ACS error, AAA Server is a referenced in the Proxy Distribution Table

Similar Messages

• Acs se aaa server problem

  HI
  I have installed acs se for peap authenetication in a wireless network .
  however when i install the acs se it shows me 2 profiles (self and deliverance) after initial config in the aaa server window of network configuration .
  The name of the default server is delivernace and its ip is 169.x.x.x which is the default nic ip as u can check it out during the initial startup configuration.
  Pls help me to get this fixed

  Hi.
  The name of the ACS SE listed in AAA Server section is "self".
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NetCfg.html#wp341780
  "In ACS SE, the name of the machine is listed as self."
  "deliverance1" is the default ACS SE name(hostname).
  Sometimes what happens is, even if we have ACS SE connected to Netowork during initial configuration. And we change the name of the ACS SE from "deliverance1" to something that we want. After changes has been made, on ACS SE, it comes back, and shows the ip 169.x.x.x associated with the new hostname.
  NOTE: I am considering that during initial configuration ACS SE was connected to network. If not, then this is supposed to happen.
  In order to correct this issue, follow following steps:
  [1] On ACS hardware/appliance go to,
  Reports and Activity > Appliance Status Page >
  From "NIC Configuration", copy the IP address of the ACS SE.
  Interface Configuration > Advanced Options > check "Distributed System Settings" > Submit.
  Network Configuration > under "AAA Servers" > Search > type the IP address of the ACS hardware/appliance > Search.
  Note down the "Name" against the Ip address of the ACS SE.
  Now go to, Network Configuration > under "Proxy Distribution Table" > (Default) > make sure that the name that appeared against the Ip address of the ACS Hardware/appliance is in "Forward To" Column, If it is not, move it , and move all other entries under "AAA Servers" column and press "Submit + Restart"
  And delete the entry from the AAA Server section, that is associated with IP address 169.x.x.x
  [2] Now, if you do not want the name that is shown in the Proxy Distribution Table, and want the one that is there in the section,
  System configuration > Appliance Configuration... Hostname section, associated with the correct IP address. Then do this,
  Establish Serial Console connection to ACS SE,
  Issue the command "set hostname " and then reboot the ACS SE by command, "reboot".
  [3] Once ACS SE is backup, go to, Network Configuration > under "Proxy Distribution Table" > (Default) > And make sure that the new name is in "Forward To" Column > Submit + Restart.
  Now, the correct IP address will be associated with the correct hostname.
  Regards.
  Prem

• ACS Proxy Distribution Table - Logs ?

  Hello,
  I have setup a proxy distribution table in my Cisco ACS v4.2 (patch 6).
  I have two type of users: Suppliers (external) and TI user (internal). They connect to our Internal Network by a VPN SSL connection (AEP Netilla box).
  This box have 2 realms. One for suppliers, another for TI users.
  The aim is that:
  * For the suppliers connect trought the Netilla box which forwards the authentication (RADIUS Authentication) to the ACS which forwards the request to an RSA server.
  * For TI User, they connect trought the Netilla Box which forwards the request (RADIUS Authentication) to the ACS which check the Active Directory.
  => It's working perfectly.
  The problem is that I have no logs from the ACS box about the suppliers which are forwarded to the RSA server. If possible, I want to know which users try to connect, if they are permit (or not) and eventually how many times they are connected.
  The problem is the Netilla box doesn't have Radius Accouting.
  I was hoping that the ACS logs these kinds of connections. (It's working for users, TI users, authenticated by the Active Directory).
  Is-it possible that the ACS forwards only the request without taking attention of what it is forwared (except remove the Character String).
  Is there another way to do what I'm talking about ?
  See my VISIO attachement.
  Thanks in advance for your attention,

  I really hate draggin up old posts, but I have the same exact question.  In my scenario, I am proxying requests for eduroam (basically any user name that ends in .uk, .com, .ca or any other country suffix) off to our national server(s).  I would like to know if/when these requests get proxied over.  smahbub's suggestion only directs where to find the settings for loggin.  I have these enabled, but cannot seem to locate any setting that applies to the proxy distribution table.  If anyone has any idea, it would be greatly appreciated.
  Thanks,

• Error:- No server was available to process the request. Please try again la

  Hi All,
  I have created a report in deskI and trying to execute it through WebI on a large database, but it gives the below mentioned error after almost 30 min.
  Error:- No server was available to process the request. Please try again later. (Error:RFC 00101)(Error:INF)...
  When I run the same report on small database it works fine.
  When trying to execute the same report through SDK also it gives the same error.
  The SQL only execution timing when the report fails is about 23 min.
  What is the reason for this error. can we fix it by changing some configurations on BOXI server.
  Thanks in Advance,

  Hi Prabhat,
  Following solution might be helpful in resolving the issue.
  To resolve the error message
  Log on to the Central Management Console as administrator.
  Click Servers > Desktop Intelligence Report Server.
  Increase the following time-out parameters to at least twice the current value:
  Minutes before Idle connection is closed
  Minutes before an idle report job is closed
  Click Update > Apply.
  The report opens successfully.
  Regards,
  Sarbhjeet Kaur

• About the OS X Mavericks v10.9.5 Update i am trying to update this since yesterday but its saying there is an error in server "Can't connect to the Apple Software Update server.(-1003)" please help

  About the OS X Mavericks v10.9.5 Update i am trying to update this since yesterday but its saying there is an error in server "Can't connect to the Apple Software Update server.(-1003)" please advise with instructions how to update it...
  why i am not allowed

  Try running the combo update.
  10.9.5 Combo Update

• Use of proxy distribution table in ACS v4.0

  HI All,
  We are running with Cisco ACS v4.0 AAA server, Here I need the use of Proxy distribution table.
  Why is this required and what is the functionality of it.
  Regards
  Suresh

  Use ACS as Proxy in a distributed enviornment.
  Using proxy, ACS automatically forwards an  authentication requests from AAA clients to AAA servers. After the  request has been successfully authenticated, the authorization  privileges that you configured for the user on the remote AAA server are  passed back to the original ACS, where the AAA client applies the user  profile information for that session.
  Fallback on Failed Connection
  You can configure the order in which ACS checks remote AAA servers if a  failure of the network connection to the primary AAA server occurs. If  an authentication request cannot be sent to the first listed server,  because of a network failure for example, the next listed server is  checked. This checking continues, in order, down the list, until the  AAA servers handles the authentication request. (Failed connections are  detected by failure of the nominated server to respond within a  specified time period. That is, the request is timed out.) If ACS cannot  connect to any server in the list, authentication fails.
  Stripping
  Stripping allows ACS to remove, or strip, the matched character string  from the username. When you enable stripping, ACS examines each  authentication request for matching information.
  Regards,
  Jatin Katyal
  - Do rate helpful posts -

• HT2404 Already purchase and sign. Lost internet data...aaaahh... .error - "We could not complete your purchase.The product distribution file could not be verified. It may be damaged or was not signed".

  Already purchase and sign. Lost internet data...aaaahh... .error - "We could not complete your purchase.The product distribution file could not be verified. It may be damaged or was not signed".

  Update: i spoke to a very knowledgeable applecare representitive who walked me thrue the process, we were trying to figure out what exactly was preventing Mountain Lion from installing & (after a process of elimination) it turns out you need to be log in as an Admin to download it, we also made sure everything was up-to-date. Downloading Mountain Lion took about 40 minutes (with roadrunner high speed internet, DSL might be a bit slower) once it was downloaded the installation process was very intuititive with just a few clicks and about 35 minutes i had the latest Operating System.

• Error  No server was available to process the request. (Error: RFC 00101)

  Hi,
  I am having this error when I try to refresh a report using SDK
  com.businessobjects.rebean.wi.ServerException: No server was available to process the request. Please try again later. (Error: RFC 00101)
          at com.businessobjects.rebean.fc.internal.ras21.RAS21CPIConnection.processRequest(RAS21CPIConnection.java:175)
          at com.businessobjects.rebean.fc.internal.ras21.XMLviaRAS21Encode.processRequestHelper(XMLviaRAS21Encode.java:680)
          at com.businessobjects.rebean.fc.internal.ras21.XMLviaRAS21Encode.openDocument(XMLviaRAS21Encode.java:1167)
          at com.businessobjects.rebean.fc.internal.ras21.RAS21DocumentComAdapter.openDocument(RAS21DocumentComAdapter.java:62)
          at com.businessobjects.rebean.fc.internal.ras21.RAS21ReportEngineComAdapter.openDocument(RAS21ReportEngineComAdapter.java:100)
          at com.businessobjects.rebean.fc.internal.ReportEngineImpl.openDocument(ReportEngineImpl.java:249)
  But all the servers are running....
  I think it could be a timeout problem or somethingelse. Could someone help me ?
  Do you have ever had this error ?
  Regards

  Error's happening on opening the Desktop Intelligence document - it's unable to connect to a Desktop Intelligence Cache Server.
  To check that the server is up - when the exception happens, are you able to refresh a Desktop Intelligence document in InfoView? 
  Any firewalls between your dev box and Enterprise box?
  Sincerely,
  Ted Ueda

• When ever i'm trying to install an app from the app store i'm getting the following error "We could not complete your purchase - The product distribution file could not be verified. It may be damaged or was not signed", plz help me to rectify this .

  when ever i'm tring to install an app from the app store i'm getting the following error.
  "We could not complete your purchase - The product distribution file could not be verified. It may be damaged or was not signed".
  someone plz help me to overcome this.

  Installing the appropriate combo update may help...
  If you are running v10..7 Lion, install the OS X Lion Update 10.7.4 (Client Combo)
  For 10.6 Snow Leopard >  Mac OS X 10.6.8 Update Combo
  Then restart your Mac. Try the App Store.
  If that doesn't help, try the following..
  Quit the App Store if it's open.
  Open the Finder. From the Finder menu bar top of your screen click Go > Go to Folder
  Type this exactly as you see it here:
  /Library/Preferences/SystemConfiguration
  Click Go
  Move the NetworkInterfaces.plist file from the SystemConfiguration folder to the Trash.
  Relaunch the App Store and try downloading Mountain Lion.
  You may also need to disable anti virus software and turn off the Firewall in System Preferences > Security (or Security & Privacy) > Firewall

• Error in Server log of one of the server  on the clustered environment(OBI)

  Hi
  We had setup Clustered Environment and when we are trying to log in on to the Primary Server which is also Primary Controller, everything is fine on front end but we had faced the following error in the server log as follows : "[46036] Internal Assertion: Condition m_hFile != hFileNull, file .\Src\mfcfile.cpp, line 447."
  Please provide help by letting me know what this error mean and how can we avoid this error.

  What happens if you disable your master BI server, do you get the error in the other BI Server log when you login to Presentation Services?
  The message is an internal error, you need to raise an SR with Oracle to determine why it's happening and how to prevent it.

• Join the SQL Server Msdb.dbo.SysJobSteps to the SSIS Package table dbo.sysssispackages

  I have the following query which returns jobs and jobsteps - for those items which have SSIS Packages attached, I would like to include a link to the results of this query below - to the actual SSIS Package Id - Can someone tell me what the column is that
  references the two ?
  dbo.sysssispackages= dbo.SysJobSteps
  I could parse the "command" label - but would prefer something along the lines of job_id unique identifier.
  SELECT
  Job.job_id,
  Job.name,
  Job.enabled,
  Job.description,
  Job.date_created,
  Job.Date_modified,
  Step.Step_Id,
  Step.step_name,
  Step.subsystem,
  Step.command,
  Step.server,
  Step.database_name,
  step.last_run_duration,
  Step.Last_run_date
  FROM Msdb.dbo.SysJobs JOB
  INNER JOIN Msdb.dbo.SysJobSteps STEP ON STEP.Job_Id = JOB.Job_Id
  John

  Parse the command column to get the SSIS package file name may be your only option here.

• IBooks Author.....Download error. What does this mean? "The product distribution file could not be verified. It may be damaged or was not signed."

  This is happening when I try to download ibooks. It just doesn't work?

