Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
730
Views
0
Helpful
2
Replies

ACS 5.2 hangs on connecting with MS AD at random intervals

danielfycosta
Level 1
Level 1

‎05-31-2012 01:11 PM - edited ‎03-10-2019 07:09 PM

Greetings,

   I have a simple ASA, ACS, AD schema for RA VPN authentication. All is working for a few months now, but since the initial deployment we have this connectivty issue regarding ACS and MS AD. At random intervals, 1 month/1 week, the ACS connection status becomes "DISCONNECTED" although the CLI shows that ad client is running. But because of that, no RA VPNs can be authenticated. Clock is not a problem, since it didn't change automatically nor was manually configured prior to the malfunction.

   What do I do to fix this? 

   I change the domain name, from the currently working xx.com, to cisco.com for instance, so I can get an error message. Then I set the correct domain name again and click on "Test Connection" until I get a successful message so I can press Save Changes. That usually takes 10-15 tries.

   After some research I've noticed a LOT of people have this same problem, even on ACS 5.3. I was wondering if anybody has an oficial solution. I'm not sure how to see the log messages on the ACS itself for further troubleshooting on this matter, but since a simple procedure like the above solves the problem, I'm thinking of a bug. And because of that, I'll apply the latest patch 5.2.0.26 (10) tonight, hoping it solves this odd behaviour.

   Any thoughts?

Thanks in advance.

Regards, Daniel

Labels:
0 Helpful
2 Replies 2

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎05-31-2012 01:12 PM

This sub board is for Wireless Security Questions.

You would be better served to move this question to the Security > VPN boards

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

danielfycosta
Level 1
Level 1
In response to Stephen Rodriguez

‎05-31-2012 01:18 PM

Thanks for the tip. I've moved to the Security > AAA section now 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents