ACS INTERNAL USER issue with 4.2.(1) build 15
Hi all,
I am facing an issue with my ACS server, nothing to difficult,but which bug me. I have an internal user, this user is able to access some cisco devices and can't access some. There is no Network access Restrict set for the username. The log shows when access is granted to a device, the server map the user to correct user group; however,when the user fails authentication the log shows default user group! which indicate that the user not always map to the correct user group.
Thanks for the help,
Jean Paul---
The problem you're running in clearly indicates that either Network access restriction or Network access policies is configured for an user or group. Since you're positive that there is nothing configured on the NAR, lets narrow it down via logs.
Duplicate the issue again with both the devices (working and non-working)
With working devices, you would get the passed attempts >> copy and paste the log attempt as it is.
With Non-working device, you would see failed attempt >> copy and paste the log attempt as it is.
Regards,
Jatin
Do rate helpful posts-
Similar Messages
-
Performance issues with the Vouchers index build in SES
Hi All,
We are currently performing an upgrade for: PS FSCM 9.1 to PS FSCM 9.2.
As a part of the upgrade, Client wants Oracle SES to be deployed for some modules including, Purchasing, Payables (Vouchers)
We are facing severe performance issues with the Vouchers index build. (Volume of data = approx. 8.5 million rows of data)
The index creation process runs for over 5 days.
Can you please share any information or issues that you may have faced on your project and how they were addressed?Check the following logs for errors:
1. The message log from the process scheduler
2. search_server1-diagnostic.log in /search_server1/logs directory
If the build is getting stuck while crawling then we typically have to increase the Java Heap size for the Weblogic instance for SES> -
User issue with a report supply planning area today monthly
this is a support issue....the user has an issue with a report supply planning area today monthly. The user is getting wrong values in BW, it sums PLOs and POs under production (config). for eg: BW says we are producing 46T while in R/3 we have 4T.
The issue was related to the heap size being too much and as a result the Class block memory was not getting enough memory. I think we can make a use of -XXCompressedRefs:32 parameter in the Java start up to allow the heap size to increase till 32 Gb.
-
I am desperately hoping someone can help answer this.
Since converting over to Yosemite I have had a lot of problems with my iMac. Mail crashes with Exchange, internet connection either via hard cable or wifi goes on and off, different programs closing and reporting errors.
So after doing the usual disk repair etc and various looking around I decided to create a brand new user with admin rights.
The only thing I have done was to add my exchange email account and keep it running. So far so good and no problems. Also Safari runs and connects no problem.
So now I am thinking my old user account is the problem. Everything seems quick and easy as it should be, so something is causing my old user account to be the issue, finding that issue could be like looking for that needle!!!
So....
1) can the existing user account/library be fixed?
2) am I better to migrate everything over to the new user and how would I do this?
3) time machine doesn't work with new user, how do I change this and be able to access it from new user?
4) dropbox, I take it I just download and let it download all the files again?
Many thanks in advance
DanThanks perermac87. I'm can make a second partition on ssd for mavericks as plenty of space, but final cut x 10.1.4 I have now needs Yosemite to open. So how can I also download older versions of my apps from the App Store?
urbkuhl I live in the uk with fibre too and downloaded 10.10.2 in under 10 mins -
When a new user account is created mail will not work on devices or outlook clients (discovery doesn't work either) until the account has
been logged into the domain at least once. Has anyone experienced this or found a fix?
Thanks!Does the OWA webpage login work ?
Regards, Philippe
Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
Answer an interesting question ? Create a
wiki article about it! -
Z77A-GD65 issues with Geforce GTX 780 Video Card
Hey Guys,
I have a issue with a new PC build.
I think it may be a driver or BIOS setting issue, I hope
I bought a MSI Z77A-GD65 motherboard and below are the specs:
- Intel Core i7-2600 CPU 3.4 Ghz
- BIOS Version E4451IMS V10.8
- Balistix Sport 8GB sticks (Total of 24 GB memory installed)
- Kentek 875w power supply
- Geforce GTX 780 Graphics Card
My problem is with the Geforce GTX 780 video card, I installed a fresh install of Windows 7 64 bit and
everything runs and works fine,but when i install the Geforce GTX 780 video card and install the
drivers its all good up to this point but when i restart the computer i get this message in the device
manager ""Windows has stopped this device because it has reported problems (code 43)"
I have installed different versions of the driver, a few older and few newer versions with the same
outcome.
I tried to flash the BIOS to the latest version 10.11 but had problems with it picking up my harddrive
after it flashed successfully. I even checked the boot up setting and it all looked good just would not
boot up, so i had to revert back to the v10.8 BIOS version for it to work.
I'm not sure if there is a setting in the BIOS that i need to turn on or off. I'm not familar with this BIOS,
is there a place in it so i can see if the BIOS is picking up the video card, it has to or Windows would
not see it right?
I'm stumped here, do you guys know of a Geforce driver version that works well with this video card?
I truely think the card is fine because when i install the card to the motherboard i dont get any weird
issues until the driver is installed and Windows is restarted.
I would greatly appreciate any help and advise that you guys can give me.
Thanks alotUPDATE
Well i wanted to post an update on my new build issue.
Here are my specs:
I bought a MSI Z77A-GD65 motherboard with BIOS v10.8
- Intel Core i7-2600 CPU 3.4 Ghz
- BIOS Version E4451IMS V10.8 (i had a issue with the newest BIOS flash v10.11 it wouldn't detect the harddrive, could figure that one out so i went back to v10.8)
- Balistix Sport 8GB sticks (Total of 32 GB memory installed) I first had 3 sticks so i got another 8GB stick to fill all 4 banks for total of 32 GB
- Corsair Professional Series 860 Watt Digital ATX/EPS Modular 80 PLUS Platinum Power Supply AX860i (Bought this PS to replace the Kentek PS)
- N780 TF 3GD5/OC (GeForce GTX 780 GAMING) (traded Geforce GTX 780 card for the MSI version of the GTX 780 card)
OK... I got the new Corsair 860w power supply installed and i installed the new MSI GTX 780 video card with the specs above everything installed fine no problems and my son was playing the Bio Shock Infinite game on Steam and about 1 hour into the game he got a blue screen of death, says something like "to prevent damage windows is now resetting" and it turns off so fast can't read the rest of the message.
I'm going to here in a little bit and update all device drivers with MSI Live update utility and also update the motherboard BIOS again to v10.11.
I'm really confused here, I'm also going to take out some memory and try to run it with sticks only in slot 2 & 4 to see if it runs more stable like that, also should i update the video card to the latest driver, i know the latest is not always the greatest driver.
I want to think you guys again for your help & time with this issue. I really dont know what else to do here, everything is new in this PC.
Thanks -
Issue with voice over narration for a presentation
When I record a voice over narration (Keynote 09) and then play back - the slides do not always play back with the sound. It seems to be an issue with slides using a build-up ... although it finishes - it then sticks and the sound for the next slide carries on out of sync to the visual - EG - every time I try it happens on the same slides - A good example is one that is followed by a .mov built into a slide. The sound track runs before the new slide image appears - Also I have problems with the movie - as the sound from the .mov file does not come through, so I have to record the movie sound on the narration rack .. confused!?
It sounds like you are making too many assumptions and not actually testing anything.
For instance, emoji may not cause issues for other contacts (maybe it is and you don't know it) but if I were testing this issue, the first thing I would do is remove the emoji from the contact info.
Next thing I would do is make a fake contact called "Home Other". And see if the Voice Control asks you to pick between Home and Home Other
Another thing I would do is add multiple numbers for your home contact (real or fake) And see if you can get the Voice control to find the contact and ask you what number you want to pick. (home or mobile)
And last thought that I had....You mentioned that the Voice Control dials a random person every time, but how random is it really? Are you sure that part of these people's names don't phonetically sound similar to the word Home? -
SCCM 2012 PXE issues with Acer Machines?
Hi,
I am having a strange issue with PXE trying to build a machine with a Windows 7 Task Sequence.
Ok here is the synario - I have 2 machines that do not get any offers from PXE - so I get that error No DHCP
or proxy DHCP offers were received. However if I make a bootable USB key and boot the *same* machines my
task sequence appears on the menu that I can select. (The task sequence is deployed to PXE and Media BTW).
Now it gets strange - if I take other machines and put the on the same network cable and F12 them PXE works
and I get the task sequence presented. So same PXE server - same DHCP server.
So from my logic I figure if I had a policy type problem then it would not present the task sequence when
I try the boot usb.
Both the machines I am having issues with are ACER btw if people know of any know issues. I am starting
to suspect I have faulty hardware etc. One machine is a Acer Travelmate P633-V Laptop and the other machine is
Acer Veriton VS6620G desktop.
Any suggestions on how to resolve this - it seem very strange.
My environment is SCCM 2012 SP1 btw.
Is there something I am missing here :)
Thanks,
Ward.Hi,
Thanks for all the sugestions. I can confirm that the machines
when an OS is on them do register the IP addresses with the DHCP/WDS server (same box). Also I can confirm the Unknown computer support is turned on the box in SCCM 2012 on the DP.
Ok but I did get one working which I can't explain why it works
the way it does.
On the notebook if I enable secure boot (UEFI) and boot with PXE
it works :) It appears the stupid BIOS turns this on but disables
another setting called "Network Boot" which is crazy. So if
you turn both on Secure boot enabled and "Network Boot" is on it works.
Now here is the puzzle that still stumps me - switch this back to
legacy mode and no go - no PXE. Boot other non UEFI machines and
they PXE boot.
The WDS/DHCP/SCCM DP server is Windows 2008 (all on one box) as I understand it does not support UEFI PXE - this is in Windows 2012. I don't think there is an option in SCCM 2012 for it.
So can somebody offer me a technical explination?
Is there something else I am missing?
I still am trying to work out how to get the desktop to UEFI PXE boot if this is possible.
Thanks,
Ward -
Build 711 client issues with XGL?
Are there any known issues with installing the latest build of the 1.2
beta client (711) on the released version of SLED if XGL is enabled?
After installing the client and restarting, I got a message that my
display couldn't initialize (or something like that, it's the standard
error when X doesn't start) and it asked if I want to look at the X server
log. I said no, did the --disable-xgl, and now X came up ok. I then
reenabled XGL using the desktop effects, and 3D is working again even
after a restart.
Just wondering if the install of the client temporarily breaks XGL & X
necessitating disabling and reenabling XGL.
JoeOn Thu, 20 Jul 2006 16:28:17 +0000, linuxjoe wrote:
> Not that I know of. I have it running on my laptop with xgl and the 711
> client and it is running just fine. Typically when I see the error that you
> are running into, it is because I have done an init 3 and init 5 from the
> CNTL ALT F2 tty and still have the display running on CNTL ALT F7.
I hadn't changed my runlevel at all. Simply installed the Novell Client
and rebooted. I could see I was in runlevel 5, but with no GUI since X
couldn't start. Ran the XGL disable thing, typed startx, and now the GUI
came up. Within there use desktop effects to reenable 3D effects (all
still in runlevel 5 and having never switched to any alternate terminal
screen), log off, and now it was working. Might have just been an
isolated incident.
Joe -
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
-
ACS SE 4.1.1.23 patch 5 issue with users
HI There, I am facing very weired issue with ACS SE 4.1.1.23 patch 5. I am trying to add users in ACS it is added successfully but I can not see these users when I click list all users.
But I can see users are increasing in groups when I add users..but when I do list all users it say there are no users defined. and I tried to login with newly created users from devices ....I am able to login with those new users.....
also when I go to that particular group in which I added new users....and say list users in group...I get message from ACS saying that "can not read users from group" ....
what could be issue any one has any idea....customer complained that he was unable to login to devices...with the users created on ACS...when I saw there was no users in database....then I added 2-3 users by looking at old passed and failed authentication... but I dont know how users got deleted automatically...even I tried to see appliance audit logs...could not see any thing which indicates someone deleted users...
please help me to solve this issue..
ThanksIssue resolved. The CRL that was being parsed from the cert was one level higher than the CRL that needed to be checked. The User CRL was ppointing to the Intermediate CA's CRL. I had to manually change the URL from this:
http://DOMAINvmsp.DOMAIN.xxxx-xx.edu/pkipub/DOMAIN%20Intermediate%20CA%201.crl
to this:
http://DOMAINvmsp.DOMAIN.xxxx-xx.edu/pkipub/DOMAIN%20User%20CA%201.crl
Mark -
Cisco ACS 5.2 with NX-OS devices (Nexus) - User issues
Hey Community, I am having a really strange issue with Cisco ACS 5.2 and NX-OS Nexus Devices.
I create an account on ACS, let's call it User1, and give it privilege 15. With User1, I'm able to access on all of our IOS, IOS-XE, ASA, and PIX devices with privilege 15.
When I use that same User1 account into our NEXUS devices, I do NOT get privilege 15 access. As you probably know, NEXUS devices have roles: pre-defined or custom-made roles. So I assumed I would get the role of 'network-admin' (priv 15 read/write) with User1 when logging in, but instead I get the role of 'vdc-operator' (priv 1 read-only).
So then I tried to tweak User1 and give it network-admin under Shell profile >> Custom Attributes. I logged into the NEXUS and sure enough I was able to get network-admin access. However, my access to ALL the other devices (IOS, ASA, PIX, etc) doesn't work AT ALL! I'm not even able to log in with my username and password to these devices.
Has anyone ever run into this problem? Please Help!
Thanks,
neocecNeocec,
Yes here is the documentation that provides insight to the this (they make reference to the = and the *.
http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter6.html#con_1473433
Thanks,
Tarik -
Issue with ACS 4 and AAA. Port scan shows no Radius but does show tacacs
to start I am new to ACS so if this is an easy issue to solve please forgive me. I am trying to get Authentication working with ACS 4. I setup everything according to the instructions and when I try to test authentication with VPN concentrator I get a No active server found error. I have tried using an Internal user to start and I also have tried an AD account. If I port scan the ACS server I do not see it advertising port 1645 but I do see Port 49 for tacacs and I also see Ports 2000-2002. CSRadius is running.
Actually, to avoid any issues I made CSRadius listen on BOTH sets of ports :)
So unless that got changed without my knowing it should be listening on 1645/6 and 1812/3
Darra -
Creating internal user account in ACS 5.2
I have an ACS 5.2 server integrated with Active directory . Now i need to create an internal user account to login to some radisu devices using internal user database .I have near about 600 users all are authenticating through AD .
Regards ,
SandeepThere is system account in ACS ,which is using to run the scripts . in AD the same account is cerated as a service account and last day the account got expired .we extended that account but its not working ,As per AD team there is no issue from AD side .but we are unable to login to the devices using that account .when we are running the script contineous failed attempts is coming .
So now we need to create an internal account for testing purpose .
I have created the same and issue got fixed . -
Issue with "unknown user type 6" on Coherence 3.5.2
Having an issue with a cluster which is running using an internally developed cluster starter tool. This tool, and the associated cluster, all use POF, and upon attempting to connect a non-storing member to the cluster from java, the following exception is raised...
2011-07-11 15:54:58.338/2.469 Oracle Coherence GE 3.5.2/463p2 <Error> (thread=Cluster, member=n/a): This cluster node is
configured to use serializer com.tangosol.io.pof.ConfigurablePofContext {location=application-pof-config.xml}, which ap
pears to be different from the serializer used by Member(Id=1, Timestamp=2011-07-11 15:34:30.779, Address=10.74.82.193:8
088, MachineId=11188, Location=site:INTRANET.BARCAPINT.COM,machine:ldnpsm020006423,process:80976,member:ldnpsm020006423:
cacheserver:1).
java.io.StreamCorruptedException: unknown user type: 6
at com.tangosol.io.pof.PofBufferReader.readAsObject(PofBufferReader.java:3289)
at com.tangosol.io.pof.PofBufferReader.readObject(PofBufferReader.java:2600)
at com.tangosol.io.pof.ConfigurablePofContext.deserialize(ConfigurablePofContext.java:348)
at com.tangosol.coherence.component.util.daemon.queueProcessor.Service.readObject(Service.CDB:4)
at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid$ServiceConfigMap.readObject(Grid.CDB
:1)
at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid$MemberConfigResponse.read(Grid.CDB:1
3)
at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.onNotify(Grid.CDB:123)
at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.ClusterService.onNotify(ClusterServi
ce.CDB:3)
at com.tangosol.coherence.component.util.Daemon.run(Daemon.CDB:42)
at java.lang.Thread.run(Thread.java:619)
There is no serialiser configured in the cache config, instead we just set tangosol.pof.enabled=true, and set the pof config file to what is seen above. The thing which is very confusing about this error is that unlike other clients which we connect, and in fact the servers they connect to, this client never attempts to load the cache configuration file. The point at which this should happen, prior to pof loading, shows:
2011-07-11 15:54:57.260/1.391 Oracle Coherence GE 3.5.2/463p2 <Info> (thread=Main Thread, member=n/a): Loaded cache conf
iguration from "jar:file:/C:/Program%20Files/Oracle/coherence/3.5.2b463P2/lib/coherence.jar!/reports/report-group.xml"
I have tried every combination of classpath entries I can think of, and no matter what, it never shows an attempt to load the application-cache-config.xml supplied in the startup. Does anyone have any experience with something like this?I guess your non-storing JAVA code does not specify -Dtangosol.pof.enabled=true and the -Dtangosol.pof.config =<POF file location> on joining the cluster. Post the startup java command and the complete logs.
If application-cache-config is not loaded then coherence-cache-config.xml should be loaded by default and set -Dtangosol.coherence.cacheconfig=<application-cache-config>
Cheers,
NJ
Maybe you are looking for
-
I tried to update my Apple TV today through iTunes using a microUSB. It gave me an error, I tried again and now it is stuck in recovery mode. If I plug it into the TV, it just shows that I have to connect it to iTunes (just the picture). I unplug eve
-
Portlets not coming as per layout for the Cutomized layout structure
I have created new Customized layout for our application. I could see the cutomized layout properly in Workshop. When i am adding the portlets to all of the placeholders in layout and running the portal , out put i could see all the portlets are comi
-
Hello! A friend of mine has bought a dual 2.8 GHz Quad-Core Mac Pro and expanded it to 32 GB of RAM. Whatever the reason: After a few days of work he has to reboot the machine because all memory being used and frequent activity on the HDD. My point w
-
I need a PDF reader for j2me (java mobile phones). There is MobilePDF from zesium but it doesn't work for complex PDF's. I vote for a j2me version original from Adobe.
-
Clone and Delete Missing from Advanced Actions Window
So, I was just chugging along using the new advanced actions feature in CP5. All of a sudden, I went into to clone one of my advanced actions and the clone and delete buttons are off the screen. I cannot resize the window so I cannot get to the clo