04-06-2006 11:58 PM - edited 03-10-2019 02:32 PM
Hi,
I am using radius to authenticate user who connect to LAN but always fail...here is the error in ACS report "external DB account restriction" can anyone help me to resolve ?
Many thanks...
Sholeh
04-07-2006 12:53 AM
When user validation fails for any reason (external server down, wrong SSL certificate, or key mismatch with NAS), the csv failed attempts report states that the authentication failure code is 'external db account restriction'
So check if key is same for ACS and client, if users database is OK....
M.
Hope that helps rate if it does
04-07-2006 12:02 PM
Also check you enabled dial-in on the active directory account.
Rutger
04-07-2006 01:02 PM
The official Microsoft error description is:
1327L ERROR_ACCOUNT_RESTRICTION Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions).
Darran
04-10-2006 04:43 AM
I'm using ACS 3.3 and having the same problem of "External DB account Restriction".
I checked all the things that you mentioned and everything seems fine.
Except that on the Radius server, the application event viewer keeps popping two errors.
The first one says source-rasctrs and it goes like this:
The description for Event ID ( 2001 ) in Source ( rasctrs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.
The second one says soure-preflib and it goes like this:
The Open Procedure for service "RemoteAccess" in DLL "c:\WINNT\System32\rasctrs.dll" failed.
HEEEEEEELLLLp
04-16-2006 08:02 PM
Dear All,
Thank you very much for your reply, I am new to this ACS and after reading the installation guide throughly I found that the windows running ACS server has not been configure to communicate with Active directory...that's way authentication always fail...and now my friend is still configuring it, hopefully it will work smoothly.
Thanks again.
Best regards,
Sholeh
04-16-2006 11:08 PM
Hello Azat,
with regard to the first event viewer message (Event ID 2001), this message usually is being displayed if you disabled the Remote Access service; these events are logged ´because the Performance Monitor checks the availability of all counters listed in the registry. Since Remote Access is installed but unavailable, the errors are logged.´
You can get rid of these entries by adding the following key to this registry entry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]
"Disable Performance Counters"=dword:00000001
That is, create a DWORD entry with the name ´Disable Performance Counters´ with a value of 1 under the ´Performance´ entry.
As with regard to the original problem, I wonder if this could be a client problem. Which clients do you have (e.g. XP SP2) ? And are there any other devices (firewalls, or locally installed anti-virus scanners) in the path between the clients and the ACS ?
Regards,
GNT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide