04-09-2009 07:44 AM - edited 03-10-2019 04:25 PM
Hi all , we have a bit of a problem which we cannot seem to resolve.
The ACS can authenticate people using local database , it can also authenticate a single user (using windows database) if you are fast after the service is restarted , however after a few secounds, it fails to authenticate any users , the error we are seeing on the logs appear as authentication failure type : internal error. Also on the log files, the authentication request from the user does not appear in the correct group, it is thrown into the default group.
Any ideas on where we should look to the problem?
04-09-2009 08:23 AM
It could be due to many reasons. Please check the permission of the account running acs services or remote agent service.
Do we have acs appliance or acs windows? What is the software version?
Need to check auth.log for deatils.
Regards,
~JG
04-09-2009 09:05 AM
Hi,
Its running on windows 2003 server, is running as the system account.
Auth.log details below on a failed authentication
AUTH 04/09/2009 17:02:13 A 5789 3000 0x69 Worker 0 waiting for work
AUTH 04/09/2009 17:02:13 A 5789 1400 0x6 Worker 3 waiting for work
AUTH 04/09/2009 17:02:13 A 5789 0368 0x4 Worker 1 waiting for work
AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 0
AUTH 04/09/2009 17:02:23 A 5821 3000 0x69 Worker 0 established conn 166 with 127.0.0.1:1879
AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 1
AUTH 04/09/2009 17:02:23 A 5821 0368 0x4 Worker 1 established conn 167 with 127.0.0.1:1881
AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 3
AUTH 04/09/2009 17:02:23 A 5821 1400 0x6 Worker 3 established conn 168 with 127.0.0.1:1883
AUTH 04/09/2009 17:02:24 A 5853 0236 0x51 Worker 4 error/timeout, forcing API disconnect of connection 165.
AUTH 04/09/2009 17:02:24 A 5887 0236 0x51 Worker 4 closing conn 165 endpoint. Handled 2 messages.
AUTH 04/09/2009 17:02:24 A 5789 0236 0x51 Worker 4 waiting for work
AUTH 04/09/2009 17:02:30 E 2100 4080 0x6d External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1783L)
04-09-2009 01:00 PM
This error is related to win2008. Please apply patch 9 to fix it
To download patch 9 use this link,
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des
Here is the bug (feature enhancement) that was filled out in order to get the 2008 support.
Regards,
~JG
Do rate helpful posts
09-14-2011 11:54 AM
Hi Jagdeep,
I am also facing same issue ACS stop authenticating users, it require restart ACS services after that it worked for few miniutes then again it stop authenticating. In ACS authentication logs its showing " internal error",
it fails to authenticate any users , the error we are seeing on the logs appear as authentication failure type : internal error.
ACS version : 4.0
Platform Windows: 2003
Remote Logging : disabled
Please help to know this bug will relate to my problem also or any other bug id.
Regards,
Rahul
09-15-2011 02:11 AM
When you face an issue , please create a new discussion rather than reviving older discussion from other people.
By the way, the first step for you would be to upgrade to 4.2 and patch it since your ACS is quite old now.
09-18-2011 05:14 PM
AFAIK from ACS 4.0 you are entitled to upgrade to ACS 4.2.
Please have a look to a similar problem and solution here
https://supportforums.cisco.com/message/3432697#3432697
Cheers,
Fabio
09-15-2011 04:06 PM
What version of Windows AD are you using?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide