ACS and Windows Server

I have installed ACS 5.2 on a machine and I am trying to integrate with that Windows Server 2003 ( Active Directory ) . On the ACS when i do test connection it shows me sucess but when i save the setting it gives me Time error . I kept the clock and timezone of Active Directory and ACS server as same but still it gives me error . I read on one of the blog that it is better to configure NTP on a router and then sync both the devices with same NTP .
Is it necessary to configure NTP or manual config should also work ?

I have ran into issues like what you are seeing without using NTP. I would suggest setting up NTP and having ACS and your servers sync to that.
Sent from Cisco Technical Support iPhone App

Similar Messages

Problems with 802.1x,ACS and Windows Server 2000

Hi,
My components: ACS 3.3 running on a Server with Windows 2000 Server SP4 , 2950 Catalyst (AAA-Client) ,
Laptop with Windows XP SP2 (802.1x Client)
I have everything configured according to Cisco documentation, but I am getting one error in the ACS's log.( Failed Attempts active.csv)
Authen-Failure-Code : EAP-TLS or PEAP authentication failed during SSL handshake
I have a valide certificate on my Radius(ACS) server and about machine authentication I have a valide certificate on my laptop. (I have installed this certificate before i started to login at the 802.1x port of the switch)
Does anyone have any idea what the problem is?
Here is the Config of the Catalyst 2950 if that will help:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname ACS-Client1
aaa new-model
aaa authentication dot1x default group radius
enable secret xxxx
username xxxx privilege xxx password xxx
ip subnet-zero
ip ssh time-out 120
ip ssh authentication-retries 3
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
dot1x system-auth-control
interface FastEthernet0/13
switchport mode access
dot1x port-control auto
dot1x timeout quiet-period 3
dot1x timeout reauth-period 1
dot1x reauthentication
interface GigabitEthernet0/2
interface Vlan1
ip address 10.10.3.253 255.255.255.0
no ip route-cache
ip default-gateway 10.10.3.254
ip http server
radius-server host 10.10.3.1 auth-port 1812 acct-port 1813
radius-server retransmit 3
radius-server key radius
line con 0
password xxx
line vty 0 4
password xxx
line vty 5 15
password xxx
end

Yes we get to solve this problem. Because it is a only a test senario, we installed everything new, win2000 server SP4,the certificate service and the winXP on the client.
The config of the switch is ok, we set the reauth-period and quiet-period to default.
Then we test the whole configuration with the IAS-Radius (MS). After this we install the ACS, following this document:(Certificates were already installed)
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml
Attention, we used the AEGIS Client not the XP Client!

ACS and Windows Domain / AD

Hi All,
In my environment there are two Windows Domain - Doamin A and B. ACS is configured on member server in domain B and hence Windows Authentication for users in Domain B is working fine. However I'm unable to see domain A in Configure Domain List on ACS server in Windows Domain configuration menu.
Please note, there is one way trust between domain A and B with Domain A trusting Domain B.
Is there a way I can use the same instance of ACS to authenticate the users in Domain A as well? If YES, can you please guide me with some pointers - thanks.
I'm using ACS and Windows AD elements to authenticate users for SSL Web VPN on ASA 5540.
Apprecaite quick help on this.
-Satishcp

Unfortunatley we are not using the Cisco Secure ACS Appliances, rather its ACS Ver 3.3 running on Windows 2000 Server (member server in Domain B).
My guess Remote Agents for Windows / Solaris works with Appliances alone.

Cisco NAC 4.8 and Windows Server 2008 Enterprise 64bit SSO

Hi,
     I try to setup SSO on Cisco NAC 4.8 and Windows Server 2008 Enterprise 64bit, but I can't start Active Directory SSO Service that show error follow below. I saw this error " KDC has no support for encryption type (14)" . Could anyone help me to troubleshoot this problem?
FQDN: active.test.com
Domain Name : test.com
User : ccasso
2011-02-05 12:00:30.225 +0700 WARN com.perfigo.wlan.jmx.adsso.GSSServer
- Server was not running ...
2011-02-05 12:00:30.225 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- Server starting server ...
2011-02-05 12:00:30.225 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- Server is now running ...
2011-02-05 12:00:30.225 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - SPN : [ccasso/[email protected]]
2011-02-05 12:00:30.225 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - building kdc list for domain active.test.com
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - done building kdc list for domain active.test.com
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - KDC(s) :[10.0.240.100]
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - writeKrbFile: writing to file ../conf/krb.txt
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - writeKrbFile: wrote to file ../conf/krb.txt
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - creating login context ...
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - created login context ...javax.security.auth.login.LoginCon
text@5ad7b2
2011-02-05 12:00:40.239 +0700 ERROR com.perfigo.wlan.jmx.adsso.GSSServer
- Unable to start server ... KDC has no support for encryption type (14)
2011-02-05 12:00:50.244 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- Notifying GSSServer status Stopped
2011-02-05 12:00:50.244 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- server is exiting .

Hi,
This error means that your DC does not support the encryption method the ACS wants to use.
Usually this happens when you run 2008 Server with 2003 functionality...
You will need to run ktpass.exe according to the DC you are running:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1277452.
For Windows 2008 Server at 2003 Server functional level:
ktpass -princ newadsso/[adserver.][email protected] -mapuser newadsso -pass
PasswordText -out c:\newadsso.keytab -ptype KRB5_NT_PRINCIPAL
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

ACS and Windows 2000 user database communication port

Could my Windows 2000 SP4 + ACS v3.23 can install any new Windows 2000 service pack ?
I'm affraid to infect ACS Service.
So, I want to install firewall on this server to block malicious traffic.
However, my ACS used external user database Windows 2000 for authentication.
Who can tell me What protocols or port list they are communication?
I have to avoid these traffic on my firewall.

Hi cheng
I think you can install any servie pack without problem and the SP4 is the latest one for WIN2000 and you server already has this SP
For your second question you need to specify many protocols according to your active directory config in this link you can find a list of this protocols and the best way is to make debug or logging or use a siniffer to know the exactly protocols flow between your ACS and AD server
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
Best Regards

BDB support for Windows Vista, WIndows 7 and Windows Server?

Hello,
I examine to use BDB on Windows, and I have a question.
There's a description about supported OSs on the BDB reference guide as follows;
Where does Berkeley DB run?
The Berkeley DB distribution includes support for Windows/95, Windows/98, Windows/NT, Windows/2000 and Windows/XP, via the Microsoft Visual C++ 6.0 and .NET development environments.
Does BDB distribution supports for Windows Vista and Windows Server 2003?
And it will support Windows Server 2008 and Windows 7?
I believe that BDB does not depend on specific function of Windows, thus there's no problem to support them...
Regards,
Akira

Yes, we have a plan about BDB support for Windows Vista, Windows 7 and Windows Server. Once we are ready, we'll let you know here.
Hi Vit,
For Berkeley DB XML questions, please go to the Berkeley DB XML forum at: Berkeley DB XML
By the way, I learnt there's a XP-compatible mode in Windows 7. You may want to try DB-XML with that.
Best regards,
Chao Huang
Oracle Berkeley DB

Lms 3.2 and window server 2008 r2 standard

we have bought lms 3.2 and window server 2008 r2 standard. Now we know, it cant be used togetther
Could we upgrade to lms 4.0.1 ? If so, how can we do ?
thank you.
Duyen.

Correct, LMS 3.2 is not supported on Windows 2008 R2. You can upgrade to LMS 4.0 (which is supported on R2), but that is not a free upgrade from LMS 3.x. You can, however, download a free 90-day eval of LMS 4.0 from http://www.cisco.com/go/nmsevals .
It sounds like you need to contact your reseller or account manager to see what they can do. If you just purchased LMS 3.2, you may be able to get a free or discounted upgrade to 4.0.

