Process to upgrade Certs in NAC 4.7.2 OOB VG HA environment

I am in the process of replacing the CCA manager certificate which is about to expire. My environment is HA and as such consists of two CAM servers and two pairs of HA-CAS servers.
First - I have submitted and generated the CAM server certificate (Easy enough as the CAM SSL is accessible via the GUI.) I think, although I'm not sure that I need to generate a new cert for the CAS(S).
If I do I need to access at least one CAS in an HA pair via the GUI. Does it matter which one? When I attempt to GUI to the "secondary" CAS in a pair I am of course being treated like a device that need to be "NAC'd".
To access the CAS I think I need to stop perfigo services which should drop me out of the HA pair. True?
Will I need to take each server out of "service" to update the cert.
If there is a document sequence of events I would love to see it.
Thanks!
Bob

Did anyone ever find a solution to this issue? I'm having the same problem.... it takes minutes to open the ports on a switch in the CAM. It shouldn't take minutes to manage ports for each switch, it should take less than 10 seconds...

Similar Messages

  • Procedure and Process to upgrade CRM4.0 to CRM2007

    Hi,
    Could you please provide procedures and process for upgrading SAP CRM 4.0 to CRM 2007+ upgrade (Channel Management only)
    Which will help us to assments and also upgrade process.
    Thanks and Regards,
    Raveendra

    Not got any information so closing the post.

  • My MacBook Air has reverted to iphoto 7 and seems resistant to upgrade. I am on OS X 10.7.5, and in the process of upgrading to Maverick. Any ideas?

    My MacBook Air has reverted to iphoto 7 and seems resistant to upgrade. I am on OS X 10.7.5, and in the process of upgrading to Maverick. Any ideas?

    Nope
    for sure iphoto did not "revert" to a previous version - if the version has changed it is due to something you did and you need to share that
    What exactly is your problem?  To upgrade to Mavericks backup yoru system and download and install OS X 10.9.x Mavericks - then purchase iphtoo '11 Version 9.5.x from the app store and install it - tehn download and run the library upgrader (it is downloaded to the utilities folder in your aplicatiosn folder) and then launch iPhoto '11 version 9.5.x to finish the upgrade
    LN

  • Hi Guys, best process is upgrade or a fresh install for already existing solution manager?

    Hi Guys, best process is upgrade or a fresh install for already existing solution manager to SAP 7.1?

    Hi
    Have you checked below link or presentation..it might help you to get more relevant inputs for decision
    Upgrade to SAP Solution Manager 7.1
    also incase you have charm or service desk check my blog as well.
    Upgrade Roadmap - Solution Manager 7.0 to 7.1 with Service Desk/ChaRM
    Hope this helps
    Thanks
    Prakhar

  • HT2404 i was try to upgrade my iphone 3gs via iTunes but it is not activate.what are the process to upgrade ? now it is showing black screen to select country then finally write unable to activate.

    i was try to upgrade my iphone 3gs via iTunes but it is not activate.what are the process to upgrade ? now it is showing black screen to select country then finally write unable to activate.

    Is there a sim in the iPhone?
    Has the iPhone been jailbroken or modified to work with other
    than the original wireless provider?
    If you can get that far, what does it say when you look at
    Settings=>General=>About=>Carrier?

  • Process of upgrading ALE's

    Hi All,
    i want to know the process of upgrading ALE's.

    Hi
    https://www.sdn.sap.com/irj/sdn/wiki?path=/display/xi/ale+configuration
    https://www.sdn.sap.com/irj/sdn/wiki?path=/display/abap/administrationofALE+Functions
    Can you say clearly what exactly you want
    Regards
    Pavan

  • Process for upgrading to Android 2.2 Froyo

    Accoring to the list the HTC Incrediable is compatiable with 2.2.
    What is the process to upgrade from 2.1 to 2.2? Download & install? or?
    Any hit of when will this be available?
    I noticed a new download file 'Android 2.2 System Information' in my all programs list today.
    Google must have pushed it to me.
    thanks,
    Steve

    1. OTA- Over the Air update, basically Verizon sends you a notification, you hit install and it will install the new OS to your phone
    2. HTC adds SenseUI to Froyo and sends it to Verizon, Verizon will test it and if they want to release it they will, otherwise HTC will send them another version to test.
    3.  Even stock android devices can't "Officially" update now without doing that R-word that you can't talk about here.
    4. You'd still be running Sense.  Check out androidcentral.com for information on release dates, etc.

  • NAC 4.7.2 (OOB VGW)) MAC certificate validation slow

    We have been seeing some odd behavior with certificate validation with MAC OSx device running the installed agent.
    When a user enters their userid and password  they sometimes will get a SSL cert error. If the user clicks on login multiple times they will eventually certify and join the trusted network.
    I did a packet capture of a machine that was experiencing the problem.
    The packet capture showed the MAC making a DNS query for the Verisign server's IP address and the DNS server returns the correct answer. The expected connection to the Verisign server never occurs. (The ssl cert error on the MAC shows up about now.)
    If login is clicked (several times) and you go through the cycle again eventually the connection to the Verisign server is established the certificate is validated and user is placed into the trusted vlan.
    Has anybody else experienced this? Any ideas?

    Faisal,
    I reviewed my work including where I performed my captures. The capture I did initially was between the CAS and the outside world - our routing core.
    I decided to span a port a MAC was connected to and performed another capture.
    Lo and behold the MAC was actually trying to connect to the Verisign server based on IP address of the forward DNS lookup send originally from the MAC.
    I thought about the process and I believe that NAC has to do a reverse lookup on the IP address so that it can compare the server name against host filter I built to allow the traffic.
    The filter was based on the forward lookup so it was something like "ends with crl.verisign.com"
    When I did a reverse lookup I discovered most of the servers returned something like "crl.indv10.verisign.com" which of course did not match the filter I had created. Traffic blocked.
    I changed the filter to just "ends with verisign.com" and it worked 95% of the time.
    Why only 95%?
    One of the servers had an IP address that was outside the 199.x.x.172 pattern most of them use and it did not return a name when the reverse lookup occurred. I finally ended up adding that as IP address as a filter.
    No problems now.
    Later!
    Bob

  • NAC 4.7.2 OOB SNMP issues

    Hello,
    I am setting up a NAC CAM and CAS 4.7.2 OOB setup in a test environment (NAC failover for CAM and CAS), and I am seeing some strange SNMP issues.  I am testing with a 3750 switch (12.2(53)SE1) using SNMP v2 and v3 since v3 and accessing the switch port configuration in the NAC manager is extremely slow.  I click OOB Management -> devices -> switch XXX and it takes several minutes for the port listing to display.  Then sometimes it comes up quickly but a 'show debug snmp' on the switch shows that it isn't polling the switch so it apparently starts pulling the ports page from cache, but I can see now logic in how it does this.
    Q1) When and why does the ports page pull cached info?
    Q2) Why is SNMP queries operating so slowly with NAC 4.7.2 OOB?
    Here is my test switch/NAC SNMP config (with pseudo names and fake passwords):
    snmp-server community switch_read ro   (matches OOB Management -> Profiles -> Device -> SNMP Read v2 settings)
    snmp-server view v1default iso included
    snmp-server user switch_write switch_group v3 auth md5 <my-password>  (matches OOB Management -> Profiles -> Device -> SNMP Write v3 settings)
    snmp-server group switch_group v3 auth read v1default write v1default
    snmp-server user cam_notify cam_group v3 auth md5 <my-password>
    snmp-server host 10.200.11.100 traps version 3 auth cam_notify mac-notification snmp  (matches OOB Management ->  Profiles -> SNMP Receiver v3 settings)
    snmp-server group cam_group v3 auth read v1default write v1default notify v1default
    What is wrong with my setup?  Any help is appreciated.

    Did anyone ever find a solution to this issue? I'm having the same problem.... it takes minutes to open the ports on a switch in the CAM. It shouldn't take minutes to manage ports for each switch, it should take less than 10 seconds...

  • ASU-process POST Upgrade Step on SQL database

    Hi All,
    To check this message in the right format kindly click on reply first then click on quote original icon ("").
    I am performing an upgrade from R/3 4.7 to ERP 6.0 SR3, while doing upgrade sapup asking me To perform the manual application specific post upgrade step.
    This phase says to run ASU toolbox by using tx /n/asu/upgrade. when i run this tx is show the below list of steps to be performed with showing severity level of some as optional and many as obligatory.
    Task List                                                                                Severity     SAP R/3 release frm     SAP R/3 release to
    IS-OIL Application Test 600                                                 Optional          
    KP06xx: Termination SYNTAX_ERROR                                                 Obligatory     470                           500
    CGPL: Entries are blank after upgrade                                                Obligatory          
    Error handling of task group execution                                Optional          
    Mobile device cannot confirm TO after release upgrade     Obligatory     470                         600
    Mobile device doesn't find transfer orders after upgrade     Obligatory     470                          600
    Grantee Management - Upgrade from EA-PS 2.00 to ECC 600     Obligatory          
    Convert customizing for warehouse funds ctr scenarios     Optional          
    Various problems classification commitment items (class type     Obligatory          
    Unauthorized error messages udring fiscal year change/reassi     Obligatory          
    RFFMUDX1 migrates incomplete budgeting tables                          Obligatory          
    Non-7bit-ASCII character used for BCS key figures             Obligatory          
    Changes in TKEDR for /ISDFPS/RFFMDISTDERIVALE          Obligatory          
    BCS - Tool for Deleting Obsolete Derivation Strategies     Obligatory          
    BCS Syntax Error on Upgrade from EA-PS 2.00 to ECC 600     Obligatory          
    Migration to ERP 6.0 (EA-PS 6.00)                                         Obligatory          
    Migration EA-PS 2.00 to ERP 5.0 (EA-PS 5.00)                      Obligatory          
    Missing initialization of new fields in table ANLZ                  Obligatory     46C                       470
    Activating VMC for the Internet Pricing and Configurator     Obligatory          
    Customer specific BSEG-fields not transferred                  Optional          
    Conversion of report headers in drilldown-reporting            Optional                                   600
    IBase: Upgrade to Release 4.6C and higher                         Optional     46C                         600
    ZSAPRCKML_COGS: Upgrade to release 4.7 or higher     Optional     46C                      470
    Conversion of CO-Total-Tables                                              Obligatory     46C                      500
    Conversion of CO-line-item table COEP                                Obligatory     46C                       600
    New General Ledger, problems in CO-documents                 Obligatory                               500
    No receivers found in allocations                                          Obligatory     46C                        470
    Conversion Of New Process Parameter Long Texts For Search     Optional     110                       600
    Migration of process parameters in recipe management     Optional     110                        600
    FAQ new depreciation calculation                                        Optional                                600
    Upgrading to SAP R/3 47x200 and SAP ECC 500 with RMGMT     Obligatory     100                       500
    Reloading Table T512W                                                        Optional          
    Converting Short Texts                                                         Obligatory          
    Migrating Data                                                                         Optional     4.7     
    Activating SAP ECC Extensions                                          Optional          
    I am not sure about which steps I have to perform, I am a bit confused.. because some are optional and some are not relevant to my release (as target or source release is different from mine). and also few things are not applied in my envirnoment hence those steps are also not relevant.
    Please suggest me, how to proceed and what to do. please guide if i skip this step now and later  on I apply latest SP than still I need to do all this.
    Regards
    Vinay

    Hi All,
    I also faced a similar issue during upgrade. Some useful findings.
    1. Only super user can access this /n/ASU/START
    2. All the obligatory executable tasks are automatically performed by the system automatically during upgrade.      SAPADM. Only errors (if any) are to be corrected.
    3. Some of the tasks are only to go through some SAP notes as a precaution before upgrade.
    4.  Execute all the checks /n/ASU/UPGRADE
    5. This surely can be skipped, but not advisable.
    regards,
    Amit

  • Upgrade step ASU-process post upgrade step

    Hi All,
    To check this message in the right format kindly click on reply first then click on quote original icon ("").
    I am performing an upgrade from R/3 4.7 to ERP 6.0 SR3, while doing upgrade sapup asking me To perform the manual application specific post upgrade step.
    This phase says to run ASU toolbox by using tx /n/asu/upgrade. when i run this tx is show the below list of steps to be performed with showing severity level of some as optional and many as obligatory.
    Task List                                                                                Severity     SAP R/3 release frm     SAP R/3 release to
    IS-OIL Application Test 600                                                 Optional          
    KP06xx: Termination SYNTAX_ERROR                                                 Obligatory     470                           500
    CGPL: Entries are blank after upgrade                                                Obligatory          
    Error handling of task group execution                                Optional          
    Mobile device cannot confirm TO after release upgrade     Obligatory     470                         600
    Mobile device doesn't find transfer orders after upgrade     Obligatory     470                          600
    Grantee Management - Upgrade from EA-PS 2.00 to ECC 600     Obligatory          
    Convert customizing for warehouse funds ctr scenarios     Optional          
    Various problems classification commitment items (class type     Obligatory          
    Unauthorized error messages udring fiscal year change/reassi     Obligatory          
    RFFMUDX1 migrates incomplete budgeting tables                          Obligatory          
    Non-7bit-ASCII character used for BCS key figures             Obligatory          
    Changes in TKEDR for /ISDFPS/RFFMDISTDERIVALE          Obligatory          
    BCS - Tool for Deleting Obsolete Derivation Strategies     Obligatory          
    BCS Syntax Error on Upgrade from EA-PS 2.00 to ECC 600     Obligatory          
    Migration to ERP 6.0 (EA-PS 6.00)                                         Obligatory          
    Migration EA-PS 2.00 to ERP 5.0 (EA-PS 5.00)                      Obligatory          
    Missing initialization of new fields in table ANLZ                  Obligatory     46C                       470
    Activating VMC for the Internet Pricing and Configurator     Obligatory          
    Customer specific BSEG-fields not transferred                  Optional          
    Conversion of report headers in drilldown-reporting            Optional                                   600
    IBase: Upgrade to Release 4.6C and higher                         Optional     46C                         600
    ZSAPRCKML_COGS: Upgrade to release 4.7 or higher     Optional     46C                      470
    Conversion of CO-Total-Tables                                              Obligatory     46C                      500
    Conversion of CO-line-item table COEP                                Obligatory     46C                       600
    New General Ledger, problems in CO-documents                 Obligatory                               500
    No receivers found in allocations                                          Obligatory     46C                        470
    Conversion Of New Process Parameter Long Texts For Search     Optional     110                       600
    Migration of process parameters in recipe management     Optional     110                        600
    FAQ new depreciation calculation                                        Optional                                600
    Upgrading to SAP R/3 47x200 and SAP ECC 500 with RMGMT     Obligatory     100                       500
    Reloading Table T512W                                                        Optional          
    Converting Short Texts                                                         Obligatory          
    Migrating Data                                                                         Optional     4.7     
    Activating SAP ECC Extensions                                          Optional          
    I am not sure about which steps I have to perform, I am a bit confused.. because some are optional and some are not relevant to my release (as target or source release is different from mine). and also few things are not applied in my envirnoment hence those steps are also not relevant.
    Please suggest me, how to proceed and what to do. please guide if i skip this step now and later  on I apply latest SP than still I need to do all this.
    Regards
    Vinay
    Edited by: Vinay Paul on Sep 11, 2009 10:11 PM

    Hi All,
    I also faced a similar issue during upgrade. Some useful findings.
    1. Only super user can access this /n/ASU/START
    2. All the obligatory executable tasks are automatically performed by the system automatically during upgrade.      SAPADM. Only errors (if any) are to be corrected.
    3. Some of the tasks are only to go through some SAP notes as a precaution before upgrade.
    4.  Execute all the checks /n/ASU/UPGRADE
    5. This surely can be skipped, but not advisable.
    regards,
    Amit

  • Step by step process to upgrade EP 6.0 to EP 7.0

    Hi all,
    Can any one plz tell me the process of EP7.0 Upgradation?
    EP7.0 is newly installed on the Other System.
    => I need information regarding the initial System Configuration settings.
    => can we transport the users/groups from EP 6.0 System to EP7.0 System?
    => Step By Step process of the integration of portal content into EP 7.0.
    Thanks and Regards,
    Visweswar

    Hi,
    All the upgrade information is available at http://service.sap.com/instguides -> Upgrade.
    Also check the Upgrade Master Guide:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a1a0eb43-0b01-0010-23aa-908cc4eaabcd
    Regards,
    Praveen Gudapati

  • How to increate the  R3trans processes during upgrade ...

    Dears,
    I'm doing a Sap upgrade to ECC6+EHP4 and I selected the scenario "High resource use (minimal downtime, fast import, archiving off)" in the Configuration module.
    The Downtime module is started  but I saw the gui does not allow to modify the number of processes it's going to use like :
    > MAXIMUM UPTIME PROCESS
    > R3TRANS PROCESSES
    I saw the XPRA_UPG phase is using 1 batch only, despite there are a lot of resources available.
    As I'm planning others upgrade run in the next future for this sistem, I would like to know if there a way to increase the number of these processes, without changing the Scenario "High resource use (minimal downtime, fast import, archiving off)."
    In this run the parameter MAXIMUM UPTIME PROCESS I suspect is set to 1; I would like at least to set it to 2 in the next run .
    But I would like to continue to use this scenario "High resource use (minimal downtime, fast import, archiving off)." in the future, but increasing these parameters MAXIMUM UPTIME PROCESS and R3TRANS PROCESSES.
    I read the 'Troubleshooting and Admistration Guide' but it's not described here; it seems the only way to change these parameter is to choose a completely different scenario (so called "Manual Selection")
    How they can be changed ? Are they written in some file into the upgrade directory ?
    best regards

    Hello Roberto,
    with this option ("High resource use (minimal downtime, fast import, archiving off)") it is not possible to change the key parameters that you're looking for.
    For your case you should select the option "Manual selection of parameters". Please check the piece of log below to see the parameters you can change with this option:
    >> 2009/05/27 15:12:57  START OF PHASE PREP_EXTENSION/INITSUBST
    >>>> Choose configuration <<<<
    Select configuration
    01)  -  Standard resource use (archiving off)
    02)  -  High resource use (archiving off)
    03)  -  High resource use (archiving on)
    04)  *  Manual selection of parameters
    : Manual selection of parameters
    >>>> Archive Mode <<<<
    Choose an upgrade phase for disabling the archive mode. For more information,
    see the upgrade guide.
    If the archive mode is disabled, all production operation has to be stopped.
    01)  -  No disabling of the archive mode (Archiving on)
    02)  *  The archive mode should be disabled in phase STOPSAP_TRANS
    Choose the archive mode:: The archive mode should be disabled in phase STOPSAP_TRANS
    >>>> SGEN Execution Mode <<<<
    Choose an execution strategy for SGEN. For more information, see the upgrade
    guide.
    01)  -  Do not start SGEN during the upgrade.
    02)  *  Fill table GENSETC with relevant loads, but do not run SGEN.
    03)  -  Fill table GENSETC and run SGEN with low resource consumption.
    04)  -  Fill table GENSETC and run SGEN with high resource consumption.
    Choose the SGEN execution mode:: Fill table GENSETC with relevant loads, but do not run SGEN.
    >>>> Batch Configuration and Upgrade Processes <<<<
    You need to supply information about the batch server and the number of
    processes used.
    Enter the host name of your batch server:
    BATCH HOST: SAP_EXAMPLE
    Enter the maximum number of batch processes during the upgrade:
    BATCH PROCESSES: 5
    Enter the maximum number of parallel processes during uptime:
    MAXIMUM UPTIME PROCESSES: 1
    Enter the number of parallel import processes during downtime:
    R3TRANS PROCESSES: 3
    As you can see, all these parameters are editable with this option. You should consider it in your future upgrades, in my opinion.
    Best regards,
    Tomas Black

  • What is the process to upgrade at full retail, switch SIM cards, and keep old plan with unlimited data feature

    I'm on a really old plan...America's Choice Family Share 500, Free N&W, with 2 lines, and each line has the unlimited data feature on the line.
    Neither line has a texting package.
    I currently have a Droid Bionic (large SIM card) & want to get a Droid Turbo (small SIM card).  It is literally cheaper for me to pay full retail for a phone (actually 2 phones) than switch to a "More Everything" plan because my plan is so old.  Across the two lines, we probably only use 3-5 GB/mo, so we aren't 'heavy' data users, but we aren't using 1-2GB/mo either.
    I went into a VZW Corporate store, and they said I should be able to keep my plan with unlimited data if I pay full retail, but the sales person said their system has been knocking off unlimited data for other customers, even for something as small as a SIM card change.
    I tried upgrading on verizonwireless.com, and the system tried to kick me out of my America's Choice Family Share 500 plan.
    What is the process to get a new phone, pay ~$600 for it, get the new SIM card assigned to the account, and keep my calling plan with unlimited data?
    (I also have the option to turn on & off Mobile Hot-Spot for $30/mo at will...but probably only have it active for 1 week a year, if that)
    Thanks!

    Just log into your my verizon and order a phone at the full retail price. When you add the phone to the cart you choose 2 yr price, edge or full and then hit add. You will have to choose a plan but that plan does not go into effect since you are buying a phone out of contract, it is just part of the process. You then will not lose the data

  • User login process after Upgrade  from 620 to &7.00

    Hi all,
    We are on SAP R/3 4.6c, BW 7.0 with BIA 48, SRM 3.0, WAS 620 with ITS supporting portal connections to R/3 and SRM & CUA system which is the issuer of the SSO.
    User login to portal with id [it's not sap id used for SAPGUI] and Ldap matches with Employee id and checks with CUA to create the SSO ticket, user can work on R/3 links or SRM links depends on his authorization. R/3 ,BW & SRM having CUA system certificate for SSO.
    Communication between Ldap and CUA system is thru ITS and Portal to R/3 & SRM  is also thru ITS.
    We  are planning to upgrade R/3 to Ecc 6.0 and SRM to 7.0, CUA  to 7.00  and WAS to 7.00 dual stack systems.
    we are thinking  Once upgrade is done ,   ITS will be vanished from the environment so the login process will be User login to Portal with ID and Ldap checks with CUA  and with the issued ticket  user directly communicate wit R/3 and SRM.
    Please suggest if we are missing anything on SSO &   the new login  process with  SSO  is right ?
    Thanks,
    Subhash.G

    >  We  are planning to upgrade R/3 to Ecc 6.0 and SRM to 7.0, CUA  to 7.00  and WAS to 7.00 dual stack systems.
    Just as an advise: I highly suggest avoiding the installation/upgrade of dual stack instances.
    > Please suggest if we are missing anything on SSO &   the new login  process with  SSO  is right ?
    Sounds good.
    Markus

Maybe you are looking for

  • How do i copy my itunes from my PC to my mac

    i have a dell work laptop that has my all of my iTunes music and apps for my iPhone4 but i would like to start using my iMac itunes for my iPhone4, but i know that i sync my iphone4 to my itunes on my iMac i will lose everything.  How do i copy my iT

  • Is there a way to save Pages documents so they can be opened with MS Word?

    Hi, I have been a PC user my whole life, but just recently purchased a Mac. I bought an iMac and absolutely love it! I'm still trying to figure everything out though. I just purchased iWork 09, but it hasn't arrived yet, so I'm using the trial versio

  • PhotoShop Elements 11

    I know I can install PhotoShop Elements 11 and have iPhoto set it as the default editor in Preferences...but I'd like to hear from some who does this...and see if the workflow is OK.  Editing tools in iPhoto and Aperture are not near what they are in

  • BSP with the link using MVC

    I need to call an another controller from a view using a htmlb:link Here is my code for example: <htmlb:link   id  = "<%= l_htable-id %>"               text = "<%= l_htable-data %>">               onClick   = "click"> Here is my code in method DO_HAN

  • Finding Symbolic Links in Unix

    Hi All, Is there a way to find whether a File is a Symbolic Link or not in Unix Environment using Java API ?? Thanks Sateesh