ACS 5.2 hangs on connecting with MS AD at random intervals
I have a simple ASA, ACS, AD schema for RA VPN authentication. All is working for a few months now, but since the initial deployment we have this connectivty issue regarding ACS and MS AD. At random intervals, 1 month/1 week, the ACS connection status becomes "DISCONNECTED" although the CLI shows that ad client is running. But because of that, no RA VPNs can be authenticated. Clock is not a problem, since it didn't change automatically nor was manually configured prior to the malfunction.
What do I do to fix this?
I change the domain name, from the currently working xx.com, to cisco.com for instance, so I can get an error message. Then I set the correct domain name again and click on "Test Connection" until I get a successful message so I can press Save Changes. That usually takes 10-15 tries.
After some research I've noticed a LOT of people have this same problem, even on ACS 5.3. I was wondering if anybody has an oficial solution. I'm not sure how to see the log messages on the ACS itself for further troubleshooting on this matter, but since a simple procedure like the above solves the problem, I'm thinking of a bug. And because of that, I'll apply the latest patch 22.214.171.124 (10) tonight, hoping it solves this odd behaviour.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...