NAM 4.6 with NAS agent issues
Dear Faisal and pros,
I have installed and configured NAM HA at HQ and NAS in 3 more locations in OOB VG mode.Everything was fine and running. Last day due to power failure, one of the edge router lost its power then back came up.But both the NAM HA pair and all other branch NAS were not brought down during the power shut down. After that, the clients in few branches are not connected to the NAC so we manually bypass the users by uncontrolled them in PROFILE and change the vlan from auth to access on the same profile page. What is the cause for this issue to be resolved.
Please help me to resolve this issue.
Sami
I expalin it bit more clear to make you understand.
HQ site with HA CAM pair and HA CAS pair configured and there are 6 branches where single CAS installed. The mode being used is OOB VG with SSO single sign-on.Three branches out of 6 using NME-NAC-K9 module 2821 router.
Problem Des:
Last day there was an power outage due to that the connectivity between CAM pair and other branch CAS were lost then after the power come up,the users in 3 branches are not able to connect (Login) to the network through the NAC agent. The connectivity between NAM and NAC module
is up. Also in other branch out of 200 users, some users are able to connect and others are not.
What is the issue to resolve this problem.
In the client laptop we are getting error "the NAC server is not available and contact administrator. There are connectivity between NAM and CAS.
sami
Similar Messages
-
Hi all when I send a text to a contact (iphone4s) the contacts name changes to a phone number and the name is lost. I then have to resave it again, googled it but can't see anyone with the same issue, any ideas ?
There is another setting for "Start Conversation from", that needs to be set to phone number.
-
Issue with ODI agent- Running continuously without any error
Please refer the below thread for more details
Re: Difference between running the PKGs with remote agent and Local agentThe above link is updated with my comments
-
Hello Archers,
I've set up an svn Server with Apache folloing your wiki on my raspberry pi.
https://wiki.archlinux.org/index.php/LAMP
https://wiki.archlinux.org/index.php/Subversion_Setup
Unfortunately I get errors when I try to commit several files (15 or so). I think it is a timeout issue, however I don't know where to specify the timeout in the httpd.conf (or httpd-ssl.conf)
This is a client error message:
Commit failed (details follow):
Unexpected end of svndiff Input
And this the corresponding server side log:
[date] [dav:error] [pid 448:tid 2854220848] (70007)The timeout specified has expired: [client 192.168.178.55:63819] Timeout reading the body (URI: /Dokumente/!svn/txr/9-q/Music/myfile.mp3) [408, #0]
[date] [dav:error] [pid 448:tid 2854220848] [client 192.168.178.55:63819] mod_dav_svn close_stream: error closing write stream [500, #185004]
[date] [dav:error] [pid 448:tid 2854220848] [client 192.168.178.55:63819] Unexpected end of svndiff input [500, #185004]
I assume it is some error like this: http://subversion.apache.org/faq.html#s … -truncated
I think I don't have specified the timeouts correctly, since I haven't found the default option.
tl:dr
Do you know how to set the timeouts in the apache configuration file?
I very much appreciate your help.
arch on pi
Here are my configuration Files with my position for the timeout order:
httpd-ssl.conf:
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailed information about these
# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# Required modules: mod_log_config, mod_setenvif, mod_ssl,
# socache_shmcb_module (for default value of SSLSessionCache)
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#SSLRandomSeed startup file:/dev/random 512
SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
SSLRandomSeed connect file:/dev/urandom 512
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
Listen 443
## SSL Global Context
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is an internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache "dbm:/run/httpd/ssl_scache"
SSLSessionCache "shmcb:/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout 6000
## SSL Virtual Host Context
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/mnt/sda1/svn"
ServerName 192.168.178.48:443
ServerAdmin [email protected]
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
# require an ECC certificate which can also be configured in
# parallel.
SSLCertificateFile "/etc/httpd/conf/server.crt"
#SSLCertificateFile "/etc/httpd/conf/server-dsa.crt"
#SSLCertificateFile "/etc/httpd/conf/server-ecc.crt"
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile "/etc/httpd/conf/server.key"
#SSLCertificateKeyFile "/etc/httpd/conf/server-dsa.key"
#SSLCertificateKeyFile "/etc/httpd/conf/server-ecc.key"
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
#SSLCertificateChainFile "/etc/httpd/conf/server-ca.crt"
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath "/etc/httpd/conf/ssl.crt"
#SSLCACertificateFile "/etc/httpd/conf/ssl.crt/ca-bundle.crt"
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded).
# The CRL checking mode needs to be configured explicitly
# through SSLCARevocationCheck (defaults to "none" otherwise).
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath "/etc/httpd/conf/ssl.crl"
#SSLCARevocationFile "/etc/httpd/conf/ssl.crl/ca-bundle.crl"
#SSLCARevocationCheck chain
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# TLS-SRP mutual authentication:
# Enable TLS-SRP and set the path to the OpenSSL SRP verifier
# file (containing login information for SRP user accounts).
# Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for
# detailed instructions on creating this file. Example:
# "openssl srp -srpvfile /etc/httpd/conf/passwd.srpv -add username"
#SSLSRPVerifierFile "/etc/httpd/conf/passwd.srpv"
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/http/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is sent or allowed to be received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog "/var/log/httpd/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#SSLSessionTimeout 5m
Timeout 600000
<Location />
DAV svn
SVNParentPath /mnt/sda1/svn/repos
AuthzSVNAccessFile /home/svn/.svn-policy-file
AuthName "SVN Repositories"
AuthType Basic
AuthUserFile /home/svn/.svn-auth-file
# Satisfy Any
Require valid-user
</Location>
</VirtualHost>
httpd.conf
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
ServerRoot "/etc/httpd"
Timeout 60000
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
# Mutex default:/run/httpd
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80
Listen 80
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
# Example:
# LoadModule foo_module modules/mod_foo.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#nach fehlermeldung
LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#Felhermeldung undefined symbols
LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#nach Fehlermeldung
LoadModule cache_socache_module modules/mod_cache_socache.so
#nochne Fehlermeldung
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule xml2enc_module modules/mod_xml2enc.so
#LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule mime_module modules/mod_mime.so
#LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule lua_module modules/mod_lua.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#Fuer die cipher suite
LoadModule ssl_module modules/mod_ssl.so
#LoadModule dialup_module modules/mod_dialup.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#1 for svn
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
#LoadModule cgid_module modules/mod_cgid.so
#LoadModule cgi_module modules/mod_cgi.so
#2 for svn
LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule imagemap_module modules/mod_imagemap.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
#3 for svn
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<IfModule unixd_module>
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User http
Group http
</IfModule>
# 'Main' server configuration
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
ServerAdmin [email protected]
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
# If your host doesn't have a registered DNS name, enter its IP address here.
#ServerName www.example.com:80
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
<Directory />
AllowOverride none
Require all denied
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/mnt/sda1"
#<Directory "/mnt/sda1/svn/repos">
# # Possible values for the Options directive are "None", "All",
# # or any combination of:
# # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# # Note that "MultiViews" must be named *explicitly* --- "Options All"#
# # doesn't give it to you.
# # The Options directive is both complicated and important. Please see
# # http://httpd.apache.org/docs/2.4/mod/core.html#options
# # for more information.#
# Options Indexes FollowSymLinks
# # AllowOverride controls what directives may be placed in .htaccess files.
# # It can be "All", "None", or any combination of the keywords:
# # AllowOverride FileInfo AuthConfig Limit
# AllowOverride None
# # Controls who can get stuff from this server.
# Require all granted
#</Directory>
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<Files ".ht*">
Require all denied
</Files>
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog "/var/log/httpd/error_log"
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
<IfModule log_config_module>
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
CustomLog "/var/log/httpd/access_log" common
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog "/var/log/httpd/access_log" combined
</IfModule>
<IfModule alias_module>
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
</IfModule>
<IfModule cgid_module>
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#Scriptsock cgisock
</IfModule>
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/srv/http/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
TypesConfig conf/mime.types
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
# Filters allow you to process content before it is sent to the client.
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#EnableMMAP off
#EnableSendfile on
# Supplemental configuration
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# Various default settings
Include conf/extra/httpd-default.conf
# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
# Secure (SSL/TLS) connections
Include /etc/httpd/conf/extra/httpd-ssl.conf
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# uncomment out the below to deal with user agents that deliberately
# violate open standards by misusing DNT (DNT *must* be a specific
# end-user choice)
#<IfModule setenvif_module>
#BrowserMatch "MSIE 10.0;" bad_DNT
#</IfModule>
#<IfModule headers_module>
#RequestHeader unset DNT env=bad_DNT
#</IfModule>
Edit: inserted tl;dr
Last edited by arch_on_pi (2014-05-18 21:33:24)Remember that Arch Arm is a different distribution, but we try to bend the rules and provide limited support for them. This may or may not be unique to Arch Arm, so you might try asking on their forums as well.
-
Agent issue:Oracle keeps proposing enlarging the memory of the java stack
Hi,
Our PROD agent suddenly started not responding . The package showing execution in monitor without showing what code it is executing. This continuously exeecuting package then we had to set to error and then we went with execution with Local(no agent) which got executed successfuly in prod but still having issues with PROD agent.
Oracle proposed the sol- "Oracle keeps proposing enlarging the memory of the java stack " The sol worked for few days and again facing the same issue. One of the
query raised by oracle is
"Ask the developers if they are using standard transaction processing knowledge modules and if they have considered using BULK loading type knowledge modules ? Please
ask them for the precise name of the Knowledge Modules used and if they have been customized or not"
How to identify this in detail? Any clue . We are using the standard KM and havent customized any KM
With Thanks,
Shilpa DhoteThe question is what Knowledge modules are you using? Some use Bulk type processing, others transaction based. You can list knowledge modules by interface using a SQL query like this one :
http://odiexperts.com/kms-in-each-interface -
Hi All,
I'm trying to deploy SCOM 2012 R2 agent onto a domain controller and I get the following error "Product: Microsoft Monitoring Agent -- Error 25211.Failed to install performance counters.. Error Code: -2147024809 (The parameter is incorrect.)."
I've installed the agent successfully onto 4 other domain controllers with out any issues.</p><p>The domain controllers are all VM's running on VMWare and are Windows Server 2012 R2.
I've rebuilt the Perfmon Counters based on this article: https://support.microsoft.com/en-us/kb/2554336?a=wsignin1.0
I've also enabled verbose logging on the msi installation:
InstallHSPerfCounters: Custom Action Data. C:\Program Files\Microsoft Monitoring Agent\Agent\
InstallHSPerfCounters: Installing agent perf counters.
InstallCounters: LoadPerfCounterTextStrings() failed . Error Code: 0x80070057. momv3 "C:\Program Files\Microsoft Monitoring Agent\Agent\HealthServiceCounters.ini"
InstallPerfCountersHelper: pcCounterInstaller->InstallCounters() for the default counters failed. Error Code: 0x80070057. HealthService
InstallPerfCountersLib: InstallHealthServicePerfCounters() failed . Error Code: 0x80070057.
InstallPerfCountersLib: Retry Count : .
InstallCounters: LoadPerfCounterTextStrings() failed . Error Code: 0x80070057. momv3 "C:\Program Files\Microsoft Monitoring Agent\Agent\MOMConnectorCounters.ini"
InstallPerfCountersHelper: pcCounterInstaller->InstallCounters() for the default counters failed. Error Code: 0x80070057. MOMConnector
InstallPerfCountersLib: InstallHealthServicePerfCounters() failed . Error Code: 0x80070057.
Any help on this would be great.Hi Stefan,
I've successfully installed the agent. The server needed a reboot after fixing the corrupt perfmon counters.
I know have a issue with the agent on the domain controller. It kkeeps on greying out and have used hslockdown to allow the local system access by using the following command.
HSLockdown.exe "ManagementGroupName" /A "NT AUTHORITY\Authenticated Users"
Further digging into the issue I see in the SCOM Management Server the following error "The entity servername is not heartbeating"
Written a SQL query to gather more information. SQL query I used is:
SELECT
ME.FullName,
HSO.StartDateTime AS OutageStartDateTime,
DATEDIFF (DD, hso.StartDateTime, GETDATE()) AS OutageDays,
HSO.ReasonCode,
DS.Name AS ReasonString
FROM vManagedEntity AS ME
INNER JOIN vHealthServiceOutage AS HSO ON HSO.ManagedEntityRowId = ME.ManagedEntityRowId
INNER JOIN vStringResource AS SR ON HSO.ReasonCode =
REPLACE(LEFT(SR.StringResourceSystemName, LEN(SR.StringResourceSystemName)
– CHARINDEX(‘.’, REVERSE(SR.StringResourceSystemName))), ‘System.Availability.StateData.Reasons.’, ”)
INNER JOIN vDisplayString AS DS ON DS.ElementGuid = SR.StringResourceGuid
WHERE (SR.StringResourceSystemName LIKE ‘System.Availability.StateData.Reasons.[0-9]%’)
AND DS.LanguageCode = ‘ENU’
AND ME.FullName like ‘%SERVER NAME%’ –Change name here or leave %% for ALL SERVERS
ORDER BY OutageStartDateTime
This gives me the following reason behind the failure : "The heartbeat from System Center Management Service is missing."
Have I missed anything? The agent is running fine, however SCOM is reporting that the heartbeat is missing.
Any help on this would be great. -
Hello,
I am working on setting up an environment where we will be running Coded UI tests. I’m planning on triggering the tests from TFS builds.
I have a test plan with 1 automated test case that doesn’t do much – it’s meant to always succeed
5 VMware servers with Test Agents – each is used in Desktop Client role – automated test launches browser window and types in user name on a Login page
If I RDP onto test machine, my Test Run (triggered by TFS build) is executed and succeeds
I am able to have the Test Run execute and succeed without me logging onto the test machine with the test user – so I know that, at least at some point –
Controller and agent accounts are in correct security groups
Firewalls exceptions got created during the configurations of controller & agent
Screen savers are disabled
Agent runs as process and is able to interact with the desktop
Without any changes to the Coded UI test or the environments themselves (as far as I can tell), my TFS test build randomly fails. I’ve seen a number of different errors:
The unit test adapter failed to connect to the data source or to read the data
Error calling Initialization method for test class PortalCodedUI.Tests.PageLogInCodedUITest: Automation engine is unable to playback the test because it is not able to interact with the desktop. This could happen if the computer running the test is
locked or it’s remote session window is minimized.
Test method PortalCodedUI.Tests.PageLogInCodedUITest.CodedUITestMethod1 threw exception… Failed to find any control that matched the search condition…
NOTE: screenshot shows minimized browser window
Failed to queue tests for test run […] on agent […]: No connection could be made because the target machine actively refused it
An error occurred while communicating with Agent
Unable to create instance of class PortalCodedUI.Tests.PageLogInCodedUITest. Error: System.ComponentModel.Win32Exception: Access is denied.
Another error that shows up in the Test Controller’s log is: Unable to delete temporary files on the following agent(s): vstfs:///LabManagement/TestMachine/1 – please note that the account the controller is running under is an admin on the Test Agent box.
Usually, restarting the machine and repairing the environment makes the test run and succeed again.
Given the fact that the errors I’m seeing are all over the place, they usually don’t occur twice in a row – I get a different one with every run – and that no obvious changes are made to the code or the environments themselves, I’m finding it very challenging
to troubleshoot any of them. I also suspect there may be another reason that causes all of my issues.
Any suggestions would be greatly appreciated.
Thank youStarain – thank you for your response.
I just want to reiterate that I have one test case with very simple code and no changes are being made
to it. I’m also not re-configuring the environments. After a reboot of a test machine, my runs succeed, and then at some point they start failing with one of the listed errors – once that happens, a reboot is needed for another successful build. To answer
your questions/comments:
I am using the build template – it’s pulling code from the TFS drop location
The test user can connect and execute Coded UI tests. It works a couple of times and then just stops and starts throwing errors. There are no screen savers, auto logon is enabled.
Test method PortalCodedUI.Tests.PageLogInCodedUITest.CodedUITestMethod1 threw exception… Failed to find any control that
matched the search condition
This error is thrown when the very same (and only) test is executed as before. My build runs a couple of
times in the row and the test succeeds. At some point, the test just starts failing with this error. There is a screenshot attached to the test result – it shows that IE was launched but it’s minimized.
I have enabled logs and I didn’t see anything in there that would point to reasons why these errors just start showing up after a
few successful runs. -
Jython Error with Standalone Agent when execute by designer
Hi guys,
I have a problem when trying to execute scenario by designer via standalone agent
here are some error that shown in the operator
ODI-1217: Session TEST_JYTHON (40198001) fails with return code 7000.
ODI-1226: Step TEST_JYTHON fails after 1 attempt(s).
ODI-1232: Procedure TEST_JYTHON execution fails.
Caused By: org.apache.bsf.BSFException: exception from Jython:
Traceback (innermost last):
File "<string>", line 1, in ?
ImportError: no module named re
If I generated this procedure to a scenario and execute by startscen.bat
there is no error.
And if run with no agent (local).It will not have a problem too.
here is the startscen command that i used
C:\oracle\product\11.1.1\Oracle_ODI_1\oracledi\agent\bin\startscen.bat TEST_JYTHON 001 GLOBAL "-NAME=P_Agent_S1"
So . I digging to the library folder that contains re.py in the folder Lib
and copy the whole folder "scripting" from
C:\oracle\product\11.1.1\Oracle_ODI_1\oracledi\client\jdev\extensions\oracle.odi.navigator\
then paste to folder
C:\oracle\product\11.1.1\Oracle_ODI_1\oracledi\agent\lib
Where should I look for more clue ?
Thanks in advance.Refer
http://msdn.microsoft.com/en-IN/library/hh231187.aspx
you can pass parameter like this
/SET \Package.Variables[$Package::ParameterName];<value> /SET \Package.Variables[$Project::ParameterName];<value>
Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs -
Is there any way to Mask the Name when a select statement is issued?
Dear all,
Is there any way to mask the name .. i mean if User issue a select statement in a customer table the real name should come like ' ABCXXXDEFXXCFXX'... Which is not the actual name?
e.g if Name: CHIEV SONG MEE
If user issue a statment select * from customers;
The Result Should come something Like this:
Name
CHXXV SXNG MXX
Thank Youuser3029023 wrote:
but it seems there is no option in oracle it self which can be used as there they are saying to get a data masking software which we can't due to some internal issues....I would not say that. How one implements masking depends entirely on the requirements that need to be met.
For example, schema A owns all the tables. Schema B can be created as a "trusted" schema - in other words, schema A trusts schema B and allows it full access (with grants) to its tables. Schema B implements data masking as views. For each table in A, a view exists in B that implements the required masking. B can now grant select access on these views to user C. User C will see the same data object names in B as it would have if it used A - only, by using the B data objects it uses masked data objects and not the original source data objects.
Another example - schema Dev is to have all the data objects of schema Prod, but masked where needed. One can use CTAS (Create Table As Select) to create the required tables in Dev with masked values where relevant. This Dev schema can be "refreshed" on weekends by dropping all tables and getting a new fresh copy of production data and masking it - ready for the next week's development cycle.
If the application use is for example APEX, then instead of coding SQL directly as reporting regions to display, a function is used instead. APEX supports reporting regions where it calls a function and this function provides the APEX run-time with the SQL to execute and contents to render. It is easy to use this approach to implement logic in functions that masked column data depending on who the APEX user is, the security/role attributes of the user, and so on.
No there is not a single "+mask this column!+" feature in Oracle.. but that does not mean that such a feature is not supported and cannot be implemented. Oracle has a very comprehensive and rich set of tools - more so than most (if not all) other RDBMS products.
It is up to the architect/designer/developer to use this toolkit in creating a system that meets the specific requirements at hand. -
A pdf file is created from a word document and then posted to our dealer portal. It allows the dealer to open the pdf file and then either print and/or save off to a hard drive. The issue is the file name has + signs in between all the words. Is there a way to eliminate the file names coming up with the plus signs? It is not being saved that way. Any help you can provide would be appreciated.
Use a proper file name for the WORD document. MS decided several years ago to allow spaces, but that is not standard and is likely what the issue is. A good alternative is to replace spaces in file names with underbars, "_".
-
UCCE 7.5.8 with CAD Agents sitting in India
Hi all,
I've got a scenario and am looking for some inputs.
I've got a centralized CUCM 7.1.3 with UCCE 7.5.8 and CAD 7.5.8. Today I only phones at our India office and all is working perfectly fine with no issues. I am looking into having CAD agents sitting at this office connecting UCCE environment back in California. I've done some testings with CAD agent installed in India and so far all is looking good. It takes about 60-80 seconds from the CAD login screen to completely login to CAD.My concern is the round-trip delay between Ca and India, it's about 290-300ms round-trip.
Questions:
Has anyone successfully deployed this type of scenario ? please share your experience !!!
Has anyone used WAAS to help accelerate CAD login process ?
Thanks in advance !!! and I appreciate any inputs/suggestions
D.[email protected] you know if CAD supervisor can monitor agent using CTIOS desktop ?
Here is your answer I hope it is useful for you .
UCCE 8.5 SRND page 198
Support for Mix of CAD and CTI OS Agents on the Same PG
Unified CCE deployments can support a mix of CAD and CTI OS agents on the same PG. If a mix is deployed, the sizing limitations of CAD apply.
Note that Cisco Supervisor Desktop (CSD) can monitor only CAD agents, and the CTI OS supervisor application can monitor only CTI OS agents.
Cisco Agent Desktop, Supervisor Desktop, and CTI OS cannot co-exist with Cisco CallManager PG; the configuration of agents and supervisors must be kept separate. Cisco Supervisor Desktop cannot be used to monitor a CTI OS agent desktop, nor can a CTI OS supervisor monitor a Cisco Agent Desktop agent.
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/ipcc_enterprise/srnd/5x_6x/c5desktp.html
Regards
Irfan Tariq -
Alerts not working with direct agent?
I'm aware of
this issue with the SQL Intelligence pack and direct agents, which I'm also experiencing, but Alerts don't seem to be working with my direct agents either. I switched the handful of servers I had reporting under the old gateway model to direct agents
last week, and added 6 new direct agent servers, I know some of those new servers have the same hotfix alerts that I'm seeing from the old ones, but I have not received a new alert since 11/26 when I switched everything over, and when I login to the portal
and view alerts I receive:
"No gateway or SCOM management group detected. Op Insights required a gateway or SCOM management group in order to analyze data and generate alerts"
Followed by a link to the deployment guide, when I read the deployment guide for direct agents there no mention of an SCOM deployment requirement.
Any suggestions? Is anyone who is configured with direct agents successfully receiving alerts?Indeed. Configuration Assessment 'alerts' are disabled with Direct Agent. Please look at the answer given here
https://social.msdn.microsoft.com/Forums/azure/en-US/8241918e-41f4-4429-9a5f-962e96908878/repeated-closed-alerts-emails-on-closed-alerts-in-opsinsight?forum=opinsights with regards to those 'alerts': we are moving away from 'alerts' for configuration-related
issues, and replacing them with those 'Recomendations' shapes (like the SQL Assessment). Those weren't 'alerts' in the first place - those were *proactive* recommendations. For new accounts with only Direct agents, those are not even produced and those screens
are unavailable. We think of 'Alerts' in the SCOM sense: server is down, needs immediate action even at 2am.
In this sense, we think of 'Alerts' as something that should be user-defined and based on searches where you can determine what to alert for, against any type of data - see this idea here
http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519198-long-running-saved-searches-or-scheduled-that-ca -
ISe with NAC agent pop up and Posture waiting
Hi,
I have ISE running ver 1.1.1.268. We limited access certain services before authuenticate with ACL-DEFAULT(given below) as per the Trustsec desgin guide.
Now the issue is that when you have ACL-DEFAULT on the port NAC agent doest not pop-up and doest not start the posture part and saying waiting for Posture validation. When the ACL-DEFAULT removed from the access port NAC agent popup and do the posture validation.
However we do not want user to get access to network before the authorization and that is the reason we use the ACL-DEFAULT.
Please can someone advise me how to achieve the above both task. Why the NAC agent does not popup and do the posture when ACL-DEFAULT there in the switch.
Here is what I have configured on ACL-DEFAULT.
ip access-list extended ACL-DEFAULT
remark DHCP
permit udp any eq bootpc any eq bootps
remark DNS
permit udp any any eq domain
permit tcp any any eq domain
permit udp any any eq 389
permit tcp any any eq 135
permit tcp any any eq 445
permit udp any any eq 445
permit tcp any any range 135 139
permit tcp any any eq 389
permit tcp any any eq 3268
permit icmp any any
remark PXE / TFTP
permit udp any any eq tftp
permit tcp any host 172.xx.xx.xx eq 8443 (ISE-Pri)
permit tcp any host 172.xx.xx.xx eq 8443 (ISE-Sec)
remark Drop all the rest
deny ip any any log
Appreciate if someone can give a solid resolution and explanation to this.Hi Saurav,
We have already allowed those ports with another acl (ACL-POSTURE-REDIRECT). Our issue is not with the web nac agent.
The issue is with NAC agent installed on corperate PCs connecting via wired port. With the ACL-DEFAULT it does not pop-up and does not do the posturing, however once we removed the ACL-DEFAULT from the access port, everything works fine.
Since we do not want any user to access unwanted services before authorization we add this ACL on the access-port and as per the trustsec desgin this has to be there if you want to have ISE with closed mode.
thanks -
I have 3 systems with the same issue (BSDOD) Event ID 41
I have 3 systems with the same issue that 1 to 4 times a day it crashes. This is on a VM complex running Win2K8 SR2.
I say many Symbol search path issues and fixed that on the system that can see internet (others are behind BSO Firewall)
Now I am down to the last issue with this first server W2K8.
If anyone cal help me it would really make my day...............
************* Symbol Path validation summary **************
Response Time (ms) Location
OK
C:\Windows\Minidump
0: kd> !analyze -v
* Bugcheck Analysis
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffffa7f0ee7a410, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88000e0b9ec, address which referenced memory
Debugging Details:
READ_ADDRESS: fffffa7f0ee7a410
CURRENT_IRQL: 2
FAULTING_IP:
NETIO!FreeMatchBufListInternal+1c
fffff880`00e0b9ec 488b5910 mov rbx,qword ptr [rcx+10h]
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
TRAP_FRAME: fffff880021d8990 -- (.trap 0xfffff880021d8990)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa7f0ee7a400
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88000e0b9ec rsp=fffff880021d8b20 rbp=fffffa800cd199b8
r8=00000000000017e8 r9=00000000000000d0 r10=fffff80001603000
r11=0000000000000099 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
NETIO!FreeMatchBufListInternal+0x1c:
fffff880`00e0b9ec 488b5910 mov rbx,qword ptr [rcx+10h] ds:fffffa7f`0ee7a410=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001678169 to fffff80001678bc0
STACK_TEXT:
fffff880`021d8848 fffff800`01678169 : 00000000`0000000a fffffa7f`0ee7a410 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`021d8850 fffff800`01676de0 : fffffa80`0d6cdc50 fffff880`010d8ba0 00000000`00000000 fffffa80`0ec7a170 : nt!KiBugCheckDispatch+0x69
fffff880`021d8990 fffff880`00e0b9ec : fffffa80`0f173cf0 fffffa80`0cd199b8 00000000`48706657 fffffa80`0cd199b8 : nt!KiPageFault+0x260
fffff880`021d8b20 fffff880`00e150f3 : fffffa80`0ec7a170 fffffa80`0cd199b8 00000000`00000011 fffffa80`0cd199b8 : NETIO!FreeMatchBufListInternal+0x1c
fffff880`021d8b50 fffff880`00e13f9d : fffffa80`0ec7a190 00000000`00000000 fffff880`021d8c30 fffff880`00e9273f : NETIO!FreeCacheEntry+0xa3
fffff880`021d8b90 fffff880`00e15176 : fffff880`021d8c30 00000000`00000000 fffffa80`0cd82660 fffffa80`0cd199b8 : NETIO!FreeSomeCacheBucketEntries+0x6d
fffff880`021d8be0 fffff880`00e1e221 : 00000000`0000000c fffffa80`0cd82660 fffffa80`0c020004 fffffa80`0cd82660 : NETIO!FreeSomeCacheEntries+0x36
fffff880`021d8c10 fffff880`00e073de : fffffa80`0f000003 fffffa80`0f173cf0 fffffa80`0cd82660 fffffa80`0f173cf0 : NETIO! ?? ::FNODOBFM::`string'+0x7a46
fffff880`021d8c50 fffff800`0196fc93 : 00000000`00000001 00000000`00000001 fffffa80`0f173cf0 fffffa80`0cd82660 : NETIO!TickWorker+0xe
fffff880`021d8c80 fffff800`01682261 : fffff800`0181e200 fffff800`0196fc01 fffffa80`0cd82600 fffff800`0181e2d8 : nt!IopProcessWorkItem+0x23
fffff880`021d8cb0 fffff800`0191473a : 498b4809`75c43b41 fffffa80`0cd82660 00000000`00000080 fffffa80`0cd78740 : nt!ExpWorkerThread+0x111
fffff880`021d8d40 fffff800`016698e6 : fffff880`0205d180 fffffa80`0cd82660 fffffa80`0cd83660 ffffff33`e9ed75cd : nt!PspSystemThreadStartup+0x5a
fffff880`021d8d80 00000000`00000000 : fffff880`021d9000 fffff880`021d3000 fffff880`021d89e0 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!FreeMatchBufListInternal+1c
fffff880`00e0b9ec 488b5910 mov rbx,qword ptr [rcx+10h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: NETIO!FreeMatchBufListInternal+1c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 5294760d
FAILURE_BUCKET_ID: X64_0xD1_NETIO!FreeMatchBufListInternal+1c
BUCKET_ID: X64_0xD1_NETIO!FreeMatchBufListInternal+1c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xd1_netio!freematchbuflistinternal+1c
FAILURE_ID_HASH: {4f4b2cba-a197-a425-b97a-8f7cbfbac87f}
Followup: MachineOwnerGWD
This does not surprise me at all. These were/are related to your Symantec. IMHO it is bloatware and after doing 10,000+ BSODS I have seem it more than any other malware app I would remove it and use MSE in its place
Symantec is a frequent cause of BSOD's.
I would remove and replace it with Microsoft Security Essentials AT LEAST TO TEST
http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
http://www.microsoft.com/security_essentials/
For Norton 360 use this http://symantec.pcperformancetools.com/norton-360-how-to-uninstall.html
Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Ken\Desktop\Minidump\102714-47923-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*D:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*D:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7601.18526.amd64fre.win7sp1_gdr.140706-1506
Machine Name:
Kernel base = 0xfffff800`0165e000 PsLoadedModuleList = 0xfffff800`018a1890
Debug session time: Mon Oct 27 05:05:39.635 2014 (UTC - 4:00)
System Uptime: 1 days 4:50:11.507
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck C5, {8, 2, 1, fffff80001808147}
*** WARNING: Unable to verify timestamp for SYMEFA64.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEFA64.SYS
Probably caused by : SYMEFA64.SYS ( SYMEFA64+27c5 )
Followup: MachineOwner
0: kd> !analyze -v
* Bugcheck Analysis *
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80001808147, address which referenced memory
Debugging Details:
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExAllocatePoolWithTag+537
fffff800`01808147 48895808 mov qword ptr [rax+8],rbx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER
PROCESS_NAME: ccSvcHst.exe
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
TRAP_FRAME: fffff880069f9580 -- (.trap 0xfffff880069f9580)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800f880f60
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001808147 rsp=fffff880069f9710 rbp=0000000000001000
r8=0000000000000000 r9=fffff80001863770 r10=fffff80001863588
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExAllocatePoolWithTag+0x537:
fffff800`01808147 48895808 mov qword ptr [rax+8],rbx ds:00000000`00000008=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800016d3169 to fffff800016d3bc0
STACK_TEXT:
fffff880`069f9438 fffff800`016d3169 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`069f9440 fffff800`016d1de0 : fffff880`069f9690 fffffa80`0d157d80 fffff880`069f9500 fffff800`01863770 : nt!KiBugCheckDispatch+0x69
fffff880`069f9580 fffff800`01808147 : fffff8a0`078d3140 00000000`00000702 fffffa80`0f95c800 fffff8a0`078d33a8 : nt!KiPageFault+0x260
fffff880`069f9710 fffff880`016bf7c5 : fffff880`00000000 00000000`00000000 fffffa80`0ddc6530 fffff880`00000000 : nt!ExAllocatePoolWithTag+0x537
fffff880`069f9800 fffff880`00000000 : 00000000`00000000 fffffa80`0ddc6530 fffff880`00000000 00000000`00000000 : SYMEFA64+0x27c5
fffff880`069f9808 00000000`00000000 : fffffa80`0ddc6530 fffff880`00000000 00000000`00000000 fffff880`016bf514 : 0xfffff880`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
SYMEFA64+27c5
fffff880`016bf7c5 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: SYMEFA64+27c5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SYMEFA64
IMAGE_NAME: SYMEFA64.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 530fcaf7
FAILURE_BUCKET_ID: X64_0xC5_2_SYMEFA64+27c5
BUCKET_ID: X64_0xC5_2_SYMEFA64+27c5
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xc5_2_symefa64+27c5
FAILURE_ID_HASH: {c40fe135-4c88-ce5c-c7b0-361d3927c5c6}
Followup: MachineOwner
Wanikiya and Dyami--Team Zigzag -
Context with counter mapping issue
I need help with a mapping issue.
I have a source document that has multiple line items which in turn contains multiple item texts. This structure has been simplified below.
Source Sample
<DOCUMENT>
---<LINEITEM>
<ITEMFIELD>itemfield</ITEMFIELD>
<ITEMTEXTS>
<TEXT>text 1</TEXT>
</ITEMTEXTS>
<ITEMTEXTS>
<TEXT>text 2</TEXT>
</ITEMTEXTS>
---</LINEITEM>
</DOCUMENT>
Source Structure
DOCUMENT 1..1
LINEITEM 0..unbounded
ITEMFIELD 0..1
ITEMTEXTS 0..unbounded
In the target structure, I need to output each line item with a counter to represent the line item number. Also, I need to output each item text with the line item number it corresponds to:
Target Sample
<DOCUMENT>
---<LINEITEM>
<ITEMNUMBER>1</ITEMNUMBER>
<ITEMFIELD>itemfield</ITEMFIELD>
---</LINEITEM>
---<ITEMTEXTS>
<ITEMNUMBER>1</ITEMNUMBER>
<TEXT>text 1</TEXT>
---</ITEMTEXTS>
---<ITEMTEXTS>
<ITEMNUMBER>1</ITEMNUMBER>
<TEXT>text 2</TEXT>
---</ITEMTEXTS>
</DOCUMENT>
Target Structure
DOCUMENT 1..1
LINEITEM 0..unbounded
ITEMNUMBER 1...1
ITEMFIELD 0..1
ITEMTEXTS 0..unbounded
ITEMNUMBER 1..1
TEXT 1..1
I do not know how to match the ITEMNUMBER in the ITEMTEXTS target structure with the corresponding LINEITEM target structure. Can anyone help me with this?
Regards,
JMJames,
I've tried both 1.2 release and 2.0 (v20091121-r5847) but received the same result - empty Map.
Moreover, for both versions the following string was absent in deployed XML file:
+<direct-key-field table="PARAM_SESS" name="PARAM_NAME" xsi:type="column"/>+
Therefore, on application initialization I have got an exception: org.eclipse.persistence.exceptions.DescriptorException with message This descriptor contains a mapping with a DirectMapMapping and no key field set.
So I was forced to add the line manually.
This seems buggy to me...
Regards,
Alexey
Maybe you are looking for
-
Conditon value not updating in CONDITION tab for Sales Order
Hi Experts, Can anyone tell me about this ? I have created a Z condition type for VA01 and need to place some value (based on some logic taken from conditon records). I am not able to do this. Steps already taken care of. !) In VOFM >formula section
-
Airport problems after update Airport Extreeme 2008-004 V.1
Since when i have installed the update Airport Extreeme 2008-004 V.1 my Airport card is giving me problems. The network seams to go down and if i reset the Airport it restart working for a certain time. I have noted that the problem apears most of th
-
Is it possible to put two levels of the same dimension side by side in a report written using the report writer that comes with App manager? For example, to have Get2,Year and Gen3,Year be side by side columns?Thanks...
-
Hi, Folks! There is a problem with file loading from local PC. There is InfoPackage with radiobutton "Start Data Load immediatly ". I try to start BAPI_IPAK_START': call function 'BAPI_IPAK_START' exporting infopackage = 'ZPAK_D4B2FQS
-
IPhone 4s locked up after trying to update to ios 7
I created a backup file in iTunes, then I updated my iPhone 4s to ios 7 on a Windows 8 computer while connected to the iTunes software. Now the iPhone is stuck on an iTunes/USB image and iTunes does not recognize that the phone is connected so I can'