ACS 3.3 Group Mapping Error with External Microsoft Server

Unanswered Question
Oct 15th, 2007


I have ACS 3.3 installed on Windows 2003 server with latest service packs. Users who wish to login to network devices has to be authenticated via windows credentials. So i have integrated ACS with Microsoft.

I need to create another group, but its not happening. Giving error interms of windows.

Can someone please suggest?

I have created 1 group.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jagdeep Gambhir Tue, 10/16/2007 - 05:33


What is the error message ? Is it failed to enumerate group ?

If that is the case then it seems that account running acs service do not have spl priv like

act as a part of OS and login as service.



Please rate helpful posts

acharyr123 Tue, 10/16/2007 - 19:56

Hi Gambhir,

Thanks for ur reply.

I have created 1 group successfully. It is working fine.

But whnever i try to create a new group then only i find this eror mesage "Windows Enumarate Group Failed".

Is it related to special privilege level isue???

Jagdeep Gambhir Wed, 10/17/2007 - 16:35


"Failed to enumerate windows groups"

Please check for the following:

If each domain's FQDN is listed as a DNS suffix in the IP properties of the server on which ACS is installed and you will also need to make sure that the ACS services have read permissions on the domain to be queried

You check this by going into the properties dialog for the NIC and clicking the Properties

button for TCP/IP, then the Advanced button, and then the DNS tab. Make sure the radio

button is in "Append these DNS suffixes (in order)" and make sure that the FQDN of the

domain in question is listed in the box.



Please rate helpful posts


This Discussion