If a Cisco Secure ACS that is configured for remote logging fails to successfully transmit an accounting log to the remote server, authentication attempts to the ACS server during this time may fail.
The authentication failure may not be reported at all, or it may be reported incorrectly (as being successfully authenticated).
Note: The authentication reports show that the credentials are good and the authentication request did pass. What failed is the RADIUS accounting request since RADIUS authentication was not available. Then the actual logging failed. This is the right behavior.
As a workaround, perform either one of these two steps:
The issue can be fixed by disabling the remote logging functionality altogether, or correct the cause of the logging failure.
This issue has been fixed in ACS SE version 4.0. In order to download the ACS SE software, refer to the ACS Software Downloadpage.