IronPort WSA S170 and Context directory agent

Hello people and experts,
I need your consultation regarding IronPort and CDA deployment.
I couldn't find any information in internet...
So my question is - if IronPort is AD domain member and Explicit forward proxy is planned to be used. Do I need CDA to be deployed? What will happen if I don't want to deploy CDA in my environment?
As I understood CDA is useful when IronPort works as Transparent Proxy or if IronPort is not a member of the same domaiin as users.
Please advise.

The CDA eliminates the need for NTLM authentication.  Once a user logs onto their computer in the morning and authenticates to the domain, the CDA will have received a successful audit event/log that informs it that user X is signed on to IP address X.  When the WSA needs to find out who is on this IP address, instead of using NTLM to challenge the client machine, it will ask the CDA who signed on this particular IP address.  Once it gets the user name, the WSA will proceed as usual and query the AD to determine the group membership of that particular user.

Similar Messages

  • Context Directory Agent ipv4 and ipv6 mappings

    I have the context directory agent 1.0 patch 2 installed and running.  It works good mostly.  We have a duel stack running ipv6 and ipv4 on our workstations.  They connect to the AD with ipv6, so the mapping is for ipv6.  Is there a way to get the ipv4 mappings?
    We need to map both addresses for the Web Filtering on the CX.

    Same question.

  • Need of Context Directory Agent

    Hi all
    I downloaded from CCO CDA (Cisco Directory Agent - filename is AD_Agent-v1.0.0.32.1-build-598.Installer.zip) and installed it. The goal is to authenticate users of WSA using Windows Server 2003 Active Directory.
    During deployement I discovered CDA supports until W2008R2 AD servers. Because customer plans to migrate soon AD to Windows Server 2012, I think CDA has to be replaced. 
    Is Cisco Context Directory Agent the right replacement? I read it  runs on a separate Virtual Machine, so I need to inform customer we need an additional VM?
    Thanks in advance

    What you downloaded was the old Active Directory Agent. You need to download CDA (Context Directory Agent) and the four patches and install them on a VM. Download link here: https://software.cisco.com/download/release.html?mdfid=282803423&flowid=4949&softwareid=284724387&release=CDA&relind=AVAILABLE&rellifecycle=&reltype=latest

  • Context Directory Agent Path not found

    I am trying to connect Cisco Context Directory Agent to my AD 2012r2 server,
    Went through the setup guide and changed all needed register keys, firewall rules, DOCOM and wmimgmt permissions,
    I got passed the access denied error, but now I am getting a "The system cannot find the path specified. [0x80070003]" error.
    Here is my log.
    wmi-property exception-stack org.jinterop.dcom.core.JIComServer.init(JIComServer.java:580)
    org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:481)
    org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:445)
    com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:42)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:81)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:609)
    dc-hostname maddcr2.xxxxxxx.local/10.1.0.19
    dc-name xxxxx
    exception-cause org.jinterop.dcom.common.JIRuntimeException: The system cannot find the path specified. [0x80070003]
    wmi-class Win32_NTDomain
    exception-message The system cannot find the path specified. [0x80070003]
    wmi-property DomainName
    dc-username _zxxxxx
    Thank you,

    Are you're running CDA 1.1 with Patch 1:
    cda-patchbundle_1.0.0.011-1.i386.tar.gz
    Support for Windows 2012 server was added in patch 1. Enable
    this patch using the command:
    admin# patch install cda-patchbundle_1.0.0.011-1.i386.tar.gz myrepository
    (see step 2a below for setting up a repository)
    Refer :
    http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html#wp1061521  

  • What is the new Cisco Context Directory Agent?

    Hi Everyone.
    I noticed on the ASA software download page the new Content Directory Agent (~800MB).  I could not find any release notes nor other references from a Google search.
    http://www.cisco.com/cisco/software/release.html?mdfid=280582808&softwareid=280775065&release=8.4.4.ED&flowid=4822
    What is it?
    A

    Context Directory Agent is the successor product to AD agent. It provides similar functionality buit comes with Linux distribution and has a GUI based interface. You are right that at the link you gave there is no documentation posted. Will need to dig around
    The release notes for the AD Agent product are at: http://www.cisco.com/en/US/docs/security/ibf/release_notes/ibf10_rn.html

  • Context Directory Agent server 2012R2

    Hi,
    Win server 2012R2 is not offically on the supported list for Contex Directory Agent ( CDA  ) , anyone tested this setup ?
    I have been following the Installation guide for 2012 : http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html but I the server stays red in the CDA gui. No error messages in the log though. 
    CDA is patch1 and CDA user is within the Domain Admin group and necessary priv changes according to the installation document is in place ( registry key ownership etc,) , firewall on the server has been temporarily disabled.
    Just wanted to see if there is anyone who got the combination CDA/2012R2 running and/or when there will be an official patch to CDA to add 2012R2 support.

    I opened a case and they refer me to bug CSCun10631.
    (CDA doesn't support 2012R2).
    the good news is that a new patch (3) should be release this month (July) and will include support.

  • Context Directory Agent maps the Active Directory Anti-Virus user

    Hi,
    Today I was able to join a couple of CDA's to our Active Directory domain (2008 R2 DC's) using a non-privileged account and the CDA maps (most) users to IP addresses.
    I would like to use the CDA solely for building up firewall policies based on AD details whenever possible
    as maintaining granular firewall policies on 8 different ASA's is too time consuming as we are not a large IT organization.
    But, after deploying the first "AD Group" based rule, it turned out, that the AD user-account mapped to the IP address of my PC was actually a domain user, running the local anti-virus engine, and not my own.
    It makes total sense that the the anti-virus user is logged on to the PC before any user, so it can do "its thing",
    but my own user-account is never mapped. 
    CDA was able to map certain users to an IP address, even though the anti-virus user is actually logged on to the PC before them.
    Has anyone deployed Identity Based Firewalling and experienced something which resembles this scenario and were you able to do any workarounds?
    I looked into filtering out the logon events (for the Sophos user-account) from the Windows Security logs,
    so the CDA will not be able to map these, but it seems a bit far fetched, and would probably violate a security policy or two :)
    Cheers, Søren Elleby Sørensen

    I opened a case and they refer me to bug CSCun10631.
    (CDA doesn't support 2012R2).
    the good news is that a new patch (3) should be release this month (July) and will include support.

  • Cisco Context Directory Agent - Windows logs - Forwarded events

    Hello,
    I have a setup testing with Cisco ASA, Cisco CDA and MS 2012 R2. All this works fine. Only problem I encountered is that I want to read the forwarded events on the AD LDS server instead of the security events.
    So in small words is it possible to connect CDA agent with wmi to forwarded events instead of security logs?
    Is this possible?
    Thanks,
    Mark Post

    Hi,
    I applied the solutions mentioned above, but now i get the below error. Domain still shows as down.
    wmi-property
    exception-stack
    org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:158)
    org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:181)
    org.jinterop.dcom.core.JISession.releaseRef(JISession.java:805)
    org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:777)
    com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:40)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:83)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:599)
    dc-hostname
    dc-name
    exception-cause
    java.net.ConnectException:       Connection timed out
    wmi-class
    Win32_NTDomain
    exception-message
    An internal   error     occurred. [0x8001FFFF]
    wmi-property
    DomainName
    dc-username
    Any Idea on the error?
    Thanks.

  • One Microsoft Server 2003 R2 (small business server) doesn't connect to Context Directory Agent

    I have 2 DC's and I'm trying to get the cda to connect to both dc's.  Both are 2003 R2 but the one I'm having trouble with is Small Business Server.  I've double checked security settings and firewalls, but I'm still receiving the error on one server only. 
    All help is appreciated.
    The error I'm getting is:
    Log attributes
    wmi-property
    exception-stack
    org.jinterop.dcom.core.JIComServer.init(JIComServer.java:576)
    org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:481)
    org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:445)
    com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:42)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:81)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:169)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:201)
    com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:605)
    dc-hostname
    email.houstonarmature.local/192.168.1.1
    dc-name
    Email
    exception-cause
    java.io.IOException: Socket Closed
    wmi-class
    Win32_NTDomain
    exception-message
    An internal error occurred. [0x8001FFFF]
    wmi-property
    DomainName
    dc-username
    hawadmin

    Hi Toby,
    Just an addition. Did you use an administrator account to logon the RWA and then connect to the remote computer?
    Did encounter the same issue?
    Meanwhile, please refer to following threads and check if can help you.
    RD
    Gateway - Unable to connect via IP (Netbios, FQDN work fine)
    If any update, please feel free to let me know.
    Hope this helps.
    Best regards,
    Justin Gu

  • Context Directory Agent VM Requirements

    The CDA installation guide has a few undocumented issues around the vmware requirements. I have ran into issues that are documented on the forums such as the scsi controller and the nic settings.
    here is a thread of the lsi controller that must be selected for the CDA installation to run -
    https://supportforums.cisco.com/thread/2235247
    Also the nic adapter is not detected if I choose to use anything other than flexible. Is this a bug in CDA?
    Thanks,
    Tarik Admani
    *Please rate helpful posts*       

    Ken,
    Thanks for your help. My customer has other nics that they build their virtual machines and it was a little challenging in understanding if the flexbile adapter must be selected since the documentation only covers the OS used for the install.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • How to turn on a WSA S170 built in FTP server ?

    Dear support forum members,
    I configured Cisco WSA S170 and forgot to turn on the WSA built in FTP server.
    I found it when I tried to access WSA logs from Web GUI. May be it is already turned on by default, but  WSA blocks access to it.
    Could you advise me, how to turn FTP server on or allow access to it from Web GUI or CLI.
    I could not find any information about it in documentation.
    Thanks in advance!
    Best regards,
    Alexander.
    P.S. Sorry for my English

    Hi,
    Try the "ifconfig" command. When you select the interface and click on edit, it should ask you:
    Do you want to enable FTP on this interface? [Y]> 
    Do you want to enable SSH on this interface? [Y]>
    Which port do you want to use for SSH?
    [22]>...
    Regards,
    Kush

  • ACE working with IronPort WSA server farm

    We have an ACE load balancing a group of Ironport WSA. The WSA are working with the feature IP Spoofing, then the request to WWW has the source ip address of the WSA client and not the WSA itself.
    We follow the documento behind, but it is not working. When the packet coming from Internet having the destination address the WSA client address, the ACE can not delivery the packet even with the mac-sticky configured.
    I read in other forum that ACE needs to have in its arp table or route table the destination IP address for being able to deal with the packet by the encapid.
    But we don't have this entry in the arp table.
    When we configure the WSA with IP spoofing and the source ip address is the WSA itself the configuration works fine.
    Some have this kind of problem in some ocasion?
    Thank you,
    Everaldo

    Hi Jorge,
    The behavior is when we have IP Spoofing configured in the WSAs, the connection is not established. The ACE establishes the connection with the client but the connection with Internet is not established. I captured the packets that arrive in the ACE coming from Internet and I see SYN packets with source address as a public IP (Google) and the destination address as the internal client IP address with no ACK just RST.
    With no IP Spoofing, meaning that the ip source address is tha WSA the connection is established with no RST.
    Follow the output the commands:
    show service-policy WSA-VIPS class-map WSA_VIP_TCP_3128 detail
    Status     : ACTIVE
    Description: -----------------------------------------
    Interface: vlan 304
      service-policy: WSA-VIPS
        class: WSA_VIP_TCP_3128
         VIP Address:                              Protocol:  Port:
         10.10.193.25                              tcp    eq   3128
          loadbalance:
            L7 loadbalance policy: WSA-POLICY
            VIP Route Metric     : 77
            VIP Route Advertise  : ENABLED-WHEN-ACTIVE
            VIP ICMP Reply       : ENABLED-WHEN-ACTIVE
            VIP State: INSERVICE
            VIP DWS state: DWS_DISABLED
            Persistence Rebalance: DISABLED
            curr conns       : 3         , hit count        : 1260
            dropped conns    : 4
            conns per second    : 0
            client pkt count : 19271     , client byte count: 2326106
            server pkt count : 26140     , server byte count: 16572023
            conn-rate-limit      : 0         , drop-count : 0
            bandwidth-rate-limit : 0         , drop-count : 0
            L7 Loadbalance policy : WSA-POLICY
              class/match : class-default
                LB action :
                   primary serverfarm: WSA_FARM
                        state: UP
                    backup serverfarm : -
                hit count        : 1260
                dropped conns    : 0
                compression      : off
          compression:
            bytes_in  : 0                          bytes_out : 0
            Compression ratio : 0.00%
                    Gzip: 0               Deflate: 0
          compression errors:
            User-Agent  : 0               Accept-Encoding    : 0
            Content size: 0               Content type       : 0
            Not HTTP 1.1: 0               HTTP response error: 0
            Others      : 0
    switch/WSA# show probe WSA_TCP_3128
    probe       : WSA_TCP_3128
    type        : TCP
    state       : ACTIVE
       port      : 3128         address   : 0.0.0.0
       addr type : -            interval  : 5       pass intvl  : 10
       pass count: 3            fail count: 30      recv timeout: 10
                    ------------------ probe results ------------------
       associations     ip-address         port porttype probes failed passed health
       ------------ ----------------------+----+--------+------+------+------+------
       serverfarm  : WSA_FARM
         real      : WSA-01[0]
         real      : WSA-02[0]
                              10.10.193.37 3128 PROBE   15076  72     15004  SUCCESS
         real      : WSA-03[0]
         real      : WSA-04[0]
         real      : WSA-05[0]
         real      : WSA-06[0]
         real      : WSA-07[0]
         real      : WSA-08[0]
         real      : WSA-09[0]
         real      : WSA-10[0]
    switch/WSA# show probe WSA_TCP_3128 detail
    probe       : WSA_TCP_3128
    type        : TCP
    state       : ACTIVE
    description :
       port      : 3128         address   : 0.0.0.0
       addr type : -            interval  : 5       pass intvl  : 10
       pass count: 3            fail count: 30      recv timeout: 10
       conn termination : FORCED
       expect offset    : 0         , open timeout     : 3
       expect regex     : -
       send data        : -
                    ------------------ probe results ------------------
       associations     ip-address         port porttype probes failed passed health
       ------------ ----------------------+----+--------+------+------+------+------
       serverfarm  : WSA_FARM
         real      : WSA-01[0]
         real      : WSA-02[0]
                              10.10.193.37 3128 PROBE   15088  72     15016  SUCCESS
       Socket state        : CLOSED
       No. Passed states   : 2         No. Failed states : 1
       No. Probes skipped  : 0         Last status code  : 0
       No. Out of Sockets  : 0         No. Internal error: 0
       Last disconnect err :  -
       Last probe time     : Mon Sep  3 21:06:47 2012
       Last fail time      : Mon Sep  3 20:45:05 2012
       Last active time    : Mon Sep  3 20:45:57 2012
         real      : WSA-03[0]
         real      : WSA-04[0]
         real      : WSA-05[0]
         real      : WSA-06[0]
         real      : WSA-07[0]
         real      : WSA-08[0]
         real      : WSA-09[0]
         real      : WSA-10[0]
    Thank you,
    Everaldo

  • Ironport WSA AV scanning

    Hi Everynone.
    Is there any information about maximum filesize that is scanned with antivirus engine in S170 and S370 ?
    At the moment I compare WSA with other vendors. Some competitors claim that Ironport does not scan all downloaded objects. It only scans obcjects which were downloaded from sites with poor reputation. Even "good" sites can be infected and such approach can create security hole. Some vendors have dedicated hardware where all objects are scanned.
    I also found an information  that WSA can work in two modes : Maximum protection and High Performance
    I wonder, what is the impact on a performance when WSA works in High Performance mode? Do anyone have any experience on that field (what is the latency, user experience) ?
    Best Regards,
    Piotr

    The maximum scannable file size is 32mb by default.
    I have not heard of a Maximum Protection/High Performance mode.  But it is true that the WSA only scans objects from netural/poor rated websites.  Your concern about good rated websites containing malware is valid.  But this is configurable.  Obviously it will increase overhead due to the increased scanning of course.

  • Looking for successful auth debug between cisco 1113 acs 4.2 and Active Directory

    Hello,
    Does anyone have a successful authentication debug using cisco 1113 acs 4.2 and Active Directory?  I'm not having success in setting this up and would like to see what a successful authentication debug looks.  Below is my current situation:
    Oct  6 13:52:23: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:23: TPLUS: processing authentication start request id 444
    Oct  6 13:52:23: TPLUS: Authentication start packet created for 444()
    Oct  6 13:52:23: TPLUS: Using server 110.34.5.143
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: socket event 2
    Oct  6 13:52:23: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Oct  6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 26 (0x1A)
    Oct  6 13:52:23: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
    Oct  6 13:52:23: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
    Oct  6 13:52:23: T+: user: 
    Oct  6 13:52:23: T+: port:  tty515
    Oct  6 13:52:23: T+: rem_addr:  10.10.10.10
    Oct  6 13:52:23: T+: data: 
    Oct  6 13:52:23: T+: End Packet
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: Would block while reading
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: read entire 28 bytes response
    Oct  6 13:52:23: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Oct  6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:23: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
    Oct  6 13:52:23: T+: msg:  Username:
    Oct  6 13:52:23: T+: data: 
    Oct  6 13:52:23: T+: End Packet
    Oct  6 13:52:23: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:23: TPLUS: Received authen response status GET_USER (7)
    Oct  6 13:52:30: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:30: TPLUS: processing authentication continue request id 444
    Oct  6 13:52:30: TPLUS: Authentication continue packet generated for 444
    Oct  6 13:52:30: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
    Oct  6 13:52:30: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
    Oct  6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 15 (0xF)
    Oct  6 13:52:30: T+: AUTHEN/CONT msg_len:10 (0xA), data_len:0 (0x0) flags:0x0
    Oct  6 13:52:30: T+: User msg: <elided>
    Oct  6 13:52:30: T+: User data: 
    Oct  6 13:52:30: T+: End Packet
    Oct  6 13:52:30: TPLUS(000001BC)/0/WRITE: wrote entire 27 bytes request
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: read entire 28 bytes response
    Oct  6 13:52:30: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
    Oct  6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:30: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
    Oct  6 13:52:30: T+: msg:  Password:
    Oct  6 13:52:30: T+: data: 
    Oct  6 13:52:30: T+: End Packet
    Oct  6 13:52:30: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:30: TPLUS: Received authen response status GET_PASSWORD (8)
    Oct  6 13:52:37: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:37: TPLUS: processing authentication continue request id 444
    Oct  6 13:52:37: TPLUS: Authentication continue packet generated for 444
    Oct  6 13:52:37: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
    Oct  6 13:52:37: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
    Oct  6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:37: T+: AUTHEN/CONT msg_len:11 (0xB), data_len:0 (0x0) flags:0x0
    Oct  6 13:52:37: T+: User msg: <elided>
    Oct  6 13:52:37: T+: User data: 
    Oct  6 13:52:37: T+: End Packet
    Oct  6 13:52:37: TPLUS(000001BC)/0/WRITE: wrote entire 28 bytes request
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 33bytes data)
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: read entire 45 bytes response
    Oct  6 13:52:37: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
    Oct  6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 33 (0x21)
    Oct  6 13:52:37: T+: AUTHEN/REPLY status:7 flags:0x0 msg_len:27, data_len:0
    Oct  6 13:52:37: T+: msg:  Error during authentication
    Oct  6 13:52:37: T+: data: 
    Oct  6 13:52:37: T+: End Packet
    Oct  6 13:52:37: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:37: TPLUS: Received Authen status error
    Oct  6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: timed out
    Oct  6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: No sock_ctx found while handling request timeout
    Oct  6 13:52:37: TPLUS: Choosing next server 101.34.5.143
    Oct  6 13:52:37: TPLUS(000001BC)/1/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:37: TPLUS(000001BC)/46130160: releasing old socket 0
    Oct  6 13:52:37: TPLUS(000001BC)/1/46130160: Processing the reply packet
    Oct  6 13:52:49: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:49: TPLUS: processing authentication start request id 444
    Oct  6 13:52:49: TPLUS: Authentication start packet created for 444()
    Oct  6 13:52:49: TPLUS: Using server 172.24.5.143
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: socket event 2
    Oct  6 13:52:49: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Oct  6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 26 (0x1A)
    Oct  6 13:52:49: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
    Oct  6 13:52:49: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
    Oct  6 13:52:49: T+: user: 
    Oct  6 13:52:49: T+: port:  tty515
    Oct  6 13:52:49: T+: rem_addr:  10.10.10.10
    Oct  6 13:52:49: T+: data: 
    Oct  6 13:52:49: T+: End Packet
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: Would block while reading
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 43bytes data)
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: read entire 55 bytes response
    Oct  6 13:52:49: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Oct  6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 43 (0x2B)
    Oct  6 13:52:49: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
    Oct  6 13:52:49: T+: msg:   0x0A User Access Verification 0x0A  0x0A Username:
    Oct  6 13:52:49: T+: data: 
    Oct  6 13:52:49: T+: End Packet
    Oct  6 13:52:49: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:49: TPLUS: Received authen response status GET_USER (7)
    The 1113 acs failed reports shows:
    External DB is not operational
    thanks,
    james

    Hi James,
    We get External DB is not operational. Could you confirm if under External Databases > Unknown User           Policy, and verify you have the AD/ Windows database at the top?
    this error means the external server might not correctly configured on ACS external database section.
    Another point is to make sure we have remote agent installed on supported windows server.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289013
    Also provide the Auth logs from the server running remote agent, e.g.:-
    AUTH 10/25/2007 15:21:31 I 0376 1276 External DB [NTAuthenDLL.dll]:
    Attempting Windows authentication for user v-michal
    AUTH 10/25/2007 15:21:31 E 0376 1276 External DB [NTAuthenDLL.dll]: Windows
    authentication FAILED (error 1783L)
    thanks,
    Vinay

  • How to send a multicast request to 239.255.255.253, seeking an SLP Directory Agent (DA)?

    Hi,
    How to send a multicast request to 239.255.255.253, seeking an SLP Directory Agent (DA) in C++?
    Thanks in advance.

    Hi,
    How about your issue now? Is it fixed?
    I think you will get progessional support from other network related forum. Because VC++ forum aims to discuss and ask questions about the Visual C++ IDE, libraries, samples, tools, setup, and Windows programming using MFC and ATL.
    Hope you can understand.
    May
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

Maybe you are looking for

  • Connecting 2nd monitor to powermac g4 for FCP & hd lcd tv as prod. monitor?

    Ok, so I'm starting to become a bit more ambitious in my dv shooting and wanted to accustom myself to a more "professional" set-up. right now I'm working with my powermac g4, 1.42ghz dual processor, superdrive, 1g ram...blah blah blah. I suppose it's

  • Migo is not showing the excise tab - header level and item level

    Hi, i have created one PO with excise and i have created MIGO with only capture excise invoice, in MIGO before saving the document system is showing the excise basic, cess and higher education cess in excise tab, header level as well as item level. A

  • ORA-00911 error creating a view with PL/SQL

    Hello. Working with SQL Developer, I'm trying to write a procedure that creates a view. After a successful compilation, each time I try to execute it I get an ORA-00911 error and I'm not able to find the reason. Here's my code. Thanks in advance.   C

  • String to Stream

    Hi! How do you convert a String to an InputStream? I'm sending more than one XML file in a String through a Socket. I receive an Input Stream and convert it to a String. but i now need this String to be an Input Stream! Andr�

  • Print tiff format

    Hi guys, I'm trying to print a tiff format image, I can print gif formats, but if the image is tiff, it doesnt print, on my researchs I saw that is not so simple as I'd like it to be, so if anyone here has done it before, print tiff images, pls send