ACS-Rookie to start

Hello

When good documentation for someone setting up a GBA for the first time?

Thank you

Randall

Hi, Randall

You don't say which version or the OS, but the following link is a good starting point

http://www.Cisco.com/en/us/products/sw/secursw/ps2086/tsd_products_support_configure.html

HTH

Jon

Tags: Cisco Security

Similar Questions

Remote agent ACS could not start

Hello

I installed the agent remmote ACS for windows from the ACS 4.1 Update CD (the CD migration is not found). I followed the guide of installation and configuration of the remote agent. In the services window I assigned the user of services created in ad in the log on tab and I stopped the process. When I try to start a warning message is displayed that explains the process carried out and stopped. How can I solve this problem? the software is on the CD to upgrade not the right one?

Seems to be a permission problem. Make sure that this remote agent running Server account is part of the domain administrators group. If she is already using domain administrator account, then do use the local account. It should work.

http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/remote_agent/Rawi.html#wp300510

Let me know how it goes

Kind regards

~ JG

AAA secondary ACS entry

Hello

I have 802.1 x and MAB configured. I added a second ACS server and added the definition of the switch.
My problem is that the ACS works well when it is set as primary option in the switch. But when it is configured as the backup and I force a failure on the primary, he does not try to use backup ACS th.

Can my configuration below, someone please give me some pointers?

Thank you

AAA radius rrrr server group
private server 10.4.25.117 auth-port 1645 acct-port 1646 borders 7 01100F175804575D72
private server 10.4.25.114 auth-port 1645 acct-port 1646 borders 7 01100F175804575D72
radius of the IP source-interface Vlan200
!
AAA new-model

AAA dot1x of default authentication group rrrr
AAA authorization exec default local authenticated by FIS
AAA authorization network default group rrrr
AAA accounting dot1x default start-stop rrrr group

interface FastEthernet0/1
switchport access vlan 200
switchport mode access
switchport voice vlan 2
authentication-sense in
authentication event failure action allow vlan 100
action of death event authentication server allow vlan 100
no response from the authentication event action allow vlan 100
multi-domain of host-mode authentication
authentication order dot1x mab
Auto control of the port of authentication
protect the violation of authentication
MAB
dot1x EAP authenticator
dot1x quiet-period of waiting 3
dot1x tx-period 4
spanning tree portfast

Hi Tiago,

The fix was set up the following:

restransmit RADIUS server 2

radius0server timeout 3

to allow the transition to the secondary ACS server before starting methods. He was trying to authenticate before it move on to the second ACS.

Thanks for your help.

How to stop the Radius/Ganymede ACS 5.2?

Hi, is it possible to stop the Radius/Ganymede ACS 5.2 from the GUI?

The command line, you can stop the ACS instance itself - but I don't think you can even components. It simulate an instance ACS failed.

I think that his:

request stop acs

or

judgment of the ACS

To start, it's the same thing with the start of keyword.

CFCHART - don't want the lines to go to the ends

OK, in CFChart, I want to have 2 sets of lines, a rookie who starts to run, and then it turns green and goes to the end. Here is my code:
< cfchart format = 'flash' chartheight = '400' chartwidth = '850' showxgridlines = "yes" showygridlines = "yes" >
< cfchartseries type = 'line' PostesColonne = 'WeekEnding"valuecolumn ="TotalTested"serieslabel ="Actual"seriescolor =" # 0000FF ">
< cfchartdata value = "1" item = '2009-08-02' >
< cfchartdata value = '7' item = "2009-08-09" >
< cfchartdata value '10' = item = "2009-08-17" >
< / cfchartseries >
< cfchartseries type = 'line' PostesColonne = 'WeekEnding"valuecolumn ="TotalTested"serieslabel ="Projected"seriescolor ="# 009900">
< cfchartdata value '10' = item = "2009-08-17" >
< cfchartdata value = "15" item = "2009-08-23" >
< / cfchartseries >
< / cfchart >
As you can see, I try to get a nice line that switches colors on 17 August. Unfortunately, the blue line (real), he traces a straight line on level 10 to 23. It also draws a green line from the 2nd to the 17th at 10. And it sucks!
I tried combining them like this:
< cfchart format = 'flash' chartheight = '400' chartwidth = '850' showxgridlines = "yes" showygridlines = "yes" >
< cfchartseries type = 'line' PostesColonne = 'WeekEnding"valuecolumn ="TotalTested"serieslabel ="Actual"colorlist =" # 0000FF, 0000FF #, # 0000FF, # 009900 ">
< cfchartdata value = "1" item = '2009-08-02' >
< cfchartdata value = '7' item = "2009-08-09" >
< cfchartdata value '10' = item = "2009-08-17" >
< cfchartdata value = "15" item = "2009-08-23" >
< / cfchartseries >
< / cfchart >
But who draws the all green. If anyone has a solution, help would be appreciated. Thank you!

(Repost for archives) Try changing the isInterpolated setting in the XML style, as shown here:

http://www.cftips.NET/post.cfm/turning-off-interpolated-data-for-cfcharts

http://www.coldfusionjedi.com/index.cfm/2008/9/17/ask-a-Jedi-handling-nulls-in-a-chart
....

Cisco ACS appliance takes long to start after initial config

Hello

I'll put up 2 ACS (1113 HW, SW 4.1) devices. After the initial configuration (IP address, admin pass etc.) and reboot, the devices do not seem to start or close the login prompt (even after a start of the night).

What could be the problem with the device or my patience?

Hello

If you get something like from console windows,

Then, make sure that you use less than 15 characters without spaces unit name.

Kind regards

Prem

CiscoSecure ACS 4.2 could not start due to failure of the services start bit

There are few services that wasn't able to restart, they are as follows:-

(1) CSAuth

Error:-"Windows could not start the csauth on local computer. For more information, see the system event log. If it is

a non-Microsoft service, contact the service vendor and refer to service 1060 "specific error code

(2) CSTacacs

Error:-"Windows failed to start the cstacacs on the local computer. For more information, see the system event log. If it is

a non-Microsoft service, contact the service vendor and refer to service 1066 "specific error code

(3) CSRadius = start

the rest of services like CSAdmin, CSDbSync, case were lit.

Also I am not able to take the acs system backup of the System Configuration-> ACS Backup and pressing backup now. It shows the msg of error as

: - CSAuth service must be running to start the backup

I was referring to the snapshots of the OS itself, but I guess you checked now.

Do not forget that the case works so you should see logs for services that do not work. Learn about the \CSAuth\logs folder for logs CSAuth and other records for other services that do not work.

There is a located here very detailed troubleshooting guide:

http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...

This guide should help you solve the question if there is no other software on the server to cause trouble. One thing it says who can apply to you is to ensure that the Windows Firewall as connection sharing Internet is not ongoing.

Because I am familiar with your server, I think you should do the quick test below for if sure there are not taken, which may be crashing the authentication services that you mentioned. In the command line, type "netstat - ano | Findstr Listening-i"and see if or not he has taken open your ports Ganymede + and radius. He will probably return false, but it's worth a check.

Worst case scenario, you may be able to use CSUtil to back up the database (I'm fairly certain you can back up services that work), install the ACS on a new Windows 2003 server, and then restore. You can use CSUtil to many types of exports and operations as well.

If you manage to deal with the problem or not, you should speak with the person who is responsible for making backups of your servers and make sure that something like this was coming once again that you can have a quick fix during a maintenance window.

'Case' service does not start on ACS 4.2.1

Hello

I recently installed a 4.2.1 with 4.2.1.15.1 and 4.2.1.15.2 patch GBA the on a Win 2003 R2 Std SP2 edition

Can't sart service case

Whenever I have to resart, I have the following message is displayed in the Viewer window:

(Note that I have the same problem on another edition of WIN 2003 Std SP1 machine)

Could you please help me?

Thank you

Michel Misonne

Event type: error
Event source: ACECLIENT
Event category: (1).
Event ID: 1001
Date: 11/04/2010
Time: 18:10:38
User: n/a
Computer: FP9S00180048
Description:
The description for event ID (1001) in Source (ACECLIENT) cannot be found. The local computer may not have the information necessary registry or message DLL files to display messages from a remote computer. You may be able to use the option/auxsource = flag to retrieve this description; For more information, see Help and Support. The following information is part of the event: C:\WINNT\system32\sdconf.rec.
Data:
0000: 00 00 00 00...
```
This is a known issue with 4.2.1, if you are not using RSA feature you can ignore this message.

However, if CSLOG cannot be started, could you try restarting the ACS,

also see if reboot of the windows server helps
```

D30 does not start after adding drives to the UCS ports

Hi all

I have a Lenovo D30 workstation.

I have my SSD on sata RED ports, and port orange is the DVD unit. So far so good.

I added 4 drives, connected to the blue sata ports (reader1 4) while the system worked. I launched rest Intel and created a RAID5 volume. All work of until reboot. At the power, I'm looking to a flashing cursor, just after the message 'press enter to...'. In the BIOS I have excluded from the disk 1 to 5 ports such as boot (on 3 different from the menu) device.

If I take the readers the system starts. After you add the I have to go back to the RAID and also workt fine. But I don't want to recreate the RAID unit after each reboot.

I made a rookie mistake?

Hello

Type: 4354

The machine is in UEFI

The option does not appear in the BIOS post screen, however, if you press CTRL-I during post, then the rest option appears. It shows the right RAID config and all 4 disks are visible.

Discs: 4 x HGST 7K 1000

Note: This is the drives 2.5 ". I use a 4 Bay of Startech unit to mount in a 5.25 Bay in the system.

http://www.StarTech.com/nl/en/HDD/mobile-racks/4-drive-25in-removable-SAS-SATA-mobile-rack-backplane...

The bootdrive is a Samsung 850, 500GB connected to the SATA0 port.

The system didn't need to start fron all the RAID, but only from the SSD.

Edit: I deleted the RAID for the rest for the post. Created a RAID5 set and restarted the D30.

Guess what... it starts as expected. The RAID5 volume present in the W10 and works very well.

What is the difference in the creation of a whole in the rest menu during post and create one of in W10 RAID?

upgrade ACS 5.3 5.4 fails

Hello

I try ACS 5.3.0.40 update to the new version 5.4.0.46. Everything looks ok:

ACS-machine / acsadmin # application upgrade ACS_5.4.0.46.tar.gz rep01

You want to save the current configuration? (yes/no) [Yes]?

Building configuration...

Save the configuration running at startup

Application of % CARS installation required post installation reboot...

Broadcast from root (pts/0) message (Thu Dec 6 23:36:41 2012):

The system is down for reboot NOW!

Successful application update

But the ACS (vmware instance) machine cannot be started with this result: Volume group 'smosvg' not found. (see attachment for details)

Any ideas?

--

Martin

Have you installed patch 8 on the 5.3.0.40 before moving to 5.4?

Maybe you run in CSCuc93106...

Edit:

Ehhmm... unlikely.

Cannot start IPS MC in CiscoWorks VMS

Hello

I just started getting error (on a pop up Applet), below when I try to run the IPS MC in CiscoWorks VMS.

+++++++++++++++++++++++++++++++++

You are not allowed to request the action associated with screenID:

"/ s510.

++++++++++++++++++++++++++++++++++

Any ideas?

Run version 2.2.

Thank you

Naman

Do you use GBA or another server authentication to authenticate/authorize the sessions? try to delete the ACS of VMS authentication and try again. The error message is related to an authentication problem. You must also close all your browsers and reopen then.

Software VMware 5.8 ACS and Base license

Hello

So, I bought ACS 5.8 VMware software and basic license recently. When the software arrived, I was surprised to find 3 discs (one was for one installation of 5.7, the other an upgrade to 5.8% and a disc of license). When I created a virtual machine and went to download the .iso image file I found that this software came with a .img image instead. My question is why Cisco would send me and old drive that I need to upgrade rather than send the downloadable version on their site? Now a task for five minutes only transformed into who know how long. Should I just get a third party software to convert the .img to a .iso to load in a virtual machine or should I contact Cisco and ask what gives? I'm just disappointed by the fact Cisco would send former software and wait for a customer to upgrade to 5.8.

You just download the iso of 5.8 ("ACS_v5.8.0.32.iso") directly from the download site and deploy your virtual machine using that. Then update the current level of Patch (Patch 5 at the moment). Both are available for download to users entitled to here:

https://software.Cisco.com/download/release.html?mdfid=286286338&flowid=...

Delivered support has a lot do with the logistics and distribution channel and not much to deliver the most common output directly to the end user.

I don't know that I've never deployed media, I received in the package, since I started working with Cisco equipment over 20 years ago.

Ploblem with 2950 and ACS

Hi all

I have configured the 2950 as below and properly configured ACS and I can connect to the 2950 using this configuration, the problem lies after that I go to enable and try any command, I get approval to next error command failed.

What I missed out the config that will allow me to execute commands?

AAA new-model

AAA authentication login default group Ganymede + local

AAA authorization exec default group Ganymede + local authenticated by FIS

AAA authorization commands 15 default group Ganymede + authenticated if

AAA authorization network default group Ganymede + local authenticated by FIS

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

AAA accounting network default start-stop Ganymede group.

GANYMEDE server host ***. ***

radius-server key 7 *.

Thanks in advance.

Bruno

Hi friend

AAA of the switch seems ok, maybe you need to take a look at your ACS.

Check the following information, where you have to apply it in your ACS config:

http://www.Cisco.com/en/us/products/sw/secursw/ps5338/products_configuration_guide_chapter09186a00801fd6fc.html#wp676529

If it helps, please note or ask another question.

Kind regards

Rafael Lanna

ACS 3.3 to 4.0 upgrade problems

Guys,

I have a Cisco ACS 3.3 running on a win2k platform server and I need to upgrade to ACS4.0 on win2k.

-3.3 backup and restoring files on web interface 4.0 does not work;

-the same operation using csutils.exe works not (csutil b [...], then csutil - r [...])

-J' installed the new machine with ACS3.3, I imported the data/group/user with csutil, then I installed ACS 4.0 using setup.exe. The result is that the ACS services will not start

Anyone know what I need to do?

Thank you

Rob

Hi Antonio,.

-3.3 backup and restoring files on web interface 4.0 do not work.

* It won't work, because in ACS we can back up and restore the database among same versions only of the ACS, also applies to replication.

-the same operation using csutils.exe works not (csutil b [...], then csutil - r [...])

* Answer will be the same as above.

-J' installed the new machine with ACS3.3, I imported the data/group/user with csutil, then I installed ACS 4.0 using setup.exe. The result is that the ACS services do not start.

* Normal this is if you hit a bug, that when we try to upgrade a database of ACS 3.3 (x) xx of ACS 4.0 build we have leak customer spaces AAA and/or servers writing AAA in databaae, and that can cause a problem. But we cannot not be hitting this bug.

How to upgrade:

[1] make sure we follow the path correct upgradation and supported:

http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacs4nt/ACS40/rnwin401.htm#wp37488

[2] then follow following steps upgrade:

http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacs4nt/ACS40/install/install.htm#wp1041858

Summarizing link above, just run installation of ACS 4.0 on an existing installation of ACS 3.3, and the installation program will ask itself, to save the previous configuration, select Yes at this time.

Let me know if it helps. Please rate if this helps.

Kind regards

Rafael Lanna

Cisco Secure ACS 3.3 (1)-> 4.0 upgrade problems (1)

Hi all!

I have problems updating my primary ACS since version 3.3-> 4.0

I always get the following error message, then it does the upgrade:

"The record of the CiscoSecure ACS seems to be blocked by another application: C:\Program Files\CiscoSecure ACS v3.3.

Please close all applications... blabla... »

The thing is, I have improved my ACS backup first, and this upgrade worked like a charm.

In both cases, both for the primary and backup I do a takeover with Dameware remote, copied the ACS 4 folder on the hard disk of the server and make the upgrade of this folder.

As I said, the upgrade of backup server worked without a hitch.

That's what I tried:

1. I checked that NO application use the 3.3 ACS file and no Explorer window is open on this folder or subfolders.

I checked using a small program called Filemon.exe from Sysinternals. According to this program, anything accessed said folder.

I also checked it again by renaming actually ACS 3.3 file once I stop all services of the ACS. I could not rename the folder if the services have been started.

2. I tried to stop the ACS services first and then make the configuration, got the same error.

3. I have disabled the antivirus software, got the same error.

Basically I am at my wits end now...

However, I have two options:

1. uninstall ACS 3.3, do a clean install of ACS 4.0 and import the data of all the GBA backup.

Who would not raise by the primary association with the ACS configuration backup? So I think I will need to go on it later and make changes, if necessary?

2 make a backup of the ACS 3.3 with csutil b

Uninstall ACS 3.3, do a clean install of ACS 4.0 and import all the data with csutil - r

Would this work? I've seen conflicting information here in this forum, some say that it works, the other say it's not.

I'm a little confused why it worked so well the GBA backup but fails on the primary ACS.

Any help would be greatly appreciated!

Thank you!

Ivar Thorolfsson

Hello

Folder lock message often appears if newspapers located in the directory of the ACS are too big.

Move the logs of the following directories: -.

CSAdmin\Logs

CSAuth\Logs

CSDBSync\Logs

CSLog\Logs

CSMon\Logs

CSRadius\Logs

CSTacacs\Logs

Newspapers

Then try to upgrade.

Kind regards

Vivek

ACS-Rookie to start

Similar Questions

Maybe you are looking for