  Try this...
  Quit the App Store if it's open.
  Open the Finder. From the Finder menu bar top of your screen click Go > Go to Folder
  Type this exactly as you see it here:
  /Library/Preferences/SystemConfiguration
  Click Go
  Move the NetworkInterfaces.plist file from the SystemConfiguration folder to the Trash.
  Relaunch the App Store and try downloaing Mountain Lion.
  Might also need to disable anti virus software and turn off the Firewall in System Preferences > Security & Privacy > Firewall.

• AAA server logs replication

  •1.       We have two locations and require Cisco ACS 5.x for each location.
  •2.       Both locations are connected via MPLS link.
  •3.       Need to deploy both ACS in Active-Active OR Active-Standby.
  •4.       The idea is that users in network A will have their primary ACS as ACS A and secondary ACS as ACS B.
  •5.       Similarly users in network B will have its primary ACS as ACS B local to their LAN.
  If ACS in network A goes down, then users in network A should be able to authenticate using ACS B in remote network and vice versa.
  •6.       Now what we got to understand by reading ACS documents is that incase one of ACS goes down, the accounting logs do not get replicated to secondary ACS and vice versa.
  •7.       I would like to have a kind of setup where in  Accounting logs are also replicated between ACS servers. The idea is that, I should have complete logs of both the servers up to the time till one of the ACS breaks down.
  Kindly let me know if the accounting logs can be replicated in the manner as mentioned above.
  Also let me know the typical bandwidth utilized during replication of ACS A to ACS B.
  We have around 500 users combining both sides.
  Our proposal is dependent upon working of the above solution…kindly see if ACS5.x will work in the above scenario as we need to propose the same.

  I hope I get your question correctly. The AAA group tag is local to the AAA Client and has nothing to do with the AAA Server (e.g. ACS). It is meant to group more than one TACACS/RADIUS server.
  Proxy Distribution Table is used when you have Multiple ACS servers and you want to route incoming AAA requests to particular server(s) based on pre-defined criteria. Like user1@NY should be redirected to the NewYork ACS.
  Regards
  Farrukh

• Adding AAA servers to ACS to use Proxy RADIUS distribution Table

  Hello,
  I've added two non ACS radius servers (Radiator) to the AAA servers on Network Config, in order to use them on a proxy distribution table.
  I had problems authenticating users through those servers and I did a sniffer trace on the outside interface of the ACS.
  What I saw is that ACS sends packets to the AAA server configured as RADIUS on port 1645, not 1812, the expected standard, and port to which the others servers are listening to. How can I change this behaviour?
  Thanks
  Gustavo

  ACS by default will listen on both ports 1645 and 1812, the two "standard" Radius ports. However, when talking to a proxy server it will only send them on 1645, by default. To change this you have to go into the registry and change it as follows:
  Under [HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.x\Hosts\\RADIUS] (where is the server you want to send the 1812 reuests to, and note that you may have to add the RADIUS key if it isn't there already), you can add the following:
  "authPort"=dword:0000066e <<---- 1645
  "acctPort"=dword:0000066d <<---- 1646
  "timeout"=dword:00000001
  "single connection"=dword:00000000
  "strip users"=dword:00000000
  You don't need all of them, you can just change the authPort to 1812 (714 in hex) and acctPort to 1813 (0x715) and you should be good to go. Make sure you reboot the server after making the registry changes. Keys are case-sensitive too so make sure you type them in EXACTLY as I've shown above.

• AAA server group tag

  is the "AAA server group tag" the same as the proxy distribution entry.
  trying to setup my asa for tacacs+
  cisco# aaa-server ?
  WORD < 17 char Enter a AAA server group tag

  I hope I get your question correctly. The AAA group tag is local to the AAA Client and has nothing to do with the AAA Server (e.g. ACS). It is meant to group more than one TACACS/RADIUS server.
  Proxy Distribution Table is used when you have Multiple ACS servers and you want to route incoming AAA requests to particular server(s) based on pre-defined criteria. Like user1@NY should be redirected to the NewYork ACS.
  Regards
  Farrukh