ACS 4.2 failure to authenticate windows users

robahad2008 · ‎04-09-2009

Hi all , we have a bit of a problem which we cannot seem to resolve.

The ACS can authenticate people using local database , it can also authenticate a single user (using windows database) if you are fast after the service is restarted , however after a few secounds, it fails to authenticate any users , the error we are seeing on the logs appear as authentication failure type : internal error. Also on the log files, the authentication request from the user does not appear in the correct group, it is thrown into the default group.

Any ideas on where we should look to the problem?

Jagdeep Gambhir · ‎04-09-2009

It could be due to many reasons. Please check the permission of the account running acs services or remote agent service.

Do we have acs appliance or acs windows? What is the software version?

Need to check auth.log for deatils.

Regards,

~JG

robahad2008 · ‎04-09-2009

Hi,

Its running on windows 2003 server, is running as the system account.

Auth.log details below on a failed authentication

AUTH 04/09/2009 17:02:13 A 5789 3000 0x69 Worker 0 waiting for work

AUTH 04/09/2009 17:02:13 A 5789 1400 0x6 Worker 3 waiting for work

AUTH 04/09/2009 17:02:13 A 5789 0368 0x4 Worker 1 waiting for work

AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 0

AUTH 04/09/2009 17:02:23 A 5821 3000 0x69 Worker 0 established conn 166 with 127.0.0.1:1879

AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 1

AUTH 04/09/2009 17:02:23 A 5821 0368 0x4 Worker 1 established conn 167 with 127.0.0.1:1881

AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 3

AUTH 04/09/2009 17:02:23 A 5821 1400 0x6 Worker 3 established conn 168 with 127.0.0.1:1883

AUTH 04/09/2009 17:02:24 A 5853 0236 0x51 Worker 4 error/timeout, forcing API disconnect of connection 165.

AUTH 04/09/2009 17:02:24 A 5887 0236 0x51 Worker 4 closing conn 165 endpoint. Handled 2 messages.

AUTH 04/09/2009 17:02:24 A 5789 0236 0x51 Worker 4 waiting for work

AUTH 04/09/2009 17:02:30 E 2100 4080 0x6d External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1783L)

Jagdeep Gambhir · ‎04-09-2009

This error is related to win2008. Please apply patch 9 to fix it

To download patch 9 use this link,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Here is the bug (feature enhancement) that was filled out in order to get the 2008 support.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq28674

Regards,

~JG

Do rate helpful posts

sdmumbai rrc · ‎09-14-2011

Hi Jagdeep,

I am also facing same issue ACS stop authenticating users, it require restart ACS services after that it worked for few miniutes then again it stop authenticating. In ACS authentication logs its showing " internal error",

it fails to authenticate any users , the error we are seeing on the logs appear as authentication failure type : internal error.

ACS version : 4.0

Platform Windows: 2003

Remote Logging : disabled

Please help to know this bug will relate to my problem also or any other bug id.

Regards,

Rahul

Nicolas Darchis · ‎09-15-2011

When you face an issue , please create a new discussion rather than reviving older discussion from other people.

By the way, the first step for you would be to upgrade to 4.2 and patch it since your ACS is quite old now.

Fabio Francisco · ‎09-18-2011

AFAIK from ACS 4.0 you are entitled to upgrade to ACS 4.2.

Please have a look to a similar problem and solution here

https://supportforums.cisco.com/message/3432697#3432697

Cheers,

Fabio

Javier Henderson · ‎09-15-2011

What version of Windows AD are you using?