Cisco Secure ACS 5.3 SNMP agent does not
Hello
I have problems with the SNMP on Cisco Secure ACS 5.3 agent (patch level 5) stop, is there a quick way to restart the SNMP daemon via the command line?
Robert,
I understand where you come, I encountered the following bug:
The process of the SNMP agent in demon device ACS stops. |
and reboot the box will bring him back to the top and after about 3 days, he'd stop. I just want to see if it's the same bug that could be back in patch 5. The best thing to do at this stage is to plan a quick down and restart the box to see if the snmp process starts again. If this then gives IT a week to see if the snmp Protocol falls down. If it does then make reference to this bug and open a new case of tac for repair. If not, then you should be in the clear.
Thank you
Tarik Admani
Tags: Cisco Security
Similar Questions
-
Cisco Secure ACS Solution Engine ping
1. I installed Cisco Secure ACS Solution Engine with V3.3 and I can access via the http port 2002 but I can't it ping from anywhere in the network, but the server can ping every thing, is this normal.
2. If I can't ping haw I can define the service keeplaive to load balance 2 ACS engine using CSS
By the way, I forgot that ACS 3.3 device has a CSA integrated. This agent is enabled by default. He explains why you can't ping it.
For enable/disable it, go to "System Setup Configuration - device. Toggle the checkbox enabled the CSA according to needs.
Rgds,
AK
-
Cisco Secure ACS vs IAS in Windows
Hi all
I need deploy an AAA for the following situations.
(1) remote access via Cisco VPN Clients.
(2) AAA for wireless windows PC in remote areas
(3) AAA for Cisco switches and routers in remote areas
(4) authentication with a windows domain
The the Windows IAS would be virtually free that we already have Windows 2003 domain controllers at each remote site. However, Cisco Secure ACS might also be an option. Not all have experience in these two?
What are the positives\negatives of each? and limits?
Does anyone have any information on case study etc. in comparing the two?
Your help is greatly appreciated.
Kind regards
Andy
PS: There is a limitation in Windows 2003 Standard edition, which limits the number of Radius clients to 50. Although we have more than 50 potential clients in society, no site has more than 50 altogether.
MS IAS allows you to implement the solution using only the RADIUS protocol
ACS offers the feature to use RADIUS as well as GANYMEDE.
Looking 4 solutions you want to implement, only 3rd solution will be a little easier with GANYMEDE, but even once it not something you can not implement using RADIUS.
On the limitation of Radius client, ACS offers a large database that you can use for customers, so limiting to 50 customers. In addition many many features, you'll love to integrate into your network as the NAP/NAC implementation, made it easier.
So you need to check if you have the budget, you can go to ACS, IAS on the other can work well for all solutions (except limitation of radius client, I m sure that MS can provide a workaround solution).
the following link can help you with information on sales of ACS:
http://wwwIn-nmbu.Cisco.com/thevault/files/1027/5/ACS4.1-Sales-guide%20April%204%202007.htm
-
With Cisco Secure ACS for Windows GANYMEDE +, authentication fails with AD
I'll put up a Cisco Secure ACS 4.2 server to act as a RADIUS server for switches and routers I use Windows 2003 server for the candidate countries.
and an Active Directory of Windows 2003 server. The ad server is very good, it is used for many other things.I've implemented ACS as defined nit it installation guide, including all the steps in the "Member Server" section of the installation guide
When you use AD as an external database (e.g. setting up services to run with a domain administrator account, set up a machine called "CISCO"
on the field, etc.).I've set the unknown user policy to use the database of Windows, if the internal database does not contain the details of the user.
If I add a user to the internal database, authentication goes through fine, with an entry in the journal "Authentication," spent
02-24-2010, 05:07:03, authentic failed, eXXXX, Network Administrators (NDG), X.X.X.X, (default), internal error, (get the internal error error message)
I scoured google etc and just cannot come up with any reason why this should be the case.
I followed all of the installation to the letter guides. I need to get this up and running as soon as possible,
so am eager to know if someone can help me with this one!Thanks and greetings
Sharan
George,
Internal error is fairly generic, but a common situation, we see this error is when ACS is installed on a
64-bit computer. ACS would not work with the active Manager when it is installed on the 64-bit before machines
ACS 4.2.1.
-Jesse
-
Cisco Secure ACS 4.2 on VMware ESX 4.0.
We must move from ESX 3.5 to ESX 4.0 a virtual machine running Cisco Secure ACS for Windows version 4.2.
This solution is compatible and supported by Cisco?
Thank you.
Andrea
ACS Windows 4.2 is not supported by Cisco, when installed on VMWare ESX 4.0 in accordance with the following documentation:
Only ACS 5.1 is supported on ESX 4.0:
-
Cisco Secure ACS 4.2 Windows authentication of different domain
Hello
I have a Cisco Secure ACS for Windows Server 4.2. The server belongs to a domain and the domain, the users belonging to a certain group are authenticated.
Now, I have to change the configuration of the server and reassign it to another area. There is no trust relationship between two domains and I would like to know if users can always be authenticated against the previous domain.
Hello
First of all, take backup (by measure of precaution in order to restore config if something goes wrong) then continue witht the following:
-Remove the configuration of the windows domain (group... mapping etc) from the server before changing the field.
-Change the domain membership, and then restart.
-follow the missions post-disiez for ACS (see this link): http://tiny.cc/zr6huw.
-Configure the external database again on GBA (group mapping, strategy unknown user... etc).
You should note that if the new domain controller is Windows Server 2008 R2, which is not supported by ACS 4.x.
HTH
Amjad
Rating of useful answers is more useful to say "thank you".
-
ENE PCI Secure Digital / MMC Card Reader Controller does not
ENE PCI Secure Digital / MMC Card Reader Controller does not
I suggest that you go the manufacturer of your computers website and search for drivers chipset update.
Click Start, type: Device Manager
Press enter on your keyboard
Click with the right button on the controller listed in the tree view of the devices
Click on uninstall
Restart your computer and let Windows redetect.
-
12 c on the repository server management agent does not start due to a failure of the system
My environment architecture for 12 c Cloud Control (used for the purpose of personal practice) can be explained as follows:
@DBSERVER: (OEL6.5, x 86-64)
-12 c Enterprise Manager Cloud Control (EMCC)
-Database 11.2.0.4 which acts as a repository for 12 c EMCC
Monitored host is on a virtual machine (VM12) which is currently in the DBSERVER:
VM12: (OEL6.5, x 86-64)
-12 c Management Agent which monitors host and database (12.1.0.1)
The server worked fine for months until recently when the computer has restarted abruptly. Abrupt restart has occurred several times in the past, but this time, he had a problem when restarting. The DBSERVER when a startup starts the SGC and the AGENT. WHO starts perfectly, but the AGENT does not start. On trying to start the agent, it displays the following error message:
[orcl11204g@dbserver bin] $. / emctl start agent
Oracle Enterprise Manager Cloud control 12 c Release 3
Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
Starting Agent... failed.
Manager of target failed to startup: targets.xml was rejected: loaded with a token incorrect agent
See emctl.log and emagent.nohup in: / home/u01/oemrel3/agent/agent_inst/sysman/log
[orcl11204g@dbserver bin] $
The targets.xml file contains the following information, which do not seem to be of any help:
[orcl11204g@dbserver emd] $ cat targets.xml
<? XML version = "1.0"? >
<>targets
< / objectives >
[orcl11204g@dbserver emd] $
Anyone can provide assistance in such circumstances?
The DBSERVER repository database, the auditor and the who are running, while the agent is down. VM12, listener and agent database is running. Is there another file that should be checked for more information?
--> $/ AGENT_INST/bin/emctl stop agent
If the agent does not stop is free then kill all the background process agent first grepping for agent perl and java process only
--> Move your existing target.xml file
MV target.xml target.xml.old
--> Create an empty file targets.xml under/AGENT_INST/sysman/MDTs with the below content
--> Start the agent of
$AGENT_INST/bin/emctl start agent
That starts agent but without all the targets in targets.xml
To the discovery of targets saw agent console resynchronization
Concerning
Krishnan
-
Labmanger-"Agents does not.
Hello
I have 4.0 running with Labmanager to 75VM. Recently, I changed the pwd of the ESX host root. Today, when I rebooted my server VC, (hosts & VM) evrything work properly via the server Vsphere.
But I found that the hosts are not connected in the Labmanager. His watch the X symbol in the resource-> tab-> column available hosts. All my VM in the labmanger showing not available States.
I got the following error in LAbmanager
"The vCenter Lab Manager agent on the host is not responding. Each prepared host running an agent application. This request of the agent does not respond. This may be due to the breakdown of the network, failure of the host or agent failure. "
Someone at did you encounter this problem, please provide the solution. We strive to resolve the issue as soon as POSSIBLE.
Thank you
Yohanna.
See the attached file.
-
Secure ACS unit and Remote Agents
Hello
We test Secure ACS 3.2 device and authentication against AD via remote agents. When two or more remote agents are registered with the device in the network menu, is the pretty smart device to try the second machine remote agent if she can't talk to the first? We tested this failover by stopping the service of the remote agent on the first domain controller where it has been installed. However, failover does not occur. We want to know if this failover is supposed to work, and if so what we need to do to make it work.
Yoshi Nagase
Hello
I implement a solution similar to yours... 2 ACS unit with 2 Remote Agent...
I set the remote agents on the Network Configuration and the external user DB - database of Windows - Windows Remote selection of the Agent.
In this menu the value primary and secondary Remote Agent
HTH
Omar
-
Hi team,
I have 2 camera which I am not able to remove a group of network devices home device.
When I try to remove the device after error is thrown
Impossible to edit INMUM-VPE-T1-3rdFloor-3750-S... Reason: The host no longer exists.
Running on Version: Cisco Secure ACS4.2.0.124
One would come in all of these issues. someone knows the solution.
Concerning
Vineeth
Hi Vineeth
Yes, you can do through GUI.
The GUI:
1 ACS gui > network configuration > click on 'Search', then click 'Search' again.
2. complete list of all network devices. On top, you will see an option "Download".
Download the complete file.
Let me know if it helps.
Thank you
Nelson Saha
-
/ * Style definitions * / table. MsoNormalTable {mso-style-name: "Table Normal" "; mso-knew-rowband-size: 0; mso-knew-colband-size: 0; mso-style - noshow:yes; mso-style-priority: 99; mso-style - qformat:yes; mso-style-parent:" ";" mso-padding-alt: 0 cm 0 cm 5.4pt 5.4pt; mso-para-margin: 0 cm; mso-para-margin-bottom: .0001pt; mso-pagination: widow-orphan; font-size: 11.0pt; font family: 'Calibri', 'sans-serif"; mso-ascii-font-family: Calibri; mso-ascii-theme-make: minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-make: minor-fareast; mso-hansi-font-family: Calibri; mso-hansi-theme-make: minor-latin ;}"}
Hello
I'm deploying an ACS connected to an RSA AuthManager (that is connected to an Active Directory domain)
I create several groups within the Active Directory server, I try to give to users for their groups different access rights.
I tried to define an access policy "NetOp/NetAdm" and two authorization rules:
Rule-1 AD - AD1:ExternalGroups contains all dir. INTRA/groups/NETOP 'Auth for net operators' 0
Rule 2 AD - AD1:ExternalGroups contains all dir. INTRA/groups/NETADM 'Auth net admin' 0
Default: refuse
In the identity, I have configured the RSA identity source, so that users get authenticated by the RSA Authentication Manager.
But I still refuse to get access, RSA authentication is successful, but the group membership, active directory does not work, even with the unix attributes or group principal defined for the user.
My question is this valid configuration scenario? Is there another way to define several profiles according to the Group of users of external source?
The stages of monitoring:
Measures
Request for access received RADIUS 11001
11017 RADIUS creates a new session
Assess Service selection strategy
15004 Matched rule
Access to Selected 15012 - NetOp/NetAdm service policy
Evaluate the politics of identity
15004 Matched rule
15013 selected identity Store - server RSA
24500 Authenticating user on the server's RSA SecurID.
24501 a session is established with the server's RSA SecurID.
24506 check successful operation code
24505 user authentication succeeded.
24553 user record has been cached
24502 with RSA SecurID Server session is closed
Authentication 22037 spent
22023 proceed to the recovery of the attribute
24628 user cache not enabled in the configuration of the RADIUS identity token store.
Identity sequence 22016 completed an iteration of the IDStores
Evaluate the strategy of group mapping
15006 set default mapping rule
Authorization of emergency policy assessment
15042 no rule has been balanced
Evaluation of authorization policy
15006 set default mapping rule
15016 selected the authorization - DenyAccess profile
15039 selected authorization profile is DenyAccess
11003 returned RADIUS Access-Reject
Thank you
Christophe
I think you need to do is to create a sequence of identity with RSA as a selection in
Authentication and recovery research list of attributes and AD in the additional attribute list recovery research. Then select this sequence as a result of the politics of identity for the service
-
Cisco Secure ACS 5.1 and strong authentication ACS administrators?
Hello
Is it possible to authenticate administrators using an RSA SecurID token?
There is no indication on this issue in the Panel "System Administration > directors > settings > authentication.
(I'm under Server Secure ACS 5.1.0.44)
Thank you
Christophe
Hi Christophe,
Unfortunately not.
The DB supported only for accounts of Administractors is the internal DB of GBA.
I hope this helps.
ARO
Tiago -
ACS Web Interface 5.1 does not
We have a Cisco Access Control Server (TACACS+ version 5.1) with an additional
2 port NIC card. This produces 4 ports on the ACS server(G0 through G3).After initial setup of the ACS server with an IP address on G0, I connected a Windows 7
server with IE8 to G0. The ACS web interface appears (after accepting certificate) and I
entered some user accounts and NDGs.I then connected the ACS server to a configured port with port-security on our 6500
switch. The port becomes err-disabled since the MAC address does not match up. It appears
that the onboard NIC on the ACS server is bonded thus producing the MAC address issue.To fix this connection issue, on the ACS server, I cleared out G0 and setup G2 (additiional
NIC card) with the IP address. After connecting to the 6500 switch, the ACS server port
works fine.I removed the connection to the 6500 and connected the Windows server to the ACS.I can ping
the ACS server but the web interface is now unavailable unlike before. I do not get a
certificate warning on IE, it just states that internet not available.On ACS, the 'show' status of acs shows all the processes are running and initialized.
Any help would be appreciated. It has got me stumped as all I did was change NIC configuration
on the ACS server.Antonio
I wanted to check if the failed to load web interface could also be due to something on the 6500 switch.
So far:
You have been able to see the Web interface with the ACS configured on G0 and directly connected to the PC Win 7.
With the G0 set to ACS, you saw some MAC problem and so no web interface.
With the ACS configured on G2, you can test the ACS server when it is directly connected and connected to the 6500, but in both cases do not display the web interface.
So, it seems that you have two options:
(1) seek to solve your problem of port security 6500. (You have access to set up the port-security 6500?)
(2) fix the G2 interface configuration. If you do not see the web interface with the Win 7 PC directly connected then there is something wrong with the config on GBA.
-
Hello
I installed NMS on the new server (windows server 2008 r2). I turn off the firewall and installed SNMP protocol. There is no firewall between the devices I have try to sane and the server. The SNMP working on the switch.
However, while I try to add switch NEM does not recognize the SNMP protocol. The error I get "SNMP: does not.
What can I do about it?
Best regards
Victor
While ensuring.
There is this document on adding a device
http://en.community.Dell.com/TechCenter/networking/NMS/w/wiki/6806.adding-devices-by-SNMP
If you follow this can you please add screen shots of what you see?
You can pling device? Make sure that you can do in the place where the Agent is running (not sure how your configuration looks like, the agent may be on the server or on a different host).
In addition, our experts NMS actually monitor the NMS community
http://communities.quest.com/community/NMS?view=discussions
If you can repost this question to this community with screenshots that will be very useful.
Golan
Maybe you are looking for
-
Satellite P100 - 216 (PSPADE) - CPU / RAM upgrade options
Hello guys,. I just got a laptop Satellite P100-216 (PSPADE-01400UEN). (card: T5500 - GeForce Go 7600 512 mb, 200GB) It has a Core 2 Duo T5500 inside and I intend to upgrade as well as the RAM to make a good laptop for my wife. The question if CPU is
-
While trying to install the real time of the third quarter of 2009 DVD module, I get this error message. "An error occurred while installing LabVIEW Real-time 2009 (in English). Do you want to continue installing remaining products? »
-
Vista Home premium - change in appearance
Hi, the appearance of vista has changed on my screen since yesterday (suddenly). She is now much more gray and looks like something, 20 years ago. I tried to reset my themes, but no change. I also have a right-click on desktop and tried to select the
-
16 GB of blackBerry Smartphones card failure
My 16 GB media card failed yesterday to destroy all my tunes, videos and images. Repair of media card fails the internal review, and now I'm without storage of media data. Any ideas on how (1) to repair the effect, or (2) where to buy a new map of
-
Try to get a USB cable to installed on Windows 7 (64 bit) series.
I try to get a USB cable to installed on Windows 7 (64 bit) series. Radio Shack model: 26-949. The cable works fine in XP. I tried Radio Shack, FTDI drivers prolific, but to no avail. When I try to load the drivers, it does not recognize the device.