NAC and WSUS

Hi to all,
I'm new at NAC, does anyone know the steps on how to configure the remediation on a client machine using NAC and WSUS?? Is there a rule that match it??, etc, etc...
Thanks in advance for your help!

Click clean access under device mgmt.
Click the clean access agent tab.
Click requirements.
Add one for MS update check if you don't already have one made by clicking new requirement. Choose windows update service for the requirement type drop down box. If you already have a rule for the windows update service check you can click edit instead (next to the move up down arrow buttons).
About half way down you can choose MS servers or WSUS servers.

Similar Messages

  • NAC and AD, Machine GPOs, Roaming Profiles = Chaos

    I've just observed a hapless Cisco consultant try to make NAC 4.1 work on computers with machine GPOs, roaming profiles, logon scripts within user GPOs, and for that matter legacy logon scripts with "run logon scripts synchronously" enabled. All of these technologies seem to fail on a NAC-enforced connection.
    We assign software on machine GPOs and we use roaming user profiles, and it seems we either need to have a domain controller and profile share on the isolation VLAN, which defeats the purpose of NAC, or perform some kind of machine authentication, which can occur before GPO processing and net logons can happen.
    While I'm not the Cisco consultant, it wasn't hard to recognize this problem.
    Everything I've read about NAC and CAA suggests this is a per-user compliance solution and not a per-machine solution. Surely others have observed this, and I think this is what machine authentication (802.1x) NAC, as opposed to user authentication NAC, is all about. At the risk of sounding like a total n00b, where can I start researching a NAC solution that supports what I want and lets us use the Cisco NAC gear we've already invested in?

    I have had similar issues and have solved many with a custom script that runs at log on. It is a compiled script and works great, AutoIT3.
    The policy part takes care of itself if you leave machines logged in long enough or do a gpupdate /force. This will force the group policy to synchronize but you will need to log off and on again.
    The roaming profile is much tougher. I am still trying to get this working. If anyone has any info on EXACTLY what takes place on a roaming profile synchronization, I would be grateful. If I can I will replicate that process in my script and solve this issue also.
    I have fixed the log in script stuff with a delayscript that I use (ironically) clean access to install. You have to launch it with the users credentials, though and not from Clean Access which uses the SYSTEM users credentials in its stub agent!
    This is a known issue to Cisco but any prodding of them to get it working would help. Their solution is braindead, just give unremediated machines full access! If they fail remediation, kick them off then. Gee, that gives the unremediated machine a mere two to three minutes to attack your AD DCs on each log in attempt. Not good.
    Anyway, that's where I am at. Most of this can be dealt with, some is still problematical.
    Dan S.

  • Best Practice for SUP and WSUS Installation on Same Server

    Hi Folks,
    I have a question, I am in process of deploying SCCM 2012 R2... I was in process of deploying Software Update Point on SCCM with one of the existing WSUS server installed on a separate server from SCCM.
    A debate has started with of the colleague who says that the using remote WSUS server is recommended by Microsoft because of the scalability security  that WSUS will be downloading the updates from Microsoft and SCCM should be working as downstream
    server to fetch updates from WSUS server.
    but according to my consideration it is recommended to install WSUS server on the same server where SCCM is installed... actually it is recommended to install WSUS on a site system and you can used the same SCCM server to deploy WSUS.
    please advice me the best practices for deploying SCCM and WSUS ... what Microsoft says about WSUS to be installed on same SCCM server OR WSUS should be on a separate server then the SCCM server ???
    awaiting your advices ASAP :)
    Regards, Owais

    Hi Don,
    thanks for the information, another quick one...
    the above mentioned configuration I did is correct in terms of planning and best practices?
    I agree with Jorgen, it's ok to have WSUS/SUP on the same server as your site server, or you can have WSUS/SUP on a dedicated server if you wish.
    The "best practice" is whatever suits your environment, and is a supported-by-MS way of doing it.
    One thing to note, is that if WSUS ever becomes "corrupt" it can be difficult to repair and sometimes it's simplest to rebuild the WSUS Windows OS. If this is on your site server, that's a big deal.
    Sometimes, WSUS goes wrong (not because of ConfigMgr)..
    Note that if you have a very large estate, or multiple primary site servers, you might have a CAS, and you would need a SUP on the CAS. (this is not a recommendation for a CAS, just to be aware)
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • SCCM 2012 on Server 2012 and WSUS 3.0 SP2 on Server 2008

    We are installing SCCM 2012 SP1 fresh into our development environment - the primary site server and the database (SQL 2012) are both being installed on Server 2012.
    We have an existing WSUS box on a Windows 2008 (not R2) server - the WSUS server version is 3.2.7600.256.  We have set this up as the software update point.
    For the purposes of this discussion, these are the server names (obviously obfuscated):
    Primary site server:  sccm.domain.local
    Database server:  sccmdb.domain.local
    WSUS server:  wsus.domain.local
    On the primary SCCM server, I've installed the WSUS user interface (Install-WindowsFeature -Name UpdateServices-UI), in order to work with the remote WSUS server.
    Updates synchronization appears to be working fine, but when I try to setup client distribution via SUP, I'm getting the following error in the Application event log:
    Log Name:      Application
    Source:        SMS Server
    Date:          8/6/2013 11:03:11 AM
    Event ID:      6613
    Task Category: SMS_WSUS_CONFIGURATION_MANAGER
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      sccm.domain.local
    Description:
    On 8/6/2013 11:03:11 AM, component SMS_WSUS_CONFIGURATION_MANAGER on computer sccm.domain.local reported:  WSUS Configuration Manager failed to publish client boot-strapper package "9D5353E5-DA80-48C3-97DE-C9C528F73A2D" with version "5.00.7804.1000"
    to the Software Updates Point.
    As well as this in the WMC.log:
    PublishApplication(9D5353E5-DA80-48C3-97DE-C9C528F73A2D) failed with error System.InvalidOperationException: Publishing operation failed because the console and remote server versions do not match.~~   at Microsoft.UpdateServices.Internal.BaseApi.Publisher.LoadPackageMetadata(String
    sdpFile)~~   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetPublisher(String sdpFile)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.PublishApplication(String sPackageId, String sSDPFile, String sCabFile)  $$<SMS_WSUS_CONFIGURATION_MANAGER><08-06-2013
    11:03:11.787+240><thread=3704 (0xE78)>
    ERROR: Failed to publish sms client to WSUS, error = 0x80131509  $$<SMS_WSUS_CONFIGURATION_MANAGER><08-06-2013 11:03:11.803+240><thread=3704 (0xE78)>
    It would seem obvious that this is because of a mismatch in versions between the WSUS server version on wsus.domain.local, compared to the UpdateServices UI on sccm.domain.local.
    Is there a way around this, without having to upgrade the WSUS server to Server 2012?
    Thanks for any thoughts you may have!

    Not really. As mentioned though, even the separate WSUS server is probably overkill. In ConfigMgr, WSUS is used to handle the update catalog and that's it. Clients do *not* report status to the WSUS instance and do *not* download updates from the WSUS instance.
    No management is ever done in WSUS.
    So, in reality, once a month, clients connect to WSUS to download the delta update catalog (delta compared to what they currently have) which usually comes out to about a few hundred KB (yes KB, not MB) -- this download is done via BITS. The server also
    syncs the catalog from the WSUS instance, via the SUP, in a similar fashion. If you are using SCEP, the frequency will be greater, but the deltas will be much smaller.
    EULAs, as needed, are also stored in WSUS and accessed by clients -- these are also quite small only a select few updates requires them.
    That's it. Standing up a dedicated WSUS instance means having a server sitting there doing almost nothing else.
    If you are concerned about load on the site server, then you should create a separate site system that contains the MP, SUP (and WSUS instance), and DP. Then, for HA purposes, you can simply build a second site system with these three roles also and HA will
    essentially be automatic (from a client functionality perspective).
    Jason | http://blog.configmgrftw.com

  • What is the exact purpose of Transaction NACE and NAST Table?

    Hi All,
    What is the exact purpose of Transaction NACE and NAST Table?
    Pls help me…
    Akshitha.

    Hi
    When a Output type in an apllication doc is configured with a Medium, Partner, Lang and other communication paramters an entry is created in NAST table
    so to trigger the output an entry in NAST is compulsory
    Output is a link between the Driver Program and the Sapscript,
    An output type summarizes messages of the same meaning. It contains parameters that are valid for all its assigned messages, for example appropriate partner functions.
    Transmission medium is a medium which the layout will be come out, this may be printout, Fax or Mail
    Check this link.
    http://help.sap.com/saphelp_nw2004s/helpdata/en/c8/19884743b111d1896f0000e8322d00/content.htm
    ex-how to config output type.
    You will assign output types using Transaction NACE.
    Do the follow steps to assign output type
    1)Select Application Type V2 which will have description Shipping.
    2)Click on Output types button.
    3)Go to change mode by pressing Ctrl+F4.
    4)Select one output type which already exists
    5)Do Copy As(F6)
    6)Give your output type against Output Type field.
    7)Under General data Tab, Give Program and Form routine and Save the data.
    i think it a work of functional guy but at senior level i think it is not a big deal for abaper.
    Check the following documentation
    In NACE t-codewe have the application for each one. based on the application output type can be defined, based on output type script and print progrma can be defined.
    If suppose data can be read from EDI then we should go for condition records.
    So whenever we execute the script first composer checks the output type and then execute the program. in program whenever opn form FM will be populate then script will open first. After that again program till another FM will populate if it then script will populate........like it is cycle proces. Composer does all these things and at last it will submit that output to spool.
    Go to the Transaction NACE.
    choose the related sub module.. like billing or shipping
    doubel click on Output Types
    Choose the Output Type for which whcih you wanted your script to trigger
    Then select the Output Type and double click on Processing Routine
    Then go to create new entries--> Select the Medium (1- print output), then enter your Script and Print Program detls --> Save and come out
    Now go to the Transaction (for which you have created the output type)... Issue output--> Select the output type --> Print....
    Device Types for SAP Output Devices (Detail Information)
    Definition
    The device type indicates the type of printer to be addressed. When you define an output device, choose the name of the device type that was defined in the SAP System for your printer model, such as Post2 for a PostScript printer. In the case of frontend printing under Microsoft Windows, you can also use the generic (device-independent) device type SWIN.
    The system uses the information in the device type to convert a document from the internal SAP character representation (spool request in OTF or in text format) to a device-specific, print-ready data stream (output request). Since a device type specifies attributes that apply to all devices of a certain model, it can be shared among device definitions. For example, all devices in the SAP spool system that are compatible with Hewlett-Packard LaserJet IIID printers would use the HPLJIIID device type.
    You should not confuse the device type with the printer driver. The device type is the total of all attributes of an output device that the SAP System must know to control the output device correctly, such as control commands for font selection, page size, character set selection, and so on. These attributes also include the printer driver that SAPscript/Smart Forms (the SAP form processor) should use for this printer. The SAPscript printer driver that is to be used for devices of this type for output formatting is therefore only an attribute that the device type specifies.
    How do I choose the correct device type?
    • In most cases, the SAP System already provides the appropriate device type for the printer type for the printer model that you want to use.
    These standard device types are completely defined and need no modification or extension before you use them in device definitions.
    • You can also download missing device types from the sapserv server. For a current list of the supported device types, see SAP Note 8928 in the SAP Service Marketplace.
    • Most printers can be controlled using a generic format, such as PostScript. They can be switched to a mode that is compatible with one of the standard printers for which an SAP device type is available. In this case, a supported model is emulated.
    • Almost all printers are delivered with Microsoft Windows printer drivers. The system can control these printers with the generic (device-independent) device type SWIN. The Microsoft Windows spool system then performs the processing of the print data.
    • If the specified device types are not available, and generic device types cannot be used, you must create your own device type or edit a copy of an existing device type. We recommend that only those with specialist knowledge of the SAP Spool System and printer driver code do this. For more information, see Defining a New Device Type .
    Attributes of a Device Type
    A device type is distinguished by the attributes listed below. If you change an existing device type or create a new device type, you must change at least some of these attributes.
    • Character set: A character set specifies the codes with which characters must be represented in the print-ready output stream (output request). This code replaces the generic SAP characters set that is used internally by the SAP spool system (spool request).
    • Printer driver: You can specify different printer drivers for printing SAPscript documents and ABAP lists.
    • Print controls: Print controls represent printer operations, such as boldface or changing the font size. These print control are replaced by printer-specific commands during the creation of the output request from a spool request.
    • Formats: Formats specify the format supported by the SAP system. The system differentiates between SAPScript formats (DINA4 and LETTER) and ABAP list formats (X_65_132 = 65 rows/132 columns).
    • Page format: A page format is the interface between a format and SAPscript. It specifies the paper dimensions with which SAPScript can calculate the row and column lengths.
    • Actions: Actions are output device-specific commands that are required for the implementation of a format. The action printer initialization, for example, can contain a printer command with which the number of rows on a page is defined. There is a set of actions for every format supported by a device type.
    Reward points for useful Answers

  • 802.1x NAC and per-user ACLs

    Can 802.1x NAC and per-user ACLs be used together on the same port? I know some of the NAC documentation says that 802.1x NAC does not support downloadable ACLs but it looks like it might be outdated and according to http://cisco.com/en/US/products/ps7077/products_configuration_guide_chapter09186a0080817284.html , it appears that there is not preventing this.
    Also, when will URL redirection to a remediation server be supported with 802.1x NAC?

    You just need to configure it differently on ACS. "Downloadable IP ACLs" used to be "Downloadable PIX ACLs" on ACS. It changed to "IP" when VPN concentrators started supporting this with ACLs too. You saw this with NAC, if I remember .. and EOU does it this way as well.
    802.1X with per-user ACLs was already shipping at the time though (has been for some time) and the mechanism is opertionally the same .. just functionally different.
    With per-user ACLs, you'd configure a VSA like:
    ip:inacl#1=deny ip any host 10.1.8.3
    ip:inacl#2=permit ip any any
    The "downloadable IP ACL" config would look like:
    deny ip any host 10.1.8.3
    permit ip any any
    In the end, both techniques use the same VSA. This VSA is 026\009\001. In "per-user-ACLs, there's no sort of handshake though to see if the ACL is already there, etc. It slaps the ACL on for you unconditionally as an authorization rule b/c you told it to. (hence the "ip:inacl" stuff above). With "downloadable", there's a handshake before actually applying the ACL .. to see if there's an earlier copy of the ACL, and it'll only update what changed, etc.
    So, it really boils down to semantics. Both techniques work. AAA config is subtely different on the backend. Look for this to get consistently deployed soon, but in the meantime, it's still supported ;-).
    Hope this helps,

  • Difference between Wsus 3.0 and Wsus 4.0

    Hi all,
    I would like to know what are differences between Wsus 3.0 and Wsus 4.0.
    I have already notice that for Local Publishing, the method IPublisher.PublishPackage(sourcePath,
    additionalSourcePath, packageDirectoryName), totally ignore the "additionalSourcePath" parameter.
    Are there any documentation or web site where I can find differences between Wsus 3.0 and 4.0 ?
    Thanks.
    David COURTEL
    IT Technician
    Wsus Third-Party Softwares Publishing :
    http://wsuspackagepublisher.codeplex.com

    I would like to know what are differences between Wsus 3.0 and Wsus 4.0.
    The differences between WSUS v3 and WSUS v6 (please note the correct version number) are documented ... somewhere ... but at the moment I can't find them. (Presumably it would be in the Release Notes for Win2012, but that idea is a bust.)
    In short, these are the notable distinctions:
    WSUS v6 is compiled with the .NET Framework v4
    WSUS v6 provides an extended interface for management via PowerShell
    WSUS v6 supports SHA256 hashes (which were implemented by the WUAgent v7.8 and rolled back to the WUAgent v7.6 in KB2720211 and WSUS v3.2 in KB2734608)
    I have already notice that for Local Publishing, the method IPublisher.PublishPackage(sourcePath, additionalSourcePath, packageDirectoryName), totally ignore the "additionalSourcePath" parameter.
    Changes to the API should be reflected in the
    SDK.
    Also worth of note.. publishing TO a WSUS v6 server must be performed from a Windows Server 2012 system or a Windows 8 system with RSAT. Publishing to a WSUS v6 server from a WSUS v3.2 console cannot be done due to internal dependencies in the Local
    Publishing API on the build number of the console and server involved in the publishing process.
    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • SUP and WSUS on the same server.

    Hi,
    My SCCM environment as follows:
    Windows Server 2012 R2 Standard, Configuration Manager 2012 R2, SQL 2012 SP1 CU7
    WSUS 6.3.9600.163.84 . All these running on the same server.
    SCCM SUP role is enabled, WSUS using SQL Express database. This is Central and Primary site server as well.
    Issue is:
    1. SUP does not get updates. SUP is configured to get updates from Internet and WSUS console Sync options pointing to its own server name. I tried to change WSUS console sync option to internet couple of times but it looks WSUS changes this back.
    2. I want to use WSUS/SUP for SCCM Endpoint definitions update and also for patch installation for clients (Clients Windows update pointing to this server)

    What do you mean that this is a Central and Primary site server? Those two roles can not be installed on the same site server.
    When it comes to SUP in ConfigMgr, the installation process on WS 2012 is basically this:
    1. Install the Windows Server Update Services role, run the initial configuration wizard.
    2. Install a SUP site system role on the server and let ConfigMgr configure everything.
    Additionally I'd not run a SQL Express for the WSUS since you already have SQL installed. Instead I'd create the SUSDB on the same SQL server that you're running the ConfigMgr DB on.
    In my preprequisites installation tool, all you need to do is to open a PowerShell console, run the tool and click on the Install WSUS button, specify the SQL Server and the tool will automatically configure everything. When the tool has completed, you can
    go ahead and add the SUP from ConfigMgr and configure it from the ConfigMgr console.
    You'll find the tool here:
    http://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd
    Regards,
    Nickolaj Andersen | www.scconfigmgr.com | @Nickolaja

  • NAC and Checkpoint firewall

    Hi to all,
    Does anyone know if it is possible to configure SSO using NAC and a checkpoint firewall VPN client software on an user machine??
    Thanks in advance for your help

    Mark,
    If the checkpoint device can do standard radius accounting, it can work with CCA. When doing VPN SSO with CCA, it only cares about the accounting packets from the VPN head-end.
    HTH,
    Faisal

  • SCCM 2012 and WSUS

    I know this horse has been beat, and is probably just dust now but I am still having a problem. I am not sure what to do next. I see others have had this problem but their resolutions have not worked.
    Site Config:
    OS - Windows Server 2012 Datacenter
    SQL - SQL Server 2012 Enterprise SP1
    SCCM - SCCM 2012 SP1
    WSUS : Database and WSUS Services
    I have done the setup in the Server Manager window and can open the console. Below are the errors I am getting.
    From SMS_WSUS_SYNC_MANAGER
    WSUS Synchronization failed.
    Message: WSUS update source not found on site CM1. Please refer to WCM.log for configuration error details..
    From SMS_WSUS_CONFIGURATION_MANAGER
    WSUS Configuration Manager failed to subscribe to update categories and classifications on WSUS Server "SERVER".
    Error in WCM.log
    Failed to set Subscriptions on the WSUS Server. Error:(-2147467259)Unspecified error
    Error in wsyncmgr.log
    Sync failed: WSUS update source not found on site CM1. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSource
    STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=SERVER SITE=CM1 PID=1548 TID=1740 GMTDATE=Fri Sep 13 19:08:50.063 2013 ISTR0="getSiteUpdateSource" ISTR1="WSUS update source not found on
    site CM1. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
    Sync failed. Will retry in 60 minutes

    Re-set the WSUS and SUP roles according to your doco, which is nice by the way, but I am still getting errors in WCM.
    Assembly WSUSMSP loaded in .NET runtime v4.0.30319.17929 SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:12 PM 5108 (0x13F4)
    Attempting connection to WSUS server: <SERVER.DOMAIN>, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:12 PM 5108 (0x13F4)
    Successfully connected to server: <SERVER.DOMAIN>, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:14 PM 5108 (0x13F4)
    Verify Upstream Server settings on the Active WSUS Server SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:14 PM 5108 (0x13F4)
    Successfully configured WSUS Server settings and Upstream Server to Microsoft Update SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:16 PM 5108 (0x13F4)
    WSUS Server configuration has been updated. Updating Group Info. SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:16 PM 5108 (0x13F4)
    Updating Group Info for WSUS. SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:16 PM 5108 (0x13F4)
    Set DBServerName property in SCF to 'VRC1SCCMPRIP01' on this site for <SERVER.DOMAIN>. SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:16 PM 5108 (0x13F4)
    user(NT AUTHORITY\SYSTEM) runing application(SMS_WSUS_CONFIGURATION_MANAGER) from machine (<SERVER.DOMAIN>) is submitting SDK changes from site(CM1) SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:16 PM 5108 (0x13F4)
    Attempting connection to WSUS server: <SERVER.DOMAIN>, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Successfully connected to server: <SERVER.DOMAIN>, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:041e4f9f-3a3d-4f58-8b2f-5e6fe95c4591 (Office 2007) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:18e5ea77-e3d1-43b6-a0a8-fa3dbcd42e93 (Windows 8.1 Dynamic Update) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:2ee2ad83-828c-4405-9479-544d767993fc (Windows 8) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:3e5cc385-f312-4fff-bd5e-b88dcf29b476 (Windows 8 Language Interface Packs) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:5312e4f1-6372-442d-aeb2-15f2132c9bd7 (Windows Internet Explorer 8 Dynamic Installer) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:6407468e-edc7-4ecd-8c32-521f64cee65e (Windows 8.1) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:6d76a2a5-81fe-4829-b268-6eb307e40ef3 (Windows 7 Language Packs) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:704a0a4a-518f-4d69-9e03-10ba44198bd5 (Office 2013) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:84f5f325-30d7-41c4-81d1-87a0e6535b66 (Office 2010) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:97c4cee8-b2ae-4c43-a5ee-08367dab8796 (Windows 8 Language Packs) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:a38c835c-2950-4e87-86cc-6911a52c34a3 (Forefront Endpoint Protection 2010) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:bfe5b177-a086-47a0-b102-097e4fa1f807 (Windows 7) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category Product:f4b9c883-f4db-4fb5-b204-3343c11fa021 (Windows Embedded Standard 7) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Category ProductFamily:fe729f7e-3945-11dc-8e0c-cd1356d89593 (Silverlight) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
    Starting WSUS category sync from upstream... SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:36:22 PM 5108 (0x13F4)
      WSUS sync running SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:37:22 PM 5108 (0x13F4)
      WSUS sync running SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:38:22 PM 5108 (0x13F4)
      WSUS sync running SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:39:22 PM 5108 (0x13F4)
      WSUS sync running SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:22 PM 5108 (0x13F4)
    Refreshing categories from WSUS server SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:37 PM 5108 (0x13F4)
    Attempting connection to WSUS server: <SERVER.DOMAIN>, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:37 PM 5108 (0x13F4)
    Successfully connected to server: <SERVER.DOMAIN>, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:37 PM 5108 (0x13F4)
    Successfully refreshed categories from WSUS server SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:45 PM 5108 (0x13F4)
    Attempting connection to WSUS server: <SERVER.DOMAIN>, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:45 PM 5108 (0x13F4)
    Successfully connected to server: <SERVER.DOMAIN>, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:45 PM 5108 (0x13F4)
    Category Product:6d76a2a5-81fe-4829-b268-6eb307e40ef3 (Windows 7 Language Packs) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:45 PM 5108 (0x13F4)
    Subscription contains categories unknown to WSUS. SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:45 PM 5108 (0x13F4)
    Failed to set Subscriptions on the WSUS Server. Error:(-2147467259)Unspecified error SMS_WSUS_CONFIGURATION_MANAGER 9/17/2013 1:40:45 PM 5108 (0x13F4)
    From SUPSetup.log
    <09/17/13 13:36:13> ====================================================================
    <09/17/13 13:36:13> SMSWSUS Setup Started....
    <09/17/13 13:36:13> Parameters: I:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /install /siteserver:<SERVER.DOMAIN> SMSWSUS 0
    <09/17/13 13:36:13> Installing Pre Reqs for SMSWSUS
    <09/17/13 13:36:13>         ======== Installing Pre Reqs for Role SMSWSUS ========
    <09/17/13 13:36:13> Found 1 Pre Reqs for Role SMSWSUS
    <09/17/13 13:36:13> Pre Req SqlNativeClient found.
    <09/17/13 13:36:13> SqlNativeClient already installed (Product Code: {D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}). Would not install again.
    <09/17/13 13:36:13> Pre Req SqlNativeClient is already installed. Skipping it.
    <09/17/13 13:36:13>         ======== Completed Installation of Pre Reqs for Role SMSWSUS ========
    <09/17/13 13:36:13> Installing the SMSWSUS
    <09/17/13 13:36:13> Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)
    <09/17/13 13:36:13> Checking runtime v2.0.50727...
    <09/17/13 13:36:13> Did not find supported version of assembly Microsoft.UpdateServices.Administration.
    <09/17/13 13:36:13> Checking runtime v4.0.30319...
    <09/17/13 13:36:13> Found supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file version 6.2.9200.16384
    <09/17/13 13:36:13> Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file version 6.2.9200.16384
    <09/17/13 13:36:13> Supported WSUS version found
    <09/17/13 13:36:13> Supported WSUS Server version (6.2.9200.16384) is installed.
    <09/17/13 13:36:13> CTool::RegisterManagedBinary: run command line: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe" "I:\Program Files\Microsoft Configuration Manager\bin\x64\wsusmsp.dll"
    <09/17/13 13:36:13> CTool::RegisterManagedBinary: Registered I:\Program Files\Microsoft Configuration Manager\bin\x64\wsusmsp.dll successfully
    <09/17/13 13:36:13> Registered DLL I:\Program Files\Microsoft Configuration Manager\bin\x64\wsusmsp.dll
    <09/17/13 13:36:13> Installation was successful.
    <09/17/13 13:36:13> ~RoleSetup().
    Second to last line shows completion.

  • Cisco NAC and Microsoft NAP

    Dear all,
    I need to know what are the differences between Cisco NAC and Microsoft NAP ?
    Can NAP be used instead of NAC or not ? why ? why not ?

    I really do not know if you will find the answer that you are looking for. From what I remember NAP was an option that was available with the ACS via a special patch. This is only supported for vista clients if memory serves me correct.
    Here is the link that will help you with the basics.
    http://www.cisco.com/en/US/netsol/ns466/index.html
    We do not get much case volume or exposure to the NAP solution and with ACS 5.2 and ISE around the corner it might be too late to go through this setup and then run into issues with acs 4.2 possibly hitting eol/eos.
    Thanks,
    Tarik

  • Database instance for SCCM 2012 and WSUS on a single primary site server

    I am going to install SCCM 2012 and its SQL database on a single physical server. This is going to be a single primary site server. The default SQL instance will be dedicated to SCCM 2012 with no other named instances to be added on the SQL server down
    the road.
    During the WSUS server role installation, there is the Database Options page asking for using (1) Windows Internal Database, (2) existing db server on this computer, or (3) an external db server.
    Since SCCM 2012 doesn't share db instance with others, how should I handle the WSUS db that's going to be hosted on the same SCCM/SQL physical server? Do I really need to create a separate SQL instance just for the WSUS db?
    Thanks and regards. 

    Even though you can do it, it is the best practice to have SCCM 2012 and WSUS installed on separate instances.
    http://technet.microsoft.com/en-us/library/hh692394
    When the Configuration Manager and WSUS databases use the same SQL Server and share the same instance of SQL Server, you cannot easily determine the resource usage between the two applications. When you use a different SQL Server instance
    for Configuration Manager and WSUS, it is easier to troubleshoot and diagnose resource usage issues that might occur for each application.

  • SUP and WSUS

    I everyone,
    I have an issue with SCCM 2012 R2 and the windows updates.
    In SCCM, I created several software update groups (and packages) to manage the deployment of the updates on Windows 7 OS.
    I have not deployed any of them yet to any collection but if I "Check the updates" from the Control Panel, Windows Updates, I get a list of updates to install.
    Is that a normal behavior ?
    I thought I shouldn't see any updates since they are not deployed.
    Moreover if I try to install them, they are directly downloaded from my SUP and not from the Distribution Point so.
    Have you already had the same issue ?
    Shoud I reinstall the software update point and WSUS ?
    Thank you.

    I sounds like the WSUS server might have been used to deploy updates outside of ConfigMgr.
    Can you verify the following:
    The client is configured to use the right WSUS Server (might be a GPO that points to an old WSUS Server)
    There is no released updated on the WSUS Server (it should all be managed from ConfigMgr and not WSUS)
    If you're using an old WSUS Server that was previous used to deploy patches outside of ConfigMgr, I'd recommend that you install (or re-install) a new WSUS Server and use that.
    Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs:
    www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter
    @ronnipedersen

  • NAC and Linux Users .

    Hello Everyone .
    i have implement NAC on Wireless Environment using OOB Methods at one of the Universities  .
    everything went smooth ,,  acept one things . NAC and student using Linux Laptops .
    issue they are facing . is they are able to to load NAC login Page , and able to use their username and passwords , and after clicking
    Submit ,, they only see a Blank Page ... it suppose to have the page where web agent ... but that is not happing .. i have checked the
    monitor  page and online users but i can't see the user id or ip address ..
    Any idea how to fix such issue ??
    Regards
    Yousef Askool

    Hello. NAC agent and web agent are not supported on Linux.

  • Diff bw changes NACE and SPRO

    hi all,
    Is there any difference if i change form and program name using NACE and SPRO?

    if u change the names and give urs...then they will be used for printing rather than the original ones...
    www.*******************/2007/11/message-contorl-in-abap.html
    www.sap-img.com/sapscripts/faq-for-sap-scripts.htm
    www.saptechies.com/what-spro-stands-for/
    reward points if helpful

Maybe you are looking for

  • IPhone 6 plus stuck in recovery mode after trying to download latest iOS update

    why did this happen?  How to fix?  Can't get phone to restore.

  • Not possible to determine posting period for date

    Hi SAP Guru While Creating the Shipment cost document in [VI01] transaction I am getting the error Not possible to determine posting period for date with error Message no. SE105. There is no long text available Please provide the solution for the sam

  • ITunes Store Downloads

    Hi! I have a problem. I have some TV shows downloaded already, and everytime I sync my iPod, I am prompted to enter my Apple ID info to check for downloads. My problem is that I already have downloaded what iTunes is trying to download. Does anyone k

  • Safari closing down when i go to various sites

    Ok, I noticed this happening recently whenever I'm on myspace, and I try to go some of the groups pages I am a member of. Whenever a page has a moving icon on it, one that loops its movement over and over, Safari shuts down. these are the only sites

  • Display Problems Progress

    Hi,    I moved from CR for .NET to XI R2.  I have two issues that I've been able to better qualify:    1)  I took my app with CR for .NET and converted to XI R2.  I can easily display it in the CrystalReportsViewer, but when I compile and run it, the