Access with ISE server dead

Hello there,
I´d like to know how to give access for users when ISE is dead.
I´m asking that because I´m using pre authentication ACL, so even with the command authentication event server dead action authorize vlan XX the access will be limited, will not it?
My pre authentication acl allow access only to ISE, DNS and DHCP requests.
Regards.

Andre-
I am afraid you don't have many options here. I have faced this problem before during my deployments. The problem is that ISE is needed in order to signal the switch to remove the pre-auth ACL by applying a dACL. However, since ISE is not available, the switch can authorize the endpoints to a VLAN but no you need another method to remove the pre-auth ACL. In the past I have accomplished this via one of the following:
1. EEM script that re-configures the switch and sets the pre-auth ACL to "permit ip any any" (or remove the pre-auth ACL all together) when/if the ISE servers become unavailable. I thought this feature required IP Services but looking at the following doc it looks like you could do it with IP Base too. I guess you can give it a try and see what happens :)
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-2-special-early-deployments/product_bulletin_c25-614546.html
eem script example:
http://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Security/BRKSEC-3040%20%20Advanced%20ISE%20and%20Secure%20Access%20Deployment.pdf
2. The second method requires a converged access switch (3850, 3650). Those switches can be configured with profiles where the pre-auth ACL can be replaced with a critical ACL in the event of an ISE outage. 
I hope this helps!
Thank you for rating helpful posts!

Similar Messages

  • LWA Guest Access with ISE and WLC

    Hi guys,
    Our Company try to implement Guest Access with ISE dan WLC with Local Web Auth Method. But there is problem that comes up with the certificate. This is the scenario :
    1. Guests try to connect wifi with SSID Guest
    2. Once it connect, guests open the browser and try to open a webpage (example: cisco.com)
    3. Because, guests didn't login, so it redirect to "ISE Guest Login Page" (url became :
    https://ise-hostname:8443/guestportal/Login.action?switch_url=https://1.1.1.1/login.html&wlan=Guest&redirect=www.cisco.com/
    4. If there is no ISE Guest Login Page installed, message Untrusted Connection message will appear, but it will be fine if they "Add Exception and install the certificate"
    5. After that the Guest Login Page will appear, and guests input their username and password.
    6. Login success and they will be redirected to www.cisco.com and there is pop up from 1.1.1.1 (WLC Virtual Interface IP) with logout button.
    The problem happen in scenario 6, after login success, the webpage with ISE IP address and message certificate error for 1.1.1.1 is appear.
    I know it happened when guests didn't have the WLC Login Page Certificate...
    My Question is, is there a way to tunneling WLC Certificate on ISE ? Or what can we do to make ISE validate WLC Certificate, so guests doesn't need to install WLC Certificate/ Root Certificate before connect to Wifi ?
    Thx 4 your answer and sorry for my bad English....

    Thx for your reply Peter, your solution is right,
    i don't choose CWA, because their DNS is not stable...
    i've found the problem...
    the third-party CA is revoked, so there is no way it will success until it fixed...
    and there is no guarantee, they will fix it soon..
    so solution that we choose is by disable "HTTPS" on WLC...
    "config network web-auth secureweb disable".
    "config network web-auth secureweb disable".
    "config network web-auth secureweb disable".
    "config network web-auth secureweb disable".
    "config network web-auth secureweb disable"
    thank you all...

  • 3850 controller ACL working with ISE

    Hi all
    I was wondering if anyone can point me to the right direction. I was setting up BYOD access with ISE and Legacy controllers as follows:
    - create rule on ISE with Redirect / Airspace ACL
    - once that rule is hit ISE would send ACL name that needs to be applied on the controller (i.e. NSP-IOS )
    - controller would need to have the same ACL created locally with matching name
    - there are certain rules on old controllers allowing inbound / outbound traffic + denying traffic to be redirected
    now I want to use the same principle with 3850 controller.
    question is -> where do I configure this ACL, globally or under WLAN.... Also, what about direction - inbound / outbound that used to be the case with legacy controllers?

    The ACl should be under the WLAN

  • Wireless guest access with CWA and ISE using mobility anchor

    My team is trying to demo wireless guest access using CWA with an ISE server.  We appear to be hitting an issue when combining this with mobility anchoring.
    When we don't use a mobility anchor the authentication goes off without a hitch seemingly proving that the ISE configuration is sound.  The test laptop associates and gets redirected, auths, moves to the RUN state and access to the network is granted.
    When the mobility anchor is enabled, the test laptop does get redirected, authentication is successful, but the process does not fully complete, as on the foreign controller the user is in RUN state whereas on the anchor the user is still stuck at CWA required.
    Now, I've read the L2 auth occurs between the foreign controller and ISE, and the L3 auth occurs between the anchor controller and ISE, but this does not appear to borne out in packet captures of the process where both parts of the auth seems to go to and from the foreign controller and ISE.
    I'm curious to know if anyone else has come across this issue, or has ideas where I should be looking in the config or debugs to find the root cause.
    When setting up the controllers and ISE this guide (linked below) was used and the controllers are 2504 controllers on 7.5 series software and ISE is on the latest 1.2 patches:
    http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml
    To me it seems to be mobility related, but the authentication flow does seem to be off compared with what the guide says.

    FOREIGN
    *apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Adding mobile on LWAPP AP 0c:d9:96:ba:7d:20(1)
    *apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Association received from mobile on BSSID 0c:d9:96:ba:7d:2f
    *apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Global 200 Clients are allowed to AP radio
    *apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Max Client Trap Threshold: 0  cur: 0
    *apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Rf profile 600 Clients are allowed to AP wlan
    *apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
    *apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Re-applying interface policy for client
    *apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2164)
    *apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2185)
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 255 on mobile
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 In processSsidIE:4565 setting Central switched to TRUE
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 In processSsidIE:4568 apVapId = 1 and Split Acl Id = 65535
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 Applying site-specific Local Bridging override for station 00:1e:c2:c0:96:05 - vapId 1, site 'AP-Group-CHEC.default', interface 'management'
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 Applying Local Bridging Interface Policy for station 00:1e:c2:c0:96:05 - vlan 84, interface id 0, interface 'management'
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 processSsidIE  statusCode is 0 and status is 0
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 processSsidIE  ssid_done_flag is 0 finish_flag is 0
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 suppRates  statusCode is 0 and gotSuppRatesElement is 1
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 apfProcessAssocReq (apf_80211.c:7830) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from Idle to AAA Pending
    *apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
    *radiusTransportThread: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Username entry (00-1E-C2-C0-96-05) created for mobile, length = 253
    *radiusTransportThread: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Username entry (00-1E-C2-C0-96-05) created in mscb for mobile, length = 253
    *apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Received SGT for this Client.
    *apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Redirect URL received for client from RADIUS. Client will be moved to WebAuth_Reqd state to facilitate redirection. Skip web-auth Flag = 0
    *apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Resetting web IPv4 acl from 255 to 255
    *apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Resetting web IPv4 Flex acl from 65535 to 65535
    *apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 84
    *apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Re-applying interface policy for client
    *apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2164)
    *apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2185)
    *apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 0 on mobile
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Inserting AAA Override struct for mobile
    MAC: 00:1e:c2:c0:96:05, source 2
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Initializing policy
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state AUTHCHECK (2)
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Not Using WMM Compliance code qosCap 00
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 0c:d9:96:ba:7d:20 vapId 1 apVapId 1 flex-acl-name:
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfMsAssoStateInc
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from AAA Pending to Associated
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfPemAddUser2:session timeout forstation 00:1e:c2:c0:96:05 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is  0
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Sending Assoc Response to station on BSSID 0c:d9:96:ba:7d:2f (status 0) ApVapId 1 Slot 1
    *apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfProcessRadiusAssocResp (apf_80211.c:3066) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from Associated to Associated
    *DHCP Socket Task: Jan 28 23:04:59.567: 00:1e:c2:c0:96:05 DHCP received op BOOTREQUEST (1) (len 308,vlan 84, port 13, encap 0xec03)
    *DHCP Socket Task: Jan 28 23:04:59.567: 00:1e:c2:c0:96:05 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
    *DHCP Socket Task: Jan 28 23:04:59.567: 00:1e:c2:c0:96:05 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0,  mobility state = 'apfMsMmQueryRequested'
    *DHCP Socket Task: Jan 28 23:05:01.523: 00:1e:c2:c0:96:05 DHCP received op BOOTREQUEST (1) (len 308,vlan 84, port 13, encap 0xec03)
    *DHCP Socket Task: Jan 28 23:05:01.523: 00:1e:c2:c0:96:05 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
    *DHCP Socket Task: Jan 28 23:05:01.523: 00:1e:c2:c0:96:05 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0,  mobility state = 'apfMsMmQueryRequested'
    *mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=ExpForeign, client state=APF_MS_STATE_ASSOCIATED
    *mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 apfMsRunStateInc
    *mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7)
    *mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 RUN (20) Reached PLUMBFASTPATH: from line 5793
    *mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 RUN (20) Adding Fast Path rule
      type = Airespace AP Client
      on AP 0c:d9:96:ba:7d:20, slot 1, interface = 13, QOS = 0
      IPv4 ACL ID = 255, IPv6 ACL ID = 255,
    *mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 84, Local Bridging intf id = 0
    *mmMaListen: Jan 28 23:05:02.363: 00:1e:c2:c0:96:05 0.0.0.0 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
    *pemReceiveTask: Jan 28 23:05:02.364: 00:1e:c2:c0:96:05 Set bi-dir guest tunnel for 00:1e:c2:c0:96:05 as in Export Foreign role
    *pemReceiveTask: Jan 28 23:05:02.364: 00:1e:c2:c0:96:05 0.0.0.0 Added NPU entry of type 1, dtlFlags 0x4
    *pemReceiveTask: Jan 28 23:05:02.364: 00:1e:c2:c0:96:05 Skip Foreign / Export Foreign Client IP 0.0.0.0 plumbing in FP SCB
    *DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP received op BOOTREQUEST (1) (len 308,vlan 84, port 13, encap 0xec03)
    *DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
    *DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP processing DHCP REQUEST (3)
    *DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   xid: 0xafea6bc9 (2951375817), secs: 5, flags: 0
    *DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   chaddr: 00:1e:c2:c0:96:05
    *DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   requested ip: 10.130.98.8
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP received op BOOTREPLY (2) (len 320,vlan 84, port 13, encap 0xec07)
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP processing DHCP ACK (5)
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   xid: 0xafea6bc9 (2951375817), secs: 0, flags: 0
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   chaddr: 00:1e:c2:c0:96:05
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.130.98.8
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   siaddr: 10.30.4.173,  giaddr: 0.0.0.0
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   server id: 1.1.1.2  rcvd server id: 1.1.1.2
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) DHCP Address Re-established
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Reached PLUMBFASTPATH: from line 6978
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Replacing Fast Path rule
      type = Airespace AP Client
      on AP 0c:d9:96:ba:7d:20, slot 1, interface = 13, QOS = 0
      IPv4 ACL ID = 255, IPv6 ACL ID
    *DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 84, Local Bridging intf id = 0
    *DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
    *DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 Assigning Address 10.130.98.8 to mobile
    *DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 DHCP success event for client. Clearing dhcp failure count for interface management.
    *DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 DHCP success event for client. Clearing dhcp failure count for interface management.
    *DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 DHCP successfully bridged packet to STA
    *pemReceiveTask: Jan 28 23:05:03.889: 00:1e:c2:c0:96:05 Set bi-dir guest tunnel for 00:1e:c2:c0:96:05 as in Export Foreign role
    *pemReceiveTask: Jan 28 23:05:03.889: 00:1e:c2:c0:96:05 10.130.98.8 Added NPU entry of type 1, dtlFlags 0x4
    *pemReceiveTask: Jan 28 23:05:03.890: 00:1e:c2:c0:96:05 Skip Foreign / Export Foreign Client IP 10.130.98.8 plumbing in FP SCB
    *apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 Received SGT for this Client.
    *apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 Resetting web IPv4 acl from 0 to 255
    *apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 Resetting web IPv4 Flex acl from 65535 to 65535
    *apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 AAA redirect is NULL. Skipping Web-auth for Radius NAC enabled WLAN.
    *apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 255 on mobile
    *apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
    *apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 Inserting AAA Override struct for mobile
    MAC: 00:1e:c2:c0:96:05, source 2
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Setting session timeout 3600 on mobile 00:1e:c2:c0:96:05
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Session Timeout is 3600 - starting session timer for the mobile
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Applying cached RADIUS Override values for mobile 00:1e:c2:c0:96:05 (caller pem_api.c:2307)
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Setting session timeout 3600 on mobile 00:1e:c2:c0:96:05
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Session Timeout is 3600 - starting session timer for the mobile
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Applied RADIUS override policy
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Replacing Fast Path rule
      type = Airespace AP Client
      on AP 0c:d9:96:ba:7d:20, slot 1, interface = 13, QOS = 0
      IPv4 ACL ID = 255, IPv6 ACL ID
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 84, Local Bridging intf id = 0
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Not Using WMM Compliance code qosCap 00
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Plumbed mobile LWAPP rule on AP 0c:d9:96:ba:7d:20 vapId 1 apVapId 1 flex-acl-name:
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Change state to RUN (20) last state RUN (20)
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 apfMsAssoStateInc
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from AAA Pending to Associated
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 apfPemAddUser2:session timeout forstation 00:1e:c2:c0:96:05 - Session Tout 3600, apfMsTimeOut '1800' and sessionTimerRunning flag is  1
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Scheduling deletion of Mobile Station:  (callerId: 49) in 3600 seconds
    *apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 3600
    *apfReceiveTask: Jan 28 23:05:18.718: 00:1e:c2:c0:96:05 Sending Assoc Response to station on BSSID 0c:d9:96:ba:7d:2f (status 0) ApVapId 1 Slot 1
    *apfReceiveTask: Jan 28 23:05:18.718: 00:1e:c2:c0:96:05 apfProcessRadiusAssocResp (apf_80211.c:3066) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from Associated to Associated
    *pemReceiveTask: Jan 28 23:05:18.720: 00:1e:c2:c0:96:05 Set bi-dir guest tunnel for 00:1e:c2:c0:96:05 as in Export Foreign role
    *pemReceiveTask: Jan 28 23:05:18.720: 00:1e:c2:c0:96:05 10.130.98.8 Added NPU entry of type 1, dtlFlags 0x4

  • Guest access with CWA on ISE

    Hi support community
    we just implemented CWA for wireless guest access using ISE. however we have an issue, the redirect URL is a name, not an IP address, and the guest dhcp scope use public DNS servers, so CWA doesn't work unless we set the company DNS servers.
    so my question... is there a way to configure ISE to send the ip address instead the name for redirection in CWA?
    Many thanks in advance...

    Hi, thanks for answering...
    Yes the problem is that public DNS servers obiously can't resolve ISE servers names. Additionaly the guest VLAN has an ACL blocking all the traffic destined to internal resourses with some exceptions (DHCP, DNS and ISE port for CWA).
    however, guest can access to some company services, but as if they were located on internet, ie through the public ip address, so if we use internal servers, they resolve the internal ip address and connections fails. the Muhammad suggestions could be the solution for the problem....but now is something to discuss with the DNS server administrator...
    thanks

  • I bought a new imac running Loin and Office 2011. The server we use to access emails runs exchange 2003 and my IT person says the imac is not compatible with the server. The server does not want to let me access using any email software.

    I bought a new imac running Loin with Office 2011. I am the only mac in the office and the Server we use to access emails runs exchange 2003 and my IT person says the imac is not compatible with the server. The server does not want to let me access using any email software other than webmail access through our website. It looks as though 2011 is not compatible with 2003 per some searches online, but what are some options I have to gain full access again? I purchased parallels in hopes that this my help and I am able to use remote desktop connection to log on to server but can not drag and drop files I need. There is a shared drive on that Server we all use to exchange files.
    The two main issues are gaining access to my email again and ability to drag and drop files from mac to pc. I hope this is enough info to get some solutions.
    PS - IT person says my iMac's IP is what his server does not understand so that is why I can not login.

    Office 2011 is not compatbile with Exchange 2003.
    I suggest you post further Office related questions on Microsoft's own forums for their Mac software:
    http://answers.microsoft.com/en-us/mac

  • Mail on iMac not accessing MS Exchange server but both iPhone and iPad access the same account with no problems.

    I have been using an iPhone and iPad to access my work emails via our MS Exchange server for a number of years now with no problems at all.  I recently replaced my home PC with an iMac (first Mac I have owned) but cannot get it to communicate with the exchange server.  I've checked and re-checked the information on the iMac and my iPad - I even deleted the mail account on the iPad and input the details concurrently with setting up on the iMac - but the Mac will not access the exchange server.
    I receive the message "The Exchange server "---------------" rejected the password for user "------"  Enter you password again or cancel."  I am using the correct password.  iPad and iPhone are logging on using that password fine.  iMac just ends up repeating this message.
    Our IT support at work assure me that there is no reason from their end for it not to work, and reasonably point to it working using the iPhone etc.
    I'd be extremely grateful if anyone can provide a solution to this basic, but extremely frustrating, little problem.

    iPhone and iPad use a different way of accessing the server.
    I don't know the exact details, but we are using Zarafa instead of Exchange and have the same problem:
    iPhone and the likes can connect to Zarafas z-push interface, which is some identical interface to the native Exchange interface, while the desktop e-mail application tries to interface with the web front end (via http) of the server.
    These are completely different setups and it depends on the actual installation of the server to get this going.
    So, you will most likely need different access parameters for the desktop - and the web mail feature has to be enabled on the Exchange server.
    In my opinion using the web mail interface is just silly. On the other hand, the native protocol has less features comparedto the web front end, so you are somehow stuck with sins of the past.
    Good luck!

  • Accessing MS Sql Server with Java classes - problem connecting to socket

    I found an example at this location which uses java classes to connected to MS Sql Server.
    http://search400.techtarget.com/tip/1,289483,sid3_gci1065992,00.html
    --bummer - it is a login location - so I will include the article
    Anyway, the example is using Websphere, but I am still on Jbuilder (will get wsad soon). So I planted the classes from the example in
    C:\Borland\JBuilder\jkd1.4\jre\lib\ext\...the classes
    Then I copied the code from the example to my jpx project and got an error that it could not connect to the socket. The only thing I changed in the code was the connection string:
    --original string from example:
    Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://1433", "");
    I was getting an error with the 2 argument version of DriverManager - and the second argument here was empty (properties argument). Here was my connection string:
    Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://Myserver:1433;User=sa;Password=");
    I am only using the 1 argument version of DriverManager. Note that the password=" is blank because my RnD workstation is standalone - no one accesses the sql server except me - so no password. I also left out the last semicolon I noticed. Any suggestions appreciated how I could fix this.
    Thanks
    source of article:
    http://search400.techtarget.com/tip/1,289483,sid3_gci1065992,00.html
    iSeries 400 Tips:
    TIPS & NEWSLETTERS TOPICS SUBMIT A TIP HALL OF FAME
    Search for: in All Tips All search400 Full TargetSearch with Google
    PROGRAMMER
    Sample code: Accessing MS SQL Server database from the iSeries
    Eitan Rosenberg
    09 Mar 2005
    Rating: --- (out of 5)
    Nowadays with the help of Java the iSeries can be integrated with other databases quite easy. This tip shows you how. The code included here uses the free Microsoft driver that can be downloaded from here. (SQL Server 2000 Driver for JDBC Service Pack 3)
    If your SQL server does not include the Northwind Sample Database you can find it here.
    http://www.microsoft.com/downloads/details.aspx?familyid=07287b11-0502-461a-b138-2aa54bfdc03a&displaylang=en
    The download contains the following files:
    msbase.jar
    mssqlserver.jar
    msutil.jar
    Those files needs to be copied to the iSeries directories (/home/r_eitan/ExternalJARs).
    Here's the directory structure (on the iSeries) for this sample:
    /home/r_eitan/ExternalJARs - Microsoft files (msbase.jar,mssqlserver.jar,msutil.jar)
    /home/r_eitan/JdbcTest02 - My code (Main.java,Main.class)
    The Java code
    import java.sql.*;
    import java.io.*;
    class Main {
    * Connect to Microsoft SQL server and download file northWind.products as tab
    * seperated file. (products.txt)
    public static void main(String args[]) {
    try {
    PrintStream outPut = new PrintStream(new BufferedOutputStream(new FileOutputStream("products.txt")));
    Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");
    //Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://1433", "");
    Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://Myserver:1433;User=sa;Password=");
    System.out.println("Connection Done");
    connection.setCatalog("northWind");
    String sqlCmdString = "select * from products";
    Statement statement = connection.createStatement();
    ResultSet resultSet = statement.executeQuery(sqlCmdString);
    ResultSetMetaData resultSetMetaData = resultSet.getMetaData();
    int columnCount = resultSetMetaData.getColumnCount();
    // Iterate throught the rows in resultSet and
    // output the columns for each row.
    while (resultSet.next()) {
    for (int index = 1; index <=columnCount; ++index)
    String value;
    switch(resultSetMetaData.getColumnType(index))
    case 2 :
    case 3 :
    value = resultSet.getString(index);
    break;
    default :
    value = """ + resultSet.getString(index) + """;
    break;
    outPut.print(value + (index < columnCount ? "t" : ""));
    outPut.println();
    outPut.close();
    resultSet.close();
    connection.close();
    System.out.println("Done");
    catch (SQLException exception)
    exception.printStackTrace();
    catch (Exception exception)
    exception.printStackTrace();
    --------------------------------------------------------------------------------------------------

    My guess is that the server's host name isn't right. It necessarily (or even usually) the "windows name" of the computer. Try with the numeric IP address instead (type "ipconfig" to see it).
    First aid check list for "connection refused":
    - Check host name in connect string.
    - Check port number in connect string.
    - Try numeric IP address of server host in connect string, in case name server is hosed.
    - Are there any firewalls between client and server blocking the port.
    - Check that the db server is running.
    - Check that the db server is listening to the port. On the server, try: "telnet localhost the-port-number". Or "netstat -an", there should be a listening entry for the port.
    - Try "telnet serverhost the-port-number" from the client, to see if firewalls are blocking it.
    - If "telnet" fails: try it with the numeric ip address.
    - If "telnet" fails: does it fail immediately or after an obvious timeout? How long is the timeout?
    - Does the server respond to "ping serverhost" or "telnet serverhost" or "ssh serverhost"?

  • ISE Admin Access with AD Credentials fails after upgrade 1.2.1 to 1.3.0

    Hello,
    After upgrading ISE VM from 1.2.1 to 1.3.0.876, I can't connect on ISE with AD Credentials (Invalid Username or Password). It worked find before upgrading to 1.3.
    On another ISE VM in 1.3.0.876 version (w/o upgrade) with this kind of configuration, it's OK.
    I have double check the Post-upgrade tasks (particularly rejoining Active Directory). Everything worked find after this upgrade except the admin access with AD credentials.
    I don't use user certificate-based authentication for admin access. So I didn't execute application start ise safe CLI.
    My 802.1x wireless users passed authentication with AD credentials. So the ISE had correctly join my AD.
    I didn't find anything related to this admin access with AD credentials failure in the output of show logging application ise and show logging.
    I don't find anything related to this in bug search on Cisco tools.
    I tried to :
    - update the SID of my Admin AD Group, the result is still the same.
    - delete my admin access with AD credentials configuration then make this configuration again, but still the same error.
    Any ideas on this ? Could I find elements in another log ?
    Regards.

    Dear Markus,
    After logging as user "prdadm"
    su - prdadm
    bssltests% bash-3.00$ ls -a
    .                            .dbenv_bssltests.sh-old      .sapenv_bssltests.sh         startdb.log
    ..                           .dbenv_bssltests.sh-old10    .sapenv_bssltests.sh-new     startsap_.log
    .bash_history                .dbsrc_bssltests.csh         .sapenv_bssltests.sh-old10   startsap_DVEBMGS00.log
    .cshrc                       .dbsrc_bssltests.sh          .sapsrc_bssltests.csh        startsap_DVEBMGS01.log
    .dbenv_bssltests.csh         .login                       .sapsrc_bssltests.sh         stopdb.log
    .dbenv_bssltests.csh-new     .profile                     dev_sapstart                 stopsap_.log
    .dbenv_bssltests.csh-old     .sapenv_bssltests.csh        local.cshrc                  stopsap_DVEBMGS00.log
    .dbenv_bssltests.csh-old10   .sapenv_bssltests.csh-new    local.login                  stopsap_DVEBMGS01.log
    .dbenv_bssltests.sh          .sapenv_bssltests.csh-old    local.profile                trans.log
    .dbenv_bssltests.sh-new      .sapenv_bssltests.csh-old10  sqlnet.log
    bash-3.00$
    bash-3.00$
    I have changed envt settings in .dbenv_bssltests.csh & .dbenv_bssltests.sh
    .sapenv_bssltests.sh & .sapenv_bssltests.csh  [4 files]
    Regards,
    Ankita

  • The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error

    We are getting the below error when we see in Crawl logs
    "The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error."
    This is happening in FAST search.
    Here I can see soke of the logs related to this search crawl.
    Could anyone please help on this?
    web application 'http://xvy/' doesn't use search application 'FAST Query SSA', skipping it.
    ABC\sp_search' on web application 'http://xvy/'. 2d7dba01-3d2e-4903-b59f-9a8601627bcd
    07/30/2014 01:30:46.65  OWSTIMER.EXE (0x28DC)                    0x1BC0 SharePoint Server Search       Administration               
     dl2m Verbose  Search application 'Search Service Application 1': Skipping web application '48ed7882-9f70-424e-bf72-e3c9f5340b97' because its outbound url 'http://ebc:30347' was automatically added once.
    Ensure full read access to the indexing account 'ABC\sp_search' on web application 'http://nvcp/'. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dl2m Verbose  Search application 'FAST Query SSA': Skipping web application '57718ea1-8cb5-4adc-abd2-9e55415e5791' because its outbound url 'http://nvcp' was automatically added once. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dl2n Verbose  Search application 'FAST Query SSA': Adding start address 'http://nvcp' for web application '57718ea1-8cb5-4adc-abd2-9e55415e5791' to list of valid start addresses. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dmb6 Verbose  Ensure full read access to the indexing account 'ABc\sp_search' on web application 'http://nvcp'ext/'. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dl2m Verbose  Search application 'FAST Query SSA': Skipping web application '64d562a1-535e-4917-8979-88840e2a67fe' because its outbound url 'http://nvcp'ext' was automatically added once. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dl2n Verbose  Search application 'FAST Query SSA': Adding start address 'http://nvcpext' for web application '64d562a1-535e-4917-8979-88840e2a67fe' to list of valid start addresses. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dmb6 Verbose  Ensure full read access to the indexing account 'ABC\sp_search' on web application 'http://nvcpnew/'. 85041609-d618-4132-ac8e-195a910d99a0
    executing SQL query {? = call dbo.proc_MSS_PropagationIndexerGetReadyQueryComponents}  [propdatabase.cxx:70]  d:\office\source\search\native\ytrip\tripoli\propagation\propdatabase.cxx 
    07/30/2014 01:32:04.31  mssearch.exe (0x0588)                    0x1DE4 SharePoint Server Search       Propagation Manager          
     e3o3 Verbose  executing SQL query {? = call dbo.proc_MSS_PropagationIndexerGetReadyQueryComponents}  [propdatabase.cxx:70]  d:\office\source\search\native\ytrip\tripoli\propagation\propdatabase.cxx 
    07/30/2014 01:32:04.68  mssdmn.exe (0x15CC)                      0x1060 SharePoint Server Search       HTTP Protocol
    Handler          du4i                     0x29E4 SharePoint Server Search       HTTP
    Protocol Handler          du4i Verbose  CHttpAccessorHelper::InitRequestInternal - opening request for '/robots.txt'.   [httpacchelper.cxx:353]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
    07/30/2014 01:32:04.70  mssdmn.exe (0x15CC)                      0x29E4 SharePoint Server Search       HTTP Protocol
    Handler          du54 High     CHttpAccessorHelper::InitRequestInternal - unexpected status (503) on request for 'http://ppecpnew/robots.txt' Authentication 0.  [httpacchelper.cxx:703] 
    d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
    07/30/2014 01:32:04.70  mssearch.exe (0x0588)                    0x130C SharePoint Server Search       Gatherer                     
     cd11 Warning  The start address http://nvcp'/sites/quipme cannot be crawled.  Context: Application 'FAST_Content_SSA', Catalog 'Portal_Content'  Details: 
    The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error.   (0x80041200) 
    07/30/2014 01:32:04.70  mssdmn.exe (0x15CC)                      0x104C SharePoint Server Search       HTTP Protocol
    Handler          du4i Verbose  CHttpAccessorHelper::InitRequestInternal - opening request for '/robots.txt'.   [httpacchelper.cxx:353]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
    07/30/2014 01:32:04.70  mssdmn.exe (0x15CC)                      0x104C SharePoint Server Search       HTTP Protocol
    Handler          du54 High  
    07/30/2014 01:32:04.70  mssearch.exe (0x0588)                    0x2948 SharePoint Server Search       Gatherer                     
     cd11 Warning  The start address
    http://nvcp'/sites/MDPPubng cannot be crawled.  Context: Application 'FAST_Content_SSA', Catalog 'Portal_Content'  Details:  The crawler could not communicate with the server. Check that the server is
    available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error.   (0x80041200) 
     CHttpProbeHelper::ProbeServer: InitRequest failed for 'http://ppecpnew/_vti_bin/sitedata.asmx'. Return error to caller, hr=80041200  [stscommon.cxx:490]  d:\office\source\search\native\gather\protocols\common\stscommon.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     dvg0 High     STS3::COWSServer::InitializeClaimsCookie: Probing url 'http://pncvr' failed. Return error to caller, hr=80041200  [sts3util.cxx:1332]  d:\office\source\search\native\gather\protocols\sts3\sts3util.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     en0e High     CSTS3Accessor::InitURLType: Return error to caller, hr=80041200                 [sts3acc.cxx:2214]  d:\office\source\search\native\gather\protocols\sts3\sts3acc.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     dv3p High     CSTS3Accessor::GetServer fails, Url sts4://pnvpr/siteurl=sites/product/siteid={7ebfb072-08a8-4df7-8f74-e06730325d9a}/weburl=/webid={bd7ae724-1256-4b26-9633-416447d6bc5c}, hr=80041200  [sts3acc.cxx:185] 
    d:\office\source\search\native\gather\protocols\sts3\sts3acc.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     dvb1 High     CSTS3Accessor::Init fails, Url sts4:/mngbv/siteurl=sites/product/siteid={7ebfb072-08a8-4df7-8f74-e06730325d9a}/weburl=/webid={bd7ae724-1256-4b26-9633-416447d6bc5c}, hr=80041200  [sts3handler.cxx:312] 
    d:\office\source\search\native\gather\protocols\sts3\sts3handler.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x16FC SharePoint Server Search       HTTP Protocol
    Handler          du2z Verbose  CHttpProbeHelper::ProbeServer: Probing server with url 'http://pnvpr/_vti_bin/sitedata.asmx'.  [stscommon.cxx:476]  d:\office\source\search\native\gather\protocols\common\stscommon.cxx 
    07/30/2014 01:32:26.08  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     dvb2 High     CSTS3Handler::CreateAccessorExD: Return error to caller, hr=80041200            [sts3handler.cxx:330]  d:\office\source\search\native\gather\protocols\sts3\sts3handler.cxx 
    07/30/2014 01:32:26.08  mssdmn.exe (0x15CC)                      0x16FC SharePoint Server Search       HTTP Protocol
    Handler          du4i Verbose  CHttpAccessorHelper::InitRequestInternal - opening request for '/_vti_bin/sitedata.asmx'.  [httpacchelper.cxx:353]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
    earch application 'FAST Query SSA': Adding start address 'http://mnvfgext' for web application '64d562a1-535e-4917-8979-88840e2a67fe' to list of valid start addresses. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dmb6 Verbose  Ensure full read access to the indexing account 'ABC\sp_search' on web application 'http://nvpr/'. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dl2m Verbose  Search application 'FAST Query SSA': Skipping web application 'cea7b67b-fd5f-4c9a-a300-64a7d7ca3093' because its outbound url 'http://pnvpr' was automatically added once. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dl2n Verbose  Search application 'FAST Query SSA': Adding start address 'http://pnvpr' for web application 'cea7b67b-fd5f-4c9a-a300-64a7d7ca3093' to list of valid start addresses. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dl2k Verbose  web application 'http://abcrsp/' doesn't use search application 'FAST Query SSA', skipping it. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dl2k Verbose  web application 'http://excb/' doesn't use search application 'FAST Query SSA', ski
    Anil Loka

    Hi,
    According to your post, my understanding is that you got error when communicating to the server.
    This happens when crawler is not able to connect to the server. Make sure server name is correct. Couple of steps to troubleshoot it
    You should be able to ping the server from the server having crawl component. Make sure there is an entry for the server in the host file under c:\Windows\System32\drivers\etc folder.
              Ping <servername>
          2.  You should be able to connect to the server using telnet command
    Telnet< servername> <port number>
    More information:
    Troubleshooting of FAST Search Configuration
    If the issue still exists, you can delete the old search application and recreate from the beginning.
    You can also reset the index and do a full crawl after.
    Here is a similar thread for your reference:
    http://social.technet.microsoft.com/Forums/en-US/f3c61b53-304a-4c2a-a370-d0e573219d1d/an-unrecognized-http-response-was-received-when-attempting-to-crawl-this-item?forum=sharepointadminprevious
    Best Regards,
    Linda Li
    Linda Li
    TechNet Community Support

  • Does using self-signed cert. on ISE server has anthing to do with url redirect being not working

    Hi,
    I am setting up wired ISE environment. Everything is going fine, except url redirect is not working.
    I just wondering, if using self-signed certificate on ISE server has anothing to do with the problem ?.
    Appreciate your input.
    Thanks

    Hi,
    As long as you have not changed the hostname or the domain name (and dns is accurate). You should only receive the certificate warning but still get redirected without any issues.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Error: "Cannot access the web server" with BlazeDS Turnkey

    Help! I'm new to Flex and BlazeDS and Eclipse.  I was trying to setup a Flex Project using a BlazeDS/Tomcat server running from Eclipse on Windows XP per the example in flexbandit.com/archives/55#comment-269 and in (www.infoq.com/articles/blazeds-intro).   I am NOT using the Eclipse Flex plug-in.  I'm using Flex Builder for the Flex code.
    Here's what I've done:
    I installed BlazeDS and tested http://localhost:8400 - That worked.
    I setup Tomcat in Eclipse.  -  That seemed to work.
    I created a Dynamic Web Project in Eclipse - That seemed to work.
    I created the bare-bones BlazeDS Configuration under the Eclipse project and then created a basic HelloWorld java class.
    I added the destination in the “remoting-config.xml” file found in the c:/projects/workspace/ReportGenTool/WebContent/WEB-INF/flex” directory:
    <destination id="HelloWorld">   <properties>  <source>HelloWorld</source> </properties> </destination>
    When I started the application server by clicking on the server's green play button in Eclipse and then tried to open localhost:8400/ReportGenTool, I got the 404 error : The requested source (/ReportGenTool/) is not available which according to the instructions is fine.
    Next I created a Flex Project, but when I try to validate the new Flex project configuration, it gives me an error "Cannot access the web server. The server may not be running, or the web root folder or root URL may be invalid."
    When I validated the server was running after setting up the BlazeDs Turnkey, I saw the BlazeDS page.
    Now when I bring up http://localhost:8400 I get:
          Directory Listing for /
          Apache Tomcat/6.0.14
    My eclipse project is named ReportGenTool and I've overwritten the WebContent directory with the META-INF and WEB-INF directories from the BlazeDS installation (C:\blazeds\tomcat\webapps\blazeds).  According to Eclipse the server is running.
    My Flex project is named ReportGenTool and is located in another directory away from the Eclipse project directory.
         My root folder is: C:\Projects\workspace\ReportGenTool\WebContent
         Root URL: is http://localhost:8400/ReportGenTool/
         Context root is: /ReportGenTool/
    Any idea what might be wrong? What didn't I configure that needs to be configured?
    Thanks in advance.

    This is not working because your router has a direct to your web server that is not through the outside interface which is needed for nat to occur, for this to work you need to setup a loopback interface as nat outside and policy route traffic to there for your server traffic
    Bu if your server is internal why do you need nat at all? Can you not use bind with views that might be simpler
    M
    Sent from Cisco Technical Support iPad App

  • When I try to access GameCenter on my Mac it says "The requested operation could not be completed due to an error communicating with the server." How can I fix this?

    When I try to access GameCenter on my Mac it says "The requested operation could not be completed due to an error communicating with the server." How can I fix this?

    This usually caused by a customised hosts file.
    These need to be the only entries in your /etc/hosts file:-
    # Host Database
    # localhost is used to configure the loopback interface
    # when the system is booting.  Do not change this entry.
    127.0.0.1       localhost
    255.255.255.255 broadcasthost
    ::1             localhost
    fe80::1%lo0     localhost
    Remove anything below these entries, then try and reconnect with GC. Once GC starts properly you can put the extra entries back in your hosts file, GC should start normally afterwards.
    https://discussions.apple.com/message/19276629#19276629
    Jerry

  • Cisco WLC with ISE - need to restrict access during non-business hours

    Hello,
    We have a requirement to turn off our wireless during non-business hours.  We have a 5508 WLC with ISE.  What is the best way to accomplish this task?  
    Thank you in advance.
    Beth

    Aside from Steve's respond, there are several methods of doing this and this will all depend on how complex your network is and how technical you want to do this.  
    1.  As what Steve said, use PI and you can define several schedules when to turn off/on the SSID; 
    2.  If you have corporate access, you can use AD to schedule non-business hours; 
    3.  If you have Cisco PoE switches, you can enable EnergyWise to power off the APs; 
    4.  If you manage your core network, you can enable time-based ACL to disable the default gateway of the dynamic interface which is attached to your SSID.  
    The most "destructive" method is option #3, because there are chances that your AP won't power up properly, if not power up at all.  

  • Trying to access Windows 2003 Server share with Mac OS 9.04

    Hi
    I cannot connect to a Windows 2003 Server share on my 2003 domain. I can access the share with my MacBook (10.4.9) & my G4. I have File Services for Mac installed & can ping the server from all OS 9 Mac.
    Can anyone give me some tips?
    MacBook     Administrator

    How are you trying to connect to the server? Via AppleTalk or IP? (What utility are you using to ping the server from the Mac OS 9 machine?) Since you're not providing any information about error messages you're receiving or the symptoms of your problem I can only provide the following information.
    If you're selecting the server from a list in the Chooser and clicking the OK button then the connection should switch to IP automatically. Make sure your Mac has TCP/IP enabled and is receiving an IP address or that you have an appropriate IP address hard-coded. You can try forcing an IP connection by entering the IP address or DNS name of the server in the Chooser rather than selecting it from the list in the Chooser.
    Or you can try forcing an AppleTalk connection by selecting the server in the Chooser and holding down the Option key as you click the Connect button. If you're asked to enter your name and password then you're communicating properly with the server. This is, however, a very slow connection compared to IP.
    Finally, be sure you update to the latest version of Mac OS 9, which is 9.2.2 <http://docs.info.apple.com/article.html?artnum=75288>.
    Hope this helps! bill
    1 GHz Powerbook G4   Mac OS X (10.4.9)  

Maybe you are looking for

  • Has anyone tried to actually get a hold of apple support and had them reply

    Have been attempting to get apple support for over one hour - continue you to receive notice that I will have assistance in two minutes Nothing happens I wish to link my phone with my car - having difficult time of it

  • Number of times the record to be printed in Oracle reports

    I have a requirement to print each record in specified number of times based on one of the field of the record. For Ex: Each record has the following fields and I need to print each record based on Quantity Cust PO Number Item Number Quantity PO1234 

  • My safari won't open. What do I do?

    My safari won't open. What do I do?

  • Adobe Professional MSI package not installing

    Hello, I have downloaded the Adobe Professional MSI package from the Creative Cloud Packager but the application will not install. I have tried both 32bit and 64 bit versions to no avail. Here are some errors from the PDApp.Log File Any help that cou

  • Converter Problem

    I am probably making a very simple error here, but I have checked the Forum and cannot find anyone who has had the same problem. I have written an applet called "Proposal" which I have created in a package called "proposal". (i.e. proposal.Proposal)