Similar Questions

• License number after the reinstallation of the server vcenter

  Hello

  One of my clients could not upgrade its vcenter he had to reinstall from scratch. He reconnected the hosts and installed licenses appropriate, but then imported the vcenter database later.

  Now, we get an inventory of license monitoring alarm because it seems that the hosts have been "registered twice". I explain: when you look at the tab (web client) license, said capacity 2 CPUs (there is only a single host) but its use 4!

  In the vSphere client, when we edit the features under license, it is said: capacity: 2 and available:-2.

  Is there a way to clean up the mess properly? Disconnect the ESXi, vCenter and reconnect it?

  Thank you very much for your help!

  Eric

  Https://KB.VMware.com/kb/1027410 allows maybe cleaning the incorrect number of licenses.

  André

• [Cisco ACS] 11036 the RADIUS Message Authenticator attribute is invalid

  Hello

  I had a lot of Cisco AP related to Cisco WLC 2.

  On each WLC, I configured a primary and a secondary RADIUS server.

  RADIUS servers are Cisco ACS 5.2.0.26 (patch 10)

  ACS primary and secondary configurations are synchronized.

  There is no problem between primary rules WLC and Cisco ACS (primary and secondary).

  When secondary WLC asks primary Cisco ACS, I get this error "11036 the RADIUS Message Authenticator attribute is not valid.

  WLC secondary contacts automatically secondary Cisco ACS and it works fine.

  Cisco ACS description for this error: "this can be reason of mismatched shared Secrets."

  The two Cisco ACS are synchronized, so I should have the same error on them...

  Why primary ACS generates this error?

  Thanks for your help,

  Patrick

  Patrick: The shared secret mismatch could be on the side WLC, not on the side of the ACS.

  Make sure that the shared secret of the radius primary server is configured correctly on the secondary WLC.

  HTH

  Amjad

  Rating of useful answers is more useful to say "thank you".

• Cisco Security Manager integration with Cisco ACS troubleshooting

  Hi all!

  I have a problem with the integration between Cisco Security Manager and ACS. I've done the integration, but the identity of the user system doesn't have enough privileges. I know what the problem is, but I don't know how I can change the login of the ACS to the local MSC?

  I found a file that specifies the following:

  Q.

  Is there a backend script or command line interface options to change the ACS to local CicsoWorks connection module?

  A.

  To restore the server LMS ACS local user mode mode, stop the CiscoWorks

  demons and run the following script:

  NMSROOT/bin/perl ResetLoginModule.pl

  (for Solaris)

  NMSROOT\bin\perl ResetLoginModule.pl

  (for Windows)

  Then, restart the daemon.

  I did it, but does not work, any idea?

  Hello

  I guess you can try to go through the question on WSC and GBA integration troubleshooting:

  http://www.Cisco.com/en/us/docs/security/security_management/cisco_security_manager/security_manager/3.0/troubleshooting/guide/rbacts.html#wp1043629

  Few things might have gone wrong:

  1 - this command must be run on the server MCS cmd prompt (make sure that you are not on the client computer)

  2 - NMSROOT is the directory were MSC Server is installed. Is usually c:\Progra~1\CSCOpx

  3. you must stop the deamon Manager before performing this action (and restart)

  For example if the directory is the one above to reset the connection locally, you can try the following:

  net stop crmdmgtd---> that stops the daemon Manager (can be done by the services window)

  c:\Progra~1\CSCOpx\bin\perl c:\Progra~1\CSCOpx\bin\ ResetLoginModule.pl---> restores local authentication

  net start crmdmgtd---> restart the Daemon Manager

  Can you maybe try again and let me know how it goes?

  Thank you

• restore the configuration of the cisco ACS 1121 ver 5.2 to SNS 3425 ver 5.6

  Dear all,

  We currently have Cisco ACS 1121 ver 5.2 in our production, then we will replace it with the new devices using SNS 3425 ver 5.6.

  Please good to want to help someone can tell you how to restore all the old configuration of devices (ACS 1121 ver 5.2) for the new Member States?

  Best regards

  Yudibagam

  Hello! You must upgrade the current device to a min of v5.4 for restoration work and be supported.

  http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_control_system/5-6/release/notes/acs_56_rn.html

  However, if you're going to go through the upgrade problems then I would say that you upgrade all the way to 5.6 just to be sure :)

  I hope this helps!

  Thank you for evaluating useful messages!

• Cisco ACS server

  Hello

  I currently have a Cisco ACS 3.3 Server. I want to upgrade the server to the latest version and cluster with one another so that we can have a redundant infrastructure because if one fails it also includes...

  Can provide you a solution for this?

  Thank you

  Hello

  The latest version is 4.1 ACS. You can upgrade 3.3.3 build 11 directly to 4.1.

  Then, you can install an another ACS 4.1 on a different machine and replication configuration between these two. In this way, you will need to make changes to only one that ACS and the secondary will be automatically updated.

  Once these two are defined, you can set both of these servers as a server Radius/Ganymede on devices and there will be a redundancy.

  Kind regards

  Vivek

• Cisco ACS and the domain controller

  Hello

  We are currently using the Cisco ACS 3.2.3.11 solution engine and using a Windows domain as a remote agent controller.

  We now have the ACS to 4.1

  1. do I need to upgrade the remote agent on the domain controller as well?

  2. any computer on the network can be used as a Distribution Server?

  3. after an initial backup and upgrade then to 3.3.3.3 I make another backup before the upgrade to 4.1?

  You can use any PC in the network as a Distribution Server.

• How can I disable the encryption Cipher Block Chaining (CBC) for the server SSH on ACS 5.5.0.46?

  Hi, a security audit found that the server SSH on our 5.5.0.46 ACS service is configured to support encryption of the network (CBC, Cipher Block Chaining) load balancing. This may allow a recovery attackerto the message plaintext to the ciphertext.

  The Adviser is to enable the encryption mode cipher CTR or GCM - how is this possible? Is this something that you can run the command line?

  Thank you.

  Unfortunately at this time there is not a supported method to disable this option on ACS.

  This issue is addressed by:

  CSCup58251    Assessment Cisco Secure ACS CVE-2008-5161

  https://Tools.Cisco.com/bugsearch/bug/CSCup58251/?reffering_site=dumpcr

  All versions of the ACS are affected.

  This vulnerability is fixed at 5.7 ACS version which should be published between mid and end of may 2015

  Tariq

• Cisco ACS, multiple CA, assignment of VLAN relevant to the domain

  Hi all

  I searched for a solution to a specific customer requirement.

  I want authenticate users with certificates from different RootCA wireless and assign them to one VLAN based on their field?  Ideally, using the same SSID and a Cisco ACS server.

  Is this possible?  Has anyone seen that it works?

  I realize that the ACS can have trust company for the relevant RootCA (dunno what version is needed for this?).  And that assignment VLAN is also possible to a unique SSID based on RADIUS attributes.  But I am not sure that these parts would fit together?

  Would appreciate some advice!

  Thanks in advance

  Rob

  Hello

  Yes, this is possible. I suggest that you implement one by one to make sure that everything works, but no problem to do so. All recent versions of ACS allow this.

  You can do mapping group from ad groups (a group for each area, so if you want to) and assign the vlan based on the mapping of this group.

  GBA can trust several certification authorities and authenticate users with certificates of all these cases. It's just a matter of import these number certificate in the trust list.

  And you can assign the vlan and use only one ssid as well.

  I can't guide you on the procedure that it depends on which version you have and if you have IOS ap or WLC, but it is basically each function separated as in the config Guide and just used all together.

  Nicolas

  ===

  Remember responses of the rate that you find useful

• Cisco ACS 4.2: The most important to back up files?

  Dear Sir

  Can you tell me what are the most important files to back up in the Cisco ACS directory?

  Currently, I am only backup (with Symantec Backup Exec):

  C:\Program Files\CiscoSecure ACS v4.2\CSAuth\System backups

  * But, I would like to know if my server crash, can I restore the entire configuration with the files listed in the directory below? (Users, groups, groups of devices, AD, mapping, users, groups,...)

  * The Cisco ACS there change in the Windows registry?

  * Is it necessary to reinstall the Cisco ACS, if I need to put in an emergency on a new server? I guess Yes, because the installation creates services, etc.

  I ask this question because it takes time to install the patches...

  * Or, can I save all the Cisco ACS directory... On a new server, install the Cisco ACS and restore the backup?

  Thank you very much for giving me your experience about it.

  Kind regards

  You should back up the files that come from ACS backups, i.e.

  System configuration > backup GBA, the location that is specified in this section.

  And the default location is the one that already save for example "C:\Program Files\CiscoSecure ACS v4.2\CSAuth\System backups"

  In case you are required to host ACS on a new server, you would be required to re - install the complete application of the CSA and then simply take the last backup and restore in the newly installed ACS. It will be to restore everything users, group etc. to etc. of the external database mappings.

  When you install ACS on a new server, then make sure that if you run them Services ACS with a service account (this is required for the authentication of the window according to your requirement), you would be required to run new services with this account too, and which may require that go you through the following documentation.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/Windows/postin.html#wp1041202

  Kind regards

  Prem

  Please rate if this can help!

• Configuration of the Cisco ACS Radius

  Hello

  I'm trying to set up authentication radius on cisco ACS but short question. When I set up my group of network devices in the configuration of the AAA Client as one of ray device groups, my authentications fail with authentication as a failure code"

  CS invalid password' but when I change my group of devices to "Unassigned", everything started working.

  On my AAA client, when authentication fail, I see

  Server RADIUS audit package fails:

  Please note that the AAA client is a non-cisco device.

  Any suggestions?

  It seems that you run ACS 4.x. You are facing this problem because the key is set on the excessive rides of the level (Group of devices network XYZ in your case) NDG key at the level of the AAA client.  Please make sure that you don't have different secret key on the client inside the NDG AAA and on the NDG himself.

  Not affected is working because it has no key defined in the NDG.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NetCfg.html#wp342738

  "Each device that is assigned to the network device group will use the shared key you enter here. The key that has been attributed to the device when it has been added to the system is ignored. If the Enter key is null, the key of the AAA client is used. »

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• The upgrade to Cisco ACS SE and Remote Agent

  Hello

  Currently we are upgrading the PDC to Windows Server 2008, Standard Edition R2.

  I am little confused with information available for upgrade scenarios. Appearing on the current working versions.

  Cisco ACS SE - version 4.1 Build 23 5 Patch 1

  Cisco ACS Remote Agent version 4.2 (0.124)

  The new operating system will work on 64-bit, I think that the current ACE SE and the remote agent can / must be upgraded.

  My existing versions, give the possible scenarios of upgrade available for me. After that upgraded SE and Remote Agent should work for the 64 bit OS.

  Thanks in advance!

  Yes, it is not possible to upgrade the ACS ACS 5.2 existing to level 4.1. They are two different boxes run on a different platform.

  Unfortunately ACS 4.x does not support windows 2008 r2.

  5.2 ACS is the only option left, and you will need to buy a new box of seprate with the new licnese for this.

  Concerning

  Bellefroid

  Note the useful messages

• Version of Cisco ACS 1121 5.3 - logging

  Hello

  I am new to Cisco ACS 5.X. What I've read, the Cisco ACS can act as a logging server. Does this mean, all messages from syslog to all other network and ACS devices can be stored by ACS? I'm a little confused on that part.

  Finally, I understand that Cisco ACS has many or perhaps 2 instances? When we use these instance? What is this instance?

  Kind regards

  RAM

  In the deployment, you must specify an acs as the Logcollector server. All other servers send the logs to the Logcollecter.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_sys...

  In a distributed deployment, each acs server is an instance. If you have a main instance and multiple secondary instances.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_sys...

  Sent by Cisco Support technique iPad App

• Version of Cisco ACS 5.1.0.44.3 integrate with active directory server from Microsoft windows 2012?

  Version of Cisco ACS 5.1.0.44.3 integrate with active directory Microsoft windows 2012 R2 server?

  Unfortunately, it does not support R2 2012

  5.1 ACS supports all editions of:

  Windows Active Directory (AD) 2000

  Windows AD 2003

  Windows AD 2003 R2

  Windows AD 2008

  Source

  Windows AD 2012 R2 is supported after ACS 5.5 patch 1 and following.

  Source

  Please find below the steps to go from 5.1 to 5.5 hotfix 1:

  STEP	FILE	COMMAND
  Apply the 5.1 patch 6	5-1-0-44 - 6.tar.gpg	ACS patch install repository 5-1-0-44 - 6.tar.gpg ftp_repository_name
  Apply 5.3	ACS_5.3.0.40.tar.gz	application upgrade ACS_5.3.0.40.tar.gz ftp_repository_name
  Apply the patch 5.3 8	5-3-0-40 - 8.tar.gpg	ACS patch install repository 5-3-0-40 - 8.tar.gpg ftp_repository_name
  Apply the sharp Patch	Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg	ACS patch installs Pointed-PreUpgrade -CSCum04132- 5-3-0 - 40.tar.gpg repository ftp_repository_name
  Apply 5.5	ACS_5.5.0.46.tar.gz	application upgrade ACS_5.5.0.46.tar.gz ftp_repository_name
  Apply the patch 5.5 1	5-5-0-46 - 1.tar.gpg	ACS patch install repository 5-5-0-46 - 1.tar.gpg ftp_repository_name

  Best regards ~ jousset

• integrated macOS Sierra Cisco IPsec VPN does not work anymore (impossible to validate the server certificate)

  Hello

  I just upgraded to macOS Sierra and built-in Cisco IPsec VPN no longer works. When you try to connect, I get a "cannot validate the certificate of the server. "Check your settings and try to reconnect" error message. I use Cisco ASA with self-signed certificates and everything worked fine with previous versions of OS X.

  Please help me, I need my VPN Thx a lot

  I am having the same problem with StrongSwan and help cert signed with the channel to complete certificates included in the pkcs12 file imported to the keychain. It was working properly in El Capitan, but now broken in the Sierra.