cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1755
Views
0
Helpful
12
Replies
Highlighted
Beginner

ACS 5.2 Password change problem

Hi

Since some months I'm running ACS 5.2 appliance without any problems. Today I found a very strange problem:

When I want to change the password from a local user there's a popup message:

"This System Failure occurred: {0}. Your changes have not been saved.Click OK to return to the list page."

I tried different users but I am not able to change any password. Always the same message.

Cisco Secure ACS

Version : 5.2.0.26.3


all three patches installed

Users migrated form ACS 4.x

If you need any further information, please ask.

Thanks for your help!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Re: ACS 5.2 Password change problem

Looks like this is a known existing issue. I found the following CDETS:

CSCtd06290: System failure error when submitting Change Password with enum attribute
There does not appear to be any workaround

View solution in original post

12 REPLIES 12
Highlighted
Beginner

Re: ACS 5.2 Password change problem

Not sure how far it will be possible. However, you can try this with username/password without any wildcard characters,

(&% ,.!+ -).

Paps
Highlighted
Beginner

Re: ACS 5.2 Password change problem

Dear Valued Cisco Customer,

I will be out of the office from 03/20/2010 until 04/04/2010. During

this time, I will have no access to email or voicemail. If you require

assistance during my absence, please contact Manivannan Srinivasan via

phone at 469-255-4806 or via email at mansrini@cisco.com and this

engineer will continue to work any immediate concerns you may have at

this time. If this issue can wait until my return on 04/05/2010, I will

be glad to continue working with you. If you require assistance outside

of our business hours (10:00am - 7:00pm CST), please contact the TAC by

calling 1800-553-2447 or email tac@cisco.com and request to have the

service request re-assigned.

Best Regards,

Abhishek Neelakanata

Beginner

Re: ACS 5.2 Password change problem

I made some additional tests and I was able to locate the problem:

With patch 2 a new function was introduced: "Checking Internal User’s existence before Authentication" (Bug CSCtk32683)

Because this is a very important feature for me I implemented this short after the patch was released to make sure users use a RADIUS OTP token server to authenticate. Normally I don't have to change passwords because there are external passwords/OTP token. But sometimes I have to configure a user to bypass RADIUS OTP token server (lost token or something like this). So I want to change the password because I use a random 32 character password I don't save. And that is not possible.

I defined the internal users attribute ACS-RESERVED-Authen-ID-Store as enumeration to select possible authentication methods (OTP Token, IAS, ACS).

I was able to change password from a newly created user without using the Authen-ID-Store attribute.

Is there a function to prevent changing passwords if Authen-ID-Store is used or is there a bug?

Highlighted
Beginner

Re: ACS 5.2 Password change problem

Dear Valued Cisco Customer,

I will be out of the office from 03/20/2010 until 04/04/2010. During

this time, I will have no access to email or voicemail. If you require

assistance during my absence, please contact Manivannan Srinivasan via

phone at 469-255-4806 or via email at mansrini@cisco.com and this

engineer will continue to work any immediate concerns you may have at

this time. If this issue can wait until my return on 04/05/2010, I will

be glad to continue working with you. If you require assistance outside

of our business hours (10:00am - 7:00pm CST), please contact the TAC by

calling 1800-553-2447 or email tac@cisco.com and request to have the

service request re-assigned.

Best Regards,

Abhishek Neelakanata

Highlighted
Beginner

Re: ACS 5.2 Password change problem

Hi,

I didn't find any known problems with changing passwords for users with 'ACS-RESERVED-Authen-ID-Store' attribute.

Does deleting such a user and readd help?

I'd like to suggest opening a TAC case to get to the root cause.

Paps

Highlighted
Beginner

Re: ACS 5.2 Password change problem

Dear Valued Cisco Customer,

I will be out of the office from 03/20/2010 until 04/04/2010. During

this time, I will have no access to email or voicemail. If you require

assistance during my absence, please contact Manivannan Srinivasan via

phone at 469-255-4806 or via email at mansrini@cisco.com and this

engineer will continue to work any immediate concerns you may have at

this time. If this issue can wait until my return on 04/05/2010, I will

be glad to continue working with you. If you require assistance outside

of our business hours (10:00am - 7:00pm CST), please contact the TAC by

calling 1800-553-2447 or email tac@cisco.com and request to have the

service request re-assigned.

Best Regards,

Abhishek Neelakanata

Highlighted
Beginner

Re: ACS 5.2 Password change problem

Deleting and readd doesn't solve the problem. As soon as I use the Authen-ID-Store attribute I'm no longer able to change password. After some additional tests I worked out that this problem only occurs if I configure Authen-ID-Store as enumeration. If defined as string there's no problem.

Highlighted
Beginner

Re: ACS 5.2 Password change problem

Dear Valued Cisco Customer,

I will be out of the office from 03/20/2010 until 04/04/2010. During

this time, I will have no access to email or voicemail. If you require

assistance during my absence, please contact Manivannan Srinivasan via

phone at 469-255-4806 or via email at mansrini@cisco.com and this

engineer will continue to work any immediate concerns you may have at

this time. If this issue can wait until my return on 04/05/2010, I will

be glad to continue working with you. If you require assistance outside

of our business hours (10:00am - 7:00pm CST), please contact the TAC by

calling 1800-553-2447 or email tac@cisco.com and request to have the

service request re-assigned.

Best Regards,

Abhishek Neelakanata

Highlighted
Rising star

Re: ACS 5.2 Password change problem

Looks like this is a known existing issue. I found the following CDETS:

CSCtd06290: System failure error when submitting Change Password with enum attribute
There does not appear to be any workaround

View solution in original post

Highlighted
Beginner

Re: ACS 5.2 Password change problem

Hi jrabinow

I think this is the bug i found. Will it be fixed?

Greets

Highlighted
Beginner

Re: ACS 5.2 Password change problem

Since my first post a couple of patches have been released but none of them solved the issue. Do you know when it will be fixed?

Highlighted
Rising star

ACS 5.2 Password change problem

This will be fixed in ACS 5.3 which will be available later this year