Question of Request-CSCertificate command

I have to generate a SAN certificate for my two 2013 FE servers. I want to use the Request-CSCertificate command. The question I have is on the switch "Computerfqdn". I am not sure what to specify for this value.
The Microsoft documentation says the fqdn of the server you are requesting the certificate for but I want this certificate to be on both FE servers. I plan to get a certificate with a couple of SAN's from our public CA and install it on both FE servers by
exporting it out. If I am going to do it that way, should I use the pool name for the Computerfqdn? The pool name points to both FE servers by way of a VIP and a load balancer. Seems to me if I specify the name of one of the FE servers in the command string,
that I might have some issues when I export it and install it on the other FE server.
If you need the actual command I am using, I can post it. It's a standard Request-CSCertificate command with the required switches.

Hi,
You should use the computer name instead of poo name when requesting a certificate. The Request-CsCertificate cmdlet will automatically add the pool name to the SAN list of certificate obtained using this cmdlet.
Actually you can add all required SANs including two FEs using Lync deployment Certificate wizard directly.
Kent Huang
TechNet Community Support

Similar Messages

  • A question about the SPOOL command in sqlplus

    Dear all,
    I have a question about the SPOOL Command and I would appreciate if you could kindly give me a hand. Consider the following sql script.
    SPOOL result.txt
    SELECT * FROM mytable;
    SPOOL OFF;This works pretty well, and the whole content of the table "mytable" is exported to the text file "result.txt". However, sqlplus prints also the number of lines
    printed after each query. As a result, after running this script, at the end of the file, I have always a line like
    "20541 lines returned"How can I avoid this line (the number of returned lines) in my result file?
    Thanks in advance,
    Dariyoosh

    Peter Gjelstrup wrote:
    Hi Dariyoosh,
    As you are about to find out, SQL*Plus is a really powerful tool once the wonders of it are discovered.
    You really should study the reference
    http://download.oracle.com/docs/cd/E11882_01/server.112/e10823/toc.htm
    In your current case especially the SET command
    http://download.oracle.com/docs/cd/E11882_01/server.112/e10823/ch_twelve040.htm#BACGAJIC
    Regards
    PeterHello there,
    Thank you very much for your attention to my problem and in particular the interesting links.
    Kind Regards,
    Dariyoosh

  • Room request membership command (HTML)

    Hello,
    Does anyone know how to program the room request membership command in html? I don't have a problem with the subscribe or feedback commands.
    In the How to… Configure the HTML Collection Renderer for the KM flexible user interface guide the below html code is given to generate a feedback link:
    <a href="http://com.sap.cm/.?uicommand=feedback">give feedback</a>
    I checked this command and it refers to the following java class:
    com.sapportals.wcm.rendering.uicommand.cm.UIFeedbackCommand
    Apparently the com.sap.cm automatically refers to this command.
    Now I want to add a room request membership command (I already have public access, now i want to become a member), which uses another javaclass:
    com.sap.netweaver.coll.roomui.api.uicommands.UIRequestMembershipCommand
    The com.sap.cm prefix now doesn't work. Does anyone know how to call the command in html and generate a link. (I am already in the public part of a room).
    Thank you so much.
    Kind regards,
    Joost Christenhusz

    Hi Robert,
    Portal Version is NW04s and SPS 14.
    And light Room Directory is active.
    I've tested, with annd without Light Room Directory, Context menu displayed Request Membership but not active!
    hope, Everyone hat an IDEA!
    Thanks in advance
    Katayoun

  • Command authorization failed - 'AAA API' detected the 'fatal' condition 'No method could process the authorisation request' % Incomplete command.

    we are using CISCO ASR 9006 . and we configured aaa authentication and commit changes after that i am able to login ASR with local user but
    no any command execute and get error.
    Command authorization failed - 'AAA API' detected the 'fatal' condition 'No method could process the authorisation request'
    % Incomplete command.
    please help.

    Hi Anop
    How did you get over this problem? I am having the same issue.
    Regards
    Rohan

  • Show policy-map interface | Question about QOS show command output

    I hope this is the correct place for this question. If not, please let me know.
    When I issue the show policy-map interface command (in this case on a  3845) there is some output I don't understand.  I have included some output below and formatted the lines I am confused about as "computer code" which show up as red on my screen.  A list of the individual lines i'm confused about is below, followed by those liens in the context of the show policy-map command's output.
    Any help with this will be greatly appreciated. Thanks in advance.
    5 minute offered rate 46000 bps, drop rate 0 bps
     5 minute rate 10000 bps
     bandwidth remaining 50% (768 kbps)
    show policy-map interface
    --- previous output omitted ---
    GigabitEthernet0/0
      Service-policy input: QoS_IN
    class-map: Silver (match-any)
          164691299 packets, 23570752398 bytes
          5 minute offered rate 46000 bps, drop rate 0 bps
          Match: access-group name MAINFRAME
            4371992 packets, 2311242335 bytes
            5 minute rate 0 bps
          Match: access-group name KRONOS
            13334297 packets, 3051409140 bytes
            5 minute rate 5000 bps
          Match: access-group name EMAIL
            97652823 packets, 10323856470 bytes
            5 minute rate 10000 bps
          Match: access-group name VOIP-CONTROL
            20782858 packets, 1481676784 bytes
            5 minute rate 0 bps
          Match: access-group name LOGIXWEB
            0 packets, 0 bytes
            5 minute rate 0 bps
          Match: access-group name GRINDLOG
            0 packets, 0 bytes
            5 minute rate 0 bps
          Match: access-group name CITRIX
            46895 packets, 14669179 bytes
            5 minute rate 0 bps
          Match: access-group name CORP_WEB
            28502414 packets, 6387897396 bytes
            5 minute rate 4000 bps
          QoS Set
            dscp af31
              Packets marked 164691269
    show policy-map interface s0/0/0:0
    Serial0/0/0:0
      Service-policy output: QoS_OUT
    --- previous output omitted ---
        Class-map: Silver (match-any)
          86590227 packets, 12051546524 bytes
          5 minute offered rate 3000 bps, drop rate 0 bps
          Match: access-group name MAINFRAME
            7641084 packets, 2701232492 bytes
            5 minute rate 0 bps
          Match: access-group name KRONOS
            6975052 packets, 1555404656 bytes
            5 minute rate 0 bps
          Match: access-group name EMAIL
            58438150 packets, 5433636586 bytes
            5 minute rate 3000 bps
          Match: access-group name VOIP-CONTROL
            355083 packets, 41252455 bytes
            5 minute rate 0 bps
          Match: access-group name LOGIXWEB
            0 packets, 0 bytes
            5 minute rate 0 bps
          Match: access-group name GRINDLOG
            0 packets, 0 bytes
            5 minute rate 0 bps
          Match: access-group name CITRIX
            19 packets, 4967 bytes
            5 minute rate 0 bps
          Match: access-group name CORP_WEB
            13180836 packets, 2320015236 bytes
            5 minute rate 0 bps
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/18156/0
          (pkts output/bytes output) 86421413/12004278837
          bandwidth remaining 50% (768 kbps)

    this is my configuration
    DGMGRL> show configuration
    Configuration
    Name: matrix
    Enabled: YES
    Protection Mode: MaxPerformance
    Databases:
    stdby1 - Primary database
    stdby2 - Physical standby database
    stdby3 - Physical standby database
    Fast-Start Failover: DISABLED
    Current status for "matrix":
    SUCCESS
    --- this is my first successful switchover -----
    DGMGRL> switchover to stdby2
    Performing switchover NOW, please wait...
    New primary database "stdby2" is opening...
    Operation requires shutdown of instance "stdby1" on database "stdby1"
    Shutting down instance "stdby1"...
    ORA-01109: database not open
    Database dismounted.
    ORACLE instance shut down.
    Operation requires startup of instance "stdby1" on database "stdby1"
    Starting instance "stdby1"...
    ORACLE instance started.
    Database mounted.
    Switchover succeeded, new primary is "stdby2"
    -------------------this is my second switchover -------------
    DGMGRL> switchover to stdby1
    Performing switchover NOW, please wait...
    New primary database "stdby1" is opening...
    Operation requires shutdown of instance "stdby2" on database "stdby2"
    Shutting down instance "stdby2"...
    ORA-01109: database not open
    Database dismounted.
    ORACLE instance shut down.
    Operation requires startup of instance "stdby2" on database "stdby2"
    Starting instance "stdby2"...
    Unable to connect to database
    ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
    Failed.
    You are no longer connected to ORACLE
    Please connect again.
    Unable to start instance "stdby2"
    You must start instance "stdby2" manually
    Switchover succeeded, new primary is "stdby1"
    DGMGRL>
    Edited by: user6981287 on Jan 7, 2010 12:57 AM
    Edited by: user6981287 on Jan 7, 2010 1:00 AM

  • Passing variable having value as whole SOAP request to command while invoking ODI WS call

    When passing variable in place of soap request message (variable value is whole SOAP request message prepared using procedure) in ODI Invoke WebService command like -->
    OdiInvokeWebService "-URL=url...." "-PORT_TYPE=..." "-OPERATION=..." "-RESPONSE_MODE=NEW_FILE" "-RESPONSE_FILE_CHARSET=UTF8" "-RESPONSE_XML_ENCODING=UTF-8" "-RESPONSE_FILE=..." "-RESPONSE_FILE_FORMAT=SOAP" "-HTTP_USER=..." "-HTTP_PASS=..."
    #SOAPREQUESTMESSAGE
    Gives error :
    ODI-1226: Step OdiInvokeWebService 1 fails after 1 attempt(s).
    ODI-1241: Oracle Data Integrator tool execution fails.
    Caused By: com.sunopsis.wsinvocation.SnpsWSInvocationException: com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '#' (code 35) in prolog; expected '<'
    at [row,col {unknown-source}]: [1,1]
        at com.sunopsis.wsinvocation.client.impl.AbstractMessageImpl.loadFromXML(AbstractMessageImpl.java:333)
        at com.sunopsis.wsinvocation.client.impl.AbstractMessageImpl.loadFromString(AbstractMessageImpl.java:348)
        at com.sunopsis.wsinvocation.client.impl.AbstractMessageImpl.fromString(AbstractMessageImpl.java:403)
        at com.sunopsis.wsinvocation.client.impl.AbstractJWSDLParserImpl.fromXML(AbstractJWSDLParserImpl.java:272)
        at com.sunopsis.wsinvocation.client.impl.AbstractJWSDLParserImpl.getWebServiceRequestByOperation(AbstractJWSDLParserImpl.java:260)
        at com.sunopsis.dwg.tools.common.WebserviceUtils.getSOAPMessage(WebserviceUtils.java:94)
        at com.sunopsis.dwg.tools.common.WebserviceUtils.invoke(WebserviceUtils.java:138)
        at com.sunopsis.dwg.tools.InvokeWebService.actionExecute(InvokeWebService.java:327)
        at com.sunopsis.dwg.function.SnpsFunctionBase.execute(SnpsFunctionBase.java:276)
        at com.sunopsis.dwg.dbobj.SnpSessTaskSql.execIntegratedFunction(SnpSessTaskSql.java:3437)
        at com.sunopsis.dwg.dbobj.SnpSessTaskSql.executeOdiCommand(SnpSessTaskSql.java:1509)
        at oracle.odi.runtime.agent.execution.cmd.OdiCommandExecutor.execute(OdiCommandExecutor.java:44)
        at oracle.odi.runtime.agent.execution.cmd.OdiCommandExecutor.execute(OdiCommandExecutor.java:1)
        at oracle.odi.runtime.agent.execution.TaskExecutionHandler.handleTask(TaskExecutionHandler.java:50)
        at com.sunopsis.dwg.dbobj.SnpSessTaskSql.processTask(SnpSessTaskSql.java:2913)
        at com.sunopsis.dwg.dbobj.SnpSessTaskSql.treatTask(SnpSessTaskSql.java:2625)
        at com.sunopsis.dwg.dbobj.SnpSessStep.treatAttachedTasks(SnpSessStep.java:558)
        at com.sunopsis.dwg.dbobj.SnpSessStep.treatSessStep(SnpSessStep.java:464)
        at com.sunopsis.dwg.dbobj.SnpSession.treatSession(SnpSession.java:2093)
        at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor$2.doAction(StartSessRequestProcessor.java:366)
        at oracle.odi.core.persistence.dwgobject.DwgObjectTemplate.execute(DwgObjectTemplate.java:216)
        at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor.doProcessStartSessTask(StartSessRequestProcessor.java:300)
        at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor.access$0(StartSessRequestProcessor.java:292)
        at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor$StartSessTask.doExecute(StartSessRequestProcessor.java:855)
        at oracle.odi.runtime.agent.processor.task.AgentTask.execute(AgentTask.java:126)
        at oracle.odi.runtime.agent.support.DefaultAgentTaskExecutor$2.run(DefaultAgentTaskExecutor.java:82)
        at java.lang.Thread.run(Thread.java:662)
    Thanks in anticipation...

    the used variable 'SOAPREQUESTMESSAGE' is being created in a procedure using jython.
    1. Can we use this variable (SOAPREQUESTMESSAGE) value in the next step that is while invoking web service request (can it persist) ?
    2. If not then how can we use this variable value to invoke ws request in next step ?
    Would like to appreciate help.
    Pls reply.

  • Question regarding Request Notification Template - OIM 9.1.0.2

    Hi All,
    I have a question regarding notification generated when a request is raised. Currently, the body of the notification is referring the requestor who raise the request (the body of email has attributes like <%Requester Info.First Name%>, <%Requester Info.Last Name%>). Its fine if the requestor is raising the request for him/her self. However, if the requestor is raising the request on behalf of another user, then this notification is causing confusions, since its referring the requestor only in its body and not the beneficiary.
    Is there a way to include the end beneficiary's details in the body of the notification?
    Please help in this regard
    Regards
    Vinay

    Hi Gurus,
    Any idea on this?
    Regards
    Vinay

  • Question about broker Switchover command

    Hi guys
    i have one question about switchover cmd . For example, i have 1 primary database called stdby3 and 2 standby databases that are called stdby1 and stdby2. When i performed switchover cmd to stdby2 standby database, why the old primary database stdby3 could not become new standby database after i performed a switchover; furthermore the new primary and standby databases are not opened after the switchover process is completed
    output screen:
    DGMGRL> show configuration;
    Configuration
    Name: stdby1
    Enabled: YES
    Protection Mode: MaxProtection
    Databases:
    stdby3 - Primary database
    stdby1 - Physical standby database
    stdby2 - Physical standby database
    Fast-Start Failover: DISABLED
    Current status for "stdby1":
    SUCCESS
    DGMGRL> SWITCHOVER TO stdby2
    Performing switchover NOW, please wait...
    Operation requires shutdown of instance "stdby3" on database "stdby3"
    Shutting down instance "stdby3"...
    ORA-01109: database not open
    Database dismounted.
    ORACLE instance shut down.
    Operation requires shutdown of instance "stdby2" on database "stdby2"
    Shutting down instance "stdby2"...
    ORA-01109: database not open
    Database dismounted.
    ORACLE instance shut down.
    Operation requires startup of instance "stdby3" on database "stdby3"
    Starting instance "stdby3"...
    Unable to connect to database
    ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
    Failed.
    You are no longer connected to ORACLE
    Please connect again.
    Unable to start instance "stdby3"
    You must start instance "stdby3" manually
    Operation requires startup of instance "stdby2" on database "stdby2"
    You must start instance "stdby2" manually
    Switchover succeeded, new primary is "stdby2"
    DGMGRL> show configuration;
    Error:
    ORA-01034: ORACLE not available
    Process ID: 0
    Session ID: 130 Serial number: 45
    DGMGRL> exit;
    oracle@localhost ~$ dgmgrl
    DGMGRL for Linux: Version 11.1.0.6.0 - Production
    Copyright (c) 2000, 2005, Oracle. All rights reserved.
    Welcome to DGMGRL, type "help" for information.
    DGMGRL> connect sys
    Password:
    Connected.
    DGMGRL> show configuration;
    Error:
    ORA-01034: ORACLE not available
    Process ID: 0
    Session ID: 0 Serial number: 0
    DGMGRL> connect sys@stdby3
    Password:
    Connected.
    DGMGRL> show configuration;
    Error:
    ORA-01034: ORACLE not available
    Process ID: 0
    Session ID: 0 Serial number: 0
    DGMGRL>
    Edited by: user6981287 on Jan 6, 2010 9:27 AM

    this is my configuration
    DGMGRL> show configuration
    Configuration
    Name: matrix
    Enabled: YES
    Protection Mode: MaxPerformance
    Databases:
    stdby1 - Primary database
    stdby2 - Physical standby database
    stdby3 - Physical standby database
    Fast-Start Failover: DISABLED
    Current status for "matrix":
    SUCCESS
    --- this is my first successful switchover -----
    DGMGRL> switchover to stdby2
    Performing switchover NOW, please wait...
    New primary database "stdby2" is opening...
    Operation requires shutdown of instance "stdby1" on database "stdby1"
    Shutting down instance "stdby1"...
    ORA-01109: database not open
    Database dismounted.
    ORACLE instance shut down.
    Operation requires startup of instance "stdby1" on database "stdby1"
    Starting instance "stdby1"...
    ORACLE instance started.
    Database mounted.
    Switchover succeeded, new primary is "stdby2"
    -------------------this is my second switchover -------------
    DGMGRL> switchover to stdby1
    Performing switchover NOW, please wait...
    New primary database "stdby1" is opening...
    Operation requires shutdown of instance "stdby2" on database "stdby2"
    Shutting down instance "stdby2"...
    ORA-01109: database not open
    Database dismounted.
    ORACLE instance shut down.
    Operation requires startup of instance "stdby2" on database "stdby2"
    Starting instance "stdby2"...
    Unable to connect to database
    ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
    Failed.
    You are no longer connected to ORACLE
    Please connect again.
    Unable to start instance "stdby2"
    You must start instance "stdby2" manually
    Switchover succeeded, new primary is "stdby1"
    DGMGRL>
    Edited by: user6981287 on Jan 7, 2010 12:57 AM
    Edited by: user6981287 on Jan 7, 2010 1:00 AM

  • Doesn't it get very old, same question about running dos command?

    To everyone who is tooo lazy to search.
    Process p = Runtime.getRuntime().exec("progname arg1 arg2");
    What a wast of everyone's time responding to the same question on how to run a dos command.

    I think you'll find it's
    Runtime.getRuntime().exec(new String[]{"progname", "arg1", "arg2"});

  • Since updating to OS X Mavericks I get a continuous update request for command line developer tools.  How do I stop this?

    Since installing OS X Mavericks, automatic updates keep producing download demand for Command Line Developer tools 6.0 and 6.1.  I don't need these but cannot seem to stop the updates available, even if they are downloaded and installed.  Can anyone tell me how to stop this?

    Try re-indexing Spotlight.
    Spotlight – Re-index

  • Question about WEBAPI URL commands

    Hi,
    In Visual Composer I'm making a drilldown from table 1 (output from  BW query 1) to table 2 (output BW query 2, but same filters as query 1). In my first table I have many keyfigures, in my 2nd table I just want to display that keyfigure with more detail based on the selection from query 1.
    Since I can't filter on keyfigure level in VC itself I need one WEBAPI (url command) to do one additional filtering since I don't want to show all keyfigures in query 2 / table 2. I have been testing this first with supplying the WEBAPI string with the fixed (hardcoded) values and this works fine. It looks as follows :
    'FILTER_IOBJNM=44RHE9MINFGXEBEXOI7S7UKE6;FILTER_VALUE=44VSUXQJNO2MG4CLOAF5M503I
    The first string is the name of my keyfigure structure in my query, the 2nd string is the technical name of the keyfigure on which I want to restrict. Like it said, supplying the command url values hardcoded words so I thought i was finished...
    Now I wanted to pass the right selected value from table 1 via the VC in the FILTER_VALUE field.
    It looks as follows now :
    'FILTER_IOBJNM=44RHE9MINFGXEBEXOI7S7UKE6;FILTER_VALUE=@KF_key'
    But this doesn't seem to work although @KF_key contains the right value. KF_KEY should give the right technical keyfigure name.
    Am I using the right syntax in the FILTER_VALUE part ? I have seen some topics on this forum where people also use the & symbol in some parts but I don't get it up and running
    thanks
    Message was edited by:
            Double U

    Suddenly it works.
    The correct syntax :
    'FILTER_IOBJNM=44RHE9MINFGXEBEXOI7S7UKE6;FILTER_VALUE=<b>'&@KF_key&''</b>

  • CRL question, LDAP request goes to 255.255.255.255

    I am trying to get CRL on Router 3620 with IOS=12.2(11)T6 (c3620-ik9s-mz.122-11.T6.bin) but LDAP request seems to be sent to 255.255.255.255 not the right address - 10.10.2.49 !
    Configuration looks like this :
    ip domain name lmt.lv
    ip host tau.2k.mydom.net 10.10.2.49
    ip host tau 10.10.2.49
    crypto ca trustpoint LMT-PKI
    enrollment mode ra
    enrollment url http://tau:80/certsrv/mscep/mscep.dll
    usage ike
    serial-number
    ip-address 10.10.90.240
    crl query ldap://10.10.2.49
    If I try to get CRL, it seems router is trying LDAP on broadcast address, output of "debug crypto pki transactions" :
    r-c3620-vpn1(config)#crypto ca crl request LMT-PKI
    r-c3620-vpn1(config)#ldap search: server=255.255.255.255, base=CN=TestCA,CN=tau,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=2k,DC=mydom,DC=net, attribute=certificateRevocationList
    : scope=0, filter=objectclass=cRLDistributionPoint
    May 26 16:37:58.993: CRYPTO_PKI:ldap_bind ERROR: status = 82
    May 26 16:37:58.993: CRYPTO_PKI: ldap bind error: status = 82
    May 26 16:37:58.993: CRYPTO_PKI: transaction GetCRL completed
    I suppose it should go to the address specified with "crl query ldap://10.10.2.49" but it does not ?
    I have successfully got certificates of the CA and the router itself :
    r-c3620-vpn1>show crypto ca certificates
    Certificate
    Status: Available
    Certificate Serial Number: 610D081E000000000009
    Certificate Usage: General Purpose
    Issuer:
    CN = TestCA
    OU = LMT-VPN
    O = LMT-VPN
    L = Riga
    ST = Riga
    C = LV
    EA =<16> [email protected]
    Subject:
    Name: r-c3620-vpn1.lmt.lv
    IP Address: 10.10.90.240
    Serial Number: 21464125
    OID.1.2.840.113549.1.9.2 = r-c3620-vpn1.lmt.lv
    OID.1.2.840.113549.1.9.8 = 10.10.90.240
    OID.2.5.4.5 = 21464125
    CRL Distribution Point:
    ldap:///CN=TestCA,CN=tau,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=2k,DC=mydom,DC=net?certificateRevocationList?base?objectclass=cRLDistributionPoint
    Validity Date:
    start date: 14:29:10 EEST May 15 2003
    end date: 14:29:10 EEST May 14 2005
    renew date: 02:00:00 EET Jan 1 1970
    Associated Trustpoints: LMT-PKI
    CA Certificate
    Status: Available
    Certificate Serial Number: 49F2340E73872AB44CCAD9CB46657697
    Certificate Usage: General Purpose
    Issuer:
    CN = TestCA
    OU = LMT-VPN
    O = LMT-VPN
    L = Riga
    ST = Riga
    C = LV
    EA =<16> [email protected]
    Subject:
    CN = TestCA
    OU = LMT-VPN
    O = LMT-VPN
    L = Riga
    ST = Riga
    C = LV
    EA =<16> [email protected]
    CRL Distribution Point:
    ldap:///CN=TestCA,CN=tau,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=2k,DC=mydom,DC=net?certificateRevocationList?base?objectclass=cRLDistributionPoint
    Validity Date:
    start date: 12:25:09 EEST May 15 2003
    end date: 12:30:06 EEST May 15 2005
    Associated Trustpoints: LMT-PKI
    Anybody can tell where is my fault ?
    Many thanks !

    Thanks for advice ! It helped. Actually this is quite often my favorite suggestion: try to upgrade IOS, if somebody is complaining about bugs in IOS. At this time I failed to advise myself :-)( The confusion was caused because I was looking at Feature Navigator for the feature "Easy VPN Server" with the smallest Feature Set for 3DES which was "IP Plus IPSec 3DES" and the only release Cisco offered was 12.2(11)T ! After Your advise I looked again at feature navigator and it turned out that there are 12.2(13)T but only IP/FW/IDS PLUS IPSEC 3DES. After upgrade to this release CRLS and LDAP started to work.

  • Unanswered Questions a request and a suggestion

    I, like others, have an inaccessible unanswered question. It has been deleted but still shows up as unanswered and there is no way for me to mark it as answered. I would appreciate it if the mods would mark it answered.
    I would like to suggest that when a question is deleted it should always disappear from the asker's unanswered list.

    Hi Hardy,
    You should have no unresolved questions now.
    We try to mark it as answered when we lock or remove but some slip by. I have been going back to some older ones and marking them when I can.
    Regards,
    Kady

  • Question on AAA accounting command?

    Is AAA command “aaa accounting commands 15 default start-stop group” just for tacacs+ groups and not for radius?

    jjohnston1127 answered correctly. Command authorization and command accounting are only supported by the tacacs protocol.
    You will not even see an option for radius.
    jkatyel(config)#aaa accounting commands 15 default start-stop gr
    jkatyel(config)#aaa accounting commands 15 default start-stop group ?
      WORD     Server-group name
      tacacs+  Use list of all Tacacs+ hosts.
    Accounting supported by radius
    https://tools.ietf.org/html/rfc2866
    Regards,
    Jatin Katyal
    *Do rate helpful posts*

  • ACS Radius Question about Request Authenticator Field

    Hi, I did a little bit reading about Radius to understand more in deepth
    if I understand correctly the Request-Authenticator-Field in the Radius-Request Packet is just a random number and has nothing to do with the configured shared secret on AAA-Client.
    That would mean that ACS does not check the shared secret in an incoming request.
    So in case of CHAP Authentication the password in the request is not encrypted with the shared secret, ACS can successfully check the credentials from the request , though the shared secret between ACS and AAA-client does not match and will send a Radius Accept packet
    The Response-Authenticator-Field in the Radius-Accept Packet is a MD5 over (Code+ID+Length+RequestAuth+Attributes+SharedSecret)
    So if the the shared secret does not match the AAA-Client will recongize this and will not grant access.
    Is that true so far.
    I always thougth that shared secret must match, otherwise the ACS will not accept any radius-request?
    Thx
    hubert

    Hi Nicholas,
    pls see attached a packet-capture from 6 Radius-request of a AAA-Client (small Radius-Test-SW) and the answer from ACS
    1 PAP wrong key correct Password -> ACS logs failed auth
    2 PAP correct key correct Password -> ACS logs success auth
    3 CHAP wrong key correct Password -> ACS logs success auth
    4 CHAP correct key correct Password -> ACS logs success auth
    5 CHAP wrong key wrong Password -> ACS logs failed auth
    6 CHAP correct key wrong Password -> ACS logs failed auth

Maybe you are looking for

  • Query Help for reporting on last receipt qty

    SBO Version: 8.82 PL11 Hello Forum, I am looking for some help devising a command behind a crystal report. We are hoping to achieve the last receipt quantity. To arrive at this we would like it to get the last GRPO for an item and total the quantity

  • Animated gif icon for an exception instead of the standard icon?

    Hello, is there a possibillity to use an animated gif icon for an exception instead of the red standard icon in a web template? I tried  to change the standard icon s_s_ledr.gif against an animated gif icon in the mime repository, but it does not wor

  • Help with sliced layout

    Ok, I'm sure you guys get this kind of topic frequently enough to make you want to rip your hair out, but here it goes. I recently acquired a template to use for my online gaming team. I have the template, but it needs some fixing-upping in Dreamweav

  • G5 quad buffer underrun error when burning dvd's

    4 x 2.5 Ghz G5   Mac OS X (10.4.4)   i just tried to burn a dvd from dvdsp and keep getting a error. it is Sense Key=ILLEGAL REQUEST Sense Code = 0x21,0x02 Buffer Underrun i tried using toast as well with the same result. my dvd drive is also making

  • MHT files cannot be sent using Eudora email - buffer overrun error

    Previous Firefox versions allowed quick email forwarding of website url addresses. The current version defaults to generating an MHT file and when Eudora 7.1 is selected as the email preference, the following error message appears: " Buffer overrun d