cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1999
Views
0
Helpful
3
Replies

ACS 4.2 Remote agent compatibility issues.

Sundeep Dsouza
Level 1
Level 1

I have been doing a bit of reading on the ACS 4.2 remote agent compatibility with Windows 2008 R2, and it seems like the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and I would want someone to confirm that what if I install the Remote agent on a Windows 2003 member server instead of the 2008 R2 DC. Will such a scenario work?

Feedback is appreciated.

Regards

1 Accepted Solution

Accepted Solutions

Yes, here is this one which has a bug documented with this information CSCtg37183 :

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg37183

Extracted from previous link:

ACS 4.x doesn't support 2008 R2 Server for AD.


Symptom:

ACS 4.x does not support authentication to a backend 2008 R2 Active Directory server.

Conditions:

ACS 4.x
Windows Server 2008 R2 installed on Domain Controller
ACS or remote agent installed on any member server in the environment (even if the server is 2003/2008)

Workaround:

Install the ACS or Remote Agent on a 2003/2008 domain controller

Cisco doesn't support this scenario because sometimes work fine other doesn't work at all, so nobody wants an unstable network right, unfortunately the workaround doesn't help much. Although there is an ACS 5.2 trial version that you can test, let me know so I can get you the links.

View solution in original post

3 Replies 3

mauzamor
Level 1
Level 1

Hi Sundeep,

The situation with 2008 R2 is the following, unfortunately this specific OS is not supported for installation/authentication for ACS/Remote Agents below the code 5.2.0.26

So this means that you cannot install the RA in the Windows server 2008 R2, also means that if the Domain Controllers are running 2008 R2 the authention will fail. (Actually you will face random situations, sometimes will work other times will fail).

In your case you are wondering if installing the RA in a Windows server 2003 will work, the installation will work fine, but the authentication no.

Let me know if I can clarify something else for you about this just let me know.

Actually AD authentication is working perfectly fine at the moment. We have a 2008 R2 domain controllers and the agent is installed on a Windows 2003 member server. However as you mentioned, this might or might not work occasionally.

Can you point me to a Cisco doc stating that agent on a 2003 Windows member server running in 2008 R2 domain is not recommended?

Regards and thanks.

Yes, here is this one which has a bug documented with this information CSCtg37183 :

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg37183

Extracted from previous link:

ACS 4.x doesn't support 2008 R2 Server for AD.


Symptom:

ACS 4.x does not support authentication to a backend 2008 R2 Active Directory server.

Conditions:

ACS 4.x
Windows Server 2008 R2 installed on Domain Controller
ACS or remote agent installed on any member server in the environment (even if the server is 2003/2008)

Workaround:

Install the ACS or Remote Agent on a 2003/2008 domain controller

Cisco doesn't support this scenario because sometimes work fine other doesn't work at all, so nobody wants an unstable network right, unfortunately the workaround doesn't help much. Although there is an ACS 5.2 trial version that you can test, let me know so I can get you the links.