Anyconnect session accounting via radius or syslog ?
Hi
Does anyone have a deployed accounting method to log Anyconnect session details ? Do you do it via a radius server or via logging messages to a syslog server ?
If so could you assist with appropriate configuration ? I am looking to log successful and unsuccessful authentications as well as session length, log on and log off times.
I've been playing around with Anyconnect authenticating to AD via ACS 5.1 but can't seem to get the accounting details I require. Similarly I have tried to catch appropriate syslog messages but again without much success.
Many thanks for any input, St.
What all you have configured for radius accounting on ASA?
Can you paste the o/p of show run aaa-server and show run tunnel-group
Basically all you need to define radius server group and call that group under tunnel-group parameters.
!--- Configure the AAA Server group.
ciscoasa(config)# aaa-server RAD_SRV_GRP protocol RADIUS
ciscoasa(config-aaa-server-group)# exit
!--- Configure the AAA Server.
ciscoasa(config)# aaa-server RAD_SRV_GRP (inside) host 192.168.1.2
ciscoasa(config-aaa-server-host)# key secretkey
ciscoasa(config-aaa-server-host)# exit
!--- Configure the tunnel group to use the new AAA setup.
ciscoasa(config)# tunnel-group ExampleGroup1 general-attributes
ciscoasa(config)#accounting-server-group RAD_SRV_GRP.
Once done, you can then establish a session and check radius accounting detailed packet on ACS 5.x >> Monitoring and reports > catalog > aaa protocols > radius accounting.
In case you don't see radius accounting after following the above steps then please turn on the "debug aaa accouting and debug radius on ASA". This way we can check whether ASA is sending the accountinf session details to ACS or not.
Regards,
Jatin Katyal
- Do rate helpful posts -
Similar Messages
-
"Authetication session invalidated" via Radius / ACS
Hi folks.
I get these messages a lot from my ACS 4.0 box. Note the typo: authetication vs authentication. This typo is "in" the ACS messages, and even some Cisco documentation (but doesn't say what the error means)
I think the error is related to wireless PEAP auth.
Message-Type=Authen failed,Authen-Failure-Code=Authetication session invalidatedDid you ever resolve this? How?
I have the same error on a 4.2 trial version, using PEAP. EAP-TLS works just fine however. Strange. -
Command accounting w/ RADIUS
Not having much luck getting this to work and searching the forums here everybody seems to say it is not possible unless TACACS+ is used. Is this still the case? I see the AAA/ACCT/CMD in the debug on the local switch but the RADIUS server never receives the data string except for the authentication entry.
Any way to re-classify the AAA/ACCT/CMDs and send in a syslog trap/log?
Looking for creative solutions here, TACACS+ is not available in this case.
ThanksHi,
Unfortunately you can not log any AAA information to syslog.
Now you may ask why IOS CLI allows to configure command accounting via RADIUS when it is not supported. Well, this is indeed an IOS caveat which is described in CSCdp57020 'parser should not show radius as an aaa accounting commands option' and resolved in 12.2 based IOS trains (ref. Bug Toolkit on Cisco.com).
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCdp57020
Regards,
~JG
Do rate helpful posts -
Cisco 1602i + Authenticating users via RADIUS?
Hello,
Our company recently purchased a Cisco 1602i standalone WAP to replace the WAP4410Ns that we were having issues with. I am now attempting to configure the RADIUS authentication, as we have a User network and a Guest connection. The Guest connection works fine, using WPA PSK. However, I can't seem to get the RADIUS authentication to work. Reading the documentation has got me a little confused, and I have tried turning on debugging (debug radius authentication, debug aaa) but those show nothing. Also, in the RADIUS server itself (Windows 2008 R2 NPS), I see nothing in the logs when I try to connect using a device or the "test aaa" command. Can someone guide me on what I'm doing wrong? I followed someone's advice on another forum and removed "authentication network-eap" from the SSID (phoenix_2), and now when I attempt to connect with a device it just asks me for a password, it doesn't prompt for a username anymore. I am very stumped. Here's the relevant config:
aaa new-model
aaa group server radius rad_eap
server 10.200.5.24
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone EST -5 0
ip cef
ip domain name gst
dot11 syslog
dot11 vlan-name guest vlan 255
dot11 vlan-name user vlan 140
dot11 ssid phoenix_2
vlan 140
band-select
authentication open eap eap_methods
mbssid guest-mode
dot11 ssid walker_2
vlan 255
band-select
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 0353035E535879191B
interface BVI1
ip address 10.200.5.70 255.255.255.0
ip default-gateway 10.200.5.1
ip forward-protocol nd
no ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 10.200.140.1
ip route 0.0.0.0 0.0.0.0 10.200.5.1
ip radius source-interface BVI1
access-list 111 permit tcp any any neq telnet
snmp-server community G!0bal RO
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.200.5.24 key 7 01445E510E1C07032A495C0D0B0C011718190D3E2E767863
radius-server vsa send accounting
The NPS worked just fine with the WAP4410Ns, not sure why we're having so much trouble with the 1602i.Thanks Rasika, your link worked. I had the authentication key before, but i removed it while I was trying different things. My main issue was not applying the list name to the ssid, the documentation did not make it clear that when the radius server is specified using the "radius-server ...." command, that the radius group refers to that command when you configure the group. Once that clicked, it made sense that the method list name was specifed by the radius group, and that the authentication methods then referred to the radius group. It was a big question mark in my head how the radius server was applied to the SSID prior to reading your post.
I haven't tried the "erase startup-config" command yet, I will try that next.
Quick question, why are both authentication open and authentication network-eap needed? I would assume authentication network-eap would suffice, unless the authentication open command refers to the allowed devices and not just authentication via RADIUS? -
Authentication via RADIUS : MSCHAPv2 Error 691
Hello All,
I am working on setting up authentication into an Acme Packet Net-Net 3820 (SBC) via RADIUS. The accounting side of things is working just fine with no issues. The authentication side of things is another matter. I can see from a packet capture that the access-request
messages are in fact getting to the RADIUS server at which point the RADIUS server starts communicating with the domain controllers. I then see the chain of communication going back to the RADIUS and then finally back to the SBC. The problem is the response
I get back is always an access-reject message with a reason code of 16 (Authentication failed due to a user credentials mismatch. Either the user name provided does not match an existing user account or the password was incorrect). This is confirmed by looking
at the security event logs where I can see events 4625 and 6273. See the events below (Note: The names and IPs have been changed to protect the innocent):
Event ID: 6273
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID:
NULL SID
Account Name:
real_username
Account Domain:
real_domain
Fully Qualified Account Name:
real_domain\real_username
Client Machine:
Security ID:
NULL SID
Account Name:
Fully Qualified Account Name:
OS-Version:
Called Station Identifier:
Calling Station Identifier:
NAS:
NAS IPv4 Address:
10.0.0.10
NAS IPv6 Address:
NAS Identifier:
radius1.real_domain
NAS Port-Type:
NAS Port:
101451540
RADIUS Client:
Client Friendly Name:
sbc1mgmt
Client IP Address:
10.0.0.10
Authentication Details:
Connection Request Policy Name:
SBC Authentication
Network Policy Name:
Authentication Provider:
Windows
Authentication Server:
RADIUS1.real_domain
Authentication Type:
MS-CHAPv2
EAP Type:
Account Session Identifier:
Logging Results:
Accounting information was written to the SQL data store and the local log file.
Reason Code:
16
Reason:
Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
Event ID: 4625
An account failed to log on.
Subject:
Security ID:
SYSTEM
Account Name:
RADIUS1$
Account Domain:
REAL_DOMAIN
Logon ID:
0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID:
NULL SID
Account Name:
real_username
Account Domain:
REAL_DOMAIN
Failure Information:
Failure Reason:
Unknown user name or bad password.
Status:
0xC000006D
Sub Status:
0xC000006A
Process Information:
Caller Process ID:
0x2cc
Caller Process Name:
C:\Windows\System32\svchost.exe
Network Information:
Workstation Name:
Source Network Address:
Source Port:
Detailed Authentication Information:
Logon Process:
IAS
Authentication Package:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
So at first glance it would seem that the issue is merely a case of an invalid username or mismatched password. This is further confirmed in the packet capture where I can see the MSCHAPv2 response has an error code of 691 (Access denied because username or
password, or both, are not valid on the domain). The thing is I know I am using a valid username and I have tried many usernames including new ones I created just for troubleshooting. I don't know how many times I have reset the password in an attempt to ensure
it is not a mismatch password. I have even made sure to use passwords that are fairly short and contain only letters to ensure there was no terminal encoding issues (we connect to the SBC via SSH clients). I have also done this same thing with the shared secret
used during communication between the SBC and the RADIUS server. I have tried prefixing the username with the domain name at login (though I don't think that should be necessary). I have also tried using the full UPN of the user to login. I have tried several
RADIUS testing clients (NTRadPing, RadiusTest, etc.), but they either don't support MSCHAPv2 or only support EAP-MSCHAPv2. I have even created my own client using PHP's PECL RADIUS module. Still it always seems to fail with the MSCHAPv2 authentication with
an error code of 691. Does anyone have any ideas as to why I always get an invalid username or bad password response when I have done everything possible to ensure that is not the case?
Here are the specs for our RADIUS configuration:
Windows Server 2012 R2
SQL Server 2012 Back End Database for accounting.
The server has been authorized on the domain and is a member of the "RAS and IAS Servers" group. For which that group does have access to the accounts we are testing with.
The accounts we are testing with do have the "Control access through NPS Network Policy" option checked under their "Dial-in" property tab.
RADIUS clients configured to simply match on the IP address which you can see from the events above that it is applying the client friendly name.
Connection Request Policy: The "SBC Authenication" policy is being applied as seen above. The only condition is a regex expression that does successfully match the friendly name.
Network Policy: As seen in events above, none are getting applied. For troubleshooting purposes I have created a Network Policy that is set to "1" for the processing order and its only condition is a Day and Time Restriction currently set to any
time, any day.
The authentication method is set to only MSCHAPv2 or MSCHAPv2 (User can change password after it has expired). I have tried adding this to just the Network Policy and I have also tried adding this to the Connection Request Policy and setting it to override
the authentication method of the Network Policy.
We do have other RADIUS servers in our domain that use PEAP to authenticate wireless clients and they all work fine. However, we need this to work with MSCHAPv2 only (No EAP).
All other configurations are set to the defaults.
The only other things of note to consider is the fact that in the events above you can see that the Security ID is "NULL SID". Now I know this is common especially among failed logons but given that this issue is stating an invalid username or
bad password, perhaps it matters in this case. Also, this server has been rebuilt using the same computer account in Active Directory. I do not know if it would have worked before the rebuild. Essentially we built this server and only got as far as authorizing
the server to the domain and adding SQL when we decided to separate out the SQL role onto another server. Rather than uninstalling SQL we just rebuilt the machine. However, before reinstalling Windows I did do a reset on the computer account. I don't think
this should matter but thought I would point it out if there is some weird quirk where reusing the same SID of a previously authorized NPS server would cause an issue.
All in all it is a fairly basic setup and hopefully I have provided enough information for someone to get an idea of what might be going on. I hope this was the right forum to post this too, I figured there would be a higher number of RADIUS experts here than
any of the other categories. Apologies if my understanding of this seems a bit basic, after all, when it comes to RADIUS servers I guess you could say I'm the new guy here.Update 1:
In an attempt to further troubleshoot this issue I have tried bringing up additional servers for testing. Here are the additional tests I have performed.
Multiple Domains
I have now tried this in 3 different isolated domains. Both our test and production domains as well as my private home domain which has very little in the way of customizations aside from the modifications made for Exchange and ConfigMgr. All have the same
results described above.
VPN Service
Using Windows Server 2012 R2 we brought up a separate server to run a standard VPN setup. The intent was to see if we could use RADIUS authentication with the VPN and if that worked we would know the issue is with the SBCs. However, before we could even
configure it to use RADIUS we just attempted to make sure it worked with standard Windows Authentication on the local VPN server. Interestingly, it too fails with the same events getting logged as the RADIUS servers. The client machine being a Windows 8.1
workstation. Again I point out that we have working RADIUS servers used specifically for our wireless environment. The only difference between those RADIUS servers and the ones I am having problems with is that the working wireless servers are using PEAP instead
of MSCHAPv2.
FreeRADIUS
Now I'm no Linux guru but I believe I have it up and running. I am able to use ntlm_auth to authenticate users when logged on to the console. However, when the radiusd service tries to use ntlm_auth to do essentially the same thing it fails and returns the
same message I've been getting with the Windows server (E=691). I have the radiusd service running in debug mode so I can see more of what is going on. I can post the debug info I am getting if requested. The lines I am seeing of particular interest however
are as follows:
(1) ERROR: mschap : Program returned code (1) and output 'Logon failure (0xc000006d)'
(1) mschap : External script failed.
(1) ERROR: mschap : External script says: Logon Failure (0xc000006d)
(1) ERROR: mschap : MS-CHAP2-Response is incorrect
The thing to note here is that while we are essentially still getting a "wrong password" message, the actual status code (0xc000006d) is slightly different than what I was getting on the Windows Servers which was (0xc000006a). From this document
you can see what these codes mean:
NTSTATUS values . The good thing about this FreeRADIUS server is that I can see all of the challenge responses when it is in debug mode. So if I can wrap my head around how a MSCHAPv2 response is computed I can compare it to see if this is simply a miscomputed
challenge response. Update: Was just noticing that the 6a code is just the sub-status code for the 6d code. So nothing different from the Windows Servers, I still wonder if there is a computation error with the challenge responses though.
Currently, I am working on bringing up a Windows Server 2008 R2 instance of a RADIUS server to see if that helps at all. However, I would be surprised if something with the service broke between W2K8 R2 and W2K12 R2 without anyone noticing until now. If this
doesn't work I may have to open a case with Microsoft. Update: Same results with W2K8 R2. -
Using ISE guest store via RADIUS
I have a question concerning the guest store on the ISE.
I would like to establish a guest portal on a WLC (currently running version 7.0.220.0). The guest network shouldn’t have any connection to the company network. So I can’t redirect to the ISE guest portal and have to use the local portal on the WLC and pass the login data to the ISE via RADIUS. Nevertheless I want to use the guest store on the ISE.
On the ISE I can only select the internal user store as identity source. But this seems not to include the guest user store.
Has anyone already implemented a similar solution or any idea how to access the guest store?
Thanks
ThomasI just created a simple setup and tested the login.
It doesn't work with a user created as a guest account.
If I create the user in the normal internal identity store I works fine.
Might there be a difference between ISE Versions?
We are currently using Version 1.1.0.665 on a VM for testing purpose.
This is what the details show:
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15048 Queried PIP
15048 Queried PIP
15004 Matched rule
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - Internal Users
24210 Looking up User in Internal Users IDStore - tuser001
24206 User disabled
22057 The advanced option that is configured for a failed authentication request is used
22061 The 'Reject' advanced option is configured in case of a failed authentication request
11003 Returned RADIUS Access-Reject
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15048 Queried PIP
15048 Queried PIP
15004 Matched rule
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - Internal Users
24210 Looking up User in Internal Users IDStore - tuser001
24212 Found User in Internal Users IDStore
22037 Authentication Passed
Evaluating Authorization Policy
15004 Matched rule
15016 Selected Authorization Profile - Guest
11022 Added the dACL specified in the Authorization Profile
11002 Returned RADIUS Access-Accept -
WLC Management Admin via RADIUS
I am trying to have a management user authenticate via radius and have full admin privileges.
For a WCS I can simply set the radius attribute of "Cisco-AVPair.attr|Wireless-WCS:role0=Admin" and that user will get full admin rights. I found this doc to grant a user lobby admin:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080871921.shtml
but, it is specific to the using the Cisco ACS as a radius server. What attributes do I need to set for a user to get full admin rights to a WLC when authenticating via radius? Thanks.My problem: I have a local management user profile defined on my WLC and it works fine when the Priority Order is set to LOCAL. When I change the Priority Order to make RADIUS first and LOCAL second, I can't get logged into the WLC using CLI, GUI, or the console. The last time this happened I had to reset the WLC and start over. I don't want to do that again, so I need some way to get into the WLC.
Once I can get back into the WLI would prefer using Active Directory to authenticate the management user but that doesn't seem to work. My RADIUS acts as a front end for the Active Directory database and works well for many of our Cisco LAN switches andd Routers. Now I'm trying to set up the WLC to authenticate the management user with RADIUS. I have set the RADIUS (MS IAS) to return two attributes;
1. Vendor-Specific -Vendor Code 14179, Value=management
2. Service-Type - Value=Login
When I try to login using my AD account, the RADIUS server log shows an Access Request record, then an Access-Accept record that makes it appear RADIUS has successfully authenticated the user. But the login prompt for the GUI comes back as if it has failed. Same with the CLI login. Now I can't get logged into the WLC. How can I get into the box to manage it again?
Thanks -
PPPoX Virtual-Template assignment via Radius Attribute
I'd like to optionally apply ACLs to PPP users (PPPoX). I see two strategies: a) apply an ACL directly via radius attributes or b) define the ACL in the Virtual-Template on the BRAS and determine the Virtual-Template ID via radius attribute. Has anyone done this? If so, any suggestions on the best way to move forward? I think I'd prefer option B as I could also use it to assign VRFs etc (one Virtual-Template per VRF).
TIAThe only way I could get this to work is have the ACS server reference an ACL configured on the switch via name or number and send in the filter-id attribute. On the switch I configured the default setting for attribute 11 to apply inbound "
radius-server attribute 11 default direction in". If you do a "sh authentication sessions interface gx/x" it'll show the filter-ID setting but if you do a "show ip interface gx/x" it still shows the default-acl being applied. It works, just a bit confusing because of that default-acl still showing up. Anyone else experience the same? -
How can a parent restrict a child's access to a PARENT'S PRE-EXSISTING iTunes account via iCloud's Family Sharing Program? To explain further... I have a young son who is on my iCloud family sharing program... I am excited to be able to share SOME of my music in my iTunes library, but there are some songs and music videos that are not age appropriate for him and currently there is no way to restrict him from viewing and downloading anything off of my iTunes library. Yes, I suppose I can delete the songs he shouldn't have access to, but I don't think I should have to do that... I paid for them and still like them and listen to them while I work out or am without my kids. Is there a way for me to personally select which songs/videos I would like to "hide" from my children in an effort to shield them from inappropriate content?
Hello ggg39,
Welcome to the Apple Support Communities!
I understand that you have some content in your iTunes library that you would like to restrict access for the child set up on Family Sharing with you. To do this, you can set restrictions on the child’s device as described in the attached article.
Family Sharing - Apple Support
Now kids under 13 can have their own Apple IDs. As a parent or legal guardian, the family organizer can create an Apple ID for a child and add the child to the family group automatically. Ask to Buy is turned on by default, and the organizer can also limit the content kids have access to on their devices through Restrictions on an iOS device or parental controls in OS X and iTunes.
For more information on restrictions and how to set them up, please reference the next attached article.
About Restrictions (parental controls) on iPhone, iPad, and iPod touch - Apple Support
Have a great day,
Joe -
I synced two of my email accounts via gmail's POP3 capabilities. But now my iphone's gmail inbox only shows a random selection of emails (i.e. right now it is May 31, 2013 but the emails in my inbox are a couple from Nov 12, a few from Oct 12, and then some way older than that and so on.When I log into my gmail from a computer, I see all my emails in the logical, standard order. How can I make my iphone inbox match what I see when I log on using a PC?
If you're trying to decide between using POP and IMAP, we encourage you to use IMAP.
Unlike POP, IMAP offers two-way communication between your web Gmail and your email client. This means when you log in to Gmail using a web browser, actions you perform on email clients and mobile devices (ex: putting mail in a 'work' folder) will instantly and automatically appear in Gmail (ex: it will already have a 'work' label on that email the next time you sign in).
IMAP also provides a better method to access your mail from multiple devices. If you check your email at work, on your mobile phone, and again at home, IMAP ensures that new mail is accessible from any device at any given time.
Finally, IMAP offers a more stable experience overall. Whereas POP is prone to losing messages or downloading the same messages multiple times, IMAP avoids this through two-way syncing capabilities between your mail clients and your web Gmail.
That is from the page that you linked- does highlighted part of message ring a bell? -
How can I add credit to my account via PayPal? I don't have a credit card? Thanks.
Open iTunes. Scroll to the bottom. Click "Redeem".
-
how can I reset my iPad YouTube password? I can't sign into youtube on iPad. It says Username or password is wrong although both are correct when I log into YouTube account via Google. I also tried my husbands youtube login and password and the same outcome. Now I cant log into YouTube via the iPad account. I can log into Youtube via Google however my subscriptions and favorites are all gone. Can I reset the YouTube account located on the iPad? I cant seem to reset the password or delete the app and re-add. I dont want to reset the iPad since I have alot of videos and pictures on it.
Do you have Google 2 stage authentication turned on?
If so, you wont't be able to use your normal google password, but will have to instead generate an "application specific" password for the iPad YouTube app in the google security settings section. -
I have setup a new cloud ID.
I now need to verify my account via email.
How can I do this when I can't access my iCloud email without verifying account?Did you click the Verify Now link in the verification email from Apple (see image below)? If not, make sure you are checking the email address you used to set up your iCloud account. Also make sure you check the spam/junk folder as well as the inbox. If it isn't there, go to https://appleid.apple.com, click Manage your Apple ID, sign in, click on Name, ID and Email addresses on the left, then to the right click Resend under your Primary Email Address to resend the verification email.
-
I wand to use Thunderbird to back up and purge old emails from an account via POP3. This account is accessed by other users using IMAP on their computers and phones.
I want to archive and purge old messages from the server using Thunderbird. But, it will not download messages that apparently are marked as read on the server via IMAP.Pop mail accounts must be set up to 'leave messages on the server'.
check this before using.
* Tools > Account Settings > Server Settings for the mail account
or
* menu icon > Options > Account Settings > Server Settings for the mail account
select: 'leave messages on the server'
optional: select: 'for at most xx days' this will delete anything older than specified number of days select 'Until I delete them' when you delete an email it will be deleted off the server.
click on Ok to save settings.
Pop mail accounts only look at Inbox and download whatever has not been previously downloaded regardless of whether it has been read or not. They cannot access nor download from any other folder on the server.
If you wanted to download emails in other fodlers, you would have to move emails into the Inbox in order to download them and this may not be very practical in your situation.
What you can do is synchronize your IMAP folders to get a copy downloaded to your IMAP mail account.
Then go into 'offline' mode to stop any further synchronizing as synchronized folders do get updated.
MozBackup tool could now be used to backup the Profile as synchronising created mbox files which contain emails.
You can also do the following to get a copy outside of the IMAP mail account:
Create the same folders in 'Local Folders'.
Then right click on email and 'copy to' and select Local Folders and the folder you require.
Putting a copy in Local Folders means these emails are also on your computer and they are not influenced by anything you do in the IMAP folders.
You would need to backup emails in these folders.
See info:
* http://kb.mozillazine.org/IMAP_backup
MozBackup:
* http://mozbackup.jasnapaka.com/
ImportExporttool:
* https://addons.mozilla.org/en-US/thunderbird/addon/importexporttools/ -
Since installing Microsoft two step verification on my Outlook Account via my PC (Acer) I am unable to send emails on my iPad. I can neither remove two step verification or find a way to solve this. I would prefer to keep this email account as my prime one.
You will probably need to create an app password for the Outlook account for use on the iPad...
http://windows.microsoft.com/en-us/windows/two-step-verification-faq
http://windows.microsoft.com/en-us/windows/app-passwords-two-step-verification
Maybe you are looking for
-
HT201342 My icloud email address is misspelled. How can I correct this?
My icloud email address is misspelled. How can I correct this?
-
Columns not displayed in BI 4.0 IDT/Universe Designer
I am a Admin for BI 4.0,one of my user was not able to see tables columns in BI 4.0 while creating a new universe with user id as bo_xxxxx_xxxxxxxxxx_yyyyyyy_an
-
Re-use of ABAP Program ID from SAP Application in BODS 4.0
Objective: 1. We have used ABAP Program ID in DataStage 7.5. For example, ZDSYE001 2. The above ABAP Program ID is residing in SAP Application Server. 3. Now we need to use the same ABAP Program ID [ZDSYE001] in SAP BODS 4.0 =========================
-
Upgrade Activation Key is "invalid"
Folks, I'm using 1.5.6 (originally 1.5 academic version). I downloaded the Ap2 trial last night. Purchased an $99 upgrade key which came via email today. I opened up Ap2, choose the option to authorize, and it states that my key is an upgrade key, an
-
Hi All, I have one table like App_Code --- App_ID --- SEQ_ID C0---------------- 001----------------0 U0--------------- 001----------------6 F1---------------- 001----------------26 C0-------------- 002----------------0 C0-------------- 003-----------