NAC Framework with TrendMicro Policy Server? External Posture Assessment?
Hi
I've got a NAC Framework 2.1 setup using NAC-L2-802.1x with 2950 switches and so far it's working great. I've recently begun testing NAC with TrendMicro OfficeScan, which includes the Trend Policy Server for Cisco NAC.
I've imported the Trend.adf file, created a new Internal Posture Validation to check these TrendAV settings (DAT version, protection enabled, etc) and it is working great with the clients. (Healthy if up to date, quarantined if out of date).
What I'm trying to do is get this integrated with the Trend Policy Server for Cisco NAC. I've created an External Posture Validation entry for the Trend Policy Server;
https://win2k3std:4343/antibody
And have supplied it with the password (no username is needed to login to the web console of this server). I've also selected Trend:AV as the forwarding credential. I've gone into Network Access Profiles and made sure this was selected as an External Posture Validation Server and set it to quarantine under "Failure Posture Token". When I test this from the client (once I've enable External Posture Validation), it always ends up quarantined (even though the client is fully up to date). If I disable the External Posture Validation server from the NAP, the client test passes as Healthy (since all AV is up to date).
I've got the Policy Server for Cisco NAC defined under NAC on my Trend OfficeScan server, and on the Policy Server for Cisco NAC, I've got the OfficeScan server defined. Yet, no matter what I've tried, the client always fails with this msg in the CSACS logs;
Posture Validation Failure on External Policy
Does anyone have any experience or help with this. Thanks very much.
Jason Humes
Please check the links for the Configuration and Troubleshoot of NAC
www.cisco.com/c/en/us/td/docs/security/nac/appliance/configuration_guide/48/cam/48cam-book/m_agntd.html
www.cisco.com/c/en/us/td/docs/security/nac/appliance/configuration_guide/47/cam/47cam-book/m_agntd.html#wp1234860
Similar Messages
-
NAC Framework with 802.1x authentication
I am having trouble getting support and information on NAC framework. According to the cisco web NAC framework is in Phase 2 and is useable. According to Cisco representitives it is not supported yet. I have ACS 4.1, CTA 2.0, Symantec 10.1.4, and CSA 4.5. I can get NAC to work Layer 2, 802.1x to authenticate, but I cannot get both to work at the same time. Also, I have found no support for Symantec being checked even after I loaded the posture plugin, adf, etc. Is it time to give up on NAC framework? Thanks.
My friend, i have a customer with whis configuration and worki fine.
symantec need antivirus version 10 (8 or 9 no !!!!), the symantec posture plug installed in the clients.
work fine wiht w2k and xp
cta 2.x work fine. 1.x only work with L3 ip, no 802.1x.
csa i don?t have experience.
take care, it is hard to configure, if you need something more ask me to.
Leo. -
Cisco ISG Integration with AAA & Policy Server
Hi,
We are integrating Cisco ISG (IOS XE - ASR1001) with AAA and Policy Server. we have below to specific service provider requirement.
1. TAL - Transparent Automatic Subsriber for Range of IP or Pool of IP - how we add such identifier in Policy/Control Maps as attibute handshake with AAA
2. Different QoS Enforcement to Single User based on Day and Night Time.. what logic should be used??
Note: The Subscribers are from wired network and DHCP controlled.
Please help, Thanx in advance...
BhaveshDear Bhavesh,
Try with this it is working & tested policy for TAL & ISG ASR 1001.
QoS will be work with Radius request & will apply on online user with diffrent plan.
class-map type traffic match-any PPPOE
match access-group output name PPPOE-out
match access-group input name PPPOE-in
class-map type control match-any TAL
match source-ip-address 30.30.30.0 255.255.255.0
class-map type control match-all IP_UNAUTH_COND
match timer IP_UNAUTH_TIMER
match authen-status unauthenticated
class-map type control match-all PPPOE-CON
match media ether
match authen-status unauthenticated
match protocol ppp
policy-map type control PPPOE-USR
class type control always event timed-policy-expiry
10 service disconnect
class type control always event account-logoff
10 service disconnect delay 2
class type control always event quota-depleted
10 set-param drop-traffic TRUE
class type control always event session-start
10 authenticate aaa list PPP-USR
class type control always event service-start
20 service-policy type service identifier service-name
class type control always event service-stop
1 service-policy type service unapply identifier service-name
policy-map type control TAL_IP_POLICY_RULE
class type control IP_UNAUTH_COND event timed-policy-expiry
10 service disconnect
class type control TAL event account-logoff
10 service disconnect delay 5
class type control TAL event session-start
30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
50 set-timer IP_UNAUTH_TIMER 5
class type control TAL event session-restart
30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
50 set-timer IP_UNAUTH_TIMER 5
class type control TAL event quota-depleted
10 set-param drop-traffic TRUE
class type control TAL event service-start
10 service-policy type service identifier service-name
bba-group pppoe global
virtual-template 1
interface GigabitEthernet0/0/0
ip address 10.10.10.2 255.255.255.0
no ip proxy-arp
negotiation auto
interface GigabitEthernet0/0/1
ip address 30.30.30.1 255.255.255.0
negotiation auto
pppoe enable group global
service-policy type control TAL_IP_POLICY_RULE
ip subscriber routed
initiator unclassified ip-address
interface GigabitEthernet0/0/2
ip address 172.16.1.1 255.255.255.0
negotiation auto
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/0
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/1
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/2
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/3
no ip address
shutdown
negotiation auto
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
interface Virtual-Template1
ip dhcp relay information trusted
ip unnumbered GigabitEthernet0/0/1
ip helper-address 10.10.10.1
timeout absolute 43200 0
peer default ip address dhcp
ppp mtu adaptive
ppp authentication pap
ppp authorization PPP-USR
service-policy type control PPPOE-USR
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.1.2
ip access-list extended DROP-in
deny ip any any
ip access-list extended DROP-out
deny ip any any
ip access-list extended PPPOE-in
permit ip any any
ip access-list extended PPPOE-out
permit ip any any
vishal lumbhani -
Simple Web Auth policy and simple posture assessment policy in ISE
G'day All,
I've just finished reading through the Cisco BYOD with ISE document and it's left me a little more confused than when I started.
I completely understand the onboarding process and the different policy elements that make up the self registration/onboarding configuration.
What I'd like to do is put together an ISE configuration that is a lot simpler for the BYOD user.
Is anyone able to advise if it is possible to have a single dot1x SSID with ISE that has a policy for Window Laptops using AD authentication for the user and Posture assessment and a policy for all smart devices (iOS and Android) that is just AD authentication of the user, without the need for device registration?
The target user demographic for my deployment are really not technical so having to go through the onboarding process, especially for the Android devices, with the pre-installation of the cisco app, etc, really isn't what they are looking for.
Huge thanks for any assistance.
Cheers,
JSYes, that's possible. But without "device registration" then you need to configure Wireless 802.1x manually in every Android device.
Please rate if that helps. -
Is there any Java API to interact/integrate with Adobe LiveCycle Policy Server
Hi,
We are already using Adobe LiveCycle Policy server & has manual process in place to send documents to clients.
Going forward we want to automate this document generation process. We are using Java, JEE in our application.
We are planning to use below steps to automate this process.
1) Administrator will create a Template in Adobe Policy Server and will map users intended to receive mails with this template
2) Our application will interact with Adobe Policy Server and use Template ID to generate PDF document and send mails to client.
Can anyone please let me know if there is any Java API which can be used to perform the above second step.
Thanks a lot for your help.
Best Regards - RoyHi Steven,
What you refer to is PDF Generator version 7.x Postscript edition.
In version 7 of the product there were 3 editions:
1. PDF Generator Professional
Create PDF files from a wide range of source files:
Print (PS, EPS, PRN)
Image (JPG, GIF, BMP, TIFF, PSD)
Standard office formats (DOC, XLS, PPT, WPD, MPP)
Text (TXT, RTF)
Web (HTML)
Design files (DWG, VSD)
Generate all types of Adobe PDF file formats:
PDF 1.3, 1.4, 1.5, 1.6
PDF/X-1a and PDF/X-3 for prepress document exchange
PDF/A for archiving with easy search and retrieval
Searchable PDF files from images
Convert PDF files to:
HTML documents
Text (TXT, RTF, accessible)
Images (TIFF, PNG, JPEG)
Print (PS, EPS)
2. PDF Generator Elements
Create PDF files from a wide range of source files:
Print (PS, EPS, PRN)
Image (JPG, GIF, BMP, TIFF, PSD)
Standard office formats (DOC, XLS, PPT, WPD, MPP)
Text (TXT, RTF)
Web (HTML)
Design files (DWG, VSD)
Generate all types of Adobe PDF file formats:
PDF 1.3, 1.4, 1.5, 1.6
PDF/X-1a and PDF/X-3 for prepress document exchange
PDF/A for archiving with easy search and retrieval
Convert PDF files to:
HTML documents
Text (TXT, RTF, accessible)
Print (PS, EPS)
3. PDF Generator Postscript
Create PDF files from a wide range of source files:
Print (PS, EPS, PRN)
Generate all types of Adobe PDF file formats:
PDF 1.3, 1.4, 1.5, 1.6
PDF/X-1a and PDF/X-3 for prepress document exchange
PDF/A for archiving with easy search and retrieval
So basically what you have is the very limited edition, doing exactly what you said. For more functionality you should opt for one of the other editions (that for version 7.x)
Today's version is the newer LC PDF Generator ES. You can look for its specifications at http://www.adobe.com/products/livecycle/pdfgenerator/
Thanks -
Hi,
While reading about ISE posture, I got to know that ISE searches” User Agent” attribute for string “NAC Agent” to confirm that NAC agent is present on particular machine.This information is passed to ISE when user opens Web Browser i.e. user gets redirected
If NAC agent is not present on machine then NAC agent will get downloaded and then Posture assessment starts.
While testing this on ISE, I noticed that
If NAC agent is already present on machine then directly posture assessment starts even without opening web browser.
Now my question is, how ISE does come to know that NAC agent is already present on machine without opening web browser.
Regards,
AdityaI second Richard on the fact that it can't be done. However, I was going through this and wanted to share in case it helps.
Default Posture Status
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_pos_pol.html#wp1919363
Jatin Katyal
- Do rate helpful posts - -
NAC Framework NAC-L3-IP, passing posture validation, but no ACLs downloaded
Hi
I've got the NAC Framework NAC-L3-IP setup using an 1800 router and Cisco ACS Server 4.2. When my client attempts to reach the internet (through our NAD configured for network admission), I get a popup saying the Posture is Healthy, the ACS server says its good, yet I never get any of my configured ACLs downloaded to the router. I think my problem is with my RADIUS AUthorization Components...what should the Healthy RAC look like? This is what I've currently got;
IETF Session-Timeout (27) 36000
IETF Termination-Action (29) RADIUS-Request (1)
Cisco IOS/PIX 6.0 cisco-av-pair (1) status-query-timeout=300
I've got that RAC tied to a NAP and a downloadable ACL also associated to it through the Network Access Profiles page.
Can anyone provide help with this. ThanksOoops, nevermind, I had to enable aaa authorization network default group radius and then the ACLs downloaded as expected. Thanks!
Jason -
External posture validation server LanDesk vs. ACS
Hi,
I want you to ask wheather somebody has same problem as me and how did you solve it.
I want to validate security of hosts with LANDesk® Security Suite 8.7 in cooperation with ACS. My problem seems to be in comunication between ACS and LanDesk validation server. Landesk server in log says that no scan has been made on the host. But when i dont forward LanDesk credentials to LanDesk and I Validate them on ACS, it works. I mean ACS can determine whether the scan has been made and with which result.
So I think problem isn't in CTA or LanDesk host agent(when they send right credentials). It seems to be somewhere between ACS and LD server.
Didn't you have similar problem?
p.s. I have been imported LanDesk plugins into CTA and attributes definition file into ACS. But I am not sure if the External posture validation setup in URL field should be "http://ip.a.d.d:12576/pvs.exe" which i found in LD documentation. In google i found another URL "http://ip.a.d.d:12576/avp.exe". None of them works properly. And on LD server isn't such a file.
Thans for help
Daniel SebekHello,
NAC Appliance:
• Offers Authentication, Authorization and Remediation
• Covers Wireless, VPN and LAN.
• Only can be used as an appliance. No virtualize offerings. For small locations which ISR routers, a 50 and 100 user module is available.
• Licensed by user count matching and applied to the corresponding enforcement server. Users bundles are 50, 100, 250, 500, 1500, 2500, 3500 and 5000.
• Uses SNMP V1,2 and 3 or can be in-band / bump in the wire.
• Can leverage Cisco Profiler or whitelist non-NAC capable devices.
• Cisco enforcement appliances can provide collecting abilities for Cisco Profiler with an additional license.
• Can Leverage Cisco Guest server for advance guest access.
• Comes in HP or IBM appliance formats.
• IBM appliances are 3315, 3355 and 3395 appliances. They can support ISE
• HP appliances are 3310, 3350 and 3390 appliances. They cannot support ISE
ACS 5.X:
• Offers 802.1x NAC features and device management (TACACS/RADIUS).
• Can be an appliance or Vmware. Appliances that are IBM hardware can support ISE. VMware can be migrated to ISE for an additional cost.
• Provides Authentication and Authorization. Does not offer remediation.
• Requires switches that support 802.1x COA as specified on cisco.com/go/acs to function as the enforcement agent. ACS alone cannot offer access control.
• 802.1x NAC features do not require additional licenses for up to 500 users/devices. To scale beyond 500 users/devices, an additional large deployment license is required. -
ICal Server external Email Invitations Not working for names with umlauts!!
Hi,
I was testing external email invitations with iCal Server on Lion Server and encountered that if a Name that can Be resolved via iPhone or mac addressbook or even the sending iCal Account contains an umlaut something like this show up in iCal Server error log:
2011-09-26 17:01:18+0200 [-] [mailgateway] 2011-09-26 17:01:18+0200 [-] [twext.web2.server#error] [Failure instance: Traceback: <type 'exceptions.UnicodeDecodeError'>: 'ascii' codec can't decode byte 0xc3 in position 90: ordinal not in range(128)
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:388:errback
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:455:_startRunCallbacks
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:542:_runCallbacks
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1076:gotResult
2011-09-26 17:01:18+0200 [-] [mailgateway] --- <exception caught here> ---
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1018:_inlineCallbacks
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/python/failure.py:350:throwExceptionIntoGenerator
2011-09-26 17:01:18+0200 [-] [mailgateway] /usr/share/caldavd/lib/python/twistedcaldav/resource.py:310:renderHTTP
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1018:_inlineCallbacks
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/python/failure.py:350:throwExceptionIntoGenerator
2011-09-26 17:01:18+0200 [-] [mailgateway] /usr/share/caldavd/lib/python/twext/web2/static.py:127:renderHTTP
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1018:_inlineCallbacks
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/python/failure.py:350:throwExceptionIntoGenerator
2011-09-26 17:01:18+0200 [-] [mailgateway] /usr/share/caldavd/lib/python/twext/web2/resource.py:109:renderHTTP
2011-09-26 17:01:18+0200 [-] [mailgateway] /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python /twisted/internet/defer.py:1020:_inlineCallbacks
2011-09-26 17:01:18+0200 [-] [mailgateway] /usr/share/caldavd/lib/python/twistedcaldav/mail.py:334:http_POST
2011-09-26 17:01:18+0200 [-] [mailgateway] /usr/share/caldavd/lib/python/twistedcaldav/mail.py:958:outbound
2011-09-26 17:01:18+0200 [-] [mailgateway] /usr/share/caldavd/lib/python/twistedcaldav/mail.py:1199:generateEmail
2011-09-26 17:01:18+0200 [-] [mailgateway] ]
2011-09-26 17:01:18+0200 [-] [caldav-1] [AuthorizedHTTPGetter,client] [twistedcaldav.scheduling.imip#error] Could not do server-to-imip request : <twistedcaldav.scheduling.imip.ScheduleViaIMip object at 0x103c65ed0> 500 Internal Server Error
2011-09-26 17:01:18+0200 [-] [caldav-1] [AuthorizedHTTPGetter,client] [twistedcaldav.scheduling.scheduler.ScheduleResponseQueue#error] Error during PUT for mailto:someemailaddress@yourdomain: iMIP request failed
And No Email is send!
If changing the Umlaut ü to something like ue in the Sender or Receiver Name everything is alright!
Thank you Apple for obviously Not testing Lion Server for international use :-/
Maybe this help someone else who is using umlauts with iCal Server external Email invitations
Regards
EldrikHello Daryn,
Thinks for commenting. I am very upset that Apple just said "No" when I asked for this to be fixed. There appears to be no way to submit this as an official bug that keeps ical from running.
Apple actually had me reinstall my whole server and the issue was still there and then they just said "Oh, well I will email someone about it.".
This is the first time Apple has stunk it up in my books. This is bad support for Server.
Brad -
Cisco ISE with both internal and External RADIUS Server
Hi
I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
I will like to know if it is possible to configure it and how I can do it ?
Thanks in advance for your help
Regards
BlaiseCisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same. -
Dear ALL,
I want to Pin Programs on the Windows 7 Taskbar & Start Menu with Group Policy (Windows Server 2008 R2) as per below description. Can someone please help me how to proceed and achieve this.
Pin the following applications to the Taskbar:
Outlook
Pin the following applications to the Start Menu:
Outlook
Excel
Word
Internet Explorer
Software Center
Regards,
Amit Kumar Raohttps://www.google.de/search?q=windows+7+pin+to+taskbar+vbs
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Problems with deploying application to Policy Server 7.2.1 & DSS 7.2.2
Hiya -<br /><br />I've been using Policy Server 7.0.2 and Document Security Server 7.0.2 to policy protect PDFs.<br /><br />I've recently just installed Policy Server 7.2.1 & DSS 7.2.2 on another machine and am now trying to use the same EJB deployed on the previous PS & DSS on the newer versions. Unfortunately I'm running into some problems which I don't really understand.<br /><br />Basically I can deploy the EJB (called PolicyApplication.jar) and it appears to deploy OK - it appears in the jmx-console (I'm using jboss 3.2.5), but when I try and attach to it from my remote application I get the following error (see stack trace below).<br /><br />I'm using SSL and have imported the certificates into the java environment cacerts files for both the client & the server.<br /><br />Looking through the stack trace I get the error 'Error looking up PolicyManagerEJB -- Cannot connect to server' and the application seems to be trying to make a connection to localhost and being refused, but I don't really understand why it's being refused.<br /><br />Basically I have DSS & PS running on the same instance of jboss - the client is running on a different machine, so I have permissioned through the firewall port 1099.<br /><br />I seem to be able to use <servername>/edc/Main.do with no problems at all.<br /><br />I also seem to have some MissingResourceExceptions in the adobe.log for a number of different services:<br /><br />2007-01-30 14:41:52,473~DEBUG~com.adobe.idp.um.scheduler.IDPScheduler~com.adobe.service.Service.star t Service IDPScheduler: Exception while attempting to read initialization properties from com/adobe/config/IDPScheduler-init<br />java.util.MissingResourceException: Can't find bundle for base name com/adobe/config/IDPScheduler-init, locale en_US<br /><br /><very long stack trace here><br /><br />2007-01-30 14:41:57,445~DEBUG~com.adobe.document.PDFManipulation~com.adobe.service.Service.start Service PDFManipulation: Exception while attempting to read initialization properties from com/adobe/config/PDFManipulation-init<br />java.util.MissingResourceException: Can't find bundle for base name com/adobe/config/PDFManipulation-init, locale en_US<br /><br /><very long stack trace here><br /><br />2007-01-30 14:41:59,958~DEBUG~com.adobe.service.APSProxyService~com.adobe.service.Service.start Service APSProxyService: Exception while attempting to read initialization properties from com/adobe/config/APSProxyService-init<br />java.util.MissingResourceException: Can't find bundle for base name com/adobe/config/APSProxyService-init, locale en_US<br /><br /><very long stack trace here><br /><br />Could someone please give me some advice on how I can try and debug this issue, and what could be wrong. As per usual I've left this late and really need to get this going ASAP, so any help anyone could provide would be very very gratefully received.<br /><br />Below is the stack trace I receive at the client end. I've had to summarise it as it's quite long - will post the full thing is a second post.<br /><br />Once again, many thanks in advance,<br />Anil.<br /><br />----<br /><br />com.adobe.edc.sdk.SDKException: Exception connecting to the Server -- An error occured while performing this operation(error code bin: 1, hex: 0x1)<br /> at com.adobe.edc.sdk.impl.ExceptionHandler.throwException<br /><br />Caused by: com.adobe.edc.sdk.SDKException: Error authenticating against server -- Authentication failed(error code bin: 513, hex: 0x201)<br /> at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:50)<br /> at com.adobe.edc.sdk.impl.ejb.EJBConnection.getConnection<br /><br />Caused by: com.adobe.edc.sdk.SDKException: Error looking up PolicyManagerEJB -- Cannot connect to server(error code bin: 1025, hex: 0x401)<br /><br />Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is: <br /> java.net.ConnectException: Connection refused: connect]
Full stack trace here:<br /><br />com.adobe.edc.sdk.SDKException: Exception connecting to the Server -- An error occured while performing this operation(error code bin: 1, hex: 0x1)<br /> at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:78)<br /> at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:88)<br /> at com.adobe.edc.sdk.EDCFactory.connect(EDCFactory.java:190)<br /> at com.semantico.depp.drm.manager.impl.AdobeDRMManager.createConnection(AdobeDRMManager.java :122)<br /> at com.semantico.depp.drm.manager.impl.AdobeDRMManager.main(AdobeDRMManager.java:411)<br />Caused by: com.adobe.edc.sdk.SDKException: Error authenticating against server -- Authentication failed(error code bin: 513, hex: 0x201)<br /> at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:50)<br /> at com.adobe.edc.sdk.impl.ejb.EJBConnection.getConnection(EJBConnection.java:557)<br /> at com.adobe.edc.sdk.impl.ejb.EJBClientFactoryImpl.<init>(EJBClientFactoryImpl.java:63)<br /> at com.adobe.edc.sdk.EDCFactory.connect(EDCFactory.java:183)<br /> ... 2 more<br />Caused by: com.adobe.edc.sdk.SDKException: Error looking up PolicyManagerEJB -- Cannot connect to server(error code bin: 1025, hex: 0x401)<br /> at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:50)<br /> at com.adobe.edc.sdk.impl.ejb.EJBConnection.getPolicyManagerHome(EJBConnection.java:532)<br /> at com.adobe.edc.sdk.impl.ejb.EJBConnection.getConnection(EJBConnection.java:549)<br /> ... 4 more<br />Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is: <br /> java.net.ConnectException: Connection refused: connect]<br /> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:649)<br /> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)<br /> at javax.naming.InitialContext.lookup(Unknown Source)<br /> at com.adobe.edc.sdk.impl.ejb.EJBConnection.getPolicyManagerHome(EJBConnection.java:528)<br /> ... 5 more<br />Caused by: java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is: <br /> java.net.ConnectException: Connection refused: connect<br /> at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)<br /> at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)<br /> at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)<br /> at sun.rmi.server.UnicastRef.invoke(Unknown Source)<br /> at org.jnp.server.NamingServer_Stub.lookup(Unknown Source)<br /> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:530)<br /> ... 8 more<br />Caused by: java.net.ConnectException: Connection refused: connect<br /> at java.net.PlainSocketImpl.socketConnect(Native Method)<br /> at java.net.PlainSocketImpl.doConnect(Unknown Source)<br /> at java.net.PlainSocketImpl.connectToAddress(Unknown Source)<br /> at java.net.PlainSocketImpl.connect(Unknown Source)<br /> at java.net.SocksSocketImpl.connect(Unknown Source)<br /> at java.net.Socket.connect(Unknown Source)<br /> at java.net.Socket.connect(Unknown Source)<br /> at java.net.Socket.<init>(Unknown Source)<br /> at java.net.Socket.<init>(Unknown Source)<br /> at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown Source)<br /> at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown Source)<br /> ... 14 more<br />com.semantico.depp.drm.exception.DRMException: Could not connect to DRM server<br /> at com.semantico.depp.drm.manager.impl.AdobeDRMManager.createConnection(AdobeDRMManager.java :129)<br /> at com.semantico.depp.drm.manager.impl.AdobeDRMManager.main(AdobeDRMManager.java:411)<br />Exception in thread "main" java.lang.NullPointerException<br /> at com.semantico.depp.drm.manager.impl.AdobeDRMManager.closeConnection(AdobeDRMManager.java: 142)<br /> at com.semantico.depp.drm.manager.impl.AdobeDRMManager.main(AdobeDRMManager.java:448)
-
How to join to window server with NIP policy
how to join to window server with NIP policy?
