cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2597
Views
0
Helpful
3
Replies
Highlighted
Beginner

TACACS latency

My ACS-server is experiencing these errors (started a couple of hours before new years eve):

RADIUS Latency (milliseconds) =  3344.82 , TACACS Latency (milliseconds) = 0.00)

Due to this error I also got this errror:

Category = CSCOacs_Internal_Operations_Diagnostics, Severity = ERROR, Message Text = Could not write to local storage file

What do I do to correct the RADIUS Latency error? I don't want to restart the server cause then I will throw out all other users that have been athenticated.

Everyone's tags (4)
3 REPLIES 3
Highlighted
Beginner

Re: TACACS latency

More information:

I have received 3.000 errors since Dec 31 10 PM. It is continuously failing, and I have also gotten the message "More than 50 auth errors last 10 minutes". Everything due to a slow TACAS-service - or at least so it seams.

Highlighted
Beginner

Re: TACACS latency

I am attaching the ACS instance health summary. According to this there is a high memory utilization. I check using the cli and it says 143 mb available. Not so much considering there's 4 gb on the server:

***ACS**02/admin# show mem
total memory:    4151260 kB
free memory:      146512 kB
cached:           420308 kB
swap-cached:           0 kB

How do I see exactly what is using all the memory?

Highlighted
Beginner

Re: TACACS latency

Again I answer my own question:

CSCtg12399 Bug Details

ACS 5.1 doesn't support 2008 R2 Server for AD.

Symptom:

The customer is looking to migrate their Active Directory environment to Windows 2008 Server R2.

Conditions:

The customer uses AD for authentication.

Workaround:

Continue using Windows 2003/2008 until 2008 R2 support is available. Contact TAC and link case to this bug id.

I will upgrade to 5.2. More info here, https://supportforums.cisco.com/thread/2028496.