Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17643
Views
15
Helpful
5
Replies

Server status: FAILED

Ibrahim Jamil
Level 6
Level 6

‎04-21-2011 03:55 PM - edited ‎03-11-2019 01:24 PM

Hello Folks

when i issue the command the sh aaa-server MYACS,I Noted the below msg for server status,how to troubleshoot and fix this issue?

Server Group:    MYACS
Server Protocol: radius
Server Address:  192.168.100.100
Server port:     1645(authentication), 1646(accounting)
Server status:   FAILED, Server disabled at

1 person had this problem
Labels:
0 Helpful
5 Replies 5

mvsheik123
Level 7
Level 7

‎04-21-2011 06:26 PM

Hi,

PIX/ASA lost connectivity to radius server. Make sure network path is available and the ASA IP/name and node key correctly configured on Radius server.

You can test the server authentication from ASA using command - test aaa-server authentication . Also, you can try enabling debug aaa-server see where the issue is.

hth

MS


Jennifer Halim
Cisco Employee
Cisco Employee

‎04-21-2011 06:30 PM

When the AAA server is in FAILED state, you can check to ensure that you have connectivity to the AAA server by trying to ping it.

Once confirm that connectivity between the ASA and the AAA server is up, you can re-activate the server with the following command:

aaa-server active host 192.168.100.100

If you check the status again:

show aaa-server MYACS host 192.168.100.100

it should say it's ACTIVE now.

Hope this helps.

Ibrahim Jamil
Level 6
Level 6
In response to Jennifer Halim

‎04-22-2011 01:44 AM

Hi

i have 3 acs in the group MYACS,both r okay but the third one gave the failed status so when you use this command aaa-server active host 192.168.100.100 ,r u sure this dosnt affect the first acs(192.168.100.101) who is active and serve the vpn users

thanks

0 Helpful

brquinn
Level 1
Level 1
In response to Ibrahim Jamil

‎04-22-2011 07:52 AM

The default aaa-server reactivation mechanism is depletion. This means that failed servers only reactivate after all of the servers in the group are inactive. The command given to you will manually reactivate the sever, but it will not affect existing servers.

Command Reference link:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a1.html#wp1558160

Thanks,

Brendan

0 Helpful

mvsheik123
Level 7
Level 7
In response to brquinn

‎04-22-2011 08:03 AM

With reference to postring about 3 servers in the group.. just a note , on ASA you do not need to add all the 3 servers if they are Master/replica. The master is enough and ASA will get all the info from the master and will look for replica/backup incase Master is not available.

Thx

MS

PS: I mentioned this as I added all the servers on my prod ASA and later realised that was not required. Everything works great with all the servers status 'OK'.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card