cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2270
Views
5
Helpful
3
Replies

Cisco ACS 4.2 Internal Error

Good Evening. I have problem with ACS 4.2 and AD, on autification on PC i have an internal error. In RDS.log i have that line:

Error UDB_NT_UNKNOWN_ERR authenticating (DOMAIN)\(USERNAME) - no response sent to NAS

I already checked physhic layer problems, switch configured dot1x, ciscosecure remote agent installed.

1 Accepted Solution

Accepted Solutions

camejia
Level 3
Level 3

Hello,

Is the Auth.log file also reporting "Windows authentication FAILED (error 6L)" for the same RDS timestamps/failure?

Also, which ACS version (Include Patch) are you using? Are you authenticating against Windows Server 2003 or 2008 or 2008 R2 AD?

NOTE: Remember that 2008 R2 AD is not supported by any ACS 4.x version.

Also verify that you have complied with the following requirements:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp311476

Verify which one applies for you as there are two options: Windows Member Server or Windows Domain Controller.

Regards.

View solution in original post

3 Replies 3

camejia
Level 3
Level 3

Hello,

Is the Auth.log file also reporting "Windows authentication FAILED (error 6L)" for the same RDS timestamps/failure?

Also, which ACS version (Include Patch) are you using? Are you authenticating against Windows Server 2003 or 2008 or 2008 R2 AD?

NOTE: Remember that 2008 R2 AD is not supported by any ACS 4.x version.

Also verify that you have complied with the following requirements:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp311476

Verify which one applies for you as there are two options: Windows Member Server or Windows Domain Controller.

Regards.

Hello. Yes, In auth.log i have following messages:

AUTH 01/11/2012 09:09:09 E 6028 0836 0x0 AllocateThread returned 3

AUTH 01/11/2012 09:09:09 A 5821 4432 0x1530     Worker 3 established conn 9318 with 127.0.0.1:49600

AUTH 01/11/2012 09:09:09 E 1810 4432 0x1533 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 6L)

AUTH 01/11/2012 09:09:22 E 1810 4432 0x1535 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 6L)

I use Windows Server 2008 SP2. I can't open you link to requirements, i get error 403.

Thank You!

Hello,

The Windows authentication FAILED (error 6L) usually refers to permissions errors. The Remote Agent software/service might not have enough privileges to authenticate Windows Accounts. In that case you might want to refer to the attached document, sections "Configuring for Domain Controllers Authentication" or "Configuring for Member Server Authentication". You should check the one that applies for your installation depending if the RA is installed on a Member Server or Domain Controller on your AD Domain.

Also, remember that Windows Authentication for AD Domains running Windows Server 2008 was included on ACS 4.2.0.124 Patch or above. As a recommendation, an upgrade to 4.2.1.15 latest patch would be the best approach. If the issue persists after the upgrade you might need to check the attached document Post-Installation Tasks under the sections mentioned above.

Regards.