Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question on ACS SE Windows agents set up

Hello,

I have 2 ACS SE boxes set up. One is the master, the other gets a copy of the DB via replication and is located in a different geographical area. I want failover for authentication and have installed the Windows agent on a server in the same network as the primary SE box and same for the secondary.

When I set up the agent that is on the network of the secondary, I set the ConfigproviderHost to be the secondary ACS SE box address. I'm wondering if this is accurate now since the agent does not show up with Windows Authentication but only Windows Logging when both were selected at install.

No changes were made to csagent.ini directly.

Should I point the windows agent on the secondary ACS SE's network to the Primary ACS SE's address for the "ConfigProviderHost"? I would like failover for the agents as well, if possible.

thanks

3 REPLIES
New Member

Re: Question on ACS SE Windows agents set up

Hello,

I just read your post and would like to know where do you get the "windows agent" from. I also have two acs se boxes and we have just started to move to a domain and active directory. Information about how to use AD for authentication is hard to find.

I am running 4.0 on the acs se.

Thanks for any info you can offer.

Re: Question on ACS SE Windows agents set up

Hi BM,

Windows agent should be there in the cd you got with the appliance. If you don't have that then open a case with TAC.

Check this link,

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/remote_agent/rawi.html

Regards,

~JG

Do rate helpful posts

Re: Question on ACS SE Windows agents set up

JS,

There is no need to make any change in the ini file. Remote agent will cater both appliance. Now why windows authentication does not show up needs to be troubleshooted.

Make sure that software ver of both ACS and remote agent is same. Try to reinstall that remote agent and see if that fix it.

Else need to check if any firewall is blocking the port between secondary site RA and primary ACS.

The computer running ACS Remote Agent for Windows must be able to ping the ACS Solution Engines that it supports.

•Gateway devices must permit traffic between the computer running ACS Remote Agent for Windows and the ACS SE. Specifically, the remote agent must receive TCP communication on TCP ports that you configure in CSAgent.ini. The default TCP ports, if all services are used, are 2004, 2005, 2006, and 2007. The appliance must receive TCP communication on TCP port 2003.

Regards,

~JG

Do rate helpful posts

135
Views
0
Helpful
3
Replies