Cisco ISE 1.2 Patch 8 with Roaming User Profiles

Similar Messages

• Need help with roaming user profiles, home folder on server - symptoms after Windows reinstall on workstation

  Hello. I have deployed roaming user profiles in our home office. We are using Windows Server 2012 on our datacenter computer, which has a partition with all our home directories. All was working beautifully for quite some time.
  I re-installed Windows 8.1 Pro on my laptop. I am able to log in to my profile from the new installation.
  The problem that has started happening seems to be some sort of permission problem with my home directory, but I am not sure how to go about diagnosing it. I haven't changed anything in the policies or remote profiles.
  The symptoms:
  When I try to run an installation program from my documents/downloads/desktop (remote) folders, UAC asks for the administrative credentials as expected, and then I am asked to enter my user credentials. If I do so, I sometimes get a message about duplicate
  connections to a share, and the installation program does not execute. "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or
  shared resource and try again." I am confused, because I am entering credentials for the same user name as the one I am logged in with.
  To work around, I have to copy the executable to a folder on my workstation hard drive and run it from there.
  Another symptom is when I download anything from the internet, chrome will reflect a "Failed - Download error" message with the download. If I re-attempt the same download several times, eventually it will succeed. This appears to be due to my
  downloads folder being on the remote computer.
  I am looking for any guidance on how to remedy these symptoms. I suspect there must be a setting I have forgotten to change in the local computer, because nothing has changed on the server since it was operating properly.
  Thank you for your time.

  Hi Exintrovert,
  Thanks for posting here.
  According to your discription above, you can check the microsoft artical as below:
  https://support.microsoft.com/en-us/kb/938120/
  Would you please have a try the work around in the artical and then let us know the update?
  Looking forward to your feedback.
  Best Regards,
  Elaine 
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Windows 7 Themes will not Roam with Roaming User Profiles

  Hi,
  If I install a theme pack from the Microsoft Personalization website, it will install on the PC I am currently using. However, if I log onto another PC, the theme will not roam. I mean the wallpaper collection, the sounds, the screensaver, and the window
  color. I am using a GPO to delete user profile on logoff, and I am using folder redirection.
  Any help would be greatly appreciated.

  Hi,
  Could you please tell more details about the GPO which was set to delete user profile on logoff? Are we in a domain environment?
  Before going further, please run gpresult /v on a command line with the admin rights and then post back the result.
  If I understand rightly, the user logged on with a newly created profile every time as there is no user profile settings(deleted every time on logoff) for the user to load.
  As the user profile settings is deleted, any changes made are no more available.
  Best regards
  Michael Shao
  TechNet Community Support

• Using Dreamweaver without roaming user profiles.

  In the college I work at, we have a single Windows R2 2008 domain of consisting of hundreds of Windows 7 workstations that students use to do their work.
  Due to various network performance issues, last year we stopped using roaming user profiles for both staff and students, and instead use home directory redirection for things like desktop content and favorites. But we have hit a problem with the Dreamweaver CS5.5 application. Students using it are said to be having to repeatedly set up Dreamweaver connections to the same FTP server, in effect re-configuring Dreamweaver after login before they can use it.
  I've not had any confirmation from Adobe, but it appears that because roaming profiles are not being used, the local profiles that Dreamweaver saves settings to is resulting in students having to re-configure settings whenever they log into a computer.
  Is there a way that Dreamweaver can be forced, via a group policy or other means, to save/load its settings to/from the home directory of a user so that the user can then log into any computer on the domain and the Dreamweaver application will automatically load its saved settings for that user?

  Setting the Roaming profile is a Computer configuration
  Setting the Exclusions is a User Configuration.
  Hopefully you are applying the Computer configuration to an OU with Computer objects and the User Configuration to an OU that contains the User objects?
  Is loopback processing affecting an of the OU's that are parents of the Computer objects OU (or the child OU itself?)
  If you are not restarting the computer, then your profile will remain locked and user settings will not be able to write to the registry to change the location.
  Have you:
  enabled the user exclusions
  gpupdate /force
  reboot the computer
  login
  I know under some circumstances profile redirection/roaming can take two reboot cycles to apply correctly.
  Can you run the Group Policy Result Wizard from GPMC for the correct user and computer to ensure your policies are applying as you think they are?
  MCSA Server 2008 MCITP Server 2008 Administrator MCITP Enterprise Desktop Support on Windows Vista CompTIA A+

• Mac: With my user profile, it is not possible for me to announce me to the Creative Cloud, with a different user profile, it goes without problems.

  With my user profile, it is not possible for me to announce me to the Creative Cloud, with a different user profile, it goes without problems. Creative Cloud Desktop has been uninstalled and reinstalled. There is no error message.

  john beardsworth wrote:
  John Waller wrote:
  However, Adobe will soon introduce Cloud only features into Lightroom CC for which LR6 (perpetual license) owners will have to wait until LR7 (paid upgrade).
  That is possible, John, but it is only speculation on your part. Might, not will.
  kwdaves wrote:
  There is a "Lightroom 6" upgrade available for US $79 if you have a valid license for any of the earlier versions. From what I can tell, the only difference between Lightroom 6 Full, Lightroom 6 Upgrade and LightroomCC is in the license. The download file is the same.
  Other differences - with CC you get LrMobile/LrWeb and they throw in a free copy of Photoshop too.
  Yes, but when I bought my standalone license and clicked on the "Download" button it took me to the LightroomCC page. The downloaded file is named Lightroom 6, but in the CC app the installed program is LightroomCC (2015).

• Cisco ISE 1.2 Patch 6 -- 8 Update failed

  Hi all,
  I wanted to know if any bugs was registered for the cumulative patch 8 for Cisco ISE 1.2 and how to mitigate any patch failures.
  Important notice : I though that this error could be an unlucky try but i've tested the update two time.
  Indeed, i have three deployment : A Pre-production one, a 4 nodes distributed and a 2 nodes distributed.
  The patch works fine on the pre-production one, on the 2 nodes too but fails on the 4 nodes one with a very anormal behaviour.
  On the "show nodes status" in Maintenance - Patch manage, i can see that my both PAN are successfully patched and the first PSN too but when the "Patch in progress" appears on the second PSN, the "installed" status is cancelled in the first PSN and become "Patch in progress" so i've two "Patch in progress" in parallel, that is an anormal procedure not discribed by Cisco on the document "Installing a software Patch". (wich discribe a sequential update of all nodes)
  The symptoms after this error are :
  - Unable to process EAP-TLS authentications ! (CA are stored on the First PAN and seems to be unavailable from PSN to exchange the handshake)
  - The Application server try to restart but fails indefinitly even if i try to restart the node (on both PSN)
  - GUI Unavailable
  - MAB Auth is working
  - Endpoint and Endpoint Groups menus are missing on the GUI (I push the MAC Address through the ERS API but it is very strange)
  - Logs indicates one first "Patch success" on PAN and a second "Patch failed" still on PAN :(
  The task that resolves this issue is to launch the command "patch remove ise 8" on all nodes and everything come back functional.
  My big interrogation is that on my two other deployment, the patch was successfull and quick to process.
  Thanks for your help.

  This is that i did abviously... but the two PSN stay in status "Node down", the application service won't start correctly with these ADE-OS logs entries :
  2014-05-28T10:26:30.023223+00:00 XXXXXXX  logger: info:[application:operation:appservercontrol.sh] Starting ISE Application Server...
  2014-05-28T10:26:30.311676+00:00 XXXXXXX  logger: Loading PKCS11 ...
  2014-05-28T10:26:30.978432+00:00 XXXXXXX  logger: SLF4J: Class path contains multiple SLF4J bindings.
  2014-05-28T10:26:30.978454+00:00 XXXXXXX  logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/slf4j-log4j12-1.5.8.jar!/org/slf4j/im
  pl/StaticLoggerBinder.class]
  2014-05-28T10:26:30.978502+00:00 XXXXXXX  logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/com.cisco.xmp.osgi.slf4j-log4j12-1.5.
  8.PATCHED.jar!/org/slf4j/impl/StaticLoggerBinder.class]
  2014-05-28T10:26:30.978509+00:00 XXXXXXX  logger: SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
  2014-05-28T10:26:31.638970+00:00 XXXXXXX  logger: log4j:WARN No appenders could be found for logger (com.cisco.epm.config.cache.impl.ConfigCacheImpl).
  2014-05-28T10:26:31.638992+00:00 XXXXXXX logger: log4j:WARN Please initialize the log4j system properly.

• Cisco Aironet and Apple Airport - Pb with roaming

  Hello,
  I'm having a problem with roaming between one Cisco Aironet 1232AG AP and one Airport Extreme basestation. Both AP are on the same subnet, hidden network and WEP 40bits.
  0->Cisco->Apple->Cisco->....... works fine
  0->Apple->Cisco doesn't works
  0-> means Pwk restarted
  Any clues?
  Thanks

  No. I tried with both AP on the same channel or on a different channel same issue. Also, same problem with WEP 128bits. However the issue disappears with WPA personal (TKIP or AES-CCMP)

• Cisco Unified MeetingPlace 8.5 with WebEx - User Profile Deletion

  Hi all,
  I'm running Cisco Unified MeetingPlace 8.5 with WebEx. In the WebEx administration page, I'm unable to delete any users and I'm only able to set them to be "Inactive". There's no function to delete them. Searching the web for answers only tells me that i'm unable to delete and only able to set it to be inactive. Has this changed with any recent releases / updates?

  Here is more information about User Profile restrictions in WebEx Scheduling/WebEx Managed Users deployments:
  http://docwiki.cisco.com/wiki/Cisco_Unified_MeetingPlace_Release_8.5_--_Choosing_a_WebEx_Deployment_for_Cisco_Unified_MeetingPlace_Release_8.5#User_Profile_Restrictions_for_Cisco_WebEx_Scheduling.2C_Mixed_Meetings
  -Dejan

• Can I share my address book with other user profiles on my computer?

  My wife and I both logon to our iMac with different user accounts. However, we know all the same people and would like to share the contents of the Address Book. How do we go about this so that if I add a person to the address book, that my wife will see it when she gets on with her account?
  Thanks.

  I realize yours was a suggestion to investigate & not a recommendation, but I wanted to point out some of the method's potential problems in case it was taken as the latter.
  Should anyone decide to take the safer option of sharing vCards manually, they can make the procedure easier by creating a shared folder in Users/Shared & an alias of it in some convenient location like the desktop. Then, after creating new contacts they want to share, they need only drag them from the name list into the alias. The other account holder(s) then can drag them from that common folder into their own Address Book.
  A variation of this idea is to create individual folders in each ~/Public/ folder (changing permissions as appropriate), or to use the Drop Box folder to make the vCard available to other user(s). This would reduce the confusion between "incoming" & "outgoing" vCards. I haven't tried it, but it might also be possible to automate the importing or at least notification for the receiving user with folder action scripts.

• Sysprep problems with Default User profile

  I've read the previous posts in this forum about using Sysprep with Windows XP SP3 and I have followed the instructions in MS Article 959753. I applied my customizations to the local Administrator account and included UpdateServerProfileDirectory=1 in the sysprep.inf file. The only other thing I've got in my sysprep.inf file is the parameter to preserve OEM pre-activation when re-installing Windows XP. I set it to Mini and Reseal. After imaging, I create a new user, log in and NONE of the customizations are present. Is there something that I'm missing?

  I'm not sure why that is not working.
  When a user logs on who does not have a profile, the first thing Windows
  does is copy the Default Profile Directory over to a new profile folder
  for that user. Then that becomes the user's profile.
  On 11/23/2010 6:36 PM, betsyhorn wrote:
  >
  > craig_wilson;2049119 Wrote:
  >> The Simplest way to to Overwrite is to .........
  >>
  >> #1 - Create a Dummy User, Login as Dummy User and Update settings as
  >> you
  >> like.
  >>
  >> #2 - Logon as Administrator and overwrite the contents of "Default
  >> User"
  >> with the "Dummy User" profile.
  >>
  >> Although I copied the folders from the dummy user to the default user,
  >> none of the customizations stuck after imaging, laying down the new
  >> image, and creating a new user. I assumed copying folders is what you
  >> meant by "overwrite". Or were you referring to copying the User Profile
  >> from My Computer | Properties | Advanced? Although we are on XP SP3,
  >> that option is still available.
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.

• Help with default user profile

  I have created a default user profile using a local account. Once I have the local account I copy the home folder to /System/Library/"User Template"/English.lproj
  I do
  chown -R root:wheel /System/Library/"User Template"/English.lproj
  From the terminal as root
  I log in with an Active Directory account and the profile is exactly as I created with one caveat, safari is trying to save to the dummy user accounts desktop instead of the logged in users account.

  It seems to me that when ".plist" files contain references to other files or folders, most require full paths and they won't accept anything to represent a generic "home". Either that, or items are represented by "alias" data, referring to a specific file, which would be completely independent of paths. That of course means that any sort of "template" account must avoid containing references to items within the "home" folder because the template will contain references to the original items, not their counterparts in the new user's home. Note that things like the "sidebar" in a regular account or the "Dock" in a "Simple Finder" do contain shortcuts to items within the "home" folder, but these aren't generated from ".plist" files in the template but rather are generated on the fly by "Finder" during login.
  In the case of the default download location for "Safari", I think it defaults to the user's "Desktop" in the absence of a ".plist" file. However, if the user changes the location, then a ".plist" file is created at that point. It would also appear that the default download location is set to the user's "Desktop" if the default Safari "home page" is changed, which also causes the same file to be created. The file appears to be: "~/Library/Preferences/com.apple.internetconfigpriv.plist"
  I haven't tested this to see if it would work, but it might be possible to modify your existing template to remove the reference to the "download folder" while retaining the desired Safari "home page" using something along these lines:<pre style="overflow:auto; padding: 5px; width: 500px ; font-size: 10px; border:1">sudo defaults delete /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.internetconfigpriv DownloadFolder</pre>

• Cisco ISE v1.1.3 intergration with OpenLdap

  Hi Guys,
  We are trying to intergrate our ISE server with a Secondary OpenLdap server (Zentyal). The current primary server we are using for authentication is Active directory. We have managed to test the binding to the Secondary server successfully and added it in the Identity source sequences.
  The error we are getting when authenticating the OpenLdap end user machine is as below:
  1006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12304  Extracted EAP-Response containing PEAP challenge-response
  11808  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
  Evaluating Identity Policy
  15006  Matched Default Rule
  15013  Selected Identity Store - Zentyal
  22043  Current Identity Store does not support the authentication method; Skipping it
  Anyone who has experienced such an issue?
  Please help

  Hi Salodh,
  You were right!!! We installed a 3rd party supplicant that supported GTC on the Windows machine and the authentication succeeded. Next step is now Profiling the machine otherwise Thanks so much for your help and time.

• Cisco ISE 1.1 patch 3

  I am installing patch 3 on version 1.1. and just noticed that the admin password had reverted back to the prevoius version. In case any one has any issues logging in try that. I am going to open a TAC case once the patch finishes installing on the other 4 nodes.
  Thanks,
  Tarik Admani

  I suspect the below listed defect here:
  CSCue41912    Posture : NAC agent not triggering on WIN8.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Office 2010, Appdata, Roaming user profile and Normal.dot

  Hello,
  We have roaming profile on our domain users and they are working fine within the network.
  When they are at home using the same computers, they login with a cached copy of their domain profile.
  Server is 2008 R2, Windows 7 x64 clients and Office 2010 x64 package. 
  When the users go home, they get "The file Normal.dot cannot be opened because there are problems with the contents" and "Word cannot open the existing file (Normal)" error when they open Word 2010. 
  If they use VPN or connect remotely to the network, everything is fine. But when they are at home and just want to open a document from their USB stick, this happens.
  The users Documents, Desktop, Favorites etc are mapped to DFS shares in the network.
  This of course means, they don't have access to them at home, which is fine. 
  On the ADM template for Office 2010, the User Template path is set to  : "C:\Users\%username%\AppData\Roaming\Microsoft\Templates"
  AppData folders is redirected to localprofile for the above to work and under the "Exclude Directories in romaing profile" we have added the entire "AppData\Roaming" (we are testing so that is fine for now) but still the "Appdata\Roaming"
  travels with the roaming profile which means the Template path becomes unavailable (or so it seems) when the users disconnect from the network.
  But what is confusing is, I can still browse to the above path manually, but Word 2010 some how seems to think its not there. 
  We do not want to use Offline feature (yet), and want to find if there is any other method of solving this. 
  Ramu V Ramanan

  Thanks Jeff. I don't want to go down that second path, autorecover is not our foe here, its the 'Templates folder' 
  As for the first part, that doesn't work. The problem is word still looks for the path "C:\Users\%username%\AppData\Roaming\Microsoft\Templates" which it thinks is not
  available, when it is (as its exempted from being roaming using the registry value/GPO). Moreover, when the user is disconnected from the network, they can't click Modify and change the path, it simply doesn't do anything when you click Modify on
  the screen to change the path to the template file. 
  We are considering ditching the roaming profiles, especially because the machines are now travelling outside the network. Or creating a special folder in all those machines where we can put a copy of the normal.dot. This is only affecting about 100 such
  users, other users who have local profiles on the machines are fine.
  Cheers,
  Ramu
  Ramu V Ramanan

• T61: User on Domain with folder user profile with progressive number each time that log on

  Hi,
  On my new T61 something is happening.
  I create my user local profile and then create a user on domain.
  I already copy my data into my folder Document.
  But everytime that I log on my user account, appears a new folder
  on the Folder Users with my "account.domain.001", "account.domain.002", "account.domain.003"
  What is happening?
  I need to reinstall my T61 from my Start Recovery Disc?
  Thanks in advance,
  Ruben Elizondo

  Is there anyway around this issue???
  Or is there anyway to get content from my iPad to display on my Apple TV without an Internet connection on the Apple TV???
  Unfortunately not.