Patch Access Policy Change

Similar Messages

• Changes in Solaris 10 Patch Access Policy

  Solaris 10 x86 User Community
  As of November 29th, Sun will be changing its Solaris 10 patch access policy. Now that Solaris 10 is freely available, support services require the purchase of a Sun Service Plan.
  Under this new policy, access to patches is restricted. Security fixes and hardware driver updates are publicly available for free, but access to all other patches requires a Sun Service Plan.
  Please see http://www.sun.com/service/sunconnection/solaris10patches.html for available access options.
  Please send any questions to [email protected]

  hi,
  As a technical specialist I can understand everyone needs revenues to keep on going. But $120 for a min. level service plan it's really foolish on the policy makers. This would result in severe dent for the Solaris initiative itself in the long run. There should be reasonable pricing model, especially when Sun is projecting Solaris as an alternative to Linux! I do strongly suggest as a loyal Sun developer since 1996 to re-consider the service plan rates.
  thanks,
  Su37

• "Access Restrictions" change to "Access Policy"

  can someone tell me what happen to my router linksys e1200, after i update the firmware to the latest version "Access Restrictions" is change to "Access Policy". how can i revert it back to "Access Restrictions" do i need to downgrade the firmware? 
  Thanks!

  You updated it to the latest firmware. That’s how it works with the updated firmware. Is there any reason why you upgrade your router? It’s only recommended to update the router if needed if not then its not advisable to do so. Downgrading it to the old firmware version may have a chance to brick your router.

• ACS 5.3 Authorization problem with using Identity Groups in Access Policy Rule

  Hello guys, I am found a problem which I can't solve regarding authorization with using Identity Groups in Access Policy rule.
  ACS version: 5.3.0.40.6 (internal build B.839)
  I have very simple RADIUS Authorization rule which authorize user on behalf of right Identity Group.
  Requested Identity Group exist
  Testing user is created in Internal Users and has assigned requested Identity Group
  Radius Access Policy: 
  Authentication against Identity Store Sequence, where authorization server is external RSA SecurID device and additional attributes retrieval is configured from Internal Users.
  Authorization is very simple – One Rule with only one Condition which is: Identity Group - in - Requested_Testing_Rule. Then Default rule is set to Deny.
  When I will try login with my testing user then authentication against RSA SecurID is OK, but authorization will be denied by Default rule – It looks like my Rule with Identity Group is totally omitted.
  I am managing several other ACS servers (version 5.3 but with older patches) where similar rules are working without problem.
  What I am tested:
  Remove testing user and create his account again.
  Rename Identity Group
  Use another Identity Group
  Remove Access Policy rule and create it again
  Use Compound Condition: System:Identity Group
  Use Compound Condition: System:UserID instead of Identity Group in Rule (it is working without problem)
  Do you have any idea where problem can be?

  OK guys, it started working yesterday without any configuration change. Maybe it was some database inconsistence wich was solved by ACS itself.

• ISE Admin Menu Access Policy and Network Resources

  Hello Board,
  Does someone experience the same issue as me, if using an Admin Menu Access Policy?
  First of all, I'm using the latest ISE release (1.1.3.124 with patch 1).
  I created a custom Administrator Menu Access Policy (Admin Access -> Authorization -> Permissions -> Menu Access).
  But basically I allowed (show) all menu items.
  Then I bind this permission profile to an Admin Authorization Policy
  Everything works very well, but I have issues, if I want to administer "Network Resources", if I'm using this admin menu access
  - In "Network Devices", there is no Menu bar (no "add", "delete" or "edit" button)
  - In "Network Device Groups", there is just the folder "Groups" on the left side, but there is no way to create anything or navigate into the groups
  I'm not quite sure if this is a configuration fault on my side or just some kind of bug.
  By the way - I'm using the latest firefox.

  As far as I know everything seems fine to me from the configuration  side. You can try downgrading the ISE version to 1.1.2 patch 5 and also  try changing the browser which might help.

• [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

  Hi Experts,
  OIM Build Number: 1866.62 ( BP15 )
  IHAC that faced an unexpected behavior on User disabling.
  Some users were associated to groups that had access policies applied.
  When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
  I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
  Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
  I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
  Any help would be very appreciated.

  Hi Nishith,
  I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
  This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
  But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
  Is it any enhancement for this task in order to improve its performance, or something like that?
  What else I can check?
  Thanks in advance.

• Access Policy is not getting trigggered after creation of user through GTC

  Hi,
  I have an access policy for ALL USER role and that provision users to an RO after getting created in oim. I have a trusted source flat file reconciliation GTC for user creation. I am facing issue when user is getting created through GTC, access policy is not getting triggered. But while creating an user through web console the same access policy is working fine and user is getting provisioned with RO.
  If anybody have any idea how to resolve this, please help me in this regards.
  Regards,
  Avijit

  Hi ,
  its good to know that its working. As per my experience it works for once (through reconciliation) but then stops working. Now to confirm try to revoke the user by changing the group member-ship through reconciliation and see if the resource is revoked or not (repeat it for 2 -3 times). Note that don't do it form within IDM web admin console, do it through reconciliation.
  do post your results.......
  Regards.

• PF attribute modification in Access Policy for existing users.

  Hi Guys,
  I have an access policy for provisioning a resource. Suppose if I make some changes for the process form attribute value inside the access policy,How can I have the same attribute value reflected in the process form of users who are already provisioned by the access policy?
  Direct database update wont be a good idea here as I am having multiple access policies for the same resource. Is there any table which is having the relation between provisioned resource and curresponding access policy if at all I have to go for a custom scheduled task?
  Thanks,

  Does this solution also supposed to work in OIM 11g? I Tried it but data on the main form does not get reflected on the process form of existing users. For child data it does work.
  Edited by: bsteen on Aug 5, 2011 5:21 AM

• Access Policy and Process Task

  Hi,
  I created "access policies" to provision resources when a user is associated with a role with the name of this resource.
  When I manually assign the role, the access policy works properly and the resource is provisioned.
  When the role is assigned through a process task, the access policy does not work properly and the resource is not created.
  Why this happens?
  How can I make the process task trigger the access policy when assign the role?
  TKS
  Edited by: raraujo on Oct 15, 2012 3:36 AM

  Better assign Role using group membership rule. Also, can you check if role is assigned using process task, is it getting assigned to user properly?
  Which OIM you are using? If it's 11.1.1.5 then apply BP03 patch or BP04 patch.
  regards,
  GP

• How to Setup another Access Policy 5.3

  hi everyone,
  Thank you for your help in advance. I am new to v5.3, and I am not good at VPN. So hope you can help.
  I just have my consultant to configure this correctly just today. Currently, there is only one rule for the access policy (Single Result Selection). That rule is to use Active Directory as the source for the authentication. And by default will deny any other access which is not found in the rule.
  Now... I just got an order that I need to setup a new user who will need to access to our network by using Cisco IPSec VPN (the software one). But that user is not setup in our Active Directory, and we do not want him to access our domain anyway. He only needs to access non-domain resourse...such as airconditioning controller by IP. So I am thinking to setup his account by using "internal identtity". If I do this way, what do I need to do to setup another access policy? May you give me some steps with little more details?
  OR... if it is not the way I should do...what else can I do to achieve this goal? Also, he said he could provide his static IP trying to access from.
  I have a ASA 5520.
  Thank you very much for your help.
  Takami Chiro

  Hello,
  Instead of creating a separate rule for the credentials validation you can edit the existing one that points to AD1 (only) and change it to a result on the ACS that checks both AD1 and Internal Users. In that case we need to use Identity Store Sequence. Refer to the steps below:
  On the ACS GUI > Users and Identity Stores > Identity Store Sequences > Create > Select "Password Based" and on the first box move AD1 and Internal Users to the right. Please do the same on the box at the bottom.
  The option "Internal User/Host Advanced Option: If internal user/host not found or disabled then exit sequence and treat as "User Not Found" should stay unchecked. Click submit.
  After creating the ID Store Sequence you need to change the Identity Result where you had AD1. Now the name of the ID Store will display as an available option. Please select that one and save the changes.
  With the above configuration, the expected behavior would be:
  1) ACS receives a request from the Internal User.
  2) ACS tries to validate the credentials against AD.
  3) AD returns an "User Unkown" response.
  4) ACS moves to the Internal Users.
  5 ACS successfully authenticates the user validating the provided credentials against Internal Users.
  Hope this helps.
  Regards.

• Access policy issues and daylight savings

  I have the WRVS4400N. I have purchased a few Linksys routers in the past and have been happy with their operation. The wireless access however, was mediocre until I purchased this model. This model has great a great wireless connection. I like the fact that I can make many changes to the settings on the router without having to reboot the router. The performance of this router in combination with the cable modem has been excellent. It far outperforms the equipment that it replaced. I will normally pick a linksys product over another brand.
  I am having 2 intermittent issues that are really causing me grief and an additional couple of annoying issues. I need help in fixing these issues. I have confirmed that I have the latest firmware version.
  1) Some computers do not have connection to the internet. As if the security policy is confused about the time or connection. I really think this is a security policy issue, but I will let you decide.
  2) There are some computers that I allow a 24/7 connection to the internet. For the rest I don’t want them to have access between the hours of 12a-6a. I have found that the connection doesn’t always shut-off. I have kids and do not want them to have access during those hours. I never had problems with my previous linksys router.
  3) I am unable to set an access policy that spans the 5 min between 11:55p and 12a. In my previous linksys router I could.
  4) The new daylight savings schedule is not part of my current firmware. This really threw off my security policies.
  I have found that if I reboot or if I simply goto the security policy screen and click on save settings it seems to correct itself. But, I shouldn’t have to babysit it to make sure that it’s working correctly. When I am out of town I need to know that my security policies will continue to work while I am away.
  Here’s my set up:
  1) I have a linksys cable modem that connects me to the internet through my cable provider.
  2) I have the linksys wireless (WRVS4400N) router that connects to the cable modem.
  3) I have a 3Com Superstack II switch as the backbone of my network which connects to the router.
  4) I have several devices connected to this router: computers, xbox, vonage phone line.

  This is EXACTLY what my router is doing...
  2) Access restrictions do not work, PERIOD...."ALLOW" will disable internet access for the entire subnet (regardless of the rule), and "DENY" will prevent uploading of file attachments to hotmail, myspace, facebook etc....for every computer on the subnet.
  Message Edited by DSMKilla on 10-26-2008 11:08 AM
  (Edited post for guideline compliance. Thanks!) 
  Message Edited by JOHNDOE_06 on 10-26-2008 11:39 AM

• OIM Access Policy Error

  I created an access policy for provisioning a resource and it works fine. But I get the following error when I click on manage and edit the child form fields. Can someone please guide what is this error for?
  2009-04-20 12:57:35,618 ERROR [org.apache.struts.actions.DispatchAction] Request[ManageAccessPolicies] does not contain handler parameter named method
  Thanks!

  What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
  Deborah

• Domain Group Policy changes causes clients to be unable to connect to WSUS for Windows Updates

  Domain Controller is Windows Server 2008 R2 64-bit, Group Policy Management version 6.0.0.1. WSUS server is Windows Server 2008 Enterprise 32-bit, Update Services version 3.2.7600.226. Client machines are Windows 7, some are 64-bit and some are 32-bit.
  Every time we make any changes to any of our Group Policies most of our clients stop getting their Windows Updates from the WSUS server within 2-3 days. This occurs when we add a new policy for a group of users, temporarily disable a policy or edit a policy.
  Check of the WindowsUpdate.log on affected client machines shows:
  2014-06-25 13:40:44:976  760 1610 PT WARNING: GetAuthorizationCookie failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
  2014-06-25 13:40:44:977  760 1610 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 PT WARNING: PopulateAuthCookies failed: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 PT WARNING: RefreshCookie failed: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 PT WARNING: RefreshPTState failed: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 PT WARNING: PTError: 0x80072ee2
  2014-06-25 13:40:44:977  760 1610 Report WARNING: Reporter failed to upload events with hr = 80072ee2.
  A further check of the log files shows:
  2014-06-21 19:36:06:995  156 1b0c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <proxy server name:8080> Bypass List used : <(null)> Auth Schemes used : <>
  We do not use a proxy except for Internet connections. We configure IE with a pac file. This is set through Group Policy since we restrict user accounts from being able to set it. 
  The clients that are connecting to the WSUS server have these entries instead:
  2014-06-24 09:12:16:779  992 270 Agent Setting download properties on call A20329BC-3467-4B7E-B9F4-6AC6ACBA23E1: priority=3, interactive=1, owner is system=0, proxy settings=1, proxy session id=2
  I have a routine that will fix the problem but it is time-consuming and pulls me away from other things I should be doing:
  Run registry files on client machine (WindowsUpdate and AU) This is not always necessary and is already set by Group Policy and the affected clients already have the registry settings. No idea why it is necessary to do but it the steps below don't always
  work unless it is.
  netstop bits and netstop wuauserv
  ipconfig /flushdns
  Delete qmgr*.* files from Downloader folder
  Delete Software Distribution folder
  Run from command prompt:
  sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
  sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
  netstart bits and netstart wuauserv
  wuauclt /resetauthorization /detectnow
  Run Windows Updates again from Control Panel
  This routine always fixes the problem but I've found that I must do each step to guarantee success.
  How or where is the proxy setting being changed for WSUS that we see in the WindowsUpdate logs and how do I prevent this from happening? It is also curious that it happens to most but not all of the client machines. When it does happen it's not always the
  same client machines.

  You're right - the WSUS server is on the inside and does not need a proxy server. Tried running the netsh winhttp reset proxy command but was still not able to connect to the WSUS server. After running the netsh winhttp reset proxy command received response:
  Current WinHTTP proxy setting: Direct access <no proxy server>.
  Ran the command at 13:49 and then tried Windows Updates again. Here's snippet from the log file:
  2014-06-27 13:49:56:889  548 f6c AU Triggering AU detection through DetectNow API
  2014-06-27 13:49:56:890  548 f6c AU Triggering Online detection (interactive)
  2014-06-27 13:49:56:890  548 4b8 AU #############
  2014-06-27 13:49:56:890  548 4b8 AU ## START ##  AU: Search for updates
  2014-06-27 13:49:56:890  548 4b8 AU #########
  2014-06-27 13:49:56:893  548 4b8 AU <<## SUBMITTED ## AU: Search for updates [CallId = {9CE06AB2-E859-4B4D-8D1A-193AD89623C5}]
  2014-06-27 13:49:56:893  548 1260 Agent *************
  2014-06-27 13:49:56:893  548 1260 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
  2014-06-27 13:49:56:893  548 1260 Agent *********
  2014-06-27 13:49:56:893  548 1260 Agent   * Online = Yes; Ignore download priority = No
  2014-06-27 13:49:56:893  548 1260 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
  or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
  2014-06-27 13:49:56:893  548 1260 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
  2014-06-27 13:49:56:893  548 1260 Agent   * Search Scope = {Machine}
  2014-06-27 13:49:56:893  548 1260 Setup Checking for agent SelfUpdate
  2014-06-27 13:49:56:893  548 1260 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
  2014-06-27 13:49:56:894  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
  2014-06-27 13:49:56:901  548 1260 Misc  Microsoft signed: Yes
  2014-06-27 13:49:56:927  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
  2014-06-27 13:49:56:934  548 1260 Misc  Microsoft signed: Yes
  2014-06-27 13:49:56:936  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
  2014-06-27 13:49:56:943  548 1260 Misc  Microsoft signed: Yes
  2014-06-27 13:49:56:956  548 1260 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
  2014-06-27 13:49:56:962  548 1260 Misc  Microsoft signed: Yes
  2014-06-27 13:49:56:974  548 1260 Setup Determining whether a new setup handler needs to be downloaded
  2014-06-27 13:49:56:974  548 1260 Setup SelfUpdate handler is not found.  It will be downloaded
  2014-06-27 13:49:56:974  548 1260 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
  2014-06-27 13:49:56:976  548 1260 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
  2014-06-27 13:49:56:976  548 1260 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
  2014-06-27 13:49:56:989  548 1260 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
  2014-06-27 13:49:56:989  548 1260 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
  2014-06-27 13:49:57:007  548 1260 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
  2014-06-27 13:49:57:007  548 1260 Setup SelfUpdate check completed.  SelfUpdate is NOT required.
  2014-06-27 13:49:57:165  548 1260 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
  2014-06-27 13:49:57:165  548 1260 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
  http://(FQDN of WSUS server)/ClientWebService/client.asmx
  2014-06-27 13:49:57:175  548 1260 PT WARNING: Cached cookie has expired or new PID is available
  2014-06-27 13:49:57:175  548 1260 PT Initializing simple targeting cookie, clientId = 6be4a1ae-3313-4855-bdb1-57e3312f03ec, target group = AGENCIES, DNS name = dpk2.clear-rcic.rcc.org
  2014-06-27 13:49:57:175  548 1260 PT   Server URL =
  http://(FQDN of WSUS server)/SimpleAuthWebService/SimpleAuth.asmx
  2014-06-27 13:50:57:280  548 1260 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(proxy server):8080> Bypass List used : <(null)> Auth Schemes used : <>
  2014-06-27 13:50:57:281  548 1260 PT   + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
  2014-06-27 13:50:57:281  548 1260 PT   + Caller provided proxy = No
  2014-06-27 13:50:57:281  548 1260 PT   + Proxy list used = webgate.rcc.org:8080
  2014-06-27 13:50:57:281  548 1260 PT   + Bypass list used = <NULL>
  2014-06-27 13:50:57:281  548 1260 PT   + Caller provided credentials = No
  2014-06-27 13:50:57:281  548 1260 PT   + Impersonate flags = 0
  2014-06-27 13:50:57:281  548 1260 PT   + Possible authorization schemes used =
  2014-06-27 13:50:57:281  548 1260 PT WARNING: GetAuthorizationCookie failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
  2014-06-27 13:50:57:281  548 1260 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: PopulateAuthCookies failed: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: RefreshCookie failed: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: RefreshPTState failed: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: Sync of Updates: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 PT WARNING: SyncServerUpdatesInternal failed: 0x80072ee2
  2014-06-27 13:50:57:281  548 1260 Agent   * WARNING: Failed to synchronize, error = 0x80072EE2
  2014-06-27 13:50:57:282  548 1260 Agent   * WARNING: Exit code = 0x80072EE2
  2014-06-27 13:50:57:282  548 1260 Agent *********
  2014-06-27 13:50:57:282  548 1260 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
  2014-06-27 13:50:57:282  548 1260 Agent *************
  2014-06-27 13:50:57:282  548 1260 Agent WARNING: WU client failed Searching for update with error 0x80072ee2
  2014-06-27 13:50:57:302  548 e04 AU >>##  RESUMED  ## AU: Search for updates [CallId = {9CE06AB2-E859-4B4D-8D1A-193AD89623C5}]
  2014-06-27 13:50:57:302  548 e04 AU   # WARNING: Search callback failed, result = 0x80072EE2
  2014-06-27 13:50:57:302  548 e04 AU   # WARNING: Failed to find updates with error code 80072EE2
  2014-06-27 13:50:57:302  548 e04 AU #########
  2014-06-27 13:50:57:302  548 e04 AU ##  END  ##  AU: Search for updates [CallId = {9CE06AB2-E859-4B4D-8D1A-193AD89623C5}]
  2014-06-27 13:50:57:302  548 e04 AU #############
  2014-06-27 13:50:57:303  548 e04 AU Successfully wrote event for AU health state:0
  2014-06-27 13:50:57:303  548 e04 AU AU setting next detection timeout to 2014-06-27 22:50:57
  2014-06-27 13:50:57:304  548 e04 AU Setting AU scheduled install time to 2014-06-28 05:00:00
  2014-06-27 13:50:57:304  548 e04 AU Successfully wrote event for AU health state:0
  2014-06-27 13:50:57:305  548 e04 AU Successfully wrote event for AU health state:0
  2014-06-27 13:51:02:285  548 1260 Report REPORT EVENT: {BD25B39C-6570-454C-A046-AF3AF2DEBDD4} 2014-06-27 13:50:57:282-0400 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 AutomaticUpdates Failure Software
  Synchronization Windows Update Client failed to detect with error 0x80072ee2.
  2014-06-27 13:51:02:295  548 1260 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
  2014-06-27 13:51:02:295  548 1260 Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000 Scan 101 Managed
  2014-06-27 13:51:02:295  548 1260 Report CWERReporter finishing event handling. (00000000)
  2014-06-27 13:51:48:184  548 4b8 AU ###########  AU: Uninitializing Automatic Updates  ###########
  2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
  2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
  2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
  2014-06-27 13:51:48:187  548 4b8 DnldMgr FATAL: DM:CBitsJob::SetCallbackHandler: SetNotifyInterface failed with 0x80080008.
  2014-06-27 13:51:48:187  548 4b8 Report CWERReporter finishing event handling. (00000000)
  2014-06-27 13:51:48:252  548 4b8 Service *********
  2014-06-27 13:51:48:252  548 4b8 Service **  END  **  Service: Service exit [Exit code = 0x240001]
  2014-06-27 13:51:48:252  548 4b8 Service *************
  2014-06-27 13:51:53:002  548 160c Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0400)  ===========
  2014-06-27 13:51:53:002  548 160c Misc   = Process: C:\Windows\system32\svchost.exe
  2014-06-27 13:51:53:002  548 160c Misc   = Module: c:\windows\system32\wuaueng.dll
  Ran a batch file which resets the AU and WindowsUpdate registry keys and then runs the steps listed above:
  regedit /s C:\WindowsUpdate.reg
  regedit /s C:\AU.reg
  net stop bits
  net stop wuauserv
  Ipconfig /flushdns
  del C:\ProgramData\Microsoft\Network\Downloader\qmgr*.*
  del  /F /Q C:\Windows\SoftwareDistribution\*.*
  sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
  sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
  net start bits
  net start wuauserv
  wuauclt /resetauthorization /detectnow
  After this runs, am able to connect to WSUS server for updates. I mentioned Group Policy changes because this only breaks after the Group Policy changes. It doesn't affect every client machine but most of them. Was wondering how the proxy gets reset from
  none to the proxy server for Windows Updates?

• OIM iPlanet Resource revoked using access policy

  Hi,
  I had created a group and access policy based upon which i tried to provisioned a iplanet resource to a user.
  For this I had created a UDF(say type with value C) and created a rule based on which user is assigned to group say business and also iPlanet resource is provisioned to user
  As I Edit the profile and clear UDF. User is removed from group and also iPlanet resource is revoked.(In Access Policy revoked if no longer applied)
  I am able to do this task Successfully But If iPlanet resource is already allocated to user and I update the UDF(value C) user is assigned to group and iplanet is already assigned to user(muliple resource UNTICK). and now if i again Updated the UDF(mean clear it) user is removed from the group but iPlanet resource is not revoked from the user......
  Can somebody tell me why it is happening??? wheather its a bug in OIM or I am missing something...
  Thanks
  Anil

  If I understand your requirement correctly, when you change the value in process form edit from C to other, iPlanet resource is getting revoked.
  But when you change the the same value from user profile edit, the iplanet is not getting revoked right?
  As per my knowledge I can say, when you update the value for UDF in user profile, you can use triggers USR.TRIGGERS which will update the process form. In this case your process form will gets updated by default.
  This in turn triggers access policy and revokes the resource.
  Hope this helps you

• OIM Access Policy dilemma

  I have a need to use an Access policy for basic account creation but still have a Request workflow for enhanced privileges. The Access Policy needs the Resource and Process forms to both be Auto Pre-populate and auto save. This seems to be a conflicting requirement by the way I understand OIM. Any thoughts on a good work around?
  Kerry

  What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
  Deborah