Number of Trusted Hosts Limit on Cisco IDM

Similar Messages

• Supported number of Hypervisor hosts in SCVMM 2012 R2

  Hi,
  I would like know the number of hypervisor hosts (Hyper-V, VMWare, Citrix XEN) supported in single instance of SCVMM 2012 R2.
  This would help me to design and size the SCVMM environment.
  Any help would be highly appreciated!!!
  Thanks
  Kumaresan Lakshmanan

  There's not a hard limit, but everythign depends on tha amount of resources you are managing (network, storage, hosts, vms etc).
  These are guidelines of recommendation. If more resources managed, then you also need to scale according to that.
  -kn
  Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )

• Ips 4510 error adding trusted host.

  Hello.
  I'm trying to get event logs from my ips 4510 into splunk.
  When I add the host on which splunk is running as a "trusted host" I get the error:
  Cannot add #.#.#.# as a trusted host.  errTransport-socket connect failed [4,111]
  There are no firewalls enabled on the splunk host.
  On the splunk side, I've installed Cisco Security Suite and Cisco IPS applications.
  The splunk logs show it's able to connect to the host, but then throws the following error:
  URLError: <urlopen error Tunnel connection failed: 503 Service Unavailable>.
  Not sure at this point if I need to configure something else before being able to add the splunk host as a trusted host?
  Any info appreciated.
  Thanks.

  Hi Jamoser,
  Could you try to ping the IPS from client? If it works, can you check there is no device in traffic path blocking TCP 443 to IPS? Can you do a capture on IPS to see if request on TCP 443 is indeed reaching the IPS?
  Sourav

• Trusted host on SPA2102

  Product Name: SPA-2102
  Software Version: 5.2.5
  Can I write trusted host (remote admin server) on SPA2102?

  If you are just talking stand alone with the SPA2102, I think the only option is really via remote management. Unfortunately, this is not a trusted connection as what you wanted to be. As long as the other party knows the WAN IP address being received by the SPA-2102 and the port being used, the PC can access the unit unless you set up both the user and admin view for a password.  
  I suggest contacting Cisco Tech support to further look into your concern. I believe this unit belongs to the business series devices that Cisco is now supporting. Try to go to this link for the other business series devices and the site where you can get hold of Cisco for support: 
  http://www.cisco.com/web/products/linksys/index.html

• IDSMC 2.0 TLS trusted host

  I just upgraded to IDSMC 2.0 today. When I try to do signatures updates to a 4.1 sensor, the job fails with this error below. I already added the VMS server as a trusted TLS host on the sensor. Rebooted.
  Any ideas? Do I need to add the sensors cert to the VMS server somehow?
  Status Messages
  Sensor bbimainsae01: Signature Update Process
  TLS Trusted Host Certificate difference found, updating sensor certificate for the MC.
  The trusted certificates on the sensor 172.16.1.153 have been updated.
  An error occurred while running the update script on the sensor named bbimainsae01. Detail = An error occurred at the sensor during the update, sensor message = The host is not trusted. Add the host to the system's trusted TLS certificates.

  We've seen a few of these cases, but have not been able to gather enough information to understand where the breakage is occurring.
  The first thing to do is to log into the IDS unit as an administrative user (i.e., "cisco"). Make sure the time on the sensor is accurate. Then take a look at the list of trusted certificates. Next, remove the certificate for the VMS server and re-trust it manually. Finally, attempt the upgrade command manually from the IDS CLI.
  Here are the commands to enter into the IDS CLI to perform these actions. The example uses "10.1.2.3" for the IP address of the VMS host, and "IDS-sig-4.1-4-S128.rpm.pkg" as the name of the package you want to apply to the sensor:
  sensor# show clock
  *03:27:22 UTC Wed Dec 01 2004
  sensor# configure terminal
  sensor(config)# service trustedCertificates
  sensor(config-TrustedCertificates)# show settings
  trustedCertificates (min: 0, max: 500, current: 0)
  sensor(config-TrustedCertificates)# exit
  sensor(config)# tls trusted-host ip-address 10.1.2.3 port 443
  Certificate MD5 fingerprint is 0A:CB:6F:B5:F8:F8:85:05:5B:5D:7D:0B:73:E1:14:A6
  Certificate SHA1 fingerprint is CF:9D:85:60:CA:31:99:26:64:26:39:23:AE:66:E8:3C:BC:68:12:02
  Would you like to add this to the trusted certificate table for this host?[yes]:
  Certificate ID: 10.1.2.3 succesfully added to the TLS trusted host table.
  sensor(config)# upgrade https://10.1.2.3/ids-config/vms/sensorupdate/IDS-sig-4.1-4-S128.rpm.pkg
  Warning: Executing this command will apply a signature update to the application partition.
  Continue with upgrade? : yes
  If the tls trusted-host command does not succeed, we will need to obtain a packet capture to diagnose why. I've provided instructions for doing this elsewhere in this forum. (Search for recent articles by me.)
  If you can get the tls trusted-host command to succeed, but the upgrade command fails, then we need to see what might be wrong with the certificate on the VMS server.
  If both commands succeed manually, you can re-import the sensor in VMS so it will detect it is running the new version. We will then need to wait until the next signature update to see what happens when you use VMS to upgrade the sensor.

• TLS trusted-host

  Certificate on IDSM Console expired. Created new certificate, then deleted and add IDS Sensor using discovery. Login to IDS sensor verified clock on matched IDSM Console, then removed trusted-host and re-add to generate new certificate. Cert on sensor doesn't match IDSM Console cert. Still getting TLS trusted host errors when trying to do signature updates. Am I missing a step? Any suggestions? Thanks,

  If it is the IDSM-2 certificate that expired, then the steps are correct.
  My assumption, however, is that the error you are receiving is not because the IDSM-2 certificate has expired, but instead it is the VMS certificate that has expired.
  You would need to create a new certificate for the VMS itself. Then go to the sensor and remove the sensor's knowledge of the VMS old certificate and tell it to grab the new VMS certificate.
  Here is how you tell the sensor to grab VMS's new certificate:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/clitasks.htm#wp1036631
  I am not sure what the steps are to create a new certificate on the VMS itself.

• He instance with number 4 on host could not be started within the specified timeout.

  Hi,
  We are upgrading our BW Java from 7.0 to 7.4 SPS 07 and are in now in Execution Phase.
  Java system is not getting started.
  An error has occurred during the execution of the Start Java step.
  Could not start SAP instance with number 4. The instance with number 4 on host <hostname> could not be started within the specified timeout.
  In error logs
  Jul 8, 2014 11:31:16 AM [Error ]: Start of instances exceeded the timeout of 7200s.
  Jul 8, 2014 11:31:16 AM [Warning]: The instance could not be started. Will retry after a pause of 15 seconds.
  Jul 8, 2014 11:31:31 AM [Error ]: The following problem has occurred during step execution: com.sap.sdt.util.diag.DiagException: Could not start SAP instance with number 4.
  The instance with number 4 on host <hostname> could not be started within the specified timeout.
  Can you please help
  Thanks & Regards
  Amit Shedge

  Hi Amit,
  Please check if the instance exists in the system instance list with number 4 and <hostname>.
  sapcontrol -nr 04 -function GetSystemInstanceList
  If so, add SAPLOCALHOST and SAPLOCALHOSTFULL parameters to the following Java and SCS instance parameter files.
  Java instance parameter file: /SUM/sdt/<SID>/SYS/profile/<SID>_JC04_<hostname>
  SCS instance parameter file: /SUM/sdt/<SID>/SYS/profile/<SID>_SCSXX_<hostname>
  After adding the parameters, restart the sapstartsrv services for both of the above instances:
  sapcontrol -nr 04 -function RestartService
  sapcontrol -nr XX -function RestartService
  Repeat the failed step.
  BR,
  Alper Somuncu

• I have purchased Adobe Acrobat XI Pro.  I have a serial number (removed by host)  I purchased this product after the free test period had expired.  Now I cannot enter the serial number into the website because it says that the product is not

  I have purchased Adobe Acrobat XI Pro. I purchased it after the free test period had expired.  In the drop down menue on the website XI Pro is not listed so I cannot enter the serial number [removed by host].  So I cannot use the program.  John Steele.  [personal information removed by host]  Thank you

  @Bill, I removed your post, since its subject now contained the serial number which I could not remove.
  Bill’s original reply: I cannot edit your post. Please remove the S/N ASAP. You should never post S/Ns.
  I will add to Bill’s reply and add that you should not post your phone numbers or other personal information on the internet.

• My Mac PRO (serial number  edited by host )has installed OS X Lion 10.7.5. Can I update it to OS Mountain Lion to work Airplay with apple TV?

  My Mac PRO (serial number    <edited by host>) has installed OS X Lion 10.7.5. Can I update it to OS Mountain Lion to work Airplay with apple TV?

  Welcome to Apple Support Communities
  The serial number doesn't tell us anything. Open  > About this Mac > More Info, and tell us the first two lines of the window, where you should see MacBook Pro and a line below, which indicates the model you have:
  That's what I see on my Mac. AirPlay Mirroring requires an Early 2011 or newer MacBook Pro, so if you see Early 2011 MacBook Pro or newer in that line, you can use AirPlay Mirroring. Read > http://support.apple.com/kb/HT5404
  If you want to upgrade, make a backup of your files and check that your applications are compatible > http://www.roaringapps.com Then, open the Mac App Store and purchase Mountain Lion. When the download finishes, the Mountain Lion installer will appear, so follow the steps. After upgrading, you will see the AirPlay icon on the menu bar.
  If you don't want to upgrade, you can use an application like Beamer or AirParrot

• Import Network host objects to Cisco Security Manager

  Is it possible to import complete lists of Network Hosts objects to Cisco Security Manager?
  Exporting the hosts already defined in the ASAs is easy but how to import them in CSM??
  Thanks

  No hostnames discovered go the Policy Object Manager (nor to the Access rules), only group-names (there's a bug in ASAs related to single host names too). The way CSM handles single hosts is previously creating them, so when we later discover devices, the single hosts names set in the discovered device are not considered, only their IP addresses; then you can see that in the discovered access rules CSM shows the hostname as the previously defined ones in the Policy Object Manager. If you dont define those hostnames before the device discovery, you will only see IP addresses, no hostnames, no matter they are set in your firewalls.
  Imagine discovering a couple FWSM modules with 500 access rules, and you only get to see the IP addresses of the 2,500 hosts on your network. And you have all those hosts already defined in your FWSM firewalls, when you log via ASDM you view your hard created rules with hostnames, and when you log to CSM you only view IP addresses. The clients get very disappointed with CSM after that, and discard it. The bigger the network, the faster they reject CSM.
  The only way to add hosts in the Policy Object Manager is 1 by 1. But as this may have happened to more than one company and considering how easy it is to code a feature like that, I assume that it's possible to import a complete list of single hosts to CSM.
  is that really possible? it should be.
  thanks for the replies so far

• Trusted Host Check Failed for RFC SAPLSOVLROOM

  Hi,
  We are using SAP Enterprise Learning 7.5.
  In RFC SAPLSOVLROOM, got a below error in response body.
  Trusted host check : failed
  The host that you are calling from is not configured as trusted. See
  the configuration guide for information about how configure a host as
  trusted.
  Added hostname in the trusted hosts of the sap_servlet_config.xml.
  Also followed Note 1471989 - SAP Enterprise Learning 7.5 - Trusted host check:failed
  Still the trusted host check alone getting failed. Other Checks for the RFC is sucessful.
  Regards,
  Raja. G

  Raja, did you figure out what was going on here?  We have similar situation.  Hosta are listed in trusted hosts section, but we get error when doing connection check in sm59 if we use a https connection, but not if we use http connection.  There are no ssl errors anywhere, but it fails the same as yours.
  If you have any update. Please reply.

• Trusted hosts

  In trusted hosts,when i am doing rlogin to another host gives error "connection time out" what could be problem.Give solution

  Users attempting to use rlogin must be validated. Validation can be performed by the remote computer (the one you are logging into) or by the network environment. If the remote computer is to validate you, one of three conditions must exist.
  1     First, the user account you are using must be located on the remote machine, and you must provide a correct password when prompted.
  2     Second, the remote machine must have an /etc/hosts.equiv file set up.
  3     Third, the remote machine must have an .rhosts file configured.

• Onfigure a WAP54G to act as a repeater for my wireless network hosted by a Cisco/Linksys WAP610AP

  How can I configure a WAP54G to act as a repeater for my wireless network hosted by a Cisco/Linksys WAP610AP
  I am using ONLY 2.4GHz wireless band on the WAP610AP running Firmware Version 1.0.04
  The signal from WAP610AP is weak in my home office and I would like to use the WAP54G as the repeater. Is this possible? If yes, please help!
  TIA

  This statement is according to the WAP’s user interface: When set to "AP Client" and "WirelessBridge" mode, this device will only communicate with another Linksys Access Point (WAP54G). When set to "Wireless Repeater" mode, this device will only communicate with another Linksys Access Point (WAP54G) and Linksys Wireless-G Router (WRT54G). In a nutshell, the WAP54G may have a big possibility that it will not work on that device.

• My Site Trusted Host Location (still 2010)

  Can My Site site collection still be the 2010 flavor using SharePoint 2013 My Site Host.
  A group of My Sites does not want to be upgraded, and remain SharePoint 2010.  Is it supported to setup a Trusted Host Location which points to the SharePoint 2010 Farm?
  Is it supported for a SharePoint 2013 User Profile Service Application to use a SharePoint 2010 My Host Site Template?  I would think many things would break?
  So the comprise would be to keep some My Site Site Collections in a SharePoint 2010 Farm as a Trusted Location.
  Any thoughts...
  Thanks in advance.

  A SharePoint 2010 Farm can consume services from a SharePoint 2013 farm, but not the other way around.  Normally any service farm is upgraded first.  So no, to the best of my knowledge you can not use a SharePoint 2010 My Site Host as a Trusted
  Host location in the 2013 farm.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Revoking trusted host

  When experimenting with different Exchange and HTTP server settings (for calendar subscription) I had to accept a certificate I don't want to trust forever.
  Although I deleted the account under Mail, Contacts & Calendar settings, the iPhone still seems to trust the certificate: When I re-enter the account information, I am not asked if I want to trust, the connection is simply established.
  Which options do I have to delete that host from the list of trusted hosts? Will resetting the network settings suffice? Or resetting all settings? Or do I have to backup / restore the iPhone completely?
  Thanks for input on this!

  I've also ended up with this problem - there is a firewall in one location where I use connect my iPhonew over wifi which, before I had done the http based login, must have responded to the exchange connections SSL request instead of the gmail exchange server.
  I don't really want to trust this server, and I've been searching for a way to revoke trusted hosts with no luck so far.
  As a side note, this has caused my iPhone to think the firewall is a valid gmail exchange server, and after re-requesting the password a few times times will give up until the phone is restarted if I leave the wifi on and have to reject the prompt (in order to http login).
  Would be great to hear if anybody knows how to achieve the revocation.
  Thanks, Alex J Burke.