03-17-2011 06:19 AM - edited 03-12-2019 05:39 PM
Hi
Since some months I'm running ACS 5.2 appliance without any problems. Today I found a very strange problem:
When I want to change the password from a local user there's a popup message:
"This System Failure occurred: {0}. Your changes have not been saved.Click OK to return to the list page."
I tried different users but I am not able to change any password. Always the same message.
all three patches installed
Users migrated form ACS 4.x
If you need any further information, please ask.
Thanks for your help!
Solved! Go to Solution.
03-20-2011 09:45 PM
Looks like this is a known existing issue. I found the following CDETS:
03-18-2011 02:03 AM
Not sure how far it will be possible. However, you can try this with username/password without any wildcard characters,
(&% ,.!+ -).
Paps
03-18-2011 02:04 AM
Dear Valued Cisco Customer,
I will be out of the office from 03/20/2010 until 04/04/2010. During
this time, I will have no access to email or voicemail. If you require
assistance during my absence, please contact Manivannan Srinivasan via
phone at 469-255-4806 or via email at mansrini@cisco.com and this
engineer will continue to work any immediate concerns you may have at
this time. If this issue can wait until my return on 04/05/2010, I will
be glad to continue working with you. If you require assistance outside
of our business hours (10:00am - 7:00pm CST), please contact the TAC by
calling 1800-553-2447 or email tac@cisco.com and request to have the
service request re-assigned.
Best Regards,
Abhishek Neelakanata
03-18-2011 03:20 AM
I made some additional tests and I was able to locate the problem:
With patch 2 a new function was introduced: "Checking Internal User’s existence before Authentication" (Bug CSCtk32683)
Because this is a very important feature for me I implemented this short after the patch was released to make sure users use a RADIUS OTP token server to authenticate. Normally I don't have to change passwords because there are external passwords/OTP token. But sometimes I have to configure a user to bypass RADIUS OTP token server (lost token or something like this). So I want to change the password because I use a random 32 character password I don't save. And that is not possible.
I defined the internal users attribute ACS-RESERVED-Authen-ID-Store as enumeration to select possible authentication methods (OTP Token, IAS, ACS).
I was able to change password from a newly created user without using the Authen-ID-Store attribute.
Is there a function to prevent changing passwords if Authen-ID-Store is used or is there a bug?
03-18-2011 03:20 AM
Dear Valued Cisco Customer,
I will be out of the office from 03/20/2010 until 04/04/2010. During
this time, I will have no access to email or voicemail. If you require
assistance during my absence, please contact Manivannan Srinivasan via
phone at 469-255-4806 or via email at mansrini@cisco.com and this
engineer will continue to work any immediate concerns you may have at
this time. If this issue can wait until my return on 04/05/2010, I will
be glad to continue working with you. If you require assistance outside
of our business hours (10:00am - 7:00pm CST), please contact the TAC by
calling 1800-553-2447 or email tac@cisco.com and request to have the
service request re-assigned.
Best Regards,
Abhishek Neelakanata
03-18-2011 03:47 AM
Hi,
I didn't find any known problems with changing passwords for users with 'ACS-RESERVED-Authen-ID-Store' attribute.
Does deleting such a user and readd help?
I'd like to suggest opening a TAC case to get to the root cause.
Paps
03-18-2011 03:48 AM
Dear Valued Cisco Customer,
I will be out of the office from 03/20/2010 until 04/04/2010. During
this time, I will have no access to email or voicemail. If you require
assistance during my absence, please contact Manivannan Srinivasan via
phone at 469-255-4806 or via email at mansrini@cisco.com and this
engineer will continue to work any immediate concerns you may have at
this time. If this issue can wait until my return on 04/05/2010, I will
be glad to continue working with you. If you require assistance outside
of our business hours (10:00am - 7:00pm CST), please contact the TAC by
calling 1800-553-2447 or email tac@cisco.com and request to have the
service request re-assigned.
Best Regards,
Abhishek Neelakanata
03-18-2011 07:14 AM
Deleting and readd doesn't solve the problem. As soon as I use the Authen-ID-Store attribute I'm no longer able to change password. After some additional tests I worked out that this problem only occurs if I configure Authen-ID-Store as enumeration. If defined as string there's no problem.
03-18-2011 07:15 AM
Dear Valued Cisco Customer,
I will be out of the office from 03/20/2010 until 04/04/2010. During
this time, I will have no access to email or voicemail. If you require
assistance during my absence, please contact Manivannan Srinivasan via
phone at 469-255-4806 or via email at mansrini@cisco.com and this
engineer will continue to work any immediate concerns you may have at
this time. If this issue can wait until my return on 04/05/2010, I will
be glad to continue working with you. If you require assistance outside
of our business hours (10:00am - 7:00pm CST), please contact the TAC by
calling 1800-553-2447 or email tac@cisco.com and request to have the
service request re-assigned.
Best Regards,
Abhishek Neelakanata
03-20-2011 09:45 PM
Looks like this is a known existing issue. I found the following CDETS:
03-21-2011 12:08 AM
Hi jrabinow
I think this is the bug i found. Will it be fixed?
Greets
06-20-2011 11:35 PM
Since my first post a couple of patches have been released but none of them solved the issue. Do you know when it will be fixed?
07-04-2011 07:39 AM
This will be fixed in ACS 5.3 which will be available later this year
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide