I never tried what you are trying to accomplish but as I know machine account can't list other users and attributes from AD. ACS need to have account defined in its gui which is used to list/check/verify groups and so on.
You need to create username and pwd for ACS in AD. ACS will use that account to query AD for groups, users, etc. The account needs permissions to add machines because it will join the acs server to your domain.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...