cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
824
Views
0
Helpful
7
Replies

Problem after upgrade ACS 3.3.2 to 4.0

ddugailliez
Level 1
Level 1

We have two CiscoSecure Server on W2k3.

We use Radius from CiscoSecure and an external Rsa Securid Token to authenticate the user (running on the same server).

With the ACS 3.3, the authentication works fine ( every state works : new pin mode, next token mode, authentication ).

Now with the new version ACS 4.0, if the token is in new pin mode, the user can't create his own code pin with this error message in the radius log : Authetication session invalidated.

Also this error in the RDS.log ( see attachment )

Any workaround to solve this problem ?

Thanks

7 Replies 7

darpotter
Level 5
Level 5

Hi

Whats in the csauth server log for the same time period?

When you do challenge/response (such as RSA) csauth saves session state. In this example the state has been destroyed in between RADIUS messages.

Normally this only happens if the user doesnt repond within 120 seconds.

Darran

Hi,

In attachment the log in the csauth file.

When the token is in new pin mode, the user has this message : "Enter your new pin code" but he can't confirm the code and the token stay in new pin mode.

Any idea for this problem ?

Thanks

Hmm, the csauth log cuts off just before the response arrives. Could you also include the next 10 seconds worth of logs?

you can find more log.

mljohnson
Level 4
Level 4

Open a case w/ TAC; you are likely hitting CSCsd41866 (PAP authentication against RSA server with NEW PIN Mode fails), and there is a patch available.

Thanks for the information.

I have the patch and it's ok now.

Hi ,

we have the patch for said Bug...We are not able to find the location of acs/dir on ACS1113 appilance..

Could you please let me know the steps to locate \bin on ACS 1113 v4.0 appilance.

Following are instructions got to update the patch.

Instructions on how to install the patch

========================================

1. Extract the CSAuth.exe from ACS-4.0.1-RSA-SW-CSCsc12614-CSCsd41866.zip

2. Stop service CSAuth

3. Locate \bin and save a copy of current CSAuth.exe

4. Copy new CSAuth.exe extracted from zip to \bin

5. Start service CSAuth

Thanks,

Satish

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: