Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
3
Replies

Question on ACS SE Windows agents set up

js88888888
Level 1
Level 1

‎06-15-2009 10:21 AM - edited ‎03-10-2019 04:32 PM

Hello,

I have 2 ACS SE boxes set up. One is the master, the other gets a copy of the DB via replication and is located in a different geographical area. I want failover for authentication and have installed the Windows agent on a server in the same network as the primary SE box and same for the secondary.

When I set up the agent that is on the network of the secondary, I set the ConfigproviderHost to be the secondary ACS SE box address. I'm wondering if this is accurate now since the agent does not show up with Windows Authentication but only Windows Logging when both were selected at install.

No changes were made to csagent.ini directly.

Should I point the windows agent on the secondary ACS SE's network to the Primary ACS SE's address for the "ConfigProviderHost"? I would like failover for the agents as well, if possible.

thanks

Labels:
0 Helpful
3 Replies 3

bm_5789
Level 1
Level 1

‎07-15-2009 05:01 PM

Hello,

I just read your post and would like to know where do you get the "windows agent" from. I also have two acs se boxes and we have just started to move to a domain and active directory. Information about how to use AD for authentication is hard to find.

I am running 4.0 on the acs se.

Thanks for any info you can offer.

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to bm_5789

‎07-17-2009 05:57 AM

Hi BM,

Windows agent should be there in the cd you got with the appliance. If you don't have that then open a case with TAC.

Check this link,

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/remote_agent/rawi.html

Regards,

~JG

Do rate helpful posts

0 Helpful

Jagdeep Gambhir
Level 10
Level 10

‎07-16-2009 10:18 AM

JS,

There is no need to make any change in the ini file. Remote agent will cater both appliance. Now why windows authentication does not show up needs to be troubleshooted.

Make sure that software ver of both ACS and remote agent is same. Try to reinstall that remote agent and see if that fix it.

Else need to check if any firewall is blocking the port between secondary site RA and primary ACS.

The computer running ACS Remote Agent for Windows must be able to ping the ACS Solution Engines that it supports.

•Gateway devices must permit traffic between the computer running ACS Remote Agent for Windows and the ACS SE. Specifically, the remote agent must receive TCP communication on TCP ports that you configure in CSAgent.ini. The default TCP ports, if all services are used, are 2004, 2005, 2006, and 2007. The appliance must receive TCP communication on TCP port 2003.

Regards,

~JG

Do rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents