Flexconnect Central Webaythentication for Remote user

Similar Messages

• AD SSO not happening for Remote Users

  Dear Members
  I am having an issue with the NAC Deployment for Remote users (Users behind WAN Router)
  Windows AD SSO (2008) is happening for LAN users successfullly, however remote users
  are not able to do AD SSO.
  it is ensured that remote users even in unauthenticated state can reach Active directory. there is no filtering
  on any of the device across the path, for this communication.
  When i use Kerbtray on the remote PC, i found no tickets at all.(i am logged in thru Domain)
  what could be going wrong, is it delay (as they are wan user) which might attribute this issue, and if so, where are the needed parameters that can be tuned for AD SSO to happen.
  Any help will ne highly appreciated.
  thanks
  Ahad

  Hi Ahad,
  As long as ALL the policies in Table 8-1 are configured for the Unauthenticated Role
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1174219
  the CAS should be out of the picture for what concerns the communication between the PC and Kerberos.
  If the Kerbtray.exe output for a failing user is empty, it means that the unsuccessful users do not have any Service Ticket (ST) at all.
  This points to an issue with AD (considering the fact that the CAS is already allowing all the traffic to/from AD).
  The failing users are either unable to send the Ticket-Granting Ticket (TGT) to AD, or they are unable to obtain the Service Ticket (ST) from AD.
  The CAS during this phase is neither performing any actions nor blocking any traffic, since all the communications to/from AD are already fully open in the unauthenticated role.
  Regards,
  Fede
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• How to create accounts for remote users in 1841

  Hi,
  I was wondering how can i create accounts for remote users to be able to vpn please ? I have setup the vpn server successfully.
  Regard,

  Hello.
  I believe that you can try this:
  Router# configure terminal
  Router (config)# password encryption aes
  Router (config)# crypto ipsec client ezvpn ezvpn1
  Router (config-crypto-ezvpn)# username server_1 password 0 blue
  if you are using easy vpn.
  from: http://cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b7d.html

• Central autoreactions for remote systems (saprouter)

  Hi, Experts!
  There is a possibility to define the central autoreactions for remote systems connected to Solman through SAPRouter??

  Hi,
  The CEN Configuration is dependant on the CCMS agents that you install on your satellite system.
  The CCMS agents run as Services at OS level.
  When you install CCMS Agent, there will be parameters pertaining to connecting to CEN.
  Hope this solves  your problem.
  Feel free to revert back.
  -=-Ragu

• FlexConnect Central Switching for GuestWLAN

  Hi All,
  I plan on setting up a new WLAN network.
  5 office locations, a single WLC in the primary DC at the moment. Each 5 office location is routed over a L3 link
  If I have a guest WLAN (vlan 30) that it available at each site and want to centrally switch it, do I set the WLC DHCP server on the WLC 'vlan30 interface' to that of the 'management' interface if I have the DHCP setup locally on the WLC? I assume because this guest network is centrally switched, the actual assigned IP of the guest network does not matter if it not in the same supernet of the remote site?
  For regular business WLANs (data/voice) that are set for local switching, is there any DHCP settings that need to be setup on the WLC, or does the client automatically get a IP based on the local subnet (using the ip-helper on that L3 interface?) assuming the AP is setup as trunk at the remote (with native vlan set as management vlan).

  do I set the WLC DHCP server on the WLC 'vlan30 interface' to that of the 'management' interface if I have the DHCP setup locally on the WLC?
  Yes, if you use WLC as your  DHCP server for guest users, you have to use WLC management IP as DHCP server address on vlan 30 (assuming it is for guest)
  For regular business WLANs (data/voice) that are set for local switching, is there any DHCP settings that need to be setup on the WLC, or does the client automatically get a IP based on the local subnet (using the ip-helper on that L3 interface?) assuming the AP is setup as trunk at the remote (with native vlan set as management vlan).
  As long as you do FlexConnect local switching with required vlan mapping in each WLAN, you do not required DHCP server setting on WLC interface where that WLAN assign to. All traffic locally switched & use helper address configured under SVI of that locally switched vlan.
  Refer this configuration guide for more details
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001000.html
  HTH
  Rasika
  **** Pls rate all useful responses ****

• SCCM 2012 usage report for remote users

  Hi,
  Can someone help to get the SCCM  usage report for all remote users who accessed particular application remotely on windows 7 workstation
  Regards,
  Madhan

  If the application is something and executable that the users have to start, you can use Software Metering.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• No Audio for Remote User when using Thunderbolt Display

  I have the latest 13" macbook pro with a thunderbolt display. For the most part everything works fine, but I have encountered a problem when I try using facetime with this setup. The remote user cannot her my voice.
  I have gone to the sound setting in system preferences and I have  made sure that the sound inpur device is set to Display Audio, and it appears that the microphone is working (the bars are fiickering when I talk), still, I cannot be heard by the remote.
  I have tried to capture a movie with the display's camera and mic, and that works fine.
  Unplugging the display an using the laptop only  also works fine.
  I used the same setup with Skype, and the sound worked fine.
  The probem appears to be with FacetTime and the Thunderbolt Display
  Has anyone else experienced similar problems?

  I am having the same issue with my 13" MB Pro Retina and my 27" ThunderBolt display.  So far I haven't been able to find a solution to the problem.

• MOTD on Library connect for remote users?

  What I'm basically looking for: Is there a way so users connecting to my library from other machines recieve a Message Of The Day or similar?
  For instance, I'm slowly transferring my music from home to my laptop at work, and it would be nice to have something like "Recently Added: (blah blah blah)" appear for people upon connect.
  Is there a way to do this? If not, no big deal.

  Hey Phrasant,
  I just tested your setup in my lab.
  Situation 1:
  RDS server in OU RDS, no policies applied accept Default Domain policies.
  Test user ITW\jklaas
  Starting Wordpad, hitting Save and checking the drives.
  As you can see in the Drives_Without_Policies I can see the Server's C-drive.
  Situation 2:
  RDS server in OU RDS
  Test user ITW\jklaas
  Created a single policy called HideDrives with 2 settings:
  1. User Config -> Policies -> Admin Templates -> Windows Components -> File Explorer -> "Hide these specified drives in My Computer" and choose to "Restrict all drives"
  2. Computer Config -> Policies -> Admin Templates -> System -> Group Policy -> "Configure user Group Policy loopback processing mode" and choose to Enable this setting in Merge mode
  Via Delegation I denied Apply to Domain Admins and linked the HideDrives policy to the OU RDS.
  Now if I logon with ITW\Jklaas and start RemoteApp Wordpad:
  The policy successfully hides the server's C-drive...
  So, this not working for you can mean several things.
  - loopback not configured for policy processing?
  - your test user is somehow excluded from the policy?
  - there's another error somewhere in the group policy components between your RDS and DC?
  Start troubleshooting by running the GP Result wizard in GP management for a user that has Word open and see if he/she gets the policies?
  Cheers
  Arjan

• Analog for remote users with phoneproxy

  I have deployed 7941/7961 IP phones remotely connecting to our enterprise network using phoneproxy and SSL. Some users are requesting analog lines for fax machines. Phoneproxy does not seem to support the ATA-186 for analog. Does anyone have a solution for deploying ATA-186 devices remotely to connect to the corporate network?

  Cisco Unified PhoneProxy 1.0 provides the User authentication-Cisco Unified PhoneProxy provides a built-in Web application for authentication of users who are activating IP phones for secure use. It also offers a Web Services interface for organizations that prefer to integrate with existing user-authentication services.

• AFP logon window takes 60 - 90 seconds for remote users

  We have a 10.4.11 server running AFP and multiple other services. About 25 users connect to the AFP sharepoints via the internal network and the login window appears immediately. Another 25 users connect through a hardware VPN from another office and their login screen appears immediately as well. We have another set of 25 users who connect directly over the internet, and only recently, it is taking 60 - 90 seconds for the logon window to appear. Once it does appear, the connection runs at normal speed.
  It makes no difference whether the address is specified as FQDN or IP address. I've tried turning off Bonjour, and adding the host domain name to the search domains, but this made no difference either.
  This problem did not exist until recently. It may have been about the same time as the 10.5.4 update, but I can't be sure.
  Also, our ISP is known to play with "Shaping" although we did have AFP set to high priority and Port 548 is not restricted.
  Is there another service that Apple uses to bring up the logon window? If so perhaps our provider is restricting bandwidth on that.
  - Tim

  This problem related to AFP requesting a "Service Record" first and waiting until that timed out before requesting the "A" record for the site. It seems to be an issue with OS X 10.5.4 and OpenDNS. Hopefully they will sort it out soon.

• Query for remote users

  Im doing an audit and one part they want to know a list of users who are granted remote access? Is there in Query in AD that I can run if so let me know asap.
  thanks,

  You need to get the members of Remote Desktop Users local group. You can use
  net localgroup command to display members of a local group: https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_group_membership.mspx?mfr=true
  You can use psexec to execute this command on multiple systems.
  Please note that, if you are using Restricted Groups GPO to control the members of
  Remote Desktop Users local group then you can simply check the GPO configuration to get the list of the users having RDP access.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Might be duplicate   post for Remote User

  Hello,
  I hope I have posted this in the right spot this time.
  I have a problem with some software and want to let the person who made the software, who is in Minsk, Belarus access my computer remotely to try to fix a big problem that's developed.
  I know that Adobe can do it because they came into my computer last week and checked out something for me while I was on the computer.
  If this is possible , can someone give me instructions that are non technical, or use screenshots ...if technical...and can look up teminology if necessary. I just don't want to mess this up any further.
  And what the problem is, a linking program that works really well with Mac's, but I have really screwed it up by installing it three times and so I have files everywhere and don't know who, what , where, when or why or how to unscramble this without loosing all my links and also these bogus link files are now loaded ready to upload into the website via FTP.
  Red (in the face) thus the name
  ibook   Mac OS X (10.3.9)  

  Hi,
  Thanks for responding.
  No they don't.
  I was at the genius bar and while there, one of the "geni" said that I could set my computer up somehow under preferences for someone else to enter. I would just need to know their computer location # (I am sure there is a word for that) and flip a couple of switches and presto.
  I was hoping someone here knew how to do that, without purchasing anymore software.
  Red
  ibook Mac OS X (10.4.5)

• SA520W SSLVPN for Remote Users Only 64kbps - Please Help!

  I have setup an SA520W and configured SSL-VPN for our small business.  Everything seemed to go smoothly and I tested SSL VPN by logging in and playing around a bit which seemed to be fine.  However, shortly after deployment I started getting complaints about it being much slower than our old VPN through the consumer grade router I just replaced.  I investigated and tested with IE8 and Chrome on Windows XP 32-bit with several different machines, and in all instances it did seem very slow indeed.  While looking around I noticed that the Task Manager under the Networking tab shows the SSL VPN connection as VirutalPassage at 64 Kbps.  Going into Network Connections shows VirtualPassage under the Dial-up heading with device name Virtual Passage SSLDrv Adapter.  Additional properties describe it as an ISDN channel.  I have attached an image of the Task Manager pane.
  The router is running the latest firmware of 2.1.51.  It is connected via a static IP that does not require a login, to our dedicated 5 Mbit / 5 Mbit ethernet over copper link to our ISP.  We get great speeds and low latency through everything but SSL VPN connections.  I haven't done anything fancy so the router certificate is the factory default.  Currently we are using the existing 2 SSL VPN licenses that come with the router until we need more access, at which point I want to upgrade to the 25 user bundle.  However, I don't feel comfortable upgrading until I get this resolved, because 64kbps simply cannot work for us for a VPN solution.
  Does anyone know how to configure the SSL VPN to not limit at 64kbps?  My engineers are making fun of me for bringing us back to dialup, and I have to agree with them!
  Thanks for any help you can provide!

  I worked with Blake at Cisco Small Business Support (who is awesome, BTW) and it looks like having Split Tunnel Support enabled was what was making it so slow.  Our network setups is on 192.168.2.x, home users are on 192.168.0.x, and the VPN clients are on 192.168.251.x so I had enabled Split Tunnel Support and setup a Client Route for 192.168.2.0 with Subnet Mask 255.255.255.0.
  I disabled Split Tunnel Support, and even though it still said 64kbps the link is going much, much faster!

• Central number for 3 users

  I hope someone can help,  I would like a central Skype number for customers to call and for it to ring on the three emplyees to answers.
  Plus the abilty for the others to dial out if one is on the phone.
  Thanks
  John

  Hello,
  I dont see any reply's to your question and i wondered if you had any luck..If you do find a way to make this work would you be kind enough to post it and let me know...

• How to set up an external Hard Drive as a cloud folder for remote users?

  I have an external HD connected to my MacBook Air that I need two other people in my company to be able to access from far away cities. I'd like to know if there is a way of them having a folder in finder that goes straight to this external, similar to what shows up when Box.net or DropBox is installed. I don't want to use FTP, as one of them is not very savvy and using an FTP client would be an extra pain.
  Is there a way of doing this?

  Then you should probably looking into a simple turnkey solution like the WD MyCloud or similar.
  http://www.wdc.com/en/products/products.aspx?id=1140