Since you refer to MySQL as the default database, I presume that you're talking about using PHP.
Yes, you can link to MS SQL Server - as long as you're willing to code everything by hand. If you're looking for automated code generation, though, the answer is no.
Even the default PHP/MySQL server behaviors are not really worth considering for professional web development. They're fine for quick prototyping, but they use deprecated functions that are not suitable for a production environment. -
Help: Policy Server consuming Oracle resources with ANALYZE operations
Dear all,
we have a problem with APS 7.0.2 on Win 2003 server R2 that uses an Oracle instance on HP-UX (but I suppose the problem is not related to the specific operating systems).
Apparently, Policy Server periodically produces queries Oracle for statistics but the generated load is so high that the database cannot work for some time and sometimes it is necessary to stop Policy Server and/or the database daemon.
Is it possible to disable statistics collection?
How?
Anybody has the same problem?Hi,
UNC file pathnames (for ex (\\host-machine\asdf) )are no longer supported by JRE 1.6.0.24+
Solution
There are two workarounds at this moment:
1. You may use JRE v 1.6.0_23
2. Update the path to a physical address (for example
C:\Ora10gMID\Apache\Apache\htdocs\repcache) or URL (for example,
@ http://njwin20-v02.us.oracle.com:7779/repcache/) when creating the document record.
Regards,
Kal -
Using Network Policy Server Polices in conjunction with RRAS on Server 2012 R2
Within the RRAS MMC console there is an option called Remote Access Logging & Polices.
If I right mouse click and can get to the NPS and tried to configure a couple of basic settings (e.g. group membership of Domain Admins required) for granting access.
However when testing this, the policy did not seem to apply (aka the user got on even though group membership was not correct).
I have made sure that the dial-in properties for the user was set to Control access through NPS Network Policy.
Q/ For the above to work, do I actually need to install the NPS role itself or can it work independently?Hi,
It seems that Remote Access logging and policy configuration is now performed through NPS since Windows server 2008.
As you have tested for this, I assume that you would need to install the NPS role to perform RADIUS accounting and Network Polices.
More information:
Network Policy Server
In addition, since it is related to network, I will move it to the Network Access Protection forum for better assistance. Thanks for your understanding and support.
Best regards,
Susie
Maybe you are looking for
-
My Firepod (presonus) not working on windows xp on my mac ?
Hi guys, so here is the deal. I just baught a 17inch 2.8 mac book pro to help me with music recording. I am an old pc user and all my programs are for that platform. So what I did is install windows xp pro (legal version) with the help of boot camp.
-
Configured local login on the console, but forgot to create a user...
I saved the config, restarted and now I can't log in. Is there any way to undo this change? Should I just follow the normal password reset procedure (press the mode button, backup config, etc) and then create a login this way? I assume so, but I'm
-
Is "Asus Strix GeForce GTX 970 OC DirectCU II 4Gb" Compatible with Adobe sotfware?
Hi! I´ve been thinking about buying a new Graphic Card "Asus Strix GeForce GTX 970 OC DirectCU II 4Gb", but when i went to see the requirements for Adobe Premiere, After Effects and Photoshop, that card is not recommended. If i buy that graphic card,
-
Photoshop/Lightroom CC question
I'm thinking about getting the Photoshop/Lightroom 9.99 package, but I already own and have installed a current copy of Lightroom 5. Could this result in any problems when I download the cc version of Photoshop/Lightroom. If so, what should I do to a
-
Hello I'm very new to labview and I'm trying to learn how I can trigger off certain LED's at 2 different volumes of sound. Normal volume will trigger green LED and loud will trigger red LED, no sound doesnt trigger any LED. I'm not quite sure where t