Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16536
Views
5
Helpful
2
Replies

AAA Accounting invalid_group_handle

Go to solution
CSCO12099251
Level 1
Level 1

‎09-22-2017 12:19 AM - edited ‎02-21-2020 10:34 AM

 

Hi,

I am getting below error messages logged while login into cisco 3750 switch authenticated by AAA server.

Please advise

 

Sep 16 08:28:32.957 SIN: %AAA-3-BADSERVERTYPEERROR: Cannot process accounting server type *invalid_group_handle*

Sep 16 12:01:57.235 SIN: %AAA-3-BADSERVERTYPEERROR: Cannot process accounting server type *invalid_group_handle*

Sep 16 22:07:49.330 SIN: %AAA-3-BADSERVERTYPEERROR: Cannot process accounting server type *invalid_group_handle*

Sep 17 10:44:44.752 SIN: %AAA-3-BADSERVERTYPEERROR: Cannot process accounting server type *invalid_group_handle*

 

Regards,

Godwin. S

9 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jeremy.Herr92
Level 1
Level 1

‎05-06-2019 02:56 AM

Apologies if this is a REALLY late reply but I just ran into this and was able to resolve it. So I would rather have a late reply answer than none at all. We resolved this by double checking the radius group names in the config.

 

For example our vty lines showed:

line vty 0 4
session-timeout 15
exec-timeout 480 0
authorization exec RadiusSv1
logging synchronous
login authentication RadiusSv1
transport input ssh

 

But we accidentally misspelled the group name in aaa configs:

aaa group server radius RdiusSv1
server-private 10.12.10.2 key 7 044D390539136F7B062F062543082A067C
server-private 10.10.82.2 key 7 095A7C0A2F373427043A07187A270E3163
ip radius source-interface Vlan110

 

We fixed the errors by correctly spelling the group name to RadiusSv1 in aaa group:

aaa group server radius RadiusSv1
server-private 10.12.10.2 key 7 044D390539136F7B062F062543082A067C
server-private 10.10.82.2 key 7 095A7C0A2F373427043A07187A270E3163
ip radius source-interface Vlan110

View solution in original post

2 Replies 2

Go to solution
Jeremy.Herr92
Level 1
Level 1

‎05-06-2019 02:56 AM

Apologies if this is a REALLY late reply but I just ran into this and was able to resolve it. So I would rather have a late reply answer than none at all. We resolved this by double checking the radius group names in the config.

 

For example our vty lines showed:

line vty 0 4
session-timeout 15
exec-timeout 480 0
authorization exec RadiusSv1
logging synchronous
login authentication RadiusSv1
transport input ssh

 

But we accidentally misspelled the group name in aaa configs:

aaa group server radius RdiusSv1
server-private 10.12.10.2 key 7 044D390539136F7B062F062543082A067C
server-private 10.10.82.2 key 7 095A7C0A2F373427043A07187A270E3163
ip radius source-interface Vlan110

 

We fixed the errors by correctly spelling the group name to RadiusSv1 in aaa group:

aaa group server radius RadiusSv1
server-private 10.12.10.2 key 7 044D390539136F7B062F062543082A067C
server-private 10.10.82.2 key 7 095A7C0A2F373427043A07187A270E3163
ip radius source-interface Vlan110

Go to solution
jerryblack143
Level 1
Level 1
In response to Jeremy.Herr92

‎01-19-2021 06:43 AM

This really helped me after deploying ISE and finding out that accounting updates were not occurring.

Enabled "Terminal monitor" on one of the switches and watched the logs.

The error came up and when i searched for it, this article came up.

It was the root cause - A typo on the RADIUS servers group name on some of the aaa configs.

Thank you

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents