Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
3
Helpful
4
Replies

ACS v3.3 with AD:"The system cannot log you in,no domain available"

kamarulbaharin
Level 1
Level 1

‎07-04-2005 02:42 AM - edited ‎03-10-2019 02:12 PM

Below are the devices I used in my network.

ACS Server:ver 3.3

Active Directory: Win2000 Server SP4 installed with cisco remote agent.

Switch:Cat2950 12.1(EA)1a

Client Workstation: WinXP Pro SP2

I've enable dot1x on the switch and everythings works fine for client until I get msg "The system cannot log you on because domain <domain> is not available". This prob only occured when:-

1)New user is added in AD and that user is trying to login to network through enabled dot1x port from any workstation within the domain.

2)Authenticated user logoff from one workstation and try to login using another workstation which he/she has never been logged into.

Is it got anything to do with microsoft caching? FYI,I using PEAP (MS-CHAPv2)config on both ACS Server and client workstation.

Anyone knows what is the problem?

Labels:
0 Helpful
4 Replies 4

kamarulbaharin
Level 1
Level 1

‎07-07-2005 06:48 PM

I have tested and performed some testing and it seems like the built-in XP authentication program does not working as what it suppose to. Instead,I've used the AEGIS client authentication program which works fine. Thanks to Will Shaw for his ideas and to some forum that I've came across to.

0 Helpful

8gdonald
Level 1
Level 1

‎08-11-2005 12:21 AM

Hi,

I have the exact same problem and can't seem to find a way with the native Win XP SP2 client (even with the latest hotfixes installed).

Have you had any success, feedback or come across any other forums to assist?

My feeling is that the XP workstation tries to log in using the local cached credentials and only fires up the 802.1x authentication after a successful local logon. Because a new user doesn't have a local profile created (and the port is in an up/down status) it reports "domain not availalbe".

Please let me know soonest.

PS: the AEGIS client and machine authentication is not an option in our environment as it will defeat the purpose of our excersise.

Thanks,

Enrico Vermaak

0 Helpful

lddutton
Level 1
Level 1
In response to 8gdonald

‎08-24-2006 08:21 AM

Search for Microsoft hotfix KB885453. Windows machine authentication is required so that the WLAN connection is active prior to user login. We're using WPA2 with PEAP and the hotfix took care of it for us. Cisco has a few docs on machine authentication as well.

mark.character
Level 1
Level 1
In response to lddutton

‎11-27-2006 06:16 AM

You can get a copy of the fix at http://www.etsu.edu/oit/802.1x/index.asp

0 Helpful
Customers Also Viewed These Support Documents