Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
942
Views
0
Helpful
2
Replies

API: Transport connect failed

franco.dama
Level 1
Level 1

‎05-21-2010 07:12 AM - edited ‎03-10-2019 05:09 PM

Hello,

I've a Tacacs server ver. 3.2 running on a Win2000 SRV SP4 for outbound connections and a twin server for validate inbound connections (from Vpn Cli).

Sometimes service Tacacs seems hang (more often for outbound conns, but sometimes for inbound also), cpu's process CSTacas becomes over 90%, authentication/authorisation are not permitted and I should restart service to let Tacacs to work again.

Any ideas ? I post TCS.log if useful, thanks in advance

TCS 21/05/2010 14:50:18 A 0197 5608 API: Transport connect failed
TCS 21/05/2010 14:50:19 A 0197 5608 API: Transport connect failed
TCS 21/05/2010 14:50:19 A 0197 5012 API: Transport connect failed
TCS 21/05/2010 14:50:20 A 0197 0524 API: Transport connect failed
TCS 21/05/2010 14:50:25 A 0197 5872 API: Transport connect failed
TCS 21/05/2010 14:50:25 A 0197 0524 API: Transport connect failed
TCS 21/05/2010 14:50:25 E 0963 0524 AuthorizationFailed: failed to write log entry for user4(0)

TCS 21/05/2010 14:50:26 A 0197 5872 API: Transport connect failed
TCS 21/05/2010 14:50:26 E 0963 5872 AuthorizationFailed: failed to write log entry for user1(0)

TCS 21/05/2010 14:50:36 A 0197 0524 API: Transport connect failed
TCS 21/05/2010 14:50:36 E 0163 0524 Pix: user 'user2' fails location check for authorisation
TCS 21/05/2010 14:50:37 A 0197 5012 API: Transport connect failed
TCS 21/05/2010 14:50:37 E 0163 5012 Pix: user 'user2' fails location check for authorisation
TCS 21/05/2010 14:50:39 A 0197 0524 API: Transport connect failed
TCS 21/05/2010 14:50:39 A 0197 5608 API: Transport connect failed
TCS 21/05/2010 14:50:39 E 0163 5608 Pix: user 'user3' fails location check for authorisation
TCS 21/05/2010 14:50:39 A 0197 5872 API: Transport connect failed
TCS 21/05/2010 14:50:39 A 0197 5880 API: Transport connect failed
TCS 21/05/2010 14:50:40 A 0197 5892 API: Transport connect failed
TCS 21/05/2010 14:50:40 A 0197 5868 API: Transport connect failed
TCS 21/05/2010 14:50:40 A 0197 0524 API: Transport connect failed
TCS 21/05/2010 14:50:40 E 0963 0524 AuthorizationFailed: failed to write log entry for user4(0)

TCS 21/05/2010 14:50:44 A 0197 5868 API: Transport connect failed
TCS 21/05/2010 14:50:45 A 0197 5868 API: Transport connect failed
TCS 21/05/2010 14:52:21 A 0197 5880 API: Transport connect failed
TCS 21/05/2010 14:52:22 A 0197 5880 API: Transport connect failed
TCS 21/05/2010 14:52:46 A 0197 5012 API: Transport connect failed
TCS 21/05/2010 14:53:14 A 0197 5892 API: Transport connect failed
TCS 21/05/2010 14:53:14 A 0197 5880 API: Transport connect failed
TCS 21/05/2010 14:53:15 A 0197 5892 API: Transport connect failed
TCS 21/05/2010 14:53:40 A 0651 2096 Server stop requested
TCS 21/05/2010 14:53:40 A 1256 2624 Release Host Cache
TCS 21/05/2010 14:53:40 A 1262 2624 Close Proxy Cache
TCS 21/05/2010 14:53:40 A 1285 2624 Calling CMFini()
TCS 21/05/2010 14:53:41 A 1287 2624 CMFini() Complete
TCS 21/05/2010 14:53:41 A 1301 2624 Closing Password Aging
TCS 21/05/2010 14:53:41 A 1314 2624 Closing Finished
TCS 21/05/2010 14:53:44 A 5020 6040 CSTacacs server starting ==============================
TCS 21/05/2010 14:53:44 A 5026 6040 Running as NT service.
TCS 21/05/2010 14:53:48 E 1051 6040 Doing Stats

TCS 21/05/2010 14:53:48 A 1092 6040
**** Registry Setup ****
TCS 21/05/2010 14:53:48 A 1119 6040 Single TCP connection operation enabled
TCS 21/05/2010 14:53:48 A 1129 6040 Base Proxy enabled.
TCS 21/05/2010 14:53:48 A 1196 6040 ************************

TCS 21/05/2010 14:53:48 E 1083 6040 TACACS+ server started
TCS 21/05/2010 14:53:50 A 0825 6104 Created new Single Connection session num 0 (count 1/1)
TCS 21/05/2010 15:08:35 A 0825 6104 Created new Single Connection session num 1 (count 2/2)
TCS 21/05/2010 15:16:27 A 0825 4840 Created new Single Connection session num 2 (count 3/3)
TCS 21/05/2010 15:16:27 A 0825 4840 Created new Single Connection session num 3 (count 4/4)
TCS 21/05/2010 15:49:35 A 0825 5952 Created new Single Connection session num 4 (count 5/5)
TCS 21/05/2010 15:49:35 A 0825 5952 Created new Single Connection session num 5 (count 6/6)
TCS 21/05/2010 15:49:35 A 0825 5952 Created new Single Connection session num 6 (count 7/7)
TCS 21/05/2010 15:49:35 A 0825 5952 Created new Single Connection session num 7 (count 8/8)
TCS 21/05/2010 15:49:35 A 0825 4840 Created new Single Connection session num 8 (count 9/9)
TCS 21/05/2010 15:49:35 A 0825 4840 Created new Single Connection session num 9 (count 10/10)
TCS 21/05/2010 15:49:35 A 0825 4840 Created new Single Connection session num 10 (count 11/11)
TCS 21/05/2010 15:49:35 A 0825 4840 Created new Single Connection session num 11 (count 12/12)
TCS 21/05/2010 15:49:35 A 0825 4840 Created new Single Connection session num 12 (count 13/13)
TCS 21/05/2010 15:49:35 A 0825 4840 Created new Single Connection session num 13 (count 14/14)
TCS 21/05/2010 15:49:35 A 0825 4840 Created new Single Connection session num 14 (count 15/15)
TCS 21/05/2010 15:49:35 A 0825 4840 Created new Single Connection session num 15 (count 16/16)

Labels:
0 Helpful
2 Replies 2

Jagdeep Gambhir
Level 10
Level 10

‎05-21-2010 09:15 AM

Hello,

This can happen due to,


-Corrupt registry

-SYN attack which overwhelmed the cstacacs service with half-open tcp connections.
-Single to single connect, acs getting out of threads, please disable single connect on acs and on aaa-client.
ACS-->Network configuration-->AAA-client--->Edit--->Single connect.

Please check this bug,
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCeh37849

Regards,
~JG

Do rate helpful posts






0 Helpful

franco.dama
Level 1
Level 1
In response to Jagdeep Gambhir

‎05-27-2010 07:49 AM

Hello Jagdeep,

"Single Connect" are still disabled, registry is not corrupted, so it's probably correct the "service overwhelmed" assuption...

In that case, the "bug" has not workaround about you ?

Thanks a lot!

Franco

0 Helpful
Customers Also Viewed These Support Documents