Cisco Support Community
Community Member

login failures

we have acs 3.2 and is used to authneticate windows AD users. Its authenticating fine. recently we created a new group called rdp in windows. there are few users in that group. we need them to use vpn and authneticate against AD the same way , the other users getting authenticated.but we see error on ACS windows logon type not granted. not sure wht it is. user has allow access in dial-in, the windows remote agent have permissions on RDP group to look into the accounts under the group. but it just doesnt work. wht cd be the problem

Community Member

Re: login failures

Can you tell us what is the exact failure message you are getting in ACS ?

May be this link can help you.

Community Member

Re: login failures


The below message is wht i see on ACS under failed attempts

Windows logon type not granted

we have 2 groups called adsl and rdp respectively. all adsl group users are getting authenticated by acs but only when users in rdp try they fail with above error. i have mapped the groups accordingly on acs, windows remote agent have read permission in AD on rdp and adsl group. also tried removing the user from rdp group to adsl and it works but only when in rdp it doesnt. i dnt understand why. our server team who manges AD say they have done thier bit but i dnt see anything i can do on ACS

CreatePlease to create content