Cisco Acs 5.3 Clock Skew Error
Contents |
Secure Access Control SystemConfigureConfiguration Examples and TechNotes ACS 5.x: Cisco ACS Synchronization with NTP Server Configuration Example Download Print Available Languages Download Options PDF (10.4 KB) View with Adobe cisco acs 5.3 installation guide Reader on a variety of devices Updated:Jun 15, 2012 Contents Introduction Prerequisites Requirements cisco acs 5.3 end of life Components Used Conventions Configure NTP Configuration on Cisco ACS Verify Troubleshoot Problem: Clock drifts too much and NTP fails
Cisco Acs 5.3 Password Recovery
when ACS is installed on a VMWare machine Solution NTP Synchronization lost after the interface IP address of ACS is changed Solution Related Information Introduction Network Time Protocol (NTP) is a protocol used
Cisco Acs 5.3 Configuration Guide
in order to synchronize the clocks of different network entities. It uses UDP/123. The main objective to use this protocol is to avoid the effects of variable latency over the data networks. This document provides a sample configuration for the Cisco ACS to synchronize its clock with NTP server. ACS 5.x is allowed to configure up to two NTP servers. Prerequisites Requirements There are no specific cisco acs 5.3 default username and password requirements for this document. Components Used The information in this document is based on these software and hardware versions: Cisco Secure ACS Version 5.x The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Conventions Refer to the Cisco Technical Tips Conventions for more information on document conventions. Configure In this section, you are presented with the information to configure the features described in this document. Note:Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section. NTP Configuration on Cisco ACS In order to synchronize the time of Cisco ACS with an NTP server, complete these steps: Manually configure the date and time with the clock set
for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get
Cisco Acs 5.3 Eol
Help Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers cisco acs timezone Vendor Services Groups Website Testing Store Headlines Experts Exchange > Questions > Cisco ACS server clock skew error Want to Advertise cisco acs ntp setup Here? Solved Cisco ACS server clock skew error Posted on 2011-10-05 Network Operations 1 Verified Solution 4 Comments 3,382 Views Last Modified: 2012-05-12 Hello all, i have a Cisco ACS server configured in a virtual environment http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113579-acs-ntp-vmware-00.html - V-Sphere. The ACS is used for authenticating wireless and VPN users RADIUS. Also it is used for for authenticating netork admins logging in to routers and switches etc... TACACS is used for this. The ACS talks to Active directory to authenticate the users. Every so often, maybe every 3 months, people are not able to authenticate. I log on to the ACS GUI page, and perform a connectivity test to https://www.experts-exchange.com/questions/27381023/Cisco-ACS-server-clock-skew-error.html AD. It fails and says there is a clock skew error. i then have to manually SSH to the ACS, change the clock and then restart. the funny thing here is, the clock on ACS has to be 1hour and 10 minutes behind the domain controller for the link between ACS and AD to be successfull. If i set the correct time on the ACS then the connection actually fails - clock skew error. does anybody know a fix for this? maybe someone has seen this before? its even more frustrating because, even though all my NAS devices such as wireless access points, VPN concentrator etc... are configured to use an alternative server for user authentication, this other server is never attempted becase the wireless access point for instance can still see the ACS. Therefore the secondary authentication server is never attempted, and the user just fails authentication based on the clock skew error. a quick fix is to power off the ACS, and then the secondary auth server is used. But this is obviously just a workaround and would prefer a better solution. thanks in advance. 0 Question by:L-Plate Facebook Twitter LinkedIn Google LVL 14 Best Solution byanoopkmr you may need to configure NTP.. this what i found in the
as acs-config enter the credentials of web authentication debug runtime level debug debug-ad-client enable now exit and https://engineeronnetwork.wordpress.com/2012/05/16/ad-get-disconnected-continuously-for-cisco-acs-5-3/ test the connection now you can export the log file to http://networking.bigresource.com/Cisco-AAA-Identity-Nac-6500-ACS-5-2-Clock-Skew-Error-kirJum32S.html your tftp server for that we need to define the repository conf t repository tftpd url tftpd://
the AD . I have noticed in some case, i lose connectivity between ACS and AD and when i say test connection , it shows clock skew error . Reboot of ACS sometimes solves the issue, else it comes up automatically after some hours . In core switch , i have configured time as PST +4 and in ACS it is configured as PST +4 , which automatically goes to GST. View 15 Replies Similar Messages: Cisco AAA/Identity/Nac :: ACS 5.2 Error - 22056 Subject Not Found In Applicable Identity Cisco :: 6500 Series 6548 Card Error? Cisco :: 6500 - NAM-2 Error Communicating With RMon Daemon Cisco :: 6500 X6704 Port Receive-Error With Nothing Connected Cisco Switching/Routing :: Getting DHCP Timeout Error On 6500 Cisco Switching/Routing :: 6500 MSFC2 Strange Error Message Cisco Switching/Routing :: PoE Error On 6500 / Inline Power Module Cisco Switching/Routing :: 6500 VSS - Correctable Dram Memory Error Cisco WAN :: 6500 - Copp Configuration / Error Failed To Install Policy Cisco AAA/Identity/Nac :: ISE Trustsec With 6500 Cisco AAA/Identity/Nac :: RADIUS And VRF In 6500 Cisco AAA/Identity/Nac :: 6500 / Restricting Access To SSIDs? Cisco AAA/Identity/Nac :: Can't Establish Local Login / Authorization On 6500 Cisco AAA/Identity/Nac :: Getting ACS 5.4.0.46.3 Error Cisco WAN :: Max Clock Rate - WIC 2T For 2851 And 3845 Cisco Infrastructure :: 2960 Clock Time Not Set Cisco WAN :: 1841 Clock Time Is Not Stable? Cisco AAA/Identity/Nac :: ACS 4.2 Gives Internal Error Cisco AAA/Identity/Nac :: Authentication Error In ACS 5.3 What Is Maximum Clock Frequency Of LAN Card AAA/Identity/Nac :: ACS 5.4.0.46.3 Windows Error AAA/Identity/Nac :: ACS 5.2 Could Not Be Upgraded And Gives Error Cisco :: Show The Clock Rate Received On The DTE Side? Cisco WAN :: Clock Slips On VWIC-2MFT In 2811 Cisco Switching/Routing :: Clock For SIP Phone 3905 Cisco WAN :: 4948 / NTP Master - How To Make Clock Set Become Permanent Cisco AAA/Identity/Nac :: ACS 5.1 Error Code Transl