Installing Certificates on ACS 3.3 for Windows

Similar Messages

• CA and Certificate Issue in ACS 4.0 For Windows 2003 Enterprise Server

  Hi,
  I have configured Microsoft CA server on the same ACS 4.0 for Windows 2003 enterprise server which was configured earlier using the self generated certificates for EAP and PEAP authentications.
  After I change the certificate from self generated to the new CA certificate that can be viewed under install ACS certificate option on ACS server but having the following problems
  1. SSL is not functioning while internet browser access to the ACS server and going through http instead of https.
  2. Wireless clients are authenticated successfully even after the certificate is uninstalled.
  Any help on these problems will be appreciated.
  Thanks
  Best Regards,
  Ahmed

  Hi Rohit,
  Thanks for reminding the HTTPS option under Administration Control on ACS.
  I have some doubts pertaining to installation of certificates on Wireless clients though it is optional for Self Generated Certificates but what in case of Mirosoft CA as I tested wireless client authentications even after removing the certificate from microsoft supplicant WindowsXP SP2 having installed the patch KB885453 for PEAP. How the certificate on wireless client works.
  Is it mandatory or optional to keep certificate on Wireless Clients as they could able to get authenticated through ACS after removing the certificate.
  Thanks
  Best Regards,
  Ahmed

• ACS 3.2 for Windows and MS Windows AD Directory Integration Problem

  Dear all,
  We have some issues while integrating Windows AD with ACS 3.2 for Windows.Currently we have done the following:
  1. Installed ACS 3.2 for Windows on Windows 2003 Enterprise with SP1
  2. ACS and Domain Controller are configured on the same server
  Checked and verified the following configurations
  1. created a domain user "csacs" selected Act as a part of operating system and log on as a service enabled for this user.
  2. Enabled all the CS services to log on as a user csacs.
  But I noticed CS services are not respdonding and gives the error as "Could not able to start the service with service specific error ..." while trying to start services manually on ACS.
  Kindly help me through this integration part
  An easy and handy Step wise procedure on configuring integration of AD with ACS 3.2 on both Domain Controller and on Member server will be of great help.
  Thanks
  Kind Regards,
  Ahmed

  I have no issues running Cisco ACS version 3.2 on Windows
  Server 2003 with SP2:
  1) create user test1 in MS Active Directory and put test1
  in users group with dial-in access granted,
  3) Create a group called "LDAP". Actually I renamed
  group name "group 1" to "LDAP".
  3) in ACS external user database configuration, I specified
  domain "CCIE" as for this. unknow user policy is to use
  Windows Database configuration,
  4) Configure the database configuration in ACS to point
  to "CCIE" windows domain,
  5) setup the ACS to authenticate one of your Cisco devices
  and log in using the MS windows account,
  By the way, mgurwara, you are wrong. I run Cisco
  ACS 3.2 on windows 2003 Enterprise Edition with Service
  Pack 2. I am running it on a Dell Optiplex Gx240
  (1.7 GHz with 512MB of RAM) and it is running fine.
  I use it to manage about 20 cisco devices and
  about 200 Wireless LEAP user(s). Furthermore, I am also
  running ACS 4.1 on another identical hardware. It has
  nothing to do with the hardware. I don't know where
  you get that information from.

• Advice for Buying Cisco Secure ACS 3.3 for Windows

  Just need advice on what other things I NEED to order apart from the Windows server when I want to iplement ACS and I want to use CISCO SECURE ACS 3.3 FOR WINDOWS
  Hope someone will help

  Hi,
  This is all what you require:
  Supported Operating System
  Cisco Secure ACS for Windows Servers 3.3 supports the Windows operating systems listed below. Both the operating system and the service pack must be English-language versions.
  •Windows 2000 Server, with Service Pack 4 installed
  •Windows 2000 Advanced Server, with the following conditions:
  –with Service Pack 4 installed
  –without features specific to Windows 2000 Advanced Server enabled
  •Windows Server 2003, Enterprise Edition
  •Windows Server 2003, Standard Edition
  Note The following restrictions apply to support for Microsoft Windows operating systems:
  •We have not tested and cannot support the multi-processor feature of any supported operating system.
  •We cannot support Microsoft clustering service on any supported operating system.
  •Windows 2000 Datacenter Server is not a supported operating system.
  Please refer to the following link for more information:
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/win33sdt.htm
  Thanx & Regards

• TS5376 I'm having a problem with downloading and installing the new version of itunes for windows (11.1.4)  I have done everything the troubleshooting article has said and it is still not working properly.

  'm having a problem with downloading and installing the new version of itunes for windows (11.1.4)  I have done everything the troubleshooting article has said and it is still not working properly.  I have even done a repair to see if that works and it has not.  Has anyone else found a new way to get it working?

  Try Troubleshooting issues with iTunes for Windows updates.
  tt2

• I have installed the latest version of iTunes for Windows 8 but when I try to open it, it says Windows has an error and I simply can't open it any longer.  Any help is appreciated!

  I have installed the latest version of iTunes for Windows 8 but when I try to open it, it says Windows has an error and I simply can't open it any longer.  Any help is appreciated!

  Hey socestlavie,
  Thanks for the question. I understand you are experiencing issues with iTunes for Windows. The following resource may help to resolve your issue:
  iTunes for Windows Vista, Windows 7, or Windows 8: Fix unexpected quits or launch issues
  http://support.apple.com/kb/TS1717
  Thanks,
  Matt M.

• Cannot install Boot Camp 3.2 upgrade for Windows 7 64 bit

  I recently installed Windows 7 64 bit on my macbook. I also installed Boot Camp 3.0.1 after Windows 7 installation, however, WiFi did not work. Therefore, I needed to upgrade to the latest Boot Camp 3.2. However, when I tried to install Boot Camp 3.2 upgrade for Windows 7 74 bit, I got an error message saying that I needed Boot Camp 3.1 installed first. I CANNOT find Boot Camp 3.1 upgrade for Windows 7 64 bit on Apple website at all. Can someone please help me on this? Is there a way to get the complete Boot Camp 3.2 package that can simply be installed on version 3.0.1??

  here is the link to bootcamp 3.1 for windows 7 64 bit http://support.apple.com/kb/DL1336 .. and no there is no package that can be applied to the windows side to go from 3.0.1 to 3.2

• Can Not  installed latest iTunes 10.5.2 for Windows XP

  To System support,
  I am having trouble installed latest iTunes 10.5.2 for Windows XP. When I start install the exe file, I got an error message:
  “There is problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.”
  Could someone tell me why I can’t install iTunes 10.5.2?
  I even fellow the trouble shooting from iTunes page by uninstall the older version of iTunes. Now I can’t even link my iPhone or iPad now. Please advise me on what is missing in my computer for costing this issue. Thanks for all your supports.
  My computer inf:
  System:
  Microsoft Windows XP
  Professional
  Version 2002
  Service Pack 3
  Computer:
  Intell(R) Core 2 Duo CPU
  T7500 @ 2.20GHz
  2.19 GHz, 1.50 GB of RAM

  “There is problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.”
  Perhaps let's first try updating your Apple Software Update.
  Launch Apple Software Update ("Start > All Programs > Apple Software Update"). Does it launch and offer you a newer version of Apple Software Update? If so, choose to install just that update to Apple Software Update. (Deselect any other software offered at the same time.)
  If the ASU update goes through okay, try another iTunes install. Does it go through without the errors this time?

• Windows 7  64 bit will not install itunes..it tries to install and keeps telling quick time for windows did not properly install  any help?

  windows 7  64 bit will not install itunes..it tries to install and keeps telling quick time for windows did not properly install  any help?

  Hi Tamekia,
  I am sorry to hear nothing has worked yet. I have looked up some additional information and possible solutions. Follow the steps in this document to perform a level-three uninstall, register the Windows Installer Service, and then reinstall the HP software. An uninstall and reinstall of the software deletes and overwrites any of the files that might cause the error and resets the Windows Installer. HP recommends that you download the latest software from the HP Web site to remove any files that might be causing this error.
  Level-three uninstall, and register the Windows Installer Service
  Note: The title of this document is not specific to the issue you are experiencing or the operating system you have, but the 3 steps and instructions are what I suggest we do to resolve the issue you are experiencing.
  Hope this helps.
  Please click the Thumbs up icon below to thank me for responding.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Please click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution.
  Sunshyn2005 - I work on behalf of HP

• CiscoSecure ACS v2.4 for Windows NT Upgrade

  We still have two ancient instances of CiscoSecure ACS v2.4 for Windows NT running on our network. ACS1 (primary) and ACS2 (secondary). I would like to upgrade these, not only because of how old they are but because of an issue trying to replicate the user and group database from ACS1 to ACS2. When trying to replicate the user and group database the logs say it's successful but the databases don't match. ACS2 is missing some of the users that are in ACS1. I have successfully replicated the interface database. But for whatever reason, the user and group database will not replicate.
  First, is there any other way I can get the user and group database copied from ACS1 to ACS2? Other than using the built in database replication tool?
  Second, is there any way I can get these upgraded? I read that the recommended upgrade path is 2.4->2.6->3.0->3.2. But Cisco no longer has version 2.6 available for download. I really would like to upgrade rather than starting from scratch.
  Thanks!

  ACS 2.4 - wow! That hasn't been sold for over 11 years. (reference)
  Think about it - would you want to try to upgrade Windows 98 to Windows 7? That's about an equivalent span of software product timeline.
  The current product is so different that even if you could upgrade it would not be advisable to do so. While painful, it would be much better option to make a clean break with the old and move onto a current platform (e.g ACS 5.3).

• Does Oracle (installed in unix) support OS Auth for Windows AD?

  Hi, I've tried setup the Oracle (installed in Windows) support OS Auth for Windows AD.
  But does Oracle (currently I am using 9i) installed in Unix support OS Auth for Windows AD (using LDAP/ Kerberos / etc.)?
  If yes, can anyone tell me how to make it ?
  Thanks!

  Yes.. Oracle support Windows AD authentication using Enterprise User security.
  Please contact me on following if you need more details
  Email: [email protected]
  Ph. 732 404 8364
  We are planning to have EUS presentation for our clients. Please let me know if you are interested to know more on EUS.
  Regards,
  Nishi, CISSP CISA

• Self Generated certificate validity issue in ACS 4.0 for Windows

  Hi,
  Is there any solution to extend the validity time of self generated certificate on ACS, by default the validity is set for one year.
  As the server certificate on one of the ACS which is CA has expired and need to renew it.
  Is it possible only one certificate from third party can be used both as a server certificate and certificate from CA for other ACS servers.
  Thanks in Advance
  Regards,
  Ahmed

  Other solution would be to create an in house(Microsoft probably) CA, and get a certificate for your ACS server. Go through the installation steps of Microsoft CA before, as the validity date for Server Certificate(i guess) is configured during initial install of CA.
  Regards,
  Prem

• Certificate issues in ACS 4.0 for Windows

  Hi,
  One of the ACS is configured as CA using third party Certificate, But the server certificate on ACS was self generated and is expired.
  I tried using the same third party certificate to replace the existing expired server certificate on ACS both by generating CSR on ACS and install new certificate using local storage and read from file options but failed.It gives the following error while using CSR generated private key
  "private key doesnt fit for this certificate"
  Next assuming that the installed third party certificate with its own private key can be used to install certificate from the storage gives the following error:
  "Cannot get the private key from certificate. It's absent or not marked as exportable"
  Again assuming that third party certificate has multi server/seat licences.
  Any solution to this issue will be of great help.
  Thanks
  Regards,
  Ahmed

  Re-installing the certificate may resolve this issue.
  Install CA Certificate on your Appliance
  ===============================
  A. Go to System Configuration > ACS Certificate Setup > ACS Certification Authority
  Setup
  B. Click "Download CA certificate file"
  C. Type the IP address or hostname of the FTP server in the FTP Server field
  D. Type a valid username that Cisco Secure ACS can use to access the FTP server in the
  Login field
  E. Type the above user's password in the Password field
  F. Type the relative path from the FTP server root directory to the directory containing
  the CA certificate file in the Remote FTP Directory field
  G. Type the name of the CA certificate file in the Remote FTP File Name field
  H. Click Submit
  I. Verify the filename in the field and click Submit
  J. Restart the ACS services in System Configuration > Service Control

• CA certificate issue in ACS 4.0 for Windows

  Hi,
  How to generate lost private key .pvk file on ACS which is also configured as CA Server, As I would like to register all the available ACS's Servers to CA Server using the same certificate from CA Server. Need a step wise procedure on obtaining certificate from ACS CA server.
  your kind response will be of great help.
  Thanks in advance
  Best Regards,
  Ahmed

  Windows Server 2003 with SP1, Enterprise Edition, is used so that auto-enrollment of user and workstation certificates for EAP-TLS authentication can be configured. This is described in the EAP-TLS Authentication section of this document. Certificate auto-enrollment and auto-renewal make it easier to deploy certificates and improve security by automatically expiring and renewing certificates.

• ACS 4.2 For Windows DB Replication

  Hi Folks.
  I have a pair of ACS for windows 4,2 and we also have a few mappings (ACS Group --> AD Group)
  The replication process was configured and it replicates all the seetings, but the Group Mappings.
  Is this the way it's supposed to be or it should replicate the group mappings as well?
  Best regards,
  AL

  The following items cannot be replicated:
  •IP pool definitions (for more information, see About IP Pools Server).
  •ACS certificate and private key files.
  •Unknown user group mapping configuration.
  •Dynamically-mapped users.
  •Settings on the ACS Service Management page in the System Configuration section.
  •RDBMS Synchronization settings.
  User guide
  http://www.ciscosystems.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/SCAdv.html#wp756078
  Regards,
  Jatin
  Do rate helpful posts-