09-27-2010 12:53 PM - edited 03-10-2019 05:26 PM
We are still running ACS 4.1 on Window 2003 server. We recently upgraded AD to 2008 although the domain and forest functional level are still 2003. After AD upgrade we now unable to authenticate via ACS Windows Database.
Is this an incompatibility issue? Any info is appreciated. Thanks.
09-27-2010 10:08 PM
We are running 4.2 and ACS is working even with the functional level increased. I would be surprised if 4.1 does not work. What is more likely is that, since ACS 4 uses an agent for Windows authentication, is that during your migration to 2008, something happened to the agent installed on one of your servers. There have been several times where Windows authentication has quit working with our ACS because our agents tend to run on utility servers that get neglected. There have been times where different server admin tasks have caused one of our agents to stop working. When this happens I take the opportunity to make sure I have the latest version and reinstall it which has always worked.
Check out this guide on the agent install. http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/remote_agent/rawi.html
09-28-2010 03:44 PM
Thanks Jason. Looks like the remote agent is only supported on ACS SE. We have ACS 4.1 for Windows. One of our staff mentioned that he did not have to install remote agent on any server after ACS installation. It's always worked until we upgraded our domain controllers to 2008.
09-28-2010 03:50 PM
Sorry about that Richard, I completely missed that you mentioned it was running on Windows. I am less familiar with ACS for Windows.
09-28-2010 03:53 PM
No worries Jason. And thanks for responding.
08-04-2011 07:25 AM
So how was this problem solved Richard? Coz I am planning for the same upgrade soon.
08-04-2011 03:07 PM
You will need to upgrade to 4.2. 4.1 is not compatible with AD 2008. Hopefully you have a support contract with Cisco. I had to open a ticket because the installation kept failing due to corrupt file(s). After the cleanup, the installation went pretty smooth. Make sure you backup the database before upgrading.
08-04-2011 03:47 PM
Thanks a lot for your prompt reply...... But what files r u talking about that kept failing?
Sent from Cisco Technical Support iPad App
08-05-2011 09:47 AM
I can't remember which file(s) were corrupt the were causing the installation to fail. It's been almost a year since I did the upgrade. I recommend opening a ticket with Cisco before performing the upgrade.
08-04-2011 05:32 PM
I'm in the same boat - our M$ engineers upgraded our Windows DCs from Win2K3 to Win2k8 and now I'm getting annoying authentication errors in Windows. I understand that Windows2008 DCs dont support NTLMV1 (without downgrading security,) and that 4.2.1 with patch 4 will support NTLMv2(I'm guessing this will solve my issues.)
I'm also running 4.2.0 and attempted to upgrade to 4.2.1 and the installer wont export my database so I can't move to 4.2.1 without rebuilding my database manually (as the ACS upgrade document states that I cant use the 4.2.0 DBs to restore to 4.2.1 if I'm upgrading. (Arggh!)
I think I'll log a support call with Cisco ....
-Pete
08-07-2011 05:48 AM
Thank you peter..... once you upgrade please inform me how did it go out with you.
BR
-Hesham Yousry
08-08-2011 06:08 AM
Guys, I have confirmed with Cisco TAC that ACS4.2 won't work with windown 2008 R2.
09-06-2011 06:42 AM
Hi Heshem,
I have a 4.2 appliance and want to integrate it to a windows 2008 active directory. Concerning your post above, do you know if my appliance will be compatible after an upgrade to an ACS 4.2.1 version?
09-06-2011 11:45 PM
As I said before if you have 2008 R2 Active directory it won't work.
If you have an ACS 4.2.0.124 and you are planning to move to Windows server
2008 no R2 32-bits, then you will need to apply patch 12 at least to the ACS server.
If the Windows server is going to be 2008 no R2 64-bits then you will have to upgrade to 4.2.1.15
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide