Cisco ACS 5.3, Active Sessions are over limit e-mail alert.

I have recently enabled the SMTP alert function in ACS 5.3. It seems to work well for most of the alerts. One thing though, the active sessions are over limit warning that comes up every so often. I know it is not impacting operations and it is ACS's way of clearing out sessions that had no accounting stop, but how do I disable this alert from being sent by e-mail from ACS 5.3??? I do not see it anywhere.

Hi, Thanks for the response. Unfortunately it does not solve my issue. Following the directions causes all logging to stop in the real time logs. There is no username coming through for these phantom authentication requests that I can create a filter or access request for. Is it possible to get more details???
The issue is that there is noting in the realtime logs for this on on the General tab that an alert has been triggered and therefore and e-mail for the alert. I was looking to see how I can disable the alert itself. there does not appear to be any dummy account these authenticatons are using to trigger this alarm in the logs I can see.

Similar Messages

Integration Of Cisco ACS and MS Active Directory !!!

Hi all,
We have and Cisco ACS v4.2 on a Cisco Appliance, and we need to integrate it with Active Directory. Can you help me??
Thanks for your help
Regards!!!
Rafael Turriago

Hi,
If you have ACS SE and you want to integrate with MS AD, then you need to install Cisco ACS Remote Agent on a PC that belongs to the domain.
The ACS SE does not "speak" directly to the DCs, but rather to the ACS Remote Agent.
The Remote Agent is the application responsible to exchange data with the DCs.
You can find detailed information in the config guide:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp353636.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

Cisco ACS 4.2 + Active directory + peap

Hello guys!
We have acs 4.2 SE + remoteAgent which is located on our DC. WLAN with wpa+wpa2[802.1x auth] has been configured and all working perfectly - domain users trying to connect and gets user\pass prompt, after it auth succesfull and wireless access granted. But its a bit complicated with non-domain users, when they trying to connect to this network they get windows security alert because machine authentication not passed(PC not in domain so ACS can't auth this users). So, if i enable machine authentication under external windows database setting, acs succesfully authenticated station but wont promt for user\password. How can we enable prompting for user\pass while still maintain machine auth ?
Thank you!

I have a scenario for you in active directory when two passwords may be valid:
Old passwords can also work on domain controllers that have not received replication yet from either the domain controller the password was changed on, or the PDC emulator in the domain.
Let's take a scenario where we have a 3 site, 3 domain controller (DC) active directory: Site1 with DC1, site2 with DC2 and site3 with DC3.
The ACS application resides in Site3 and is configured to use DC3 for authentication. We have a user "user1" with a password of "123".
User1 decides to call the helpdesk and changes his password to "456".
The helpdesk uses DC1 to make password changes because they are located in site1. For a period of time (based on replication, which defaults to 3 hours between sites) the 123 password and the 456 password will be
valid.
If the user1 user tries the "123" password it will work until DC3 receives the changed password from normal replication. If user1 tries to use 456, DC3 will flag this as a wrong password, and then check the PDC
emulator of the domain to see if it has received a newer password. The PDC emulator will validate the login, and then trigger an immediate replication with DC3.
Regards,
~JG
Do rate helpful posts

What is a "logged in user" on the "Active Sessions" report in CF8 Server Monitor?

I was looking at the Active Sessions Report (The Chart View) and saw I have more "logged in users" than "active sessions".
I had expected them to be nearly the same.    It's on our Intranet where I log users in (using cflogin and cfloginuser) at the begining of their session and users should be logged when the session ends.
I couldn't find a detailed explaination of what a "logged in user" means.   There is a chance that the same user is logged into a nested application as well as the Intranet, but I don't think that is what I'm seeing.
I also don't see a way to get a list of what CF is counting as a logged in user. I can only see a way to get the total count.
Any help is appreciated.
Thanks,
Jeff

Thank you Michael for the reply, but I don't think that is the issue.
When a user opens their browser on the intranet, a session begins and they are logged in (using the cflogin and cfloginuser).    If they close their browser, the session should hang around for 20 min. (per the server setting).   I am assuming this is still considered an "Active Session" since I can see this behavior in the report.
At first, the Active Sessions and Logged In Users are exactly the same.   When the sessions start to time out, the active sessions are reduced, but the Logged In Users remain the same.    Then, after a while, they start to move together. So I have more Logged In Users than Active Sessions.
I left the Server Monitor open last night and for most of the night, I had 0 sessions, but 57 "logged in users".   This morning, as people opened their browsers, the Active Sessions and Logged In Users moved together.   The gap of 57 looks consistent.
It looks like people are remaining logged in after their session ended.
I am really looking for a detailed explaination of "active session" and/or "logged in user" as used in the server monitor. It would be really nice to find a way to list the details about each item counted in the "logged in user" and not just the total count.
Thanks Again for your reply.
jsm

Monitor Activity - Active Sessions : Not displaying all sessions

I'm encountering an issue whereby the active sessions are not being listed in the Monitor Activity -> Active Sessions screen.
However, the number of Active Sessions is being displayed.
Any ideas?

Hi Dave,
I think there's some confusion here. The select list right after the label Display is for you to select the maximum number of rows you want to display on the report. The actual number of sessions in the report will be shown below.
I did this just now on apex.oracle.com. I chose a value of 15 (the default) for Display. And at the split second that I clicked Go, there were only 4 active database sessions - and the pagination label at the bottom of the report was "1 - 4", which was correct.
I just think you're misinterpreting Display.
Joel

UCCX Agent Desktop v.7 taking over Windows active session when phone rings

I'm trying to figure out how (if possible) for the Cisco UCCX Agent Desktop application from taking over a users Windows session every time the phone rings. This is very annoying and takes the end user out of what ever application they are currently in whenever their phone rings. Does anyone know how to change this?

Hi Eric,
Maybe this is better
Miscellaneous tab options.
Option Description
Window Behavior Specify how you want the Agent Desktop window to
behave:
• Normal. The window appears when calls are
present and minimizes when idle.
• Keep Open. The window is always visible, but may
be hidden by other open applications.
• Always on Top. The window is always visible and on
top of other open applications.
• Stealth. The window appears as an icon in the
system tray.
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/cad_enterprise/cadenterprise7_0/user/guide/cda700ug.pdf
Cheers!
Rob

CISCO ACS, How to Limit User Session ?

Hi Guys,
hope you would help me,
how to limit the user session in ACS 5.x ?
i'm aware the menu on
Access Policies >Max User Session Policy > Max Session Group Settings
i already set the global value to 1, Max Session for User in Group to 1, and Max Session for Group to 1.
so it means the user only could open 1 connect at the same time right?
the problem, it didn't works.
i had 1 ACS 5.5
2 CISCO Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T13, RELEASE SOFTWARE (fc3)
(let's call it R1 and R2 )
i'm trying to telnet both of them at the same time, and it works ( it means the session limit didn't works, cmiiw )
i already include :
radius-server attribute 44 include-in-access-req
radius-server host 192.168.217.98 auth-port 1645 acct-port 1646 key somekey
on the line vty :
accounting connection acs
login authentication acs
am i missing something?
also, is this feature works on tacacs+ too?
Thanks,

Dash,
You can leverage the group mapping feature where members of a certain AD group are mapped to a local group in ACS with the max sessions defined.
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-3/user/guide/acsuserguide/access_policies.html#pgfId-1162308
Thanks,
Tarik Admani

Autheticating useing Cisco ACS 4.2 integrated with Active Directory 2003

How do i check that users are Autheticated useing Cisco ACS 4.2 integrated with Active Directory 2003, any one help me in this thanks

You can't actually see the user's membership from ACS. All you can do, create group-mapping under external database >> group mapping section. This would give you an option to map external (AD) group with an Internal group.The group memberrship need to be modified under Active Directory.
Once user is succussfully authenticated and learned as a dynamic user in ACS user setup database, it would be mapped with an ACS internal group based on group mapping we did.
Let me know if you have any doubts.
Regards,
Jatin

Cannot deploy EAR. There are already active sessions

Hi WebDyn Pro's,
I'm running NW SP14
Sporadically, I cannot deploy my WebDynpro app to the NW server. In NWDS, I indicate to Deploy and run. I get an error in the console indicating:
<b>"Cannot log in. There are already active sessions. Session id 0 An administrator logged in via API /"</b>
I restarted the server and the NWDS workstations but that didn't help. I've had this same error in the past. Usually it goes away. I thought I solved it, but evidently not.
On the NW server, I cannot log into SDM GUI either. I get the same error.
As mentioned above, this error occurs sporadically. I can deploy just fine 50 times. And then all of sudden I start getting this error, even though no one has touched the server.
Thoughts?
Thanks,
Kevin

