Solved

TACTEST from tacacs.net issue on Windows 7

Posted on 2015-02-10
4
515 Views
Last Modified: 2015-07-11
Background:
tacacs.net 1.3.1 installed on a Army AGM imaged Windows 7 desktop

I'm having issues getting the simply tactest utility from tacacs.net to pass.  I can't even get it to fail either.
I'm getting this message:
Error in processing response: The type initializer for '♥.' threw an exception.
Could not get pass-fail information

------------------

SUMMARY STATISTICS

------------------

Total Commands  .....................  1
Successes  ..........................  0
Failures  ...........................  0
No Results  .........................  1
Time Taken for commands  ............  0.046 secs
Avg Possible Transactions/Second  ...  21
Network Time per command  ...........  0 secs
Total Network time  .................  0 secs
Sent Transactions/Second  ...........  13.3



I've editted the tacacs.xml file to be the IP address of the TACACS+ system.
I've editted the clients.xml file to the IP address so that TACTEST can be run from TACACS+ system itself.
I've editted the authentication.xml file to uncomment the user1 and user2 entries (for testing only, of course)

The tacverify indicates the configuration files are ok.  The host firewalls have been temporarily disabled.  The tacacs.net service is running and telnet to the host shows ESTABLISHED when it connects.

Entry from the Debugging Log:
<87> 2015-02-10 13:37:42 Local address and port : X.X.X.21 49
<87> 2015-02-10 13:40:25 Device X.X.X.21:49808 is  allowed to connect based on settings for group LOCALHOST
<94> 2015-02-10 13:40:25 New client connection opened for X.X.X.21:49808 TID:7
<87> 2015-02-10 13:40:25 TOTAL connections: 1
<87> 2015-02-10 13:40:26 [X.X.X.21:49808] Could not receive data from client An existing connection was forcibly closed by the remote host. Client might have closed connection.

(Sorry - had to sanitize the IP address)

Any ideas?
0
Comment
Question by:Tracy Horstman
  • 3
4 Comments
 

Author Comment

by:Tracy Horstman
ID: 40601619
Upon further investigation -- I found that tactest is successful on a Windows 7 system that is not an Army AGM image (aka, DISA STIG'd) so I'm left to believe that somewhere in the STIG settings for Windows 7 the ability for tacacs.net to run properly is being hampered so if anyone has had any experience with tacacs.net running on a Windows 7 system that has been DISA STIG'd, I would love to hear from you
0
 
LVL 10

Expert Comment

by:Rafael
ID: 40602424
WOW, it's been a while since I had to work on AGM disks.  However, in many cases we found the issue to be in the security settings of the local registry. Especially in Kerberos. So...  I would first look at the security features first and go from there.
0
 

Accepted Solution

by:
Tracy Horstman earned 0 total points
ID: 40868568
Seems that is a security setting in AGM Windows 7 -- a needle in a haystack so opted to another route -- thanks to all who responded!
0
 

Author Closing Comment

by:Tracy Horstman
ID: 40877318
The security settings in Army Gold Disk version of Windows 7 are too numerous to determine where the cause of my problem would be so I just opted to go another route.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question