Out of band config changes and CSM

  Were running CSM 3.3.1 SP1 on a windows machine.  We aquired a company and have found that they were making out of band changes without the use of CSM directly from the CLI.  Is there any easy way to sync the running config on the ASA firewalls to the CSM server?  I dug in help files but nothing really pointing me where to go. 
Thanks for any help!

Hello,
The easiest/fastest way to do this is to right-click on the device in CSM's device inventory and select "Rediscover policies on device". This will clear the configuration from the CSM database and rediscover the device config based on what is in the ASA's running-config.
Keep in mind that if you are using any custom rule sections for your Access Rules or the device has any shared policies assigned, you'll need to manually rebuild the sections or re-assign the shared policies. To avoid this, you would have to manually sync the changes (i.e. make the same changes in CSM that were made on the CLI). If only certain policies are affected, you can also add the device into CSM's inventory as a new device (with a new name), and then copy the policies that weren't affected from the old device to the new device.
Hope that helps.
-Mike

Similar Messages

  • TS1702 chat heads not working on the facebook app and whenever I log out of it the layout changes and the bar goes to the bottom

    I updated the facebook app today and the chat heads are not working and also whenever the app crashes or I log out the layout completely changes and a bar appears at the bottom of the screen instead of the sidebar. This is really annoying.

    Voice Over Fix
    Settings > General > Accessibility > Voice Over > Off
    Or,
    Press the Home Button 3 Times
    Now...
    Reset your phone:
    Press the sleep/wake button & home button at the same time, keep pressing until you see the Apple logo, then release the buttons...
    The Basic Troubleshooting Steps are:
    Restart..  Reset..  Restore from Backup...  Restore as New...
    Restart / Reset
    http://support.apple.com/kb/ht1430
    Backing up, Updating and Restoring
    http://support.apple.com/kb/HT1414

  • Problem with Out of Band Discovery resulting with Out of Band features not available in SCCM console for computers with provisioned AMT device

    Hi,
    We configured the Out of Band component, but are using Intel SCS RCS to provision AMT devices remotely­. The remote configuration process with Intel SCS works fine; we are able to connect to the AMT web UI and we can use a free KVM tool to manage the computer
    remotely.
    The AMT devices are configured with AD integration, so an object is created for each of them in a specific OU. Also, an AD group is added to the AMT devices so remote PT Administration permission is granted to it. This group includes the ConfigMgr Site
    Server account, the account of the server running the Out of Band Service Point and my own user account.
    This configuration seems OK since when connecting to the AMT web UI, I use Windows Integrated authentication with my user account and can manage the device successfully.
    So the only step remaining is running the OOB discovery to enable Out of Band features for the computers in the SCCM console. We want to use the ConfigMgr OOB console. I right-click a computer or a collection and launch the AMT discovery. I check the OOB
    server log, I don't see errors; the OOB service point connects to the AMT device and discover a status of 4, which is Externally provisioned, as expected. The problem is the AMT Status, AMT Version and Provisioned AMT fields for the computer in the ConfigMgr
    console doesn't get updated, even after doing display refresh.
    Here's the amtopmgr.log (I changed computer name and IP address information to protect client privacy) :
    General Worker Thread Pool: Work thread 364 started SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    Discover COMPUTERA using IP address 192.168.12.7 SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    AMT Discovery Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    AMT Discovery Worker: Wakes up to process instruction files SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    AMT Discovery Worker: There are 1 tasks in pending list SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    AMT Discovery Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 2792 (0x0AE8)
    DoPingDiscoveryForAMTDevice succeeded. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    Flag iWSManFlagSkipRevocationCheck is not set. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    session params : https://COMPUTERA.contoso.com:16993   ,  11001 SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:25 364 (0x016C)
    DoWSManDiscovery succeeded with user name: admin. AMTStatus = 1. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    Start Kerberos Discovery SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    Flag iWSManFlagSkipRevocationCheck is not set. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    session params : https://COMPUTERA.contoso.com:16993   ,  484001 SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    DoKerberosWSManDiscovery succeeded. AMTStatus = 4. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    Discovery to IP address 192.168.12.7 16 15:16:32 364 (0x016C)
    CSMSAMTDiscoveryTask::Execute, discovery to STI17259CPCO succeed. AMT status is 4. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    CSMSAMTDiscoveryTask::Execute - DDR written to E:\SMS\MP\OUTBOXES\ddr.box SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Fill Machine Property' SID=1 MUF=0 PCNT=5, P1='COMPUTERA' P2='' P3='COMPUTERA.contoso.com' P4='' P5='' SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    CStateMsgReporter::DeliverMessages - Created state message file: E:\SMS\MP\OUTBOXES\StateMsg.box\6heghx71.SMX SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Unspecified' SID=10 MUF=0 PCNT=1, P1='COMPUTERA.contoso.com' 16 15:16:32 364 (0x016C)
    CStateMsgReporter::DeliverMessages - Created state message file: E:\SMS\MP\OUTBOXES\StateMsg.box\rmit91js.SMX SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    General Worker Thread Pool: Succeed to run the task COMPUTERA.contoso.com 16 15:16:32 364 (0x016C)
    General Worker Thread Pool: Work thread 364 has been requested to shut down. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    General Worker Thread Pool: Work thread 364 exiting. SMS_AMT_OPERATION_MANAGER 2014-06-16 15:16:32 364 (0x016C)
    The Management Point is up and running.
    Any suggestion or advice is welcomed!
    Thank you
    Patrick

    I found something interesting on this problem, it seems the OOB discovery process is working fine, but for an unknown reason, the site server is not receiving the information from the OOB Service Point to update the AMT Status of the client in the SCCM
    database.
    The log tells me that a DDR file is created to be sent to the site server. When looking into the SMS\MP\Outboxes\ddr.box folder, I see about 50 DDR files, the oldest one is dated when I started testing OOB discovery.
    So the server is unable to send the files to the site server.
    Also, since I started this thread, I noticed another issue that could be related to this problem. The same server is also holding the State Migration Point role, it is working fine, but when doing USMT operations, the status of the computer association is
    not updated in the console (In Progress, Completed, missing USMT store path, etc.). When looking into the SMS folder on the server, I see a big backlog of SVF files containing information related to the SMP.
    I looked into the log files, but didn't find the errors yet to explain this.
    The computer account of the server is a member of the SMS_SiteSystemToSiteServerConnection_Stat_XXX group on the site server.
    Note that status messages are being sent successfully, I see them in the Monitoring node of the console under Component State, and there is no backlog in the SMS\MP\Outboxes\statemsg.box folder.
    Tnx for your help
    Patrick

  • Dropship PO schedule line date changes and impact in SO

    Hi,
    Please suggest where senario; Drop ship PO created and Changed Schedule delivery date on Purchase order and automaticaly changes in Sales order schedule line level.
    SO- PR - PO
    Senario1;
    When Vendor not confirms requested delivery quantity on date, he confirms partially qty and later confirmes remaining quanity. When we split in Purchase order delivery schedule directly it will not update at sales order it confirms and changes initially qty only on SO schedule line level. how can i copy back to sales order schedule qty partial split done on PO.
    Senario2;
    When SO created and PR - PO generated later when we Add new line item in SO or Directly add PO line item how can i make sync between the two documents automatically.
    SO Schedule delivery date and PO schedule delivery date how can i see the link b/w to document back to back updates automatically when we change any one doc.
    Thanks in advance
    JACK

    Hi Caetano,
    thanks for your suggestion
    Yes, we use firm zone for few of the vendors. there the system don't change the schedule lines.
    Also for the stock transfer PR's there is no firm zone and the lead time is one day. in this case it changes everyday after the MRP run.
    the stock transfer PR's leads to the creation of Schedule lines from the source plant. Since this PR gets changed everyday. the alerts coming out of MD07 gets changed and we really did not know if this order is delayed or not.  In the source plant we use the firm zone to avoid moving the schedule line. But then the alerts are always not correct.
    is there any setting which helps in not moving the PR everyday without using " start in the past"
    thanks
    Nagendra Kumar

  • Adding failover ASA back after config changes on "primary" ASA?

    I had a working active/passive pair of ASA5510's, and then I had to do a rush firmware upgrade, but didn't have time to do it on the secondary at the same time.  Now I have made config changes and upgraded the secondary firmware to be the same, and wish to know if I plug it back in if it will think the secondary has the "correct" config or if it will know that the primary is newer.  I disconnected the failover cable because it was complaining about version mismatches constantly.
    Is it safe to add the secondary back in or is it possible it will be declared newer and overwrite the config?

    Hi,
    There should be no problem adding another ASA back to the network.
    Here is what I just did (and what happened) on a rather big customer
    A power fault broke Secondary ASA and it never booted up
    A replacement device was aquired
    The replacement device was 
    Updated to matching hardware setup (mainly memory)
    Updated to same software (OS and ASDM)
    Configured with its physical interface up with "no shutdown"
    Configured with ONLY "failover" configurations (exact configuration ofcourse depends on your setup)
    It was attached to the rack and powered up.
    After boot every interface BUT "failover" was attached to the network (Dont necesarily have to do it in this order) and I checked that every single one was up.
    After everything above was done I connected the failover interface and watched as the devices "noticed" eachother and the Active firewall copied its configuration to the new Secondary unit.
    This was done in a factory environment and all went fine.
    There should be no problems doing this though I personally still prefer doing the replacement by attaching a "blank" ASA with only Failover configurations.
    EDIT: Beeing that I am always paranoid when doing anything like this, I had ofcourse saved the configurations to flash on a separate file for worst case scenario and was ready to boot the original primary unit incase it took in something it wasnt supposed to.
    EDIT 2: In the case where you think the Secondary unit doesnt have the exact configuration of the Primary unit, you can issue the command write standby on the Primary unit to save/copy the COMPLETE configuration of the Primary unit to the Secondary. Think the "write mem" on the Primary unit only updates some changes you have made to the Secondary unit
    - Jouni

  • SCCM out of band management

    SCCM has out of band managment ability, and it has a check box:
    "Enable BIOS password bypass for power on and restart command"
    I am not sure the meaning of BIOS passwrod since we could set both power on password and hdd password in BIOS.
    It means we could bypass both power on password and hdd password?

    Anoop,
    Will you help by explaining on this in detail?
    Kindly let me know which is the best ipmi tool to be used to display the server
    hardware details in SCOM management packs while I have to monitor at least 300 servers. I am aware of IPMITool.exe. IPMIUtil.exe etc. Same time,
    I am concerned about following points:
    1. Performance impact in a agent based system
    2. Performance impact in a agentless scom system
    3. Performance impact if the executable is running only in SCOM server
    4. Retrieving data out of band directly from BMC while OS is not running
    5. Is there any solution to avoid binding issues with BMC when concurrent calls are
       made by such tools to retrieve out of band inventory (IPMI) details.
       How to handle binding issues?
    regards
    scomdev
    SCOMDev

  • SIP stops when upgrading from ASA from 8.4.1 to 8.4(2)8 w/ out config change? Why?

    I have to be missiong something small in my config.
    If I upgrade my ASA 5510 which I am routing and NATing off of, from 8.4.1 to 8.4.2.8, SIP stops. All phones go dead.
    If I roll bck to 8.4.1, SIP comes up.,... Go bck to 8.4(2)8 nd SIP goes down..... 
    This is without mking any config changes.
    I have looked at it so long, I must be overlooking something simple, simple, simple...

    Have spent sIx hours in past 24 w/ Cisco TAC and they have a tin of caps as have I but can't figure out why there is a denial of SIP from inside outside and outside inside to/from sip providers three IP addresses. Have created new access lists, new access groups to allow all 3 ip's in & out, increased timeout, bypassed IPS, have both sip UDP & tcp allowed in/out, specified inspection to approve any any for all sip protocols in/out to/from Lync & mediation and nada.
    To answer another question, yes I'm certain config doesn't change... I reloaded tge same running config from a bkup just to make sure.....
    What I see in the logs coming in/out is the call does make it all the way through the SSM to the ASA..
    What happens there is the head scratcher...
    SiP even though allowed and even though I've specified it to push through inspection On ASA side is denied based on inspection rule...
    I also tried using another one of my (unused) public IPs for only SIP thinking that maulybe there was a core conflict with multiple services NATd to the same public IP but that also did nothing.
    On topology I only have a single location so I'm using my 5510 to route as well...
    Have 1 IIS web server l, SQL, (ports clised except to obe vendor and am allowing via access list by their IP and ipsec,) Exchange, Lync, Ironport, Endpoint and everything else is 80/80...
    Everything is on Server 08r2 w/ exception of web server and two boxes ( one stand-alone & one VM on hyper-v)  I am running Server8 for Microsoft TAP engineering / validation airlift. Neither of those are attached to UC/UM at all...
    I'm using dynect from dyndns for outside network web services and just piggybacking on time Warner metro e for internal (no physical DNS server)
    When I look at caps everything is identical in the tcp and UDP trace even on sip except for the denial...
    Which caps/logs would 'y'all like to see and I'll post em when I get home....
    Is there a link to bug notes Jullio? Is it sip specific? Any possibility of it being just a name/cosmetic big I can force a work around to?
    I recall when Asa first was released I had to specify port 25  allow instead of being able to simply say allow smtp .. That took 2 weeks but it allowed for a work around so whatever I can do/try I'm willing!! Someone may wanna tell TAC if it's a bug because after 6 hours yesterday they are saying there's not a bug... :)
    Thanks all!!!!

  • What are the config steps for contract mass change and quota arrangement?

    Hi friends
    what are the config steps for contract mass change and quota arrangement?
    Regards
    Raj Kumar

    Process Flow
    The mass change process consists of four steps. You navigate between these steps by choosing the Next and Back buttons located at the bottom right-hand corner of the screens.
           1.      Search for contracts
    You search for and select the contracts or the contract hierarchy that you want to change.
    Contracts that have the status Closed cannot be changed.
           2.      Define mass changes
    You specify the changes you want to make.
    You make changes at header data level and at item data level by choosing the relevant change methods. A green tick appears next to each change parameter so that you can see where changes are already active.
    Once you enter this step, the documents you have selected to be changed are locked so that other users cannot make changes to them until you are finished with this process.
           3.      Simulate mass changes
    Here you can perform a trial run of your mass changes. This simulation step is optional.
    We recommend that you perform this step so that you can check how the change methods you have chosen will be processed by the system.
    You receive status messages about the change methods for each contract and can quickly see whether any errors arise in connection with the proposed changes at this stage. From this step, it is easier for you to go back and correct the error than after applying the changes.
    Background processing
    The system processes the changes in the background.
    If there are a large number of contracts to be processed, this step could take some time to complete. In this case, you can leave the transaction so that you can, for example, carry out other tasks in the meantime.
    The system sends you an e-mail once the simulation step is complete. The e-mail contains a link to the relevant screen in the application so that you can return to it when it is convenient for you to do so. If you have left the SRM application, you can only return via this link.
    Here you can see the status of the changes and, if necessary, you can correct any errors by going back to the Define mass changes step.
    The messages that you receive in the simulation step are not confirmation that a change has been performed. They simulate the messages you get after you apply the changes. You must complete the final step of the mass change process and apply the changes before they take effect.
           4.      Carry out mass changes
    Here you apply the changes to the contracts.
    You cannot reverse this step, which is why we advise you to perform the simulation step beforehand.

  • The "always allow" button is grayed out in settings regarding cookies, and I can not find where to change the setting.  (Restrictions are not on.)

    The "always allow" button is grayed out in settings regarding cookies, and I can not find where to change the setting.  (Restrictions are not on.)  Do you know where I go to change the setting to allow me to "always allow" cookies?

    Hi lisaarnett111,
    If you are having issues turning on Always Allow for cookies in Safari on your iPad, you may want to check to make sure that you don't have Private Browsing enabled, as noted in the following article:
    Turn Private Browsing on or off on your iPhone, iPad, or iPod touch - Apple Support
    Regards,
    - Brenden

  • My email recently changed and so I updated my Apple ID to reflect my new email, but my Icloud account still shows the old email as the username on both my Iphone and Ipad and for the life of me I can't figure out how to change or delete it.

    My email recently changed and so I updated my Apple ID to reflect my new email, but my Icloud account still shows the old email as the username on both my Iphone and Ipad and for the life of me I can't figure out how to change or delete it.  My password doesn't work with the old email address.  When I look for my old email address in the Apple ID support area it says that the ID doesn't exist.  Help!!!

    You have to go to Settings>iCloud and tap Delete Account, then sign back in with your updated credentials.  This deletes the account and your synced data from your device, but not from iCloud.  Provided you are signing back into the same account and not changing to a different account, your data will be synced back to your device when you sign back in.

  • TS3988 My husband changed the Apple ID on our computer.  For some reason, iCloud has the old Apple ID and it won't let me change it.  I've been locked out of my iPad twice and had to restore it because of iCloud.  How do I change the Apple ID (not the pas

    My husband changed the Apple ID on our computer.  For some reason, iCloud has the old Apple ID and it won't let me change it.  I've been locked out of my iPad twice and had to restore it because of iCloud.  How do I change the Apple ID (not the password)?

    In order to change your Apple ID or password for your iCloud account on your iOS device, you need to delete the account from your iOS device first, then add it back using your updated details. (Settings > iCloud, scroll down and hit "Delete Account")
    Providing you are simply updating your existing details and not changing to another account, when you delete your account, all the data that is synced with iCloud will also be deleted from the device (but not from iCloud), but will be synced back to your device when you login again.
    In order to change your Apple ID or password for your iCloud account on your computer, you need to sign out of the account from your computer first, then sign back in using your updated details. (System Preferences > iCloud, click the sign out button)
    In order to change your Apple ID or password for your iTunes account on your iOS device, you need to sign out from your iOS device first, then sign back in using your updated details. (Settings > iTunes & App store, scroll down and tap your ID)
    If you are using iMessages or FaceTime, you will also need to log out and into your ID there too.

  • A month ago my iPhone was stolen, I turned on Activation Lock but it never came out BUT an hour ago somehow my apple ID was changed and someone removed from the account both iPhone and iPad and the iPad was also removely wiped. Can Apple help me somehow?

    A month ago my iPhone was stolen, I turned on Activation Lock but it never came out BUT an hour ago somehow my apple ID was changed and someone removed from the account both my iPhone and iPad and the iPad was also remotely wiped. As soon as I saw it I recover the password and return the access to my iPad. But iPhone is not registered for my apple ID any longer. Can Apple help me somehow? I have all the documents and the iPhone box. Will they lock the iPhone and return me access to it. I'm sure it's been attached to another apple ID.
    PS. the apple ID I'm using on the discussons is not the hacked one.

    Try contacting the Apple account security team and ask: http://support.apple.com/kb/HT5699.

  • I have a band video that I want to edit. In iMove 09, I could clip to crop or add a transition or both without altering the audio. In iMovie 11, the audio lower or drops out when I clip for and use a transtion. Is there a setting to preven this?

    I have a band video that I want to edit. In iMove 09, I could clip to crop or add a transition or both without altering the audio. In iMovie 11, the audio lower or drops out when I clip for and use a transtion. Is there a setting to preven this?

    Thanks for that info! Even in my time answering questions on iMovie Discussion Group, I never had a good understanding of when and how Optimize Movie came into play. I always would import as Optimized and Large Size and figured that was good enough. But knowing you got much, much more flexibility doing it the way you describe gives me a much better understanding of the different routes you can take into the Event Library.

  • I have just downloaded Mac OS X 10.9 and Pages 5. When I open any pre-existing document in the new Pages the format is zoomed to 125%, the headers are out of position, the margins are changes, and inserted images are also relocated. What can I do?

    I have just downloaded Mac OS X 10.9 and Pages 5. When I open any pre-existing document in the new Pages the format is zoomed to 125%, the headers are out of position, the margins are changes, and inserted images are also relocated. What can I do?

    Have you tried resetting the SMC ?     >  Resetting the System Management Controller (SMC)

  • My iPhone 6 was stolen and i got it back, but the pass code was changed and so was the touch-id. and now im locked out of the phone because ios 8.1 requires either of the passwords to access the phone. and iTunes doesn't recognize it so i cant restor

    My iPhone 6 was stolen and i got it back, but the pass code was changed and so was the touch-id. and now im locked out of the phone because ios 8.1 requires either of the passwords to access the phone. and iTunes doesn't recognize it so i cant restore it at all PLEASE HELP

    Take it to an Apple Store, take proof of purchase with you.

Maybe you are looking for

  • How do i find where 2 best fit lines cross?

    Hi I was wondering if anyone knows a way to find where 2 best fit lines cross, I don't have the equation for the lines and i'm not sure if I can get it. I currently have the program tracing the lines and comparing y values however it will only increm

  • On windows 7 pro, how do i add firefox bookmarks to the start menu?

    On Windows 7 professional, how do I add firefox bookmarks to the start menu so I can access my bookmarks without opening firefox first?

  • Full Screen Problem - Dual Monitors - Hulu Desktop

    I am using Hulu Desktop with dual monitors. I keep Hulu on full screen on monitor #2. I use monitor #1 for computer use, etc. It is IMPOSSIBLE to look at an app in full screen mode on monitor #1 and keep my Hulu full screen in monitor #2 at the same

  • Update a primary key and Fk

    Hello I have to update a primary key (PK) which is referenced by many foreign keys (FK). The primary key columns cannot be updated as this would orphan the dependant tables, and the dependant tables cannot be updated prior to the parent table as this

  • Hi. I'm a test.

    el-ve wrote: I just kudoed everyone in here to help with the test. I just copied you because I thought I should do.I'm not sure if we're ginuea pigs or not.I'm not even sure if that's how you spell ginuea pigs.