ACS 4.2 strange behaviour

Answered Question
Jun 28th, 2009

· After fresh install, all appears to be working, usernames work without domain qualification (domain\username), can log in with all accounts

· After an attempt to login with a pre-existing AD username, authentication fails, correct password or not

· Authentication continues to fail (fail code: Internal Error), even after restarting the tacacs service, with all usernames, except for those that have been used to log into the ACS server with domain qualification!?!

· No amount of restarts / configuration tweaks can return to “fresh install” operation

I have this problem too.
0 votes
Correct Answer by darpotter about 7 years 6 months ago

This definitely sounds like a bug - anytime you see "internal error" or "unknown error" in failed attempts its an un-handled error.

You'll prob need to set logging detail level to max then do so testing and then open a tac case. The csauth log (auth.log) will be key as there will be diagnostic data from the windows external authenticator dll.

Its is an appliance you'll need to run the support option to generate a package.cab to get the log - s/w you can copy right off.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
darpotter Mon, 06/29/2009 - 01:05

This definitely sounds like a bug - anytime you see "internal error" or "unknown error" in failed attempts its an un-handled error.

You'll prob need to set logging detail level to max then do so testing and then open a tac case. The csauth log (auth.log) will be key as there will be diagnostic data from the windows external authenticator dll.

Its is an appliance you'll need to run the support option to generate a package.cab to get the log - s/w you can copy right off.

cmanager Tue, 06/30/2009 - 20:07

You are right - it was a bug. After hunting down the latest patch (not easy!) this problem has been resolved. Thanks!

Actions

This Discussion