ISE 1.2 - MAR cache with PEAP vs EAP Chaining

Does EAP chaining with EAP-FAST v2 and NAM 3.1 present the machine certificate for authentication during each connection to wireless?  It's not still tied to the windows log in event as with PEAP?
I found this article, but would like to see if anyone has experience working with EAP chaining in ISE.
https://tswireless.wordpress.com/2012/09/22/cisco-ise-machine-authentication-cache/

Yes if you set up NAM for EAP-Chaining - Machine and User, and then select EAP-TLS w/cert, nam will send both when a user logs in. When the machine is booting only the machine identity will be sent (because we don't know the users identity before they have attempted to log in).

Similar Messages

  • ISE MAR cache 2-node deployment

    I understand the Pros and Cons described in this document:
    http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116516-problemsolution-technology-00.html
    And I'm OK with getting people to reboot their machine while connected wirelessly to trigger host authentications on Windows machines.
    My issue is related to the 2-node ISE deployment (I'm running 1.2):
    It appears that MAR cache is not synchronized between the ISE nodes (Primary and Secondary).
    For example, a user reboots his machine, and host authentication is answered by the Primary ISE, and user authentication is subsequently succeeds.
    Subsequent user authentication requests, if they are answered by the Secondary ISE will fail, because Secondary ISE node does not have a corresponding host record in its MAR cache - only Primary ISE does.
    Can someone confirm if this behavior is expected?  If I can't get the Secondary ISE node to mirror MAR host entries, I'm going to have a LOT of failures, and a lot of user problems?  Is there even a workaround for this?

    Yes, it is called EAP-Chaining, and all the shortcomings of MAR are resolved by this.

  • ISE MAR cache

    Does anybody know what's going to happen if one changes the MAR cache timeout/aging setting found under Identity Management > External Identity Sources > Active Directory > Advanced Settings? Are the current cache entries going to get cleared or are they going to stay? Is there a way to actually see these entries somewhere (per PSN), and can one selectively delete them?
    Depending on the answer to these questions, I have to make the aging timeout change during a maintenance window on the customer's infrastructure. Using ISE 1.2, patch 6.
    Oh, and another question: Are there any drawbacks (e.g. cache size or security issues, other constraints) that would suggest to not increase the default aging timeout to a value of a full week or even more?
    Thanks
    Toni

    Hi Toni,
    Machine Access Restriction for Active Directory User Authorization
    Cisco ISE contains a Machine Access Restriction (MAR) component that provides an additional means of controlling authorization for Microsoft Active Directory-authentication users. This form of authorization is based on the machine authentication of the computer used to access the Cisco ISE network. For every successful machine authentication, Cisco ISE caches the value that was received in the RADIUS Calling-Station-ID attribute (attribute 31) as evidence of a successful machine authentication.
    Cisco ISE retains each Calling-Station-ID attribute value in cache until the number of hours that was configured in the “Time to Live” parameter in the Active Directory Settings page expires. Once the parameter has expired, Cisco ISE deletes it from its cache.
    When a user authenticates from an end-user client, Cisco ISE searches the cache for a Calling-Station-ID value from successful machine authentications for the Calling-Station-ID value that was received in the user authentication request. If Cisco ISE finds a matching user-authentication Calling-Station-ID value in the cache, this affects how Cisco ISE assigns permissions for the user that requests authentication in the following ways:
    If the Calling-Station-ID value matches one found in the Cisco ISE cache, then the authorization profile for a successful authorization is assigned.
    If the Calling-Station-ID value is not found to match one in the Cisco ISE cache, then the authorization profile for a successful user authentication without machine authentication is assigned.
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_authz_polprfls.html
    HTH
    Sandy

  • Cisco ISE 1.2 Patch 8 with Roaming User Profiles

    ISE 1.2 with patch 8 has been installed and Works fine.
    Using AnyConnect Secure Mobility Client (NAM) 3.1.04072 and Cisco NAC Agent version 4.9.1013
    Scenario is EAP Chaining which does machine authentication + User Authentication
    After NAC Agent Pops up and Posture Assessment is successful, Users cannot see their Home drives and few other Network Drives.
    Sometimes during login we get the Error Message "User Profile cannot be loaded" and "User cannot Logon"
    Also while logging off We get the screen "Your Roaming Profile was not synchronized"
    All the Home Drives and Network Shared drives IP addresses are already added in the Downloadable ACL's.
    Any other Workaround to overcome these errors.
    Regards,
    Ramkumar.B

    This is that i did abviously... but the two PSN stay in status "Node down", the application service won't start correctly with these ADE-OS logs entries :
    2014-05-28T10:26:30.023223+00:00 XXXXXXX  logger: info:[application:operation:appservercontrol.sh] Starting ISE Application Server...
    2014-05-28T10:26:30.311676+00:00 XXXXXXX  logger: Loading PKCS11 ...
    2014-05-28T10:26:30.978432+00:00 XXXXXXX  logger: SLF4J: Class path contains multiple SLF4J bindings.
    2014-05-28T10:26:30.978454+00:00 XXXXXXX  logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/slf4j-log4j12-1.5.8.jar!/org/slf4j/im
    pl/StaticLoggerBinder.class]
    2014-05-28T10:26:30.978502+00:00 XXXXXXX  logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/com.cisco.xmp.osgi.slf4j-log4j12-1.5.
    8.PATCHED.jar!/org/slf4j/impl/StaticLoggerBinder.class]
    2014-05-28T10:26:30.978509+00:00 XXXXXXX  logger: SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
    2014-05-28T10:26:31.638970+00:00 XXXXXXX  logger: log4j:WARN No appenders could be found for logger (com.cisco.epm.config.cache.impl.ConfigCacheImpl).
    2014-05-28T10:26:31.638992+00:00 XXXXXXX logger: log4j:WARN Please initialize the log4j system properly.

  • Machine Authentication with PEAP on Wireless with ISE1.2

    Hi All,
    We are facing issues while doing machine authentication in ISE1.2 with wireless PEAP authentication. Without machine authentication normal PEAP works very fine but as soon as we enable machine authentication and create policy for machine authentication and in user authentication policy we put condition "was machine authenticated" then it works for some machine properly but does not work for other machines. Its totally random behaviour sometime it stopped working for machines which were authenticated before.
    I just want to know if I m missing some configuration or its a bug in ISE. Can some body share step by step configuration for machine authentication with PEAP.
    Really It would be a great help.
    Thanks
    Ninja

    Did you Apply service pactch 4?
    Sent from Cisco Technical Support iPhone App

  • ISE 1.2.0 - Issue with Posture

    Hi Experts,
    I installed ISE 1.2.0.899 Patch 3. While testing, we found the below.
    1) Authentication Suceeded
    2) Redirection to NAC Agent Page is happening
    3) NAC Version 4.9.4.3 (latest) is getting downloaded.
    4) Status in ISE is shown as 'Pending' and stays the same.
    Even i tried changing the NAC agent version to 4.9.0.42. But stuck in Pending status only.
    Is there any solution for this..? do i need to apply patch or version..?
    Thanks in advance.

    Instructions for Upgrading to Cisco ISE, Release 1.2.1
    You can upgrade to Cisco ISE, Release 1.2.1 directly from any of the following releases:
    Cisco ISE, Release 1.1.0.665 with patch 5 or later
    Cisco ISE, Release 1.1.1.268 with patch 7 or later
    Cisco ISE, Release 1.1.2 with patch 10 or later
    Cisco ISE, Release 1.1.3 with patch 11 or later
    Cisco ISE, Release 1.1.4 with patch 11 or later
    Cisco ISE, Release 1.2.0.899 with patch 8 or later
    The process for upgrading to Release 1.2.1 is the same as upgrading to Release 1.2. The system reboots twice when you upgrade from Release 1.1.x to 1.2.1 because it involves a 32-bit to 64-bit system upgrade, but only once when you upgrade from Release 1.2.x to 1.2.1 because Release 1.2 is a 64-bit system.
    The application upgrade command is enhanced and includes the cleanup, prepare, and proceed options. You can use:
    Cleanup—To clean a previously prepared upgrade bundle on a node locally. You can use this option if:
    The application upgrade prepare command was interrupted for some reason
    The application upgrade prepare command was run with an incorrect upgrade bundle
    The upgrade failed for some reason
    Prepare—To download and extract an upgrade bundle locally. You can use this command followed by the application upgrade proceed command.
    Proceed—To upgrade Cisco ISE using the upgrade bundle you extracted with the prepare option. You can use this option after preparing an upgrade bundle instead of using the application upgrade ise-upgradebundle-1.2-to-1.2.1.xxx.i386.tar.gz remote-repository command.
    If upgrade is successful, this option removes the upgrade bundle.
    If upgrade fails for any reason, this option retains the upgrade bundle.
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/upgrade_guide/b_ise_upgrade_guide/b_ise_upgrade_guide_chapter_01.html#reference_4FF9C8C761A0456E8A94A7B307A603F5

  • Having a problem with PEAP and Cisco 2960 Switch

    Hi All,
        I am attempting to use PEAP with a LDAP backend on FreeRadius witht he MS Supplicant.  I have it all working, in debug on the Radius server I see it sending all the information, the tunnel, medium etc. but with PEAP the Cisco switch is not changing VLANS.  If I install the Cisco or Juniper client it works just fine if I use eap-mschapv2 but peap-mschapv2 does not switch the port to the right vlan.  Is there something extra on the switch I need to do to allows PEAP or is there something on the FreeRadius? 
        The only difference between the PEAP and EAP versions that I can tell is that the PEAP authenticates ands the information is sent once(according to the debug on the Radius server) where as with the EAP the connection information is sent several times, that is I will see the Tunnell and medium info sent more then once in the Radius log for just one login.
    Any ideas?

    Thought I mentioned the client in the first post, I am using the 3 different types of clients with a goal of getting the MS client to work.  I am using the Juniper Odyssey client, Cisco CSSC client and the MS built-in client.  I mentioned the EAP-MSChanpV2 because I tested that login so I could compare the Radius output with that of PEAP-MSChapV2.  I did not release logs from the Radius server because it seems to be centered with something on the switch changing Vlans but if you want output I can give that..
    CSSC Client pops out:
    14:25:08.453  Network Connection requested from user  context.
    14:25:08.468  Connection authentication started using the logged in  user's credentials.
    14:25:08.468  Port state transition to  AC_PORT_STATE_CONNECTING(AC_PORT_STATUS_STARTED)
    14:25:08.796  Port state  transition to  AC_PORT_STATE_UNAUTHENTICATED(AC_PORT_STATUS_8021x_FORCED_UNAUTH)
    14:25:09.828   Port state transition to  AC_PORT_STATE_AUTHENTICATING(AC_PORT_STATUS_8021x_ACQUIRED)
    14:25:09.843   Identity has been requested from the network.
    14:25:09.875  Identity has been  sent to the network.
    14:25:09.890  Authentication started using method type  EAP-PEAP, level 0
    14:25:09.890  The server has requested using authentication  type: EAP-PEAP
    14:25:09.890  The client has requested using authentication  type:  EAP-PEAP
    14:25:09.968  Profile does not require server  validation.
    14:25:10.031  Identity has been requested from the  network.
    14:25:10.031  Identity has been sent to the  network.
    14:25:10.046  Authentication started using method type  EAP-MSCHAP-V2, level 1
    14:25:10.046  The server has requested using  authentication type: EAP-MSCHAP-V2
    14:25:10.046  The client has requested  using authentication type:  EAP-MSCHAP-V2
    14:25:10.078  Port state transition  to AC_PORT_STATE_AUTHENTICATED(AC_PORT_STATUS_EAP_SUCCESS)
    14:25:10.078  The  authentication process has succeeded.
    *************************Raidus Ouptut for PEAP:**************************
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.7 seconds.
    Waking up in 0.7 seconds.
    Waking up in 0.1 seconds.
    Waking up in 3.7 seconds.
    Waking up in 0.1 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for anonymous
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    rlm_ldap: object not found or got ambiguous search result
    [ldap] search failed
    rlm_ldap: ldap_release_conn: Release Id: 0
    [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
    Waking up in 0.9 seconds.
    Waking up in 0.9 seconds.
    Waking up in 0.9 seconds.
    Waking up in 0.8 seconds.
    Waking up in 0.8 seconds.
    Waking up in 0.8 seconds.
    [ldap] performing user authorization for RadiusUser
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.8 seconds.
    [ldap] performing user authorization for RadiusUser
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.8 seconds.
    [ldap] performing user authorization for RadiusUser
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.8 seconds.
    Waking up in 0.7 seconds.
    Waking up in 3.7 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    Ready to process requests.
    **************************Radius ouput for EAP******************************
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.7 seconds.
    Waking up in 0.7 seconds.
    Waking up in 0.1 seconds.
    Waking up in 3.7 seconds.
    Waking up in 0.1 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    Waking up in 3.9 seconds.
    Ready to process requests.
    Hope that Helps.

  • ISE EAP-Chaining with machine, certificate and domain credentials

    Good morning,
    A customer wants to do the following for their corporate wireless users (all clients will be customer assets):
    Corp. wireless to authenticate with 2-factor authentication:
    •1. Certificate
    •2. Machine auth thru AD
    •3. Domain creds
    When client authenticates, they want to match on 2 out of the 3 conditions before allowing access.
    Clients are Windows laptops and corporate iPhones.
    Certs can be issued thru GPO and MDM for iPhones
    Client supplicant on laptops is native Windows - which I understand is a compatibility issue from this thread: https://supportforums.cisco.com/thread/2185627
    My first question is: can this be done?
    Second question: how would i implement this from an AuthC/AuthZ perspective?
    Thanks in advance,
    Andrew

    You can do this configuring anyconnect with NAM modules on endpoints! But I don't make sense configure some clients with certificate and others with domains credentials...
    For your information, I'm actually configuring EAP-Chaining on ISE 1.2 and i'm gotting some problems. The first one I got with windows 8, for some reason windows was sending wrong information about the machine password but I solved the problem installing a KB on windows 8 machines (http://support.microsoft.com/kb/2743127/en-us). The second one I got with windows 7 that are sending information correctly about domain but wrong information about user credentials, on ISE logs I can see that windows 7 are sending user "anonymous" + machine name on the first longin... after windows 7 start if I remove the cable and connect again the authentication and authorization happen correctly. I still invastigate the root cause and if there is a KB to solve the problem as I did with windows 8.
    Good luck and keep in touch.
    http://support.microsoft.com/kb/2743127/en-us

  • Using a partitionned cache with off-heap storage for backup data

    Hi,
    Is it possible to define a partitionned cache (with data into the heap) with off-heap storage for backup data ?
    I think it could be worthwhile to do so, as backup data are associated with a different access pattern.
    If so, what are the impacts of such off-heap storage for backup data ?
    Particularly, what are the impacts on performance ?
    Thanks.
    Regards,
    Dominique

    Hi,
    It seems what using scheme for backup-store is broken in latest version of Coherence, I've got an exception using your setup.
    2010-07-24 12:21:16.562/7.969 Oracle Coherence GE 3.6.0.0 <Error> (thread=DistributedCache, member=1): java.lang.NullPointerException
         at com.tangosol.net.DefaultConfigurableCacheFactory.findSchemeMapping(DefaultConfigurableCacheFactory.java:466)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$Storage$BackingManager.isPartitioned(PartitionedCache.java:10)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$Storage.instantiateBackupMap(PartitionedCache.java:24)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$Storage.setCacheName(PartitionedCache.java:29)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$ServiceConfig$ConfigListener.entryInserted(PartitionedCache.java:17)
         at com.tangosol.util.MapEvent.dispatch(MapEvent.java:266)
         at com.tangosol.util.MapEvent.dispatch(MapEvent.java:226)
         at com.tangosol.util.MapListenerSupport.fireEvent(MapListenerSupport.java:556)
         at com.tangosol.util.ObservableHashMap.dispatchEvent(ObservableHashMap.java:229)
         at com.tangosol.util.ObservableHashMap$Entry.onAdd(ObservableHashMap.java:270)
         at com.tangosol.util.SafeHashMap.put(SafeHashMap.java:244)
         at com.tangosol.coherence.component.util.ServiceConfig$Map.put(ServiceConfig.java:43)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$StorageIdRequest.onReceived(PartitionedCache.java:45)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.onMessage(Grid.java:11)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.onNotify(Grid.java:33)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.PartitionedService.onNotify(PartitionedService.java:3)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache.onNotify(PartitionedCache.java:3)
         at com.tangosol.coherence.component.util.Daemon.run(Daemon.java:42)
         at java.lang.Thread.run(Thread.java:619)Tracing in debuger has shown what problem is in PartitionedCache$Storage#setCacheName(String) method, it calls instantiateBackingMap(String) before setting __m_CacheName field.
    It is broken in 3.6.0b17229
    PS using asynchronous wrapper around disk based backup storage should reduce performance impact

  • Create and schedule iBot to seed cache with  the saved query

    Hi all,
    May I know how to Create and schedule i Bot to seed cache with the saved query((iBot to run right a daily load to reseed the cache)

    Here is the documentation:
    10g
    http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b31767.pdf
    11g
    http://download.oracle.com/docs/cd/E21764_01/bi.1111/e10544/delivers.htm#i1060405

  • EAP Chaining with Machine TLS and User PEAP

    We are deploying an ISE based .1x. The design is to use eap-tls for machine and eap-peap for user. Apparently EAP-Chaining is recommended, but can anyone confirm if we can do chaining based on machine TLS and user PEAP. I have done some investigation and could not find any supporting document, but not any document saying not supporting either. Looking at Anyconnect profile editor, it does not look like this configuration is supported. Has anyone done this before?
    Thanks a lot.

    http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf
    Just change the authentication policy to allow the methods you want to use under eap-fast (eap-chaining) and use the same ones in your nam client configuration settings.

  • [WLAN] Use 802.1x with PEAP without Certificates?

    Hello there,
    is it possible to use 802.1x with PEAP authentication via MS-CHAPv2 without cheking for the servers certificate? I can't find an option to disable it

    On whitch device? You can set the autorithy certifacte to none or choose one from the list.
    ‡Thank you for hitting the Blue/Green Star button‡
    N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009

  • Error when populating cache with data.

    Hi,
    I am new to Oracle coherence. I was just following the examples at the following link:
    http://download.oracle.com/docs/cd/E15357_01/coh.360/e15831/toc.htm
    I am stuck at the following chapter:
    5.2 Populating a Cache with Domain Objects
    I am able to run the DataGenerator.java successfully. The contacts.csv file gets created.
    When i run the LoaderExample.java, i get the following output:
    Work: NE
    77596
    Yoyodyne Propulsion Systems, Grover's Mill US
    330 Lectroid Rd.
    Telephone Numbers
    work: +11 927 20 4526527
    home: +11 633 82 6834859
    Birth Date: 1964-01-03
    Exception in thread "main" (Wrapped) java.io.NotSerializableException: com.oracle.handson.ContactId
         at com.tangosol.util.ExternalizableHelper.toBinary(ExternalizableHelper.java:215)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.PartitionedService$ConverterKeyToBinary.convert(PartitionedService.CDB:29)
         at com.tangosol.util.ConverterCollections$AbstractConverterEntry.getKey(ConverterCollections.java:3387)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.PartitionedService.splitEntriesByOwner(PartitionedService.CDB:17)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$BinaryMap.ensureRequestTarget(PartitionedCache.CDB:18)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$BinaryMap.putAll(PartitionedCache.CDB:34)
         at com.tangosol.util.ConverterCollections$ConverterMap.putAll(ConverterCollections.java:1607)
         at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$ViewMap.putAll(PartitionedCache.CDB:1)
         at com.tangosol.coherence.component.util.SafeNamedCache.putAll(SafeNamedCache.CDB:1)
         at com.oracle.handson.LoaderExample.load(LoaderExample.java:105)
         at com.oracle.handson.LoaderExample.main(LoaderExample.java:37)
    Caused by: java.io.NotSerializableException: com.oracle.handson.ContactId
         at java.io.ObjectOutputStream.writeObject0(Unknown Source)
         at java.io.ObjectOutputStream.writeObject(Unknown Source)
         at com.tangosol.util.ExternalizableHelper.writeSerializable(ExternalizableHelper.java:2216)
         at com.tangosol.util.ExternalizableHelper.writeObjectInternal(ExternalizableHelper.java:2664)
         at com.tangosol.util.ExternalizableHelper.serializeInternal(ExternalizableHelper.java:2564)
         at com.tangosol.util.ExternalizableHelper.toBinary(ExternalizableHelper.java:211)
         ... 10 more
    2010-11-15 16:20:04.741/4.812 Oracle Coherence GE 3.6.0.0 <D4> (thread=ShutdownHook, member=4): ShutdownHook: stopping cluster node
    2010-11-15 16:20:04.772/4.843 Oracle Coherence GE 3.6.0.0 <D5> (thread=DistributedCache, member=4): Service DistributedCache left the cluster
    Can anyone please help me as to why i am getting this error?
    I am unable to move forward to the next example due to this error.
    Any ideas would be of great help.
    Thanks

    Can you post the code for the ContactId class? I suspect you have forgotten to implement one of the PortableObject, Serializable, Externalizable, or ExternalizableLite interfaces. If that isn't it are you telling Coherence to use POF?
    -Dtangosol.pof.enabled=true -Dtangosol.pof.config=pof-config.xmlEdited by: Willy Myers on 15-Nov-2010 04:02

  • Distributed cache with a backing-map as another distributed cache

    Hi All,
    Is it possible to create a distributed cache with a backing-map-schem with another distributed cache with local-storage disabled ?
    Please let me know how to configure this type of cache.
    regards
    S

    Hi Cameron,
    I am trying to create a distributed-schem with a backing-map schem. is it possible to configure another distributed queue as a backing map scheme for a cache.
    <distributed-scheme>
         <scheme-name>MyDistCache-2</scheme-name>
         <service-name> MyDistCacheService-2</service-name>
         <backing-map-scheme>
                   <external-scheme>
                        <scheme-name>MyDistCache-3</scheme-name>
                   </external-scheme>
         </backing-map-scheme>
    </distributed-scheme>
         <distributed-scheme>
              <scheme-name>MyDistCache-3</scheme-name>
              <service-name> MyDistBackCacheService-3</service-name>
              <local-storage>false</local-storage>
         </distributed-scheme>
    Please correct my understanding.
    Regards
    Srini

  • My MacBook uses Mac OS X Version 10.6.8. I am unable to access some websites, such as Facebllk, Gooogle, etc, but I can access other websites such as MSN, Amazon. I have emptied the Safari cache with no change. Appreciate any help.

    My MacBook uses Mac OS X Version 10.6.8. I am unable to access some websites, such as Facebook and Google, but I can access other sites such as MSN and Amazon.  I have emptied the Safari cache with no change.  Appreciate any help in solving this problem.

    My MacBook uses Mac OS X Version 10.6.8. I am unable to access some websites, such as Facebook and Google, but I can access other sites such as MSN and Amazon.  I have emptied the Safari cache with no change.  Appreciate any help in solving this problem.

Maybe you are looking for

  • Jabber and MOC or Lync through OWA

    Does anyone know if the new Ciso Jabber client will be able to share IM and presence information with Microsoft MOC/Lync users that are accessing MOC/Lync through OWA (outlook web Access)? It has been stated that it will work with the clients but I h

  • Too many locks

    Hello everyone, We are using Berkeley DB Java Edition with our heavily-multithreaded application. Transactions have been enabled on the database. While the system is busy, we occasionally face an orgy of LockTimeoutException, which can be resolved on

  • Can't get newest MBA to work with DVI KVM

    I have the Belkin F1DD10XL DVI kvm switch with the new MBA 13" with OS 10.9 I can't get the KVM to show the mac screen. I have a mini display port to hdmi adaptor that is connected to the mac. The adaptor is connected to the kvm using a hdmi to dvi c

  • HT1926 service'apple mobile device'(apple mobile device)failed to start

    service'apple mobile device'(apple mobile device)failed to start.verify that you have sufficient privlages to start system services...

  • Screen Muncher Error Message

    Hello! This is my first post, hope you could help me. So, when I downloaded Screen Muncher, an error message showed up (Error starting ScreenMuncher: Class 'net.rim.device.api.ui.Virtual Keyboard' not found.) I have BlackBerry Bold 9000. I looked for