Windows Remote Agent Failover timeout (ACS 4.2)

Similar Messages

• Windows Remote Agent upgrade 4.0 to 4.1

  I have upgraded my Cisco ACS 1113 Engines from 4.0 to 4.1 using an ACS Recovery CD provided by Cisco TAC. I am now in the process of uninstalling the 4.0 remote agent and installing the remote agent on the 4.1 Recovery CD.
  During installation of the Remote Agent the version indicates v1 which is the same as the 4.0 version.
  Is there any difference in the remote agents for 4.0 and 4.1?
  Do I need to download the 4.1 Remote agent separately?
  This is the version of the ACS
  Cisco Secure ACS 4.1.1.23
  Appliance Management Software 4.1.1.23
  Appliance Base Image 4.1.1.4
  CSA build 4.0.1.543.2 (Patch: 4_0_1_543)

  Hi,
  Please ignore that ver 1 that we get during installation.
  Go ahead and install the 4.1 remote agent and check it ver from DOS ,
  On RA computer go to dos and change prompt to
  C:\Program Files\Cisco\CiscoSecure ACS Agent\bin
  Type csagent.exe -v and press Enter
  It will show you the actual ver of remote agent.
  Regards,
  ~JG
  Please rate if that helps

• More than one Windows ACS Remote Agent

  We recently added a second Windows Remote Agent to have Windows authentication service available for our two ACS.
  Agent definition (CSAgent.ini) is correct but in Network Configration - Remote Agent (on each ACS web console) we see that the second Remote Agent is "available" but "not in use" (while the first one is, of course).
  If we stop the CSAgent Service on the first Remote Agent server, we do not see any activity on the second one (auth not working) and service still remains "avilable" but "not in use".
  Then, debugging with csagent.exe -z -p all we can see is something like:
  Debug printing on..
  Logging mode: LOW
  ACSRemoteAgent server starting ==============================
  Running as console application.
  Will listen on port 2004
  Configuration will be fetched from 10.1.1.101:2003
  Agents: CSWinAgent
  CSWinAgent File: ..\bin\CSWinAgent.exe
  CSWinAgent Port: 2005
  1 agents configured
  Permitted CSAgent Clients: 10.1.9.10-11
  Hit Return/Enter to stop...
  Listener activated
  Watchdog activated
  CSWinAgent launched
  Client connecting from 10.1.9.10:4346
  RPC: Info request received
  RPC: Info reply sent
  Client disconnected, thread 944 terminating
  Client connecting from 10.1.9.10:4347
  RPC: Info request received
  RPC: Info reply sent
  Client disconnected, thread 2108 terminating
  Client connecting from 10.1.9.10:4348
  and, in the CSWinAgent log windows we see NO logs at all....
  Where are we wrong???

  You must use ACS Remote Agent for Windows, version 4.0, with ACS Solution Engine, version 4.0. Other releases of Cisco Secure ACS are not supported.
  The following URL may help you:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawi.html#wp300510

• Remote Agent for ACS for Windows 2008 R2 64-bit

  Hi,
  We having difficulties with installing remote agent on windows 2008 R2 64-bit server and got the attached error.
  Our ACS is 4.2.0.124 and remote agents we tried are :Remote-Agent-ACSse-win-v4.2.1.15-K9.zip and Acs-4.2.1.15.9-RA.zip.
  I see following urls says it does not support Windows 2008 R2 and also 64-bit Windows,
  https://supportforums.cisco.com/message/3135061#3135061
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289019
  However following url says its support 2008 R2 with 64-bit version
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Release_Notes/acs421_rn.html
  Appreciate if someone can adivse us what vesion (file name) of Remote Agent can support (or working) for Windows 2008 R2 64-bit.
  thanks in advance

  Hi Tarik,
  What I wanted to say that the below url says that ACS 4.2 does not support on 64-bit OS:
  ACS Requirements
  You must use ACS Remote Agent for Windows, version 4.2, with ACS SE, version 4.2. We do not support other Cisco Secure ACS releases.
  Note ACS Remote Agent 4.2 for Windows does not support 64-bit operating systems.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289019
  However could you please let me know what exact Remote Agent file you recommend to use for windwos 2008 R2 64-bit Server. The ACS SE version that I have is 4.2.0.124.
  Thanks

• ACS appliance 3.2.2.5 Remote Agents for Windows DB disappear

  I have two ACS boxes: one is ACSNT and the other an ACS appliance. Both run 3.2.2.5 and have been in production for quite some time. The ACSNT box is the primary and replicates to the appliance as backup. These units authenticate to three different Windows domains: 2 NT domains and 1 AD.
  Recently I just added support for RSA 6.0 servers. Not wanting to mess with the client install on the ACSNT box, I set it up as a RADIUS token server as you do on the appliance. It works just fine on the ACSNT box. On the appliance, however, my Windows external DB quit working with "external db not operational" messages. I rebuilt the Windows external DB, recreated the group mappings, added the remote agents, etc. Things were working fine. I recreated the RSA config and still the Windows DB was working although the RSA config was not working (still working on that if TAC ever calls me back). A few hours later, I decided to check the Windows DB and it was broken again. I checked it out and the remote agents were somehow deleted. Nothing in the logs show it but they were gone. I recreated them and it worked again. This has happened twice now. Does anybody have any advice? The logs show nothing to indicate a problem on the appliance exists and of course the docs state that there should be no problem with both a RADIUS and Windows DBs living together on the same box. All comments welcome!
  Thanks,
  Rik

  Sorry it took so long to get back...I've been out of the office for a few days.
  I did check the the docs for issues like this but found nothing. The TAC Engineer escalated it and both engineers kept saying my new RSA servers were causing my issues. However, a simple reboot of the box (it is built on Win2K after all...) cleared up all of the strange issues.
  Thanks,
  Rik Guyler

• Test ACS SE / Remote Agents

  We are deploying two new ACS SE's using RA's talking to AD. These will be used for PEAP authentication of wireless users. I was wondering if there is an easy way to test user authentication so that I can verify the Remote Agent is talking properly to our AD (RA is not running on a domain controller)? Our test wireless lan controller is being used for other testing, and I don't want to add the ACS to our production controllers at this point. Basically, I have the ACS SE, the server on which the RA is running, and a workstation that I can use for testing. Any help would be greatly appreciated...

  If you can fetch all AD groups that means RA is able to communicate with DC.
  ACS-->External user db--> Database group mapping--->Windows--->New Configuration--->Highlight your domain name and submit---->Now click on your domain name and ADD Mapping.
  If you see all group that means you are all set.
  Also make sure your remote agent status should say Available and Used by ACS.
  ACS--->Network configuration--->Remote agent.
  Regards,
  ~JG
  Do rate helpful posts

• ACS 4.2 Remote Agent on Server 2008 R2

  Hi,
  We are migrating our domain controllers from 2003 to 2008 R2 and would like to know if the remote agents are compatible to run on 2008 R2.  I've seen release notes that the RA's have been tested on 2008 SP1 but not R2.
  Can anyone advise and/or confirm that the RA's are supported on 2008 R2?
  We are currently running Solution Engine 4.2.1.15 as well as the 4.2.1.15-1 fix.  RA's are the same version.
  Thanks in advance for your help.

  Well, this is a known enhancement bug:
  CSCta35271    Support for Windows server 2008 R2
  Acs 4.2.x doesn't support all newer versions of Windows 2008. It only supports the below listed version. You can also check the release notes.
  Supported Operating Systems section
  --Windows Server 2008, Standard Edition
  --Windows Server 2008, Enterprise Edition
  --Japanese Windows Server 2008, Standard Edition, Service Pack 2
  --Japanese Windows Server 2008, Enterprise Edition, Service Pack 2
  This bug might get fixed in upcoming Release\patches. This is in the pipeline/roadmap and the development team is working on it
  Regds,
  JK
  Do rate helpful posts-

• ACS 4.2 Remote agent compatibility issues.

  I have been doing a bit of reading on the ACS 4.2 remote agent compatibility with Windows 2008 R2, and it seems like the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and I would want someone to confirm that what if I install the Remote agent on a Windows 2003 member server instead of the 2008 R2 DC. Will such a scenario work?
  Feedback is appreciated.
  Regards

  Yes, here is this one which has a bug documented with this information CSCtg37183 :
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg37183
  Extracted from previous link:
  ACS 4.x doesn't support 2008 R2 Server for AD.
  Symptom:
  ACS 4.x does not support authentication to a backend 2008 R2 Active Directory server.
  Conditions:
  ACS 4.x
  Windows Server 2008 R2 installed on Domain Controller
  ACS or remote agent installed on any member server in the environment (even if the server is 2003/2008)
  Workaround:
  Install the ACS or Remote Agent on a 2003/2008 domain controller
  Cisco doesn't support this scenario because sometimes work fine other doesn't work at all, so nobody wants an unstable network right, unfortunately the workaround doesn't help much. Although there is an ACS 5.2 trial version that you can test, let me know so I can get you the links.

• ACS 4.2 Remote agent with WIN server 2008 core Enterprise 64-bit

  I need help to clarify if Cisco ACS 4.2 does support remote agent on Win server 2008 core enterprise 64-bit?? if not supported; is there any work-around solution for this?

  Hi,
  As per the release notes it does support.
  Windows 64-bit Support for Remote Agent:-
  ACS 4.2.1 Remote Agent is supported on the following Windows 64-bit OS:
  •Windows Server 2008, Standard Edition with Service Pack 2
  •Windows Server 2008, Enterprise Edition with Service Pack 2
  •Windows Server 2003, R2, Standard Edition with Service Pack 2
  •Windows Server 2003, R2, Enterprise Edition with Service Pack 2
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Release_Notes/acs421_rn.html#wp1050574
  thanks,
  Vinay

• Is it posible? two ACS 4.2 Appliance with the same remote agent

  Hello,
  I have a ACS 4.2 Appliance integrate with Active Directory, CA and Remote Agent, i want to agregate another ACS 4.2 Appliance with the same configuration, the same Active Directory, CA. my question is: can i configure the another ACS with the same Remote Agent of the first? in other words ...
  i attach the diagram.
  Thank you

  I have a
  ACS 4.2 Appliance integrate with Active Directory, CA and Remote Agent,
  i want to agregate another ACS 4.2 Appliance with the same
  configuration, the same Active Directory, CA. my question is: can i
  configure the another ACS with the same Remote Agent of the first? in
  other words ...i attach the diagram.Thank you
  Hi,
  Maximum number of appliances supported—While a single Cisco Secure ACS Remote Agent can provide services to many Cisco Secure ACS Appliances, support is limited to five concurrent connections by the appliances served. For example, if you have three appliances that are primary Cisco Secure ACSes and three appliances that are secondary Cisco Secure ACSes used for failover purposes only, the remote agent can provide services to all six appliances and stay below the maximum of five concurrent connections.
  http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_installation_and_configuration_guide_chapter09186a0080193aa1.html
  Hope to Help !!
  Ganesh.H
  Remember to rate the helpful post

• ACS appliance and remote agent testing

  Having problems with integrating ACS appliance with Active Directory. Have installed the remote agent on a member server and from the ACS appliance can enumerate the Active Directory groups correctly so there is at least some communication happening.
  Looking at the remote agent logs whenever a request for the AD groups comes through you see corresponding log entrys. When a user tries to authenticate though there are no logs coming through to the remote agent. So maybe it is not being sent to remote agent?
  In the failed authentications log on the ACS the error is unknown user, it does show the correct username + domain as the person trying to authenticate.
  The Windows server is setup for unknown user policy.
  ACS version is 4.1.1.23, Remote Agent is latest version available.
  Any ideas or things to check?

  Hi,
  As per your last line, It seems that ACS and RA ver are not same. Please note that ACS appliance and RA software ver has to be same else it won't work.
  Regards,
  ~JG

• ACS Appliance Remote Agent Problem

  Hi there
  we have te following situation:
  - 2 x ACS SE's
  - 2 x ACS Remote Agents on Member Servers
  - 2 x ASA's
  We would like to authenticate the VPN users connecting to the ASA's via the ACS and the active directory.
  I configured the remote agent following this link:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/rawi.html#wp289426
  But we are not able to fetch the active directory groups in the acs gui --> External User Database > Database Group Mappings > Active Directory > New Configuration.
  On the Domain Controller we get the errors ID 1030 and 1058, had someone these problemes too?
  Thanks in advance and regards
  Dominic

  Hi JG
  We have MS Windows Server 2003 with SP2. At the begining, the service was running as a local admin, then we had access to the AD, but we had some strange issues: after a short time (~1 Day) of zero authentication requests, the first request used about 2 minutes to get back to the ACS.
  We debugged the way from the ACS to the remote agent, it must have been on the server it self.
  Regards
  Dominic

• SCOM Windows agent failover

  Hi experts,
  I need some clarification on resource pool.
  If i configure 500 agents on to one management server1 and keeping another management server2 for HA. If i create a resource pool and add both MS1 and MS2. Does all 500 agent failover to MS2 if MS1 fails. please clarify
  Regards, Pratap

  Hi
  Windows agents do not use resource pools.
  When you push deploy a windows agent from the console, you set its primary management server and it automatically knows of all the other management servers and can fail over to any of them. You can set, via powershell, which MS agents can \ cannot failover
  to but not in the console for push agents.
  Cheers
  Graham
  Regards Graham New System Center 2012 Blog! -
  http://www.systemcentersolutions.co.uk
  View OpsMgr tips and tricks at
  http://systemcentersolutions.wordpress.com/

• Monitoring Microsoft Windows 2008 Active Directory by a remoted Agent

  Oracle documentation (E14542-01) said that for remote Agent monitoring with default settings, Grid Control can monitor only the Active Directory associated with the primary domain controller.
  But for Microsoft Windows 2008 Active Directory primary domain doesn't exist anymore, can we use a remote Agent to monitor Microsoft Windows 2008 Active Directory ?
  Thanks
  Dominik

  Dominik wrote:
  Oracle documentation (E14542-01) said that for remote Agent monitoring with default settings, Grid Control can monitor only the Active Directory associated with the primary domain controller.
  But for Microsoft Windows 2008 Active Directory primary domain doesn't exist anymore, can we use a remote Agent to monitor Microsoft Windows 2008 Active Directory ?I think , you can monitor it . Please check :
  Oracle Enterprise Manager Grid Control Certification Checker [ID 412431.1]
  How to Install the Microsoft Active Directory Plugin for Grid Control R2 [ID 359621.1]
  Regards
  Rajesh

• ACS 3.3 Appliance Remote Agents

  Hi,
  Can I configure Cisco ACS Appliance 3.3 to send logs to different remote agents which are not Cisco, for example Envision appliance.
  Regards,
  Ejaz

  No, because the protocol used between ACS and the RA is proprietary.