Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


External DB not operational

We are moving from a Novell to a Microsoft AD environment.  The Domain controllers are running 2008.  Running ACS 4.2 on a ACS SE appliance.  So, we need to have a Windows remote agent.  We have the unknown user policy active and we have some group mappings that will map our AD groups to ACS groups.  When we create those mappings, we can see all of the groups in our Doamin, so we know that the Windows remote agent is working and ACS can see the domain.  However, when we try to authenticate, it fails and ACS reports the error External DB not operational.  Well, I know its operational because when I configure a group mapping, it sees the AD groups.

Any help is appreciated.


This is an issue for the TAC to look at... they'll ask you to use the Support page to generate a file.

Before you do this, set system logging to max then see if you can replicate the problem - the logs collected in the cab file will then contain as much debug info as possible. If you wanted to look yourself the cab file holds loads of logs of which one is the CSAuth service log file - open and search for "external" and you should find all related logged events.

Good luck

Already on it.  TAC stated that 2008 R2, which I am running is not yet supported, but hope to have a patch out in a month to fix that.  This is for the ACS 5.x platform as well as 4.2.

So, I am going to look into the possibility of doing a secure LDAP connection and if that doesn't work, I will just wait for the patch.

Thanks for the response!