ACS 3.2 for Windows and MS Windows AD Directory Integration Problem

Dear all,
We have some issues while integrating Windows AD with ACS 3.2 for Windows.Currently we have done the following:
1. Installed ACS 3.2 for Windows on Windows 2003 Enterprise with SP1
2. ACS and Domain Controller are configured on the same server
Checked and verified the following configurations
1. created a domain user "csacs" selected Act as a part of operating system and log on as a service enabled for this user.
2. Enabled all the CS services to log on as a user csacs.
But I noticed CS services are not respdonding and gives the error as "Could not able to start the service with service specific error ..." while trying to start services manually on ACS.
Kindly help me through this integration part
An easy and handy Step wise procedure on configuring integration of AD with ACS 3.2 on both Domain Controller and on Member server will be of great help.
Thanks
Kind Regards,
Ahmed

I have no issues running Cisco ACS version 3.2 on Windows
Server 2003 with SP2:
1) create user test1 in MS Active Directory and put test1
in users group with dial-in access granted,
3) Create a group called "LDAP". Actually I renamed
group name "group 1" to "LDAP".
3) in ACS external user database configuration, I specified
domain "CCIE" as for this. unknow user policy is to use
Windows Database configuration,
4) Configure the database configuration in ACS to point
to "CCIE" windows domain,
5) setup the ACS to authenticate one of your Cisco devices
and log in using the MS windows account,
By the way, mgurwara, you are wrong. I run Cisco
ACS 3.2 on windows 2003 Enterprise Edition with Service
Pack 2. I am running it on a Dell Optiplex Gx240
(1.7 GHz with 512MB of RAM) and it is running fine.
I use it to manage about 20 cisco devices and
about 200 Wireless LEAP user(s). Furthermore, I am also
running ACS 4.1 on another identical hardware. It has
nothing to do with the hardware. I don't know where
you get that information from.

Similar Messages

  • CA and Certificate Issue in ACS 4.0 For Windows 2003 Enterprise Server

    Hi,
    I have configured Microsoft CA server on the same ACS 4.0 for Windows 2003 enterprise server which was configured earlier using the self generated certificates for EAP and PEAP authentications.
    After I change the certificate from self generated to the new CA certificate that can be viewed under install ACS certificate option on ACS server but having the following problems
    1. SSL is not functioning while internet browser access to the ACS server and going through http instead of https.
    2. Wireless clients are authenticated successfully even after the certificate is uninstalled.
    Any help on these problems will be appreciated.
    Thanks
    Best Regards,
    Ahmed

    Hi Rohit,
    Thanks for reminding the HTTPS option under Administration Control on ACS.
    I have some doubts pertaining to installation of certificates on Wireless clients though it is optional for Self Generated Certificates but what in case of Mirosoft CA as I tested wireless client authentications even after removing the certificate from microsoft supplicant WindowsXP SP2 having installed the patch KB885453 for PEAP. How the certificate on wireless client works.
    Is it mandatory or optional to keep certificate on Wireless Clients as they could able to get authenticated through ACS after removing the certificate.
    Thanks
    Best Regards,
    Ahmed

  • CiscoSecure ACS v2.4 for Windows NT Upgrade

    We still have two ancient instances of CiscoSecure ACS v2.4 for Windows NT running on our network. ACS1 (primary) and ACS2 (secondary). I would like to upgrade these, not only because of how old they are but because of an issue trying to replicate the user and group database from ACS1 to ACS2. When trying to replicate the user and group database the logs say it's successful but the databases don't match. ACS2 is missing some of the users that are in ACS1. I have successfully replicated the interface database. But for whatever reason, the user and group database will not replicate.
    First, is there any other way I can get the user and group database copied from ACS1 to ACS2? Other than using the built in database replication tool?
    Second, is there any way I can get these upgraded? I read that the recommended upgrade path is 2.4->2.6->3.0->3.2. But Cisco no longer has version 2.6 available for download. I really would like to upgrade rather than starting from scratch.
    Thanks!

    ACS 2.4 - wow! That hasn't been sold for over 11 years. (reference)
    Think about it - would you want to try to upgrade Windows 98 to Windows 7? That's about an equivalent span of software product timeline.
    The current product is so different that even if you could upgrade it would not be advisable to do so. While painful, it would be much better option to make a clean break with the old and move onto a current platform (e.g ACS 5.3).

  • Advice for Buying Cisco Secure ACS 3.3 for Windows

    Just need advice on what other things I NEED to order apart from the Windows server when I want to iplement ACS and I want to use CISCO SECURE ACS 3.3 FOR WINDOWS
    Hope someone will help

    Hi,
    This is all what you require:
    Supported Operating System
    Cisco Secure ACS for Windows Servers 3.3 supports the Windows operating systems listed below. Both the operating system and the service pack must be English-language versions.
    •Windows 2000 Server, with Service Pack 4 installed
    •Windows 2000 Advanced Server, with the following conditions:
    –with Service Pack 4 installed
    –without features specific to Windows 2000 Advanced Server enabled
    •Windows Server 2003, Enterprise Edition
    •Windows Server 2003, Standard Edition
    Note The following restrictions apply to support for Microsoft Windows operating systems:
    •We have not tested and cannot support the multi-processor feature of any supported operating system.
    •We cannot support Microsoft clustering service on any supported operating system.
    •Windows 2000 Datacenter Server is not a supported operating system.
    Please refer to the following link for more information:
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/win33sdt.htm
    Thanx & Regards

  • Microsoft Excel for Windows has encountered a problem and needs to close. W

    i have the attached problem anytime i tried to open a BW query in excel:Microsoft Excel for Windows has encountered a problem and needs to close. We are sorry for the inconvenience", Please inform if there is a work arround, i have re-install excel , likewise SAP many times but nothing

    Hi,
    I would suggest you check with any other colleague if they are able to run the same or not. Running BEx report depends hugely on the front end capacity and performance. Please check if anyone else can run the same report, with the same front end RAM, then it might be the problem with your installation.
    Also you can try with the latest patch for GUI s/w.
    Regards,
    Debasis.

  • Could we have same name's for User and Groups in Active directory

    When iam trying to create a user name " Logistics " under a OU, I am getting a error
    "The pre-windows 2000 logon name you have chosen is already in use in this domain. Choose  aother pre-windows logon name, and then try again"
    We already have a group by the name " Logistics "
    Could we have same name's for User and Groups in Active directory?
    Thanks in Advance

    sAMaccountName attribute is unique. So, the short answer is you cannot.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Delete proxy config on Cisco Secure ACS 4.1 for Windows ?

    We have a pair of ACS 4.1 servers (Windows Server 2003 R2). Let's call them ACS1 and ACS2.
    We don't want either one of them to proxy to any AAA server, including each other. We're using mostly TACACS authentication.
    While troubleshooting a general problem, I'm guessing that one of us did this on ACS1:
    pressed the Network Configuration button,
    saw the Proxy Distribution Table
    clicked (Default)
    moved ACS1 from the AAA Servers column to the Forward To column.
    So, essentially, we're telling ACS1 to proxy all requests to itself, which doesn't seem to make sense. I don't know for sure whether it should work when configured to "self proxy," but in that state, it does not authenticate anyone and gives merely "Internal error" as the reason.
    If I change the configuration so that "ACS2" appears in the Forward To column, and I move "ACS1" back to AAA Servers and restart, ACS1 starts responding correctly to TACACS requests. Of course, ACS1 is just proxying all requests to ACS2, so having two servers isn't doing much good.
    I cannot simply remove ACS1 from the Forward To column and leave it empty. The interface complains that it can't forward to zero servers. Of course, on ACS2, there are no servers in the Forward To column, since we never touched the Proxy Distribution Table there.
    Is there any way to return the Proxy Distribution Table to its default setup, that is, no servers appear in the "Forward To" column?
    We're planning to upgrade to version 4.2 very soon, so this question is mostly academic, unless the same problem exists in 4.2.
    For full disclosure, I should mention that the problem we were troubleshooting was loss of connectivity to our Windows Domain Controllers from our ACS servers. We had missed adding some exceptions in our firewalls to allow for four new DCs. As far as we can tell from testing, connectivity to the DCs is now fine. The firewall rules group ACS1 and ACS2 together, so connectivity should be the same, and ACS2 authenticates users correctly.

    Hello Jeffrey,
    By default the ACS 4.x Proxy Distribution Settings should have the ACS entry for itself on the Forward To box. Your ACS1 entry should be on the Forward To box.
    The Internal Error message on the ACS should be highligthing a different issue on your ACS1. Also, the message stating that we cannot have zero servers on the "Forward To" box is expected.
    Set your ACS1 for Full Logging Detail (System Configuration > Service Control) and configure the ACS1 entry under the Forward To box. Recreate the authentication issue and collect a package.cab file. If you have an ACS for Windows, under the ACS Installation folder look for the CSAuth folder > Logs and share the auth.log file with a failure timestamp for us to review the ACS logs when failing with Internal Error.
    If this was helpful please rate.
    Regards.

