NT domain with asa

Doing a simply test with NT domain auth.
I created a AAA server group, addeded a server to the group. Then under AAA access I made ssh use the group server group NT.
When I try to log in with ssh I get nothing but the message Auth server group NT unreachable. there are on the same network. is there somethign I am missing?

No events in window.
the asa just responds with "Auth server not responding"
I went and setup MS ISA radius auth and have it working.
Thought the basic NT auth should work and be easy to setup. I just may go with the ISA server if NT dont work.

Similar Messages

Remote access VPN with ASA 5510 using DHCP server

Hi,
Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
ASA Version 8.2(5)
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.6.0.12 255.255.254.0
ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface inside
crypto isakmp enable inside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
vpn-addr-assign aaa
vpn-addr-assign dhcp
group-policy testgroup internal
group-policy testgroup attributes
dhcp-network-scope 10.6.192.1
ipsec-udp enable
ipsec-udp-port 10000
username testlay password *********** encrypted
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
default-group-policy testgroup
dhcp-server 10.6.20.3
tunnel-group testgroup ipsec-attributes
pre-shared-key *****
I got following output when I test connect to ASA with Cisco VPN client 5.0
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable Matches global IKE entry # 1
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
[OK]
kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT Client Application Version: 5.0.07.0440
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected. No last packet to retransmit.
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048) <state>, <event>: TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740) <state>, <event>: AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating: flags 0x0945c001, refcnt 0, tuncnt 0
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Regards,
Lay

For RADIUS you need a aaa-server-definition:
aaa-server NPS-RADIUS protocol radius
aaa-server NPS-RADIUS (inside) host 10.10.18.12
key *****
authentication-port 1812
accounting-port 1813
and tell your tunnel-group to ask that server:
tunnel-group VPN general-attributes
authentication-server-group NPS-RADIUS LOCAL
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

ISE 1.2 Authentication fails for 2nd AD domain with the forest trust relation

We are running cisco ISE 1.2, we have new AD domain with forest trust relation between both the new and the old. authentication to with the new domain fails.
Is there any requirements or configurations change needs to be done to make it success?

Use the license that is currently on your ISE. If your account has access to download the software, then you are good. The license will not change during the upgrade. If you are using ISE 1.2 Patch 8 or above, then you are using the same Base/Plus?Apex Licensing model.
If you are not yet on Patch 8, the you are using Base/Advanced and these will be converted during the upgrade.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton

Problem with ASA 5505 VPN config

Hi to all,
I have a problem with ASA 5505 remote access vpn. I have site-to-site VPN and I need that my VPN clients can access IP subnets that I have behind site-to-site VPN. All that I have tried I get and error to my log “Flow is a loopback”.
So what I need : for example I need that vpn client with ip 10.0.0.1 can go to 192.168.1.2
My config:
access-list Test_splitTunnelAcl standard permit host 10.0.2.3
access-list Test_splitTunnelAcl standard permit host 10.0.2.4
access-list Test_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list nonat_outside extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0
ip local pool VPN_Client_Pool2 10.0.0.1-10.0.0.200 mask 255.255.255.0
nat (outside) 0 access-list nonat_outside
nat (outside) 1 10.0.0.0 255.255.255.0
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Test_splitTunnelAcl
Site-to-Site:
crypto map outside_map 3 set peer 195.233.x.x
access-list outside_3_cryptomap extended permit ip object-group DM_INLINE_NETWORK_2 object-group DM_INLINE_NETWORK_4
object-group network DM_INLINE_NETWORK_2
network-object 10.0.2.0 255.255.255.0
network-object 10.0.3.0 255.255.255.0
object-group network DM_INLINE_NETWORK_4
network-object host 192.168.2.70
network-object host 192.168.3.55
network-object 192.168.1.0 255.255.255.0
I hope that someone can post an answer and solve my problem

A few things are required:
1) You don't need the following 2 lines, so it can be removed:
nat (outside) 0 access-list nonat_outside
nat (outside) 1 10.0.0.0 255.255.255.0
2) On the ASA, you need to configure:
same-security-traffic permit intra-interface
3) Object group: DM_INLINE_NETWORK_2 needs to include 10.0.0.0/24
4) On the remote lan-to-lan end, the crypto ACL also needs to include 10.0.0.0/24 as the destination subnet.
5) The NAT exemption (NONAT) on the remote lan-to-lan end also needs to include 10.0.0.0/24 as the destination subnet.
Hope that will resolve your problem.

Can I run 2 different domains with same name but on 2 different machines?

I am trying to setup 2 domains with same name (sharedcds1) on 2 different machines (Machine1 and Machine2).
 When I start the weblogic managed server 1 (sharedcds1managedserver1) on Machine2, it throws an error saying it has some conflicts with the managed server 1 running on Machine1. How did the managed server of one machine know about the other server. Can I run 2 different domains with same name but on 2 different machines?
 Here is the error in the log -
 <Jun 14, 2005 10:53:29 AM EDT> <Error> <Cluster> <BEA-000123> <Conflict start: You tried to bind an
 object under the name weblogic.transaction.coordinators.sharedcds1managedserver1 in the JNDI tree.
 The object from 4596206652609838848S:130.170.61.153:[9505,9505,-1,-1,9505,-1,-1,0,0]:sharedcds1:s
 haredcds1managedserver1 is non-clusterable, and you have tried to bind more than once from two or m
 ore servers. Such objects can only be deployed from one server.>
 <Jun 14, 2005 10:53:29 AM EDT> <Error> <Cluster> <BEA-000123> <Conflict start: You tried to bind an
 object under the name weblogic.transaction.coordinators.sharedcds1managedserver1 in the JNDI tree.
 The object from 8842351474821025197S:130.170.61.154:[9505,9505,-1,-1,9505,-1,-1,0,0]:sharedcds1:s
 haredcds1managedserver1 is non-clusterable, and you have tried to bind more than once from two or m
 ore servers. Such objects can only be deployed from one server.>
 Thanks
 Satish

Yes you can. Make sure that domains configured to use different multicast address. WLS uses multicast for communications between nodes in domain.
 although your configuration will work, you could have troubles if you going to execute inter-domain calls between domains/servers with the same names.

How Can i Use two Different Public IP Addresses no my DMZ with ASA Firewall.

How To Using Two Different Public IP Address on My DMZ with ASA 5520
Postado por jorge decimo decimo em 28/Jan/2013 5:51:28
Hi everyone out there.
can any one please help me regarding this situation that im looking for a solution
My old range of public ip address are finished, i mean (the 41.x.x.0 range)
So now i still need to have in my DMZ another two servers that will bring some new services.
Remember that those two server, will need to be accessable both from inside and from outside users (Internet users) as well.
So as i said, my old range of public ip address is finished and we asked the ISP to gives some additional public
ip address to address the need of the two new servers on DMZ. and the ISP gave us the range of 197.216.1.24/29
So my quation is, on reall time world (on the equipment) how can i Use two different public ip address on the same DMZ
on Cisco ASA 5520 v8??
How my configuration should look like?
I was told about implementing static nat with Sub Interfaces on both Router and ASA interface
Can someone please do give me a help with a practical config sample please. i can as well be reached at [email protected]
attached is my network diagram for a better understanding
I thank every body in advance
Jorge

Hi,
So looking at your picture you have the original public IP address range configured on the OUTSIDE and its used for NAT for different servers behind the ASA firewall.
Now you have gotten a new public IP address range from the ISP and want to get it into use.
How do you want to use this IP address range? You want to configure the public IP addresses directly on the servers or NAT them at the ASA and have private IP addresses on the actual servers (like it seems to be for the current server)?
To get the routing working naturally the only thing needed between your Router and Firewall would be to have a static route for the new public network range pointing towards your ASA OUTSIDE IP address. The routing between your Router and the ISP core could either be handled with Static Routing or Dynamic Routing.
So you dont really need to change the interface configuration between the Router and ASA at all. You just need a Static route pointing the new public IP address towards the ASA outside IP address.
Now when the routing is handled between the ISP - ISP/Your Router - Your Firewall, you can then consider how to use those IP addresses.
Do you want to use the public IP addresses DIRECTLY on the HOSTS behind the firewall?This would require you to either configure a new physical interface with the new public IP address range OR create a new subinterface with the new public IP addresses range AND then configure the LAN devices correspondingly to the chosen method on the firewall
Do you want to use the public IP addresses DIRECLTY on the ASA OUTSIDE as NAT IP addresses?This would require for you to only start configuring Static NAT for the new servers between the inside/dmz and outside interface of the ASA. The format would be no different from the previous NAT configuration other than for the different IP addresses ofcourse
Of the above ways
The first way is good because the actual hosts will have the public IP addresses. Therefore you wont run into problems with DNS when the LAN users are trying to access the server.
The second way is the one requiring the least amount of configurations/changes on the ASA. In this case though you might run into problem with DNS (to which I refer above) as the server actually has a private IP address but the public DNS might reply to the LAN hosts with a public IP address and therefore connections from LAN could fail. This is because LAN users cant connect to the servers OUTSIDE NAT IP address (unless you NAT the server to public IP address towards LAN also)
Hopefully the above was helpfull. Naturally ask more specific questions and I'll answer them. Hopefully I didnt miss something. But please ask more
I'm currently at Cisco Live! 2013 London so in the "worst case" I might be able to answer on the weekend at earliest.
- Jouni

I have a domain with 2 DCs (both virtual machines) in different Hyper-V Hosts. Dose this case make any influence on the time sync?

As title,
I have a domain with 2 DCs (both virtual machines) in 2 different Hyper-V Hosts, and one of the perform as a PDC Emulator.
Dose this case make any influence on the time sync?
i.e. Both of the VMs sync with Hyper-V host, instead the other host should sync with the PDC Emulator?
I run w32tm command and get the following result:
C:\Users\Administrator.DOMAIN8>w32tm /query /computer:dc8.domain8.local /source
VM IC Time Synchronization Provider
C:\Users\Administrator.DOMAIN8>w32tm /query /computer:hpvzh05.domain8.local /source
VM IC Time Synchronization Provider
HPVZH05.domain8.local works as PDC server.
How can I make DC8 sync with HPVZH05?

Awesome!
It looks like your PDC is successfully pulling time from an external source. DC8 is not longer pulling from Hyper-V so that is good.
When you set a client to pull from a source ( and in this case DC8 is pulling from NT5DS, which tells it to pull from the PDC), and it CAN'T pull from that source, it will default to Local CMOS Clock. This is likely an easy fix.
First, check connectivity:
- Method one- Download Portqry and run this command: portqry -n HPVZH05 -p both -e 123 and see if the results say listening, or
- Method two- Run this command from DC8: w32tm /stripchart /computer:HPVZH05
If you get any kind of error using method two, it's a connectivity issue. (Maybe you have a firewall that's blocking access?)
The other cause of this, and probably more likely in your case, is that your PDC isn't properly advertising as a reliable time source, so DC8 isn't 'allowed' to pull from it.
Try running this command on your PDC: w32tm /config /reliable:yes
Then go restart time on your PDC, THEN DC8 again. (net stop w32time & net start w32time)
Here's an article you can reference: http://technet.microsoft.com/en-us/library/cc794937(v=WS.10).aspx
- As always, if you find my posts to be helpful, please mark it appropriately. Thank you :)
Chris Ream

How do I create an Integration Domain with 3 servers ?

Hi,
I would like to create a WLI domain with three servers: 
Ã˜ One for the administration console; 
Ã˜ One for WLI; 
Ã˜ And the last to deploy EJB Session (which are the service called by WLI) 
To create the domain, I use the WLI 8.1 SP4 Configuration Wizard. 
After creating the domain with 3 services, I have not succeeded to start the WLI Server. 
For another test, I would like to create a WLI domain with two servers: 
Ã˜ One for the administration console and WLI; 
Ã˜ And the last to deploy EJB Session 
To create the main server, I have used the configuration wizard. For the other, I have used the console administration. With this configuration, the message brocker was not initialised. 
For the last test, I have created a domain with single server and I had no errors. 
So, my question is: What is the method to create a domain with three servers? 
Thanks for your help 
Case 1: Test to define 3 servers
<4 nov. 2005 14 h 45 CET> <Notice> <WebLogicServer> <BEA-000328> <Starting WebLogic Managed Server "etsoWLI" for domain "complexDomain">
The WebLogic Server did not start up properly.
weblogic.management.AbortDeploymentException: weblogic.t3.srvr.FatalStartupException: Can't start server due to startup class failure WLI Startup Class - with nested exception:
[com.bea.wli.management.BPMComponentInitializationException: Failed to initialize ProcessConfiguration module]
at weblogic.t3.srvr.StartupClassService.addDeployment(StartupClassService.java:92)
at weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentTarget.java:337)
at weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(DeploymentTarget.java:597)
at weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(DeploymentTarget.java:575)
at weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(DeploymentTarget.java:241)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:754)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:733)
at weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBeanImpl.java:509)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:954)
at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProxy.java:481)
at weblogic.management.configuration.ServerMBean_Stub.updateDeployments(ServerMBean_Stub.java:7691)
at weblogic.management.deploy.slave.SlaveDeployer.updateServerDeployments(SlaveDeployer.java:1304)
at weblogic.management.deploy.slave.SlaveDeployer.resume(SlaveDeployer.java:347)
at weblogic.management.deploy.DeploymentManagerServerLifeCycleImpl.resume(DeploymentManagerServerLifeCycleImpl.java:229)
at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:131)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:966)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:361)
at weblogic.Server.main(Server.java:32)
Reason: [Deployer:149601]The deployment framework was unable to resume accepting requests.weblogic.t3.srvr.FatalStartupException: Can't start server due to startup class failure WLI Startup Class - with nested exception:
[com.bea.wli.management.BPMComponentInitializationException: Failed to initialize ProcessConfiguration module]
<4 nov. 2005 14 h 45 CET> <Emergency> <WebLogicServer> <BEA-000342> <Unable to initialize the server: [Deployer:149601]The deployment framework was unable to resume accepting requests.weblogic.t3.srvr.FatalStartupException: Can't start server due to startup class failure WLI Startup Class - with nested exception:
[com.bea.wli.management.BPMComponentInitializationException: Failed to initialize ProcessConfiguration module]>
 
Case 2 : Test to define 2 servers 
<4 nov. 2005 15 h 03 CET> <Error> <WLI-Core> <BEA-484037> <Process Tracking failed to initialize properly. Tracking data cannot be recorded for process typ
e "/MailProcess/processes/process02.jpd".>
<4 nov. 2005 15 h 03 CET> <Error> <WLI-Core> <BEA-481000> <The Message Broker is not initialized>
<4 nov. 2005 15 h 03 CET> <Error> <WLW> <000000> <Failed to register subscriptions for JPD /MailProcess/processes/process02.jpd
java.lang.RuntimeException: The Message Broker is not initialized
at com.bea.wli.broker.MessageBroker.getMessageBroker(MessageBroker.java:277)
at com.bea.wli.control.MBUtils.registerSubscriptionRules(MBUtils.java:99)
at com.bea.wli.bpm.runtime.JpdDispFile$3.run(JpdDispFile.java:903)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at com.bea.wli.bpm.runtime.JpdDispFile.registerSubscriptions(JpdDispFile.java:912)
at com.bea.wli.bpm.runtime.JpdDispFile.<init>(JpdDispFile.java:212)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at com.bea.wlw.runtime.core.dispatcher.DispUnit.loadDispFile(DispUnit.java:219)
at com.bea.wlw.runtime.core.dispatcher.DispUnit.<init>(DispUnit.java:153)
at com.bea.wlw.runtime.core.dispatcher.DispCache.ensureDispUnit(DispCache.java:578)
at com.bea.wlw.runtime.core.dispatcher.HttpServerHelper.getDispUnit(HttpServerHelper.java:501)
at com.bea.wlw.runtime.core.dispatcher.HttpServerHelper.executeGetRequest(HttpServerHelper.java:541)
at com.bea.wlw.runtime.core.dispatcher.HttpServer.doGet(HttpServer.java:81)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3764)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
javax.management.InstanceNotFoundException: lastEtsoDomain:Location=etsoMain,Name=MsgBroker,Type=MsgBrokerRuntime (admin server:true)
at weblogic.management.internal.MBeanHomeImpl.getMBean_helper(MBeanHomeImpl.java:145)
at weblogic.management.internal.MBeanHomeImpl.getMBean(MBeanHomeImpl.java:130)
at weblogic.management.internal.MBeanHomeImpl.getRuntimeMBean(MBeanHomeImpl.java:557)
at weblogic.management.internal.MBeanHomeImpl.getRuntimeMBean(MBeanHomeImpl.java:549)
at weblogic.management.internal.AdminMBeanHomeImpl.getRuntimeMBean(AdminMBeanHomeImpl.java:580)
at com.bea.wli.management.MBeanHelper.getMsgBrokerRuntimeMBean(MBeanHelper.java:549)
at com.bea.wli.bpm.runtime.__broker.listSubscriptions(__broker.java:178)
at com.bea.wli.bpm.runtime.__broker._jspService(__broker.java:833)
at com.bea.wlw.runtime.core.dispatcher.ServiceView.dispatchToPage(ServiceView.java:269)
at com.bea.wlw.runtime.core.dispatcher.ServiceView.forward(ServiceView.java:438)
at com.bea.wlw.runtime.core.dispatcher.HttpServerHelper.executeGetRequest(HttpServerHelper.java:617)
at com.bea.wlw.runtime.core.dispatcher.HttpServer.doGet(HttpServer.java:81)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3764)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

To use 3 managed servers with Weblogic, I must a cluster environment.
Weblogic say: "WebLogic Integration domain that includes an administrative server and one or more managed servers must include a cluster. A WebLogic Integration domain that includes an administrative server and one or more managed servers without a cluster is an unsupported configuration."
Fred

Migrating multiple domains with same name - how? Rename? Migrate through temporary domain?

Hi,
we have acquired another company, and they have multiple, separate domains with the same name (every site has a domain with NetBIOS name "COMPANY" and DNS name "company.local"). Now we want to migrate all these domains into ours using
ADMT.
Unfortunately, we did not manage to migrate one of these domains completely, so the trust must remain established for some time. But we have to continue with the second domain - which normally would require a trust, but of course we can't establish a trust
to two domains with the same name at the same time.
I found two potential solutions for the dilemma, but I'm not sure if both are reasonable:
1) Rename the domain with RENDOM.EXE to COMPANY2 and company2.local and then migrate with ADMT
2) Migrate COMPANY to a temporary domain such as COMPANYTEMP and then migrate from COMPANYTEMP to our domain
Given that there are roughly 100 users, 2 domain controllers and 8 other servers, what would be the better approach? Is option 2 possible at all, so would I be able to use the sidHistory attribute migrated from the original COMPANY domain in our domain at
all?
There is also an Exchange 2007 server, which seems to make option 1 impossible unless we find another way to migrate it (like, export all mailboxes to PST before migration) ...

Ok, that's what I expected. Still, I have servers in the old domain, so if I do these steps:
first create a new temporary domain i.e COMPANYTEMP and
create trust between COMPANYTEMP -
COMPANY(Right)
then do the migration with sidHistory from COMPANY(right) --> COMPANYTEMP ,
disconnect the domain COMPANY(right) ,
users will lose connectivity to any servers in the domain. I understand that it does not work with all domains connected? Of course I can't make OURCOMPANY's domain controllers see the DCs of COMPANY (right) in DNS (though I could achieve it the other way
round).
My original plan was:
first create a new temporary domain i.e COMPANYTEMP and
create trust between COMPANYTEMP -
COMPANY(Right)
then do the migration with sidHistory from COMPANY(right) --> COMPANYTEMP ,
create trust between OURDOMAIN and COMPANYTEMP
then do the migration with sidHistory from
COMPANYTEMP --> OURDOMAIN,
Migrate users
Migrate computers
Migrate servers
remove trusts and old domain
But I see that this will not work out, right? So, my only option would be:
first create a new temporary domain i.e COMPANYTEMP and
create trust between COMPANYTEMP -
COMPANY(Right)
then do the migration with sidHistory from COMPANY(right) --> COMPANYTEMP ,
Migrate computers and servers to COMPANYTEMP
Install new Exchange server in COMPANYTEMP
migrate mailboxes to COMPANYTEMP
disconnect / abandon COMPANY(right)
create trust between OURDOMAIN and COMPANYTEMP
then do the migration with sidHistory from COMPANYTEMP
--> OURDOMAIN,
Migrate users
Migrate computers
Migrate servers
Migrate mailboxes
remove trusts and old domain
And to minimize user impact, all this would have to be done in one go (over night), which is hardly possible .........................

How to delete multiple data domains with single step ?

how to delete multiple data domains with single step ?

You can go to your Endeca-Server domain home e.g.($WEBLOGIC-HOME$/user_projects/domains/endeca_server_domain/EndecaServer/bin)
run
[HOST]$ ./endeca-cmd.sh list-dd
default is enabled.
GettingStarted is enabled.
endeca is enabled.
BikeStoreTest is enabled.
create a new file from the output just with the domains that you want to delete and then create a loop
[HOST]$ vi delete-dd.list
default
GettingStarted
endeca
BikeStoreTest
[HOST]$ for i in $(cat delete-dd.list); do; ./endeca-cmd.sh delete-dd $i; done
Remember that this can not be undone, unless you have a backup.

Reg : Creation of domain with 8130 characters

Hi Experts,
I want to create Domain with 8130 characters...
Can anybody suggest..
Thanks & Regards,
Mahendar.

I don't think string can contain 8130 characters
mahendar, can you please tell us what option you used

Two soa domain with same name "TestSOADomain" sharing same SOA schema ?

I tried creating two soa domain with same name "TestSOADomain" (different path) sharing same SOA schema .However one domain came UP to Running mode and other domain going to AdminMode and "soa-infra" application of that domain is not active.
I do want to understand can this be possible with SOA ,ie. two soa domain sharing same SOA schema ?
If possible what are all the problems might come
1. While executing soa composites with asyncronous behaviour ?
2. How the polling services will work ?
3. will the XREF_DATA table ROW_NUMBER column inserted uniquely while inserting data from two different domain into same SOA schema ?
4. Other issues ?
Thanks

Each domain is expected to refer to its own unique database schema. Same SOA schema should not be shared by multiple SOA clusters/domains. It is technically possible though, I suppose, and still can run fine any one SOA environment at any given time with the other SOA environments/domains (sharing the same SOA schema) shutdown. It is not the general/recommended practice to share SOA schema across domains and there could be potential implications and unexpected behavior, particularly when the SOA environments pointing to the same schema are all running at a time.

Tacacs+ access issue with ASA firewall after integrating with RSA SecureID

Hi,
In my earlier post, I raised the same question but let me rephrased it again. I have configured TACACS+ in cisco ASA firewall and able to access . But when I integrated it with RSA secure ID , I am not able to enter in enable mode. It is not accepting enable password nor RSA passcode. I have created enable_15 in ASA , ACS and RSA server but no luck.
Did any one face similar issue with ASA access ?
Rgds
Siddhesh

Hi Siddesh,
In order to help you here, I need to know few things:
1.] Show run | in aaa
2.] When you enter enable password on ASA CLI, what error do you see on ACS > Monitoring and reports > AAA protocols > tacacs authentication > "look for the error message"
3.] Turn on the debugs on ASA "debug tacacs" and "debug aaa authentication" before you duplicate the problem.
~BR
Jatin Katyal
**Do rate helpful posts**

Changing a DC in Domain, with Same name and IP

hey we have a domain with 3DC (srv1, DC Operation Master and GC ; srv2 DC and GC ; and srv3 only DC)
srv3 is a file server with many shares like //srv3/folder/myfiles
so i really want to keep the name and IP!!
my plan is to degrade the srv3 to normal server and add to a workgroup.
Delete it from ad under domain controllers. So my domain only works with my two domain controllers.
Wait 1 or 2 Days. perhaps do a manuel replication ... so be clear tat the srv3 is really removed from the domain.
And after all i would take my brand new Server give him same name and ip an add him to the domain. level him up to a dc and i hope all would be fine :)

Greetings!
Just demote the DC successfully (No Force Removal!)and check the replication between two domain controllers. If everything were in good condition you can use the same IP and Name in a new server. No need to wait for couple of days.
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?

Quick Question - Setting up Personal Domain with godaddy

Hi there
Just a quick question to make sure I've done this correctly?
Ok, I've published my iWeb website.
I've purchased a personal domain with godaddy.
I've set up the personal domain in my mobile me account.
I then logged into my godaddy account and went to 'Total DNS Control and MX Records'
I changed the following under CNAME (Aliases)
www web.me.com 1 Hour
and then added a new CNAME Record
www.*******.com web.me.com 1 Hour
Have I done this all correctly?
Will it take a few hours to take effect?
Anything else I need to consider?
Thanks for reading.
Ross

CNAME settings can take up to 24 hours to take effect.
As long as you have forwarded your domain name to web.me.com, then it should be okay.

NT domain with asa

Similar Messages

Maybe you are looking for