10-14-2015 03:45 AM - last edited on 03-25-2019 05:33 PM by ciscomoderator
There are few services which were not able to restart , they are as follows:-
1) CSAuth
Error:- "Windows could not start the csauth on local computer. for more information, review the system event log. if this is
a non-microsoft service, contact the service vendor, and refer to service-specific error code 1060"
2) CSTacacs
Error:- "Windows could not start the cstacacs on local computer. for more information, review the system event log. if this is
a non-microsoft service, contact the service vendor, and refer to service-specific error code 1066"
3) CSRadius = Starting
the remaining services like CSAdmin, CSDbSync, CSLog were started.
Also i am not able to take acs system backup from System Configuration -> ACS Backup and pressing Backup Now. This shows the error msg as
:- CSAuth service must be running in order to start backup
Solved! Go to Solution.
11-02-2015 11:55 AM
I was refering to snapshots of the OS itself, but I suppose that you checked that by now.
Keep in mind that CSLog works so you should be seeing logs for the different services which aren't working. Check out the <ACS_install_dir>\CSAuth\logs folder for logs of CSAuth, and the other folders for other services which aren't working.
There is a very detailed troubleshooting guide located here:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/trouble/guide/ACSTrbG42/Ch2.html#wp1042097
That guide should help you deal with the issue if there isn't some other software on the server causing trouble. One thing it suggests which may be relevant to you is to ensure that Windows firewall Internet Connection Sharing isn't running.
Because I'm unfamiliar with your server, I think you should do the following quick test to make sure there aren't sockets which may be crashing the authentication services you mentioned. Within the command line, type "netstat -ano | findstr -i Listening" and see whether or not there are any sockets open on your tacacs+ and radius ports. It will probably return false but it's worth a check.
Worse case scenario, maybe you can use CSUtil to backup the database (I'm fairly certain you can backup with the services which do run), install ACS on a new Windows 2003 server and then restore. You can use CSUtil for numerous types of exports and operations as well.
Whether you manage to deal with the issue or not, you should speak with whoever is responsible for making backups of your servers and make sure that should anything like this happen again that you can have a quick fix during a maintenance window.
10-31-2015 07:47 PM
Please note that ACS 4.2 has been out of support for over a year by now.
That said, were any changes made to the server running ACS? For example, a Windows upgrade?
11-01-2015 09:12 PM
windows was not upgraded. acs 4.2 server was working perfectly about 3 weeks ago.
Based on that server, i was testing various EAP methods
11-01-2015 10:32 PM
If you have a snapshot of before the crash, you can use that. It's very important to make system backups which go at least a few days back, if not periodically every X months.
As for the services, if you didn't patch for the OS then perhaps there is some security software such as mcafee EPO or whatnot which has an updated policy that is blocking the services. If you do have such software on the server, look at the logs of the software. You can then disable the software and reboot the server, see if that helps (during a maintenance window).
Keep in mind that there are system logs for each service under the Logs directory of the ACS installation, so you should take a look there. If the service didn't even start up after boot, I would suspect security software or the GPO changing the services in a way that doesn't allow them to operate.
11-01-2015 11:33 PM
there is no security software installed on windows 2003 server. as i said earlier, i am not able to take acs backup.
11-02-2015 11:55 AM
I was refering to snapshots of the OS itself, but I suppose that you checked that by now.
Keep in mind that CSLog works so you should be seeing logs for the different services which aren't working. Check out the <ACS_install_dir>\CSAuth\logs folder for logs of CSAuth, and the other folders for other services which aren't working.
There is a very detailed troubleshooting guide located here:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/trouble/guide/ACSTrbG42/Ch2.html#wp1042097
That guide should help you deal with the issue if there isn't some other software on the server causing trouble. One thing it suggests which may be relevant to you is to ensure that Windows firewall Internet Connection Sharing isn't running.
Because I'm unfamiliar with your server, I think you should do the following quick test to make sure there aren't sockets which may be crashing the authentication services you mentioned. Within the command line, type "netstat -ano | findstr -i Listening" and see whether or not there are any sockets open on your tacacs+ and radius ports. It will probably return false but it's worth a check.
Worse case scenario, maybe you can use CSUtil to backup the database (I'm fairly certain you can backup with the services which do run), install ACS on a new Windows 2003 server and then restore. You can use CSUtil for numerous types of exports and operations as well.
Whether you manage to deal with the issue or not, you should speak with whoever is responsible for making backups of your servers and make sure that should anything like this happen again that you can have a quick fix during a maintenance window.
11-02-2015 01:02 PM
Please try to power cycle the box and make sure that ACS is not getting low on disk space. If it still fails then we need to remaige the ACS.
Regards,
~JG
Do rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: