AD get disconnected continuously for Cisco ACS 5.3

~ anjaz

ACS5.3 trouble shooting
windows AD disconnection with ACS 5.3 to windows server 2008

to debug

enter into acs as acs-config
enter the credentials of web authentication

debug runtime level debug
debug-ad-client enable

now exit

and test the connection

now you can export the log file to your tftp server for that we need to define the repository
conf t
repository tftpd
url tftpd://<IP>
exit
exit
copy disk:ad.log tftp://<IP>/<filename>

this connectivity issue is corrected in the below patch and to install the patch
Instructions on how to install the patch
========================================
1. open CLI console
2. define new repository in which the 5-3-0-40-4.tar.gpg resides

you have to use FTP server instead of tftp since tftp is not working with files greater than 32MB it will show the transfer
success but at the end there is loss of transfer of the data. so with ftp server its tested and working fine.
you can use filezilla ftp server installed on your client and make this work
while configuring the repository

conf t
repository ftpd
url ftp://<IP>
username <user> password plain <password> -> this has to be set while the time of installing of ftp server filezilla (Open
source)
3. issue: ‘acs patch install 5-3-0-40-4.tar.gpg repository YOUR_REPOSITORY’
4. verify installation by getting the following version information via CLI by issuing:
#show application version acs
Cisco ACS VERSION INFORMATION
=============================
Version : 5.3.0.40
Internal Build ID:
patches:
5.3.0.40.4

Note: You may want to do this by deregistering secondary from primary and installing both patches in standalone mode and
registering back secondary to primary ACS and seeing if AD connection is stable.

Published by anjaz

Passionate Photographer, Traveller, Adventurer, Explorer

2 thoughts on “AD get disconnected continuously for Cisco ACS 5.3

  1. During patching the version, the services are stopped?? I would need a maintenance window to do the patching?? what about 5.3.0.40.7???

    Reply

  2. its advised to stop the services (use the command “show application” and “application stop”) and run the patch. make sure if you have a primary and secondary acs then you should apply the patch independently on both the acs (you have to deregister secondary from the primary).
    Also you will need a maintenance window to do this.
    After the patch version my ACS version was 5.3.0.40.4 and i face the same issue of AD disconnected status only once this is due to clock skew error with AD server and ACS.
    Still finding a way to resolve this bug.

    Regards,
    Anjaz

    Reply

Leave a comment