Question on ACS SE Windows agents set up

Unanswered Question
Jun 15th, 2009


I have 2 ACS SE boxes set up. One is the master, the other gets a copy of the DB via replication and is located in a different geographical area. I want failover for authentication and have installed the Windows agent on a server in the same network as the primary SE box and same for the secondary.

When I set up the agent that is on the network of the secondary, I set the ConfigproviderHost to be the secondary ACS SE box address. I'm wondering if this is accurate now since the agent does not show up with Windows Authentication but only Windows Logging when both were selected at install.

No changes were made to csagent.ini directly.

Should I point the windows agent on the secondary ACS SE's network to the Primary ACS SE's address for the "ConfigProviderHost"? I would like failover for the agents as well, if possible.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bm_5789 Wed, 07/15/2009 - 17:01


I just read your post and would like to know where do you get the "windows agent" from. I also have two acs se boxes and we have just started to move to a domain and active directory. Information about how to use AD for authentication is hard to find.

I am running 4.0 on the acs se.

Thanks for any info you can offer.

Jagdeep Gambhir Thu, 07/16/2009 - 10:18


There is no need to make any change in the ini file. Remote agent will cater both appliance. Now why windows authentication does not show up needs to be troubleshooted.

Make sure that software ver of both ACS and remote agent is same. Try to reinstall that remote agent and see if that fix it.

Else need to check if any firewall is blocking the port between secondary site RA and primary ACS.

The computer running ACS Remote Agent for Windows must be able to ping the ACS Solution Engines that it supports.

•Gateway devices must permit traffic between the computer running ACS Remote Agent for Windows and the ACS SE. Specifically, the remote agent must receive TCP communication on TCP ports that you configure in CSAgent.ini. The default TCP ports, if all services are used, are 2004, 2005, 2006, and 2007. The appliance must receive TCP communication on TCP port 2003.



Do rate helpful posts


This Discussion