Acs Appliance\AD Domain and Remote Client

Similar Messages

• Difference between system copy and Remote Client copy?

  Hi,
  Can any body suggest me , What are the major difference between System copy and Remote Client Copy.
  As per my knowledge , Both are different
  1.In system copy  entire data recovered mean copy from Source to target
  2.In Remote client copy All  Client data can't me import if you choose SAP_ALL profile also
        I hope Transaction data and user data can't copied
  Anybody share this Question and Give me some idea about this
  If anybody  give brief explanation that is very gratefull.
  regards,
  Balaram

  Hi,
  System copy will replicate all database from source to target system.
  In remote copy only client in which you are performing the copy will get refresh. Also, remote client copy will be done between systems on same patch level. with SAP_ALL profile you can bring all data in target system including your transactional data.
  Thanks
  Sunny

• Virtual Mail Domains and Email Client setup...

  Hello,
  I have read the Apple Mail Services pdf and I have read petrobytes pdf on virtual user setup and I now have it working.
  The question I have is if I have a virtual domain called vdom1.com and a local domain called ldom.com and I have a user called "user1" in each of these should I not be able to to use "user1" as the username in a mail client config? It won't let me and I would really rather not give out usernames that look like vdom1user1, if at all possible?
  Thanks,
  tom

  Well, obviously you haven't read my tutorial properly
  11. - What do my users need to know?
  "Username: user1 and password will not work or fetch the wrong
  mailbox (unless the user is a local domain user). For virtual
  domain users, [email protected] and password is the
  way to go."
  Use user1 for the local domains and [email protected] for the virtual domain.
  Alex

• Local Client Copy and Remote Client Copy in MS - SQL Database

  Dear Gurus,
  If i need to do the local client copy or remote client what is the procedure i should consider because i'm using MS-SQL 2005 database.Most of the thread using Oracle database.Can u give me the step by step or manual how to make it.
  Thanks an advance.
  /Shah

  Hi.
  SAP Help is a very good source for info -> [Link|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/69/c24c4e4ba111d189750000e8322d00/frameset.htm].
  I suggest that you read the manual carefully. There are many tipps to improve performance (parallel processes) and tipps and tricks to avoid problems. If you need some notes, they are adviced there.
  Also the notes [116787|https://websmp230.sap-ag.de/sap%28bD1kZSZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=116787], [552711|https://websmp230.sap-ag.de/sap%28bD1kZSZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=552711], [67205|https://websmp230.sap-ag.de/sap%28bD1kZSZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=67205] or [489690|https://websmp230.sap-ag.de/sap%28bD1kZSZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=489690] are interesting.
  regards,
  Martin

• Trying to write a basic EJB app w/ JPA and remote client

  I'm trying to put together a simple sample app that shows a simple stateless session bean that grabs a Java EE 5 entity from the DB and sends it to the remote caller. I have an entity class called Person that simply has getId() and getName() methods.
  I'm trying to get a reference to the session bean (using InitialContext.lookup()), which works. Then I try to call a method on that bean, which works as long as the type being returned is not a Person object. I've had the bean always return "Hello" and it works just fine.
  Here's the bean code.
  @Stateless(mappedName="RolodexSession")
  public class RolodexSessionBean implements RolodexSessionRemote {
      @PersistenceContext
      private EntityManager em;
      /** Creates a new instance of RolodexSessionBean */
      public RolodexSessionBean() {
      public Object getPersonByName(String name)
          Query q = em.createQuery("select object(o) from Person o where o.name=:n");
          q.setParameter("n",name);
          List results = q.getResultList();
          if (results.isEmpty())
              return "emtpy";
          // this would work just fine...
          // return "Some string";
          // but this doesn't work at all
          return results.get(0);
  }Here's the client code...
  public class Main {
      @EJB
      protected RolodexSessionRemote rolodexSession;
      /** Creates a new instance of Main */
      public Main() throws NamingException {
          Context ctx = new InitialContext();
          rolodexSession = (RolodexSessionRemote)ctx.lookup("RolodexSession");
          Object result = rolodexSession.getPersonByName("John Smith");
          System.out.println(result);
       * @param args the command line arguments
      public static void main(String[] args) throws NamingException {
          Main m = new Main();
  }I made sure to put a Person object into my database with the name "John Smith".
  The error I keep getting is...
  Dec 7, 2006 4:40:29 PM com.sun.corba.ee.impl.encoding.CDRInputStream_1_0 read_value
  WARNING: "IOP00810257: (MARSHAL) Could not find class"
  org.omg.CORBA.MARSHAL:   vmcid: SUN  minor code: 257 completed: Maybe
          at com.sun.corba.ee.impl.logging.ORBUtilSystemException.couldNotFindClass(ORBUtilSystemException.java:8309)
          at com.sun.corba.ee.impl.encoding.CDRInputStream_1_0.read_value(CDRInputStream_1_0.java:984)
          at com.sun.corba.ee.impl.encoding.CDRInputStream.read_value(CDRInputStream.java:259)
          at com.sun.corba.ee.impl.io.IIOPInputStream.inputObjectField(IIOPInputStream.java:1987)
          at com.sun.corba.ee.impl.io.IIOPInputStream.inputClassFields(IIOPInputStream.java:2211)
          at com.sun.corba.ee.impl.io.IIOPInputStream.inputObject(IIOPInputStream.java:1219)
          at com.sun.corba.ee.impl.io.IIOPInputStream.simpleReadObject(IIOPInputStream.java:398)
          at com.sun.corba.ee.impl.io.ValueHandlerImpl.readValueInternal(ValueHandlerImpl.java:329)
          at com.sun.corba.ee.impl.io.ValueHandlerImpl.readValue(ValueHandlerImpl.java:295)
          at com.sun.corba.ee.impl.encoding.CDRInputStream_1_0.read_value(CDRInputStream_1_0.java:1005)
          at com.sun.corba.ee.impl.encoding.CDRInputStream_1_0.read_value(CDRInputStream_1_0.java:850)
          at com.sun.corba.ee.impl.encoding.CDRInputStream.read_value(CDRInputStream.java:255)
          at com.sun.corba.ee.impl.corba.TCUtility.unmarshalIn(TCUtility.java:269)
          at com.sun.corba.ee.impl.corba.AnyImpl.read_value(AnyImpl.java:558)
          at com.sun.corba.ee.impl.encoding.CDRInputStream_1_0.read_any(CDRInputStream_1_0.java:710)
          at com.sun.corba.ee.impl.encoding.CDRInputStream.read_any(CDRInputStream.java:225)
          at com.sun.corba.ee.impl.javax.rmi.CORBA.Util.readAny(Util.java:449)
          at com.sun.corba.ee.impl.presentation.rmi.DynamicMethodMarshallerImpl$10.read(DynamicMethodMarshallerImpl.java:251)
          at com.sun.corba.ee.impl.presentation.rmi.DynamicMethodMarshallerImpl.readResult(DynamicMethodMarshallerImpl.java:424)
          at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:162)
          at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:119)
          at com.sun.corba.ee.impl.presentation.rmi.bcel.BCELStubBase.invoke(BCELStubBase.java:197)
          at session.__RolodexSessionRemote_Remote_DynamicStub.getPersonByName(__RolodexSessionRemote_Remote_DynamicStub.java)
          at session._RolodexSessionRemote_Wrapper.getPersonByName(session._RolodexSessionRemote_Wrapper.java)
          at clientapp.Main.<init>(Main.java:33)
          at clientapp.Main.main(Main.java:41)I'm running this on the Sun Java System App Server 9.0.
  Any ideas?

  I've narrowed down the issue. The Person object that I'm trying to send back has a one-to-many relationship with Address objects. I have this all setup correctly, I think. Here's the code from Person.java that establishes that relationship.
       * Holds value of property addresses.
      @OneToMany(mappedBy = "person")
      private List<Address> addresses;
       * Getter for property addresses.
       * @return Value of property addresses.
      public List<Address> getAddresses() {
          return this.addresses;
       * Setter for property addresses.
       * @param addresses New value of property addresses.
      public void setAddresses(List<Address> addresses) {
          this.addresses = addresses;
      }In Address.java I have the other side of the relationship defined (again, correctly, I think).
  IF I COMMENT OUT THIS RELATIONSHIP EVERYTHING WORKS! So, the problem seems to be related to using foreign key associations. Is there something I'm missing here? Perhaps it's related to lazy-loading of foreign keys?

• ASA5510 configuration to end VPN L2L and remote client in DMZ interface

  Hi,
  we have a Cisco ASA5510 with 3 interfaces.
  - Internet Interface with private addressing
  - DMZ Interface with public IP address
  - Internal interface.
  Our ISP route our public IP range to our Internet interface (with a 192.168.x.x).
  I'm trying to configure ASA5510 for L2L VPN and for Cisco VPN client server listening in the public IP@ assigned to the DMZ interface, but for the moment without success.
  Is it possible?. Any consideration to have into account?.
  I attach a diagram.
  I see packets UDP500 arriving to the Internet interface but there is no replies:
  172: 17:07:25.164115 81.223.31.240.50763 > X.X.X.X.500:  udp 1160
  (X.X.X.X is a public IP@ configured in the DMZ interface)
  Thanks a lot.

  I don't think it is possible with only one *logical* interface. Router as a EZVPN Client requires two interfaces to do PAT for traffic going to the Internet. So far as I know, this is autoconfigured in both Client and NEM modes and cannot be disabled. However you *can* use 802.1q trunk to create two *logical* interfaces and configure EZVPN Client, or just configure Site-to-Site on a stick.
  HTH

• ACS Appliance User DB to new non-appliance ACS server

  Is it possible to replicate an ACS appliance user DB and replicate it on a new non-appliance ACS server. We're adding additional ACS servers and don't want to re-create all the groups and mappings. Think of it as ghosting an appliance and restoring it on a new server. Thx

  Here is the link,
  http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml
  Here is the troubleshooting check list, in case you face any issue,
  1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication
  2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.
  3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.
  4) Ensure that the secondary server has it's replication scheduling set to "manual".
  5) Please verify that your servers are all running exactly the same ACS version and build.
  6) Also let me know if we have any firewall in between two acs servers.
  Regards,
  ~JG

• WCF NetTcpBinding, remote client Established TCP Ports do not recycle

  In our application we have bunch of WCF services(NetTcpBinding) hosted under Windows Service, we have a remote client/clients which is connecting to this wcf service.
  When Network connection drop between client and Server, I am seeing that Established TCP Ports does NOT get recycled, When we get Network connectivity back and remote client app try to connect to the service again, we see new TCP Ports getting created again,
  but old TCP Ports still remain open, we have set ReliableSession to true and ReceiveTimeOut to 10 min on our WCF Service.
  Could anyone know here why this connection never gets recycled, what we have to do specific to have them cleanedup if remote client either crashes or network connection drops.

  You are probably closing the TCP connection simultaneously from both the client and server.  There is a design issue with TCP going back to the 1970's that has never been fixed.  When connections are closed from both ends at the same time sometimes
  ports are left open in a half open / half close state.  The correct method for closing TCP is as follows
  1)  From application level client send command to stop server
  2) Client closes connection
  3) Server uses the on closed event to dispose server objects so no memory leak occurs.
  jdweng

• ACS appliance and remote agent testing

  Having problems with integrating ACS appliance with Active Directory. Have installed the remote agent on a member server and from the ACS appliance can enumerate the Active Directory groups correctly so there is at least some communication happening.
  Looking at the remote agent logs whenever a request for the AD groups comes through you see corresponding log entrys. When a user tries to authenticate though there are no logs coming through to the remote agent. So maybe it is not being sent to remote agent?
  In the failed authentications log on the ACS the error is unknown user, it does show the correct username + domain as the person trying to authenticate.
  The Windows server is setup for unknown user policy.
  ACS version is 4.1.1.23, Remote Agent is latest version available.
  Any ideas or things to check?

  Hi,
  As per your last line, It seems that ACS and RA ver are not same. Please note that ACS appliance and RA software ver has to be same else it won't work.
  Regards,
  ~JG

• ACS appliance 3.2.2.5 Remote Agents for Windows DB disappear

  I have two ACS boxes: one is ACSNT and the other an ACS appliance. Both run 3.2.2.5 and have been in production for quite some time. The ACSNT box is the primary and replicates to the appliance as backup. These units authenticate to three different Windows domains: 2 NT domains and 1 AD.
  Recently I just added support for RSA 6.0 servers. Not wanting to mess with the client install on the ACSNT box, I set it up as a RADIUS token server as you do on the appliance. It works just fine on the ACSNT box. On the appliance, however, my Windows external DB quit working with "external db not operational" messages. I rebuilt the Windows external DB, recreated the group mappings, added the remote agents, etc. Things were working fine. I recreated the RSA config and still the Windows DB was working although the RSA config was not working (still working on that if TAC ever calls me back). A few hours later, I decided to check the Windows DB and it was broken again. I checked it out and the remote agents were somehow deleted. Nothing in the logs show it but they were gone. I recreated them and it worked again. This has happened twice now. Does anybody have any advice? The logs show nothing to indicate a problem on the appliance exists and of course the docs state that there should be no problem with both a RADIUS and Windows DBs living together on the same box. All comments welcome!
  Thanks,
  Rik

  Sorry it took so long to get back...I've been out of the office for a few days.
  I did check the the docs for issues like this but found nothing. The TAC Engineer escalated it and both engineers kept saying my new RSA servers were causing my issues. However, a simple reboot of the box (it is built on Win2K after all...) cleared up all of the strange issues.
  Thanks,
  Rik Guyler

• ACS appliance 4.1 - machine authentification from trusted Domain failed

  We have a acs appliance 4.1 with a agent running on a X domain controller to authenticate user's from the X domain active directory.
  User's and Computer's are able to authenticate without any issue on X domain.
  We have recently add a trusted Y domain on this X domain.
  User's from Y domain are able to authenticate on our ACS without any issue , but machine are not able to authenticate.
  03/14/2011
  10:44:32
  Authen failed
  host/FLADWS0072.Ydomain
  Default Group
  00-26-82-d6-9b-3f
  (Default)
  External DB user invalid or bad password
  Machine use is the following settings to authenticate :
  EAP type : EAP (PEAP) 
  Authentification method : EAP-MSCHAP v2
  On Y domain active directory :
  Remote access permission is ok for machine
  On ACS applicance :
  "Enable PEAP machine authentication" is select + the machine from X Domain are authenticate without any issue.
  Any idea where is should start to invetigate ?
  Tks in advance for your help

  Dear Valued Cisco Customer,
  I will be out of the office from 03/20/2010 until 04/04/2010. During
  this time, I will have no access to email or voicemail. If you require
  assistance during my absence, please contact Manivannan Srinivasan via
  phone at 469-255-4806 or via email at [email protected] and this
  engineer will continue to work any immediate concerns you may have at
  this time. If this issue can wait until my return on 04/05/2010, I will
  be glad to continue working with you. If you require assistance outside
  of our business hours (10:00am - 7:00pm CST), please contact the TAC by
  calling 1800-553-2447 or email [email protected] and request to have the
  service request re-assigned.
  Best Regards,
  Abhishek Neelakanata

• WLC / ACS / AD - Domain and non-Domain Laptops (802.1X / PEAP)

  Hi All,
  I'm implementing a solution based around 4404 WLC, 1113 ACS and Microsoft AD. What I want to achieve is have two WLAN (SSID), one that can only be used by domain users on domain laptops, the other can be used by domain users on personal laptops. The domain laptops will have full connectivity but the personal laptops will be restricted.
  I've created the two SSID using 802.1X via ACS / Remote Agent and can authenticate and logon OK.
  I thought that I should have user auth and machine auth for the domain laptops but just user auth for personal laptops.
  I can have non authenticated machines go to a specific ACS group or blocked but I need to allow them if they're on the restricted SSID. I can't quite figure out how to have two SSIDs authenticating to the same ACS / AD - allow one and block the other.
  Am I on the right path?
  Anyone done this before or have any bright ideas?
  Cheers,
  John

  With the use of SSID-based WLAN access, the users can be authenticated based on the SSID they use in order to connect to the WLAN. The Cisco Secure ACS server is used to authenticate the users. Authentication happens in two stages on the Cisco Secure ACS:
  1. EAP authentication
  2. SSID authentication based on Network Access Restrictions (NARs) on Cisco Secure ACS
  For the further description and configuraiton following URL may help you :
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

• Is it posible? two ACS 4.2 Appliance with the same remote agent

  Hello,
  I have a ACS 4.2 Appliance integrate with Active Directory, CA and Remote Agent, i want to agregate another ACS 4.2 Appliance with the same configuration, the same Active Directory, CA. my question is: can i configure the another ACS with the same Remote Agent of the first? in other words ...
  i attach the diagram.
  Thank you

  I have a
  ACS 4.2 Appliance integrate with Active Directory, CA and Remote Agent,
  i want to agregate another ACS 4.2 Appliance with the same
  configuration, the same Active Directory, CA. my question is: can i
  configure the another ACS with the same Remote Agent of the first? in
  other words ...i attach the diagram.Thank you
  Hi,
  Maximum number of appliances supported—While a single Cisco Secure ACS Remote Agent can provide services to many Cisco Secure ACS Appliances, support is limited to five concurrent connections by the appliances served. For example, if you have three appliances that are primary Cisco Secure ACSes and three appliances that are secondary Cisco Secure ACSes used for failover purposes only, the remote agent can provide services to all six appliances and stay below the maximum of five concurrent connections.
  http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_installation_and_configuration_guide_chapter09186a0080193aa1.html
  Hope to Help !!
  Ganesh.H
  Remember to rate the helpful post

• Exchange certificates and services setup for internal and external clients access on separate domains.

  I have the following on my local network.
  Server DomainA -> Small Business server 2003/Exchange 2003
  Server DomainB -> Windows 2008 R2/Exchange 2013
  Clients Domain A ->  Windows XP/Outlook 2003
  Clients Domain B -> Windows 7/Outlook 2007/2010
  Problem:  I want clients from DomainA to log into Exchange on DomainB on the same local network.
  I need to know how to setup the DNS on both domains and the certificates on the DomainB Exchange server
  to accept the connection from the PC on domainA.   All connections from clients on domainB to server on domainB
  work correctly but when adding accounts to Outlook 2003/2007 on domainA clients I am getting certificate errors.
  I have purchased certificates for mail.domainb.com and autodiscover.domainb.com but I dont know how to get 
  the clients on domainA to recognize those external URL's of the exchange server (with the certificates bound to them) from the internal network. Hence I get domain errors.
  I am getting issues when a client on DomainA tries to add an Outlook mail profile to connect to the Exchange on DomainB
  Any suggestions on how to set this up?
  thanks

  Domain A & Domain B are two separate AD Forests?
  Users in Domain A either need mailbox-enabled user accounts that are in DomainB or a linked mailbox in Domain B to utilise the Exchange Server in DomainB. In either case with the help of the autodiscover service user can use the services in ExchangeB. 
  If the client machines are member of domainA and you are trying to access ExchangeB you will then need to leverage a custom XML file for autodiscover and force the Outlook client to use this file. 
  <?xml version="1.0" encoding="utf-8"?> 
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> 
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> 
      <Account> 
        <AccountType>email</AccountType> 
        <Action>redirectUrl</Action> 
        <RedirectUrl>https://autodiscover.domain.com/autodiscover/autodiscover.xml</RedirectUrl> 
      </Account> 
    </Response> 
  </Autodiscover>
  Then you need to configure the client machine to query that XML file by adding the following registry key:
  Refer to XML file
  for Outlook 2007:
  HKCU\Software\Microsoft\Office\12.0\Outlook\Autodiscover
  for Outlook 2010:
  HKCU\Software\Microsoft\Office\14.0\Outlook\Autodiscover
  STRING_value <your_namespace> = path to XML file
  you can find more information in the following link.
  Controlling Outlook Autodiscover behavior
  http://blogs.technet.com/b/kristinw/archive/2013/04/19/controlling-outlook-autodiscover-behavior.aspx
  CK

• Remote control and remote desktop client in sccm 2012 ?

  What is the difference between remote control and remote desktop client in sccm 2012 ?

  Remote Control is a built-in feature for SCCM 2012 and uses the RPC protocol. When you use this, the user can still be logged on while helping.
  Remote Desktop is a buit-in feature for Windows and uses the RDP protcol. When you use it, the user will be logged off.
  Why you would use one over the other depends on your requirements.
  Blog: www.danielclasson.com/blog |
  LinkedIn:
  Daniel Classon | Twitter: @danielclasson