NPS Server Sizing - Millions of Connections

Hello --
I am looking for server sizing requirements for the NPS server which could potentially serve millions of devices. 
I've seen the previous post related to sizing found here:  https://social.technet.microsoft.com/Forums/windowsserver/en-US/a4b21739-1416-416f-80d1-434e03e86434/sizing-reccomendations-for-nps
Any recommendations or documents you can provide would be helpful.
Thank You!

Hi,
Based on your description, you would like to find related documents about how many clients one NPS server can serve or how many authentication requests one NPS server can process.
As far as I know, there is no similar document from Microsoft about this.
Greg’s post gave detailed information about this issue. And the article which Greg provided
Best Practices for NPS(http://technet.microsoft.com/en-us/library/cc771746(v=WS.10).aspx ) is a good reference about NPS.
In this article, it mentions some best practices about using NPS in large organizations. Such as, if NPS server receive a very large number of authentication requests per
second, we can improve performance by increasing the number of concurrent authentications between NPS and the DC.
Best Regards,
Tina

Similar Messages

  • Need for NPS server certificate with PEAP-MS-CHAPv2

    Hi,
    I have a question about a small setup I'm currently testing. In a Wireless access with 802.1X authentication based on PEAP/MS-CHAPv2, and a NPS server (MS server 2012R2), I've noted reading technet documentation that the NPS server or other RADIUS server
    do have a certificate (issued by a 3rd party CA or by an AD CS environment).
    However, it remains for me a point I would like to clarify (sorry I surely have a bad understanding of documentation). If my client is configured for not "validate server certificate", do I still need to have a certificate on the NPS server ?
    Well, I know it is not secured, but this will permit me to test without configuring an AD CS, and without buying a certificate.
    Many thanks in advance for your answer.
    Regards,
    Fabrice

    You also need a server certificate in this case as the protection in Protected EAP is due to the encryption of the TLS session.
    Not validating the server certificate just means that no additional check of the name is done, so the client would be able to connect to any RADIUS server - given that its certificate chain is valid. But the certificate chain as such is checked as in every
    SSL handshake.
    You don't need a certificate issued by a commercial CA though - you could use an inhouse PKI. For tests you could use a self-signed certificate as well.
    Edit: If you want to test self-signed certificates the easiest way is probably to install the web server role and use its built-in option to create a self-signed certificate.
    Elke

  • RADIUS Authentication Problems with NPS Server Eventid 6274

    Hi,
    We have struggled for a while with RADIUS auth for some clients against an NPS Server when the user or computer tries to connect to the wireless network the following error can be seen on the NPS server:
    Network Policy Server discarded the request for a user
    Contact the Network Policy Server administrator for more information.
    User:
        Security ID:            NULL SID
        Account Name:            host/hostname.domainname.com
        Account Domain:            -
        Fully Qualified Account Name:    -
    Client Machine:
        Security ID:            NULL SID
        Account Name:            -
        Fully Qualified Account Name:    -
        OS-Version:            -
        Called Station Identifier:        40-20-B1-F4-BB-15:Wireless-SSID
        Calling Station Identifier:        C1-18-85-08-10-E1
    NAS:
        NAS IPv4 Address:        192.168.10.10
        NAS IPv6 Address:        -
        NAS Identifier:            AP name
        NAS Port-Type:            Wireless - IEEE 802.11
        NAS Port:            0
    RADIUS Client:
        Client Friendly Name:        name
        Client IP Address:            192.168.10.10
    Authentication Details:
        Connection Request Policy Name:    Secure Wireless Connections
        Network Policy Name:        -
        Authentication Provider:        Windows
        Authentication Server:        NPS servername
        Authentication Type:        -
        EAP Type:            -
        Account Session Identifier:        -
        Reason Code:            3
        Reason:                The RADIUS Request message that Network Policy Server received from the network access server was malformed.
    Network Policy Server discarded the request for a user.
    Contact the Network Policy Server administrator for more information.
    User:
        Security ID:            NULL SID
        Account Name:            domainname\username
        Account Domain:            -
        Fully Qualified Account Name:    -
    Client Machine:
        Security ID:            NULL SID
        Account Name:            -
        Fully Qualified Account Name:    -
        OS-Version:            -
        Called Station Identifier:        20-18-B1-F4-BB-15:Wireless-SSID
        Calling Station Identifier:        09-3E-8E-3E-5A-C9
    NAS:
        NAS IPv4 Address:        192.168.10.10
        NAS IPv6 Address:        -
        NAS Identifier:            AP name
        NAS Port-Type:            Wireless - IEEE 802.11
        NAS Port:            0
    RADIUS Client:
        Client Friendly Name:        name
        Client IP Address:            192.168.10.10
    Authentication Details:
        Connection Request Policy Name:    Secure Wireless Connections
        Network Policy Name:        -
        Authentication Provider:        Windows
        Authentication Server:        NPS server name
        Authentication Type:        -
        EAP Type:            -
        Account Session Identifier:        -
        Reason Code:            3
        Reason:                The RADIUS Request message that Network Policy Server received from the network access server was malformed.
    Message seen from the AP's logs:
    (317)IEEE802.1X auth is starting (at if=wifi0.2)
    (318)Send message to RADIUS Server(192.168.60.166): code=1 (Access-Request) identifier=157 length=162,  User-Name=domain\username NAS-IP-Address=192.168.10.10 Called-Station-Id=40-18-B1-F4-BB-15:Wireless-SSID Calling-Station-Id=C0-18-85-08-10-E1
    (319)Receive message from RADIUS Server: code=11 (Access-Challenge) identifier=157 length=90
     (320)Send message to RADIUS Server(192.168.60.166): code=1 (Access-Request) identifier=158 length=286,  User-Name=domain\username NAS-IP-Address=192.168.10.10 Called-Station-Id=40-18-B1-F4-BB-15:Wireless-SSID Calling-Station-Id=C0-18-85-08-10-E1
     (321)Send message to RADIUS Server(192.168.60.166): code=1 (Access-Request) identifier=161 length=162,  User-Name=domain\username NAS-IP-Address=192.168.10.10 Called-Station-Id=40-18-B1-F4-BB-15:Wireless-SSID Calling-Station-Id=C0-18-85-08-10-E1
     (322)Receive message from RADIUSServer: code=11 (Access-Challenge) identifier=161 length=90 BASIC  
    Output omitted
    (330)Sta(at if=wifi0.2) is de-authenticated because of notification of driver
    We have other NPS Servers with corresponding policy settings which are working so I am having trouble to understand why this errors occurs.
    Initally the problem seemed to be related to the Cert on the NPS server cause it used the cert generated from the Somputer template. Now it uses the template for Domain controller just as the other NPS servers so this should not be the issue(Not sure if
    this matters?)
    Please guide me on how to take this further
    Thank you :)
    //Cris

    Hi,
    NPS Event ID: 6274.
    This condition occurs when the NPS discards accounting requests because the structure of the accounting request message that was sent by a RADIUS client does not comply with the RADIUS protocol. You should reconfigure, upgrade, or replace the RADIUS client.
    Detailed information reference:
    Event ID 6274 — NPS Accounting Request Message Processing
    https://technet.microsoft.com/en-us/library/cc735339(v=WS.10).aspx
    Best Regards,
    Eve Wang
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Config RADIUS on WLC 5508 - Problems comunication with NPS Server

    Hi,
    I'm facing some problems when configuring RADIUS auth with a NPS Windows Server.
    My WLAN interface is in a different vlan than the management interface, is that a problem?
    I want this wlan to be on a different vlan from the management. When i use wlan interface in the same vlan the RADIUS works without problems. But in different vlans is not working.
    The NPS server as 2 NICs, 1 for the wireless vlan, and another for the management vlan.
    the logs from the WLC shows this, but i have difficulties interpreting all this data:
    *apfMsConnTask_0: Dec 29 12:49:14.636: Association request from the P2P Client Process P2P Ie and Upadte CB
    *apfMsConnTask_5: Dec 29 12:49:36.607: 3c:c2:43:94:3e:bc Adding mobile on LWAPP AP d4:d7:48:45:fb:20(0)
    *apfMsConnTask_5: Dec 29 12:49:36.607: 3c:c2:43:94:3e:bc Association received from mobile on AP d4:d7:48:45:fb:20
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Applying site-specific Local Bridging override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Applying Local Bridging Interface Policy for station 3c:c2:43:94:3e:bc - vlan 900, interface id 16, interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Applying site-specific override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc processSsidIE  statusCode is 0 and status is 0
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc processSsidIE  ssid_done_flag is 0 finish_flag is 0
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc STA - rates (8): 130 132 139 12 18 150 24 36 0 0 0 0 0 0 0 0
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc suppRates  statusCode is 0 and gotSuppRatesElement is 1
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Processing RSN IE type 48, length 20 for mobile 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Received RSN IE with 0 PMKIDs from mobile 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Setting active key cache index 8 ---> 8
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc unsetting PmkIdValidatedByAp
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Initializing policy
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) DHCP required on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8for this client
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8 flex-acl-name:
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc apfMsAssoStateInc
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc apfPemAddUser2 (apf_policy.c:270) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Idle to Associated
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc Stopping deletion of Mobile Station: (callerId: 48)
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc Sending Assoc Response to station on BSSID d4:d7:48:45:fb:20 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc apfProcessAssocReq (apf_80211.c:6309) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Associated to Associated
    *dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc Station 3c:c2:43:94:3e:bc setting dot1x reauth timeout = 0
    *dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc Stopping reauth timeout for 3c:c2:43:94:3e:bc
    *dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 1)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.684: 3c:c2:43:94:3e:bc Received EAPOL START from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.684: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.684: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 2)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc Received EAPOL EAPPKT from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc Received Identity Response (count=2) from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc EAP State update from Connecting to Authenticating for mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Authenticating state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc Entering Backend Auth Response state for mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.794: 3c:c2:43:94:3e:bc Received EAPOL START from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.794: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Aborting state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 4)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Reached Max EAP-Identity Request retries (3) for STA 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Sent Deauthenticate to mobile on BSSID d4:d7:48:45:fb:20 slot 0(caller 1x_auth_pae.c:3165)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Scheduling deletion of Mobile Station:  (callerId: 6) in 10 seconds
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Disconnected state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Not sending EAP-Failure for STA 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:55.518: 3c:c2:43:94:3e:bc Association received from mobile on AP d4:d7:48:45:fb:20
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Applying site-specific Local Bridging override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Applying Local Bridging Interface Policy for station 3c:c2:43:94:3e:bc - vlan 900, interface id 16, interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Applying site-specific override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc processSsidIE  statusCode is 0 and status is 0
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc processSsidIE  ssid_done_flag is 0 finish_flag is 0
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc STA - rates (8): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc suppRates  statusCode is 0 and gotSuppRatesElement is 1
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Processing RSN IE type 48, length 20 for mobile 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Received RSN IE with 0 PMKIDs from mobile 3c:c2:43:94:3e:bc
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Setting active key cache index 8 ---> 8
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc unsetting PmkIdValidatedByAp
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) DHCP required on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8for this client
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8 flex-acl-name:
    *apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc apfPemAddUser2 (apf_policy.c:270) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Associated to Associated
    *apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc Stopping deletion of Mobile Station: (callerId: 48)
    *apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc Sending Assoc Response to station on BSSID d4:d7:48:45:fb:20 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc apfProcessAssocReq (apf_80211.c:6309) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Associated to Associated
    *dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc Station 3c:c2:43:94:3e:bc setting dot1x reauth timeout = 0
    *dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc Stopping reauth timeout for 3c:c2:43:94:3e:bc
    *dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 1)
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:55.592: 3c:c2:43:94:3e:bc Received EAPOL START from mobile 3c:c2:43:94:3e:bc
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:55.592: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
    *Dot1x_NW_MsgTask_4: Dec 29 12:49:55.592: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 2)

    yes, I thought of that. But if i use a simple password authentication on the wireless, i can reach the server with the same subnet interface. But i don't want to allow this subnet to acess the management subnet of the wireless controller.
    One question i have is: The WLC uses whitch subnet on radius? Uses the subnet of the wireless interface or uses always the management interface?
    Could you help me understand how the radius auth works with this wireless controller? Did you see anything strange in the logs that I posted above? It seems to run ok until:
    dot1x - moving mobile 3c:c2:43:94:3e:bc into Authenticating state
    Entering Backend Auth Response state for mobile 3c:c2:43:94:3e:bc
    Received EAPOL START from mobile 3c:c2:43:94:3e:bc
    dot1x - moving mobile 3c:c2:43:94:3e:bc into Aborting state
    I also note this: "Applying Local Bridging Interface Policy for station "
    What does this means?

  • 802.1x trouble: Can't get Nortel IP Phone to authenticate to NPS server through HP ProCurve switch

    I've been working on getting 802.1x set up.  I've so far gotten WinXP clients to authenticate through our HP ProCurve switch to the NPS server using PEAP/EAP-MSCHAPv2, and to put different authorized users on different VLANs based on AD Groups, as well
    as unauthorized users onto a separate VLAN.  Also, the switch is using the NPS server for securing management logons.
    However, when I configure and plug in a Nortel phone, I can see the EAP packets going to the switch, which then send the Access-Request message to the NPS server.  On the NPS server, I can see that the NIC receives the Access-Request packet, but it
    never responds to it.  When I compare the packet to an Access-Request packet from a WinXP client, the only differences I can see are User-Name (1), Port (5), Port-ID (87), Calling-Station-ID (31) and the EAP-Message (79), which to me are the fields that
    *should* be different.  I can also see that the packet is coming in on the correct port (1812).  Nothing gets logged in Event Viewer, nor in the NPS log (c:\windows\system32\logfiles\inDDMMYY.log).
    It's my understanding that at least, I should be getting an IAS_NO_POLICY_MATCH in the log, as I haven't set up a policy for it yet.  Also, if I set up a dummy policy to accept all requests on all days and times, using any authentication method, I still
    get nothing.
    The phone is set to use PEAP, but if I understand correctly, even if that was set wrong, I should at least see an Access-Challenge response packet from the server; PEAP doesn't factor in quite that early.  Or do I misunderstand?
    Any help would be appreciated.

    Thanks for the reply.
    > At the command prompt, type the following command, and then press ENTER:
    > auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
    I had read about that previously.  I had checked whether it was enabled or not, and it only had failure enabled.  So following the recomendation on that
    page, I disabled both, then enabled both.  So yes, it's currently enabled.  And after this, I tried both the PC and phone again, and while I saw the PC's authentication succeed in the Event Log, I still see nothing for the phone.
    > PEAP does not specify an authentication method, but provides additional security for other EAP authentication protocols, such as Extensible
    Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MS-CHAP v2), that can operate through the TLS encrypted channel provided by PEAP.
    Yeah, but
    if I understand correctly (and I'm going to read your link right after I post this), after the switch sends the initial Access-Request message in the clear, the RADIUS server should then respond with an Access-Challenge to begin securing the connection beween
    itself and the phone, regardless of what the phone has set for it's security type.  If the phone can't talk in a way that the server is set to accept, then it won't respond to the Access-Challenge packet, but the server should be sending that Access-Challenge
    in the first place.  Or is there something I've missed in the Access-Request packet that specifies what security type(s) it can handle?  I thought that happened after the Access-Challenge?
    > Please also provide us the type of your Nortel IP Phone, because some types of Nortel IP Phone may only support EAP-MS-CHAP v1 which is not supported by Windows
    2008. We also suggest that you might post your issue on Nortel forums to ask for some more help.
    I'm
    using a Nortel 1120e phone for testing; we also have 1140e phones that will be used with this when it's working, but they should be the same as far as this setup is concerned.  I read somewhere that perhaps the Nortel phones only support PEAP-MD5, which
    doesn't seem to be an option in NPS without a reghack.  I'm also following up with our Nortel support locally, as the phone itself and the manual for the phone only says "PEAP" without specifying what it's using inside, but right now I'm trying to determine
    whether the problem lies with the phone or the server or both.  So I thought I'd ask the experts here.
    FWIW,
    I've been testing using a HP ProCurve 3400cl with the lastest firmware.  I've managed to get the same setup on a Cisco Catalyst 3550 switch, also on it's latest firmware, and I get the same results.  The PCs can authenticate, the phone can't; NPS
    still isn't responding.

  • Server Sizing

    Hi
    1. How i have to do do server sizing ? Is there any books or LINKS which
    guide us to do the sizing ?
    Thanks in Advance

    Actually, the things you need to consider for sizing aren't JUST the number of users, but also their mail habits.
    If you're POP only, then storage size isn't so important, as POP users download and delete all their mails.
    IMAP/Webmail users keep mail on the server.
    You need to consider how many messages per day they send and receive, how large those messages are, and how many of your users connect at one time.
    Neither Shane nor I are really expert with sizing. We're Support folks, and our experience is mostly fixing broken servers. The folks that do sizing are our sales engineers. They have access to the spreadsheets and such that we don't
    It sounds like you're one of our resellers. Just give a call to your SE, and he'll help you with sizing.

  • Reg server sizing

    Hi All,
    My project is implementing BI 7.0. Can any one suggest me reg server sizing.
    My Problems:  1) Whether better to go for same client for both Functional guyz n  
                               BW guyz on the same server.
                           2) If that is the case how to give connection bn R/3 n BI to go for
                               LO Extraction.
    Currently we are in blue print stage n i am checking all these on IDES. Presently in IDES we all  (both functionals n BI) working on same client on same server. Now when establing connection bn R/3 n BI, i am facing problem.
    If any docs reg sizing for BI 7.0, please send to [email protected]
    Help me
    Thanks n Regards,
    Bala

    Hi Balu,
    You can have R/3 and BI in same server and you can use different clients.
    you can do RFC connections also between those clients.
    Technically it is possible as per the Netweaver functionality.But server sizig should be done carefully. with this performance will be slow due to loads and running jobs.
    you can have different servers also but u r client need to invest amount.
    If it is use ful please assign points.
    Regards,
    chandu

  • AD user login or services will affect if we add new NPS server in existing AD environment ?

    Hi
    We have three Domain controllers in our company in Windows 2008 R2 platform and different RODCs .We would like to add an additional NPS server in it.Existing AD user login or services will affect by this?

    Hi,
    Based on my research, if the NPS server is a member of an AD DS domain, NPS uses the directory service as its user account database and is part of
    a single sign-on solution. The same set of credentials is used for network access control and to log on to an AD DS domain. NPS will compare user credentials that it receives from network access servers with the credentials that are stored for the user
    account in AD DS to perform authentication. Furthermore, NPS server uses network policy and checks user account dial-in properties in AD DS to authorize connection requests.
    For more information, please refer to the link below:
    Register the NPS Server in Active Directory Domain Services
    http://technet.microsoft.com/en-us/library/cc754878.aspx
    Best regards,
    Susie

  • Wireless with PEAP Authentication not working using new NPS server

    All,
    We are planning to migrate from our old IAS server to new NPS server. We are testing the new NPS server with our wireless infrastructure using WISM. We are using PEAP with server Cert for authentication. For testing purpose we are doing user authentication but our goal is to do machine authentication. On client side we are using Windows XP, Windows 7 & iPAD’s
    I believe I have configured the NPS & CA server as per the documents I found on Cisco support forum & Microsoft’s site.
    But it is not working for me. I am getting the following error message on the NPS server.
    Error # 1
    =======
    Cryptographic operation.
    Subject:
                Security ID:                 SYSTEM
                Account Name:                       MADXXX
                Account Domain:                    AD
                Logon ID:                    0x3e7
    Cryptographic Parameters:
                Provider Name:          Microsoft Software Key Storage Provider
                Algorithm Name:         RSA
                Key Name:      XXX-Wireless-NPS
                Key Type:       Machine key.
    Cryptographic Operation:
                Operation:       Decrypt.
                Return Code:  0x80090010
    Error # 2
    ======
    An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
    I was wondering if anyone has any insight on what is going on.
    Thanks, Ds

    Scott,
    I have disabled MS-CHAP v1 & only MS-CHAP v2 is enabled on Network Policies > Constraints.
    I  disabled validate Certificate on Windows 7 and tried to authenticate, it is still failing. Here is the output from the event viewer:
    Cryptographic operation.
    Subject:
    Security ID: SYSTEM
    Account Name: MADHFSVNPSPI01$
    Account Domain: AD
    Logon ID: 0x3e7
    Cryptographic Parameters:
    Provider Name: Microsoft Software Key Storage Provider
    Algorithm Name: RSA
    Key Name: DOT-Wireless-NPS
    Key Type: Machine key.
    Cryptographic Operation:
    Operation: Decrypt.
    Return Code: 0x80090010
    Network Policy Server denied access to a user.
    Contact the Network Policy Server administrator for more information.
    User:
    Security ID: AD\mscdzs
    Account Name: AD\mscdzs
    Account Domain: AD
    Fully Qualified Account Name: AD\mscdzs
    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: 64-ae-0c-00-de-f0:DOT
    Calling Station Identifier: a0-88-b4-e2-79-cc
    NAS:
    NAS IPv4 Address: 130.47.128.7
    NAS IPv6 Address: -
    NAS Identifier: WISM2B
    NAS Port-Type: Wireless - IEEE 802.11
    NAS Port: 29
    RADIUS Client:
    Client Friendly Name: WISM2B
    Client IP Address: 130.47.128.7
    Authentication Details:
    Connection Request Policy Name: Secure Wireless Connections
    Network Policy Name: Secure Wireless Connections
    Authentication Provider: Windows
    Authentication Server: MADHFSVNPSPI01.AD.DOT.STATE.WI.US
    Authentication Type: PEAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 23
    Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
    Attached are EAP logs & debug logs from the controller.
    Thanks for all the help. I really appreciate.

