Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
875
Views
5
Helpful
6
Replies

adclient won't start, troubleshooting

Go to solution
ken.montgomery
Level 1
Level 1

‎04-15-2013 11:08 AM - edited ‎03-10-2019 08:18 PM

Hi Everyone,

We have had an active ACS unit for many years now, and we've added a second one, both are 1121 Appliances.  The newer one came with 5.4, so we upgraded the older one to 5.4.

We setup replication between the two, with the newer one primary and the older one secondary.  Problem is, windows based clients are unable to authenticate to the older ACS appliance.  The only problem we can see is that it indicates that adclient is not running, under Monitoring & Troubleshooting, ACS Health Instance Summary.

So... been trying to figure out how to correct this, yet have been hard pressed to find a knowledgebase article that works.  So far, Cisco hasn't added my smartNet on the new box so I can get some support... anyone have any ideas what might be causing it?

(NTP is synchronized)

Thanks in advance, Ken

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎04-15-2013 10:31 PM

Is the device registered successfully to the domain?

in Active Directory configuration page, do you see the status of the ACS to AD connectoin as "Connected" or "Not Connected"?

You use same credentials to register both servers to the domain?

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎04-15-2013 03:20 PM

Ken,

Do the hostnames of the ACS appilances exceed 15 characters? If so, please make sure that the first 15 are unique.

Thanks,

Tarik Admani
*Please rate helpful posts*

Go to solution
ken.montgomery
Level 1
Level 1
In response to Tarik Admani

‎04-16-2013 04:58 AM

I saw that Knowledgebase article on that too, both names are under 15 characters, and are unique in their names also.  So that shouldn't be a factor, but thank you for the reply.

0 Helpful

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎04-15-2013 10:31 PM

Is the device registered successfully to the domain?

in Active Directory configuration page, do you see the status of the ACS to AD connectoin as "Connected" or "Not Connected"?

You use same credentials to register both servers to the domain?

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
ken.montgomery
Level 1
Level 1
In response to Amjad Abdullah

‎04-16-2013 05:00 AM

I will have to get a domain admin to test with me, there is nothing after Joined to domain nor after Connectivity Status.

Looks like this might be a factor.

0 Helpful

Go to solution
ken.montgomery
Level 1
Level 1
In response to ken.montgomery

‎04-16-2013 05:54 AM

Ok, have it joined to the domain now... found an account and am good there, but adclient still doesn't start, going to try a reboot... and it is running on reboot.  Thanks!

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to ken.montgomery

‎04-16-2013 07:06 AM

Ken,

What version of domain controllers are you at currently and what is the forest functional level?

Please take a look at the Computer group in AD and check to see if the ACS machine account is there. If it is, please delete it and then try to the join process again.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents