Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1569
Views
0
Helpful
6
Replies

Cisco ACS 4.2.0.124 Error

vishweswaran
Level 1
Level 1

‎06-24-2012 03:45 AM - edited ‎03-10-2019 07:13 PM

On ACS 4.2.0.124 version installed on Appliance 1113.We are getting error code as "Internal error" and also "Enabling Tacacs+ is not allowed for this Access Server" while client authentication

Someone can help me for error reason and steps to be followed.

Labels:
0 Helpful
6 Replies 6

Jatin Katyal
Cisco Employee
Cisco Employee

‎06-24-2012 12:56 PM

There could be different reasons for the message "internal error". Most of the times we see this error message when there is an issue with account permission we have used as a service account for Active directory and ACS integration. If everything was working fine then check if you have made some changes on the Active directly.

"Enabling Tacacs+ is not allowed for this Access Server"

For the above error message- Make sure that "Enable Option" under user/group is set to Level 15 for

all the NAS or for the selected NAS.

Regrads,

Jatin

Do rate helpful posts-

~Jatin
0 Helpful

vishweswaran
Level 1
Level 1
In response to Jatin Katyal

‎06-25-2012 04:46 AM

Thanks for your revert

We need some suggestions on below quries ..

1)we tried upgrade to 4.2.1.15.8 from 4.2.0.124.16.then we got multiple issues like users in a group e.g:l2group automatically moves to Default group.

2)then we reverted to old version 4.2.0.124.16 but still we are facing the same issue.and also new users have been added to this AD also going to Default group and dynamic mapping is not mapping.

We are running on appliance 1113 and RA installed is 4.2.0.124.14.

what could be done for this ??

Any imm.help would be appreciated ..

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to vishweswaran

‎06-25-2012 05:09 AM

It seems group-mapping is not working for you.

Note: Whenever we change the remote agent under external user database...group mapping will

disappear. Please check if group-mapping still exist in the ACS external user database section.

Also, check if all other combination is set to Default group.

Regards,

Jatin

Do rate helpful posts-

~Jatin
0 Helpful

vishweswaran
Level 1
Level 1

‎06-25-2012 05:32 AM

Appreciating your quick response.

I just wanted to inform we have restarted the remote agent once before.that was the cause for this problem..?

And 1 more thing.We are running on 4.2.0.124.14 version of Remote agent.(but our ACS is 4.2.0.124.16).

Do we need to migrate RA also to .16 or its not a problem..?

Becase ACS version and Remote Agent should be same right...?

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to vishweswaran

‎06-25-2012 05:36 AM

Restarting remote agent wound not cause any issues unless you delete it or change it's sequence on the ACS.

Also, looks like different patch is causing an issue. It strongly recommended that ACS SE and Remote agent version and patch should be exactly same. I'm unsure how is your authentication working at first place. Normally we see an error message in such scenarios like "external database is not operation".

Please apply patch 16 immediately on RA server to avoid any issues.

Regards,

Jatin

Do rate helpful posts-

~Jatin
0 Helpful

vishweswaran
Level 1
Level 1
In response to Jatin Katyal

‎06-25-2012 05:46 AM

Thank you Jkatyal..

We would try it and update...

0 Helpful
Customers Also Viewed These Support Documents