Main Nav

Today, after several days of no-problem ramping up to full strength on our large WLAN 7.4.110 environment, we had two fleeting spates of disruption in the authentication of clients against AD. Each episode lasted a few minutes, and resulted in our Cisco ACS 5.4s showing large volumes of these failure reasons:
 
11051 RADIUS packet contains invalid state attribute
24463 Internal error in the ACS Active directory
 
We have a TAC case open, and am waiting to hear back from our AD admin on whether there are any logs showing trouble between the accounts we use on the ACS boxes and the Domain Controllers.
 
Has anyone seen similar that can comment or theorize?
 
Regards-
 
Lee Badman
 
 
 
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

HI Lee,

 

A few years back I used ACS -> AD account for Ciscoworks LMS.  Ciscoworks does multi-threaded tasks under the hood.  This resulted in multiple/fast auths using the AD account.  The AD controller(s) saw this as an attack and thus caused the AD account to  be momentarily locked out.  After a few minutes, AD would allow the account to be used again.  I moved away from AD integration for this reason in this case. Once I moved to local CW account, AD was out of the mix and Ciscoworks performed normal.

 

Chad

 

 

Thanks, Chad- we have no choice but to use the ACS->AD account as the hook to verify user accounts. No sign of account lockout, but we’re still diggingJ

 

Lee,

 

If you pre pay for M$ technical services, get your MS-TAM engineer involved too/start MS TAC case.  AD logs are hard to read, don’t tell you much and most AD admins never want to help out in this area I find.

 

;-)

 

CB

 

Hi Chad-

 

Thankfully, we have about as good of a working relationship with our AD folks as you could ever hope for (which makes us fortunate, indeed). These gents are sharp, and we all can share/accuse/assist mutually as needed J

 

-Lee

 

Message from me@mpking.com

Lee,
Did you ever get a resolution to this?

Mike


Message from me@mpking.com

Lee,
Did you ever get a resolution to this?

Mike


Close
Close


EDUCAUSE Connect
View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.