cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

244
Views
0
Helpful
2
Replies
Highlighted
Beginner

Key in ACS magically changing on its own?

We are still running ACS v3.3.4.12.6/7 in several infrastructures mixed with 1111s, 1112s and 1113s.  I know, we are out of support.  We have some of our upgrades in hand and will be starting soon.  We have almost 40 of these appliances in 5 different infrastructures around the world so we have a lot of work to do .  Until then, we are dealing with a nagging problem and wondered if there was an explanation or solution.  Unfortunately the infrastructure that sees this problem the most cannot be upgraded just yet.

Periodically, the key in a client entry changes, causing authentication failures.  Because we have many AAA clients that include possibly 100s of IPs, the failures can be widespread.  The key almost always changes to this:

480d;0164g7?22?251176?1f<d183`593`<164546n6c:0133=3=75<71353

From testing, it appears that one cause is using Firefox when making edits.  We know that browser is not supported so we are not using it.  I suspected IE8 was causing it too, but I have been unsuccessful in proving that.  Those of us making edits are using IE6.

Does anyone know what could be causing this?  

2 REPLIES 2
Highlighted
Enthusiast

Re: Key in ACS magically changing on its own?

We have seen this problem before, usually tracked to a combination of browser/java version in use, and sometimes due to database corruption.

Highlighted
Beginner

Re: Key in ACS magically changing on its own?

I don't suppose you have any documented combinations that you know cause this problem, do you?  While its not too difficult to determine browsers that can cause this problem, its a bit more difficult when Java is included as a variable.

I've seen this in multiple ACS infrastructures, so I'm inclined to think (or hope), that its not due to db corruption, athough I definitely would not dismiss that as an option.  DB corruption seems to be a common occurance in ACS v3.x with the db being registry-based.

Has this problem been seen in ACS v4.2?  We are getting ready to upgrade to v4.2 and was hoping that would help.

Thanks!