https://community.cisco.com/t5/network-access-control/acs-appliance-setup-help/m-p/908042#M386354 <HTML><HEAD></HEAD><BODY><P>ACS Agent is installed on two DC's as well and they are detected by ACS.</P><P></P><P>Thanks</P></BODY></HTML> Sun, 24 Feb 2008 17:42:12 GMT m_popovic 2008-02-24T17:42:12Z https://community.cisco.com/t5/network-access-control/acs-appliance-setup-help/m-p/908041#M386353 <P>Network environment:</P><P>- Windows 2003 with enterprise CA</P><P>- Cisco ACS appliance 4.1.1.23</P><P>- Cisco 1240 AG series APs</P><P>Wireless clients:</P><P>- Windows XP SP2</P><P></P><P>Brief steps taken:</P><P>- Installed Enterprise CA</P><P>- Created copy of web server certificate with option â&#128;&#156;Mark keys as exportableâ&#128;&#157; enabled. Certificate published.</P><P>- Created global group in AD that contains test user and a single laptop that is a member of domain - for auto enrolment.</P><P>- Generated certificate request from ACS (1024 key length).</P><P>- Submitted server request from ftp server - Submit a certificate request using base 64â&#128;¦</P><P>- Submitted CA certificate request from ftp server - Retrieve CA certificate or revocation list /base 64 encoded.</P><P>- CA &amp; server certificates installed in to ACS appliance (Domain certificate authority approved within ACS)</P><P>- </P><P>Brief cofig of ACS appliance</P><P>Global config</P><P>- PEAP -Selected â&#128;&#156;Allow EAP-MSCHAPv2â&#128;&#157;.</P><P>- LEAP - Allow LEAP (For Aironet only)</P><P>- Selected â&#128;&#156;Allow MS-CHAP Version 1 &amp; 2 authentication</P><P>- Added AAA client (AP) with shared secret with authentication using â&#128;&#156;Radius (Cisco Aironet)</P><P>- Under External user DB//DB config/windows database, â&#128;&#156;Enable PEAP machine authenticationâ&#128;&#157; selected.</P><P></P><P>1240 series AP config</P><P>- Under Server Manager, ACS IP with shared secret entered as a Radius server.</P><P>- Selected EAP authentication.</P><P>- Under SSID Manager selected open Authentication with EAP &amp; selected network EAP.</P><P>- Under Encryption Manager selected WEP Encryption &amp; mandatory.</P><P>- Selected key 1 and entered 128 bit key</P><P></P><P>Client (windows XP SP2 domain member) config</P><P>- Connected to Enterprise CA web site, base64 encoding/download CA certificate </P><P>and installed it in local computer store.</P><P>- Under Network authentication selected open with WEP EAP type â&#128;&#156;protected EAP (PEAP)</P><P>- Authenticate as a computer selected</P><P>- Selected my CA under â&#128;&#156;Trusted Certification Authorities </P><P>- Authentication method (EAP-MSCHAP V2)</P><P></P><P></P><P>Errors: </P><P>Automatic certificate enrollment to local system failed to contact the AD. The specified domain does not exist or cannot be contacted.</P><P></P><P>Or</P><P></P><P>Computer doesn't have correct certificate</P><P></P><P>Used 43486, 64067, 71929</P><P></P><P>Any suggestions very much apretiated.</P> Sun, 10 Mar 2019 22:40:15 GMT https://community.cisco.com/t5/network-access-control/acs-appliance-setup-help/m-p/908041#M386353 m_popovic 2019-03-10T22:40:15Z https://community.cisco.com/t5/network-access-control/acs-appliance-setup-help/m-p/908042#M386354 <HTML><HEAD></HEAD><BODY><P>ACS Agent is installed on two DC's as well and they are detected by ACS.</P><P></P><P>Thanks</P></BODY></HTML> Sun, 24 Feb 2008 17:42:12 GMT https://community.cisco.com/t5/network-access-control/acs-appliance-setup-help/m-p/908042#M386354 m_popovic 2008-02-24T17:42:12Z https://community.cisco.com/t5/network-access-control/acs-appliance-setup-help/m-p/908043#M386355 <HTML><HEAD></HEAD><BODY><P>I've got it running. Most of the answers were in the doc # 43486.</P><P></P><P>Thank you</P></BODY></HTML> Tue, 26 Feb 2008 16:45:02 GMT https://community.cisco.com/t5/network-access-control/acs-appliance-setup-help/m-p/908043#M386355 m_popovic 2008-02-26T16:45:02Z