Extend a Document Protected by Policy Server...

Similar Messages

• When I attempt to Extend a PDF document via my LiveCycle server I get the error"Application Alert" The file could not be saved. Are you sure you want to lose your results?

  When I attempt to Extend a PDF document via my LiveCycle server I get the error"Application Alert" The file could not be saved. Are you sure you want to lose your results?
  I can login fine via this address.
  http://[Server Address]:[Port Number]/ReaderExtensions
  And I can apply the extension successfully, but when I attempt to download I receive the error above.
  Application Alert" The file could not be saved. Are you sure you want to lose your results?

  Please check the supported version of flash player on your client machine for LiveCycle : http://bit.ly/1wGD9t4
  Upgrade or downgrade it accordingly.
  Thanks,
  Wasil

• Livecycle Policy Server and Livecycle Document Security

  Do I need Document Security to use Policy Server??

  Hello,
  I've been hunting around but can't find it. Is there a concise refernce for how to use Adobe Acrobat8 Security features with the Adobe Document Center? Is it so new that there's no book (Quick Start, etc.) on it?
  I send PDFs to people. But I only want them to be able to print the PDF, not copy any of its content. I also want the PDF to "self destruct" after a 3 month period. I was going to use Pinion Software's AutoShred product, but then I stumbled upon Adobe8 and the Document Center, which seemed like a perfect fit. So I immediately upgraded to Adobe8 and signed up for the trial at the Document Center.
  I have created security policies. But when I look at the policy, there is nothing allowing the detailed modifications permitted in Acrobat8 - Secure / Show Security Properties / SecurityTab / and the list for Document Restrictions Summary.
  For some reason, when I set up a security policy - most restrictive to only permit printing and file non-access after 3 months - the "page extraction: allowed" always shows up when I examine Show Security Properties / Security Tab / Document Restrictions Summary, even though for everything else it is "Not allowed" which is what I want.
  I thought maybe its a bug, because when I close the file and then reopen it, the page extraction is grayed out. But I don't know if people I send the file to will be able to extract the pages, thus getting around my objective of not allowing them to copy/paste any of my proprietary content onto some other file format.
  Any help on this?
  Thanks,
  Robert

• Policy Server Document displaying no content inside Adobe Acrobat 7.0

  When I apply a policy to a document and login in I am able to view the document the first time. However when I try to re-open the document, it will open in Adobe Acrobat Professional 7.0 but open up with a grey background with no content. We are currently piloting the adobe Policy Server. I have ab out 35 external users on this policy and all of them are active users.

  Hi Stacie,
  Could you provide more detail on what happens when a document won't open. For example:
  * Is a gray background displayed?
  * Do you receive an error message (if so, what is it exactly)?
  * What client OS are you using (version/service pack/etc)?
  * What version of Acrobat are you using (7.0.0, 7.0.1, 7.0.2, 7.0.5, etc.)?
  Any more detail (even little ones) can be useful in diagnosing the problem.
  Thanks,
  -Bill

• Extending a document in Adobe Acrobat if you have purchased and own LiveCycle Reader Extensions

  I work for an organization that has purchased adobe livcycle designer suite which includes Livecycle reader extensions. However we do not really have a need (besides perhaps per the EULA), nor the technical support to extend reader documents using the server based LiveCycle Reader extensions. We will definitly be collecting info from over 500 receipients so per the adobe acrobat license agreement:
  16.8.3 For any unique Extended Document, Customer may only (a) Deploy that Extended Document to an unlimited number of recipients, but Customer shall not extract data from more than five hundred (500) instances of such Extended Document (or any hardcopy representation of that Extended Document) that contains data from a recipient; or (b) Deploy an Extended Document to no more than five hundred (500) recipients without limits on the number of times Customer may extract data from a recipient from that Extended Document. Obtaining additional licenses to use Acrobat Standard, Acrobat Pro, or Adobe Acrobat Suite shall not increase
  the foregoing limits (that is, the foregoing limits are the aggregate total limits regardless of how many additional licenses to use Acrobat Standard, Acrobat Pro, or Adobe Acrobat Suite the Customer may have obtained). For the avoidance of doubt, if Customer purchases another Adobe product or service that allows Customer to send a greater number of PDF files or forms (e.g. Adobe FormsCentral or Adobe LiveCycle Reader Extensions), then the terms of that Adobe product or service shall supersede the terms of this Section 16.8.3
  Given the very last sentence, it sounds me like since my organization has provided me with a copy of LiveCycle Reader extensions I can extend the adobe document using adobe acrobat if I wish, and still be within the terms of the EULA, is this the correct interpretation? I would prefer not to actually use the LiveCycle reader extensions as once again we do not have the technical support, nor the need for this server based solutions.

  Hi Ben,
  Thank you for providing the detailed description of the problem.
  The contents of the password-protected PDF document are encrypted (so that nobody can read the contents until the correct password is entered).
  Acrobat DC mobile products (for iOS and Android) have the known limitation where changes cannot be saved to encrypted PDF documents.  Therefore, users are not able to make any changes (e.g. adding comments/annotations or filling out forms) to encrypted PDF documents.
  Sorry for the inconvenience.

• Problems with deploying application to Policy Server 7.2.1 & DSS 7.2.2

  Hiya -<br /><br />I've been using Policy Server 7.0.2 and Document Security Server 7.0.2 to policy protect PDFs.<br /><br />I've recently just installed Policy Server 7.2.1 & DSS 7.2.2 on another machine and am now trying to use the same EJB deployed on the previous PS & DSS on the newer versions. Unfortunately I'm running into some problems which I don't really understand.<br /><br />Basically I can deploy the EJB (called PolicyApplication.jar) and it appears to deploy OK - it appears in the jmx-console (I'm using jboss 3.2.5), but when I try and attach to it from my remote application I get the following error (see stack trace below).<br /><br />I'm using SSL and have imported the certificates into the java environment cacerts files for both the client & the server.<br /><br />Looking through the stack trace I get the error 'Error looking up PolicyManagerEJB -- Cannot connect to server' and the application seems to be trying to make a connection to localhost and being refused, but I don't really understand why it's being refused.<br /><br />Basically I have DSS & PS running on the same instance of jboss - the client is running on a different machine, so I have permissioned through the firewall port 1099.<br /><br />I seem to be able to use <servername>/edc/Main.do with no problems at all.<br /><br />I also seem to have some MissingResourceExceptions in the adobe.log for a number of different services:<br /><br />2007-01-30 14:41:52,473~DEBUG~com.adobe.idp.um.scheduler.IDPScheduler~com.adobe.service.Service.star t Service IDPScheduler: Exception while attempting to read initialization properties from com/adobe/config/IDPScheduler-init<br />java.util.MissingResourceException: Can't find bundle for base name com/adobe/config/IDPScheduler-init, locale en_US<br /><br /><very long stack trace here><br /><br />2007-01-30 14:41:57,445~DEBUG~com.adobe.document.PDFManipulation~com.adobe.service.Service.start Service PDFManipulation: Exception while attempting to read initialization properties from com/adobe/config/PDFManipulation-init<br />java.util.MissingResourceException: Can't find bundle for base name com/adobe/config/PDFManipulation-init, locale en_US<br /><br /><very long stack trace here><br /><br />2007-01-30 14:41:59,958~DEBUG~com.adobe.service.APSProxyService~com.adobe.service.Service.start Service APSProxyService: Exception while attempting to read initialization properties from com/adobe/config/APSProxyService-init<br />java.util.MissingResourceException: Can't find bundle for base name com/adobe/config/APSProxyService-init, locale en_US<br /><br /><very long stack trace here><br /><br />Could someone please give me some advice on how I can try and debug this issue, and what could be wrong. As per usual I've left this late and really need to get this going ASAP, so any help anyone could provide would be very very gratefully received.<br /><br />Below is the stack trace I receive at the client end. I've had to summarise it as it's quite long - will post the full thing is a second post.<br /><br />Once again, many thanks in advance,<br />Anil.<br /><br />----<br /><br />com.adobe.edc.sdk.SDKException: Exception connecting to the Server -- An error occured while performing this operation(error code bin: 1, hex: 0x1)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException<br /><br />Caused by: com.adobe.edc.sdk.SDKException: Error authenticating against server -- Authentication failed(error code bin: 513, hex: 0x201)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:50)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getConnection<br /><br />Caused by: com.adobe.edc.sdk.SDKException: Error looking up PolicyManagerEJB -- Cannot connect to server(error code bin: 1025, hex: 0x401)<br /><br />Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is: <br />     java.net.ConnectException: Connection refused: connect]

  Full stack trace here:<br /><br />com.adobe.edc.sdk.SDKException: Exception connecting to the Server -- An error occured while performing this operation(error code bin: 1, hex: 0x1)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:78)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:88)<br />     at com.adobe.edc.sdk.EDCFactory.connect(EDCFactory.java:190)<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.createConnection(AdobeDRMManager.java :122)<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.main(AdobeDRMManager.java:411)<br />Caused by: com.adobe.edc.sdk.SDKException: Error authenticating against server -- Authentication failed(error code bin: 513, hex: 0x201)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:50)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getConnection(EJBConnection.java:557)<br />     at com.adobe.edc.sdk.impl.ejb.EJBClientFactoryImpl.<init>(EJBClientFactoryImpl.java:63)<br />     at com.adobe.edc.sdk.EDCFactory.connect(EDCFactory.java:183)<br />     ... 2 more<br />Caused by: com.adobe.edc.sdk.SDKException: Error looking up PolicyManagerEJB -- Cannot connect to server(error code bin: 1025, hex: 0x401)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:50)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getPolicyManagerHome(EJBConnection.java:532)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getConnection(EJBConnection.java:549)<br />     ... 4 more<br />Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is: <br />     java.net.ConnectException: Connection refused: connect]<br />     at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:649)<br />     at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)<br />     at javax.naming.InitialContext.lookup(Unknown Source)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getPolicyManagerHome(EJBConnection.java:528)<br />     ... 5 more<br />Caused by: java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is: <br />     java.net.ConnectException: Connection refused: connect<br />     at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)<br />     at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)<br />     at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)<br />     at sun.rmi.server.UnicastRef.invoke(Unknown Source)<br />     at org.jnp.server.NamingServer_Stub.lookup(Unknown Source)<br />     at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:530)<br />     ... 8 more<br />Caused by: java.net.ConnectException: Connection refused: connect<br />     at java.net.PlainSocketImpl.socketConnect(Native Method)<br />     at java.net.PlainSocketImpl.doConnect(Unknown Source)<br />     at java.net.PlainSocketImpl.connectToAddress(Unknown Source)<br />     at java.net.PlainSocketImpl.connect(Unknown Source)<br />     at java.net.SocksSocketImpl.connect(Unknown Source)<br />     at java.net.Socket.connect(Unknown Source)<br />     at java.net.Socket.connect(Unknown Source)<br />     at java.net.Socket.<init>(Unknown Source)<br />     at java.net.Socket.<init>(Unknown Source)<br />     at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown Source)<br />     at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown Source)<br />     ... 14 more<br />com.semantico.depp.drm.exception.DRMException: Could not connect to DRM server<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.createConnection(AdobeDRMManager.java :129)<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.main(AdobeDRMManager.java:411)<br />Exception in thread "main" java.lang.NullPointerException<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.closeConnection(AdobeDRMManager.java: 142)<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.main(AdobeDRMManager.java:448)

• Looking for Policy Server Developers

  Hello,
  I have a company located in NY, Paris and Israel and we are thinking about integrating a LiveCycle Policy Server solution for document control.
  I am looking for developers to build and customize this solution.
  Can anybody help find the right team for this kind of project?
  Are there any people interested in developing our program?
  Thanks. Please contact me at [email protected]
  Daniel

  Hello tedro2,
  By submitting your application to this contest, you agree that the intellectual property of your creation goes public, under Apache 2.0 license. After the contest is over, we will publish your application source code, as we are interested to allow the open-source community to learn from these experiences.
  Under your approval, we can also publish your application in the XTWIP showcase (by carefully mentioning that you are the creator).
  The scope is not to repackage your application into a new product, but mainly to offer other developers the possibility to see more collaborative applications in action, as our belief is that web should be far more collaborative than it is today.
  Thank you for your question,
  Cristian Andreica
  co-founder XTWIP

• Someone point me in the right direction, is Livecycle Policy server what I want?

  I am looking into studying/mastering the best software solution to secure for example ebooks (or digital editions) giving the end user a temporary license to read documents. From countless hours searching I think what I need is Adobe LiveCycle Policy Server, I want to start selling this software if it's the right one and if I'm on the right track, is there a license I can acquire to this software (like maybe a NFR not for resale license) that I can use? Does Adobe offer partnerships associations for people that want to resell their products? If you can help please email me at [email protected] (I use Yahoo for junk mail). Thank you for your time.

  Please don't ask for e-mail replies, it goes against the spirit of the
  forums.
  For sales questions, you should probably click the "Contact a sales
  rep" link on http://www.adobe.com/products/server/policy/
  It may be possible to become a VAR, since users will require
  substantial customisation and support services from someone who knows
  the server product well.
  If you want to evaluate the software and LiveCycle family, joining the
  "Enterprise Developer Program"
  (http://partners.adobe.com/public/asn/developer/detail.html) will give
  you copies of LiveCycle products for your development and evaluation
  (not production use, and not resale), for around $1500 per year.
  Aandi Inston

• NPS: Event 6274 - Network Policy Server discarded the request for a user

  Intermittently I will get desktop (wired) and laptop (wireless) computers experiencing issues with NPS (they drop off the network).
  Some computers are affected more than others, although they are identical hardware and based on a standard image.
  In the event log of the NPS servers I can see the following messages:
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          2/05/2014 8:47:58 a.m.
  Event ID:      6274
  Task Category: Network Policy Server
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      NT147.domain.local
  Description:
  Network Policy Server discarded the request for a user.Contact the Network Policy Server administrator for more information.User:
   Security ID:   NULL SID
   Account Name:   host/DPC0387.domain.local
   Account Domain:   DOMAIN
   Fully Qualified Account Name: DOMAIN\DPC0387$Client Machine:
   Security ID:   NULL SID
   Account Name:   -
   Fully Qualified Account Name: -
   OS-Version:   -
   Called Station Identifier:  3c-xx-xx-xx-xx-xx
   Calling Station Identifier:  00-xx-xx-xx-xx-xxNAS:
   NAS IPv4 Address:  10.nnn.nnn.nnn
   NAS IPv6 Address:  -
   NAS Identifier:   ND246
   NAS Port-Type:   Ethernet
   NAS Port:   71RADIUS Client:
   Client Friendly Name:  Network Device Management Subnet
   Client IP Address:   10.nnn.nnn.nnnAuthentication Details:
   Connection Request Policy Name: NAP 802.1X (Wired)
   Network Policy Name:  -
   Authentication Provider:  Windows
   Authentication Server:  NT147.domain.local
   Authentication Type:  -
   EAP Type:   -
   Account Session Identifier:  384F322E317838316564303034313030306230666632
   Reason Code:   1
   Reason:    An internal error occurred. Check the system event log for additional information.
  How do I debug when an internal error occurs but there is nothing in the system event log? Where else can I look?
  Here's the packet trace that matches the event log entry above:
  No.     Time        Source                Destination           Protocol Length Time from request Info
        1 0.000000    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Identity
        2 2.470423    Universa_xx:xx:xx     Nearest               EAPOL    60                       Start
        3 2.472870    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Identity
        4 2.539416    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Identity
        5 2.544206    Universa_xx:xx:xx     Nearest               EAPOL    60                       Start
        6 2.548804    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Identity
        7 2.550050    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Identity
        8 2.552597    10.switch             10.NPS_Server         RADIUS   254                      Access-Request(1) (id=249, l=208)
        9 2.556043    10.NPS_Server         10.switch             RADIUS   136    0.003446000       Access-Challenge(11) (id=249, l=90)
       10 2.565876    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Protected EAP (EAP-PEAP)
       11 2.569472    10.switch             10.NPS_Server         RADIUS   254                      Access-Request(1) (id=250, l=208)
       12 2.572566    10.NPS_Server         10.switch             RADIUS   136    0.003094000       Access-Challenge(11) (id=250, l=90)
       13 2.580254    Universa_xx:xx:xx     Nearest               TLSv1    123                      Client Hello
       14 2.586544    10.switch             10.NPS_Server         RADIUS   361                      Access-Request(1) (id=251, l=315)
       15 4.564841    Universa_xx:xx:xx     Nearest               EAPOL    60                       Start
       16 4.568530    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Identity
       17 4.569876    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Identity
       18 4.582263    10.switch             10.NPS_Server         RADIUS   254                      Access-Request(1) (id=252, l=208)
       19 4.586006    10.NPS_Server         10.switch             RADIUS   136    0.003743000       Access-Challenge(11) (id=252, l=90)
       20 4.591896    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Protected EAP (EAP-PEAP)
       21 4.592692    Universa_xx:xx:xx     Nearest               TLSv1    123                      Client Hello
       22 4.599634    10.switch             10.NPS_Server         RADIUS   361                      Access-Request(1) (id=253, l=315)
       23 4.600887    10.NPS_Server         10.switch             IPv4     1518                     Fragmented IP protocol (proto=UDP 17, off=0, ID=07db)
       24 4.609920    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    1514                     Server Hello, Certificate, Certificate Request, Server Hello Done
       25 4.610516    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Protected EAP (EAP-PEAP)
       26 4.617407    10.switch             10.NPS_Server         RADIUS   262                      Access-Request(1) (id=254, l=216)
       27 4.618352    10.NPS_Server         10.switch             RADIUS   288    0.000945000       Access-Challenge(11) (id=254, l=242)
       28 4.623650    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    176                      Server Hello, Certificate, Certificate Request, Server Hello Done
       29 4.643316    Universa_xx:xx:xx     Nearest               TLSv1    361                      Certificate, Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
       30 4.649607    10.switch             10.NPS_Server         RADIUS   601                      Access-Request(1) (id=255, l=555)
       31 4.656950    10.NPS_Server         10.switch             RADIUS   199    0.007343000       Access-Challenge(11) (id=255, l=153)
       32 4.662734    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    87                       Change Cipher Spec, Encrypted Handshake Message
       33 4.681106    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Protected EAP (EAP-PEAP)
       34 4.788536    10.switch             10.NPS_Server         RADIUS   262                      Access-Request(1) (id=2, l=216)
       35 4.789735    10.NPS_Server         10.switch             RADIUS   173    0.001199000       Access-Challenge(11) (id=2, l=127)
       36 4.795723    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    61                       Application Data
       37 4.796372    Universa_xx:xx:xx     Nearest               TLSv1    93                       Application Data
       38 4.802368    10.switch             10.NPS_Server         RADIUS   331                      Access-Request(1) (id=3, l=285)
       39 4.803363    10.NPS_Server         10.switch             RADIUS   189    0.000995000       Access-Challenge(11) (id=3, l=143)
       40 4.808905    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    77                       Application Data
       41 4.809501    Universa_xx:xx:xx     Nearest               TLSv1    77                       Application Data
       42 4.817342    10.switch             10.NPS_Server         RADIUS   315                      Access-Request(1) (id=4, l=269)
       43 4.822986    10.NPS_Server         10.switch             RADIUS   189    0.005644000       Access-Challenge(11) (id=4, l=143)
       44 4.828973    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    77                       Application Data
       45 4.833318    Universa_xx:xx:xx     Nearest               TLSv1    829                      Application Data
       46 4.840610    10.switch             10.NPS_Server         RADIUS   1073                     Access-Request(1) (id=5, l=1027)
       47 4.845946    10.NPS_Server         10.switch             RADIUS   189    0.005336000       Access-Challenge(11) (id=5, l=143)
       48 4.850938    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    77                       Application Data
       49 4.907924    Universa_xx:xx:xx     Nearest               TLSv1    141                      Application Data
       50 4.913390    10.switch             10.NPS_Server         RADIUS   379                      Access-Request(1) (id=6, l=333)
       51 4.917535    10.NPS_Server         10.switch             RADIUS   221    0.004145000       Access-Challenge(11) (id=6, l=175)
       52 4.922877    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    109                      Application Data
       53 4.923472    Universa_xx:xx:xx     Nearest               TLSv1    61                       Application Data
       54 4.930319    10.switch             10.NPS_Server         RADIUS   299                      Access-Request(1) (id=7, l=253)
       55 4.937348    10.NPS_Server         10.switch             RADIUS   381    0.007029000       Access-Challenge(11) (id=7, l=335)
       56 4.942543    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    269                      Application Data
       57 4.944791    Universa_xx:xx:xx     Nearest               TLSv1    125                      Application Data
       58 4.951408    10.switch             10.NPS_Server         RADIUS   363                      Access-Request(1) (id=8, l=317)
       59 4.954022    10.NPS_Server         10.switch             RADIUS   355    0.002614000       Access-Accept(2) (id=8, l=309)
       60 4.981482    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Success
       61 32.590347   10.switch             10.NPS_Server         RADIUS   361                      Access-Request(1) (id=251, l=315)
       62 62.592420   10.switch             10.NPS_Server         RADIUS   361                      Access-Request(1) (id=251, l=315)
       63 92.595043   10.switch             10.NPS_Backup_Server  RADIUS   361                      Access-Request(1) (id=9, l=315)
       64 122.597856  10.switch             10.NPS_Backup_Server  RADIUS   361                      Access-Request(1) (id=9, l=315)
       65 152.600618  10.switch             10.NPS_Backup_Server  RADIUS   361                      Access-Request(1) (id=9, l=315)

  A belated thanks for your reply.
  Our environment doesn't have NPS accounting configured so that was easy to rule out.
  The mid-day drop outs have stopped after I added "set protocols dot1x authenticator no-mac-table-binding" to our Juniper switches (which prevents mac address aging from clearing the active dot1x client session).
  I believe the above error message occurs because the RADIUS session ID is rejected / ignored because of some quirks in the RADIUS standard.  At the start of a dot1x authentication request a RADIUS session ID is created.  For whatever reason the
  RADIUS/NAP server stops responding and the Juniper switch fails over to the backup RADIUS/NAP server configured.  The session ID is kept (per RADIUS standard) but the backup RADIUS/NAP server doesn't know about the session, so this event: "Network
  Policy Server discarded the request for a user." occurs.
  It would be nice to see a clearer error message "Invalid RADIUS session" or similar.
  There is a Microsoft guide on how to set up RADIUS/NAP servers in a highly available configuration - something to do with RADIUS proxy servers.
  It would be even nicer to see some kind of RADIUS session synchronisation between NAP servers... if it doesn't already exist?
  I am having the same exact issue you posted on here except I have Extreme Network switches. Some of my computers, various hardware, will randomly not authenticate during re-authentication. The switch says that it failed to contact the NPS server so then it
  switches to my backup server. The client has a random time on how long it waits to authenticate so sometimes I end up having the disable/re-enable the port they are connected to so that the session is started again. I see that you basically removed the option
  to force clients to re-authenticate Any downfall disabling that?. Any idea why the NPS server is no longer responding? Are you using Windows Server 2012?

• An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP).

  Hello everyone:
  I know this question have been asked in these forums quite a few times. I apologize if it is a repeat telecast but I was not able to find a suitable solution pertaining to my problem.
  I have a AP/SM setup that is configured to get EAP-PEAP authentication from Windows 2012 Server. I have setup everything and have verified that the EAP-PEAP authentication works fine on AP/SM by getting authentication from FreeRADIUS server. Now, when I try
  to get authentication from Windows Server, I am getting a reject. The Event log shows this generic message:
  Reason Code: 23
  Reason:
      An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
  There is nothing in the EAP logs that is obvious too:
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
  07/11/2014 00:05:57 4927",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4927",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
  07/11/2014 00:05:57 4928",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4928",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,11,"PEAP_TEST",0,"311 1 10.120.133.1
  07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,3,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,11,"PEAP_TEST",23,"311 1 10.120.133.1 07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  So, basically, the sequence is this:
  request , challenge, request , challenge, request, reject
  Any idea what might be happening?
  Thank you.

  Hi,
  Have you installed certificates on the NPS server properly? Have you selected the proper certificate in the properties of PEAP?
  Here is an article about the Certificate requirements of PEAP,
  Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS
  http://support.microsoft.com/kb/814394
  If your certificate matches the requirement, you may try to reinstall the certificate by export and import.
  To export a certificate, please follow the steps below,
  Open the Certificates snap-in for a user, computer, or service.
  In the console tree under the logical store that contains the certificate to export, click
  Certificates.
  In the details pane, click the certificate that you want to export.
  On the Action menu, point to
  All Tasks, and then click Export.
  In the Certificate Export Wizard, click No, do not export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
  Provide the following information in the Certificate Export Wizard:
  Click the file format that you want to use to store the exported certificate: a DER-encoded file, a Base64-encoded file, or a PKCS #7 file.
  If you are exporting the certificate to a PKCS #7 file, you also have the option to include all certificates in the certification path.
  If required, in Password, type a password to encrypt the private key you are exporting. In
  Confirm password, type the same password again, and then click
  Next.
  In File name, type a file name and path for the PKCS #7 file that will store the exported certificate and private key. Click
  Next, and then click Finish.
  To import a certificate, please follow the steps below,
  Open the Certificates snap-in for a user, computer, or service.
  In the console tree, click the logical store where you want to import the certificate.
  On the Action menu, point to
  All Tasks, and then click Import to start the Certificate Import Wizard.
  Type the file name containing the certificate to be imported. (You can also click
  Browse and navigate to the file.)
  If it is a PKCS #12 file, do the following:
  Type the password used to encrypt the private key.
  (Optional) If you want to be able to use strong private key protection, select the
  Enable strong private key protection check box.
  (Optional) If you want to back up or transport your keys at a later time, select the
  Mark key as exportable check box.
  Do one of the following:
  If the certificate should be automatically placed in a certificate store based on the type of certificate, click
  Automatically select the certificate store based on the type of certificate.
  If you want to specify where the certificate is stored, select
  Place all certificates in the following store, click
  Browse, and choose the certificate store to use.
  If issue persists, you may try to re-issue the certificate.
  For detailed procedure, you may refer to the similar threads below,
  Having issues getting PEAP with EAP-MSCHAP v2 working on Windows 2008 R2
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/c66cf0a8-24dd-4ccd-b5bb-16bd28ad8d4c/having-issues-getting-peap-with-eapmschap-v2-working-on-windows-2008-r2?forum=winserverNAP
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Endpoint Protection Antimalware Policy SQL 2008

  We use SCCM 2012 to manage our antimalware solution (SCEP). We created policies for different servers for example SQL server 2008 R2. We created Endpoint Protection Antimalware policy SQL 2008:
  To prevent performance issues MS reccomends to exclude some processes from virus scanning:
  %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\MSSQL\Binn\SQLServr.exe
  %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
  %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\OLAP\Bin\MSMDSrv.exe
  As you can see we currently use MSSQLSERVER as instance name.
  Because we use many different SQL instances we need to restrict the ammount of policies to one and don't want to create seperate policies for different SQL instances. Is it possible to use some kind of wildcard, like: %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.*\MSSQL\Binn\SQLServr.exe,
  where instance name is * ?
  Is it also possible to monitor the scan status real time? I would like to see which files are being scanned when starting a quick/full scan. From within the SCEP client it isn't possible.
  Hope you could help me out.
  Sacha

  Hey
  Thanks for the post ,
  As i comprehension Your request  - I suggest You to exclude the Parent SQL folder : 
  %ProgramFiles%\Microsoft SQL Server
  It will exclude the all instances under the parent folder .
  For file process You have to provide full path name .
  "to see which files are being scanned when starting a quick/full scan"
  You have to create reporting on the sccm for that :
  http://technet.microsoft.com/en-us/library/gg712698.aspx
  I'd be glad to answer any question

• Expiration of "Subscription license of Microsoft Forefront Protection for Exchange Server"

  We have "Microsoft Forefront Protection for Exchange
  Server" running in the company. Now I face the expiration of "Subscription license of Microsoft Forefront Protection for Exchange Server".
  I learned from
  http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx that "... products will continue to be supported through that date (12/31/2015) in order to provide with customers sufficient
  time to move to alternative solutions". My concern is, that Microsoft Forefront Protection for Exchange Server does not know about that grace period.
  It claims:
  Your Subscription license of Microsoft Forefront Protection for Exchange Server has expired. The product will continue to operate during the extended grace period
  until 5/1/2013. Subsequently, scanner updates will be disabled and the product will operate with reduced functionality.
  Is there a way to get a new license number? I called our software vendor, but Microsoft does not sell licenses anymore.
  Thank you for your assistance.

  Hi
     We just talk about exchange deployment and configuration in this forum.
     If you have any questions about licensing, please use the contact information in
  here which would be the best place for seeking the answer.
  Terence Yu
  TechNet Community Support

• NAC Framework with TrendMicro Policy Server? External Posture Assessment?

  Hi
  I've got a NAC Framework 2.1 setup using NAC-L2-802.1x with 2950 switches and so far it's working great. I've recently begun testing NAC with TrendMicro OfficeScan, which includes the Trend Policy Server for Cisco NAC.
  I've imported the Trend.adf file, created a new Internal Posture Validation to check these TrendAV settings (DAT version, protection enabled, etc) and it is working great with the clients. (Healthy if up to date, quarantined if out of date).
  What I'm trying to do is get this integrated with the Trend Policy Server for Cisco NAC. I've created an External Posture Validation entry for the Trend Policy Server;
  https://win2k3std:4343/antibody
  And have supplied it with the password (no username is needed to login to the web console of this server). I've also selected Trend:AV as the forwarding credential. I've gone into Network Access Profiles and made sure this was selected as an External Posture Validation Server and set it to quarantine under "Failure Posture Token". When I test this from the client (once I've enable External Posture Validation), it always ends up quarantined (even though the client is fully up to date). If I disable the External Posture Validation server from the NAP, the client test passes as Healthy (since all AV is up to date).
  I've got the Policy Server for Cisco NAC defined under NAC on my Trend OfficeScan server, and on the Policy Server for Cisco NAC, I've got the OfficeScan server defined. Yet, no matter what I've tried, the client always fails with this msg in the CSACS logs;
  Posture Validation Failure on External Policy
  Does anyone have any experience or help with this. Thanks very much.
  Jason Humes

  Please check the links for the Configuration and Troubleshoot of NAC
  www.cisco.com/c/en/us/td/docs/security/nac/appliance/configuration_guide/48/cam/48cam-book/m_agntd.html
  www.cisco.com/c/en/us/td/docs/security/nac/appliance/configuration_guide/47/cam/47cam-book/m_agntd.html#wp1234860

• Use of Adobe Policy server to implement security functions

  Hello Folks,
  Has anyone explored the possibilities to implement security features for adobe offline scenario using Adobe Policy Server?
  Is there any other means by which I can implement features like password protected or encryption in offlince scenario?
  SAP documentation has pointers to Adobe Policy server, but no comprehensive documentation found on the same.
  Thanks & Regards,
  Chitrali

  Hi,
  You can add security features like password protection and limits usage, such as no printing, etc. Here is a link to the Java API documentation http://help.sap.com/javadocs/NW04S/current/wd/com/sap/tc/webdynpro/clientserver/adobe/pdfdocument/api/IWDPDFDocumentCreationContext.html#setProtection(java.lang.String,%20java.lang.String,%20com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.api.WDPDFDocumentProtectPermission[])
  I believe you can do the same stuff with the ABAP API.
  You have to check if it works in your version, because sometimes the API is there but doesn't work 100%.
  You can also sign docs (there is some info about that in the above Java API link).
  Hope this helps.

• Is there any Java API to interact/integrate with Adobe LiveCycle Policy Server

  Hi,
  We are already using Adobe LiveCycle Policy server & has manual process in place to send documents to clients.
  Going forward we want to automate this document generation process. We are using Java, JEE in our application.
  We are planning to use below steps to automate this process.
  1) Administrator will create a Template in Adobe Policy Server and will map users intended to receive mails with this template
  2) Our application will interact with Adobe Policy Server and use Template ID to generate PDF document and send mails to client.
  Can anyone please let me know if there is any Java API which can be used to perform the above second step.
  Thanks a lot for your help.
  Best Regards - Roy

  Hi Steven,
  What you refer to is PDF Generator version 7.x Postscript edition.
  In version 7 of the product there were 3 editions:
  1. PDF Generator Professional
  Create PDF files from a wide range of source files:
  Print (PS, EPS, PRN)
  Image (JPG, GIF, BMP, TIFF, PSD)
  Standard office formats (DOC, XLS, PPT, WPD, MPP)
  Text (TXT, RTF)
  Web (HTML)
  Design files (DWG, VSD)
  Generate all types of Adobe PDF file formats:
  PDF 1.3, 1.4, 1.5, 1.6
  PDF/X-1a and PDF/X-3 for prepress document exchange
  PDF/A for archiving with easy search and retrieval
  Searchable PDF files from images
  Convert PDF files to:
  HTML documents
  Text (TXT, RTF, accessible)
  Images (TIFF, PNG, JPEG)
  Print (PS, EPS)
  2. PDF Generator Elements
  Create PDF files from a wide range of source files:
  Print (PS, EPS, PRN)
  Image (JPG, GIF, BMP, TIFF, PSD)
  Standard office formats (DOC, XLS, PPT, WPD, MPP)
  Text (TXT, RTF)
  Web (HTML)
  Design files (DWG, VSD)
  Generate all types of Adobe PDF file formats:
  PDF 1.3, 1.4, 1.5, 1.6
  PDF/X-1a and PDF/X-3 for prepress document exchange
  PDF/A for archiving with easy search and retrieval
  Convert PDF files to:
  HTML documents
  Text (TXT, RTF, accessible)
  Print (PS, EPS)
  3. PDF Generator Postscript
  Create PDF files from a wide range of source files:
  Print (PS, EPS, PRN)
  Generate all types of Adobe PDF file formats:
  PDF 1.3, 1.4, 1.5, 1.6
  PDF/X-1a and PDF/X-3 for prepress document exchange
  PDF/A for archiving with easy search and retrieval
  So basically what you have is the very limited edition, doing exactly what you said. For more functionality you should opt for one of the other editions (that for version 7.x)
  Today's version is the newer LC PDF Generator ES. You can look for its specifications at http://www.adobe.com/products/livecycle/pdfgenerator/
  Thanks