cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1458
Views
0
Helpful
6
Replies

LMS 3.2 and ACS 4.2. ACS CISCOWORKS SECRET KEY MISMATCH

Hi there,

Currently I am able to almost setup cisco works server with the acs server.

I verified the secret keys match. And even went as far as changing them aswell to another. The secret shared keys match.

but i get the below provided error. The 10.x.x.x have susituded the actual ips for this example. Is ther something that I am not doing?

Your incite is greatly appreciated.

Thanks


Blair

10.X.X.XFailed
Primary ACS Verification Status ( 10.X.X.X )
Tacacs+ ConnectivityReachable
HTTP/HTTPS ConnectivityReachable
AAA ClientConfigured
Secret Key VerificationMismatch Detected
System Identity UserNot Applicable
6 Replies 6

Hi Blair,

Is Proxy server configured on the ACS, in that case check the shared key for the proxy server ?

Thanks,
Arshdeep

ACS also uses inheritance setting from the parent group, so if the LMS server is in a group for example like

NMS Servers -> LMSserver1

Make sure you check the shared secret key setting for "NMS Servers", it will take precedence.  I believe once inside NMS Servers and you see all the servers , scroll to bottom of the list where there will be a button to edit NMS Servers settings.

thanks for the swift response,

I verified that there  is no proxy server. we currently only have one server which is under "not assigned" ndg group.

In addition to that I cant see a field with a shared secret key on the ndg groups.

Just a note shared keys are same all around.

Just to give you guys a run down of what has been done:

1.on acs server.have created two accounts - a. aaa client account which gives lms server access to devices as we give network administrators. done

                                          b. acs server super account which gives the lms server access to acs https link. done

2a) Under cisco network assistant portlet /LMS Server/change acs setup,= there is a section to setup acs access mode. done with mismatch

  b) Under CS portlet/aaa mode setup/ = there is a section to setup acs access mode. done with mismatch

thanks

Blair

In that case, i would recommend you to try to start afresh in ACS.

Try to make a new NDG, say LMSServer and then add your ciscoworks server as a AAA client in it.

Make sure while adding new NDG and AAA you put the same Secret key in both. I guess this document will help you bigtime in ACS and LMS integration:

http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Thanks.. it was Success recreating the group. However please check the following table

TACACS+ Connectivity With ACSReachable
HTTP/HTTPs Connectivity With ACSReachable
CiscoWorks System Identity User Configuation in ACSNot all privileges assigned

i created highest priveldge acs accounts and aaa client accounts but i still get this error.

Any suggestions?

System Identity User name and password must be synchronized with LMS server CS -> Server -> Security -> System Identity Setup

System Identity User must be a user of ACS, not administrator of ACS.

You should build a new group and place system Identity user in this group.  If you have the LMS applications listed in Shared Profile components, then they should also be a part of the group configuration.  Enable each application and then assign a Role to that application which should be SuperAdmin from the pull down menu under "Assign a XXXXX for any network device"

This is a fairly important step and is sometimes over looked.

But you first must go through the AAA Mode Setup and APPLY with " Register all installed applications with ACS" check marked the first time.