Unit of ACS and agent remote test

Problems with unit ACS integration with Active Directory. Have installed the remote agent on a member server and the ACS unit can enumerate Active Directory groups correctly so there is at least some communication happening.

Looking at newspapers in the remote agent whenever a request for ad groups comes through see you the corresponding journal entries. When a user tries to authenticate that there is no future logs through the remote agent. So maybe it is not sent to remote agent?

In the authentication failed, connect GBA, the error is unknown user, it shows the correct username + domain name such as the person trying to authenticate.

Windows Server is configured for a unknown user policy.

Version of the ACS is 4.1.1.23, Remote Agent is the latest available version.

Any ideas or things to check?

Hello

According to the guidelines of your last line, it seems that the ACS and RA worm are not even. Please note that ACS and RA device software worm must be same or it won't work.

Kind regards

~ JG

Tags: Cisco Security

Similar Questions

  • ACS Appliance Agent remote problem

    Hello

    We have depending you on the situation:

    -2 x ACS SE

    -2 x ACS Agents on member servers remotely

    -2 x ASA

    We would like to authenticate the VPN users connecting to the ASA via the ACS and active directory.

    I have configured the remote agent following this link:

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/Rawi.html#wp289426

    But we are not able to pick up groups active directory to the AEC gui--> user external database > database group mappings > Active Directory > new Configuration.

    On the domain controller, we get the error ID 1030 and 1058, someone had these problems too?

    Thanks in advance and best regards

    Dominic

    Most likely, this is a Permission problem. What OS and SP you use.

    Have you tried to run the remote agent by using the LOCAL account instead of the service account that you created?

    Kind regards

    ~ JG

    Note the useful messages

  • ACS 4.2 Remote agent compatibility issues.

    I did a little reading on the compatibility of remote ACS 4.2 with Windows 2008 R2 agent, and it seems that the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and I would like someone to confirm that I have installed what happens if the remote agent on a Windows 2003 server of Member rather than the 2008 R2 domain controller. Such a scenario will work?

    Comments are appreciated.

    Concerning

    Yes, here's what a bug documented with this CSCtg37183 information:

    http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg37183

    Excerpt from the previous link:

    ACS 4.x does not support the Server 2008 R2 to AD.

    Symptom:

    ACS 4.x does not support authentication to a back-end Server 2008 R2 Active Directory.

    Conditions:

    ACS 4.x
    Windows Server 2008 R2 installed on the domain controller
    ACS or remote agent installed on a member server in the environment (even if the Server 2003/2008)

    Workaround solution:

    Install the ACS or the Remote Agent on a domain controller 2003/2008

    Cisco does not support this scenario because sometimes work well other doesn't work at all, so nobody wants an unstable network right, unfortunately workaround doesn't help much. Although there is an ACS 5.2 trial version that you can test, let me know if I can get you the links.

  • Satellite X 200 - 15 K and problem remote control

    I installed windows 7 x 64 on my x 200-15 k and the remote control does not work.
    I installed a few irda drivers found on the download page of Toshiba X 200, but still nothing, and it does not show any device irda in device manager...

    Is - this remote controller only for windows Vista (originally on my computer when I bought)?

    Thank you
    Milos

    > I installed some drivers irda...
    Sorry, but you cannot use some drivers and later wonder if the remote control will not work correctly.
    I checked the Toshiba download page and drivers Win7 for Satellite X 200 PSPB9E are not available.

    So when you have appropriate Win7 drivers, we can discuss about the functionality of remote under Win7.
    All you can do now is to test it with the drivers for the 64 bit version of Vista and hope it will work...

  • BigBrother remote tests going all purple

    In our company, we have a windows 2000 Server to all our remote sites, these servers run the BigBrother (v4.40) client and report on a Linux server. Recently, we have moved to a new domain and after moving servers have had all their purple remote tests turn (just the tests running on the remote host, stuff like ping and ssh test the BB server still work fine). On some of these machines a reboot solved the problem and everything works fine, but on a few of them a few hours after restarting the reporting goes purple again. The really weird thing (at least for me) is that, when this happens if you try to launch bbntcfg.exe nothing opens, also simply restarting the service does not resolve the problem, it requires a reboot to be able to work again with the customer. I have attached a log file of one of these servers, on console shows purple upward to my Nov 14 02:07:22 2011 (and does not) but I don't see any errors in the log. Any help would be appreciated and thanks for your time.

    For windows 2000 machines, Event Viewer windows open for Application, security, and system logs, follow these steps:

    1. right click there on the left-> properties panel.

    2. set the maximum size of the log to 512 K

    3. click on OK

    4. after the maximum size of 512 K log to the application, system, and security logs, restart the machine.

  • ACS and Windows Server

    I installed ACS 5.2 on a machine and I am trying to integrate with Windows 2003 Server (Active Directory). The GBA when I test the connection it shows me success but when I save the setting he gives me error time. I kept the clock and time zone of the ACS server as even and Active Directory, but it always gives me error. I read on one blog that it is preferable to configure NTP on a router and then to synchronize two devices with NTP even.

    Is it necessary to configure NTP or manual config should also work?

    I ran into issues such as what you see without using NTP. I would say NTP configuration and have ACS and your servers to synchronize.

    Sent by Cisco Support technique iPhone App

  • Develop with ONLY a remote test site

    I tried to develop on a local Mac Tel computer with MySQL/PHP and it seems more trouble than it is worth. Running MySQL on Mac (Leopard) now is a problem, and even if it was ok, I still have problems with pages to test fine on my local machine, only to find PHP issues during the transition to the host. So my question is if there are problems with DW CS3 running and it works only against a remote development environment? Yes, it can be a little slower to load the remote file still during the test, but at least I'm assured I tested against a realistic test environment and don't have to worry about having a day environment (code system and application code) on a local computer.

    The thoughts, stories of war, comments, recommendations, or otherwise?

    If you mean having a local site folder and setting the testing server info
    to your real remote host, it works perfectly except for the delays.

    But go to the dw preferences and make sure that "opening with temporary files" is
    enabled in the preview in the browser section. This way you will not "overwrite" real
    pages when you preview in the browser.

    --
    Alan
    Adobe Community Expert, dreamweaver

    http://www.Adobe.com/communities/experts/

  • Satellite A300D and ExpressCard Remote control

    Hello guys,.

    I own a Satellite A300D-135, y at - it an available for this model remote control? I'm looking for a remote control that fits in ExpressCard location as some HP models have.
    I looked at several Dutch hardware well known, but I can't find a remote that fits the ExpressCard location.
    I give many presentations and therefore use my laptop a lot. I would like to have a remote control that fits in ExpressCard location because that saves space and a remote control of such a size is easy to "hide" in your hand.

    Kind regards
    Hunterseaker

    As much as I know Toshiba doesn t offers remote control for this model of laptop. The question is whether a third party product is available on the market.
    To be honest I have no interest in something like that, but I just want to recommend you to visit the web page of Logitech. They have so many products for PCs and laptops. Maybe they have a solution for the remote control that you can use with your laptop.

    If you can find some interesting product please post the link.

    Good luck!

  • Fingerprints and the remote control supported on Satellite P100-387

    P100-387 has a fingerprint and the remote? Please, someone answer me.
    Thank you.

    Hello

    To my knowledge, the Satellite P100-387 does not support the fingerprint reader and is not supplied with the remote control.
    But you're right.
    The fingerprints and the remote control are optional and some laptops in the P100 series support fingerprint reader and are delivered with command remotely.

    I also found this site with P100-387 material specifications:
    http://EU.computers.Toshiba-Europe.com/cgi-bin/ToshibaCSG/JSP/productPage.do?service=EU&PRODUCT_ID=120514#0

  • WMC and RF remote, "do not detect the IR receiver.

    I'm setting up WMC and spin on the common problem of "cannot locate the IR receiver". I decided to go for a RF remote that I don't have a direct line of sight between the components. It is a remote control designed for WMC. I have everything plugged in and works. The remote is to talk to everything, including the set - top box. But WMC will not recognize the RF Receiver to replace the IR.

    I took a glance at the manual to
     
    It seems that you have to "bind" the receiver to yourPC and buttons
    along the top to determine how it operates in (IR for decoders, RF for)
    PC, etc.) and that there may be software, you must install - I can't tell if
    the software is just to control other things.
     
    You must install the driver software for the computer first, then plug it
    USB cable for the receiver. If you have an onboard eHome receiver, you can
    to disable it in Device Manager.
     
     
    On Saturday, July 17, 2010 21:22:50 + 0000, booyet wrote:
     
    >
    >
    > I have a Gyration Air music remote.  The (cam with remote) RF Receiver and the TV are connected to the PC. Remote air has 'learned' decoder and TV remote and control both.
     

    Barb Bowman

    http://www.digitalmediaphile.com

  • I have a compaq presario cq60 with vista which was able to start after the installation of windows updates. HP recovery failed with error code 100a and bios self-test gave error fail #1-07. What can I do?

    I have a compaq presario cq60 with vista. Could not start after the installation of windows updates. HP recovery failed with error code 100a and bios self-test gave error fail #1-07. I took the hard drive and installed in my office. Windows Explorer displays the main and recovery partitions.

    The primary partition has the following folders (including hidden & system)

    The recovery partition has the following (including the language files more)

    Someone at - it ideas why my laptop does not work?

    Thank you

    Greg

    Hello

    You press F11 on startup with a HP Compaq to start the recovery process.

    For problems with the recovery process, you will need to contact HP.

    BIOS problems:

    There are messages for the HP Forums for posters with similar errors:

    http://h30499.www3.HP.com/T5/notebook-HP-ProBook-EliteBook/notebook-HDD-problems-TEst-status-1-07-fail/TD-p/658902

    http://h30499.www3.HP.com/T5/notebook-PCs-pavilions-Presario/HP-Pavilion-dv8000-getting-1-07-fail-error/TD-p/883284

    http://h30499.www3.HP.com/T5/notebook-PCs-pavilions-Presario/HP-Pavilion-notebook-dv6000-1-07-fail/TD-p/1069457

    All the answers it point to a drive about to fail

    See you soon.

  • Hardware diagnostics: "SMART short Self Test - failed" and "targeted read Test Failed.

    Original title: "SMART short Self Test - failed" and "targeted read Test Failed", all the patches?

    When using PC checkup of Dell I get the following errors; during the analysis of the material. "SMART short self-test - failed" and "targeted read Test Failed", all the patches?

    Hello Duane,

    Teke section of the Web site that speaks of similar problem.

    http://forums.techguy.org/hardware/906455-smart-short-self-test-fail.html

    The problem is with the hardware and you can get in touch with Dell computers.

  • Difference between SNMP and agent installs

    I'm curious to know the differences between the use of SNMP and agents.

    We have a Ubuntu Server that must be monitored don't know the best way to monitor.

    Hey Evan,

    Here are the major issues. NMS you currently have is the snmp network Foglight solution. If you were to buy FMS, you could install the NMSAgent.car that retrieves data of the NMS system, you already have running.

    I hope it's her. Networking FMS cartridge extracts data from SMN via web calls.

    Best regards

    Jonas

  • Cloning of servers and Agent Manager

    I'm running into a situation where our AIX engineers are cloning of servers with configurations Manager Agent. When I check the configuration file for the Agent on the cloned Server Manager it shows the host name of cloned servers and agents. What is the right way to install the agent Manager. Must it be freshly installed on each server? If he is cloned, what measures must be taken to ensure that all configurations are changed on the new conical Server?

    Raul,

    You want to change the display host name in a file named fglam.config.xml (directory of the example that you can see the path: C:\Quest_Software\Foglight_Agent_Manager_32Bit\state\default\config\fglam.config.xml)

    In the file, you will see the old name of the host. You want to change this string for the name of the new server

    Make the change in the display of the hostname

    MININT-hi87m9s_32Bit

    David Mendoza

  • Problem with GANYMEDE + (ACS) and cat 2950

    I have configured the 2950 as below and properly configured ACS and I can connect to the 2950 using this configuration, the problem lies after that I go to enable and try any command, I get approval to next error command failed.

    What I missed out the config that will allow me to execute commands?

    AAA new-model

    AAA authentication login default group Ganymede + local

    AAA authorization exec default group Ganymede + local authenticated by FIS

    AAA authorization commands 15 default group Ganymede + authenticated if

    AAA authorization network default group Ganymede + local authenticated by FIS

    AAA accounting exec default start-stop Ganymede group.

    orders accounting AAA 15 by default start-stop Ganymede group.

    AAA accounting network default start-stop Ganymede group.

    GANYMEDE server host ***. ***

    radius-server key 7 *.

    Thanks in advance.

    Jon

    Hi Jon,

    AAA of the switch seems ok, maybe you need to take a look at your ACS.

    Check the following information, where you have to apply it in your ACS config:

    http://www.Cisco.com/en/us/products/sw/secursw/ps5338/products_configuration_guide_chapter09186a00801fd6fc.html#wp676529

    Rgds,

    AK

Maybe you are looking for