Posts Tagged ‘Cisco’

Cisco ACS / TACACS Active Directory Join/Bind Issues

December 29th, 2014

After battling with a number of issues successfully joining the ACS appliance to the domain, I wanted to post a list of troubleshooting steps to help anyone else that might run into issues:

– Password for the AD Account – If you are getting errors like account disabled, “invalid credentials to join this machine to active directory domain”, account locked, etc after doing a Test Connection which returns successful, try changing the password. Remove any special characters, and potentially shorten the password. I had an extremely long password with complexity that caused my issues. I am unsure of the max length, but this was the root cause of most of my issues.

You might see something like this in your logs which is an indication of above:

Dec 29 14:06:40 yyyyyyyy adleave[9970]: INFO cli.adleave Leaving domain yyy.com successful
Dec 29 14:06:40 yyyyyyyy adleave[9970]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory
Dec 29 14:06:41 yyyyyyyy adjoin[10021]: INFO cli.adjoin Version: CentrifyDC 4.3.0-192
Dec 29 14:06:41 yyyyyyyy adjoin[10021]: WARN base.kerberos.keytab getUserSalt failed: get creds: Preauthentication failed
Dec 29 14:06:41 yyyyyyyy adjoin[10021]: INFO cli.adjoin Join to domain ‘yyy.com’, zone ‘null’ failed.
Dec 29 14:06:41 yyyyyyyy adjoin[10028]: INFO cli.adjoin Version: CentrifyDC 4.3.0-192
Dec 29 14:06:41 yyyyyyyy adjoin[10028]: INFO samba.interop Attempting interoperability with untested Samba version .
Dec 29 14:06:41 yyyyyyyy adjoin[10028]: INFO cli.adjoin Wrote /etc/centrifydc//openldap/slapd.conf
Dec 29 14:06:41 yyyyyyyy adjoin[10028]: INFO util.configfiles Wrote /etc/centrifydc//openldap/ldap.conf
Dec 29 14:06:41 yyyyyyyy adinfo[10034]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory
Dec 29 14:06:41 yyyyyyyy adinfo[10034]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory

– You then might get the following error: “The item you trying to delete is referenced by other items. You must remove all references to this item before it can be deleted.” This is apparently a known bug. some posts say that you basically have to remove everything that refers to Active Directory in ACS. DO NOT do that. Just go to the CLI and issue the following two commands:

acs stop

acs start

Then go back in and set the password. There was a note on one of the posts that you should skip the Test Connection as it could cause the above.

– I read another post that said to right-click on the computer object in Active Directory and chose reset before doign the join. I do not believe that fixed it in my case, but it is good for the “bag of tricks” for troubleshooting this. In effect it should clean the object to prepare it for a domain join.

Tags: , ,
Posted in Uncategorized | Comments (0)

Cisco VPN Client on Windows 8 – failed to enable the virtual adapter

January 29th, 2013

On Windows 8 when trying to connect via  the Cisco VPN client you get an error:  “failed to enable the virtual adapter”
·    Open Registry editor
·    Browse to the Registry Key HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\CVirtA
·    Select the DisplayName to modify, and remove the leading characters from the value data up to “%;” i.e.
·    For x86, change the value data from something like “@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter” to “Cisco Systems VPN Adapter”
·     For x64, change the value data from something like “@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” to “Cisco Systems VPN Adapter for 64-bit Windows”
·    No restart required, try connecting again

Tags: , ,
Posted in Uncategorized | Comments (0)