Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Remote Agent Authentication with AD


1. I'm deploying 802.1x on Wired environment and we are using ACS 4.2 with remote agent.

2. For redundancy purpose, i install 2 ACS SE and 2 Remote Agent.

3. The 1st Agent works perfectly with the AD. It can translate both machine and user authentication request.

4. The 2nd Remote agent can only with user authentication request. For machine authentication, it will try to pass the long "host/B4XRQ1S.XXX.COM" to the AD.

5. This is what the 2nd RA pass to the AD:-

Could not find machine host/B4XRQ1S.XXX.COM [2413,-2147016672]

host/B4XRQ1S.XXX.COM is not a valid machine name

6. With the 1st Remote Agent, it work perfectly. It will only pass the machine name :-

Attempting Windows authentication for user B4XRQ1S$

Windows authentication SUCCESSFUL (by XXXDC04)

Anyone has any idea what is happening. I checked and found both server has same configuration

When 1 point the ACS SE to the 1st RA, it works perfectly. But when i point to the 2nd RA, it cannot authenticate the machine.

  • AAA Identity and NAC
New Member

Re: Remote Agent Authentication with AD

There can be a number of things causing this, but most probably some issue with the second RA and the DC it's installed on.

I advise you to open a TAC case on this issue.

This widget could not be displayed.