Error ACS 5-4-0-46-3
Hi friend:
Some times my web broser show me an error message in ACS 5.4
could you help me ?
I had attached the picture.
Best regard,
Marco
Upon pressing F5 user notifies with alert "F5 is disabled" along with following reasons(as separate alert you attached)
CSCuf93782 ACS 5.4 F5 or Refresh causes window freeze
I would suggest not to refresh ACS pages using F5 but by clicking again on a specific url/menu.
Jatin Katyal
- Do rate helpful posts -
Similar Messages
-
ACS Server: External Authentication configuration error
Hi ALL
I have installed the ACS server and configure properly and it works fine.
But whenever i restart the machine, following error message appears on the external database configuration wizard.
External Authentication Configuration Error
ACS has encountered a problem while attempting to process your request. This could be due to one of the following:
An incorrect installation or configuration of the third-party DLLs required to support this External Database
A corrupt ACS configuration
So after i found this error, i just restart all the seven services and every things works fine.
I always encountered the same error message after restarting the machine each time.
Can any body recomend the solution or can help me to resolve the issue.
ThanksHi,
Please try the following workaround.
1. Go to Start > Programs > Administrative Tools > Services.
2. Stop the following services in the following order.
CSAuth
CSDbSync
CSLog
CSMon
CSRadius
CSTacacs
CSAdmin
3. After stopping the following services, start them all again in the following order.
CSAdmin
CSAuth
CSDbSync
CSLog
CSMon
CSRadius
CSTacacs
Please let me know if this was able to help.
If the above doesn't help, please reinstall the ACS as the dll files that are being used
by the ACS have been corrupted, before uninstalling and reinstalling, do take a
backup of ACS server database from System Configuration > ACS backup > Backup Now.
Also make sure that the ACS is installed on the default drive.
tnx
somishra -
Hi All
My customer is having a strange issue with his ACS.
the current error is as follows
ShellProfile,12/03/2012,13:18:26:709,ERROR,3058101152,NIL-CONTEXT,DeviceAttrFactory::createAttrValue with marker
= *,DeviceAttrFactory.cpp:29
Also when he tries to create show run he gets the following error however, the config does get created.
% Error: acs manifest has no TAC information
before I run to the TAC, has anyone experienced this, i was not able to find anything on the net, not even spam link
Absolutely 0
thanks in advance
lancellotAamir,
I'm sure you've got this resolved still adding my inputs in case someone else facing the same issue.
The reason why you're seeing this error message
22043 Current Identity Store does not support the authentication method
because LDAP doesn't support PEAP-MSCHAPv2. It only supports PAP in non-EAP requests and EAP-TLS, EAP-GTC and PEAP-GTC in EAP requests.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide
/eap_pap_phase.html#wp1014889
If you can't change the EAP flavor in your network, then you can migrate to Active directory as it supports peap-mschapv2.
~BR
Jatin Katyal
**Do rate helpful posts** -
ACS 4.1 replication error
Hi netPro,
when i start the replication that's an error ,
ACS Internal Database Replication Errors
Number Error
1 'User and Group Database' and 'Group Database' cannot be replicated together
what does it means ?
thanks.
regards,
JackHi Jack,
Under database replication components, either select "user and group database" or "group database only"..You can't have both selected, as first option include the other..
regards
Hamid -
ACS 4.2 replication issue
We recently upgraded to ACS 4.2. All works perfectly except for replication. I now receive an error
ACS Internal Database Replication Errors
1.To disable receiving of EAP-FAST replication component, "EAP-FAST master server" must be enabled on "Global Authentication Setup" page
We are not using EAP-FAST and it doen't appear to be enabled. EAP-FAST is not checked to replicate.I looked at that when I first got the issue. It saya that the server is Master. If I tick the box nothing changes and when I go back to that "Global Authentication" page the box is no longer ticked. The issue is the same on both the Primary Server and the Backup Server.
-
Yesterday we had two ACS 4.0 servers installed on Windows 2000 Domain Controllers that were working great. ACS1 was the primary server and replication was configured to send to ACS2. ACS2 replication was configured to receive from ACS1.
We lost ACS2 yesterday so I installed ACS 4 on a 2003 Domain Controller (ACS3). I installed ACS3, went into network configuration and added ACS1 as an AAA server.
I then logged onto ACS1 and added ACS3 as an AAA server and configured ACS3 as a replication partner.
It is not replicating - if I look at the log I get
ERROR, ACS 'ACS3' has denied replication request
I do not have the primary as a replication on the secondary.
I have some screen shots of the configuration from ACS2 and I've duplicated everything I've could (except for name and IP).
Any ideas on what I can try next?I had what seems to be the same issue.
In my case I have two ACS SE 1113 appliances, but the issue could still be the same with your Windows servers.
The appliance has two NIC's - I had both of the NIC's connected. Although the appliance only allows you to use the Primary NIC (the bottom one) ACS still detected the Secondary NIC and creates an additional "AAA Server" entry under the "Network Configuration" tab called "self". You should only have one "self" entry in your AAA Server list, not two.
Unfortunately I couldn't find a way to undo this. So I disconnected the Secondary NIC (the top one) and used the recovery CD to reload both of my ACS devices. Now everything works just fine.
- Nate -
ACS 'SERVER has denied replication request
Trying to replicate 2 ACS servers and I get the follwing error.
ACS 'Server' has denied replication request
10/30/2007 22:09:49 INFO Outbound replication cycle completed
10/30/2007 22:09:49 ERROR ACS 'Server' has denied replication request
10/30/2007 22:09:48 INFO Outbound replication cycle starting...
ANY HELP out there this late please?Further adding to somishra suggestion,
) Make sure that you are not replicating over NAT. Replication over NAT does not work
because the IP is used as part of the server authentication
2) Next, check to make sure that you are not sending or receiving the distribution table.
On the primary server, the distribution table should not be checked in the send list, and
on the secondary, the distribution table should not be checked for receive.
3) Then I would like you to check in the secondary server's partner list, to make sure
that the primary is not listed. You should not enter the primary server into the partner
list on the secondary server. However, the primary server should have all secondary
servers listed in its partner list.
4) Ensure that the secondary server has it's replication scheduling set to "manual".
5) Please verify that your servers are all running exactly the same ACS version and build.
6) Also let me know if we have any firewall in between two acs servers.
Regards,
~JG -
802.1x and MS IAS and Nortel IP phone
hi,
i have setup 802.1x MS IAS. All seems to work fine when i am using a plain pc connection to switch but the moment IP phone is involved i start facing issues.
I am using cisco 3750 switch with version 12.2(25)SEB4
dhcp server is on windows which is on a different network i.e. 10.50.1.9
dhcp relay agent is defined on firewall subinterces
All works when phone is not involved. BTW i am using Nortel IP phone
when the phone is plugged and cable is throug the phone, i provide the user name and credentials and also when i say show vlan on switch i can see i am aprt of corrent vlan but i do not get an ip address.
This is the error i get on switch when is said debug radius:
pls find two attachments of debug dot1x events and radius.
pls help
Regards
AIHi Adil,
I'm testing with a Catalyst 3560 running IOS version 12.2(44)SE2.
I have a Nortel-LG IP phone which does not have 802.1x supplicant.
I tried configuring MDA on the switchport and use MAB to authenticate the phone.
My questions:
1. In the ACS, I created a group for the IP phone and specify "device-traffic-class=voice" as the cisco-av-pair. Is this what I should be doing for a non-Cisco phone?
2. I know the phone's MAC address is 00-40-5A-17-C6-30. I created a user 00405a17c630 (password is also 00405a17c630) and assign it to the IP phone group I created above. Is this correct?
My testing wasn't successful. I got the following output:
Switch#sh dot1x int f0/48 de
Dot1x Info for FastEthernet0/48
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = MULTI_DOMAIN
Violation Mode = PROTECT
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
Mac-Auth-Bypass = Enabled
Inactivity Timeout = None
Guest-Vlan = 999
Dot1x Authenticator Client List
Domain = UNKNOWN
Supplicant = 0040.5a17.c630
Auth SM State = AUTHENTICATING
Auth BEND SM State = REQUEST
Port Status = UNAUTHORIZED
Authentication Method = Dot1x
Domain = UNKNOWN
Port Status = UNAUTHORIZED
My switch config is as follows:
aaa new-model
aaa authentication dot1x default group radius
dot1x system-auth-control
radius-server host 1.1.1.1 auth-port 1645 acct-port 1646 key cisco123
radius-server source-ports 1645-1646
radius-server vsa send authentication
interface FastEthernet0/48
description *** 802.1x Test Port ***
switchport access vlan 70
switchport mode access
switchport voice vlan 71
no snmp trap link-status
dot1x mac-auth-bypass
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-domain
dot1x violation-mode protect
dot1x guest-vlan 999
spanning-tree portfast
In the ACS' Failed Attempts logs, I saw entries for:
User-Name = 00405a17c630
Group-Name = IP_Phone_Test_Group
Caller-ID = 00-40-5A-17-C6-30
Authen-Failure-Code = Internal error
ACS version is 4.1.
what am I missing? Please advise.
Thank you.
B.Rgds,
Lim TS -
Replication overwrites the AAA servers table in the secondary server
Hi,
I've configured two ACS servers with replication but i noticed that when the replication takes place it overwrites the AAA servers table configured in the network configuration of the secondary server and that makes the next replication to fail because the two servers have the same configuration of AAA servers, if i uncheck the "Network Configuration Device tables" and the "Network Access Profiles" from the "Database Replication Setup" wich includes the AAA servers table I also missed the replication of the new network devices that are added in the master server.
Do you know how can i exclude only the AAA servers table from the replication??
Other thing is that I configured the Outbound replication as "Automatically triggered cascade", I'm not sure if this means that at the exactly moment that there is a change on the primary server it will replicate it to the secondary???? because if that is the case it is not doing it.
Thanks in advance for your helpHi,
I understand, thanks alot for making that clear!.
I now have another situation and i was wondering if you can help me, i made some changes in the AAA servers trying to solve this situation but i wasn't able to, so i leave again the servers in the same way that they were configured by the time the replication was working but now it is not, in the master server i get this message:
ERROR ACS 'LACSLVBCDVAS007' has denied replication request
and in the second server i get this:
ERROR Inbound database replication from ACS 'lacslvbcpvas011' denied - shared secret mismatch
I've checked the same key configured for both and are the same, i've deleted the AAA servers and the configure them again, restart the services but the problem remains, dou you have any idea what this could be??
Thanks in advance for your help.
Best Regards, -
RDBMS Synchronization with a .CSV file
Good morning. I am trying to create a testable .csv file that I can import into our ACS on a prescheduled basis.
Here are my questions about this process:
1. Do I need to use the PASS_Expire action or is there a STOP_DATE? I have looked at the codes and didn't really see one.
2. Is there a way that I can extract a copy of the dump.txt or get my actual database exported to a different system?
3. What are the group's recommendations on synchronization? Are there some lesson's learned I should look out for?
Thanks
Dwanecan you help me add vendor UDV and attributs to ACS.
I tried it it showing me UDV, but getting a error RDBMS report for one attribut.
when v3 is integer
Error: ACS 'ACS_A1' Action failed [SI=6 A=352 UN="" GN="" AI="" VN="Login-Service" V1="2011" V2="10" V3="integer"] Reason: UDV VSA error - User Defined Vendor/VSA operation failed (VSA name not unique)
when v3 is string
Error: ACS 'rdevid-4eafe3cf' Action failed [SI=6 A=352 UN="" GN="" AI="" VN="Login-Service" V1="2011" V2="7" V3="string"] Reason: UDV VSA error - User Defined Vendor/VSA operation failed (VSA name not unique)
actually i am doing it for H3c.dct it is for 3com.
Below is the file which i used.
SequenceId,Priority,UserName,GroupName,Action,ValueName,Value1,Value2,Value3,DateTime,MessageNo,ComputerNames,AppId,Status
1,0,,,350,3COM-H3C,AUTO_ASSIGN_SLOT,2011,,,,,,0
2,0,,,352,h3c-User-Access-Level,2011,26,integer,,,,,0
3,0,,,352,Administrator,2011,3,string,,,,,0
4,0,,,352,Manager-(write),2011,2,string,,,,,0
5,0,,,352,Monitor-(read),2011,1,string,,,,,0
6,0,,,352,Login-Service,2011,5,string,,,,,0
7,0,,,352,SSH,2011,50,string,,,,,0
8,0,,,352,Terminal,2011,52,string,,,,,0
9,0,,,353,,2011,221,IN OUT,,,,,0
10,0,,,355,,,,,,,,,0
Also please let me know how can delete the UDV if i want to. i tried procedure mentioned in user guide but failed. -
ACS 5.3 - Error when changing Device group or Location
I am trying to move a device from the Default location to a sub group and get the following message when I try (either with IE or Firefox)
This System Failure occurred: Index : 0, Size: 0. Your changes have not been saved. Click OK to return to the list page.
it also gives me the same error if I try and change the Device type from default to a sub group. I'm sure I could do this previously. The ACS build is (VMWARE install):
Cisco Application Deployment Engine OS Release: 1.2
ADE-OS Build Version: 1.2.0.228
ADE-OS System Architecture: i386
Copyright (c) 2005-2009 by Cisco Systems, Inc.
All rights reserved.
Hostname: ACS1
Version information of installed applications
Cisco ACS VERSION INFORMATION
Version : 5.3.0.40
Internal Build ID : B.839
I'm suspecting it a read/write issue with the database or a database corruption. Can anyone enlighten me on how to fix it please ?
I have stopped and started the application acs via the console and show application status acs has the following to say about itself.
ACS1/admin# show application status acs
ACS role: PRIMARY
Process 'database' running
Process 'management' running
Process 'runtime' running
Process 'view-database' running
Process 'view-jobmanager' running
Process 'view-alertmanager' running
Process 'view-collector' running
Process 'view-logprocessor' running
MelDoes this happen to small number of network devices or the whole set
If the former then I found the following CDETS
CSCtw59271 Random Network Device corruption after upgrade from ACS 5.2 to 5.3
Which includes the following workaround
Symptom 1: Delete and re-add the AAA client
Symptom 2:Modify the TACACS+ shared secret of the Network Device, re-enter the same key and save the Network device.
>>>> Use case where TACACS+ was used
There are some important fixes related to upgrade issues in patch 5 and later for ACS 5.3. While these do not relate to NDs I do recommend installing this patch -
ACS 5.3 incremental backup error
Hi ,
I have ACS 5.3 that recently having problems with the incremental backup.
The error is : on demand back failed
and the details is: SQL Anywhere backup utility connection error: insufficient system resources- failed to allocate a SYSV semphorenull .
I mean come on.... and I did not find this error on cisco website.
The ADE.log file is not showing errors/details related to this. Atttached are the files showing the errors
Have anyone faced this problem before? Ideas? Anything?
Regards,
GeorgeHi George:
with 5.3 I experienced many issues including the incremental backup does not work. whenever I set it to "ON" next time the scheduled backup comes It fails and set itself back to "Off'. I did not get same message you get though.
I finally did two things:
- upgraded to latest patch.
- moved the log collector from the primary to the secondary.
Now things are fine for about 1 month without issues.
Regarding your issue, I think it could be related to resource issue as mentioned in the message.
What is the current DB size that you have?
Note that the message is misleading (messages I got with my ACS are the same) because they mention incremental backup in the message title and then say on-demand full backup failed!
So, you have to specify yourself if the issue with the incremental backup or the full backup?
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
"24427 Access to Active Directory failed" error in ACS 5.1
Hello,
I'm working on implementing a RADIUS authentication for wireless access with the following :
- PCs running Windows 7, protocol used is PEAP (without validating the server certificate to make it simple at first),
- AP 1252 configured to use a RADIUS server to authenticate (it's working good with an ACS server 4.2),
- ACS Server 5.1.0.44.5 running as VM connected to an AD domain and working good with VPN connections,
- AD domain running on Windows 2003 Server.
My ACS VM is working good since a couple of months for VPN (RADIUS) and administration (TACACS) remote access, both using Active Directory. Now, I'd like to use it to authenticate people connecting to a 1252 Cisco access point but I'm getting this error "24427 Access to Active Directory failed". I switched from PEAP to LEAP but this is the same.
All I can get running the expert troubleshoot
Investigating failure code: 24427 Access to Active Directory failed
Checking if Active Directory is configured
Active Directory is configured
Attempting connection to Active Directory
Connection to Active Directory was successful.
Troubleshooting completed.
Click on Show Results Summary to view results.
I followed this guide, at least for the ACS certificate section :
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml
Anyone has an idea where the problem may come from?
Thanks in advance,
Vincenthey there, I ran into the same issue with 5.3 and it turned out being this bug. i came across your post looking for instructions on retrieving the logs. thanks mate.
link
Problem: Error "24495 Active Directory servers are not available"
Authentication starts failing with this error: 24495 Active Directory servers are not available. in the ACS 5.3 logs.
Solution
Check the ACSADAgent.log file through the CLI of the ACS 5.x for messages such as:Mar 11 00:06:06 xlpacs01 adclient[30401]: INFO base.bind.healing Lost connection to xxxxxxxx. Running in disconnected mode: unlatch. If you see the Running in disconnected mode: unlatch error message, this means the ACS 5.3 cannot maintain a stable connection with Active Directory. The workaround is to either switch to LDAP or downgrade the ACS to 5.2 version. Refer to Cisco bug ID CSCtx71254 (registered customers only) for more information. -
ACS 5 : 24463 Internal error in the ACS Active Directory
I am configuring ACS 5.
I have group in AD created. There is 2 users in the group. Usera are from different OUs.
One user get authenticated.
The other failing to get trough authentication with following error:
24463 Internal error in the ACS Active Directory
Could anybody help?
P.S. I have something to add.
It works for some users and does not for others. I have created new user and it worked.
So it looks it is sometjing in user properties of groups it belongs to.This is Bug
CSCsx94072 -
I'm using ACS V4.2 to authenticate wireless users using EAP-TLS. I get the following error message in my logs for some users. Anyone have any idea what it means?
AUTH 02/16/2009 11:10:16 I 2310 2008 0x277 External DB [NTAuthenDLL.dll]: Insufficient space for all of user [email protected] certificates
AUTH 02/16/2009 11:10:16 I 2355 2008 0x277 External DB [NTAuthenDLL.dll]: User '[email protected]' was found [ADS]This isn't supposed to be an error message, but rather an informational message.
Do you see any Failed authentication attempts when this message showed
up?
Maybe you are looking for
-
Cracked macbook pro screen repair
Accidentally stepped on my 13" macbook pro that was on the floor and it cracked the right side of my screen, how much would it cost to repair/replace?
-
Itunes will not open in xp pro
I am trying to install Itunes on a new computer everything looks ok until I get a message itunes encountered a problem and needs to close I have removed and reinstalled ihave turned off all firewalls and spyware stuff and i still can't get it to work
-
Polygonal Lasso Tool problem report
Hi, After I have updated my MAC OS X Mavericks this morning my Polygonal Lasso tool started to work funny, it jumps and auto closes, I can't use it anymore. Before that I never had any problem with the polygonal lasso tool and was able to cut any sha
-
Adobe DNG Converter 7.4
I downloaded Adobe DNG Converter 7.4 to upgrade Elements 10 to accept RAW files from my Nikon D7100 but it won't. The reason given is: The file format is damaged or is in a format that cannot be included in Elements Organizer. It does accept jpg file
-
Hi, I am very new to all of this and have some really cool ideas for my website. anyhow, I have come across a number of problems. Firstly, from having no idea what so ever, I downloaded an example page from adobe. Tried to replicate the bulk of it, w