HTTP Probe support for ISE guest service

Similar Messages

• ISE Guest Service fail depending on the browser

  One of my customers is complaining about having problems to access the guest services depending on the browser used:
  When the visitor has Intenet Explorer 10 or 11, he said the content is blocked and even the guest portal is not displayed. When the visitor has Google Chrome (no specific version indicated), he said the portal is displayed but the content is blocked after ingress user and password. Whit Firefox a certificate exception was added in advanced options.
  I think the issue can be something related with certificates or even the  computer but I'm not sure how can I identify the root cause.
  I wonder if something in the ISE is reported about the browser used to authenticate in the guest portal. I know the release notes indicate browser compatibilities, but in guest services I think shouldn't be restrictions, because you don't know what device, OS, or browser will be used by guests.
  The ISE is running 1.1.2.145, no patches yet.
  I will appreciate any tip you can provide me.
  Regards.

  Hi ,
  This below link gives the detailed versions of the supported operating systems and their supported browsers for Sponsor and Guests.
  http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html
  Google chrome , Mozilla and IE are supported, but there is some restriction in the browser versions.
  For IE make sure you have enabled ActiveX controls and check if the compatibilty mode is enabled.
  If customer is making use of supported browsers and still experiencing the issue then we need to check what options are enabled on browsers and what is blocking the content download in the browser.

• Toshiba Support for Microsoft Windows Service Packs ?

  Does Toshiba provide Downloads,
  for the Microsoft Service Pack
  ( For example Windows XP Service Pack ) ???

  The easiest way for you to find Information about Windows Service Packs is to surf on the Toshiba Website of your Country and look at Support & Download.
  There you find the a Category Microsoft Service Packs.
  The Link for Toshibe Europe for example is -> http://eu.computers.toshiba-europe.com/

• VHDX Support for W2008R2 Guest

  I'm a little confused about the support for guest o/s's using the VHDx format. I have seen quotes on this forum saying that any supported guest o/s can be run using VHDx, yet when I create a virtual HD using W2012R2 Hyper-V, it says that W2012 is the
  oldest o/s to support VHDx.
  Currently, I have a pre-production environment running on a Hyper-V W2012R2 platform. All the guest VM's are (Gen 1) W2008R2 servers. Currently I am using the VHDx format for the boot and data disks on these VM's. Everything seems to be running OK now, but
  I am concerned that if this is not a supported configuration that I may have trouble in the future.
  Can someone clarify if my environment would be supported by Microsoft going forward, and if not, can I simply convert the existing VHDx volumes into VHD's using the Hyper-V Manager GUI?
  Thanks!

  ...well surprise surprise!
  After creating the above forum posts, I decided to submit my question to Microsoft Support via email. It took a few email exchanges until I was relatively confident that Microsoft fully understood my question. In the end they claim that the restriction of
  VHDx to W2012 or newer systems is based upon the "host" o/s, NOT the "guest". The following is an excerpt from my last email to them:
  "Given the fact that my environment is not taking advantage of any “advanced features” of the VHDx format and that it appears to be
  working fine with my W2008R2 guests in my testing, will Microsoft support us if we run a production environment with W2008R2 guest VM’s using the VHDx format?"
  And this is their reply:
  "For what you saw, I’d like to explain that it is aimed at Hyper-V host while not Guest VM. That’s to say no matter which OS version has been installed on guest VM, as long as the hyper-v
  host OS is windows server 2012 or later version, you can use VHDx format and take advantage of it. What’s more, for your environment, it is absolutely supported by Microsoft."
  Services
  Jason Zeng, Windows Support Professional  Microsoft Email Support Email:
  [email protected]
  portal:support.microsoft.com/oas/
  My working hours are 9:00 PM - 6:00 AM EST, from Sunday to Thursday.
  Delighting our customers is our top priority. We welcome your comments and suggestions about how we can improve the support we provide to you. If you would like to give us some feedback,
  please email my manager Peterson Wu at [email protected].
  Thank you.
  Note: E-mail support is NOT suitable for urgent or time- critical issue. If the technical problem is urgent and you feel it more efficient to discuss it via phone, you may convert this to a
  phone support case by contacting us at this number: 1-800-936-4900. Thank you for your cooperation.
  In the part about "for what you saw...", the Microsoft rep is refering to the "New Virtual Hard Disk Wizard" dialog box that warns "This format is not supported in operating systems earlier than Windows
  2012." Although not clearly identified in this dialog box, the warning refers to the host o/s. (I really wish they would reword this warning in a service pack, etc.)
  Once again, I thank everyone who has provided me with feedback on this topic. I hope this thread helps to clarify the issue for other IT professionals because previously I could not find a straight answer to this question
  anywhere else on the web. 
   -tm

• Change Account Duration for ISE Guest User can not more than 5 days

  Extending guest account duration can not more than 5 days.
  On portal we can change it to more than 5 days, but the account always expired after next 5 days.
  Email notfication sent after change duration also said the account only have 5 days of duration.
  I'm using ISE 1.2 patch 2.

  Step 1 From the Cisco ISE Administrator interface, choose Administration > Guest Management > Settings > General > Purge.
  The Purge Settings page is displayed.
  Step 2 To schedule a purge operation, check the Enable purge settings for expired guest accounts check box.
  Step 3 Configure the following available options:
  a. Enter the purge interval, in number of days. Valid range is 1-365.
  b. Specify the hour of the day when the purge should occur.
  Date of last purge displays the date and time when the last purge operation occurred.
  Date of next purge displays the date and time when the next purge operation is scheduled to occur.
  Step 4 To immediately execute a purge of expired guest user records, click Purge Now.
  This executes a purge manually even if Enable purge check box is not checked. This option provides you the freedom to purge records whenever you seem fit.
  Step 5 Click Save
  Please check the point 3 find the value is so that it may engaged.

• Support for Short Messaging Service (SMS)

  Hi all,
  Currently Beehive will only support sending SMS via the SMPP protocol, is there any other protocols available or planned in future releases?
  I know sms if a faiding tech, but it's still the thing to notify mobile devices.
  I tried creating a Clickatell account as recommended, but those test accounts are no good for SMPP which relies on a minimum volume of 5000 sms! not good for small/medium size users.
  Regards,
  david

  Current release supports SMPP and XMS. More information is available in the Admin Guide
  http://download.oracle.com/docs/cd/E16671_01/bh.200/e16648/subscriptionsnotifications.htm#CHDJFJGI
  Clickatell does support XMS.
  We are working to replace our support for XMS with support for our SMS partners HTTP based APIs.

• Are HTTPS probes supported in Cisco devices ?

  Hello,
  I am aware Cisco supports HTTP probe types. Are HTTPS (HTTP Secure) probes are supported in Cisco devices too ? If so from which IOS version ?
  Your comments are very much appreciated.
  Thanks.

  Hi ,
  As per my understanding there is No IOS code which support HTTPS opeartions , Only HTTP operations are supported as of now.
  Thakns
  Afroz

• Https redirection issue for Wireless Guest CWA - ISE 1.3

  Our Setup is
  ISE 1.3 (Patch level 2) running on ACS 1121
  2 nodes clustered with Admin, monitoring, policy service enabled ( Primary and Secondary ).
  Configured SSID Guest for Centralized web authentication with ISE.
  We have issues in web redirection with chrome . It is not redirecting to the ISE page but rather showing " Page cannot be displayed".
  By default chrome is pointing to https. For example if we type https://google.com it is not redirecting to ISE page. But when I specify the same as http://google.com it works.
  There is no issue with IE, Firefox as it is redirecting to ISE page with default https and i can see it is hitting our rule.
  Please advice.

  Hi Neno
  They are using a third party certificate (digi cert) for client auth. They have confirmed even if they use a self-signed-cert the result is same.
  So basically none of the https page is not loading. If we manually browse some https site from Firefox, IE the result is same showing " page cannot be displayed".
  Redirection to https is the problem which i have never faced with my other customer. This is the upgraded version of ISE from 1.2 to 1.3.

• Https redirect on wifi ise guest

  Hi
  We have a problem of redirect https on ise wifi guest so if we connect as a Guest PC i login and can access to internet using http but the problem if we use https can you help me to resolve this issue
  Regards

  The ISE trust sec guide #30 on page 46 states
  For traffic initiated by the client, Cisco Wireless LAN Controllers support redirection of HTTP traffic only. Redirection of HTTPS traffic is not supported. The traffic redirected to ISE is always HTTPS.
  Sent from Cisco Technical Support iPad App

• Support for XML / Web Service Data Source?

  <p>Do you know if and when Crystal Reports for Eclipse will support using the XML / Web Service data source?  It appears that only JDBC and Java Result Sets are currently supported.  I am using:</p><p>com.businessobjects.integration.eclipse.library_1.0.0.v671 </p><p>com.businessobjects.sdks.jrc.11.8.0_11.8.1.v671 </p><p>Thank you! </p>

  <p>Ok, I copied the JARs (such as CRDBXMLServer.jar) from the JRC SDK (from Eclipse all-in-one) onto the Tomcat classpath and got rid of my previous problem.  I now get the stack trace below.  I also can not find crdb_*.dll files (such as crdb_xml.dll) anywhere on my system other than the service pack 2 rollback directories.  My guess is I should be downloading and installing something else -- is this true? </p><p>10 Jan 2007 13:22:36 [http-8080-Processor23] DEBUG com.crystaldecisions.reports.reportdefinition.datainterface - Failed to open connection (Connection:<databaseType=XML><serverName=http://dopey/devicedirectory/2006-06-25/DeviceDirectory?WSDL DeviceDirectory DeviceDirectoryPort getDevices><state=closed><databaseDriverName=crdb_xml.dll>).<br />com.crystaldecisions.reports.queryengine.am: Error loading database connector.  The class &#39;com.crystaldecisions.reports.queryengine.driverImpl.DriverLoader&#39; could not be accessed.<br />    at com.crystaldecisions.reports.queryengine.ax.am(Unknown Source)<br />    at com.crystaldecisions.reports.queryengine.ax.new(Unknown Source)<br />    at com.crystaldecisions.reports.queryengine.ax.byte(Unknown Source)<br />    at com.crystaldecisions.reports.reportdefinition.datainterface.a.a(Unknown Source)<br />    at com.crystaldecisions.reports.reportdefinition.datainterface.a.a(Unknown Source)<br />    at com.crystaldecisions.reports.reportdefinition.datainterface.a.a(Unknown Source)<br />    at com.crystaldecisions.reports.reportdefinition.datainterface.a.a(Unknown Source)<br />    at com.crystaldecisions.reports.reportdefinition.datainterface.g.a(Unknown Source)<br />    at com.businessobjects.reports.sdk.b.b.byte(Unknown Source)<br />    at com.businessobjects.reports.sdk.b.b.a(Unknown Source)<br />    at com.businessobjects.reports.sdk.b.b.byte(Unknown Source)<br />    at com.businessobjects.reports.sdk.JRCCommunicationAdapter.request(Unknown Source)<br />    at com.crystaldecisions.proxy.remoteagent.x.a(Unknown Source)<br />    at com.crystaldecisions.proxy.remoteagent.q.a(Unknown Source)<br />    at com.crystaldecisions.sdk.occa.report.application.dd.a(Unknown Source)<br />    at com.crystaldecisions.sdk.occa.report.application.ReportSource.a(Unknown Source)<br />    at com.crystaldecisions.sdk.occa.report.application.ReportSource.getPage(Unknown Source)<br />    at com.crystaldecisions.sdk.occa.report.application.AdvancedReportSource.getPage(Unknown Source)<br />    at com.crystaldecisions.sdk.occa.report.application.NonDCPAdvancedReportSource.getPage(Unknown Source)<br />    at com.crystaldecisions.reports.reportengineinterface.JPEReportSource.getPage(Unknown Source)<br />    at com.crystaldecisions.report.web.event.ac.a(Unknown Source)<br />    at com.crystaldecisions.report.web.event.ac.a(Unknown Source)<br />    at com.crystaldecisions.report.web.event.b2.a(Unknown Source)<br />    at com.crystaldecisions.report.web.event.b7.broadcast(Unknown Source)<br />    at com.crystaldecisions.report.web.event.av.a(Unknown Source)<br />    at com.crystaldecisions.report.web.WorkflowController.do(Unknown Source)<br />    at com.crystaldecisions.report.web.WorkflowController.doLifecycle(Unknown Source)<br />    at com.crystaldecisions.report.web.ServerControl.a(Unknown Source)<br />    at com.crystaldecisions.report.web.ServerControl.processHttpRequest(Unknown Source)<br />    at com.crystaldecisions.report.web.viewer.taglib.ServerControlTag.doEndTag(Unknown Source)<br />    at com.crystaldecisions.report.web.viewer.taglib.ReportServerControlTag.doEndTag(Unknown Source)<br />    at org.apache.jsp.stateReport_002dviewer_jsp._jspx_meth_crviewer_viewer_0(stateReport_002dviewer_jsp.java:108)<br />    at org.apache.jsp.stateReport_002dviewer_jsp._jspService(stateReport_002dviewer_jsp.java:61)<br />    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)<br />    at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)<br />    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)<br />    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)<br />    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)<br />    at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)<br />    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)<br />    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)<br />    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)<br />    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)<br />    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)<br />    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)<br />    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)<br />    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)<br />    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)<br />    at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)<br />    at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)<br />    at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)<br />    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)<br />    at
  java.lang.Thread.run(Unknown Source)<br />Caused by: java.lang.reflect.InvocationTargetException<br />    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br />    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)<br />    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)<br />    at java.lang.reflect.Method.invoke(Unknown Source)<br />    ... 53 more<br />Caused by: java.lang.NoClassDefFoundError: OCA/OCAdbdll/DbDLLOperations<br />    at java.lang.ClassLoader.defineClass1(Native Method)<br />    at java.lang.ClassLoader.defineClass(Unknown Source)<br />    at java.security.SecureClassLoader.defineClass(Unknown Source)<br />    at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1815)<br />    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:869)<br />    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1322)<br />    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1201)<br />    at java.lang.ClassLoader.loadClassInternal(Unknown Source)<br />    at com.crystaldecisions.reports.queryengine.driverImpl.a.<init>(Unknown Source)<br />    at com.crystaldecisions.reports.queryengine.driverImpl.a.eE(Unknown Source)<br />    at com.crystaldecisions.reports.queryengine.driverImpl.DriverLoader.loadDriver(Unknown Source)<br />    ... 57 more<br /><br /> </p>

• Https transport support for JAX-WS WebServices

  Hi All ,
  I am trying to implement JAX-WS WebServices that support https transport .To do so I added the following annotation *@Policy(uri = "policy:Wssp1.2-2007-Https-BasicAuth.xml)* in my Jws Implementation file for the JAX-WS WebServices but I got parsing error.Can anyone please confirm that JAX-WS supports the policy annotation in Impl file.If it is supported can a link/pointer/example could be given to implement https enabled JAX-WS WebService and the required configuration in wsdl file.
  Thanks and Regards

  It does but you've specified a policy that uses both HTTPS and basic HTTP authentication. If you require just HTTPS use "Wssp1.2-Https.xml". In turn you must enable the SSL port on the WLS server. See this blog post: http://one-size-doesnt-fit-all.blogspot.com/2009/02/enabling-ssl-and-disabling-non-ssl_17.html
  If you use JDev to generate the JAX-WS web services, given the policy annotation JDev willl put the policy in the WSDL file appropriately.
  CM.

• Support for Creating Web Service from pl/sql package in JDeveloper 11

  We have been creating all of our web services from pl/sql packages in our Oracle database using JDeveloper 10.1.3.1. I understand that this capability is not supported in Jdev 11. We have been mandated to either move up to JDeveloper 11, or consider switching to eclipse, or even VS2008 and run .NET services from IIS. I have seen work-around solutions using TopLink and Jdev 11. Are there plans to revive this feature in the near future? We're now looking at switching to .NET since we could scrap our OAS instances and use IIS to publish web services. The only reason we were sticking with Oracle was the ease in converting all our existing package to web services with Jdev.
  Is anyone else in the same situation. If so, what solutions are you considering?

  Hi,
  there are a lot of option to make plsql web services .
  First you can stay with jdev 10.1.3
  Use the xmldb servlets
  use jdev 11g tp4 to create plsql ws and upgrade to jdev 11g production
  And I think in the next release of jdev it will be back , there are more options which disappeared like the adf bc sdo ws or jmx datacontrol etc.
  thanks Edwin

• ITunes and support for Microsoft Media Service (mms)

  I am attempting to stream internet radio through to iTunes but Microsoft's mms does not appear to be supported. Does anyone know how I can do this ?
  Typical URL is: mms://media3.abc.net.au/classicfm
  Hope someone can assist.
  Message was edited by: Max25
  Message was edited by: Max25

  QuickTime can't "play" mms streams and neither can iTunes.
  http://flip4mac.com may be able to help.

• LWA Support for Provisioning

  My Desired flow is:
  Guest SSID - Open Access.
       If WebAuths as a Guest User, apply ACL-GUEST-ACCESS and stop
       If webauth's as a user that is a member of AD group X, go to client provisioning portal.
  I've tried using CWA, and I get "We are unable to determine access privileges in order to access the network. Please contact your administrator."
  Since the 4400 and 2100 WLCs are supported for ISE using LWA only (no  CWA support), I think this is why.
    The below log appears in the authentications screen: (not very helpful is it)
  So I think I need to do a AuthZ rule resulting in a profile using webauth against the provisioning portal, not CWA? If so, I can't seem to wrap my head around a workable rule to match this. Any hints on making this work? All  the TrustSec 2.0 and 2.1 docs center around CWA only.

  When you use LWA (Local Web Authentication) the NAD device (Switch, wireless lan controller, etc) is providing the Web Authentication Services. For example, on the WLC clients get redirected to the built-in WebAuth Guest page. As a result, the clients will never reach ISE for them to utilize the web services (web auth, device registration, provisioning etc). You will need to run version 7.2 and above on your WLC and use CWA. I hope this makes sense.
  Thank you for rating!

• Guest Anchor with web auth using ISE guest portal

  Hello All,
  Before launching into my exact issues, could anyone confirm if they have completed a wireless Guest anchor setup using 2504 controllers on 7.4 as the anchor (5508 is the foreign) with webauth external redirection at ISE 1.1.3 using ISE Guest Services?
  I am attempting this for an internal POC and have hit a couple of issues. Firstly I am looking for correct configuration confirmation prior to going in depth with a couple of the issues. I've been using the TrustSec 2.1 how to guides to build the parts I am not strong on so if anyone has actual completed this setup, I'd love to go through it with you.
  massive thanks to anyone that can assist.
  JS.

  Thanks for the reply RikJonAtk.
  so to start with, based on the trust sec documents, of the guest WLAN on the anchor I need to configure mac filtering at the layer 2 security menu as well as enable RADIUS NAC under the Advanced tab. But when I do this, I get an error message that states that mac filitering and RADIUS NAC cannot be enable at the same time.
  Additionally, if I just enable the RADIUS NAC setting under the Advanced tab in the WLAN, I get another error message that states that the priority order for Web-Auth can only be set for radius, so I go to the AAA server tab and send local and LDAP to the not use column and hit apply. If I move to another menu then check the priority order again under the AAA servers tab, the local and LDAP have been moved back to the menu field to be used again.  So I initially though it might be a bug, but I was hoping to find someone here that has done this already and can look at my issues and maybe walk me through their configs, which I'll mirror and see how it goes.
  Thanks in Advanced,
  JS