NAC Framework with TrendMicro Policy Server? External Posture Assessment?

Similar Messages

• NAC Framework with 802.1x authentication

  I am having trouble getting support and information on NAC framework. According to the cisco web NAC framework is in Phase 2 and is useable. According to Cisco representitives it is not supported yet. I have ACS 4.1, CTA 2.0, Symantec 10.1.4, and CSA 4.5. I can get NAC to work Layer 2, 802.1x to authenticate, but I cannot get both to work at the same time. Also, I have found no support for Symantec being checked even after I loaded the posture plugin, adf, etc. Is it time to give up on NAC framework? Thanks.

  My friend, i have a customer with whis configuration and worki fine.
  symantec need antivirus version 10 (8 or 9 no !!!!), the symantec posture plug installed in the clients.
  work fine wiht w2k and xp
  cta 2.x work fine. 1.x only work with L3 ip, no 802.1x.
  csa i don?t have experience.
  take care, it is hard to configure, if you need something more ask me to.
  Leo.

• Cisco ISG Integration with AAA & Policy Server

  Hi,
  We are integrating Cisco ISG (IOS XE - ASR1001) with AAA and Policy Server.   we have below to specific service provider requirement.
  1. TAL  - Transparent Automatic Subsriber for Range of IP or Pool of IP  - how we add such identifier in Policy/Control Maps as attibute handshake with AAA
  2. Different QoS Enforcement to Single User based on Day and Night Time.. what logic should be used??
  Note: The Subscribers are from wired network and DHCP controlled.
  Please help, Thanx in advance...
  Bhavesh

  Dear Bhavesh,
       Try with this it is working & tested policy for TAL & ISG ASR 1001.
  QoS will be work with Radius request & will apply on online user with diffrent plan.
  class-map type traffic match-any PPPOE
  match access-group output name PPPOE-out
  match access-group input name PPPOE-in
  class-map type control match-any TAL
  match source-ip-address 30.30.30.0 255.255.255.0
  class-map type control match-all IP_UNAUTH_COND
  match timer IP_UNAUTH_TIMER
  match authen-status unauthenticated
  class-map type control match-all PPPOE-CON
  match media ether
  match authen-status unauthenticated
  match protocol ppp
  policy-map type control PPPOE-USR
  class type control always event timed-policy-expiry
    10 service disconnect
  class type control always event account-logoff
    10 service disconnect delay 2
  class type control always event quota-depleted
    10 set-param drop-traffic TRUE
  class type control always event session-start
    10 authenticate aaa list PPP-USR
  class type control always event service-start
    20 service-policy type service identifier service-name
  class type control always event service-stop
    1 service-policy type service unapply identifier service-name
  policy-map type control TAL_IP_POLICY_RULE
  class type control IP_UNAUTH_COND event timed-policy-expiry
    10 service disconnect
  class type control TAL event account-logoff
    10 service disconnect delay 5
  class type control TAL event session-start
  30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
    50 set-timer IP_UNAUTH_TIMER 5
  class type control TAL event session-restart
    30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
    50 set-timer IP_UNAUTH_TIMER 5
  class type control TAL event quota-depleted
    10 set-param drop-traffic TRUE
  class type control TAL event service-start
    10 service-policy type service identifier service-name
  bba-group pppoe global
  virtual-template 1
  interface GigabitEthernet0/0/0
  ip address 10.10.10.2 255.255.255.0
  no ip proxy-arp
  negotiation auto
  interface GigabitEthernet0/0/1
  ip address 30.30.30.1 255.255.255.0
  negotiation auto
  pppoe enable group global
  service-policy type control TAL_IP_POLICY_RULE
  ip subscriber routed
    initiator unclassified ip-address
  interface GigabitEthernet0/0/2
  ip address 172.16.1.1 255.255.255.0
  negotiation auto
  interface GigabitEthernet0/0/3
  no ip address
  shutdown
  negotiation auto
  interface GigabitEthernet0/2/0
  no ip address
  shutdown
  negotiation auto
  interface GigabitEthernet0/2/1
  no ip address
  shutdown
  negotiation auto
  interface GigabitEthernet0/2/2
  no ip address
  shutdown
  negotiation auto
  interface GigabitEthernet0/2/3
  no ip address
  shutdown
  negotiation auto
  interface GigabitEthernet0
  vrf forwarding Mgmt-intf
  no ip address
  shutdown
  negotiation auto
  interface Virtual-Template1
  ip dhcp relay information trusted
  ip unnumbered GigabitEthernet0/0/1
  ip helper-address 10.10.10.1
  timeout absolute 43200 0
  peer default ip address dhcp
  ppp mtu adaptive
  ppp authentication pap
  ppp authorization PPP-USR
  service-policy type control PPPOE-USR
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip route 0.0.0.0 0.0.0.0 172.16.1.2
  ip access-list extended DROP-in
  deny   ip any any
  ip access-list extended DROP-out
  deny   ip any any
  ip access-list extended PPPOE-in
  permit ip any any
  ip access-list extended PPPOE-out
  permit ip any any
  vishal lumbhani

• Simple Web Auth policy and simple posture assessment policy in ISE

  G'day All,
  I've just finished reading through the Cisco BYOD with ISE document and it's left me a little more confused than when I started.
  I completely understand the onboarding process and the different policy elements that make up the self registration/onboarding configuration.
  What I'd like to do is put together an ISE configuration that is a lot simpler for the BYOD user.
  Is anyone able to advise if it is possible to have a single dot1x SSID with ISE that has a policy for Window Laptops using AD authentication for the user and Posture assessment and a policy for all smart devices (iOS and Android) that is just AD authentication of the user, without the need for device registration?
  The target user demographic for my deployment are really not technical so having to go through the onboarding process, especially for the Android devices, with the pre-installation of the cisco app, etc, really isn't what they are looking for.
  Huge thanks for any assistance.
  Cheers,
  JS

  Yes, that's possible. But without "device registration" then you need to configure Wireless 802.1x manually in every Android device.
  Please rate if that helps.

• Is there any Java API to interact/integrate with Adobe LiveCycle Policy Server

  Hi,
  We are already using Adobe LiveCycle Policy server & has manual process in place to send documents to clients.
  Going forward we want to automate this document generation process. We are using Java, JEE in our application.
  We are planning to use below steps to automate this process.
  1) Administrator will create a Template in Adobe Policy Server and will map users intended to receive mails with this template
  2) Our application will interact with Adobe Policy Server and use Template ID to generate PDF document and send mails to client.
  Can anyone please let me know if there is any Java API which can be used to perform the above second step.
  Thanks a lot for your help.
  Best Regards - Roy

  Hi Steven,
  What you refer to is PDF Generator version 7.x Postscript edition.
  In version 7 of the product there were 3 editions:
  1. PDF Generator Professional
  Create PDF files from a wide range of source files:
  Print (PS, EPS, PRN)
  Image (JPG, GIF, BMP, TIFF, PSD)
  Standard office formats (DOC, XLS, PPT, WPD, MPP)
  Text (TXT, RTF)
  Web (HTML)
  Design files (DWG, VSD)
  Generate all types of Adobe PDF file formats:
  PDF 1.3, 1.4, 1.5, 1.6
  PDF/X-1a and PDF/X-3 for prepress document exchange
  PDF/A for archiving with easy search and retrieval
  Searchable PDF files from images
  Convert PDF files to:
  HTML documents
  Text (TXT, RTF, accessible)
  Images (TIFF, PNG, JPEG)
  Print (PS, EPS)
  2. PDF Generator Elements
  Create PDF files from a wide range of source files:
  Print (PS, EPS, PRN)
  Image (JPG, GIF, BMP, TIFF, PSD)
  Standard office formats (DOC, XLS, PPT, WPD, MPP)
  Text (TXT, RTF)
  Web (HTML)
  Design files (DWG, VSD)
  Generate all types of Adobe PDF file formats:
  PDF 1.3, 1.4, 1.5, 1.6
  PDF/X-1a and PDF/X-3 for prepress document exchange
  PDF/A for archiving with easy search and retrieval
  Convert PDF files to:
  HTML documents
  Text (TXT, RTF, accessible)
  Print (PS, EPS)
  3. PDF Generator Postscript
  Create PDF files from a wide range of source files:
  Print (PS, EPS, PRN)
  Generate all types of Adobe PDF file formats:
  PDF 1.3, 1.4, 1.5, 1.6
  PDF/X-1a and PDF/X-3 for prepress document exchange
  PDF/A for archiving with easy search and retrieval
  So basically what you have is the very limited edition, doing exactly what you said. For more functionality you should opt for one of the other editions (that for version 7.x)
  Today's version is the newer LC PDF Generator ES. You can look for its specifications at http://www.adobe.com/products/livecycle/pdfgenerator/
  Thanks

• ISE Posture Assessment

  Hi,
  While reading about ISE posture, I got to know that ISE searches” User Agent” attribute for string “NAC Agent” to confirm that NAC agent is present on particular machine.This information is passed to ISE when user opens Web Browser i.e. user gets redirected
  If NAC agent is not present on machine then NAC agent will get downloaded and then Posture assessment starts.
  While testing this on ISE, I noticed that
  If NAC agent is already present on machine then directly posture assessment starts even without opening web browser.
  Now my question is, how ISE does come to know that NAC agent is already present on machine without opening web browser.
  Regards,
  Aditya

  I second Richard on the fact that it can't be done. However, I was going through this and wanted to share in case it helps.
  Default Posture Status
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_pos_pol.html#wp1919363
  Jatin Katyal
  - Do rate helpful posts -

• NAC Framework NAC-L3-IP, passing posture validation, but no ACLs downloaded

  Hi
  I've got the NAC Framework NAC-L3-IP setup using an 1800 router and Cisco ACS Server 4.2. When my client attempts to reach the internet (through our NAD configured for network admission), I get a popup saying the Posture is Healthy, the ACS server says its good, yet I never get any of my configured ACLs downloaded to the router. I think my problem is with my RADIUS AUthorization Components...what should the Healthy RAC look like? This is what I've currently got;
  IETF Session-Timeout (27) 36000
  IETF Termination-Action (29) RADIUS-Request (1)
  Cisco IOS/PIX 6.0 cisco-av-pair (1) status-query-timeout=300
  I've got that RAC tied to a NAP and a downloadable ACL also associated to it through the Network Access Profiles page.
  Can anyone provide help with this. Thanks

  Ooops, nevermind, I had to enable aaa authorization network default group radius and then the ACLs downloaded as expected. Thanks!
  Jason

• External posture validation server LanDesk vs. ACS

  Hi,
  I want you to ask wheather somebody has same problem as me and how did you solve it.
  I want to validate security of hosts with LANDesk® Security Suite 8.7 in cooperation with ACS. My problem seems to be in comunication between ACS and LanDesk validation server. Landesk server in log says that no scan has been made on the host. But when i dont forward LanDesk credentials to LanDesk and I Validate them on ACS, it works. I mean ACS can determine whether the scan has been made and with which result.
  So I think problem isn't in CTA or LanDesk host agent(when they send right credentials). It seems to be somewhere between ACS and LD server.
  Didn't you have similar problem?
  p.s. I have been imported LanDesk plugins into CTA and attributes definition file into ACS. But I am not sure if the External posture validation setup in URL field should be "http://ip.a.d.d:12576/pvs.exe" which i found in LD documentation. In google i found another URL "http://ip.a.d.d:12576/avp.exe". None of them works properly. And on LD server isn't such a file.
  Thans for help
  Daniel Sebek

  Hello,
  NAC Appliance:
  • Offers Authentication, Authorization and Remediation
  • Covers Wireless, VPN and LAN.
  • Only can be used as an appliance. No virtualize offerings. For small locations which ISR routers, a 50 and 100 user module is available.
  • Licensed by user count matching and applied to the corresponding enforcement server. Users bundles are 50, 100, 250, 500, 1500, 2500, 3500 and 5000.
  • Uses SNMP V1,2 and 3 or can be in-band / bump in the wire.
  • Can leverage Cisco Profiler or whitelist non-NAC capable devices.
  • Cisco enforcement appliances can provide collecting abilities for Cisco Profiler with an additional license.
  • Can Leverage Cisco Guest server for advance guest access.
  • Comes in HP or IBM appliance formats.
  • IBM appliances are 3315, 3355 and 3395 appliances. They can support ISE
  • HP appliances are 3310, 3350 and 3390 appliances. They cannot support ISE
  ACS 5.X:
  • Offers 802.1x NAC features and device management (TACACS/RADIUS).
  • Can be an appliance or Vmware. Appliances that are IBM hardware can support ISE. VMware can be migrated to ISE for an additional cost.
  • Provides Authentication and Authorization. Does not offer remediation.
  • Requires switches that support 802.1x COA as specified on cisco.com/go/acs to function as the enforcement agent. ACS alone cannot offer access control.
  • 802.1x NAC features do not require additional licenses for up to 500 users/devices. To scale beyond 500 users/devices, an additional large deployment license is required.

• ICal Server external Email Invitations Not working for names with umlauts!!

  Hi,
  I was testing external email invitations with iCal Server on Lion Server and encountered that if a Name that can Be resolved via iPhone or mac addressbook or even the sending iCal Account contains an umlaut something like this show up in iCal Server error log:
  2011-09-26 17:01:18+0200 [-] [mailgateway] 2011-09-26 17:01:18+0200 [-] [twext.web2.server#error] [Failure instance: Traceback: <type 'exceptions.UnicodeDecodeError'>: 'ascii' codec can't decode byte 0xc3 in position 90: ordinal not in range(128)
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:388:errback
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:455:_startRunCallbacks
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:542:_runCallbacks
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1076:gotResult
  2011-09-26 17:01:18+0200 [-] [mailgateway]      --- <exception caught here> ---
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1018:_inlineCallbacks
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/python/failure.py:350:throwExceptionIntoGenerator
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /usr/share/caldavd/lib/python/twistedcaldav/resource.py:310:renderHTTP
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1018:_inlineCallbacks
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/python/failure.py:350:throwExceptionIntoGenerator
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /usr/share/caldavd/lib/python/twext/web2/static.py:127:renderHTTP
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1018:_inlineCallbacks
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/python/failure.py:350:throwExceptionIntoGenerator
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /usr/share/caldavd/lib/python/twext/web2/resource.py:109:renderHTTP
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1020:_inlineCallbacks
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /usr/share/caldavd/lib/python/twistedcaldav/mail.py:334:http_POST
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /usr/share/caldavd/lib/python/twistedcaldav/mail.py:958:outbound
  2011-09-26 17:01:18+0200 [-] [mailgateway]      /usr/share/caldavd/lib/python/twistedcaldav/mail.py:1199:generateEmail
  2011-09-26 17:01:18+0200 [-] [mailgateway]      ]
  2011-09-26 17:01:18+0200 [-] [caldav-1]  [AuthorizedHTTPGetter,client] [twistedcaldav.scheduling.imip#error] Could not do server-to-imip request : <twistedcaldav.scheduling.imip.ScheduleViaIMip object at 0x103c65ed0> 500 Internal Server Error
  2011-09-26 17:01:18+0200 [-] [caldav-1]  [AuthorizedHTTPGetter,client] [twistedcaldav.scheduling.scheduler.ScheduleResponseQueue#error] Error during PUT for mailto:someemailaddress@yourdomain: iMIP request failed
  And No Email is send!
  If changing the Umlaut ü to something like ue in the Sender or Receiver Name everything is alright!
  Thank you Apple for obviously Not testing Lion Server for international use :-/
  Maybe this help someone else who is using umlauts with iCal Server external Email invitations
  Regards
  Eldrik

  Hello Daryn,
  Thinks for commenting. I am very upset that Apple just said "No" when I asked for this to be fixed. There appears to be no way to submit this as an official bug that keeps ical from running.
  Apple actually had me reinstall my whole server and the issue was still there and then they just said "Oh, well I will email someone about it.".
  This is the first time Apple has stunk it up in my books. This is bad support for Server.
  Brad

• Cisco ISE with both internal and External RADIUS Server

  Hi
  I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
  I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
  So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
  I will like to know if it is possible to configure it and how I can do it ?
  Thanks in advance for your help
  Regards
  Blaise

  Cisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
  Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
  The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same.

• Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2)

  Dear ALL,
  I want to Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2) as per below description. Can someone please help me how to proceed and achieve this. 
  Pin the following applications to the Taskbar:
  Outlook
  Pin the following applications to the Start Menu:
  Outlook
  Excel
  Word
  Internet Explorer
  Software Center
  Regards,
  Amit Kumar Rao

  https://www.google.de/search?q=windows+7+pin+to+taskbar+vbs
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Problems with deploying application to Policy Server 7.2.1 & DSS 7.2.2

  Hiya -<br /><br />I've been using Policy Server 7.0.2 and Document Security Server 7.0.2 to policy protect PDFs.<br /><br />I've recently just installed Policy Server 7.2.1 & DSS 7.2.2 on another machine and am now trying to use the same EJB deployed on the previous PS & DSS on the newer versions. Unfortunately I'm running into some problems which I don't really understand.<br /><br />Basically I can deploy the EJB (called PolicyApplication.jar) and it appears to deploy OK - it appears in the jmx-console (I'm using jboss 3.2.5), but when I try and attach to it from my remote application I get the following error (see stack trace below).<br /><br />I'm using SSL and have imported the certificates into the java environment cacerts files for both the client & the server.<br /><br />Looking through the stack trace I get the error 'Error looking up PolicyManagerEJB -- Cannot connect to server' and the application seems to be trying to make a connection to localhost and being refused, but I don't really understand why it's being refused.<br /><br />Basically I have DSS & PS running on the same instance of jboss - the client is running on a different machine, so I have permissioned through the firewall port 1099.<br /><br />I seem to be able to use <servername>/edc/Main.do with no problems at all.<br /><br />I also seem to have some MissingResourceExceptions in the adobe.log for a number of different services:<br /><br />2007-01-30 14:41:52,473~DEBUG~com.adobe.idp.um.scheduler.IDPScheduler~com.adobe.service.Service.star t Service IDPScheduler: Exception while attempting to read initialization properties from com/adobe/config/IDPScheduler-init<br />java.util.MissingResourceException: Can't find bundle for base name com/adobe/config/IDPScheduler-init, locale en_US<br /><br /><very long stack trace here><br /><br />2007-01-30 14:41:57,445~DEBUG~com.adobe.document.PDFManipulation~com.adobe.service.Service.start Service PDFManipulation: Exception while attempting to read initialization properties from com/adobe/config/PDFManipulation-init<br />java.util.MissingResourceException: Can't find bundle for base name com/adobe/config/PDFManipulation-init, locale en_US<br /><br /><very long stack trace here><br /><br />2007-01-30 14:41:59,958~DEBUG~com.adobe.service.APSProxyService~com.adobe.service.Service.start Service APSProxyService: Exception while attempting to read initialization properties from com/adobe/config/APSProxyService-init<br />java.util.MissingResourceException: Can't find bundle for base name com/adobe/config/APSProxyService-init, locale en_US<br /><br /><very long stack trace here><br /><br />Could someone please give me some advice on how I can try and debug this issue, and what could be wrong. As per usual I've left this late and really need to get this going ASAP, so any help anyone could provide would be very very gratefully received.<br /><br />Below is the stack trace I receive at the client end. I've had to summarise it as it's quite long - will post the full thing is a second post.<br /><br />Once again, many thanks in advance,<br />Anil.<br /><br />----<br /><br />com.adobe.edc.sdk.SDKException: Exception connecting to the Server -- An error occured while performing this operation(error code bin: 1, hex: 0x1)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException<br /><br />Caused by: com.adobe.edc.sdk.SDKException: Error authenticating against server -- Authentication failed(error code bin: 513, hex: 0x201)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:50)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getConnection<br /><br />Caused by: com.adobe.edc.sdk.SDKException: Error looking up PolicyManagerEJB -- Cannot connect to server(error code bin: 1025, hex: 0x401)<br /><br />Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is: <br />     java.net.ConnectException: Connection refused: connect]

  Full stack trace here:<br /><br />com.adobe.edc.sdk.SDKException: Exception connecting to the Server -- An error occured while performing this operation(error code bin: 1, hex: 0x1)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:78)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:88)<br />     at com.adobe.edc.sdk.EDCFactory.connect(EDCFactory.java:190)<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.createConnection(AdobeDRMManager.java :122)<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.main(AdobeDRMManager.java:411)<br />Caused by: com.adobe.edc.sdk.SDKException: Error authenticating against server -- Authentication failed(error code bin: 513, hex: 0x201)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:50)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getConnection(EJBConnection.java:557)<br />     at com.adobe.edc.sdk.impl.ejb.EJBClientFactoryImpl.<init>(EJBClientFactoryImpl.java:63)<br />     at com.adobe.edc.sdk.EDCFactory.connect(EDCFactory.java:183)<br />     ... 2 more<br />Caused by: com.adobe.edc.sdk.SDKException: Error looking up PolicyManagerEJB -- Cannot connect to server(error code bin: 1025, hex: 0x401)<br />     at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:50)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getPolicyManagerHome(EJBConnection.java:532)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getConnection(EJBConnection.java:549)<br />     ... 4 more<br />Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is: <br />     java.net.ConnectException: Connection refused: connect]<br />     at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:649)<br />     at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)<br />     at javax.naming.InitialContext.lookup(Unknown Source)<br />     at com.adobe.edc.sdk.impl.ejb.EJBConnection.getPolicyManagerHome(EJBConnection.java:528)<br />     ... 5 more<br />Caused by: java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is: <br />     java.net.ConnectException: Connection refused: connect<br />     at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)<br />     at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)<br />     at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)<br />     at sun.rmi.server.UnicastRef.invoke(Unknown Source)<br />     at org.jnp.server.NamingServer_Stub.lookup(Unknown Source)<br />     at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:530)<br />     ... 8 more<br />Caused by: java.net.ConnectException: Connection refused: connect<br />     at java.net.PlainSocketImpl.socketConnect(Native Method)<br />     at java.net.PlainSocketImpl.doConnect(Unknown Source)<br />     at java.net.PlainSocketImpl.connectToAddress(Unknown Source)<br />     at java.net.PlainSocketImpl.connect(Unknown Source)<br />     at java.net.SocksSocketImpl.connect(Unknown Source)<br />     at java.net.Socket.connect(Unknown Source)<br />     at java.net.Socket.connect(Unknown Source)<br />     at java.net.Socket.<init>(Unknown Source)<br />     at java.net.Socket.<init>(Unknown Source)<br />     at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown Source)<br />     at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown Source)<br />     ... 14 more<br />com.semantico.depp.drm.exception.DRMException: Could not connect to DRM server<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.createConnection(AdobeDRMManager.java :129)<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.main(AdobeDRMManager.java:411)<br />Exception in thread "main" java.lang.NullPointerException<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.closeConnection(AdobeDRMManager.java: 142)<br />     at com.semantico.depp.drm.manager.impl.AdobeDRMManager.main(AdobeDRMManager.java:448)

• How to join to window server with NIP policy

  how to join to window server with NIP policy?

  Since you refer to MySQL as the default database, I presume that you're talking about using PHP.
  Yes, you can link to MS SQL Server - as long as you're willing to code everything by hand. If you're looking for automated code generation, though, the answer is no.
  Even the default PHP/MySQL server behaviors are not really worth considering for professional web development. They're fine for quick prototyping, but they use deprecated functions that are not suitable for a production environment.

• Help: Policy Server consuming Oracle resources with ANALYZE operations

  Dear all,
  we have a problem with APS 7.0.2 on Win 2003 server R2 that uses an Oracle instance on HP-UX (but I suppose the problem is not related to the specific operating systems).
  Apparently, Policy Server periodically produces queries Oracle for statistics but the generated load is so high that the database cannot work for some time and sometimes it is necessary to stop Policy Server and/or the database daemon.
  Is it possible to disable statistics collection?
  How?
  Anybody has the same problem?

  Hi,
  UNC file pathnames (for ex (\\host-machine\asdf) )are no longer supported by JRE 1.6.0.24+
  Solution
  There are two workarounds at this moment:
  1. You may use JRE v 1.6.0_23
  2. Update the path to a physical address (for example
  C:\Ora10gMID\Apache\Apache\htdocs\repcache) or URL (for example,
  @ http://njwin20-v02.us.oracle.com:7779/repcache/) when creating the document record.
  Regards,
  Kal

• Using Network Policy Server Polices in conjunction with RRAS on Server 2012 R2

  Within the RRAS MMC console there is an option called Remote Access Logging & Polices.
  If I right mouse click and can get to the NPS and tried to configure a couple of basic settings (e.g. group membership of Domain Admins required) for granting access.
  However when testing this, the policy did not seem to apply (aka the user got on even though group membership was not correct).
  I have made sure that the dial-in properties for the user was set to Control access through NPS Network Policy.
  Q/ For the above to work, do I actually need to install the NPS role itself or can it work independently?

  Hi,
  It seems that Remote Access logging and policy configuration is now performed through NPS since Windows server 2008.
  As you have tested for this, I assume that you would need to install the NPS role to perform RADIUS accounting and Network Polices.
  More information:
  Network Policy Server
  In addition, since it is related to network, I will move it to the Network Access Protection forum for better assistance. Thanks for your understanding and support.
  Best regards,
  Susie