Command authorization failed - 'AAA API' detected the 'fatal' condition 'No method could process the authorisation request' % Incomplete command.

we are using CISCO ASR 9006 . and we configured aaa authentication and commit changes after that i am able to login ASR with local user but
no any command execute and get error.
Command authorization failed - 'AAA API' detected the 'fatal' condition 'No method could process the authorisation request'
% Incomplete command.
please help.

Hi Anop
How did you get over this problem? I am having the same issue.
Regards
Rohan

Similar Messages

  • Command authorization failed ACS 5.6

    I have a new ACS 5.6 appliance set up that uses Active Directory authentication.
    I created a shell profile, mapped it to the authorization rule, and then added devices to the system.
    The first device I added was able to use ACS to authenticate and authorize users without any issues. In the ACS logs, it shows me log in and get the shell profile/privileges (15).
    The second device I added authenticates me, but then I get a "command authorization failed" message every time I try to do something. In the ACS logs, it shows me log in (using AD), and get the same shell profile (level 15). Not sure what the problem is.
    Here are the AAA settings on the switch
    aaa authentication login listASH group tacacs+ local
    aaa authentication enable default group tacacs+ enable
    aaa authorization exec listASH group tacacs+ local
    aaa authorization commands 0 default group tacacs+ if-authenticated
    aaa authorization commands 1 default group tacacs+ if-authenticated
    aaa authorization commands 15 default group tacacs+ if-authenticated
    tacacs-server host 10.1.2.212
    tacacs-server timeout 3
    tacacs-server directed-request
    tacacs-server key <key>
    line vty 0 4
    access-class vty-access in
    logging synchronous level all
    login authentication listASH
    transport input ssh
    Network connectivity is fine, and obviously, the key works (because I authenticate). Nevertheless, I cannot get proper authorization.

    Hmm, the config looks correct, especially if it works on one device but fails on the second. Have you tried to issue some debugs and see if you are getting any errors?
    debug aaa authentication
    debug aaa authorization
    debug tacacs authorization
    Also, is there a version of code difference between the two devices? Perhaps you are hitting a bug.
    Thank you for rating helpful posts!

  • AAA -- Int range configuration gives "Command authorization failed" msg.

