cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3232
Views
0
Helpful
12
Replies

ACS 5.2 Password change problem

dominikhug
Level 1
Level 1

Hi

Since some months I'm running ACS 5.2 appliance without any problems. Today I found a very strange problem:

When I want to change the password from a local user there's a popup message:

"This System Failure occurred: {0}. Your changes have not been saved.Click OK to return to the list page."

I tried different users but I am not able to change any password. Always the same message.

Cisco Secure ACS

Version : 5.2.0.26.3


all three patches installed

Users migrated form ACS 4.x

If you need any further information, please ask.

Thanks for your help!

1 Accepted Solution

Accepted Solutions

Looks like this is a known existing issue. I found the following CDETS:

CSCtd06290: System failure error when submitting Change Password with enum attribute
There does not appear to be any workaround

View solution in original post

12 Replies 12

padatta
Level 1
Level 1

Not sure how far it will be possible. However, you can try this with username/password without any wildcard characters,

(&% ,.!+ -).

Paps

Dear Valued Cisco Customer,

I will be out of the office from 03/20/2010 until 04/04/2010. During

this time, I will have no access to email or voicemail. If you require

assistance during my absence, please contact Manivannan Srinivasan via

phone at 469-255-4806 or via email at mansrini@cisco.com and this

engineer will continue to work any immediate concerns you may have at

this time. If this issue can wait until my return on 04/05/2010, I will

be glad to continue working with you. If you require assistance outside

of our business hours (10:00am - 7:00pm CST), please contact the TAC by

calling 1800-553-2447 or email tac@cisco.com and request to have the

service request re-assigned.

Best Regards,

Abhishek Neelakanata

I made some additional tests and I was able to locate the problem:

With patch 2 a new function was introduced: "Checking Internal User’s existence before Authentication" (Bug CSCtk32683)

Because this is a very important feature for me I implemented this short after the patch was released to make sure users use a RADIUS OTP token server to authenticate. Normally I don't have to change passwords because there are external passwords/OTP token. But sometimes I have to configure a user to bypass RADIUS OTP token server (lost token or something like this). So I want to change the password because I use a random 32 character password I don't save. And that is not possible.

I defined the internal users attribute ACS-RESERVED-Authen-ID-Store as enumeration to select possible authentication methods (OTP Token, IAS, ACS).

I was able to change password from a newly created user without using the Authen-ID-Store attribute.

Is there a function to prevent changing passwords if Authen-ID-Store is used or is there a bug?

Dear Valued Cisco Customer,

I will be out of the office from 03/20/2010 until 04/04/2010. During

this time, I will have no access to email or voicemail. If you require

assistance during my absence, please contact Manivannan Srinivasan via

phone at 469-255-4806 or via email at mansrini@cisco.com and this

engineer will continue to work any immediate concerns you may have at

this time. If this issue can wait until my return on 04/05/2010, I will

be glad to continue working with you. If you require assistance outside

of our business hours (10:00am - 7:00pm CST), please contact the TAC by

calling 1800-553-2447 or email tac@cisco.com and request to have the

service request re-assigned.

Best Regards,

Abhishek Neelakanata

Hi,

I didn't find any known problems with changing passwords for users with 'ACS-RESERVED-Authen-ID-Store' attribute.

Does deleting such a user and readd help?

I'd like to suggest opening a TAC case to get to the root cause.

Paps

Dear Valued Cisco Customer,

I will be out of the office from 03/20/2010 until 04/04/2010. During

this time, I will have no access to email or voicemail. If you require

assistance during my absence, please contact Manivannan Srinivasan via

phone at 469-255-4806 or via email at mansrini@cisco.com and this

engineer will continue to work any immediate concerns you may have at

this time. If this issue can wait until my return on 04/05/2010, I will

be glad to continue working with you. If you require assistance outside

of our business hours (10:00am - 7:00pm CST), please contact the TAC by

calling 1800-553-2447 or email tac@cisco.com and request to have the

service request re-assigned.

Best Regards,

Abhishek Neelakanata

Deleting and readd doesn't solve the problem. As soon as I use the Authen-ID-Store attribute I'm no longer able to change password. After some additional tests I worked out that this problem only occurs if I configure Authen-ID-Store as enumeration. If defined as string there's no problem.

Dear Valued Cisco Customer,

I will be out of the office from 03/20/2010 until 04/04/2010. During

this time, I will have no access to email or voicemail. If you require

assistance during my absence, please contact Manivannan Srinivasan via

phone at 469-255-4806 or via email at mansrini@cisco.com and this

engineer will continue to work any immediate concerns you may have at

this time. If this issue can wait until my return on 04/05/2010, I will

be glad to continue working with you. If you require assistance outside

of our business hours (10:00am - 7:00pm CST), please contact the TAC by

calling 1800-553-2447 or email tac@cisco.com and request to have the

service request re-assigned.

Best Regards,

Abhishek Neelakanata

Looks like this is a known existing issue. I found the following CDETS:

CSCtd06290: System failure error when submitting Change Password with enum attribute
There does not appear to be any workaround

Hi jrabinow

I think this is the bug i found. Will it be fixed?

Greets

Since my first post a couple of patches have been released but none of them solved the issue. Do you know when it will be fixed?

This will be fixed in ACS 5.3 which will be available later this year

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: