Key in ACS magically changing on its own?

Unanswered Question
Mar 25th, 2010
User Badges:

We are still running ACS v3. in several infrastructures mixed with 1111s, 1112s and 1113s.  I know, we are out of support.  We have some of our upgrades in hand and will be starting soon.  We have almost 40 of these appliances in 5 different infrastructures around the world so we have a lot of work to do .  Until then, we are dealing with a nagging problem and wondered if there was an explanation or solution.  Unfortunately the infrastructure that sees this problem the most cannot be upgraded just yet.

Periodically, the key in a client entry changes, causing authentication failures.  Because we have many AAA clients that include possibly 100s of IPs, the failures can be widespread.  The key almost always changes to this:


From testing, it appears that one cause is using Firefox when making edits.  We know that browser is not supported so we are not using it.  I suspected IE8 was causing it too, but I have been unsuccessful in proving that.  Those of us making edits are using IE6.

Does anyone know what could be causing this?  

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Javier Henderson Thu, 03/25/2010 - 09:40
User Badges:
  • Cisco Employee,

We have seen this problem before, usually tracked to a combination of browser/java version in use, and sometimes due to database corruption.

mmletzko Thu, 03/25/2010 - 11:03
User Badges:

I don't suppose you have any documented combinations that you know cause this problem, do you?  While its not too difficult to determine browsers that can cause this problem, its a bit more difficult when Java is included as a variable.

I've seen this in multiple ACS infrastructures, so I'm inclined to think (or hope), that its not due to db corruption, athough I definitely would not dismiss that as an option.  DB corruption seems to be a common occurance in ACS v3.x with the db being registry-based.

Has this problem been seen in ACS v4.2?  We are getting ready to upgrade to v4.2 and was hoping that would help.



This Discussion