Configuration Network access on 10.4.11
Access to the Network has been blocked since I upgraded to 10.4.11 (on both iMac and PowerBook)
Whn opened, the tools keeps popping a window with "Newtwork settings changed by another app"
and the Conf tool in the menu bar dosn't work. I must use the "Connexion" tool window to do so
Is there a way to fix it other than a reinstall?
When you upgraded, was this an installation over an existing older OS X
where the content of your computers were the same, only the OS changed?
There are a few threads in the OS X Tiger 10.4 Discussion area about this
kind of issue; and some users did a complete new installation as one possible
path to get past the connectivity issue brought about in some cases by one
or two Security Updates earlier in Tiger. The later updates include the early
ones, and they to not re-create the original problem when they are avoided.
A new system folder (if the computers have the free space in hard drive) can
be one way past the issue; in the form of an Archive & Install, then update.
Be sure to repair disk permissions between updates and installations with
the Disk Utility in the new running system to help the build be a good one.
Be sure the check-box item is selected to keep your older settings, user
account, passwords, etc from the old system and move them into the new.
If you have an external backup of the computer's contents, to totally wipe
the internal drives of the computers (use option to over-write with zeros
and reformat to HFS+ before a fully new & complete install from scratch)
and use the last Combo update, security update, java updates, for a new
and better built system than one which saw all of the other older updates.
And, if you had Panther on a computer originally, as shipped when new,
the older iLife apps are a bit of a stretch with Tiger. iLife 06 thru iLife 08
would be a better way to go, just note the newer iLife may not be best
for older computers with hardware limitations. An upgrade over Panther
would've left the old iLife (and AppleWorks) in the applications folder.
The newer Tiger retail install disc set does not include these items.
It is possible to use Pacifist utility to extricate items from your original
disc set (AppleWorks, etc) and see about installing them in a new
Tiger system. Sometimes that works OK. I found iLife 06 retail installer
to be a better path than using Charlesoft's Pacifist to get iLife from an
original restore disc set for my iMac; as it came with Panther.
{Having these other items on hand make a full new installation without
any recourse to an older system (and then updating from that) easier
and better overall. That is why I mention this aspect of the situation.}
Probably to rebuild a new system, at least an Archive & Install, then
update; may be the fuller path to a cure. You may get some ideas
about the other Configuration issue by reading in Tiger discussions.
A short-term fix for some involved using the Security preference panel
in System Preferences, and set it so you have to log in a password in
order to change important system settings in System Preferences.
In any event...
Good luck & happy computing!
Similar Messages
-
Is it possible that network access permission control in acs 5.1
Hello
We have ACS5.1, WLC 7.0 and using 802.1x to authentication users.
Anybody know how I can configure network access restriction with using internal user group information.
For example, under the same SSID(like that "test") , same VLAN ID.
But two different user group has a different network access permission.
One group has full permission and the other has a limit network access permission.
Is it possible?The equivalent of a NAR would be ACS 5.1 returning an authorization profile after authentication. Just configure your authorization policy to return one profile for one group of user and the other profile for the others.
Now to restrict access to the network, I think you're best with an ACL ? So link ACLs to your profiles.
Nicolas -
Network Access Account, used by only Workgroup Computers or Domain Computers also?
Our environment has a few servers that are in a workgroup (not ideal, but is an application requirement on these few boxes) rather than being on the domain. We have to patch these servers routinely and would like to use SCCM 2012 to do so. As
I understand it all that is needed is to configure the Network Access Account for the site and install the client manually on the workgroup computers, correct? My next question is, do the domain computers continue to use their computer accounts to access
network locations during content deployment or will they too use the newly configured network access account? Or, does the client first attempt to use its computer account and if that fails then results to using the SCCM Network Access Account?
I've searched everywhere and can't seem to find this info. Thanks in advance if you can point me in the right direction.Hi,
I haven't seen any table like this for the Configuration Manager 2012 so this is for 2007, I haven't heard of any changes to this and the conclusion is that the account is used more often than you would think depending on what you are doing with the client.
http://technet.microsoft.com/en-us/library/bb680398.aspx
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec -
Network Access Module and Switching Users
We are working on implementing 802.1x and plan to use AnyConnect NAM on the PCs. However, I’ve run into a problem where we have a few multi-user machines for employees who work in multiple locations throughout the day. It’s not uncommon for someone to lock the PC they are working on and walk away. Prior to NAM, a second user could come along and log in as themselves, leaving the initial user logged in. However, I’ve found that once NAM has been installed this user switching feature is disabled. This is understandable, as the initial user technically hasn’t logged out, so the port is still authenticated with their credentials, and we wouldn’t want to accidently break a connection stream just to reauthenticate the second user.
I have spent quite a bit of time going through these forums and white papers trying to find an alternative solution for this situation, but haven’t had much luck. Does anyone have any suggestions on how I could proceed on this?wireman wrote:
I run Access Connections 4.42 as default for configuring network access on a T61with XP SP2. When two users are logged in Access Connections fails with: Access Connections is being used by another user.
A lurker reviewed this and sent back this message:
"Fast User Switching. Since the first user doesn't actually log off, any attempt to use Access Connections by the second user will result in the alert referenced in the post. It's working as designed."
English Community Deutsche Community Comunidad en Español Русскоязычное Сообщество
Jane
2015 X1 Carbon, ThinkPad Slate, T410s, X301, X200 Tablet, T60p, HP TouchPad, iPad Air 2, iPhone 5S, IdeaTab A2107A, Yoga Tablet, Yoga 3 Pro
I am not a Lenovo Employee.
I AM one of those crazy ThinkPad zealots!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! -
Cisco's AnyConnect Network Access Manager (NAM)
Hi dears,
I configurate EAP_FAST in Cisco ISE and want wired users authenticate from ISE. I install Network Access Manager Profile Editor and Cisco Anyconnect Security Mobility Client on PC. I configure Network Access Manager when i want to save as that I did not see the . \newConfigFiles folder. Then I did that: Organize’, ‘Folder and Search Options’, ‘Show hidden files, folders, and drives. but in this case i did see the network access manager folder.
I need a to install Cisco’s AnyConnect Network Access Manager (NAM) on PC. HOW I get this soft? I have a smartnet for ISE.
Which email address(to cisco) i must be write to get this soft?
Thanks.You can download the Network Access Manager module from CCO. This link should work if you have a CCO account.
http://software.cisco.com/download/release.html?mdfid=283000185&softwareid=282364313&release=3.1.05160&relind=AVAILABLE&rellifecycle=&reltype=latest&i=rs
The file name will be similar to anyconnect-win-3.1.05160-pre-deploy-k9.iso. Just unzip the ISO with 7zip or Winrar and you will see the NAM msi file anyconnect-nam-win-3.1.05149-k9.msi. -
LAN settings for HP LaserJet 500 Color MFP M575: printing OK, network access NO
Printing OK but Network access NOI have a M575 in office LAN.IP 169.254.204.142Subnet 255.255.255.000Router 169.254.204.1Other computers 169.254.204.2-100Everything was good. But couple days ago I was not able to connect to my HP from browser. I was check settings and: IP address on screen HP - 0.0.0.0 I can printing on my HP!!! (destination of printing is: HPLaserJet500ColorMFPM575)but can’t to change settings. I can't change IP adres in JETDIRECT printer's menu. In command prompt PING of 169.254.204.142 is OK… Hand settings IP on start (1/8 click ), searching in administrative menu, cold reset… nothing I don’t know what I can to do else.
This is my IPConfig screen:C:\>IPConfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : T420
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Peer-Peer
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Bluetooth Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
#2
Physical Address. . . . . . . . . : 60-D8-19-D8-A4-3B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : 00-21-CC-66-CA-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::385f:1def:62ae:8cd5%75(Preferred)
IPv4 Address. . . . . . . . . . . : 169.254.204.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 29 xxxxxxxxxxx 2015 15:25:46
Lease Expires . . . . . . . . . . : 30 xxxxxxxxxxx 2015 15:25:46
Default Gateway . . . . . . . . . : 169.254.204.1
DHCP Server . . . . . . . . . . . : 169.254.204.1
DHCPv6 IAID . . . . . . . . . . . : 1610621388
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-69-54-50-00-1E-37-1A-5A-E8
DNS Servers . . . . . . . . . . . : fe80::5ef9:6aff:fedf:5f3b%75
169.254.204.1
169.254.204.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
Physical Address. . . . . . . . . : A0-88-B4-D2-3E-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 57:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{32EA8AA7-0304-411D-9B3C-9BE6D6E53F7D}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 135:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{0E880DF2-FD27-4BF8-BBD9-EA726316C1FE}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{FFBD17DC-A12B-469A-8135-C63D9BBEBB31}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\> -
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
Acs 5.3 and wlc 2504 config with restricted network access
Hello,
i submit you the following issue that i'm actually facing:
i must configure a secured wireless network with access restriction based on SSID. the equipements are : cisco wlc 2504 (soft 7.3) cisco secure acs aplliance 1121 (soft 5.4) .
the users that will connect to the network are regrouped by identity groups, each identity group having it's own SSID. Clearly each group of users must access only one SSID.
i followed the procedure below to configure it:
-- creating user identity groups;
-- creating users and assigning them to the groups;
--- creating authorization profiles for each SSID under policy element/ authorization and permission/network access/authorization profiles and putting the Airespace-Wlan-Id(the SSID number) in the radius tab.
--- assigning the authorization profiles to the identity groups under access policies.
after all these config the users can access the network using there userid/password configured. But the problem is Every user can access every SSID, seems like the restriction is so not very well configured.
i found some documentation on this kind of config but the version of ACS used seems older than the one that i use, so menu are very different.
Please can someone provide with the right steps to follow to achieve this kind of config.
tkx in advanceYes.. you only have to add the end filter like what I posted... as far as the calling station id in the WLC security tab, it doesn't matter because that is not used when using 802.1x. I would also try to not enable everything that you have just to start from the basic and make sure it works first. The WAP Authentication Method might or might not work for you. Uncheck that for now and when you have a successful authentication, look at the monitor log and see what radius attributes are being sent, because those attributes is what you can use to build your policies.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
ACS 5.3 cannot create default network access authorization rule
Hi, when I click 'Create...' under Access Policies > Default Network Access > Authorization, and then press the 'OK' button, it says 'Please configure at least 1 condition.' However I have no way to configure conditions as the 'Conditions' text is just bold text and not a link or any sort of configurable area. If I go to 'Customize' on the bottom right and add conditions to the right list box, I still have no options when I press Create. Also, the 'green light' next to Default Network Access is grey with a line through it. This is the most cryptic system I have ever used.. anyone have an idea? Thank you!
Looks like you are using chrome amd it's not a supported browser.
Supported Web Client/Browsers
You can access ACS 5.3 administrative user interface using the following Web Client/Browsers:
•Windows 7 32 bit
•Windows XP Professional (Service Pack 2 and 3)
•Windows Vista
•Internet Explorer version 7.x
•Internet Explorer version 8.x
•Internet Explorer version 9.x
•Mozilla Firefox version 3.x
•Mozilla Firefox version 4.x
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.html#wp222016
Jatin Katyal
- Do rate helpful posts - -
Airport Extreme 802.11AC + 5th Gen and guest network access
I have the current gen Airport Extreme 802.11AC with a 5th Gen extending the network. With this setup, I am unable to login using our guest network setup. I have tried using guest network with a password and one without but its the same results. When a guest logins, it stuck attempting to login with no error messages.
So is it possible to have this configuration and still have guest network access?Please review what I said originally.......that the guest network function on the AirPort Extreme is designed to work with a simple modem......so the AirPort acts as the main router for the network..
Another way of saying the same thing is that the AirPort needs to be "in charge" of your network for the guest feature to work correctly. The AirPort cannot be in charge if it is connected to another device that is already configured to be the main router on your network.....your Actiontec modem/router.
The Actiontec device combines the functions of a separate modem and a separate router in one package. This type of device is known as a modem/router, or also known as a gateway.
Some folks call a modem/router or a gateway......a modem. So, things can get confusing.
I do not know if it is possible for the Actiontec device that you have to be configured to act as a simple modem.....so the routing functions of the device are completely turned off. (Turning off the wireless on the Actiotec does not turn off the routing function).
If you turn off the wireless on the Actionec, it becomes a modem and a wired router. And that wired router is still in charge of your network.
The guest network feature will not work correctly unless the AirPort is in charge of your network.
My suggestion was for you to ask your Internet Service Provider (ISP), if they could supply you with a simple modem. That is all that you need. You don't need two routers....and the Actiontec that you have now is not allowing the guest feature to work correctly. -
Hi,
I can not access CRM from outside the office network - Access denied You do not have sufficient access rights or privileges to perform this action. I can access CRM with same user id and password from our office inside the network. I can get
the page to give login details once I have login details I got below error. Please help me to solve this issue. It was working before.
Access denied You do not have sufficient access rights or privileges to perform this action.
Regards,
Noushad
[email protected]On Premise system Configured with AD FS server for claims-based authentication you need to update your host file with server url to access it from outside office network.
Refer
this on how to update host file.
Regards, Saad -
Hello!
Scenario
Built a single primary site server in one domain with multiple distribution points. All site servers are member of this one site.
The distribution points in the primary site servers' domain function as expected. The distribution point deployed to an untrusted domain does not. The primary site server can see all objects in the domain, publishes successfully, and CCM client on the
DP in the untrusted domain knows its part of the site, knows its AD site (according to locationservices.log). The DP role is installed properly, logs are populating, queries are being made for application lists and updates. nfortuantely authentication
errors indicate that this software can'tbe downloaded.
In essence the DP in the untrusted domain can't pull down content from the primary site server. The role uses BITS to download content from IIS on the primary site server, but the requests each throw a 401 error. Unauthorised. This should be an easy fix.
Create a Network Access Account in the primary site server's domain, assign it to the site (Software Distribution setting), wait for the DP to pick up the setting and watch it retrieve its content. The DP in the untrusted domain is configured as a Pull DP,
implying it has to use a Network Access Account to download content. It knows the content is available and makes every effort to download it.
Problem
The DP in the untrusted domain doesn't know a Network Access Account (NAA) has been defined for the site.
The account does exist, created in the primary site server's domain and assigned to the site. Its not a password issue. IIS has not been set for Anonymous access as this isn't needed - the NAA should provide the credentials it requires to pull down content.
A manual check using the URL of the package confirms the package is accessible from the DP when using the NAA's credentials. I've allowed enough time (i think) for the DP to acknowledge the NAA. For fun the DP role was removed, and the CCM agent removed. Both
were reinstalled. A fresh install didn't detect the NAA.
Solution
After some soul searching and a little frustration, it came down to this: A Pull DP always uses the Network Access Account. If the DP can't find a Network Access account it will fail to pull down content. This is undisputed. Found an article that states
the Pull DP always uses the CCM client configuration to do its dirty work. At that point the CCM client was checked. It had the classic problem of only displaying two Actions - Machine Policy Retrieval & Evaluation Cycle, User policy Retrieval & Evaluation
Cycle. Most components were installed but not enabled. This is fairly common. Looked at the console, found the device, added the Approval column. Turns out it wasn't auto-approved. Reason being that the client is in an untrusted domain and clients in untrusted
domains aren't approved automatically (by default).
In this case something as simple as an Approving the client fixed these issues.
The DataTransferService.log highlights the issue:
<![LOG[CDTSJob::JobError: DTS Job ID='{17E0B672-F699-434D-B063-87CC2ACF715C}' BITS Job ID='{38B81ADE-55B5-4BD7-A881-DBFF13943EDE}' ErrorCode=0x80190191]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService"
context="" type="1" thread="3136" file="dtsjob.cpp:3501">
<![LOG[CDTSJob::JobError: DTS Job ID='{17E0B672-F699-434D-B063-87CC2ACF715C}' URL='http://PRIMARYSERVER.A.B.COM:80/SMS_DP_SMSPKG$/5af1680e-4a14-4dc5-8a60-bda7370e6d68'
ProtType=1]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService" context="" type="1" thread="3136" file="dtsjob.cpp:3504">
<![LOG[Authentication required by the proxy, DTS Job ID='{17E0B672-F699-434D-B063-87CC2ACF715C}' BITS Job ID='{38B81ADE-55B5-4BD7-A881-DBFF13943EDE}'.]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService"
context="" type="3" thread="3136" file="dtsjob.cpp:3513">
<![LOG[DTSJob {8814E9A1-3D26-4089-83CF-3C7D17BCEC6E} in state 'Cancelled'.]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService" context="" type="1" thread="3688"
file="dtsjob.h:166">
<![LOG[DTS job {17E0B672-F699-434D-B063-87CC2ACF715C} BITS job
{38B81ADE-55B5-4BD7-A881-DBFF13943EDE} encountered Access Denied error during download. Will retry using Network Access Account.]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService"
context="" type="2" thread="3136" file="dtsjob.cpp:3652">
<![LOG[DTSJob {8814E9A1-3D26-4089-83CF-3C7D17BCEC6E} cancelled by client.]LOG]!><time="18:25:54.280+00" date="02-19-2015" component="DataTransferService" context="" type="1" thread="3688"
file="dtsjob.cpp:3205">
<![LOG[No network access account info found.]LOG]!><time="18:25:54.327+00" date="02-19-2015" component="DataTransferService" context="" type="1"
thread="3136" file="netaccessaccount.cpp:288">
<![LOG[The network access account is not defined.]LOG]!><time="18:25:54.327+00" date="02-19-2015" component="DataTransferService" context=""
type="1" thread="3136" file="netaccessaccount.cpp:858">
<![LOG[DTSJob {17E0B672-F699-434D-B063-87CC2ACF715C} encountered error setting BITS job to use Network Access Account
(0x00000000).]LOG]!><time="18:25:54.327+00" date="02-19-2015" component="DataTransferService" context="" type="3" thread="3136" file="dtsjob.cpp:1885">
The IIS server logs u_ex150219.log captures the request:
2015-02-19 123.11.12.13 GET /SMS_DP_SMSPKG$/5af1680e-4a14-4dc5-8a60-bda7370e6d68/sccm /windows6.1-kb3021917-x64.cab 80 - 9.10.11.12 Microsoft+BITS/7.7 -
401 2 5 1509 2
2015-02-19 123.11.12.13 GET /SMS_DP_SMSPKG$/5af1680e-4a14-4dc5-8a60-bda7370e6d68/sccm /windows6.1-kb3021917-x64.cab 80 - 9.10.11.12 Microsoft+BITS/7.7 -
401 1 3221225581 1509 4
2015-02-19 123.11.12.13 GET /SMS_DP_SMSPKG$/5af1680e-4a14-4dc5-8a60-bda7370e6d68/sccm /windows6.1-kb3021917-x64.cab 80 - 9.10.11.12 Microsoft+BITS/7.7 -
401 1 3221225581 1509 3
2 x Domains: DomainA and DomainX
- Single domain forests
- No trusts between domains/forests
DomainA\PRIMARYSERVER
- Primary Site Server, MP, DP, IIS, all roles
DomainX\DP1
- Distribution Point, IIS, etc
- CCM client installedBased on the above, you are using a PullDP. If so, have you installed the client agent on this system? The client agent is required on PullDPs in untrusted domains so that they can acquire the NAA.
Jason | http://blog.configmgrftw.com | @jasonsandys -
"wake for network access" not working
Hi guys,
I enabled System Preferences > Energy saver > Wake for network access
and
System Preferences > Sharing > remote Login
These are the exact settings I had under Snow Leopard and it used to wake my iMac via 5GHz WiFi. I use a AirPort Extreme and didn't change a thing on its side. But neither with VNC nor with my iPad app "Screens" I am able to wake it under Lion. Screens tells me "Computer in sleep mode"...
Any help?
Thanks in advance,
BadoI've been having problems with wake for network access on Lion as well. Similarly to others, if my iMac has recently gone into sleep mode, then it will wake up for Apple TV use or for file and screen sharing from another computer. After an extended period of time, however, all such functionality disappears.
I've been rooting around in System Profile and have found something that may be of interest. Under the Hardware section, in the Power menu, there is a parameter called 'PrioritizeNetworkReachabilityOverSleep'. On both my iMac and Macbook this is set to zero (i.e. 'no').
Does anybody have any idea what it means? And if there is any way to change it? If I had to guess, it sounds as though there is a setting somewhere in the system configuration (thought apparently not visible from the GUI) that sets the computer to remain in sleep mode rather than briefly waking to maintain its registration with the relevant Bonjour sleep proxies.
Hopefully we'll be able to get to the bottom of this, as over six months after Lion's release the problem has yet to be resolved by Apple through version updates, something that is especially frustrating given how excellent a feature wake on network access is when it can be reliably coupled with an Apple TV or Back to my Mac. -
Cisco ACS 4.2.1.15 for Windows and Network Access Profiles
We are attempting to configure ACS 4.2.1.15 on Windows Server 2008 Member Server. Initially I only have the need to authenticate Network Admins for device administration and authenticate Windows AD groups using PEAP authentication. The general problem that I am having is that if I configure a Cisco 1200 Access Point for PEAP and also setup The Access Point for Radius authentication pointed to the ACS server it always maps to the the first Network Access Profile and rather than it trying the second it will error sayiing some condition is not met depending on what changes I make. Can someone tell me what the criteria that is used to determine what NAP is used? According to the manual if all 4 criteria are not met then the Profile will not apply.
I am using one ACS group that is mapped to an AD group for Wireless Access and a Second ACS group mapped to an AD group that includes the Net Admins. This group mapping appers to be working as the user group name seems to mapped correctly in the logs. In short I have tried only configuring the Wireless NAP to only Allow EAP authentication using PEAP EAP-MSCHAPv2 and the Netadmins profile to include all protocols. Bascially what happens is if I have the Wireless NAP first it works fine for PEAP authentication on Wireless but if I try to administer the access point and provide credentials I get a message in the failed log that the authentication profile is not allowed in this Network Access Profile. Why does this not just go onto the next Network Access profile?
I am familiar with version 3.2 but it does not seem to work the same.
Any help would be appreciated on what I am missing.
ThanksHi Surenda,
Thanks for your reply. Nop, there is no WLC yet, but the WLC will be installed shortly.
Thanks,
Jean Paul -
How to configure network on Oracle Solaris 10
Hi All,
I have created a new virtual machine on Windows Server 2003 and installed Oracle Solaris 10 on VMWare. Now I need to configure network on my Solaris virtual machine, So that i can access Solaris machine outside the VMWare. Can somebody help me out?
Regards,
S.RiziHi,
I have created a new virtual machine on Windows Server 2003 and installed Oracle Solaris 10 on VMWare. Now I need to configure network on my Solaris virtual machine, So that i can access Solaris machine outside the VMWare. Can somebody help me out?Refer below thread.
Hope helps :)
http://www.linuxquestions.org/questions/solaris-opensolaris-20/configure-solaris-network-on-vmware-847849/
thanks,
X A H E E R
Maybe you are looking for
-
Search and replace data in excel using a text file
Hi Scripting Guy: I was able to write a script based on all the examples in your blogs, but now I'm stuck: I have a text file, which has Server Name, IP Address, Comments ABCserver1, 1.1.1.1, remote web server DEFserver2, 2.2.2.2, remote app server X
-
We have an issue when we send a film to the media encoder it crashes about half of the time for no particular reason. Anyone else got that too with Premiere Pro CC and the new Media encoder?
-
Hello, I am muslim girl and I usually cover my hair and my body as well. ( in my religion no men allow to see my body uncovered ). I have created an iphoto book with my pictures without the covers. I would like to purchase the book through apple stor
-
How to convert the graph to gray scale
Hi I am using MS 1.1 version, I need to take the print of the graphs which is provided by NI. The problem here is that i need the GUI to show the graph in multicolor environment, but when i am going to print it on a paper, i should be able to convert
-
Transaction to execute Process Chain
Hi experts; I want to create a transaction to execute a process chain. Is this possible? I create one new transaction in SE93 and assign the transaction RSPC but it gives a list of all the process chain that exists. Can any one help me? Thanks in adv