Guest

Preview Tool

Cisco Bug: CSCuo04787 - CX: ADI doesn't use updated join password upon reconfiguring it

Last Modified

Apr 06, 2016

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases

100.4(0.0.6) 100.5(0.0.161) 9.2(1.2.78)

Description (partial)

Symptom:
CX will fail to use a new join password configured for an active directory (AD) realm if a previous password has already been committed. This could cause active authentication to fail with following messages in adi.log:

2014-04-01 15:33:03,966 DEBUG vdi.daemon           - auth: received auth request.
2014-04-01 15:33:04,465 ERROR vdi.daemon           - likewise: Join returned LW_ERROR_PASSWORD_MISMATCH
2014-04-01 15:33:04,467 ERROR vdi.daemon           - ad: likewise down... restarting.
2014-04-01 15:33:07,368 ERROR vdi.daemon           - likewise: Join returned LW_ERROR_PASSWORD_MISMATCH
2014-04-01 15:33:07,369 ERROR vdi.daemon           - ad: join 'cxlab.com' failed.
2014-04-01 15:33:07,369 ERROR vdi.daemon           - ad: auth failed, not joined to domain=cxlab.com
2014-04-01 15:33:07,369 INFO  vdi.daemon           - auth: failed auth request.
2014-04-01 15:33:07,369 INFO  vdi.daemon           - auth: sending authentication event type='7'

Conditions:
Join password configured first was committed and then we attempt to change the join password.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.