Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1953
Views
0
Helpful
1
Replies

'Could not find user' with EAP-TLS in ACS

kai.freese
Level 1
Level 1

‎11-01-2010 04:45 AM - edited ‎03-10-2019 05:32 PM

Hi all,

we are running ACS 4.2(1) Build 15 on a Win2003 member server and use the ACS for EAP-TLS with certificates (Microsoft-PKI) for WLAN authentication (WLC 4402, 6.0 and 4.2). We are using both machine and user authentication.

Sometimes machine authentications fail with following message in AUTH.log:

AUTH 11/01/2010 09:11:28 E 1395 1904 0x31cb External DB [NTAuthenDLL.dll]: Could not find user host/<xxxxxxxx>.com (0x5012)

But some minutes/hours later the same machine can authenticate successful. Other machines never have this problem, no problems at all with user authentications.

Does anyone have an idea where I can proceed with troubleshooting? I haven't found any related messages in server event logs. Are there any other logs where I can find reasons for these problems that are occuring only sometimes?

Thanks

Kai

Labels:
0 Helpful
1 Reply 1

Yudong Wu
Level 7
Level 7

‎11-01-2010 09:15 AM

AUTH.log and RDS.log are two log file you need to look into on ACS side. Make sure the log level is set to "Full"

You might need to check the log on AD side to see why it could not find this host.

Comparing the logs between the working and non-working cases might be helpful.

0 Helpful
Customers Also Viewed These Support Documents