I'm trying to integrate CiscoWorks with ACS for Win2003 Server, I created the same username and passwords on both and i'm still not being able to do so. CiscoWorks is rolling back everytime to Local.

Thank you for your help

Have a look at the following link:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/lms/lms25/lms25qsg.htm#wp66757

Also:

ON CISCOWORKS

===============

* Step 1: Setup up a System Identity User

-Common Services > Server >Security >Multi-Server Trust Management >System

Identity Setup

* Step 2: Ensure that System Identity User is a local User with all the roles

-Server >Security >Single-Server Management >Local User Setup

ON ACS

=======

* Step 3: Define a group for CW Admin Users in ACS

-Go to GROUP SETUP

-Rename an available Group to something suitable such as CWAdmins

-Edit Settings

-Sessions available to user = unlimited

* Step 4: Add the CW system identity user (and other Admin users in CW) to ACS

-Go to USER SETUP

-Create Users for Ciscoworks including the System Identity User in ACS

-password

-Assign all these Admin users to the Group created in Step 3

* Step 5: Add a network device group with Ciscoworks as a Client

-Go to NETWORK CONFIGURATION

-Name

-IP address or range with wildcard masks

-key

-Authenticate using: TACACS+ (Cisco IOS)

-Submit+Restart

Note: (If NDG options are not visible, you can enable Network Device Groups in ACS under

INTERFACE CONFIGURATION > ADVANCED)

ON CISCOWORKS

===============

* Step 6: Change CW AAA Mode to ACS TYPE (and register CW applications with ACS)

-Common Services > Server > Security > AAA Mode Setup

-Select ACS type

-Fill in IP address/Hostname of ACS server

-Fill in the ACS admin login information and the shared key

Note: ?ACS admin login" must be a user with full admin rights to ACS (i.e. one configured

under Administration Control in ACS with ALL options checked)

-Put a check mark in "Register all installed applications with ACS" **

-Click on apply

-Restart CW Daemon Manager for above changes to take effect.

**WARNING: Make sure that AFTER the first successful registration to any specific ACS

server, you always keep this box UNCHECKED if switching between ACS and non-ACS modes on

LMS server.

Failure to do so will erase all custom roles (SUPERUSER) and you will need to do Step 7-8

on ACS again.

I did all the steps you mentioned but I get this error:

Application registration status with ACS Server:

- Application cwhp registration : Failure on Primary ACS Server

- Application CiscoView registration : Failure on Primary ACS Server

- Application rme registration : Failure on Primary ACS Server

- Application CM registration : Failure on Primary ACS Server

- Application dfm registration : Failure on Primary ACS Server

- Application ipm registration : Failure on Primary ACS Server

----------------------------------------------------------

Note:

- Make sure the configured System Identity User is availablle

in ACS Server.

- You must restart Daemon Manager for the recent changes

to take effect.

I am running ACS 4.0 Appliance version and CiscoWorks v. 2.6

Any Advise?

Thank you.

This can be a tricky thing to troubleshoot, so you may want to open a TAC Service Request. However, I'll give you some things to check first.

Due to the way registration works, CiscoWorks will take A LOT of TCP ports on the ACS server. Make sure that you have opened all TCP ports for ACS administrative sessions. That is, DO NOT limit the admin session TCP port range until AFTER you have completed registration. And then, I recommend you leave at least 50 ports open.

Second, using HTTPS for the initial registration is problematic for the same TCP port reason. Therefore, if your ACS is running in HTTPS mode, switch it back to HTTP just until registration is complete. Then you can turn it back to HTTPS.

Finally, make sure the ACS admin user that you entered in CiscoWorks can log in to ACS via the web and has FULL ADMINISTRATIVE ACCESS. That is, you should be able to create new users, add new clients, etc. as this user.