AAA accounting strange issue

Similar Messages

• Strange issue with rights of account, used by SSIS (Foreach Loop Container does not return file names without Admin rights on server)

  Hello everyone.
  Faced very strange issue with account, which is used to run SSIS package.
  The specific package uses Foreach Loop Container to retrieve file names within the specified folder, and put them into Import file task.
  The package is set up to run under specific service account. This service account is given all permissions (Full control) to the folder where source files reside.
  So the issue is: SSIS package fails to execute this task (Foreach Loop Container and then Import), and shows that no files are found in the directory (although files ARE there).
  Once we're adding the service account into local Administrators group on the SQL Server, it works! Removing - does not work again. We cannot leave the service account as SQL server's admin as it's prohibited by our IT policies, and is just a bad practice.
  Any ideas, please? 
  MCP

  Here's the real log output:
  Date 16.04.2014 12:47:09
  Log Job History (RU-BW: Update)
  Step ID 1
  Server Server
  Job Name RU-BW: Update
  Step Name bw_import_cust_master_data
  Duration 00:00:02
  Sql Severity 0
  Sql Message ID 0
  Operator Emailed
  Operator Net sent
  Operator Paged
  Retries Attempted 0
  Message
  Executed as user: service_account Microsoft (R) SQL Server Execute Package Utility  Version 10.50.4286.0 for 64-bit  Copyright (C) Microsoft Corporation 2010. All rights reserved.    Started:  12:47:09  Error: 2014-04-16 12:47:11.45
      Code: 0xC0202070     Source: bw_import_cust_master_data Connection manager "Input"     Description: The file name property is not valid. The file name is a device or contains invalid characters.  End Error  Error:
  2014-04-16 12:47:11.47     Code: 0xC0202070     Source: bw_import_cust_master_data Connection manager "Input"     Description: The file name property is not valid. The file name is a device or contains invalid characters.  End
  Error  Error: 2014-04-16 12:47:11.48     Code: 0xC0202070     Source: bw_import_cust_master_data Connection manager "Input"     Description: The file name property is not valid. The file name is a device or contains invalid
  characters.  End Error  Error: 2014-04-16 12:47:11.48     Code: 0xC020207E     Source: Import file Flat File Source [1]     Description: The file name is not valid. The file name is a device or contains invalid characters.
   End Error  Error: 2014-04-16 12:47:11.48     Code: 0xC004701A     Source: Import file SSIS.Pipeline     Description: component "Flat File Source" (1) failed the pre-execute phase and returned error code 0xC020207E.
   End Error  DTExec: The package execution returned DTSER_FAILURE (1).  Started:  12:47:09  Finished: 12:47:11  Elapsed:  2.324 seconds.  The package execution failed.  The step failed.
  MCP

• Strange issue when synching Iphone

  Hi,
  Had a strange issue and wondered if anyone could explain what could possibly have happened?
  I purchased an album from iTunes on Saturday on my MacBook Pro. My iTunes library is actually stored on my time capsule, but everything was fine.
  However today at work (so separated from my Time Capsule) I plugged in my iPhone to recharge. As standard it tried to synch - and this is when the issue occurred:
  A message appeared stating that there were purchased items on my iPhone that were not in my iTunes library, that I must authorise the machine else the items would be removed. When clicking on the authorise button, the authorisation / iTunes store login screen appeared - containing the username [email protected] - which is completely unknown to me. I have absolutely no idea who this person is and I have never seen that email address before.
  I changed the login to my details and signed in - where the system said that my machine was already authorised for my account - so the synch continued normally (apart from the usual messages when disconnected from my time capsule).
  How the **** did my machine think it was attached to wesley patt's account? Has this happened to anybody else?
  Cheers for any help
  Darren

  I just tried to sync my wife's iphone and the same name [email protected] came up. This can not be a coincidence. This has to be a virus of some sort. My wife is unable to make purchases from her computer right now even though the account detail works. Did this happen to either of you? I'm reporting this to apple and referencing this board.

• Missing Tunnel-Client-Endpoint attribute in AAA accounting from 2821

  I am trying to optimise the detailed accounting records for VPN client connections on our system
  but have noticed I am not receiving Tunnel-Client-Endpoint (attribute 66) in tunnel start accounting records from the router.
  The VPN functionality works fine, this is just an accounting issue.
  All other accouting attributes I need are received fine (times, username, VPN Framed IP, NAS identifier).
  The system details are:
  VPN server : Cisco 2821 with IOS 12.4(11)XW3
  Tunnel type: VPDN, PPTP, MPPE 128bit, MS-CHAPv2
  Accouting RADIUS: Microsoft Windows Server 2008 R2 NPS
  I have used the same setup many times previously on various 2801, 2811, and 2911 platfroms with no issue (across v12 and v15 IOS).
  Sending attribute 66 "Tunnel-Client-Endpoint" appeared to be standard for any tunnel setup, no config was require to send it.
  Does anyone know a reason why this fairly standard tunnel RADIUS attribute is not being sent to us from the router in this case?
  Example debug of tunnel start accounting message, showing that attribute 66 is not included in info sent to accouting server:
  Jun 25 2013 14:55:13.591 AEST: RADIUS/ENCODE(0000061A):Orig. component type = VPDN
  Jun 25 2013 14:55:13.595 AEST: RADIUS(0000061A): Config NAS IP: 0.0.0.0
  Jun 25 2013 14:55:13.595 AEST: RADIUS(0000061A): sending
  Jun 25 2013 14:55:13.595 AEST: RADIUS/ENCODE: Best Local IP-Address 192.168.xxx.xxx for Radius-Server 192.168.xxx.xxx
  Jun 25 2013 14:55:13.595 AEST: RADIUS(0000061A): Send Accounting-Request to 192.168.xxx.xxx:1646 id 1646/220, len 184
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  authenticator D7 DD 05 D9 72 FC 72 9C - 02 E0 6A FD D1 AC DB 06
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Session-Id     [44]  10  "00000642"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Tunnel-Medium-Type  [65]  6   00:IPv4                   [1]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Tunnel-Assignment-Id[82]  3   "1"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Tunnel-Server-Auth-I[91]  14  "********"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Tunnel-Connecti[68]  4   "44"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Framed-IP-Address   [8]   6   192.168.xxx.xxx          
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  User-Name           [1]   10  "*********"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Authentic      [45]  6  
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Status-Type    [40]  6   Start                     [1]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  NAS-Port            [5]   6   426                      
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  NAS-Port-Id         [87]  17  "Uniq-Sess-ID426"
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Class               [25]  46 
  Jun 25 2013 14:55:13.595 AEST: RADIUS:   69 89 04 FA 00 00 01 37 00 01 02 00 C0 A8 AC 01  [i??????7????????]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:   00 00 00 00 00 00 00 00 00 00 00 00 01 CE 6E 22  [??????????????n"]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:   2F A7 37 14 00 00 00 00 00 00 00 29              [/?7????????)]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Service-Type        [6]   6   Framed                    [2]
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  NAS-IP-Address      [4]   6   192.168.xxx.xxx          
  Jun 25 2013 14:55:13.595 AEST: RADIUS:  Acct-Delay-Time     [41]  6   0                        
  Jun 25 2013 14:55:13.691 AEST: RADIUS: Received from id 1646/220 192.168.xxx.xxx:1646, Accounting-response, len 20
  Jun 25 2013 14:55:13.691 AEST: RADIUS:  authenticator E8 EC 1C 30 D2 01 8E D8 - 15 10 09 5F 37 95 D4 25
  Important config
  aaa new-model
  aaa authentication login default local group radius
  aaa authentication ppp default local group radius
  aaa authorization exec default local group radius
  aaa authorization network default local group radius
  aaa accounting delay-start
  aaa accounting session-duration ntp-adjusted
  aaa accounting exec default start-stop group radius
  aaa accounting network default start-stop group radius
  aaa session-id common
  vpdn enable
  vpdn-group 1
  ! Default PPTP VPDN group
  accept-dialin
    protocol pptp
    virtual-template 1
  interface Virtual-Template1
  ip unnumbered Dialer1
  ip nat inside
  ip virtual-reassembly
  peer default ip address pool VPN
  no keepalive
  ppp encrypt mppe 128
  ppp authentication ms-chap-v2
  ip local pool VPN 192.168.xxx.xxx 192.168.xxx.xxx
  radius-server host 192.168.xxx.xxx auth-port 1645 acct-port 1646 key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  Larry,
  1) Please set up enable authentication to get the actual user name,
  aaa authentication enable console tacacs-auth LOCAL
  On ACS user setup you need to set up tacacs+ enable password.
  3) Since you have defined both server for authentication and accounting ie 219 and 218 it is sending accounting to 218, as it is also defined as accounting server and firewall it active.
  Use only
  aaa-server tacacs-auth (dept-outside) host 10.1.26.218 key tacacs-secret
  aaa-server tacacs-acct (dept-outside) host 10.1.26.219 key tacacs-secret
  Now auth should go to 218 and acc to 219.
  Regards,
  ~JG
  Do rate helpful posts

• Enable aaa accounting commands for all privilege levels?

  Here is the command's syntax:
  aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} {start-stop | stop-only | none} [broadcast] group groupname
  The "command" accounting type must include the privilege level of the commands you are logging. How do I log ALL commands?
  Take the following example:
  aaa accounting commands 15 default start-stop group mygroup
  If I issue this command will that mean commands the user executes that have a privilege level lower than 15 will not be logged? Or only commands that require exactly privilege level 15 will be logged?
  How can I log all commands regardless of privilege level?

  Hi Red,
  If you customize the command privilege level using the privilege command, you can limit which commands the appliance accounts for by specifying a minimum privilege level. The security appliance does not account for commands that are below the minimum privilege level.
  The default privilege level is 0. So if you don't specify any privilege level then all should be accounted for.
  You can find the command detail at. This is for ASA though.
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/a1.html#wp1535253
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• AAA Accounting Commands

  I have just started logging AAA accounting commands on my ACS. I am able to view all commands entered without any trouble. I would like to NOT see commands entered from one particular source. I have an IDS device that shuns to a router. The shunning frequency causes the ACS TACACS+ admin report to become full and unusable. Any ideas on how to exempt commands issued by the IDS?
  I have considered setting up multiple vty line configurations. Set up a vty 0 0 and vty 1 4. Configure the vty 0 0 to use something other than the 'default' AAA group. This, of course, assumes that the IDS will always use vty 0 and everyone else will use vty 1 - 4.
  Thanks, Rick

  Give extraxi aaa-reports! a try (free trial version available)
  We offer loads of great canned reports for device admin.. and more importantly you can filter out stuff you dont want during import.
  Once the CSVs are imported we also have a visual query builder for drilling down into your data - with the results exportable to word/excel/html etc.
  Our csvsync utility can also harvest CSV logs from any number of ACS servers of any version and type (sw & appliance)
  We are a Cisco Technology Partner and aaa-reports! is tested "Cisco Compatible"
  Darran

• Does "aaa accounting commands" not support radius?

  When I issue this command:
  aaa accounting commands 15 default start-stop group myradiusgroup
  I get this error: %AAAA-4-SERVNOTACPLUS: The server-group "myradiusgroup" is not a tacacs+ server group. Please define "myradiusgroup" as a tacacs+ server group.
  No where in the documentation could I find anything saying the "commmands" accounting type is only available to tacacs+. Does aaa not support this accounting type for radius?

  Hi Red,
  The Cisco implementation of RADIUS does not support command accounting. So that's the reason you are getting that error. Please use TACACS if you want to use this.
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• 3640 RAS aaa accounting on IAS Server

  Hi gentlemen,
  I have configured aaa accounting on Cisco 3640 RAS and I need collect the aaa remote user time connections (start and end time connections) for time management cost.
  Accounting information received on IAS seems to be only from start remote connection and never to stop connection.
  I don't know if the problem is on 3640 configuration or on IAS configuration, but I would undertood if my configuration is correct.
  I send RAS config file to you.
  Many Thank in advance,
  Luca

  Luca
  I have looked at the config that you posted and I believe that I see an issue. You have configured accounting for DIALER with this method list:
  aaa accounting network DIALER start-stop group radius
  I would expect to see the method list DIALER accounting referenced under interfaces Serial1/0:15, interface Virtual-Template1, and interface Group-Async10. I suggest that you add:
  ppp accounting DIALER
  under these interfaces and let us know if it helps.
  HTH
  Rick

• Account Lockout issue

  Hi All,
  I am facing one strange issue on account lock out issue of one of the user. On domain controller logs caller computer name is showing "Domain Controller" name. While looking on event id 4625 Source Network Address is showing some other server name.
  I have checked that server user don't have rights to login on that server but whenever user account is lock out every time its showing only this server name.
  In user machine i did all troubleshooting, enable netlogon debugging on domain controller but  nothing found.
  Nirmal Singh IT Administrator

  Hi All,
  I am facing one strange issue on account lock out issue of one of the user. On domain controller logs caller computer name is showing "Domain Controller" name. While looking on event id
  4625 Source Network Address is showing some other server name.
  Not that one. 4625 says which account requested the logon. In AD, a user never request the logon, that is why you see domain controller. Go for 4740 in your PDC emulator as Aditya mentioned. I have a step by step for this in my blog:
  Am I locked out? Where? How?
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Strange issue with WEBI schedule Report

  Hi All,
  I have a strange issue with schedule WEBI reports, a schedule report runs for Hours , i reschedule it again by deleting the instance and the schedule report never got succeed even after running for hours.
  Any idea???
  regards

  Hi Manoj,
  1. Try to put some filters in the report and then run the report. if it takes less time, then probably your query is fetching very    large data.
  2. MDX query error may be the reason , this error come when a query runs endless, please try running the query 2-3 times, or when load on server is less.
  Hope this will help,
  Anamika.

• Files transferred to external HD end up in trash - very strange issue

  Hi,
  I seem to be having a very strange issue, hopefully somebody can help or has seen this before.
  Hardware: MacBook Air, Western Digital Passport external HD, 250gb, formatted NTFS.
  Software: OSX 10.7 Lion, Paragon (allows me to write to an NTFS formatted HD)
  Issue Summary: I copy something to the external HD; I empty trash; the file I copied is deleted from the external HD. It doesn't happen every time.
  I do also seem to have a persistent folder in trash called "WD Sync Data" that won't go away unless I re-delete it as it's also in the root of the drive. Not sure if this is related somehow.
  Recently I copied 3 video files inside a folder to the HD, then disconnected the HD. When I reconnected it a while later and noticed that inside the "WD Sync Data" folder in trash were the 3 files I'd copied. I then looked inside the same folder on the root of the drive and the files were there, instead of inside the folder that I'd copied to the drive, which had vanished. If I hadn't noticed and had emptied the trash, those files would've been deleted.
  It's definitely happened more than once; last time I actually deleted the files from my computer after copying, then emptied trash, and they were gone from the external HD also.
  I've only found one person who seemed to be experiencing a similar problem back in 2010. It sounds similar though it could've been user error: http://www.mac-forums.com/forums/apple-notebooks/188224-weird-external-hard-driv e-trash-problem-help-please.html
  Has anyone experienced this or have any suggestions?

  Quick update: I ran a verify then a repair in Disk Utility as there were a couple of errors. Hopefully this has solved the issue, however it'd still be interesting to know if anyone's come across this before and what caused it?

• Oracle Identity Manager 9.1.0.2 & WebLogic Strange Issue

  Hello,
  I am running OIM 9.1.0.2 (new installation) and WebLogic 10.3.3 in a clustered environment. I am having a strange issue where the resolution is eluding me.
  This install is running on Windows 2008 x64 Standard and using the x64 JRockit Java.
  What's happening is when I configure the managed server to run as a windows service, OIM isn't detected on the server. I can bring up xlWebApp but an unable to log into that or the Design Console. When launching the Diagnostic Dashboard it statest that OIM isn't installed.
  If I stop the service and log into WebLogic and start the managed server from within the Admin Console in WebLogic, everything works just fine.
  Any thoughts on how to troubleshoot this and ultimately resolve this? The service correct startes the managed server as I can watch it start up in the admin console but when it starts that way, OIM isn't detected. Very odd.
  Thanks,
  Andrew

  Oracle confirmed with us that it is certified for 10.3.3 though it may not be published yet.
  At any rate I figured out the problem today. The script I used to create the service was missing the JAVA_OPTIONS section from the xlStartManagedServer.cmd file. Once I added that and re-created the service, all is well.
  Thanks

• Windows Vista and BPS0 - Strange issue

  I just got a new HP Pavilion laptop with Vista and I have a strange issue:
  All transactions work (SE80, RSA1, ...) except BPS0. The moment I enter TCode BPS0, I get completely logged out (all sessions). No error messages, no dumps. It just logs me out silently.
  Is this happening only to me?
  I use Windows Vista Home Premium edition and AMD Turion processor 64x2.
  Any suggestions appreciated.
  Thanks

  i too recently bought hp pavillion and my problem is i cant able to logon it gives me error of 10054, connection broken, can you tell me which things restrict me to log on. any settings are there to be performed. do mail me, i have been trying from 2 week my id is [email protected]

• Strange issue with RAM upgrade: It works but it doesn't! Please help.

  Hello Everyone,
  I have a very strange issue with my iMac since upgrading my RAM from 4 to 12 gig. When I first installed the new RAM it booted up and ran great. The next time I went to boot the iMac up it swtiched on but didn't get as far as the first white boot up screen. I tried turning it off and on a few times using the power on/off button but still no success. I decided to remove the RAM and reseat it. The computer then booted up again fine. Here's the problem though: when I went to switch my iMac on the next day it wouldn't boot up. Again, I took the RAM out and put it back in and the iMac booted up fine. I've checked the status of the RAM in the system profiler and it reports that everything is OK. So, I'm at a loss. Obviously, I don't want to go through this process every time I want to start up my Mac. Any ideas/solutions would be very gratefully received.
  Many thanks in advance.

  I completely agree with you. It will be one of the 3 issues you outline. The machine was bought brand new and has never given me a problem. It is just the introduction of the new RAM that has started a problem. However, I did just risk a restart and it booted up fine. I don't know if a restart is any different to shutting down and then pressing the on/off button to start the computer. Maybe my last reseating has done the trick or maybe my thinking is flawed because restarting involves a different process to booting up by pressing the on/off button. I don't know.
  In the part of the world I'm sitting in it's night time now so I will leave the diagnostics running and check the results in the morning. I hope the issue is now resolved anyway. This sort of thing takes me back to my dark PC days although in this case I know it's probably not the Mac's fault.
  Thanks again. Very much appreciated.

• Strange issue in custom Success/Failure captions

  Hi,
  I have a strange issue in my custom Success/Failure caption. If I use 'S' letter in my customized caption .bmp file, it is not showing properly in the captivate. Attached file is for your reference. I tried converting text into image in photoshop, still it shows the same thing. Any thoughts??
  Thanks in Advance,
  -Ajay

  OK.  That's what I thought.
  So what I think is going on here is due to the way Captivate assembles text captions that can stretch to any size based on the component images.  I think your corner image that contains the text is being stretched right at the point where the S character is located on the end of Congratulations.  Captivate is achieving the resizable text caption by repeating the last few pixels of each background image.
  If you want to test my theory, just make your Congratulations text slightly shorter (use a condensed font or make the font size smaller) and I think your issue will go away.