11-30-2009 11:51 PM - edited 03-10-2019 04:49 PM
Hi all,
I have two ACS server for windows with 4.2 version. My problem is that if the primary ACS server is down, the dynamic users from the windows database in not able to authenticate with secondary ACS server. Please note that if a user added to the ACS , this user can authenticate with windows database. Only the dynamic mapping is not happening with second ACS server.
A fast response will be appreciated.
Solved! Go to Solution.
12-01-2009 10:24 AM
Does the Unknown User Policy points to the Windows Database in both cases? Are Dynamic Users enabled under the Unknown User Policy?
Are these ACS for Windows Servers or ACS SE with a Remote Agent installed on a AD member Server?
If those are Remote Agents, check the External Database > Windows Configuration > Remote Agent Selection. Is the same Remote Agent selected on both ACS Servers?
Please be aware that if you switch the order of RA it would delete all your Group Mappings.
12-01-2009 10:24 AM
Does the Unknown User Policy points to the Windows Database in both cases? Are Dynamic Users enabled under the Unknown User Policy?
Are these ACS for Windows Servers or ACS SE with a Remote Agent installed on a AD member Server?
If those are Remote Agents, check the External Database > Windows Configuration > Remote Agent Selection. Is the same Remote Agent selected on both ACS Servers?
Please be aware that if you switch the order of RA it would delete all your Group Mappings.
12-01-2009 10:27 AM
I missed your note: ACS server for windows with 4.2 version.
Is the Secondary ACS Server installed on the same domain as the Primary Server?
Dynamic users are not replicated...authentications should create the new Dynamic User on the Secondary Server.
Are the ACS Services configured with a Domain Admin account under "Log On As"?
It is important to comply with ACS Post-Installation Tasks:
12-01-2009 10:08 PM
Hi ansalaza,
Thanks for your response. Let me answer your queries.
1. Both ACS servers are is the same domain
2. It is configured as domain account under "Log On As"
I will check the unknown user policy in the secondary ACS and will update you. Please note that I could authenticate the AD users with secondary ACS if the user is statically added to the ACS database. Only dynamic users from AD is not authenticating and giving the error "unknown username" in the failed attempts logs.
12-02-2009 12:21 AM
Hi Ansalaza,
Excellent, You have pointed out. I have done the changes in the unknown user policy and it is working.
Thank you once again.
Regards
Abison
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide