Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2826
Views
0
Helpful
2
Replies

Internal Error ACS SE 4.2

ivan.martin
Level 1
Level 1

‎08-03-2009 04:11 PM - edited ‎03-10-2019 04:37 PM

Hi, I have a ACS SE 4.2, and I try to integrate the ACS SE, with an Active Directory, and Access Point's Cisco, with PEAP MSCHAP V2 in Windows 2003 32 bits, and ACs Remote Agent, but my ACS SE give me logs

It say me: Internal Error, in the logs of fail authentication

My users in the Active Directory can't authenticate in the Database.

Could you tell me, why happened this?,

Maybe i have a trouble in the configuration of my ACS SE,

Coukd you tell me what's the trouble in this case

Thanks

Labels:
0 Helpful
2 Replies 2

Jagdeep Gambhir
Level 10
Level 10

‎08-04-2009 12:05 AM

Ivan,

That seems to be a permission issue. Make sure that service running remote agent has domain admin rights. Also remote agent and appliance should be on same code.

Please refer to this link,

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/remote_agent/rawi.html

Regards,

~JG

Do rate helpful posts

0 Helpful

Robert.N.Barrett_2
Level 4
Level 4

‎08-04-2009 07:06 AM

I agree and disagree with some of what Cisco says, so I'll tell you what works for us:

- Make sure ACS SE and Remote Agent are at the same version and patch level

- Make sure that the ACS SE and Remote Agent can talk over the ports you selected (or defaulted to) at install

- Our Remote Agent is running on the local service account of a computer running Windows Server 2003 that is joined to our domain (we actually have two of these)

- Our ACS SE boxes authenticate using the Cisco-recommended AD domain computer account called "CISCO" (External Databases, Windows Authentication Config)

- Our External Database -> Database Group Mappings -> Windows Database -> /DEFAULT is left at the "All other combinations" setting

- Unknown User Policy is set to check the Windows Database

- If you go into Network Configuration, does your Remote Agent show up with available services (should show a Clipboard and Windows Logo icon in the "Services Available" column)?

- If you select your defined Remote Agent in Network Configuration, does the "Windows Authentication" status show "Yes" in the "Used by this ACS" column?

By the way - ACS SE will report a failed auth to your authentication clients if the Remote Agent service is not running (ie - stops running), therefore your clients will NOT switch over to a backup RADIUS server automatically (if you have a secondary RADIUS server defined). For this reason, I have two different computers (in two different buildings, etc.) running Remote Agent, and I monitor the Remote Agent service on both systems.

0 Helpful
Customers Also Viewed These Support Documents