ISE with two PKI enterprise servers

Similar Messages

• GPO is set for "Auto download and notify for install" but it does not work correctly on two of my servers.

  Hello,
  I have a problem with two of my servers. I have ~200 servers which are updating fine through WSUS. The settings are as you can see "3 - Auto download and notify for install" in the GPO.
  This is the correct setting. I want to achieve that I can install the updates whenever I want on these servers. On client computers there is a strict schedule with auto installs.
  My GPO works fine for 98% of my servers. On two servers (a big file server and a TMG server) the settings are made as you can see in the screenshots, but the updates still get installed automatically.
  I have no idea what I'm doing wrong here... It is a big problem for me that updates get installed automatically on these servers.
  Although the Policy and the Registry both say 3 the server behaves like option 4 is active.
  I would be very thankful for any input on how to find out what's the issue here.

  and was not able to find any sign of an admin installing it in the WindowsUpdate.log.
  Then the Windows Update Agent DID NOT install this update, and it's not really a WSUS issue.
  My typical response to such a claim would be to ask you to show me in the WindowsUpdate.log where the update was installed... but it seems that request has already been answered.
  The more relevant question it seems, is HOW DID these updates allegedly get installed?
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• ISE and Two distinct Windows Domains

  All,
  I have a customer who wants to integrate ISE with two seperate Windows Domains, they have no trust releationship. We can integrate with one of the domains and can make use of LDAP for the other but can only get Machine Authentication working with the domain with the full integration. Machine authentication will not work with LDAP, only user authentication. The problem is the config of the switches places the client in the guest network as they fail machine auth and then client auth is not recognised by the switch. I'm thinking about either not going direct to MAB if a user fails machine auth or diabling guest all together as the porblem is a guest with a dot1x suplication is not given guest access in a timely mannor without this command. Another option I have thought about is to use the radius token external identity store to talk to a Cisco ACS server attached to the other domain.
  Any help would be greatly appreciated
  Thanks
  Simon                  

  Here's the list of which methods are supported when using different kinds of user databases :
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1053140

• Cabling & configuring D1000 with two 420R with two dual channel controller

  Hi all,
  I have a problem for configure a D1000 storage with two Sun Enterprise 420R with on board two dual channel scsi controller for each one.
  The D1000 have 4 disks installed, the disks are positioned in the slots 2,3,7,8 and the option swith on rear of D1000 are configured :
  5 4 3 2 1
  DOWN DOWN DOWN DOWN UP
  The Module ID switch are positioned at 0 (I have only one D1000) and the leds of the disks on the D1000 are on.
  I have a problem to view all disks from both Sun.
  How to I do the cabling the D1000 with the two Sun ? I drew a diagram of my environment to understand how to connect correctly the connectors behind the D1000 and behind the Sun.
  http://img152.imageshack.us/img152/4097/schemascsid1000.jpg
  Can anyone help me? Any help is appreciated.

  are you using HVD scsi controllers? Gotsta doo that with D1000...
  if you just want to have each 420R use two drives, then scsi cables on each side and differential terminators in the middle.
  if you want to share the drives, you will have to do your homework.
  good luck,
  haroldkarl

• Simultaneous sync with two exchange servers - will it ever be possible?

  I fully understand that this is not possible at present (one has only to try to get a very clear pop-up message). I also understand that nobody can predict (or is willing to say) what is coming in future releases. My question is whether or not simultaneous syncing with two exchange servers is even theoretically possible. I don't undertstand exchange/ActiveSync well enough to even know if it's in the realm of possibility.
  If not, I'll try to find another way to do what I want (Gmail for calendar and contacts and work for mail, calendar and contacts) - I am open to suggestions. If it is, I'll have to figure out how important one (or the other) is to me for now and wait for the day when I can have my cake and eat it too.
  Thanks.

  I'm not sure if this is an ActiveSync limitation, but it might be since I don't believe accessing more than one Exchange account via ActiveSync with a Windows Mobile device is supported either, and ActiveSync and Windows Mobile are Microsoft products.

• Networking two NI lookout servers with different windows OS

  Can I networking two NI lookout servers with 50
  I/O, one with windows98 SE and one with Withows XP pro.?

  What's your lookout version on two computers? You need first to make two lookouts run, and then try to networking them. For example, if you run lookout 6.2 on windows 98, I'm not sure if it will work.
  Ryan Shi
  National Instruments

• Could you tell me if it would be supported to pair a two node enterprise edition front end pool inc mirror sql with a one node enterprise edition front end pool inc single sql?

  Hi all,
  Could anyone tell me if it would be supported to pair a two node enterprise edition front end pool inc mirror sql with a one node enterprise edition front end pool inc single sql?
  MUCH THANKS.

  The answer from TechNet found at http://technet.microsoft.com/en-us/library/jj204697.aspx Is, and I quote:-
  Enterprise Edition pools can be paired only with other Enterprise Edition pools. Similarly, Standard Edition pools can be paired only with other Standard Edition pools.
  Also, "Neither Topology Builder nor topology validation will prohibit pairing two pools in a way that does not follow
  these recommendations. For example, Topology Builder allows you to pair an Enterprise Edition pool with a Standard Edition pool.
  However, these types of pairings are not supported."
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Help: Connecting Firebird with CF on different servers

  Hi everyone, I hope someone can help me. I have a server with firebird and a database ( i cant touch that server) so I had to configure another server with CF, now, I need to connect CF with firebird on the other server to be able to read the database. The servers are in the same network (they are next to each other)
  Thanks.

  marco99 wrote:
  > I have an application that I wrote and normally host in
  my environment with CF
  > 7 Enterprise and the Web server (IIS 6) installed on the
  same server (same
  > physical machine). However, I now have a client that
  wants to install the
  > application in their data center and they require that
  the Web server be
  > isolated on a separate machine in their DMZ network
  segment, with the CF
  > application server isolated on another network segment.
  In reviewing the CF 7
  > documentation, I couldn't find instructions for
  installing and configuring this
  > type of environment. Does anyone know of any
  installation instructions for this
  > configuration that you could point me to? I also need to
  know if any special
  > ports need to be opened between the two separate network
  segments.
  >
  I believe the server documentation discusses this. I believe
  the basic
  process is to use the web configuration tool on the web
  server and when
  you run it, you point the web server to the ColdFusion
  application server.

• Two separate enterprise WiFi networks in the same building

  I work in a building that currently has Cisco controller based access points. The access points aren't managed by us and are actually part of another campus. We are given access to them but they don't work quite like we want them to. So we are wanting to bring in our own Cisco WLC 2504 with 3702 APs. But when we brought this up with the main campus they said we can't have two separate enterprise wireless networks in the same building. That their APs will mark our APs as rogues and try to shut them down. There was also mention that they can't share the same channel and that the radios will negotiate with each other to determine how much power they need for coverage. But from what I've read none of that is true. So maybe I misunderstanding something and hoping someone here with more experience can shed some light on this. The only reason we would want to keep their wireless in the building is so when their staff come to our office they can use it. 
  So can two separate WLC/AP systems on different subnets and broadcasting different SSIDs exist in the same building with out causing any issues?

  By default, the WLC code does not try to contain rogue AP's.  Just lots of alarm's and unclassified rogue's.
  In this case you hosts may have actually enabled containment but would have also received a screen full of warning about the public nature of the unlicensed wifi band.
  Here the Superior Court system is side by side with the County system even to the extent that the AP's are next to each other.  Gets fun.  Since each SSID constitutes a rogue, each unit represents a LOT of rogues to report.
  Good Luck

• How can two independent DirectAccess servers be set up safely in the same domain?

  I've got a single-tier certificate authority running on a 2008 r2 domain controller with an expiring root certificate. I have a new 2012 r2 domain controller with a new single-tier certificate authority. I also have a DirectAccess server running on 2012
  server (two NICs, NAT, IP-HTTPS only). I'd like to get a new DirectAccess server set up running server 2012 r2 using the new CA for the various DirectAccess server and client computer certs. I can get the new environment working and flip machines from
  the existing implementation to the new implementation.
  I was previously told by a tech working one of my Microsoft support tickets that two independent DirectAccess servers can't run in the same domain. However, I posted a related question
  https://social.technet.microsoft.com/Forums/projectserver/en-US/ab53a314-91ea-4d40-afd5-6b8f62698547/2012-directaccess-and-expiring-certificate-authority?forum=winserverNIS and got a response indicating that two independent DirectAccess servers can run
  in the same domain. If I can carefully get a second server operational within the same domain, I can build a reg file to deploy to all machines prior to the cutover that will simulate the gpupdate for broken machines in the field, getting them connected so
  the policy can be properly pulled from a DC. Would anyone else be willing to confirm or elaborate on operating two independent DirectAccess servers in the same domain? What are the gotchas?

  Hi,
  Yes you can have 2 Da deployments in one domain.
  I have done this a number of times for customer when upgrading from UAG DA to 2012.
  Make sure you use different Group policies for the DA servers and Clients. make sure you target the client with only one GPO at a time. Also use different AD groups.
  You then change the GPO assignment to the clients and they will flip when the client does a gp update. I have done this for a site that had over 5000 clients and we didn't have one call about it.
  You can use DirectAccess Offline Domain Join for any broken machines.
  https://technet.microsoft.com/en-gb/library/jj574150.aspx
  Regards, Rmknight

• Operating system not found when deploying to machines with two hard drives using MDT 2013.

  Computers with two hard drives will not boot after the install OS step in the task sequence.  I get the "An operating system wasn't found.  Try removing drives that don't contain an operating system" error.  I am able to get the
  machine to boot by swapping the hard drives' boot order, but the  task sequence won't complete after this.  The deployment works fine on machines with one hard drive, and I'm not getting any errors from the task sequence.  I'm deploying windows7
  enterprise x64 using MDT2013.  This is a new custom image and task sequence generated using MDT2013.  I can't remove the second hard drive because there are scripts that run on the second hard drive during deployment and also because I don't desire
  to remove and re-install 250 hard drives.  I've not experienced this problem with earlier versions of MDT.

  The bdd.log file you sent does not show two internal drives, it shows only one.
  Console > Please wait while DiskPart scans your configuration... ZTIDiskpart 12/16/2013 9:57:04 AM 0 (0x0000)
  Console > DiskPart has finished scanning your configuration. ZTIDiskpart 12/16/2013 9:57:05 AM 0 (0x0000)
  Console > DISKPART> ZTIDiskpart 12/16/2013 9:57:05 AM 0 (0x0000)
  Console > Disk ### Status Size Free Dyn Gpt ZTIDiskpart 12/16/2013 9:57:05 AM 0 (0x0000)
  Console > -------- ------------- ------- ------- --- --- ZTIDiskpart 12/16/2013 9:57:05 AM 0 (0x0000)
  Console > Disk 0 Online 60 GB 60 GB ZTIDiskpart 12/16/2013 9:57:05 AM 0 (0x0000)
  Console > DISKPART> ZTIDiskpart 12/16/2013 9:57:05 AM 0 (0x0000)
  Console > Volume ### Ltr Label Fs Type Size Status Info ZTIDiskpart 12/16/2013 9:57:05 AM 0 (0x0000)
  Console > ---------- --- ----------- ----- ---------- ------- --------- -------- ZTIDiskpart 12/16/2013 9:57:05 AM 0 (0x0000)
  Console > Volume 0 D DVD-ROM 0 B No Media ZTIDiskpart 12/16/2013 9:57:05 AM 0 (0x0000)
  Is this the problem?
  Keith Garner - keithga.wordpress.com

• I was able to download 10.8.5 but have been stuck on the install screen with "two minutes" remaining for an hour now. I'm afraid to hold the power button and shut it off. What can I do to resolve this? :[

  What can I do! I know servers are busy but if its installing right now before the restart it means its finished downloading from apple servers so I don't understand why it has been installing with two minutes remaining for a really long time now :[ I'm afraid ill lose all my files if I do a hard turn off.
  Thank you guys for your help!

  You may have no choice. If you hear no disk activity, you can hold down Command-Control-power button to force a restart. It should pick up where it left off.
  No backup is always risky.

• Hi.at first sorry for my bad english language.i have mac book pro with two os(win7 and mac10.9.3)when i want to restore my iPad air in mac os iTunes error 17 but in win7 easily restore!why?

  hi.at first sorry for my bad english language.i have mac book pro with two os(win7 and mac10.9.3)when i want to restore my iPad air in mac os iTunes error 17 but in win7 easily restore!why?

  Hi there saharalirezaie,
  You may find the troubleshooting steps in the article below helpful.
  Resolve specific iTunes update and restore errors
  http://support.apple.com/kb/ts3694
  Resolve communication issues
  Related errors: 17, 1004, 1013, 1638, 3014, 3194, 3000, 3002, 3004, 3013, 3014, 3015, 3194, or 3200. These alerts refer to gs.apple.com, say "There was a problem downloading the software," or say the "device isn't eligible for the requested build."
  Check the hosts file or TCP/IP filtering, which might cause communication issues between iTunes, ports, and servers.
  -Griff W. 

• CUA With Two  R/3 server Implementation

  Hai All,
  Currently we are using EP5.0 with SAP R/3 4.6C with two R/3 (P01,P02)servers. User id is managed in LDAP. That is,
  1. user u will be accessing P01 R/3 system we will create a user id in LDAP and a SAP userid IN P01 R/3 system
  2. user u will be accessing P02 R/3 system we will create a user id in LDAP and a SAP userid IN P02 R/3 system
  3. user u will be accessing P01 & P02 R/3 system and  we will create a user id in LDAP and one  SAP userid in P01 R/3 system and another userid IN P02 R/3 system.
  This the current framework, using single sign on the user are logged into different R/3 box.
  Now we plan to upgrade to EP7 and use CUA,
  a. If we use CUA whether user id's for  P01 and P02 can be created from P01 itself.
  b. Is it possible to achive scenaio 3. Whether there will be any technical issue. If I assign P01 as CUA and I create a userid  ZUSER1 in P02. When the user login to portal he will use the password of P02 system. After sometime if the same user is going to access P01 system. Then i will create a userid ZUSER1 in P01 system. Now the for P01 R/3 system the password generated is different from P02 system.Is there any way that P01 ZUSER1 password is synchronized with P02 ZUSER1 password.
  c. Is CUA supported with SAP R/3 4.6 C
  Thanks & Regards,
  H.K.Hayath Basha.

  Hai,
  Le'ts say i have created new client 400 in P01 and i am using that as my CUA.
  If I need to create two user in P01, client 300 as ZUSER1 and ZUSER2, When i create these user id's using CUA in client 400 of P01 server. Whether these userid's created in client 300 and 400 of server P01 and which clients password is used when i login to portal.
  If I need to create two user in P02, client 300 as YUSER1 and YUSER2, When i create these user id's using CUA in client 400 of P01 server. Whether these userid's created in client 300 of server P02 and 400  of server P02 and which clients password is used when i login to portal.
  Since you said that i need to point UME source to CUA master client, can i assume that whenever user id is created the CUA master client will store all user id's  of P01 and P02 server.
  If a person YUSER3 is going to login to P01(Userid ID YUSER3) and P02 server (Userid is YUSER3) and if password is not synchornized between all CUA clients(in our example P01 & P02) how can he login to portal with the same user id and access both P01 and P02 server.
  Thanks & Regards,
  H.K.Hayath Basha.

• How to create one soap interface with two soap action?

  Hi,
  I need to create one SOAP Interface with two or more webmethods (soap action), for example:
  Interface: MI_Outb_User
  Webmethods: createUser, searchUser, deleteUser.
  Can anybody helpe me?

  Hi Santos,
  I assume you will use one action at a time and depending upon certain condition you want to invoke the webservice and the corresponding action. If this is yes, then please check michaels reply in this thread:
  How can I handle serveral soap actions 
  or see stefans reply:
  Re: Is SOAP Adapter Action field can contain 2 or more "SOAP Actions"
  If this is not, then please ignore it.
  Regards,
  ---Satish