Fail over for Radius users
Can I put in a second radius address on my As5300 so if the first one goes down the users that are dialing in can be point to the second one with out any interruptions?
TIA
You can do it.
For further information please check the next page:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a00800879e8.html
Bye
FCS
Rate me if I helped.
Similar Messages
-
How Front End pool deals with fail over to keep user state?
Hello to all, I searched a lot of articles to understand how Lync 2010 keeps user state if a fail happens in a Front Pool node, but didn't find anything clear.
I found a MS info. about ths topic : " The Front End Servers maintain transient information—such as logged-on state and control information for an IM, Web, or audio/video (A/V) conference—only for the duration of a user’s session.
This configuration
is an advantage because in the event of a Front End Server failure, the clients connected to that server can quickly reconnect to another Front End Server that belongs to the same Front End pool. "
As I read, the client uses DNS to reconnect to another Front End in the pool. When it reconnects to an available server, does he lose what he/she was doing at Lync client? Can the server that is now hosting his section recover all
"user's session data"? Is positive, how?
Regards, EEOC.The presence information and other dynamic user data is stored in the RTCDYN database on the backend SQL database in a 2010 pool:
http://blog.insidelync.com/2011/04/the-lync-server-databases/ If you fail over to another pool member, this pool member has access to the same data.
Ongoing conversations and the like are cached at the workstation.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
Multiple Passed Authentication and Failed Attempts for the users
Hi,
I encountered the following error logs in the ACS CSAuth folder. I did logging to full to find out more about the process involved in the PEAP Authentications.
=========================================
AUTH 09/13/2007 09:41:33 I 0143 8672 [PDE]: PdeAttributeSet::addAttribute: Service-Type=2
AUTH 09/13/2007 09:41:33 I 0143 8672 [PDE]: PdeAttributeSet::addAttribute: Framed-MTU=1300
AUTH 09/13/2007 09:41:33 I 0143 8672 [PDE]: PdeAttributeSet::addAttribute: NAS-Port-Type=19
AUTH 09/13/2007 09:41:33 E 0143 8672 [PDE]: PdeAttributeSet::addAttribute: invalid attr type=200
AUTH 09/13/2007 09:41:33 E 0143 8672 [PDE]: PdeAttributeSet::addAttribute: invalid attr type=200
AUTH 09/13/2007 09:41:33 E 0143 8672 [PDE]: PdeAttributeSet::addAttribute: invalid attr type=201
AUTH 09/13/2007 09:41:33 I 0143 8672 [PDE]: PdeAttributeSet::addAttribute: EAP-Message=(binary value)
AUTH 09/13/2007 09:41:33 I 0143 8672 [PDE]: PdeAttributeSet::addAttribute: Message-Authenticator=(binary value)
AUTH 09/13/2007 09:41:33 I 0143 8672 [PDE]: PdeAttributeSet::addAttribute: PDE-NAS-Vendor-14=13
AUTH 09/13/2007 09:41:33 I 0143 8672 [PDE]: PdeAttributeSet::addAttribute: PDE-Service-ID-0=0
AUTH 09/13/2007 09:41:33 I 0143 8672 [PDE]: PolicyMgr::SelectService: context id=14824; no profile was matched - using
default (0)
AUTH 09/13/2007 09:41:33 I 5081 8672 Done RQ1152, client 2, status 0
AUTH 09/13/2007 09:41:33 I 5094 9668 Worker 5 processing message 1077.
AUTH 09/13/2007 09:41:33 I 5081 9668 Start RQ1026, client 50 (127.0.0.1)
AUTH 09/13/2007 09:41:33 I 1554 9668 pvAuthenticateUser: authenticate 'STAFPSAS\shimah' against Windows Database
AUTH 09/13/2007 09:41:33 I 5081 9668 Done RQ1026, client 50, status -2046
AUTH 09/13/2007 09:41:33 I 5094 9668 Worker 5 processing message 1078.
AUTH 09/13/2007 09:41:33 I 5081 9668 Start RQ1027, client 50 (127.0.0.1)
AUTH 09/13/2007 09:41:33 I 0897 9668 AuthenProcessResponse: process response for 'STAFPSAS\shimah'
AUTH 09/13/2007 09:41:33 I 5081 9668 Done RQ1027, client 50, status -2046
AUTH 09/13/2007 09:41:33 I 5094 9668 Worker 5 processing message 1079.
AUTH 09/13/2007 09:41:33 I 5081 9668 Start RQ1027, client 50 (127.0.0.1)
AUTH 09/13/2007 09:41:33 I 0897 9668 AuthenProcessResponse: process response for 'STAFPSAS\shimah'
AUTH 09/13/2007 09:41:33 I 5081 9668 Done RQ1027, client 50, status -2046
AUTH 09/13/2007 09:41:33 I 5094 9668 Worker 5 processing message 1080.
AUTH 09/13/2007 09:41:33 I 5081 9668 Start RQ1027, client 50 (127.0.0.1)
AUTH 09/13/2007 09:41:33 I 0897 9668 AuthenProcessResponse: process response for 'STAFPSAS\shimah'
AUTH 09/13/2007 09:41:33 I 5081 9668 Done RQ1027, client 50, status -2121
AUTH 09/13/2007 09:41:34 I 5094 9668 Worker 5 processing message 1081.
AUTH 09/13/2007 09:41:34 I 5081 9668 Start RQ1027, client 50 (127.0.0.1)
AUTH 09/13/2007 09:41:34 I 0897 9668 AuthenProcessResponse: process response for 'STAFPSAS\salasiah'
AUTH 09/13/2007 09:41:34 E 0361 9668 EAP: PEAP: getEapMsgFromPeapTunnelFrag: error decrypting non fragmented data.
AUTH 09/13/2007 09:41:34 E 0361 9668 EAP: PEAP: getEapMsgFromPeapTunnelFrag: SSL send alert fatal:unexpected_message
AUTH 09/13/2007 09:41:34 I 5081 9668 Done RQ1027, client 50, status -2120
AUTH 09/13/2007 09:41:34 I 5094 8672 Worker 1 processing message 842.
AUTH 09/13/2007 09:41:34 I 5081 8672 Start RQ1040, client 2 (127.0.0.1)
AUTH 09/13/2007 09:41:34 I 5081 8672 Done RQ1040, client 2, status 0
AUTH 09/13/2007 09:41:34 I 5094 8672 Worker 1 processing message 843.
AUTH 09/13/2007 09:41:34 I 5081 8672 Start RQ1152, client 2 (127.0.0.1)
=========================================
Can anyone suggest what could be the cause of the error?
I suspected something to do with the certificate. Please advise.
Thanks.
Delon
Thanks.If ACS and Supplicant or only ACS is enabled Fast Reconnect option, authentication will fail.If you are using XP SP2, it'll be fixed with applying KB885453 patch or simply just disable FAST Reconnect option at ACS. Also make sure user account trying to authenticate has a valid entry in active directory.
-
ASDM Privilege Level default 15 for Radius users
So this may be a bit of a dumb question...
I stumbled upon an ASA today that is configured to authenticate against a Radius server for SSH and HTTPS connections. If I log in via SSH, I can't gain a privilege level of more than 1 (tried login command, etc).
However, if I log in with ASDM, I always have privilege level 15.
Command authorization is not enabled.
Is this default behavior. If so, why? Do I need to enable command authorization to override this behavior?
FYI, the system in question is running ASA 8.3(1)
Thanks muchaaa-server RADGR protocol radius
aaa-server RADGR host 10.2.2.2
timeout 4
key cisco123
aaa authentication enable console RADGR LOCAL
After logging in, use the enable command with your user password.
http://www.cisco.com/en/US/partner/docs/security/asa/asa83/configuration/guide/access_management.html#wp1145571 -
Hi,
I have configured the CEN for CCMS in System A.
Hence System A will monitor Systems X, Y and Z and send me alerts and it is working now
I want to do a failover of CCMS from System A to System B. In other words, if System A fails, only the CCMS should switch over to System B
Please let me know whether this can be achieved. If so please provide me the necessary information
Thanks in AdvanceNo, I guess it can't be achieved. During failover instances switch to other host, ccms is totally dependent on an instance, is it a seperate third party tool ?..no. then how only ccms The whole instance !
-
Replication fail-over and reconfiguration
I would like to get a conversation going on the topic of Replication, I have
setup replication on several sites using the Netscape / iPlanet 4.x server
and all has worked fine so far. I now need to produce some documentation and
testing for replication fail-over for the master. I would like to hear from
anyone with some experience on promoting a consumer to a supplier. I'm
looking for the best practice on this issue. Here is what I am thinking,
please feel free to correct me or add input.
Disaster recovery plan:
1.) Select a consumer from the group of read-only replicas
2.) Change the database from Read-Only to Read-Write
3.) Delete the replication agreement (in my case I am using a SIR)
4.) Create a new agreement to reflect the supplier status of the chosen
replica (again a SIR for me)
5.) Reinitialize the consumers (Online or LDIF depending on your number of
entries)
That is the general plan so far. Other questions and topics might include:
1.) What to do when the original master comes back online
2.) DNS round-robin strategies (Hardware assistance, Dynamic DNS, etc)
3.) General backup and recovery procedures when: 1.) Directory is corrupted
2.) Link is down / network is partitioned 3.) Disk / server corruption /
destruction
Well I hope that is a good basis for getting a discussion going. Feel free
to email me if you have questions or I can help you with one of your issues.
Best regards,
Ray CormierThere is no failover in Meta-Directory 5.1, you can implement manual failover on the metaview by using multi-master replication with Directory Server. There are limitations and this is a manual process.
- Paul -
Weblogic Admin server fail over
Hi,
Please let me know if there is a official documentation from Oracle for admin server fail over for version 8.x, 9.x & 10.x?I am not sure if there is something as weblogic Admin Server Failover
For Managed Server failover please read
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/cluster/failover.html -
WCS setup RADIUS users Lobby Ambassador Defaults
Hi
I'm using RADIUS so my users can use their active directory credentials to login WCS and generate guest users accounts...
But I would like to setup some Lobby Ambassador Defaults, I can easily do ths for local users on the WCS system, but how to setup defaults for RADIUS users?
Best Regards,
Steffen.Hi Scott
Tanks for your reply.
I've allready read the article, but I can't see that it says anything about setting up Defaults for the users, only which task the should be able to do...
I would like to setup defaults for the radius users, so when they are authenticated as lobby abassadors the do not need to select which SSID the a generating a guest user account for and so on...
This is possible for local WCS users, but i need to setup these defaults for my RADIUS authenticated users.
Best Reards
Steffen
And btw.. this dicussion was started by me.. https://supportforums.cisco.com/thread/2115616 -
Requirements on an EJB to be eligible for a fail-over
Hi all,
I was reading the EJB developer guide for weblogic server 9.2. When talking about the fail-over feature the guide said
"EJB failover requiers that bean methods must be idempotent and configured as such in weblogic-ejb-jar.xml"
There are two points in this statement.
1) Fail overs must be configured
This is straight forward.
2) The bean methods must be idempotent.
I don't really understand this point. Does this suggest that the bean methods should conform to some guide lines? If so what are they?
Probably these are clarified in some other document or other resources. Being impatient and a little lazy I would love to have this clarified in the forum.
Thanks in advance,
- MadhuDaniel,
I think since this will be the ONLY system that will be running as a DC providing ADDS and the Direct access server, i should follow this advice from the article you sent:
For users who never connect directly to the Contoso intranet or through a VPN, they must use the DirectAccess
Offline Domain Join process to initially join the appropriate domain and configure DirectAccess. When this process
is complete, the users log on normally and have the same experience as if they were directly connected to the Contoso intranet.
Because remember, no user will ever connect directly to the subnet where the server is. so do an offline join First and then start managing.. Only thing im worried about is: they keep saying that the direct access function has significantly improved in windows
8. hmmmmm many systems will be using windows 7 Pro 64Bit. Some windows 8.1 Pro 64bit. should i worry? -
Load balancing not happending but fail over is for Read only Entity beans
The following are the configuration.
Two NT servers with WL5.1 sp9 having only EJBs(Read only entity beans)
One Client with WL5.1 sp9 having servlet/java application as
EJB client.
I am trying to make a call like findbyprimarykey in one of the
entity bean. I could see the request is being directed only to the one of the
server always. When I bring that server, fail over is happening to the other server.
Here are the settings I have in the ejb-jar.xml :
<entity>
<ejb-name>device.StartHome</ejb-name>
<home>com.wl.api.device.StartHome</home>
<remote>com.wl.api.device.StartRemote</remote>
<ejb-class>com.wl.server.device.StartImpl</ejb-class>
<persistence-type>Bean</persistence-type>
<prim-key-class>java.lang.Long</prim-key-class>
<reentrant>False</reentrant>
<resource-ref>
<res-ref-name>jdbc/wlPool</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</entity>
Here are the settings I have in the weblogic-ejb-jar.xml.
<weblogic-enterprise-bean>
<ejb-name>device.StartHome</ejb-name>
<caching-descriptor>
<max-beans-in-cache>50</max-beans-in-cache>
<cache-strategy>Read-Only</cache-strategy>
<read-timeout-seconds>900</read-timeout-seconds>
</caching-descriptor>
<reference-descriptor>
<resource-description>
<res-ref-name>jdbc/wlPool</res-ref-name>
<jndi-name>weblogic.jdbc.pool.wlPool</jndi-name>
</resource-description>
</reference-descriptor>
<enable-call-by-reference>False</enable-call-by-reference>
<jndi-name>device.StartHome</jndi-name>
</weblogic-enterprise-bean>
Am I doin any mistake in this?
Any one's help is appreciated.
Thanks
Suresh
we are using 5.1
"Gene Chuang" <[email protected]> wrote in message
news:[email protected]...
> Colocation optimization occurs if your client resides in the same
container (and also in the same
> EAR for 6.0) as your ejbs.
>
> Gene
>
> "Suresh" <[email protected]> wrote in message
news:[email protected]...
> > Ok....the ejb-call-by-reference set to true is making the call to one
server
> > only. i am not sure why it is. I removed the property name and it
works.
> > Also I have one question, in our prduct environment, when i cache the
ejb
> > home it is not doing the load balancing. can any one help me for that.
> > thanks
> >
> > Mike,
> > From the sample pgm I sent, even from single client calls get load
> > balanced.
> >
> > Suresh
> >
> >
> > "Gene Chuang" <[email protected]> wrote in message
> > news:[email protected]...
> > > In WL, LoadBalancing will ONLY WORK if you reuse your EJBHome! Take
your
> > StartEndPointHome lookup
> > > out of your for loop and see if this fixes your problem.
> > >
> > > I've seen this discussion in ejb-interest, and some other vendor
(Borland,
> > I believe it is), brings
> > > up an interesting point: Clustering and LoadBalance is not in the
J2EE
> > specs, hence implementation
> > > is totally up to the vendor. Weblogic loadbalances from the remote
> > interfaces (EJBObject, EJBHome,
> > > etc..), while Borland loadbalances from JNDI Context lookup.
> > >
> > > Let me suggest a third implmentation: loadbalance from BOTH Context
> > lookup as well as stub method
> > > invocation! Or create a smart replica-aware list manager which
persists
> > on the client thread
> > > (ThreadLocal) and is aware of lookup/evocation history. Hence if I do
the
> > following in a client
> > > hitting a 3 node cluster, I'll still get perfect round-robining
regardless
> > of what I do on the
> > > client side:
> > >
> > > InitialContext ctxt = new InitialContext();
> > > EJBHome myHome = ctxt.lookup(MY_BEAN);
> > > myHome.findByPrimaryKey(pk); <== hits Node #1
> > > myHome = ctxt.lookup(MY_BEAN);
> > > myHome.findByPrimaryKey(pk); <== hits Node #2
> > > myHome.findByPrimaryKey(pk); <== hits Node #3
> > > myHome = ctxt.lookup(MY_BEAN);
> > > myHome.findByPrimaryKey(pk); <== hits Node #1
> > > ...
> > >
> > >
> > > Gene
> > >
> > > "Suresh" <[email protected]> wrote in message
> > news:[email protected]...
> > > > Mike ,
> > > >
> > > > Do you have any reasons for the total number of machines to be 10.
> > > >
> > > > I tried with 7 machines.
> > > >
> > > >
> > > > Here is my sample client java application running individual in the
> > seven
> > > > machines.
> > > >
> > > > StartEndPointHome =
> > > > (StartEndPointHome)ctx.lookup("dev.StartEndPointHome");
> > > > for(;;)
> > > > {
> > > > // logMsg(" --in loop "+currentTime);
> > > > if (currentTime > nextRefereshTime)
> > > > {
> > > > logMsg("****- going to call");
> > > > currentTime=getSystemTime();
> > > > nextRefereshTime=currentTime+timeInterval;
> > > > StartEndPointHome =
> > > > (StartEndPointHome)ctx.lookup("dev.StartEndPointHome");
> > > > long rndno=(long)(Math.random()*10)+range;
> > > > logMsg(" going to call remotestub"+rndno);
> > > > retVal =
> > > >
> >
((StartEndPointHome)getStartHome()).findByNumber("pe"+rndno+"_mportal_dsk36.
> > > > mportal.com");
> > > >
> > > > logMsg("**++- called stub");
> > > > }
> > > >
> > > >
> > > >
> > > > The range value is different for each of the machines in the
cluster.
> > > >
> > > > If the first request starts at srv1, all request starts hitting the
same
> > > > server.
> > > > If the first request starts at srv2, all request starts hitting the
same
> > > > server.
> > > >
> > > > I have the following for the url , user and pwd values for the
context
> > .
> > > >
> > > > public static String url="t3://10.11.12.14,10.11.12.117:8000";
> > > > public static String user="guest";
> > > > public static String password="guest";
> > > >
> > > >
> > > >
> > > > It would be great if you could help me.
> > > >
> > > > Thanks
> > > > suresh
> > > >
> > > >
> > > > "Mike Reiche" <[email protected]> wrote in message
> > > > news:[email protected]...
> > > > >
> > > > > If you have only one client don't be surprised if you only hit one
> > server.
> > > > Try
> > > > > running ten different clients and see if the hit the same server.
> > > > >
> > > > > Mike
> > > > >
> > > > >
> > > > > "suresh" <[email protected]> wrote:
> > > > > >
> > > > > >The following are the configuration.
> > > > > >
> > > > > > Two NT servers with WL5.1 sp9 having only EJBs(Read only entity
> > beans)
> > > > > >
> > > > > > One Client with WL5.1 sp9 having servlet/java application as
> > > > > > EJB client.
> > > > > >
> > > > > >
> > > > > >I am trying to make a call like findbyprimarykey in one of the
> > > > > >entity bean. I could see the request is being directed only to
the
> > one
> > > > > >of the
> > > > > >server always. When I bring that server, fail over is happening
to
> > the
> > > > > >other server.
> > > > > >
> > > > > >
> > > > > >Here are the settings I have in the ejb-jar.xml :
> > > > > > <entity>
> > > > > > <ejb-name>device.StartHome</ejb-name>
> > > > > > <home>com.wl.api.device.StartHome</home>
> > > > > > <remote>com.wl.api.device.StartRemote</remote>
> > > > > > <ejb-class>com.wl.server.device.StartImpl</ejb-class>
> > > > > > <persistence-type>Bean</persistence-type>
> > > > > > <prim-key-class>java.lang.Long</prim-key-class>
> > > > > > <reentrant>False</reentrant>
> > > > > > <resource-ref>
> > > > > > <res-ref-name>jdbc/wlPool</res-ref-name>
> > > > > > <res-type>javax.sql.DataSource</res-type>
> > > > > > <res-auth>Container</res-auth>
> > > > > > </resource-ref>
> > > > > > </entity>
> > > > > >
> > > > > >
> > > > > >Here are the settings I have in the weblogic-ejb-jar.xml.
> > > > > >
> > > > > ><weblogic-enterprise-bean>
> > > > > > <ejb-name>device.StartHome</ejb-name>
> > > > > >
> > > > > > <caching-descriptor>
> > > > > > <max-beans-in-cache>50</max-beans-in-cache>
> > > > > > <cache-strategy>Read-Only</cache-strategy>
> > > > > > <read-timeout-seconds>900</read-timeout-seconds>
> > > > > > </caching-descriptor>
> > > > > >
> > > > > > <reference-descriptor>
> > > > > > <resource-description>
> > > > > > <res-ref-name>jdbc/wlPool</res-ref-name>
> > > > > > <jndi-name>weblogic.jdbc.pool.wlPool</jndi-name>
> > > > > > </resource-description>
> > > > > > </reference-descriptor>
> > > > > > <enable-call-by-reference>False</enable-call-by-reference>
> > > > > > <jndi-name>device.StartHome</jndi-name>
> > > > > > </weblogic-enterprise-bean>
> > > > > >
> > > > > >
> > > > > >Am I doin any mistake in this?
> > > > > >
> > > > > >Any one's help is appreciated.
> > > > > >Thanks
> > > > > >Suresh
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
-
ISE: test-radius user check fails
The ISE user guides suggest to use a username called 'test-radius' as option to the 'radius-server host' commands. This will cause the respective NAD (a Cat3560 in my case) to make an authentication check on each configured ISE every 60 minutes.
The problem is that every hour I see an authentication failure for this user, but ONLY on my second ISE (I'm running a Standalone HA deployment). Since both hosts should replicate the same user DB, why would it only fail on the second ISE? When I direct end-user login authentications to the second ISE exclusively, they will be passed normally.
See the attached screenshot of the failed authentication attempt for the test-radius user. I've been seeing this with ISE 1.1 as well as 1.1.1.
The relevant config on the switch is:
username test-radius secret 5 <snipped>
radius-server host 172.26.10.35 auth-port 1812 acct-port 1813 test username test-radius key 7 <snipped>
radius-server host 172.26.10.36 auth-port 1812 acct-port 1813 test username test-radius key 7 <snipped>
Questions:
- How can I get rid of that error?
- Is that test-radius option of much use at all in an ISE setup? As far as I could find out, it would be a measure to figure out if the second ISE policy server is running at all as long as the first one hasn't failed.
Thanks for any help.
ToniHi Toni,
I believe you do not see any Access-Requests with the 'test-radius' on your primary ISE PDP server at all. The reason is simply that this server is already known as alive due to the regular Access-Requests for user authentication, so there is really no reason for checking its availability.
Obviously this does not explain the behavior why the test request is failing. Anyhow,sniffing the RADIUS request packets from your switch towards the ISE should bring light into the darkness.
If you are having a switch with software version 12.2X (Test switch: WS-C3560G-48PS, C3560-IPBASEK9-M, 12.2(53)SE2) the encrypted password contained does not match the one that you have locally configured on the switch (You may want to use Wireshark as proof).
On the other hand, if you are having a switch with software version 15.0X (Test switch: WS-C3560X-48P, C3560E-UNIVERSALK9-M, 15.0(1)SE3) the encrypted password contained does match the one that you have locally configured. Side node: It will not work with an MD5 encrypted password, so you have to use 'username test-radius password '.
However, this whole behavior does not affect user authentication at all and is hence only cosmetic. For the switches itself it only matters if it gets a response from the ISE (RADIUS) to know if it is alive or not.
Hi Tarik,
Testing with the 'test aaa...' command does not result in the 'Authentication Failure', that Toni had mentioned.
Kind regards and hth,
Stephan
*Please rate helpful posts* -
Multiple j-sessions for IOP fail-over?
Weblogic has the ability to support multiple j-sessions to allow fail-over of the connection.
My understanding is that this is not currently supported in IOP.
When will IOP support multiple j-sessions?
Is it possible to get a patch for this in the current version 11 of IOP?
Thank you.That is part of the product roadmap to support multiple j-sessions for IOP fail over using Weblogic. That way, if the primary IOP server fails, the user can be re-routed to the backup server in a high-availability fashion. However, that is not supported currently, but will be over the next couple of releases.
-
Failed attempts on radius from a strange user
Hello all,
I have ACS server 4.2 and I have noticed that there are too many failed attempts from usernames just like:
[email protected]
[email protected]
The number before the "@" changes for different users! (I am not ev
I tried to search for those I noticed it is something related to using 3G networks over Wi-Fi!!
I am not familiar with this technology (if my undrestanding about thi is correct).
I just want to know what type of devices would possibly use this feature (what mobile phones vendors for example) and how to stop it (configure it correctly on the end station).
apprecaite your help.
AmjadThanks Mohammad for your quick reply.
I already know that failed attempt is due improper configuratoin on client. failure code in ACS is "EAP type not configured". Those stations -that high likely a mobile phones - usually use EAP-SIM which is not even supported by our ACS.
EAP-SIM configuration by default has "User name in Use" configured as "From SIM card". This is why we possibly seeing those.
Tracking the device is very difficult due to users are mobile and there are too many users around in same area/areas.
I just now successfully isolated that all devices reported this are Nokia devices!! Now it is easier to go to some area and ask about those who have Nokia phones rather than checking everyone's phone.
Thanks ya m3almi.
Amjad -
MAC authentication failed for Wired Users
Hi,
I tried to configure MAC authentication for registed users by ACS. But failed. Need help.ok ok..i got ur point....please correct me the config steps:
1. Added switch as aaa client into acs
2. entered machine mac address into acs user-setup as both usename & password.
3. in 64,65 & 81 (in bother group & user setup) choosed 64=vlan; 65=802; 81=authenticated_vlan_id
4. in switch
aaa new-model
aaa authentication dot1x default group radius
radius-server host acs_ip auth-port 1645 acct-port 1646 key ****
dot1x system-auth-control
int fa0/1
switchport mode access
dot1x mac-auth-bypass
dot1x port-control auto
dot1x reauthentication
dot1x pae authenticator
dot1x guest-vlan 900
Note: Whenever i issue the command "port-control auto" the line protocol of the port goes down.
5. in end machine disable ieee 802.1x authentication.
I will try this setting tomorrow & update you accordingly. -
Users contacts missing after failing over and then failing back pool
We have 2 Lync enterprise pools that are paired.
3 days ago, I failed the central management store, and all users from pool01 to pool02.
This morning, I failed the CMS and all users back from pool02 to pool01.
All users signed back in to Lync and no issues were reported. A user then contacted me to say that his contact list was empty.
I had him sign out and back in to Lync, and also had him sign into Lync from a different workstation, as well as his mobile device. All of which showed his contacts list as empty.
We have unified contacts enabled (Hybrid mode with Office 365 exchange online, and Lync on prem). When I check the users Outlook contacts, I can see all of his contacts listed under "Lync Contacts", along with the current presence of each user.
If I perform an export-csuserdata for that user's userdata, the XML file contained within the ZIP file shows the contacts that he is missing.
I've also checked the client log on the workstation too, and can see that Lync can see the contacts as it lists them in the log. They do not appear in the Lync client though.
Environment details:
Lync 2013 - 2 enterprise pools running the latest December 2014 CU updates.
Lync 2013 clients - running on Windows 8.1. User who is experiencing the issue is running client version 15.0.4675.1000 (32 bit)
I have attempted to re-import the user data using both import-csuserdata (and restarting the front end services) and update-csuserdata. Both of these have had no effect.Hi Eason,
Thanks for your reply. I've doubled checked and can confirm that only one policy exists, which enables it globally.
I believe this problem relates to issues that always seem to happen when ever our primary pool is failed over to the backup pool, and then failed back.
What I often see is that upon pool failback, things like response group announcements don't play on inbound calls (white noise is heard, followed by the call disconnecting), and agents somehow get signed out of queues (although they appear to be signed in to
the queue when checking their Response Group settings in their Lync client. I've also noticed that every time we fail back, a different user will come to me and report that either their entire contacts list is missing, or that half of their contacts are missing.
I am able to restore these from backup though.
This appears to happen regardless of if the failover to the backup pool is due to a disaster, or to simply perform pool maintenance on our primary pool.
Maybe you are looking for
-
Error during MIRO fpr number range .
Dear All , Pl see the error below during Posting MIRO --> In company code 1000, the number range 51 is missing for the year 2009 Message no. F5150 Diagnosis The document type you specified has been allocated t
-
Using two routers for the same SSID
So here's my story. I have a standard Actiontec router in my basment, connected straight to the coax outlet, and connected by LAN Ethernet to a crappy computer nobody uses. It gives off a WPA2 wifi network, let's call it MyNetwork. For the longest ti
-
Hello BW Experts Using rscrm_bapi to schedule a query in background. It is working writing to a table. When we are trying to write to a directory in the application server. Monitor shows green but it is not actually writing to the application directo
-
upgraded my macbook pro to mountain lion from snow leopard does this mean i can upgrade my imac as well for the same price? And will it mess it up?
-
SQLCE 3.5 for 64Bit Windows 8.1
I have a significant app and database that uses SQLCE v3.5 on 64 bit windows 8.1 but when I download SQLCE v3.5 it is not installable because I am told the files are corrupted. What gives and does anyone have any secrets? BTW...I've read this: In som