Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Machine authentication fails and the "DsCrackNames failed" error message appears in the auth.log file of the ACS

Core issue

This issue is due to the presence of Cisco Bug ID CSCsd52574.

When machine authentication, either Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) or Microsoft Challenge-Handshake Authentication Protocol (MS_CHAP), is attempted after the Cisco Secure Access Control Server (ACS) has lost and then regained connectivity to the global catalog server, authentication can fail and the MachineSPNToSAM: __DsCrackNames failed auth.log error message can be generated in the auth.log file.

This issue occurs in an environment where there is more than one global catalog server for the domain. ACS does not search for the secondary catalog server if the primary goes down.

Note: This issue is particularly seen when ACS is installed on a domain member server.


The temporary workaround for this issue is to re-start csauth.exe.

In order to completely resolve this issue, download and apply the  ACS patch version  4.1(1) or higher.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:10 PM
Updated by:
Labels (1)