Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 4.2.0 build124

Dear experts

We are using acs version 4.2.0 build 124 on windows server 2003. Our domain controller has been upgraded from 2003 to windows 2008 R2.

Now we are facing following error in ACS authentication for accessing our devices.

Error: AUTH  06/09/2012 11:55:40 E 1810 3316 0x8f21 External DB [NTAuthenDLL.dll]: Windows  authentication FAILED (error 1326L)

if we restarted services of ACS server then users get authentiated fine.

Can anyone guide in this issue.

Regards

Sajeel

Everyone's tags (2)
1 REPLY
Cisco Employee

ACS 4.2.0 build124

Hi Sajeel,

This is a known enhancement bug. Windows 2008 R2 is  not supported with any version of ACS irrespective of platform.

Acs 4.2.x doesn't support all newer versions of Windows 2008. It only supports the below listed version.

Supported Operating Systems section

--Windows Server 2008, Standard Edition

--Windows Server 2008, Enterprise Edition

--Japanese Windows Server 2008, Standard Edition, Service Pack 2

--Japanese Windows Server 2008, Enterprise Edition, Service Pack 2

Link for System requirement and supported version

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Installation_Guide/windows/install.html#wp1041324

However, we have few option at this point which may suit your requirement:

1.] Rool back your AD to standard 2008 Non-R2.

2.] Replace AD with LDAP because we can use win 2008 R2 with LDAP as a protocol.

3.] Go for ACS 5.2 only for cases where we want DC to run on win 2008 R2

Related bugs and enhancement

------------------------------------------

Applicable where customer is trying to ACS windows or remote agent on the windows 2008 R2

CSCta35271    Support for Windows server 2008 R2

Applicable where customer is directing all the authentication request to AD/DC as 2008 R2

CSCtg37183    ACS 4.x doesn't support 2008 R2 Server for AD

CSCtg12399  ACS 5.1 did not support 2008 R2 Server for AD.

We have also seen this working in few instances but again it's not tested by Cisco so there may be issues that you may not afford in your production enviornment.

Regards,

Jatin

Do rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
826
Views
0
Helpful
1
Replies
CreatePlease to create content