ACS 5.3: Active Directory Connectivity Problem

Document

Mon, 02/18/2013 - 23:16
Jun 21st, 2012
User Badges:
  • Cisco Employee,

Introduction

The purpose of this document is to talk about the ACS - Active Directory integration issue being faced on ACS 5.3.


Problem

After applying patch 3 or later on ACS 5.3, the Active Directory may show as disconnected or may fail to join.


Explanation

Recently it has been noticed that after applying patch 3 or later, ACS 5.3 leaves the Active Directory domain and joins it back. If the service account  password has expired or has been changed (since the last ACS AD join) then ACS will fail to join the Active Directory back.


It is also noted that if the service account username or password contains a dollar sign ($),  ACS 5.3 will come back stating that the password is incorrect. This is documented as a bug CSCtz76233.


In order to resolve the issue please ensure that the service account password is correct, not expired and the username or password do not contain the dollar sign ($) before applying the patch 3 or above on the ACS 5.3.


Reference

Please refer to ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example for detailed information on how to integrate ACS 5.x to AD.


This doc is created with info from Vivek Santuka.

Loading.
Amjad Abdullah Mon, 02/18/2013 - 23:16
User Badges:
  • Red, 2250 points or more

Thank you. It is useful but unfortunately does not work for me.
The machine join username that is configured on ACS does not have dollar sign in the password but still the ACS loses connectivity with AD. I thought that because of the clock but sometiems the time difference is more than 5 minutes and it works without a problem!! strange.

Actions

This Document

Related Content