ACS UCP Issue

Similar Messages

• ACS UCP banner logo changes asistance required

  Dear all,
  I'm looking for help from ACS expert about UCP (User Change Password) the landing page banner logo changes. Your advice is very appreciated. Let me explain in details.
  My company has ended the contract with vendor back to few months ago. All the network devices included ACS are now handed over to our management. The ACS UCP (User Change Password) landing page has been changed by previous vendor from Cisco logo to their company Logo. Since now the device has been changed management. My manager would like this logo to change it back to my company logo. I had try to search through the whole ACS clickable function but no luck and try to search through Cisco link but do not find the related documents.
  Can any ACS expert to guide me or link me to the correct document what should I do to make this changes? The sample of Cisco UCP page are attached, the logo i meant is the top left corner logo. I brush it out and replace with ABC company.TQVM.
  Very very appreciate your advice.
  Regards
  Chong

  If you have the webpage directory of the UCP you can use the tools within IE, Mozilla or Chrome to find out which image is used in the webpage. This depends on how the webpage was construced meaning if a style sheet or simple html tag for the logo your are looking to replace.
  You will most likely need to restart the web server. (always keep a backup of your old config and track your changes carefully).
  You can try to ask TAC to see if they can provide assistance, but this is not supported, only the test code they provide falls within support any customization is expected to be documented on the customer's end for scenarios like this, however it doesnt hurt to ask. You can also suggest someone at your company if you have a web development team (I do not mean to sound insulting in anyway, but I myself could not build a webpage to save my life and have always found luck when my customer's provide web development code that I can play with and modify if needed).
  Mozilla -
  https://developer.mozilla.org/en-US/docs/Tools/Page_Inspector
  Chrome -
  http://webdesign.about.com/od/chrome/a/view-source-chrome.htm
  I.E.-
  http://support.microsoft.com/kb/176222
  You should be able to google for additional browsers as well.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• ACS replication issue on VMware ESX 3.5

  I have just installed ACS 4.2 on two VMware hosts. I've configured database replication but it won't work. The error message is "shared secret mismatch". This error message occurs if a NAT device is in the path (which it isn't in this case) or if the tcp header is otherwise changed during transmission. I'm wondering if VMware is adding something to the TCP header. Has anyone come across this problem before or has anyone successfully implemented ACS replication when both hosts are on VMware?
  Thanks.

  Hi,
  I see that you are getting "shared secret mismatch error" under database replication logs. Just wanted to inform you that this is not because of nat'ed device. This happens when we have different keys for AAA servers on primary and secondary ACS.
  The primary server must be configured as an AAA server and must have a key.
  The secondary server must have the primary server configured as an AAA
  server and its key for the primary server must match the primary servers own
  key. The shared secret key should be same on the both the ACS's.
  I am sending you one link for Setting Up Replication for Cisco Secure ACS, I
  am sure this example with screen shots gives you better understanding.
  Please visit the below suggested ULR:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration
  _example09186a00800e518a.shtml
  If that doesn't resolve the issue, please let me know if you see any server with this ip address 127.0.0.1.
  HTH
  JK
  -Plz rate helpful posts-

• Password aging with ACS + UCP in a wireless network.

  Hello
  We want to use ACS in our wireless network, but we would like to allow users to change their own passwords, so we want to use UCP.
  Additionally, we want to force them to change their passwords after a period of time or number of logins.
  Is it possible to use password aging based on time or number of connections when users connect through UCP web interface?
  Also, does using UCP requiere some kind of additional license/payment?
  Thanks.

  Juilo,
  No the UCP sample scripts have to run on a seperate ACS server and you have to enable the ucp intefaces through the cli to accept the UCP requests from the other server.
  Here is a link that will help you.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_config.html#wp1105672
  Tarik Admani
  *Please rate helpful posts*

• 802.1x - ACS authentication issue.....

  I will attempt to explain the history of our wireless controller configurations as best I can.  We are currently using a 4400 controller running 7.x software which authenticates to and ACS 4.1 appliance.  All of this was set up prior to my arrival on the job and the previous engineers had already left with no documentation in place so I'm trying to piece it together.  The ACS is setup to map to AD for specific groups. 
    In the controller we have an SSID called triton which is our corporate SSID that all internal users connect to.  Three different interfaces have been defined, a general one for most users and two others( lets call them INT1 and INT2) that place users on separate ip networks.  The reason for this is those ip networks can reach certain services that are not allowed for general users.  ACS maps those users upon authentication to the Vlans associated with those separate ip networks.
  Problem 1.  When I first took this job, users could not map drives or any services because only user authentication was taking place..After some troubleshooting and realization that ACS was authenticating, placing the "Domain Computers" group as an ACS group mapping fixed that issue, allowing the computers to authenticate prior and therefore execute the login script
  Problem 2.  Recently it has come to my attention that some of the users on one of the other interfaces (INT1 and INT2) that should be placed in the vlans associated with their AD group mapping are not.  Upon further investigation it was discovered that the reason they are not is that the authentication is not correct.  When the computer first authenticates before the user logs on its shows in ACS as host/xxxxx.yyyy.org where the user authentication shows as xxxxx/username .  So some of the computers never change from authenticating as a host to a user and the ip address ends up in the wrong vlan.
  Please help.  I'm not extremely familiar with Cisco 802.1x setup and the documentation is poor at best.

  Ok, maybe I should be asking what the proper way to set up both machine authentication and user authentication through the 4400 and ACS 4.1 is then.
    The topology that I know of is this.  Single 4.1 ACS appliance and single 4400 controller with approximately 35 LWAPP's.  In the past ONLY user authentication was being used which presented problems with Group Policies and login scripts executing.  Adding the AD "Domain Computers" group as an ACS mapped group solved that problem by allowing the domain computers to authenticate and gain access to the network prior to logon (but maybe they were still actually using "user authentication"?).  Not sure if this was the proper way to solve the issue but it worked and we at the time didn't notice any side effects.  Although now we are seeing users end up in the wrong VLans and when we look at the logs in the controller the computer they are on is only registering as host/xxxx.yyyy.org (machine authentication) which drops them into the default vlan instead of the vlan which they should be based upon AD group membership from ACS.
    I am very familiar with other wireless products and controllers such as Aruba.  In the Aruba, when the machine first booted up and gained access to the network it was using machine authentication, but as soon as the user logged on the supplicant would push the user credentials and change the method to user authentication.  In the Aruba we used the windows supplicant.  I'd like to do the same with Cisco. 
    As far as I can tell, there is only a server side (ACS) certificate from Thwate that is used to authenticate.

• ACS Replication Issue

  Yesterday we had two ACS 4.0 servers installed on Windows 2000 Domain Controllers that were working great. ACS1 was the primary server and replication was configured to send to ACS2. ACS2 replication was configured to receive from ACS1.
  We lost ACS2 yesterday so I installed ACS 4 on a 2003 Domain Controller (ACS3). I installed ACS3, went into network configuration and added ACS1 as an AAA server.
  I then logged onto ACS1 and added ACS3 as an AAA server and configured ACS3 as a replication partner.
  It is not replicating - if I look at the log I get
  ERROR, ACS 'ACS3' has denied replication request
  I do not have the primary as a replication on the secondary.
  I have some screen shots of the configuration from ACS2 and I've duplicated everything I've could (except for name and IP).
  Any ideas on what I can try next?

  I had what seems to be the same issue.
  In my case I have two ACS SE 1113 appliances, but the issue could still be the same with your Windows servers.
  The appliance has two NIC's - I had both of the NIC's connected. Although the appliance only allows you to use the Primary NIC (the bottom one) ACS still detected the Secondary NIC and creates an additional "AAA Server" entry under the "Network Configuration" tab called "self". You should only have one "self" entry in your AAA Server list, not two.
  Unfortunately I couldn't find a way to undo this. So I disconnected the Secondary NIC (the top one) and used the recovery CD to reload both of my ACS devices. Now everything works just fine.
  - Nate

• ACS error issue

  Hi All
  My customer is having a strange issue with his ACS.
  the current error is as follows
  ShellProfile,12/03/2012,13:18:26:709,ERROR,3058101152,NIL-CONTEXT,DeviceAttrFactory::createAttrValue with marker
  = *,DeviceAttrFactory.cpp:29
  Also when he tries to create show run he gets the following error however, the config does get created.
  % Error: acs manifest has no TAC information
  before I run to the TAC, has anyone experienced this, i was not able to find anything on the net, not even spam link
  Absolutely 0
  thanks in advance
  lancellot

  Aamir,
  I'm sure you've got this resolved still adding my inputs in case someone else facing the same issue.
  The reason why you're seeing this error message
  22043  Current Identity Store does not support the  authentication method
  because LDAP doesn't support PEAP-MSCHAPv2. It only supports PAP in non-EAP requests and EAP-TLS, EAP-GTC and PEAP-GTC in EAP requests.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide
  /eap_pap_phase.html#wp1014889
  If you can't change the EAP flavor in your network, then you can migrate to Active directory as it supports peap-mschapv2.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• ACS CERTIFICATE ISSUE

  Hi
  We have Cisco AP's set up around our buiding. This is controlled by our WLC. We also have a Cisco ACS server set up. Some of our domain users are able to go our customers sites which are on different domains and are able to gain access to thier own home domains by logging on with laptops. I know the customers IT department are using RADAIUS and ARUBA Wireless.
  I have been asked if we can allow customers to come to our office and allow then to log onto thier laptops, connect remotly through our wireless and let them connect to thier domain.
  I believe this is possible through the ACS server, The ACS server would have the customer domain name configured in user and identity, Radius identity servers. The user would log in and authentication and would be directed through a different vlan to the cust AD.
  I have set up a test WAP on our WLC, Logged in with a laptop which is running windows 7 that does not belong to our domain. The ACS can see this but will not grant access. I believe that this is a certificate problem.
  Are there any settings that I may have missed or can anyone shed any light or advice on this please. 
  Thank you
  Regards

  Jayesh,
  You can use the radius proxy feature in ACS, when the external users connect you can build a rule such that "username ends with external.com" to use the radius proxy server "A". you will need to build the proxy connect with their radius server.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• ACS performance issues

  Hi all,
  I wonder how to increase performance for ACS reporting in our SCOM 2012, we have the reporting server installed on the management server and the ACS database on another server.
  When we try to open a report with ACS, it is taking long time and for one day and exporting it takes too long with no luck.

  Hi,
  this is a very broad question and
  there is no easy answer.
  From a high level view we are talking about at least three things:
  SQL DB Engine performance,
  Reporting Services performance,
  Query performance.
  You can find a lot of articles on this
  topic here are just a few:
  SQL DB Engine
  http://blogs.msdn.com/b/indrajit/archive/2013/12/12/sql-server-database-engine-performance-tuning-basics.aspx
  SSRS
  http://blogs.msdn.com/b/sqlcat/archive/2013/10/30/reporting-services-performance-and-optimization.aspx
  http://technet.microsoft.com/en-us/library/bb522786.aspx
  http://www.sqlservercentral.com/Tags/Reporting+Services+(SSRS)/Performance+Tuning/
  http://www.mssqltips.com/sqlservertip/2328/sql-server-reporting-services-reports-performance-debugging-and-analysis/
  Regards,
  Ivan

• ACS RDBMS issue

  Hello guys,
  actually I was happy founding the RDBMS function in AAA to get my hundred of aaa clients into the database, but now I am stuck with the a problem.
  I would like to summarize some aaa devices in one AAA entry, which means it will have several ip adresses inside.
  According to the RDBMS function I can only add 1 ip adress per csv-line. Is there no work around to push more in the aaa entry without adding them manually?
  If I try by using several csv-lines with the same name, but different ips, I just get an error.
  Thanks for your help!

