AAA and TACACS servers

Hello All,
I want to download a free, yet reliable AAA and TACACS servers, can you guide me? Also, I need help with configuring them for study purpose.

You may download the eval version ACS 4.2.0.124, if you've access to cisco.com
ACS v4.2.0.124 90-Days Evaluation Software
eval-ACS-4.2.0.124-SW.zip
http://tools.cisco.com/squish/9B37e
Path:
Cisco.com > Downloads Home > Products > Cloud and Systems Management > Security and Identity Management
> Cisco Secure Access Control Server Products > Cisco Secure Access Control Server for Windows > Cisco Secure ACS 4.2 for Windows > Secure Access Control Server (ACS) for Windows-4.2.0.124
~BR
Jatin Katyal
**Do rate helpful posts**

Similar Messages

  • AAA and TACACS on everything BUT NOT console

    Would like to enable login authentication AND enable authentication on VTY but NOT console. Console should authenticate locally for both user and privilige modes ... I can't seem to seperate the 'enable' piece ... any thoughts?

    I do not think you can separate method list for
    the enable piece. I've asked Cisco about this
    in the past and they told me that it is not
    possible. You can have a different method list
    for the console for the "exec" mode but not
    the enable or privilege mode. It is either
    "tacacs" or "enable" or some other
    combinations but not a separate method list for "enable" by itself. Maybe cisco added
    this new feature in 12.4. I've my my testing
    on both 12.2T and 12.3T and, IMHO, it is not
    possible to separate the enable piece. Here
    is my config:
    username cisco password cisco
    enable secret cisco
    aaa authentication login notac local
    aaa authentication login VTY group tacacs+ local
    aaa authentication login web local enable
    aaa authentication enable default group tacacs+ enable
    aaa authorization console
    aaa authorization config-commands
    aaa authorization exec notac none
    aaa authorization exec VTY group tacacs+ if-authenticated none
    aaa authorization commands 0 VTY group tacacs+ if-authenticated none
    aaa authorization commands 1 VTY group tacacs+ if-authenticated none
    aaa authorization commands 15 VTY group tacacs+ if-authenticated none
    aaa authorization network VTY group tacacs+ if-authenticated none
    aaa accounting exec TAC start-stop group tacacs+
    aaa accounting exec VTY start-stop group tacacs+
    aaa accounting commands 0 TAC start-stop group tacacs+
    aaa accounting commands 0 VTY start-stop group tacacs+
    aaa accounting commands 1 TAC start-stop group tacacs+
    aaa accounting commands 1 VTY start-stop group tacacs+
    aaa accounting commands 10 TAC start-stop group tacacs+
    aaa accounting commands 15 TAC start-stop group tacacs+
    aaa accounting commands 15 VTY start-stop group tacacs+
    aaa accounting network VTY start-stop group tacacs+
    aaa accounting connection TAC start-stop group tacacs+
    aaa session-id common
    line con 0
    exec-timeout 0 0
    authorization exec notac
    accounting commands 0 VTY
    accounting commands 1 VTY
    accounting commands 15 VTY
    accounting exec VTY
    logging synchronous
    login authentication notac
    line vty 0 15
    exec-timeout 0 0
    authorization commands 0 VTY
    authorization commands 1 VTY
    authorization commands 15 VTY
    authorization exec VTY
    accounting commands 0 VTY
    accounting commands 1 VTY
    accounting commands 15 VTY
    accounting exec VTY
    login authentication VTY

  • TACACs servers in different locations

             Is it possible to have a switch/ router configured for  a 2 x Tacacs servers in  different locations. They are not clustered, they are on the same network, but different domains and in different countries and use different login credentials   

    You can configure multiple ACS in your switches and routers. It doesn't matter where these servers are located as long they are reachable by the AAA-client. If both servers work with different credentials I would configure them with different prompts so that the admin can see which server is asked.
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • Prime 1.4 - no aaa authentication tacacs+ server

    Anybody know the equivalent command "no aaa authentication tacacs+ server" on PI 1.4. I saw this command on PI 2.2 but I can´t find something similar on 1.4.
    Thanks in advanced.

    Check the following Command line manual for PI 1.4
    http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/1-4/command/reference/cli14.html
    Apart from that I found this ,let me know if it helps.
    Select a command
        Add TACACS+ Server—See the “Add TACACS+ Server” section.
        Delete TACACS+ Server—Select a server or servers to be deleted, select this command, and click Go to delete the server(s) from the database.
    Add TACACS+ Server
    Choose Administration > AAA > TACACS+ from the left sidebar menu to access this page. From the Select a command drop-down list choose Add TACACS+ Server , and click Go to access this page.
    This page allows you to add a new TACACS+ server to Prime Infrastructure.
        Server Address—IP address of the TACACS+ server being added.
        Port—Controller port.
        Shared Secret Format—ASCII or Hex.
        Shared Secret—The shared secret that acts as a password to log in to the TACACS+ server.
        Confirm Shared Secret—Reenter TACACS+ server shared secret.
        Retransmit Timeout—Specify retransmission timeout value for a TACACS+ authentication request.
        Retries—Number of retries allowed for authentication request. You can specify a value between 1 and 9.
        Authentication Type—Two authentication protocols are provided. Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
    Command Buttons
        Submit
        Cancel
    Note • Enable the TACACS+ server with the AAA Mode Settings. See the “Configuring AAA Mode” section.
        You can add only three servers at a time in Prime Infrastructure.

  • Acs 4.2 :- router# test aaa group tacacs+ uid pwd .... works but not when authenticating

    I have setup ACS 4.2 and when I run
    router# test aaa group tacacs+ myuser mypasswd [ legacy | new-code]
                   Both options work fine
    But when I try and login, over telnet, the request reaches the aaa server, but returns fail !
    My commands are :-
    tacacs-server host xx.xx.xx.xx single-connection port 49
    tacacs-server key xxxxxxxxxxx
    aaa authentication banner ^CUnauthorized access forbidden^C
    aaa authentication username-prompt "Enter Username: "
    aaa authentication login default group tacacs+ local
    aaa authorization exec default group tacacs+ local
    I dont see the banner NOR the "Enter Username:" prompt.
    Also a debug aaa authentication and debug aaa subsys show that the request reaches AAA, but it simply returns fail
    I had the same issue in 5.1, but that was due to the tacacs+ single-connection not being set or something similar, and the error
    there was "shared secret does not match", on the AAA server logs
    I am still new to 4.2, so am still trying to determine where the log files are etc, but since it works with the test command, I cant
    seem to understand why it fails with telnet
    Any idea why this may be happning ?
    Thanks

    I tried both the sugestion.. no luck
    Below are th eoutput of debug, with some lines in BOLD to help you
    find interesting lines in the log output.
    Thanks
    fixeddemo#sh run | inc tacacs
    aaa authentication login default group tacacs+ local
    aaa authorization exec default group tacacs+ local
    ip tacacs source-interface FastEthernet0/1
    tacacs-server host 10.1.7.15
    tacacs-server key xxxxxxxxxx
    fixeddemo#sh debugging
    General OS:
      TACACS+ events debugging is on
      TACACS+ authentication debugging is on
      TACACS+ packets debugging is on
      AAA Authentication debugging is on
      AAA Subsystem debugs debugging is on
    fixeddemo#
    Jun 17 14:15:54.666: AAA/BIND(00000072): Bind i/f
    Jun 17 14:15:54.666: AAA/AUTHEN/LOGIN (00000072): Pick method list 'default'
    Jun 17 14:15:54.666: AAA SRV(00000072): process authen req
    Jun 17 14:15:54.670: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
    Jun 17 14:15:54.670: TPLUS: Queuing AAA Authentication request 114 for processin
    g
    Jun 17 14:15:54.670: TPLUS: processing authentication start request id 114
    Jun 17 14:15:54.670: TPLUS: Authentication start packet created for 114()
    Jun 17 14:15:54.670: TPLUS: Using server 10.1.7.15
    Jun 17 14:15:54.670: TPLUS(00000072)/0/NB_WAIT/45585278: Started 5 sec timeout
    Jun 17 14:15:54.674: TPLUS(00000072)/0/NB_WAIT: socket event 2
    Jun 17 14:15:54.674: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Jun 17 14:15:54.674: T+: session_id 3123693045 (0xBA2FC5F5), dlen 24 (0x18)
    Jun 17 14:15:54.674: T+: type:AUTHEN/START, priv_lvl:1 action:LOGIN ascii
    Jun 17 14:15:54.674: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:10 (0xA
    ) data_len:0
    Jun 17 14:15:54.674: T+: user:
    Jun 17 14:15:54.674: T+: port:  tty515
    Jun 17 14:15:54.674: T+: rem_addr:  10.1.1.216
    Jun 17 14:15:54.674: T+: data:
    Jun 17 14:15:54.674: T+: End Packet
    Jun 17 14:15:54.674: TPLUS(00000072)/0/NB_WAIT: wrote entire 36 bytes request
    Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: Would block while reading
    Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
    16 bytes data)
    Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: read entire 28 bytes response
    Jun 17 14:15:54.674: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Jun 17 14:15:54.674: T+: session_id 3123693045 (0xBA2FC5F5), dlen 16 (0x10)
    Jun 17 14:15:54.674: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
    fixeddemo#
    Jun 17 14:15:54.674: T+: msg:  Username:
    Jun 17 14:15:54.674: T+: data:
    Jun 17 14:15:54.678: T+: End Packet
    Jun 17 14:15:54.678: TPLUS(00000072)/0/45585278: Processing the reply packet
    Jun 17 14:15:54.678: TPLUS: Received authen response status GET_USER (7)
    Jun 17 14:15:54.678: AAA SRV(00000072): protocol reply GET_USER for Authenticati
    on
    Jun 17 14:15:54.678: AAA SRV(00000072): Return Authentication status=GET_USER
    fixeddemo#
    Jun 17 14:15:58.794: AAA SRV(00000072): process authen req
    Jun 17 14:15:58.794: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
    Jun 17 14:15:58.794: TPLUS: Queuing AAA Authentication request 114 for processin
    g
    Jun 17 14:15:58.794: TPLUS: processing authentication continue request id 114
    Jun 17 14:15:58.794: TPLUS: Authentication continue packet generated for 114
    Jun 17 14:15:58.794: TPLUS(00000072)/0/WRITE/47194394: Started 5 sec timeout
    Jun 17 14:15:58.794: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
    Jun 17 14:15:58.794: T+: session_id 3123693045 (0xBA2FC5F5), dlen 10 (0xA)
    Jun 17 14:15:58.794: T+: AUTHEN/CONT msg_len:5 (0x5), data_len:0 (0x0) flags:0x0
    Jun 17 14:15:58.794: T+: User msg:
    Jun 17 14:15:58.794: T+: User data:
    Jun 17 14:15:58.794: T+: End Packet
    Jun 17 14:15:58.794: TPLUS(00000072)/0/WRITE: wrote entire 22 bytes request
    Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
    16 bytes data)
    Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: read entire 28 bytes response
    Jun 17 14:15:58.798: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
    Jun 17 14:15:58.798: T+: session_id 3123693045 (0xBA2FC5F5), dlen 16 (0x10)
    fixeddemo#
    Jun 17 14:15:58.798: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
    Jun 17 14:15:58.798: T+: msg:  Password:
    Jun 17 14:15:58.798: T+: data:
    Jun 17 14:15:58.798: T+: End Packet
    Jun 17 14:15:58.798: TPLUS(00000072)/0/47194394: Processing the reply packet
    Jun 17 14:15:58.798: TPLUS: Received authen response status GET_PASSWORD (8)
    Jun 17 14:15:58.798: AAA SRV(00000072): protocol reply GET_PASSWORD for Authenti
    cation
    Jun 17 14:15:58.798: AAA SRV(00000072): Return Authentication status=GET_PASSWOR
    D
    fixeddemo#
    Jun 17 14:16:02.502: AAA SRV(00000072): process authen req
    Jun 17 14:16:02.502: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
    Jun 17 14:16:02.502: TPLUS: Queuing AAA Authentication request 114 for processin
    g
    Jun 17 14:16:02.502: TPLUS: processing authentication continue request id 114
    Jun 17 14:16:02.502: TPLUS: Authentication continue packet generated for 114
    Jun 17 14:16:02.502: TPLUS(00000072)/0/WRITE/47194394: Started 5 sec timeout
    Jun 17 14:16:02.502: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
    Jun 17 14:16:02.502: T+: session_id 3123693045 (0xBA2FC5F5), dlen 14 (0xE)
    Jun 17 14:16:02.502: T+: AUTHEN/CONT msg_len:9 (0x9), data_len:0 (0x0) flags:0x0
    Jun 17 14:16:02.502: T+: User msg:
    Jun 17 14:16:02.502: T+: User data:
    Jun 17 14:16:02.502: T+: End Packet
    Jun 17 14:16:02.506: TPLUS(00000072)/0/WRITE: wrote entire 26 bytes request
    Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
    6 bytes data)
    Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: read entire 18 bytes response
    Jun 17 14:16:02.550: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
    Jun 17 14:16:02.554: T+: session_id 3123693045 (0xBA2FC5F5), dlen 6 (0x6)
    fixeddemo#
    Jun 17 14:16:02.554: T+: AUTHEN/REPLY status:2 flags:0x0 msg_len:0, data_len:0
    Jun 17 14:16:02.554: T+: msg:
    Jun 17 14:16:02.554: T+: data:
    Jun 17 14:16:02.554: T+: End Packet
    Jun 17 14:16:02.554: TPLUS(00000072)/0/47194394: Processing the reply packet
    Jun 17 14:16:02.554: TPLUS: Received authen response status FAIL (3)
    Jun 17 14:16:02.554: AAA SRV(00000072): protocol reply FAIL for Authentication
    Jun 17 14:16:02.554: AAA SRV(00000072): Return Authentication status=FAIL
    fixeddemo#
    [ The output below is for the next Username: prompt I believe]Jun 17 14:16:04.554: AAA/AUTHEN/LOGIN (00000072): Pick method list 'default'
    Jun 17 14:16:04.554: AAA SRV(00000072): process authen req
    Jun 17 14:16:04.554: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
    Jun 17 14:16:04.554: TPLUS: Queuing AAA Authentication request 114 for processin
    g
    Jun 17 14:16:04.554: TPLUS: processing authentication start request id 114
    Jun 17 14:16:04.554: TPLUS: Authentication start packet created for 114()
    Jun 17 14:16:04.554: TPLUS: Using server 10.1.7.15
    Jun 17 14:16:04.554: TPLUS(00000072)/0/NB_WAIT/47194394: Started 5 sec timeout
    Jun 17 14:16:04.558: TPLUS(00000072)/0/NB_WAIT: socket event 2
    Jun 17 14:16:04.558: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Jun 17 14:16:04.558: T+: session_id 2365877689 (0x8D046DB9), dlen 24 (0x18)
    Jun 17 14:16:04.558: T+: type:AUTHEN/START, priv_lvl:1 action:LOGIN ascii
    Jun 17 14:16:04.558: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:10 (0xA
    ) data_len:0
    Jun 17 14:16:04.558: T+: user:
    Jun 17 14:16:04.558: T+: port:  tty515
    Jun 17 14:16:04.558: T+: rem_addr:  10.1.1.216
    Jun 17 14:16:04.558: T+: data:
    Jun 17 14:16:04.558: T+: End Packet
    Jun 17 14:16:04.558: TPLUS(00000072)/0/NB_WAIT: wrote entire 36 bytes request
    Jun 17 14:16:04.558: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:16:04.558: TPLUS(00000072)/0/READ: Would block while reading
    Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
    43 bytes data)
    Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: socket event 1
    Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: read entire 55 bytes response
    Jun 17 14:16:04.562: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Jun 17 14:16:04.562: T+: session_id 2365877689 (0x8D046DB9), dlen 43 (0x2B)
    Jun 17 14:16:04.562: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
    Jun 17 14:16:04.562: T+: msg:   0x0A User Access Verification 0x0A  0x0A Usernam
    e:
    fixeddemo#
    Jun 17 14:16:04.562: T+: data:
    Jun 17 14:16:04.562: T+: End Packet
    Jun 17 14:16:04.562: TPLUS(00000072)/0/47194394: Processing the reply packet
    Jun 17 14:16:04.562: TPLUS: Received authen response status GET_USER (7)
    Jun 17 14:16:04.562: AAA SRV(00000072): protocol reply GET_USER for Authenticati
    on
    Jun 17 14:16:04.562: AAA SRV(00000072): Return Authentication status=GET_USER
    fixeddemo#

  • Configuring RAS and TACACS+. through ACS.

    Hi all,
    I have very basic question about
    configuring RAS with digital modems
    and AAA through TACACS+. I use
    command peer default ip address pool OLA under interface Group-Async0 and interface Dialer10
    for example. And inside router I configure this pool with some range of
    IP addresses...for example
    ip local pool OLA 192.168.10.2 192.168.10.127.
    And I set AAA through TACACS+.
    What should I do next on ACS ? Should I configure this pool of IP addresses on ACS or it is sufficient to do it only on router? Or do this on router is not important ?
    Thanks
    jl

    John
    I have configured RAS for dial-in services where we authenticated the dial-in users via TACACS and ACS. I did not have to do anything on ACS about the dial pool. The only thing that I had to do on ACS was to configure it to authenticate users whose authentication request came from that router. (In other words nothing special on ACS just because they were dial-in.) Just be sure that your aaa on the router provides for authenticating ppp.
    HTH
    Rick

  • WAAS and TACACS

    We are trying to get our WAAS environment to authenticate against TACACS and then fall over to local if TACACS is unavailable. For engineer logins everything is working as expected. However we are seeing several thousand failures against the TACACS server from a username of "CMS". This user is not configured in the CM or in TACACS. So we log the failed login and CMS logs into the WAE due to the failover to local mechanism. Looking at packet captures, and debugging aaa on the WAE's it is definitely a CMS user that logs in but shows 127.0.0.1 as its "from" host. I am fairly confident this is automation within the WAE syncing with the CM or vice versa. Does anyone know how to get WAAS and TACACS to work together without a mass amount of login failures? Is there a way this CMS user can be cloned/duplicated on the tacacs server? What is the password for this automation user?
    Thanks in advance.

    Hi Stan,
    WAE can authenticate against TACACS, RADIUS and Central Manager (Local) at any time depending on your configuration.
    There are couple of things to keep in mind while configuring TACACS on WAE, on both sides - TACACS adn WAE CM.
    On TACACS side:
    1. Please make sure to create right username.
    2. Please make sure to verify if you are using ASCII password authentication.
    3. Try to use less than 15 letters - Alphanumeric TACACS password.
    4. Please provide right user level / group level persmissions. This is somewhere under user account properties. Please also make sure to select right user password under user properties.
    5. Verify if this user needs level 15 (admin equivalent account).
    On WAE CM side:
    1. Please make sure to select right authentication method as primary and secondary.
    2. Please make sure to enable the check box for authentication methods.
    You can verify the failure / successful log events on TACACS server in order to find out if the user is atleast trying to authenticate against TACACS.
    I am sure you have looked at this link to find out all the required steps: Configuring TACACS+ Server Settings
    Hope this helps.
    Regards.
    PS: Please mark this as Answered, if this resolves your issue.

  • Two aaa-server TACACS+ in PIX 525

    I have a PIX 525 with two aaa-server for TACACS+; My aaa comands are configured by default.
    I understand that my aaa-server TACACS+max-failed-attempts "number" have a "3" times to declare my aaa-server unresponsive and move on to try the next server in the list.
    Once it happens, how long does the aaa requests are send to the secundary aaa-server?
    Can somebody of you can help me? I want to keep my first aaa-server as primary and just in case of failure use the second aaa-server.
    Thanks a lot.

    The timeout interval also has to be configured for the request. This is the time after which the PIX Firewall gives up on the request to the primary AAA server. If there is a standby AAA server, the PIX Firewall will send the request to the backup server. The retransmit timeout is currently set to 10 seconds and is not user configurable.

  • L2TP and TACACS+

    Hello.
    I have PPTP server on my Cisco 3845 router with authentication on freeware TACACS+ server (Linux). TACACS set ACL and IP address for users.
    Recently employers decide to migrate to L2TP over IPsec. Moreover old PPTP server should work.
    Can I use TACACS server for authenticate L2TP users?
    I have config like this on TACACS.
    user = user1 {
            chap = cleartext "password"
            member = vpdn
            service = ppp protocol = ip {
            addr = 172.20.20.200
            inacl=2005
    Sorry for my Enflish.

    Please see the below documnet. This document describes how to configure Layer 2 Tunnel Protocol (L2TP)       with TACACS+. It includes sample configurations for L2TP Access Concentrator       (LAC) TACACS+ servers, L2TP Network Server (LNS) TACACS+ servers, and routers.
    http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a0080118d5f.shtml

  • PIX AAA To tacacs server not reliable

    I've got a couple of different platforms of PIX, 535s and FWSMs mainly all running the latest code. I have them all configured similarly with regards to AAA via tacacs:
    aaa-server TACACS protocol tacacs+
    aaa-server TACACS host <Removed> key <removed>
    username <removed> password <removed> encrypted privilege 15
    aaa authentication enable console TACACS LOCAL
    aaa authentication ssh console TACACS LOCAL
    aaa authentication telnet console TACACS LOCAL
    aaa accounting command TACACS
    Now, sometimes I can get in with my tacacs account but other times I have to use the local backup account. There seems to be no reason behind it. My routers all pointing to the same TACACS server have no issues like this. The PIX's however are totally unreliable in this regard.
    Anyone experiencing this?

    Hello mlipsey,
    This shouldn't be. Do the ACS logs reveal anything? What about
    debug tacacs
    debug aaa authentication
    Can you send 1000 pings to the tacacs server from your FWs without issue? Any packet loss?
    Hope this helps! If so, please rate.
    Thanks!

  • Move and redeploy application- and web-servers for Planing?

    Hi, all!
    Have Hyperion Planing ability to move application- and web-servers from unix-machine to another win-machine and after redeploy existing unix-installed planing on it?

    They are actually for for 2 different things. The Sun WAS is for enterprise applications, EJBs and the like.
    Tomcat is for simpler Servlet/JSP hosting.
    The Sun WAS actually uses the Tomcat server as its Servlet/JSP engine then adds EJBs on top.

  • How to use the same services-config for the local and remote servers.

    My flex project works fine using the below but when I upload my flash file to the server I doesn't work, all the relative paths and files are the same execpt the remote one is a linux server.
    <?xml version="1.0" encoding="UTF-8"?>
    <services-config>
        <services>
            <service id="amfphp-flashremoting-service"
                class="flex.messaging.services.RemotingService"
                messageTypes="flex.messaging.messages.RemotingMessage">
                <destination id="amfphp">
                    <channels>
                        <channel ref="my-amfphp"/>
                    </channels>
                    <properties>
                        <source>*</source>
                    </properties>
                </destination>
            </service>
        </services>
        <channels>
        <channel-definition id="my-amfphp" class="mx.messaging.channels.AMFChannel">
            <endpoint uri="http://localhost/domainn.org/amfphp/gateway.php" class="flex.messaging.endpoints.AMFEndpoint"/>
        </channel-definition>
        </channels>
    </services-config>
    I think the problem  is the line
            <endpoint uri="http://localhost/domainn.org/amfphp/gateway.php" class="flex.messaging.endpoints.AMFEndpoint"/>
    but I'm not sure how to use the same services-config for the local and remote servers.

    paul.williams wrote:
    You are confusing "served from a web-server" with "compiled on a web-server". Served from a web-server means you are downloading a file from the web-server, it does not necessarily mean that the files has been generated / compiled on the server.
    The server.name and server.port tokens are replaced at runtime (ie. on the client when the swf has been downloaded and is running) not compile time (ie. while mxmlc / ant / wet-tier compiler is running). You do not need to compile on the server to take advantage of this.
    Hi Paul,
    In Flex, there is feature that lets developer to put all service-config.xml file configuration information into swf file. with
    -services=path/to/services-config.xml
    IF
    services-config.xml
    have tokens in it and user have not specified additional
    -context-root
    and this swf file is not served from web-app-server (like tomcat for example) than it will not work,
    Flash player have no possible way to replace token values of service-config.xml file durring runtime if that service-config.xml file have been baked into swf file during compilation,
    for example during development you can launch your swf file from your browser with file// protocol and still be able to access blazeDS services if
    -services=path/to/services-config.xml
    have been specified durring compilation.
    I dont know any better way to exmplain this, but in summary there is two places that you can tell swf  about service confogiration,
    1) pass -services=path/to/services-config.xml  parameter to compiler this way you tell swf file up front about all that good stuff,
    or 2) you put that file on the webserver( in this case, yes you should have replacement tokens in that file) and they will be repaced at runtime .

  • Issue with VPN configuration in Windows 2008 r2 and 2012 Servers.

    Hello ,
    I hope you can help me to fix this issue, it's been 5 days since I a, trying to configure VPN in your 2008 and 2012 Servers. On both platform  (2008 and 2012) I am getting same error while configuring VPN (after role installation). 
    "Unable to load C:\Windows\System32\iprtrmgr.dll". So, I have removed IPv 6 entry from the registry and now able to start server (not sure what configuration it took automatically).  I tried to disable "Routing
    and Remote Access" service and got the same error while enabling "Routing and Remote Access" is running but VPN is still not functioning properly). 
    I am getting following error,
    ================================================
    Errors under the Event viewer (Remote access)
    1) --->>    CoId={DF744409-02D7-4FF4-AD24-504F0C83E1AB}: The user 10.0.0.1\chetan connected from 10.0.0.1 but failed an authentication attempt due to the following reason: The remote connection was denied because the user name and password
    combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.
    2) ----->>   CoId={DF744409-02D7-4FF4-AD24-504F0C83E1AB}: The user connected to port VPN3-127 has been disconnected because the authentication process did not complete within the required amount of time.
    Errors under the Event viewer (Remote access)
    3) ---->>  Network Policy Server denied access to a user.
    Contact the Network Policy Server administrator for more information.
    ================================================
    I am using (MS-CHAP v2) + EAP (Authentication Method).  Please let me know if you need any additional information. 
    Thank you,

    I Guess this thread is not related to SQL Server .User is facing issue because of network or may be due to OS.I guess I will move this into windows forum.
    Moderators please move to Network forum
    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

  • Active Directory domain migration with Exchange 2010, System Center 2012 R2 and File Servers

    Greeting dear colleagues!
    I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
    I have a single domain with Forest/Domain level 2003 and two DC (2008 R2 and 2012 R2). My domain contains Exchange 2010 Organization, some System Center components (SCCM, SCOM, SCSM) and File Servers with mapped "My Documents" user folders. Domain
    has about 1500 users/computers.
    How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption? Maybe someone has already done something like that before? Please, write that here, i promise that i won't ask for instruction from you,
    maybe only some small questions :)
    Now I'm studying ADMT manual for sure.
    Thanks in advance, 
    Dmitriy Titov
    С уважением, Дмитрий Титов

    Hi Dmitriy,
    I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
    How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption?
    As far as I know, during inter-forest migration, user and group objects are cloned rather than migrated, which means they can still access resources in the source forest, they can even access resources after the migration is completed. You can ask users
    to switch domain as soon as the new domain is ready.
    Therefore, there shouldn’t be a huge downtime/interruption.
    More information for you:
    ADMT Guide: Migrating and Restructuring Active Directory Domains
    https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]

  • Upgrade process for SQL server 2005 service pack4 on stand alone and cluster servers

    Hi All,
    We have iniated a process of upgarding sp4 for all sql 2005 stand alone and clusters servers.
    Please provide me the step by step process for installing sp4 and roll back paln for sql 2005 servers.And before proceeding with sp installation what are the pre check/pro active things that we need to take care.
    Maheshwar Reddy

    Hello,
    For applying SP to SQL 2005 cluster environment/standalone please refer to below link
    http://www.sqlcoffee.com/Tips0007.htm
    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

Maybe you are looking for

  • Authorized purchase

    My old PC died and now that I have the new one working I can't get access to all the music that I purchased on the old one. What gives?? How do I get access to MY music???

  • My macbook pro sat for two days

    It was plugged in, but now will not go past spinning gear. tried safe boot but same thing. tried fsck -fy and same thing. can hear things moving, but seems like the fan is kicking in a lot. any help would be appreciated.

  • Html file in the content of email.

    hi friends, I want to send email in the html format. can we pass the html file in the content of mail? i.e instead of doing this messageBodyPart.setContent("<html><body> " + "---------------------------------------------------------------------------

  • Hi, having trouble with my iMac on startup. Background screen appears, but no icons,

    Having trouble with my iMac- on startup, the background screen appears, but no icons. The spinning beach ball appears for quite a long while, then when the icons finally come up, when I open a finder window, the only icons to appear are the Network a

  • How to configure logs to be sent for TFTP server !?

    hi I want to let the router or the switch to sends the log to TFTP server, how can I do that !? including things like debug commands results thanks,