Reimage cisco 1113 ACS - NIC driver

HI,
I tried to re-image a cisco 1113 ACS appliance into windows 2003 and was successful. I suppose to use this for my staging/LAB.My only problem is the NIC cards shows unknown since no appropraite driver was found. Googled for a few days but ends up nothing. Does anybody knows the exact driver? Appreciate anybody's reply.
Thanks.

Just for everybody's info.
I manage to download the NIC driver. It is a Generic Broadcom NetXtreme Gigabit Ethernet.
Now it is working fine.

Similar Messages

Looking for successful auth debug between cisco 1113 acs 4.2 and Active Directory

Hello,
Does anyone have a successful authentication debug using cisco 1113 acs 4.2 and Active Directory? I'm not having success in setting this up and would like to see what a successful authentication debug looks. Below is my current situation:
Oct 6 13:52:23: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:23: TPLUS: processing authentication start request id 444
Oct 6 13:52:23: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:23: TPLUS: Using server 110.34.5.143
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 26 (0x1A)
Oct 6 13:52:23: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:23: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:23: T+: user:
Oct 6 13:52:23: T+: port: tty515
Oct 6 13:52:23: T+: rem_addr: 10.10.10.10
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:23: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
Oct 6 13:52:23: T+: msg: Username:
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:23: TPLUS: Received authen response status GET_USER (7)
Oct 6 13:52:30: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:30: TPLUS: processing authentication continue request id 444
Oct 6 13:52:30: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 15 (0xF)
Oct 6 13:52:30: T+: AUTHEN/CONT msg_len:10 (0xA), data_len:0 (0x0) flags:0x0
Oct 6 13:52:30: T+: User msg: <elided>
Oct 6 13:52:30: T+: User data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE: wrote entire 27 bytes request
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:30: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
Oct 6 13:52:30: T+: msg: Password:
Oct 6 13:52:30: T+: data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:30: TPLUS: Received authen response status GET_PASSWORD (8)
Oct 6 13:52:37: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:37: TPLUS: processing authentication continue request id 444
Oct 6 13:52:37: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:37: T+: AUTHEN/CONT msg_len:11 (0xB), data_len:0 (0x0) flags:0x0
Oct 6 13:52:37: T+: User msg: <elided>
Oct 6 13:52:37: T+: User data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE: wrote entire 28 bytes request
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 33bytes data)
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 45 bytes response
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 33 (0x21)
Oct 6 13:52:37: T+: AUTHEN/REPLY status:7 flags:0x0 msg_len:27, data_len:0
Oct 6 13:52:37: T+: msg: Error during authentication
Oct 6 13:52:37: T+: data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:37: TPLUS: Received Authen status error
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: timed out
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: No sock_ctx found while handling request timeout
Oct 6 13:52:37: TPLUS: Choosing next server 101.34.5.143
Oct 6 13:52:37: TPLUS(000001BC)/1/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:37: TPLUS(000001BC)/46130160: releasing old socket 0
Oct 6 13:52:37: TPLUS(000001BC)/1/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:49: TPLUS: processing authentication start request id 444
Oct 6 13:52:49: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:49: TPLUS: Using server 172.24.5.143
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 26 (0x1A)
Oct 6 13:52:49: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:49: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:49: T+: user:
Oct 6 13:52:49: T+: port: tty515
Oct 6 13:52:49: T+: rem_addr: 10.10.10.10
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 43bytes data)
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 55 bytes response
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 43 (0x2B)
Oct 6 13:52:49: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
Oct 6 13:52:49: T+: msg: 0x0A User Access Verification 0x0A 0x0A Username:
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Received authen response status GET_USER (7)
The 1113 acs failed reports shows:
External DB is not operational
thanks,
james

Hi James,
We get External DB is not operational. Could you confirm if under External Databases > Unknown User Policy, and verify you have the AD/ Windows database at the top?
this error means the external server might not correctly configured on ACS external database section.
Another point is to make sure we have remote agent installed on supported windows server.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289013
Also provide the Auth logs from the server running remote agent, e.g.:-
AUTH 10/25/2007 15:21:31 I 0376 1276 External DB [NTAuthenDLL.dll]:
Attempting Windows authentication for user v-michal
AUTH 10/25/2007 15:21:31 E 0376 1276 External DB [NTAuthenDLL.dll]: Windows
authentication FAILED (error 1783L)
thanks,
Vinay

Cisco 1113 ACS 4.2 1113 configure auth. for Infoblox appl.

