Showing results for 
Search instead for 
Did you mean: 

Unable to change password with the UCP 4 in ACS and the "CGI error The specified CGI application misbehaved by not returning a complete set of HTTP headers" error message appears after the userid and password are entered


Core issue

This issue occurs due to presence of Cisco bug ID CSCsc52660.

In this issue, after the ID and password of an ACS user are entered and Login is clicked, the user changeable password (UCP) displays this error message:

CGI Error
The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are:

The default configuration of IIS enables anonymous access to virtual directories for UCP. On IIS Admin, open Properties of secure/securecgi-bin Virtual Directory, choose Directory Security, and then check Anonymous Access and Authentication Control. Disable anonymous access, and IIS shows the ID and password prompt when the UCP page is opened. With successful IIS authentication, UCP works correctly. If the non-default user is assigned to IIS anonymous access, it fixes this problem most of time, but not always. This problem is not seen in the ACS 3.3 timeframe.


In order to resolve this issue, change the user that runs CSusercgi.exe to Administrator. Complete these steps in order to accomplish this task:

  1. Install UCP on a machine that runs the IIS server.

  2. Open IIS Manager.

  3. Locate the Default Web Site.

  4. Double-click on the virtual name, securecgi-bin.

  5. Right-click on CSusercgi.exe and choose Properties.

  6. Choose File Security.

  7. Choose Edit in the Authentication and access control area.

  8. Change the username from IUSR_ to Administrator and enter the password. Make sure that Integrated Windows authentication is checked.

  9. Now, check UCP from a user browser. The second window appears instead of the CGI error message.

Refer to User Guide for Cisco Secure ACS User-Changeable Passwords for more information.

Recognize Your Peers
Content for Community-Ad