No password prompt from ASA 5500 for certificate enrollment

Similar Messages

• How do i stop an old apple ID and password prompt from always popping up on my phone during normal use ?

  How do i stop an old apple ID and password prompt from popping up on my phone screen during normal operations ?

  How to change the Apple ID on my iOS Device
  Settings > iTunes & App stores.
  Tap your Apple ID, sign out then sign back in with new AppleID.
  Settings > Facetime.
  Tap your Apple ID, sign out then sign back in with new AppleID.
  Settings > Messages.
  Turn off iMessages, wait 10 seconds, then turn it back on.  Go to 'Receive messages at' and then tap your Apple ID.  Sign out of the old ID, then sign in with new Apple ID.
  Settings > iCloud.
  Delete the account (make sure to KEEP the information on your phone), then turn it back on with new Apple ID.
  Also, delete any apps that were downloaded with the 'old' Apple ID, then reinstall them with your 'new' ID.

• CAPI password prompt from CryptSignMessage is not in focus

  Microsoft CryptSignMessage produces dialog box to collect private key password and allow to use it. This dialog always "fall behind" of the application and just blink on taskbar. Our application is add-on for Microsoft Outlook and when we call CryptSignMessage
  password prompt is behind of the Outlook explorer.
  We tried to use CryptSetProvParam(NULL, PP_CLIENT_HWND, (const BYTE*)&hwnd, 0); before any calls to acquire crypto context, as described in MSDN, but this was not successful. Whenever we call it, right before CryptSignMessage
  call or way before we acquire signing cert it always return TRUE (success) and GetLastError() is 0. Same for hwnd. We tried to pass Outlook new compose message window, outlook explorer window, just NULL with the same successful result, but password prompt
  dialog still behind.
  What are we do wrong or is there other ways to set parent window for any UI which may comes up from CAPI calls?
  Always appreciated your response.
  Slava Ivanov

  First off, no modern Mac is running Mac OS 9.2.x
  Go to Apple menu -> About this Mac to find out what you really are running.

• Password Prompt from Mail Server

  I keep getting prompted by my mail server:
  The POP server “mail.username.com” rejected the password for user “[email protected]”
  Yet the correct password does not work. This is an on and off problem, 2 hours here then OK, one day there then OK! The problem in spite of endless live chats with my host provider, I thought it was a host server issue, however I have just changed host, and still the problem continues!!
  On Mac support the only case similar is an Apple share topic, and it suggests emtpying the casche on the server side!!
  Anyone??
  Simon

  Open /Applications/Utilities/Keychain Access, choose Keychain First Aid from the application menu, and proceed to repair the keychain. If that doesn’t work, you may try removing the password entry from the keychain and letting Mail create it again the next time it asks for it.
  Note, however, that Mail often doesn’t correctly report what the problem really is. If Mail can connect to the server but cannot log into your mail account for some reason, it’ll ask for your password regardless of whether that’s really the problem or not. Don’t keep entering the password every time — just click Cancel instead, and take the account back online afterwards.
  Some ISPs refuse connection attempts if they are too frequent, for example, or limit the number of simultaneous connections that are allowed from the same IP address, or there may be too many messages on the server and Mail times out before the server responds, or there might be a problem with the network, or there might be a problem with the server...
  Do you access this account from more than one computer or some other way (e.g. webmail) while Mail is checking for mail?
  What’s the time interval chosen in Mail > Preferences > General > Check for New Mail? If it’s set to Every minute, try changing it to Every 5 minutes.
  If this is a POP account, what are your Preferences > Accounts > Remove copy from server settings?
  Go to Apple Menu > System Preferences > Network, choose Network Port Configurations from the Show popup menu, and make sure that the configuration used to connect to Internet appears at the top of the list. Leave checked (enabled) only the port configuration needed to connect to Internet and Built-in Ethernet (in that order if not the same), uncheck (disable) the rest of network port configurations and see whether that helps — if it doesn’t, turn ON again the ones you want enabled.
  Try using a different method to connect to Internet, if possible, or connecting the computer to Internet as directly as possible (i.e. bypassing any routers that might be present, using an ethernet cable instead of wireless, etc.), or shutting down both the computer and the router/modem used to connect to Internet, restarting, and see whether that makes a difference.

• How to avoid password prompt in shell script for zip password protection

  Hi
  I am trying to set password protection to my oracle database export backup. Once the backup completed, it should compress with a password protection. Thats the plan. Initialy we were using the gzip for the compression. Then realized that there is no password protection for the gzip. Started using zip option. I tried using
  zip -P <password> filename
  But it was throwing below error.
  -bash-3.2$ zip -P expreports REPORTS_2013FEB14.dmp
  zip warning: missing end signature--probably not a zip file (did you
  zip warning: remember to use binary mode when you transferred it?)
  zip warning: (if you are trying to read a damaged archive try -F)
  zip error: Zip file structure invalid (REPORTS_2013FEB14.dmp)
  Not quite sure why.
  Then I used zip -e REPORTS_2013FEB14.dmp.zip REPORTS_2013FEB14.dmp
  But this prompting for the password. As I am trying to put the command in the script. It will be tough if it prompts for the password.
  I would like to know how to avoid the password prompting by saving somewhere or how the code should be written. Tried using expect feature of shell script. Below was the code I tried. It didnt work.
  [oracle@SF40V6636 test]$ cat repexp.sh
  zip -e REPORTS_imp.log.zip REPORTS_imp.log
  expect "Enter password:"
  send "imprep"
  expect "Verify password:"
  send "imprep"
  So please help in avoiding this password prompt or let me know how to change the code.
  Thanks
  SHIYAS M

  How about using gpg and adding a secret key to the requirement of a password? No one should be able to decrypt your file, not by knowing only the password.
  1. Generate a public and private key pair:
  $ gpg --gen-key
  When it shows "We need to generate a lot of random bytes…" open another terminal session and type "dd if=/dev/sda of=/dev/null" to create traffic. When the public and secret key created and signed you can Ctrl-C the dd command.
  To see what you have created:
  $ gpg --list-keys
  2. Encrypt and gzip your stuff:
  $ tar zcf stuff.tgz file_or_folder
  $ gpg recipient "Some Name" encrypt stuff.tgz
  $ rm -f stuff.tgz
  3. Decrypt and extract the archive:
  $ gpg batch yes --passphrase "password" -d stuff.tgz.gpg > stuff.tgz
  $ tar zxvf stuff.tgz
  Again, knowing the password alone will not let anybody decrypt your stuff.

• ASA Local CA certificate enrollment invitation

  Hi,
  I have been looking for the answer for a while.....
  My ASA is version 8.2.1
  I am planning to use ASA loca CA to ditsribute certificate for SSL VPN user.
  After I create a user and email OTP, you get the E-mail like below.
  (The following example is found at http://www.cisco.com/japanese/warp/public/3/jp/service/manual_j/sec/asa/caclcg4/chapter39/12172_01_39.shtml)
  Date: 12/22/06
  To: [email protected]
  From: Wuseradmin
  Subject: Certificate Enrollment Invitation
  You have been granted access to enroll for a certificate.
  The credentials below can be used to obtain your certificate.
  Username: [email protected]
  One-time Password: C93BBB733CD80C74
  Enrollment is allowed until: 15:54:31 UTC Thu Dec 27 2006
  NOTE: The one-time password is also used as the passphrase to unlock the certificate file.
  Please visit the following site to obtain your certificate:
  https://wu5520-FO.frdevtestad.local/+CSCOCA+/enroll.html
  You may be asked to verify the fingerprint/thumbprint of the CA certificate
  during installation of the certificates. The fingerprint/thumbprint should be:
  MD5: 76DD1439 AC94FDBC 74A0A89F CB815ACC
  SHA1: 58754FFD 9F19F9FD B13B4B02 15B3E4BE B70B5A83
  My question is where the hostname (wu5520-FO.frdevtestad.local) of URL is from.
  I though it is from hostname of ASA, so I changed hostname of ASA.
  However the URL did not change.
  Any comment would be greately appricated.
  Thanks,
  Taro

  Hello Taro,
  Agree with Atri,
  I have not deal with this cases but it makes sense that you need to reset the CA server as it's basically using a different configuration set for the FQDN.
  As soon as you enable the ASA CA capability the URL will be created based on the FQDN, so as it's up and running it will not change... That's how I see it,
  Give it a try and let us know,
  I think you can only remove the CA config with
  clear config crypto ca server’
  So be careful,
  Regards
  Julio

• 802.1X getting a password prompt

  Okay something is still broken in 10.6.7 with 802.1X authentication.  I sometimes never get a loging/password prompt from OSX eventhough in the user profile I have "prompt for password" checked.  Just today I enabled my wireless and waited for the password/login prompt But never received one.  My password is dependent on RSA token and a new number provided every minute.  I figured out that my account was locked out from OSX trying my previous password and therefore incorrect.  I have "prompt for password" checked so this behavoir from OSX never should have happened.  After numerous tries of disabling the wireless and re-enabling and removing my user profile associated with the wireless network I am attempting to access - I finally received a password/login prompt from OSX.  This process should be seamless and there should not be a lock out based on OSX sending stale password information.   the auth method I am using is WPA enterprise.  How can I put a recommendation to apple to get this working properly.  we are on 10.6.x now - thats years of revisions and 802.1X auth is still not working well on all occassions.

  It depends on where you imported your signing certificate. On Windows if you place it in the Windows Store it by default remembers the password and does not ask again. In the process of importing signing certificate into the Windows Store you can select an option to ask you the password always. If you imported your signing certificate into the Acrobat Store, you can control how often you're asked the password.
  1. Go to Edit->Preferences->Signatures->Identities&Trusted Certificates->More and select Digital IDs. "Storage Mechanism" column shows you where your signing certificate is stored.
  2. If it is stored as a "Digital ID file" select "Digital ID Files" and click on the file that contains your signing certificate. There is "Password Timeout" tab on the top of the right panel. When you click it it will ask you for teh password and then present several options that control how often Acrobat/Reader asks you for the password when you sign.
  This is the same in Acrobat and Reader.

• Time Machine multiple password prompts after 10.5.6 upgrade

  Wanted to see if anybody else has noticed this behavior change since upgrading to 10.5.6. I back my MacBook Pro to a network drive shared from my Mac Mini. With 10.5.5 and earlier, I'd mount the network drive, and then set Time Machine to use it. I'd get one password prompt, for the initial mount of the network drive.
  Post-10.5.6, I mount the network drive (password prompt #1), and then tell Time Machine to use that drive, and I get another password prompt from Time Machine. I'm not sure why this is, and it seems like a behavior change. Has anybody else noticed these double password prompts after going to 10.5.6?
  --Bernie

  I have the exact same problem since upgrading to 10.5.6. The time machine arrows start spinning, and then stop with the exclamation point. I look at the dropdown and it says "Latest Backup: Delayed"
  When I open Time Machine Preferences, it tells me I have 32.2 GB of 232.7 GB available. And in latest backup, it says "Failed" with the little "i" in the circle. When I click the "i" it tells me "The backup volume could not be mounted."
  When I actually look at the contents of the drive (which definitely is mounted) I see a 200GB file (the correct size) named [name of my computer]_[some serial number].sparsebundle. The stuff in brackets is replaced since I don't know if that's the sort of thing that I should post.
  What seems odd (although I haven't looked at the volume enough in the past to know if it is odd), is that both the modified date and the creation date are March 27, 2008 which, I believe, is when I first started using time machine.
  The only other thing on that drive is a folder, "untitled folder"
  That's it. I'm not sure about whether it's trying to backup when not connected, but I think I remember that.
  Do these specifics fit with what you can see about the current state of your backup?
  Tom

• Deleted user Certificate enrollment requests

     We have a user account, "Temp_admin " which was set up as a temporary domain admin, which was deleted  a few months ago. For some reason this account is still triggering and Successfully being authenticated for certificate enrollment
  on our internal certificate server. At least according to the application log on Dc#4. Looking at the logs on our certificate server this user does not even exist. event ID's 64 and 65 every 3-4 minutes with this. Any idea how to stop this or atleast keep
  it from authenticating?
  Server 2008r2 domain.
  Certificate enrollment for *******\Temp_admin successfully load policy from policy server 
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}"
  EventSourceName="CertEnroll" />
    <EventID Qualifiers="33370">64</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated
  SystemTime="2014-09-02T19:56:04.000000000Z" />
    <EventRecordID>99069</EventRecordID>
    <Correlation
  />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>MDSTVDC04.*******.local</Computer>
    <Security UserID="S-1-5-21-420886195-1495481658-928725530-6981" />
    </System>
  <EventData>
    <Data Name="Context">*******\Temp_admin</Data>
    <Data Name="ServerID" />
    </EventData>
   </Event>
  Certificate enrollment for *******\Temp_admin is successfully authenticated by policy server {0E730552-3DDB-465A-83AD-CFAF040B236B}
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}"
  EventSourceName="CertEnroll" />
    <EventID Qualifiers="33370">65</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated
  SystemTime="2014-09-02T19:56:04.000000000Z" />
    <EventRecordID>99068</EventRecordID>
    <Correlation
  />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>MDSTVDC04.*******.local</Computer>
    <Security UserID="S-1-5-21-420886195-1495481658-928725530-6981" />
    </System>
  <EventData>
    <Data Name="Context">*******\Temp_admin</Data>
    <Data Name="ServerURL">{0E730552-3DDB-465A-83AD-CFAF040B236B}</Data>
    </EventData>
    </Event>

  Temp_admin is deleted from the domain
  sid2username output: Error evaluating user name. Some or all identity references could not be translated. 
  Tested with Known accounts and they work so Temp account can not be found.
  First thing I tried to do was search the AD Domain by both the sid and username and they could not be found. I was involved in a motorcycle accident and a temp was hired for the 3 months I was away. The temp did not leave on good terms and the account was
  deleted as soon as she left the building. 
  This user was still listed under user profiles in the registry with that sid. 
  I deleted all references to the sid from the registry on that DC and restarted the server and the issue has disappeared. Really don't think I should have had to go this route though. 

• Cannot ping inside IP behind sonicwall from Cisco ASA 5500

  I have a sonicwall at site B and the cisco asa5500 at the main office. (site A)
  The site to site VPN is working, but I can not ping the inside ip (10.1.5.2) of the sonic wall from Site A. I need this only to access the computers behind the sonicwall for remote desktop and dameware.
  I have another office that also has a sonicwall (same config)  and I can ping that inside IP from Site A.
  I can not see why I can ping one site and not the other.
  What needs to be configured on the ASA 5500 to be able to ping inside the sonicwall at site B?
  I prefer the wizard over the CLI.
  Thanks,

  Hi
  AFAIK No you can not make vpn, transparent and routing in the same unit.
  I would not want the DMZ and the outside interface to have overlapping ip address ranges.
  logging and trying to keep track of it all would be way to confusing for me.
  so what I would do is to split the external network into two network units (/25) and move all the units that can be moved to a dmz with rfc1918 addresses.
  The units that can not be moved from the external network would have to stay put "for now" in another dmz with the 190 addresses /25
  This would need the isp to change their routing table in the edge equipment, the lower (or upper) part of 190.X.X.X/25 would be the dmz and needs to be routed to the firewall ip address.
  Then as time passes by the DMZ will be depopulated when equipment is moved out and replaced and in the end you will have the isp to merge the two 190.x.x.x/25 address ranges to one /24 and you will be back to todays setup but with all the servers in a rfc1918 network.
  Do not use NAT, use PAT instead when it comes to the ip addresses translated from the internet side. it makes for a much more secure network and you do not need as much ip addresses (in a normal case)
  With NAT you are translating the whole ip address but with PAT you translate the port so you can have ip X port 25 go to ip Y and port 25 and then you can have ip X port 80 go to ip Z port 80 or maybe 8080 or what ever port you want.
  good luck
  HTH

• Shell script for password prompt

  Hi
  I am using Solaris9 and trying to change password of a user with command:
  passwd userid
  i want password to be given from text file or command line so that password is not prompted on the command line. Is there any way to do this?
  I guess i am able to force the carriage return to be entered while entering the password from command line.
  This is what I am doing:
  passwd userid << EOF
  newpassword
  newpassword
  EOF
  But after this, it still gives me New Password prompt. Any help will be appreciated.

  You could have a look at 'expect', it can set the password for you..
  .7/M.

• How we archieve configuration for Cisco ASA 5500 series appliances

  Hi,
  We need to archieve configuration for Cisco ASA 5500 series appliances.
  We have Cisco works LMS 3.0.1.
  Device package installed is 4.2
  Any help would be appricated.
  Thanks in advance.
  Samir

  Hi ,
  Thanks for your answer.
  Right now we are using TACAS to login in to the ASA. That means we need single username and password to login via
  Cisoworks. Am I correct ?
  Waiting for your reply.
  thanks,
  Samir

• How to avoid multiple password prompt for intarnet portal

  we have developed a intranet portal in Share Point 2013 with multiple site collection. when accessing through IE, Chrome, we can do settings to avoid multiple password prompt by adding the domain name of site in Trusted sites. How we can achieve the same in Safari while accessing through MAC or IPAD

  first time when you call the BSP application from the browser (or by double clicking the BSP_APPLICATION link from SAP GUI) you need to pass user credentials. For further windows this will not be required as browser will remember your info.
  if you need to <b>somehow</b> avoid this then the only option is to hard code the user id and password in the service in transaction SICF or by passing the same via URL.
  Another option is that if you port this application in a SAP portal environment, SSO can be used .
  Hope this helps.
  Regards
  Raja

• Outlook password prompt for mailboxes on Exchange 2013 CU1

  I migrated a few users from our Exchange 2007 SP3 Update 10 server to Exchange 2013 CU1. Now in Outlook they are getting a password prompt, and it won't accept their password. Our public folders are still on Exchange 2007 if that makes a difference.
  I tried running 
       Test-OutlookConnectivity -GetDefaultsFromAutoDiscover:$true
  but it says it doesn't recognize the parameter -GetDefaultsFromAutoDiscover:$true
  Here's the values for Get-OutlookAnywhere:
  ExternalHostname                   : legacy.domain.com
  InternalHostname                   :
  ExternalClientAuthenticationMethod : Ntlm
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Ntlm}
  ExternalHostname                   : mail.domain.com
  InternalHostname                   : clippers.domain.local
  ExternalClientAuthenticationMethod : Negotiate
  InternalClientAuthenticationMethod : Negotiate
  IISAuthenticationMethods           : {Negotiate}

  Hi GraffitiK
  How is your test? Did the issue resolve?
  Cheers
  If you have any feedback on
  our support, please click here
  Zi Feng
  TechNet Community Support

• HT204053 We both use the same iPad my father and I as of today, because I am using it too from now on, but each time the ID & Password pops up it ask for his, how can I access mine, so it's my account and financials being used. Thanks to any of those gift

  We both use the same iPad my father and I as of today, as is letting me use it too from now on (sweet! ), I do not want to make a mistake and accidently use my father's ID & passwords (dohh ), but each time the ID & Password pops up it ask for his (???), how can I access mine, so it's my account and financials being used. Thanks to any of those gifted with this knowlegde... AMAKANGAROO

  In order to reliably save the info and be able to restore at a later date, you would need to use his AppleID.
  Switch to it on iTunes, back the iPad up and confirm the backup exists (Preferences / Devices), then switch to yours, wipe the iPad and start afresh. Will also wipe his apps, as they are tied to the AppleID as well.