ACS Server

Unanswered Question
Aug 29th, 2007


I have been having a weird issue with my ACS server. Clients that are configured for our wireless cannot login. We have internal laptops to auth. by machine name. This way anyone in our domain can log into the laptop. Once in awhile the user receive a "domain cannot be found" msg. We watch the authentication process with an analyzer and can tell authentication is not taking place. We reboot the ACS server and everything works. Has anyone seen this or know what is going on.....or where to look?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Wed, 08/29/2007 - 15:08


I would suggest you to check the debugs on the AP and that will let us know why auth is not taking place.

debug radius

debug aaa authentication

What is the acs software ver ? and is it a acs appliance or acs windows ?

Also when auth stops check the status of acs service if it is up or stopped.



tmcgrath24 Wed, 08/29/2007 - 15:33


thanks for the quick response!

The version is 4.0, it is a windows 2003 server. The acs service is running at the time. If we plug the laptop in with a cable, log in, the wireless connects. The clients wirless if managed by windows and starts up during the startup process. (It happens on 30 laptops and clears when the server is rebooted)I monitor the ap's through our controllers (4400) and their is nothing indicating and issues at the time. After the reboot things work fine for awhile, then I get a call stating they can't get on, reboot and it's fine. In the reports log under failed authentication I do notice this "EAP-TLS or PEAP authentication failed during SSL handshake" for the several of the users we were testing with at the time of the issue.

Jagdeep Gambhir Thu, 08/30/2007 - 06:43

The error " EAP-TLS or PEAP authentication failed during SSL handshake " is mainly because of certificates issue . Either certificate on ACS got corrupted or expired OR Client is not able to validate root certificate with ACS.

Make sure that certificate installed on ACS was generated with key length of 1024.

Please also install this patch and you will see the improvement.




This Discussion



Trending Topics - Security & Network