Extended Services upgrade; lost admin access.

Similar Messages

• Yosemite upgrade lost iphoto access.

  Yosemite upgrade lost  iphoto access.  Cloud says I cant import "library: because  I need 43 more GB  ?  I  had no  problem with iphoto in old version. Now I cant  even see photos to edit or delete.

  Ive lost the iphoto icon , so  dont knnow how to access  all my photos stored there.  and yes, I would like to see what's on that "Photo" icon, but  it delivers  no photos.All I can get is a welcome page, + "get started"--which leads me to the message that they  cant import my library due to not enough GB...

• Identity Service Engine (ISE) Admin Access

  Is it possible to authenticate the ISE administrator via an external Radius Server? The option I find is that it will not work, 
  The manual reads: 
  In Cisco ISE, you can authenticate administrators via an external identity store such as Active Directory, LDAP, or RSA SecureID. There are two models you can use to provide authentication via an external identity store:
  Is this the case ?

  Sure you can!
  Make sure you have the RADIUS server added to the ISE (Administration > Identity Management > External Identity Sources  Select RADIUS Token from the left menu).
  Then head over to Administration > System > Admin Access.  Change the * Identity Source to your RADIUS Server and click Save
  Log out and you will see an new entry on the log in screen.  Click the dropdown for Identity Source and choose your RADIUS Server.  If this connection gets dropped for any reason, you can always log in using the internal identity source as a fallback.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• Security Update 2010-001---   So secure I lost Admin Access!

  I am running a Snow Leopard Server on a Mac Mini (I bought into the dual 500GB model) to host some documents and act as a small cross-platform dropbox for any kind of files that need to be shared over a biomedical research-related network. A little overkill but...
  Anyway today I followed the software update prompt and installed Security Update 2010-001. After restart, I can no longer login as the administrator (or anyone else for that matter). Curiously, I can access it using +Server Admin+ and using +screen sharing+, all with the same old username and password as before. I just cannot login on the mini itself. Any thoughts on this issue? Potential was to resolve it? I have the 2nd drive configured as a Time Machine backup, so perhaps I can rewind to yesterday? Not sure how that works but I guess I can figure it out somehow.

  Per Oxfjell wrote:
  How'd you regain access to the Mac Mini? I have currently locked myself out in the same fashion, and the only thing I can think of is to reinstall the server OS.. Funny thing is, I'm the only one with access at the moment, and all I did was a simple reboot.. I haven't tampered with passwords or anything of the kind. Why the admin password is suddenly not working is beyond me..
  In the remote server access software, somehow I had inadvertently checked the button that allowed only limited access. The way I fixed it was to go to the Access pane of the Server Admin software, then I selected the button "For the selected services" button on the left and selected "Login Window" and finally clicked the button "allow all users and groups" on the right. This is counter intuitive because you don't want to allow access to everyone, but it will still require local management of the server (eg only those already allowed to login will be allowed after you check the button)
  I hope that makes sense. It solved the problem for me and saved me a lot of hassle.

• Lost Admin Access to Server, possibly UAC gpo problem

  I have a Windows network that has evolved over the last 12 -years with 2000-2003-2008R2-2012 servers.  Life has been grand until this last week.  We lost manageability to a handful of servers and we cannot come up with a common denominator why
  the select 5-servers are refusing our domain credentials.
  The only thing that sticks out in my mind that has changed is one of our DC's, a Windows Server 2012 box forced us to install updates and restart the machine.  It was the following day that things started to break apart for us.
  When I login into a number of servers all 2008/R2 machines, I can login OK.  But I can't manage them.  I get UAC dialogue box to authenticate which I attempt with the same or another domain admin account and it fails.
  If I run GPRESULT /V >GP.TXT to get the resulting set of GPO I can see the user account is detected as a member of 'DOMAIN ADMIN' but I can't actually make changes.
  I created a GPO based on this, http://www.techrepublic.com/blog/the-enterprise-cloud/disable-uac-for-windows-servers-through-group-policy/ recommendation but it didn't help.  
  HELP!  Anybody have any ideas I can try.    Needless to say my hair is graying by the moment, LOL.

  > If I run GPRESULT /V >GP.TXT to get the resulting set of GPO I can see
  > the user account is detected as a member of 'DOMAIN ADMIN' but I can't
  > actually make changes.
   From a commmand prompt, run "whoami /groups" and check if you are a
  member of the local administrators.
  if not, examine a gpresult/gpmc modeling report for restricted groups
  settings.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Since Safari 3.0.4 lost admin access to SMC 7008BR router

  Mac OS X 10.4.11 Tiger and Safari 3.0.4 (523.12.2) versus SMC 7008BR router with firmware R1.84a.
  The normal way to configure the router is via the browser at URL http://192.168.100.254 (on my local lan). This will display a status page and a field in which to enter the administrative password for access to the various configuration pages.
  Under this version of Safari when I enter the password and press the login button the blue progress bar in the entry field progress about 1/2 way and then stops and finally the blue bar disappears. The feeedback at the bottom of the window shows 3 of 4 items opened.
  I have tried several things including powering the router off and on, rebooting the Mac, disconnecting from the WAN and reloading the router firmware. Nothing makes any difference.
  However booting into Panther 10.3.9 and using Safari 1.3.1 everything works correctly as it always has. Alternatively using my wife's iMac (the old CRT type) which is also under Panther 10.3.9 and Safari 1.3.1 also works.
  So I am inclined to think this might be a Safari 3.0.4 issue (or possibly a Tiger 10.4.11).
  I say this because I have not had a need to alter the config for a long time (maybe 2 years) so am not exactly sure what could cause this.
  Any suggestions are welcome.
  respect...
  Peter

  As additional data I downloaded Firefox 2.0.0.11 and it works correctly.

• ISE Admin Access with AD Credentials fails after upgrade 1.2.1 to 1.3.0

  Hello,
  After upgrading ISE VM from 1.2.1 to 1.3.0.876, I can't connect on ISE with AD Credentials (Invalid Username or Password). It worked find before upgrading to 1.3.
  On another ISE VM in 1.3.0.876 version (w/o upgrade) with this kind of configuration, it's OK.
  I have double check the Post-upgrade tasks (particularly rejoining Active Directory). Everything worked find after this upgrade except the admin access with AD credentials.
  I don't use user certificate-based authentication for admin access. So I didn't execute application start ise safe CLI.
  My 802.1x wireless users passed authentication with AD credentials. So the ISE had correctly join my AD.
  I didn't find anything related to this admin access with AD credentials failure in the output of show logging application ise and show logging.
  I don't find anything related to this in bug search on Cisco tools.
  I tried to :
  - update the SID of my Admin AD Group, the result is still the same.
  - delete my admin access with AD credentials configuration then make this configuration again, but still the same error.
  Any ideas on this ? Could I find elements in another log ?
  Regards.

  Dear Markus,
  After logging as user "prdadm"
  su - prdadm
  bssltests% bash-3.00$ ls -a
  .                            .dbenv_bssltests.sh-old      .sapenv_bssltests.sh         startdb.log
  ..                           .dbenv_bssltests.sh-old10    .sapenv_bssltests.sh-new     startsap_.log
  .bash_history                .dbsrc_bssltests.csh         .sapenv_bssltests.sh-old10   startsap_DVEBMGS00.log
  .cshrc                       .dbsrc_bssltests.sh          .sapsrc_bssltests.csh        startsap_DVEBMGS01.log
  .dbenv_bssltests.csh         .login                       .sapsrc_bssltests.sh         stopdb.log
  .dbenv_bssltests.csh-new     .profile                     dev_sapstart                 stopsap_.log
  .dbenv_bssltests.csh-old     .sapenv_bssltests.csh        local.cshrc                  stopsap_DVEBMGS00.log
  .dbenv_bssltests.csh-old10   .sapenv_bssltests.csh-new    local.login                  stopsap_DVEBMGS01.log
  .dbenv_bssltests.sh          .sapenv_bssltests.csh-old    local.profile                trans.log
  .dbenv_bssltests.sh-new      .sapenv_bssltests.csh-old10  sqlnet.log
  bash-3.00$
  bash-3.00$
  I have changed envt settings in .dbenv_bssltests.csh & .dbenv_bssltests.sh
  .sapenv_bssltests.sh & .sapenv_bssltests.csh  [4 files]
  Regards,
  Ankita

• EA4500, setting 'HTTPs' admin access only, failure CCC upgrading

  Got a new EA4500 yesterday, it came with traditional browser-based firmware.
  Then I changed its Admin access to HTTPs only, disabled HTTP.
  I downloaded CCC upgrading wizard, registered CCC account.
  When I tried to upgrade to CCC firmware, it kept trying to detect and finally told 'can not detect a device to upgrade'.
  When I enabled HTTP admin access and tried to upgrade CCC again, it worked.
  Does somebody encounter similar issue?
  If HTTP enabling is a necessary condition for CCC upgrading, shall such message be prompt at least, when the tool failed to detect applicable device?

  Which group are you talking about?
  I have a group for all direct access machines, You have to specify this group during the wizard.
  The permission issue seems to be related to the script trying to modify group policy
  I have tired with the default polices the wizard creates and also specifying 2 blank policies.

• Connection with a server or service is lost

  I have small network setup with Mac OS X as the server and around 6 clients (mix of PC's and Mac's) authenticating from OD on the server. Since last week I am getting this strange error from server admin "Connection with the server or service is lost. Contact the n/w administrator or try log on again.". I get this error message every morning and none of the server features can be accessed including the log in to the network which fails on all the machines. Everything will work fine when I reboot the server.
  So, I wanted to know what is causing this problem & how to go abt fixing it?

  I can confidently rule out the possibility of an intruder interfering with the network.
  Who said "intruder"?
  So there is no malware on the local client and server boxes, nor on any printers, nor on any WiFi widgets or managed switches or other network infrastructure, and there are no unauthorized wired or wireless connections? That's a very rare achievement. Congrats; most excellent work! (It's probably not malware, though; it's more likely some authorized activity or authorized person and not malware. Though yes, it could be malware.
  As for the disconnection here...
  This could be building cleaning crew borrowing an electric outlet for some of their cleaning equipment. Unplug router, plug in the cleaning equipment, clean, plug router back in, leave. Or some helpful security guards shutting off a power switch or a breaker as part of the nightly rounds, or any number of other variations, too. A vacuum cleaner running across a damaged network cable, or a glitch or sag or transient caused by a high-demand electric device changing its power state.
  Find out which widget (router, switch, firewall, whatever) is involved and work from there.
  Also look for traffic spikes and other such; for odd network traffic patterns.
  Scheduled reboots of network devices or such?
  Hardware problems?
  Also look for time-out programs and idle activity monitors and related; these are rare on Mac boxes, but have been seen in other environments, and have been seen on various network servers.

• Lost admin password for SPA-941

  Hi all,
  I asked this question on community/netpro/collaboration-voice-video/ip-telephony, but was told that it was the wrong place to do it.  I don't know how to move a post, so I'm asking again here (I hope I got it right this time).
  The short version: how to reset/disable admin password in SPA-941 phone?
  The long version:
  I have an IP Phone SPA-941 --- bought it on eBay with 'lost admin password'.  I've found somewhere on the Internet that it's possible to reset the phone to 'factory defaults', which is supposed to reset the admin password as well (which is why I bought the phone with this 'warning').  However, the 'information', failed to mention, that the factory reset is protected by the said administrator password.
  Now, I have a bit of a problem since without this password, the phone is useless --- I cannot configure my SIP account there.
  I cannot believe that loosing the admin password could yield a device unusable, so I presume that there must be a way to reset/recover password.
  I have found somewhere a tool to upgrade firmware.  I tried it.... Not surprisingly, it requires the admin password.  However, it also prints a very promising message: "If you are the administrator and forgot the password, you may perform a factory reset by entering ****, option 73738#, and value 1 from a telephone connected to the unit to be upgraded.".  I have no idea what the 'option' might be and the 'value 1'...  I also do not know what they mean by 'telephone connected to the unit to be upgraded' --- this seems to indicate that the upgrade tool (or message) isn't meant for a phone, but for some other device to which a phone is to be connected.
  I also found some discussions about the jumpers (JP1 and JP4) in the printed board of the phone.  I tried all of possible combinations and none of them caused the phone to be any less demanding in terms of admin password (if it booted at all).
  I also found some kind of 'recovery software'.  It is supposed to 'recover' firmware to a version 4.1.x (I have 5.1.8 now but I assume that I'd be able to upgrade it back again when the 'downgrading' removes password).  There are two options --- one is for 'normal' upgrade (well.. downgrade in this case), which requires admin password.
  The second option is the 'recovery' --- it requires serial number.  When I choose this one, the program warns me that it's only meant for phones displaying SOS message... I tried it regardless (what do I have to loose?), but the 'device couldn't be found'.  Perhaps there is a way of corrupting the phone and entering this SOS-state?
  This, for the moment used up my ideas as how to use my phone.  In desperation I'm trying the brute-force 'attack' --- I'm able to check about 1k passwords in 60s...  I've found in some docs, that passwords can be 63 character long alphanumeric strings, which means that I should be able to check all of the combinations in something about 264646141002173127075674008932259139731080369373079015446569116064180887885670843 years, so I'll not hold my breath.  In the meanwhile...  Please help.  Is there a way to 'crack' the phone and reset the admin password?

  Hi Michal,
  From what you describe, it appears that the original service provider properly locked down the phone. If they really did, then brute force is the only way ahead.
  There are no backdoors in the SPA phones or ATAs. The idea being that a service provider can easily recover from a lost password by simply reprovisioning a device with a new or blank password. Many service providers give the SPA devices away and then sell a service, this is why they allow the customer to keep the device when the service is terminated.
  I read articles where if so inclined, as you appear to be, you can set up a private network to replicate the original service provider's network, including DNS. Then, using a protocol analyzer, you watch to see how the SPA device behaves and what it looks for. I've read that if you devote enough time to this exercise, you could build the files that make the phone believe it is on its home network and then provision it with a blank password.
  Or, you could buy a shiny new SPA5xx or SPA3xx phone with many more features, current firmware, and get to spend the time doing something else.
  Best of luck, either way.
  Regards,
  Patrick

• To create new user for rpd with Admin access in obiee 10g

  Hi All,
  I need to create a user in RPD which has equivalent privileges as Administrator in RPD.Please note that this is for accessing RPD Admin not for Dashboard admin access.Can anyone please let me know of how we shall implement this?..
  Regards,
  Vengatesh.

  Hi,
  Create a user and give the check box for 'Administrators' group and check.
  If required give 'Presentation Service Administrator'group too.
  In Settings->Manage Privileges you can restrict the user to the Answers.
  Hope this helped/ answered
  Kind Regards
  MuRam

• Windows Installer Service could not be Accessed

  Last week, I upgraded to the newest 64-bit version of iTunes, as well as Quicktime for windows. After the install, I get an error that says "Apple Application support is not found." I tried to uninstall iTunes, but I get an error message that says "The Windows Installer Service could not be accessed." The same message also appears when I try to do a new install, instead of uninstalling first.
  I contacted Microsoft (and HP) because it stated it was a Windows Installer error. However, they both redirected me to Apple because it was only affecting the iTunes software.
  Any assistance, or direction as to were to go, would be appreciated. Thank you.

  Interesting ... It's probably an issue with the Windows Installer Service, but they can be a bit trickier to deal with on a 64-bit OS than on a 32-bit OS.
  Try the steps Aaron Stebner describes in the following Weblog entry:
  [Repairing the Windows Installer service on a 64-bit OS|http://blogs.msdn.com/astebner/archive/2006/07/20/673408.aspx]

• "The windows installer service could not be accessed" on windows 7 64x

  Hello,
  I'm trying to install an application and i get the following error"
  "The windows installer service counld not be accessed. This can occur if the Windows installer in not correctly installed. Contact your support personnel for assistance". When I try to start Windows installer service manually, i get the
  following error:  
  "The Windows Installer service terminated with the following error: 
  An attempt was made to reference a token that does not exist."
  I tried the following:
  1. sfc /scannow (no problems found)
  2. Run microsoft fixit. It told me that "the problem has been fixed" but it didn't 
  3. system restore 
  Could you please help me to avoid windows re-installation?
  Thank you! 

  when this issue start happen? did you try restore point before this issue happen
  may I know your antivirus status or is there any other security software? I suggest do offline scan (make sure no virus) and continue TS without any internet connection
  as maybe you already noticed this issue maybe caused by
  - You install or remove a program that uses the Microsoft Installer Service before you try to install the program on your computer.
  - The Windows Installer Service is not running.
  - The Windows Installer registry settings are corrupted or configured incorrectly.
  this is the last step before perform recovery OS, it wont affected the program, but you need to backup data, adjust setting and upgrade to SP1/SP2 again. Please check this 2 document below 
  http://support.microsoft.com/kb/2255099/id-id
  http://www.sysnative.com/forums/windows-7-%7C-windows-vista-tutorials/3900-in-place-upgrade-install-windows-windows-7-windows-vista.html

• ISE Admin Access Authentication to RADIUS Token Server

  Hi all!
  I want to use an External  RADIUS Token Server for ISE Admin Access Authentication and Authorization.
  Authentication works, but how do I map the users  to Admin Groups? Is there a way  to map a returned RADIUS Attribute  (IETF "Class" or Cisco-AVPair "CiscoSecure-Group-Id") to an Admin Group?
  Thanks in advance,
  Michael Langerreiter

  ISE 1.3 does have an bug: Authentication failed due to zero RBAC Groups.
  Cisco Bug: CSCur76447 - External Admin access fails with shadow user & Radius token
  Last Modified
  Nov 25, 2014
  Product
  Cisco Identity Services Engine (ISE) 3300 Series Appliances
  Known Affected Releases
  1.3(0.876)
  Description (partial)
  Symptom:
  ISE 1.3 RBAC fails with shadow user & Radius token
  Operations > Reports > Deployment Status > Administrator Logins report shows
  Authentication failed due to zero RBAC Groups
  Conditions:
  RBAC with shadow user & Radius token
  View Bug Details in Bug Search Tool
  Why Is Login Required?
  Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
  Bug Details Include
  Full Description (including symptoms, conditions and workarounds)
  Status
  Severity
  Known Fixed Releases
  Related Community Discussions
  Number of Related Support Cases
  Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

• Post 7.2.111-3 upgrade lost all APs

  Lost my access points to controller.  Not sure if it was related to upgrade from 7.1 to 7.2, or something else.
  The console log on APs shows;
  *Mar  1 00:01:09.394: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Jan  1 10:24:23.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 142.100.64.8 peer_port: 5246
  *Jan  1 10:24:23.424: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 142.100.64.8
  *Jan  1 10:24:23.424: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
  *Jan  1 10:24:23.424: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 142.100.64.8:5246
  *Jan  1 10:24:23.424: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
  All 3500/3600 APs, had been in production for months.

  I resolved the issue by adding a NTP server.  The controller clock was off.
  Dang.