Hi,
Have you checked if anyone else is actually using SDM to deploy?
There are some quite significant deployment tasks that my basis team perform which will occupy the SDM tool for a long time and stop me and my other developers from deploying anything.
I've also caused this problem myself when my SDM deployment has stalled - I've been deploying a custom B2B .ear file and the deployment has just got stuck in processing for ages. In the end I've had to kill the SDM task from Windows Task Manager but this causes SDM to think someone is still logged in so I've then had to restart the SDM service from the SAP Management Console.
If this is not the case I'd suggest raising it through OSS if you can't find any relevant messages on there.
Hope this helps,
Gareth Ryan.

ORA-12721: operation cannot execute when other sessions are active

Hi,
I started my DB like following :
1) Change INIT.ORA file; unset parallel_server parameter.
2) Execute these commands:
STARTUP MOUNT ;
ALTER SYSTEM ENABLE RESTRICTED SESSION;
ALTER SYSTEM SET JOB_QUEUE_PROCESSES=0;
ALTER SYSTEM SET AQ_TM_PROCESSES=0;
ALTER DATABASE OPEN;
SHUTDOWN IMMEDIATE;
SQL> STARTUP RESTRICT pfile='C:\oracle\product\10.2.0\db_1\database\initORCL.ora';
ORACLE instance started.
SQL> alter database national character set INTERNAL_CONVERT UTF8;
alter database national character set INTERNAL_CONVERT UTF8
ERROR at line 1:
ORA-12721: operation cannot execute when other sessions are activeWhy this error when DB is opened in strict and I'm the only user ?
SQL> select count (*) from v$session;
COUNT(*)
20Any solution ?
Thank you.

Hi
This operation is dangerous, please ensure that you have a full backup before doing that operation.
Please use that order :
SHUTDOWN IMMEDIATE;
-- make sure there is a database backup you can rely on, or create one
STARTUP MOUNT;
ALTER SYSTEM ENABLE RESTRICTED SESSION;
ALTER SYSTEM SET JOB_QUEUE_PROCESSES=0;
ALTER SYSTEM SET AQ_TM_PROCESSES=0;
ALTER DATABASE OPEN;
ALTER DATABASE CHARACTER SET <new_character_set>;
-- a alter database takes typically only a few minutes or less,
-- it depends on the number of columns in the database, not the
-- amount of data.
SHUTDOWN;
Please note that :
The command requires the database to be
open but only one session, the one executing the command, is allowed.
For the above error conditions Oracle9i will report one of the errors:
ORA-12719: operation requires database is in RESTRICTED mode
ORA-12720: operation requires database is in EXCLUSIVE mode
ORA-12721: operation cannot execute when other sessions are active
Oracle9i can also report:
ORA-12718: operation requires connection as SYS
if you are not connect as SYS (INTERNAL, "/ AS SYSDBA").
Let us know if this helps.
regards,
Hub
Edited by: Hub on Dec 10, 2008 1:22 PM

Sp_who2 -need only active sessions from users which are not the background sessions

Hello,
sp_who2 -need only active sessions from users which are not the background sessions
Please assist.
Best regards,
Vishal

Its better to use DMV's to view only active sessions from users (spid>50) as mentioned by Shanky.
You can do that using sp_who2 but it requires a bit of programming to list only user sessions.
SELECT
S.SESSION_ID,
S.STATUS,
S.HOST_NAME,
C.CLIENT_NET_ADDRESS,
CASE WHEN S.LOGIN_NAME = S.ORIGINAL_LOGIN_NAME THEN S.LOGIN_NAME ELSE S.LOGIN_NAME END LOGIN_NAME,
S.PROGRAM_NAME,
C.CONNECT_TIME,
S.LOGIN_TIME,
CASE S.TRANSACTION_ISOLATION_LEVEL
WHEN 0 THEN 'UNSPECIFIED'
WHEN 1 THEN 'READUNCOMITTED'
WHEN 2 THEN 'READCOMMITTED'
WHEN 3 THEN 'REPEATABLE'
WHEN 4 THEN 'SERIALIZABLE'
WHEN 5 THEN 'SNAPSHOT'
ELSE CAST(S.TRANSACTION_ISOLATION_LEVEL AS VARCHAR(32))
END AS TRANSACTION_ISOLATION_LEVEL_NAME,
S.LAST_SUCCESSFUL_LOGON,
S.LAST_UNSUCCESSFUL_LOGON,
S.UNSUCCESSFUL_LOGONS,
S.CPU_TIME AS CPU_TIME_MS,
S.MEMORY_USAGE AS MEMORY_USAGE_PAGES,
S.ROW_COUNT,
S.PREV_ERROR,
S.LAST_REQUEST_START_TIME,
S.LAST_REQUEST_END_TIME,
C.NET_TRANSPORT,
C.PROTOCOL_TYPE,
S.LANGUAGE,
S.DATE_FORMAT,
ST.TEXT AS QUERY_TEXT
FROM
SYS.DM_EXEC_SESSIONS S
FULL OUTER JOIN SYS.DM_EXEC_CONNECTIONS C ON C.SESSION_ID = S.SESSION_ID
CROSS APPLY SYS.DM_EXEC_SQL_TEXT(C.MOST_RECENT_SQL_HANDLE) ST
WHERE
S.SESSION_ID IS NULL
OR S.SESSION_ID > 50
ORDER BY
S.SESSION_ID
-Prashanth

Cisco ACS 5.4 patch 6

Hi Everyone,
I have a Primary Cisco ACS, called CiscoACS1, version 5.4 patch 6 with an IP address of 1.1.1.1/24 and a Secondary ACS, called CiscoACS2, version 5.4 patch 6 with an IP address of 1.1.1.2/24.
Connectivity between them is ok, same subnets. I register CiscoACS2 with CiscoACS1 and everything is working fine, including Active Directory. Both of these ACSes are used to authenticate my network devices.
Every time I use the webUI to log into the Secondary ACS (https://CiscoACS2), I can see that the CiscoACS2 is synced with CiscoACS1, the status is always "UPDATED"
However, if I webUI into the Primary ACS (https://CiscoACS1), I always see CiscoACS2 as "pending".
I've tried to do "full replication" and eventually it will show up as "UPDATED" but a few hours later, it will show up as "PENDING".
Anyone knows why? Is this a "bug"?
Thanks in advance.

Hi,
If replication status on ACS1 GUI is showing pending then you know, full replication happens over the Sybase DB TCP port 2638, so your port need to be open in firewall.

Scalability Issues - Too Many Active Sessions?

Hello,
I'm having an issue with an application I built for one of the campuses at the college I work at. The application is a queuing system where there are stations for students to check in, admin stations where staff can see these students and "call" them, and displays outside each employees office that shows the student that was called. There are about 20 of these last type of display panels. I have the following code in my page footer to poll the DB for the most recent called student for a specific room:
<script type="text/javascript">

</script>The OnDemand process, F_NEXT_STUDENT runs the following query and returns the result:
select a.FIRST_NAME || ' ' || a.LAST_NAME
into   full_name
from   ONESTOP_QUEUE a
where a.WORKSTATION_ID_CALLED = in_workstation_id
and    a.STATUS = 'CALLED'
and    a.QUEUE_ID = (
   select min( c.QUEUE_ID )
   from   ONESTOP_QUEUE c
   where c.WORKSTATION_ID_CALLED = in_workstation_id
and    c.STATUS = 'CALLED');However, when all of these display panels are turned on (and I use code like this in other pages for similar purposes) the application becomes sluggish and eventually unresponsive. At first we had the application running off a box with Oracle XE. We eventually migrated to a full blown 11g install with APEX Listener and GlassFish. My DBA says everything looks ok on the DB side so I've been trying to dig in other areas to see where the bottleneck may be. After inspecting the Active Sessions report in APEX, I saw that there's a ton of connections being generated (> 30,000). This doesn't seem like a good thing to me and I'm trying to figure out what I'm doing wrong.
At first I was using $.post() instead of $.()get. I was also using setInterval() instead of a setTimeout() loop. However, none of these changes seemed to really help the situation much. I'm at a loss for how else to improve the performance of this application. Any suggestions on what I can try?
Most of the app's functionality is on apex.oracle.com
WORKSPACE: SCCC_TEST
USER/PASS: TEST/test
Direct URL to the page (I pass in the worksation ID): http://apex.oracle.com/pls/apex/f?p=65890:7:0::::P7_WORKSTATION_IN:ADMISSIONS_1
Thanks in advance for any help.

Hi Patrick,
UPDATE as of 3PM Eastern:
This afternoon all users lost the ability to connect to the application. My DBA is still reviewing logs but it seems that the error isn't on the DB side. The application came back up after he restarted the Apex listener. We found a bunch of the following error in the Glassfish server.log file:
[#|2013-02-25T14:34:39.021-0500|WARNING|oracle-glassfish3.1.2|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=11;_ThreadName=Thread-2;|GRIZZLY0023: Interrupting idle Thread: http-thread-pool-80(73).|#]The max threads is currently set to 100.
After we came back up I went to page 4350:45 and cleared out all sessions. After a couple minutes I rechecked the number of sessions on this page:
Total Sessions: 27,674
Distinct Users over all sessions = 2
Sessions older than 15 minute(s) = 4Seems like way too many sessions to have after just a couple minutes.
End UPDATE
Again, thank you for taking the time to reply. Everything seems to be working fine for the past couple days, but I figured I'd provide some current data, especially since I'm still curious about all these "sessions".
Are we talking about page 4350:45 which shows the following information
Total Sessions: 9
Distinct Users over all sessions = 4
Sessions older than 1 day(s) = 0
Where does it show 17,400 sessions for you? It almost appears that your daily APEX jobs are not running which do normally purge old APEX sessions automatically. See http://docs.oracle.com/cd/E37097_01/doc/doc.42/e35129/dbms_jobs001.htm
Yes, this was the page I was referring to. I just checked it now and it showed me the following:
Total Sessions: 10,236
Distinct Users over all sessions = 2
Sessions older than 1 day(s) = 0And it does appear that the APEX jobs are running since there are no sessions older than 1 day... unless I'm interpreting this information incorrectly.
Also, I was able to get some more data regarding page loading using the Debug info:
14763     7751818952614     nobody     101     7     show     46     4 seconds ago     0.0000
14760     7751818952614     nobody     101     7     show     46     9 seconds ago     0.5300
14757     7751818952614     nobody     101     7     show     46     14 seconds ago     0.0150
14754     7751818952614     nobody     101     7     show     46     19 seconds ago     0.0160
14751     7751818952614     nobody     101     7     show     46     24 seconds ago     0.0160
14748     7751818952614     nobody     101     7     show     46     29 seconds ago     0.0160
14745     7751818952614     nobody     101     7     show     46     34 seconds ago     0.0160
14742     7751818952614     nobody     101     7     show     46     39 seconds ago     0.0160
14739     7751818952614     nobody     101     7     show     46     44 seconds ago     0.0160
14736     7751818952614     nobody     101     7     show     46     49 seconds ago     0.0160
14733     7751818952614     nobody     101     7     show     46     54 seconds ago     0.0160
14730     7751818952614     nobody     101     7     show     46     59 seconds ago     0.0000
14727     7751818952614     nobody     101     7     show     46     64 seconds ago     0.0160
14724     7751818952614     nobody     101     7     show     46     69 seconds ago     0.0160
14721     7751818952614     nobody     101     7     show     46     74 seconds ago     0.0160
14718     7751818952614     nobody     101     7     show     46     79 seconds ago     0.0160
14715     7751818952614     nobody     101     7     show     46     84 seconds ago     0.0150
14712     7751818952614     nobody     101     7     show     46     89 seconds ago     0.5300
14709     7751818952614     nobody     101     7     show     46     94 seconds ago     0.0000
14706     7751818952614     nobody     101     7     show     46     99 seconds ago     0.0150
14703     7751818952614     nobody     101     7     show     46     104 seconds ago     0.0150
14700     7751818952614     nobody     101     7     show     46     109 seconds ago     0.0150
14697     7751818952614     nobody     101     7     show     46     114 seconds ago     0.0150
14694     7751818952614     nobody     101     7     show     46     119 seconds ago     0.0160
14691     7751818952614     nobody     101     7     show     46     2 minutes ago     0.5310
14688     7751818952614     nobody     101     7     show     46     2 minutes ago     0.5300
14685     7751818952614     nobody     101     7     show     46     2 minutes ago     0.5150
14682     7751818952614     nobody     101     7     show     46     2 minutes ago     0.5300
14679     7751818952614     nobody     101     7     show     46     2 minutes ago     0.5300
14676     7751818952614     nobody     101     7     show     46     2 minutes ago     0.5300
14673     7751818952614     nobody     101     7     show     46     3 minutes ago     0.0000
14670     7751818952614     nobody     101     7     show     46     3 minutes ago     0.5930
14667     7751818952614     nobody     101     7     show     46     3 minutes ago     0.5300
14664     7751818952614     nobody     101     7     show     46     3 minutes ago     0.5460So I'm seeing a page load time of ~0.016 or ~0.53. When I click on the details for one of the longer page view, I get the following:
0.00000     0.00000     S H O W: application="101" page="7" workspace="" request="APPLICATION_PROCESS=F_NEXT_STUDENT" session="7751818952614"     4
0.00000     0.04700     Reset NLS settings     4
0.04700     0.03100     alter session set NLS_LANGUAGE="AMERICAN"     4
0.07800     0.03100     alter session set NLS_TERRITORY="AMERICA"     4
0.10900     0.01600     alter session set NLS_CALENDAR="GREGORIAN"     4
0.12500     0.03100     alter session set NLS_SORT="BINARY"     4
0.15600     0.00000     alter session set NLS_COMP="BINARY"     4
0.15600     0.00000     ...NLS: Set Decimal separator="."     4
0.15600     0.00000     ...NLS: Set NLS Group separator=","     4
0.15600     0.00000     ...NLS: Set g_nls_date_format="DD-MON-RR"     4
0.15600     0.00000     ...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"     4
0.15600     0.03100     ...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"     4
0.18700     0.00000     NLS of database and client differs, characterset conversion needed     4
0.18700     0.01600     ...Setting session time_zone to -05:00     4
0.20300     0.03100     Reset NLS settings     4
0.23400     0.03100     alter session set NLS_LANGUAGE="AMERICAN"     4
0.26500     0.01600     alter session set NLS_TERRITORY="AMERICA"     4
0.28100     0.03100     alter session set NLS_CALENDAR="GREGORIAN"     4
0.31200     0.03100     alter session set NLS_SORT="BINARY"     4
0.34300     0.00000     alter session set NLS_COMP="BINARY"     4
0.34300     0.00000     ...NLS: Set Decimal separator="."     4
0.34300     0.00000     ...NLS: Set NLS Group separator=","     4
0.34300     0.00000     ...NLS: Set g_nls_date_format="DD-MON-RR"     4
0.34300     0.00000     ...NLS: Set g_nls_timestamp_format="DD-MON-RR HH.MI.SSXFF AM"     4
0.34300     0.01600     ...NLS: Set g_nls_timestamp_tz_format="DD-MON-RR HH.MI.SSXFF AM TZR"     4
0.35900     0.03100     ...Setting session time_zone to -05:00     4
0.39000     0.03100     Setting NLS_DATE_FORMAT to application date format: DD-MON-YYYY HH:MIPM     4
0.42100     0.01600     Setting NLS_TIMESTAMP_FORMAT to application timestamp format: DD-MON-YYYY HH:MIPM     4
0.43700     0.03100     Setting NLS_TIMESTAMP_TZ_FORMAT to application timestamp time zone format: DD-MON-YYYY HH:MIPM     4
0.46800     0.00000     ...NLS: Set g_nls_date_format="DD-MON-YYYY HH:MIPM"     4
0.46800     0.00000     ...NLS: Set g_nls_timestamp_format="DD-MON-YYYY HH:MIPM"     4
0.46800     0.00000     ...NLS: Set g_nls_timestamp_tz_format="DD-MON-YYYY HH:MIPM"     4
0.46800     0.00000     NLS: wwv_flow.g_flow_language_derived_from=0: wwv_flow.g_browser_language=en     4
0.46800     0.00000     Application 101, Authentication: PLUGIN, Page Template: 61331314513900454147     4
0.46800     0.00000     Authentication check: No Authentication (NATIVE_DAD)     4
0.46800     0.00000     ...fetch session state from database     4
0.46800     0.01600     fetch items (exact)     4
0.48400     0.00000     ... sentry+verification success     4
0.48400     0.00000     ...Session ID 7751818952614 can be used     4
0.48400     0.01500     ...Application session: 7751818952614, user=nobody     4
0.49900     0.03100     ...Setting session time_zone to -05:00     4
0.53000     0.00000     Session: Fetch session header information     4
0.53000     0.00000     Run APPLICATION_PROCESS= request     4
0.53000     0.00000     ...Execute Statement: begin sys.htp.p( F_NEXT_STUDENT( in_workstation_id => apex_application.g_x01 ) ); end;     4
0.53000     0.00000     Stop APEX Engine detected     4
0.53000     -     Final commit     4Again, not sure if I'm reading this correctly but it seems that the steps that are taking the most time seem to be related to NLS settings... and I have translating turned off. This is consistent with all of the longer page views. As a side note, my DBA did turn archive log mode back on this weekend.
Again, everything seems to be running smoothly at the moment so the above data is more to help satisfy my curiosity about the inner workings of Apex.
Regards,
Tadeusz
Edited by: tdsacilowski on Feb 25, 2013 3:04 PM

[Forum FAQ] Restrict number of Active Sessions in RDS 2012 and 2012 R2

As everyone knows with the introduction of Windows Server 2012 & 2012 R2, there are various changes and no more availability for RDSH configurations or Remote Desktop Service Manager;
now we can manage all the settings under Server Manager and group policy.
Configuration 1: Remote Desktop Timeout settings:
Here, we will see the Remote Desktop timeout settings. You can maintain the settings under below mention path (Figure 1 and Figure 2).
Open the
Server Manager, select Remote Desktop Services.
In Remote desktop Services, in right side you can drop down to
collections.
Select the
collection which you want to edit the settings.
Under
collections Properties, select Task and then Edit Properties.
In Properties dialog box, select
Session.
You can find all the
timeout settings under session collection properties; edit according to your requirements and then
OK.
Figure 1: Selecting Collection Properties
Figure 2: Configuring screen for Timeout and reconnection Settings
Group policy setting:
The same settings can also be applied by Group Policy.
You can also configure timeout and reconnection settings by applying the following Group Policy settings, you can check the figure 3 for graphical view.
Set time limit for disconnected sessions
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
End session when time limits are reached
In addition to this another group policy available with the help of which you can bale to set time limit for logging off the RemoteApp according to our desired time. This setting
can be applied with addition to above mentioned policy.
Set time limit for logoff of RemoteApp Sessions
These Group Policy settings are located in the following locations:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
These Group Policy settings can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC).
Note:
These Group Policy settings will take precedence over the settings configured in Remote Desktop Session Host Configuration. If both the Computer Configuration and the User Configuration policy
settings are configured, the Computer Configuration policy settings take precedence.
Figure 3: Group Policy for setting Timeout and reconnection setting
Configuration 2:
Restrict & Enable user to a single & multiple session
Under Windows Server 2012 & 2012 R2, there is no specific setting under RDP-TCP as it is not available.
Restrict User to Single session:
To restrict the user to single session (Disable Multiple RDP Session) you can configure the setting under group policy (Figure 4).
Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections
Restrict Remote Desktop Services users to a single Remote Desktop Services session     Enabled
Figure 4: Group policy for Restrict user to Single session
Enable user to multiple session:
To enable the user to multiple session you can configure the setting under below (Figure 5).
Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections
Restrict Remote Desktop Services users to a single Remote Desktop Services session     Disabled
Figure 5: Group Policy for Enable user to Multiple Session
In addition you can also edit the registry setting for allowing multiple RDP session as per below (Figure 6).
HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\Terminal Server
fSingleSessionPerUser     REG_DWORD     0x00000000
Note: By default the registry value is set to 1, but you need to change to 0.
Figure 6: Display the registry settings
Also you can edit the policy “Limit number of connections” and set RD Maximum collection as per your company
requirements (Maximum limit: 999999) for above mention group policy path (Figure 7).
Figure 7: Group Policy for Limit number of Connections
Apart from this, if you have not specified any policy or registry setting and still you want to restrict the new session, then in Windows Server 2012 & 2012 R2 there is option where you
need to follow below steps (Figure 8 and Figure 9).
Right click a Remote Desktop Session Host in specified location of Host Server and select “Do not allow new connections”.
After clicking that it will ask you for your confirmation, click yes and no new connection will be allowed.
Figure 8: Setting displaying “Do not allow new connections”
Figure 9: Confirmation popup
RD Gateway Connection Properties:
If you have deployed RD Gateway under your environment you can also limit the number of simultaneous connections through RD Gateway by configuring
policy under RD Gateway Manager. For this you need to follow below mention path.
Open RD Gateway Manager, select the server which you want to modify.
Right click Properties.
Under General Tab
-Limit maximum allowed simultaneous
connections to:Specify the number of connection you want to able to provide connection.
-Allow the maximum
supported simultaneous connections:This
setting will allow maximum supported connections at a time.
-Disable new connections:This
setting will not allow new connections through RD Gateway but Active connection will not be automatically disconnected.
Select the option as per requirement which able to allow the connection
Figure 10: Connections setting under RD Gateway Manager
Configuration 3: Configure keep-alive connection interval
As per above mention in initial post you can able to change the setting for Keep alive connection interval. In addition to this also verify the
registry setting must be set as per following (Figure 11 and Figure 12).
HKEY_Local_Machine \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ Terminal Services
KeepAliveEnable       REG_DWORD           0x00000001 (1)
KeepAliveInterval
REG_DWORD           0x00000001 (1)
Figure 11: Group Policy setting for Keep alive
Figure 12: Registry setting for keep alive
If you need further assistance, welcome to post your questions in our
Remote Desktop Services (Terminal Services) forum.
If you would like to achieve this in Windows Server 2008 or Windows Server 2008 R2, please move on to the next post.

