Ciscoworks 3.2 RME Compliance Management w/ 802.1x Port Configs

Similar Messages

• RME - Compliance Management - Deploy strangeness

  Hi All,
  Here is an interesting one. Got a selection of Compliance management jobs and am having trouble with the deploy phase. Basically I am looking for the following on a series of devices and then removing it.
  - [#radius-server host.*#]
  So when this runs, it matches what I expect (shown below)
  no radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXX
  However when I deploy this, the line above remains on the device?
  I have tried changing the compliance check to
  - radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXX
  To see if its a regex problem of some form and the job does exactly the same, i.e. it matches the line and tries to deploy however doesn't work?
  Any ideas?

  Hi Yidabear,
  Its not a pre-requisite problem as the pre-requisites are fillfilled and hence it deploys the rest of the config to the devices in question. For some reason it is just this one line that it has a problem with. Strangely enough, we had a similar issue with the same format of TACACS server line. It seems to happen when you have the "key 7 xxxxxxxxx" value at the end? Even though it finds it and tried to remove it it fails.

• Ciscoworks LMS 3.2 - Compliance mgmt negation problem

  Hi,
  Strange problem, that I am sure is being caused by me.
  Basically trying to run an advanced Compliance mgmt job, looking for a set of pre-requisites (this is working) and then removing all non compliance SNMP community strings from a sample device.
  I use two lines for this removal
  - snmp-server community [#!testR[OW]mon#] [#.*#] [#.*#]
  - snmp-server community [#!SNMP#] [#.*#] [#.*#]
  From what I see, this should remove all snmp-server communities from a device other than "testROmon", "testRWmon" and "SNMP". Obvious caveat is that they would all need to have two words after this (in this case, these are ro or rw and an ACL).
  When I run this it seems to try and remove twice as many snmp community strings as there actually are on the device config? So I guess the core questions are: -
  1) Does the above look sound and would it do what I think
  2) Does the Compliance management engine parse the entire config independantly for each line of the above and hence explain why I am getting more removals than I would expect or is there a problem somewhere?
  Any help on this appreciated as its driving me nuts

  Thanks Joseph,
  So if I also wanted to remove all SNMP traps bar: -
  snmp-server host 10.10.10.x (where x is any ip in the last octet)
  From a device, would I use
  - [#snmp-server host (!#10\.10\.10\..*#).#]
  Or doesn't this make sense?

• Sun Identity Compliance Manager Questions

  Hi Everyone,
  We are looking for a complete list of supported managed resources for the Sun Identity Compliance Manager (SICM) tool.
  Also we have the following specific questions:
  1.     Does SICM have connectors/adapters to Solaris 8/9/10 and Oracle EBS (as managed resources) to perform access certification of user accounts and associated entitlements/privileges/roles.
  For example: Can SICM be used to analyze/report on the status of current and newly provisioned Solaris unix-level accounts and associated RBAC roles (say) -or- Oracle EBS accounts and associated roles /responsibilities to identify if they have been certified or have any SOD conflicts?
  2.     Can SICM be implemented as a fully functional stand-alone product as opposed to it being integrated with Sun Identity Manager (SIM) ?
  3.     In a scenario where SIM and SICM are integrated, can SIM do a hand-off to SICM for SOD analysis and checking as part of it account provisioning workflows?
  Any insight and/or pointers will be greatly appreciated!
  Thanks in advance and please let me know if there is a more relevant forum to post this question.
  -TS

  I have resolved the problem, the problem is because of the idmmanager attribute. In onsite they are using some other idm 6.0 with some patch, so they are getting the idm manager attribute but in offshore we dont have any patch installed for getting the idm manager attribute. Do you have any idea about how to get the idm manager attribute in the idm 6.0 with some patch? Thanks for your help ya.

• Ciscowork 3.2.1 daemon manager is not working after patch installation

  Hi Team
  Ciscowork 3.2.1 daemon manager is not working after patch installation.
  C:\Documents and Settings\Administrator>net start crmdmgtd
  The CiscoWorks Daemon Manager service is starting.
  The CiscoWorks Daemon Manager service could not be started.
  The service did not report an error.
  More help is available by typing NET HELPMSG 3534.
  Also I checked syslog.log and it is showing below error
  an 17 14:39:34 127.0.0.1 100: <28>   dmgt[1316]: 2507(W):Daemon manager anonymous user has not been set up: 00000569
  Please suggest.
  With Regards,
  neena

  During installation, an user casuser is created with certian security settings and if those are modified\removed, DM will not start.
  Following message will be seen in /log/syslog.log
  Daemon manager anonymous user has not been set up: 00000775
  To solve the issue, run resetcasuser.exe located under /setup.support  to  recreate the settings.
  Make sure casuser account is not locked out. Make sure casuser is a member of casusers group and is set to "password never expires".
  Additionally you can try to make casuser a member of adiministrators group.
  -Thanks

• Compliance Management in B2B

  Hi, can anyone help in how we can answer for Compliance Management in B2B

  Hello,
  Can you please elaborate this query to help us answer better.
  Rgds,Ramesh

• Compliance Management in LMS 3.2

  I'm having a hard time getting Compliance Manager to accept a "banner login" command I'm attempting to use on 6500 IOS switches. I've edited the template, tried cut-&-paste, looked for the archive file on the server to directly modify it (without success), among other things. I have this feature functioning correctly on CatOS switches, but can't seem to get it properly set on IOS switches. What's the limit, as far as the template is concerned, on the number of characters with this type of command? Where are the archive configs located on the server; in the "shadow" directory?
  Thanks,
  Rick

  Not sure what you mean when you say "not accepting", but I had some trouble with compliance templates and checking banners.  My issue was with multi-line commands as mentioned in the last post of this thread: https://supportforums.cisco.com/message/638950#638950
  Once I put the in the template it worked fine.  The thread is discussing LMS 2.6 but was applicable in my 3.2 environment.  Hope that helps.

• Does Cisco Prime have a replacement product for NCM or Network Compliance Manager?

  Does the Cisco Prime application development team have a product that replaces the NCM or Network Compliance Manager?

  Both Prime and LMS can do baseline compliance, after a fashion. LMS's is much more mature in my estimation. Prime is more around the lines of deploying templates.
  The regulatory compliance functions as of now are in only LMS's Compliance and Audit Manager (CAAM) function. It's quite useful, matching the baseline compliance features.
  An LMS license is included with PI, but it does need to be on its own server (or separate VM).

• Installing Security and Compliance Manager on Windows 8.1

  Hi
  I am trying to install Security and Compliance Manager on my Windows 8.1 workstation.  The install is trying to install SQL Express 2008 which seems to not be compatible with Windows 8.1 and that is were the install ends.
  I tried installing SQL Express 2012 and then running the install but it looks like the database is not installed.
  Is there a new version of Security and Compliance Manager that addresses this or does anyone know how to set up SQL to accept Compliance Manager?

  Open Regedit and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  Delete this key under Session Manager "PendingFileRenameOperations". Restart the installation and it will work fine.
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Microsoft Security Compliance Manager V3 and create GPO

  I have created a GPO backup from the compliance manager for Windows 7 SP1. I am trying to find documentation for the exact process of importing these settings into a newly created "blank" gpo. In review of the Backup.xml file, I can see that
  it references Contoso.com (the generic MS domain for examples, etc). Is there a clear documented process for configuring the template then creating a domain GPO? Any help is greatly appreciated!
  wjk

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Cisco Works Network Compliance Manage NCM

  I'm working on the Cisco Works Network Compliance Manager.
  I would like to add a device which is behind a firewall.
  For this I use the option bastion host to authen. on the firewall and
  to get access to the device self.
  The problem is the firewall is not listing  to the port 22/23, it a different port number
  like example 1234.
  Is it possible to change the port  manually in a configfile, as the webinterface has no option for this  ?
  I use the version 1.7.1 the latest one.

  Both Prime and LMS can do baseline compliance, after a fashion. LMS's is much more mature in my estimation. Prime is more around the lines of deploying templates.
  The regulatory compliance functions as of now are in only LMS's Compliance and Audit Manager (CAAM) function. It's quite useful, matching the baseline compliance features.
  An LMS license is included with PI, but it does need to be on its own server (or separate VM).

• Security Compliance Manager - version 3.0.60

  Does anyone know if this version of Security Compliance Manager supports Windows Server 2012 R2:  
  3.0.60

  Hi sayerdi,
  As this question is related to Security Compliance Manager (SCM), for quick and accurate response, I would like to recommend that you ask the question in the SCM forum at
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement . It is appropriate and more experts will assist you.
  Additionally, there is a similar thread about SCM for Windows Server 2012 R2 for your reference.
  https://social.technet.microsoft.com/Forums/en-US/9a0b831e-5d38-4b26-9191-16286f10ecab/scm-update-for-windows-81-and-windows-2012-r2?forum=compliancemanagement
  Thanks,
  Lydia Zhang

• Microsoft Security Compliance Manager - Failed to installed

  Every time I try to install Microsoft Security Compliance Manager right when I getto the part where I'm installing it, it gives me this error:
  Microsoft Security Compliance Manager Setup Wizard failed while starting the installation/uninstallation The given path's format is not supported.
  Then closing the installation and telling me it failed.
  Please help I need to install this for a class.

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Upgrading from SQL Server 2005 Compact Edition [ENU] to SQL Server 2008 Express Edition OR HIGHER for Microsoft Security Compliance Manager

  I have downloaded the MS Security Compliance Manager, which is in two parts:  MS SQL Server 2008 Express Edition & the SCM. The install instructions state the the server needs to be install before the SCM.  So as the install continues I get
  an error message, which cancels the installation.  So, I am trying to install SQL 2008 EE separate from SCM.  My question is: 
  Can I upgrade from my current SQL Server 2005 Compact Edition [ENU]
  directly to SQL Server 2008 Express Edition (or higher)?

  So as the install continues I get an error message, which cancels the installation. 
  And which error message did you got?
  SQL Server Compact Edition is something different then SQL Server Express (or Standard) Edition, you can't upgrade it as you asked for,.
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• Applying recommend settings from "microsoft security compliance manager 3.0.60.0" to a standalone Server using LocalGPO.wsf on Server 2012 R2

  Hello
  Can someone please help me with the following question.
  I have a standalone Server and need to apply settings from SCM, I can see how to do this following the instructions in the following article
  http://windowsitpro.com/security/q-how-can-i-apply-security-baseline-i-defined-through-microsoft-security-compliance-manager
  The problem is  the LocalGPO.wsf that ships with the above version of SCM does not run on Server 2012 R2 (only Server 2012) 
  my question is, 
  is there a later version of LocalGPO.wsf I can use that works on Server 2012 R2 ?
  Thanks
  AAnotherUser__
  AAnotherUser__

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]