Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ACS 3.2 authenticating to AD fails 'LookupAccountSidA Failed'

The failed log has the error 'External DB Account Restriction'. I have the Permit dial in permsion enabled which was the only thing i could find on that one. In the auth.log i get the following (see below) there is a line that states 'Windows Authentication Succesful' followed by a line 'LookupAccountSidA failed' followed by 'User 'TESTAD\testguy1' was not authenticated'. I have not been able to figure out what the second call is that failed. LookupAccountSidA and why it says succesful then failed.

AUTH 09/09/2003 12:07:31 I 0425 1180 AuthenProcessResponse: process response for 'TESTAD\testguy1' against Windows NT/2000

AUTH 09/09/2003 12:07:31 I 0360 1180 External DB [NTAuthenDLL.dll]: Starting MSCHAP authentication for user [TESTAD\testguy1]

AUTH 09/09/2003 12:07:31 I 0360 1180 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testguy1

AUTH 09/09/2003 12:07:31 I 0360 1180 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by PDC)

AUTH 09/09/2003 12:07:31 E 0360 1180 External DB [NTAuthenDLL.dll]: LookupAccountSidA failed

AUTH 09/09/2003 12:07:31 I 1591 1180 Unknown User 'TESTAD\testguy1' was not authenticated

AUTH 09/09/2003 12:07:31 I 5081 1180 Done RQ1027, client 6, status -2046

AUTH 09/09/2003 12:07:31 I 5094 1180 Worker 6 processing message 43.

AUTH 09/09/2003 12:07:31 I 5081 1180 Start RQ1027, client 6 (127.0.0.1)

AUTH 09/09/2003 12:07:31 I 0425 1180 AuthenProcessResponse: process response for 'TESTAD\testguy1' against Windows NT/2000

AUTH 09/09/2003 12:07:31 I 5081 1180 Done RQ1027, client 6, status -1058

3 REPLIES
Cisco Employee

Re: ACS 3.2 authenticating to AD fails 'LookupAccountSidA Failed

My guess is you're running SP4 on this machine, which is not supported by ACS (only up to SP3) and will give you this error. Downgrade to SP3 and it should work fine.

Let me know if you're not running SP4 as we'll have to look elsewhere, but I've seen this a couple of times already and it was due to SP4 and downgrading resolved the problem.

Anonymous
N/A

Re: ACS 3.2 authenticating to AD fails 'LookupAccountSidA Failed

both the ACS and AD are running SP3. I installed all the latest critical updates before starting my testing do you have any idea what fix in sp4 causes the problems?

Thank,

Mark

Anonymous
N/A

Re: ACS 3.2 authenticating to AD fails 'LookupAccountSidA Failed

The problem was an permissions issue with the ACS servcie account, I didn't troubleshoot it completly. Makeing the ACS server a DC (it was a domain member server) solved the problem. I assume the issue has to do with the permissions given in the 'Local Security Policy', 'Domain COntroler Security Policy', or 'Domain Security Policy'.

232
Views
0
Helpful
3
Replies
CreatePlease to create content