ACS 4.2.1.15 External User Database 'Authen DLL '

Having CSACSE-1113-K9 with ACS 4.2.15.
I want to confiure windows user database under extrenal user database but i get an error  (attached) 'An error has occured while processing the Authen DLL Configure pagebecasue an error occured....'
External User Database----->database configuration --->Windows Database------>Configure.
I tried to stop the services and start agian but the same issue.
Th eappliance is secondary (backup) ACS. On the primary it is working fine.
Any help would be appreciated.
Regards,
BJ

Hi Abdul,
  Can you check if the remote agent on the windows server box is running the same 4.2.1.15 version as well.
Like if  ACS -4.2.1.15   then make sure that remote agent is also 4.2.1.15
or
if ACS is running 4.2.1.15 patch 2 then remote agent should also be 4.2.1.15 patch 2
Let me know if the version is same and if not then install the remote agent correctly and try again.

Similar Messages

  • ACS External User Databases - Empty NT Group List

    I have a production ACS system that has multiple external NT domains for authenticating users.
    We are bringing up a new ADS domain that I need to authenticate against. We have created the trust. The domain shows up in the domain list. When I go to map a NT group to a ACS group, the NT group list is empty.
    The other domains show their NT groups.
    What is also noteworthy is that when I log into the ACS server desktop and try to the see the foreign domain groups via user manager, I get a "domain cannot be found". When the server admin logs in (he administers both domains), he get a list of the foreign groups in the user manager.
    What could be preventing ACS from see the groups in the external domain?
    Thanks for any assistance.
    Dan

    Hi,
    Try to set all ACS Services to "Log on As" using a domain admin account.
    Regards,
    Vivek

  • User Management In Ecommerce based on external user database

    We have the scenario that requires that people in our membership database be charged based on a separate discounted price list.
    For this we need to periodically sync the membership database into the web tools database. 
    In addition we are using a consolidate business partner on the B1 to receive all orders from the ecommerce net point system.
    Question is:
    1.  Is there a technique to create users automatically and update their price list profile via SQL or something
    2.  What is the best method of allowing someone to see a different price list based on perhaps the theme or catalog or domain name.
    Mike

    Hi Mike,
    Sounds like you are in for some development.  There is no magic bullet here.
    1.  I can think of a couple ways to approach this, both will probably be about the same amount of work.  If the schema of your membership db is not to far off from Webtools (for instance, if you don't have to turn a "name" field into "first name", "middle name", "last name"), then it might be easiest to approach the problem using SQL.
    However, if you are comfortable with .NET, you can whip up a little app to synch the data.  In this case you would need to familiarize yourself with the netpoint.api, specifically the netpoint.api.account namespace, and use this to update the Webtools database.  If you plan on make a lot of customizations like this, I would suggest this route, since you will eventually need to learn the webtools api.
    2.  This is a difficult question.  The simple answer is, you specifiy the pricelist for an account (business partner).  This is very simple, just set the UsersAccount.PriceListCode; refering to step one, this can be done in SQL or by using the netpoint.api.account.NPAccount object.  However, I am not sure this is going to work for you.  If all users on the account will have the same pricelist, you are OK.  But if the users on the same account required different pricelists, then there is a problem.
    Last, you can NOT set a pricelist by theme.  (it would be a nice feature).  So if the users needed something like this, you would need to devise a workaround.
    There are ways to do it by messing with the cookie....

  • User authentication in Cisco ACS by adding external RADIUS database

    Hi,
    I would like to configure the below setup:
    End user client (Cisco Any connect/VPN client) -> ASA 5500 (AAA client) -> ACS server -> External RADIUS database.
    Here ACS server would send the authentication requests to External RADIUS server.So, i have added the external user database (RADIUS token server) in
    ACS under External databases.I have added AAA client in Network configuration (selected authenticate using RADIUS(VPN 3000/ASA/PIX 7.0) from the drop down.
    Here how do i make ASA recognize that it has to send the request to ACS server. Normally when you use ACS as RADIUS server you can add an AAA server in ASA and test it.But here we are using an external RADIUS server which has been configured in ACS, so how do i make ASA to send the requests to ACS server?
    Any help on this would be really grateful to me.
    Thanks and Regards,
    Rahul.

    Thanks Ajay,
    As you said nothing needs to be done on ASA side, if we are using an external user database for authentication.
    Im a newbie to ACS and this is the first time i'm trying to perform a two factor authenticaton in Cisco ACS using external user database.
    By two factor authentication i mean, username + password serves as first factor (validated by RADIUS server), username + security code (validated by RADIUS server) serves as second factor.So, during user authentication i enter only username in username field and in "password" field i enter both "password + security code". Our RADIUS server has already been configured with AD as user store, so we dont have to specify AD details in ACS. I have done the following in ACS to perform this two factor authentication.
    -> In external user databases, i have added a external RADIUS token server.
    -> In unknown user policy , i have added the external data base that i configured in ACS into the selected databases list.
    -> under network configuration, i have added the Cisco ASA as AAA client (authenticate using RADIUS (Cisco VPN 3000/ASA/PIX 7.x+)).
    Just to check whether user authentication is successful, i launched the ACS webVPN using https://IP:2002, it asked me to enter username and password. So, i entered username and in password field i entered "password + security code". But, the page throws an error saying "login failed...Try again".I cant find any logs in external RADIUS server.
    Here is what i found in "Failed attempts" logs under Reports and activities.
    Date,Time,Message-Type,User-Name,Group-Name,Caller-ID,Network Access Profile Name,Authen-Failure-Code,Author-Failure-Code,Author-Data,NAS-Port,NAS-IP-Address,Filter Information,PEAP/EAP-FAST-Clear-Name,EAP Type,EAP Type Name,Reason,Access Device,Network Device Group
    02/28/2012,00:31:52,Unknown NAS,,,,(Unknown),,,,,10.204.124.71,,,,,,,
    02/28/2012,00:41:33,Unknown NAS,,,,(Unknown),,,,,10.204.124.71,,,,,,,
    02/28/2012,00:42:18,Unknown NAS,,,,(Unknown),,,,,10.204.124.71,,,,,,,
    Filtering is not applied.
    Date
    Time
    Message-Type
    User-Name
    Group-Name
    Caller-ID
    Network Access Profile Name
    Authen-Failure-Code
    Author-Failure-Code
    Author-Data
    NAS-Port
    NAS-IP-Address
    Filter Information
    PEAP/EAP-FAST-Clear-Name
    EAP Type
    EAP Type Name
    Reason
    Access Device
    Network Device Group
    02/28/2012
    00:42:18
    Unknown NAS
    (Unknown)
    10.204.124.71
    02/28/2012
    00:41:33
    Unknown NAS
    (Unknown)
    10.204.124.71
    02/28/2012
    00:31:52
    Unknown NAS
    Am i missing any thing in configuration side with respect to ACS?
    Thanks

  • ACS and Windows 2000 user database communication port

    Could my Windows 2000 SP4 + ACS v3.23 can install any new Windows 2000 service pack ?
    I'm affraid to infect ACS Service.
    So, I want to install firewall on this server to block malicious traffic.
    However, my ACS used external user database Windows 2000 for authentication.
    Who can tell me What protocols or port list they are communication?
    I have to avoid these traffic on my firewall.

    Hi cheng
    I think you can install any servie pack without problem and the SP4 is the latest one for WIN2000 and you server already has this SP
    For your second question you need to specify many protocols according to your active directory config in this link you can find a list of this protocols and the best way is to make debug or logging or use a siniffer to know the exactly protocols flow between your ACS and AD server
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
    Best Regards

  • ACS support Kerberos User Database?

    Hi,
    I've a customer currently having kerberos user database. I proposed to him to implement ACS to enable 802.1x on wireless client. Can ACS support or integrate with Kerberos User Database? If yes, any user guide which list out the steps on doing so?
    I searched through Cisco website but failed to find any info related to the integration of ACS with Kerberos User Database.
    Thank.
    Delon

    For network users who are authenticated by a Windows user database, Cisco Secure ACS supports user-changeable passwords upon password expiration. You can enable this feature in the MS-CHAP Settings and Windows EAP Settings tables on the Windows User Database Configuration page in the External User Databases section.

  • Export User-Database between ACS-Server

    Hi everyone ,
    an ACS 2.3 is running under Unix with 3000 based user. The job is, to migrate the user-database to a new ACS-Server under Windows.
    On the unix-version 2.3 there is no way to export the database to external.
    The only way, i hope, is to mirror the old and the new server as redundant server and if the database is mirrored on both server, than the database is ready for export.
    Is this correct?
    Is there an other way?
    Thanks for your input.
    Ralf

    The migration should go to version 3.1 or 3.2 .
    Ralf

  • ACS User Database Export

    Is it possible to export the user database stored in the Cisco Secure ACS Database to some file. I need to see all the user accounts and their group assignments etc to be able to do reporting on this.
    Any ideas?

    yes... csutil -d will dump the db.
    look at aaa-reports (www.extraxi.com) they can import the dump file and run reports off it.

  • ACS User database Backup

    Is it possible to have the ACS user database in an excel sheet

    Hi,
    You can open .dmp file in notepad but that will not provide any info as its not user readable.
    You need to export the lsit of users in .txt extension
    here is the command that you need to run from the command prompt where ACS is installed
    start > run> cmd > go to this dir
    C:\Program Files\CiscoSecure ACS v4.2\bin>net stop csauth
    CSUtil.exe -u user.txt
    C:\Program Files\CiscoSecure ACS v4.2\bin>net start csauth
    Then you can easily access user.txt file in notepad.
    HTH
    JK

  • Intergrating ACS with user database in windows DC

    Please,
    I just installed and configured ACS on window 2003 server on my network. The next task is to integrate the user database in my DC with the ACS. I need you to tell me in steps what else that need to be done.The documentaion is not specific.
    (I heard about 'remote agent' please what is this,and is it required?)

    I think you can map your DC groups to ACS group
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/qg.html#wp940538
    M.

  • Restoring a User Database from External Backup

    It has been a good 8 years since I have had to recover a user database from backup and I just really wanted a verification of what needs to be recovered.
    Just recently had a user get a C00E error and the analyzer suggested restoring from backups. No problem, we run backups daily on the mail server (yes ... we use windows *sigh*) and we use Veritas Backup Exec. to run full/incremental backups.
    In order to recover the user, do I just need to restore the userXXX.db located in the ofuser folder? Since it will be a couple days older, will I need to restore anything else or should that folder alone be fine?
    Thanks in advance for any input.

    On 11/13/2012 1:26 PM, dpenney wrote:
    >
    > It has been a good 8 years since I have had to recover a user database
    > from backup and I just really wanted a verification of what needs to be
    > recovered.
    >
    > Just recently had a user get a C00E error and the analyzer suggested
    > restoring from backups. No problem, we run backups daily on the mail
    > server (yes ... we use windows *sigh*) and we use Veritas Backup Exec.
    > to run full/incremental backups.
    >
    > In order to recover the user, do I just need to restore the userXXX.db
    > located in the ofuser folder? Since it will be a couple days older,
    > will I need to restore anything else or should that folder alone be
    > fine?
    >
    > Thanks in advance for any input.
    >
    >
    try that first
    other things like MSGxxx and OFFILES are shared...

  • Excel Services Connectivity on Sharepoint 2013 for external user

    Currently , external user is able to refresh the data on sharepoint site through browser. the data connection is pointing the one of the external data source. But how can an external user (Internet user which accessing sharepoint through internet) download
    a copy of excel in sharepoint library and open the excel workbook with data refresh ability at client machine ?
    Do we need client machine to be able to access / ping the external data source? 
    Thanks.

    Thanks for the response.
    They want to perform data analysis and design their own report with own template , for example : to remove subtotal from the powerpivot tables which we cannot change the formatting at the excel services at browser level.
    So if i understand correctly, we need to get the client machine to be able to access to the database server directly to get the access to the cube for data analysis although we had this odc file connection setup, am i right?
    For internal user, network team should open port / access for them to access database server directly.
    For external user, either to open public access to the database server directly or setup a VPN connection for the external user to access the database server in their secure network.
    Let me know if i understand this correctly.
    Thanks.

  • All external users are missing in Shared services.

    Hi All,
    We are on Hyperion System 11.1.2.. Today all of a sudden in production users are not able to log in. So logged in as admin (native user) to see whats going on. Surprised to see that all the groups are empty and all the users are removed from all groups. So when tried to add back its unable to find the external users.
    So some thing is wrong with external users.
    Any suggestions on how to fix or any one experienced similar issues?

    Got this same error in Shared Services 11.1.1.3 Was due to an Active Directory Domain Controller being decommissioned Here is a fix you might try, It basically refreshes your user database connection
    Log into Shared Services
    Click on “Administration” on the “Shared Services” toolbar
    Click “Configure User Directories
    Check the Radio button next to “Active Directory” (or the db your are experiencing the error) and then click “Edit”
    The next screen displays the connection info for “Active Directory”(or the db your are experiencing the error), nothing to change here, just click “Finish” and the connection refresh should start
    Re-start All Services
    Verify that you can now look up an external user without error

  • Using AAD as a user-database

    I'm wondering if it's possible to use Windows Azure Active Directory (WAAD) as a standard "user-database"? Let me explain..
    We currently have a standard, "home-built" user registration system build on top of SQL server, MVC, etc. The users in this database are registered users of the site, and have used email address to register (from various domains, such as gmail.com,
    yahoo.com, live.com, etc.).
    The idea would be to "lift and shift" these user accounts into a WAAD tenant and replace the home-grown system we have. Why you ask? Two primary reasons:
    - Allows us to take advantage of the myriad of authentication methods provided by WAAD (two-factor, etc.)
    - Safer than on-site storage of credentials, which is a business we don't want to be in.
    The key difference here is we're not using any sync'd directory, and are talking about users with domains different than the WAAD root domain. I realize this is very different than the traditional use cases for a "directory", but it really enables
    some powerful scenarios (if possible).
    So, to wrap up - is this possible? Are there alternatives?
    Thanks!!!

    Thanks for the reply, Paul!
    "If you do not want the logins to be in your domain, they can be external - either their own AAD or Microsoft accounts."
    Therein lies the problem - the accounts we're talking about are neither of these. They are not even directory-related accounts. They are traditional web-style registration accounts, using email addresses as usernames from organizations we will never control
    (Google, Yahoo, Twitter, Amazon, etc.). And, by that very nature, these logins are definitely not in our company domain (nor would we want them to be).

  • External User Creation In Oracle ERP

    Hello,
    My customer have oracle ERP and would like to create external users (based on ldap user from OID).
    Oracle ERP resrource adapter doesn't have an option to create external users.
    Is there a way to create a user in oracle ERP that have external authentication?
    Thanks,
    Itay.

    You need to ask that question in an appropriate forum; this forum is devoted to Java-related database issues and database-related Java issues. Your question is related to configuring an Oracle application product. You might try somewhere here:
    http://forums.oracle.com/forums/index.jspa

Maybe you are looking for