  • ACS 4.2 For Windows DB Replication

    Hi Folks.
    I have a pair of ACS for windows 4,2 and we also have a few mappings (ACS Group --> AD Group)
    The replication process was configured and it replicates all the seetings, but the Group Mappings.
    Is this the way it's supposed to be or it should replicate the group mappings as well?
    Best regards,
    AL

    The following items cannot be replicated:
    •IP pool definitions (for more information, see About IP Pools Server).
    •ACS certificate and private key files.
    •Unknown user group mapping configuration.
    •Dynamically-mapped users.
    •Settings on the ACS Service Management page in the System Configuration section.
    •RDBMS Synchronization settings.
    User guide
    http://www.ciscosystems.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/SCAdv.html#wp756078
    Regards,
    Jatin
    Do rate helpful posts-

  • ACS SE setup for windows authentication

    Dear All,
    I'm trying to install an ACS Solution Engine in My network for access control (AAA). I succeed in setting up authentication using the internal database and that works fine. Now My boss want users to be authenticated through an external database (windows AD). I tried achieving this but kept getting different errors.(like EAP-TLS or PEAP authentication failed during SSL handshake) or (Authen session timed out: Challenge not provided by client).
    Please I need someone who has done this setup successfully before to give Me a step by step procedure on how I can setup ACS SE for windows authentication using My domain windows authentication.
    Thanks

    Dear All,I'm
    trying to install an ACS Solution Engine in My network for access
    control (AAA). I succeed in setting up authentication using the
    internal database and that works fine. Now My boss want users to be
    authenticated through an external database (windows AD). I tried
    achieving this but kept getting different errors.(like EAP-TLS or PEAP
    authentication failed during SSL handshake) or (Authen session timed
    out: Challenge not provided by client).Please
    I need someone who has done this setup successfully before to give Me a
    step by step procedure on how I can setup ACS SE for windows
    authentication using My domain windows authentication.Thanks
    Hi,
    Check out the belwo link on your query,Hope that help !!
    https://supportforums.cisco.com/docs/DOC-5542
    If helpful do rate
    Ganesh.H

  • ACS 5.1 for Windows VM Ware

    Hello,
    Please help me...
    I want to know can we install ACS 5.1 in Windows VM Ware machine. I have downloaded it but it is giving me the option of installation in Linux.
    Please suggest.

    Ravi,
    This release of ACS 5.1 provides new architecture and functionality on a standard Cisco Linux-based. We would be requiring a new box all together for 5.0.
    Installing ACS on VMware virtual machine
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_vmware.pdf
    ACS 5.1 doesn't support windows OS.
    HTH
    JK
    -Do rate helpful posts-

  • Cisco Secure ACS 4.2 for Windows web-based Admin Console log in problems

    To Whomever Can Assist,
          I am running two deployments of Cisco Secure ACS for Windows 4.2 and I can login into the admin web-console just fine.  However, when I create a new or test user that mirror my configuration that user cannot login to the admin web-console.  The user can login it to devices with the appropriate privileges, but can't administer his/her account within ACS.  This has proven very problematic and needs a remedy.  Thanks for the assistance.

    Bradbryant.dhs,
    Where are you creating the new admin user who should have access to ACS web gui under internal users or administration.
    Internal user and ACS administrator accounts are completely different. 
    Adding administrator account
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/user/guide/ACS4_2UG/Admin.html
    Regards,
    Jatin Katyal
    ** Do rate helpful posts **

  • ACS SE & CSACS for windows

    Hello Friends,
    If i order Access Control Server Solution Engine (ACS SE) CSACS-1120-K9, i should'nt order a CSACS for windows CD,????? Is it ACS server is built-in in ACS SE no need of installing windows OS and on top of that ACS server ,i m confuse regarding the product.
    Can anybody help me for this,i have been through the cisco web site but not pretty sure regarding these two product.
    Thanks

    CSACS-1120-K9 is an ACS appliance, and it supports both ACS version 5.0 and 5.1.
    Here is the release notes for both versions:
    5.0: http://cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/release/notes/ACS-50-releasenotes.html
    5.1: http://cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html
    FYI, ACS version 5.x onwards is completely different to the previous version of ACS 3.x and 4.x.

