ACS - Invalid Administration Connection

Unanswered Question
Feb 22nd, 2010

I'm having a problem logging on to my ACS gui, I get the message above. No changes have been made to my system or the ACS since it was working last week. It's not that I am coming from an invalid IP address, as we have not set this to filter by IP. Nor is it that we use a proxy server.


I have tried other browsers but that also doesn't work.


Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
codflanglers Mon, 02/22/2010 - 05:23

Is it possible to 'reset' the access via the CLI? There doesn't appear to be many options available.

jjwaite Tue, 02/23/2010 - 16:46

I have exactly the same Problem !!!    (Version : 5.1.0.44)


I can Console and SSH with multiple local admin users - but no matter who i try - no HTTPS access....

jrabinow Tue, 02/23/2010 - 23:30

For issue on 5.1,I suggest you try the following commands from the CLI to see if they can help:


acs-config (then login with ACS administrator username and password)

access-setting accept-all     /// opens up all IPs for web access


If this still doesn't work can also try the following command:

reset-management-interface-certificate


BTW, before you saw this problem did you make any changes to access settings (

System Administration > ... > Administrators > Settings > Access) or the server certificate assigned for management access
codflanglers Wed, 02/24/2010 - 01:14

From our point of view, no changes were made to the ACS prior to us seeing this. It literally worked on Friday, then come in on Monday and it came up with that error.


Is there a way to reset access using the CLI via the console?

jjwaite Tue, 04/06/2010 - 20:40

OK , for me is was a classic noob mistake - wrong password.....


The GUI passwords and the CLI passwords are in now way linked at any level !


but , this works http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/command/reference/CLIappA.html#wp1208469


A command in the CLI to reset the GUI ACSAdmin user's password to 'default' (as in the word default , not some bizard default value)

Michael Tan Tue, 04/06/2010 - 19:48

We are facing same issue on version 4.1.


We got it to work temporarily by clearing the IE and Java cache and then restarting the ACS service. I dont know which one really fixed the issue for us. But problem reoccured and now nothing we've done before fixes it. I guest we just got lucky the first time.


Anyone have any workaround or solutions for this?

Michael Tan Tue, 04/06/2010 - 20:04

Ok we have found the culprit.


We are using proxy here but we turn it off when we need to access the ACS. Used to work but now is giving us the Invalid Administration Connection error. We run debug on the Java console and found that the java applet is still using the proxy.


We go to Control Panel> Java >Network settings. Default value is to use the brwser settings. So what we did is to change Java Network settings to Direct Connection then restart the browser. Walah! now we are able to access ACS GUI.


Hope this helps.

Actions

This Discussion