I cannot login ACS3.0 (both local and remote) after i limit the administrative session use port 2002 only. 'Can not login to CiscoSecure ACS for Windows 2000/NT, all Administration ports are currently in use. ' is the messge shown. Anyone can help on this? Thanks.
ACS listens constantly on port 2002 for new login connections, then after you login, it changes that session to a different port, usually a random one but as you know, you can set it up to change to certain ports. It still monitors port 2002 for new connections.
What you've done is tell ACS that it can only change to port 2002, but that port is already in use by the ACS admin service as it waits for new logins to come in. I don't believe there's any way around this, nor am I sure how you can fix it. I'm not game to try it on mine cause I think you've probably locked yourself out (sorry about that).
If you can get back in, you'll need to set it up to use port 2001 or something like that, something different to 2002 anyway. Keep in mind also though, that if you make say, the start and end ports 3000 to 3000, you'll only be able to get one admin session at a time going. When the 2nd session tries to login it'll be redirected to port 3000 but that will be in use by the 1st admin session and you'll get an error.
OK, I had to try this, you piqued my curiosity. Sure enough, if you set both the start and end ports to 2002 you lock yourself out.
To get back in, you need to change the registry settings. Open regedit and find the key:
Under here there's a Start Port and End Port value, change these to something other than both 2002 (0x7d2). Stop/start the CSAdmin service via Control Panel and you should be able to get back in.