ACS Appliance Agent remote problem

Hello

We have depending you on the situation:

-2 x ACS SE

-2 x ACS Agents on member servers remotely

-2 x ASA

We would like to authenticate the VPN users connecting to the ASA via the ACS and active directory.

I have configured the remote agent following this link:

http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/Rawi.html#wp289426

But we are not able to pick up groups active directory to the AEC gui--> user external database > database group mappings > Active Directory > new Configuration.

On the domain controller, we get the error ID 1030 and 1058, someone had these problems too?

Thanks in advance and best regards

Dominic

Most likely, this is a Permission problem. What OS and SP you use.

Have you tried to run the remote agent by using the LOCAL account instead of the service account that you created?

Kind regards

~ JG

Note the useful messages

Tags: Cisco Security

Fixed versions

Cisco ASA Major Release	First version fixed
7.2	Affected; migrate to 9.1.7(9) or later
8.0	Affected; migrate to 9.1.7(9) or later
8.1	Affected; migrate to 9.1.7(9) or later
8.2	Affected; migrate to 9.1.7(9) or later
8.3	Affected; migrate to 9.1.7(9) or later
8.4	Affected; migrate to 9.1.7(9) or later
8.5	Affected; migrate to 9.1.7(9) or later
8.6	Affected; migrate to 9.1.7(9) or later
8.7	Affected; migrate to 9.1.7(9) or later
9.0	9.0.4 (40)
9.1	9.1.7(9)
9.2	9.2.4 (14)
9.3	9.3.3 (10)
9.4	9.4.3(8) ETA 26/08/2016
9.5	9.5 (3) ETA 30/08/2016
9.6 (DFT)	9.6.1 (11) / 6.0.1(2) FTD
9.6 (ASA)	9.6.2

5 9.6 (1) is not part of the fixed versions, this means that is assigned for the SNMP Remote Code execution vulnerability.

Cisco Adaptive Security Appliance CLI Remote Code vulnerability to run you can also take a look at cisco's Advisory here:

https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...

Fixed versions

The following table shows the first software versions that include fixes for this vulnerability (9.6 is not affected)

Cisco ASA Major Release	First version fixed
7.2	Affected, migrate to 8.4 (3) or later
8.0	Affected, migrate to 8.4 (3) or later
8.1	Affected, migrate to 8.4 (3) or later
8.2	Affected, migrate to 8.4 (3) or later
8.3	Affected, migrate to 8.4 (3) or later
8.4	8.4 (3)
8.5	Affected, migrate to 9.0 (1) or later version
8.6	Affected, migrate to 9.0 (1) or later version
8.7	Affected, migrate to 9.0 (1) or later version
9.0	9.0 (1)
9.1	Not affected
9.2	Not affected
9.3	Not affected
9.4	Not affected
9.5	Not affected
9.6	Not affected

Hope this info helps!

Note If you help!

-JP-

Web NAC NAC Appliance Agent Vs agent

Hello

What is the difference between 'NAC Appliance Agent' and "NAC Web Agent"?
I my case I do not get the pop up 'NAC Appliance Agent' screen, although I am able to correctly connect through "NAC Web Agent.
I would like to know if the connection via "Agent of NAC Appliance" is mandatory.

PFA, the 'CiscoSupportReport.zip' for 'Agent NAC Appliance'.

Thank you
Sagar

It is not mandatory to use the agent unless you specify in the policy for the role of user assigned to your username.

The web agent can do most of what makes the installable agent, at least with respect to authentication and posture.

Check the role assigned to your user as part of the management of devices-> own access and see what is required for this role.

Hope this helps

Secure ACS unit and Remote Agents

Hello

We test Secure ACS 3.2 device and authentication against AD via remote agents. When two or more remote agents are registered with the device in the network menu, is the pretty smart device to try the second machine remote agent if she can't talk to the first? We tested this failover by stopping the service of the remote agent on the first domain controller where it has been installed. However, failover does not occur. We want to know if this failover is supposed to work, and if so what we need to do to make it work.

Yoshi Nagase

Hello

I implement a solution similar to yours... 2 ACS unit with 2 Remote Agent...

I set the remote agents on the Network Configuration and the external user DB - database of Windows - Windows Remote selection of the Agent.

In this menu the value primary and secondary Remote Agent

HTH

Omar

ACS 4.2 Remote Agent on Server 2008 R2

Hello

We migrate our 2003 to 2008 R2 domain controllers and would like to know if the remote agents are compatible to run on 2008 R2. I saw the release notes that RAS have been tested on 2008 SP1 but not R2.

Can someone advise or confirm that RAS are supported on 2008 R2?

We are running engine Solution and the fix 4.2.1.15 4.2.1.15 - 1. RAS are the same version.

Thanks in advance for your help.

Well, it is a known bug of improvement:

CSCta35271 Support for Windows server 2008 R2

ACS 4.2.x supports all the latest versions of Windows 2008. It only supports the registered version. You can also consult the release notes.

Section of OS supported

-Windows Server 2008, Standard Edition

-Windows Server 2008, Enterprise Edition

-Windows Server 2008, Standard Edition, Service Pack 2 Japanese

-Windows Server 2008, Enterprise Edition, Service Pack 2 Japanese

This bug can get fixed in upcoming Release\patches. It's in the pipeline/roadmap and the development team working on it

Regds,

JK

The rate of useful messages-

The upgrade to Cisco ACS SE and Remote Agent

Hello

Currently we are upgrading the PDC to Windows Server 2008, Standard Edition R2.

I am little confused with information available for upgrade scenarios. Appearing on the current working versions.

Cisco ACS SE - version 4.1 Build 23 5 Patch 1

Cisco ACS Remote Agent version 4.2 (0.124)

The new operating system will work on 64-bit, I think that the current ACE SE and the remote agent can / must be upgraded.

My existing versions, give the possible scenarios of upgrade available for me. After that upgraded SE and Remote Agent should work for the 64 bit OS.

Thanks in advance!

Yes, it is not possible to upgrade the ACS ACS 5.2 existing to level 4.1. They are two different boxes run on a different platform.

Unfortunately ACS 4.x does not support windows 2008 r2.

5.2 ACS is the only option left, and you will need to buy a new box of seprate with the new licnese for this.

Concerning

Bellefroid

Note the useful messages

ACS appliance 4.2 - database replication internal problem

HelloW

I'm yunchoul jung in Korea

now I'm setting up ACS unit 1113 ver4.2

in internal, primary and secondary database replication server ACS cannot repliacate the database due to the configuration of SELF (127.0.0.1) by default in the configuration of the network.

so I have a guestion, how do I replace 127.0.0.1 address to the ip address you want or delete SELF (127.0.0.1) address

I don't understand a procedure of solution in the documentation below.

Thank you for your help in advance

Problem: 127.0.0.1 is a reserved address

You have two units of the ACS SE 1113 and replicate the database internal from the primary to the secondary.

but you notice this error message in the secondary unit:

Replication of database of ACS denied - incompatibility of secret shared incoming

When you try to change the key of course AAA under Network Configuration Server error message is

returned.

This is due to a known bug,

Symptom: 127.0.0.1 address appears in ACS and the replication fails

Conditions:

Install Acs S/W version 4.2.0.124

Disable the network adapter

Enable network card

* Go to the network settings page.

* Should see the AA server IP to be a return loop

Workaround solution:

For windows: remove the 127.0.0.1 entry

For the device: back up the database, install ACS on windows, restore, delete

the entry, make a backup and restore on the device

http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCso39795

Kind regards

~ JG

Note the useful messages

Issue of ACS Windows Agent

Hello

Just, we have improved our 3.3. ACS to the latest version without problem. I created the Remote Agent on GBA, but we I install the Agent on the Windows 2003 Server I get "could not initialize variables. Anyone? Thank you.

John

John,

-Log on to the computer as long as Local Administrator, preferably 'administrator' and then try to uninstall the Remote Agent & try and install back. Log on locally to the box and install the AR.

-If above does not work, you may need to manually uninstall the Remote Agent. After uninstalling, you can try to reinstall the latest version of the remote agent.

somishra

ACS appliance fails to recognize an installed certificate

When I install a certificate from CA - Windows Server, following the procedure of "Wired Dot1x version 1.05 Config guide" (Document ID 64068) and the 'Guide user to ACS,' I have the following problem. If I want to change the "overall authentication settings', I get the warning"could not initialize the PEAP or EAP - TLS authentication protocol because the certificate authority is not installed. Install the certification authority using the ACS Certification Authority Setup page".

But if I check "install Certificate", it is said that the certificate is installed correctly and it is also added to the "Configuration page of the authority.

I already found the following in the as 4.1.4 release notes: "turn off the Security agent, reinstall the certificate in accordance with the procedure and then re - activate the security officer.

I did it but I still have the same error, even if the security officer is disabled (I checked it in the console with the command 'show' and the CSA is off).

Can someone help me how to recognize the installed certificate?

P.S. I also see 2 devices in the AAA-server list:

-ACS01 (the name I gave him in the initial configuration). This one has an IP address of the DHCP server, even if I said NOT to use a DHCP server, but a static IP!

-Self: this one has the static IP I configured via the console...

I can't remove one of the AAA servers. Is it normal that there are 2 servers?

Bert,

It seems that the certification authority that you have installed is damaged or poorly installed. I want do you is remove the certicate CA by using the MMC on windows in ACS and then reinstall it.

You, too, need to install the certificate authority root in ACS. You can install the certificate authority root in System Configuration-> ACS certificate of installation-> ACS certificate authority installation.

Also incase you use Verisign cert, you install VeriSign intermediate CA certificates.

https://www.VeriSign.com/support/VeriSign-intermediate-CA/index.html

Kind regards

~ JG

Labview Remote problem

Hello!

I have a NI USB DAQ of 6341 who assume to control a horse trough PMT and LED Labview 2010.

But, Labview is not installed in my PC, I use it remotely from the University and I am facing problem to use DAQmx (version 9.3.5) in Labview.

What I want to know is how to make my remote Labview for data acquisition in my computer.

I guess it's a very simple question, but after hours trying to find a solution, I decided to ask the experts...

Thank you!

Hello RadGent,

This solution will not work in your case.

However with NOR-DAQmx 8.0 and later, NOR-DAQmx OPC features can be used to obtain the features of reliable network of remote systems.
GDR (as mentioned in the document you provided) is not supported in NOR-DAQmx.

You can try something like this:

http://zone.NI.com/DevZone/CDA/tut/p/ID/3742

The best and the most simple of measures to be taken would be to install the software locally, especially because you are working with a USB device.

Goes on ethernet, at University, then return in the same pc to connect to the DAQ card would seriously increase the latency of the system.

Have a Live View remote problem...

I use the remote software a lot and started having a problem in Live Mode when connected to the laptop...

If I am connected there is no problem, but when I go to Live View to see what the camera sees it running a little and then give a "Connection Lost" error and close the software... You can't restart it unless you unplug the USB cable and plug it into the back... Then, you can restart the software and all works fine... but when switching back to see live can run from any where between 1 second and 20 minutes without any problem, then "lost connection" and the software will stop... I tried several cables, Reloaded the software and made sure Batteies are reloaded... I had the camera for a year and a half and it has just started in the last month... Before I could leave in direct mode until the battery pack came out with such a failure...

Hi Quantummist,

I recommend that you contact us for assistance with this.

Management E4200v2 remote problem

Hi all

I have a little problem with remote management on my E4200v2.

I have him, select https and all on by default the allowed IP address value remote port (8080)

After all this, I can't connect my router to my office or any other place. I use DDNS and all its ok (updated time). I tried to connect to my direct IP (dynamic), but without result.

Any ideea? This is the only problem that I discovered this device.

P.S. no newspaper entering port 443 using https

Thank you

Try changing the port 8081 instead of 8080. Otherwise, you could use http instead of https for remote management, where it does not work with https. Also to ensure that the anonymous internet application of the filter box should be disabled in the Security tab, on the router configuration page.

ACS Appliance Agent remote problem

Similar Questions

Fixed versions

Maybe you are looking for