cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1332
Views
0
Helpful
2
Replies

ACS appliance 4.1 - machine authentification from trusted Domain failed

amcorpicagw
Level 1
Level 1

We have a acs appliance 4.1 with a agent running on a X domain controller to authenticate user's from the X domain active directory.

User's and Computer's are able to authenticate without any issue on X domain.

We have recently add a trusted Y domain on this X domain.

User's from Y domain are able to authenticate on our ACS without any issue , but machine are not able to authenticate.

03/14/201110:44:32Authen failedhost/FLADWS0072.YdomainDefault Group00-26-82-d6-9b-3f(Default)External DB user invalid or bad password

Machine use is the following settings to authenticate :

EAP type : EAP (PEAP) 

Authentification method : EAP-MSCHAP v2

On Y domain active directory :

Remote access permission is ok for machine

On ACS applicance :

"Enable PEAP machine authentication" is select + the machine from X Domain are authenticate without any issue.

Any idea where is should start to invetigate ?

Tks in advance for your help

2 Replies 2

mansrini
Cisco Employee
Cisco Employee

Gauthier,

Is domain Y part of the same forest or different ? Also, what is the complete build and patch number that you are running on the acs?  There are caveats in the lines of machine auth not working cross forest even when there is a two way trust and other caveats such as

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq87007


And most/all of these issues are fixed if you install the latest build/patch on 4.1..

Thanks,

Mani

Dear Valued Cisco Customer,

I will be out of the office from 03/20/2010 until 04/04/2010. During

this time, I will have no access to email or voicemail. If you require

assistance during my absence, please contact Manivannan Srinivasan via

phone at 469-255-4806 or via email at mansrini@cisco.com and this

engineer will continue to work any immediate concerns you may have at

this time. If this issue can wait until my return on 04/05/2010, I will

be glad to continue working with you. If you require assistance outside

of our business hours (10:00am - 7:00pm CST), please contact the TAC by

calling 1800-553-2447 or email tac@cisco.com and request to have the

service request re-assigned.

Best Regards,

Abhishek Neelakanata