stations do not authenticate, possible bug cscsd52663

Unanswered Question
Nov 27th, 2008

customer have a cisco secure acs release 4.2(0) build 124 patch 5 installed in a windows 2003 under netbios domain "bsbr" (fqdn

stations from this domain have sucess on authentication

users from this domain have sucess on authentication

there is another netbios domain "sac" (fqdn that have trust relationship with domain "bsbr"

users from domain "sac" have sucess on authentication

STATIONS from domain "sac" do NOT have sucess on authentication

a time ago the customer was running the acs version 4.1, were advided to upgrade to version 4.2 because of bug cscsd52663, but after the upgrade the problem still the same

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mbadali Wed, 12/03/2008 - 07:57

Sounds like this may be a cross forest auth issue. Check to see if the two domains are in different forests or the same forest.

Here are some URLs that will guide you through the install process. Ensure that they are followed exactly. There is a requirement to have the ACS services started as a domain admin account. I confirmed with TAC that as long as the account is a domain account with the proper permissions (in the doc) you'll be alright. I'm currently running ACS 4.2 with machine auth working successfully across forests.

Windows Authentication Configuration- Configuring for Member Server Authentication:

Release Notes for Cisco Secure ACS 4.2:

As discussed here is the bug:

CSCsd52663 : Cross forest user/machine authentication does not work


Machine authentication may fail due to "host not found".


ACS is installed on a server that's a member of a domain in Forest 1, while pc's performing machine authentication are members of domains in Forest 2.


Ensure ACS is a member of the same forest as the authenticating PCs.

Version 004.000(001.027)

To be fixed in 004.002

Apply to 004.002(000.105) 004.001(004.013.001)

Integrated in

Verified Release 004.001(004.013.001)


This Discussion