ISE failover between PSNs not working
This has never worked for us. We have two Policy Service Nodes. But when the first goes down, clients are not getting authenticated through second.
Even when first comes up, clients still don't get authenticated. Reason for this looks to be the absence of network devices. After reboot of the first PSN, its network devices list is empty, so we have to import the devices' list again. Why is the network device list empty after reboot of the primary PSN? Is this a known issue?
Are your two psns also admin and mnt personas as well? I am just curious on how you can view the network device entries.
I would recheck the database admin and user passwords, seems as if replication between these two nodes are not acting properly. Also did you install any patches?
Thanks,
Sent from Cisco Technical Support iPad App
Similar Messages
-
Magic mouse swipe between pages not working "only" in finders and preferences
Hi community,
I'm a new comer in this mac world like I just bought it less than a month ago and I'm already having trouble with it.
My apple magic mouse cannot swipe between pages "only" in finder and preferences. I mean it works perfectly fine with Safari and stuff but when it comes to finder, I cannot move between folders by swiping with one finger. Ironically, it works fine if I change it to two finger swipe option by sacrificing 'Swipe between full-screen app' feature as it uses two fingers. Apple customer support that I talked to could not figure it out and I'm hoping to find answers here. I mean it's really awkward as it works with two fingers but not with one finger. Plus, one finger swipe works fine in Safari and other apps.
I did what I can - restarting, -switch on and off the mouse, - PRAM reset, - trying in serfdom, -remove and pair up again the mouse, -run repair permission in disk utility.
I use Mac Mini late 2014 with Yosemite 10.10.1 and this just happened all of sudden.
Please help!!Just figured out it also does not work with the Mail app.
-
ISE Guest Activity Report not working (1.2.0.899)
Recently I upgraded an ISE to 1.2.0.899. I found the Guest Activity Report is not working. Before the upgrade it was working properly (with the limitation of 5000 records by report). Nothing in the ASA was modified, but nothing is reported in the ISE; also I use the tcpdump integrated in the ISE to validate the syslog messages are arriving from the ASA to the ISE. I already enable the Passed Authentication logging category.
Do I need to modify something else,to have the report?Hi
Please make sure these steps has configured correctly:
Step 1 Create an alarm, as described in Creating, Editing, and Deleting Alarm Schedules.
Step 2 Specify a rule for Passed Authentication, Failed Authentications, or Authentication Inactivity for all users of type guest, as described in Creating and Assigning an Alarm Rule.
Step 3 Calculate guest user activity by Monitoring Live Authentications. -
Dock not working; command-tab switch between programs not working
The Dock does not work. I have restarted (although the computer will not restart under "Restart", getting stuck at the last part, and needs to be restarted manually). When I change Dock preferences it reverts back to default settings. If I am lucky, the dock will appear and then disappear (poof) without having functioned.
The command tab function for switching between programs stopped working also.
The individual programs work, but I have to go to recent items to switch programs.
Further, I have two Previews open (with different documents in each) even though I have only one Preview program.
A whole lot of bizarre things that may be connected? I would appreciate any help.You could try removing the .plist file again, but this time, try also removing the com.apple.dock.db file. Then log out and log in again.
Also, it seems as if many people are having similar problems. See [this thread|http://discussions.apple.com/thread.jspa?messageID=9126119].
So, does the problem persist with another user account?
If it were my machine, the next thing I'd try is downloading the combo updater from Apple's website and reinstalling it. 10.5.6 is available [here|http://support.apple.com/downloads/MacOS_X_10-5-6_ComboUpdate]. -
Cut and Paste between Events not working
Using iPhoto11, I can drag and drop pictures between events, no problem...but Cut and Paste does not work.
I select a photo and cut in event A, go to event B, I right click and get a PAST button, It even clicks but nothing happen, the Cut image never gets pasted.
Is this a bug? whats the solution?To delete the test user, go to the black apple menu, click on system preferences, then on accounts. From an administrator account, click on the "test" user and hit the "-" key. when the dialog box comes up, hit "delete the home folder" and it will be gone.
For the startup disk issue you should repair permissions. From the finder, click on the "go" menu, then on "utilities". Select disc utility. Select your HD and click on repair disk permissions. This will take several minutes (5 or more).
If that has not done the trick then you may need to reset the parameter ram (PRAM). Turn your computer off. When you turn it back on, simultaneously hold 4 keysL command-option-p-r. Keep holding them. The startup chime will ring. Continue to hold until you have heard the chime at least 2 times (more won't help or hurt). Then release. -
Apple + Tab between programs not working properly
I've never had a problem with tabbing between programs until the past week. Specifically, it's tabbing from any program back to Firefox. I'm running OS X 10.4.11 on an iBook G4 and Firefox version 2.0.0.14. Basically, what is happening when I tab to Firefox is that Firefox becomes the active program (the program appears in the top bar) but the browser window doesn't show up. The only way I can get the window to show up is to open a new browser window followed by closing it (or by pressing F9 and selecting the window manually), then the original browser window becomes the active one. Has anyone ran into a similar problem? Or more importantly, does anyone have a solution?
I can confirm it IS NOT the remote. We have 4 ATV G2 here and all the remotes work fine for three of the boxes. One box, even after factory reset, will not allow any of the remotes to scroll/select up direction in menus. Again- multiple remotes that work fine for other ATV boxes will not work in the up direction on a single ATV. Definitely a problem after latest update on at least some of the hardware!
-
Cisco Ise Central Web authentication not working
Hello Guys,
CWA is not working. It says that authentication suceeded but posture status is pending. No error in my Monitor--authentication. Checking it in my Windows 7, it does not shows the CWA portal.
What might be the possible problem of this.?
thanksKindly review the below links:
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml -
Cisco ISE guest portal redirect not working after successful authentiation and URL redirect.
Hi to all,
I am having difficulties with an ISE deployment which I am scratching my head over and can't fathom out why this isn't working.
I have an ISE 3315 doing a captive webportal for my guest users who are on an SSID. The users are successfully redirected by the WLC to the following URL:https://x.x.x.x:8443/guestportal/Login.action?portalname=XXX_Guest_Portal
Now when the user passes through the user authentication splash screen they get redirected to https://x.x.x.x:8443/guestportal/guest/redir.html and recieve the following error:
Error: Resource not found.
Resource: /guestportal/
Does anyone have any ideas why the portal is doing this?
Thanks
PaulHello,
As you are not able to get the guest portal, then you need to assure the following things:-
1) Ensure that the two Cisco av-pairs that are configured on the authorization profile should exactly match the example below. (Note: Do not replace the "IP" with the actual Cisco ISE IP address.)
–url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp
–url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also defined on the access switch)
2) Ensure that the URL redirection portion of the ACL have been applied to the session by entering the show epm session ip command on the switch. (Where the session IP is the IP address that is passed to the client machine by the DHCP server.)
Admission feature : DOT1X
AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e
URL Redirect ACL : ACL-WEBAUTH-REDIRECT
URL Redirect :
https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72
0000A45A2444BFC2&action=cpp
3) Ensure that the preposture assessment DACL that is enforced from the Cisco ISE authorization profile contains the following command lines:
remark Allow DHCP
permit udp any eq bootpc any eq bootps
remark Allow DNS
permit udp any any eq domain
remark ping
permit icmp any any
permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
permit tcp any host 80.0.80.2 eq www --> Provides access to internet
permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
port
permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8906 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
deny ip any any
Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.
4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on the switch as follows:
ip access-list extended ACL-WEBAUTH-REDIRECT
deny ip any host 80.0.80.2
permit ip any any
5) Ensure that the http and https servers are running on the switch:
ip http server
ip http secure-server
6) Ensure that, if the client machine employs any kind of personal firewall, it is disabled.
7) Ensure that the client machine browser is not configured to use any proxies.
8) Verify connectivity between the client machine and the Cisco ISE IP address.
9) If Cisco ISE is deployed in a distributed environment, make sure that the client machines are aware of the Policy Service ISE node FQDN.
10) Ensure that the Cisco ISE FQDN is resolved and reachable from the client machine.
11) Or you need to do re-image again. -
Failover Cluster testing - not working
Hello
We are trying to perform failover testing on OC4J clusters. We have two nodes clustered. On each node we have installed SOA suite - four OC4J instances (home, oc4J_soa, oc4j_wsm, and oc4j_esbdt).
This is how we are performing the test:
We have deployed servlet on both oc4j_soa with different application names but with same context-root. We have observed following behavior.
1) In mod_oc4j.conf file , we have "Oc4jSelectMethod roundrobin:local".
So when we hit http://<loadbalancer>/<context-root-for-servlet> it works fine in roundrobin fashion. We have set the HTML page title as node name in servlets.
And so we see Node 1 title one time and Node 2 title the other time.
2) Now if I undeploy the servlet from Node 1 and hit http://<loadbalancer>/<context-root-for-servlet> It doen't work one time (gives HTTP 500 error) and it works the other time.
ie. it is still sending one request to Node 1 and other request to Node 2.
well, it should not do this right ? if my application is down/not available on Node 1 , all request should go to Node 2.
3) Also what i have observed is , when we hit the Nodes' http url directly instead of going through the loadbalancer it crisscross the requests.
ie. http://NODE 1/<context-root-for-servlet> - this one always goes to Node 2
and http://NODE 2/<context-root-for-servlet> - always goes to Node 1
This is something weird.
Anybody has any idea , please ? I am not sure why are we getting unexpected behavior mentioned 2) and 3 )
Please let me know if you need anything about config details.
Thanks
/Mishit2) I hope there is a Hardware LBR front ending this architecture ... If yes then HW LBR have intelligent death detection mechanisms where in if Node 1 crashes it stops serving requests to the failed node until it is back online .... so this setting is more at the LBR then at mod_oc4j.conf
3) If load balancing is configured correctly, I dont think u shud be getting this issue..
To test load balancing you can do as below:
- Ensure Virtual host configuration is done in Apache of both nodes
- Ensure Virtual host entry is added to /etc/hosts
Like on Node 1 /etc/hosts
<Node 2 IP> <Virtual hostname>
Similarly on Node 2 /etc/hosts
<Node 1 IP> < Virtual hostname>
- Give Virtual URL to your LBR guy and he will do the settings in LBR
- Bring down node 1 keeping node 2 alive & check below:
http://<virtualURL>/contextroot
http://<node2>/contextroot
- Similarly bring down node 2 keeping node 1 alive & check below:
http://<virtualURL>/contextroot
http://<node1>/contextroot -
Select between clips not working
I toggled something and am not sure what I did. I have been selecting between clips all day long, and command-T to add cross dissolve. Now I don't get the hourglassed shaped cursor to indicate that it is selecting (i.e. I cant select the line between two adjacent clips. If I copy to a new timeline it works. What did I toggle?
Hi:
Stupid question:
Did you try saving your work, quitting and restarting FCP?
Thanks -
Airdrop between macs not working
I have been using airdrop between two mac for a while in Mavericks - but I am not able to get it working on Yosemite.
The two macs will not see each other, even though I have airdrop selected in finder on both macs.
Is there anyone else experiencing this problem ? Is there a solution ?Hey Manesh,
Thanks for the question. The following resource provides some great information if you have having trouble using AirDrop in OS X Yosemite:
Mac Basics: AirDrop lets you send files from your Mac to nearby Macs and iOS devices - Apple Support
http://support.apple.com/en-us/HT6510
Don't see who you're looking for?
When you select AirDrop, OS X looks for other Mac computers and devices that are nearby that also use AirDrop. If you don't see someone in the AirDrop window, here are some things to check.
Preventing senders
You can prevent people you don't know from sending you files, or you can allow everyone. If you don't see a recipient in the AirDrop window, they might only accept files from people who in their Contacts list. Ask them to add you in their Contacts app, or have them select the option "Allow me to be discovered by: Everyone" in the AirDrop window.
Sending files to and from an older Mac
If a Mac you're using with AirDrop was manufactured before 2012, you can send and receive files with other Mac computers.
On the sending Mac, click "Don't see who you're looking for" in the AirDrop window.
Select the option to "Search for an Older Mac."
On the receiving Mac, open a new Finder window and click AirDrop in the sidebar.
Tips for sending files
Make sure Wi-Fi and Bluetooth are enabled on your Mac and your iOS device. Although you don't have to connect to a specific network, Wi-Fi needs to be on to send and receive files using AirDrop.
Move your devices closer together. AirDrop is designed to work within a range of approximately 30 feet (9 meters). If you need to send a file to someone farther away, consider using File Sharing, iCloud, or email instead.
If you're using a firewall on your Mac, you won't be able to receive AirDrop files if you have enabled "Block all incoming connections" in the Security & Privacy pane of System Preferences.
Make sure your devices meet system requirements for AirDrop.
Thanks,
Matt M. -
Date between is not working.
Hi Experts,
Working in jdev 11.1.1.3.0 with ADF BC.
I am trying to get date between operator, if put both the dates as 8/31/2010 then i am not getting all the records whish is date as 8/31/2010, but if i put to as 8/31/2010 and from as 9/1/2010 then i am getting all the 8/31/2010 date records and some of 9/1/2010 also.
here my date field i changed type as TimeStamp but still the same issue.
can any one help me, how to all the records with both the between dates are same date.user,
An explanation is in order...
Dates (if you are talking about the database type DATE in Oracle) have time components associated with them. If you don't specify a time, it defaults to midnight (the start of that day). So, if you are doing a "between" comparison, and the date you are comparing isn't at midnight, it won't be between two of the same dates with no time specified (midnight).
So, your choices were to use trunc on the date you are comparing, or (this may yield better performance due to possibly being able to use an index), making your comparison:
between <your original date> and <your original date> + 1 - 1/(24*60*60)
John -
ISE & Switch URL redirect not working
Dear team,
I'm setting up Guest portal for Wired user. Everything seems to be okay, the PC is get MAB authz success, ISE push URL redirect to switch. The only problem is when I open browser, it is not redirected.
Here is some output from my 3560C:
Cisco IOS Software, C3560C Software (C3560c405-UNIVERSALK9-M), Version 12.2(55)EX3
SW3560C-LAB#sh auth sess int f0/3
Interface: FastEthernet0/3
MAC Address: f0de.f180.13b8
IP Address: 10.0.93.202
User-Name: F0-DE-F1-80-13-B8
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
URL Redirect ACL: redirect
URL Redirect: https://BYODISE.byod.com:8443/guestportal/gateway?sessionId=0A005DF40000000D0010E23A&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A005DF40000000D0010E23A
Acct Session ID: 0x00000011
Handle: 0xD700000D
Runnable methods list:
Method State
mab Authc Success
SW3560C-LAB#sh epm sess summary
EPM Session Information
Total sessions seen so far : 10
Total active sessions : 1
Interface IP Address MAC Address Audit Session Id:
FastEthernet0/3 10.0.93.202 f0de.f180.13b8 0A005DF40000000D0010E23A
Could you please help to explore the problem? Thank you very much.With switch IOS version later than 15.0 the default interface ACL is not required. For url redirection the dACL is not required as this ACL is part of traffic restrict for "guest" users.
In my experiece some users can not get the redirect correctly because anti-spoof ACL on management Vlan or stateful firewall blocks the TCP syn ack.
It is rare in campus network access layer switches have user SVI configured so the redirect traffic has to be sent from the netman SVI, but trickly the TCP SYN ACK from the HTTP server will be sent back from the netman Vlan without source IP changed. (The switch is spoofing the source IP in my understanding with changing only the MAC address of the packet). In most of the cases there should be a basic ACL resides on the netman SVI on the first hop router, where the TCP SYN ACK may be dropped by the ACL.
tips:
1. "debug epm redirect" can make sure your traffic matches the redirect url and will get intercepted by the switch
2. It will be an ACL or firewall issue if you can see epm is redirecting your http request but can not see the SYN ACK from the requested server.
Which can win the race: increasing bandwidth with new technologies VS QoS? -
ISE Guest Portal redirection not working
I have built a lab at home. I have a Win2008 Server for AD/DNS, ISE 1.2 (VM trial), a 3560-cg switch, 2500 WLC and 2602i AP. I have configured everything as per the documentations online. My issue is that when I connect to the open SSID, it gets connected and has the dns server populated as well, but the redirection never takes place. I can search for google or cnn.com but it just stays at looking up host or something. However, if i take the redirect URL from the WLC and then do it on the browser, it does go to the guest portal. Let me know what issues I can see and if there is any other information I can provide.
Issue resolved.
Since my lab environment didnt have access to the internet and hence dns servers 8.8.8.8 would not resolve any public ips. But when an address is resolvable by a dns then it redirects nicely. For test I created a dns entry on the dns server itself and tested it.
Sent from Cisco Technical Support Android App -
Date between filter not working
Hi,
I am using Action links to open Report2 from Report1. For my 'Date between' filter (current date and previous two days) in Report2, I previously had 'Advanced SQL' statement but later switched to session variables.
Now when I am using session variables and open Report2 from Report1, I am only able to view the data for the current date and not the previous two dates. When I view Report2 independently in the Results tab, I can view all 3 days data.
Could anyone please help on why I am not able to view all 3 days data when opened from Report1.
Regards.
NB: I am using OBIEE 11.1.1.5.0"Protect this filter" did the trick. I should have thought of it before but somehow just slipped my mind.
The second report was taking the effective date from the parent report.
Maybe you are looking for
-
How do i export an imovie to a facebook group?
It is easy to export to a Facebook account, but how do I export to a Facebook Group that has restricted access? The Group under my account is a Private Group which means only members of the group can view its content, however from both my iPhone and
-
Using apple tv to connect mac book air to tv
Does anyone know if it is possible to use the apple tv to display something from a macbook air on to my tv? Or does the apple tv only display objects from itunes? if so, what cords would have to be purchased in order to do this?
-
Where can I download an older version of ibooks for my 2nd gen touch?
My Ipod touch crashed, then when I tried to restore from a back up it said the back up was corrupt! I now have no way of reading any of my books. When I move my books from Itunes to my ipod I get a message telling me that I must install Ibooks to rea
-
Would using a UPS on my G5 save electricity?
I know this may sound silly, but as I use my G5, I have noticed that my electric bill is much higher, since the G5s arrival in comparison to a G4's power consumption. This may be a silly question, but if i were to get a sufficient UPS for the Dual 2G
-
Download trial version of Photoshop elements 11 seems to downloading elements 10
I am trying to download the trial version of Photoshop elements 11 but it seems to be downloading elements 10? help please?