Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
1
Replies

Failed AAA radius server

tom.ashworth
Level 1
Level 1

‎07-31-2009 07:23 AM

Hello,

I have a AAA server configured on my ASA5540 which shows as being in FAILED status right now. The AAA server in question is an ACS 4.2 SE with the remote agent running on a windows server. There was a problem where the RA did loose connectivity with the DC, but that has been resolved. Now if I use the test button within ASDM on the AAA server group page the test auth is successful. However all RADIUS requests from the remote access connections go to the other ACS server in this group. Is my problem because I have Reactivation mode set to 'Depletion' rather than 'Timed'? Is there a way to force the failed server back to active now that my underlining problem has been resolved?

Thanks for any help or suggestions anyone can provide.

Tom

1 person had this problem
Labels:
0 Helpful
1 Reply 1

vmoopeung
Level 5
Level 5

‎08-06-2009 01:36 PM

One frequent cause of authentication failure is clock skew. Be sure that the clocks on the PIX or ASA and your authentication server are synchronized.

Pre-authentication on the Active Directory (AD) should be disabled or it can lead to user authentication failure.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008060f261.shtml#steps

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents