-
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
-
Preface
-
Overview of Cisco Secure ACS
-
Deploying Cisco Secure ACS
-
Setting Up the Cisco Secure ACS HTML Interface
-
Setting Up and Managing Network Configuration
-
Setting Up and Managing Shared Profile Components
-
Setting Up and Managing User Groups
-
Setting Up and Managing User Accounts
-
Establishing Cisco Secure ACS System Configuration
-
Working with Logging and Reports
-
Setting Up and Managing Administrators and Policy
-
Working with User Databases
-
Administering External User Databases
-
Troubleshooting Information for Cisco Secure ACS
-
System Messages
-
TACACS+ Attribute-Value Pairs
-
RADIUS Attributes
-
Cisco Secure ACS Command-Line Database Utility
-
Cisco Secure ACS and Virtual Private Dial-up Networks
-
ODBC Import Definitions
-
Cisco Secure ACS Internal Architecture
-
Table of Contents
System MessagesWindows NT/2000 Event Log Service Startup Errors
Replication Messages
Failed Attempts Messages
System Messages
This appendix contains a partial list of system messages for Cisco Secure ACS, an explanation of their meanings, and recommended action to resolve any problems.
Windows NT/2000 Event Log Service Startup Errors
Error Message Could not initialize Crypto
module
Explanation The Microsoft Crypto API failed to initialize.
Recommended Action Make sure you are running the U.S. version of Windows NT/2000. Make sure the Crypto API files are not missing or corrupted.
Error Message Failed to initialize working directories/files
Explanation The Registry might be corrupt, or the files under the CSAuth folder might be missing or busy.
Recommended Action Reinstall Cisco Secure ACS
Error Message One or more registry entries were missing/corrupt
Explanation The CSAuth Registry either is corrupt or has missing values.
Recommended Action Reinstall Cisco Secure ACS.
System Monitored Events
Error Message Auth server down: Could not change
Password
Explanation CSMon could not change the password of the test account.
Recommended Action No action required.
Error Message CSMon obtained an authentication via a CiscoSecure service.
Recommended Action No action required.
Error Message Error Message name: Failed to authenticate on test account
Explanation CSMon failed to get an authentication via a CiscoSecure service.
Recommended Action No action required.
Error Message name: Failed to logon to test account.
Explanation CSMon failed to log in via a CiscoSecure service.
Recommended Action No action required.
Error Message name: Failed to logoff from test account
Explanation CSMon failed to log off via a CiscoSecure service.
Recommended Action No action required.
Error Message name: Logged Off
Explanation CSMon logged off via a CiscoSecure service.
Recommended Action No action required
Error Message name: Logged On
Explanation CSMon obtained a login via a CiscoSecure service.
Recommended Action No action required.
Error Message Monitoring of name stopped as a service name was stopped
properly
Explanation A CiscoSecure service was shut down because a service it depended on has been shut down.
Recommended Action No action required.
Error Message Problem Authenticating from name. Got as far as phase
Explanation CSMon could not authenticate a test account via a CiscoSecure service. phase is one of the following:
Recommended Action No action required.
Error Message Problem Logging on to name. Got as far as phase
Explanation CSMon could not log on to the named account via a CiscoSecure service. phase is one of the following:
Recommended Action No action required.
Error Message Problem Logging Off from name. Got as far as phase
Explanation CSMon could not log off from the named account via a CiscoSecure service. phase is one of the following:
Recommended Action No action required.
Error Message Problem Logging on to name. Got as far as phase
Explanation CSMon could not log on to the named account via a CiscoSecure service. phase is one of the following:
Recommended Action No action required
Error Message Service name could not be restarted
Explanation CSMon has failed to restart the named CiscoSecure service.
Recommended Action Manually start the applicable service from the command line or choose Start > Settings > Control Panel and then click Services and use the Services applet to start the applicable service
Error Message Service name has been restarted so monitoring will now continue
Explanation The named CiscoSecure service has been restarted via the Windows NT/2000 Service Manager.
Recommended Action No action required.
Error Message Service name has been stopped properly. Monitoring will suspend
until the service is restarted
Explanation The named CiscoSecure service was shut down via the Windows NT/2000 Service Manager
Recommended Action No action required.
Error Message Service name in transition state for too long... giving up
Explanation CSMon waits only so long before giving up on a transitory service.
Recommended Action No action required
Error Message Service name in transition/unknown state... will try again
Explanation Windows NT/2000 Service Manager does not know what state a service is in.
Recommended Action No action required.
Error Message Service name not running: will attempt to restart
Explanation CSMon has detected that the named CiscoSecure service is not running.
Recommended Action No action required
Error Message Service name re-started OK
Explanation CSMon has restarted the named CiscoSecure service
Recommended Action No action required.
Replication Messages
Error Message Cannot replicate
to `name'- server not responding
Explanation The named destination Cisco Secure ACS system was unreachable
Recommended Action Check the connectivity between the remote Cisco Secure ACS and the replicating ACS. Verify that the IP address of the AAA server is correct under AAA entry.
Error Message Database synchronization with host name failed - refer to CSAuth
log file
Explanation Part of the configuration set could not be sent to the named Cisco Secure ACS.
Recommended Action Check the CSAuth log file to view the cause of the failure. The CSAuth log file is located in Program Files\Cisco Secure ACS v2.6\CSAuth\logs.
Error Message Failed to send one or more files to host `name'
Explanation Part of the replication set was not successfully sent to the remote Cisco Secure ACS.
Recommended Action Check the connectivity between the remote Cisco Secure ACS and the replicating ACS. Verify that the IP address of the AAA server is correct under AAA entry.
Error Message Host `name' has denied replication request
Explanation Remote Cisco Secure ACS did not authorize replication.
Recommended Action Verify that the remote ACS is accepting replication in System Configuration: CiscoSecure Database Replication.
Error Message Host `name' not replied to replication request - possibly dead
Explanation Remote Cisco Secure ACS did not respond to replication commit command.
Recommended Action Check the systems' connectivity.
Error Message Host `name' not configured to receive any matching information
Explanation The remote Cisco Secure ACS is not configured to accept the information offered.
Recommended Action Verify that the remote ACS has at least some replication components checked.
Error Message Inbound database replication from host `name' denied
Explanation Remote Cisco Secure ACS not authorized to replicate to this Cisco Secure ACS.
Recommended Action Configure the remote Cisco Secure ACS to replicate to this Cisco Secure ACS.
Error Message Inbound database replication from remote host has errors - refer to
CSAuth logfile
Explanation Inbound replication failed or was only partially successful.
Recommended Action Check the CSAuth log file to view the cause of the error. The CSAuth log file is located in:
Program Files\Cisco Secure ACS vx.x\CSAuth\logs.
Error Message Initiating outbound database replication
Explanation CSAuth has started to replicate configuration information to another Cisco Secure ACS.
Recommended Action No action required.
Error Message Outbound database replication completed
Explanation CSAuth has completed replication.
Recommended Action No action required.
Error Message Outbound database replication failed - refer to CSAuth log file
Explanation Replication failed or was only partially successful.
Recommended Action Check the CSAuth log file to view the cause of the failure. The CSAuth log file is located in:
Program Files\Cisco Secure ACS vx.x\CSAuth\logs.
Failed Attempts Messages
Error Message Auth type not supported by External DB
Explanation External DLL is not configured for requested authentication type.
Recommended Action No action is required.
Error Message Cached token rejected/expired
Explanation The cached token is incorrect or has expired.
Recommended Action Enter or re-enter the correct token.
Error Message Failed to Allocate IP Address For User
Explanation Internal error.
Recommended Action The ACS pool has run out of available IP addresses. Extend the IP address ranges.
Error Message Key Mismatch
Explanation The AAA client secret key did not match the Cisco Secure ACS configured key.
Recommended Action Check the shared key between the Cisco Secure ACS and the AAA server.