06-01-2006 12:16 AM - edited 03-10-2019 02:36 PM
We have two CiscoSecure Server on W2k3.
We use Radius from CiscoSecure and an external Rsa Securid Token to authenticate the user (running on the same server).
With the ACS 3.3, the authentication works fine ( every state works : new pin mode, next token mode, authentication ).
Now with the new version ACS 4.0, if the token is in new pin mode, the user can't create his own code pin with this error message in the radius log : Authetication session invalidated.
Also this error in the RDS.log ( see attachment )
Any workaround to solve this problem ?
Thanks
06-01-2006 02:25 AM
Hi
Whats in the csauth server log for the same time period?
When you do challenge/response (such as RSA) csauth saves session state. In this example the state has been destroyed in between RADIUS messages.
Normally this only happens if the user doesnt repond within 120 seconds.
Darran
06-01-2006 04:14 AM
06-01-2006 07:06 AM
Hmm, the csauth log cuts off just before the response arrives. Could you also include the next 10 seconds worth of logs?
06-01-2006 10:57 PM
06-20-2006 03:15 PM
Open a case w/ TAC; you are likely hitting CSCsd41866 (PAP authentication against RSA server with NEW PIN Mode fails), and there is a patch available.
06-20-2006 10:46 PM
Thanks for the information.
I have the patch and it's ok now.
08-20-2007 05:50 AM
Hi ,
we have the patch for said Bug...We are not able to find the location of acs/dir on ACS1113 appilance..
Could you please let me know the steps to locate
Following are instructions got to update the patch.
Instructions on how to install the patch
========================================
1. Extract the CSAuth.exe from ACS-4.0.1-RSA-SW-CSCsc12614-CSCsd41866.zip
2. Stop service CSAuth
3. Locate
4. Copy new CSAuth.exe extracted from zip to
5. Start service CSAuth
Thanks,
Satish
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: