IronPort WSA S170 and Context directory agent
Hello people and experts,
I need your consultation regarding IronPort and CDA deployment.
I couldn't find any information in internet...
So my question is - if IronPort is AD domain member and Explicit forward proxy is planned to be used. Do I need CDA to be deployed? What will happen if I don't want to deploy CDA in my environment?
As I understood CDA is useful when IronPort works as Transparent Proxy or if IronPort is not a member of the same domaiin as users.
Please advise.
The CDA eliminates the need for NTLM authentication. Once a user logs onto their computer in the morning and authenticates to the domain, the CDA will have received a successful audit event/log that informs it that user X is signed on to IP address X. When the WSA needs to find out who is on this IP address, instead of using NTLM to challenge the client machine, it will ask the CDA who signed on this particular IP address. Once it gets the user name, the WSA will proceed as usual and query the AD to determine the group membership of that particular user.
Similar Messages
-
Context Directory Agent ipv4 and ipv6 mappings
I have the context directory agent 1.0 patch 2 installed and running. It works good mostly. We have a duel stack running ipv6 and ipv4 on our workstations. They connect to the AD with ipv6, so the mapping is for ipv6. Is there a way to get the ipv4 mappings?
We need to map both addresses for the Web Filtering on the CX.Same question.
-
Need of Context Directory Agent
Hi all
I downloaded from CCO CDA (Cisco Directory Agent - filename is AD_Agent-v1.0.0.32.1-build-598.Installer.zip) and installed it. The goal is to authenticate users of WSA using Windows Server 2003 Active Directory.
During deployement I discovered CDA supports until W2008R2 AD servers. Because customer plans to migrate soon AD to Windows Server 2012, I think CDA has to be replaced.
Is Cisco Context Directory Agent the right replacement? I read it runs on a separate Virtual Machine, so I need to inform customer we need an additional VM?
Thanks in advanceWhat you downloaded was the old Active Directory Agent. You need to download CDA (Context Directory Agent) and the four patches and install them on a VM. Download link here: https://software.cisco.com/download/release.html?mdfid=282803423&flowid=4949&softwareid=284724387&release=CDA&relind=AVAILABLE&rellifecycle=&reltype=latest
-
Context Directory Agent Path not found
I am trying to connect Cisco Context Directory Agent to my AD 2012r2 server,
Went through the setup guide and changed all needed register keys, firewall rules, DOCOM and wmimgmt permissions,
I got passed the access denied error, but now I am getting a "The system cannot find the path specified. [0x80070003]" error.
Here is my log.
wmi-property exception-stack org.jinterop.dcom.core.JIComServer.init(JIComServer.java:580)
org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:481)
org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:445)
com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:42)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:81)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:609)
dc-hostname maddcr2.xxxxxxx.local/10.1.0.19
dc-name xxxxx
exception-cause org.jinterop.dcom.common.JIRuntimeException: The system cannot find the path specified. [0x80070003]
wmi-class Win32_NTDomain
exception-message The system cannot find the path specified. [0x80070003]
wmi-property DomainName
dc-username _zxxxxx
Thank you,Are you're running CDA 1.1 with Patch 1:
cda-patchbundle_1.0.0.011-1.i386.tar.gz
Support for Windows 2012 server was added in patch 1. Enable
this patch using the command:
admin# patch install cda-patchbundle_1.0.0.011-1.i386.tar.gz myrepository
(see step 2a below for setting up a repository)
Refer :
http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html#wp1061521 -
What is the new Cisco Context Directory Agent?
Hi Everyone.
I noticed on the ASA software download page the new Content Directory Agent (~800MB). I could not find any release notes nor other references from a Google search.
http://www.cisco.com/cisco/software/release.html?mdfid=280582808&softwareid=280775065&release=8.4.4.ED&flowid=4822
What is it?
AContext Directory Agent is the successor product to AD agent. It provides similar functionality buit comes with Linux distribution and has a GUI based interface. You are right that at the link you gave there is no documentation posted. Will need to dig around
The release notes for the AD Agent product are at: http://www.cisco.com/en/US/docs/security/ibf/release_notes/ibf10_rn.html -
Context Directory Agent server 2012R2
Hi,
Win server 2012R2 is not offically on the supported list for Contex Directory Agent ( CDA ) , anyone tested this setup ?
I have been following the Installation guide for 2012 : http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html but I the server stays red in the CDA gui. No error messages in the log though.
CDA is patch1 and CDA user is within the Domain Admin group and necessary priv changes according to the installation document is in place ( registry key ownership etc,) , firewall on the server has been temporarily disabled.
Just wanted to see if there is anyone who got the combination CDA/2012R2 running and/or when there will be an official patch to CDA to add 2012R2 support.I opened a case and they refer me to bug CSCun10631.
(CDA doesn't support 2012R2).
the good news is that a new patch (3) should be release this month (July) and will include support. -
Context Directory Agent maps the Active Directory Anti-Virus user
Hi,
Today I was able to join a couple of CDA's to our Active Directory domain (2008 R2 DC's) using a non-privileged account and the CDA maps (most) users to IP addresses.
I would like to use the CDA solely for building up firewall policies based on AD details whenever possible
as maintaining granular firewall policies on 8 different ASA's is too time consuming as we are not a large IT organization.
But, after deploying the first "AD Group" based rule, it turned out, that the AD user-account mapped to the IP address of my PC was actually a domain user, running the local anti-virus engine, and not my own.
It makes total sense that the the anti-virus user is logged on to the PC before any user, so it can do "its thing",
but my own user-account is never mapped.
CDA was able to map certain users to an IP address, even though the anti-virus user is actually logged on to the PC before them.
Has anyone deployed Identity Based Firewalling and experienced something which resembles this scenario and were you able to do any workarounds?
I looked into filtering out the logon events (for the Sophos user-account) from the Windows Security logs,
so the CDA will not be able to map these, but it seems a bit far fetched, and would probably violate a security policy or two :)
Cheers, Søren Elleby SørensenI opened a case and they refer me to bug CSCun10631.
(CDA doesn't support 2012R2).
the good news is that a new patch (3) should be release this month (July) and will include support. -
Cisco Context Directory Agent - Windows logs - Forwarded events
Hello,
I have a setup testing with Cisco ASA, Cisco CDA and MS 2012 R2. All this works fine. Only problem I encountered is that I want to read the forwarded events on the AD LDS server instead of the security events.
So in small words is it possible to connect CDA agent with wmi to forwarded events instead of security logs?
Is this possible?
Thanks,
Mark PostHi,
I applied the solutions mentioned above, but now i get the below error. Domain still shows as down.
wmi-property
exception-stack
org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:158)
org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:181)
org.jinterop.dcom.core.JISession.releaseRef(JISession.java:805)
org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:777)
com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:40)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:83)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:599)
dc-hostname
dc-name
exception-cause
java.net.ConnectException: Connection timed out
wmi-class
Win32_NTDomain
exception-message
An internal error occurred. [0x8001FFFF]
wmi-property
DomainName
dc-username
Any Idea on the error?
Thanks. -
I have 2 DC's and I'm trying to get the cda to connect to both dc's. Both are 2003 R2 but the one I'm having trouble with is Small Business Server. I've double checked security settings and firewalls, but I'm still receiving the error on one server only.
All help is appreciated.
The error I'm getting is:
Log attributes
wmi-property
exception-stack
org.jinterop.dcom.core.JIComServer.init(JIComServer.java:576)
org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:481)
org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:445)
com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:42)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:81)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:169)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:201)
com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:605)
dc-hostname
email.houstonarmature.local/192.168.1.1
dc-name
Email
exception-cause
java.io.IOException: Socket Closed
wmi-class
Win32_NTDomain
exception-message
An internal error occurred. [0x8001FFFF]
wmi-property
DomainName
dc-username
hawadminHi Toby,
Just an addition. Did you use an administrator account to logon the RWA and then connect to the remote computer?
Did encounter the same issue?
Meanwhile, please refer to following threads and check if can help you.
RD
Gateway - Unable to connect via IP (Netbios, FQDN work fine)
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu -
Context Directory Agent VM Requirements
The CDA installation guide has a few undocumented issues around the vmware requirements. I have ran into issues that are documented on the forums such as the scsi controller and the nic settings.
here is a thread of the lsi controller that must be selected for the CDA installation to run -
https://supportforums.cisco.com/thread/2235247
Also the nic adapter is not detected if I choose to use anything other than flexible. Is this a bug in CDA?
Thanks,
Tarik Admani
*Please rate helpful posts*Ken,
Thanks for your help. My customer has other nics that they build their virtual machines and it was a little challenging in understanding if the flexbile adapter must be selected since the documentation only covers the OS used for the install.
Thanks,
Tarik Admani
*Please rate helpful posts* -
How to turn on a WSA S170 built in FTP server ?
Dear support forum members,
I configured Cisco WSA S170 and forgot to turn on the WSA built in FTP server.
I found it when I tried to access WSA logs from Web GUI. May be it is already turned on by default, but WSA blocks access to it.
Could you advise me, how to turn FTP server on or allow access to it from Web GUI or CLI.
I could not find any information about it in documentation.
Thanks in advance!
Best regards,
Alexander.
P.S. Sorry for my EnglishHi,
Try the "ifconfig" command. When you select the interface and click on edit, it should ask you:
Do you want to enable FTP on this interface? [Y]>
Do you want to enable SSH on this interface? [Y]>
Which port do you want to use for SSH?
[22]>...
Regards,
Kush -
ACE working with IronPort WSA server farm
We have an ACE load balancing a group of Ironport WSA. The WSA are working with the feature IP Spoofing, then the request to WWW has the source ip address of the WSA client and not the WSA itself.
We follow the documento behind, but it is not working. When the packet coming from Internet having the destination address the WSA client address, the ACE can not delivery the packet even with the mac-sticky configured.
I read in other forum that ACE needs to have in its arp table or route table the destination IP address for being able to deal with the packet by the encapid.
But we don't have this entry in the arp table.
When we configure the WSA with IP spoofing and the source ip address is the WSA itself the configuration works fine.
Some have this kind of problem in some ocasion?
Thank you,
EveraldoHi Jorge,
The behavior is when we have IP Spoofing configured in the WSAs, the connection is not established. The ACE establishes the connection with the client but the connection with Internet is not established. I captured the packets that arrive in the ACE coming from Internet and I see SYN packets with source address as a public IP (Google) and the destination address as the internal client IP address with no ACK just RST.
With no IP Spoofing, meaning that the ip source address is tha WSA the connection is established with no RST.
Follow the output the commands:
show service-policy WSA-VIPS class-map WSA_VIP_TCP_3128 detail
Status : ACTIVE
Description: -----------------------------------------
Interface: vlan 304
service-policy: WSA-VIPS
class: WSA_VIP_TCP_3128
VIP Address: Protocol: Port:
10.10.193.25 tcp eq 3128
loadbalance:
L7 loadbalance policy: WSA-POLICY
VIP Route Metric : 77
VIP Route Advertise : ENABLED-WHEN-ACTIVE
VIP ICMP Reply : ENABLED-WHEN-ACTIVE
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: DISABLED
curr conns : 3 , hit count : 1260
dropped conns : 4
conns per second : 0
client pkt count : 19271 , client byte count: 2326106
server pkt count : 26140 , server byte count: 16572023
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : WSA-POLICY
class/match : class-default
LB action :
primary serverfarm: WSA_FARM
state: UP
backup serverfarm : -
hit count : 1260
dropped conns : 0
compression : off
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
switch/WSA# show probe WSA_TCP_3128
probe : WSA_TCP_3128
type : TCP
state : ACTIVE
port : 3128 address : 0.0.0.0
addr type : - interval : 5 pass intvl : 10
pass count: 3 fail count: 30 recv timeout: 10
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ----------------------+----+--------+------+------+------+------
serverfarm : WSA_FARM
real : WSA-01[0]
real : WSA-02[0]
10.10.193.37 3128 PROBE 15076 72 15004 SUCCESS
real : WSA-03[0]
real : WSA-04[0]
real : WSA-05[0]
real : WSA-06[0]
real : WSA-07[0]
real : WSA-08[0]
real : WSA-09[0]
real : WSA-10[0]
switch/WSA# show probe WSA_TCP_3128 detail
probe : WSA_TCP_3128
type : TCP
state : ACTIVE
description :
port : 3128 address : 0.0.0.0
addr type : - interval : 5 pass intvl : 10
pass count: 3 fail count: 30 recv timeout: 10
conn termination : FORCED
expect offset : 0 , open timeout : 3
expect regex : -
send data : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ----------------------+----+--------+------+------+------+------
serverfarm : WSA_FARM
real : WSA-01[0]
real : WSA-02[0]
10.10.193.37 3128 PROBE 15088 72 15016 SUCCESS
Socket state : CLOSED
No. Passed states : 2 No. Failed states : 1
No. Probes skipped : 0 Last status code : 0
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : -
Last probe time : Mon Sep 3 21:06:47 2012
Last fail time : Mon Sep 3 20:45:05 2012
Last active time : Mon Sep 3 20:45:57 2012
real : WSA-03[0]
real : WSA-04[0]
real : WSA-05[0]
real : WSA-06[0]
real : WSA-07[0]
real : WSA-08[0]
real : WSA-09[0]
real : WSA-10[0]
Thank you,
Everaldo -
Hi Everynone.
Is there any information about maximum filesize that is scanned with antivirus engine in S170 and S370 ?
At the moment I compare WSA with other vendors. Some competitors claim that Ironport does not scan all downloaded objects. It only scans obcjects which were downloaded from sites with poor reputation. Even "good" sites can be infected and such approach can create security hole. Some vendors have dedicated hardware where all objects are scanned.
I also found an information that WSA can work in two modes : Maximum protection and High Performance
I wonder, what is the impact on a performance when WSA works in High Performance mode? Do anyone have any experience on that field (what is the latency, user experience) ?
Best Regards,
PiotrThe maximum scannable file size is 32mb by default.
I have not heard of a Maximum Protection/High Performance mode. But it is true that the WSA only scans objects from netural/poor rated websites. Your concern about good rated websites containing malware is valid. But this is configurable. Obviously it will increase overhead due to the increased scanning of course. -
Looking for successful auth debug between cisco 1113 acs 4.2 and Active Directory
Hello,
Does anyone have a successful authentication debug using cisco 1113 acs 4.2 and Active Directory? I'm not having success in setting this up and would like to see what a successful authentication debug looks. Below is my current situation:
Oct 6 13:52:23: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:23: TPLUS: processing authentication start request id 444
Oct 6 13:52:23: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:23: TPLUS: Using server 110.34.5.143
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 26 (0x1A)
Oct 6 13:52:23: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:23: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:23: T+: user:
Oct 6 13:52:23: T+: port: tty515
Oct 6 13:52:23: T+: rem_addr: 10.10.10.10
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:23: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
Oct 6 13:52:23: T+: msg: Username:
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:23: TPLUS: Received authen response status GET_USER (7)
Oct 6 13:52:30: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:30: TPLUS: processing authentication continue request id 444
Oct 6 13:52:30: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 15 (0xF)
Oct 6 13:52:30: T+: AUTHEN/CONT msg_len:10 (0xA), data_len:0 (0x0) flags:0x0
Oct 6 13:52:30: T+: User msg: <elided>
Oct 6 13:52:30: T+: User data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE: wrote entire 27 bytes request
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:30: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
Oct 6 13:52:30: T+: msg: Password:
Oct 6 13:52:30: T+: data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:30: TPLUS: Received authen response status GET_PASSWORD (8)
Oct 6 13:52:37: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:37: TPLUS: processing authentication continue request id 444
Oct 6 13:52:37: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:37: T+: AUTHEN/CONT msg_len:11 (0xB), data_len:0 (0x0) flags:0x0
Oct 6 13:52:37: T+: User msg: <elided>
Oct 6 13:52:37: T+: User data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE: wrote entire 28 bytes request
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 33bytes data)
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 45 bytes response
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 33 (0x21)
Oct 6 13:52:37: T+: AUTHEN/REPLY status:7 flags:0x0 msg_len:27, data_len:0
Oct 6 13:52:37: T+: msg: Error during authentication
Oct 6 13:52:37: T+: data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:37: TPLUS: Received Authen status error
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: timed out
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: No sock_ctx found while handling request timeout
Oct 6 13:52:37: TPLUS: Choosing next server 101.34.5.143
Oct 6 13:52:37: TPLUS(000001BC)/1/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:37: TPLUS(000001BC)/46130160: releasing old socket 0
Oct 6 13:52:37: TPLUS(000001BC)/1/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:49: TPLUS: processing authentication start request id 444
Oct 6 13:52:49: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:49: TPLUS: Using server 172.24.5.143
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 26 (0x1A)
Oct 6 13:52:49: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:49: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:49: T+: user:
Oct 6 13:52:49: T+: port: tty515
Oct 6 13:52:49: T+: rem_addr: 10.10.10.10
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 43bytes data)
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 55 bytes response
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 43 (0x2B)
Oct 6 13:52:49: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
Oct 6 13:52:49: T+: msg: 0x0A User Access Verification 0x0A 0x0A Username:
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Received authen response status GET_USER (7)
The 1113 acs failed reports shows:
External DB is not operational
thanks,
jamesHi James,
We get External DB is not operational. Could you confirm if under External Databases > Unknown User Policy, and verify you have the AD/ Windows database at the top?
this error means the external server might not correctly configured on ACS external database section.
Another point is to make sure we have remote agent installed on supported windows server.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289013
Also provide the Auth logs from the server running remote agent, e.g.:-
AUTH 10/25/2007 15:21:31 I 0376 1276 External DB [NTAuthenDLL.dll]:
Attempting Windows authentication for user v-michal
AUTH 10/25/2007 15:21:31 E 0376 1276 External DB [NTAuthenDLL.dll]: Windows
authentication FAILED (error 1783L)
thanks,
Vinay -
Hi,
How to send a multicast request to 239.255.255.253, seeking an SLP Directory Agent (DA) in C++?
Thanks in advance.Hi,
How about your issue now? Is it fixed?
I think you will get progessional support from other network related forum. Because VC++ forum aims to discuss and ask questions about the Visual C++ IDE, libraries, samples, tools, setup, and Windows programming using MFC and ATL.
Hope you can understand.
May
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.
Maybe you are looking for
-
Connecting 2nd monitor to powermac g4 for FCP & hd lcd tv as prod. monitor?
Ok, so I'm starting to become a bit more ambitious in my dv shooting and wanted to accustom myself to a more "professional" set-up. right now I'm working with my powermac g4, 1.42ghz dual processor, superdrive, 1g ram...blah blah blah. I suppose it's
-
Migo is not showing the excise tab - header level and item level
Hi, i have created one PO with excise and i have created MIGO with only capture excise invoice, in MIGO before saving the document system is showing the excise basic, cess and higher education cess in excise tab, header level as well as item level. A
-
ORA-00911 error creating a view with PL/SQL
Hello. Working with SQL Developer, I'm trying to write a procedure that creates a view. After a successful compilation, each time I try to execute it I get an ORA-00911 error and I'm not able to find the reason. Here's my code. Thanks in advance. C
-
Hi! How do you convert a String to an InputStream? I'm sending more than one XML file in a String through a Socket. I receive an Input Stream and convert it to a String. but i now need this String to be an Input Stream! Andr�
-
Hi guys, I'm trying to print a tiff format image, I can print gif formats, but if the image is tiff, it doesnt print, on my researchs I saw that is not so simple as I'd like it to be, so if anyone here has done it before, print tiff images, pls send