Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem after upgrade ACS 3.3.2 to 4.0

We have two CiscoSecure Server on W2k3.

We use Radius from CiscoSecure and an external Rsa Securid Token to authenticate the user (running on the same server).

With the ACS 3.3, the authentication works fine ( every state works : new pin mode, next token mode, authentication ).

Now with the new version ACS 4.0, if the token is in new pin mode, the user can't create his own code pin with this error message in the radius log : Authetication session invalidated.

Also this error in the RDS.log ( see attachment )

Any workaround to solve this problem ?

Thanks

7 REPLIES
Silver

Re: Problem after upgrade ACS 3.3.2 to 4.0

Hi

Whats in the csauth server log for the same time period?

When you do challenge/response (such as RSA) csauth saves session state. In this example the state has been destroyed in between RADIUS messages.

Normally this only happens if the user doesnt repond within 120 seconds.

Darran

New Member

Re: Problem after upgrade ACS 3.3.2 to 4.0

Hi,

In attachment the log in the csauth file.

When the token is in new pin mode, the user has this message : "Enter your new pin code" but he can't confirm the code and the token stay in new pin mode.

Any idea for this problem ?

Thanks

Silver

Re: Problem after upgrade ACS 3.3.2 to 4.0

Hmm, the csauth log cuts off just before the response arrives. Could you also include the next 10 seconds worth of logs?

New Member

Re: Problem after upgrade ACS 3.3.2 to 4.0

you can find more log.

Bronze

Re: Problem after upgrade ACS 3.3.2 to 4.0

Open a case w/ TAC; you are likely hitting CSCsd41866 (PAP authentication against RSA server with NEW PIN Mode fails), and there is a patch available.

New Member

Re: Problem after upgrade ACS 3.3.2 to 4.0

Thanks for the information.

I have the patch and it's ok now.

Silver

Re: Problem after upgrade ACS 3.3.2 to 4.0

Hi ,

we have the patch for said Bug...We are not able to find the location of acs/dir on ACS1113 appilance..

Could you please let me know the steps to locate \bin on ACS 1113 v4.0 appilance.

Following are instructions got to update the patch.

Instructions on how to install the patch

========================================

1. Extract the CSAuth.exe from ACS-4.0.1-RSA-SW-CSCsc12614-CSCsd41866.zip

2. Stop service CSAuth

3. Locate \bin and save a copy of current CSAuth.exe

4. Copy new CSAuth.exe extracted from zip to \bin

5. Start service CSAuth

Thanks,

Satish

260
Views
0
Helpful
7
Replies
CreatePlease login to create content