ACS User Database Can't List Active Users

joefrank1 · ‎04-01-2008

After I create a new user in the local ACS 4.1 database I am not able to edit or view that user information. When I select "list all users" it replies there are no users matching my search.

But, when I look in groups, it shows there is 1 user in the group. When I click on list users, it tells me it "cannot read the users for this group."

Any thoughts? Creating local ACS users is a straightforward process, so I thought.

Thanks,

Joe

owillins · ‎04-07-2008

Use this User Guide for Cisco Secure Access Control Server 4.1 User Databases

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/UsrDb.html

Andy Robinson · ‎04-22-2008

I think I am having the same problem with a customer ACS 1113 appliance at the moment running 4.1.23 Patch 5. It appears that the problem is with listing newly created users only, as users created before the customer was aware of the problem show up when I use list all users. I have created a local test user account on the ACS which I was able to edit after creating it by typing in the name and doing add/edit, which is not much use if you cannot remember the user account name :). I have also been able to access TACACS authenticated devices with this account so it appears that it has been added to the database ok. The user just does not show up when I try to list all users on the ACS. I am thinking that this is a bug with the ACS software.

Has anyone else seen this problem?

Cheers

Andy

joefrank1 · ‎04-22-2008

Andy,

You are correct. I upgraded from 4.1.22 to 4.1.24 and I had the issue. My upgrade path was not supported, I had to first go to 4.1.23 before upgrading.

Once I did this, with the help from TAC, everything worked fine. It is definitely a software "glitch".

Joe

Andy Robinson · ‎04-23-2008

Thanks Joe,

This confirms my suspicion that this is the by-product of a failed upgrade to 4.1.4 that the customer attempted several months ago. Against advice they managed to rollback after the upgrade hung as opposed to recovering the appliance.

Cheers

Andy

georges.merhej · ‎06-18-2008

Hello,

I cannot find the 4.1.1.24 on the link: http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

I'm facing the same issue and I cannot find the upgrade.

Many thanks,

Georges

akemp · ‎06-18-2008

Of course you can't , you have to ask TAC to publish it for you.

k.abillama · ‎11-11-2008

Hi andy, i'm facing the same issue with ACS 4.1.1.23(patch5). The customer also tried unsuccessfully to upgrade to 4.1.4.

Also, on console access i get the login prompt but when entering credentials i get no output anymore! As if the console is hanging do u know how the tac resolved this issue? i wanted to reimage, is there any other solution?

Andy Robinson · ‎11-12-2008

Hi Karim,

After exhausting all other options I opened a TAC case. The TAC engineer dealing with the call eventually escalated through to the development team after being unable to find a fix. The eventual recommendation from Cisco was to backup and re-image the appliance after it was proved to be a software corruption issue and not a database problem on the ACS. Be warned that the built in backup facility on the ACS does not backup the logs so you will need to make a seperate provision for this.

We did have another customer reporting problems with the console hanging after a patch upgrade. Not sure what the outcome of this was but one of my collegues did find a couple of bugs that may have be applicable. CSCs52381 & CSCsc90467

Hope that helps

Andy

k.abillama · ‎11-13-2008

thx a lot! I already opened a tac case since recovery isn't working, console is hanging, recover image that the tac sent me didn't work also, I am in big trouble and the project is in Southern Sudan woooow:)

thx anyways