External DB not operational

Unanswered Question
Jul 29th, 2010

We are moving from a Novell to a Microsoft AD environment.  The Domain controllers are running 2008.  Running ACS 4.2 on a ACS SE appliance.  So, we need to have a Windows remote agent.  We have the unknown user policy active and we have some group mappings that will map our AD groups to ACS groups.  When we create those mappings, we can see all of the groups in our Doamin, so we know that the Windows remote agent is working and ACS can see the domain.  However, when we try to authenticate, it fails and ACS reports the error External DB not operational.  Well, I know its operational because when I configure a group mapping, it sees the AD groups.

Any help is appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
darpotter Tue, 08/03/2010 - 01:03

This is an issue for the TAC to look at... they'll ask you to use the Support page to generate a package.cab file.

Before you do this, set system logging to max then see if you can replicate the problem - the logs collected in the cab file will then contain as much debug info as possible. If you wanted to look yourself the cab file holds loads of logs of which one is the CSAuth service log file - open and search for "external" and you should find all related logged events.

Good luck

jlhainy Tue, 08/03/2010 - 06:07

Already on it.  TAC stated that 2008 R2, which I am running is not yet supported, but hope to have a patch out in a month to fix that.  This is for the ACS 5.x platform as well as 4.2.

So, I am going to look into the possibility of doing a secure LDAP connection and if that doesn't work, I will just wait for the patch.

Thanks for the response!

sherifjoseph Mon, 08/30/2010 - 05:15

Hi All,

currently we are getting connection between ACS 4.2 with our external AD 2003, but users are not authenticated using the same username and password and by checking the ACS logs we found "Internal Error".

anyone can help us to identify what kind of this error?

Thanks,

SG

Actions

This Discussion