Hi, I have a ACS SE 4.2, and I try to integrate the ACS SE, with an Active Directory, and Access Point's Cisco, with PEAP MSCHAP V2 in Windows 2003 32 bits, and ACs Remote Agent, but my ACS SE give me logs
It say me: Internal Error, in the logs of fail authentication
My users in the Active Directory can't authenticate in the Database.
Could you tell me, why happened this?,
Maybe i have a trouble in the configuration of my ACS SE,
I agree and disagree with some of what Cisco says, so I'll tell you what works for us:
- Make sure ACS SE and Remote Agent are at the same version and patch level
- Make sure that the ACS SE and Remote Agent can talk over the ports you selected (or defaulted to) at install
- Our Remote Agent is running on the local service account of a computer running Windows Server 2003 that is joined to our domain (we actually have two of these)
- Our ACS SE boxes authenticate using the Cisco-recommended AD domain computer account called "CISCO" (External Databases, Windows Authentication Config)
- Our External Database -> Database Group Mappings -> Windows Database -> /DEFAULT is left at the "All other combinations" setting
- Unknown User Policy is set to check the Windows Database
- If you go into Network Configuration, does your Remote Agent show up with available services (should show a Clipboard and Windows Logo icon in the "Services Available" column)?
- If you select your defined Remote Agent in Network Configuration, does the "Windows Authentication" status show "Yes" in the "Used by this ACS" column?
By the way - ACS SE will report a failed auth to your authentication clients if the Remote Agent service is not running (ie - stops running), therefore your clients will NOT switch over to a backup RADIUS server automatically (if you have a secondary RADIUS server defined). For this reason, I have two different computers (in two different buildings, etc.) running Remote Agent, and I monitor the Remote Agent service on both systems.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :