That's high probably because of ACS handles ascii characters only.
in older versions (4.x) there was a known problem:
Problem: ACS Error Message - Not all user Active Directory groups are retrieved successfully...
Why is the Not all user Active Directory groups are retrieved successfully. One or more of the group's canonical name was not retrieved error message seen on ACS?
This issue occurs because unicode characters are used in the group name on AD. Since ACS sees AD groups as ASCII text, the unicode characters are not translated correctly. As a result, the group membership is not retrieved. Remove the unicode character from the AD configuration in order to resolve this issue.
in ACS 5.3 vesion I can see some of those issues are resolved as per the release notes:
CSCtn26604 ACS 5 did not support UNICODE characters in certificates. This problem is resolved now.
CSCto72918 ACS 5.2 did not support Unicode characters in AAA client shared secret. This problem is resolved now.
However, I did't find anything talking about none-ascii usernames. But maybe that's applied.
is it possible for you to make a test with version 5.3 or higher and check if it works?
Rating useful replies is more useful than saying "Thank you"
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...