Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

113022: AAA Marking server 0.0.0.0 as failed

Just changed AAA to use LDAP to MS2K8 AD rather than former RADIUS. Simply added hosts to existing LDAP group through ASDM. It is working fine, but I am getting tons of the following in the logs ...

May 29 12:54:14 pix2-inside May 29 2009 12:56:11: %PIX-2-113022: AAA Marking RADIUS server 0.0.0.0 in aaa-server group RADIUS as FAILED

May 29 12:55:46 pix2-inside May 29 2009 12:57:43: %PIX-2-113022: AAA Marking LDAP server 0.0.0.0 in aaa-server group LDAP as FAILED

May 29 12:58:51 pix2-inside May 29 2009 13:00:47: %PIX-2-113022: AAA Marking LDAP server 0.0.0.0 in aaa-server group LDAP as FAILED

Config ...

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server RADIUS (inside) host LAN-EVE

aaa-server LDAP protocol ldap

aaa-server LDAP (inside) host LAN-JAMES

aaa-server LDAP (inside) host LAN-JOHN

aaa authentication ssh console LDAP LOCAL

aaa authentication enable console LDAP LOCAL

aaa authentication http console LDAP LOCAL

aaa authentication secure-http-client

Test through ASDM working for each configured host.

Anyone know why I am getting these messages?

3 REPLIES
New Member

Re: 113022: AAA Marking server 0.0.0.0 as failed

You may try adding the user with zero privs and power off the server and restart it.

New Member

Re: 113022: AAA Marking server 0.0.0.0 as failed

Hiya;

I had this issue and it was the result of turning off name resolution in the configuration and logs (using the "no names" command).

Either reverse that command  (i.e. "names")  or add the aaa-server with its IP address instead of its name

e.g.

aaa-server RADIUS (inside) host 111.222.333.444
aaa-server LDAP (inside) host 222.333.444.555

aaa-server LDAP (inside) host 333.444.555.666

you get the idea...

Hope that helps...

-- KevFrey --

Re: 113022: AAA Marking server 0.0.0.0 as failed

Here is the bug id for what you are hitting: CSCsj64402

I tried to find the exact details of the bug but for some reason cannot access the bug toolkit at the moment. Basically there is a delay before cdp settles which fails the first few dns lookup when you have you servers configured by name instead of ip.The individual before my post is correct if you want to move past this you can configure the servers by ip address and move pass this issue. Usually this shows up when the PIX is first booted up. Did this occur during bootup or intial configuration of the servers or does this occur everytime you test authentication?

Thanks,

Tarik Admani *Please rate helpful posts*
5272
Views
0
Helpful
3
Replies