  • Jabber for Windows - without LDAP integrated with CUCM Jabber UDS - NO PEOPLE CAN SEARCH

    Hi all Jabber Experts,
    I have the CUCM, which is the versin 8.6 and the Presence Server, which is the version 8.6, that is not integrated the LDAP, but I want to deploy the Jabber for Windows.
    So I would use the UDS to deploy the Jabber for Windows (modified the XML and uploaded to the CUCM TFTP server).
    Finally, that can login the users, which is manually added from CUCM.
    But I cannot search other users from the Bubby List. Any idea for that?

    First of all, either you use CUCM 8.6 with CUPS 8.6, or you use CUCM 9.1 with IM&P 9.1, what you're mentioning is just impossible as they're not compatible and that's not supported.
    HTH
    java
    if this helps, please rate
    www.cisco.com/go/pdihelpdesk

  • Jabber for Windows 10.6.1 Problem: Chat History sporadically empty

    Hi,
    we have Jabber for Windows 10.6.1 running on Win 7 64bit Machines. We have the Problem that sporadically the Chat History windows is empty. If this happens, I cannot see my incoming chats (but I can hear Audio that a IM just arrived) and I also cannot see IM Messages I sent out. Also no Screencaptures can be seen in the Chat-History. I also cannot rightclick into the Chat History window to print or save the Chat. Whenever I restart Jabber (not just logging off), it is working again for a couple of time!
    Please Cisco help me out. I cannot find a open Bug in the current Release Notes.
    Regards
    Rene

    Hello Scott,
    thanks for your answer! We don't have IE11 installed, so we don't have this MS Patch on our systems :-(
    I am going to look deeper into this,... maybe another MS Patch. Also have to contact TAC.
    Thanks.

  • Jabber for Windows - Outlook Meeting integration issue/questions

    Hi,
    A couple of questions if anyone else has experienced or can answer:
    1. When you turn on Jabber it appears in the trace file to create a transitionlist of meetings in your calendar for the next four hours. Eg if meeting 8-9 it will show 8:00 BUSY
            9:00 FREE
    and this works ok. This transitionlist also seems to update each time a status change occurs from what I have observed.
    The problem we seem to have is if I open Jabber at 7.45am and have a meeting 8 - 9 then it shows "In a meeting", then if I create a meeting at 9.15am for 10am-10.30am, the meeting status does not change as it seems to operate of the four hour transitionlist. I have the setting in the CUPS server for exchange sync to happen every twenty minutes, but this does not seem to update.
    I'm be focussing on the wrong area but basically not all calendar appt's update status in Jabber, especially the one's created within the four hour pperiod.
    2. To have the presence status of a person in an Outlook email address field, do you need 2010 or does it work with prior versions, we currently operate 2003. I have configured the SIP component in AD, but no status or click to call facility from Outlook.
    Thanks in advance
    Mal

    Hi Mal,
    Thanks for your post. Issue (1) sounds like a configuration issue in your setup. Please open a TAC case for further assistance.
    Regarding (2), Jabber for windows does noot support Office 2003. List of supported MS Office applications is listed in Jabber for Windows administration guide.
    http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_0_1/b_jabber_win_icg_chapter_01000.html#reference_AC2F9334FEC54DA98861EB52944C6F08
    Thanks,
    Maqsood

Maybe you are looking for

  • Single billing document for multiple delivery documents

    Hi, Can someone tell me how to configure or proceed to make single billing document for multiple delivery documents. Document flow: Contract--> Order---> Delivery----> Billing -Thanks

  • Error in Commitment Check message

    We are on SRM 4.0 and have funds availability turned on in the backend system (ECC 5.0).  A user created a shopping cart using multiple sources.  However, after the cart was approved, it would not transfer to the backend.  We are getting the error me

  • Problem with Nokia Lumia 925

    This is what i encountered with my nokia Lumia 925 after 3 days of usage, i am not sure anyone besides me, facing the same problem. - Overheating, after taking few photos, the phone feel a sudden of heat near the camera. - Freeze, the phone freeze so

  • Building an Admin Console Extension for a Custom Security Provider

    I am looking for an example or a description how to build an Administration Console extension for a custom Authentication Provider. Especially the creation page for the provider is interesting because I am not able to create and register the required

  • Authorizations for WEBI report based on BPC data model

    Hi All, We are strugelling with setting up authorisations for the reporting on BPC data model. We created Bex query on top of Multiprovider that consists of BPC cube. The Bex query is source for WEBI output. The authorisations has been set up on BPC