Dynamic Port Allocation Using OPMN
I wanna use jrockit mission control to monitor a java application which is running in 8 oc4j instances controlled by opmn. I included the -Xmanagement:ssl=false,authenticate=false,autodiscovery=true,port=7091 in the oc4j startup command line in opmn.xml but i need that opmn dynamically change the port part of the command using a range of predefined ports, just like opmn does for oc4j rmi, jms, ajp ports. Is that possible? Can I define a custom port range in opmn.xml and user the port id as a variable in oc4j's startup command line? Any help is more than appreciated
In addition to the above, the following was taken from D:\Hyperion\logs\BIPlus\FRClient.log on the client machine after the error occurred:
08-12 10:04:38 ERROR HRResourceBundleFactory Could not locate registry
08-12 10:04:38 ERROR HRResourceBundleFactory 5500
com.hyperion.reporting.util.HyperionReportException: Server not yet configured. Please configure the server.
at com.hyperion.reporting.config.ConfigResourceBundle.<init>(Unknown Source)
at com.hyperion.reporting.config.ConfigResourceBundle.getInstance(Unknown Source)
at com.hyperion.reporting.config.HRResourceBundleFactory.getConfigBundle(Unknown Source)
at com.hyperion.reporting.config.HRResourceBundleFactory.getInstance(Unknown Source)
at com.hyperion.reporting.registry.FRSystem.getReportServerNames(Unknown Source)
at com.hyperion.reporting.registry.FRSystem.removeReportServerFromLocalCache(Unknown Source)
at com.hyperion.reporting.registry.FRSystem.unregisterFRComponentAtRemoteRegistry(Unknown Source)
at com.hyperion.reporting.registry.FRSystem.pickRandomServer(Unknown Source)
at com.hyperion.reporting.registry.FRSystem.lookup(Unknown Source)
at com.hyperion.reporting.registry.FRSystem.lookupHsServer(Unknown Source)
at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
Similar Messages
-
Does APPS have dynamic port allocation going on somewhere
Hi Gurus,
We have a situation where 5 Test instances of Ebiz all reside on the same server. The production Instance has its own dedicated server.
We seem to get intermittent, but frequent problems with some of the test environments taking the ports which are defined for other environments in the xml file.
This issue Never occurs in production
All environments services are restarted every night - most of the time there is no problem. But sometimes, web, forms, apps listner or concurrent managers wont start - an they give errors due to locked ports.
When I run a netstat -anp | grep <port> - the output shows that one of the other environments is listening on the port in question.
I have made absolutley sure that in the xml files and httpd.conf etc - each environment has its distinct port set (which it does)
I have searched for ages on google and metalink to try to find information about dynamic ports but cant find any
Can anyone help?
ThanksHey Oli, no help here I'm afraid just wanted to say I am experiencing a similar problem although mine is a situation where I have e-Biz and OAS installed. The seem to co-exist peacefully most of the time but our app also restarts every night and some mornings the app is not available. Recently it was fixed by shutting down the OAS server and restarting.
So no resolution yet but I feel your pain. I was just starting to look into how I would use netstat to help my troubleshoot and also look at net.ipv4.ip_local_port_range set in /etc/sysctl.conf. -
Configuring RPC dynamic port allocation
I'm getting RPC errors to a Windows 2003 server:
0x800706ba
Win32
The RPC server is unavailable
I've verified the RPC, TCP/IP Netbios Helper, Windows management Instrument services are started on the 2003 box. From the same 2003 box I am able to run wmimgmt.msc and view it's wmi properties. However, I get the RPC error above when I run the WBEMTEST
from a client on another domain. I also get the same error when I run wmimgmt.msc using the same remote client to access the 2003 box. I came across the microsoft KB: https://support.microsoft.com/en-us/kb/154596
Would I just configure that port range on the 2003 box's registry? At this point I'm leaning that maybe it's a firewall issue but not sure.Hello,
first check with the article
https://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx?f=255&MSPPError=-2147217396 that all AD required ports are open.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Sql server 2012 express - tcp/ip connection to named instance using dynamic port not working
I have a named instance on a SQL 2012 Express server that won't connect via TCP/IP when wanting to connect off of the dynamic port. I can connect via shared memory locally on the server. I can connect to the namespace when specifying the
dynamic port listed in the configuration manager.
This is the only named instance on the server and it is not the default.
TCP/IP is enabled
Allow Remote connections is enabled
the server browser service is running
I can connect via the dynamic port number
I am testing the connection locally on the server, so I don't believe a firewall is the issue. I get the same results if I test it from a remote computer.
When using the sqlcmd (sqlcmd -S tcp:SQLSRVR\NAMEINST -E) I get the message that "the requested protocol isn't supported [xfffffffff]". The command (sqlcmd -S tcp:SQLSRVR\NAMEINST,59992 -E) works.
Through SSMS, I get the message "the connection was actively refused".
On other boxes, I can connect with the named instance without having to specify the port.
I have looked through the sql logs and nothing much shows up. The log does show that is listening on the port # for ipv4 and ipv6. There is also a line in there talking about the SPN not being registered and not to worry about it if
you are not using Kerberos. I logged in through shared memory and it said I was using NTLM.
Any help would be appreciated.
thanks.Hi clw,
I’m writing to follow up with you on this post. According to your description, I do a test, if you configure the database engine to listen on a specific TCP port (59992), and
the port is opened in the firewall. If you want to connect to the SQL Server instance, you 'd better to
use the port number.
In my opinion, by default, the default instance of the Database Engine uses port 1433, usually, if you have configured the server to listen on a non-default port number, when an instance of SQL Server uses dynamic port allocation, the connection string that
is built at the SQL Server client does not specify the destination TCP/IP port unless the user or the programmer explicitly specifies the port. Therefore, the SQL Server client library queries the server on UDP port 1434 to collect the information about the
destination instance of SQL Server.
If UDP port 1434 is disabled, the SQL Server client cannot dynamically determine the port of the named instance of SQL Server. Therefore, the SQL Server client may be unable to connect to the named instance of SQL Server. In this situation, the SQL Server
client must specify the dynamically allocated port where the named instance of SQL Server is listening.
For more information about configuring an instance of SQL Server to listen on a specific TCP port or dynamic port, you can review the following article.
https://support.transfrm.com/entries/503111-How-to-configure-an-instance-of-SQL-Server-to-listen-on-a-specific-TCP-port-or-dynamic-port
Thanks,
Sofiya Li
Sofiya Li
TechNet Community Support -
Can you configure a static port to use with certsrv.msc?
I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes. Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
I configured a static DCOM port for certsvc by following this article, including bouncing the service and also rebooting the CA box:
http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
The static port was opened in the firewall from my workstation to the CA. We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open. Sniffing the firewall
showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.
I am wondering if there is a way to configure a static port for this high-level random port to use with certsrv.msc as I was able to do with the certsvc dcom port? I am trying to avoid having tens of thousands of network ports wide open going to my
CA... Thanks in advance!Hi Steve,
I am sorry that I wasn’t able to find references about restricting certificate services only use one port in the random port range.
However, we can configure RPC dynamic ports allocation to restrict port range. In the meantime, we should keep at least 100 ports open to keep necessary system services running.
More information for you:
How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/kb/154596/en-us
Service overview and network port requirements for Windows
http://support.microsoft.com/kb/832017/en-au
Firewall Rules for Active Directory Certificate Services
http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
Best Regards,
Amy Wang -
ERROR OGG-01201 Error reported by MGR : No available dynamic port entries
Dear All,
I have configured Golden Gate for MySQL on Linux machine.
All my extracts and replicats were running fine but suddenly the initial load extract have started trowing this error:
*2013-02-25 14:30:08 ERROR OGG-01201 Error reported by MGR : No available dynamic port entries.*
*2013-02-25 14:30:08 ERROR OGG-01668 PROCESS ABENDING.*
This is the same configuration that was working fine for many days:
GGSCI>ADD EXTRACT exp1, SOURCEISTABLE
GGSCI>INFO EXTRACT *, TASKS
GGSCI>edit params exp1
EXTRACT exp1
SOURCEDB db@localhost:3306, USERID "******", PASSWORD "******"
RMTHOST 10.168.20.31, MGRPORT 7809
RMTTASK REPLICAT, GROUP imp1
TABLE netfors.edr;
--on 31
GGSCI>ADD REPLICAT imp1, SPECIALRUN
GGSCI>edit params imp1
replicat imp1
USERID user, PASSWORD password
SOURCEDEFS /u01/app/oracle/oradata/GG/dirdef/edr.def
DISCARDFILE /u01/app/oracle/oradata/GG/dirrpt/imp1.dsc, PURGE
HANDLECOLLISIONS
MAP "db.edr", TARGET db.SDR_TBLICPRAWEDR, COLMAP (usedefaults,
ICPRE_RAWEDRID=seqno,
ICPRE_SENDER=sender,
ICPRE_RECEIVER=receiver,
ICPRE_ICCARRIERID=incoming,
ICPRE_OGCARRIERID=outgoing,
ICPRE_QUEUE=queue,
NE_ELEMENTID=18,
ICPRE_CREATETIME=createtime,
ICPRE_TIMEOFDAYBEGIN=timeofdaybegin,
ICPRE_TIMEOFDAYEND=timeofdayend,
ICPRE_UPDATETIME=updatetime,
ICPRE_STATE=state,
ICPRE_MODE=mode,
ICPRE_BATCHID=batchid,
ICPRE_REFERENCE=reference,
ICPRE_MSG_REFERENCE=msg_reference,
ICPRE_SEGMENT=segment,
ICPRE_CSMSID=csmsid,
ICPRE_GMSC=gmsc,
ICPRE_IMSI=imsi,
ICPRE_SMPP_MESSAGE_ID=smpp_message_id,
ICPRE_RETRIES=retries,
ICPRE_ELOCATION=elocation,
ICPRE_ECODE1=ecode1,
ICPRE_ECODE2=ecode2,
ICPRE_FLAGS=flags);
Kindly help to resolve this issue.
Thanks, ImranThanks for your reply and time Kamal.
When i run :
GGSCI (smsc.etisalcom.net) 1> send mgr getportinfo detail
returns
Sending GETPORTINFO, request to MANAGER ...
No Dynamic Ports In Use or Configured
But I have tried with
DYNAMICPORTLIST 7809,7810,7811 7812-7850
But error message was the same.
Current settings for the mgr
GGSCI>edit params mgr
PORT 7813
Regards, Imran -
Using BC4J Session Bean in OC4J 10.1.3 with dynamic ports
Hi Folks!
I've benn having trouble connecting my BC4J Session Bean to an Oracle 10gAS R3 server instance tha uses dynamic ports.
After migrating a BC4J/Struts/JSP application from 9iAS to 10gAS R3, I'm trying to connect from a client application to my instace in the server. The problem is that the instance uses dynamic ports, and whenever I deploy my application to the server, I've got to update the port number in the bc4j.xcfg file in the client application, wich has became impossible to maintain.
When I connect to an EJB in the same server, I use the instance name instead of the port number. However, when I do the same with BC4J, I get the following exception:
javax.naming.NamingException [Root exception is java.lang.NumberFormatException: For input string: "OC4J_dvt20"]
at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.remoteLookup(AmHomeImpl.java:131)
at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.getRemoteApplicationModuleHome(AmHomeImpl.java:42)
at oracle.jbo.client.remote.ejb.AbstractApplicationModuleHomeImpl.lookupUsingPlatformContext(AbstractApplicationModuleHomeImpl.java:82)
at oracle.jbo.client.ejb.ApplicationModuleHomeImpl.<init>(ApplicationModuleHomeImpl.java:52)
at oracle.jbo.client.remote.ejb.AbstractApplicationModuleHomeImpl.<init>(AbstractApplicationModuleHomeImpl.java:35)
at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.<init>(AmHomeImpl.java:35)
at oracle.jbo.client.remote.ejb.ias.InitialContextImpl.createJboHome(InitialContextImpl.java:28)
at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:77)
at javax.naming.InitialContext.lookup(InitialContext.java:347)
at oracle.jbo.common.ampool.DefaultConnectionStrategy.createApplicationModule(DefaultConnectionStrategy.java:136)
at oracle.jbo.common.ampool.DefaultConnectionStrategy.createApplicationModule(DefaultConnectionStrategy.java:80)
at oracle.jbo.common.ampool.ApplicationPoolImpl.instantiateResource(ApplicationPoolImpl.java:2468)
at oracle.jbo.pool.ResourcePool.createResource(ResourcePool.java:536)
at oracle.jbo.common.ampool.ApplicationPoolImpl.prepareApplicationModule(ApplicationPoolImpl.java:2094)
at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:1961)
at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:2793)
at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:453)
at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:424)
at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:419)
at oracle.jbo.client.Configuration.getApplicationModule(Configuration.java:1546)
at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1504)
at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1476)
at pkg.TesteEjbMCT.findTLS(TesteEjbMCT.java:98)
at pkg.TesteEjbMCT.main(TesteEjbMCT.java:51)
My question is: is there a way to configure my bc4j.xcfg, or another way to connect, in order to skip the use of the port number? Or a way to get the port number from the server before I connect?
Thanks in advance!!!I've just found the solution from Steve Muench weblog, always useful by the way!
You can find the solution at this link http://radio.weblogs.com/0118231/stories/2004/05/07/handcodingDynamicDiscoveryOfEjbdeployedAppmodule.html
In summary, we need to use the class com.evermind.server.rmi.RMIInitialContextFactory, which supports dynamic lookup, and implement the lookup ourselves.
The code I've written to lookup the service is listed below:
public static ApplicationModule getAppModuleManutencao() {
try {
Context ctx = getContext();
ManutencaoFacadeHome home = (ManutencaoFacadeHome) ctx.lookup(EJB_MANUTENCAO_BEAN_NAME);
ApplicationModule am = ApplicationModuleProxy.create(home, null);
return am;
} catch (NamingException nex) {
nex.printStackTrace();
return null;
private static InitialContext getContext() {
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.evermind.server.rmi.RMIInitialContextFactory");
env.put(Context.SECURITY_PRINCIPAL, "admin");
env.put(Context.SECURITY_CREDENTIALS, "welcome");
env.put(Context.PROVIDER_URL, "opmn:ormi://dsv008:OC4J_dvt20/mct");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
return new InitialContext(env);
}catch (NamingException e) {
e.printStackTrace();
return null;
I hope this helps someone!!!
Cheers! -
My application uses RMI by having a server-proxy-service system to enable the classes on the user's side to access functions on the server side that access the oracle database.
I have recently been asked for a specification of the ports that our application uses.
I have run a "netstat" on my server and saw that the user's computers connect to the server on a dynamic range of ports, while the only interaction the users have with the server is via RMI.
Is RMI responsible for the connection of dynamic ports to the server?
If so, is there anyway to set it use only certain ports?If so, is there anyway to set it use only certain ports?Yes. You can specify the port when constructing a Registry with LocateRegistry.createRegistry, and when exporting a remote object via the constructors of UnicastRemoteObject or UnicastRemoteObject.exportObject(). If you don't specify the port here, or specify zero, a system-allocated port will be used.
-
Dynamic (ephemeral) Port Allocation Global or per-IP?
Due to an unfortunate application design, I am encountering an issue where I am exhausting ephemeral ports, even after increasing the range. We have noticed the ephemeral port range seems to be allocated globally, regardless of sourceIP.
This post http://charlesgate86.wordpress.com/2011/09/23/cas-connection-scalibility-between-exchange-2007-2010/ seems to indicate that support was added in Windows
Server 2008 for per-IP source port selection. However, it also indicates that applications must be modifiied to leverage such support, but alas does not give any details on the modifications required.
The relevant section:
Where we see a scale limitation is between CAS and mailbox. Prior to Windows Server 2008, each outbound connection would
only use a single source port regardless of the destination IP or whether the source port was available for use; in other words, once the source port was used, it could not be used for any other outbound connection on the server. Thus we were limited
to the maximum number of TCP/IP connections, which for Exchange Server 2007 is 60,000 (MaxUserPort TCP setting).
We addressed this in Windows Server 2008 by allowing the source port to be used once on a per IP address basis. So now as long as we have additional IP addresses on CAS,
we can scale 60,000 outbound connections per source IP address. However, the corresponding
applications had to take advantage of this new feature. In the case of Outlook Anywhere, the RPC Proxy service on Windows Server 2008 was updated to do so. DSProxy, on the other hand, was not – so the mailbox
server is limited to 60,000 outbound connections to global catalog servers."
Where can I find information on the application changes required to take advantage of per-IP source port selection?
Thank youHi,
Due to this issue is more related to coding, to get better help, please post your question on the MSDN forum.
Here is the address,
https://social.msdn.microsoft.com/Forums/en-US/home
Best Regards.
Steven Lee
TechNet Community Support -
Doing FTP using a Dynamic Port
Hi,
I am having an odx with a Receive Shape, expression and Send shape.
The send shape is connected to a dynamic port:
There is a message var called ShowPartMessage.
There is no transformation. This message needs to be received and sent via FTP.
In the expression shape i have something like:
SendPortName(Microsoft.XLANGs.BaseTypes.TransportType) = "FTP";
SendPortName(Microsoft.XLANGs.BaseTypes.Address)= @"FTP://99.99.x.xxx/fold1/ftp/%MessageID%.xml";
ShowPartMessage(FTP.UserName)= "user";
ShowPartMessage(FTP.Password)= "pass";
I get an error message for the last 2 lines saying "message construction must be done
in a construct block".
Do i need a construct block just to assign the username and password?
i based my soln on the following link here:
http://msdn.microsoft.com/en-us/library/aa560663.aspx
Please assist
regards,The difference between static and dynamic ports is only the Message Assignment shape, which is mandatory in a dynamic port to specify the FTP port details.
Your message assignment shape should have the code like below:
Msg_DynamicSend(FTP.CommandLogFileName) = "D:\\BiztalkLogs\\FTPLog\\DynamicFTPLog.txt";
Msg_DynamicSend(FTP.UserName) = "FTPUSER";
Msg_DynamicSend(FTP.Password) = "Pass1234";
Msg_DynamicSend(FTP.SpoolingFolder) = "/IN/";
Msg_DynamicSend(FTP.RepresentationType) = "ASCII";
DynSendPort(Microsoft.XLANGs.BaseTypes.Address)= "ftp://inhydeshrilata";
DynSendPort(Microsoft.XLANGs.BaseTypes.TransportType) = "FTP";
Msg_DynamicSend is the message name set for send port and DynSendPort
is the port name for dynamic send port.
If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.
Regards,
Rachit -
INST-08010: Error in validating the port range for auto port allocation
Hello guys, I am using the installer to install OBIEE 11.1.7.0 on my machine. When I get to step 6, I receive the error messages below:
INST-08010: Error in validating the port range for auto port allocation. At least 2 ports should be free within the range 7000-7500 for the Adminserver and Adminserver SSL.
Ensure that a minimum of 2 ports are free within the range 7000-7500 for auto port allocation to work correctly for the Adminserver and Adminserver SSL.
INST-08010: Error in validating the port range for auto port allocation. At least 3 ports should be free within the range 9500-9699 for the Weblogic Components for BI (WLS Managed Server, Managed Server SSL and NodeManager).
Ensure that a minimum of 3 ports are free within the range 9500-9699 for auto port allocation to work correctly for the Weblogic Components for BI (WLS Managed Server, Managed Server SSL and NodeManager).
INST-08012: Error in validating the port range for auto port allocation. At least 3 consecutive ports should be free within the range 9500-9699 for the OPMN, in addition to 3 free ports required for Weblogic Components for BI (WLS Managed Server, Managed Server SSL and NodeManager).
Ensure that a minimum of 3 consecutive ports are free within the range 9500-9699 for auto port allocation to work correctly for the OPMN, in addition to 3 free ports required for Weblogic Components for BI (WLS Managed Server, Managed Server SSL and NodeManager).
My Operating System below:
Linux Red Hat 5.9 X86 64bit
My uname -a are below:
Linux redhat59 2.6.18-348.el5 #1 SMP Wed Nov 28 21:22:00 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
My /etc/hosts file are below:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
10.10.80.19 redhat59
My /etc/sysconfig/network are below:
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=redhat59
GATEWAY=10.174.27.228
My /etc/sysconfig/iptables are below:
# Generated by iptables-save v1.3.5 on Tue Dec 3 17:01:17 2013
*filter
:INPUT ACCEPT [425:33860]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [307:40164]
COMMIT
# Completed on Tue Dec 3 17:01:17 2013
My ifconfig are below:
eth0 Link encap:Ethernet HWaddr 52:54:00:55:9B:C9
inet addr:10.174.27.233 Bcast:10.174.27.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:200216 errors:0 dropped:0 overruns:0 frame:0
TX packets:95849 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:110668992 (105.5 MiB) TX bytes:209784134 (200.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:109200 errors:0 dropped:0 overruns:0 frame:0
TX packets:109200 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:257845896 (245.9 MiB) TX bytes:257845896 (245.9 MiB)
my /etc/sysconfig/network-scripts/ifcfg-eth0 are below:
# Virtio Network Device
DEVICE=eth0
BOOTPROTO=static
BROADCAST=10.174.27.255
HWADDR=52:54:00:55:9B:C9
IPADDR=10.174.27.233
NETMASK=255.255.255.0
NETWORK=10.174.27.0
ONBOOT=yes
Have any suggestion please?
Many Thanks
DIn setDomainEnv.sh set debugFlag=false or you can just remove it.
NodeManager is a charm after that. it can take any number of ports.
Cheers !! -
802.1x dynamic vlan assignment using ACS 4.2
Hi
we have 10 switches 2960 configured with 802.1x authentication against ACS server 4.2.
we have 2 vlans configured on the switches for administrator and endusers. the end user vlan id is 10 and the administartor vlan is is 100.
we need to apply the following scenario, if the enduser PC - that is connected to vlan 10 - has an issue and the administrator will login to the PC with the administrator account to fix that issue, the switch should dynamically reconfigure the port with the administrator vlan ( 100 ) .
is the above scenario doable using dot1x with the ACS server?
waiting your replies
MohamedHi,
I have the following scenario
2 bulidings with multiple floor
Each floor should be in different VLAN.
The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.
Each
user should be able to connect and roam around between any building.
when ever a user is connecting his laptop to any floor, he should be
made part of that respective vlan. It is not requred to have the same
IP rage to be allocated, but the dynamic VLAN should be based on the
switch port location.
Can
I configure ACS in such a way that, the ACS will allocate dynamic VLAN
for every 802.1x authentication based on the Network Device Group.
Please refer the attached diagram
Hi,
Check out the below link for your requirement for dynamic vlan assignement using ACS
http://www.ciscosystems.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
802.1x Dynamic Vlan assignment using ACS
Hi,
I have the following scenario
2 bulidings with multiple floor
Each floor should be in different VLAN.
The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.
Each user should be able to connect and roam around between any building. when ever a user is connecting his laptop to any floor, he should be made part of that respective vlan. It is not requred to have the same IP rage to be allocated, but the dynamic VLAN should be based on the switch port location.
Can I configure ACS in such a way that, the ACS will allocate dynamic VLAN for every 802.1x authentication based on the Network Device Group. Please refer the attached diagramHi,
I have the following scenario
2 bulidings with multiple floor
Each floor should be in different VLAN.
The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.
Each
user should be able to connect and roam around between any building.
when ever a user is connecting his laptop to any floor, he should be
made part of that respective vlan. It is not requred to have the same
IP rage to be allocated, but the dynamic VLAN should be based on the
switch port location.
Can
I configure ACS in such a way that, the ACS will allocate dynamic VLAN
for every 802.1x authentication based on the Network Device Group.
Please refer the attached diagram
Hi,
Check out the below link for your requirement for dynamic vlan assignement using ACS
http://www.ciscosystems.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
hi all. if my question can be answered by reading TMG documentation, feel free to direct me there (i tried searching for the admin documentation but couldn't find it).
can someone tell me what the purpose of dynamic port assignment is from endpoint -> TMG? Once the traffic leaves the TMG -> Internet, the actual service port is being used but that doesn't help me for internal queries.
many thanks,
-PHi,
Please check the articles below.
ISA/TMG Server
Application protocol
Protocol
Ports
Configuration Storage (domain)
TCP
2171 (note 1)
Configuration Storage (replication)
TCP
2173 (note 1)
Configuration Storage (workgroup)
TCP
2172 (note 1)
Firewall Client Application
TCP/UDP
1025-65535 (note 2)
Firewall Client Control Channel
TCP/UDP
1745 (note 3)
Firewall Control Channel
TCP
3847 (note 1)
RPC
TCP
135 (note 6)
Randomly allocated high TCP ports (note 6)
TCP
random port number between 1024 - 65535
random port number between 10000 - 65535 (note 7)
Web Management
TCP
2175 (note 1, 4)
Web Proxy Client
TCP
8080 (note 5)
Collapse this imageExpand this image
Notes
This port is not used with ISA 2000.
FWC application transport and protocols are negotiated within the FWC control channel.
ISA 2000 FWC control uses UDP. ISA 2004 and 2006 use TCP.
OEM uses Firewall Web Management to provide non-MMC management of ISA Server.
This port is also used for intra-array traffic.
This port is used only by the ISA management MMC during remote server and service status monitoring.
This is the range in TMG. Please note that TMG extends the default dynamic port ranges in Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista.
https://support.microsoft.com/kb/832017?wa=wsignin1.0#method14
Reference:
TCP connection established using Firewall client may close unexpectedly
Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
DS Repository with SQL Server Dynamic Ports
I have just installed Data Services 4 on our production SQL server cluster.
While our DEV SQL server runs on the standard port (1433), our prod servers use dynamic ports. I don't administer the servers and cannot change this.
Initially I was getting "java.net.connectexception: Connection Refused: Connect " errors.
After a lot of difficulty I managed to get DS to install by giving it the currently allocated dynamic port number. I had to enter a port, otherwise the 'next' button was grey out.
Everything worked, but I am concerned that once the SQL servers restarts, it will get a new port and DS will fail.
Is there a config file which stored the connection strings for the repository ? I'l like to see if its saved the port of not. Microsoft claim if no port is listed, it will get the Dynamic port automatically.
Funily enough, when I run the repository manager to set up new repositories, it makes no mention of ports. It the port only needed for the Initial software install ?
Thanks,
Leigh.LeighK wrote:
> Funily enough, when I run the repository manager to set up new repositories, it makes no mention of ports. It the port only needed for the Initial software install ?
Port number will be asked when you try to add a repository to the management console.
Regards,
Shine
Maybe you are looking for
-
I am trying to export a Quicktime movie from FinalCut Pro v6.0.5 that contains 16-tracks of audio; I have set up the Sequence Settings in FCP to output to 16 different channels, but get errors code when doing so: "The current audio device does not su
-
PLEASE HELP!! itunes doesnt wanna transfer video to iPhone
so i click on what videos i want and itunes does the sync in progress for about 20 secs then tells me its complete and i can disconnect. i look at my iphone and no videos are shown! this has been happening for about a month now!!
-
Had all working well, watching instant streamed material on the wireless connection to apple tv. Did the upgrade which worked wonderfully UNTIL I inadvertently somehow resynced and lost all content on the apple tv. Since that time syncing is impossib
-
Auto-index only shows 9 values instead of 91
I'm pretty new to LabVIEW and am trying to show a cluster of 91 values pulled from a text file. Just for a test run without using actual values passed, I created a text file with the numbers ranging from 1-91 (1 number per line up to 91). When I le
-
FCExpress Render Manager .... How do I 'manage' render files?
How can I easily delete rendered files in FCExpress HD v3.5? (Other than traipsing into the Finder, hunting down the render files, "Guessing" which render "file(s)" are the ones I want to delete, then delete them (only to then get the "you're missing