Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1899
Views
0
Helpful
1
Replies

Cisco ACS Remote Agent Install Issues

DeeBeeArgh
Level 1
Level 1

‎09-18-2011 04:39 AM - edited ‎02-21-2020 10:26 AM

Hello all,

I have just upgraded my company's Cisco ACS Solution Engine from 4.2.0 to  version 4.2.1.15.4. The appliance itself has upgraded just fine - I am now in the process of trying to upgrade the Remote Agent installs on the Windows Servers on the network.

Currently we have Remote Agent 4.2.0.124.6 installed on x2 Windows Server 2003 R2 x86 devices. This was authenticating users against the new ACS SE version. I want to achieve two things here really:

-Get the current Remote Agents on to the recommended version for our ACS SE device

-Take advantage of the x64 support in the new remote agent and install it on one of our Server 2008 R2 Domain Controllers (eventually transfer all the Remote Agents to Server 2008 R2 Domain Controllers).

The contents of the latest Remote Agent download contains a "bin" folder which houses:

CSAgent.exe

CSWinAgent.exe

As well as a bunch of .dll files

as the .exe files dont perform an install  (error msg saying "...CryptoLib.dll is missing from your computer. Try reinstalling the program to fix this problem"), I'm guessing I need to:

-stop the CiscoACS service

-overwrite the exisiting "bin" folder in %systemroot%\Program Files\Cisco\CiscoSecure ACS Agent with the new one

-start the CiscoAcs service

I have trialled this on one of the 2 servers that has the agent on and now the ACS will not authenticate any sessions. Error message on the Failed Attempts report is "Internal Error".

I have copied the old "bin" file back to its original location and restarted the CiscoACS service on the server I tried to upgrade but still get the same message.

I have also done a "Restart All" on the ACS SE services but still no joy in authenticating users. 

I have also reinstalled the original RA on this server

I have also installed the 4.2.0 remote agent on a 3rd server (2003 x86) and added this to the ACS Remote Agents. It shows the RA service as:

Available: Yes

Used by this ACS: No

I guess 2 things really are important. How do I get the ACS to authenticate people with the original RA? How do I get the RA to be "used" by the ACS when I install it on other new servers?

Any help greatly appreciated!

Labels:
0 Helpful
1 Reply 1

DeeBeeArgh
Level 1
Level 1

‎09-27-2011 08:11 AM

Issue was as follows:

RA needed to be installed on Server 2003 DCs. As it was on 2 member servers the RA had the opportunity to poll Server 2008 R2 DCs - doesnt play happily with this version of ACS/Remote agent

Workaround was to install the RA on x2 Server 2003 x86 DCs and run it from there

0 Helpful
Customers Also Viewed These Support Documents