Clients can not obtain an ip-address via DHCP.

HI all, I would like to share one problem with WLC 5508 .
we added a new virtual interface on the WLC. One new SSID is associated with this interface.
We created a ACL for this interface to restrict the access via WIFI to certian services.
The following services are allowed on this ACL:
TCP-Traffic for HTTPS
UDP-Traffic for DNS
UDP-Traffic for DHCP
TCP-Traffic for HTTP
ICMP-Traffic
TCP-Traffic for CITRIX
The Problem is, as soon as we add a new service to this ACL, we need to reboot the Controller because the Clients which are working over WIFI do not get a IP-Address assigned via DHCP.
It´s not correct that everything works fine because the change were not applied.
The changes of the ACL are applied on the fly, but for reason we don´t know, the clients don´t get a DHCP IP-Address (after changing the ACL) until the Controller is rebooted.
I am attaching configruation from affected wlc
thank you

If shop is coming from a server on the LAN you need to add DHCP as a port they can reach.
Steve
Sent from Cisco Technical Support iPhone App

Similar Messages

EA2700 router not getting assigned IP address via DHCP

I'm helping my mom (remotely) set up her new EA2700 router to replace her old Linksys WRT160N router. It is currently connected to a Motorola 6121 cable modem. She also has Charter cable modem service. FYI, the WRT160N is currently working albeit it is dropping connections and losing connections from time to time. That's why she purchased this new router.
I'm trying to help her set it up manually. Unfortunately, she does not have a laptop computer. She does have an iPad and Android phone, but nothing that would allow her to connect a device with a CD to the router that would allow her to do a CD based setup. Thus, we're trying to do a manual setup.
She is able to login to the router using Safari by connecting to 192.168.1.1 so I think the basic stuff is set up properly and all the wires are connected properly. She is able to get into the main setup page. I've helped her compare the setup of the current (EA2700) router to her old WRT160N router - this took quite a while - and essentially everything is set up similarly between the old and new router. Internet connection type is set to "Automatic Configuration - DHCP." Unfortunately, the router doesn't seem to be able to get assigned an IP address from Charter. When she goes to the Status page, no IP addresses are listed. She has also clicked on both the release IP and renew IP buttons, both with no effect. She has tried power cycling both the cable modem and router, but not luck. What's going on? I see another user may have a similar issue:
http://homecommunity.cisco.com/t5/Wireless-Routers/EA2700-DHCP-reservations/m-p/561986?comm_cc=HSus&...
What can we do to fix this issue?

If mac clone is enabled, the address that it will clone is usually the mac address of the computer that can get online directly to the modem. Or it’s possible that the cable modem is only recognizing the MAC address of the old router. You may enabling MAC Address clone and clone the MAC address of the old router.

Can't pull an IP address via DHCP

I recently replaced a legacy 6513 with a 4510R+E running cat4500es8-universalk9.SPA.03.03.00.XO.151-1.XO.bin
Upon booting up a handful of workstations connected to the 4510 are unable to pull IP addresses. Once booted up, if you unplug and then plug the network cable back into workstation it pulls an IP address.
The config is pretty vanilla. The only thing I did that I wouldn't usually do was add this command "ip device tracking probe delay 5" to address this issue... https://supportforums.cisco.com/discussion/11621386/ise8021x-ip-conflict-0000 I get the same results even if I remove this command
Any suggestions?

Thanks for your input.
Portfast is configured globally. Just to be double certain I even configured it on the inteface.but it made no difference.

Windows 7-8.1 Can not change the MAC Address on wifi and cannot load login page in public HotSpot.

Windows 7-8.1 Can not change the MAC Address on wifi and cannot load login page in public HotSpot.
Adapter: Ralink RT3070 Chipset wifi adapter
Tested: os Windows 8.1 Professional
Hot Spot: 802.11b
The first problem windows 7-8.1 got IP adress and connect he public HotSpot but cannot load login page or any other page. It does not work with it.
The second problem Wifi canrd/configure/Advandes (No network adress change function).Tested with the default windows driver and the ralink rt 3070 driver the same problem.On windows XP the same function the same driver works perfectly.
multiple users to have expressed interest in the problem But Microsoft not corrected the problem window7-8.1 10?
lizardsystems.com/wiki/change_mac_address/faq/change_mac_address_in_windows_7
blog.technitium.com/2011/05/tmac-issue-with-wireless-network.html
superuser.com/questions/519189/how-to-change-the-mac-address-in-win-8-to-spoof-a-roku-player-through-a-wifi-spl
social.technet.microsoft.com/Forums/windows/en-US/59e07df3-471c-499e-ad5f-e7cb507595df/cannot-change-mac-address-in-windows-7-driver-has-option-doesnt-work-neither-does-regedit-ms?forum=w7itpronetworking
networksteve.com/windows/topic.php/CANNOT_CHANGE_WIRELESS_%28SPOOF%29_MAC_ADDRESS_ON_WINDOWS_7/?TopicId=16810&Posts=1
On windows XP or linux have a MAC adress Change function allow 00 mac adress and another normal mac adress range.On windows 8.1 all Mac changer program dont work.This 2,6,A,E on second adress are not vaild Mac adress. You simply can not use normal MAC
addresses on windows 8.1.When i connect the usb the Pc windows 8.1 recognizes the adapter but the default driver and the downloaded ralink driver the same problem.On windows xp the current driver works perfectly have (Local Mac Network Adress) funktion
and works with the 802.11b hot spot.I got the internet my PC and laptop too public HotSpots and another wifi HotSpots if wont work correctly i can not use neither the windows 7,8,8.1 or 10. Many users have expressed interest in the problem more forums.
The 3. problem im tested in virtualbox the windows 7 and 8.1 on 8.1 (on the blue wifi platform) not show correctly the signal strengh. On windows 7 show this correctly.The windows 7-8.1 Configure/advanced the advanced options on Ralink 3070 the default (windows
driver) somehow downgraded function is less than for Xp. Configure/advanced the advanced options (needs to be upgraded in the future) because it does not advance but rather regressed.
Today it is very common these wi-fi technology increasingly used (hotels,Public Hots Spots,Internet coffe,) growing free bublic wifi projects. The wifi funktions on windows need debugging and modernize.The quality of Wi-Fi is now the operating system
is now a thing order which is not good then the operating system is unusable.

Hi,
For changing the MAC address for Windows 7 is designed with some limitation, we cannot get over it. Thanks for your understanding.
Under Windows 7, the possible range of spoofed addresses for wireless adapters that can be set is limited. To be used by Windows 7, a spoofed MAC address should have 0 as a least significant bit (unicast) and 1 as a second least significant
bit (locally administered) in the second nibble. Thus possible values for the second nibble are limited to 2, 6, A and E.
In other words
MAC address: “XY-XX-XX-XX-XX-XX” “X” can be anything hexadecimal. The hexadecimal “Y”, written in binary format, is Y: “kmnp”, where “p” is the least significant bit;
p=0 --> unicast;
p=1 --> multicast;
n=0 --> globally assigned MAC;
n=1 --> locally administered;
So, actually MAC can be changed to any combination in which p=0 and n=1;
“Y” can be 2, 6, A or E.
So the possible MAC addresses in Windows 7 for wireless adapters:
X2-XX-XX-XX-XX-XX
X6-XX-XX-XX-XX-XX
XA-XX-XX-XX-XX-XX
XE-XX-XX-XX-XX-XX
For the wifi hotspot issue, please check this blog to see if it can be helpful.
Windows 7 Connectivity Problems in Public Hotspots
http://blogs.technet.com/b/patrickr/archive/2010/07/28/windows-7-connectivity-problems-in-public-hotspots.aspx
Kate Li
TechNet Community Support

I just bought the BDP-S1500 yesterday and can not get it to work via wireless

I just bought the BDP-S1500 yesterday and can not get it to work via wireless????

Hi BigDaddy317,
Please the link below for further assistance in connecting your wireless device to the internet.
https://us.en.kb.sony.com/app/answers/detail/a_id/33377/p/47329,47564,95482/c/65,66/kw/internet
https://us.en.kb.sony.com/app/answers/detail/a_id/35983/p/47329%2C47564%2C95482/c/65%2C66/kw/internet
Please let us know if you're getting the same result or the error messages that you see.
Thanks,
>Joffrey
If my post answers your question, please mark it as "Accept as Solution"

Niet mogelijk om de nieuwste versie van itunes te installeren. de melding is : the older version of apple mobile device support can not be removed. ook niet via het configuratieschern of uninstal progamma's

het is niet mogelijk om de nieuwste versie van itunes te installeren. de melding is : the older version of apple mobile device support can not be removed. ook niet via het configuratieschern of uninstal progamma's. graag hulp bij de-installatie

ok, i'm stunnend.
apparently there was something that resolved the issue, the store works fine now... have been hacking around on this for days, and now, just at once. only thing i did (and i did that before, naturally, it's one of the first things you trie) is disable my antivirus software. It runs perfectly with antivirus enabled now to....beats me...
anyway: resolved!

Help, I can not drag and drop address book contacts into numbers.

i have read the manual. watched videos on youtube, but I can not drag and drop address book contacts into numbers or pages. I upgraded to Numbers 09. set up the fields as stipulated, but when I drag a contact to the numbers canvas it just bounces back to address book. I tried reinstalling 09 thinking it was a faulty install. no luck. Have tried dragging to balnk part of canvas, to the table, and to a table with fields, no luck.
Thank you.

Could be a preferences setting. See Jerry's post in this thread.
Regards,
Barry

Hello my iphone 3g can not connect to home network via wifi

Hello to all, with my iphone 3g can not connect to home network via wifi. This only happens if I apply protection to the network. Unprotected my Iphone connects fine. Obviously the password to write error-free. I can not figure out what depends on this factor, however, another iphone connects fine. Help me please.

I have a similar,but slightly different problem. My iphone 4 recgonizes my home wifi and shows it under Settings, but will not access it, no signal shown, just 3G. It will access other wifi signals. My wife's iphone works fine, as does an ipad and macbook. This is new for my iphone, about 2-3 days.
Help! I reset network settings and rebooted the router (Apple), no avail

The ePrint center can not release my email address what I deleted. So, I have to change another.

The ePrint center can not release my email address what I deleted. So, I have to change another.
How can I use the address again?
Thanks.

Hello GeorgeChang,
You can not use the same custom ePrint email for your printer until it becomes unlocked in six months. Sorry for the inconvenience.
-------------How do I give Kudos? | How do I mark a post as Solved? --------------------------------------------------------

WRT54G: Static mode set on WAN side, but still sometimes pulls address via DHCP!

We've had (6) WRT54G (v5) installed in a building, for about (2) years now, with no previous problems. Now, ALL of them are doing something weird. They are all set for Static mode on the WAN side (we have static ip addresses for these), yet every now and then they will spontaneously pull an address via DHCP on their own. When they do this, the setting itself doesn't change. It will still show "STATIC" in the pull down list. But, the address will no longer be the address we assigned to the unit, and will instead appear to be an address that it pulled via DHCP.
Thanks, in advance, for any help and insight into this strange problem.
David

Ah. In that case, we're not going to put our client through the frustration of chasing a ghost in the machine. We'll just replace them with new ones. But, I'll try this on them in my spare time and let you know how it goes.
Thanks for your assistance,
David
Message Edited by ld-systems on 09-19-2007 08:01 AM

No IP Address via DHCP connecting to Cisco WiFi via WPA - after update

Good Evening,
We use Cisco Aeronet WiFi devices at work and use WPA security. I was able to successfully connect via my MacBook Pro until an OS update a few weeks ago. Now I can connect and it appears that I authenticate - however I cannot get a valid IP address (just a 169.x.x.x address).
I can successfully connect to open and WEP networks - but WPA is an issue.
Is this a known issue?
I have applied the latest Airport update I believe.

This is an old issue, I have yet to see a fix. I have the same problem; my MBP assigns its own IP address, and no matter what I do, it will connect to the network but not the internet. Interestingly, when I boot my iBook, which I first did to check settings (the iBook always connected easily) the MBP connected. It does this every time. As soon as the iBook boots, or wakes, the MBP does its thing, gets a valid IP address via DHCP, and connects. Even entering a manual address, will not connect the MBP to the internet. Deleting ports, and locations doesn't help.The MBP has connected on its own about three times out of (say) a hundred. Apple engineers here in Australia, said they'd never heard of the problem. Maybe they are asleep. Bah.

Can not access the advanced settings via IP address WRT310N

Hello all,
I'm having trouble accessing my routers advance settings. The Easy Link Advisor works but as soon as I attempt to enter the router via the advanced setting explorer pops up with a "can not connect" and internet trouble shooting suggestions.
I'm trying http://192.168.0.1 which is where the advisor attempts to connect and 192.168.1.1 which was my default for my wrt54g.
Nothing seems to work - I have tries a hard reset of the router as well.
Any tips, suggestions?
Greatly appreciated.

I am also having this problum "with a few extras"
In the easylink adviser i click on the WRT310N and choose advanced settings it opens up a a brouser window going to 192.168.1.1 and then takes me to a blank page.
i checked ipconfig and
IP Address ...............:192.168.1.100
Subnet Mask ............:255.255.255.0
Default Gateway........:192.168.1.1
the other 2 issues i get are clicking on change router password i get the error message
"Exception has been thrown by the target of an invocation"
also when i click on wireless protection i get the same error message
"Exception has been thrown by the target of an invocation"

My iMac can not see my mini Mac via Airport extreme using host name, only via IP address. What am I doing wrong ?

I have an iMac and a mini Mac attached to the same Airport extreme. It would appear that Bonjour works because I can see the hostname of the mini Mac server in Finder on the iMac.
But if I type in the host name (myminimac.private) in the Safari browser at the iMac it can not find the mini mac. However if I type in the IP address of the mini mac server it can see the see it.
It used to work but I must have done something to mess it up.
Anybody any suggestions ?

You have the wrong card. You need the original AirPort card for your G4.
...how the **** do i get the Superdrive to open up so i can put in a CD/DVD?
If the keyboard has a media eject key, press that. If not, hold down F12.

Can not administer Catalyst 2960 switch via console

Hello,
I want to configure my switch via console cable, the switch boots up normally, and there are no configurations present on the switch. However, anything I type does not appear on the terminal client. I used several terminal clients (TeraTerm, PuTTY, HyperTerminal), all latest versions as well as different PCs. I even forced the switch to rommon mode, still, anything I type does not appear on the terminal client.
Here's the output of TeraTerm:
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: e8:40:40:06:f0:80
Xmodem file system is available.
The password-recovery mechanism is enabled.
Initializing Flash...
flashfs[0]: 542 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 11565056
flashfs[0]: Bytes available: 20948992
flashfs[0]: flashfs fsck took 11 seconds.
...done Initializing Flash.
done.
Loading "flash:/c2960-lanbasek9-mz.122-50.SE5/c2960-lanbasek9-mz.122-50.SE5.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File "flash:/c2960-lanbasek9-mz.122-50.SE5/c2960-lanbasek9-mz.122-50.SE5.bin" uncompressed and installed, entry point: 0x3000
executing...
              Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 28-Sep-10 13:44 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01400000
Initializing flashfs...
fsck: Disable shadow buffering due to heap fragmentation.
flashfs[1]: 542 files, 19 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32514048
flashfs[1]: Bytes used: 11565056
flashfs[1]: Bytes available: 20948992
flashfs[1]: flashfs fsck took 2 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
Checking for Bootloader upgrade.. not needed
POST: CPU MIC register Tests : Begin
POST: CPU MIC register Tests : End, Status Passed
POST: PortASIC Memory Tests : Begin
POST: PortASIC Memory Tests : End, Status Passed
POST: CPU MIC interface Loopback Tests : Begin
POST: CPU MIC interface Loopback Tests : End, Status Passed
POST: PortASIC RingLoopback Tests : Begin
POST: PortASIC RingLoopback Tests : End, Status Passed
POST: PortASIC CAM Subsystem Tests : Begin
POST: PortASIC CAM Subsystem Tests : End, Status Passed
POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed
Waiting for Port download...Complete
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco WS-C2960-24TT-L (PowerPC405) processor (revision J0) with 65536K bytes of memory.
Processor board ID FOC1510X4ZQ
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : E8:40:40:06:F0:80
Motherboard assembly number     : 73-12600-05
Power supply part number        : 341-0097-03
Motherboard serial number       : FOC15094MZG
Power supply serial number      : DCA150583WQ
Model revision number           : J0
Motherboard revision number     : A0
Model number                    : WS-C2960-24TT-L
System serial number            : FOC1510X4ZQ
Top Assembly Part Number        : 800-32797-01
Top Assembly Revision Number    : F0
Version ID                      : V09
CLEI Code Number                : COM3L00BRE
Hardware Board Revision Number : 0x0A
Switch Ports Model              SW Version            SW Image
*    1 26    WS-C2960-24TT-L    12.2(50)SE5           C2960-LANBASEK9-M
Press RETURN to get started!
*Mar 1 00:00:31.381: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 00:00:32.556: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Mar 1 00:00:35.802: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to down
*Mar 1 00:00:35.861: %SYS-5-CONFIG_I: Configured from memory by console
*Mar 1 00:00:36.012: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 28-Sep-10 13:44 by prod_rel_team
*Mar 1 00:00:36.037: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Mar 1 00:00:37.060: %LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down
*Mar 1 00:00:37.094: %LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down
*Mar 1 00:00:37.127: %LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down
*Mar 1 00:00:37.161: %LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down
*Mar 1 00:00:37.195: %LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down
*Mar 1 00:00:37.228: %LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down
*Mar 1 00:00:37.262: %LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down
*Mar 1 00:00:37.362: %LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down
*Mar 1 00:00:37.362: %LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administratively down
*Mar 1 00:00:37.362: %LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down
*Mar 1 00:00:37.404: %LINK-5-CHANGED: Interface FastEthernet0/16, changed state to administratively down
*Mar 1 00:00:37.446: %LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down
*Mar 1 00:00:37.488: %LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down
*Mar 1 00:00:37.497: %LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administratively down
*Mar 1 00:00:37.539: %LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administratively down
*Mar 1 00:00:37.572: %LINK-5-CHANGED: Interface FastEthernet0/21, changed state to administratively down
*Mar 1 00:00:37.606: %LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administratively down
*Mar 1 00:00:37.639: %LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administratively down
*Mar 1 00:00:37.673: %LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administratively down
*Mar 1 00:00:37.690: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
*Mar 1 00:00:37.715: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
After the last line, I can not type any command at all. I encountered this on three 2960 switches that we have here in our laboratory. Can anybody help me on how I can get access to the switch via console?
Thanks in advance.

Have You Check your console Cable.
also
If u are using USB to Serial check driver are properly installed.
else
See Helpful Cisco Documentation
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008010ff7a.shtml
Do Rate Helpful Posts

Client can not communicate with MP over https. Certification Problem

Hi All,
I have been fighting with this problem for the last 3 days and couldn't solve yet. So, I hope we can solve it here.
I am trying to install client manually from a usb drive by using the below command.
Ccmsetup.exe /usepkicert smsmp=”srvsccm2012.domain.local” ccmhostname=”sccm.domain.tr” smssitecode=”AUTO”
Client Installs on workstations but only info that I can see under Configuration Manager Properties are:
Client Certificate: None
Connection Type: Currently Intranet
Version:5.00.x.x
So, there is a problem with connection to MP, It can not get policies and certificate info (PKI) etc...
If I try to browse these urls, result is 403 - Forbidden: Acces is denied.
http://siteservername/SMS_MP/.sms_aut?MPCert<o:p></o:p>
http://siteservername/SMS_MP/.sms_aut?MPlist<o:p></o:p>
This makes me think certificates are messed up but if I try to browse my MP with the url below, Result is IIS 8 page.
https://sccmserver.domain.local
I can see these errors in my log files:
CcmMessaging Log errors:
Post to http://”myservername.mydomain”/ccm_system/request failed with 0x87d00231.
Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7.
ClientIDManagerStartup Log errors:
RegTask: Failed to refresh site code. Error: 0x8000ffff
LocationServices Log errors:
Failed to retrieve DNS service record using _mssms_mp_”auto”._tcp.mydomain lookup. DNS returned error 9003
Policy prevents failover to WINS for lookup
LocationServices 8/26/2014 4:18:29 PM
3900 (0x0F3C)
LSGetSiteVersionFromAD : Failed to retrieve version for the site '”AUTO”' (0x80004005)
The ip address of workstation on DNS is correct.
I can ping and resolve the name of MP from workstation.
I want to check if my certificates are OK but I dont know how to make sure certificates are good. Please advise.
By the way, This problem is happening on the newly reformatted workstation, existing workstations can be re-installed with client without problems.
Yavuz Selim Atmaca

Hi Peter,
I checked IIS Logs and I didn't see any error messages.
I checked the certificate requirements and I think there is no problem with them.
certutil -verify -urlfetch command outputs some results that I couldnt understand. Here it is:
ssuer:
CN=mydomain-SRVDC01-CA
DC=mydomain
DC=edu
DC=local
Subject:
EMPTY (DNS Name=selimtestPC.mydomain.edu.local)
Cert Serial Number: 29e6fe37000000005edb
dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 7 Hours, 33 Minutes, 49 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 7 Hours, 33 Minutes, 49 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
NotBefore: 26.08.2014 14:19
NotAfter: 26.08.2016 14:29
Subject:
Serial: 29e6fe37000000005edb
SubjectAltName: DNS Name=selimtestPC.mydomain.edu.local
Template: ConfigMgr Client Certificate
74 cf 94 a4 5d 72 0f e9 19 d1 36 b4 5c 06 4e 55 12 04 89 26
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Verified "Certificate (0)" Time: 0
[0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=AIA,CN=Public%20Key%20Services,CN=Servi
ces,CN=Configuration,DC=mydomain,DC=edu,DC=local?cACertificate?base?objectClass=cer
tificationAuthority
---------------- Certificate CDP ----------------
Verified "Base CRL (057a)" Time: 0
[0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Servic
es,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?certificateRevocationLi
st?base?objectClass=cRLDistributionPoint
Verified "Delta CRL (057a)" Time: 0
[0.0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Serv
ices,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?deltaRevocationList?b
ase?objectClass=cRLDistributionPoint
Verified "Delta CRL (057a)" Time: 5
[0.0.1] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA+.crl
Verified "Base CRL (057a)" Time: 4
[1.0] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA.crl
Verified "Delta CRL (057a)" Time: 0
[1.0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Serv
ices,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?deltaRevocationList?b
ase?objectClass=cRLDistributionPoint
Verified "Delta CRL (057a)" Time: 4
[1.0.1] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA+.crl
---------------- Base CRL CDP ----------------
OK "Delta CRL (057e)" Time: 0
[0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Servic
es,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?deltaRevocationList?bas
e?objectClass=cRLDistributionPoint
OK "Delta CRL (057e)" Time: 4
[1.0] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA+.crl
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 057a:
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
a4 81 a4 bb 01 7e e1 be e2 33 4b 06 5d 00 3c 30 97 93 27 f6
Delta CRL 057e:
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
52 c5 95 b3 9d c2 9d 22 ee fa 3b c4 b9 04 08 3e 95 98 1d 5c
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
NotBefore: 22.10.2010 16:50
NotAfter: 22.10.2025 17:00
Subject: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
Serial: 49c50a78f367cdb8466cd34160977233
Template: CA
01 a8 da 41 35 f7 52 be 7a 9b 4d 26 3d ee 33 af c4 e0 9c e0
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
No URLs "None" Time: 0
---------------- Base CRL CDP ----------------
OK "Delta CRL (057e)" Time: 0
[0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Servic
es,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?deltaRevocationList?bas
e?objectClass=cRLDistributionPoint
OK "Delta CRL (057e)" Time: 4
[1.0] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA+.crl
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 057a:
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
a4 81 a4 bb 01 7e e1 be e2 33 4b 06 5d 00 3c 30 97 93 27 f6
Delta CRL 057e:
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
52 c5 95 b3 9d c2 9d 22 ee fa 3b c4 b9 04 08 3e 95 98 1d 5c
Exclude leaf cert:
58 db 23 c9 81 00 ff 3e de e0 13 da 87 29 66 96 56 45 51 cd
Full chain:
ba 55 5a 92 f0 b4 69 47 01 d7 02 23 1c db 7e 88 66 f2 42 dc
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.5.5.7.3.2 Client Authentication
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.
I just checked SCCM SystemStatus/ Component Status from the SCCM Console and found errors under SMS_MP_CONTROL_MANAGER
component:
"MP has rejected a message from GUID:A90AA88F-FB10-407C-B2ED-DCE41479FBDC because the signature could not be validated. If this is a valid client, it will attempt to re-register automatically so its signature can be correctly validated."
Should I delete all config manager related certificates and re-create them?
Yavuz Selim Atmaca

Clients can not obtain an ip-address via DHCP.

Similar Messages

Maybe you are looking for