113022: AAA Marking server 0.0.0.0 as failed
Just changed AAA to use LDAP to MS2K8 AD rather than former RADIUS. Simply added hosts to existing LDAP group through ASDM. It is working fine, but I am getting tons of the following in the logs ...
May 29 12:54:14 pix2-inside May 29 2009 12:56:11: %PIX-2-113022: AAA Marking RADIUS server 0.0.0.0 in aaa-server group RADIUS as FAILED
May 29 12:55:46 pix2-inside May 29 2009 12:57:43: %PIX-2-113022: AAA Marking LDAP server 0.0.0.0 in aaa-server group LDAP as FAILED
May 29 12:58:51 pix2-inside May 29 2009 13:00:47: %PIX-2-113022: AAA Marking LDAP server 0.0.0.0 in aaa-server group LDAP as FAILED
Config ...
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host LAN-EVE
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host LAN-JAMES
aaa-server LDAP (inside) host LAN-JOHN
aaa authentication ssh console LDAP LOCAL
aaa authentication enable console LDAP LOCAL
aaa authentication http console LDAP LOCAL
aaa authentication secure-http-client
Test through ASDM working for each configured host.
Anyone know why I am getting these messages?
Here is the bug id for what you are hitting: CSCsj64402
I tried to find the exact details of the bug but for some reason cannot access the bug toolkit at the moment. Basically there is a delay before cdp settles which fails the first few dns lookup when you have you servers configured by name instead of ip.The individual before my post is correct if you want to move past this you can configure the servers by ip address and move pass this issue. Usually this shows up when the PIX is first booted up. Did this occur during bootup or intial configuration of the servers or does this occur everytime you test authentication?
Thanks,
Similar Messages
-
Why is my data set marking server not included in my executable​?
I have a program that writes data sets to a citadel database with a data set marking I/O server. Everything works fine in the labview environment, but when I create an executable of the program, the data set I/O server does not appear to be included. The executable can create a database and write individual traces to it, but they are not grouped into data sets. I have looked everywhere in the project window and in the build specifications window for the executable for a setting that would affect this, but have found nothing. Here is a picture of the build specification window for the executable. You can see in the Project Files window the lvlib file and the included Shared Variables folder, but the data set marking server is not shown as it is in the project window above it.
The lvlib file created with the executable appears to remain in tact, because I can open it in the LV environment and see the data set I/O server included with it:
Finally, here is a picture of the databases that MAX sees. The VI in the LV environment produced the top database called C__Program_Files_National_Instruments_Labview_8_2_data with the DataSets folder, and the executable version produced the bottom database called mVROC_Database with no DataSets folder:
I'm using LV 8.2.1 and DSC module 8.2.
Thanks,
CraigHi, Drew,
Thanks for the reply. As I was looking into your questions above, I found that the I/O server was indeed geting included in the executable, but it was configured in the original project to look at the wrong database. After a fair amount of playing around, I at least got it to create data sets. However, there are some other weird things going on now. The logged values of the variables are mismatched, or the value from say variable A shows up recorded in variable B. This stuff is all way too touchy. Overall, I've been very dissapointed with using the DSC and database stuff. The promotional literature talks about how easy it is to use, but that is just not the case, and I've been programing in labview for about 10 years now. Unfortunately I need to set this project asside for now so I can't investigate further, but I'll eventually get back to it.
Regards,
Craig -
Aaa radius server control privilege level
I've got radius authentication working on my switch, but I'm trying to allow two types of users login using Windows Active Directory. NetworkUsers who can view configuration and NetworkAdmins who can do anything. I would like for NetworkAdmins to when they login go directly into privilege level 15 but cant get that part to work. Here is my setup:
Windows 2008 R2 Domain controller with NPS installed.
Radius client: I have the IP of the switch along with the key. I have cisco selected under the vendor name in the advance tab
Network Policies:
NetworkAdmins which has the networkadmin group under conditions and under settings i have nothing listed under Standard and for Vendor Specific i have :
Cisco-AV-Pair Cisco shell:priv-lvl=15
My switch config:
aaa new-model
aaa group server radius MTFAAA
server name dc-01
server name dc-02
aaa authentication login NetworkAdmins group MTFAAA local
aaa authorization exec NetworkAdmins group MTFAAA local
radius server dc-01
address ipv4 10.0.1.10 auth-port 1645 acct-port 1646
key 7 ******
radius server dc-02
address ipv4 10.0.1.11 auth-port 1645 acct-port 1646
key 7 ******
No matter what i do it doesnt default to privilege level 15 when i login. Any thoughtsHave you specified the authorization exec group under line vty? I think it is authorization exec command. Something like that.
-
Hello all,
Our devices are configured to point to 3 ACS servers using the following commands:
aaa new-model
aaa group server tacacs+ ACS
server x.x.x.x
server x.x.x.x
server x.x.x.x
exit
On a recent IOS deployment all of the 'server x.x.x.x' commands were removed from the config following a reboot. This was on a wide range of devices using 122 40, also tried 122-44 with the same affect. Can anyone explain why?
Thanks in advance.HI Paul, [Pls Rate if HELPS]
Possible reasons are:
1. The Configuration was not saved before reload [write memeory (or) copy running-config start-up config]
2. The router could have got loaded with the start-up config [ie., the running-config & start-up config may not be same]
3. If there are any Config that are saved as Archives [in flash] means, may be that could have loaded by some means of command that are put in config before reload.
Hope I am Informative.
Pls RATE if HELPS
Best Regards,
Guru Prasad R -
Exchange server 2010 console not opening, inialization failed
hi,
exchange server 2010 console not opening, inialization failed when i have upgraded service pack to sp1.
please suggest asap or u can reach me @
[email protected]
[email protected]
+918750003544Even I found the same issue once, and then I realised that the SP and RU should be same in exchange sever and the machine where the issue is.
Could you please check the same if that machine has the same Sp and RU, if not, please upgrade the same? I bet it will start working
Regards,
ASP20
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks. -
Hi there , i already have some others DC running w2k12 R2 on the env, but when i was promoting another new DC running w2k12 R2 on the middle of the AD sync , the server encounter an error and rebooted it self ; after the server came back online , it keep
saying that a configuration is required for AD Domain Services , like the step when you are about to promote the server , but when you try to promote it , the error "Error determining whether the target server is already a domain controller: Failed
to open the runspace pool. The server manager winrm plug-in might be corrupted or missing."Hi,
Thanks for your post.
Please waitting for the replication is finished and rerun the domain prep command to check the result.
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
In place upgrade of Server 2003R2 STD to 2008 SP2 fails at "Gathering Files"
I have a customer with two identical Dell servers. They both had Server 2003R2, and are both DC's. I did an inplace upgrade on the primary server in December to Server 2008 SP2 STD x86 without issue. I have since gone onsight to upgrade the second server
to 2008 and the installation fails at the "Gathering Files" part of the installation.
I have tried new medai, checked the event log. All I get is a popup that says "Installation encountered and error and cannot continue" and then I am back to the 2003 desktop. All of the pre-work completed without fail as to the domain prep etc. I cannot
find any reference on line as to this issue save for a few regarding Vista. I know Vista and Server 2008 SP2 are the same kernal, but the one solution I found was to remove user accounts, which i cannot do as its AD controller.
Please advise, as this is a remote customer and I only get on site 2 to 3 times a year and this upgrade is behind schedule. Thank you in advance for your asistance.
Shayne Noel
LAN Admin
Alberni technology Solutions
250 731 9625Hi,
I suggest performing a Clean Boot first. This can reduce third-party software conflictions during the upgrading.
Clean Boot
========
1. Click Start, type "MSCONFIG" (without the quotations) in the Search Bar and Press "Enter" to start the System Configuration Utility.
Note: Please click Continue if the "User Account Control" window pops up.
2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click "Disable All" (if it is not gray).
3. Click the "Startup" tab, click "Disable All" and click "OK".
4. Restart the computer and test the issue.
Note: Clean Boot is a troubleshooting step. If some programs have been disabled, we can re-enable them later. If you see the System Configuration Utility,
check the box of "Don't show this message" and then click "OK".
Then upload all unnecessary hardware devices such as sound card, network card and external USB drives.
Now upgrade to Windows Server 2008 again.
If any error message appears, please let me know the exact wording of the error message.
In addition, please upgrade the following files (if they exist) to
https://sftus.one.microsoft.com/choosetransfer.aspx?key=b7d773d8-200a-4532-bc95-4a1c5a506dd3
Password: i!94cn^n7+m_6
C:\windows\panther\setupact.log
C:\windows\panther\setuperr.log
C:\windows\panther\unattendgc\setupact.log
C:\windows\panther\unattendgc\setuperr.log
C:\windows\setupact.log
C:\windows\setuperr.log
Tim Quan
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact [email protected]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not
actually answer your question. This can be beneficial to other community members reading the thread. -
Hi there, I am trying to connect to my server at work from home using a vpn connection. It connects fine and the time ticks along, but when i click go - connect to server, it comes up with connection failed. Please help!
... when i click go - connect to server, it comes up with connection failed.
If you're trying to connect to a Bonjour server on the remote network, that won't work over a layer 3 VPN. Use something like Hamachi or one of the SSH-tunnelling Bonjour proxy apps for that. -
The attempt to connect to the server (IP address) on port 443 failed - OLT
Hi all
I am facing one problem, if i run load to any application for 100 users for 1 iteration then it is not showing any error. Lets say i ran the load of 100 users for one hour then for some users there are errors like
Line: (script.java:84)][ScriptException]: The attempt to connect to the server (IP address) on port 443 failed.
And my understanding is the user's which are facing failures is not able to get response or page loaded at their end. As failures are occuring for some particular steps not the entire scenario. Pls confirm.
ThanksI believe that's an indication that there is an error receiving mail, but if you have any drafts or email in your outgoing mailbox, try deleting them. Apple's troubleshooting steps for this are (from http://support.apple.com/kb/TS4002):
Cannot receive mail in OS X Mail
If you use OS X Mail, look at the name of your iCloud account on the left side of the main Mail window. If your iCloud account name is dim and has a lightning bolt next to it, your account is offline. To resolve this, make sure your computer is connected to the Internet. Then choose Go Online from the Mailbox menu.
If taking your iCloud account online doesn't resolve the issue, follow these steps:
From the Mail menu, choose Preferences.
In the Preferences window, click the Accounts tab if it is not already selected.
In the Accounts list, select your iCloud email address.
Click the Account Information tab.
Verify your SMTP server settings with the following information:
Incoming Mail Server: imap.mail.me.com
User Name: Your iCloud email address
Password: Your iCloud password
Click the Advanced tab and verify the following additional settings:
Port: 993
Use Secure Sockets Layer (SSL): Should be enabled
Authentication: Password -
Business Server exception: attempt to establish connection failed.
Hi.
I'm a total newbie to the BPA Suite, but I have experience with other tool sets like MEGA. I've downloaded and installed an evaluation copy of version 10.1.3.4 of the tool.
I'm working through the Business Process Architect Quick Start Guide, going through the sample Quote to Cash process. Everything is progressing relatively well as I go through the document (except that the QuoteToCash project is already loaded in the LOCAL business repository without me having to load it separately), until I get to the first simulation.
When I go to the Simulation module, I get an error: "Server access exception: Business Server exception: attempt to establish connection failed."
I don't know what's wrong, but there are a couple of things I'm thinking about. One is that I didn't install XE separately, so I think that I'm just using the default Oracle Lite instance that gets installed with the tool. Another is that my account is configured without administrator privileges, so I generally have to run installers as a separate user with administrator privileges to get things to work.
Any suggestions would be greatly appreciated!
Thanks.It might be bad form to answer your own question, but after further experimentation, I think that it's a permissions problem.
I repeated the installation on another (virtual) machine on an account that is an administrator, and I can simulate the Process Order process as described in the Quick Start Guide to my heart's content.
Now, the second machine isn't configured exactly the same as the first machine, so there could be other underlying or contributing factors. But I'm un-stuck for now.
I just thought I'd share what I found. Thanks. -
EWS, Office 365, An internal server error occurred. The operation failed.
I am using EWS 2.0 to access a users calendar in Office 365. I use AutoDiscover to find the ExchagneService, then bind to the calendar via CalendarFolder.Bind and at the next statement folder.FindAppointments I get the error
An internal server error occurred. The operation failed.
I know that the credentials used to access the user are correct - have tested in the webmail and it works just fine.
If I use my own credentials (after having assigned rights to the user in question) my program does not fail. Only apparent difference is the administrator role.
Below I have listed the central parts of the code:
First the AutoDiscover (which work)
service = new ExchangeService(ExchangeVersion.Exchange2010_SP1,TimeZoneInfo.Local ); // service is a global variable
service.Credentials = new NetworkCredential(ConfigClass.CalendarReaderName, ConfigClass.CalendarReaderPassword);
service.AutodiscoverUrl(cal, RedirectionUrlValidationCallback);
Then the part where I want to get the appointments
CalendarView view = new CalendarView(_firstdate, _lastdate);
Mailbox mailbox = new Mailbox(cal); // cal is the e-mail address of the user
FolderId id = new FolderId(WellKnownFolderName.Calendar, mailbox);
CalendarFolder folder = CalendarFolder.Bind(service, id);
FindItemsResults<Appointment> findResults = folder.FindAppointments(view); // This is where the error occurs
Anybody know what this error actually means and how to solve the situation. I want to run the program using a service account rather than my personal credentials.the error came back - but the trace revealed the error:
<m:ResponseMessages>
<m:FindItemResponseMessage ResponseClass="Error">
<m:MessageText>An internal server error occurred. The operation failed.</m:MessageText>
<m:ResponseCode>ErrorInternalServerError</m:ResponseCode>
<m:DescriptiveLinkKey>0</m:DescriptiveLinkKey>
<m:MessageXml>
<t:Value Name="InnerErrorMessageText">Too many concurrent connections opened.</t:Value>
<t:Value Name="InnerErrorResponseCode">ErrorTooManyObjectsOpened</t:Value>
<t:Value Name="InnerErrorDescriptiveLinkKey">0</t:Value>
</m:MessageXml>
</m:FindItemResponseMessage>
</m:ResponseMessages>
</m:FindItemResponse>
</s:Body>
</s:Envelope>
</Trace>
The account is used for other purposes as well - looking into other calendars. And I have seen this limitation before and read that it is a timing issue.
I guess I need to use another account ... -
Mac mini server and harddrive 1 of 2 failed now fan runs full speed
I have a 2010 mac mini server. One of the drives failed.
I took out the bad one and the fan started to run full speed.
Replaced that drive with a new one. runs great but fan is running.
I put the temp sensor in exact same place but had to use a small pc of tape
to hold it on. I used the same tape that was holding the wires to the drive.
I used the temp sensor connector on the logic board closest to the fan connector?
Does that matter?Hello, possible work arounds...
HDD Fan Control
HDD Fan Control works to fix this issue by reading the drives internal temperature using the S.M.A.R.T protocol and set the fans actual speed to a value good to protect the drive. It runs at startup and continually to always control the fan correctly, prevent the loud fan noise and protect the drive from overheating.
Free SSDFan Control...
http://exirion.net/ssdfanctrl/ -
Integrating AAA Radius-server with Micro-soft IAS for SSH
Hi,
I am configuring aaa-server on ASA-5505(Radius) and i am Using microsoft IAS for authentication for SSH connections on ASA, so during " test aaa-server authentication " i getting this message
ERROR: Authentication Server not responding: AAA decode failure.. server secret mismatch
All users are there on active directory And below are the debug radius and debug aaa authentication.
ASA# test aaa-server authentication SSH-TULIP-ASA host 172.16.1.10 usern$
INFO: Attempting Authentication test to IP address <172.16.1.10> (timeout: 12 seconds)
radius mkreq: 0xd4
alloc_rip 0xd83bb99c
new request 0xd4 --> 124 (0xd83bb99c)
got user 'praveeny'
got password
add_req 0xd83bb99c session 0xd4 id 124
RADIUS_REQUEST
radius.c: rad_mkpkt
RADIUS packet decode (authentication request)
Raw packet data (length = 66).....
01 7c 00 42 37 a4 0d c2 d3 10 09 0e 2f 3c c5 1a | .|.B7......./<..
4b 28 41 e6 01 0a 70 72 61 76 65 65 6e 79 02 12 | K(A...praveeny..
a1 8f e1 ae 58 dd c2 52 d6 37 f7 32 13 3a 1c 71 | ....X..R.7.2.:.q
04 06 ac 1e 1e 06 05 06 00 00 00 0e 3d 06 00 00 | ............=...
00 05 | ..
Parsed packet data.....
Radius: Code = 1 (0x01)
Radius: Identifier = 124 (0x7C)
Radius: Length = 66 (0x0042)
Radius: Vector: 37A40DC2D310090E2F3CC51A4B2841E6
Radius: Type = 1 (0x01) User-Name
Radius: Length = 10 (0x0A)
Radius: Value (String) =
70 72 61 76 65 65 6e 79 | praveeny
Radius: Type = 2 (0x02) User-Password
Radius: Length = 18 (0x12)
Radius: Value (String) =
a1 8f ERROR: Authentication Server not responding: AAA decode failure.. server secret mismatch
Tulip-ASA# e1 ae 58 dd c2 52 d6 37 f7 32 13 3a 1c 71 | ....X..R.7.2.:.q
Radius: Type = 4 (0x04) NAS-IP-Address
Radius: Length = 6 (0x06)
Radius: Value (IP Address) = 172.30.30.6 (0xAC1E1E06)
Radius: Type = 5 (0x05) NAS-Port
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0xE
Radius: Type = 61 (0x3D) NAS-Port-Type
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x5
send pkt 172.16.1.10/1645
rip 0xd83bb99c state 7 id 124
rad_vrfy() : bad req auth
rad_procpkt: radvrfy fail
RADIUS_DELETE
remove_req 0xd83bb99c session 0xd4 id 124
free_rip 0xd83bb99c
radius: send queue empty
Thanks in advance all comments and suggestion are welcome
Regards,
PraveenHi,
RADIUS as a protocol does not support command accounting, ie., logging of commands that a users enters once authenticated to a router/switch. You will need to use TACACS+ for this purpose. The aaa command accounting commands that you used has been removed from IOS since 12.2T. Please take a look at this for details: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCdp57020.
Thanks,
Wen -
Hi all,
I want to use the ACS SE to authenticate MARS users. As per the User Guide: Admin -> System Setup -> Authentication Configuration -> AAA Server Configuration -> Add. I only have two options: "Add AAA server on new host" and "Add AAA server on existing host". There is no "Add AAA server on an ACS SE appliance" option. Ok, so I add an AAA server on a new host, using the IP address of the ACS SE as the access/reporting/interface IP. I add the "Generic AAA Server" application to the host, I add the AAA server as the primary AAA server in the "Authentication Method", I configure the MARS as a RADIUS client on the ACS SE, and everything works as expected. MARS users authenticate without any issues.
The problem is that I want to use the ACS SE as a reporting device, also.
I can not add it as an "ACS SE 4.x" device, because the reporting IP is already in use by the AAA host created earlier.
Another approach is to install the ACS SE Remote Agent on a computer, but I'm not sure how it works. Let me know if this is correct:
- on the ACS SE, I don't configure syslog logging to the MARS appliance. Instead, I add the remote agent in the Network Configuration, and I configure remote logging to the remote agent
- on the MARS appliance, I add the remote agent as an "ACS SE 4.x" device.
- but then, how do I configure the remote agent to send syslog to the MARS?
Does this sound right?
Another unrelated question: is there a way to use the SNMP agent inside CS ACS from MARS? There is no place to configure an SNMP community string neither under host configuration, nor under ACS SE 4.x configuration.
Any help appreciated. Thanks!You don't need to configure Remote Agent for logging from ACS SE to MARS. Remote Agent functionality is to send syslog messages to a windows host because ACS SE is an appliance which can't hold too many of the loggings as it grows. Remote Agent logging is also only supported on ACS SE.
You can log syslog messages directly from ACS SE to MARS as follows:
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914601
This is the configuration on ACS SE:
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914172
SNMP is not supported for ACS SE:
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp75381
Here is a little reading on Remote Agent for ACS SE:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawo.html
Hope the above helps. -
AAA TACAS Server Supporting options
Dear,
I am planning to implement AAA TACAS level authentication option on my Solaris (OS) Servers. (All my servers are Sun Servers)
Is Solaris supports AAA TACAS?
If its not supportive any patchs or any upgrade can support the TACAS option
Any other alternate options can support TACAS on Solaris servers.
Pls. advice
Thanks
GopiSearch for "tac_plus" and you'll find some solaris built downloads out in the ether...
FWIW tac_plus was the cisco freeware T+ server from many moons ago.
Maybe you are looking for
-
Today i received a prompt from Apple to download the latest ITunes update. I did so and received a message that the update had failed. Now i cannot gain access to ITunes on my computer or play any of my music files associated with ITunes. I just keep
-
Can I edit anything in a pdf using Acrobat XI Pro?
Can I edit anything in a pdf using Acrobat XI Pro?
-
How Cost is displayed in planning book
Hi Sources 4001,4002 and destinations 3001,3002,3003 & 3004,After SNP optimizer run,the following results are displayed 4001 to 3001 -------900MT is sourced from 4001 to 3001 4001 to 3003--------1000MT is sources from 4001 to 3003 How cost per MT is
-
I had songs on my other computers but they broke .how do i get them back .
had songs on other computers but they broke how do i get them back .
-
DB Link to SQL Server (11gR2 64-bit Windows 7)
Without going into all the gruesome details, it is mostly straightforward to set up a DB Link to SQL Server from an Oracle 10 instance on 32 bit Windows 7. However I simply cannot get the link to work on 11gR2. I tried the simplistic ds4odbc interfac