remote agent on windows 2003 domain controller and acs 4.1

Unanswered Question
Aug 30th, 2007

i have a acs appliance configured with a remote agent on a windows 2003 domain controller. I have followed the install guide and setup the permissions and accounts in AD. On the ACS the remote agent shows up and connected. When i try to authenticate a client via the ACS, authentications fails and the log show external database not responding, any troublshooting help would be good. Also if the external database fails will it look to the local database for the login credentials.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Thu, 08/30/2007 - 13:35


Please make sure that account running remote agent should have special priv , act as a part of operating system and logon as server. Also make sure that remote agent ver is same as acs appliance. To check it go to cmd prompt

C:\Program Files\Cisco\CiscoSecure ACS Agent and issue command csagent.exe -v

On acs please set the logging level to full,

System Configuration --> Service Control --> Level of detail - Full At this point, we need to duplicate the issue.

Once this is done get the Cswinagent logs from remote agent. To get these log you need to browse to C:\Program Files\Cisco\CiscoSecure ACS Agent\CSWinAgent\Logs.



littledavewhite Fri, 08/31/2007 - 10:35


i have managed to get the thing working, i think it was dns not configured properly on the domain controller, also i ran the saagent in debug mode, when in debug mode it failed to authenticate anybody i could see the failures on the screen, now when i reboot the server and have dns set correctly it all seems to work ok, is there any issues with debug on the csagent causing the auth to fail?

Jagdeep Gambhir Sat, 09/01/2007 - 20:39


Yes, there was in 3.x, where you get error Windows authentication FAILED (error 1300L) , while running RA in debug mode.

Nice to know that all is working fine.




This Discussion