AFP logon window takes 60 - 90 seconds for remote users
We have a 10.4.11 server running AFP and multiple other services. About 25 users connect to the AFP sharepoints via the internal network and the login window appears immediately. Another 25 users connect through a hardware VPN from another office and their login screen appears immediately as well. We have another set of 25 users who connect directly over the internet, and only recently, it is taking 60 - 90 seconds for the logon window to appear. Once it does appear, the connection runs at normal speed.
It makes no difference whether the address is specified as FQDN or IP address. I've tried turning off Bonjour, and adding the host domain name to the search domains, but this made no difference either.
This problem did not exist until recently. It may have been about the same time as the 10.5.4 update, but I can't be sure.
Also, our ISP is known to play with "Shaping" although we did have AFP set to high priority and Port 548 is not restricted.
Is there another service that Apple uses to bring up the logon window? If so perhaps our provider is restricting bandwidth on that.
- Tim
This problem related to AFP requesting a "Service Record" first and waiting until that timed out before requesting the "A" record for the site. It seems to be an issue with OS X 10.5.4 and OpenDNS. Hopefully they will sort it out soon.
Similar Messages
-
AD SSO not happening for Remote Users
Dear Members
I am having an issue with the NAC Deployment for Remote users (Users behind WAN Router)
Windows AD SSO (2008) is happening for LAN users successfullly, however remote users
are not able to do AD SSO.
it is ensured that remote users even in unauthenticated state can reach Active directory. there is no filtering
on any of the device across the path, for this communication.
When i use Kerbtray on the remote PC, i found no tickets at all.(i am logged in thru Domain)
what could be going wrong, is it delay (as they are wan user) which might attribute this issue, and if so, where are the needed parameters that can be tuned for AD SSO to happen.
Any help will ne highly appreciated.
thanks
AhadHi Ahad,
As long as ALL the policies in Table 8-1 are configured for the Unauthenticated Role
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1174219
the CAS should be out of the picture for what concerns the communication between the PC and Kerberos.
If the Kerbtray.exe output for a failing user is empty, it means that the unsuccessful users do not have any Service Ticket (ST) at all.
This points to an issue with AD (considering the fact that the CAS is already allowing all the traffic to/from AD).
The failing users are either unable to send the Ticket-Granting Ticket (TGT) to AD, or they are unable to obtain the Service Ticket (ST) from AD.
The CAS during this phase is neither performing any actions nor blocking any traffic, since all the communications to/from AD are already fully open in the unauthenticated role.
Regards,
Fede
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
How to create accounts for remote users in 1841
Hi,
I was wondering how can i create accounts for remote users to be able to vpn please ? I have setup the vpn server successfully.
Regard,Hello.
I believe that you can try this:
Router# configure terminal
Router (config)# password encryption aes
Router (config)# crypto ipsec client ezvpn ezvpn1
Router (config-crypto-ezvpn)# username server_1 password 0 blue
if you are using easy vpn.
from: http://cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b7d.html -
Windows XP Mode - 1 VM for multiple users?
I have multiple users that use one machine (Windows 7 Professionl x64), which in turn they need to run an old application that will only run in Windows XP mode. However, I have noticed that you have to create a machine for each individual user, as far as I can tell.
I basically want to make one virtual application that ALL users can use without having to create a VM for each user. Is this possible or have I overlooked something where you don't need to create a vm for each users?
Thanks for any help!I too have this requirement. My situation is complex in that we have multiple users logging on to multiple machines (call centre shift workers). To take one of our computers as an example:
1x Windows 7 Enterprise x64 PC
2x users logon to the same PC throughout the day, requiring access to their individual Win7 profiles
1x legacy application that does NOT save any user specific data
The above means that we only need one Windows XP Mode image on the machine, but require 2 Windows 7 users to be able to access it, ideally with the application to run seamlessly.
I have managed to get it working, but it is by no means 'elegant':
Set up XP Mode for the first time logged on as 'User1'.
Ensure that the VM is saved to a locaton accessible by anyone, e.g. C:\VM\
Install legacy application.
Shutdown XP Mode
Log off 'User1'
Log on as 'User2'
Create a new VM - not through the XP Mode, but rather through the standard VM creation Window. Select the option to utilise an existing VHD and point it towards the XP Mode VM created earlier.
That's it - the legacy app shortcut should appear in 'User2' start menu and be able to run seamlessly.
If anyone knows of a more elegant approach, I would love to hear it.
Many thanks. -
AnyConnect pre Windows login connects and disconnects for some users
Hi,
I have Cisco VPN AnyConnect (version 3.1.0310) clients with a connectivity issue which manifests as follows:
A user boots their Windows 7 SP1 laptop up.
Before Windows login, the user clicks "switch user" and enters their Cisco AnyConnect credentials (this connects OK).
Once the VPN tunnel is established a user logs into Windows.
At this point, 1 of 2 things happen:
1. Most users VPN connection stays connected and user GPO processing\logins work as normal
2. For a minority of users, the VPN connection disconnects and then reconnects. The VPN disconnect and reconnect causes connectivity issues with mapped drives and Outlook (most likely due to GPO processing not applying as the VPN tunnel wasn't established at the required time).