    Versions involved:
    AAA
    ACS 4.1.4.13.12
    Devices:
    C2960-LANBASE-M, Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)
    C3550-I9Q3L2-M, Version 12.1(14)EA1a, RELEASE SOFTWARE (fc1)
    If we try to configure a single interface or just a very small range, it works fine, but if we try to configure a larger range of interfaces, we get a Command authorization failed message, as can be seen below:
    HOST1184(config)#int range fastEthernet 0/1 - 3
    HOST1184(config-if-range)# switchport access vlan 24
    HOST1184(config-if-range)# switchport mode access
    HOST1184(config-if-range)# switchport voice vlan 301
    HOST1184(config-if-range)# dot1x pae authenticator
    HOST1184(config-if-range)# dot1x port-control auto
    HOST1184(config-if-range)# dot1x timeout reauth-period 7200
    HOST1184(config-if-range)# dot1x timeout supp-timeout 120
    HOST1184(config-if-range)# dot1x max-req 1
    HOST1184(config-if-range)# dot1x max-reauth-req 1
    HOST1184(config-if-range)# dot1x reauthentication
    HOST1184(config-if-range)# dot1x guest-vlan 280
    HOST1184(config-if-range)# spanning-tree portfast
    HOST1184(config-if-range)#!
    OST1184(config-if-range)#end
    HOST1184#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    HOST1184(config)#int range fastEthernet 0/4 - 14
    HOST1184(config-if-range)# switchport access vlan 24
    Command authorization failed.
    Command authorization failed.
    Command authorization failed.
    HOST1184(config-if-range)# switchport mode access
    HOST1184(config-if-range)# switchport voice vlan 301
    HOST1184(config-if-range)# dot1x pae authenticator
    HOST1184(config-if-range)# dot1x port-control auto
    Command authorization failed.
    HOST1184(config-if-range)# dot1x timeout reauth-period 7200
    Command authorization failed.
    HOST1184(config-if-range)# dot1x timeout supp-timeout 120
    Command authorization failed.
    HOST1184(config-if-range)# dot1x max-req 1
    Command authorization failed.
    HOST1184(config-if-range)# dot1x max-reauth-req 1
    Command authorization failed.
    HOST1184(config-if-range)# dot1x reauthentication
    Command authorization failed.
    HOST1184(config-if-range)# dot1x guest-vlan 280
    Command authorization failed.
    HOST1184(config-if-range)# spanning-tree portfast
    Command authorization failed.
    HOST1184(config-if-range)#!
    The pieces of config are as follows:
    aaa new-model
    aaa group server radius dot1x
    server 10.61.156.136 auth-port 1812 acct-port 1813
    aaa authentication login default group tacacs+ enable
    aaa authentication enable default group tacacs+ enable
    aaa authentication dot1x default group dot1x
    aaa authorization config-commands
    aaa authorization exec default group tacacs+ if-authenticated none
    aaa authorization commands 0 default group tacacs+ if-authenticated
    aaa authorization commands 1 default group tacacs+ if-authenticated
    aaa authorization commands 15 default group tacacs+ if-authenticated
    aaa accounting exec default start-stop group tacacs+
    aaa accounting commands 0 default start-stop group tacacs+
    aaa accounting commands 1 default start-stop group tacacs+
    aaa accounting commands 15 default start-stop group tacacs+
    aaa accounting system default start-stop group tacacs+
    enable secret 5 <removed>
    logging 10.142.4.45
    snmp-server community <removed> RO
    snmp-server community <removed> RW
    snmp-server location "SD"
    snmp-server contact contact - [email protected]
    tacacs-server host A.B.C.D timeout 5 key <removed>
    tacacs-server host A.B.C.D timeout 5 key <removed>
    tacacs-server host A.B.C.D timeout 5 key <removed>
    no tacacs-server directed-request
    radius-server host 10.61.156.136 auth-port 1812 acct-port 1813 key 7 096E5C3D4851
    radius-server retransmit 3
    Anyone out there has a solution for such a problem?
    Regards,
    AL

    Hi JG, thanks for your response.
    I don't have the appliance close to me, so I cannot check on this setting.
    As soon as I have a chance, I will return with this info.
    Anyway, why does it work for other devices and also, why we don't have any problem when configuring a small range of interfaces?
    Once again, thanks for your reply.
    Regards,
    AL

  • Command authorization failed

    I have turned on the aaa command authorization without applying adequate privileges to the user. I can now login through that user but the ASA 5510 displays an error :
    ============================
    EUKFW2# show running-config
    ^
    ERROR: % Invalid input detected at '^' marker.
    ERROR: Command authorization failed
    ============================
    I am unable to make any configuration changes on the firewall. Is there any default user through which I can login and disable the aaa authorization ? if not, how can I resolve this situation ?

    No there is no default user. To make him login you need to make changes in the command author set.
    Make one command autho set in acs --->shared profile components.
    add-->give any name "Full access "---> Put radio button to permit and submit.
    Now go to that group-->Under Shell Command Authorization Set---> Choose--->Assign a Shell Command Authorization Set for any network device and select FULL ACCESS from list and submit apply.
    Now it should let you in.
    Caution : This is let that uses to issue all commands
    Find attached the way to set up command authorization.
    Trick here is to give all user prov lvl 15 and then apply command autho set.
    Having Priv lvl 15 does not mean that user will be able to issue all commands. User will only be able to issue commands that you have listed.
    Regards,
    ~JG
    Please rate if helps

  • Exchange Web Services are not currently available for this request because none of the Client Access Servers in the destination site could process the request.

    Hi,
    I am using EWS Java APIs and passing OAuth tokens to fetch data from office 365 mailboxes.
    Because I am developing Web APIs I preferred using "Application Permissions" defined in Azure active directory application for Office 365, and used "client credential flow" OAuth flow to fetch OAuth token specific to application which will
    allow "Have full access via EWS to all mailboxes in the organisation".
    After fetching token with the procedure specified in the document "http://blogs.msdn.com/b/exchangedev/archive/2015/01/21/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx"
    I passed this token to EWS Java APIs,
    it gave me error saying:
    microsoft.exchange.webservices.data.ServiceResponseException: Exchange Web Services are not currently available for this request because none of the Client Access Servers in the destination site could process the request.
    I tried similar thing with EWS managed APIs for .net. Got similar error.
    Can anyone provide some help and direction to resolve this error.
    Thanks & Best Regards,
    Pranjal

    I see you found an answer with the X-AnchorMailbox header on StackOverflow:
    http://stackoverflow.com/questions/29554724/exchange-web-services-are-not-currently-available-for-this-request-because-none

  • I want to edit my raw images on cs5 photoshop.  But when I go to open the .CR2 file it says  '' Could not complete your request because the file appears to be from a camera model which is not supported by the installed version of Camera Raw. Please visit

    I want to edit my raw images on cs5 photoshop.  But when I go to open the .CR2 file it says 
    '' Could not complete your request because the file appears to be from a camera model which is not supported by the installed version of Camera Raw. Please visit the Camera Raw help documentation for additional information.  '' 
    When I go to updates in photoshop help i try to update photoshop and photoshop camera raw but it then says 
    '' Updates could not be applied the error log file may help you in identifying the problem. Then, try updating again. If the problems persist, contact customer support for further assistance. 
    Photoshop Camera Raw 8.7.1(CS6) There was an error installing this update. Please quit and try again later. Error Code: U44M1I216 ''  
    I dont know how to get around this please help

    CR2 files from which Canon camera?
    Supported cameras are listed here
    Camera Raw plug-in | Supported cameras

  • Hi, I m using an iPhone 4 and my yahoo push email was working just fine but for the last few days I am experiencing some problem that is the emails are not getting pushed , I have to manually fetch the mails. So what could be the reason for this....

    Hi, I m using an iPhone 4 and my yahoo push email was working just fine but for the last few days I am experiencing some problem that is the emails are not getting pushed , I have to manually fetch the mails. So what could be the reason for this.....I have set the email setting to "push" mode. Moreover I can't edit the mail server address ....current it's on Yahoo SMTP server

    Will it get rectified and restored...if so after how long. What could be the reason for such outage kindly share,  as I am facing real problem because of this...

  • My early 2011 MBP 13" does not recognize my Sandisk 16GB 45MB/s Extreme Pro SDHC card.  I went to the Genius Bar and we tried it in all the MacBook Pro's in the Apple Store and NONE could recognize the card.  However, iMacs did.  Any suggestions?

    My early 2011 MBP 13" does not recognize my Sandisk 16GB 45MB/s Extreme Pro SDHC card.  I went to the Genius Bar and we tried it in all the MacBook Pro's in the Apple Store and NONE could recognize the card.  However, iMacs did.  Any suggestions?  Genius behind the Bar suggested wait for LION OS X release...

    You really don't need to post multiple times, you will get attention eventually.
    Find the reply here:
    MacBook Pro 13 (MBP 8,1 random restarts)

  • Imported album to itunes library but it will not sync to my ipod, tried with my husbands ipod and the same thing. What could be the problem?

    imported an album to my itunes library, but it won't sync with my ipod classic. I tried it with my husbands ipod also and the same problem. What could be the problem?

    Thank you all for your replies. Here is what i ended up doing. I cannot afford any 3rd party software so i went to itunes and manually entered all my playlists. As I had indicated my purchased music was on my new computer just not the playlists  and I could not sync my ipod. After I rebuilt all my playlists I tried to restore my ipod to factory defaults/new. All of the steps called for in apple support and elsewhere were not available to me. I connected my ipod, went to my computer, right clicked my ipod, and formatted. That wiped my ipod so when I connected to itunes it then gave me a restore option. I did the restore and all is good in the empire again. I can now buy new music and sync my ipod so I am a happy camper.
    Thanks to all.

  • My Lightroom kepps stopping just after being loaded. My Lightroom is 5.4 64 bits installed on a Dell PC with Windows 8.1(upgraded from 8). I have uninstalled Lightroom and re-installed it with the same result. What could be the problem?

    My Lightroom kepps stopping just after being loaded. My Lightroom is 5.4 64 bits installed on a Dell PC with Windows 8.1(upgraded from 8). I have uninstalled Lightroom and re-installed it with the same result. What could be the problem?

    Try resetting your preference file next: http://www.lightroomforums.net/showthread.php?14226-Resetting-(or-Trashing-)-the-Lightroom -Preferences-file
    It survives an uninstall/reinstall.

  • The itunes stores said we could not complete your request an unknown error occured how do i fix this?

    The itunes stores said we could not complete your request an unknown error occured how do i fix this?

    Hi The99reddragon,
    Thanks for visiting Apple Support Communities.
    You may have been affected by this system issue that occured:
    Multiple Services - 10:23 AM - 12:54 PM - Some users were affected
    Users may have been unable to make purchases from the App Store, iTunes Store, Mac App Store, or iBookstore. Users may also have been unable to access iTunes in the Cloud, iTunes Match, or restore purchases from an iCloud backup.
    From Apple Services, Stores, and iCloud.
    If you're still not able to complete your iTunes store purchase or download, see this article for some troubleshooting steps that can help:
    Can't connect to the iTunes Store
    http://support.apple.com/kb/ts1368
    Best,
    Jeremy

  • TS1702 Whenever i click the link for a great app i found, to go to the app-store, the app store reply is " could not complete your request" this happen for every app link that i persue! Need help

    Whenever i click the link for a great app i found, to go to the app-store, the app store reply is " could not complete your request" this happen for every app link that i persue! Need help

    Try signing out of your account and then sign back in and see if that helps.
    Settings>Store>Apple ID. Tap your ID and sign out. Restart the iPad by holding down on the sleep button until the red slider appears and then slide to shut off. To power up hold the sleep button until the Apple logo appears and let go of the button.
    Go back to Settings>Store>Sign in and then try again.

  • If anyone can help i would be hugely grateful, I'm literally pulling my hair out.    I bought the Airport express so i could surf the web and wireless play music through my stereo simultaneously. Can I do this? I've managed to play music wirelessly from m

    If anyone can help i would be hugely grateful, I'm literally pulling my hair out. 
    I bought the Airport express so i could surf the web and wireless play music through my stereo simultaneously. Can I do this? I've managed to play music wirelessly from my macbook to the express/stereo, however i cant surf the web because i can only presume i haven't set up the express to join my sky network.  So therefore the only way to surf the web at the moment is swap wireless devices from express back to my current sky network, then the airplay stops obviously.
    I've tried to join the express to my sky network/netgear router, at face value it looks simple.  The sky network name automatically comes up and then all i have to do is select the correct wireless security which i haven't got a clue which one my sky/netgear router is using, then type in the password which i presume is the network key number on the back of the netgear router?  However its not connecting??  I am doing something wrong?
    Can someone please give me some guidence on how to connect express to my current network?

    and then all i have to do is select the correct wireless security which i haven't got a clue which one my sky/netgear router is using
    Suggest that you ask Sky what type of wireless security that is used on the devices that they provide.
    Once you have that information, you can choose the correct matching setting when you configure the AirPort Express to "join" the Sky wireless network.
    The "password" would be the normal phrase that you use to connect to your wireless network at the present time.

  • AAA issue ( command authorization failed)

    I am getting the issue, and following is the script , cannot find  and locate the cause of error !
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname hexxor
    boot-start-marker
    boot-end-marker
    enable secret 5 $1$Y.Nt$aZ9/2rl2DMbEnSGJVqmln1
    enable password 7 0525112F05411F075231123E
    username hexxor password 7 024D2A103F26243363593D1C2B5C
    aaa new-model
    aaa authentication login T-AUTH group tacacs+ local
    aaa authorization console
    aaa authorization config-commands
    aaa authorization exec T-AUTHOR group tacacs+ if-authenticated
    aaa authorization commands 15 T-AUTHOR group tacacs+ if-authenticated
    aaa accounting exec T-ACC start-stop group tacacs+
    aaa accounting commands 15 T-ACC start-stop group tacacs+
    interface Vlan1
    no ip address
    interface Vlan50
    ip address 128.1.50.54 255.255.255.0
    no ip route-cache
    ip default-gateway 128.1.50.254
    no ip http server
    ip http secure-server
    ip sla enable reaction-alerts
    logging trap debugging
    logging 10.241.40.20
    logging 128.1.50.245
    access-list 1 permit 128.1.50.245
    snmp-server host 10.241.40.27 Armageddon
    snmp-server host 128.1.50.245 Armageddon
    tacacs-server host 10.241.40.22
    tacacs-server host 10.241.40.23
    tacacs-server directed-request
    tacacs-server key 7 020813480E052F2E4D
    line con 0
    exec-timeout 5 0
    password 7 1142374E2332201E2B3D1F210678
    authorization commands 15 T-AUTHOR
    authorization exec T-AUTHOR
    accounting commands 15 T-ACC
    accounting exec T-ACC
    login authentication T-AUTH
    transport preferred none
    line vty 0 4
    exec-timeout 5 0
    password 7 06281801684358174E231727
    authorization commands 15 T-AUTHOR
    authorization exec T-AUTHOR
    accounting commands 15 T-ACC
    accounting exec T-ACC
    login authentication T-AUTH
    transport input telnet
    transport output telnet
    line vty 5 15
    password 7 0228137B2F0B5E2F077A0C35
    end

    Based on what I think I understand in this reply it appears that the problem is caused in the named authorization method of T-AUTHOR. This named method sends an authorization request to the TACACS server. So it appears that the TACACS server is not authorizing the commands that you enter.
    I would suggest this as a first test:
    - login to the device.
    - go into enabl mode.
    - attempt the show run command. (I assume that it will fail)
    - check on the TACACS server. look in the logs for indications of how it processed the request and why it did not authorize it.
    If you want to do a second test to verify the cause of the problem then I would suggest this:
    - remove from the config these lines
    aaa authorization exec T-AUTHOR group tacacs+ if-authenticated
    aaa authorization commands 15 T-AUTHOR group tacacs+ if-authenticated
    then login to the device, go into enable mode, attempt the show run command
    Try one or both of these tests and post back to tell us of the results.
    HTH
    Rick

  • I have converted most of my windows media files to itunes. However I had to close it down about 3 quarters of the way through. It then processed the album art. How can I convert the files that it didn't finish doing the first time? thanks

    Hi there,
    hope you can help me. I helped my sister convert her window media files to itunes and set up an account for her. Unfortunately her computer is really slow and it was really late and we had to turn it off. It processed some of the album art for the files that it had converted. However, some songs were not converted and because there was quite a few left, I don't really know which ones did not get converted as I selected  all of the folders. How do I find out which ones I have left to convert and put the rest of the songs onto itunes for her please? Or are they on the itunes still as they showed up initially on itunes in the list to be converted.
    Thank you!

    You could convert them all again and then dedupe, or use a Windows search to reveal all the WMA files and then try to work out which still need to be converted. If you're lucky iTunes would have processed the imports in alphabetical path order so it would just be a matter of working out where it had got up to...
    tt2

Maybe you are looking for

  • Keynote presentations on Apple TV

    I know I can't use Apple TV to view Keynote presentations ... but I want to. Any ideas on how I might fudge this and make it happen?

  • Cd drivers missing

    CDs are not recognized by ITunes or my computer but DVDs and data CD are fine it will not burn ether giving me an error 4450 on Itunes. I have reinstalled Itunes CD drivers and removed filters but nothing works. I am using Windows Vista home basic on

  • Point-in-polygon query with SDO_GEOMETRY.RELATE

    Hello All, I'm trying to perform a simple point-in-polygon query using SDO_GEOMETRY.RELATE. Only the "anyinteract" mask seems to return the correct answer. Can someone point out what I'm doing wrong and/or suggest a better way to do this. My objectiv

  • How to search ONLY in package names, without descriptions?

    Hello! I would like to know how I can search with pacman only in the package names, without searching descriptions? For example, searching for the rar package (pacman -Ss rar) gives me tons of results with hundreds of packages, where "library" occurs

  • Cannot back up to icloud

    Since upgrading my iphone to iOS 6.0.2 my phone will not back up to the cloud and I keep getting a message that I haven't backed up my phone in 5 weeks.