Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 3.3, TACACS

have an issue with my ACS 3.3 TACACS server. All of a sudden when I add Administrators for the web interface, it does not save their privileges, such as Add/Edit users, TACACS Accounting Logs, etc. None of the check boxes stay checked. I have tried stopping and restarting the ACS services with no change. Has anyone seen this behavior?? Any help is appreciated.

11 REPLIES
Silver

ACS 3.3, TACACS

Hello Adam,

ACS 3.3 is an old version and the best approach would be to upgrade to a supported version of ACS. For example 4.2.0.124 or 4.2.1.15.

Also, a possible reason when experiencing those type of issues is the JAVA Version or Browser Version. If you are using a newer version of JAVA you might start facing those type of issues.

Please try with older JAVA versions and older Web Browser Versions and verify if the issue persists.

Hope this helps.

Regards.

New Member

ACS 3.3, TACACS

Hello Carlos,

Thanks for the response. Unfortunately I am in the middle of upgrading to ACS 5.3 and have to maintain this production server until it is completed. I have several other identical 3.3 servers that do not have this issue with the checkboxes under Administration Control, when setting up admins. I have tried with Firefox and IE6 and the same issues persists. Again I can add an admin account but it will not save any checkboxes that are enabled.

Silver

ACS 3.3, TACACS

Adam,

Usually those type of issues are related to JAVA as the configuration for the Privilege of the ACS Admin Accounts runs over JAVA Applets. Also, the Submit and Cancel buttons use JAVA. Are you facing issues with the buttons as well?

Regards.

New Member

ACS 3.3, TACACS

Hi Carlos,

No. I have no issues with the buttons. I am able to function normally in all other areas using buttons, checkboxes, etc. It is just the Administrative Control section where the checkboxes do not save a\for any new accounts.

Silver

ACS 3.3, TACACS

Adam,

ACS 3.x and 4.x GUI issues are hard to troubleshoot. Is this an ACS for Windows? If yes, can you please go to System Configuration > Service Control > Logging Detail > Set it to Full.

At this point we need to recreate the issue a couple of times.

After recreating the issue please access the Windows Server using RDP and check the following path (or the applicable for your ACS installation): C:\Program Files\CiscoSecure ACS v4.2\CSAdmin\Logs. You might want to look for the ADMN.log which includes the GUI logging information.

Feel free to share the file with me after setting the ACS to Full Detail on logging and recreating the issue. Share an approx time to check on the logs as well.

Regards.

New Member

Re: ACS 3.3, TACACS

Hi Carlos,

This is ACS 3.3 for Windows. I set the logging to full, recreated the issue sevral times and downloaded the logfile. I am attaching.

New Member

Re: ACS 3.3, TACACS

Another development. I just tried adding several new accounts as admins. The first one behaved as the previous, would not save any checkboxes. The second account I got the following error message:

I cnanot add any more admins to the server. This is very strange and has never happened before.

New Member

Re: ACS 3.3, TACACS

Seems it will not let me add more than 16 admin accounts, regardless if #16 is not complete.

Silver

Re: ACS 3.3, TACACS

Adam,

I have not been able to find any restriction on the max amount of Admin Accounts for ACS 3.3. I did not find any errors on the ADMN logs either.

As the ACS 3.3 is quite old, I have seen issues with the ACS Internal Database getting locked or "corrupted" on some cases. We might want to try compressing the ACS 3.3. database. I am including the process below:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/User_Guide/A_CSUtil.html#wp510176

Cleaning up the ACS Internal Database

Like many relational databases, the ACS internal database marks deleted  records as deleted; but does not remove the records from the database.  You can clean up the ACS internal database and remove all records marked  for deletion by using the following CSUtil.exe options:

-d—Export all ACS internal data to a text file, named dump.txt.

-n—Create an ACS internal database and index.

-l—Load all ACS internal data from the dump.txt file.

Additionally, if you want to automate this process, consider using the -q

option to suppress the confirmation prompts that otherwise appear before CSUtil.exe

performs the -n

and -l

options. This process does not necessarily reduce the size of the database.


Note Cleaning up the ACS internal database requires that you stop the CSAuth service. While CSAuth is stopped, no users are authenticated.


To clean up the ACS internal database:


Step 1 On the computer that is running ACS, open an MS-DOS command prompt and change directories to the directory containing CSUtil.exe. For more information about the location of CSUtil.exe, see Location of CSUtil.exe and Related Files.

Step 2 If the CSAuth service is running, type:

net stop csauth

Press Enter.

The CSAuth service stops.

Step 3 Type:

CSUtil.exe -d -n -l

Press Enter.


Tip If you include the -q option in the command, CSUtil does not prompt you for confirmation of initializing or loading the database.


If you do not use the -q option, CSUtil.exe displays a confirmation prompt for initializing the database and then  for loading the database. For more information about the effects of the -n option, see Initializing the ACS Internal Database. For more information about the effects of the -l option, see Loading the ACS Internal Database from a Dump File.

Step 4 For each confirmation prompt that appears, type Y and press Enter.

CSUtil.exe dumps all ACS internal data to dump.txt, initializes the ACS internal database, and reloads all ACS internal data from dump.txt. This process may take a few minutes.

Step 5 To resume user authentication, type:

net start csauth

Press Enter.

Please perform the above described process and try to create the account again.

Hope this helps.

Regards.

New Member

Re: ACS 3.3, TACACS

Ok thanks for the help. Will schedule after hours time to stop the server csauth service to run this utility. Will let you know.

New Member

Re: ACS 3.3, TACACS


Hi Carlos,

That did the trick. I ran the CSUtil and it seems to have cleaned up whatever was wrong with the database. Thanks so much for your help.

582
Views
0
Helpful
11
Replies
CreatePlease to create content