Blocking clients with repeating failed attempts in ACS 5.4

Similar Messages

• Use an alternative e-mail address after repeated failed attempts to send.

  My company uses a small e-mail server company that offers a lot of benefits, but occasionally goes down for a day or two. I would like to find a way to automatically use another e-mail address after several failed attempts to use this server.
  Thus, if everything is working right, my e-mail will use the regular server. However, if the original server is down, when my e-mail fails to send repeatedly using that server, I would like it to default to another server. Is there a way to configure this?
  Thank you.

  No, you can’t. .Mac’s SMTP server simply doesn’t allow sending from a non-.Mac address.
  Doesn’t your ISP include some POP or IMAP mail accounts with access to an SMTP server as part of the service? Such an SMTP server might be less restrictive.
  A Gmail account would allow you to use Gmail’s SMTP server. Instructions for setting up a Gmail account are provided here:
  http://mail.google.com/support/bin/answer.py?answer=13275
  After setting up the Gmail account in Mail and checking that it works, you can use Gmail's SMTP server to send from your other mail accounts as well:
  1. Log into your Gmail account on the web.
  2. Go to Settings > Accounts.
  3. Enable the addresses you want to be able to send from, and let Gmail validate them by verifying that you do indeed own them.
  4. For each mail account you want to send from using Gmail’s SMTP server, in Mail go to Preferences > Accounts, and choose Gmail’s SMTP server from the Outgoing Mail Server (SMTP) popup menu.
  BTW, if you’re using Mac OS X 10.3 (Panther), as your profile indicates, it would have been more appropriate to discuss this in the Mail & Address Book - Mac OS X 10.3 & earlier forum. If the discussion applies to both Mail 1.x and Mail 2.x, it doesn’t really matter, but it’s difficult to know that in advance.

• Account lockout for failed attempts in acs 5.1.0.44.6

  Hi All ,
              I have ACS1121 running version 5.1.0.44.6 on my network environement , I need to enable account lock-out for internal user during failed attempt for more than 8 times , How to achieve this .
              I could see account lock-out for administrator user account , not for internal user .

  In general this feature is not supported and is part of the CS 5.3 release which is scheduled for FCS later this year
  However, looking at the list of patches I can see that the 5.2.0.26.4 cumulative patch includes a fix for the following:
  CSCth12406: ACS 5 does not have option to disable local account on failed attempts
  I am not familiar specifically with these changes but looking at the CDETS it appears that after the installation of the patch the following options are available:
  1.Selected 'System Administration' in ACS under left pane in primary server.
  2.Selected 'Users -> Authentication Settings -> Advanced ' . Account Disablement section will be displayed.
  3.Selected check box 'Failed attempt exceeds' and provide count of number of attempts after which account is disable
  Since you are on a 5.1 release you would need to upgrade to 5.2 and then install the patch (or 5.2.0.26.5 which is in fact the latest patch)

• Client with Patch fails to install - Build and Capture

  Hi,
  We recently hit an issue where our Build and Capture task sequence, previously fully working, was deleted. As such I've had to rebuild it from documentation. So far so good. However when I now test it out, the sequence fails during the installation of the client.
  It appears to be due to access to the patch, however I can't work out why. The installation flags are:
  /mp:sccmpri01.domain.com CCMLOGMAXHISTORY=4 PATCH=\\SCCMPRI01.domain.com\HotFixes\KB2938441\Client\i386\configmgr2012ac-r2-kb2938441-i386.msp
  And the share is set for the network access account to have read/write/execute, and everyone to have read access. As it's a build and capture the machine is in a workgroup not the domain.
  The error I'm getting is most detailed in the ccmsetup folder under the client.msi.log
  MSI (s) (EC:4C) [15:51:37:441]: Unable to create a temp copy of patch '\\SCCMPRI01.DOMAIN.COM\HOTFIXES\KB2938441\CLIENT\I386\CONFIGMGR2012AC-R2-KB2938441-I386.MSP'.
  MSI (s) (EC:4C) [15:51:37:441]: Note: 1: 1708
  MSI (s) (EC:4C) [15:51:37:441]: Product: Configuration Manager Client -- Installation failed.
  MSI (s) (EC:4C) [15:51:37:441]: Windows Installer installed the product. Product Name: Configuration Manager Client. Product Version: 5.00.7958.1000. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1635.
  I'm a little lost as to what to try next. If I install without the patch it's alright but then fails as soon as it hits the next step in the sequence.
  Any help would be great!

  You can use a UNC path in the PATCH command (but I would not recommend it) but i expect that the process above evidently does not have share or file permissions to the msp file.
  The way I do it is simply to copy the 32 and 64 bit msp's into the folder that is created by default:
  \\Server\SMS_sitecode\Client
  That way, all you need to do is update your client package, and then change the command line so that it references the local msp file instead of UNC path.

• ISE WebAgent not able to download with error Failed to download Cisco Agent ( Status = -2) !

  Hi
  We are able to get till WebAgent download page and while downling WebAgent we get below error...
  Failed to download Cisco Agent ( Status = -2) ! . We tried with many laptops and for all we get same error while downloading the WebAgent ...
  We also verified Latest Java & ActiveX components available on every laptops which we used for downloading WebAgent..
  Attached the Screenshot of the WebAgent Download process
  DACL Posture_Remediation used is as below
  permit udp any any eq domain
  icmp any any
  permit tcp any host <PSN IP Address> eq 8443
  permit tcp any any eq 80
  permit tcp any any eq 443
  permit tcp any host <PSN IP Address> eq 8905
  permit tcp any host <PSN IP Address> eq 8909
  permit udp any host <PSN IP Address> eq 8905
  permit udp any host <PSN IP Address> eq 8906
  permit tcp any host < Remediation Server> eq 80
  Even we add permit ip any host <PSN IP Address> ,as last acl rule in DACL , still we were getting same error while downloading ...
  Did any face the same issue , how it was resolved

  This is seen when the required traffic is not allowed on the ACL.
  ISE 1.1.1 added ports 8909 TCP and UDP for client download so we needed to add this into the Posture ACL.
  permit tcp any any eq 8909
  permit udp any any eq 8909
  If you have clients with proxy failing to get the redirection then you should add 8080 to the switch.
  ip http port 8080
  ip port-map http port 8080
  On the redirect ACL
  permit tcp any any eq www
  permit tcp any any eq 443
  permit tcp any any eq 8080
  I see you've already tried with permit ip any host
  Jatin Katyal
  - Do rate helpful posts -

• Automatic Install of Endpoint Protection fails on windows 8.1 clients with SCCM 2012 R2

  Running SCCM 2012 R2 and deploying CM clients and Endpoint Protection via software updates. CM client and EP install fine on Windows 7 clients. CM client installs fine but endpoint protection fails on Windows 8.1 clients with the following from the
  endpoint protection agent log:
  <![LOG[Create Process Command line: "C:\Windows\ccmsetup\SCEPInstall.exe" /s /q /policy "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:22:02.560+240" date="08-13-2014" component="EndpointProtectionAgent"
  context="" type="1" thread="4260" file="epagentutil.cpp:607">
  <![LOG[Detail error message is : [EppSetupResult]
  HRESULT=0x80070643
  Description=Cannot complete the System Center Endpoint Protection installation. An error has prevented the System Center Endpoint Protection setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal
  error during installation.
  So on the win8.1 client I run the above command line manually in a command window and receive Access is denied. Then I run the same command in an elevated command window and EP installs fine. Does this have something to do with why the automatic
  EP client install fails with the 0x80070643 error code? If so, what is the fix?

  Hi,
  Try uninstalling any other security software.
  For more information, please review the link below:
  I‘m getting an error code from my Microsoft security software
  http://www.microsoft.com/security/portal/mmpc/help/errorcodes.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Strange username in failed attempt log in ACS

  I have an access point configured to use dot1x (MS-PEAP) which authenticates against ACS. Everything work fine, but there are some strange logs appearing in failed attempts. I think it is some sort of misinterpretation in ACS.
  My ACS is 4.1
  My access point is AIR-AP1231G version 12.3
  I also have attached the logs. Hope anyone can help me clarify this.

  This document provides a sample configuration for LEAP or MAC authentication.
  Note: This guide assumes the most basic configuration. It does not cover configuration of more advanced encryption modes such as Cisco Key Integrity Protocol (CKIP) and Cisco Centralized Key Management (CCKM).
  http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00805e7a13.shtml

• ACS v5.1 - Can internal users be disabled after x failed attempts?

  I have noticed under authentication settings for internal user accounts there is no setting to disable the account after x number of failed attempts (ACS v5.1). This is such a fundamental requirement for user accounts that I am wondering whether I have missed something. (They include this option on Administration accounts)
  Does anyone know if can this be set somewhere else or is Cisco going to implement it in a later version?
  Many Thanks

  Hello jrabinow ,
  Thanks  a lot for the reply .
  We already have our AD setup to lock account of users who failed 3 consecutive windows login attempts .
  However when network administrators fail to login  after 3 consecutive attempts into a network device, they can still login into a network device if they provide their correct AD credentials .
  Is there any specific configuration that needs to be done on the AD to be aware of the failed login attempts on the network devices and count it the same as a failed windows login attempt ?!
  Kind Regards ,
  Moussa

• What is wrong with my non-blocking client?

  I have two classes here, my abstract base class SingleSocketHandler, and its concrete subclass SingleSocketHandlerImpl. The subclass implements the protocol and parsing of my server.
  For some reason, my server is not receiving the packet my client sends to it, and my client is getitng nothing in return (which makes sense, the server is supposed to respond to the logon packet). I make it non-blocking AFTER logon, so I knwo that this is not a problem. Can you see why my server is not receiving the packet my client writes to it? Did I not configure some setting with the SocketChannel that enables it to write? I am sort of unfamiliar with the java.nio.channels package, so the problem may be related to a setting in the SocketChannel or whatnot that I haven't configured.
  NOTE: My chat server works fine with my blocking, multi-threaded test clients. Just not for my non-blocking client. The original problem for my blocking clients was that once the server stopped sending them data, they'd get caught in the in.read() loop and never get out of it. That's why I turned to non-blocking.
  Just to remind you, my question is: why isn't my client sending the logon packet AND/OR my server receiving+responding to it?
  public abstract class SingleSocketHandler extends Thread
       /* Subclasses must implement these methods
          /* Even though they're not a (public) interface */
       /** <------------------------------- */
            abstract void parse(int num);
            abstract void parseNext();
            abstract void doLogon();
       /** -------------------------------> */
       private SocketChannel sock;
       /* Queues for in and out buffers */
       private LinkedList <ByteBuffer> qIn;
       private LinkedList <ByteBuffer> qOut;
       /* Server info */
       private String hostname;
       private int port;
       /* Flags */
       protected int flags;
            protected final int LOGGED_ON = 0x01;
        * Default Constructor
       protected SingleSocketHandler()
            initQs();
        * Constructor that sets socket info
        * @param hostname
        * @param port
        * @param connect
       protected SingleSocketHandler(String hostname, int port, boolean connect)
            initQs();
            if (connect)
                 connect(hostname, port);
            else
                 setSocket(hostname, port);
        * Switches off between reading and writing
       protected void handleIO()
            try
                 sock.configureBlocking(false);
            } catch (IOException e)
                 // TODO
            readInBuffers(1);
            writeOutBuffers(1);
        * Read in specified number of buffers into in queue
        * Call for parsing
        * @param num
       protected void readInBuffers(int num)
            Reporter.println("READING BUFFER");
            for (int i = 0; i < num; i++)
                 ByteBuffer header = ByteBuffer.allocate(ProtocolCheck.HEADER_LEN);
                 try
                      Reporter.println("Reading header...");
                      sock.read(header);
                      Reporter.println("Read header.");
                 } catch (IOException e)
                      // TODO
                 /* Only add packet to in queue if it has a valid header */
                 if (ProtocolCheck.validHeader(header.array()))
                      Reporter.println("valid header");
                      ByteBuffer packet = ByteBuffer.allocate(ProtocolCheck.findPacketLen(header.array()));
                      packet.put(header);
                      try
                           Reporter.println("Reading rest of packet...");
                           sock.read(packet);
                           Reporter.println("Read packet.");
                      } catch (IOException e)
                           // TODO
                      addInBuffer(packet);
        * Write out specified number of buffers from out queue
        * And remove from out queue
        * @param num
       protected void writeOutBuffers(int num)
            Reporter.println("WRITING BUFFER");
            int i = 0;
            while (qOut.size() > 0 && i < num)
                 try
                      sock.write(nextOutBuffer());
                      Reporter.println("Wrote buffer.");
                 } catch (IOException e)
                      // TODO
                 i++;
        * Returns and removes next buffer from in queue
        * @return ByteBuffer
       protected ByteBuffer nextInBuffer()
            return qIn.remove();
        * Returns and removes next buffer from out queue
        * @return ByteBuffer
       protected ByteBuffer nextOutBuffer()
            return qOut.remove();
        * Sees if there is anohter in buffer
        * @return boolean
       protected boolean hasNextInBuffer()
            return qIn.size() > 0;
        * Sees if there is another out buffer
        * @return ByteBuffer
       protected boolean hasNextOutBuffer()
            return qOut.size() > 0;
        * Add a buffer to in queue
        * @param b
       public void addInBuffer(ByteBuffer b)
            qIn.add(b);
        * Add a buffer to in queue
        * @param b
       public void addInBuffer(Bufferable b)
            qIn.add(b.getByteBuffer());
        * Add a buffer to out queue
        * @param b
       public void addOutBuffer(ByteBuffer b)
            qOut.add(b);
        * Add a buffer to out queue
        * @param b
       public void addOutBuffer(Bufferable b)
            qOut.add(b.getByteBuffer());
        * Instantiate queues
       protected void initQs()
            qIn = new LinkedList <ByteBuffer> ();
            qOut = new LinkedList <ByteBuffer> ();
        * Set socket info then call connect()
        * @param hostname
        * @param port
       public void connect(String hostname, int port)
            setSocket(hostname, port);
            connect();
        * Connect to server
       public void connect()
            try
                 sock = SocketChannel.open();
                 sock.configureBlocking(true);
                 sock.connect(new InetSocketAddress(hostname, port));
                 while (!sock.finishConnect())
            } catch (IOException e)
                 // TODO
        * Disconnect from server
       public void disconnect()
            try
                 sock.close();
            } catch (IOException e)
                 // TODO
        * Set socket info without connecting
        * @param hostname
        * @param port
       public void setSocket(String hostname, int port)
            this.hostname = hostname;
            this.port = port;
        * @return state of connection
       public boolean isConnected()
            return (sock != null && sock.isConnected());
        * @return state of being logged on
       public boolean isLoggedOn()
            return (sock != null && (flags & LOGGED_ON) == LOGGED_ON);
  public final class SingleSocketHandlerImpl extends SingleSocketHandler
       private UserDatabase <User> users;
        * Constructor that does not set socket info
       public SingleSocketHandlerImpl(UserDatabase <User> users)
            super();
            this.users = users;
        * Constructor that does set socket info
        * @param hostname
        * @param port
        * @param connect
       public SingleSocketHandlerImpl(String hostname, int port, boolean connect, UserDatabase <User> users)
            super(hostname, port, connect);
            this.users = users;
        * Thread's run method (base class extends Thread)
       public void run()
            doLogon();
            while (isConnected() && isLoggedOn())
                 handleIO();
        * Parses specified number of buffers from in queue
        * @param num
       /* (non-Javadoc)
        * @see client.SingleSocketHandler#parseNext()
       @Override
       protected void parse(int num)
            Reporter.println("Parse(int num) called.");
            int i = 0;
            while (hasNextInBuffer() && i < num)
                 parseNext();
                 i++;
       /* (non-Javadoc)
        * @see client.SingleSocketHandler#parseNext()
       @Override
       protected void parseNext()
            Reporter.println("Parsing!");
            if (!hasNextInBuffer())
                 Reporter.println("NO IN BUFFER.");
                 return;
            /* Get buffer to work with */
            ByteBuffer inBuffer = nextInBuffer();
            byte[] data = inBuffer.array();
            /* Decide what to do based on message ID */
            byte msgid = data[1];
            switch (msgid) {
            case 0x01:
                 Reporter.println("0x01 packet.");
                 /* Determine success of login */
                 byte success = data[3];
                 if (success == (byte) 1)
                      flags |= LOGGED_ON;
                      Reporter.println("Logged on!");
                 else
                      flags &= ~LOGGED_ON;
                      Reporter.println(" <eChat> Unable to logon. Check the hostname and port settings.");
                 break;
            case 0x02:
                 /* Parse out text message */
                 byte[] txtmsgbytes = new byte[data.length - 3];
                 System.arraycopy(data, 3, txtmsgbytes,  0, txtmsgbytes.length);
                 String txtmsg = new String(txtmsgbytes);
                 Reporter.println(txtmsg);
                 break;
            case 0x03:
                 System.out.println("Packet ID not yet handled.");
                 break;
            case 0x04:
                 System.out.println("Packet ID not yet handled.");
                 break;
            default:
                 System.out.println("validID() method is buggy.");
           * I make it non-blocking after logon sequences
       /* (non-Javadoc)
        * @see client.SingleSocketHandler#doLogon()
       @Override
       protected void doLogon()
            Reporter.println("DOING LOGON!");
            User myUser = users.getCurr();
            addOutBuffer(new ScpLogon(myUser.getUsername(), myUser.getPassword()));
            writeOutBuffers(1);
            readInBuffers(1);
            parseNext();
  }

  Oh, if this helps, this is what gets output to my GUI. I did a lot of outputs for debugging purposes.
  [3:29:27 PM]: Connecting...
  [3:29:27 PM]: Connected!
  [3:29:27 PM]: Logging on...
  [3:29:27 PM]: DOING LOGON!
  [3:29:27 PM]: WRITING BUFFER
  [3:29:27 PM]: Wrote buffer.
  [3:29:27 PM]: READING BUFFER
  [3:29:27 PM]: Reading header...

• Cumulative Update 3 client update install failed with code 1642

  We have SCCM 2012 R2 and recently updated to CU3
  Existing client is version 5.00.7958.1000
  Pushing update package created during CU3 update failing on some computers
  I am trying to update some of laptops using CU3 x86 update and getting following errors
  Script for Package:ABC00126, Program: Cumulative update 3 - x86 client update install failed with exit code 1642
  I have reviewed many forms but couldn't find relevant.
  Update works on about 70% on machines with same image but failed on rest with same 1642 error
  Same issues occurs applying client on during TSequence on some of machines.
  It is very inconsistent,
  Any help would be greatly apprciated
  Thanks
  RJ
  RJ09

  I verified package does copied over in ccmcache folder.
  Also try to run update package using pstools, got error same as Torsten mentioned.
  Here are logs from client.
  Checking content location C:\Windows\ccmcache\gt for use
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  Successfully selected content location C:\Windows\ccmcache\gt
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  Executing program as a script execmgr
  13/01/2015 6:56:04 PM 2588 (0x0A1C)
  Found executable file msiexec.exe with complete path C:\Windows\system32\msiexec.exe
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  Successfully prepared command line "C:\Windows\system32\msiexec.exe" /p configmgr2012ac-r2-kb2994331-i386.msp /L*v C:\Windows\TEMP\configmgr2012ac-r2-kb2994331-i386.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  Command line = "C:\Windows\system32\msiexec.exe" /p configmgr2012ac-r2-kb2994331-i386.msp /L*v C:\Windows\TEMP\configmgr2012ac-r2-kb2994331-i386.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous, Working Directory = C:\Windows\ccmcache\gt\
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  Created Process for the passed command line
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  Raising event:
  [SMS_CodePage(437), SMS_LocaleID(1033)]
  instance of SoftDistProgramStartedEvent
  AdvertisementId = "ABC212D1";
  ClientID = "GUID:f298da2e-dfd1-428e-8b3c-b03602f95719";
  CommandLine = "\"C:\\Windows\\system32\\msiexec.exe\" /p configmgr2012ac-r2-kb2994331-i386.msp /L*v C:\\Windows\\TEMP\\configmgr2012ac-r2-kb2994331-i386.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous";
  DateTime = "20150114005604.541000+000";
  MachineName = "DH-07";
  PackageName = "ABC00126";
  ProcessID = 3496;
  ProgramName = "Cumulative update 3 - x86 client update install";
  SiteCode = "abc";
  ThreadID = 2588;
  UserContext = "NT AUTHORITY\\SYSTEM";
  WorkingDirectory = "C:\\Windows\\ccmcache\\gt\\";
  execmgr
  13/01/2015 6:56:04 PM 2588 (0x0A1C)
  Raised Program Started Event for Ad:ABC212D1, Package:ABC00126, Program: Cumulative update 3 - x86 client update install
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="ABC00126",ProgramID="Cumulative update 3 - x86 client update install", actionType 1l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="ABC00126",ProgramID="Cumulative update 3 - x86 client update install", actionType 1l, value , user NULL, session 4294967295l, level 0l, verbosity 30l
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  MTC task with id {8EB498C5-71D5-4933-BA80-6EEB8E189F98}, changed state from 4 to 5
  execmgr 13/01/2015 6:56:04 PM
  2588 (0x0A1C)
  Program exit code 1642 execmgr
  13/01/2015 6:56:04 PM 2784 (0x0AE0)
  Could some please review and advise..
  Thanks
  RJ09

• I receive System Disabled with code 68072590 after 3 failed attempts

  I receive System Disabled with code 68072590 after 3 failed attempts
  This question was solved.
  View Solution.

  AM try.
  77950516
  Use that code to go into the BIOS.
  Disable all passwords that are enabled.
  IF asked for the CURRENT password use that code.
  IF asked for NEW password just hit enter.
  If asked to VERIFY password just hit enter.
  Save and exit.
  REO
  I must inform you that these services are not endorsed by HP, and that HP is not responsible for any damage that may arise to your system by using these services. Please be aware that you do this at your own risk.
  HP Expert Tester "Now testing HP Pavilion 15t i3-4030U Win8.1, 6GB RAM and 750GB HDD"
  Loaner Program”HP Split 13 x2 13r010dx i3-4012Y Win8.1, 4GB RAM and 500GB Hybrid HDD”
  Microsoft Registered Refurbisher
  Registered Microsoft Partner
  Apple Certified Macintosh Technician Certification in progress.

• FTP Security - Repeated Login Attempts

  Over the past 2 weeks or so, i've seen about a bazillion of these types of entries in the system log of one of our ftp servers:
  Aug 21 03:39:22 ns ftpd[4099]: ACL Check failed for Administrator
  Aug 21 03:39:22 ns ftpd[4099]: ACL Check failed for Administrator
  Aug 21 03:39:22 ns ftpd[4099]: ACL Check failed for Administrator
  Aug 21 03:39:23 ns ftpd[4099]: repeated login failures from atlantis @ 83.143.18.134 [83.143.18.134]
  Obviously, someone is trying to gain access (unsuccessfully - thank goodness) to the system. The repeated login attempts last anywhere from 5 - 30 minutes, always with the username Administrator. The IP addresses are from all over the world - Europe, Asia, and the US. Why we have a bullseye on us all of a sudden is unknown. This server has been running for close to three years now, and I've never seen attempts with this frequency.
  The Administrator user doesn't have ftp access on this system, so I'm not too worried about these break - in attempts. (Or should I be?)
  My formal question is this - is there anything that can be done with the out of the box ftp server to deter these attempts, or at least block attempts by IP address temporarily after several failed logins?
  What approach have others used? Is it time to start looking at another ftp server software package that has more security settings?
  Any help / input would be appreciated.
  I miss my Apple IIc   Mac OS X (10.4.6)  

  Thanks for the feedback Camelot. I'll post my replies under the quoted text below.
  If you're running a public server you're going to get
  hits you don't want. Fact of life.
  Script kiddies around the world are going to try
  whatever username and password they can think of to
  log into your server.
  Having a different FTP server isn't going to change
  that - any other server is just as vulnerable to
  brute-force attacks as the built-in server. How do
  you think a different server is going to react any
  differently?
  I don't know - that's why I asked.
  I've only used the bundled ftp server with OS X server. I was wondering if there was a ftp software package that temporarily blocked IPs after 'n' number of invalid login attempts or something like that. And thought I'd see if anyone had any experience in this department.
  Your only safeguards are some combination of:
  1) use your firewall to restrict access to the server
  to known/trusted IP addresses
  Unfortunately, a few of our users use dynamic IPs. Which is a bummer.
  2) use a VPN to connect to the server, then connect
  to the internal address
  We've used this method successfully before. We might go back to it...
  It was a 'pain' for some of our remote users and I finally gave into the nagging to do away with it because I spent way too much time providing phone support for remote users. I know, I know, it's just laziness on my part.
  3) use a different protocol that supports public key
  authentication (and turn off password
  authentication), e.g. SFTP.
  I've looked into SFTP for the OS X ftp server on these boards and most discussions don't seem to resolve into a definitive solution for implementing SFTP on the OS X server. Anyone get this working properly? I'd love to set it up to support SFTP only and disable password authentication.
  I'm leaving the original question open - I'd like to know if there is ftp software that works well on OS X server that would temporarily block an IP after 'n' invalid attempts, or has something similar.
  Or for someone to tell me I'm just being paranoid - and that the current setup should be OK.

• Failed attempts on radius from a strange user

  Hello all,
  I have ACS server 4.2 and I have noticed that there are too many failed attempts from usernames just like:
  [email protected]
  [email protected]
  The number before the "@" changes for different users! (I am not ev
  I tried to search for those I noticed it is something related to using 3G networks over Wi-Fi!!
  I am not familiar with this technology (if my undrestanding about thi is correct).
  I just want to know what type of devices would possibly use this feature (what mobile phones vendors for example) and how to stop it (configure it correctly on the end station).
  apprecaite your help.
  Amjad

  Thanks Mohammad for your quick reply.
  I already know that failed attempt is due improper configuratoin on client. failure code in ACS is "EAP type not configured". Those stations -that high likely a mobile phones - usually use EAP-SIM which is not even supported by our ACS.
  EAP-SIM configuration by default has "User name in Use" configured as "From SIM card". This is why we possibly seeing those.
  Tracking the device is very difficult due to users are mobile and there are too many users around in same area/areas.
  I just now successfully isolated that all devices reported this are Nokia devices!! Now it is easier to go to some area and ask about those who have Nokia phones rather than checking everyone's phone.
  Thanks ya m3almi.
  Amjad

• Office 2013, click icon nothing happens, no errors, no eventlog, MANY clients with this issue

  We're an IT solutions provider for companies of all sizes as well, as residential users, and we've been plagued by a new Microsoft-caused issue that's seriously affecting our client's perception of us since it seems like 'you didn't fix it the first
  time' or 'you sold us the computer', so it's our responsibility to fix for free.
  We've experienced this with 17 people so far, ranging from residential clients with systems that have come from big box stores and from systems we've sold with Microsoft Office 2013 and basically the entire suite stops working.
  If you click an icon, you may see an hour glass for a few seconds and nothing happens (but usually nothing happens at all, as though you didn't click it).
  Diagnostic steps:
  No errors in eventlog, neither under system or application.
  No third party add-ins, sometimes it's a stock install on a new / fresh system.
  Starting Microsoft Office applications in safe mode, like winword /safe, has no effect.
  A quick repair or an online repair will not resolve the issue, it will say it's done but issue still exists.
  Microsoft Office 2013 cannot be uninstalled, we always receive the same error code: 0-4
  Some systems do not have third party antivirus, some are simply using Microsoft Security Essentials.
  This affects all Microsoft Office applications, including Outlook.
  Makes no difference if you use another user account or run-as admin.
  All Microsoft Office 2013 updates have been installed.
  The installation source is undetermined but recent issues stemmed from a physical media (.ISO) install from Microsoft's latest source.
  You cannot start the software by clicking on documents created with Office applications.
  The only way to remove Microsoft Office 2013 is with the removal tool "O15CTRRemove.diagcab".
  The problem returns after a random period of days and no client can relay the actual cause of the issue, it seems random in nature. After the issue is experienced, we go through the same steps including the necessity to utilize the removal tool.  
  This seems to be a new issue that's come out of the blue within the past few weeks, at least on our end. When 17 random people call out of the blue with the same problem, it suggests it's Windows Update related.
  I'm really hoping someone has some insight into this Microsoft glitch and knows of a secret hotfix or special trick to prevent it. I attempted to call Microsoft and it would be more enjoyable to punch a concrete wall since you're dealing with useless people
  in a foreign country who can't really comprehend the seriousness or technicality of the issue, and don't really care, and aren't skilled enough to provide
  insight.
  Does anyone know about this problem?

  Thank you for the reply.
  I understand the flash you are receiving while launching Excel or Word is very fast. However just wanted to check if it is possible to get a screenshot of it.
  Also, are you able to work fine on Excel or Word even after receiving the flash.
  It seems the Office installation might have not been done properly.
  There is a possibility, everytime you Uninstall any application, there are still some patches left behind which could cause an issue while Installing the same application again or even after Installation is successful, it sometimes gives
  issue while launching the application.
  If you want to give a try, you may try to Uninstall the product using Offscrub by clicking on the below link & then can have a fresh installation again.
  http://support.microsoft.com/kb/2739501
  Please let me know the status update once done
  Abhijeet, the box flash happens too fast for me to capture a screenshot of it but I believe it's similar to the smaller box activation process (enter your email).
  Word and Excel work fine whenever this is observed.
  I'm skeptical that this is a "not done properly" kind of scenario, especially when it applies to so many people and many have brand new computers. How can you take a Microsoft Office disc and install it improperly on a new PC? Or how can a person
  go through Microsoft's https://officesetup.getmicrosoftkey.com/ setup, use the software for months and suddenly it stops working? If this is a 'not done properly' scenario, then this is a failing of Microsoft's
  installation source. I can't reiterate this enough, the software works fine for people since installation date and then randomly stops working at a much later date (but many of them failed last month and this is a newer issue).
  I'm starting to get frustrated again as I'd already stated we've used your linked removal tool in my first post and the problem has returned for another user by which I'd used it and reinstalled the product. The client who's PC we have now, one we'd sold
  them, needs to be returned to them and while Microsoft Office is currently working, I was told that if this happens again, they're "going to throw the f#(*@ computer in the river". No joke.
  If we're at the point where we've moved past evaluating logs, registry keys, or file versions or anything along the lines of a developer determining how this Microsoft bug occurs, then I'll return the system back to the client and hope for the best.
  Three strikes and I'm out with this one but perhaps the delayed startup is the final solution... I just wish I knew for sure as we've had a bad year taking a beating for Microsoft's products and their support is the worst in the industry.
  It's further frustrating that since I'd touched base with Microsoft via phone calls, the only person who's been able to provide any insight into the issue is me.

• Installation of Client Access role fails on Windows Server 2008 R2 (Execution of: "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP")

  Hello
  I am trying to install Exchange Server 2010 beta 1 onto a Windows Server 2008 R2 (build 7000) machine which has also been set up as a domain controller.
  However when attempting to install the Client Access role, setup fails with the error below.
  Does anyone know of a way to get around this please?
  I have already searched for this error and not found any similar threads.
  Also every time I press the code button on this forum it crashes the browser and I keep losing the message! (IE8 from within Server R2). Also the message box is very small, will not expand and keeps jumping to the top.
  Thanks
  Robin
  [code]
  Summary: 4 item(s). 1 succeeded, 1 failed.
  Elapsed time: 00:00:01
  Preparing Setup
  Completed
  Elapsed Time: 00:00:00
  Client Access Role
  Failed
  Error:
  The execution of: "$error.Clear(); Install-ExchangeCertificate -services "IIS, POP, IMAP" -DomainController $RoleDomainController", generated the following error: "Could not grant Network Service access to the certificate with thumbprint 2F320F5D5B5C6873E54C8AB57F604D8AFA31D18C because a cryptographic exception was thrown.".
  Could not grant Network Service access to the certificate with thumbprint 2F320F5D5B5C6873E54C8AB57F604D8AFA31D18C because a cryptographic exception was thrown.
  Access is denied.
  Elapsed Time: 00:00:01
  Mailbox Role
  Cancelled
  Finalizing Setup
  Cancelled
  [/code]
  Robin Wilson

  Hello
  Thanks for all the replies.
  I have since wiped the system and installed everything again and it all worked this time so not sure what was wrong last time. I did try to uninstall all Exchange components and then uninstall IIS and Application server, reboot and re-install but I received the same error still when it came to installing the client access role.
  Walter: I just attempted the standard installation which should have used the default self-signed certificate. Everything was a fresh install done at the same time on a freshly formatted PC.
  For info last time when it failed to work:
  - Installed Windows Server 2008 R2
  - Installed Domain Controller role using dcpromo. I set the forest and domain as Windows Server 2008 R2
  - Added a forest trust between main domain and test Exchange domain (set up as ex2010.local)
  - Installed IIS and Application Server role
  - Installed Hyper-v role
  - Installed Desktop Experience feature
  - Installed Exchange and recieved the error
  When it worked I set up the forest and domain in Windows Server 2008 mode (i.e. not R2), installed Exchange first and then set up the forest trust and then Hyper-v. It did say it failed to configure dns which was probably because it started trying to do automatic updates half way through the dcpromo! DNS seems to work ok though.
  I did notice this time that Hyper-v gave a warning about the virtual network adapter not being set up correctly and the local network did not work correctly although I could access the internet. Not sure if this could have been related to the cause of the problem previously. For now I have disabled the virtual network until I get time to try and get it working and so the mail will work in the meantime.
  I also noticed that Hyper-v added an extra 443 ssl binding to the default website so as it had 2 bindings on port 443 it refused to start. After deleting one it worked.
  I decided to install Exchange onto a domain controller as it is only a test and I wouldn't do it in a live environment. I am also short of test machines! It didn't give me any warnings about this actually, I think previous versions warn you that it is not recommended.
  Andreas and Chinthaka: I did not know about the requirement to run the domain at 2003 mode. The main domain is running in 2008 mode with Exchange 2007 so I assume this is just a temporary beta related requirement. It does seem to be working (second attempt) so far in a 2008 mode domain although I haven't had a chance to fully test it yet.
  Thanks
  Robin
  P.S. Sorry it's taken me a while to reply!
  Robin Wilson