We've been running an older version of Cisco ACS (2.6x) on windows server
2000 for several years now. It uses active directory in a windows 2003 domain as its external database to authenticate. Everything works fine; however, I'd like to upgrade the server to server 2003, then possibly get the latest version of ACS.I loaded the old version of ACS on a test 2003 server; however, I cannot get it to work. The ACS failed attempts logs just say 'unknown' under authen-failed-code. It appears to be authenticating fine with active directory. The event logs on the domain controllers show a successful logon, as does the 2003 server. However, the 2000 server with ACS that works, shows three events: successful network logon, special privileges assigned to new logon, and user logoff. The 2003 server shows the successful logon and logoff, but not the special privileges assigned.
I suspect it has something to do with server 2003's enhanced security. I tried running CSAuth.exe, etc. as windows 2000, but it made no difference. Any ideas? Any security settings I might try, services to check, or will that version of ACS just not run on server 2003? Thanks. -Bob