Cisco Secure Access Control Server for Windows

Release Notes for CiscoSecure ACS 2.1(4) for Windows NT


Table of Contents

Release Notes for
CiscoSecure ACS 2.1(4) for Windows NT

Release Notes for
CiscoSecure ACS 2.1(4) for Windows NT


These release notes describe important corrections and additions to the online documentation, additions and enhancements to the CiscoSecure ACS 2.1(4) for Windows NT software, issues closed with this release, and open issues and workarounds. Please review this information before proceeding with your installation or upgrade. This document should be used in conjunction with the CiscoSecure ACS 2.1 for Windows NT Server User Guide.

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at,, or

If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.


The following topics are discussed:

Corrections on page 2

Additions on page 2

Closed Issues on page 3

Enhancements on page 3

Open Issues and Workarounds on page 3

Cisco Connection Online on page 4


In the CiscoSecure ACS 2.1 for Windows NT Server User Guide, in the chapter "CiscoSecure ACS Database Utilities" in the section "Database Import Utility: Creating the Text File," the example for Windows NT Database authentication should read:


The third line in the example import text file should also read:



Before you install CiscoSecure ACS 2.1(4) for Windows NT, make sure all other applications and windows are closed.

If you are using Security Dynamics' SDI for token authentication, we recommend that you upgrade to version 4.1 of the SDI ACE Client software. Earlier versions of the SDI utility that tests client-server connectivity will not operate with CiscoSecure ACS 2.1(4) for Windows NT.

ODBC Message During Installation

If a message displays during installation stating that "The ODBC resource DLL (filename) is a different version than the ODBC (file type and name)," follow these steps:

Step 1   Exit the installation program.

Step 2   Run the odbcdmin.exe file that is located in the SUPPORT\ODBC directory on the CiscoSecure ACS CD-ROM. Installing the odbcdmin.exe file will install the ODBC 3.0 components.

Step 3   When you have finished installing these ODBC components, click SETUP.EXE in the root directory of the CD-ROM to restart installation of CiscoSecure ACS.

Installation Terminates Abnormally

If you get an error message during installation indicating that installation has failed, follow these steps:

Step 1   Go to the Windows Control Panel Add/Remove Programs window and select CiscoSecure ACS 2.1 for Windows NT.

Step 2   Click Uninstall.

Step 3   When you have finished uninstalling, click SETUP.EXE in the root directory of the CD-ROM to restart installation of CiscoSecure ACS.

If Uninstall terminated abnormally or if installation still fails, follow these steps:

Step 1   Go to the SUPPORT\CLEAN directory and run CLEAN.EXE. This will uninstall CiscoSecure ACS 2.1 completely and clean up certain statements from the Windows NT Registry that prevent installation of CiscoSecure ACS 2.1.

Step 2   When you have finished running CLEAN.EXE, click SETUP.EXE in the root directory of the CD-ROM to restart installation of CiscoSecure ACS.

Closed Issues

The following DDTS cases were closed with this release:

  • CSRADIUS VSA—Corrected RADIUS AV-Pair truncation. [CSCdj87963]

  • Usernames with leading/trailing spaces—CiscoSecure ACS 2.1(4) for Windows NT no longer accepts leading/trailing spaces in usernames. [CSCdk03472]

  • Windows NT Shutdown—CSAuth now handles the Windows NT shutdown event correctly. [CSCdj87755]

  • TACACS+ Dr. Watson—TACACS+ now operates correctly with usernames longer than 64 characters.

  • Windows NT SDI Alphanumeric logic—Corrected logic for accepting alphanumeric PINs in SDI logins. [CSCdj93487]

  • Replication failure inconsistency—Fixes intermittent connection failure during replication. [CSCdk10423]

  • Crypto API errors detected in CSAuth after Internet Explorer 4.01 Installation—Fixes application startup errors after Internet Explorer 4.01 installation. [CSCdk02755]

  • CSAuth ERROR condition to NAS—CiscoSecure ACS 2.1(4) for Windows NT no longer replies to the NAS if CSAuth is down. [CSCdj92590]

  • Replication with RX/TX settings—Replication no longer requires the Send and Receive boxes to be checked. [CSCdj82203]

  • Windows NT SDI Multi-Threaded Client—Added support for multi-threaded client. [CSCdk10431]

  • Wait in CSauth for Windows NT authen.dll—Wait state was introduced in CSAuth startup for the Windows NT authentication. [CSCdk09751]

  • Incorrect TACACS+ daemon status—Correct TACACS+ daemon status is now returned to NAS using single-TCP connection. [CSCdk10463]

  • CSAdmin state 20 in Windows NT Event Viewer—Cosmetic change. [CSCdk09766]


The following enhancements were made with this release:

  • Group assignment corruption—User/group assignment is now handled correctly by CSutil.

  • ODBC-single thread—ODBC threads = 1 (previously was a .reg patch). Set the Access Database engine to single thread mode.

  • Windows NT SDI Grammar—Corrected grammar in the New-Pin mode prompt.

Open Issues and Workarounds

Authentication Forwarding with Dial-Up Networking

When performing Authentication Forwarding and Windows NT authentication with Windows dial-up networking, CiscoSecure ACS does not strip character strings located in the middle of usernames. For example, if the user ID is corporation@user1 and the domain is DOMAIN01, the authentication package is read as DOMAIN01\corporation@user1. CiscoSecure ACS does not strip "corporation." The workaround is to place the character string to be stripped at the end of the user ID. [CSCdj67375]

HTML Interface Timeout with Netscape Communicator 4.01

With Netscape Communicator 4.01, when the HTML interface times out, a Java reconnect dialog box opens. Clicking OK does not re-establish the session. The workaround is either to log in again or to use a different version of the browser. [CSCdj62066]

Dragging Hyperlinks in Internet Explorer 3.02

With Internet Explorer 3.02, when you drag any of the hyperlinks, the navigation bar is hidden, and an Internet Explorer message window opens. The workaround is either to use the browser's Back button or to use a different version of the browser. [CSCdj63814]

Installing Internet Explorer 4.01 when CiscoSecure ACS 2.1(4) for Windows NT is Already Installed

If CiscoSecure ACS 2.1(4) for Windows NT is installed and you then install Internet Explorer 4.01, you must restart the system before CiscoSecure ACS services will start. [CSCdk12995]

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can access CCO in the following ways:

For a copy of CCO's Frequently Asked Questions (FAQ), contact For additional information, contact

Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or