Need suggestion for ISE distributed deployment model in two different data centers along with public certificate for HTTPS

Similar Messages

• I have one of the old macbooks and wish to hook it up to my tv. do i need a mini dvi to hdmi adapter plus a 3 rca phono lead with a jack for the sound. please help as im useless at this stuff. cheers

  i have one of the old macbooks and wish to hook it up to my tv. do i need a mini dvi to hdmi adapter plus a 3 rca phono lead with a jack for the sound. please help as im useless at this stuff. cheers

  First we need to know which one of the 9 different models of MacBook you have. To see which model you have go to the Apple in the upper left corner and select About This Mac, then click on More Info (and then System Report if you’re running 10.7 Lion). When System Profiler comes up check the Model Identifier and post it back here.
  The Late 2008 model 5,1 Aluminum Unibody and the Late 2009 model 6,1 and Mid 2010 model 7,1 White Unibody have a Mini DisplayPort. The Early 2006 model 1,1 through Early 2008 model 4,1s plus the Early and Mid 2009 model 5,2s have Mini-DVI ports. Each would take a different adapter to connect with the TV.

• Depreciation posting for two different Cost Centers

  Hello everybody,
  My client has an asset that was assigned to Cost Center #1 from the 1st of january to the 20th. Then it was reassigned to Cost Center #2. (Cost Center is configured to be a time dependent field).
  We were expecting the system to split the depreciation amount into these two Cost Centers at the end of the month. Apparently we were expecting too much. The depreciation amount is going completely to Cost Center #2 wich is incorrect.
  Do you think that there is something missing in the configuration? Or SAP just does not split the depreciation amount according to the time intervals? If that is impossible, do you have any alternative solutions?
  Thanks a lot,
  Plácido

  Distribution of Depreciation and Interest
  It is only possible to enter one cost center in the asset master record. You distribute depreciation and interest to different cost centers using settlement within Controlling (CO). The cost center in the asset master record then serves the function of a distribution cost center.
  The disadvantage of this approach is that reports show only the distribution cost center, and not the cost centers that are actually debited. Also, you need to create a separate cost center for the distribution.
  A different approach is to follow this procedure:
  ·        Determine the cost center that you want to be shown in asset reports as the cost center of the asset. Enter this cost center in the asset master record.
  ·        Enter an internal order in the asset master record. The system then posts to this order when it posts depreciation. The system does not post to the cost center.
  ·        Settle the internal order to the cost centers that you want to debit.

• Public certificate for lync/exchange

  Hi guys,
  I need to buy public certificate for lync 2013. Shall I include SAN name for my Office web apps(OWA) too ? which currently included in my Exchange SAN certificate.
  anyone has good links on configure lync with existing exchange 2013 ? and also link to configure lync edge in order for external access. our plan to use windows 2012 R2.
  this is 1st time for me to configure lync and I need help. thx

  Hi Developer_75,
  Agree with Thamaraw, You can include all SAN records in to a single certificate.
  And there are some links for your reference.
  Integrating Microsoft Lync Server 2013 and Microsoft Outlook Web App 2013
  Configuring Microsoft Exchange Server 2013 Unified Messaging for Microsoft Lync Server 2013 voice mail
  Configuring the use of high-resolution photos in Microsoft Lync Server 2013
  Lync External Access
  Best regards,
  Eric

• HT4314 I have a iPad and iPhone with the same Apple ID, but on Game Center I have used the same id for both devices and they are two different profiles and I was wondering how to have one of the accounts on both devices.

  I have a iPad and iPhone with the same Apple ID, but on Game Center I have used the same id for both devices and they are two different profiles and I was wondering how to have one of the accounts on both devices.

  Hi Jamesdwills,
  Welcome to the Support Communities!
  If you are using the same Apple ID on both devices, the Game Center profile should be the same.
  Check out this information from the iPad User Guide.  Try signing out of the Game Center on both devices and then sign back in with the correct Apple ID:
  Using Game Center
  http://support.apple.com/kb/ht4314
  Game Center settings - iPad User Guide
  http://help.apple.com/ipad/7/#/iPad9a13d039
  Game Center settings
  Go to Settings > Game Center, where you can:
  Sign out (tap your Apple ID)
  Allow invites
  Let nearby players find you
  Edit your Game Center profile (tap your nickname)
  Get friend recommendations from Contacts or Facebook
  Specify which notifications you want for Game Center. Go to Settings > Notifications > Game Center. If Game Center doesn’t appear, turn on Notifications.
  Change restrictions for Game Center. Go to Settings > General > Restrictions.
  Cheers,
  - Judy

• I am new to mac. just purchaased it 3 weeks ag along with MS office for mac, i notice that all my outlook email are in this finder folder, can i delete these email files from this location? why are they there anyway?

  I am new to mac. just purchaased it 3 weeks ag along with MS office for mac, i notice that all my outlook email are in this finder folder, can i delete these email files from this location? why are they there anyway?

  Cherry63 wrote:
  I am talking about the icon on the docking row, that's the guy with the smily face. When you click on him it brings up a bunch of files of what I seem to have store/created on my Imac. There are hundreds of emails and some other documents. I tried to delete a few of them when I first got the MS office but it did not like that, it said it have to rebuild oulook. Why cant i delete these files? is this Apple version of Window outlook PST files?
  These file extenssions are listed as
  olk14_message or even or ccontact. I wish I could send a screen print but I dont see that on the key board. Maybe I should have stuck with windows..
  Oh the ...olk14_message's.  Do not delete them behind Outlooks back, i.e., from the finder.  Those are the various messages that you sent, received, or deleted in Outlook.  They are indexed by Outlook so if you delete behind Outlook's back Outlook will get confused trying to access those messages.
  You can delete them however using Outlook itself.  In outlook select a mailbox (Drafts, Sent Items, Deleted Items, etc.) by clicking on the mailbox on the left.  It will show you the messages in that mailbox.  You can now select all or selected items in that mailbox.  The click the Edit menu and select Delete.  You will get a dialog asking if you really want to delete the selections.  Answer "Delete" and the messages will get deleted.
  The olk14_message's you are seeing are the actual messages shown the Outlook mail boxes.  When you actually delete them the way I just described the corresponding olk14_message files will also be deleted.
  Note Outlook's Deleted Items mailbox is where all deleted messages go when you click the Delete tool in the Outlook toolbar.   Thus using the Delete tool from the toolbar does not permanently delete the messages.  So if you been using that for months or years you are going to have a very large Deleted Items mailbox.  And every one of those items in there is going to have a corresponding olk14_message file for that message.
  So if those olk14_message files you are seeing are from the Deleted Items mailbox you can get rid of all those corresponding olk14_message files by selecting all the messages in Deleted Items and using the Edit menu's Delete.
  Alternative ways to the Edit/Delete to do the permanent delete is select (all) the messages to delete and control (right) click to bring up the Outlook contextual menu and select Delete from it.
  Finally if you use the Delete tool in the toolbar for messages selected in the Deleted Items mailbox you will be able to permanently delete those too.  It's an exception since using the tool on the Deleted Items means there's no place to put those messages except to "oblivion".
  So, in summary, using the Delete tool in the toolbar on messages in every mailbox except the Deleted Items mailbox just moves messages to the Deleted Items mailbox.  But using the Delete tool on items in them Deleted Items mailbox permanently deletes the selected items in there.  And only permanently deleting items removes the corresponding actual ...olk14_message files.

• Edge Public Certificate for Single Edge Pool + Reverse Proxy

  I have a public certificate that was ordered prematurely and the SN does not match the current set up of the access URL.  The company that the certificate was ordered from does not allow editing of the SN or what they call domain name without paying
  for an entirely new certificate.  I do, however, have ample SANs that I can play with.  I do not have a whole lot of experience with public certificates and am definitely not use to this "set in stone" deal.  I've also included my
  reverse proxy urls in the SAN portion but that, last time I checked, is still "Ok" to use one cert for Edge and RP to reduce costs.
  Current Cert Example:
  SN access.domain
  SAN access1.domain
  conf1.domain
  lyncdiscover.domain
  ...etc.
  Edited Certificate
  SN access.domain
  SAN newaccess.domain
  newconf.domain
  Lyncdiscover.domain
  ..etc
  So, my question is as follows:
  Can I save my public cert and myself some heartache by either adding the new entries in the SAN area or using DNS in a way, or did I just learn a costly lesson?

  You're fine if I understand the question.  If the question is: Am I screwed if the common name doesn't match the access edge name? Then the answer is "You're fine".
  http://technet.microsoft.com/en-us/library/gg398920.aspx
  "The subject name of the certificate is the Access Edge service external interface fully qualified domain name (FQDN) or hardware load balancer VIP (for example, access.contoso.com).  Note: For Lync Server 2013, this is no longer a requirement,
  but it is still recommended for compatibility with Office Communications Server. "
  So, recommended and considered good practice, but not required.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• HT3702 I have two charges to my credit card for the same dollar amount at two different times. First on 2/27/14 & second on 3/25/14 for $4.34. today's is pending payment and last months has been removed form my account. I have not purchased anything.

  I have two charges to my credit card for the same dollar amount at two different times. First on 2/27/14 & second on 3/25/14 for $4.34. today's is pending payment and last months has been removed from my account. I have not purchased anything.

  If they are regular payments for the same amount then it sounds like you have an auto-renewing subscription - there are instructions on this page for managing and stopping them : http://support.apple.com/kb/HT4098

• Ise distributed deployment upgrade

  My customer has an ISE deployment with 4 nodes: Admin/Monitor Primary and Secondary plus 2 Policy Server. The Admin nodes are VMs, the Policy nodes are 3315 appliances.
  The system was installed almost three years ago with the version 1.1.0 ... It appears the system never had issues so never was patched or upgraded. Why fix something that is working fine?
  Today there was an issue because the certificates expired, so in the review to get the system up and running again, the update issue bring on to the conversation. We like to do an upgrade to the last supported version. So I wonder for some tips and ideas to take care for planning the upgrade.
  I have some doubts:
  Can the 3315 appliance support the release 1.3 without issues?
  I know the upgrade procedure is basically installing a .tar file, but I'm not clear how the process in a distributed deployment should be. I had run upgrades in standalone systems, but never in a distributed deployment. So, I need to upgrade the Primary Admin only and the other nodes would upgrade automatically?
  I would need to upgrade 1.1 to 1.2 first and then 1.2 to 1.3?
  I undertand release 1.1 was in 32 bits, and the version 1.2 and 1.3 are in 64 bits, so I guess the process would take a long time (perhaps a couple of hours), so a maintenance window would need 3 or 4 hours until the full system became stable.
  Can you give me some advice and suggestions to avoid major issues?
  Regards.
  Daniel Escalante.

  Can you give me some advice and suggestions to avoid major issues?
  Documents related to upgarde were given by Venkatesh refer those. Along with that additional information.
  Can the 3315 appliance support the release 1.3 without issues?
  Cisco ISE-3315-K9 (small) 3
  Supports ISE 1.3
  Any
  1x Xeon 2.66-GHz quad-core processor
  4 GB RAM
  2 x 250 GB SATA4 HDD5
  4x 1 GB NIC6
  I know the upgrade procedure is basically installing a .tar file, but I'm not clear how the process in a distributed deployment should be. I had run upgrades in standalone systems, but never in a distributed deployment. So, I need to upgrade the Primary Admin only and the other nodes would upgrade automatically?
  When upgrading to Cisco ISE, Release 1.2, first upgrade the secondary Administration node to Release 1.2. You do not have to manually deregister the node before an upgrade. Use the application upgrade command to upgrade nodes to Release 1.2. The upgrade process deregisters the node automatically and moves it to the new deployment. If you manually deregister the node before an upgrade, ensure that you have the license file for the Primary Administration node before beginning the upgrade process. If you do not have the file on hand (if your license was installed by a Cisco partner vendor, for example), contact the Cisco Technical Assistance Center for assistance.
  I would need to upgrade 1.1 to 1.2 first and then 1.2 to 1.3? I undertand release 1.1 was in 32 bits, and the version 1.2 and 1.3 are in 64 bits, so I guess the process would take a long time (perhaps a couple of hours), so a maintenance window would need 3 or 4 hours until the full system became stable
  If you are on a version earlier than Cisco ISE, Release 1.2, you must first upgrade to 1.2 and then to 1.3.
  You can upgrade to Cisco ISE, Release 1.2, from any of the following releases:
  Cisco ISE, Release 1.1.0.665 (or 1.1.0 with the latest patch applied)
  Cisco ISE, Release 1.1.1.268 (or 1.1.1 with the latest patch applied)
  Cisco ISE, Release 1.1.2, with the latest patch applied
  Cisco ISE, Release 1.1.3, with the latest patch applied
  Cisco ISE, Release 1.1.4, with the latest patch applied
  Type of Deployment
  Node Persona
  Time Taken for Upgrade
  Standalone (2000 endpoints)
  Administration, Policy Service, Monitoring
  1 hour 20 minutes
  Distributed (25,000 users and 250,000 endpoints)
  Secondary Administration
  2 hours
  Monitoring
  1.5 hours
  After upgrading to ISE 1.2, upgrade to ISE 1.3
  Type of Deployment
  Node Persona
  Time Taken for Upgrade
  Standalone (2000 endpoints)
  Administration, Policy Service, Monitoring
  1 hour 20 minutes
  Distributed (25,000 users and 250,000 endpoints)
  Secondary Administration
  2 hours
  Monitoring
  1.5 hours
  Factors That Affect Upgrade Time
  Number of endpoints in your network
  Number of users and guest users in your network
  Profiling service, if enabled

• ISE Distributed Deployment

  Hi All,
  Deploying multiple PSN's with a  distributed deployment, do all the PSN's have to be in the same domain? I  have 8 set up in one domain, and would like to run a few more through  firewalls and using a different dns domain.
  Also interested to see  how AD integration works with this. I'd still expect to join the nodes  to the common AD domain. Would they be able to join an AD domain which  isn't linked with their FQDN?
  I'm hoping that running the other policy nodes on an external domain, I can use a standard CSR for the external public certs.
  All comments, suggestions, spoliers welcomed! Question is out to Cisco but I know the value of these forums too.

  Hi,
  You will have to join all ISE nodes to the same AD domain since the policy for user enforcement (for any external conditions) is configured at the Primary Admin node and replicated down to the PSNs. However, if you choose to configure a different dns domain for one PSN and then join it to the command AD domain, the only issue I see with this is SAMAccount name being sent in the username and not the UPN.
  If a user requests authentication with johndoe and your AD domain is abc.com but your dns domain is def.com, then ISE will try to authenticate [email protected] (from my experience), there have been some improvements where ISE should be able to note that this is an authentication request and should suffix the request with [email protected] but I am not 100 percent sure.
  If you have a cisco account rep (with your deployment size I am absolute sure you do) have them ping the BU on this issue and see what the official response is.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Report on Open Items along with Qty & Value for LA confirmed items

  Hi,
  I would like to know a report of Open POs(No Goods receipt made) but LA confirmed Items along with Values(Amount)
  i.e
  List of confirmed,unsent items along with Values for plant wise or vendor wise or PO Number wise.
  Regards,
  Vengat

  Hi,
  Any other inputs?
  Our client's requirement is to know how many (Both Qty & Value) of items for the input LA confirmed(ASN received) but no GR Made
  Regards,
  Vengat

• HT204053 Can I use the same Apple ID for iMessage and FaceTime services from two different devices - iPhone and iPad?

  Can I use the same Apple ID for iMessage and FaceTime services simultaneously on two different devices - iPhone and iPad? It seems those are competing to each other, and the services work on one of them only (iPhone).

  Many thanks, Sir! Both are mine and it's good to know that imessage can work on both with the same Apple ID. Will now have to find out why imessage stopped working on iPad when it started on iPhone (new). After exploring the forum I understand  that there may be plenty of reasons why imessage does not work, even though it worked previously on the same device with the same ID.

• Report of Groups owned along with group memberships for each group, all in a single .csv file

  Hello all,
  What I'm trying to do is generate a report of all groups owned by a specific user, along with the group memberships, and output it all to a single .csv file. In the .csv file, I would like to have the group names as the column headers, and underneath
  the group name, list all the members of the group down through the column. So for example, if User1 owns 3 groups, the output would look like:
  What I'm having trouble with is outputting the objects to the .csv using New-Object psobject, and I'm starting to wonder if there is an easier way to do this and my brain is just fried.
  Any ideas?

  OK so I can try and give some code here, but I'm asking more of a concept question about how PowerShell builds objects so I'm not sure it will help....
  $User = "User1"
  get-adgroup -filter {managedby -eq $user} -pr member | %{
  $_.name
  $_.member
  OK so this is a simple script that outputs a group name followed by the membership, all in a single column. What I would like is for the group names to each be the header of a column, and have the membership listed underneath. For example:
  Is this possible in PowerShell?

• Persona Data & Family Member Data Country screen with Middle Name for ESS

  Friends,
  I am using country version 99 and working on new Implementation of ESS on ECC6.0.
  Can any body help me with the following for ESS:
    1. Which Personal Data Country screen has got Middle name field?
    2. Which Family Member/Dependent Data Country screen has got Middle name field?
  Thanks for your help.
  Preethi

  I think MOLGA 10 and/or 26 should do.
  Yash

• Using PowerShell to request a public certificate for webconf. What type should I specify

  Using the PowerShell command below to request a certificate for webconf.domain.com on the Edge. There are at least a dozen "types" I can specify. I was thinking WebServicesExternal but maybe AccessEdgeExternal?? Not sure what to use or if it even
  makes a difference.
  Request-CsCertificate -New –Type WebServicesExternal -ComputerFqdn "edgeserver.domain.com" 
  -FriendlyName "Web Conferencing" –Organization etc......-PrivateKeyExportable $True –DomainName webconf.domain.com –output c:\webconf.txt

  Type will be AccessEdgeExternal and command will be as followingRequest-CsCertificate -New -Type AccessEdgeExternal -Output C:\ <certfilename.txt or certfilename.csr> -ClientEku $true -Template <template name>
  Also you can refer below link
  http://technet.microsoft.com/en-us/library/gg398409.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"