Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS Server

Hello,

I have been having a weird issue with my ACS server. Clients that are configured for our wireless cannot login. We have internal laptops to auth. by machine name. This way anyone in our domain can log into the laptop. Once in awhile the user receive a "domain cannot be found" msg. We watch the authentication process with an analyzer and can tell authentication is not taking place. We reboot the ACS server and everything works. Has anyone seen this or know what is going on.....or where to look?

3 REPLIES

Re: ACS Server

Hi,

I would suggest you to check the debugs on the AP and that will let us know why auth is not taking place.

debug radius

debug aaa authentication

What is the acs software ver ? and is it a acs appliance or acs windows ?

Also when auth stops check the status of acs service if it is up or stopped.

Regards,

~JG

Community Member

Re: ACS Server

JG,

thanks for the quick response!

The version is 4.0, it is a windows 2003 server. The acs service is running at the time. If we plug the laptop in with a cable, log in, the wireless connects. The clients wirless if managed by windows and starts up during the startup process. (It happens on 30 laptops and clears when the server is rebooted)I monitor the ap's through our controllers (4400) and their is nothing indicating and issues at the time. After the reboot things work fine for awhile, then I get a call stating they can't get on, reboot and it's fine. In the reports log under failed authentication I do notice this "EAP-TLS or PEAP authentication failed during SSL handshake" for the several of the users we were testing with at the time of the issue.

Re: ACS Server

The error " EAP-TLS or PEAP authentication failed during SSL handshake " is mainly because of certificates issue . Either certificate on ACS got corrupted or expired OR Client is not able to validate root certificate with ACS.

Make sure that certificate installed on ACS was generated with key length of 1024.

Please also install this patch and you will see the improvement.

http://support.microsoft.com/kb/885453/en-uskindly

Regards,

~JG

144
Views
0
Helpful
3
Replies
CreatePlease to create content