits also as below in the policy ,
But the Command sets are not working as definded, pls help me to find the problem..
Filter:
StatusNameIdentity GroupNDG:LocationNDG:Device TypeTime And DateCommand SetsShell ProfileHit Counts
Match if:
EqualsNot Equals
EnabledDisabledMonitor Only
Status
Name
Conditions
Results
Hit Count
Identity Group
NDG:Location
NDG:Device Type
Time And Date
Command Sets
Shell Profile
1
RO ACCESS
in All Groups:READ ONLY ACCESS
in All Locations
in All Device Types
-ANY-
READ ONLY POLICY
RO SHELL
10
2
RESTRICTED ACCESS
in All Groups:RESTRICTED ACCESS
in All Locations
in All Device Types
-ANY-
RESTRICTED USER POLICY
Permit Access
1
3
SUPER ADMIN ACCESS
in All Groups:FULL ACCESS
in All Locations
in All Device Types
-ANY-
PERMIT ALL POLICY
Permit Access
0Logs for such a RO-read only user login
AAA Protocol > TACACS+ Authentication Details
Date :
August 27, 2012
Generated on August 28, 2012 7:13:37 AM UTC
Authentication Details
Status:
Passed
Failure Reason:
Logged At:
Aug 27, 2012 12:18 PM
ACS Time:
Aug 27, 2012 12:18 PM
ACS Instance:
acsserver
Authentication Method:
PAP_ASCII
Authentication Type:
ASCII
Privilege Level:
15
User
Username:
muthu
Remote Address:
172.20.1.25
Network Device
Network Device:
Default Network Device
Network Device IP Address:
192.168.251.26
Network Device Groups:
Device Type:All Device Types, Location:All Locations
Access Policy
Access Service:
TAFE POLICY1
Identity Store:
Internal Users
Selected Shell Profile:
RO SHELL
Active Directory Domain:
Identity Group:
All Groups:READ ONLY ACCESS
Access Service Selection Matched Rule :
Rule-2
Identity Policy Matched Rule:
Default
Selected Identity Stores:
Internal Users, Internal Users
Query Identity Stores:
Selected Query Identity Stores:
Group Mapping Policy Matched Rule:
Default
Authorization Policy Matched Rule:
RO ACCESS
Authorization Exception Policy Matched Rule:
Other
ACS Session ID:
acsserver/132692348/212
Service:
Login
AV Pairs:
Response Time:
4
Other Attributes:
ACSVersion=acs-5.3.0.40-B.839
ConfigVersionId=97
Protocol=Tacacs
Type=Authentication
Action=Login
Port=tty194
Action=Login
Port=tty194
UserIdentityGroup=IdentityGroup:All Groups:READ ONLY ACCESS
Authentication Result
Type=Authentication
Authen-Reply-Status=Pass
Steps
Get TACACS+ default network device setting.
Received TACACS+ Authentication START Request
Evaluating Service Selection Policy
Matched rule
Selected Access Service - TAFE POLICY1
Returned TACACS+ Authentication Reply
Get TACACS+ default network device setting.
Received TACACS+ Authentication CONTINUE Request
Using previously selected Access Service
Evaluating Identity Policy
Matched Default Rule
Selected Identity Store - Internal Users
Looking up User in Internal Users IDStore - muthu
Found User in Internal Users IDStore
TACACS+ will use the password prompt from global TACACS+ configuration.
Returned TACACS+ Authentication Reply
Get TACACS+ default network device setting.
Received TACACS+ Authentication CONTINUE Request
Using previously selected Access Service
Evaluating Identity Policy
Matched Default Rule
Selected Identity Store - Internal Users
Looking up User in Internal Users IDStore - muthu
Found User in Internal Users IDStore
Authentication Passed
Evaluating Group Mapping Policy
Matched Default Rule
Evaluating Exception Authorization Policy
No rule was matched
Evaluating Authorization Policy
Matched rule
Returned TACACS+ Authentication Reply
Additional Details
Diagnostics ACS Configuration Changes -
1. TACAS+ Accounting and Logged in Users report is not working on ACS 4.1(1
Hi,
I am facing problem with ACS 4.1 accounting, TACAS+ Accounting and Logged in Users report are not working, the csv file is been generated but nothing is showened in the file.
I have checked the documents related to ACS 4.1, it says that there is a bug related to command accounting âCSCsg97429 - TACACS+ Command Accounting does not work in ACS 4.1(1) Build 23â.
Tried upgrading the same with the patch applAcs-4.1.1.23.3.zip, still it is not working.
Other reports are working fine.
1. TACAS+ Accounting - not working
2. Logged in Users - not working
3. TACAS+ Administration - working
4. Passed Authentication - working
5. Failed Attempts - working
Any suggestions or any idea, please revert.
Regards
VineetHi,
Thanks
Yes I have configured the command âaaa accounting exec default start-stop group tacacs+â
As I have mentioned all the other reports are working. Which user and when he has logged in and what commands he has used. Only the TACAS+ Accounting and logned user is not working.
Regards,
Vineet -
After upgrading ACS 3.3.1 to 4.2 on windows the local database is not working
Hi,
I have upgaded the ACS 3.3.1 for windows server to 4.2. Everything went fine but the local database is not working.
The CD is an upgrade kit from 3.x to 4.2 on windows. I tried to install directly the 4.2 I was able to install but integration with AD/LDAp is not working. Anysay its an upgrade kit so I cant expect it shoud work when install drectly the 4.2 but by upgrading from 3.3 to 4.2 everything should work fine.
I followed the upgradation path as recomended.
Also we have a requirment that once it is upgraded to 4.2 we need to shift the whole thing from the physical server to a virtual machine on VMware ESX server 3.5.
Can anybody pls guide me if anything else to do after the upgradation.
Thanks & Regards
SachiHi Javier,
First of all I was facing a problem of restoring the old database of 3.3 to 4.2. Somehow I overcame that issue by following the below steps. Now local authentication is working fine but AD/other External database authentication is not working. As you told the setting for the unknown users are configured to fetch the credentials from the external database if it is not in the local database.
Do we need to do anything in the AD itself?
Regards
Sachi
Steps for ACS upgrade to 4.2 version
Below are the requested steps mentioned for the up gradation from ACS 3.3.2 to ACS 4.2.
1) Take a configuration backup from existing ACS. ACS--->System
configuration----> ACS Backup
2) now if you have ACS 3.3.2 on server. take backup of the ACS
3) Insert the cd or if you have the set up on the system then Run the setup of ACS 3.3.4. During the process it will prompt you to
upgrade existing configuration. Make sure you check that option else we will
loose the database. Now you need to hit next.next to finish the 3.3.4 upgrade.
4) Once you are at 3.3.4, take a backup and keep it handy.
5) Run the setup of 4.1.1. During this process it will prompt you to
upgrade existing configuration. Make sure you check that option else we will
loose the database. Now you need to hit next.next to finish the 4.1 upgrade.
6)Once you are at 4.1.1.24 take a backup and keep it handy.
7) Run the setup of 4.2. During this process it will prompt you to
upgrade existing configuration. Make sure you check that option else we will
loose the database. Now you need to hit next.next to finish the 4.2 upgrade.
8) Once you are at 4.2 take a backup and keep it handy. Now run the
patch 12 and take a backup again.
9) Now fresh install 4.2 on your new production server and install patch
12. Restore the 4.2 patch 12 backup and you should be all set. -
TACACS enable password is not working after completing ACS & MS AD integration
Enable password for (Router, Switches) is working fine if identify source is "Internal Users", unfortunately after completed the integration between ACS to MS AD, and change the Identity source to "AD1" I got the following result
1. able to access network device (cisco switch) using MS AD username and password via SSH/Telnet.
2. Enable password is not working (using the same user password configured in MS AD.
3. When I revert back and change the ACS identity source from "AD1" to "Internal Users" enable password is working fine.
Switch Tacacs Configuration
aaa new-model
aaa authentication login default none
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting exec ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
aaa authorization console
aaa session-id common
tacacs-server host 10.X.Y.11
tacacs-server timeout 20
tacacs-server directed-request
tacacs-server key gacakey
line vty 0 4
session-timeout 5
access-class 5 in
exec-timeout 5 0
login authentication ACS
authorization commands 15 ACS
authorization exec ACS
accounting commands 15 ACS
accounting exec ACS
logging synchronous
This is my first ACS - AD integration experience, hoping to fix this issue with your support, thanks in advance.
Regards,Hi Edward,
I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
Note:
I also attached here the captured screen and debug result for the "shell profiles" -
My MacBook Pro 17" early 2011(built March) and my new OCZ sata III 6G are not working together, when is Apple going to admit there is a problem with the Intel's 6 Series Chipset. In System Information it says "Link Speed: 6 Gigabit" which is sata III and in my MacBook Pro it does not work.
Now MacBook Pro 17" early 2011 built May onward do not have this problem it was fixed in the Intel's 6 Series Chipset. (So there is a problem). Cam I have my MacBook Pro fixed please.After biting the bullet and ordering more RAM, my computer now is working a ton better. So that must have been the main issue. With 8 GB RAM, I can now even run Parallels fluidly (better than my work PC!) where before simple things like logging in to my MBP after reboot could take forever.
The place I went to had several other people getting RAM upgrades at the same time as me, so between this and other comments I've seen in discussions here and elsewhere on the Internets, I take it to mean that either Apple should bump up the base RAM on its new machines, and/or stop charging so much for additional RAM.
I refused to believe a Pro machine bought with Lion installed would come with too little RAM for light to medium usage, but it was apparently the case. I'll mark this as a correct answer and hope some other poor soul will come across this thread and be helped by it. -
Thunderbolt to Gigabit ethernet does not work anymore.
I had purchased a Thunderbolt to Gigabit ethernet a few months back and has been working fine. Recently in my Network Preference it is not recognized anymore. I removed it hoping it would pickup and nothing. I switched ports and nothing. I tried my adapter on another MacBook Pro and it worked fine. I tried a new TB to Gigabit ethernet adapter and still did not work. Thinking something maybe wrong with my ports I tried a Thunderbolt to DVI adapter and works fine.
This is a late reply, but I had this same question and found the answer here:
http://apple.stackexchange.com/questions/70931/how-to-force-thunderbolt-ethernet -connection-when-switching-networks-without-res
To me, it was a network reconfiguration problem, I simply went to System Preferences --> Network --> Assist Me, had it reconfigure my connections, and now my Thunderbolt-to-Gigabit-Ethernet adaptor works fine.
MacBook Pro Retina 15-inch (late 2013), OS X Yosemite 10.10 -
Window 10 build 10041 does not work with Intel 82579V Gigabit Ethernet on ASUS motherboard
I originally posted this question here:
answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_update/window-10-build-10041-does-not-work-with-intel/6729892f-83aa-4822-b20a-ea84f4fd06c7
and was asked to post it on this forum...
I updated a computer I have which is a quad core i7 that I built and includes an ASUS motherboard with Intel 82579V Gigabit Ethernet built in. Windows 10 preview 9926 worked fine with this network adapter. Window 10 build 10041 does not, and I have tried
it twice so far. I even went as far as buying a Thunderbolt-Gigabit Ethernet Adapter (Broadcom, sold by Apple)... and while it installed the driver automatically, it did not work either. Each time you try to view the properties of either of them, it locks
up or give an error. In fact, doing much of anything with the Intel adapter icon assures you of not being able to do a clean reboot... have to kill power. I have finally gone back the previous version 9926, which has its issues but no where near as bad
as not having any network connectivity! Does anyone have this issue and a workaround?
Note, there are two images on the windows 10 preview forum that I posted this question on. I could not post the full link as I was getting a message here that links and graphics are not allowed.Thanks Roger, I posted the following yesterday in the other thread (thinking it was this thread - confusing after they moved it here)... It may be that the new driver fixes the issue that 10041 has with it, but I have not tried that yet. If I do I will update
this... Thanks!
I have more information about this, which basically exonerates any issue with the Intel 82579V Gigabit Ethernet hardware or software. I have 3 computers with Windows 10 preview so I have multiple angles to see issues from. With this I have found a culprit
(but I suspect not just the only culprit) in this above mentioned problem...
10041 build combined with installing (or attempting to install) CISCO VPN Windows 7 64bit 5.0.07.0440-k9 client causes the issue mentioned above. I confirmed this on a completely different machine with a totally different Ethernet adapter. First machine
is an ASUS motherboard in a tower system I built, with the Intel 82579V Gigabit Ethernet hardware built in. Second machine is a Gateway Laptop from 2008 which has a Marvell Yukon 88E8057 PCI-E Gigabit adapter built in. Build 10041 will work fine with my 2008
laptop, including the MS VPN client (which I have tested). However, if you attempt to install or even uninstall the Cisco client you will have to do a recovery to a restore point (as I have done twice) in order to get your network working again. Installing
or attempting to install (because it never even does install properly and times out), CISCO VPN client will render your entire network unusable. Going back to a restore point saved me and I am still running 10041 but I can't use CISCO VPN client any longer.
I could with build 9926, including on all 3 machines. I now have 9926 on two machines and 10041 on only the 2008 laptop.
Hopefully this above information helps someone resolve the issue. I will also mention, even though my network is working on the 2008 laptop, I still can't go into the Control Panel\Network and Internet\Network Connections and right mouse click on the Marvell
Yukon 88E8057 PCI-E Gigabit adapter icon. I get an error when clicking on Properties menu popup : "An unexpected error has occurred". So something is still up with my network adapter driver or windows software, but it could be a side effect of all
that has happened with the Cisco software install attempts under 10041.
Another note: CISCO Anyconnect also has the issue. -
CLI admin password rest using install cdrom not working on ACS 5.5 cumulative patch 1
Hi,
I can't log onto either of our ACS 5.5 servers using the CLI admin passwords (which we do have recorded and no one appears to have changed ).
I get accessed denied on both.
On our DR ACS I went through the procedure of resetting the CLI admin password using the install cd mounted in the VM (the iso is actually for 5.3) , but even after picking a new password, I get access denied when I try to use it.
Does anyone know what could be wrong?
Is it possible that patching to ACS 5.5 from ACS 5.3 (a month or so ago) has some how locked out the passwords ?
Thanks.Hi,
The reason why it is not working is because you need to use the ISO image or cd for ACS 5.5.
If you try to reset the CLI administrator password with an ISO image or cd for other ACS version it will not take the new password.
Please give it a try with the 5.5 image.
Regards,
Gerald -
Command Sets not working on ACS 5.1
I'm running ACS 5-1-0-44-3.
I have everything running properly on ACS 5.1. I'd like to implement command sets for selected users and groups. Under Access Policies -> Device Admin-> Authorization I have Command Sets selected. The cisco provided is DenyAllCommands. I have this command set running on all groups and every groups is still able to issue any command they wish. I've also created a "show_only" command set that I've issued one group and they are still able to do conf t or any other command.
Am I missing something?
Do you need to reference the command set name under the shell profiles?
Its my understanding that all you have to do is reference it in "Authorization" in the rules under Device Admin.
I can understand a custom command set not working because of user error but DenyAllCommands should work.
Anyone have any ideas?
I have already re-patched the ACS
Stopped and started services.
And it seems like Command Sets is the only not referenced in the logsI do it a lot
could you paste screnshot of your command set?
I've recently met another issue,
with my command set definition as below (as you can see its very simple):
almost every show is blocked (as suspected) but not "show run" (which is strange for me) -
Home Hub 3 Gigabit Port/Ethernet 4 Not Working
Just before christmas time the gigabit ethernet port on my home hub 3 stopped working.
I tried other cables and there is no connection whatsoever between the gigabit port and other devices, but the other three ethernet ports work fine?
I had it so a cable went from the gigabit port to a gigabit switch which then distributes around the house.
Obviously i'm now using the standard 10/100 ports on the home hub 3 which is fine as the only wireless devices (which would go through the gigabit to the home server) is a laptop.
I was just wondering what would cause this single port to stop working, and if there is a possible fix or if i need to get a replacement hub?
Cheers.
Solved!
Go to Solution.Try a factory reset of the home hub 3, and if it still does not work, all you can do is ring the helpdesk, and ask for a replacement.
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
ACS V 4.1.1 build 23 Password Aging over SSH does not work.
Hi, my name is Elias and I have problems with ACS Password Aging over SSH does not work and there is no password aging meseges sent by ACS to de console when I use SSH. I know that there is problems with this but I can't find any workaround or documentation that says that there is no workaroun. Can you help me with this??
King Regards.Hey Elias,
SSHv1 does not support password changes as you can do in telnet. You will need to be
running a version of IOS that supports SSHv2.
The following site explains what versions support this:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5207/products_feat
ure_guide09186a00802045dc.html
Rgds,
somishra
Maybe you are looking for
-
How to join two hiearchy in a single report
Hi, I have two hiearchyes on two master data objects, How best can i customise to view this two hiearchies in a single report.
-
How to create csv file in stored procedure
I want the output of my stored procedure in a csv file. How can I do that?
-
Severe Memory Leak in 10.1.0.3
Hi, There exists a severe leak of element names (QxName), when garbage collecting elements, which has been constructed as; XMLDocument doc = new XMLDocument(); doc.createElement("AnyName"); After GC references in oracle.xml.util.QxNameHash$WeakValue
-
After 11g upgrade "REP - 501: Unable to connect...."
Hi All, There is a problem in one of our application which is deployed on 10g AS(10.1.2.0). The database it was connecting was upgraded to 11.2.0.3 from 10gR2. A report is not getting executed from a form. But from web browser the report is working i
-
[Solved] Can't see GPT disk partitions in Windows 7 (64-bit)
I just added 2 new disks and had them set up equally with GPT and equal partitions, to use the partitions as RAID1 in Arch, and the rest of the storage for Windows. It works as expected in Linux (I guess), but Windows shows them as uninitialized. Can