08-09-2007 12:00 PM - edited 03-10-2019 03:19 PM
Hi
So we've just done an upgrade of CSACS 3.3(1) to 3.3(3) and then from there to 4.1 as recommended. After the upgrade, all 'seems' to be fine with the server, all the services have started and seem to be running, the UDP ports are open (1812, 1813, 1645 and 1646), yet none of my clients are able to login via any NAS configured. There are no logs being generated on the server, no fails, no passes, nothing since the upgrade. The server and the NAS' can still ping each other just as before, nothing else has changed on the NAS or the network in general. During the upgrade, I choose to keep my existing configuration. Can anyone help? Please? Thanks
Jason
08-09-2007 12:13 PM
Jason,
It seems to be a appliance , if that is the case then go to ,
acs ----> Interface config--->Advanced --->Enable all except last two.
Now go to acs----> Network configuration ----> Proxy table ----.Put deleverence 1 on the fwd to box and what ever you have under fwd to box drag it to the left box.
Regards,
~JG
08-09-2007 12:15 PM
Hi
This is not an appliance, but the Windows based software server. Would these tips still apply? Thanks
Jason
08-09-2007 12:20 PM
No , not for windows. Is the services running ? What is the OS and SP ?
08-09-2007 12:23 PM
Hi
The services are all running, I've tried to stop and restart all CS* services. I've tried to reboot the whole server itself. It is running Windows Server 2003. One problem I noticed just now, the server does not have SP1 applied due to a conflict with another application running on that box and according to the CSACS4.1 release notes, SP1 is a requirement...but I don't know if not having it would cause these weird issues. Everything 'seems' to be running, open ports, etc, but nothing is happening. So I'm going to try to get this server updated to SP1 and see what happens from there. Do you think this SP1 missing would cause this strange problem? Thanks very much for your help.
Jason
08-10-2007 04:39 AM
Hi Jason,
I don't think SP can cause this kind of issue but it is worth to try. Also I would suggest to sniff the NIC of acs and see if there is any traffic coming from the NAS, if it is there then it would be interesting to see how acs replied.
Also take debugs at the same time from NAS
debug aaa authentication
debug radius or tacacs (as per the case)
Also make sure that acs is set up as Cisco secure acs and NOT tacacs or radius.
ACS -->Network configuration---->AAA server--->Server type should be Cisco secure acs.
Regards,
~JG
08-10-2007 04:41 AM
Hi
We let the server do its full set of Windows Updates last night and after the update and reboot, all authentication services started working properly again with no further changes. So it WAS the patch level that was causing the problem. Thanks for all your help.
Jason
08-12-2007 06:59 PM
Jason
I am glad that you were able to get this worked out. Thank you for updating the thread to indicate that you had found a solution to the problem. It makes the forum more useful when people can read about a problem and can read what provided the solution to the problem.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide