PAM user error on ids 4235 Version 4.1(5)S190

Similar Messages

• Management Center for IDS Sensors - version error

  Hi
  I’m experiencing problems installing an IDS on CiscoWorks2000 Management Center for IDS Sensors. When I add a sensor I get the following error “Error importing configuration files from the sensor - Could not find version in string "Unknown version” with “discover settings” ticked. The sensor is an IDS 4210 version 3.0(5)S17. I have tried to install manually but keep getting “sensor not connected” in Security monitor.
  Thomas

  You will usually get this error message when there's a problem with, SSH Fingerprint.
  Check the following URL for work around.
  http://www.cisco.com/en/US/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080104f38.html#xtocid6

• IDS 4235 upgrade problem

  hi,
  i have IDS 4235 running ver 4.1(1)S47
  i want to upgrade it to act as ips i have upgrdae file IPS-K9-maj-5.0-1-S149.rpm.pkg when i start upgrade process i strats copying file from ftp to ids then i got a message
  Error: This hardware platform, , is not supported in version 5.x
  is there any solution for this problem

  Hi,
  Logon to your sensor to CLI. Run show users all to see your users. If there is one with a Privilege of Service, logoff and login again with that user account. If a service account does not exist (only one allowed), create one with the following:
  configure terminal
  username service privilege service
  Best of Luck.

• IDS 4235

  Hi Everyone,
  I have an IDS-4235 at a customer site. On one of the IDS runnig 4.1 version I am not able to configure an IP address on it. Its giving this, "Error : Could not restart the Network Services. Fatal Error has occured. Node must be rebooted to enable alarming." Is there anything I have to configure before giving it an IP address for management. If anyone can point me to any related documents then it will be helpful to me.
  TIA
  Faiz

  Run "setup" and follow the prompts, make sure you include your IP in the allowed hosts. Don't worry about setting up NTP just yet.

• IDS-4235 boots to GRUB after applying 6.0(3)E1

  6.0(3)E1 patch applied successfully to our non-production IDS-4215. Applying the patch to our production IDS-4235 causes it to boot directly to grub> command prompt. It appears the system files are there. What command do I need to issue for grub to finish patching and can someone share the content of /boot/boot/grub.conf from IDS-4235 with 6.0(3)E1 so I can boot it manually? Thank you.

  Matthew, appreciate you sharing the grub.conf content. As a note for others, from grub I was able to manually boot with the three lines from the default 'Cisco IPS' section:
  root (hd0,0)
  kernel /vmlinuz-2.4.30-IDS-smp-bigphys ro ramdisk_size=76800 rootrw=/dev/sda2 root=/dev/ram0 init=loadrc nousb console=ttyS0 htlblow=32 hugepages=176
  initrd (hd0,0)/runtime.gz
  As it turns out the 6.0(3)E1 service pack wiped the content of grub.conf file which is mounted as read only from /dev/boot as /boot. To restore the content of grub.conf as root user (after logging in with support account and doing "su -") remount the filesystem as read write with the following command:
  mount -o remount,rw /dev/boot
  After restoring grub.conf the appliance can be reloaded normally without manual intervention. Fortunately, it appears the patch broke early enough in the process that nothing else other than grub.conf, as far as I can tell, was affected. The appliance is reporting the prior 6.0(2)E1 version.
  I just got off the phone with our reseller support and they and Cisco finally admitted that it's a known issue classified as unreleased bug after saying that IDS-4235 is not supported with 6.0(3)E1 service pack then saying a reimage is needed to fix the grub issue.

• Using time warner road runner. when I try to open up safari to home page I get error message that this version does not support the "community toolbar" can't proceed until closing the error message. sick of seeing it

  using time warner road runner. when I try to open up safari to home page I get error message that this version does not support the "community toolbar" can't proceed until closing the error message. sick of seeing it

  That toolbar/ct plugin seems to cause problems for all who install it!
  Close Safari, then locate and delete the following files and it should be gone:
  /Library/Application Support/Conduit
  /Library/InputManagers/CTLoader
  /Library/Receipts/ctloader.pkg
  /Library/Receipts/<Toolbar name>.pkg
  /Library/Application Support/SIMBL/Plugins/CT2285220.bundle
  /Users/<User name>/Library/Application Support/Conduit
  where / is the root library on your Hard Disk.
  If you are running Snow Leopard you should also look here:
  Library/launchAgents/com.conduit.loader.agent.plist
  Library/Application support/conduit plugins
  Also, as mentioned by Gilli2000:
  Library/Receipts - If you read it, it has information in it at the bottom referring extensively to "CT" and "community toolbar".
  Maybe it is harmless, but trash those items anyway!
  Note: Safari does not support any third-party toolbars except those supplied as an extension to Safari via the Extension Gallery.

• ERROR: invalid backup file version. Exception: Error while unzipping invalid wcs 7.x export file

  Hi,
  I'm having a serious issue with your brend new Cisco Prime Network Control System (NCS) and i would appreciate if someone could give me good answers.
  After a background backup task failure, the database was entirelly corrupted and the oracle server no longuer wanted to start. And because of that the NCS web server is unusable, since no one can log in.
  We tryed to restore to last known backup obtained after a former suucessful backup. But we get this error:
  "ERROR: invalid backup file version. Exception: Error while unzipping invalid wcs 7.x export file"
  All the lost data was previously migrated from the former WCS 7.x server. Before this issue everything was working fine.
  So we think that the appliance is seeing the backup file from NCS as a WCS backup.
  We need to find rapidly a solution. Here is our configuration:
  We formerly had WCS 7.0.172.0 hosted on Microsoft Windows Server 2003  SP2 with the above caracteristics: 
  Intel(R)Xeon(R) CPU  5120 @ 1.86Ghz 1.87Ghz 16GB of RAM.
  We now have NCS  Version 1.1.1.24 running under Cisco Application Deployment  Engine
  OS Release:  2.0
  ADE-OS Build Version: 2.0.1.038
  ADE-OS System Architecture:  x86_64

  I was getting this error too. TL;DR: When you transfer the wcs.zip file to your FTP server, make sure you are using BINARY mode... which is often NOT the default FTP mode.
  Long Version:
  TO GET THIS ERROR, what I had done was use the Windows CLI FTP command to transfer my "wcs.zip" to the NCS FTP server.
  -----BEGIN WRONG STEPS-----
  C:\ftp
  ftp> open x.x.x.x
  Connected to x.x.x.x.
  220 Service ready for new user
  User (x.x.x.x:(none)): ftp-user
  331 User name okay, need password for ftp-user
  Password:
  230 User logged in, proceed
  ftp> put wcs.zip
  200 Command PORT okay
  150 File status okay; about to open data connection
  226 Closing data connection
  ftp: 526768949 bytes sent blah blah etc
  -----END WRONG STEPS-----
  I would then run "ncs stop" and "ncs migrate" and get the "ERROR: invalid backup file version. Exception: Error while unzipping invalid wcs 7.x export file".
  I remembered something from my misspent youth: Windows, for no good reason, likes to transfer files in ASCII mode. UNIX (which LINUX comes from) prefers BINARY, and the two do not like to negotiate.
  TO FIX THIS, I had to just FTP in Binary mode.
  -----BEGIN RIGHT STEPS-----
  C:\ftp
  ftp> open x.x.x.x
  Connected to x.x.x.x.
  220 Service ready for new user
  User (x.x.x.x:(none)): ftp-user
  331 User name okay, need password for ftp-user
  Password:
  230 User logged in, proceed
  ftp> binary
  200 Command TYPE okay
  ftp> put wcs.zip
  200 Command PORT okay
  150 File status okay; about to open data connection
  226 Closing data connection
  ftp: 526768949 bytes sent blah blah etc
  -----END RIGHT STEPS-----
  NOW when I enter "ncs stop" (actually... had to restart them... then stop them... x.x) and then the proper "ncs migrate" commands, I get a happy output and don't have to go home late troubleshooting this.
  "  Stage 1 of 5: Decompressing backup ...
    -- complete.
    Stage 2 of 5: Restoring Support Files ...
                : Restoring the Domain Maps ...
                :  -- complete.
                : Restoring the License files ...
                :  -- complete.
    -- complete.
    Stage 3 of 5: Restoring Data ...
  I hope this helps anyone banging their head against the WCS->PI1.3 install wall.
  (Note, WCS needs to be migrated to NCS 1.1.1.24 (NOT NCS 1.1.3!!!!!) before you can migrate to Prime Infrastructure 1.2 or 1.3, because for no readily apparent reason the "ncs migrate" command was removed from PI 1.2 and up. Also note, there is no "Prime Infrastructure 1.1;" they just renamed NCS to Prime Infrastructure after NCS 1.1 because. Yes, the sentence ends there. Great products, all 3, just... agonizing to migrate.)

• Ptlconfig error: Exception resolving Portal version : null/ JDBC connect st

  Hi Folks,
  i am getting the following error while running ptlconfig on portal 10.1.2.0.2. midtier home to configure portal dad. does anyone know what to do with it? i have tried on metalink and google extensively to see any description or help on this error but have not found anything.
  will really appreciate if someone might drop a hint or two.
  thanks
  syed
  -- specs:
  win 2003 NT-cmd
  AS version: 10.1.2.0.2
  portal repos version: 10.1.4.0.0
  portal dad = portal30
  portal repository sits in a customer DB
  D:\ORACLE\Midtier1012\portal\conf>ptlconfig -dad portal30
  Portal Dependency Settings Tool
  Processing Portal instance '/pls/portal30' (host:port:servicename)
  Enter either the Portal schema or OID Admin password:
  Problem processing Portal instance: ERROR: Exception resolving Portal version : null
  Problem processing Portal instance: ERROR: Exception resolving Portal version : null
  Problem processing Portal instance: ERROR: Exception resolving Portal version : null
  Processing complete
  -- in the ptlconfig.log file i get the following:
  ERROR: Getting the Portal version raised exception.JDBC connect string used to access Portal is jdbc:oracle:oci:@ ( tnsanmes entry )
  with kind regards,
  Syed

  Yes, we were able to resolve it.
  Try first identifying if you are facing the same problem or not. So login into your portal schema on sqlplus, and see if you get any rows for the following:
  select * from wwc_version$;
  If you do not see any rows, then it means that the portal user is not granted Select on wwc_version$. if that is the case, then grant it. and then try to run ptlconfig again.
  hope that helps.
  AMN

• Upgrade from IDS 4235 to IPS 5.0 license

  Dear sirs. I have several 4235 sensors and SMARTnet 8x5xNBD contracts on each of them.
  Have I upgrade their software to IPS v5.0 within this contracts or I should get licenses for the IPS?

  Some one is feeding you a line of crap.
  The main announcement for Cisco IDS version 5.0 has this 'fine print' at the bottom of the page:
  "*Cisco IPS Sensor Software Version 5.0 is supported on the Cisco IDS 4215, IDS 4235, IPS 4240, IPS 4255, and IPS 4250-XL appliances and on the IDSM-2. It is supported in the promiscuous-based IDS mode only, for the IDS 4210 and the Cisco IDS Network Module (NM-CIDS).
  Inline IPS services require more than one monitoring interface on Cisco IPS 4200 Series sensors."
  This is posted at the following URL:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/prod_bulletin0900aecd801e65b9.html
  Also, Cisco has stated the same thing in the 'Read Me' file that accompanies the software update:
  "You can apply the IPS-K9-maj-5.0-1-S149.rpm.pkg major update to the following IDS & IPS version 4.1 sensors:
  - IPS-42xx Cisco Intrusion Prevention System (IPS) sensors
  - IDS-42xx Cisco Intrusion Detection System (IDS) sensors (except for the IDS-4220 and the IDS-4230 series)
  - WS-SVC-IDSM2 series Intrusion Detection System Module (IDSM2)
  - NM-CIDS IDS Network Module for Cisco 26xx, 3660, and 37xx Router Families
  It is not compatible with the IDS-4220 and IDS-4230 series IDS sensors, the NRS-xx series IDS sensors, or the WS-X6381-IDS series Intrusion Detection System Module (IDSM)."
  I hope this helps,
  Alex Arndt

• How to display user errors

  Hi,
  In previous version of JHS (prior to 10.1.2) there was a good example on how to display custom user errors after wrong input.
  How can these errors be shown in 10.1.2?
  Regards,
  Marcel

  Marcel,
  Yes, you need to create a ListResourceBundle class that "wraps" access to the property file. Here is an example:
  package model.exception;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.LinkedList;
  import java.util.ListResourceBundle;
  import java.util.Locale;
  import java.util.Properties;
  import java.util.PropertyResourceBundle;
  import java.util.ResourceBundle;
  import java.util.Enumeration;
  * Wrapper class around ApplicationResources property file
  * so we can use this property file to read messages from. This wrapper class is
  * needed because a JboException expects a ListResourceBundle class, and cannot
  * handle a property file.
  public class CmsMessagesWrapper extends ListResourceBundle
  public static final String BUNDLE_NAME = "view.ApplicationResources";
  private static HashMap sLocaleContents = new HashMap();
  protected Object[][] getContents()
  if (sLocaleContents.containsKey(getLocale()))
  return (Object[][])sLocaleContents.get(getLocale());
  ResourceBundle propFile = ResourceBundle.getBundle(BUNDLE_NAME,getLocale());
  String[][] temp = new String[2000][2];
  Enumeration keys = propFile.getKeys();
  int counter = 0;
  while (keys.hasMoreElements())
  String key = (String)keys.nextElement();
  temp[counter] = new String[] {key,propFile.getString(key)};
  counter++;
  Object[][] contents = new String[counter][2];
  System.arraycopy(temp,0,contents,0,counter);
  sLocaleContents.put(getLocale(), contents);
  return contents;
  Then for each additional language, you need to create an addtional wrapper class, for example:
  package model.exception;
  import java.util.Locale;
  public class CmsMessagesWrapper_fr extends CmsMessagesWrapper
  public CmsMessagesWrapper_fr()
  public Locale getLocale()
  return super.getLocale();
  Steven Davelaar,
  JHeadstart Team.

• Upgrading IDSM2 and IDS 4235

  I have 12 IDSM2 and 4 IDS 4235 managed through VMS, I configured automatic download of signature updates but I notice that S189 was missed.
  Is it possible to apply the last Service Pack 4.1.5 from VMS? If yes do I simply have to download the file in the correct directory and apply it as a normal signature update or what method shall I use? I need to manage the update process centrally because my IDS systems are all remote.
  Thanks for your help,
  Chiara

  I tried. There is no way to do it. VMS returns a bad file type and effectively the service pack is .rpm.pkg while files managed during updates by VMS are .zip containing .rpm.pkg and other files.
  I manually did the update on every IDS by ftp and command line and where the update succeeded I had to re-import the sensor on VMS, otherwise the version was not aligned.
  Is this the power of a central management platform?

• Where is Bios_A04.exe for IDS-4235?

  Hello All,
  I just bought an old IDS-4235 and I need to upgrade its bios to a04. According to Cisco documentation, the BIOS_A04.exe should be in the recovery/upgrade CD. I have a CCO account, I downloaded various versions of upgrade/recovery images to look for this file but could not locate it? And by the way, how do I open files with pkg extension in Windows? Appreciate any help!

  Since emailing executables is problematic, I'll attempt to post them here.
  - Bob

• IDS 4235 showing 98% memory usage, is it normal?

  IDS 4235 with 4.1.5.S191 showing
  Using 908922880 out of 921522176 bytes of available memory (98% usage)
  Is it normal ?

  There is a 4.x known bug where the memory usage is incorrect.
  The actual memory usage number can be determined from the service account by entering the following command:
  bash-2.05a$ free
  total used free shared buffers cached
  Mem: 1934076 1424896 509180 0 18284 1214536
  -/+ buffers/cache: 192076 1742000
  Swap: 522072 0 522072
  The "Mem:" row, "used" column is the amount of memory (in kilobytes) that
  the "show version" command reports. However, this total includes the
  "cached" amount.
  So in the above example, the actual memory used is ( 1424896 - 1214536 ), or
  210360 KB. This is ( 210360 / 1934076 * 100 ), or 10.9% of total memory.

• Ids 4235 with single sensing interface

  hi guys,
  I have an IDS 4235 which i upgraded to 6.0(5)E3 version.
  it has only one sension interface,now how can i keep it in inline mode??
  any ideas please help.

  With a single interface you'll need to trunk two vlans to your sensor, an "inside" and and "outside" vlan (just like a firewall) and configure your sensor for in-line vlan paris
  http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/idm/dmInter.html#wp1029962

• When trying to udate iTunes on my PC, I recieve the error message "The older version of iTunes cannot be removed"  How do I correct this error and not lose all the music I have in iTunes?

  When trying to update my version of iTunes on my PC with Windows 7,  I receive the error message "The older version of iTunes cannot be romoved".  How do I correct this problem without losing all the music that I have in iTunes on my PC?

  (1) Download the Windows Installer CleanUp utility installer file (msicuu2.exe) from the following Major Geeks page (use one of the links under the thingy on the Major Geeks page):
  http://majorgeeks.com/download.php?det=4459
  (2) Doubleclick the msicuu2.exe file and follow the prompts to install the Windows Installer CleanUp utility. (If you're on a Windows Vista or Windows 7 system and you get a Code 800A0046 error message when doubleclicking the msicuu2.exe file, try instead right-clicking on the msicuu2.exe file and selecting "Run as administrator".)
  (3) In your Start menu click All Programs and then click Windows Install Clean Up. The Windows Installer CleanUp utility window appears, listing software that is currently installed on your computer.
  (4) In the list of programs that appears in CleanUp, select any iTunes entries and click "Remove", as per the following screenshot:
  (5) Quit out of CleanUp, restart the PC and try another iTunes install. Does it go through properly this time?