Unable to change password with the UCP 4 in ACS and the "CGI error The specified CGI application misbehaved by not returning a complete set of HTTP headers" error message appears after the userid and password are entered
This issue occurs due to presence of Cisco bug ID CSCsc52660.
In this issue, after the ID and password of an ACS user are entered and Login is clicked, the user changeable password (UCP) displays this error message:
CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are:
The default configuration of IIS enables anonymous access to virtual directories for UCP. On IIS Admin, open Properties of secure/securecgi-bin Virtual Directory, choose Directory Security, and then check Anonymous Access and AuthenticationControl. Disable anonymous access, and IIS shows the ID and password prompt when the UCP page is opened. With successful IIS authentication, UCP works correctly. If the non-default user is assigned to IIS anonymous access, it fixes this problem most of time, but not always. This problem is not seen in the ACS 3.3 timeframe.
In order to resolve this issue, change the user that runs CSusercgi.exe to Administrator. Complete these steps in order to accomplish this task:
Install UCP on a machine that runs the IIS server.
Open IIS Manager.
Locate the Default Web Site.
Double-click on the virtual name, securecgi-bin.
Right-click on CSusercgi.exe and choose Properties.
Choose File Security.
Choose Edit in the Authentication and access control area.
Change the username from IUSR_ to Administrator and enter the password. Make sure that Integrated Windows authentication is checked.
Now, check UCP from a user browser. The second window appears instead of the CGI error message.
Hi, Need some advice please. I have 2x ASA5516-X firewalls running in active/standby HA and running eBGP with a service provider. The provider have two CPEs on site, connected via a common subnet with the outside interfaces of the firewal...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce?emailclick=CNSemail It stated: A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appli...
HI Everyone， We want to do a downgrade for our ASA, they are working on Failover A/S mode. I am not sure about this operation.What should I do? Is there a detailed step? Does the implementation of this downgrade process require a transition to a...
Hello, Since I apply Patch 3 on ISE version 2.6, ISE does't send CoA (reauth) after profiling an endpoint (working with Patch 2). I notice a problem of timestamp on accounting log (see picture), it may be a link. Does someone had the same p...
team, in ISE, device authenticated through a sponsor, needs to reauthenticate every 20 min. any idea how to change this and make it at least 8h? i already checked the WLC and the timeout value is set to maximum 65535. anything else to modify?