ISE v1.2 AuthC Policy Processing Performance

Hi guys,
We have ISE v1.2 running in the lab at the moment, and are intending to first deploy a Proof of Concept at two sites before a global deployment across four data centers and 150 Tier 1/Tier 3 sites.
We will be deploying ISE for wired 802.1x for domain devices and MAB for trusted non-802.1x capable and guest devices
ISE will be performing RADIUS proxy for 802.1x to Microsoft NPS servers using RADIUS Server Sequences. (I know ISE can do this but this was the design choice made by the business to meet certain requirements...)
- DC sites will have a pair of PSN nodes (and separate PAN and MNT nodes in the top-level DC) and a pair of NPS servers.
- Tier 1 sites will have a local PSN node and NPS server.
- Tier 3 sites will use the regional DC PSN nodes and NPS servers.
In order to ensure authentication requests are sent by ISE to the nearest NPS server, we are testing specific RADIUS Server Sequences that are called by specific Authentication policies that match a location (plus 802.1x auth) condition.
We have quite a lot of these rules - 40 so far in the lab.
My question is, has anybody built out a similar design, and what performance impact does ISE suffer by trawling through a long list of Authentication policies? How can we monitor this? I have optimised the Tier 3 sites at the top of the list (as these sites have no local ISE and suffer heavy latency to their regional DC).
All helpful replies are rated!
Kind regards, Ash.

Kindly find the link below may help you have some information and address your query.
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html
Filtering Endpoint Attributes
Cisco ISE, when enabled with multiple probes per node, experiences a considerable performance degrading due to numerous attributes per endpoint are collected and stored in the administration node database. Some of the attributes that are collected are temporal in nature as well as not required for endpoint profiling. The huge collection of attributes per probe for each of the endpoint, which cannot be used for endpoint profiling, result in Cisco ISE administration node database persistence and performance degrading.
To address performance degrading of Cisco ISE, filters for RADIUS, DHCP for both the DHCP Helper and DHCP SPAN, HTTP, and SNMP probes have been implemented in the profiler probes (except for the NetFlow probe). Each probe filter contains the list of attributes that are temporal and irrelevant for endpoint profiling and removes those attributes from the attributes collected by the probes.

Similar Messages

BPM - Process Performance Indicators and Process Monitoring

Hi,
In SAP BPM, is there any way to get some reports or dashboard with key PPI (Process Performance Indicators). What we are really interested in is to know how many times a month a process or a specific task of a process has been run, how many time it took to complete the task, was the task completed on time, where are we in the process right now, etc?
We have just started to look into SAP BPM, but my first impression is that it is more a modeling tool along with some taks coordinations. I feel like it's missing the key analytics to really drive innovation in our processes.
Probably that I'm wrong and I've missed something. Please let me know if there is a way to do that, if there are any workarounds or if there are any SAP partners that offer a solution that we could use along with SAP BPM.
Thanks a lot!
Martin

Thanks for your feedback.
We want to implement a SAP BPM scenario in a finance process for the VAT Tax reporting. So basically, our accountant needs to run some SAP transactions along with some manual outside steps. Then the supervisor will perform some checks and finally the tax manager needs to approve it.
There is some interactions with SAP but only for a small part of the process. What we want to achieve is to be able to see the key performance indicator for our process. But at the moment this is not delivered with SAP BPM. I've heard that this may come in the next release end of 2009, but in the meanwhile I'm wondering if other people have been able to implement some customization in Net Weaver or have found other alternatives to be able to monitor their process adequately.
Thanks
Martin

Increase Apply Process Performance

Dear All,
I want to know how can I increase Apply Process Performance in Oracle Streams Setup.
I use Windows 2003 and Oracle 10g R2

Check metalink Note:335516.1
HTH...

Improving ODM Process Performance

Hi Everyone,
I'm running several workflow on sqldeveloper data miner tools to create my model. My Data is around 3 million rows, to monitor the process I look to oracle enterprise manager.
From what I've seen in oracle enterprise manage most of process ODM from my modelling didn't get parallel and sometimes my process not finished more than a day.
Any tips/suggestion how we can improve ODM Process Performance ? By enable parallelism on each process/query maybe ?
Thanks

Ensure that any input table used in modeling or scoring has a PARALLEL attribute set properly. Since minig algorithms are usually CPU bound try to utilize whatevet CPU power you have. Following might be a good starting point:
ALTER TABLE myminingtable PARALLEL <Number of Physical Cores on your Hardware>;

GL COSOLIDATION PROCESS PERFORMANCE

제품 : FIN_GL
작성날짜 : 2002-11-07
GL COSOLIDATION PROCESS PERFORMANCE
===================================
GL의 Consolidation 작업시 발생할수 있는 Performance문제
PURPOSE
느린 GL Consolidation작업
Explanation
Consolidation은 크게 두가지의 방법으로 mapping rule을 정의할수 있다.
1. Segment Mapping Rule
특정 Segment는 어떤 Account로 바뀌어져야 한다는 Rule이다.
Segment단위로 작업을 진행하기 때문에 Performance에는 크게 영향을
주지 않기 때문에 가능한 Segment Rule로 Consolidation을
진행할것을 권고한다.
2. Account Mapping Rule
만약 특정 Account 범위는 Segment Rule로 표현할수 없는 Account로
Mapping을 원한다면 Account Rule을 사용하여 특정 범위의 Account를
Conversion한다.
주의) Account Mapping Rule을 사용할때는 가능한 작은 범위의 Rule을
사용할것을 권고한다.
특히 Segment Mapping Rule과 Account Mapping Rule을 동시에
사용하지 않을것은 오라클은 권고한다.
GL concurrent Debugging(Bulletin#17744)을 사용하여 GL consolidation
작업의 시간을 측정해 본결과 Account Mapping 에서 작업 시간이 크게
지연될 경우 GL_INTERFACE table의 GL_INTERFACE_N2가
반드시 아래와 같은지 확인 한다.
1. request_id
2. je_header_id
3. status
4. code_combination_id
Example
Reference Documents
Bug No: 2632310

Thanks for the reply Roger. I have a solution.. and it's very quick (and i'm in a hurry so apologies if this doesn't read well..)
Extra info first. My FLEX_VALUE column == SEGMENT2 values.
In GL_SECURITY_PKG there is a query on a table called GL_BIS_SEGVAL_INT. This contains the segment_column_name, segment_value and parent_segment that my apps user can see.
So, i'm looking for SEGMENT2 values from this table...
select * from GL_BIS_SEGVAL_INT where SEGMENT_COLUMN_NAME = 'SEGMENT2'
i join my original query to this query and.. bingo, i have what i need!
SELECT
MY_TABLE.FLEX_VALUE,
GL_BIS_SEGVAL_INT.SEGMENT_COLUMN_NAME,
GL_BIS_SEGVAL_INT.SEGMENT_VALUE,
GL_BIS_SEGVAL_INT.PARENT_SEGMENT
FROM
MY_TABLE MY_TABLE,
GL_BIS_SEGVAL_INT GL_BIS_SEGVAL_INT
WHERE
GL_BIS_SEGVAL_INT.SEGMENT_VALUE = MY_TABLE.FLEX_VALUE
AND
GL_BIS_SEGVAL_INT.SEGMENT_COLUMN_NAME = 'SEGMENT2'
returns only the flex_value/segment2 values my apps user has access to.
regards,
Joss.
Edited by: Joss Leaver on Sep 9, 2010 7:19 PM
Edited by: Joss Leaver on Sep 9, 2010 7:20 PM

Ldm migrate fails with : "Set PM policy to performance"

Hi
after "panicing" 1 primary domain I'm trying to migrate one of its guest domain to another primary domain.
this procedure have been tested before and worked many times.
now when I try to migrate its says :
Migration is disabled because Power Management is active
Set PM policy to performance to enable migration
although when I check in the SP it is on performance like this:
-> ls /SP/powermgmt
/SP/powermgmt
Targets:
Properties:
actual_power = 337
policy = performance
Commands:
cd
set
show
( on both the source and the target machines the policy is performance )
I even tried to powercycle the 2 machines and it didn't changed anything.
I use LDom Manager 1.3 , firmware 7.2.7
I noticed there is a new firmware 7.2.8 released 02 Apr 2010, maybe an upgrade will solve it?
any other idea?
Thanks in advance,
Ori

Hi Andreas,
Thanks for your feedback.
I will test and reproduce your issue on my side. Any information, I will post back for you.
Thanks for your understanding.
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Difference between ARIS Process Performance Manager and SAP BI

Hi All,
I am searching for an answer on the following question: when the business purpose is to measure performance of E.g. a call center process. Can the Process Performance Manager from ARIS replace SAP BI.
Regards,
Marcel

Hi Marcel,
If I can add to the comment of Ajay,
I think that when your goal is to measure the performance of a Process and analyze root cause of performance problems, Process Performance Manager is best suited.
Even if SAP BI could do it as well, I think that SAP BI is best suited for data analysis like financial reports, Market studies ...
I think that the baseline is that SAP BI is a broader BI solution but ARIS PPM is best suited for process performance than SAP BI.

Computer Boot Policy Processing Time

Hi
I am troubleshooting the slow boot up process in our Windows 7 64bit enterprise environment. This is essentially the time from power on to reach Ctl, Alt, Del (Log-in screen)
I am trying to eliminate Group Policy and have been doing some investigation using the Group Policy Operational Logs on a couple of Windows 7 Client PCs. I use the Activity ID to track all the Computer Boot Policy processes from start to completion.
My problem is, that the Computer Boot policy will report it has completed in say 300 seconds, but when I examine all the content of this specific process (Computer Boot Policy Processing) it will only list events which add up to a small fraction of the 300
seconds.
So I am basically unsure where the other time is being taken up, as it is not recorded in the list of events under the Computer Boot Policy Processing.
Hope someone can assist

Hi,
Checkout the below thread on similar discussion,
http://social.technet.microsoft.com/Forums/windows/en-US/3596b55e-e21d-4185-95a3-8c4503987910/windows-7-64bit-startup-time-is-slow-and-i-want-to-know-why?forum=w7itproperf
Regards,
Gopi
JiJi
Technologies

Did Cisco ISE have limitation for policy setting?

Deat All,
Did anyone know about Cisco ISE limitation about policy setting?
Right now my setting for windows posture policy around 200 windows patch checking, did ISE have limitation such as maximum windows patching policy line?
Thanks you
Best Regards

Here is the nswer for your first question.
Cisco ISE profiler collects a significant amount of endpoint data from the network in a short period of time. It causes Java Virtual Machine (JVM) memory utilization to go up due to accumulated backlog when some of the slower Cisco ISE components process the data generated by the profiler, which results in performance degradation and stability issues.
To ensure that the profiler does not increase the JVM memory utilization and prevent JVM to go out of memory and restart, limits are applied to the following internal components of the profiler:
Endpoint Cache—Internal cache is limited in size that has to be purged periodically (based on least recently used strategy) when the size exceeds the limit.
Forwarder—The main ingress queue of endpoint information collected by the profiler.
Event Handler—An internal queue that disconnects a fast component, which feeds data to a slower processing component (typically related to a database query).
For more information go through :
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#12624

Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008

Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or advice

Hi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen

Windows 7 Group Policy Processing - EventID 1058

I am having an issue with Windows 7 clients refreshing group policy. When I run gpupdate the user policy refreshes and the moves on to the computer policies but fails displaying the error below. Replication topology checks out, dcdiag returns
no errors and sysvol permissions look ok too. Curiously the same policies apply just fine on windows xp pro systems. The Domain Controller is running Server 2008 Enterprise Edt R2 SP1, I see no 1030 eventid's on the domain controllers as others
frequently report with this error. The domain is running at Windows Server 2003 functional level but I have creaded a PolicyDefinitions folder in the sysvol for admx files etc. Where to go from here? Does anyone have any suggestions/insight
as to what the issue may be?
The sysvol and the gpt.ini file is accessible from the Windows 7 client using UNC path.
Thanks in advance for any assistance given.
The error code listed is 0 which is not mentioned in this article
http://social.technet.microsoft.com/wiki/contents/articles/1456.aspx
## Error details
Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          2/8/2012 2:38:09 PM
Event ID:      1058
Task Category: None
Level:         Error
Keywords:
User:          SYSTEM
Computer:      win7box.abc123.net
Description:
The processing of Group Policy failed. Windows attempted to read the file
\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused
by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
    <EventID>1058</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2012-02-08T20:38:09.770740300Z" />
    <EventRecordID>3972</EventRecordID>
    <Correlation ActivityID="{24F60AA4-DC8D-4F6D-8787-9535072F03C0}" />
    <Execution ProcessID="996" ThreadID="1148" />
    <Channel>System</Channel>
    <Computer>win7box.abc123.net</Computer>
    <Security UserID="S-1-5-18" />
</System>
<EventData>
    <Data Name="SupportInfo1">4</Data>
    <Data Name="SupportInfo2">816</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">3354</Data>
    <Data Name="ErrorCode">0</Data>
    <Data Name="ErrorDescription">The operation completed successfully. </Data>
    <Data Name="DCName">DC.abc123.net</Data>
    <Data Name="GPOCNName">CN={EB062BE8-CAF6-47B4-9B8B-27A19268C520},CN=Policies,CN=System,DC=abc123,DC=net</Data>
    <Data Name="FilePath">\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini</Data>
</EventData>
</Event>
## DCDiag Results (No RODC's hence NCSecDesc error )
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = DC
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: North\DC
      Starting test: Connectivity
         ......................... DC passed test Connectivity
Doing primary tests
   Testing server: North\DC
      Starting test: Advertising
         ......................... DC passed test Advertising
      Starting test: FrsEvent
         ......................... DC passed test FrsEvent
      Starting test: DFSREvent
         ......................... DC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... DC passed test SysVolCheck
      Starting test: KccEvent
         ......................... DC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... DC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... DC passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=abc123,DC=net
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=abc123,DC=net
         ......................... DC failed test NCSecDesc
      Starting test: NetLogons
         ......................... DC passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... DC passed test ObjectsReplicated
      Starting test: Replications
         ......................... DC passed test Replications
      Starting test: RidManager
         ......................... DC passed test RidManager
      Starting test: Services
         ......................... DC passed test Services
      Starting test: SystemLog
         ......................... DC passed test SystemLog
      Starting test: VerifyReferences
         ......................... DC passed test VerifyReferences
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   Running partition tests on : abc123
      Starting test: CheckSDRefDom
         ......................... abc123 passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... abc123 passed test CrossRefValidation
   Running enterprise tests on : abc123.net
      Starting test: LocatorCheck
         ......................... abc123.net passed test LocatorCheck
      Starting test: Intersite
         ......................... abc123.net passed test Intersite

I shortened this down a good bit but here is the gist of it, my question is which context/user/account is being denied access to the .ini files?  I have never used the streams utility but I'll give it a whirl and report back what I get. Most of
the cannot be accessed are probably just policies that are not applicable to the machine but the gpt.ini errors are baffling me.
New GPO - it appears that new GPOs are fine
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Searching <cn={5D0EF3CD-7942-4A89-A879-4F9FDB3064BF},cn=policies,cn=system,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found common name of: <{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found display name of: <gpoC-Win7Test>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO gpoC-Win7Test doesn't contain any data since the version number is 0. It will be skipped.
Older GPO's - not so fine
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B34A8F23-269C-43D8-A097-2307729FBFF6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={55338992-95C9-4FA2-80E4-0ED4A623EE09},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found common name of: <{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found display name of: <gpoS-RealPlayerEnt6 - Security>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO gpoS-RealPlayerEnt6 - Security doesn't contain any data since the version number is 0. It will be skipped.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C92FD413-E891-47E0-B554-BD7F9209D036},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FEF33797-46D0-452A-B3D7-0BEEC2330592},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CCBFECA5-2FF8-4512-8CE4-108C4092D009},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={767959D5-7AB6-4D55-A02E-3F54439CC7DA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={10DCAC5E-9904-41FF-B678-E8514F481E56},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={3229FD3D-868A-4406-AFAF-6449ADBB4749},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1DD39B5C-B930-4750-8EC3-42D0FB89A3B9},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={E10350D2-F632-4D5E-9668-4151596B1D77},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={86C864C5-C861-42FC-B728-BAEE81C9A091},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FE1162BF-9FE2-4F04-A514-80A8E6D5F7CD},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F68214D3-33F3-4F76-BE26-306D0237A048},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CA6B06CE-C546-41F1-87FB-9013701AEF00},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C8C9EFA2-90AA-4162-9051-23FD83B5CF62},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={DE445C4F-9A0F-488F-8769-C041CF2184AA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7CDB465C-55AC-4CBC-9C18-F3ADACDFEB46},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F4E0F78E-BE36-4793-A8B1-83B2D67083F1},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={53359F0A-8C9B-4831-936F-3D47C4CC2694},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6793DBEE-47B0-458D-8F1C-D92EB7015733},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93919120-7113-47C0-AA38-0561EAB18E42},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={5ABD1D9E-07E4-4A53-B854-A2FFC3B257CB},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={71E2B86C-A4A0-47C0-9D7F-BDD6220B9FA4},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={4401CF1C-7839-4496-BB87-304A8AB917FC},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1244CA5A-D654-4ED6-9374-148F1F3DA8ED},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={42875CF2-B9E9-4EFA-90C2-7ACA8882F1B7},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6DD428B6-6B19-4A53-B172-57DB3E15A38E},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={983BFDAD-65F0-42B4-807A-E78DF275C352},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={AFA31A2D-07D8-4CB4-BE86-067A9624E324},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={77C9CA17-6359-4355-9FDF-F605F0441245},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={75D43291-6FA2-4B98-8422-228DDB45571B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={870C6FB3-74CD-46E8-9D4D-E6E6C0A2B52D},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2144E4CF-01C1-4C5B-984B-E9BD4461406F},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7D9DB917-1245-46BD-AEBF-163A2F0FCD06},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B7431941-5DAA-4DD2-A569-35C31B92B677},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={D01BF1D1-33C8-4FC3-95C3-5948A1EE1647},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={57D4AD83-3BBF-43C2-9A3B-F71F3E52C2A6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={A8DB7DAC-42F0-43FC-99E1-F1AC15006101},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={56574927-6DC5-48A7-82F9-A00E820335F6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2FB6858E-8B1C-4C89-83B2-0EEE97D9A72B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93C56E3F-5334-4325-A328-0CCAFED0828B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1B64E00F-D3B6-49B6-B6C8-7AD0A8C9AEFA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={81B4E46C-8249-4547-BC75-9A1FB395E282},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={43D5184A-73C8-4BFD-9B09-33C70B8BC3C2},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={0ABE0BCF-0BC5-481E-AC86-5768D00901D5},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Couldn't find the group policy template file <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}\gpt.ini>,
error = 0x0. DC: DC2.abc123.net
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: ProcessGPO failed
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: EvaluateDeferredGPOs failed. Exiting
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: Leaving with 0
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: ********************************
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: GetGPOInfo failed.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: No WMI logging done in this policy cycle.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: Processing failed with error 87.
GPSVC(3e4.80c) 12:43:27:557 Application complete with bConnectivityFailure = 0.
GPSVC(3e4.80c) 12:43:27:557 Signalling 1 Refresh Policy callers
GPSVC(f84.df4) 12:43:27:557 Exiting RefreshPolicyForPrincipal with status = 0
GPSVC(3e4.80c) 12:43:27:557 GPLockPolicySection: Sid = (null), dwTimeout = 600000, dwFlags = 0
GPSVC(3e4.80c) 12:43:27:557 LockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 Sync Lock Called
GPSVC(3e4.80c) 12:43:27:557 Writer Lock got immediately.
GPSVC(3e4.80c) 12:43:27:557 Lock taken successfully
GPSVC(3e4.80c) 12:43:27:557 UnLockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 UnLocked successfully

Image Processing Performance Issue | JAI

I am processing TIFF images to generate several JPG files out of it after applying image processing on it.
Following are the transformations applied:
1. Read TIFF image from disk. The tiff is available in form of a PlanarImage object
2. Scaling
     /* Following is the code snippet */
     PlanarImage origImg;
     ParameterBlock pb = new ParameterBlock();
     pb.addSource(origImg);
     pb.add(scaleX);
     pb.add(scaleY);
     pb.add(0.0f);
     pb.add(0.0f);
     pb.add(Interpolation.getInstance(Interpolation.INTERP_BILINEAR));
     PlanarImage scaledImage = JAI.create("scale", pb);3. Convertion of planar image to buffered image. This operation is done because we need a buffered image.
     /* Following is the code snippet used */
     bufferedImage = planarImage.getAsBufferedImage();4. Cropping
     /* Following is the code snippet used */
     bufferedImage = bufferedImage.getSubimage(artcleX, artcleY, 302, 70);The performance bottle neck in the above algorithm is step 3 where we convert the planar image to buffered image before carrying out cropping.
The operation typically takes about 1120ms to complete and considering the data set I am dealing with this is a very expensive operation. Is there an
alternate to the above mentioned approach?
I presume if I can carry out the operation mentioned under step 4 above on a planr image object instead of buffered image, I will be able to save
considerable processing time as in this case step 3 won't be required. (and that seems like the bottle neck). I have also noticed that the processing
time of the operation mentioned in step 3 above is proportional to the size of the planar image object.
Any pointers around this would be appreciated.
Thanks,
Anurag
Edited by: anurag.kapur on Oct 4, 2007 10:17 PM
Edited by: anurag.kapur on Oct 4, 2007 10:17 PM

It depends on whether you want to display the data or not.
PlanarImage (the subclass of all renderedOps) has a method that returns a Graphics object you can use to draw on the image. This allows you to do this like write on an image.
PlanarImage also has a getAsBufferedImage that will return a copy of the data in a format that can be used to write to Graphics objects. This is used for simply drawing processed images to a display.
There is also a widget called ImageCanvas (and ScrollingImagePanel) shipped with JAI (although it is not a committed part of the API). These derive from awt.Canvas/Panel and know how to render RenderedImage instances. This may use less copying/memory then getting the data as a BufferedImage and drawing it via a Graphics Object. I can't say for sure though as I have never used them.
Another way may be to extend JComponent (or another class) and customize it to use calls to PlanarImage/RenderedOp instances directly. This can hep with large tiled images when you only want to display a small portion.
matfud

Question on BPEL Process Performance

Hello,
We have a BPEL process reading the datafile through file adapter and upserting into DB using DB Adapter. Our requirement is
If there are 10 records to process and two records (record 5 and 9) fail while inserting/updating for some reason(i.e data type mismatch, column length mismatch etc..), at the end of the process you should see 8 records in the destination table and two records in error table.
I know there are solutions of this :
*1) Multiple calls to DB:* Use a While loop in a BPEL process and Invoke DB adapter for each record and use exception handling(Catch all block).
*2) Invoke Store Procedure:* to prevent multiple calls to DB, create a stored proc on DB side to iterate and insert the records and the stored proc should also return the IDs of failed records back as error response so that you can insert those failed records to a log table or in log files.
Can you suggest which solution is best in terms of performance and why ??
Also we need to perform some business validation (i.e NOT NULL check, date format check etc..), Where should we perform this.. at DB level or BPEL process level?? and why..
Thanks,
Buddhi

BPEL is a slow performer.
Always call a stored procedure to do complex data processings.
Hence go with the second approach.
Error records:
If your going to log errors in the same database, insert the error details direcly into the error table. Dont go back to BPEL.
Application specific validations should be handled in the application itself.
--Prasanna

ISE 1.2 - Authorization Policy for Digital Certificates

Hi Everyone.
I have Cisco Ise 1.2 when I created authorization Policy rule for PEAP(MSCHAPv2) and the ISE can match on the rule e permit based on AuthProfile.
BUT, authentications using digital certificates (EAP_TLS) I can´t do some AuthorizationPolicy for match.
I´m try some:
if
any
AND
authEAPprot: EAP-TLS
AND
Certificate:inssue : iqual : CA-root
THEN
ACCESS_FULL
In Operations>Authetications I can see the authentication and when I open the details, I can see the method is EAP-TLS BUT my rule is not correct cuz authorization policy that use is Default.
Someone can do some Tip about How i can make this rule for authentications that use EAP-TLS (digital certificates)???
tks

Hi,
You will have to upload all certificates (intermediate and root) that are used to sign the client cert into the ISE CA database. You will also have to make sure that checkbox for trust for client authentication is checked.
Thanks,
Tarik Admani
*Please rate helpful posts*

Logical Standby Apply Process Performance

Hello,
We are testing our logical standby database for sql apply process.We run batch jobs in our active database and monitor the standby database for the time it takes to bring the database in sync following are the steps we follow:
1) Insure active and standby are in sync.
2) Stop sql apply on standby database.
3) Run Batch job on active database.
4) After completion of the job on active,start sql apply on standby.
Following are the details of the time taken by sql apply,based on the previous runs:
1st. 654K volume = 4 hrs (2727 records per min)
2nd. 810K volume = 8 hrs 45 mins (1543 records per min)
3rd. 744K volume = 7 hrs 17 mins (1704 records per min)
Following are the details of the logical stdby parameters :
MAX_SGA 100
MAX_SERVERS 15
PREPARE_SERVERS 4
APPLY_SERVERS 8
MAX_EVENTS_RECORDED 10000
RECORD_SKIP_ERRORS TRUE
RECORD_SKIP_DDL TRUE
RECORD_APPLIED_DDL FALSE
RECORD_UNSUPPORTED_OPERATIONS FALSE
EVENT_LOG_DEST DEST_EVENTS_TABLE
LOG_AUTO_DELETE TRUE
LOG_AUTO_DEL_RETENTION_TARGET 1440
PRESERVE_COMMIT_ORDER TRUE
ALLOW_TRANSFORMATION FALSE
can we ensure SQL apply process to apply data in consistent volume,Is it okay for a sql apply process to take same amount of time what the actual batch takes in active instance,can we further tweak apply process to get better performance.
Please help.
Thank you !!

Following are the details of the time taken by sql apply,based on the previous runs:
1st. 654K volume = 4 hrs (2727 records per min)
2nd. 810K volume = 8 hrs 45 mins (1543 records per min)
3rd. 744K volume = 7 hrs 17 mins (1704 records per min)
Following are the details of the logical stdby parameters :
Hi,
By looking at the above apply rate, the apply process is working normally and not having issues.
Since it's a bulk batch data update in PRIMARY, it's obvious and quite normal that it will take time in STANDBY database to get applied and in sync with PRIMARY.
Still, if you need to consider improving the performance, look out for adjusting the APPLIER & PREPARER process. (parameteres, APPLY_SERVERS & PREPAR_SERVERS).

ISE v1.2 AuthC Policy Processing Performance

Similar Messages

Maybe you are looking for