I have two ACS server for windows with 4.2 version. My problem is that if the primary ACS server is down, the dynamic users from the windows database in not able to authenticate with secondary ACS server. Please note that if a user added to the ACS , this user can authenticate with windows database. Only the dynamic mapping is not happening with second ACS server.
A fast response will be appreciated.
Does the Unknown User Policy points to the Windows Database in both cases? Are Dynamic Users enabled under the Unknown User Policy?
Are these ACS for Windows Servers or ACS SE with a Remote Agent installed on a AD member Server?
If those are Remote Agents, check the External Database > Windows Configuration > Remote Agent Selection. Is the same Remote Agent selected on both ACS Servers?
Please be aware that if you switch the order of RA it would delete all your Group Mappings.