Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1094
Views
0
Helpful
1
Replies

ACS 4.2.0 build124

Sajeel145
Level 1
Level 1

‎06-12-2012 03:54 AM - edited ‎03-10-2019 07:11 PM

Dear experts

We are using acs version 4.2.0 build 124 on windows server 2003. Our domain controller has been upgraded from 2003 to windows 2008 R2.

Now we are facing following error in ACS authentication for accessing our devices.

Error: AUTH  06/09/2012 11:55:40 E 1810 3316 0x8f21 External DB [NTAuthenDLL.dll]: Windows  authentication FAILED (error 1326L)

if we restarted services of ACS server then users get authentiated fine.

Can anyone guide in this issue.

Regards

Sajeel

Labels:
0 Helpful
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎06-12-2012 05:14 AM

Hi Sajeel,

This is a known enhancement bug. Windows 2008 R2 is  not supported with any version of ACS irrespective of platform.

Acs 4.2.x doesn't support all newer versions of Windows 2008. It only supports the below listed version.

Supported Operating Systems section

--Windows Server 2008, Standard Edition

--Windows Server 2008, Enterprise Edition

--Japanese Windows Server 2008, Standard Edition, Service Pack 2

--Japanese Windows Server 2008, Enterprise Edition, Service Pack 2

Link for System requirement and supported version

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Installation_Guide/windows/install.html#wp1041324

However, we have few option at this point which may suit your requirement:

1.] Rool back your AD to standard 2008 Non-R2.

2.] Replace AD with LDAP because we can use win 2008 R2 with LDAP as a protocol.

3.] Go for ACS 5.2 only for cases where we want DC to run on win 2008 R2

Related bugs and enhancement

------------------------------------------

Applicable where customer is trying to ACS windows or remote agent on the windows 2008 R2

CSCta35271    Support for Windows server 2008 R2

Applicable where customer is directing all the authentication request to AD/DC as 2008 R2

CSCtg37183    ACS 4.x doesn't support 2008 R2 Server for AD

CSCtg12399  ACS 5.1 did not support 2008 R2 Server for AD.

We have also seen this working in few instances but again it's not tested by Cisco so there may be issues that you may not afford in your production enviornment.

Regards,

Jatin

Do rate helpful posts-

~Jatin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents