Which remote agent accounts set up ad?

I need to install remote agent for ACS, after reading several posts here, I see that there is a requirement for configuration 1 or more accounts on AD.

I see no mention of this in documentation Cisco RA, which accounts I have to configure? Is - it related to the configurable name on the configuration of the ACS for RA, cisco or the name of ACS may be used.

The AR has been configured with the IP address of the ACS, do I need to configure anything else on the RA to make this work?

Hello

You can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html and check the configuration of windows authentication. These steps should be followed so that Remote Agent to work properly.

Please see the installation guide according to the version of the Remote Agent you are running.

Kind regards

Kush

Tags: Cisco Security

Similar Questions

  • Upgrade ACS 4, 1 - question of Remote Agent

    I've updated Cisco ACS 3.2 to 4.1. Having satisfied certain issues, we finally got installed. Now, we are facing this problem of the remote agent. There is a lot of configuration to do for this agent? Here is the part of the instructions. I know right what they want me to. Where is this Cisco computer? Where we put the Cisco account? We certainly do not have a domain controller on our network called Cisco. Is it better to put this on a domain controller or a member server?

    Thank you

    Dwane

    Step 1 Add CISCO workstation.

    To meet the requirements of Windows for authentication requests, ACS must specify windows

    in my computer to which the user tries to open a session. Because the ACS cannot determine this information

    of authentication requests that send AAA clients, it uses a name of generic workstation for all applications.

    Use CISCO under the name of the workstation.

    In the local domain and in each trusted domain and a child domain that uses ACS to authenticate users.

    ensure that:

    ? A computer named CISCO account exist.

    ? All users that Windows will authenticate are allowed to connect to the computer named CISCO.

    For more information, see the Microsoft documentation for your operating system.

    Go down to da external user---> DB Configuration---> Windows---> Configiure--->---> RA remote agent choose in the drop-down list---> Summit.

    ACS will now use this remote agent.

    Kind regards

    ~ JG

    Please rate if this helps

  • ORA-28511: lost RPC connection to heterogeneous remote agent using SID = %s

    Hello

    Please, help relsove under the number:

    I use Oracle gateway for Sql Server 11.2 on Oracle Database 10 g Enterprise Edition Release 10.2.0.5.0 - 64bi, on an IBM Power p595 AIX 6.1, SQL Server 2008

    When I run a query, the first time, it works perfectly. After a while, I try to run again and it displays the following error message: the RPC connection loss

    09:44:09 SQL > select count (*) in the GSUP_ATRIBUTO@SQLPRD;

    COUNT (*)
    ----------
    73

    09:48:48 SQL > /.
    Select count (*) in GSUP_ATRIBUTO@SQLPRD
    *
    ERROR on line 1:
    ORA-02068: following a serious error of SQLPRD
    ORA-28511: interruption of the RPC connection to heterogeneous remote agent using SID = (DESCRIPTION = (ADDRESS = (PROTOCOL = tcp)(HOST=10.20.8.28) (PORT = 1521)) (CONNECT_DATA = (SID = SQLPRD)))


    09:49:05 SQL > /.

    COUNT (*)
    ----------
    73

    In the Gateway trace file , we can see:

    Oracle Corporation - Friday 9 March 2012 09:51:04.140

    Heterogeneous Agent release
    11.2.0.1.0

    HS agent received unexpected disconnection of CPP
    Network error 1003: NCR-01003: DND: read error.


    File initSQLPRD.ora modem router
    # This is a custom agent init file which contains the parameters of HS
    # which are necessary for the Microsoft SQL Server database gateway
    #
    # HS init parameters
    #
    HS_FDS_CONNECT_INFO = [ipSQLSERVER]: port.
    # replacement connect format is the name of host/serverinstance/databasename
    HS_FDS_TRACE_LEVEL = OFF
    HS_FDS_RECOVERY_ACCOUNT = RECOVERY
    HS_FDS_RECOVERY_PWD = RECOVERY

    The gateway listener
    SID_LIST_LISTENER =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = SQLPRD)
    (ORACLE_HOME=/home/oracle/app/oracle/product/10.2.0)
    (ENV="LD_LIBRARY_PATH=/home/oracle/app/oracle/product/10.2.0/dg4msql/driver/lib:/home/oracle/app/oracle/product/10.2.0/lib')
    (PROGRAM = dg4msql)
    )
    )

    LISTENER =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCP)(HOST = ipGateway) (PORT = 1521))
    )
    )
    )

    SQLNET. INBOUND_CONNECT_TIMEOUT = 0


    My tnsnames.ora file
    SQLPRD =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = tcp)(HOST = ipGateway) (PORT = 1521))
    (CONNECT_DATA =
    (SID = SQLPRD)
    )
    (HS = OK)
    )


    Log message of alerts in the Oracle server:
    Fri Mar 09 09:48:47 GMT - 03:00 2012HS: RPC connection lost Remote Agent...
    HS:... Agent SID = (DESCRIPTION = (ADDRESS = (PROTOCOL = tcp)(HOST=ipGateway) (PORT = 1521)) (CONNECT_DATA = (SID = SQLPRD))), State NCR =-2147385340


    Help, please

    Hello
    It seems that the connection to a gateway was closed for some reason any and then you tried to use again in the same session that gives the ORA-28511.
    There is a timeout of the gateway by default but which is 20 minutes, while you are having a problem after 4 minutes and the timeout of the listener is set to 0.
    You have timeout settings configured in sqlnet.ora?

    Kind regards
    Mike

  • Active Directory + ACS Remote Agent

    I have a camera ACS (3.2). I understand that I need to use a remote ACS agent installed preferably on a domain controller, Windows authentication. My question is: if I use Active Directory, can I not use external user databases and configure generic LDAP with the appropriate settings to access Active Directory? So I wouldn't need a remote agent? Or I have to use external user databases and configure the databases Windows (which means using an external remote agent? Or I can choose two methods? His confusion as active Direcory cann support for pre-2000 windows domains and I do not know which method of mapping of external user database to use.

    My apologies, missed the word "apparatus" in your original post.

    You can probably do this use anyway, I guess, even though we suggest using a Remote Agent with the Windows DB. If you are not going in this direction, make sure your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)

    I've had users use the LDAP with Windows Ad database before and it works very well, the only difference (IIRC) is you don't get all the group maps of Windows with this method, but for the authentication of the user only, it should work fine.

  • Secure ACS unit and Remote Agents

    Hello

    We test Secure ACS 3.2 device and authentication against AD via remote agents. When two or more remote agents are registered with the device in the network menu, is the pretty smart device to try the second machine remote agent if she can't talk to the first? We tested this failover by stopping the service of the remote agent on the first domain controller where it has been installed. However, failover does not occur. We want to know if this failover is supposed to work, and if so what we need to do to make it work.

    Yoshi Nagase

    Hello

    I implement a solution similar to yours... 2 ACS unit with 2 Remote Agent...

    I set the remote agents on the Network Configuration and the external user DB - database of Windows - Windows Remote selection of the Agent.

    In this menu the value primary and secondary Remote Agent

    HTH

    Omar

  • ACS Remote Agent

    HI guys,.

    I installed the Remote Agent ACS on my AD controller. I can add the agent to ACS... but I do not see the Windows authentication avaiable in the agent...

    The Agent runs with a service account that has all rights AD.

    Anyone able to help?

    Make sure that this worm device software and remote agent are the same.

    To display the version of CSAgent.exe, type csagent.exe - v, and then press ENTER to command line

    C:\Program Files\Cisco\CiscoSecure ACS Agent\csagent

    Kind regards

    ~ JG

  • Remote agent ACS could not start

    Hello

    I installed the agent remmote ACS for windows from the ACS 4.1 Update CD (the CD migration is not found). I followed the guide of installation and configuration of the remote agent. In the services window I assigned the user of services created in ad in the log on tab and I stopped the process. When I try to start a warning message is displayed that explains the process carried out and stopped. How can I solve this problem? the software is on the CD to upgrade not the right one?

    Seems to be a permission problem. Make sure that this remote agent running Server account is part of the domain administrators group. If she is already using domain administrator account, then do use the local account. It should work.

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/remote_agent/Rawi.html#wp300510

    Let me know how it goes

    Kind regards

    ~ JG

  • several remote agent

    Hi all

    I installed version 4 of the ACS. We have several devices in the group all of them use the same ad for authentication. We have created several NDG, now I need to create remote agent with the same IP for each NDG but ACS helped to create several remote agent with the same IP address. How can I create several NDG, but all use the same remote agent?

    Thank you

    Alex

    Hello

    I don't know if I understand your question. In any case, I am setting my understanding below:

    AAA clients are defined in the NDG on the GBA unit.

    ACS appliance authenticates via AD.

    ACS appliance must RA to talk to AD.

    Now in your question, here's my understanding:

    The AAA Clients are defined in NDG. they must authenticate via the AD. so, to talk to the AD, we define RA by NDG.

    Is it true that your question?

    If so, then the flow is a bit like this:

    AAA Client sends the authentication request.

    The request is received by the GBA unit. For the device, it's just a query no matter whence it. He sees that this must be authenticated through the AD. Inorder to do that he must send to the Remote Agent. then it will send Remote Agent who will forward in turn to the announcement.

    Thus, defination RA by NDG does not come into picture.

    For reference the link describing the NDG aims as follows:

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NetCfg.html#wp342699

    The link to the Remote Agent is as follows:

    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/rawo.html.

    I hope that I have answered the question.

    Kind regards

    Anisha

    PS: Please note that this link solved if you feel that responds to the request.

  • Interfaces not visible in 'Operator' when running with "Remote Agent".

    Hello

    I am new to ODI and have a problem with Interfaces/Packages with a Remote Agent running. +

    I have agent installation on the computer on which the database is installed. I created a physical Agent with the details, and on the use of the 'Test' button in the client, it works fine.

    However, when I try a run a package with this agent, I get the "Session started" pop-up, but the interface does not register in the 'Operator' section, and nothing happens. +

    However, this does not happen when I use the "Local (no Agent)", and the interface is running successfully and is entered in the 'operator'. +

    I just get this error under the tree of "Physical Agents" in the section 'Operator' for the interface - "ODI-1266: Agent agent_apo13110026 detected as stale session Session and the value of error status.

    Would appreciate input.

    Thank you

    AB

    In Test - check the settings of the topology of the two agents and make sure that you are looking to host appropriate for this agent.

    Then on the test server, install, check the odiparams.bat / odiparams.sh (depending on the operating system) and make sure that the configuration of JDBC points to correct work rest (your test environment).

  • Can I rerun the Configuration of the Agent HTTP Set step

    Hi all, I think I put erroneous data of CPO hostname in step of Configuration Agent HTTP Set when configuring 3.1.1.

    To save going to all agents individually, can I just restart the service mentioned above having previously stoppped all bar agent the REX defined XX?

    Thank you

    MD

    Yes, you can. This works pretty well actually.

  • Cisco ACS & remote agent

    Hello

    Is it mandatory that remote agent for CSA will be installed on the primary domain server, would this work if it were to be installed on a virtual server that is a member of the main domainserver? This should be used for authentication using a vpn.

    What impact is remote agent has on the operation of the wrt the CPU server, disruption, etc.

    Thank you.

    ACS can be installed on a member server.

  • ACS 4.2 Remote Agent on Server 2008 R2

    Hello

    We migrate our 2003 to 2008 R2 domain controllers and would like to know if the remote agents are compatible to run on 2008 R2.  I saw the release notes that RAS have been tested on 2008 SP1 but not R2.

    Can someone advise or confirm that RAS are supported on 2008 R2?

    We are running engine Solution and the fix 4.2.1.15 4.2.1.15 - 1.  RAS are the same version.

    Thanks in advance for your help.

    Well, it is a known bug of improvement:

    CSCta35271    Support for Windows server 2008 R2

    ACS 4.2.x supports all the latest versions of Windows 2008. It only supports the registered version. You can also consult the release notes.

    Section of OS supported

    -Windows Server 2008, Standard Edition

    -Windows Server 2008, Enterprise Edition

    -Windows Server 2008, Standard Edition, Service Pack 2 Japanese

    -Windows Server 2008, Enterprise Edition, Service Pack 2 Japanese

    This bug can get fixed in upcoming Release\patches. It's in the pipeline/roadmap and the development team working on it

    Regds,

    JK

    The rate of useful messages-

  • The Remote Agent Upgradition

    We need to migrate ACS version 4.2.0.124.16 to 4.2.1.15.8.The same way we have Remote Agent 4.2.0.124.14 to 4.2.1.15.8(hopefully la fois ACS et RA doivent s'exécuter sur la même version).

    What is the procedure to upgrade RA on Win 2003... ? (Backup file while migration)

    Do we not have to uninstall before proceeding... ?

    ini and config file provider review... ?

    Restoration...?

    All quick help on this would be helpful...

    Yes you need to uninstall the previous installation of RA before upgradeing to 4.2.1.15.8

    I have noted problems with patch 8, sometimes it create problems with ACS services. I suggest you apply.

    Should not take backup of the .ini file. During the installation of RA, it would invite, you can enter the IP address of your primary SE ACS.

    Kind regards

    Jousset

    The rate of useful messages-

  • ACS 4.2 Remote agent compatibility issues.

    I did a little reading on the compatibility of remote ACS 4.2 with Windows 2008 R2 agent, and it seems that the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and I would like someone to confirm that I have installed what happens if the remote agent on a Windows 2003 server of Member rather than the 2008 R2 domain controller. Such a scenario will work?

    Comments are appreciated.

    Concerning

    Yes, here's what a bug documented with this CSCtg37183 information:

    http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg37183

    Excerpt from the previous link:

    ACS 4.x does not support the Server 2008 R2 to AD.

    Symptom:

    ACS 4.x does not support authentication to a back-end Server 2008 R2 Active Directory.

    Conditions:

    ACS 4.x
    Windows Server 2008 R2 installed on the domain controller
    ACS or remote agent installed on a member server in the environment (even if the Server 2003/2008)

    Workaround solution:

    Install the ACS or the Remote Agent on a domain controller 2003/2008

    Cisco does not support this scenario because sometimes work well other doesn't work at all, so nobody wants an unstable network right, unfortunately workaround doesn't help much. Although there is an ACS 5.2 trial version that you can test, let me know if I can get you the links.

  • A remote agent sends multiple ACS journal.

    Could you please show example of how to configure more ACS to a remote agent. I tried to add ConfigProviderHost in CSAgent.ini as follows:

    ConfigProviderHost = 192.168.1.x, 192.168.2.x

    But this isn't a job. The remote agent has not earned any newspaper.

    I need to add the remote agent in the network menu or modify CSAgent.ini or...

    Please notify.

    Thank you.

    Nash

    Hi Nash,

    I think you should level version of the ACS SE 4.2 (in your case).

    And then upgrade your software to Remote Agent 4.2 and everything will work.

    The problem is that the version a single agent (4.x) can not serve two distinct versions SE

    You can use only a single hosting provider with more customers.

    ConfigProviderHost = 192.168.1.1

    Kind regards

    -Aryan

Maybe you are looking for