08-20-2007 09:08 AM - edited 03-10-2019 03:20 PM
Hi there,
I was wondering if this has happened to anyone here. I have a Windows 2000 Server running ACSv3.2 - Once every 4 months ACS will fail to authenticate all the wireless users that have Active Directory accounts. Auth-Failure code: ?External DB account Restriction ?it seems that once I rebooted the server everything comes back to normal. Has anyone experienced this issue? Do I need to update to the latest ACS version?
Thank you in advance.
08-20-2007 09:21 AM
First of all I would suggest you to upgrade acs to 3.3.3 or .4 as the code you have has many issues and vulnerabilities.
When auth stops , what is the status of acs servives ? , running or stopped ? I would like to see msinfo32 to find out if any unsupported software is there.
Regards,
~Jg
08-27-2007 07:42 AM
Hi,
I have experienced the exact same problem.
Here's the Cisco bug that identifies this problem.
CSCsd52574 Bug Details
Symptom:
When machine authentication (EAP-FAST/MS_CHAP) is attempted after
ACS has lost and then regained connectivity to the global catalog
server, authentication may fail and the following message may be
generated in the auth.log file:
MachineSPNToSAM: __DsCrackNames failed auth.log
In an environment where there is more than one global catalog server
for the domain, ACS will not search for the "secondary" catalog server
if the "primary" goes down.
Condition:
ACS is installed on a domain member server.
Workaround:
Re-start csauth.exe.
Hope this helps
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: