ACS 4.2, installation UDV

Similar Questions

• No access to ACS GUI after installation

  Hi guys,.

  I installed successfully 5.4 ACS. However, I can't access web GUI. I created two accounts admin (during installation) and techuser (after installation) and two of them are see refuse and I can connect ACS using the CLI. However, when I'm getting access ACS via web GUI, I get "access is denied. Please contact your administrator to security for assistance. "Also, I don't see user techuser in the output of CLI command show users .

  Could you please help me with this question.

  Hi NENO,

  I could see from your description, you have created two users of CLI and you are able to connect successfully in the CLI.

  But you have not created the GUI users, so it will not login in the GUI with the CLI users.

  If we do the password reset, it resets the password acsadmin.

  Please log in to the GUI with acsadmin, and then create (System Administration > directors > accounts) admins GUI as 'techuser' or etc..

  We can able to connect after the creation of GUI.

  Thank you

  Catherine

  Please evaluate the useful messages and mark the correct answers.

• ACS 5.4 installation on vmware workstation

  Hi all

  is it possible to install cisco acs 5.4 on vmware workstation 8?

  Thank you

  Pellen

  Yes.

  Check this box:

  https://supportforums.Cisco.com/message/3714114

  Rating of useful answers is more useful to say "thank you".

• The existing migration ssl certificate win 4.2 device acs acs 3.2

  Hello

  We have the acs server that has the ssl running certficate(certifcate authority) in the acs 3.2 for eap - tls user authentication windows version.

  We want the same be migrated to application 4.2 (appliance) acs. I tried in different ways to push the certificate but I couldn't.

  I tried the System Configuration Thru--> ACS certificate--> certificate installation to install ACS--> download the certificate file

  As I mentioned the FTP server IP address, identification information, name and path

  But if I submit the application sound giving the directory not found or incorrect credentials.

  In FTP records its showing like this

  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 PASS welcome2acs
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 230 user logged
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: successful connection
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 CWD D:\FTP-ACS-AU
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 D:\FTP-ACS-AU 550: no such file or directory.
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: connection is closed.
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 Session closed by peer
  April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 the FTP Server session
  April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 the FTP Server session
  April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 USER ftpadmin
  April 15, 2011 19:44:47 Session 5, Peer 10.249.40 331 ok, need password username
  April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 FTP: connection attempt by: ftpadmin
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 PASS welcome2acs
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 230 user logged
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 FTP: successful connection
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 DLG FTP - ACS - to THE
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 550 FTP - ACS - to THE: no such file or directory.
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 FTP: connection is closed.
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 Session closed by peer

  Can anyone please suggest me what could be the problem in this... is my method won't?

  Hello

  Directory just enter ' / '.

  Just browse for the file field, and shared folder opens automatically.

  I hope this helps.

  Kind regards

  Anisha

  P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.

• ACS appliance fails to recognize an installed certificate

  When I install a certificate from CA - Windows Server, following the procedure of "Wired Dot1x version 1.05 Config guide" (Document ID 64068) and the 'Guide user to ACS,' I have the following problem. If I want to change the "overall authentication settings', I get the warning"could not initialize the PEAP or EAP - TLS authentication protocol because the certificate authority is not installed. Install the certification authority using the ACS Certification Authority Setup page".

  But if I check "install Certificate", it is said that the certificate is installed correctly and it is also added to the "Configuration page of the authority.

  I already found the following in the as 4.1.4 release notes: "turn off the Security agent, reinstall the certificate in accordance with the procedure and then re - activate the security officer.

  I did it but I still have the same error, even if the security officer is disabled (I checked it in the console with the command 'show' and the CSA is off).

  Can someone help me how to recognize the installed certificate?

  P.S. I also see 2 devices in the AAA-server list:

  -ACS01 (the name I gave him in the initial configuration). This one has an IP address of the DHCP server, even if I said NOT to use a DHCP server, but a static IP!

  -Self: this one has the static IP I configured via the console...

  I can't remove one of the AAA servers. Is it normal that there are 2 servers?

  Bert,

  It seems that the certification authority that you have installed is damaged or poorly installed. I want do you is remove the certicate CA by using the MMC on windows in ACS and then reinstall it.

  You, too, need to install the certificate authority root in ACS. You can install the certificate authority root in System Configuration-> ACS certificate of installation-> ACS certificate authority installation.

