NAC ADSSO not 100% work

Similar Messages

• NAC ADSSO doesn't work

  Hi there,
  I have 1 CAS and 1 CAM. Everything works fine if I use localDB authentication.
  I tried to complete SSO AD configuration, from CAM installation guide. SSO service started to work successful. I'm trying to login to the domain - It's ok, I see green kerbtray icon, tickets are ok, but anyway I receive CCA Agent login/password screen.
  AD logging looks like: (172.16.13.100 is AD server)
  Mar 14, 2008 1:10:00 PM com.perfigo.wlan.jmx.admin.GSSServer loginToKDC
  INFO: GSSServer - SPN : [cisco/[email protected]]
  Mar 14, 2008 1:10:00 PM com.perfigo.wlan.jmx.admin.GSSServer buildKDCList
  INFO: buildKDCList - KDC-1: computer-c.zozo.gov/172.16.13.100
  Mar 14, 2008 1:10:10 PM com.perfigo.wlan.jmx.admin.GSSServer loginToKDC
  INFO: GSSServer - KDC(s) : [172.16.13.100]
  Mar 14, 2008 1:14:22 PM com.perfigo.wlan.jmx.admin.GSSRetrier$RetrierTask run
  INFO: GSSR - Windows SSO is running
  Mar 14, 2008 1:19:22 PM com.perfigo.wlan.jmx.admin.GSSRetrier$RetrierTask run
  INFO: GSSR - Windows SSO is running
  What's may be wrong in my configuration? Local time on CAM, CAS and AD is the same, TCP/8910 in CAS is in listening mode. I opened full IP from * to my AD Server for Unauthenticated Role.
  Regards,
  Andrey

  Are you running OOB Layer-3 with Real-IP gateway? Are you running 4.1.3? Are you using Certificate Authority? If the answer is yes to all. You may want to review this http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/413/413rn.html#wp74768. Be careful though, you may also need to apply an egress ACL to block trusted vlan from sending TCP-8910 to the FQDN of the OOB-CAS's Untrusted IP. Otherwise, the CCA agent may continue to send TCP-8910 to CAS and process SSO and refresh IP continuously(looping process).

• Disabling cookies is not 100% working

  Hi!
  I'm trying to force clients using urlrewriting from the server, so in the
  session descriptor, I set the 'URLRewriting Enabled' to true and 'Cookies
  Enabled' to false. Then I test it by setting cookies enabled in browser.
  Seems this way can't guarantee using urlrewriting instead of cookies, cos
  sometimes sessions do get from cookies except that I disable cookies from
  browser. Is it possible to force using urlrewriting from the server? I met
  this problem with Weblogic 6.1, and it seems OK with 5.1.
  Thanks a lot.
  Hattie

  How are you blocking Google from settings cookies?
  Try opening the Permissions manager by typing or pasting '''about:permissions''' in the address bar and pressing Enter. Then type ''goog'' in the search box above the site list. What do you have set for google.com? See the attached screen shot for an example.

• NAC ADSSO with NAC Module isn't working for all modules

  Hello,
  We have a NAC OOB-L2-VG Deployment at the Central Site with VLAN Mapping and ADSSO which works just fine.
  As part of the project we have implemented NAC Modules on ISR routers for the branch offices; same topology but as the documentation states no VLAN mapping was configured. The problem is that for some users in one branch office the ADSSO isn't working and in another branch office the ADSSO isn't working at all, all the users are getting authenticated with a local user we defined on the servers.
  The configuration in both modules is exactly the same; they are using the same user to access the AD (the one used on the ktpass) the data links to the central site are both 1 Mbps and everything is pretty much the same thing.
  I have checked the logs on the CAS-Module and it states that Windows SSO is running:
  Nov 27, 2009 10:08:23 AM com.perfigo.wlan.jmx.admin.GSSRetrier$RetrierTask run
  INFO: GSSR - Windows SSO is running
  The interesting thing is that when the user goes thru the NAC process I see these logs:
  Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.SWissServer run
  FINE: Sent Response to /172.19.5.11!
  Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSServer$GSSThread run
  INFO: accepted ADSSO socket ...Socket[addr=/172.19.5.11,port=1431,localport=8910]
  Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSServer$GSSThread run
  INFO: accepting ADSSO socket ...
  Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
  INFO: processing socket ...Socket[addr=/172.19.5.11,port=1431,localport=8910]
  Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
  INFO: TIMEOUT_SET FOR ADSSO SOCKET ... Socket[addr=/172.19.5.11,port=1431,localport=8910]
  Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
  INFO: reading peer's token_length Socket[addr=/172.19.5.11,port=1431,localport=8910]
  Nov 27, 2009 8:55:28 AM com.perfigo.wlan.jmx.admin.GSSHandler run
  SEVERE: IO Error: Socket[addr=/172.19.5.11,port=1431,localport=8910]:Read timed out
  Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissHandler processPacket
  FINE: SWissServer: get request from : 1043@/172.19.5.11
  Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissHandler processPacket
  FINE: SWissServer: Client OS is WINDOWS_PRO_XP
  Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil parseClientAddrList
  FINE: IP=/172.19.5.11, MAC=00:1E:4F:53:97:7D
  Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.Shell writeToClick
  FINE: /proc/click/intern_arpq/add_interest-->172.19.5.11
  Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.Shell writeToClick
  FINE: /proc/click/intern_arpq/remove_interest-->172.19.5.11
  Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
  FINE: IP=172.19.5.11, VLAN=19, OS=WINDOWS_PRO_XP
  Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
  FINE: Default Provider=Local DB
  Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
  FINE: Providers=Local DB;
  Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
  FINE: Number of providers=1
  The IP address 172.19.5.11 is the IP of the PC during the unauthenticated role; what the user is finally seeing is the CCA Agent asking for user and password instead of using the ADSSO.
  The version of the Agent is 4.1.10, the NAS and NAM are running 4.1.8 and the only ackword thing is that the Active Directory Servers are running Windows 2000 SP4.
  Any assistance would be much appreciated.
  Thanks,
  DL.

