Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2584
Views
0
Helpful
2
Replies

AD DISCONNECTED in Cisco Secure ACS

Go to solution
Sakthi vel
Level 1
Level 1

‎05-30-2013 05:01 AM - edited ‎03-10-2019 08:29 PM

We have ACS

5-3-0-40-8

The AD connectivity showing as Disconnected

we faced the same issue when it was 5.x, we upgraded to

5-3-0-40-8

after 2.5 months today we faced this problem. Any permanent fix for this.

Restarting of service got hung and hence we reloaded the server to address this.

Please help on this at earliest.

Thanks & Regards,

Sakthivel M

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎06-01-2013 04:55 AM

You'are running one of the most stable code and patch of ACS if we talk about ACS-AD issues. I'm sure there should not be an issue with ACS. Something is not configured correctly. Most likely a DNS or NTP issue.

In order to further investigate and to know what could be a root cause, you need to provide some information and logs when it will occur again.

1.] Do we have ACS running on Appliance or Vmware?

2.] When you say it is in disconnected state, do you see authentication getting failed as well or it just shows status as disconnected. In case of failure, what error we get in ACS logging section? Also, can you see test connection come up with postive results?

3.] What is the status of the ad-client service on the CLI, can be checked with "show application status acs"  when you say its disconnected?

4.] Also, when you attempt to join again while it's disconnected, do you  see any error? can you share?

5.] Most importantly, The logs at debug level would tell us the real story. Before you reproduce this problem we need to turn the logs at debugging level. (If this can not be reproduced then wait for the issue to reoccur)

Go to the ACS CLI:

            acs/admin# acs-config

            Escape character is CNTL/D.

            Username: acsadmin

            Password: XXXXXXXX

            acs/admin(config-acs)#

Set the desired ACS logs to debug level.

            acs/admin(config-acs)# debug-log runtime level debug

            acs/admin(config-acs)# debug-adclient enable

NOTE: Once you are done, turn of the logs.

Generate the support bundle and upload here. Do mention the timestamp when the issues was reproduced, it will help me to track down the relevent logs.

Jatin Katyal
- Do rate helpful posts -

~Jatin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎05-31-2013 11:35 PM

Sakthi,

We had this issue happens sometimes on the secondary ACS.

We had no NTP sync before. Once we used NTP to sync the time between both ACS servers and the AD domain we never faced this issue so far.

I suggest you to use NTP server (if not already used) and make sure the time is the same on AD and ACS server.

quick question: when the AD is disconnected and you do a test for the connectivity what message you get?

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎06-01-2013 04:55 AM

You'are running one of the most stable code and patch of ACS if we talk about ACS-AD issues. I'm sure there should not be an issue with ACS. Something is not configured correctly. Most likely a DNS or NTP issue.

In order to further investigate and to know what could be a root cause, you need to provide some information and logs when it will occur again.

1.] Do we have ACS running on Appliance or Vmware?

2.] When you say it is in disconnected state, do you see authentication getting failed as well or it just shows status as disconnected. In case of failure, what error we get in ACS logging section? Also, can you see test connection come up with postive results?

3.] What is the status of the ad-client service on the CLI, can be checked with "show application status acs"  when you say its disconnected?

4.] Also, when you attempt to join again while it's disconnected, do you  see any error? can you share?

5.] Most importantly, The logs at debug level would tell us the real story. Before you reproduce this problem we need to turn the logs at debugging level. (If this can not be reproduced then wait for the issue to reoccur)

Go to the ACS CLI:

            acs/admin# acs-config

            Escape character is CNTL/D.

            Username: acsadmin

            Password: XXXXXXXX

            acs/admin(config-acs)#

Set the desired ACS logs to debug level.

            acs/admin(config-acs)# debug-log runtime level debug

            acs/admin(config-acs)# debug-adclient enable

NOTE: Once you are done, turn of the logs.

Generate the support bundle and upload here. Do mention the timestamp when the issues was reproduced, it will help me to track down the relevent logs.

Jatin Katyal
- Do rate helpful posts -

~Jatin
0 Helpful
Customers Also Viewed These Support Documents