Microsoft Lync not working thru Anyconnect client

We are trying to establish video connection thru Anyconnect client. When made request from one user to another user on Anyconnect, one user does receive a request, but no connection get established. Any suggestion would be helpful.

Do you have "same-security-traffic permit intra-interface" configured on ASA?
Yers
Also, are you able to ping between the 2 AnyConnect clients when they are both connected?
Yes
Do you have any Windows personal firewall or any other personal firewall that might be blocking inbound connection towards the PC where you connect from?
No
One can initiate a session, but it just doesn't establish.

Similar Messages

Windows 8.1 Preview not working with AnyConnect Client

I had Windows 8 and was running Cisco AnyConnect client 3.0.10055 perfectly.
I upgraded to the Windows 8.1 preview and it tries to download update and then it fails and disconnects with the following message:
An unknown termination error occurred in the client.
Tried uninstalling and reinstalling the client, no luck.
Any ideas?
Thanks,
Eric

I had the same issue with windows 8.1 x64. I believe there is an issue with the windows 8.1 update process where it fails to update some of the drivers properly. I have noticed this issue with other windows drivers after the update. Follow the steps below and you VPN should work again.
1. Uninstall Cisco Anyconnect client.
2. Go to Device Manager and Disable Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
3. Go to C:\Windows\System32 and rename vpnva64.sys to vpnva64_Old.sys.
4. Reinstall Cisco Anyconnect client.
5. Go to Device Manager, you see duplicated Cisco AnyConnect VPN Virtual Adapters. Uninstall one of them but do not check the option to remove the driver.
6. Apply the registry fix in this blog: http://www.tomontech.com/2012/03/pro-tip-cisco-anyconnect-vpn-client-and-windows-8-consumer-preview/
7. Try to connect again and your Cisco VPN should work.

AnyConnect error " User not authorized for AnyConnect Client access, contact your administrator"

Hi everyone,
it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ... encrypted
names
name 10.0.1.0 LAN-10-0-1-x
dns-guard
ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif Internal
security-level 100
ip address 10.0.1.254 255.255.255.0
interface Vlan2
nameif External
security-level 0
ip address dhcp setroute
regex BlockFacebook "facebook.com"
banner login This is a monitored system. Unauthorized access is prohibited.
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup Internal
dns domain-lookup External
dns server-group DefaultDNS
name-server 10.0.1.11
name-server 75.153.176.1
name-server 75.153.176.9
domain-name ingo.local
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-10-0-1-x
subnet 10.0.1.0 255.255.255.0
object network Company-IP1
host xxx.xxx.xxx.xxx
object network Company-IP2
host xxx.xxx.xxx.xxx
object network HYPER-V-DUAL-IP
range 10.0.1.1 10.0.1.2
object network LAN-10-0-1-X
access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389
tcp-map Normalizer
check-retransmission
checksum-verification
no pager
logging enable
logging timestamp
logging list Threats message 106023
logging list Threats message 106100
logging list Threats message 106015
logging list Threats message 106021
logging list Threats message 401004
logging buffered errors
logging trap Threats
logging asdm debugging
logging device-id hostname
logging host Internal 10.0.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 10.0.1.11 / asa *****
logging permit-hostdown
mtu Internal 1500
mtu External 1500
ip verify reverse-path interface Internal
ip verify reverse-path interface External
icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo External
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (Internal,External) dynamic interface
object network LAN-10-0-1-x
nat (Internal,External) dynamic interface
object network HYPER-V-DUAL-IP
nat (Internal,External) static interface service tcp 3389 3389
access-group 100 in interface External
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius protocol radius
aaa-server radius (Internal) host 10.0.1.11
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console radius LOCAL
http server enable
http LAN-10-0-1-x 255.255.255.0 Internal
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto ca trustpoint srv01_trustpoint
enrollment terminal
crl configure
crypto ca trustpoint asa_cert_trustpoint
keypair asa_cert_trustpoint
crl configure
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpool policy
crypto ca server
cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
issuer-name CN=...
database path disk0:/LOCAL_CA_SERVER/
smtp from-address ...
publish-crl External 44436
crypto ca certificate chain srv01_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain asa_cert_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain LOCAL-CA-SERVER
certificate <output omitted>
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable External client-services port 44455
crypto ikev2 remote-access trustpoint asa_cert_trustpoint
telnet timeout 5
ssh LAN-10-0-1-x 255.255.255.0 Internal
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh timeout 5
ssh version 2
console timeout 0
no vpn-addr-assign aaa
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd dns 75.153.176.9 75.153.176.1
dhcpd domain ingo.local
dhcpd option 3 ip 10.0.1.254
dhcpd address 10.0.1.50-10.0.1.81 Internal
dhcpd enable Internal
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter use-database
dynamic-filter enable interface Internal
dynamic-filter enable interface External
dynamic-filter drop blacklist interface Internal
dynamic-filter drop blacklist interface External
ntp server 128.233.3.101 source External
ntp server 128.233.3.100 source External prefer
ntp server 204.152.184.72 source External
ntp server 192.6.38.127 source External
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
ssl trust-point asa_cert_trustpoint External
webvpn
port 44433
enable External
dtls port 44433
anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
anyconnect profiles profile1 disk0:/profile1.xml
anyconnect enable
smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
webvpn
anyconnect profiles value profile1 type user
username write.ingo password ... encrypted
username ingo password ... encrypted privilege 15
username tom.tucker password ... encrypted
class-map TCP
match port tcp range 1 65535
class-map type regex match-any BlockFacebook
match regex BlockFacebook
class-map type inspect http match-all BlockDomains
match request header host regex class BlockFacebook
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 1500
id-randomization
policy-map TCP
class TCP
set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
set connection timeout dcd
set connection advanced-options Normalizer
set connection decrement-ttl
policy-map type inspect http HTTP
parameters
protocol-violation action drop-connection log
class BlockDomains
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect dns preset_dns_map dynamic-filter-snoop
inspect http HTTP
service-policy global_policy global
service-policy TCP interface External
smtp-server 199.185.220.249
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
: end
Many thanks,
Ingo

Hi Jose,
here is what I got now:
ASA(config)# sh run | begin tunnel-group
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPool
authorization-required
and DAP debugging still the same:
ASA(config)# DAP_TRACE: DAP_open: CDC45080
DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
DAP_TRACE: Username: tom.tucker, DAP_add_AC:
endpoint.anyconnect.clientversion="3.1.02026";
endpoint.anyconnect.platform="win";
DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
Thanks,
Ingo

Group Policy not work in some client machine.

Hello All,
Existing environment is AD 2012. gpupdate /force command does not working in some client machine. And it's occur randomly. Error shown about 15-20% of client machine. Please suggest. Hopefully this time get reply from community.
The Error:
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\example.net\sysvol\example.net\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed. Windows attempted to read the file \\example.net\sysvol\example.net\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.

Thanks for your reply. basically this error occurs with in same location as well as branch location. i have check event log in AD but not got any specific error. AD health status is ok. AD to AD synchronization also working well. All the client machine running
on windows 7 64 bit and few of them are windows 8.
Please suggest. if you need any event log for analysis i can send you.
Thanks
I recommend you examine the event logs upon an affected client machine. Specifically, look for the surrounding events on that machine (both System, and Application logs), for the hours previous and the hour after.
The time period may vary according to your environment (e.g. what is expected/normal for your environment, your configured GP refresh cycle-time).
e.g., are there network drops, or power drops, or system crashes, restarts at the similar time.
if it's a laptop, is it wireless? Was there a transition from wireless to wired operation?
Is there VPN in use?
If you are able to compare with another machine (I would encourage that), to understand what "normal" looks like in the logs, so that you have some kind of baseline data for comparison.
Other checks, maybe confirm that the machines are updating as required (have the relevant WindowsUpdates etc), and consider if some security/protection/firewall software might be interfering with normal Windows operations.
Also the potential for malware or virus, which can disturb many basic services (ensure a scan is performed and returns clean).
If you have the opportunity for an affected user to contact you urgently when the symptom occurs, check that the gpt.ini file is accessible from their PC.
e.g.: \\example.net\sysvol\example.net\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\gpt.ini
This file is hosted within the replicated SYSVOL share on your DC's, so check that it is accessible.
You might also validate the particular GPO this refers to, and check each of your DC's holds the correct copy of the files for that GPO GUID.
If you open that GPO, and perform a minor change to it (e.g. add a comment), then click Apply, OK, this should cause the GPO contents to replicate an updated version (be cautious, depending upon the nature of that GPO !!!)
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Update query not working thru procedure

Hi
I need to update one table column based on another table column.
thru sql statement it is working, but same statement is not working thru stored procedure.
update target_table a set a.col2 = (select col2 from source_table b where a.id = b.id);
Above statement is working thru sql statement ,but it is not working thru procedure.
So Please on this.
Regards,
Venkat

post the code for the procedure. Kindly use before and after the procedure statement!

Addon is not working on Thin Client

Dear,
Here I am facing one problem in thin client architecture.
Means there is one SERVER (Monitor + CPU) and 10 clients (Only Monitor).
These 10clients monitor directly connect to server CPU means server & client
both having same hard disk.
Now the prob is tat ADDon is successfully installed on server and is working
perfectly. But when we login through client it gives me connection error. He is not
able to make a connection from client even though HARD DISK is same for client
and server.
Also I m not able to debugg our code on client side means dotnet program is
opening on client but when I run my prog. it gives me error to Stop Debugging and
also i checked config file and connection string. ITs ok and successfuly run on server.
Please help me on this issue. If there is code / network problem then pls clear by steps.
Thanks
Regards

Dear
Thanks for ur suggestion.
BUt problem is still the same and I confirmed that there is no Citrix server and no firewall.
And also screen painter is not working on Thin Client PC. It gives me error that
"COM UI was closed.To reload the COM Ui restart SAP Business One and Start Screen Painter".
I did the same thing but still screen painter is not working
Regards
Vikas

Vpn-framed-ip-address not working with anyconnect

Hi Folks, please help me to verify if this case is a bug or a "not valid scenario".
Scenario:
ASA 5520, OS 9.1, SSL VPN with Anyconnect v3.x, static ip address for the client, and RSA token authentication (all the users/pin/passwords are in the RSA server, not in the ASA, but i need to create some users in the ASA in order to apply the vpn-framed-ip-address attribute for specific users).
In fact the anyconnect ssl vpn with RSA auth works fine, the ssl connection works, the user is authenticated, the anyconnect works, traffic passing, BUT.. the anyconnect its getting an ip address from the ip local pool INSTEAD of the static ip defined with the vpn-framed-ip-address command.
I'm trying to assign a static ip address for a user (defined locally on the ASA) that performs auth via RSA (aaa-server), by using the vpn-framed-ip-address command as an attribute for this local user. But it seems the command is not working.
Already I´ve tried to resolve (with no success) by entering the
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local
Also i´ve tried by removing the pool from tunnel-group in order to force all the connection session to use the static ip address, but in this case, the anyconnect sends a message "No Address Available for SVC Connection". Meaning the ASA simply is ignoring the vpn-framed-ip-address command.
Its supposed the ASA implement the policies in this order, DAP > User policy > UserGrp policy > ConnProfile > DefGrpPolicy, and according to this, the vpn-framed-ip-address command should take effect first since its specified as User policy, overriding everything else. But its not working.
At this point i think the issue is... since the user is locally defined but its password its being authenticated via RSA (not local), the user attributes (static ip) are being ignored by the ASA because its not expecting to receive an ip address from the aaa server (RSA), so jumps to the next policies falling to the pool. Anyway the user policies attributes SHOULD work according to cisco.
Please your advise, or tell if its a bug? or a not valid scenario for this command to work with the ASA.
This is the current config:
ip local pool PoolSSL 192.168.229.10-192.168.229.19 mask 255.255.255.0
aaa-server RSA protocol sdi
aaa-server RSA (inside) host 192.168.12.1
retry-interval 5
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
group-policy GroupPolicyABC internal
group-policy GroupPolicyABC attributes
wins-server none
dns-server value 192.168.61.1 192.168.61.2
vpn-tunnel-protocol ssl-client
group-lock value TunnelGroupABC
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ServersDB
default-domain value my.domain.com
split-tunnel-all-dns disable
webvpn
anyconnect ask none default anyconnect
username USER1 password xHhacRZ56Uadqoq encrypted
username USER1 attributes
vpn-framed-ip-address 192.168.229.7 255.255.255.0
group-lock value TunnelGroupABC
tunnel-group TunnelGroupABC type remote-access
tunnel-group TunnelGroupABC general-attributes
address-pool PoolSSL
authentication-server-group RSA
default-group-policy GroupPolicyABC
tunnel-group TunnelGroupABC webvpn-attributes
group-alias AccessToDB enable
I´ll wait for your answers, regards!

https://tools.cisco.com/bugsearch/bug/CSCtf71671/
you need AAA assignment, or at least you needed to have it a couple of years back.

Microsoft Mail not working with Windows 7 & MS-Office 2010

Dear All
I have a client who is using Microsoft Mail for their internal mailing. They have been using MSoffice ( Outlook) for this purpose for last so many years.
We have found that Microsoft Mail does not work with Windows 7 and MS Office 2010 combination.
When you try to configure it given error 0x8004110.
When we tried with different versions, we found that if you install Office 2007 it works. If you try Office 2007 and then Office 2010 and remove Office 2007, it still work. But Then it is treated as 2 installations of Msoffice on the same computer.
I need to know whether this is right from Licensing perspective. We 'll be using single copy of office but it may seems as we have installed Office 2007 & office 2010 on same computer.
--Shekhar

We have found that Microsoft Mail does not work with Windows 7 and MS Office 2010 combination.
When you try to configure it given error 0x8004110.
Windows 7 is a supported operation system for Office 2010. At what exactly point will you get the specific error?
Is that a Click-To-Run version of Office 2010? By default, for MSI-based version of Office, when you upgrade existing Office 2007 to Office 2010, the earlier version of Office will be removed:
http://office.microsoft.com/en-us/excel-help/keep-earlier-versions-of-office-programs-when-installing-office-2010-HA102597134.aspx
For licensing advice, as <Don> suggested above, you should contact your local Microsoft customer support or reseller.
Regards,
Ethan Hua
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs.

Desktop Wall Paper GPO is not working on XP client system

Hi
I 've a DOMAIN active directory server 2008. and also added some XP & Some window 7 Clients in this domain. I 've configure a policy thar all domain's clients desktop wallpaper would same.
this policy is working fine on windows 7but on XP this policy is not working. I 've also try to set desktop wall paper from LOCAL GROUP POLICY of this client machine. but this is also not working.
I am showing this wallper on my desktop.
So kindly help me out that how apply desktop wallpaper policy on this XP system...
I am showing this wallper on my desktop as given below...

Hi Manjesh Kaushik,
Earlier version of the OS only support .bmp(bitmap) format to configure wallpaper where as enabling Active Desktop allows you to use range of formats including animation as well as web pages. Since, you are using JPEG, enable configure the option Enable
Active Desktop setting in GPO. For your information, please refer to the following article:
Customizing the Desktop
For your information, please refer to the following similar post:
Wallpaper for Windows XP VIA GPO
http://social.technet.microsoft.com/Forums/en-US/e7dd656a-a687-45e4-9847-975bce059033/wallpaper-for-windows-xp-via-gpo?forum=winserverGP
Regards,
Lany Zhang

Software Update Point Switching is not working for some Clients

Hi there,
I found nothing similar here and I hope this is the right section.
I´m running ConfigMgr 2012 R2 where one of the Site Systems from one of the Primaries is located in an untrusted Forest in a perimeter Network. The Site System there has the MP, SUP and DB Roles. In general it works great. The Systems in that untrusted Forest
get the SCCM Agent pushed, see and can install published Software packages and receive Windows Updates. But there are a few systems where everything works, except Windows Updates.
So I had a deeper look at what is happening and found out that the SUP switching is not working for them. They always try to contact the SUP from the Primary, which they cannot reach (this is intended).
From how I understand SUP switching as described here
http://blogs.technet.com/b/configmgrteam/archive/2013/03/27/software-update-points-in-cm2012sp1.aspx#pi140062=1
the Windows Update Agent tries to connect to a SUP every 30 minutes and after 4 failed attempts he will try to connect to the next one until he finds one which works.
As I said before, this seems to work for most systems in the untrusted forest, but some do not make any intentions to switch the SUP.
So my next step was to find out from where the Update Agent can get the information of the available SUPs. I think they either don´t receive the information that other SUPs exist, or if the Information is there, they don´t realize that there´s an error and
make no attempt to switch.
I used the System Center Support Center to gather all Information from some of the systems with that problems (Log Files, WMI information, registry information, policies etc.) but I cannot find where SCCM or the Update Agent store the information which SUPs
are available in my environment.
I´m sure the problem is on the Systems which fail to connect to the right SUP and not in the SCCM infrastructure itself, because for most of the systems everything is working just perfect. Unfortunately in the Blog Post above there´s also no information
where this information is stored and how it is obtained by the clients. In the comments there´s even one post which describes the same problem I have here, but there was no answer. I hope someone can point me into the right direction, because I´m stuck currently.
Things I tried additionally to all the log file / WMI / registry sniffing:
Removing the Software Distribution Folder and restarting the Windows Update Agent
Removing the WindowsUpdate Registry folder in the HKLM\SOFTWARE\Policies\Windows section in the Registry and restarting the Windows Update Agent.
Tried to reset the WUAgent with wuauclt /Resetauthorization additionally to the steps above.
I also tried to manually set the WUServer and WUStatusServer Keys in the registry to the new Server, but as soon as the next Update Scan cycle runs, the value is set back to the URL of the Primary Sites SUP
Is someone having additional ideas? It seems to me older systems are more affected (which were configured for a standard WSUS before SCCM 2012 was deployed) than newer ones which were installed when SCCM was in place already. But I don´t know what else to
"reset" on those machines without reinstalling them.

Thank you very much for your response. I must have missed that one by looking through numerous Logfiles. In this, there´s indeed a list of all available SUPs. So according to the LocationServices.log the machine should have a choice.
The WMI Key however, contains just one entry and this is the URL of the Primaries SUP which is not reachable in the untrusted forest. Is it OK that the WMI entry includes only one entry? If yes, what process is putting the results from the LocationServices
into WMI? It seems like the Windows Update Agent is feeded from the WMI Key then. If this is the case my problems seems to be the "communication path" between these two components.
Is this the job from the SCCM Agent, the Windows Update Agent or maybe some third component I´m not aware of? I wonder how I can fix this.

SWN_SELSEN not working in test client after client-copy

Hi all,
We are using extended notification without problem until test client was refreshed by client-copy from production client. In test client, report SWN_SELSEN did not generated notification even there are newly generated workflow items. Because of client-copy, I found that tables SWN_NOTIF, SWN_NOTIFTSTMP, SWN_SENDLOG, SWN_TIMESTAMPS are all empty in test client.
Please advise how to make report SWN_SELSEN back to work in test client. Thanks.
<< Additional information >>
(1) Run report SWN_SELSEN_TEST with test Case 5 - Simulate Send Only. After this, some entries were written to above tables. But test on new workflow item, the schedule report SWN_SELSEN still fail to trigger notification.
(2) Run report SWN_SELSEN_TEST with test Case 4 - Send One Message Only. It triggered notifications for all active workflow items and sent out several hundred emails including workflow item created in step 1. However, further test on new workflowitem, the schedule report SWN_SELSEN is still unable to trigger notification.
I think there may be something else missing, like the timestamp of delta. Please help.
Regards,
Donald

Hello,
I've experienced a few cases where stopping SWN_SELSEN and then restarting it helped to fill up SWN_TIMESTAMPS with proper values. How does that table look after you run it?
What is SWN_SELSEN_TEST?
Chck in SLG1 to get an idea of why it's not working. You can also run SWN_SELSEN in the foreground and debug it to see exactly where and why it goes wrong. Also check ST22.
regards
Rick Bakker
hanabi technology

Why CUA (Release 7.00) is Not Working with Old Clients(Release 4.6C, 4.5B)?

Hi all,
We have CUA (release 7.00) that is not working with older release clients. I implemented 2 release 7.00 clients to CUA; they both work fine. However, when I implement some older release clients (like, 4.5B, 4.6C, 6.20 and 6.40) to CUA, I can only create ID and pull out to client, but roles do not go through.
It is kind of argent.
Do anyone know how to fix it????
Thank you for reading this.

> It is kind of argent.
I think you meant "ardent"...
THe word u r g e n t is blocked by our content filters, because a while back everything was like that and these forums are actually discussion forums...
Anyway, sounds like faulty config or perhaps a problem with logical system assignment.
Have you checked that? Also check in SCUL?
That you can create users but not assign roles might also be that in the lower release systems they are checking activity 22 (assighn) AND 02 (change) to assign the role. Doesn't make sense, really....
Check the drop down menu in table PRGN_CUST for the option to change this, and compare whether the settings are different.
Cheers,
Julius
Edited by: Julius Bussche on Jul 30, 2009 11:34 PM

Knowledge Search not working in Win client

hi there
i have a problem with knowledge search not working in IC Win Client in CRM version 5.0
i guess the problem is with the workspace that is IIA for solution search that is assigned against the knowledge search
please tell what should i do as right now when i am trying to execute it or open the knowledge search dump is coming stating null object referenced
i wonder what could be the solution
best regards
ashish

Hello ashish,
I had that problem too. You have to apply note 1002299 to restore missing configurations in SAF.
Also, if you worked with IIA in previous versions, take a look at note 656321 to check it's evolution (replacement by SAF).
Good luck and Kind regards,
Bruno

Bridge does not work for wireless clients - connecting to existing network.

Hi - I really hope somebody can help out here, after hours of trial & error, I have finally given up
I need to connect my Airport Extreme Base Station to my existing network. I have a linksys router (192.168.15.1) connected to my modem and this linksys router acts as DHCP server too.
I suppose I have to use "bridge mode" for that to work. But should the linksys be connected to the AEBS using the AEBS's WAN or LAN port?
If I use "bridge mode", then wired computers to the AEBS works fine - getting an IP from the linksys etc. BUT, the wireless clients will have a self-assigned IP and not get through to the internet. It's like the AEBS will not allow wireless clients to "get through" unless AEBS itself is handing out IP addresses.
Page 36 of this manual ( http://manuals.info.apple.com/en/DesigningAirPort_Networks10.5-Windows.pdf ) shows the setup I want. But in the picture, it says "Ethernet WAN port" but the text says: "The Apple wireless device (in this example, a Time Capsule) uses your Ethernet network to communicate with the Internet through the Ethernet LAN port ( <--> )." I don't know which one to use, WAN or LAN - they show WAN but say LAN?
When I set it up as "share an IP address", the AEBS status tells me "double nat" and to change from "shared IP" to "bridge mode". I do that, and everything seems fine - for the wired clients. Now the wireless clients cannot connect, Airport on the MacBook Pro just say "Connection failed" and the MacBook says "Invalid password" (translated from danish), even though I set the Airport Utlity to save the password in keyring, so it should be correct... If I disable wireless encryption, the wireless clients will connect but get a self-assigned IP, and therefor not work (cannot get online)...
It seems the only way I can get wireless to work, is if I set AEBS up as DHCP, but then it won't be on the "same network" as the linksys (192.168.15.1), but rather on 10.0.x.x as I select. If I select 192.168.x.x within AEBS, I'm also getting some error messages, conflict/subnet thing.
Anyway - I really hope somebody knows how to get wireless clients to get an IP address from existing ethernet when connected to the AEBS.
Thanks!!

I've given up and had to go back to running "Double NAT" which also reports as a "problem" within the AEBS, but I just "ignore" it so the light will always be green.
It still ***** though, as "Double NAT" is also a reason for "Back to my Mac" not working properly, but how the ** am I supposed to avoid Double NAT when the wireless will not work in bridged mode?!

IMovie and Microsoft Office NOT WORKING! PLEASE HELP!

Just recently, out of nowhere, my iMovie and Microsoft Office stopped working; they won't turn on. I have Leopard 10.5, and they had been working on it since recently. Whenever I start iMovie, the "This program has quit unexpectedly" window comes up. Here's what I did. Firstly, I reported the problem to Apple and tried relaunching the program. That didn't work. Then, I deleted anything I had downloaded recently that may have affected it. Nothing. Next, I tried going into Library>Preferences and deleting all files with "iMovie" in the name. Nada. I then opened up disk utility and repaired disk permissions; yup, you guessed it, it didn't work. Finally, I archived and reinstalled Leopard, but it's still not working.
As for Microsoft Office, I have only reported the problem and deleted recent downloads. I haven't tried anything else (excluding the Leopard thing) to fix Office.
Please help ASAP! I need both of these applications for an upcoming project... and I may have to see a Mac Genius after this...
This is my last hope!
Thank you so much!
My AIM is tas121694 and email is [email protected]
Thanks again,
Todd

Well, that tells us that it's most likely something in your user account and not with iMovie or Office in general. If you need to get your videos edited right away and don't have time for troubleshooting, you can transfer them to the other account by copying them into the Users -> Shared folder. That would allow you to have access to them from the working account.
As to fixing the problem, you might try asking in the iMovie forum. It's possible that you have a corrupted project that iMovie keeps trying to open by default and that deleting that project might fix the problem. I'm not an iMovie user, though, so I'm not sure. Asking in the iMovie forum will probably get you more informed suggestions.
As to Office, what version is it, and do none of the applications (Word, Excel, PowerPoint, Entourage) launch, or is it just some and if so which one(s)?

Microsoft Lync not working thru Anyconnect client

Similar Messages

Maybe you are looking for