ACS 4.1 for Windows with Active Directory 2008

Unanswered Question
Sep 27th, 2010

We are still running ACS 4.1 on Window 2003 server.  We recently upgraded AD to 2008 although the domain and forest functional level are still 2003.  After AD upgrade we now unable to authenticate via ACS Windows Database.

Is this an incompatibility issue?  Any info is appreciated.  Thanks.

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jason Masker Mon, 09/27/2010 - 22:08

We are running 4.2 and ACS is working even with the functional level increased. I would be surprised if 4.1 does not work. What is more likely is that, since ACS 4 uses an agent for Windows authentication, is that during your migration to 2008, something happened to the agent installed on one of your servers. There have been several times where Windows authentication has quit working with our ACS because our agents tend to run on utility servers that get neglected. There have been times where different server admin tasks have caused one of our agents to stop working. When this happens I take the opportunity to make sure I have the latest version and reinstall it which has always worked.

Check out this guide on the agent install.

Richard Dumag Tue, 09/28/2010 - 15:44

Thanks Jason.  Looks like the remote agent is only supported on ACS SE.  We have ACS 4.1 for Windows.  One of our staff mentioned that he did not have to install remote agent on any server after ACS installation.  It's always worked until we upgraded our domain controllers to 2008.

Jason Masker Tue, 09/28/2010 - 15:50

Sorry about that Richard, I completely missed that you mentioned it was running on Windows. I am less familiar with ACS for Windows.

helsayed78 Thu, 08/04/2011 - 07:25

So how was this problem solved Richard? Coz I am planning for the same upgrade soon.

Richard Dumag Thu, 08/04/2011 - 15:07

You will need to upgrade to 4.2.  4.1 is not compatible with AD 2008.  Hopefully you have a support contract with Cisco.  I had to open a ticket because the installation kept failing due to corrupt file(s).  After the cleanup, the installation went pretty smooth.  Make sure you backup the database before upgrading.

helsayed78 Thu, 08/04/2011 - 15:47

Thanks a lot for your prompt reply...... But what files r u talking about that kept failing?

Sent from Cisco Technical Support iPad App

Richard Dumag Fri, 08/05/2011 - 09:47

I can't remember which file(s) were corrupt the were causing the installation to fail. It's been almost a year since I did the upgrade.  I recommend opening a ticket with Cisco before performing the upgrade.

peter_farmer Thu, 08/04/2011 - 17:32

I'm in the same boat - our M$ engineers upgraded our Windows DCs from Win2K3 to Win2k8 and now I'm getting annoying authentication errors in Windows. I understand that Windows2008 DCs dont support NTLMV1 (without downgrading security,) and that 4.2.1 with patch 4 will support NTLMv2(I'm guessing this will solve my issues.)

I'm also running 4.2.0 and attempted to upgrade to 4.2.1 and the installer wont export my database so I can't move to 4.2.1 without rebuilding my database manually (as the ACS upgrade document states that I cant use the 4.2.0 DBs to restore to 4.2.1 if I'm upgrading. (Arggh!)

I think I'll log a support call with Cisco ....


helsayed78 Sun, 08/07/2011 - 05:48

Thank you peter..... once you upgrade please inform me how did it go out with you.


-Hesham Yousry

Egyptian LNG Mon, 08/08/2011 - 06:08

Guys, I have confirmed with Cisco TAC that ACS4.2 won't work with windown 2008 R2.

Tochukwu Iwuora Tue, 09/06/2011 - 06:42

Hi Heshem,

I have a 4.2 appliance and want to integrate it to a windows 2008 active directory. Concerning your post above, do you know if my appliance will be compatible after an upgrade to an ACS 4.2.1 version?

helsayed78 Tue, 09/06/2011 - 23:45

As I said before if you have 2008 R2 Active directory it won't work.

If you have an ACS and you are planning to move to Windows server

2008 no R2 32-bits, then you will need to apply patch 12 at least to the ACS server.

If the Windows server is going to be 2008 no R2 64-bits then you will have to upgrade to


This Discussion