cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2004
Views
15
Helpful
9
Replies

CSUtil failed

rgolcher
Level 1
Level 1

I upgraded the ACS from 4.0 to 4.1 and suddenly the scripts that I use for management stopped working.

I could solve all the issues except for 1:

D:\>net stop csauth

The CSAuth servce is stopping.

The CSAuth servce was stopped successfully.

D:>csutil.exe ?u

Can not initialize SchemeLayer

What is that error?

What can I do to solve it?

It doesn?t come up at Cisco.com

Thanks

9 Replies 9

Premdeep Banga
Level 7
Level 7

Hi,

Please log in as a Local Administrator on that system where ACS is installed.

Then execute the CSutil.

this happens if account with which you are logged in doesn't have sufficient privileges.

As you have mentioned that you upgraded the server version from 4.0 to 4.1, if you made services to start with some specific account, after upgrade we need to re-do that.

Also, it could also be due to application of some windows patches that you might have applied.

But in most cases logging as Administrator on that system and running CSUtil wont give you this issue.

Do that and share the result.

Regards,

Prem

Hi,

I am logged as administrator with the same error and base on the server administrator it is fully patch.

and yes the same error.

Hi,

Then this is what I would suggest you.

From ACS GUI, System Configuration > ACS Backup > Backup Now. ( 2 or 3 backups)

Make sure that you are able to get the backups from GUI.

Place these backups in a safe location, probably some other drive.

- Uninstall the current ACS version. (Would suggest to run "Clean.exe", that under \ACS Utilities\Support\Clean)

- Completely log off from the system

- Log back in, using Local Administrative rights

- Install the same ACS version and restore the backup from ACS GUI,

System Configuration > ACS Restore > Select both components > Restore.

Try this and let me know.

Regards,

Prem

Hi,

I uninstalled with the clean.exe, but when I tried to installed again it send this errors:

Error at V:\ismg_israel_acs\Acs\Cryto\init.cpp line 195, CryptAcquireContext Failed (System Error 0x8009000f)

Error at V:\ismg_israel_acs\Acs\Cryto\init.cpp line 94, crypto Initialise CryptoAPI failed

Could not open Crypto container

Hi,

As we are getting error during installation "Error at V:\ismg_israel_acs\Acs\Crypto\init.cpp" please try this,

You need to locate the old CryptoAPI container used by ACS which may still be on the system. This is normally located in

C:\Documents and Settings\\Application\Data\Microsoft\Crypto\RSA.

There will be one or more files there will very long hexdecimal file names. You need to identify the right one.

Open a Command Prompt in that folder and type

"findstr /I CiscoSecure *.*" - the filename that appears should be the old ACS container.

Delete that file.

If that doesn't resolve the issue, then unfortunately we may need to re-image the system, that has helped to resolve this issue.

Regards,

Prem

Hi,

Thanks for your help, deleting the cryptoAPI works just great and reinstalling the ACS solved the CSUtil app

thanks again

Hi Roger,

Glad to know that it worked!

Please mark this thread as resolved, so that others can benefit from it.

Thanks,

Prem

In actuality this is the solution to the csutil issue without doing the installation.

I found if you change the local admin account password that attempts to run the csutil command, it would stop working as indicated. Cisco's solution is to either reinstall ACS as stated above, or run csutil as the domain admin account. The domain admin account is very protected within a large enterprise, and is not an option; reinstalling ACS every 90 days when the passwords are required to change is not an option either.

I found that removing these crypto key files whenever the password of the account that is running csutil is changed solved the problem as they get regenerated when you run csutil.

I hope this helps someone as it took a long time for us to figure this out.

Regards,

Brian

Great, that solved my issue every 90 days

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: