Cisco Support Community
Community Member

Cisco ACS Version : first log on password not able to change through telnet

Community Member

Can you change it via the

Can you change it via the console or using SSH?  Might be something weird with your telnet session. 


Also this is from the ACS authentication FAQ:

Q. When I turn on enable authentication in the switch or router with commands such as aaa authentication enable default tacacs+ or set authentication login tacacs enable telnet primary, I am locked out of enable mode and receive the Error in authentication error message on the router. What do I need to do?


A. Check the failed attempts log in the ACS. If the log says CS password invalid, it can be that there has not been a special enable password set up for the user. This is required when you configure enable authentication. If you do not see Advanced TACACS+ Settings in the user options, select Interface Configuration > Advanced Configuration Options > Advanced TACACS+ Features and select that option in order to get the TACACS+ settings to appear in the user settings. Then select Max privilege for any AAA Client (this is usually 15) and enter the TACACS+ Enable Password that you want the user to have for enable.


Q. How do I determine what the 'Authen failed' message type means?


A. Note the date and time of the message, go to the CSAuth log file, and search on the date and time. A more detailed explanation of the message is then presented.

Community Member

  DescriptionCould not change



Could not change password to new password in Internal database
24205 Could not change password to new password
Community Member

Hi , Please find the error

Hi ,


Please find the error message details


CreatePlease to create content