After software update, users are not longer recognized as members of group

Unanswered Question
Apr 22nd, 2007
User Badges:


Today I updated the software version of our VPN 3060 from "Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.5.A Jul 21 2004 17:54:03" to "Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.7.Q Feb 20 2007 12:24:30".

After the update, users were no longer able to connect. The following error occurs:

547 04/22/2007 18:06:58.030 SEV=4 IKE/60 RPT=22 xx.xx.xx.xx

User ([email protected]) not member of group (Some Group), authentication failed.

This happens even though some moments before the group was found

543 04/22/2007 18:06:53.010 SEV=5 CERT/105 RPT=25

Group [A_VPN_Group] found for cert peer xx.xx.xx.xx by group match rule


The logs of passed authentications at the ACS show:

04/22/2007 18:06:58 Authen OK [email protected] A_Windows_Group xx.xx.xx.xx [email protected] yy.yy.yy.yy[VPNC IP Address]

I don't now what may have happened. Have you got any clues?

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
b.hsu Fri, 04/27/2007 - 05:19
User Badges:
  • Silver, 250 points or more

It may due to Group Attribute configruation in ACS

If the Group Lock feature is enabled on the Group - Tunnel_Group, then the User must be part of Tunnel_Group to connect.

Refer these link:

ciiscte_admin Fri, 04/27/2007 - 05:40
User Badges:

Thanks a lot. We disabled that feature and it all works perfectly again.


This Discussion