ACS 4.2 strange behaviour

Answered Question
Jun 28th, 2009
User Badges:

· After fresh install, all appears to be working, usernames work without domain qualification (domain\username), can log in with all accounts

· After an attempt to login with a pre-existing AD username, authentication fails, correct password or not

· Authentication continues to fail (fail code: Internal Error), even after restarting the tacacs service, with all usernames, except for those that have been used to log into the ACS server with domain qualification!?!

· No amount of restarts / configuration tweaks can return to “fresh install” operation

Correct Answer by darpotter about 7 years 11 months ago

This definitely sounds like a bug - anytime you see "internal error" or "unknown error" in failed attempts its an un-handled error.


You'll prob need to set logging detail level to max then do so testing and then open a tac case. The csauth log (auth.log) will be key as there will be diagnostic data from the windows external authenticator dll.


Its is an appliance you'll need to run the support option to generate a package.cab to get the log - s/w you can copy right off.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
darpotter Mon, 06/29/2009 - 01:05
User Badges:
  • Silver, 250 points or more

This definitely sounds like a bug - anytime you see "internal error" or "unknown error" in failed attempts its an un-handled error.


You'll prob need to set logging detail level to max then do so testing and then open a tac case. The csauth log (auth.log) will be key as there will be diagnostic data from the windows external authenticator dll.


Its is an appliance you'll need to run the support option to generate a package.cab to get the log - s/w you can copy right off.

cmanager Tue, 06/30/2009 - 20:07
User Badges:

You are right - it was a bug. After hunting down the latest patch (not easy!) this problem has been resolved. Thanks!

Actions

This Discussion