  Also incase you use Verisign cert, you install VeriSign intermediate CA certificates.

  https://www.VeriSign.com/support/VeriSign-intermediate-CA/index.html

  Kind regards

  ~ JG

• ACS RADIUS certificate Access Workflow

  Hello friends, I tried to deploy a solution ACS that includes RADIUS, connection with an AD database and certificate to join the network-based, but the documentation I've found is very very vague and becomes a little complicated for me to deploy it. I wonder if there is a guide or a better organize the documentation on the different scenarios of the GBA solution configuration. At least a configuration of workflow document which has secuenced steps. Thanks in advance for your help.

  PD: If someone of you is involved in the Cisco documentation I hope it serves as a suggestion and a recommendation.

  Atte. Jonas.

  Hi Jonas,.

  Please take a look in this doc:

  https://supportforums.cisco.com/docs/DOC-13545.

  This is a step-by-step guide to configure ACS to dot1x, installation of certificates on the ACs and the integration with AD.

  On the methods of certificate based here, be more specific about what kind of RAP that you want to use.

  HTH,

  Tiago

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• SSL Server 3.3 to 4.2 acs acs certifcate

  Hi all

  I need a help on this SSL certificate installation on my acs for PEAP clients 1120 device

  Note: I exported Server Certificate SSL from my old server acs 3.3 which is located under the acscertstore folder issued by the CA vendor. I need to reuse this same SSL certificate on my acs unit.

  ACS appliance ever Installer requires following two certificate must be installed for customers PEAP authentication

  (1) server certificate

  (2) certificate of the CA

  Server certificate: for the server certificate, I have my old certificate which is exported from my old server acs 3.3, when I tried to download my server certificate via an ftp server on my device acs, his search for the private key and the private key file.

  Private key & file is generated initially at the CSR request when the server certificate is requested to the seller of this stuff for my old acs 3.3. I don't know the password for the private key.

  If I need a private key & file, then I need to generate a new CSR from my acs camera and I need to present this REA out my CA provider to generate new .which of server SSL certificate is something like a new server certificate request.

  CA certificate: CA certificate, when I opened my existing on the detials of CRL distribution point tab, SSL certificate I could see below URL. WHN I open this URL gives the list of CRL.
  [1] CRL Distribution point

  Name of the distribution Point:

  Full name:

  URL =http://xx.yy.zz.com/crls/secureca.crl

  It must be my CA certificate for my right to acs appliance? otherwise once again this CA certificate for export from old acs 3.3 Server.

  Please suggest and press my questions above, Apoligse if my understanding on this certifcate installation is worng. suggest me the right solution

  Hello Shema

  The CA Cert you provided previously, none of them belog to cert of GBA. Your ACS cert is from CA: Equifax Secure Certificate Authority.

  I've separated the CA cert cert of GBA. Now, here are the steps:

  [1] copy the private key of the server v3.3 acs file and save it to a separate folder called "ACS CERT.

  [2] save CA cert and cert ACS in the same folder.

  [3] install an FTP server on your laptop, which is used to install certificates on the ACS unit.

  [4] make the "ACS certs" folder in the ftp folder.

  [5] CA cert, first install.

  [6] then, install cert of the acs and the whole private key file.

  The CAs and ACS cert cert is attached.

  Let me know how it goes.

  Thank you

  Nelson

• ACS Cisco 1121 5.1

  It is impossible to use the recovery 5.2 to cisco acs acs 5.1 1121 DVDs?

  Hi, Estelle,.

  What is your ultimate goal? If you want to recover the administrator password on ACS 5.1 using ACS 5.2 so it may not work. I tried in my lab for acs 5.3/5.4 and it did not work. He used to work in 4.x ACS cases where 4.1 cd can be used to recover the password for administrator on ACS 4.2.

  If you want you can give a try. It will give you 4 options. You must select 3 or 4 depending on how you are connected.

  Available boot options:

  [1] cisco Secure ACS 5.3 Installation (keyboard/monitor)

  [2] cisco Secure ACS 5.3 Installation (Serial Console)

  [3] reset password (keyboard/monitor)

  [4] to reset the password for Administrator (Console serial)

  If you have a few plans others let me know, I'll try to answer.

  Jatin kone
  -Does the rate of useful messages-

• where is the secret field shared for the ACS 5.3 server itself?

  Hello

  We currently have a distributed PR and DR ACS 5.3 installation, implemented with Ganymede and a unit RADIUS.

  The RADIUS is AppResponse Xpert admin. used Opnet we try to intergrate AppResponse Xpert Admin with ACS.

  The GUI for AppResponse Xpert Admin request the ip address of the radius server - IE our ACS, RADIUS port - is to say 1812 and 'secret' - I assume that means the secret shared real AEC itself (not the shared secret used by network devices).

  On our ACS 4.2 systems, we have a field for a secret shared on the ACS itself Server (to allow replication?).

  With the help of the search function for "Shared Secret" in pdf format "the User Guide for Cisco Secure Access Conrol system 5.3" has only found references to define one for network devices and not a ground for GBA is.»

  A shared secret of the ACS server is still topical for the 5.x ACS system?

  Hi Stuart,

  To answer your question:

  There is no shared secret for the ACS itself.

  If the ACS needs to communicate with another device, you must define an AAA client and define a shared secret.

  ACS 4, used this secret shared to protect/secure replication, the ACS 5, secured by encryption replication and not shared secrets (hash).

  Rate if useful

• Somehow Windows Search has disappeared from my computer. How can I reinstall it?

  My Windows search is missing.  I need to reinstall it.  How do I do that?

  You must answer the questions asked by Elizabeth23 as much as you can to see why your Windows Search is missing.

  If these links of relocation do not do it for you, here are a few instructions to reinstall Windows Search, which is useful if you have a genuine XP installation CD bootable, which has the same Service Pack that your version unspecified.

  There is an extra effort for Windows Search become missing.

  You have now or have you ever used third-party products on your system where the product description includes one or more of the following descriptive words:

  cleaner, mechanic, detective, doctor, heal, optimize, Inspector, clean, tune up, speed up, fix up, compact, compress, faster, power, boost, boost, gum, muncher. one click fix, new, intuitive, errors, stop crashes, stop errors, improves, allows you to save money, risk free, guaranteed or any third-party program that has an icon that looks like a gear, pinion, belt holder, key, key, screwdriver or plunging arrows?

  If so, this could be the reason that Windows Search is missing.

  As you go through the reinstallation of Windows Search, the resettlement will be asked to locate certain files as you go along and ask your XP installation CD.

  If you do not have a genuine XP bootable installation CD, you can change the path where Setup looks for files one at a time, because they are needed.  More on that later.

  Navigate to c:\windows\inf, and right click on the following file:

  Srchasst.inf

  Choose Install

  If you cannot see the srchasst.inf file, configure your system to show hidden files and show file extensions.

  Click on tools, Options, view and turn on "Show the hidden files and folders" and uncheck "Hide extensions for known file types", then you should be able to see the c:\windows\inf\ folder and the c:\windows\inf\srchasst.inf file.

  Make sure that you do not attempt to use this file: srchasst.pnf - you must use the file srchasst.inf instead.

  Installation can request files from the c:\windows\inf\386 folder.  It would be your installation CD bootable XP genuine if you have one and the Service Pack installed on your system must be the same as the CD that you will use.

  You don't need absolutely a CD to reinstall Windows Search, because files must already be on your system somewhere if Windows Search was working before.

  If you are prompted for a file, and you can't find it where I suggest in my example below (it works on my system), you need to search your hard drive and find where the files on your system.

  If you cannot find the files you need, identify the missing files and then a beautiful person can put them on their SkyDrive and you can download and save on your system and then point the installation there.

  Here's how my system works when I reinstall Windows Search when I pretend that I don't have a genuine XP bootable installation CD:

  When you are asked:

  msgr3en.dll

  Point installation c:\windows\system32\dllcache

  When you are asked:

  Courtney.ACS

  Point installation c:\windows\srchasst\chars

  When you are asked:

  inetpref. XML

  Point installation c:\windows\srchasst\mui\0409

  If asked:

  nls302en. Lex

  Point installation c:\windows\system32\dllcache

  When you are asked:

  Rover.ASC

  Point installation c:\windows\srchasst\chars

  When you are asked:

  Balloon.Xsl

  Point installation c:\windows\srchasst\mui\0409

  Once installation is complete, restart your system and see if your Windows Search is now functional.

• CSUtil problem

  Run the command CSUtil.exe and ACS 4.0 installation (Windows server 2003) gives me the following error:

  "Cannot initialize SchemeLayer.

  I tried to register the SchemeLayer.dll with the command "regsvr32 SchemeLayer.dll", but it does not work.

  All good suggestions anyone?

  That's a broken install.

  Run the pure utility and re-install.

• Personalized services in ACS5 to support the Nokia/Checkpoint Firewall

  Hi all

  my old ACS 4.1 installation I've customized GANYMEDE + services to support our Firewall Nokia (Checkpoint now). Currently, I have a chance to add this personalized service to ACS5.

  Anyone know if this feature is on the roadmap, and when it will be available?

  concerning

  Dirk

  Yes. It is also possible to use personalized services. However, there is a bug related to authentication with customized services that will be fixed in the next update for ACS 5.1 (patch 2). It is:CSCte16911

  Authorization of services works OK

• Evaluation of GBA

  I'm currently testing an ACS 5.2 with evaluation license (that I asked and got).

  I followed this guide

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.2/installation/guide/csacs_vmware.html#wp1057927

  to install the ACS vmware image, installation works correctly, when I reboot system and after the installation program, I can't properly boot system acs

  SVM-acs01tmp / root # display the status of the acs application

  Initializing the application...

  Status is not yet available.

  Please check back in a minute.

  SVM-acs01tmp / root #.

  This State is the same since I installed ACS yesterday; I also tried to restart the server and also to reinstall twice...

  Any suggestions?

  Thank you

  Daniele

  Hi Daniele,

  I saw the same problem with another customer - the problem is that you are using the username 'root '.

  Root is the user name that uses the Linux operating system, and by definition 'root' as the user name when you go through the configuration process, you end up limiting the authorization for the root account. That's why the ACS begins ever upward.

  Could you please re - build the virtual machine and re-install the ACS, but time user a different user name (for example, the default "admin").

  Let me know how you go.

  Best regards

  Dragana

• Installation of ISE and ACS

  Hi all

  I have a problem to install ISE and ACS on VM server. Linux Redhat Enterprise is detected by the system when the iso file is selected.

  But some dependencies of the package are noticed as openssl kernel-devel or cisco...

  The installation will stop from print virtual daemon.

  Any help!

  OK, I recommend:

  1. check that all the VM gusts are configured to meet the required specifications (RAM, CPU, disk space, etc.)

  2 re - download the ISO file and try the installation again

  3. download and try OVA

  Let us know how it goes :)

  Thank you for evaluating useful messages!

• ACS server installation issues

  I have a client of the remote site that is replacing their ACS servers and several questions:

  (1) what version we should be installed?

  (2) where we can get a clean binary installer (or do you start with 3.x or 4.0 & upgrade-if upgrade, use us the latest hotfix installer, or do we apply successive patches?)

  (3) replication between versions? Current servers have version 4.1 (1) build 23 Patch 5-do these need to be upgraded to the current version, or can move us later & replicate current?

  (4) is it possible to use different DNS (ex rtpacs.corpnet2.com) name for the site of 'real' server name (e.g. us2sawn00232.us1auth.xxxx.com)?

  (5) how to use GSK signed cert? Have previously tried & failed - something special here?

  Thanks for any help you can give.

  RO

  
  I have a remote site customer that is in the process of replacing their ACS servers,and have several questions:
  1) What version should we be installing?
  2) Where can we get a clean binary installer (or do we have to start with 3.x or 4.0 & upgrade-if upgrade, can we use latest patch installer, or do we have   to apply successive patches?)
  3) Cross-version replication? Current servers have Release 4.1(1) Build 23 Patch 5-do these need to be upgraded to current version, or can we install latest & replicate from current?
  4) Is it possible to use different DNS name (ex rtpacs.corpnet2.com) for website than server's 'real' name (ex. us2sawn00232.us1auth.xxxx.com)?
  5) How to use GSK-signed cert? Have tried previously & failed-anything special here?
  Thanks for any help you can give.
  RO
  

  Hi Richard,

  For your queries for replication ACS should be the same version, only then you can replicate between the ACS patner, if you have the same version, so your first and third query got the answer.

  For your fourth query, you can use the DNS server to host your web servers as when the user access the traffic of your web site will land in your DNS server where it will redirect to the origin server so that the DNS server should be authority server for your Web site.

  For a binary installation clear I would say check out this link http://openacs.org/forums/message-view?message_id=1245671 I hope this helps.

  So useful note valauable post.

  Concerning

  Ganesh.H