  Hi,
  I too have the same error , Any one knows how to resolve this
  Socket[addr=/10.80.0.220,port=1583,localport=8910]
  2010-09-28 10:57:38.028 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSServer               - accepting ADSSO socket ...
  2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler              - processing socket ... Socket[addr=/10.80.0.220,port=1583,localport=8910]
  2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler              - TIMEOUT_SET FOR ADSSO SOCKET ... Socket[addr=/10.80.0.220,port=1583,localport=8910]
  2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler              - reading peer's token_length from Socket[addr=/10.80.0.220,port=1583,localport=8910]
  2010-09-28 10:57:38.670 +0530 ERROR com.perfigo.wlan.jmx.adsso.GSSHandler              - IO Error: Socket[addr=/10.80.0.220,port=1583,localport=8910] null
  2010-09-28 10:58:40.215 +0530 INFO  com.perfigo.wlan.jmx.adsso.GSSRetrier              - GSSR - Windows SSO is running
  2010-09-28 10:59:26.308 +0530 WARN  org.apache.commons.httpclient.HttpMethodBase       - Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
  2010-09-28 10:59:38.478 +0530 INFO  com.perfigo.wlan.jmx.admin.OOBDelayTask            - OOBDelayTask: remove temp user [00:01:80:53:67:75]/[10.80.0.220]
  Thanks in advacne

• Why is 100% not 100%?

  If I am drawing and have my window set to 100% how come when I save it as a gif and then open the file in a browser the drawing is smaller than it appeared when I was working on it in illustrator? These files are for web use so there are no screen to print considerations.
  Mark

  Larry,
  The problem is not 100% screen not equal to 100% print, but 100% raster image in Illustrator not equal to 100% raster image in browser on the same monitor.
  Mark,
  Is there some HTML formatting the GIF? Is that HTML also resizing it? If so, change the code to the same size as the image or export the image again using the size in the HTML.
  If not, can you post a link to the image?

• Could not clean working directory during the Livecycle ES 8.2.1 installation

  Hi,
  while using Adobe Livecycle Configuration Manager, I am getting the following error. How could I get around this problem?
  Failed on    'Executing merge scripts for adobe-livecycle-native-weblogic-x86_win32.ear'
  Could not clean working directory
  reg,
  Raj

  I'm posting my experiences with this error because it can hopefully help other people.  I was getting the same error during the Configure LiveCycle ES (1 of 3) screen after clicking the Configure button.  It would fail around 75% with a prompt saying error code ALC-LCM-000-000 and could not clean working directory.  The progress log would indicate the failure at executing merge scripts for adobe-livecycle-native-weblogic-x86_win32.ear.  I was installing LC ES 8.2.1 SP3 + QF 3.19 with the Forms and Output components on a Windows 2003 platform.
  Rename working dir (LC support suggestion)
  Rename c:\adobe\livecycle8.2\configurationManager\working to be like working.old.  Re-run ConfigurationManager (CM).  Didn't help since I saw the same error message.
  Clicked Configure again on and it went 100% without any problems.  The rest of the install went just fine.
  Reinstall Adobe LC ES 8.2
  I was getting the same type of error on another box, but clicking Configure wasn't getting past 75% again.
  Reboot of the box didn't help on the next attempt.
  Reinstall LC ES 8.2 worked
  Used the Add/Remove programs to remove Adobe LC ES 8.2
  Reinstalled the software with SP3 + QF 3.19.
  Ran CM again and I was able to get past this error.

• I'm using iphone 5 but its camera is not properly working. all the images i'm clicking are of dimension 600X800 and the size of the image is just 60-70 kb. now please tell me how to increase the dimension of images and its size.

  i'm using iphone 5 but its camera is not properly working. all the images i'm clicking are of dimension 600X800 and the size of the image is just 60-70 kb. now please tell me how to increase the dimension of images and its size.

  ''rojere [[#question-1055991|said]]''
  <blockquote>
  i try to keep my thumb palms off the mouse pad when i am typing but every now and then my screen resizes larger or smaller until i take my left palm off the keyboard base its only when my left palm is resting on the base next to the touch pad. i type pretty fast so it gets annoying and yes it also jumps screens or reverts back to previous message and i have to choose ctrl z to undo and get back to my message i was typing... it also switches tabs on me as well... not sure why my palm being on the left of the keypad on the base should effect anything but it does after a while. and i have to stop what i am doing...and go to the firefox menu and change the screen size back down to 100% sometimes it goes up to 200-300 other times it goes down to 70-80% i find it annoying i i wish there was a way to turn off the screen resize in the setup panel. if its just left to be 100% i am happy with that... i don't need it to be bigger or smaller... there should be a way to LOCK it down... i understand that there are people out there with eye problems and needs to have the screen size increase using the + or - but there should be a lock so it just stays no matter what is happening on my keypad or touch pad or base of the pad... that screen size will not increase or decrease. unless i turn off the lock... perhaps this is something they can implement in the next version or do a quick update of the browser
  </blockquote>
  sorry that is all greek to me thanks for attempting to explain what you were trying to explain sorry i just not tech person to be able to understand or where to begin ... have good day and thanks for again trying

• With Windows Vista, the most recent Itunes update 1/30/2014 has caused Itunes not to work, with a Mscvr80.dll not found error. Uninstalled all Apple programs, and installed fresh Itunes. Same problem. Tried to reinstall using an older install exe nogo

  Recent ITunes update has caused ITunes not to work. Tried uninstalling all Apple products and reinstalling fresh. Still doesn't work. Tried reinstalling from an old install.exe. Install went nicely but program won't start as it says it can't open the library file.

  Now that I have no way of accessing any of the products I have purchased from ITunes, I will most certainly never use ITunes again for any reason. Why throw good money after bad?  I will use another MP3 player that is not as cumbersome or proprietary.
  Lesson learned.

• Can not find "Work Folder" in windows server standard edition

  Guys, I have a testing lab and all is working with the exception of the fact that I can not find "work Folder" to install it.  I'm using windows server 2012 standard evaluation copy edition.  Normally work folder should be under >file
  and storage service>file and iSCSI services.  However, it is not there.  Can someone help please
  staphisco

  Hi,
  From the overview, Work Folder is not supported in Windows Server 2012 (only Windows Server 2012 R2). 
  Work Folders Overview
  http://technet.microsoft.com/en-us/library/dn265974.aspx
  Software requirements
  Work Folders has the following software requirements for file servers and your network infrastructure:
  A server running Windows Server 2012 R2 for hosting sync shares with user files 
  If you have any feedback on our support, please send to [email protected]

• My iphone 4s voice dictation for text messages is not consistently working. Sometimes it works, other times after the dictation it just gives me a blank space. Anyone else having this problem?

  My iphone 4s voice dictiation for text messages is not consistently working. I've had the phone since Thanksgiving and it always worked perfectly, but the last few weeks it's been hit or miss. Sometimes it works, sometimes it doesn't. Anyone else having this problem? I tried the hard reset but that hasn't fixed it.

  I have the same problem since updating to IOS 8.3. Any app to which I want to send a new link via IMessage does not allow me to select a contact to send the IMessage to. Using a pre-existing thread does not have same problem.

• ITunes sync to Z10 = not right working / mixed songs in wrong playlists

  Hi
  iam totally frustrated:
  I try several weeks since i have this great device, to sync my itunes music to z10.
  But on syncing thru BB Link, my playlists on z10 are totally mixed with the wrong music files.
  On itunes = all is fine sorted
  Transfered to Z10 = some music is not shown in their playlist or playlists are together in one.
  So syncing is not right working. Horrible
  Combination:
  iTunes + Mac
  Z10 with 64GB card -> fromatted inside Z10 (several times)
  So iam not able to get my music with right playlists to the Z10.
  whats wrong here?
  I never experienced with such problems on iPhone or Android based Phones.
  Blackberry! Please fix that!

  Hey uhscale,
  Welcome to the BlackBerry Support Community Forums.
  Thanks for the question.
  We are going to need to gather some BlackBerry Link logs to find out why the playlists are mismatching.  Please contact your network service provider and ask to be transferred to BlackBerry so we can investigate these logs.
  Thank you.
  -ViciousFerret
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Like! for those who have helped you.
  Click  Accept as Solution for posts that have solved your issue(s)!

• Web Intelligence is not always working  well

  i found web intelligence is not always working, sometime, when i try to open a document, it takes so long, sometimes, it is fast, sometimes when i try to refresh the report, it gives me error, i am wondering if someone knows what could cause this kind of issue? is it proxy? or something else?

  Tara,
  there are many factors that can cause slow performance.  In those cases where it is sometimes fast, it may be due to caching -- another user recently requested the same report and the report is in the server's cache, so instead of running the report from the start it sends the cache to you.  In other cases there may be no cache built up so you get stuck waiting for cache and your report comes up slowly.  There are a couple of techniques for tracking down slow performance, but mostly it happens due to either a database problem or an overworked applications/web server, or poor communication/LAN/Network lines.  Depending on your expertise you'll gravitate to checking that aspect out first and investigating one of the aspects to see where a bottleneck is getting produced.  Another technique is to add -trace to your service startups to add more verbose messages to your logs.  Adding trace will help you to see more of what is going on in the background.  I guess it's a matter of digging in and following your instincts until you can nail down the culprit.
  Thanks,
  John

• I already have changed my apple id. But whenever I update any application, it is asking and using the old app id and password that is not a working e-mail already. How can I change my app id?

  I already have changed my apple id. But whenever I update any application, it is asking the old app id and password that is not a working e-mail already. How can I change my app id?

  So you made a new Apple ID? Unfortunately that won't work. Content is forever tied to the Apple ID that bought it. Apple does not transfer content from one ID to another and Apple does not merge Apple IDs. What should have been doen is mearely change the email address that was associated with the Apple ID.
  http://support.apple.com/kb/HT5621
  The only way that you can do this now is with a new email address if you used your current email address for the new Apple ID.

• IPod Touch 4th gen home button not always working and deletes all songs on iPod.

  I bought my ipod touch on may but since that day, the home button is not alway working and also sometimes when I sync my Ipod, it remove all the songs from it without asking me. What can I do? It is so frustrating..
  thanks in advance for help.

  Try:
  fix for Home button
  Fix a broken, unresponsive or sticky iPhone Home Button
  - If you have iOS 5 and later you can turn on Assistive Touch it add the Home and other buttons to the iPods screen. Settings>General>Accessibility>Assistive Touch
  - If not under warranty Apple will exchange your iPod for a refurbished one for:
  Apple - Support - iPod - Repair pricing
  You can do it an an Apple store by:
  Apple Retail Store - Genius Bar
  or sent it in to Apple. See:
  Apple - Support - iPod - Service FAQ
  - There are third-party places like the following that will repair the Home button. Google for more.
  iPhone Repair, Service & Parts: iPod Touch, iPad, MacBook Pro Screens
  Regarding the songs problem, Are you always syncing to one computer/iTunes library? If y sync to another computer/iTunes library your iPod will be erased and its contents replaced with what is in the iTunes library of the second computer.

• My iPhone 5 has not been working properly please help!!

  I have a 16GB iPhone 5 with the latest update (iOS 7.1.2) and lately (about a week or so) it's not been working right. It first started where the screen would freeze and then I'd have to click the power button and return to lock screen I get it to work again, or sometimes even turn off my phone. Then one day I tried to take a picture and it wouldn't let me?? So I turned off my phone and when I turned it back on it worked again. Then the other day I went to play music and it wouldn't let me. First I tried from the itube app then thought maybe the app wasnt working, so I went to my iTunes music on my phone and that wasn't working. It wouldn't let me press play/pause/next. basically it wouldn't let me do anything and then it just froze. I put it to sleep and went back to my music about 30min later and it was fine. Then today my screen froze so I held down the power button to turn it off. Nothing happened for 10 seconds then the screen just went black, no little spinny thing like what normally comes up when it powers off. Then no matter what I did it wouldn't turn on. I looked up on here how to fix this and found a solution (plugging it into my computer and holding the power and home button for 20 seconds). Anyway, basically what my problem is is that I dont want my phone to be like this? Should I take it in to be looked at or is there maybe an app causing this ?? I honestly have no idea and it just recently started being like this (I've had this phone for 3 months and it's new. It still has about 5GB of space left). Please let me know if you have a solution or if this phone just is like this. Sorry if this isn't very descriptive :/ Ive been able to get my phone working again every time so far, but next time I might not and I really want to fix it. Thank you!!

  Apple is aware of the issue and is workingon an update to address iMessage issues.
  In the meantime I have found that a good old fashion reset cures it for a while.
  Reset: Hold the Sleep/Wake and Home buttons and don’t let go until the screen goes dark and the Apple logo appears (no data will be lost)
  Others have had success with this:
  1. Turn off iMessage in Settings > Messages
  2. Reset networking settings in Settings > General > Reset
  3. Reenable iMessage in Settings > Messages
  Note: This will clear all wifi passwords.