Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


ACS 5.3 x Windows 2008 Server

We have a Cisco ACS version appliance.

It is integrated with Windows 2003 server and worked very well.

This Server received a upgrade to version 2008.

After this upgrade, the integration with this server and the cisco acs 5.3 don't work.

It is presenting strange behavior:

The ACS is connected to the Domain.

When we tested the connectivity with the AD (Users and Identity Stores>Active Directory>Test Connection) it's successful.

The equipaments that is using the TACACS is working very well.

We use the radius of the acs for authentication of VPN (through Firewall Cisco ASA 5540).

This operation worked very well with Windows Server 2003, but with Windows Server 2008 don't.

When we tested the VPN connection, these error logs appear:


24444 Active Directory operation has failed because of an unspecified error in the ACS

24429 Could not establish connection with Active Directory

24401 Could not establish connection with ACS Active Directory agent

Did anyone had a similar problem?

Did anyone knows if the ACS is incompatible with Windows Server 2008?

Help us please?


your ACS version should definitely be compatible with 2008 server.

from ACS 5.2 onwards it is compatible with 2008 server.

the below line is just to show that your version is ok and need to check with some other issues.

This occurs because of incompatibility issues. AD 2008 R2 integration is supported from ACS 5.2 version only. Upgrade your ACS to 5.2 or later. Refer to Cisco bug ID CSCtg12399 (registered customers only) for more information.

Jatin Katyal
Cisco Employee

Yes, it does support Windows 2008 R2. The support was introduce from ACS 5.2

The root cause of this error message can only be seen in the adclient logs.

From my experience, I can tell you that this will be fixed with patch 4 or above. Else, get the adclient logs and we can tell you what could be a problem. Most of the ACS-AD communication were addressed in ACS 5.3 patch 4 and above.

I also want to know in case you changed the ACS host name while ACS is join to AD?

Can you also post the output of "show timezone" and "show clock".

Jatin Katyal

**Do rate helpful posts**


Hello Equipe,

ACS 5.3 issue of integration with the AD is known issue and was resolved in the patch 4 or above, or if you still having the same issue please send us the logs, so that we can go through it and resolve your issue timely.

Basant Lenka, Jantin and Harvinder, good morning.

The windows Server in my work is Server 2008, it isn't 2008 R2.

I looked for in the internet for the compatibility with ACS and Windows Server 2008 but what I found informations only the Windows Server 2008 R2.

Because of this, I asked for information about the Windows Server 2008.

The patch of my ACS is Patches: 5-3-0-40-1. Will be better to update it?

When the ACS was joined to AD, the host name not changed. Would I did have to change of the hostname?

The output of the commands:

acsprd01/admin# show clock
Mon Sep 23 11:01:11 BRT 2013
acsprd01/admin# show timezone

What logs would you like to see?

Thanks for your help.

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube