problem in ACS5.1 : "EAP session timed out", "RADIUS Request dropped "

MaratShajmiev · ‎02-18-2011

Hi .

Part of my access points do not want to authenticate wi-fi users (through Radius server and Microsoft AD) .

The scheme is: wi-fi PC-access point -ACS server 5.1 (Radius)-Microsoft AD

After I configured some AP, next logs we can see :

EAP session timed out (many)

RADIUS Request dropped (many)

Could not establish connection with ACS Active Directory agent

User's Groups retrieval from Active Directory failed

The user is not found in the internal users identity store.

Another part of devices (AP) works well.

Anyone can help me to solve this problem please?

Nicolas Darchis · ‎02-19-2011

The session timed out and request dropped are nearly "normal". If the authentication fails for some reason, and one side (AP or ACS) decides to stop answering (instead of rejecting) this would be the message shown.

The other messages seem to indicate that there is a problem with your AD. Did you test the bind ? Can you retrieve the AD groups list from ACS ?

Do you use AD with the ACS for another part of your network that would be working fine ?

Nicolas

MaratShajmiev · ‎02-19-2011

Hi Nicolas.

In logs usually we see some steps of beginning relations between devices. But here we see only one log line:

What can it mean?

The other messages seem to indicate that there is a problem with your AD. Did you test the bind ? Can you retrieve the AD groups list from ACS ?

Yes, we tested relations between AD and ACS, AD groups list retrieve fine from AD. In addition half of devices in network works fine: wi-fi devices authenticates excellent .

Do you use AD with the ACS for another part of your network that would be working fine ?

Yes, there is single AD and ACS.

Nicolas Darchis · ‎02-20-2011

Very strange.

We should take a deep dive in the logs to understand the problem. That's best done through a TAC case.

Did you also made sure you're on the latest acs 5.1 patch ?

altorres75 · ‎04-18-2011

Hello,

I am getting the same Radius request dropped, but my users are authenticating OK. Do you consider this message normal?

Regards,

Alex

tmarques87 · ‎04-16-2012

i'm having the same problem

I opened a case in cisco ... and now I'm waiting forresponse

ausjustin · ‎09-02-2012

Hello All

Anyone has been resolved this issue ? I had exactly same issue ? but i was running ACS 5.2.0.26.3 VERSION .

Thanks

Justin