topic ACS 5.3 RADIUS authentication failing - Active Directory Agent in Network Access Control https://community.cisco.com/t5/network-access-control/acs-5-3-radius-authentication-failing-active-directory-agent/m-p/1886746#M208988 <P>Hi, I'm somewhat new to ACS and am trying to complete a migration from 4 to 5.3 </P><P></P><P>Currently, I've got ACS joined to my (2003) domain, and it shows status connected (although the test connect fails). </P><P></P><P>I have aaa working without issue for TACACS, but all RADIUS authentication is currently failing. Logs show the message below: </P><P></P><P>"24401 could not establish connection with acs active directory agent"</P><P></P><P>I'm not seeing anything telling in the logs on the domain controllers. Any idea would be greatly appreciated!</P><P></P><P>Thanks, </P><P></P><P>-cb</P> Mon, 11 Mar 2019 01:52:20 GMT calvincbehr 2019-03-11T01:52:20Z ACS 5.3 RADIUS authentication failing - Active Directory Agent https://community.cisco.com/t5/network-access-control/acs-5-3-radius-authentication-failing-active-directory-agent/m-p/1886746#M208988 <P>Hi, I'm somewhat new to ACS and am trying to complete a migration from 4 to 5.3 </P><P></P><P>Currently, I've got ACS joined to my (2003) domain, and it shows status connected (although the test connect fails). </P><P></P><P>I have aaa working without issue for TACACS, but all RADIUS authentication is currently failing. Logs show the message below: </P><P></P><P>"24401 could not establish connection with acs active directory agent"</P><P></P><P>I'm not seeing anything telling in the logs on the domain controllers. Any idea would be greatly appreciated!</P><P></P><P>Thanks, </P><P></P><P>-cb</P> Mon, 11 Mar 2019 01:52:20 GMT https://community.cisco.com/t5/network-access-control/acs-5-3-radius-authentication-failing-active-directory-agent/m-p/1886746#M208988 calvincbehr 2019-03-11T01:52:20Z ACS 5.3 RADIUS authentication failing - Active Directory Agent https://community.cisco.com/t5/network-access-control/acs-5-3-radius-authentication-failing-active-directory-agent/m-p/1886747#M208989 <HTML><HEAD></HEAD><BODY><P>Just a note in case anyone runs into this - there was no issue with ACS or the domain. The cause of the problem was an incorrect shared secret on several of the RADIUS devices. This was overlooked as ACS was only providing active directory and active directory agent related error messages (instead of a shared secret / key mismatch error which ACS did provide with TACACS+ devices). </P></BODY></HTML> Mon, 02 Apr 2012 20:38:59 GMT https://community.cisco.com/t5/network-access-control/acs-5-3-radius-authentication-failing-active-directory-agent/m-p/1886747#M208989 calvincbehr 2012-04-02T20:38:59Z