Failed AAA radius server

Unanswered Question
Jul 31st, 2009
User Badges:

Hello,


I have a AAA server configured on my ASA5540 which shows as being in FAILED status right now. The AAA server in question is an ACS 4.2 SE with the remote agent running on a windows server. There was a problem where the RA did loose connectivity with the DC, but that has been resolved. Now if I use the test button within ASDM on the AAA server group page the test auth is successful. However all RADIUS requests from the remote access connections go to the other ACS server in this group. Is my problem because I have Reactivation mode set to 'Depletion' rather than 'Timed'? Is there a way to force the failed server back to active now that my underlining problem has been resolved?


Thanks for any help or suggestions anyone can provide.


Tom

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vmoopeung Thu, 08/06/2009 - 13:36
User Badges:
  • Bronze, 100 points or more

One frequent cause of authentication failure is clock skew. Be sure that the clocks on the PIX or ASA and your authentication server are synchronized.


Pre-authentication on the Active Directory (AD) should be disabled or it can lead to user authentication failure.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008060f261.shtml#steps

Actions

This Discussion