There are no known commanalities between problematic users - all users are in the same OU and laptops are in the same OU, so they should be getting the same AD settings. The same user can login 14 times OK, but may experience this issue on the 15th occasion.
Within the profile xml file (stored in c:\program data\) the key "AutoConnectStart" is set to false for user controllable and default value. The XML policy settings are being applied correctly (we've checked Event ID 3010 within the Cisco AnyConnect Windows logs).
What we have noticed from using the back end Cisco monitoring client is that users who experience connection issues, connect pre windows login OK, but once they're logged into Windows the Cisco VPN AnyConnects seems to try and re-connect, which causes the current VPN tunnel to disconnect and re-connect. This disconnect and re-connect for users seems to cause issues with logon and GPO processing.
So far, the only rock solid way we've found of stopping this disconnect and re-connect behaviour is by configuring a system deny permission on registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". This key contains an entry for Cisco AnyConnect VPN. Unfortunately setting a deny on the individual node value isn't possible and if the key is deleted or modified the system re-creates it. I'd rather avoid setting a system deny on the key for all users.
Any advice on how troubleshoot and diagnose this problem is appreciated.
ThanksI've attached some log files in case someone is particularly keen eyed at spotting issues (all data is anonymized)
6
Oct 30 2013
10:19:31
172.16.12.17
58124
10.5.128.21
8080
Built inbound TCP connection 123678229 for outside:172.16.12.17/58124 (172.16.12.17/58124)(LOCAL\jpk789) to inside:10.5.128.21/8080 (10.5.128.21/8080)
6
Oct 30 2013
10:19:31
172.16.12.17
58122
10.5.140.210
443
Teardown TCP connection 123678214 for outside:172.16.12.17/58122(LOCAL\jpk789) to inside:10.5.140.210/443 duration 0:00:00 bytes 11971 TCP Reset-O
6
Oct 30 2013
10:19:31
172.16.12.17
51368
10.5.141.155
53
Teardown UDP connection 123678191 for outside:172.16.12.17/51368(LOCAL\jpk789) to inside:10.5.141.155/53 duration 0:00:00 bytes 110
6
Oct 30 2013
10:19:31
172.16.12.17
58123
10.5.12.182
88
Built inbound TCP connection 123678217 for outside:172.16.12.17/58123 (172.16.12.17/58123)(LOCAL\jpk789) to inside:10.5.12.182/88 (10.5.12.182/88)
6
Oct 30 2013
10:19:31
172.16.12.17
62455
10.5.141.155
53
Teardown UDP connection 123678189 for outside:172.16.12.17/62455(LOCAL\jpk789) to inside:10.5.141.155/53 duration 0:00:00 bytes 430
6
Oct 30 2013
10:19:31
172.16.12.17
58122
10.5.140.210
443
Built inbound TCP connection 123678214 for outside:172.16.12.17/58122 (172.16.12.17/58122)(LOCAL\jpk789) to inside:10.5.140.210/443 (10.5.140.210/443)
6
Oct 30 2013
10:19:31
172.16.12.17
56197
10.5.141.155
53
Built inbound UDP connection 123678212 for outside:172.16.12.17/56197 (172.16.12.17/56197)(LOCAL\jpk789) to inside:10.5.141.155/53 (10.5.141.155/53)
6
Oct 30 2013
10:19:31
172.16.12.17
58121
10.5.12.179
389
Built inbound TCP connection 123678196 for outside:172.16.12.17/58121 (172.16.12.17/58121)(LOCAL\jpk789) to inside:10.5.12.179/389 (10.5.12.179/389)
6
Oct 30 2013
10:19:31
172.16.12.17
58120
10.5.12.199
80
Built inbound TCP connection 123678195 for outside:172.16.12.17/58120 (172.16.12.17/58120)(LOCAL\jpk789) to inside:10.5.12.199/80 (10.5.12.199/80)
6
Oct 30 2013
10:19:31
172.16.12.17
51368
10.5.141.155
53
Built inbound UDP connection 123678191 for outside:172.16.12.17/51368 (172.16.12.17/51368)(LOCAL\jpk789) to inside:10.5.141.155/53 (10.5.141.155/53)
6
Oct 30 2013
10:19:31
172.16.12.17
62458
10.5.12.182
389
Built inbound UDP connection 123678190 for outside:172.16.12.17/62458 (172.16.12.17/62458)(LOCAL\jpk789) to inside:10.5.12.182/389 (10.5.12.182/389)
6
Oct 30 2013
10:19:31
172.16.12.17
62455
10.5.141.155
53
Built inbound UDP connection 123678189 for outside:172.16.12.17/62455 (172.16.12.17/62455)(LOCAL\jpk789) to inside:10.5.141.155/53 (10.5.141.155/53)
6
Oct 30 2013
10:19:30
IPSEC: An inbound remote access SA (SPI= 0x67ED9B28) between 80.21.182.245 and 75.12.34.56 (user= jpk789) has been created.
6
Oct 30 2013
10:19:30
IPSEC: An outbound remote access SA (SPI= 0x9C00507E) between 80.21.182.245 and 75.12.34.56 (user= jpk789) has been created.
6
Oct 30 2013
10:19:30
Group User IP <75.12.34.56> AnyConnect session resumed connection from IP <75.12.34.56>.
5
Oct 30 2013
10:19:30
Local:80.21.182.245:4500 Remote:75.12.34.56:62457 Username:jpk789 SA UP. Reason: New Connection Established
4
Oct 30 2013
10:19:30
Local:80.21.182.245:4500 Remote:75.12.34.56:62457 Username:jpk789 Warning Configuration Payload request for attribute 0x7041 could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:19:30
Local:80.21.182.245:4500 Remote:75.12.34.56:62457 Username:jpk789 Warning Configuration Payload request for attribute 0x7040 could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:19:30
Local:80.21.182.245:4500 Remote:75.12.34.56:62457 Username:jpk789 Warning Configuration Payload request for attribute 0x703f could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:19:30
Local:80.21.182.245:4500 Remote:75.12.34.56:62457 Username:jpk789 Warning Configuration Payload request for attribute 0x703e could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:19:30
Local:80.21.182.245:4500 Remote:75.12.34.56:62457 Username:jpk789 Warning Configuration Payload request for attribute 0x703d could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:19:30
Local:80.21.182.245:4500 Remote:75.12.34.56:62457 Username:jpk789 Warning Configuration Payload request for attribute 0x703c could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:19:30
Local:80.21.182.245:4500 Remote:75.12.34.56:62457 Username:jpk789 Warning Configuration Payload request for attribute 0x703b could not be processed. Error: Unknown/Unsupported Attribute
6
Oct 30 2013
10:19:18
172.16.12.17
64287
10.5.12.182
445
Teardown TCP connection 123673186 for outside:172.16.12.17/64287(LOCAL\jpk789) to inside:10.5.12.182/445 duration 0:02:01 bytes 14605 Tunnel has been torn down
6
Oct 30 2013
10:19:17
172.16.12.17
64278
10.5.141.144
445
Teardown TCP connection 123672510 for outside:172.16.12.17/64278(LOCAL\jpk789) to inside:10.5.141.144/445 duration 0:02:15 bytes 9237 Tunnel has been torn down
6
Oct 30 2013
10:19:14
172.16.12.17
64273
10.5.140.231
445
Teardown TCP connection 123672368 for outside:172.16.12.17/64273(LOCAL\jpk789) to inside:10.5.140.231/445 duration 0:02:16 bytes 7297 Tunnel has been torn down
6
Oct 30 2013
10:19:04
172.16.12.17
54449
10.5.141.155
389
Teardown UDP connection 123672541 for outside:172.16.12.17/54449(LOCAL\jpk789) to inside:10.5.141.155/389 duration 0:02:01 bytes 366
6
Oct 30 2013
10:19:04
172.16.12.17
137
10.5.141.155
137
Teardown UDP connection 123672421 for outside:172.16.12.17/137(LOCAL\jpk789) to inside:10.5.141.155/137 duration 0:02:04 bytes 486
6
Oct 30 2013
10:19:00
172.16.12.17
138
10.5.141.155
138
Teardown UDP connection 123672424 for outside:172.16.12.17/138(LOCAL\jpk789) to inside:10.5.141.155/138 duration 0:02:01 bytes 177
6
Oct 30 2013
10:18:58
172.16.12.17
63666
10.5.141.155
389
Teardown UDP connection 123672316 for outside:172.16.12.17/63666(LOCAL\jpk789) to inside:10.5.141.155/389 duration 0:02:01 bytes 366
6
Oct 30 2013
10:18:58
172.16.12.17
53105
10.5.141.155
389
Teardown UDP connection 123672300 for outside:172.16.12.17/53105(LOCAL\jpk789) to inside:10.5.141.155/389 duration 0:02:01 bytes 366
6
Oct 30 2013
10:18:47
172.16.12.17
61715
10.5.12.182
389
Teardown UDP connection 123671945 for outside:172.16.12.17/61715(LOCAL\jpk789) to inside:10.5.12.182/389 duration 0:02:01 bytes 312
6
Oct 30 2013
10:18:43
172.16.12.17
54262
10.5.12.179
389
Teardown UDP connection 123671801 for outside:172.16.12.17/54262(LOCAL\jpk789) to inside:10.5.12.179/389 duration 0:02:01 bytes 355
6
Oct 30 2013
10:18:42
172.16.12.17
57911
10.5.141.156
389
Teardown UDP connection 123671777 for outside:172.16.12.17/57911(LOCAL\jpk789) to inside:10.5.141.156/389 duration 0:02:01 bytes 365
6
Oct 30 2013
10:18:40
172.16.12.17
123
10.5.12.182
123
Teardown UDP connection 123671670 for outside:172.16.12.17/123(LOCAL\jpk789) to inside:10.5.12.182/123 duration 0:02:01 bytes 136
6
Oct 30 2013
10:18:40
172.16.12.17
58107
10.5.12.179
389
Teardown UDP connection 123671639 for outside:172.16.12.17/58107(LOCAL\jpk789) to inside:10.5.12.179/389 duration 0:02:01 bytes 356
6
Oct 30 2013
10:18:40
172.16.12.17
58825
10.5.12.179
389
Teardown UDP connection 123671633 for outside:172.16.12.17/58825(LOCAL\jpk789) to inside:10.5.12.179/389 duration 0:02:02 bytes 355
6
Oct 30 2013
10:18:39
172.16.12.17
60424
10.5.141.156
389
Teardown UDP connection 123671611 for outside:172.16.12.17/60424(LOCAL\jpk789) to inside:10.5.141.156/389 duration 0:02:01 bytes 365
6
Oct 30 2013
10:18:38
172.16.12.17
56635
10.5.141.156
389
Teardown UDP connection 123671566 for outside:172.16.12.17/56635(LOCAL\jpk789) to inside:10.5.141.156/389 duration 0:02:01 bytes 365
6
Oct 30 2013
10:18:38
172.16.12.17
61204
10.5.12.179
389
Teardown UDP connection 123671558 for outside:172.16.12.17/61204(LOCAL\jpk789) to inside:10.5.12.179/389 duration 0:02:01 bytes 355
6
Oct 30 2013
10:18:38
172.16.12.17
50615
10.5.12.179
389
Teardown UDP connection 123671545 for outside:172.16.12.17/50615(LOCAL\jpk789) to inside:10.5.12.179/389 duration 0:02:01 bytes 355
6
Oct 30 2013
10:18:38
172.16.12.17
57940
10.5.141.154
389
Teardown UDP connection 123671537 for outside:172.16.12.17/57940(LOCAL\jpk789) to inside:10.5.141.154/389 duration 0:02:02 bytes 313
6
Oct 30 2013
10:18:38
172.16.12.17
57939
10.5.141.156
389
Teardown UDP connection 123671536 for outside:172.16.12.17/57939(LOCAL\jpk789) to inside:10.5.141.156/389 duration 0:02:02 bytes 366
6
Oct 30 2013
10:18:38
172.16.12.17
64495
10.5.12.182
389
Teardown UDP connection 123671532 for outside:172.16.12.17/64495(LOCAL\jpk789) to inside:10.5.12.182/389 duration 0:02:02 bytes 356
6
Oct 30 2013
10:18:37
172.16.12.17
62965
10.5.12.182
389
Teardown UDP connection 123671521 for outside:172.16.12.17/62965(LOCAL\jpk789) to inside:10.5.12.182/389 duration 0:02:01 bytes 356
6
Oct 30 2013
10:18:37
172.16.12.17
54994
10.5.12.179
389
Teardown UDP connection 123671514 for outside:172.16.12.17/54994(LOCAL\jpk789) to inside:10.5.12.179/389 duration 0:02:01 bytes 356
6
Oct 30 2013
10:18:37
172.16.12.17
54993
10.5.12.179
389
Teardown UDP connection 123671513 for outside:172.16.12.17/54993(LOCAL\jpk789) to inside:10.5.12.179/389 duration 0:02:01 bytes 356
6
Oct 30 2013
10:18:37
172.16.12.17
63390
10.34.140.104
389
Teardown UDP connection 123671483 for outside:172.16.12.17/63390(LOCAL\jpk789) to inside:10.34.140.104/389 duration 0:02:01 bytes 385
6
Oct 30 2013
10:18:37
172.16.12.17
63389
10.33.140.104
389
Teardown UDP connection 123671482 for outside:172.16.12.17/63389(LOCAL\jpk789) to inside:10.33.140.104/389 duration 0:02:01 bytes 384
6
Oct 30 2013
10:18:10
IPSEC: An inbound remote access SA (SPI= 0x5650EE30) between 75.12.34.56 and 80.21.182.245 (user= jpk789) has been deleted.
6
Oct 30 2013
10:18:10
IPSEC: An outbound remote access SA (SPI= 0x42DBDD66) between 80.21.182.245 and 75.12.34.56 (user= jpk789) has been deleted.
6
Oct 30 2013
10:18:10
Group User IP <75.12.34.56> AnyConnect session lost connection. Waiting to resume.
5
Oct 30 2013
10:18:10
Local:80.21.182.245:4500 Remote:75.12.34.56:57103 Username:jpk789 SA DOWN. Reason: peer lost
6
Oct 30 2013
10:17:42
172.16.12.17
64250
10.5.141.186
445
Teardown TCP connection 123671908 for outside:172.16.12.17/64250(LOCAL\jpk789) to inside:10.5.141.186/445 duration 0:00:57 bytes 454851 TCP Reset-I
6
Oct 30 2013
10:17:20
172.16.12.17
137
172.16.13.255
137
Teardown UDP connection 123673268 for outside:172.16.12.17/137(LOCAL\jpk789) to outside:172.16.13.255/137 duration 0:00:00 bytes 0
6
Oct 30 2013
10:17:19
172.16.12.17
137
172.16.13.255
137
Teardown UDP connection 123673244 for outside:172.16.12.17/137(LOCAL\jpk789) to outside:172.16.13.255/137 duration 0:00:00 bytes 0
6
Oct 30 2013
10:17:18
172.16.12.17
137
172.16.13.255
137
Teardown UDP connection 123673218 for outside:172.16.12.17/137(LOCAL\jpk789) to outside:172.16.13.255/137 duration 0:00:00 bytes 0
6
Oct 30 2013
10:16:36
172.16.12.17
63060
10.5.141.155
53
Built inbound UDP connection 123671551 for outside:172.16.12.17/63060 (172.16.12.17/63060)(LOCAL\jpk789) to inside:10.5.141.155/53 (10.5.141.155/53)
6
Oct 30 2013
10:16:36
172.16.12.17
63010
10.5.12.182
88
Built inbound TCP connection 123671549 for outside:172.16.12.17/63010 (172.16.12.17/63010)(LOCAL\jpk789) to inside:10.5.12.182/88 (10.5.12.182/88)
6
Oct 30 2013
10:16:36
172.16.12.17
63009
10.5.12.182
88
Built inbound TCP connection 123671548 for outside:172.16.12.17/63009 (172.16.12.17/63009)(LOCAL\jpk789) to inside:10.5.12.182/88 (10.5.12.182/88)
6
Oct 30 2013
10:16:36
172.16.12.17
63008
10.5.141.156
389
Built inbound TCP connection 123671546 for outside:172.16.12.17/63008 (172.16.12.17/63008)(LOCAL\jpk789) to inside:10.5.141.156/389 (10.5.141.156/389)
6
Oct 30 2013
10:16:36
172.16.12.17
50615
10.5.12.179
389
Built inbound UDP connection 123671545 for outside:172.16.12.17/50615 (172.16.12.17/50615)(LOCAL\jpk789) to inside:10.5.12.179/389 (10.5.12.179/389)
6
Oct 30 2013
10:16:36
172.16.12.17
63007
10.5.12.182
88
Built inbound TCP connection 123671544 for outside:172.16.12.17/63007 (172.16.12.17/63007)(LOCAL\jpk789) to inside:10.5.12.182/88 (10.5.12.182/88)
6
Oct 30 2013
10:16:36
172.16.12.17
55425
10.5.141.155
53
Teardown UDP connection 123671487 for outside:172.16.12.17/55425(LOCAL\jpk789) to inside:10.5.141.155/53 duration 0:00:00 bytes 164
6
Oct 30 2013
10:16:36
172.16.12.17
50614
10.5.141.155
53
Built inbound UDP connection 123671543 for outside:172.16.12.17/50614 (172.16.12.17/50614)(LOCAL\jpk789) to inside:10.5.141.155/53 (10.5.141.155/53)
6
Oct 30 2013
10:16:35
172.16.12.17
56263
10.5.141.156
53
Built inbound UDP connection 123671461 for outside:172.16.12.17/56263 (172.16.12.17/56263)(LOCAL\jpk789) to inside:10.5.141.156/53 (10.5.141.156/53)
6
Oct 30 2013
10:16:35
172.16.12.17
60708
10.5.141.155
53
Built inbound UDP connection 123671460 for outside:172.16.12.17/60708 (172.16.12.17/60708)(LOCAL\jpk789) to inside:10.5.141.155/53 (10.5.141.155/53)
6
Oct 30 2013
10:16:35
172.16.12.17
56982
10.5.141.156
53
Built inbound UDP connection 123671459 for outside:172.16.12.17/56982 (172.16.12.17/56982)(LOCAL\jpk789) to inside:10.5.141.156/53 (10.5.141.156/53)
6
Oct 30 2013
10:16:35
172.16.12.17
64548
10.5.141.155
53
Built inbound UDP connection 123671458 for outside:172.16.12.17/64548 (172.16.12.17/64548)(LOCAL\jpk789) to inside:10.5.141.155/53 (10.5.141.155/53)
6
Oct 30 2013
10:16:35
172.16.12.17
60827
10.5.141.156
53
Built inbound UDP connection 123671457 for outside:172.16.12.17/60827 (172.16.12.17/60827)(LOCAL\jpk789) to inside:10.5.141.156/53 (10.5.141.156/53)
6
Oct 30 2013
10:16:35
172.16.12.17
64207
10.5.141.155
53
Built inbound UDP connection 123671453 for outside:172.16.12.17/64207 (172.16.12.17/64207)(LOCAL\jpk789) to inside:10.5.141.155/53 (10.5.141.155/53)
6
Oct 30 2013
10:16:35
172.16.12.17
137
172.16.13.255
137
Teardown UDP connection 123671443 for outside:172.16.12.17/137(LOCAL\jpk789) to outside:172.16.13.255/137 duration 0:00:00 bytes 0
6
Oct 30 2013
10:16:35
172.16.12.17
137
172.16.13.255
137
Teardown UDP connection 123671442 for outside:172.16.12.17/137(LOCAL\jpk789) to outside:172.16.13.255/137 duration 0:00:00 bytes 0
6
Oct 30 2013
10:16:35
172.16.12.17
137
172.16.13.255
137
Teardown UDP connection 123671441 for outside:172.16.12.17/137(LOCAL\jpk789) to outside:172.16.13.255/137 duration 0:00:00 bytes 0
6
Oct 30 2013
10:16:34
IPSEC: An inbound remote access SA (SPI= 0x5650EE30) between 80.21.182.245 and 75.12.34.56 (user= jpk789) has been created.
6
Oct 30 2013
10:16:34
IPSEC: An outbound remote access SA (SPI= 0x42DBDD66) between 80.21.182.245 and 75.12.34.56 (user= jpk789) has been created.
5
Oct 30 2013
10:16:34
Local:80.21.182.245:4500 Remote:75.12.34.56:57103 Username:jpk789 SA UP. Reason: New Connection Established
4
Oct 30 2013
10:16:34
Local:80.21.182.245:4500 Remote:75.12.34.56:57103 Username:jpk789 Warning Configuration Payload request for attribute 0x7041 could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:16:34
Local:80.21.182.245:4500 Remote:75.12.34.56:57103 Username:jpk789 Warning Configuration Payload request for attribute 0x7040 could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:16:34
Local:80.21.182.245:4500 Remote:75.12.34.56:57103 Username:jpk789 Warning Configuration Payload request for attribute 0x703f could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:16:34
Local:80.21.182.245:4500 Remote:75.12.34.56:57103 Username:jpk789 Warning Configuration Payload request for attribute 0x703e could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:16:34
Local:80.21.182.245:4500 Remote:75.12.34.56:57103 Username:jpk789 Warning Configuration Payload request for attribute 0x703d could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:16:34
Local:80.21.182.245:4500 Remote:75.12.34.56:57103 Username:jpk789 Warning Configuration Payload request for attribute 0x703c could not be processed. Error: Unknown/Unsupported Attribute
4
Oct 30 2013
10:16:34
Local:80.21.182.245:4500 Remote:75.12.34.56:57103 Username:jpk789 Warning Configuration Payload request for attribute 0x703b could not be processed. Error: Unknown/Unsupported Attribute
6
Oct 30 2013
10:16:34
Group User IP <75.12.34.56> AnyConnect parent session started.
6
Oct 30 2013
10:16:34
DAP: User jpk789, Addr 75.12.34.56, Connection AnyConnect: The following DAP records were selected for this connection: ContosoPolicy
6
Oct 30 2013
10:16:34
AAA transaction status ACCEPT : user = jpk789
6
Oct 30 2013
10:16:34
AAA retrieved default group policy (DfltGrpPolicy) for user = jpk789
6
Oct 30 2013
10:16:34
AAA retrieved user specific group policy (useGroup1s.Grp) for user = jpk789
6
Oct 30 2013
10:16:34
AAA group policy for user jpk789 is being set to useGroup1s.Grp;
6
Oct 30 2013
10:16:34
AAA user authentication Successful : server = 192.168.7.4 : user = jpk789 -
ISA B2B logon Error: No valid private connection for internet user
Hello ,
i used isauseradm to create a user zzweb with all authorizations for B2B..
now when i try to log to
http://host:port/b2b/b2b/init.do with the user zzweb
i have a runtime error with the logs :
EXCEPTION]
#1#com.sap.isa.businessobject.BORuntimeException: Error getting private connection for internet user:com.sap.isa.core.eai.BackendException: Error: No valid private connection for internet userzzweb
at com.sap.isa.businessobject.BusinessObjectHelper.splitException(BusinessObjectHelper.java:78)
at com.sap.isa.user.businessobject.UserBase.login(UserBase.java:313)
at com.sap.isa.businessobject.User.login(User.java:143)
at com.sap.isa.user.action.UserActions.performLogin(UserActions.java:295)
at com.sap.isa.user.action.UserActions.performLogin(UserActions.java:368)
at com.sap.isa.user.action.UserBaseAction.performLogin(UserBaseAction.java:126)
at com.sap.isa.user.action.LoginBaseAction.ecomPerform(LoginBaseAction.java:77)
at com.sap.isa.isacore.action.EComBaseAction.doPerform(EComBaseAction.java:353)
at com.sap.isa.core.BaseAction.execute(BaseAction.java:211)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at com.sap.isa.core.RequestProcessor.processActionPerform(RequestProcessor.java:674)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at com.sap.isa.core.RequestProcessor.process(RequestProcessor.java:391)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at com.sap.isa.core.ActionServlet.process(ActionServlet.java:243)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
at com.tealeaf.capture.LiteFilter.doFilter(Unknown Source)
at com.sap.isa.isacore.TealeafFilter.doFilter(TealeafFilter.java:61)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:373)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
what does this error means..?
i also realised that zzweb was not created in CRM backen? should it be created ?
many thnx for help ..
Message was edited by: BlackmanIts a late response... but if someone gets the same issue here is the solution.
When you register try uppercase password . That should take care of that issue.
The problem is with function module CRM_ISA_IUSER_SWITCH , Note 946536.
Although the note says 5.0 the problem exists with ISA 4.0 too -
MOTD on Library connect for remote users?
What I'm basically looking for: Is there a way so users connecting to my library from other machines recieve a Message Of The Day or similar?
For instance, I'm slowly transferring my music from home to my laptop at work, and it would be nice to have something like "Recently Added: (blah blah blah)" appear for people upon connect.
Is there a way to do this? If not, no big deal.Hey Phrasant,
I just tested your setup in my lab.
Situation 1:
RDS server in OU RDS, no policies applied accept Default Domain policies.
Test user ITW\jklaas
Starting Wordpad, hitting Save and checking the drives.
As you can see in the Drives_Without_Policies I can see the Server's C-drive.
Situation 2:
RDS server in OU RDS
Test user ITW\jklaas
Created a single policy called HideDrives with 2 settings:
1. User Config -> Policies -> Admin Templates -> Windows Components -> File Explorer -> "Hide these specified drives in My Computer" and choose to "Restrict all drives"
2. Computer Config -> Policies -> Admin Templates -> System -> Group Policy -> "Configure user Group Policy loopback processing mode" and choose to Enable this setting in Merge mode
Via Delegation I denied Apply to Domain Admins and linked the HideDrives policy to the OU RDS.
Now if I logon with ITW\Jklaas and start RemoteApp Wordpad:
The policy successfully hides the server's C-drive...
So, this not working for you can mean several things.
- loopback not configured for policy processing?
- your test user is somehow excluded from the policy?
- there's another error somewhere in the group policy components between your RDS and DC?
Start troubleshooting by running the GP Result wizard in GP management for a user that has Word open and see if he/she gets the policies?
Cheers
Arjan -
SCCM 2012 usage report for remote users
Hi,
Can someone help to get the SCCM usage report for all remote users who accessed particular application remotely on windows 7 workstation
Regards,
MadhanIf the application is something and executable that the users have to start, you can use Software Metering.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
No Audio for Remote User when using Thunderbolt Display
I have the latest 13" macbook pro with a thunderbolt display. For the most part everything works fine, but I have encountered a problem when I try using facetime with this setup. The remote user cannot her my voice.
I have gone to the sound setting in system preferences and I have made sure that the sound inpur device is set to Display Audio, and it appears that the microphone is working (the bars are fiickering when I talk), still, I cannot be heard by the remote.
I have tried to capture a movie with the display's camera and mic, and that works fine.
Unplugging the display an using the laptop only also works fine.
I used the same setup with Skype, and the sound worked fine.
The probem appears to be with FacetTime and the Thunderbolt Display
Has anyone else experienced similar problems?I am having the same issue with my 13" MB Pro Retina and my 27" ThunderBolt display. So far I haven't been able to find a solution to the problem.
-
Anyone having problems with iTunes 10.5.2?
I'm having long times to start a track and then over 1 second to start playing again whenever I skip to another part of the track.Refer this article to reset Winsock to it's default. Your PCTools may have inserted LSP.
http://support.apple.com/kb/TS4123?viewlocale=en_US
After reset and restarting windows, you may get a prompt to remap LSP, click no. -
RTMPT takes 20-25 seconds for a response
Hi,
I am trying to connect to the Flash media servers from behind a customer's firewall.
From behind this firewall the time taken for a response (its usually success) is around 20-25 seconds.
The following is the code I am using to make the connection and listen to the events
var nc = new NetConnection();
nc.addEventListener(NetStatusEvent.NET_STATUS,netStatusHandler);
var time1:String = (new Date()).toTimeString();
trace(time1+" - Making the connection to FMS");
nc.connect("rtmpt://<dnsnameofserver>:80/live");
function netStatusHandler(evt:NetStatusEvent)
var time2:String = (new Date()).toTimeString();
trace(time2+": status:"+evt.info.code);
The delay between time1 and time2 is always 20-25 seconds. From other firewalls and non firewalled networks its usually 3-4 seconds.
What could be the reason for this huge delay for a response in this case. I have noticed that the first response is always a "NetConnection.Connect.Success".
We are looking to deploy around 20-30 media servers if we can get this thing to work and appreciate any prompt response in this regard.If you try to ping FMS behind the firewall - how much latency do you see?
Also you can try to telnet to port 80 and see if that gives how much delay?
Also are there any proxy server sitting between FMS and client making rtmpt connect? -
Is there some fix for this? this also affects my LR4. PS CC works fine and all other apps.
It's usually necessary to clean up whats left behind after updating OSX.
Try trashing the prefs. Start by quitting Lightroom 5.
Launch Finder and click the Go menu whilst holding down the Option (alt) key. Then go to Library >> Preferences and clear everything relating to LR5 which usually means deleting the following files:
com.adobe.Lightroom5.plist
com.adobe.Lightroom5LSSharedFileList.plist
Then re-launch Lightroom.
Also look for the corresponding files for LR4 and Bridge plist files. -
Windows 8 Start Screen Customization for All Users
Short Versions:
How can I permanently remove (and prevent automatic re-installation of) some of the default Packaged Applications installed on Windows 8 Pro?
How can I save a customized tile arrangement?
Long Version: I'm configuring a semi-automated testing system using MDT2012 to install Windows 8 to multiple hardware configurations. I would like to be able to remove all of the
default applications except for the Desktop, and Internet Explorer. I would like to add applications such as the Command Prompt, and Notepad. Ideally, I would be able to group the tiles in various ways, capture the configuration, and push it to
all of the automatically generated accounts so that we get a standard layout when testing with a User Account, a Guest Account, and/or an Administrator account.
Windows 7 and Vista have both been working perfectly for over a year (with MDT2010), and I've managed to update them to work with MDT2012 without too much trouble. I've gotten all of the
custom configurations to work, through various means (some scripting, some unattended settings, some task sequence editing, some extensions for the MDT, etc.), however there is one remaining set of configurations that eludes me. The Start Screen.
So far, I have tried running a PowerShell script to perform the Remove-AppxProvisionedPackaged during the Audit-User phase, running sysprep /generalize, and capturing the system to a WIM (both
with, and without the CopyProfile setting), and I'm able to get most of the user settings, the exceptions being the Start Screen, and the default view of the various folders. I work around the latter by exporting/importing the Bags registry settings
into the default user account; however the former has completely eluded me. I have also tried configuring group policy settings; however those only work with the Enterprise edition (which isn't what our customers will be using, so changing the SKU isn't
an option).- Change lock screen to all users: This can be done now via Group Policy due to an update (see: http://support.microsoft.com/kb/2787100/EN-US)
- Remove many of default Apps/icons on metro desktop: This is best scripted as part of your Image build process, but I agree that more granularity in GPO would be nice over "Hiding" default AppX packages.
- Design a custom theme and push it out to all machines: This has been possible since Windows 7 / Server 2008 R2. The below detail about the setting is from the Group Policy Settings Reference (http://www.microsoft.com/en-us/download/details.aspx?id=25250),
an invaluable file for anyone managing GPO:
File Name: ControlPanelDisplay.admx
Policy Setting Name: Load a specific theme
Scope: User
Policy Path: Control Panel\Personalization
Registry Information: HKCU\Software\Policies\Microsoft\Windows\Personalization!ThemeFile
Supported On: At least Windows Server 2008 R2 or Windows 7
Help Text: Specifies which theme file is applied to the computer the first time a user logs on.If you enable this setting, the theme that you specify will be applied when a new user logs on for the first time. This policy does not prevent the user
from changing the theme or any of the theme elements such as the desktop background, color, sounds, or screen saver after the first logon. If you disable or do not configure this setting, the default theme will be applied at the first logon.
David Coulter | http://DCtheGeek.blogspot.com | @DCtheGeek -
How to set up Windows with Reader and certificate for all users
Good afternoon (GMT),
we're dealing with a Win XP (SP3) system that is set up by an Administrator. One task is to set up the system in a way that all users (w/o admin rights) become able to read a certified-protected PDF. Currently we know a way to install the "public key" for this certificate only for one known user. But how to proceed when not all users are known? The users shall later on never be asked to confirm the certification installation/registration.
If it helps, here is the software version:
Acrobat 8.12 to encrypt the PDF via certification. In near future I will switch to Acrobat 9.x
Reader 7.x and/or 8.x on customer PCs.
Thank you for ideas and hints.
BTW: Next time we want to provide a solution for Win7 systems, too.
CarstenCheck
Time Zone Specification from http://docs.oracle.com/cd/E12844_01/doc/bip.1013/e12187/T421739T481157.htm#4535403
just in case https://blogs.oracle.com/xmlpublisher/entry/how_to_keep_your_dates_from_go -
Files added to server take time to show for other users
Various users add files to server and other users with folder access cannot see files for sometimes up to 2 hours before the files appear. It is not a rights issues as when the file final appear in the directory they can access the file and use.
I saw this at a client's setup. Upgrading the client computer to 10.10.2 resolved this issue.
Bryan Dulock
ACN
Houston, TX
Maybe you are looking for
-
Solutions for displaying s-video signal on Macbook Pro? (2006 model)
I looking around for ways to display an s-video signal on my Macbook Pro, but i've no idea the best way to this. I'm not really after capturing or recording the signal, but I just need a means that I can view the signal, and to be able to switch to a
-
Importing video from camera hard drive
How do I import the video from my video camera's hard drive? imovie isn't recognizing the file type. My camera doesn't have any software with it. Do I need to download a certain type of software? MacBook Mac OS X (10.4.8)
-
Need help reinstalling elements 10 to mac osx 10.5.8
I have a mac osx 10.5.8 I had elements 10 on it never used it. going to class for it, now trying to use it and it is frozen and says there is an error in program. I uninstalled it and tried to reinstall it and it is unrecognizable. help. ??????
-
How to recover my Standby databse
Hi every one, I need a suggestion in recovering a standby database which is not in sync with primary for last 2 months. due to server issues we brought down our standby down and made my primary to no archive log mode ( disabled archive log mode). Now
-
Device deployment requires AIR SDK 3.4 or above
I've just installed FB 4.7 (OS X 10.7.5) and followed "Update the AIR SDK" instructions (ignoring step 2) and installed AIR 3.5.0.890 SDK. I then create my run configuration (targeting Apple iOS) with the "Install the application on the device over U