I have a server running CiscoACS 4.2 on windows 2003. I have 5 domain controllers. I have been working to upgrade our domain functional level and I finally got to the point where I wanted to shutdown my last win2k domain controllers. I have 4 domain controllers at the main site (2) win2k8R2 and (2) Win2k. I shut down the 2 win2k servers today and all of a sudden Cisco ACS stopped working. I use ACS to authenticate using TACACS+ on my Cisco ASA and for my VPN clients to authenticate to the windows domain. I know my domain is fine, I can log in and authenticate with windows clients after the 2 win2k servers are shut down. The really weird thing is that I can authenticate 1 time after the CSAuth service is restarted and then all attempts fail afterwards. I go ahead and turn one of the win2k DCs back on and Authentication works again!
I am not using LDAP within the ciscoACS server. I am using a "windows database" I'm assuming it's just trying to find "Domain.COM" not just this domain controller by name?
right now my domain is in windows 2000 functional level. I was told others have installed this within a domain that is a win2k8 functional-level so I'm assuming it's not a win2k8 ADS issue? any help would be appreciated!!