Disable SSH version1 in ACS Express 5.0

Hi,
Does anybody knows if it is possible to disable SSH v1 in ACS express installed in ADE 1010?
Appreciate anybody's feedback
Thanks.
NetMaint

Hi,
This was required by our client to disable SSH v1 after the infosec audit.
Can this be done? I tried digging but can't find any info. If this can't be done at least provide me some link so I can feedback to our client.
Appreciate your reply.
Regards, NetMaint

Similar Messages

  • ACS Express integration with Active Directory

    Hello,
    I have ACS Express version 5.0.1 installed on Cisco ADE; I'm trying to get it integreated with an Active Directory without sucess.
    I did packet captures on the ASA that is in between and I can see communication going thru just fine. I ran a diagnostic on the ACS express and got this:
    DIAGNOSTIC USING THE IP ADDRESS OF THE DOMAIN CONTROLLER:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Tabla normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Output of AD Domain Diagnostics:
    IP Diagnostics
    Local host name: he-zfm-acs-01
    Local IP Address: 172.31.67.10
    Not found in DNS!Make sure it is in Reverse Lookup Zone.
    FQDN host name:he-zfm-acs-01.clarocr.americamovil.ca1
    Domain Diagnostics:
    Domain: 172.24.2.93
    Subnet site:
    WARNING! Unable to locate computer's subnet site in Active Directory.
    Ask your Active Directory administrator to add this computer's subnet
    to the appropriate site.
    DNS query for: _ldap._tcp.172.24.2.93
    Found no SRV records!
    Computer Account Diagnostics
    Not joined to any domain
    AD Agent Process Status: Not joined to any domain
    DIAGNOSTIC USING THE AD REALM:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Tabla normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Output of AD Domain Diagnostics:
    IP Diagnostics
    Local host name: he-zfm-acs-01
    Local IP Address: 172.31.67.10
    FQDN host name:he-zfm-acs-02.clarocr.americamovil.ca1
    Domain Diagnostics:
    Domain: CLAROCR.AMERICAMOVIL.CA1
    Subnet site: TELECOM
    DNS query for: _ldap._tcp.CLAROCR.AMERICAMOVIL.CA1
    Found SRV records:
    rom-pro-dc-03.clarocr.americamovil.ca1:389
    Testing Active Directory connectivity:
    Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1
    ldap: 389/tcp - good
    ldap: 389/udp - good
    smb: 445/tcp - good
    kdc: 88/tcp - good
    kpasswd: 464/tcp - good
    ntp: 123/udp - good
    Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:389
    Domain controller type: Windows 2003
    Domain Name: CLAROCR.AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Forest Name: AMERICAMOVIL.CA1
    DNS query for: _gc._tcp.AMERICAMOVIL.CA1
    Testing Active Directory connectivity:
    Global Catalog: rom-des-dc-01.desa1sv.americamovil.ca1
    gc: 3268/tcp - timeout
    No TCP LDAP response, giving up on rom-des-dc-01.desa1sv.americamovil.ca1
    Global Catalog: rom-amv-dc-02.americamovil.ca1
    gc: 3268/tcp - good
    Global Catalog: rom-tlc-dc-01.telecom.americamovil.ca1
    gc: 3268/tcp - good
    Global Catalog: rom-pro-dc-03.clarocr.americamovil.ca1
    gc: 3268/tcp - good
    Global Catalog: rom-tlc-dc-02.telecom.americamovil.ca1
    gc: 3268/tcp - good
    Global Catalog: rom-amv-dc-01.americamovil.ca1
    gc: 3268/tcp - good
    Domain Controller: rom-amv-dc-02.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Domain Controller: rom-tlc-dc-01.telecom.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: TELECOM.AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: CLAROCR.AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Domain Controller: rom-tlc-dc-02.telecom.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: TELECOM.AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Domain Controller: rom-amv-dc-01.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Forest Name: AMERICAMOVIL.CA1
    Computer Account Diagnostics
    Not joined to any domain
    AD Agent Process Status: Not joined to any domain

    Dennis,
    TIme in sync on the ACS and AD servers?
    Faisal

  • Disable SSH root login in RAC system

    Hi Alll,
    We have a oracle 11.2.7 RAC in Linux. As statement, SA will disable ssh root log and Nagios will monitor each nodes in RAC system.
    As I know, Nagios only apply DH key for SSH. But Oracle RAC apply two type of SSH key for ssh_equivelancy in Oracle CRS.
    Dees any experts have experience for oracle RAC and database when disable root SSH log in Linux system?
    Thanks very much!
    JIn

    Security is not based on the number of keys one needs - but on the quality of the locks.Partially agree. But just like in real world one lock is not enough even superb. Why cars have imobilisers, defendlocks etc.? Why there is fence in front of some shop's door? It's very common to have two locks on front door. It's much harder (at least it takes much time) to break two locks than break just one. And the time matters. Back to IT security. Disabled root account is one of best practices and is reasonable because you can't 100% assure that your administrator is using strong password everytime. He might just forgot to change password after installation. He might set weak password just for "temporary" reason. You can of course force the password complexity but of course one you have the system installed.
    So can passwords. Deep packet inspection can occur unknowingly. Perhaps we still talking about SSH, don't we?
    The user may be targeted using social engineering, instead of targeting the actual computer system.It's much harder to get two passwords than just one even by using social engineering.
    The question is whether such a server is exposed to an unsecured or public network. And one would manage the risks differently on such a server than one for example in a private network, protected by a reverse proxy in the DMZ, that in turn provides access from a public network.OK, so we've got another locks here ;-)
    So if that user is compromised, so can root as that user can gain root access. I do not see this as better security. It is merely obfuscating security.Which user acccount? Do you know name of that account? Because I know the name of your's. ;-) So you need to find correct account name, get password for that account and also get the password for root account whilst I need to get password for root account only.
    Yes, partially agree with "obfuscation security" term. But in fact this is not for first time when obfuscation is used in security and neither for last time.
    But you can't consider "PermitRootLogin no" and "wheel" group as an obfuscation.
    Using encryption keys (public & private) is one answer to having to share and keep secrets. No, this is also not 100% safe, but I prefer it over having to know, remember and on occasion, share secrets (passwords).How well is your local machine secured? Are you using strong password? Do have all accounts strong password on your local machine? Is your local machine up to date for known sec. bugs (I don't mean zero days)? Is your local machine in separated VLAN or anybody from LAN can access your machine? Because if there are at least two "No" answers then how much time it will take for some skilled part-time worker (in your company) to break into your computer, steal the keys or even worse use your local machine to access the server?
    Don't get me wrong. I am not against encryption keys. Of course I am using it but in combination with other security restrictions which come from "best practices". And to disable direct root access is one of those practices. Even NSA (and other security institutions) suggest to do that (see page #37): www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf Also security auditors check for disabled direct access to privileged accounts.
    I understand this as good enough proof that disabling of direct access to privileged accounts rises security.
    Another good reason is right here:
    Install
    In other words, if any user has possibility to login as root, he uses "root" as default account which is another well known bad practice.

  • Disable ipv6 in solaris 11 express (2010.11)

    Is there a way to disable ipv6 in Solaris 11 Express?
    I can unlplumb inet6 interfaces but it created again after reboot.
    # ifconfig v1 inet6 unplumb
    # ifconfig lo0 inet6 unplumb
    # ipadm show-if
    IFNAME STATE CURRENT PERSISTENT
    lo0 ok -m-v------4- ---
    v1 ok bm--------4- -46
    Is there a way to get that change persistent?
    And what is there right way to get rid of ndpd daemon?
    Whenever I disable svc:/network/routing/ndp:default it gets back online by 'routeadm -u' after reboot.

    I know how to create addresses. I have no problem with ip4.
    Addresses created and persistent across reboot.
    The only problem that there is also bunch of ipv6 interfaces brought up at reboot and NDP daemon.
    For now I found workaround:
    1. make lo0 controlled by ipadm:
    # ipadm delete-if lo0
    # ipadm create-if lo0
    # ipadm create-addr -T static -a 127.0.0.1/8 lo0/v4
    2. Remove lines with "_family=26" from /etc/ipadm/ipadm.conf
    3. reboot.
    That's all I wanted.
    # ipadm show-if
    IFNAME STATE CURRENT PERSISTENT
    lo0 ok -m-v------4- -4-
    v1 ok bm--------4- -4-
    # routeadm -u
    # routeadm | grep ndp
    disabled svc:/network/routing/ndp:default
    If anyone know how to do the same without editing ipadm.conf please tell.

  • ACS Express radius authentication AD authorization

    I work at a University and for some reason we have multiple systems for authentication and authorization.  That being said I am trying to use radius to do authentication and AD for authorization for VPNs.  I have the radius authentication working against our radius server.  I have my ACS express setup to join the AD domain and everything looks good there.  I setup the AD server as a radius object in AAA server groups on my ASA.  Then I add the server below in the servers in selected groups window.  I put all the info in there and when I hit test I click authorization and put in the username that I know is in the domain group I have associated with this on the ACS.  The test fails and with authorization failed with invalid password.  When I look at the logs on the ACS I see
    01/06/2011 20:14:26 acsxp/server Warning Server 0 AD Agent Plain Text Authentication Failed for user: username@domain
    01/06/2011 20:14:26 acsxp/server Warning Server 0 Authentication for user username failed for reason = 0
    01/06/2011 20:14:26 acsxp/server Error Protocol 0 Request from 172.20.5.2: User username rejected . by RemoteServer: AD (InvalidPassword). 
    Username and domain are correct I just edited them for posting.  It seems like it is trying to authenticate rather than authorize.  All I want it to do is say yes the user is in this group or no the user is not in this group?  You can't even fill in the password when testing authorization?  Maybe I have something setup wrong on the ACS side but when I look at AD under users and identity stores, it says it is joined to the domain.  When I do AD domain diagnostics under troubleshooting everything looks good.  I have the ASA I am testing from defined as a device and in the ASA device group.  Under access services in Radius access services I have one service that I setup that connects to the AD and it found the group so I know it is connecting.  Any idea what I am doing wrong or where to look?
    Any help would be GREATLY appreciated!
    Thanks
    Joe

    Hi Joe,
    We could take a deeper look at what is happening through some logs and debugs:
    1. On ACS Express, under
    Reports & Troubleshooting > Troubleshooting > Server Logs
    please set the Express Server Trace Level to 5 and the Web Server Trace Level to 4.
    Also, for the Log Level under OS Logging, please set its value to "Debug".
    If previous old logs are not essential to you, you may also wanna delete all the log files first, so that we capture logs for the last day only.
    2. On the ASA, please enable the following debugs
    debug aaa authentication
    debug aaa authorization
    debug radius
    3. Then please first recreate a successful authentication attempt, and then recreate the authorization test issue with the same user account for which you tested the successful authentication.
    4. After the issue is recreated, please attach the debugs from the ASA and following files from the ACS Server Logs:
    acsxp_adagent.log
    acsxp_agent_server.log
    acsxp_mcd.log
    acsxp_server.log
    acsxp_server_trace.log
    Regards,
    Fede
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • ACS Express 5.0 - "unique authentication" what does it mean?

    Hi to all,
    the ACS Express 5.0 datasheet states: "Cisco ACS Express supports a maximum of 50 AAA clients and 350 unique user logins in a 24-hour period"
    It's clear what's the meaning of the max 50 AAA clients...in fact what is not clear is regarding the max 350 uniques user authentication.
    If I use 802.1 IBNS with PEAP-MSCHAP to do machine authenticaion each machine authentication will count as a unique logon...isn'it? What happens if there are Laptop assigned to sales which spent a lot of time out of the office???
    Each time these laptops reconnect to the network wil count as an extra logon or and increase the logon counter of one or since this laptop is already authenticated on the morning t won't count as an extra unique logon...
    My question is related to the fact that I have a customer who wanto to introduce IBNS-802.1X but have "only" 20-25 AAA clients and max. 200 users (where about 100 are laptop)...and using ACS 5.0 in a redundant way will be too expensive...
    Thanks for a reply
    Omar

    The ACS Express 5.0 Appliance is designed for a maximum of 350 users. This limit does not apply to the number of logins.
    Cisco Secure Access Control Server Express 5.0 QA
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps8543/ps8724/prod_qas0900aecd806d3a4d.html
    Q. How is Cisco Secure ACS Express positioned in comparison to Cisco Secure ACS for Windows (ACS Windows) and Cisco Secure ACS Solution Engine (ACS SE)?
    A. ...Cisco Secure ACS Express is well suited for deployments that need an access control solution for fewer than 350 users and 50 devices. This product is intended to serve small to medium-sized businesses, retail sites and enterprise branch offices where customers need an easy-to-use GUI yet require a comprehensive but simple feature set and a lower price point to address their specific deployment needs.
    For a detailed feature set, please refer to the Cisco Secure ACS Express data sheet at http://www.cisco.com/go/acsexp....

  • ACS express v5.0.1 fail to join AD

    hi,
    i try to integrate my ADE 1010 appliances running on ACS express v5.0.1.1 to my DC running on window 2008 server enterprise edition SP2.
    as i fill in the info at domain configuration and test the connection, it's succeed. but once try to save and join it's failed to join the domain.
    log extract from acsxp_adagent :
    PMOACS AD-SCRIPTS: INFO AD script executed from IP: 10.169.2.100 script: /cgi/adjoindomain.pl/cgi/adjoindomain.pl args: DM=jpmosp.xxx.yy&UN=administrator&CN=OU%3DACS&PDC=jpmosp.xxx.yy&PW=******
    PMOACS AD-SCRIPTS: INFO AD join container used: OU=ACS
    PMOACS AD-SCRIPTS: INFO AD join Preferred Domain Server used: jpmosp.xxx.yy
    PMOACS AD-SCRIPTS: INFO AD join container used: OU=ACS
    PMOACS AD-SCRIPTS: INFO AD join Preferred Domain Server used: jpmosp.xxx.yy
    PMOACS AD-SCRIPTS: INFO AD join command used: /opt/CSCOacsxp/adagent/bin/adjoin -u "administrator" -p "******" -z NULL --noconf "jpmosp.xxx.yy" -s "jpmosp.xxx.yy"
    PMOACS AD-SCRIPTS: CRITICAL Unknown status returned from adjoin
    PMOACS AD-SCRIPTS: WARN --- BEGIN FILE LOG FOR /opt/CSCOacsxp/temp/adjoindata.8870 ---
    PMOACS AD-SCRIPTS: WARN Cannot resolve computer name "pmoacs" in DNS or /etc/hosts
    PMOACS AD-SCRIPTS: WARN Please edit /etc/hosts or your DNS server to set your hostname correctly
    PMOACS AD-SCRIPTS: WARN or use --name option to override this check.
    what i did on my window 2008 server:
    1. log in as the administrator, create a container name "acs", and inside of it create a computer name as "pmoacs"
    2. appliance clock is tally with AD-DC server, no time skew problem.
    what i did on my Cisco ADE 1010:
    1. initial setup only.
    thank you
    N

    Hi,
    This is the relevant error message:
    "WARN Cannot resolve computer name "pmoacs" in DNS or /etc/hosts"
    Please make sure you have the acs hostname configured on the DNS server.
    The ACS must be able to resolve its own hostname, otherwise this will fail.
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Unknown CA failure on ACS express

    Hi forumers
    i try to let user access to the network authenticate using ACS express, then map to the AD server.
    somehow i get the error from the authentication report is FAILURE REASON: UNKNOWN CA
    i try and use self-singed certificate, then download the certificate, open and copy the CSR and paste to my CA server.
    I'm using Window's advance certificate request "submit a certificate request by  using a based 64-encoded CMC or PKCS#10 files..." this option.
    somehow i got this error message. (see attachment)
    Question1: is it the right way to do CSR to window CA server? am i doing it right?
    Question2: if i am wrong, any guide for a proper way doing certificate installation for ACS express in order talk to AD server?
    thanks
    Noel

    Hi,
    Actually you do not need to have a signed certificate on the ACS Express to be able to join the AD...
    However, if you still want to do it, then can you please send me the CSR? I can take a look and see if everything is ok...
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • ACS Express 5.0 vs ACS 5.0

    What's the difference between the two?
    - Cisco Secure ACS Express 5.0
    - Cisco Secure Access Control System 5.0

    ACS Express 5.0
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps8543/ps8724/product_data_sheet0900aecd806d3b78.html
    ACS 5
    http://cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/ps9915/product_bulletin_c25-504495.html

  • Disable ssh-agent on boot

    hello, I'd like to know how to disable ssh agent since I don't use it. It's a kde dependancy so it cannot be removed. So is there a way to make it not start on boot?

    pacman -qli kde-agent
    Name : kde-agent
    Version : 20090801-2
    URL : http://www.kde.org
    Licenses : GPL LGPL FDL
    Groups : None
    Provides : None
    Depends On : pinentry openssh qt
    Optional Deps : None
    Required By : kdepim-libkdepim kdeutils-kgpg
    Conflicts With : None
    Replaces : None
    Installed Size : 8.00 K
    Packager : Tobias Powalowski <[email protected]>
    Architecture : i686
    Build Date : Sat 01 Aug 2009 09:49:35 AM EDT
    Install Date : Mon 14 Mar 2011 11:10:48 PM EDT
    Install Reason : Installed as a dependency for another package
    Install Script : No
    Description : Startup and shutdown scripts for gpg-agent and ssh-agent in KDE
    kde-agent /etc/
    kde-agent /etc/kde/
    kde-agent /etc/kde/env/
    kde-agent /etc/kde/env/agent-startup.sh
    kde-agent /etc/kde/shutdown/
    kde-agent /etc/kde/shutdown/agent-shutdown.sh
    You may be able to change some setting in /etc/kde/env/agent-startup.sh .

  • Join acs express to active directory domain

    i have a problem joining acs express active directory domain , both are reachable to each other in the same subnet & no firewalls between them , but when i test the connectivity it gives this error:
    " required service unavailable. DNS is setup correctly , and the domain controller is reachable , however , one of the required services, such as ldap,kerberos, or global catalog service is not available. This issue may arise if there is a firewall between AD domain controller, and the ACS Express appliance"

    It is sounds like a bug CSCsw29387 Join AD domain, with one DC down fails. If the ACS Express is trying to join an AD domain in a multi domain controller environment and one of the domain controllers is down, the ACS Express will fail to join the domain.

  • Lock user from disabling ssh?

    Our users use local accounts on each machine. Some of them like to disable ssh. Any way to lock them out of changing these preferences? They are admin accounts.

    Aside from going down the route of client management, you could set up a root crontab which simply switched on SSH every hour or whatever. You may even be able to push the crontab out to the machine (as file /var/cron/tabs/root) via ARD (but I've never tried rewriting the actual crontab file - so be warned).
    so line in crontab...
    @hourly /sbin/service ssh start
    Has to run as root (I think) rather than in user's crontab.
    -david

  • Disabling SSH sharing

    Hi everyone!
    I had downloaded an application called ToMacs, which basically allows me to exchange files over the internet in a secure shell (SSH) . But now that I have moved some files over, is SSH sharing is left eternally enabled by the app. The problem is that the application doesn't have an option to disable this feature, and now i feel like I'm stuck with an open backdoor or something and it really bothers me.
    So my question is how can I disable SSH sharing? There must be, but so far my searches have been fruitless.
    Please can someone help, I would greatly appreciate it!!...

    See if there is anything relevent in...
    /private/var/run/StartupItems
    /Library/StartupItems
    /System/Library/StartupItems
    Aso look in in Your Accounts Pref Pane Login Items window.

  • Does MARS support ACS Express 5.0?

    Hi guys... Does anyone know whether MARS supports ACS Express 5.0? I tried to add the ACS Express 5.0 device but there was not this version of ACS on Reporting Applications tab of Cisco MARS.
    Thanks all.

    MARS does not support ACS Express 5.0
    Only ACS version 3.x and 4.x are supported as per the following document:
    http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp75381
    Hope that helps.

  • ACS Express AD

    Hi All,
    I've setup ACS Express and try to join to MS AD. connectivity passed but it says "Saved settings, but error in joining domain. Error: Timeout occured communicating with AD domain controller.
    any suggestion would be very appreciated
    Alex

    Alex,
    Check for communication issues between AD and your express server. Also verify that time is not off by more than 5 minutes.
    HTH,
    Faisal

Maybe you are looking for

  • Solaris 8 10/00 & 01/01

    Where can I find the differences between Solaris 10/00 and 01/01 Thanks

  • Why do I get duplicates notes with macbook air

    I don't have #2 No option to deselect, or select Sync Notes Duplicate notes Syncing Notes both over the air and with iTunes can result in duplicate notes appearing in the Notes application. Use the following steps to resolve the issue: Connect your d

  • IBot - How to impersonate as multiple users

    Experts, Below is my requirement. I would like to run an iBot when ETL finishes loading the data. This iBot should seed the cache for say 5 users.I have 2 dashboards and multiple pages within a dashboard. I know by selecting the checkbox for seeding

  • WCF, DirectoryServices namespace, and Impersonation.

    I am working on a WCF service that can perform basic Active Directory operations (create users for instance).  Is there a way to get WCF to work with Impersonation (believe impersonation is what I want) so each function in the code that uses Director

  • Encore CS6 Dynamic Link to Photoshop CC

    This seems such an obvious question, but I have searched without request: Until two days ago I had Premiere Pro CS5, CS6 and CC installed, but I was having problems with the CC Application Manager not recognising apps as installed when they were.  So