  You can not use several IP in one AAA client entry. But you have the following options,
  1. You can define a NDG "network device group" and put the same type of AAA client into the group.
  Or.
  2. You can use "Wildcard asterisk" or IP range to include multiple IP address with one AAA client, like 10.1.1.* or 10.1.1.1-10.1.1.100.

• Unable to setup ACS UCP ver4.1 in Windows 2003 Server Standard

  Please refer to the attachment "error.JPG". When i launch the setup.exe, it show me the error message. Seem like the setup file is created for 16bit OS. Anyone can help?

  Ensure that the web server uses Microsoft IIS 6.0 (included with Windows Server 2003).This error states that the setup.exe file is missing and so i think that the error is in installing the UCM.so reinstall the UCM by following the procedures provided in the installation guide.

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• ACS 5.3 Dot1x for Wired/Wireless

  Hi Community,
  I have a query regarding ACS 5.3 installation. I have wired and wireless clients in my setup, with Nexus 5k and 45k Switches and WLC-5508. Also we are using MicroSoft AD to authenticate clients for Network access.
  My questions are
  1.       Can we configure dot1x in this scenario to use Password only (no certificates needed at all)? OR we must need certificates in order to config it perfectly (like AD and ACS synch issues etc)?
  2.       If Yes can someone point out to any good docs that can help  ?
  Regards,
  Hammad

  Hi Jatin,
  Thanks for the tips earlier. However I installed ACS 5.4 and then configure the server from scratch.
  I am getting MAB as well as Dot1X authentication. But for two different users getting two different results for DOT1X, Wondering why is this happening? is it a ACS/Switch config issue or is it related to AD?
  I am finding one user is getting perfectly authenticated while the Other is showing "Authorization failed" yet still able to access the NW.
  #$cation sessions interface tenGigabitEthernet 1/1/12
             Interface: TenGigabitEthernet1/1/12
           MAC Address: 28d2.4421.109c
             IP Address: 10.160.193.100
             User-Name: ABC\shuser
                 Status: Authz Success
                 Domain: DATA
       Security Policy: Should Secure
       Security Status: Unsecure
         Oper host mode: multi-auth
       Oper control dir: both
         Authorized By: Authentication Server
          Vlan Policy: N/A
               ACS ACL: xACSACLx-IP-SSH-PERMIT-ALL-5270ce52
       Session timeout: N/A
           Idle timeout: N/A
     Common Session ID: 0AA000010000010548A006AC
       Acct Session ID: 0x000007A4
                 Handle: 0xA1000106
  Runnable methods list:
         Method   State
         dot1x   Authc Success
  CS01#
  CS01#
  CS01#$cation sessions interface tenGigabitEthernet 1/1/12
             Interface: TenGigabitEthernet1/1/12
           MAC Address: 28d2.4421.109c
             IP Address: 10.160.193.100
             User-Name: host/TESTPC01.sportshub.com.sg
                 Status: Authz Failed
                 Domain: DATA
       Security Policy: Should Secure
       Security Status: Unsecure
         Oper host mode: multi-auth
       Oper control dir: both
         Authorized By: Authentication Server
           Vlan Policy: N/A
       Session timeout: N/A
           Idle timeout: N/A
     Common Session ID: 0AA000010000010648A11C04
       Acct Session ID: 0x000007AD
                 Handle: 0x61000107
  Runnable methods list:
         Method   State
         dot1x   Authc Success
  ================================
  SWITCH PORT CONFIG:
  int ten1/1/9
  switchport mode access
  dot1x pae authenticator
  dot1x port-control auto
  authentication host-mode multi-auth
  authentication violation restrict
  dot1x timeout tx-period 10
  dot1x timeout quiet-period 20
  authentication timer reauthenticate server
  dot1x max-reauth-req 3
  Regards,
  Hammad

• Acs se aaa server problem

  HI
  I have installed acs se for peap authenetication in a wireless network .
  however when i install the acs se it shows me 2 profiles (self and deliverance) after initial config in the aaa server window of network configuration .
  The name of the default server is delivernace and its ip is 169.x.x.x which is the default nic ip as u can check it out during the initial startup configuration.
  Pls help me to get this fixed

  Hi.
  The name of the ACS SE listed in AAA Server section is "self".
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NetCfg.html#wp341780
  "In ACS SE, the name of the machine is listed as self."
  "deliverance1" is the default ACS SE name(hostname).
  Sometimes what happens is, even if we have ACS SE connected to Netowork during initial configuration. And we change the name of the ACS SE from "deliverance1" to something that we want. After changes has been made, on ACS SE, it comes back, and shows the ip 169.x.x.x associated with the new hostname.
  NOTE: I am considering that during initial configuration ACS SE was connected to network. If not, then this is supposed to happen.
  In order to correct this issue, follow following steps:
  [1] On ACS hardware/appliance go to,
  Reports and Activity > Appliance Status Page >
  From "NIC Configuration", copy the IP address of the ACS SE.
  Interface Configuration > Advanced Options > check "Distributed System Settings" > Submit.
  Network Configuration > under "AAA Servers" > Search > type the IP address of the ACS hardware/appliance > Search.
  Note down the "Name" against the Ip address of the ACS SE.
  Now go to, Network Configuration > under "Proxy Distribution Table" > (Default) > make sure that the name that appeared against the Ip address of the ACS Hardware/appliance is in "Forward To" Column, If it is not, move it , and move all other entries under "AAA Servers" column and press "Submit + Restart"
  And delete the entry from the AAA Server section, that is associated with IP address 169.x.x.x
  [2] Now, if you do not want the name that is shown in the Proxy Distribution Table, and want the one that is there in the section,
  System configuration > Appliance Configuration... Hostname section, associated with the correct IP address. Then do this,
  Establish Serial Console connection to ACS SE,
  Issue the command "set hostname " and then reboot the ACS SE by command, "reboot".
  [3] Once ACS SE is backup, go to, Network Configuration > under "Proxy Distribution Table" > (Default) > And make sure that the new name is in "Forward To" Column > Submit + Restart.
  Now, the correct IP address will be associated with the correct hostname.
  Regards.
  Prem

• Error Starting Adtser service [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near '!'.

  Been fighting ACS upgrade issues since we upgraded to R2.  Every night the ACS service fails.  When I start it back up I get the following error.  
  It looks like the DbCreatePartition.sql and/or DbDeletePartition.sql scripts are not running as we have a lot of views prefixed dvAll, dvAll5, etc.  but no actual view of this name as is supposed to be and reports for user activity are throwing an error.
   I have done everything I can find on the blogs, but nothing is helping.  We have almost a terabyte of data in this database and reinstalling a new database is 99% out of the question.  
  I dont know if its permission related or not, but I am up to here with this ACS server.
  Any help would be great, thank you
  Warm Fuzzies!

  Hi,
  If Event 4618  is logged when the updating process sets permissions on certain stored procedures.
  You can safely ignore event 4618 in this scenario.
  Here is more details, please refer to the below link:
  Event 4618 is logged when you use the AdtSetup.exe program to update an Audit Collection Services installation in System Center Operations Manager 2007
  http://support.microsoft.com/kb/949452/en-us
  And if the event indecate logon failed, then the below article could be helpful:
  http://blogs.technet.com/b/jonathanalmquist/archive/2008/03/13/adtserver-event-id-4618-logon-failed.aspx
  AdtServer Event ID 4618 - Logon Failed
  Regards,
  Yan Li
  Regards, Yan Li