01-25-2010 04:09 PM - edited 03-10-2019 04:54 PM
Hi,
I was able to configure ACS with AD successfully.
I was using my AD account to get connected and now I want to change it to system account I have created for that.
Each time I am trying to change username and password I can get through Test Connection phase successfully but when I am trying to save this configuration I got message:
The item you trying to delete is referenced by other items.
You must remove all references to this item before it can be deleted.
Anybody could help on that?
Thank you
P.S. With my current connection to AD I also cannot see groups anymore.
01-26-2010 03:19 AM
Hi Levter,
Looks like you are trying to change the admin account on the ACS for AD connectivity. Before you do that you need to remove all the settings linked with AD like group mapping and policy elements.
You need to delete all the ad settings before you use new admin account.
If you are ready to delete it, click Clear Configuration after you verify that:
–There are no policy rules that use custom conditions based on the AD dictionary.
–The AD is not chosen as the identity source in any of the available access services.
–There are no identity store sequences with the AD.
You can not use different/new user account without deleting the old AD config.
Please try to delete from there and see if that helps.
HTH
Regards,
JK
Plz rate helpful posts-
01-26-2010 08:07 AM
I forgot to mention that I have added AD on ACS 5.0 and then have it updated to the ACS 5.1
I also lost ability to see groups usong current account.
I feel this is some king of bug which hopefulli will be fixed in next update/release.
Solution you offering will ruine all my configuration. It is not small.
I will have to delete all my config for account name change only?
Can I back up my rules first and then restore it?
I am connecting to the same AD. Just different username.
Could you help please?
Thank you.
09-27-2010 10:46 AM
The documentation stated this username was only for joining the Domain, so I used my Domain Admin account to join the Domain.
It appears the documentation is wrong, a service account to run-as is actually needed. Seems at reboots and other circumstances the account is needed. No problem, I'm creating a service account.
However now once I enter the new service accont username you want me to delete all AD references before you can change it? What is Cisco nuts or just a bunch of horrilbe software developers?
It was bad enough I had to burn a DVD and stick it in a drive to upgrade from ACS 5.1 to ACS 5.2 to support 2008R2 domain controllers.
09-27-2010 01:20 PM
In working with Cisco TAC (SR615252563), on ACS 5.2 I was getting the same error message " The item you trying to delete is referenced by other items. You must remove all references to this item before it can be deleted." when trying to change the Active Directory username.
Fix was via SSH
acs stop
acs start
Once I restarted ACS I could change the Active Directory username/password without a problem.
12-06-2010 04:07 AM
Hi, I have the similar problem as describe, The ACS server account's password has expired in AD. I then changed the password in ACS and in AD, but was not able to save the changes in ACS , got this error message: "The item you are trying to delete is referenced by other items.You must remove all references to this item before it can be deleted".
If I (from ssh) did a restart on ACS i was able to save the settings
BUT
Only if I skipped pressing the test button.So skip the test button after the restart and just do a save configuration then it works.
/Magnus
03-28-2011 12:18 AM
I've had the same types of issues before with this.
Note to all of you who are setting up ACS 5.x, I'd suggest you get the account right from the start, get one made in AD if you have to dedicated to ACS allowing it to bind to AD.
Choose a complex password, set it to never expire, end of story.
Changing account names and passwords later on is a pain, and often you have to recreate all your rules etc.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide