This issue is due to the presence of Cisco Bug ID CSCsd52574.
When machine authentication, either Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) or Microsoft Challenge-Handshake Authentication Protocol (MS_CHAP), is attempted after the Cisco Secure Access Control Server (ACS) has lost and then regained connectivity to the global catalog server, authentication can fail and the MachineSPNToSAM: __DsCrackNames failed auth.log error message can be generated in the auth.log file.
This issue occurs in an environment where there is more than one global catalog server for the domain. ACS does not search for the secondary catalog server if the primary goes down.
Note: This issue is particularly seen when ACS is installed on a domain member server.
The temporary workaround for this issue is to re-start csauth.exe.
In order to completely resolve this issue, download and apply the ACS patch version 4.1(1) or higher.
Hi, Apology for my queries, just want to confirm. We have 2 units of N9K swtich and we were only given 1 PAK number. When we tried to register this PAK number to the 1st unit we got the information below:Can we still use the same PAK number for the 2...
Hi AllI have just ONE Ldap authenticantion in connection do VPN AnyConnectionSo Tried to find some option to use 2 Two LDAP (HA) just in case one fail I have secondary.I didn't find option secondary tunnel-group TUNNEL_VPN general-attributesadd...
Hello all,I have a vpn between my branch and main office. From the branch I can reach the main office and the devices there.I would like the branch site to hit the main sites asa and then use it for the internet breakout. I just want it for a few internet...