ACS v 4.1 ID # or serial # ?
Hello,
We have an ACS version 4.1 on our environment running on a win 2003 server and I would like to know how to find the serial # or ID of the application to see if we have a support contract for it ??
Thanks for your help
I have installed ACS servers from v3.2 to v5.1 (Windows and Appliances) and none of the software on the pre v5.x ACSs came with any serial number to identify the ACS or to use with an install. Only the v5.x ACSs use a licence key.
Similar Messages
-
Hi,
I have 2 ACS SE.
However i cannot connect to the serial console on either of them, I have checked the settings and they are definatley correct.
I was able to connect to them upon install btw.
Also if i reboot them i get all the bios boot info then nothing, no prompt etc..
Do I need to enable something to make this work again??
Any ideas??
Thanks ScottHi,
Please check the following settings
Establishing a Serial Console Connection
Before you can perform the initial configuration of ACS SE, you must establish a serial console connection to it. This procedure requires a PC, two DB-9 to RJ-45 adapters (provided), an RJ-45 cable (provided), and terminal emulation communication software (Hyper Terminal or equivalent).
To establish a serial console connection:
Note If you performed the procedure in Connecting Cables, you can skip to Step 2.
Step 1 Connect a console to the serial console port on the back panel:
a. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the console.
b. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the ACS SE. For the location of the serial port, see Figure 1-3.
c. Use an RJ-45 cable (provided) to connect the console to the ACS SE.
Tip You may also use a serial concentrator connection, if desired.
Step 2 Power on ACS SE and the console, and open your terminal emulation communication software on the console.
Tip See Figure 1-2 for the location of the power switch on ACS SE.
Step 3 Set your terminal emulation communication software to operate with the following settings:
â¢Baud = 115200
â¢Databits = 8
â¢Stops = 1
â¢Flow control = None
â¢Terminal emulation type = ANSI
Result: The login: prompt appears.
If after this you are unable to have console access I will suggest to apply the console patch that will fix any console issue.
You can get this patch with TAC. -
No access to serial console in ACS appliance 111
We have 2 Cisco ACS appliances running version ...
Cisco Secure ACS 3.2.2.5
Appliance Management Software 3.2.2.5
Appliance Base Image 3.2.2.1
The fact is that after initial setup, we have never used the console mainly because in a production environment we manage them through the Web Admin application. Now we have decided to upgrade both appliances to the latest version (3.3.3) and when we tried to connect to the serial console (115200,N,8,1, no flow control) we don't get any response from none of both ACS. It's quiet strange but we have found no way to make them work. We have tried several things I expose to you in case you can give us any hint:
1. We have rebooted the appliance and we can see through the console all the start-up process but when it finally finishes the start-up, we see no login prompt.
2. We have also shutdown the appliance properly and power it off and on again. Same results. The appliances boot normal but still we don't have console access.
3. We have tried boot the appliance with the recovery CD-ROM and the console works fine. I can reset the Admin password, but when it restart from its own system ( I mean without the recovery CD_ROM), I can see all the starting messages but when it finish the start-up process ... no console access.
4. Finally I have connected a monitor and a keyboard to the appliance ( I know Cisco dosn not recommned it but when in trouble....) and I see the full start-up process and it includes the base Windows 2000 server operating system startup. When Windows finishes loading, we get a lock screen in which the appliance informs you that it have started correctly and that we could access it for management through the serial console port or through the web console. 10 seconds later I see a pop up window stating that on or more services have not started correctly and that we shoulkd check the Event viewer, something we wished we could do but as you you, this is a secured system and I don't know if there is a back door method to verify windows services in this appliance.
Any help would be appreciated, as the problem is identical in both the appliances and upgrading them without access to the admin console is difficult and risky.
Kind regards.Hi
I had similair problem being locked out of console after initial configuration wizard.
I think there is a bug within the console session in that if you input a hostname of more than 15 characters, it locks up the ACS service when the server reboots. If you keep your hostname to less than 15 characters, the server reboots and you get console access. If you then access the GUI, you will see that 15 characters is the maximum, and you cannot enetr any more than this. This is not the case with the console, where you can enter more than 15 without getting an error message.
I rescued the server by doing F8 and rebooting server with last known good configuration. from there, you can reset the hostname to something valid. You can check to see which CS services are running through console session, and start any services that may not be running..
deliverance1> start CSAgent
Starting service: CSAgent..
CSAgent is starting
CSAgent is running
Regards
Ian -
Cannot upgrade serial number after download. 'This serial number is not for a qualifying product'. Trying to upgrade from ACS 5.5 Design Premium to ACS 6 Design Standard
start the installation of design premium cs5.5 just to make sure you're using the correct serial number. once your serial number is accepted you'll see a screen giving you the option to install none, some or all of the cs5.5 programs. at that point you can quit and not install anything having verified your cs5.5 serial number if you want nothing cs5.5 on your computer.
on the other hand, if your cs5.5 serial number is not accepted, you'll pinpoint the problem.
or, if your cs5.5 number is accepted, you could install a cs5.5 program and then install cs6. it should recognize you have a cs5.5 program installed and NOT prompt you for you cs5.5 serial number allowing you to continue with your cs6 installation. -
Get serial number of ACS 38 CCID smart card reader to identify it.
I m working over native card , and for security i want to get the special feature of smart card reader (serial number or anything) to make it distinguish with other reader. I am using ACS 38 CCID reader.
what i did to find this-
1- in Winscard.h , there are a function with name - SCardGetAttribute() , when i am using this for getting serial number , it is showing error like- Error 0x00000032 :- the request is not supported. while it is giving serial number when i am using other reader - SCM Microsystems Inc.
2- when i go for registry ,
HKLM\SYSTEM\CURRENT CONTROL SET\SERVICES\A38CCID\ENUM . i found there a
string - usb\vid_072f&Pid_90cc\5&3873a573&0&2 (Device Instance Id) but for number of reader ,its similar. so here i am fail again.
Is there any way to get this or i need to consult with manufacture?
I already use javax.smartcardio.*; is there any function to get the detail of reader connected????I'd bet my last Euro it's the second FRU you mentioned, 04W1637, because all FRUs, and all Lenovo MTMs and order numbers that I have ever seen consist of 7 digits or letters, this was so in the IBM days and has been the case ever since.
Andy ______________________________________
Please remember to come back and mark the post that you feel solved your question as the solution, it earns the member + points
Did you find a post helpfull? You can thank the member by clicking on the star to the left awarding them Kudos Please add your type, model number and OS to your signature, it helps to help you. Forum Search Option T430 2347-G7U W8 x64, Yoga 10 HD+, Tablet 1838-2BG, T61p 6460-67G W7 x64, T43p 2668-G2G XP, T23 2647-9LG XP, plus a few more. FYI Unsolicited Personal Messages will be ignored.
Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество
PepperonI blog -
How to find Cisco ACS serial number
Hi guys, quick question, how can I find Cisco ACS serial number on my existing ACS (application)? Customer asked me because the product should be updated but I don't know where to find this information and I also don't know where I put the paperwork in the past as I installed to ACS.
Thanks in advance,
André HarasimHi guys, quick question, how can I
find Cisco ACS serial number on my existing ACS (application)? Customer
asked me because the product should be updated but I don't know where
to find this information and I also don't know where I put the paperwork
in the past as I installed to ACS.
Thanks in advance,
André
Harasim
Hi Andre,
If it is ACS appliance then serial number sticker will be on the top floor of the ACS box you need to check physically for confirmation of tha serial number.
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
Serial Number: ACS 5.5 Design Standard?
I purchased the disc of the Adobe Creatiove Suite 5.5 for educational users and cannot find the serial number anywhere. Inside the there is a long code, but it won't let me type the letters in, only the numbers. Do I have to send off for a specific code?
Try Serial number, Redemption, and Product codes | Student & Teacher Editions
-
Problems with access to serial port using reentrant code
Hi,
I have a VI that send commands and receive answers from an instrument using
de serial port.
This VI runs perfectly when used alone.
However I'm trying run two instances of that VI simultaneously using
reentrant code and I'm facing some problems.
Sometimes everything is OK but sometimes, in the process of writing to
serial port the following error happen:
Error code 36.
Invalid refnum device.
What is this?
Does someone know how to prevent this?
Thanks in advance for any help."Paro, Paula [CMPS:2721:EXCH]" wrote:
>
> Hi,
>
> I have a VI that send commands and receive answers from an instrument using
> de serial port.
> This VI runs perfectly when used alone.
> However I'm trying run two instances of that VI simultaneously using
> reentrant code and I'm facing some problems.
> Sometimes everything is OK but sometimes, in the process of writing to
> serial port the following error happen:
> Error code 36.
> Invalid refnum device.
>
> What is this?
> Does someone know how to prevent this?
>
> Thanks in advance for any help.
You can't use reentrant vi's vith serial vi calls without supervising of
driver.
Use VISA instead and you have to control the VISA session opening and
closing. Another word is that the only one serial port sess
ion should be
opened at a time.
Reentrant vi's for serial port without checking serial port session is a
mistake of program algorithm. Change it in any convenient way.
Sergey Krasnishov
Automated Control Systems
National Instruments Alliance Member
Moscow, Russia
[email protected]
http://acs.levsha.ru -
Hi there,
We have an implementation of Cisco Secure ACS 4.1.4 using RSA SecurID as its authentication source to provide role-based access control and command level authorisation.
We have succesfully deployed this our routers/switches, and are now looking at configuring Cisco PIX/ASA devices to use ACS and have stubbled across issues.
Config on PIX/ASA (note we actually have 4 ACS servers defined for resilience etc):
aaa-server XXXXX protocol tacacs+
accounting-mode simultaneous
reactivation-mode depletion deadtime 1
max-failed-attempts 1
aaa-server XXXXX inside host <SERVER>
key <SECRET>
timeout 5
aaa authentication telnet console XXXXX LOCAL
aaa authentication enable console XXXXX LOCAL
aaa authentication ssh console XXXXX LOCAL
aaa authentication http console XXXXX LOCAL
aaa authentication serial console XXXXX LOCAL
aaa accounting command XXXXX
aaa accounting telnet console XXXXX
aaa accounting ssh console XXXXX
aaa accounting enable console XXXXX
aaa accounting serial console XXXXX
aaa authorization command XXXXX LOCAL
Problems:
Enter PASSCODE is NOT displayed on first attempt to logon to the PIX/ASA because it does not attempt to communicate with ACS until username/pass is sent.
Username with null password (e.g. CR) will correctly then display Enter PASSCODE prompt received from ACS.
PIX/ASA does not attempt to authenticate against all configured TACACS+ servers in one go, instead it tries each sequentially per authentication attemptâ¦.e.g.
1st Attempt = Server 1
2nd Attempt = Server 2
3rd Attempt = Server 3
4th Attempt = Server 4
This means that in total failure of ACS users will have to attempt authentication N+1 times before failing to LOCAL credentials depending on number of servers configured, this seems to be from setting "depletion deadtime 1" however the alternative is worse:
With âdepletion timedâ configured, by the time the user has attempted authentication to servers 2,3 and 4 the hard coded 30 second timeout has likely elapsed and the first server has been re-enabled by the PIX for authentication attempts, as such it will never fail to local authentication locking the user out of the device, the PIX itself does warn of this with the following error:
âWARNING: Fallback authentication is configured, but reactivation mode is set to
timed. Multiple aaa servers may prevent the appliance from ever invoking the fallback auth
mechanism.â
The next issue is that of accounting.....AAA Accounting does not record âSHOWâ commands or session accounting records (start/stop) or âENABLE".
The final issue is ASDM. We can login to ASDM successfully using ACS/RSA SecurID, however when a change is made to the configuration ASDM repeatedly sends the users logon credentials multiple times.
As RSA SecurID token can only be used once this fails and locks the account.
Any ideas on how to make two of Ciscos leading security products work together better?Just re-reading the PIX/ASA 7.2 command reference guide below:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/crt_72.pdf
It appears some of the above are known issues.
PASSCODE issue, page 2-17 states:
We recommend that you use the same username and password in the local database as the
AAA server because the security appliance prompt does not give any indication which method is being used.
Failure to LOCAL, page 2-42 states:
You can have up to 15 server groups in single mode or 4 server groups per context in multiple mode. Each group can have up to 16 servers in single mode or 4 servers in multiple mode. When a user logs in, the servers are accessed one at a time starting with the first server you specify in the configuration, until a server responds.
AAA Accounting, page 2-2 states:
To send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode.
ASDM issue, page 2-17 states:
HTTP management authentication does not support the SDI protocol for AAA server group
So looks like all my issues are known "features" of PIX/ASA integration with ACS, any ideas of how to achieve a "slicker" integration?
Is there a roadmap to improve this with later versions of the OS?
Will the PIX/ASA code ever properly support the same features as IOS?
Would it be better to look at using something like CSM instead of ASDM? -
We are unable to manage our ACS
Accidentally the power to the ACS server was switched off and then on again. But after the power on though the device came up successfully; we are not able to manage it.
We are unable to manage our ACS. We have a configuration back-up.
1) by HTTPS. The cert can not be added manually on the browser in any way. Looks like an application error. Tried several different browsers.
ACS details:
CSACSE-1113-K9 Cisco secure ACS 4.x solution engine 1113 Appliance CSACSE-1113-K9v01
when i try https:abc001:2002/
I get he following pop up error message:
Secure connection failed.
an error occurred during connection to abc001:2002. certificate type not approved for application.(Error code:sec_error_inadequate_cert_type)
.the page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
.please contact the web site owners to inform this problem. Alternatively, use the command found in the help menu to report this broken site.
2) by SSH. xxxxx is the administrator account.
We can login but there are no commands available
abc001>help
command Description
? List commands
exit Log off
help List commands
csdbsync -syncnow RDBMS synchronization
abc001>?
command Description
? List commands
exit Log off
help List commands
csdbsync -syncnow RDBMS synchronization
2)Tried with a serial cable, but we only get some rubbish on the screen. We tried different serial cables. These cables work on other appliances (WLC controller and Cisco switches) but not on the ACSHi,
The issue which you are facing comes when you the certificate installed on the ACS is either not correct or has gone corrupt. You would not be able to install a fresh certificate on the ACS Appliance through console or SSH.
You can open a TAC case and send a backup of the ACS database, they might be able to correct the database. Otherwise the only other option is to reimage the ACS Appliance.
To access an ACS Appliance from the console, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/instalap.html#wp1065399
To administer the ACS Appliance, take a backup etc., you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/admap.html
Regards,
Kush -
Hi
When I SSH to my ASA is there anyway to go straight to enable mode? We use RSA SecurID which means I have to wait for the token to change before I go into enable mode at the moment.
ASA config:
aaa authentication ssh console CISCO-ACS LOCAL
aaa authentication serial console CISCO-ACS LOCAL
aaa authentication http console CISCO-ACS LOCAL
aaa authorization command CISCO-ACS LOCAL
aaa accounting enable console CISCO-ACS
aaa accounting serial console CISCO-ACS
aaa accounting ssh console CISCO-ACS
aaa accounting command CISCO-ACS
ACS config (Group Level)
Privilege level 15
Read/write command authorisation set
ThanksUnfortunately that is not possible as ASA does not support Exec Authorization.
Regards,
~JG
Do rate helpful posts -
ACS 4.2 license key location
I am installing ACS on another server but I do not have the original license key, is there a way to find the license from the old ACS.
The old ACS is not functioning, none of the services will start, I cannot use the web front end, so it would have to be something not through the ACS management interface.Yup, that is right. ACS Windows doesn't require any kind of license/ serial number/ key. Once you have the ACS installation kit for windows, you simply need to install it on supported Microsoft platform, it won't ask for any key or license.
If services were running fine and not starting then you may check few things:
1.] Please ensure that ACS logging level is not set to FULL.
2.] You might have applied some latest windows update.
3.] Please ensure your ACS installation directory is exclusded from AV Scanning.
Csadmin is actually responsible for ACS GUI interface. If that's not running, we can access the ACS via web interface.
Have you tried reloading the server?
Jatin Katyal
- Do rate helpful posts - -
Password change from SSH in Cisco Secure ACS 4.1
I am using cisco ACS for windows Release 4.1(1) Build 23 Patch 5.
I have enable password aging for 30 days. after 30 days it is prompting me to change the password while i telnet to any client. it is working fine.\
Recently we have disabled telnet in all network devices and using ssh instead of telnet.
Am not able to change the password from putty. same if i connect through the telnet it is prompting to change the password.
Because of this i am not able to access any network devices after 30 days.
Suggestions will be greatly appreciated.
Thanks in advance.Went through this painful exercise a couple
weeks ago. You need to use the IOS 12.4
K9 image on the routers because password change
only supports on ssh version 2. See example
below:
[Expert@P1-NGx]# ssh -2 -l ngx1 192.168.15.248
[email protected]'s password:
Password change request
Enter [email protected]'s old password:
Enter [email protected]'s new password:
Retype [email protected]'s new password:
C3640>sh ver
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Tue 06-Mar-07 20:25 by prod_rel_team
ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
C3640 uptime is 1 week, 5 days, 13 hours, 5 minutes
System returned to ROM by reload at 03:18:41 UTC Fri Nov 28 2008
System restarted at 03:20:58 UTC Fri Nov 28 2008
System image file is "flash:c3640-jk9o3s-mz.124-13a.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 3640 (R4700) processor (revision 0x00) with 98304K/32768K bytes of memory.
Processor board ID 24829119
R4700 CPU at 100MHz, Implementation 33, Rev 1.0
2 FastEthernet interfaces
4 Serial interfaces
1 HSSI interface
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
C3640>
Easy right? -
I'm sitting here on hold, and the staff at Adobe (or the outsourced help overseas..take your pick) can't seem to deliver me the proper serial number to upgrade from Studio MX 2004 (Macromedia) to ACS Web Premium. I've never experience such an enormous ball drop in tech support. Has anyone else had a problem with this. The serial on file with my account, for some reason, isn't working for the upgrade path.
If someone from Adobe is reading this; it's ridiculous, the fact that your support team isn't versed in the CS4 upgrade path's installation troubleshooting.
I've recorded my entire call with Adobe, and it's laced with incompetent service.
Yes, I'm super frustrated. Can someone, please shed some light on this for me?
ThanksDave,
>if someone from Adobe is reading this; it's ridiculous, the fact that your support team isn't versed in the CS4 upgrade path's installation troubleshooting.
Unfortunately, for the most part, you're speaking with your peers, endusers like yourself.
I suggest that you insist on speaking with a Stateside supervisor as there is nothing we can do other than offer our sympathy. I'd guess that the best times to call are probably midweek and early morning.
Neil -
Asa cmd authorization using acs
Hi all, i was trying to authorize the asa with acs 3.2 on priv lvl 7 using tacacs+,but the users were geting priv-lvl 15 only..
aaa-server aaa_serv protocol tacacs+
aaa-server aaa_serv host 10.0.0.10
key cisco123
aaa authentication serial console tac_serv
aaa authentication telnet console tac_serv
aaa authentication enable console tac_serv
aaa authorization command tac_serv
i had brought some commands also in priv 7 using privilege commandm but the problem is that when i try to login i am geting priv-lvl 15 only not 7.i had set in acs also in tacacs+ seting to assign priv lvl=7 only to the users .. but dnt knw why it is nt wrking ..ASA does not have any authorization exec command so Priv Level does not work with ASA.
Max privilege(enable attrib. in ACS)works with ASA.
But if you implementing command authorization with ASA no need to configure max priv levels, let them all fall on priv level 15 and control access through command authorization.
2 main commands required for command authorization are
aaa authentication enable console tac_serv (this is because we do not have authorization exec in ASA so enable authentication is required for command auth to work)
aaa authorization command tac_serv
Maybe you are looking for
-
How to upgrade to Vista from Windows XP Pro on system preloaded with Vista Business?
I have a new T61p preloaded with "Genuine Windows Vista Business downgrade to Windows XP Professional" and had it shipped with the Windows XP Pro downgrade. Where can I can find the procedure to "upgrade" back to Vista if/when I decide to do so? I w
-
Varible for Information Broadcasting Schedule (send Workbook with E-mail)
FYI: I set a broadcasting schedule to send workbook with e-mail. The pre-calculated server was set already. My problem is that I want the value in selection-screen to be dynamic. e.g. I want the date (variable for 0CALDAY) to be filled with value of
-
Google Voice Search app stopped working
Anyone else seeing this problem: Google Voice Search stopped working. The new Google app that allows voice recognition searches starts up then ends and sends me back to home screen. It was working fine yesterday. Everything else works. Shame it was p
-
What add-ons do I need on my new Macbook Pro?
My MacBook Pro was recently stolen so therefore I will be needing a new one very soon. I just graduated from college with a Digital Filmmaking major and a Marketing minor. I hope to break into the film/tv/commercial industry soon, obviously with an e
-
ODBC & Access on different computer
Hi I've got a slightly annoying problem. I have an access database, which is read by a vi which I have created. This works perfectly on my laptop. However I have then moved the database and vi over to another PC. I have created a new dsn linked to th