Unable to authenticate to AD

Unanswered Question
Jul 3rd, 2008
User Badges:


I have a ACS SE running 4.2 and a remote agent also running 4.2, I am using peap authentication and am unable to authenticate to Active directory, I can authenticate using a local account on the ACS, which tells be that the certificate are configured correctly,.

The error message that I am getting on the ACS server is:

Authen session timed out: Challenge not provided by client.

Has anyone come across this problem before and do they know of a solution.

Many Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Thu, 07/03/2008 - 12:11
User Badges:
  • Red, 2250 points or more

Please increase the radius timeout on the AP and share the result. Command to increase the timeout on device

Radius-server timeout .



Do rate helpful posts

krishanmistry Thu, 07/03/2008 - 12:19
User Badges:

Hi jgambir

I have two WiSM blades deployed, I have increase the advanced eap timeout value to 20 seconds and still no luck.


Jagdeep Gambhir Thu, 07/03/2008 - 12:27
User Badges:
  • Red, 2250 points or more

Increase the loggin level to full,

acs--->system configuration---->service control--->.full

Please send cswinagent logs from remote agent after recreating the issue.

You need to go to on server where remote agent is installed.

Here is the location of the logs

C:\Program Files\Cisco\CiscoSecure ACS Agent\CSWinAgent\Logs

krishanmistry Thu, 07/03/2008 - 12:31
User Badges:

Thanks, I will try that first thing tomorrow morning, and will let you know that outcome.

krishanmistry Fri, 07/04/2008 - 08:54
User Badges:

Hi jgambir

I managed to resolve the issue today, it turned out that the customer have two domains running. The Customer is a college and have one domain for students and a second for staff and Admin, when we first start testing we we using a student machine and credentials on the Staff domain.

This leads to my second question, can you use a single ACS to authenticate against two different domains, I personally dont think this will be possible, do you know of a way or do I need a ACS SE per domain.

Many Thanks

Jagdeep Gambhir Fri, 07/04/2008 - 09:05
User Badges:
  • Red, 2250 points or more

It can authenticate with Multiple domain with a condition of having two way trust.

If there is no two way trust then we would need acs in each domain and have proxy configured.


This Discussion