Applies to Windows Server 2008 and Windows Server 2008 R2
Configuration 1: Remote Desktop Timeout settings:
1. Open the property dialog for RDP-Tcp connection in Remote Desktop Services Manager.
2. In the Sessions tab, you can configure the following settings:
Active Session Limit
Idle session limit
Action when session limit is reached or connection is broken
End a disconnected session
Additionally, you can configure the settings with the help of Group Policy also by below mention path.
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Configuration 2: Restrict each user to a single session
By using this configuration or policy setting, each user can only maintain one session to the certain terminal server; when another session is started by the same user, the original one will
lose the connection. In that way, the total number of possible active sessions won’t exceed the total remote users. You can implement this as below mention steps.
Remote Desktop Host (RDP-Tcp) configuration:
Edit Settings – Restrict each user to a single session: Yes
Group Policy: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop
Services (Terminal Services)\Remote Desktop Services Session Host (Terminal Server)\Connections\
Restrict Remote Desktop Services (Terminal Services) users to a single remote session:    Enabled
Configuration 3: Configure keep-alive connection interval
By specifying the minutes that the TS holds a remote session actually disconnected, the server will detect the session status after each period. The session that are actually offline will
be changed to disconnected status:
Group Policy:
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services (Terminal Services)\Remote Desktop Services Session Host (Terminal Server)\Connections\
Configure keep-alive connection interval:         Enabled and Specify the Value
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

Cisco ACS 4.2.1 authentication problem

We are using cisco ACS 4.2.1 on windows 2003 to authenticate with windows 2003 Actice Directory. We have update Active directory server windows 2008 version. We have checked the configuration of ACS on windows database and no problem but we can't see in ACS dynamic user. I have authentication problem ACS 4.2.1 to Windows 2008 R2 active directory.

Hi there,
There is a section in the ACS 4.x where you can define if the ACS should show the dynamic users or not, make sure that this option is unchecked, for this go to External User Databases/Unknown User Policy/Configure Caching Unknown Users
Also if you are facing authentication issues with ACS 4.x and Windows 2008 R2, you may want ready my previous answer.
Let me know if this helps.

Cisco ACS 5.3, Active Sessions are over limit e-mail alert.

Similar Messages

Maybe you are looking for