Hello Carlos,

Thanks for the response. Unfortunately I am in the middle of upgrading to ACS 5.3 and have to maintain this production server until it is completed. I have several other identical 3.3 servers that do not have this issue with the checkboxes under Administration Control, when setting up admins. I have tried with Firefox and IE6 and the same issues persists. Again I can add an admin account but it will not save any checkboxes that are enabled.

Adam,

Usually those type of issues are related to JAVA as the configuration for the Privilege of the ACS Admin Accounts runs over JAVA Applets. Also, the Submit and Cancel buttons use JAVA. Are you facing issues with the buttons as well?

Regards.

Hi Carlos,

No. I have no issues with the buttons. I am able to function normally in all other areas using buttons, checkboxes, etc. It is just the Administrative Control section where the checkboxes do not save a\for any new accounts.

Adam,

ACS 3.x and 4.x GUI issues are hard to troubleshoot. Is this an ACS for Windows? If yes, can you please go to System Configuration > Service Control > Logging Detail > Set it to Full.

At this point we need to recreate the issue a couple of times.

After recreating the issue please access the Windows Server using RDP and check the following path (or the applicable for your ACS installation): C:\Program Files\CiscoSecure ACS v4.2\CSAdmin\Logs. You might want to look for the ADMN.log which includes the GUI logging information.

Feel free to share the file with me after setting the ACS to Full Detail on logging and recreating the issue. Share an approx time to check on the logs as well.

Regards.

Hi Carlos,

This is ACS 3.3 for Windows. I set the logging to full, recreated the issue sevral times and downloaded the logfile. I am attaching.

Another development. I just tried adding several new accounts as admins. The first one behaved as the previous, would not save any checkboxes. The second account I got the following error message:

I cnanot add any more admins to the server. This is very strange and has never happened before.

Seems it will not let me add more than 16 admin accounts, regardless if #16 is not complete.

Adam,

I have not been able to find any restriction on the max amount of Admin Accounts for ACS 3.3. I did not find any errors on the ADMN logs either.

As the ACS 3.3 is quite old, I have seen issues with the ACS Internal Database getting locked or "corrupted" on some cases. We might want to try compressing the ACS 3.3. database. I am including the process below:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/User_Guide/A_CSUtil.html#wp510176

Cleaning up the ACS Internal Database

Like many relational databases, the ACS internal database marks deleted  records as deleted; but does not remove the records from the database.  You can clean up the ACS internal database and remove all records marked  for deletion by using the following CSUtil.exe options:

•-d—Export all ACS internal data to a text file, named dump.txt.

•-n—Create an ACS internal database and index.

•-l—Load all ACS internal data from the dump.txt file.

Additionally, if you want to automate this process, consider using the -q

option to suppress the confirmation prompts that otherwise appear before CSUtil.exe

performs the -n

and -l

options. This process does not necessarily reduce the size of the database.

Note Cleaning up the ACS internal database requires that you stop the CSAuth service. While CSAuth is stopped, no users are authenticated.

To clean up the ACS internal database:

Step 1 On the computer that is running ACS, open an MS-DOS command prompt and change directories to the directory containing CSUtil.exe. For more information about the location of CSUtil.exe, see Location of CSUtil.exe and Related Files.

Step 2 If the CSAuth service is running, type:

net stop csauth

Press Enter.

The CSAuth service stops.

Step 3 Type:

CSUtil.exe -d -n -l

Press Enter.

Tip If you include the -q option in the command, CSUtil does not prompt you for confirmation of initializing or loading the database.

If you do not use the -q option, CSUtil.exe displays a confirmation prompt for initializing the database and then  for loading the database. For more information about the effects of the -n option, see Initializing the ACS Internal Database. For more information about the effects of the -l option, see Loading the ACS Internal Database from a Dump File.

Step 4 For each confirmation prompt that appears, type Y and press Enter.

CSUtil.exe dumps all ACS internal data to dump.txt, initializes the ACS internal database, and reloads all ACS internal data from dump.txt. This process may take a few minutes.

Step 5 To resume user authentication, type:

net start csauth

Press Enter.

Please perform the above described process and try to create the account again.

Hope this helps.

Regards.

Ok thanks for the help. Will schedule after hours time to stop the server csauth service to run this utility. Will let you know.

Hi Carlos,

That did the trick. I ran the CSUtil and it seems to have cleaned up whatever was wrong with the database. Thanks so much for your help.