Lms 3.2 and window server 2008 standard: License Server/Daemon Manager is down

LMS 3.2 and window server 2008 standard, get error when we try
Khi truy nhập vào menu chức năng:
License Server/Daemon Manager is down. Please check license.log for more information.
access licensing:
Error communicating with License Server. License Server may be down. Please start the License Server, then refresh the page.
Lincense.txt is file log of LMS
Must I have to active window server 2008 first ?
thank you very much ?

Hi ,
--Add the Casuser to the Administrator Group
and then reset the casuser password:
1. Go to CSCOpx\setup\support> and run the following command:
resetCasuser.exe
2. Restart the daemon manager:
Net stop crmdmgtd
Net start crmdmgtd
Let me know how it works
If above did not help then send me the syslog.log and screen shot of the EventViewer with the latest Application Error that you see there.
--also screen shot of the below directory :
NMSROOT\etc\license
Thanks
Afroj

Windows Server Essentials Storage Service and Windows Server Essentials Email Service eating memory

Hi
I have Windows Server 2012 R2 with Essentials Role installed. I have integrated server with Azure AD, Office 365 and Intune using the Essentials Dashboard integration tools.
I can see that Windows Server Essentials Storage Service and Windows Server Essentials Email Service are eating much of server memory. What are these services for and why they use a lot of memory? Specially I am wondering about the Email Service. What is
it for? Server dont handle email in any way so what is this service for? I tried to google it but found nothing.

Hi
I have 6GB of memory.
When I check from Resource Monitor, for Essentials Storage Service, Commit Set is 4G and Working Set is 1,8G.
Email Service Commit is about 1,8G and Working Set is just below 1G.
So these two services are reserving almost all the memory.
Memory is about 85-90% in use all the time, whether it be night or day.
Server have about 12 users and at the office there is about 2-6 person at the time. Link between server and office is 100M. There are no other services installed but the basic ones. We use server for AD (O365 integration) and file shares. Traffic in File
Shares are not big. They are more kind of an warehouse that in busy day-to-day use.
This server is about couple of months old and it has been like this since it was fired up.
I dont know what to look for from Event Logs and Process Monitor dont give me anything useful.

Can I use Azure Backup and Windows Server Backup in a Windows Server ?

Can I use Azure Backup and Windows Server Backup in a Windows Server ?
I want to use both Azure Backup and Windows Server Backup for two senarios.
For Disaster Recovery = Azure Backup to Azure Storage.
For non-Disacter Recovery = Windows Server Backup to a on-premises disk.
The non-Disaster Recovery mean a file or folder recovery, disk crash recovery, migrate to another servers.
The non-Disaster Recovery need the speed of recovery just like 10 TB recovery as soon as possible.
If I can use both Azure Backup and Windows Server Backup in a Windows Server,
Are there any notes for using both ?
Regards,
Yoshihiro Kawabata

Hi Yoshihiro Kawabata,
Thanks for posting here!
Azure Backup to Azure Storage and Windows Server Backup to a on-premises disk. These are two different question and can be answered individually.
Azure Backup to Azure Storage - Possible.
Windows Server Backup to a on-premises disk - Possible.
Can I use Azure Backup and Windows Server Backup in a Windows Server? Is a question.
I will check on this and get back to you at the earliest.
Thanks!
Sadiqh

Is there a 32 Bit edition available for windows server 2012 and windows server 2008

Dear All,
Is there a 32 Bit edition available for windows server 2012 and windows server 2008?
Regards,
Ahmed

Hi,
Quote：
All editions of Windows Server 2008 R2 are 64-bit only.
Reference link below(session Supported upgrade paths):
https://technet.microsoft.com/en-us/library/dd379511(v=ws.10).aspx
And based on MS official description about system requirement for Windows Server 2012/2012 R2, we may find out that they only has 64 bit OS.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Compatibility forms 6i and Windows Server 2008

Hi,
We want to change our Server from 2003 to Windows Server 2008 64bits.
My question is : is there a compatibility between Oracle forms 6i (our application) and Windows Server 2008 ?
Will the migration be successfull, or will we have some bugs?
Thks for your help.
O.

YES. It worked perfectly for me, you'll have to use oracle 8/8i lite though.

Which VMware support Windows 7 as Host and Windows Server 2003 as Guest OS

Folks,
Hello. I need to install PeopleSoft PIA in Windows Server 2003.
Because my laptop is preinstalled Windows 7 Home Premium Editon and cannot dual boot multiple Operating systems. I have to install VMware in Host Windows 7 and then install Windows Server 2003 as Guest OS for PIA.
I have installed VMware Server 2.0.2 into Host Windows 7 and Windows Server 2003 as Guest OS. Everything works fine for a while. But VMware Server Home Page https://mylaptop:8333/ui cannot display any more.
I have found that Windows 7 is not a supported Host Operating System for VMware Server 2 and strange thing might happen anytime. I found that "VMware Player 3" is fully supported Windows 7 as Host OS but is not supported Windows Server 2003 as Guest OS.
Does any folks know which VMware product support Windows 7 as Host OS and Windows Server 2003 as Guest OS ?
Many thanks in advance.

Hi,
Based on my research, I would like to suggest the following:
1.
Ensure the printer is compatible with Windows 7 and Windows Server 2003 and the drivers are up-to-date.
2.
Try the following method:
Printers that use ports that do not begin with COM, LPT,
or USB are not redirected in a remote desktop or a terminal services session
Hope this helps. Thanks.
Regards,
Nicholas Li - MSFT
That doesn't apply to Windows 7 Machines. I'm having the same problem as Acer_, I have a RDP Session from a Windows 7 Machine to a Windows XP machine and the local printer was available a few days ago but isn't anymore. The drivers are installed on both PC's
and are compatible with Windows 7.

Windows server 2012 as primary DC and DNS server and windows server 2003 as secondary DC and DNS

Migration from windows server 2003 AD DC and DNS server to windows server 2012 R2,
Cannot I set up Windows server 2012 R2 as primary DC and DNS , windows server 2003 as secondary DC and DNS ? (for backup server when server 2012 fail, user can continue to login and access internet services)

You can mix both as long as your Forest and Domain Functional level are Windows Server 2003. However, I would like to bring your attention to this blog about known problems when mixing DCs with Windows Server 2003 and 2012 R2 OS:
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

T-500 and Windows Server 2008 R2 RTM

My setup:
T-500 dual booting via VHD - Windows 7 and Windows Server 2008 R2 (both 64-bit).
My problem:
I'm having a devil of a time with this one. I get random BSOD'd in my Server 2008 R2 installation, but my Win7 install is rock solid. Sometimes it's right away, sometimes after a few minutes, sometimes when trying to use WordPad. I cannot get my wireless card (Intel 5100 AGN) to work along with video drivers for my ATI card, so I'm leaning towards a driver issue. I'm trying to use the Win7 drivers for anything that's missing drivers at the moment, since they are the same under the hood, so to speak.
Has anyone else experimented with this setup and/or run into similar problems? Thanks!
T500: T9400 (2.53GHz), 4GB RAM, 160GB 7200rpm, 15.4in 1680x1050 WSXGA+ LCD, 256MB ATI Radeon HD3650, DVDRW, Intel 802.11agn wireless, AT&T WWAN, Bluetooth, Modem, 1Gb Ethernet, 9c Li-Ion, Windows 7 Ultimate x64 RC (Build 7100)

You shouldn't have any big issues, but there are a couple of gotchas that Server versions of Windows have (a notable one is the Bluetooth stack). Those are somewhat detailed in the review, though (and that blog also details how to get other features of Server 2008 R2 running).

ACS and Windows Server

Similar Messages

Maybe you are looking for