  • LobbyAmbassador / WCS -- 4xWLC's / NPS server

    Hi,
    Quick run down:
    * v7.0.240
    * WCS managing 4x WLC's
    * Lobby Ambassador account created on WCS to manage users connecting to the WCS via RADIUS and have permissions to create guest accounts
    * profile for guest access is created fine
       - when logging in with the LOCAL lobby account created initially (not RADIUS) the default settings remain fine
       - when logging in with RADIUS the default settings created in the profile do not remain the same, they can change
    RADIUS ATTRIBUTES configured on the LobbyAmbassador group and the NPS server:
    Wireless-WCS:role0=LobbyAmbassador
    Wireless-WCS:task0=Configure Guest Users
    Wireless-WCS:task1=Lobby Ambassador User Preferences
    Am i missing something? What do I need to configure (attribute wise) to prevent the RADIUS users being able to modify the WCS lobbyambassador profile configured?

    please check the link :
    https://supportforums.cisco.com/discussion/11137666/wcs-lobby-ambassador-aaa-authentication

  • Server 2012 NPS Server not authenticating IKEv2 requests

    Hello Experts,I am having a weird problem regarding NPS Server when I upgraded my vpn servers from server 2008 R2 to Server 2012 R2. Actually in my infrasturcture I have a Windows 2008 R2 based AD and in its domain I have an NPS server joined as member server. This NPS server is based on server 2012 R2, when I upgraded my VPN servers from server 2008 R2 to server 2012 R2 the IKEv2 stops working every other protocols works on windows 7 when I try to connect using IKEv2 it hangs at verifying username and password nad when I tested IKEv2 in Win 8 it says IKE authentication credentials are unacceptable, inspite that my server certificate is valid EKU compatible. When I connected IKEv2 via my other server whose server 2008 R2 based VPN Server The IKEv2 works like a charm without any issues successfully authenticating. The problem seems to...
    This topic first appeared in the Spiceworks Community

    Indeed the 255.255.255.255 subnet mask is expected for non-compliant clients.
    But my issue is that non-compliant clients get an IP address from the entire subnet and i want to assign only a specific
    range in my entire subnet/scope to be assigned to non-compliant clients. 
    It's funny you can specify an IP Address Range in the DHCP policy but then it doesnt work. 
    On the other hand you have a valid point there Greg about DNS/DHCP flooding.
    Still hope to hear why this setup will not work and if it is supported or can work tough :-)

  • Hi, i am trying to open and view a report that comes from another server with different odbc connection

    hi, i am trying to open and view a report that comes from another server with different odbc connection
    i created a crystal report for a mysql database on my machine and everything works great
    but we have other reports that come from other machines with different odbc connection
    and this its not working when opens the report asks for credentials
    and i cannot use the remote ip for these reports that come from other machine
    question
    if i cannot connect to remote ip to open the report
    for each report i have to create a database the report database on my machine and then open the report ?
    or there is some other way to open the report ?
    i am using visual studio 2013 and mysql and
       <add key="MYSQLODBCDRIVER" value="{MySQL ODBC 5.3 UNICODE Driver}"/>
    thanks

    short
    i have a report that it was created on another server with a specific dsn
    now i am trying to open the report on my machine
    the database from the other server does not exist on my machine
    the server machine where the report was created the ip its not accessible
    question ?
    can i open the report on my machine or its impossible ?
    thanks

  • Regarding mountain lion server: clients experience intermittent service connections. the server system log has the following error- Client handshake failed (6):113: Server not accepting client connections (any ideas???)

    regarding mountain lion server: clients experience intermittent service connections. the server system log has the following error- Client handshake failed (6):113: Server not accepting client connections. any suggestions would be greatly appreciated - thank you

    Hi Jason
    I was getting the same behavior after Apple support had me delete some plist files to get Airplay going. I was also getting the following error:
    the error occurred while processing a command of type 'writesettings' in the plug-in 'server vpn'
    I went into ~/Library/Preferences/ and /Library/Preferences/ and deleted every plist contating the word server. I had to re-set up my server (meaning walk through some intial steps) but all of my settings were still there after that and everything started working again.
    Just a thought, obviously try at your own risk but it worked for me.
    Kellen

  • A new version of Firefox, which downloaded automatically, says Firefox is configured to use a proxy server that's refusing connections, even though I had access before the download.

    I was using Firefox earlier in the day with no problem. About half an hour ago I tried to get on the Internet using Firefox (as always). When I did, I was greeted with a little dialog box showing that something was downloading. That's happened before.
    This time, though, I was greeted by an error page that said Firefox was configured to use a proxy server that's refusing connections.
    I'm not on a network. I have a desktop computer that connedts to a wireless modem that I share only with my wife. I didn't change my settings on either. Neither did my wife.
    My "Connection Settings" box still says "use system proxy settings." There are no entries in the manual settings boxes.
    I want to emphasize that I changed *nothing.*
    I need to know, please, how I can set my computer to get back onto the Internet or, failing that, how I can go back to the previous version of Firefox.
    Thank you very much.
    Bob Murdich

    You can find the connection settings in Tools > Options > Advanced : Network : Connection
    If you do not need to use a proxy to connect to internet then select "No Proxy"
    See "Firefox connection settings":
    * [[Firefox cannot load websites but other programs can]]

  • DPM failing SQL backups due to error: "the SQL Server instance refused a connection to the protection agent. (ID 30172 Details: Internal error code: 0x80990F85)

    I ran across this error starting on 6/4/2011 and have been unable to find the root of the problem.  In our environment, we have a DPM 2010 server dedicated to backing up all our SQL envrionment (about 45 SQL Servers total).  All of the SQL
    environment is backing up fine except for a SQL Cluster Application.  This particular SQL Instances is part of a 6 node failover cluster with 6 SQL Instances distributed amongst them.  The other 5 SQL instances in the cluster are backing
    up fine; only one instance is failing.  The DPM Alerts section shows this error when attempting to do a SQL backup of one of the databases on this SQL instance:
    Affected area: KEN-PROD-VDB001\POSREPL1\master
    Occurred since: 6/11/2011 11:00:56 PM
    Description: Recovery point creation jobs for SQL Server 2008 database KEN-PROD-VDB001\POSREPL1\master on SQL Server (POSREPL1) - Store Settings.ken-prod-cl004.aarons.aaronrents.com have been failing. The number of failed recovery point creation jobs =
    4.
     If the datasource protected is SharePoint, then click on the Error Details to view the list of databases for which recovery point creation failed. (ID 3114)
     The DPM job failed for SQL Server 2008 database KEN-PROD-VDB001\POSREPL1\master on SQL Server (POSREPL1) - Store Settings.ken-prod-cl004.aarons.aaronrents.com because the SQL Server instance refused a connection to the protection agent. (ID 30172 Details:
    Internal error code: 0x80990F85)
     More information
    Recommended action: This can happen if the SQL Server process is overloaded, or running short of memory. Please ensure that you are able to successfully run transactions against the SQL database in question and then retry the failed job.
     Create a recovery point...
    Resolution: To dismiss the alert, click below
     Inactivate alert
    I have checked the cluster node this particular SQL instance is running on using Perfmon and the machine is nowhere near capacity on CPU, memory, network, or Disk I/O.  I have failed this SQL Application to another node in the cluster and
    receive the same error (this other node has another clustered SQL application on it that is actively running as well as backing up fine).  The only thing that I am aware of that has changed is that we installed SP2 for SQL 2008 about 2 weeks prior
    to when the failures started to occur.  However, we updated all six clustered SQL Instances at the same time and only this one is having this issue so I don't believe that caused the problem.  We are running SQL 2008 SP2 (version 10.0.4000.0)
    on all clustered instances along with DPM 2010 (version 3.0.7696.0) on this particular DPM server that has the issue.
    One last thing, I have also noticed errors in the event log pertaining to the same SQL backups that are failing (but the time stamps are not concurrent with each backup attempt):
    Log Name:      Application
    Source:        MSDPM
    Date:          6/13/2011 1:09:12 AM
    Event ID:      4223
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      KEN-PROD-BS002.aarons.aaronrents.com
    Description:
    The description for Event ID 4223 from source MSDPM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
    If the event originated on another computer, the display information had to be saved with the event.
    The following information was included with the event:
    DPM writer was unable to snapshot the replica of KEN-PROD-VDB001\POSREPL1\model. This may be due to:
    1) No valid recovery points present on the replica.
    2) Failure of the last express full backup job for the datasource.
    3) Failure while deleting the invalid incremental recovery points on the replica.
    Problem Details:
    <DpmWriterEvent><__System><ID>30</ID><Seq>1833</Seq><TimeCreated>6/13/2011 5:09:12 AM</TimeCreated><Source>f:\dpmv3_rtm\private\product\tapebackup\dpswriter\vssfunctionality.cpp</Source><Line>815</Line><HasError>True</HasError></__System><DetailedCode>-2147212300</DetailedCode></DpmWriterEvent>
    the message resource is present but the message is not found in the string/message table
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="MSDPM" />
        <EventID Qualifiers="0">4223</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2011-06-13T05:09:12.000000000Z" />
        <EventRecordID>68785</EventRecordID>
        <Channel>Application</Channel>
        <Computer>KEN-PROD-BS002.aarons.aaronrents.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data>DPM writer was unable to snapshot the replica of KEN-PROD-VDB001\POSREPL1\model. This may be due to:
    1) No valid recovery points present on the replica.
    2) Failure of the last express full backup job for the datasource.
    3) Failure while deleting the invalid incremental recovery points on the replica.
    Problem Details:
    &lt;DpmWriterEvent&gt;&lt;__System&gt;&lt;ID&gt;30&lt;/ID&gt;&lt;Seq&gt;1833&lt;/Seq&gt;&lt;TimeCreated&gt;6/13/2011 5:09:12 AM&lt;/TimeCreated&gt;&lt;Source&gt;f:\dpmv3_rtm\private\product\tapebackup\dpswriter\vssfunctionality.cpp&lt;/Source&gt;&lt;Line&gt;815&lt;/Line&gt;&lt;HasError&gt;True&lt;/HasError&gt;&lt;/__System&gt;&lt;DetailedCode&gt;-2147212300&lt;/DetailedCode&gt;&lt;/DpmWriterEvent&gt;
    </Data>
        <Binary>3C00440070006D005700720069007400650072004500760065006E0074003E003C005F005F00530079007300740065006D003E003C00490044003E00330030003C002F00490044003E003C005300650071003E0031003800330033003C002F005300650071003E003C00540069006D00650043007200650061007400650064003E0036002F00310033002F003200300031003100200035003A00300039003A0031003200200041004D003C002F00540069006D00650043007200650061007400650064003E003C0053006F0075007200630065003E0066003A005C00640070006D00760033005F00720074006D005C0070007200690076006100740065005C00700072006F0064007500630074005C0074006100700065006200610063006B00750070005C006400700073007700720069007400650072005C00760073007300660075006E006300740069006F006E0061006C006900740079002E006300700070003C002F0053006F0075007200630065003E003C004C0069006E0065003E003800310035003C002F004C0069006E0065003E003C004800610073004500720072006F0072003E0054007200750065003C002F004800610073004500720072006F0072003E003C002F005F005F00530079007300740065006D003E003C00440065007400610069006C006500640043006F00640065003E002D0032003100340037003200310032003300300030003C002F00440065007400610069006C006500640043006F00640065003E003C002F00440070006D005700720069007400650072004500760065006E0074003E00</Binary>
      </EventData>
    </Event>
    Any help would be greatly appreciated!

    Don't know if this helps or not, but I also noticed another peculiar issue that is derived from this problem.  If I go to "Modify protection group", then expand the cluster, then expand all six nodes in the cluster, five of them show "All SQL Servers"
    and allow me to expand the SQL Instance and show all databases; the one that is having a problem backing up, when I expand the node, doesn't even show that SQL exists on the node, when in fact, it does.
    I would also like to add that the databases on this node that will not backup are running fine.  They run hundreds of transactions daily so we know SQL itself is OK.  Even though it is a busy SQL Server, there is plenty of available resources as
    the SQL buffer and memory counters show the node is not under durress.

Maybe you are looking for

  • Reloading ipod and itunes on a new computer

    I am trying to reload ipod and itunes on a new computer I recently bought. Because of disc management issues, I had these on an external drive (assigned the letter "F") on my old system. The letter "F" is assigned to a disc drive on my new computer.

  • Zen Vision: M and .AVI Fi

    So, the official site says it cannot support it but it is odd that the Zen Vision can support it whereas the Zen Vision:M can't. So I would like to know if DivX .AVI files are supported by Zen Vision: M and if I am going to use my Zen for a mix of Mu

  • OSD reference image starts perfect, then begins to degrade resulting in BSOD during OSD

    SCCM 2012 R2 on Server 2008R2. We create our thick reference images in MDT after Patch Tuesday with a build and capture. We don't change our SCCM Deploy Windows TS so the package ID stays the same and we simply overwrite the old .Wim file each time.

  • Solid alpha shape to vector solid shape

    Please can someone help me this is driving me totally nuts, ive tried all sorts of tracing and everything but cant seem to get just the outline of the shape i want. I have an animated logo ( white), on a background(black) ..( and tried inverting & tr

  • My daughter has purchased a Iphone can we sync both phones on the same PC

    Can i add my Daughters I Tunes to my Mac and we both use the one PC to sync 2  I-phones