Solved: there is no security software

prkg87001 · ‎10-14-2015

There are few services which were not able to restart , they are as follows:-

1) CSAuth

Error:- "Windows could not start the csauth on local computer. for more information, review the system event log. if this is

a non-microsoft service, contact the service vendor, and refer to service-specific error code 1060"

2) CSTacacs

Error:- "Windows could not start the cstacacs on local computer. for more information, review the system event log. if this is

a non-microsoft service, contact the service vendor, and refer to service-specific error code 1066"

3) CSRadius = Starting

the remaining services like CSAdmin, CSDbSync, CSLog were started.

Also i am not able to take acs system backup from System Configuration -> ACS Backup and pressing Backup Now. This shows the error msg as

:- CSAuth service must be running in order to start backup

Nadav · ‎11-02-2015

I was refering to snapshots of the OS itself, but I suppose that you checked that by now.

Keep in mind that CSLog works so you should be seeing logs for the different services which aren't working. Check out the <ACS_install_dir>\CSAuth\logs folder for logs of CSAuth, and the other folders for other services which aren't working.

There is a very detailed troubleshooting guide located here:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2/trouble/guide/ACSTrbG42/Ch2.html#wp1042097

That guide should help you deal with the issue if there isn't some other software on the server causing trouble. One thing it suggests which may be relevant to you is to ensure that Windows firewall Internet Connection Sharing isn't running.

Because I'm unfamiliar with your server, I think you should do the following quick test to make sure there aren't sockets which may be crashing the authentication services you mentioned. Within the command line, type "netstat -ano | findstr -i Listening" and see whether or not there are any sockets open on your tacacs+ and radius ports. It will probably return false but it's worth a check.

Worse case scenario, maybe you can use CSUtil to backup the database (I'm fairly certain you can backup with the services which do run), install ACS on a new Windows 2003 server and then restore. You can use CSUtil for numerous types of exports and operations as well.

Whether you manage to deal with the issue or not, you should speak with whoever is responsible for making backups of your servers and make sure that should anything like this happen again that you can have a quick fix during a maintenance window.

View solution in original post

Javier Henderson · ‎10-31-2015

Please note that ACS 4.2 has been out of support for over a year by now.

That said, were any changes made to the server running ACS? For example, a Windows upgrade?

prkg87001 · ‎11-01-2015

windows was not upgraded. acs 4.2 server was working perfectly about 3 weeks ago.

Based on that server, i was testing various EAP methods

Nadav · ‎11-01-2015

If you have a snapshot of before the crash, you can use that. It's very important to make system backups which go at least a few days back, if not periodically every X months.

As for the services, if you didn't patch for the OS then perhaps there is some security software such as mcafee EPO or whatnot which has an updated policy that is blocking the services. If you do have such software on the server, look at the logs of the software. You can then disable the software and reboot the server, see if that helps (during a maintenance window).

Keep in mind that there are system logs for each service under the Logs directory of the ACS installation, so you should take a look there. If the service didn't even start up after boot, I would suspect security software or the GPO changing the services in a way that doesn't allow them to operate.

prkg87001 · ‎11-01-2015

there is no security software installed on windows 2003 server. as i said earlier, i am not able to take acs backup.

Nadav · ‎11-02-2015