Thanks for the response. The protocol mismatch error has been resolved. I changed the protocol to HTTP in the AAA Mode Setup in LMS. The other error messages remain:

TACACS+ Connectivity With ACS Reachable

HTTP/HTTPs Connectivity With ACS Not Reachable

- ACS Admin credentials may be wrongly configured in "AAA Setup Mode".

- IP Filtering may be configured in ACS.

See the "Reports and Activity" -> "Administration Audit" in ACS for more details.

CiscoWorks System Identity User Configuation in ACS Not all privileges assigned

In LMS in the AAA Mode Setup:

I have made sure the ACS Admin Name is the same in LMS and ACS. The same goes for the ACS Admin Password and Shared Secret Key.

I did not check the box to register all installed applications with ACS. I have ACS Administrative Access Protocols. HTTP is the correct protocol.

In ACS there are a multitude of options in the setup for the LMS Admin User, Group and Network Device Group. I have reviewed all of the options and no change has resolved the problem.

Our LMS Admin account fails when it tries to login to ACS.

You must make sure the ACS admin specified in LMS is NOT the appliance admin (if this is an ACS appliance). If you're creating a new admin user (a very good thing to do), make sure you've granted that user ALL RIGHTS under Administration Control.

Also, make sure you have opened up all ports for administration under Administration Control > Access Policy. This isn't strictly required if you're not doing application registration, but you will at least need 10 free TCP ports.

Finally, try logging in directly to ACS via the web with your admin user. Make sure this works.

I have verified the ACS admin in LMS is NOT the appliance admin.

I have verified the HTTP Port Allocation is set to allow any TCP ports to be used for Administration HTTP Access.

I have NOT been able to log into ACS via the web with the LMS admin user. The login fails. But I am able to login to switches with the LMS admin user account and I can go into enable mode also.

Does that narrow down the problem?

Thanks.

It tells me you haven't defined your ACS admin user properly. Please post a screenshot of the user settings for this user from Administration Control > USERNAME.

I just changed the password in Administration Control > Username. Now, I am able to login to ACS via the web browser. We have made progress.

Yesterday, I only changed the password in User Setup and LMS AAA Mode Setup.

The ACS Connection Status in LMS now shows:

TACACS+ Connectivity With ACS Reachable

HTTP/HTTPs Connectivity With ACS Reachable

CiscoWorks System Identity User Configuation in ACS Not all privileges assigned

I was unable to effectively copy a screenshot of my administrator settings in ACS Administration Control, but I assure you that every box is checked except Account Locked. Editable groups shows all our ACS groups and Available groups is empty.

Thanks.

You need to create the System Identity User (found under Common Services > Server > Security > System Identity Setup) as a user in ACS. This user must be in a group which access to ALL tasks for ALL LMS applications. Since yiu are using LMS 2.6, you will need to create a new role for all of your LMS applications (e.g. a Super Admin role) which has all of the task boxes checked. Then, assign that role to each application in the System Identity User's ACS group. Then restart ACS.