Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2150
Views
0
Helpful
0
Comments

Machine authentication fails and the "DsCrackNames failed" error message appears in the auth.log file of the ACS

TCC_2
Level 10
Level 10

‎06-22-2009 04:10 PM - edited ‎02-21-2020 09:55 PM

Core issue

This issue is due to the presence of Cisco Bug ID CSCsd52574.

When machine authentication, either Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) or Microsoft Challenge-Handshake Authentication Protocol (MS_CHAP), is attempted after the Cisco Secure Access Control Server (ACS) has lost and then regained connectivity to the global catalog server, authentication can fail and the MachineSPNToSAM: __DsCrackNames failed auth.log error message can be generated in the auth.log file.

This issue occurs in an environment where there is more than one global catalog server for the domain. ACS does not search for the secondary catalog server if the primary goes down.

Note: This issue is particularly seen when ACS is installed on a domain member server.

Resolution

The temporary workaround for this issue is to re-start csauth.exe.

In order to completely resolve this issue, download and apply the  ACS patch version  4.1(1) or higher.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents