ACS External DB - Windows WORKGROUB

Similar Messages

• Patch/Reboot of AD servers requires restart of ACS 4.2 Windows Service

  We have been experiencing an ACS issue when our Active Directory servers are patch and rebooted. When this is done, the ACS service must be restarted on both our ACS servers. The ACS servers are Windows 2003 with ACS 4.2. Has anyone else experienced this? If so, any solution?

  The ACS will respond to local database queries fine, it is when it relays it to the active directory cluster that it fails. The ACS servers are on different subnets in different data centers, same with the AD servers. I checked the switch ports and have found no errors and no indication of dupe IP’s. In the ACS logs, is see the fail error as either a “External DB user invalid or bad password” or “External DB unknown error”.

• SSO UIDPW not working for external Popup Window but works with SAPLOGONTICK

  Dear Experts,
  I have an issue with SSO user mapping (UIDPW), but the same scenario is working with SAPLOGONTICKET.
  Some list gets displayed in the Web Dynpro ABAP iView which has the hyperlinks where on click on the hyper link it opens a external popup window (another Web Dynpro Application) and display the summary some data.
  This scenario works when I set the logon method to SAPLOGONTICKET, but when I set it as UIDPW it won't work when a new window opens on click on the hyperlink from Web Dynpro iView as stated above. It asks to login to R/3 system.
  Can anyone please let me know what could be the reason it fails in External Popup window scenario when logon method as UIDPW.
  Thanks
  Murthy

  Hi Murthy,
  You can use application integrator iView to integrate your ABAP application into the portal and you'll be able to pass the variables <MappedUser>, <MappedPassword>, etc. assuming you know about the security risks in passing mapped info.
  http://help.sap.com/erp2005_ehp_05/helpdata/en/36/5e3842134bad04e10000000a1550b0/frameset.htm
  Still, your ABAPers might need to handle the passed in variables in the first ABAP application and pass them onto the second one.  Again, without knowing how you navigate between the 2 apps and other details about your system landscape, versions, etc. this remains as a guess.  If you search SDN, you'll find many different solutions then you can choose one which is most suitable for your situation.
  Regards,
  Dao

• Cisco ACS 4.1 Windows License Key Question

  How do I obtain the license key for my Cisco ACS Server for Windows software v4.1?

  For acs windows, there is no license key. You need to purchase the acs software.
  During installation, it does not ask for any key.
  Regards,
  ~JG
  Do rate helpful posts

• How to add Live Type in the external editor windows?

  I was just refreshing myself by one of the FCP dvds from magent media where Even Schechtman show his window of External Editors in System Settings.
  I have the latest FCP version but that line which reads "Live Type" in external editor window is missing. Though he didnt discuss anything on the dvd but made me curious of my observation.
  How Can I add Live Type message box which can be checked in External editor Window?
  Thanks

  This is something specific to FCP4.x ... it does not appear in FCP5.x
  Final Cut Pro HD: LiveType does not appear in the External Editors tab
  Under some circumstances, the External Editors tab (choose Final Cut Pro HD > System Settings) in Final Cut Pro HD does not display a setting for "LiveType Movie Files."
  This can happen if you installed Final Cut Pro HD from a new Final Cut Pro HD disc, as opposed to installing it from an upgrade. If you upgraded from Final Cut Pro 4 to Final Cut Pro HD, you will not have this issue. If you upgraded from an earlier version of Final Cut Pro using an upgrade disc, you will not have this issue.
  You can still add LiveType files to the timeline even if LiveType does not appear in the External Editors tab. The behavior may be slightly different, depending on whether you add a LiveType project file or a LiveType movie file to the Timeline.
  If you add a LiveType project file (for example, MyProject.ipr) to the Timeline and then choose to open it in an External Editor, the file will open automatically in LiveType as a LiveType project.
  If you add a rendered LiveType movie file to the Timeline and then choose to open it in an External Editor, the file will open in the Editor you've selected for Video Files (in the External Editors tab) or in QuickTime Player if none is selected.
  In summary, "LiveType Movie Files," only appears if you upgrade to Final Cut Pro HD from an earlier version of Final Cut Pro 4. It is not required in the External Editors beacuse a LiveType project file will automatically open in the LiveType application and a movie rendered from LiveType will automatically open in QT Player.
  http://docs.info.apple.com/article.html?artnum=300451

• Expanding ZIP files in External Data Window

  Hi,
  How could I expand the contents of ZIP files in the external data windows?
  I've developped a GPI extension to unzip the file and extract data from compressed files. But my client wants to see the content of the file before uncompress.
  Best regards
  Frederic

  Hello
  I think also that the best solution to expand a ZIP files in the "External Data" portal of Diadem, is to use a data plugin.
  But a data plugin is used to filter files with their extensions in "external data" and to import data in the "Data portal : internal data"
  But our problem is to expand the ZIP files in the "external data" portal as the joint document presents.
  We have not found the solution to do this.
  Regards.
  Attachments:
  plugin zip.jpg ‏25 KB

• Opening an external Flash window from a Flash window

  I'm working on a project in Flash. The project consists of
  menus and sub-menus where when a menu is clicked-on, an external
  Flash window opens with another menu. Please tell me how to do
  this. I hope that this makes sense. Please tell me if you have any
  questions if it doesn't. Thanks.

  Hi michaeltowse,
  This is indeed something more complicated. Let me give you
  some details about the project:
  This project is to be initially created in Adobe Captivate.
  It consists of the main menu that is to be created in Flash (menu
  1); sub-menus, which are to be created in Captivate (menu 2); and
  menus of sub-menus, which are to be created in Captivate as well
  (menu 3). Now, the part where I need help on is the part that goes
  from sub-menus (menu 2) to menus of sub-menus (menu 3). When any
  option is to be selected from the sub-menu (menu 2), a new window
  is suppose to pop-up (menu 3) that is suppose to be in Flash. This
  new window is suppose to be a new Flash window and is not suppose
  to be opened in a browser, but it's suppose to be opened in another
  Flash window (SWF window). This whole entire project is to be
  executed via an embedded Flash executable. Thus all the .SWF files
  that were created in either Captivate or Flash are to be tied
  together via a Flash executable. I was told in Captivate's Forum
  that this may be done via ActionScript in Flash and I'm wondering
  whether that is that case. Please tell me if my project makes
  sense.
  Thank you.

• ACS problems with Windows 2K3 SP1

  We are facing problems with ACS when we install SP1 on the ACS Server on Windows 2k3 Ent Edition.
  After SP1 is installed, ACS admin web interface hangs whenever a AAA client is added or NDG is added/deleted/modified.
  It hangs on some other changes as well but the NDG/AAA client is a confirmed to hang after the change.
  ACS is running on a Dual-Core Dual Processor machine. The problem is not present on a single processor machine.
  ACS ver. is 4.0(1) (Build 27)
  Any help will be greatly appreciated.

  ACS ver 4.1 has been tested with Dual Processor. Check out the release notes,
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/rnotes/rnacs41.htm#wp140886
  Regards,

• Legacy Profile on ACS Unix migrate to ACS 4.2 windows using TACACS+ av-pair

  Hello
  I'm migrating on ACS Unix 2.x ver to ACS 4.2 windows
  we only use TACACS+ protocol
  ACS Unix managed the profile   such as
  group LANadmins{
  service=shell {
  cmd=interface{
  permit "Ethernet *"
  deny "Serial *"
  cmd=aaa{
  deny ".*"
  cmd=tacacs-server{
  deny ".*"
  default cmd=permit
  those things. 
  So, I' guessing That above syntex is similar to TACACS+ av-pairs
  and I found TACACS+ av-pairs list. but I couldn't find out examples .
  those are only shown the List   and no examples.
  Does anybody help me ?
  Thanks

  I've been researching the differences between 4.2 and 5.4. There is a fundemental difference in the two. In my research, I have not found anything that Cisco indicates that log files can be imported. Because ACS 5.4 has it's own robust logging and database viewing tools, I'm leaning towards no. But I cannot give a definitive answer on this, sorry. Just know that I've read for several hours, and have not seen anything that talks about the importation of logging files. You can import users, mac addresses, etc. This may be something someone knows and will post eventually; probably need to call "The Cisco" and get a quicker answer.

• ACS External Windows Authentication: Pre-Windows 2000 name only works

  Hello. I have attempted to map ACS to Windows AD 2003 as an External Database. That works, but only if I authenticate using the Pre-Windows 2000 name (sometimes called the "down-level" name).
  If I use the Windows 2003 login name, I get a 529 error in the event viewer, stating the username/password is incorrect. This error appears on the Windows 2003 SP1 server running ACS.
  Curiously, if I authenticate using the down-level name, the successful event shows the same authentication package (MICROSOFT_AUTHENTICATION_PACKAGE_V1_0) and "Workstation" and "Login Process" name (CISCO).
  I cannot determine if this is an ACS or Windows problem. Any one have a clue?

  Win2003 logon name: [email protected]
  A Pre-Windows2000 name: [email protected]
  Interestingly, the down-level name will authenticate, but the "up-level" name will not.
  Here are excerpts from AUTH.log:
  Failed up-level name:
  AUTH 01/19/2006 07:52:04 I 4817 3604 Attempting authentication for Unknown User '[email protected]'
  AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Starting authentication for user [[email protected]]
  AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bob.smith
  AUTH 01/19/2006 07:52:04 E 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)
  AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Reattempting authentication at domain COMPANY
  AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bob.smith
  AUTH 01/19/2006 07:52:04 E 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)
  AUTH 01/19/2006 07:52:04 I 2124 3604 Unknown User '[email protected]' was not authenticated
  Passed down-level name:
  AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Starting authentication for user [[email protected]]
  AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bsmith
  AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by WINDC02)
  AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Obtaining RAS information for user bsmith from WINDC02

• ACS SE multiple windows databases

  Hi there
  is it possible to have multiple windows databases on an ACS SE? The problem is, that we need access to two differen domains, that are not trusted and have no super domain.
  Thanks a lot and best regards
  Dominic

  Hi,
  We would require two way external/transitive trust between the two domains.
  There are 2 ways to work around our problem:
  1. Install another ACS at the remote site/domain and forward all the
  requests for the users of remote domain to that ACS.
  2. Configure partner domain as LDAP on the ACS (at corp site), this should not require domain trust. The only problem we will have certain authentication methods will not be supported when using ldap.
  Here is the complete list of stuff which is supported with LDAP:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server​_for_windows/4.1/user/Overvw.html#wp824733​
  Hope that helps!
  Regards,
  ~JG
  Do rate helpful posts

• Surface Pro 3 Display/Video/Graphics Driver Issues - DisplayPort, External Monitors, Windows 10 Build 9926

  Surface Pro 3 - i5 with Intel HD Graphics 4400
  Windows 10 build 9926
  All Latest updates installed
  Intel Graphics Driver 10.18.15.4079.
  Latest system update released on Jan 22nd (which I understand is just the latest intel graphics driver?). 
  The display driver status has this error message: Windows has stopped this device because it
  has reported problems. (Code 43)  - I assume it's
  reverting to the basic Microsoft driver when this occurs. Which explains why my displayport (External monitors) will not work.
  I have uninstalled the driver completely (and deleted the driver files), tried the Windows basic driver,
  and rebooted several times with no luck.
  I cannot get my docking station displayport or the  displayporton my surface pro 3 working. 
  According to Microsoft (see below), this is a known issue UNTIL you update to display driver
  version 4079  - which I have.  
  Known issues on Surface after updating to Windows 10 January Technical Preview
  On Surface Pro 2 and Surface Pro 3, the Mini DisplayPort won’t work on the Windows 10 January Technical Preview until you’ve installed graphics driver 4079 or later. Check Windows Update often for the most recent graphics driver.
  On Surface Pro 2 and Surface Pro 3, you’ll notice poor graphics rendering on the Windows 10 January Technical Preview until you’ve installed graphics driver 4079 or newer from Windows Update. Check Windows Update often for the most recent graphics driver.
  If you’re using video driver 3496, you may need to start in safe mode and remove that driver. Then restart Surface in normal mode and go to Windows Update to get the most recent graphics driver.

  Hi Nicholas,
  Similar issue has been asked here:
  Surface Pro 3 restarting after a series of blank screens!
  For error code 43, here is a reference:
  Code 43: Windows has stopped this device because it has reported problems
  For the current situation, please try to wait for the driver update, as display driver version 4079 didn't work well at your side, please submit this through Windows Feedback Tool.
  Best regards
  Michael Shao
  TechNet Community Support

• Close the External Opend window on click of button

  Hi All,
  I have a parent window (A) and there is a button on click of that i am opening a another window as external window(B). Now on window B there is a button CLOSE and on that i want to close that external window. How can i achieve this?? i tried it using exit plug but i m not able to get the currently open windows URL.
  Thanks In Advance.

  Hi Prathamesh,
  I am not clear about your requirement - are you trying to use URL through EXTERNAL WINDOW or you are trying to use WNDOW EXIT?
  If its URL through External Window: following code might help--
  METHOD onactiongo.
  **-Created two radio buttons- SAP and Google. Select a radio button and click on GO button. Will redirect to the required URL
    DATA lo_nd_select_option TYPE REF TO if_wd_context_node.
    DATA lo_el_select_option TYPE REF TO if_wd_context_element.
    DATA ls_select_option TYPE wd_this->element_select_option.
    DATA lv_link TYPE wd_this->element_select_option-link.
  * navigate from <CONTEXT> to <SELECT_OPTION> via lead selection
    lo_nd_select_option = wd_context->get_child_node( name = wd_this->wdctx_select_option ).
  * get element via lead selection
    lo_el_select_option = lo_nd_select_option->get_element( ).
  * @TODO handle not set lead selection
    IF lo_el_select_option IS INITIAL.
    ENDIF.
  * get single attribute
    lo_el_select_option->get_attribute(
      EXPORTING
        name =  `LINK`
      IMPORTING
        value = lv_link ).
    DATA lo_window_manager TYPE REF TO if_wd_window_manager.
    DATA lo_api_component  TYPE REF TO if_wd_component.
    DATA lo_window         TYPE REF TO if_wd_window.
    lo_api_component  = wd_comp_controller->wd_get_api( ).
    lo_window_manager = lo_api_component->get_window_manager( ).
    CASE lv_link.
      WHEN 'SAP'.
        lo_window = lo_window_manager->create_external_window(
                    'http://sdn.sap.com').
        lo_window->open( ).
      WHEN 'GOOGLE'.
        lo_window = lo_window_manager->create_external_window( 'http://www.google.com' ).
        lo_window->open( ).
    ENDCASE.
  ENDMETHOD.
  If its WINDOW EXIT:
  1) Create EXIT button in VIEW.
  2) Go to WINDOWS -> Outbound Plug -> Give Plug Name (e.g: OUT_EXIT) -> Check INTERFACE -> Plug Type = EXIT.
      In same window, in "IMPORTING PARAMETER FROM OUT_EXT" -> Parameter = URL -> Associated Type = String
  3) Go to VIEW -> Properties -> Create Controller Usaged
  4) In "onAction event" of EXIT button, write the following code:
  DATA lo_window1 TYPE REF TO ig_window1 .
    lo_window1 =   wd_this->get_window1_ctr( ).
    lo_window1->fire_out_exit_plg( url = 'http://www.google.co.in' )

• Windows 7 on external drive/Windows discs

  Is it possible to install Windows 7 on an external hard drive and use on my Mac? I really want to play some PC games on my Mac but would rather not partition my hard drive for Windows. I mean, if it comes to that I wouldn't have a big problem with it. Also, how is the compatibility on using PC game discs in Windows on the Mac? Will Windows recognize the Mac Super Drive? Really, I just want to have Windows on my Mac so I can install Lord of the Rings Online and play and I already have the discs (my PC is KIA). Thanks for any responses.

  Is it possible to install Windows 7 on an external hard drive and use on my Mac?
  No. Windows does not support the installation of itself on external drives.
  how is the compatibility on using PC game discs in Windows on the Mac?
  No issues. running Windows on a Mac is no different than running it on any other PC.
  will Windows recognize the Mac Super Drive?
  Yes

• ACS 3.3 Windows group mapping problem

  Hi,
  I?m running Cisco Secure ACS v.3.3 at Win 2000 server(sp4). ACS server is member of AD domain X. Additional there are two AD forests, so: domains X and Y are in the same forest, but domain Z is member of the second one. Trust relationships between all domains are established (AD Domain Controllers are w2k3 srv). I need to add Windows AD group mapping and that's no problem in domains X & Y. But when I'm trying to map some groups from Z domain, the "Failed to enumerate Windows groups. If you are using Active Directory consult the installation guide for information." error appears. In ACS documentation I have found information "ACS can only perform group mapping by using the local and global groups to which a user belongs in the domain that authenticated the user. You cannot use group membership in domains that the authenticated domain trusts that is for ACS group mapping. This restriction is not removed by adding a remote group to a group that is local to the domain providing the authentication." As I understand it's impossible to add mapping from the second forest? Am I right? If problem is solved in newer versions of ACS (4.0, 4.1)? Are there any fixes that can help?
  Thanks,
  Peter

  You need to set up proxy.
  http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
  Look for "Cross-Forest Authentication" in above link. And you get the Idea of what I mean. Though in above link its depicted with IAS server, but same is possible with ACS, as both can act as Radius server.
  There is a known bug, CSCsi04187
  PEAP MS-CHAP machine authentication will fail with machine not found if host/ format is sent from client. This only happens if the machine is autenticating to a domain forest that the ACS is not a member of.
  Conditions:
  The Machine authenticating to ACS is in a different domain forest then the ACS and the supplicant is using host/ as the machine name format. You also have to be using PEAP MS-CHAPv2.
  Workaround:
  If the supplicant has the option you can send the macine name in hos/ format.
  Many supplicants do not have this option.
  It is to be fixed for ACS 4.2 release.
  Regards,
  ~JG