Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Internal Error ACS SE 4.2

Hi, I have a ACS SE 4.2, and I try to integrate the ACS SE, with an Active Directory, and Access Point's Cisco, with PEAP MSCHAP V2 in Windows 2003 32 bits, and ACs Remote Agent, but my ACS SE give me logs

It say me: Internal Error, in the logs of fail authentication

My users in the Active Directory can't authenticate in the Database.

Could you tell me, why happened this?,

Maybe i have a trouble in the configuration of my ACS SE,

Coukd you tell me what's the trouble in this case



Re: Internal Error ACS SE 4.2


That seems to be a permission issue. Make sure that service running remote agent has domain admin rights. Also remote agent and appliance should be on same code.

Please refer to this link,



Do rate helpful posts

Re: Internal Error ACS SE 4.2

I agree and disagree with some of what Cisco says, so I'll tell you what works for us:

- Make sure ACS SE and Remote Agent are at the same version and patch level

- Make sure that the ACS SE and Remote Agent can talk over the ports you selected (or defaulted to) at install

- Our Remote Agent is running on the local service account of a computer running Windows Server 2003 that is joined to our domain (we actually have two of these)

- Our ACS SE boxes authenticate using the Cisco-recommended AD domain computer account called "CISCO" (External Databases, Windows Authentication Config)

- Our External Database -> Database Group Mappings -> Windows Database -> /DEFAULT is left at the "All other combinations" setting

- Unknown User Policy is set to check the Windows Database

- If you go into Network Configuration, does your Remote Agent show up with available services (should show a Clipboard and Windows Logo icon in the "Services Available" column)?

- If you select your defined Remote Agent in Network Configuration, does the "Windows Authentication" status show "Yes" in the "Used by this ACS" column?

By the way - ACS SE will report a failed auth to your authentication clients if the Remote Agent service is not running (ie - stops running), therefore your clients will NOT switch over to a backup RADIUS server automatically (if you have a secondary RADIUS server defined). For this reason, I have two different computers (in two different buildings, etc.) running Remote Agent, and I monitor the Remote Agent service on both systems.

CreatePlease to create content