ISE deployment with subdomains

Hi Experts,
we have AD Architecture that parent domain and three subdomain as per the region, and ISE Administration/Monitoring Node will be in one subdomain and each region will have its ISE node with policy persona.
looking for guidnace on how the ISE design will be, more precisly whic domain the PSN node will join, to their regional sub-domain?
if yes its supported to have each PSN in their different sub-domain?
Thanks         

You  can palace PSN in regional sub-domain but you need to make sure that  all the regional sub-domain are are able to communicate with each other  with out any DNS and NAT issues.

Similar Messages

  • Cisco ISE deployment with HP Swithes

    Is there any compatibility matrix of cisco ISE with HP access swithes or there is any features restriction on HP access layer. The HP switches do support 802.1x.
    Thanks
    Qasim

    Qasim,
    The only compatibility with network access devices is all related to Cisco gear. It would be best to stick with a full supported solution for the sake of support. In my opinion this will be a nightmare to manage if an issue was to occur.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Cisco ISE Deployment suggestion required

    Require Assistance on Cisco ISE Deployment for below scenario
    -- We have Three Cisco ISE Appliances and Client has taken Advance Subscription License for 500 users
    -- Client has DC & DR and needs to deploy the Cisco ISE in one Main Office which connects to DC & DR on MPLS Links
    -- Client suggestion was to deploy one ISE node ( Admin + M&T + Policy Server ) in DC and its Standby Secondary in DR
         and only deploy Policy Server in Main Office.
         Idea behind the design is that ,
         1) If DC fails , Cisco ISE related logs will get generated on DR and any Cisco ISE related request will be taken care by Local Policy Server in Main Office .
          2) If Local Policy Server Fails , then ISE node in DC will act as Secondary backup and DR will act Teritary Backup
          below is view
                                         DC
                            Primary Node with Role
                       [Admin , M&T , Policy Server]
                                                                                                                 Main Remote Offic
                                                                                                                  Cisco ISE Node ( Only Policy Server) -----------> Network Devices
                                   DR
                           Secondary   Node with Role
                       [Admin , M&T , Policy Server]
    Please let me know is it possible

    Yes, The scenario is quite achievable also please  review the below link for assistance on deployment of ISE.
    http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_50_ise_deployment_tg.pdf
    http://www.cisco.com/en/US/docs/security/ise/1.0/install_guide/ise10_deploy.pdf

  • ISE Deployment - Your Feedback

    Hi,
     I am currently evaluating two NAC systems: ISE and Bradford and I wanted to see if anyone has had the opportunity to see both systems. Although we are a Cisco shop, I am looking for simplicity due to staff shortage. 
     In the event I decide to go with ISE, I would like to hear your personal challenges with the product during the deployment phase and those little things I need to keep in mind to avoid future headaches. 
      Thanks in advance !

    Hello,
    I have one done (not finished) one deployment with 150 clients. And one guy I know is doing a very large scale deployment.
    To me it's very interesting but very challenging. I really under estimated the time it would take. I did this project because my client wanted it. From a technical point of view it's very positive for me, from a financial point of view it's really bad as I've spent a lot of time.
    The client is so far very happy although some implemented features are missing.
    I would recommend to start with Wifi only and once you understand ISE and know how to troubleshoot make Wire to work. I have not tried remote access though.
    Some hints:
    - You're full Cisco or you have other vendors (I'm thinking about IP Phones but the question can also be asked for switches and wlc)
    - You have a PKI or not.
    - You have devices (endpoints) and they are not 802.1X capable. All of us have, but the important is to list them.
    It's also difficult because it involves a lot of components and protocols:
    - Components: The radius server (ISE), the NAS (Switch or WLC), the endpoints (PC, APs, printers), the host (in my case VMWare)
    - Protocols: EAP protocols, Snmp/DHCP for profiling, Wifi etc.
    So I wouldn't see a guy with a little experience in networking dealing with something like this. I was more than familiar with many of these things. And before ISE I also tried Freeradius and made is work with Wifi and Vlan assignement and a LDAP server.
    If by chance I make the whole thing to work I need to give the skills to someone else to do a troubleshooting.
    So this is my experience so far. Some other have much more experience of course.

  • ISE Deployment - Limit on Radius Sources?

    Greetings, 
    I am planning a change to our ISE deployment, and I am curious if there is a limitation to the number of Radius sources that can be added to the running config on the switches and APs.
    The majority of the switches are 2960 series and the APs are 2602 models.   
    Currently, we have two Radius Sources configured as follows:
    aaa group server radius rad_eap
     server X.X.X.X auth-port 1645 acct-port 1646
     server X.X.X.X auth-port 1645 acct-port 1646
    I need to know if I am able to add a third entry to that list, or if there is a hard limitation I am unaware of.
    Thank You.

    ISE questions will probably get more traction in the Security forum.
    That said, the answer is "it depends". It all depends on your design. Is your third server a Policy Services Node or an Inline Posture Node (IPEP)? Either way, one of those would generally be positioned so as to provide profiling, posture and enforcement services working in conjunction with the Admin server(s). If a server is not part of the overall architecture, it will not.
    All new ISE designs should be based on the Cisco-approved High Level Design (HLD) template. If you follow that and develop your Low Level design based on it, many of the typical questions should be answered.
    Hope this helps.

  • Java DC not deployed with WebDynPro DC

    Hi,
    I've been testing the DC functionality and I'm trying to create the following:
    1) WebDynPro DC (DCA)
    2) Java DC (DCB)
    DCB has code for reading data from a database table (three classes, one is set as a public part). This code is functioning ok in another WebDynpro project where I've used it as an external jar file located in the lib directory and added to classpath.
    DCA has a small table in the view that I'm filling (or trying to) with data from the database.
    DCB has one java class as a Public Part. DCA has this PP defined in the Used DC's (DC Metadata --> DC definition --> Used DC's). I can see the DCB code fine from the DCA's view (I can use the methods from the class).
    I see no code errors and everything compiles ok. I've built the DCA and DCB separately (Development Component --> Build) before doing the project build and deployment.
    When I deploy, I'm getting java.lang.NoClassDefFoundError for the DCB class (User.class) when the program starts. So it seems that the DCB is not deployed with the DCA. I've tried to look at the properties and java classpath but nothing I've done has helped.
    Purpose is set to compilation, and there is a
    <at-build-time/>
    tag in the .dcdef file.
    Deployment of normal (no DC) Webdynpro projects works fine and the jars in the lib directory are deployed to the server OK.
    Seems like I've tried everything but have found no solution yet. Refreshed every part, re-created everything, re-built, re-deployed etc...
    Shortly: how to get DCB to deploy ?
    Any help is appreciated here
    Kind Regards,
    Jari Pakarinen

    Hi,
    What is the Java DC for then ? If it cannot be used as a part of another DC (deployable unit) then how should it be used ? What is the use if it does not end up at the server with Webdynpro code ?
    The scenario I'm looking for is to include Java classes in a Webdynpro project as a part of the project (not jars done somewhere else, I can do that already) deployed to the server with the Webdynpro.
    Thank you for your help, I'm not blaming you or anything
    Regards,
    Jari

  • How to use MDS deploying with EAR file

    Hi everybody.
    I would to use MDS in my web application in order to use customization across the sessions. I've performed every step to do this on JDeveloper (11.1.1.3.1). I've tested my application deploying directly from JDeveloper using Application menu > Deploy > "myApp" to "myApplicationServer" (in this way I can choose the repository with a window like this: http://i.stack.imgur.com/Kci9c.png). The repository was prevoiusly registered on the server. In this way my application works fine and they all lived happily ever after.
    My problem occurs when I perform the deployment with "myApp to EAR" mode. When I try to install my EAR file in weblogic, it reply me with this error message:
    An error occurred during activation of changes, please see the log for details.
    +:oracle.mds.config.MDSConfigurationException:MDS-01335: namespace "/xliffBundles" mapped to metadata-store-usage "MAR_TargetRepos" but its definition was not found in MDS configuration.+
    I've looked for a solution around the web (included this forum) and I think that I should modify something in adf-config.xml file (below).
    Which steps I have to perform in order to install my application correctly with an EAR file?
    Thanks in advance.
    <?xml version="1.0" encoding="windows-1252" ?>
    <adf-config xmlns="http://xmlns.oracle.com/adf/config"
    xmlns:adf="http://xmlns.oracle.com/adf/config/properties"
    xmlns:sec="http://xmlns.oracle.com/adf/security/config"
    xmlns:ads="http://xmlns.oracle.com/adf/activedata/config">
    <adf:adf-properties-child xmlns="http://xmlns.oracle.com/adf/config/properties">
    <adf-property name="adfAppUID" value="BDO_GC_WEBAPP.bdogc"/>
    </adf:adf-properties-child>
    <!-- <ads:adf-activedata-config xmlns=
    "http://xmlns.oracle.com/adf/activedata/config">
    <latency-threshold>5000</latency-threshold>
    <keep-alive-interval>10000</keep-alive-interval>
    <max-reconnect-attempt-time>90000</max-reconnect-attempt-time>
    <reconnect-wait-time>8000</reconnect-wait-time>
    </ads:adf-activedata-config> -->
    <sec:adf-security-child xmlns="http://xmlns.oracle.com/adf/security/config">
    <CredentialStoreContext credentialStoreClass="oracle.adf.share.security.providers.jps.CSFCredentialStore"
    credentialStoreLocation="../../src/META-INF/jps-config.xml"/>
    <sec:JaasSecurityContext initialContextFactoryClass="oracle.adf.share.security.JAASInitialContextFactory"
    jaasProviderClass="oracle.adf.share.security.providers.jps.JpsSecurityContext"
    authorizationEnforce="true"
    authenticationRequire="true"/>
    </sec:adf-security-child>
    <adf-faces-config xmlns="http://xmlns.oracle.com/adf/faces/config">
    <persistent-change-manager>
    <persistent-change-manager-class>
    oracle.adf.view.rich.change.MDSDocumentChangeManager
    </persistent-change-manager-class>
    </persistent-change-manager>
    <taglib-config>
    <taglib uri="http://xmlns.oracle.com/adf/faces/rich">
    <tag name="column">
    <attribute name="displayIndex">
    <persist-changes>
    true
    </persist-changes>
    </attribute>
    <attribute name="frozen">
    <persist-changes>
    true
    </persist-changes>
    </attribute>
    <attribute name="noWrap">
    <persist-changes>
    true
    </persist-changes>
    </attribute>
    <attribute name="selected">
    <persist-changes>
    true
    </persist-changes>
    </attribute>
    <attribute name="visible">
    <persist-changes>
    true
    </persist-changes>
    </attribute>
    <attribute name="width">
    <persist-changes>
    true
    </persist-changes>
    </attribute>
    </tag>
    <tag name="table">
    <attribute name="filterVisible">
    <persist-changes>
    true
    </persist-changes>
    </attribute>
    </tag>
    </taglib>
    </taglib-config>
    </adf-faces-config>
    <adf-mds-config xmlns="http://xmlns.oracle.com/adf/mds/config">
    <mds-config xmlns="http://xmlns.oracle.com/mds/config" version="11.1.1.000">
    <cust-config>
    <match path="/">
    <customization-class name="oracle.adf.share.config.UserCC"/>
    </match>
    </cust-config>
    </mds-config>
    </adf-mds-config>
    </adf-config>

    Any suggestion?

  • EJB3.0 App deployed with warning:Object not found in lookup of JPA_DEFAULT

    Hi All ,
               I am working on NWCE7.1. I am deploying Enterprise Application DC wich is having
    1 . 3 EJB3.0 session DCs
    2.  1 JPA DC
    I am getting following warning in deployment. I have checked persistence.xml for jta-data-source , it is added. Still not working. I am getting this error after importing configuration(Track) for these DCs in my NWDS. Earlier build n deployment was working in other NWDS on other PC.
    --- Deploying file(s):
         D:\NWDS7.1\workspace.jdi\4\DCs\asianpaints.com\erecapp\_comp\gen\default\deploy\asianpaints.com~erecapp.ear
    --- Status:
         Deploy finished with warnings.
    --- Description:
                S U M M A R Y
    ~~~~~~~~~~~~~~~~~~~
    Successfully deployed:           0
    Deployed with warnings:           1
    Failed deployments:                0
    ~~~~~~~~~~~~~~~~~~~
    1. File:D:\NWDS7.1\workspace.jdi\4\DCs\asianpaints.com\erecapp\_comp\gen\default\deploy\asianpaints.com~erecapp.ear
         Name:erecapp
         Vendor:asianpaints.com
         Location:J2N_ERECTT_D
         Version:20090217100038
         Deploy status:Warning
         Version:HIGHER
         Description:
              1. Exception has been returned while the 'asianpaints.com/erecapp' was starting. Warning/Exception :
    [ERROR CODE DPL.DS.6193] Error while ; nested exception is:
         com.sap.engine.services.deploy.exceptions.ServerDeploymentException: [ERROR CODE DPL.DS.5030] Clusterwide exception: server ID 6358450:com.sap.engine.services.orpersistence.container.deploy.ActionException: [ERROR CODE DPL.DS.5030] Clusterwide exception: com.sap.engine.services.jndi.persistent.exceptions.NameNotFoundException: Object not found in lookup of JPA_DEFAULT.
         at com.sap.engine.services.jndi.implserver.ServerContextImpl.lookup(ServerContextImpl.java:584)
         at com.sap.engine.services.jndi.implclient.ClientContext.lookup(ClientContext.java:343)
         at com.sap.engine.services.jndi.implclient.ClientContext.lookup(ClientContext.java:637)
         at javax.naming.InitialContext.lookup(InitialContext.java:351)
         at javax.naming.InitialContext.lookup(InitialContext.java:351)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexModuleCreator.initDataSources(ComplexModuleCreator.java:344)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexModuleCreator.initRuntimeModels(ComplexModuleCreator.java:230)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexModuleCreator.createModule(ComplexModuleCreator.java:154)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexModuleCreator.execute(ComplexModuleCreator.java:84)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexActionAdapter.execute(ComplexActionAdapter.java:34)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ApplicationCreator.execute(ApplicationCreator.java:74)
         at com.sap.engine.services.orpersistence.container.deploy.impl.PersistenceContainer.prepareStart(PersistenceContainer.java:187)
         at com.sap.engine.services.deploy.server.application.StartTransaction.prepareCommon(StartTransaction.java:219)
         at com.sap.engine.services.deploy.server.application.StartTransaction.prepare(StartTransaction.java:179)
         at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesOnOneServer(ApplicationTransaction.java:420)
         at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhases(ApplicationTransaction.java:445)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.super_MakeAllPhases(ParallelAdapter.java:337)
         at com.sap.engine.services.deploy.server.application.StartTransaction.makeAllPhasesImpl(StartTransaction.java:550)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:251)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.makeAllPhasesAndWait(ParallelAdapter.java:392)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:3389)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:3375)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:3278)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:3251)
         at com.sap.engine.services.dc.lcm.impl.J2EELCMProcessor.doStart(J2EELCMProcessor.java:99)
         at com.sap.engine.services.dc.lcm.impl.LifeCycleManagerImpl.start(LifeCycleManagerImpl.java:62)
         at com.sap.engine.services.dc.cm.deploy.impl.LifeCycleManagerStartVisitor.visit(LifeCycleManagerStartVisitor.java:34)
         at com.sap.engine.services.dc.cm.deploy.impl.DeploymentItemImpl.accept(DeploymentItemImpl.java:83)
         at com.sap.engine.services.dc.cm.deploy.impl.DefaultDeployPostProcessor.postProcessLCMDeplItem(DefaultDeployPostProcessor.java:80)
         at com.sap.engine.services.dc.cm.deploy.impl.DefaultDeployPostProcessor.postProcess(DefaultDeployPostProcessor.java:56)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.doPostProcessing(DeployerImpl.java:741)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.performDeploy(DeployerImpl.java:732)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.doDeploy(DeployerImpl.java:576)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.deploy(DeployerImpl.java:270)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.deploy(DeployerImpl.java:192)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImplp4_Skel.dispatch(DeployerImplp4_Skel.java:875)
         at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:351)
         at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:70)
         at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:62)
         at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:37)
         at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:877)
         at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:53)
         at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:58)
         at com.sap.engine.core.thread.execution.Executable.run(Executable.java:108)
         at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:304)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexModuleCreator.initDataSources(ComplexModuleCreator.java:360)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexModuleCreator.initRuntimeModels(ComplexModuleCreator.java:230)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexModuleCreator.createModule(ComplexModuleCreator.java:154)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexModuleCreator.execute(ComplexModuleCreator.java:84)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ComplexActionAdapter.execute(ComplexActionAdapter.java:34)
         at com.sap.engine.services.orpersistence.container.deploy.impl.ApplicationCreator.execute(ApplicationCreator.java:74)
         at com.sap.engine.services.orpersistence.container.deploy.impl.PersistenceContainer.prepareStart(PersistenceContainer.java:187)
         at com.sap.engine.services.deploy.server.application.StartTransaction.prepareCommon(StartTransaction.java:219)
         at com.sap.engine.services.deploy.server.application.StartTransaction.prepare(StartTransaction.java:179)
         at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesOnOneServer(ApplicationTransaction.java:420)
         at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhases(ApplicationTransaction.java:445)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.super_MakeAllPhases(ParallelAdapter.java:337)
         at com.sap.engine.services.deploy.server.application.StartTransaction.makeAllPhasesImpl(StartTransaction.java:550)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:251)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.makeAllPhasesAndWait(ParallelAdapter.java:392)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:3389)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:3375)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:3278)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:3251)
         at com.sap.engine.services.dc.lcm.impl.J2EELCMProcessor.doStart(J2EELCMProcessor.java:99)
         at com.sap.engine.services.dc.lcm.impl.LifeCycleManagerImpl.start(LifeCycleManagerImpl.java:62)
         at com.sap.engine.services.dc.cm.deploy.impl.LifeCycleManagerStartVisitor.visit(LifeCycleManagerStartVisitor.java:34)
         at com.sap.engine.services.dc.cm.deploy.impl.DeploymentItemImpl.accept(DeploymentItemImpl.java:83)
         at com.sap.engine.services.dc.cm.deploy.impl.DefaultDeployPostProcessor.postProcessLCMDeplItem(DefaultDeployPostProcessor.java:80)
         at com.sap.engine.services.dc.cm.deploy.impl.DefaultDeployPostProcessor.postProcess(DefaultDeployPostProcessor.java:56)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.doPostProcessing(DeployerImpl.java:741)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.performDeploy(DeployerImpl.java:732)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.doDeploy(DeployerImpl.java:576)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.deploy(DeployerImpl.java:270)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImpl.deploy(DeployerImpl.java:192)
         at com.sap.engine.services.dc.cm.deploy.impl.DeployerImplp4_Skel.dispatch(DeployerImplp4_Skel.java:875)
         at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:351)
         at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:70)
         at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:62)
         at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:37)
         at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:877)
         at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:53)
         at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:58)
         at com.sap.engine.core.thread.execution.Executable.run(Executable.java:108)
         at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:304)
    Result
    Status:Warning

    You have to give an explicit data source in your persistence.xml to solve this error normaly.
    <persistence version="1.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd">
         <persistence-unit name="YOUR_UNIT">
        <jta-data-source>DSNAME</jta-data-source>
    Frank

  • SCCM: Application deployment vs Package deployment with requirements and prerequisits.

    Hey,
    My organization is in the process of implementing a new remote networking solution for all employees, however some employees require additional software vs others. What I am trying to find out is if there is a way to have one package with supersedes and
    requirements that we can use to do a massive deployement. 
    Here are the different scenarios with order of installation:
    Financial group Desktop:
    1.Install New solution
    2.Install Configuration
    3.Install Token Authentication 
    (nothing crazy)
    Financial Group Laptops
    1.Install Token Authentication
    2.Install New Solution
    3.Install COnfiguration
    4.Un-uninstall Old Solution
    5.Un-install Tunnel Guard application (requires a reboot, that's why it's last). (this is the application that would be deployed with requirements to go back up the chain of supersedes (meaning, deploy 5, but do 4, when 4 is triggered, it does 3 first, etc...)
    All other laptops
    1.Install New Solution
    2.Install COnfiguration
    3.Un-uninstall Old Solution
    4.Un-install Tunnel Guard application (requires a reboot, that's why it's last).(this is the application that would be deployed with requirements to go back up the chain of supersedes (meaning, deploy 4, but do 3, when 3 is triggered, it does 2 first, etc...)
    Because of the different requirements, is there a way to have one deployment with multiple deployment types to say based off:
    1. Computer types (we have a naming convention that identifies laptops and desktops.
    2. Only install certain pieces of software (Token validator in this case if financial application is detected on the machine).
    Or should I create different applications for each case with different collections or go with 3 different packages and collections with install this package first set in the package deployment
    Thanks for your help.

    The problem is the last uninstall, because it's not applicable to all machines. That means that if you would deploy that with all it's dependencies, it wouldn't do anything on the desktops as it's not applicable to them.
    In this case, if you want to use one deployment, the easiest solution is a task sequence. That way you can target everything in one time and still build some logic to prevent some (un-)installs.
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Patch deployment with status "Enforcement state unknown"

    Hi All
    I am pretty new to the patch deployment.
    I generated a report and see there is Last State column with "Enforcement state unknown", not sure if it means failed for those hostnames or will be retried for the installation.
    Kindly clarify.
    Regards
    Ramesh
    Regards Ram

    They will only start to install updates automatically when there is an active update deployment with a scheduled deadline that has past. See for a lot more information:
    http://technet.microsoft.com/en-us/library/gg682168.aspx#BKMK_SUMCompliance
    Also, when Days since last communication is more than 0, that's usually an indication that the client is not communicating any more. That can be caused by a lot of things including something simple as that the device is turned of, or not
    connected with the network.
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?

    Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?
    Im trying to follow the trustsec 2.1 guide on IP Phones into LowImpact mode.
    I can get a PC on its own to authenticate via dot1x/tls
    I can get a Cisco IP Phone on its own to authenticate via MAB.
    When the two are on the same switchport, the phone will authenticate but not the PC.  ISE logs EAP timeouts.
    The switchport has the LowImpact port ACL of
    ip access-group ACL-DEFAULT in
    The IP Phone gets a dACL that allows it ok.
    I assume MAB phone and dot1x PC is supported?  Any ideas?
    Thanks in advance.

    The ISE log detailed steps are as follows:
    Steps
    11001  Received RADIUS Access-Request
    11017  RADIUS created a new session
    Evaluating Service Selection Policy
    15048  Queried PIP
    15048  Queried PIP
    15004  Matched rule
    11507  Extracted EAP-Response/Identity
    12300  Prepared EAP-Request proposing PEAP with challenge
    12625  Valid EAP-Key-Name attribute received
    11006  Returned RADIUS Access-Challenge
    11001  Received RADIUS Access-Request
    11018  RADIUS is re-using an existing session
    12501  Extracted EAP-Response/NAK requesting to use EAP-TLS instead
    12500  Prepared EAP-Request proposing EAP-TLS with challenge
    12625  Valid EAP-Key-Name attribute received
    11006  Returned RADIUS Access-Challenge
    11001  Received RADIUS Access-Request
    11018  RADIUS is re-using an existing session
    12502  Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
    12800  Extracted first TLS record; TLS handshake started
    12805  Extracted TLS ClientHello message
    12806  Prepared TLS ServerHello message
    12807  Prepared TLS Certificate message
    12809  Prepared TLS CertificateRequest message
    12505  Prepared EAP-Request with another EAP-TLS challenge
    11006  Returned RADIUS Access-Challenge
    11001  Received RADIUS Access-Request
    11018  RADIUS is re-using an existing session
    12504  Extracted EAP-Response containing EAP-TLS challenge-response
    12505  Prepared EAP-Request with another EAP-TLS challenge
    11006  Returned RADIUS Access-Challenge
    11001  Received RADIUS Access-Request
    11018  RADIUS is re-using an existing session
    12504  Extracted EAP-Response containing EAP-TLS challenge-response
    12505  Prepared EAP-Request with another EAP-TLS challenge
    11006  Returned RADIUS Access-Challenge
    5411  No response received during 120 seconds on last EAP message sent to the client

  • Cisco ISE integration with SMS passcode Device

    HI Experts,
    i have a scenario where the requirement is to integrate the ISE device with SMSpasscode device which will trigger the OTP to the mobile devices 
    Currently i have my authentication configured to work with the AD 
    When my VPN users connects  its authenticates against AD and the users get the access . 
    Now as per the new requirement once the user is authenticate against AD ,  the user should be prompted for the OTP password send to the users  using SMS passcode device 
    Anyone had worked on similar requirement please help me to resolve the issue .
    Thanks in advance 
    Angus

    Hi all
    I am working exactly for a month on this topic with no success.
    I need to integrate VASCO OTP solution. But VASCO do not support any external authentication backend for virtual/SMS token. Only passcode or local authentication.
    I need to implement an external authentication against LDAP somewhere...
    Gunnar, do CISCO clearly says it is not able to participate to such setup?
    So, my need would be to be able to insert in the flow an authentication in ISE against the LDAP.
    The flow is:
    WebApplication send login+password (LDAP) to ISE
    ISE checks the credentials and if it is OK forward the request to VASCO
    VASCO does not check for password but generate the OTP and send it via SMS
    VASCO replies with a access-challenge
    ISE forward the challenge to Web Application
    WebApplication send login+OTP response to ISE
    ISE forward to VASCO
    VASCO checks for OTP and replies to ISE with accept
    ISE forward to Web Application
    User is logged in...
    All the flow is working if the user enters a passcode
    I would like to implement a Identity source sequences where the user is checked again all the entries not the first match
    First LDAP then VASCO...

  • ESS/MSS business packages "Deployed with Warning"

    Hello All,
       We are on NW04s SP10 on MS SQL server and Windows server. The Database and portal installations or on different machines. I installed the business packages ESS 1.0, MSS 1.0 and the XSS components - 600 using the JSPM.
    After I deploy, I get the message<b> "Deployed with Warning"</b>
    When I opened the log files and checked for errors, I found errors in deployment on these SDAs
    sap.com/essfiaddr  - WEBDYNPRO
    sap.com/essinaddr  - WEBDYNPRO
    sap.com/essinpdata  - WEBDYNPRO
    sap.com/mssexpdyn  - WEBDYNPRO
    sap.com/mssexpssa  - WEBDYNPRO
    sap.com/mssoprogeneraldescription  - WEBDYNPRO
    And I get the following exceptions for all the SDAs above.
    <b>07/01/11 09:54:10 -    sap.com/essfiaddr  - WEBDYNPRO
    07/01/11 09:54:10 -  ***********************************************************
    Jan 11, 2007 9:54:11 AM  Info: End of log messages of the target system.
    Jan 11, 2007 9:54:11 AM  Info: ***** End of SAP J2EE Engine Deployment (J2EE Application) *****
    Jan 11, 2007 9:54:11 AM  Warning: Finished with warnings: development component 'ess/fi/addr'/'sap.com'/'MAIN_ERP05PAT_C'/'795293':
    Caught exception during application startup from SAP J2EE Engine's deploy service:
    java.rmi.RemoteException: Error occurred while starting application sap.com/ess/fi/addr and wait.
    Reason: Clusterwide exception: server ID 11376250:com.sap.engine.services.deploy.container.DeploymentException: Clusterwide exception: Failed to prepare application ''sap.com/essfiaddr'' for startup. Reason=
    Clusterwide exception: Failed to start application ''sap.com/essfiaddr'': The referenced application ''sap.com/ess~per'' can''t be started. Check the causing exception for details. Hint: Is the referenced application deployed correctly on the server?
         at com.sap.engine.services.webdynpro.WebDynproContainer.prepareStart(WebDynproContainer.java:1490)
         at com.sap.engine.services.deploy.server.application.StartTransaction.prepareCommon(StartTransaction.java:231)
         at com.sap.engine.services.deploy.server.application.StartTransaction.prepare(StartTransaction.java:179)
         at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesOnOneServer(ApplicationTransaction.java:301)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.makeAllPhasesImpl(ParallelAdapter.java:317)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:111)
         at com.sap.engine.services.deploy.server.application.ParallelAdapter.makeAllPhasesAndWait(ParallelAdapter.java:227)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:4684)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:4589)
         at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationAndWait(DeployServiceImpl.java:4562)
         at com.sap.engine.services.deploy.server.DeployServiceImplp4_Skel.dispatch(DeployServiceImplp4_Skel.java:1163)
         at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:304)
         at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
         at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
    (message ID: com.sap.sdm.serverext.servertype.inqmy.extern.EngineApplOnlineDeployerImpl.performAction(DeploymentActionTypes).REMEXC)</b>
    Now, after this, when I log into the portal and see the MSS role, the links are all missing. I see only Overview and its worksets and pages and Reports and its worksets. Everything else is missing. The warning that I see is<b> "Linked object is unavailable"</b>
    Could anyone please suggest me what could be wrong?
    Thanks,
    Sunitha<b></b>

    Hi Sunitha,
    First of all I was not able to find if your backend is ERP 2004 or ERP 2005. It should be ERP 2005 if you want to user ESS 1.0 and MSS 1.0 BP
    Please check in Content Administrator if you can locate these applications and test the same. If yes then you can ignore this warning. If No, in that case you have to redeploy XSS, ESS and MSS using SDM again.
    The links in portal comes from your backend Area Page Customizing. To verify if the problem is with your Portal Business Package or with your backend customizing run your ESS applications using
    http://<portal>:<port>/webdynpro/dispatcher/sap.com/pcui_gp~xssutils/XssMenuArea?sap.xss.menuhdr=SAPDEFAULT&sap.xss.menuargrp=SAPDEFAULTESS
    and MSS using
    http://<portal>:<port>/webdynpro/dispatcher/sap.com/pcui_gp~xssutils/XssMenuArea?sap.xss.menuhdr=SAPDEFAULT&sap.xss.menuargrp=SAPDEFAULTMSS
    If you can see all the links correctly here, your backend customization is fine and there is a problem with your BP of ESS and MSS. So you will have to import the same again in the portal. However if you are not able to view the links in the page, then there is a problem with you Area Page Customization. You will need to check your config with the Client 000 configuration to find out the missing config.
    Hope this helps.
    Regards,
    Shubham

  • ISE integration with Oracle LDAP

    Does ISE integrate with Oracle OID LDAP (Version 11G)? If yes, which version?

    ISE supports any LDAPv3 compliant servers

  • SAP Netweaver 04 SP16 deployed with Xalan 2.60 or Xalan 2.70

    SAP Netweaver 04 SP16 deployed with Xalan 2.60 or Xalan 2.70
    Have you tried to port and run (Sneak Preview)  SAPNetWeaver java 04 SP16 or 04S SP7 with a later version on Xalan version 2.60 or Xalan version 2.70 along with jdk 1.4.2_(8 or greater)?
    What specifically is failing? What patches or work around have you used to overcome compatibility issues with Xalan?
    When we run Sneak Preview SAPNetWeaver java 04 SP16 SP7 with a version on Xalan version 2.60 or Xalan version 2.70 along with jdk 1.4.2_11, We get error 503 Service Unavailable, Application cannot be started
    Details: com.sap.engine.services.deploy.container.ExceptionInfo: Error while parsing file “data-source-aliases.xml”.

    Hi
    SAP does not allow usage of any other XML parsers with SAP web AS.
    please have a look at this link
    http://help.sap.com/saphelp_nw04/helpdata/en/36/ef353e39011a38e10000000a114084/frameset.htm
    "Setting system properties in a system that supports more than one parser is prohibited".
    The Error which you are getting is because one of the
    java.system properties for parsing is
    getting changed by xalan. These system properties are explictly set by the SAP XML implementation which it does not allow you to change.
    Also can you please let me know where are you placing the xalan jar file ? is it deployed as a j2ee library or part of war ?
    Hope this helps. please mark points for helpful answers
    regards
    rajesh kr

Maybe you are looking for

  • Weblogic Portal 10.2

    Hello - We're using BEA WebLogic 10.2 and its workshop server is very slow, whenever we need to publish it takes almost 30 - 45 minutes to publish and in a few occasions it might crash while trying to publish! Don't know if this is a bug in WL 10.2 o

  • Call_form problem in Forms 10g

    I am using Developer 10g R2. I tried to call a form named form1 from another form. But it can not open the form and shows the following error: FRM 40010: Can not read form form1. Then I tried other functions open_form, Go_form. But it does not work.

  • Order data as in IN clause

    Hi, Is there a way to order the result set to display in the same order as data supplied in IN clause example: select * from t_cu where cno IN ( 220, 120, 900, 350, 99, 1, 34 );I would like to display the data in the same order as 220, 120, 900, 350,

  • Reg report painter

    Hi experts can anyone help me to find where the report painter is and what is the use of it and pls give the steps for navigation... with regards Sellavel

  • Log Host IP Address

    Hi, Is it possible to log the IP address of the client (not the application server) in a database table along with other session values like last accessed time, last login time and log off time? Once this is logged I need to show this information on