Hi there,
I have an issue with Cisco ACS and an Infoblox appliance. We want to authenticate users, that login on the Infoblox, via the Cisco ACS. After that the ACS should reply with a passed (RADIUS) authentication and reply with an administrative groupname that the user belongs on the Infoblox. To do this I have to import a VSA to have the option in the ACS to reply with this groupname. On the Infoblox these groups are allready made and this must match the group that the ACS replies.
Now I have imported the VSA and configured an AAA client (infoblox) to use the new RADIUS (VSA) to support the Infoblox. In the groupsetting I've turned on the Infoblox-Group_info attribute and filled in a specific groupname that the authenticated user belongs to. Now here comes the part where the group info is returned, but the Infoblox Appliance gives me a RADIUS error reply message. As I can see in the logs of the ACS the authentication part of the user is fine. So it has to be between the info that the ACS replies with, when the user logs in.
I've attach the VSA and a *.pcap of wireshark to see what's going on.
Can anyone advice of suggest any option that can make this thing work.
With regards,
Richard Gosen

Halijenn,
Unfortunatly the above solution doesn't do the trick. When I delete the imported VSA, via the attached *.csv, the Infoblox attributes still shows up when I re-add the Infoblox appliance to a network device group en there choose "Radius (Infoblox)" for the authentication. After deleting the VSA I have restarted the ACS SE. The returned acknowledgment from the ACS still presents a malformed packet. When I uncheck the checkbox of the "RADIUS (Infoblox)" attribute in the group settings, then it shows no malformed packet, but no group information is sent either.
Again I have imported the original accountsAction.csv and restarted the SE, but it still returns malformed packets.
Any other possibilities?
Kind regards,
Richard Gosen

Console access Cisco 1113 ACS

We have a new ACS and cannot access the device thru the console. I am using TeraTerm and I can see the characters but it is a bunch of garble almost like the terminal settings are incorrect. I have 8 1 and no parity for the Serial port settings. Has anyone run into this? If so, how did you get it solved? Thanks.

I got it to the login screen now but do not know what the Admin password is?? Is there a default login initially for this device? I found documentation on how to change it but you need to be in the device first. Thanks

Upgrade path for Cisco Secure ACS 4.X Solution Engine 1113 Appliance.

Hello,
I am having Cisco Secure ACS 4.X Solution Engine 1113 Appliance, and is running on version Cisco Secure ACS Release 4.1(1) Build 23 and now want to upgarde it to the latest version. Need to know the upgrade path for the same. As per my information ACS 4.1(1) runs on windows server and releases post to 5.X uses Linux. Please guide how can i upgrade Appliance 1113 from 4.1 to 5.x

Hi,
Cisco ACS 1113 appliance doesn't support ACS 5.x version. 1113 appliance supports till ACS 4.2.1 version.
Cisco ACS SE 1120/1121 appliance models are required for ACS 5.x
The upgrade path for ACS 4.1 to 4.2.1 version can be found in the following link :
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1237189
Regards,
Karthik Chandran
*kindly rate helpful post*

Cisco Secure ACS 4.0 Solution engine problem

Hi,
I have a probleme with a Cisco Secure ACS 4.0 Solution Engine (CSACSE-1113-K9).
I try to power up the engine, but the light in the power button stay blinking all the time. Anyone have a idea why ?
Last week, I boot it for the first time (It's brand new), every things goes fine.
I made " shutdown " then wait the message to press 4 seconds power button to turn it off. This morning, nothing come up.
I see one thing in the console "Press <SpaceBar> to update BIOS." after that, blank. No bios detection, no harddrive dectection, no windows boot.
Any idea ?
Thank you

No, I'm sur.
Then we have version 1113 of ACS.
See: http://www.cisco.com/application/pdf/en/us/guest/products/ps6731/c2001/ccmigration_09186a008068f7bd.pdf
Page 32(1-8) #2.
I let the engine off about 6hours after my first post, then I try back. The engine start.
What can cause this problem ?

Cisco Secure ACS 4.2 with Oracle

hi there...
Our campus using WisM (WS-SVC-WISM-1-K9) as wireless controller , Cisco 1130 access point and Cisco Secure ACS 4.2 Solution Engine 1113 Appliance as radius server. For username and password, ACS will export the data from Oracle database(production DB).
The problem that we are facing right now is password that store in oracle database is in encrypted format. Base feedback from our database administrator, the encryption is done by oracle - application layer and cannot be decrypt back. In Oracle they call it "Oracle Stored Procedures"
My questions :
1- Can Cisco Secure ACS 4.2 work with Oracle 10G or 11G?
2- Is there any option to tackle the encrypted password? Can ACS handle the "Oracle Stored Procedures" function?
Please advice.
Thanks

Microsoft SQL Server and Case-Sensitive Passwords
If you want your passwords to be case sensitive and are using Microsoft SQL Server as your ODBC-compliant relational database, configure your SQL Server to accommodate this feature. If your users are authenticating by using PPP via PAP or Telnet login, the password might not be case sensitive, depending on how you set the case-sensitivity option on the SQL Server. For example, an Oracle database will default to case sensitive, whereas Microsoft SQL Server defaults to case insensitive. However, in the case of CHAP/ARAP, the password is case sensitive if you configured the CHAP stored procedure.
For example, with Telnet or PAP authentication, the passwords cisco or CISCO or CiScO will all work if you configure the SQL Server to be case insensitive.
For CHAP/ARAP, the passwords cisco or CISCO or CiScO are not the same, regardless of whether the SQL Server is configured for case-sensitive passwords.
Sample Routine for Generating a PAP Authentication SQL Procedure
The following example routine creates a procedure named CSNTAuthUserPap in Microsoft SQL Server, the default procedure that ACS uses for PAP authentication. Table and column names that could vary for your database schema appear in variable text. For your convenience, the ACS product CD includes a stub routine for creating a procedure in SQL Server or Oracle. For more information about data type definitions, procedure parameters, and procedure results, see ODBC Database.
                         if exists (select * from sysobjects where id = object_id (`dbo.CSNTAuthUserPap') and
                         sysstat & 0xf = 4)drop procedure dbo.CSNTAuthUserPap
                         GO
                         CREATE PROCEDURE CSNTAuthUserPap
                         @username varchar(64), @pass varchar(255)
                         AS
                         SET NOCOUNT ON
                         IF EXISTS( SELECT username
                         FROM users
                         WHERE username = @username
                         AND csntpassword = @pass )
                         SELECT 0,csntgroup,csntacctinfo,"No Error"
                         FROM users
                         WHERE username = @username
                         ELSE
                         SELECT 3,0,"odbc","ODBC Authen Error"
                         GO
                         GRANT EXECUTE ON dbo.CSNTAuthUserPap TO ciscosecure
                         GO
Sample Routine for Generating an SQL CHAP Authentication Procedure
The following example routine creates in Microsoft SQL Server a procedure named CSNTExtractUserClearTextPw, the default procedure that ACS uses for CHAP/MS-CHAP/ARAP authentication. Table and column names that could vary for your database schema appear in variable text. For more information about data type definitions, procedure parameters, and procedure results, see ODBC Database.
                         if exists (select * from sysobjects where id = object_id(`dbo.CSNTExtractUserClearTextPw')
                         and sysstat & 0xf = 4) drop procedure dbo.CSNTExtractUserClearTextPw
                         GO
                         CREATE PROCEDURE CSNTExtractUserClearTextPw
                         @username varchar(64)
                         AS
                         SET NOCOUNT ON
                         IF EXISTS( SELECT username
                         FROM users
                         WHERE username = @username )
                         SELECT 0,csntgroup,csntacctinfo,"No Error",csntpassword
                         FROM users
                         WHERE username = @username
                         ELSE
                         SELECT 3,0,"odbc","ODBC Authen Error"
                         GO
                         GRANT EXECUTE ON dbo.CSNTExtractUserClearTextPw TO ciscosecure
                         GO
Sample Routine for Generating an EAP-TLS Authentication Procedure
The following example routine creates in Microsoft SQL Server a procedure named CSNTFindUser, the default procedure that ACS uses for EAP-TLS authentication. Table and column names that could vary for your database schema appear in variable text. For more information about data type definitions, procedure parameters, and procedure results, see ODBC Database.
                         if exists (select * from sysobjects where id = object_id(`dbo.CSNTFindUser') and
                         sysstat & 0xf = 4) drop procedure dbo.CSNTFindUser
                         GO
                         CREATE PROCEDURE CSNTFindUser
                         @username varchar(64)
                         AS
                         SET NOCOUNT ON
                         IF EXISTS( SELECT username
                         FROM users
                         WHERE username = @username )
                         SELECT 0,csntgroup,csntacctinfo,"No Error"
                         FROM users
                         WHERE username = @username
                         ELSE
                         SELECT 3,0,"odbc","ODBC Authen Error"
                         GO
                         GRANT EXECUTE ON dbo.CSNTFindUser TO ciscosecure
                         GO
Reference:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/d.html#wp355420

Setting up boot WIM... but having trouble setting up the correct NIC driver

I'm trying to setup a network boot with Windows Deployment Services. Pretty straightforward (http://technet.microsoft.com/en-us/library/cc766320.aspx). Problem though is the OOTB Vista & Win2k8 boot.wim file don't include the necessary driver for the NIC card (Intel 82567LM Gigabit NIC). So I'm following these steps outlined here in the MSFT KB (http://support.microsoft.com/kb/923834) but seems I'm not loading the correct driver. I looked in my w500 Vista x64 install that has a working NIC to get the working NIC INF file, but that didn't work. Anyone successfully done this? I'm sure some of the bigger organizations have... just having trouble creating a boot.wim (or modifying the one I've got) to add the correct NIC driver to continue with a PXE boot.
AC
============
ThinkPad w520 | Intel i7 2.5Ghz | 2x 512GB Crucial SSD | 16GB | NVIDIA GeForce Quadro 2000M 2GB | 6.9 Windows Exp Index
Ultrabay DVD + modular Ultrabay 256GB Crucial SSD SATA
Win7 Ultimate x64 | Windows Server 2008 R2 | Win8 Release Preview
ThinkPad x200s | Core2 Duo 1.86 | 256GB Crucial SSD | 4GB | Intel Mobile Chipset Video | 3.4 Windows Exp. Index
Win7 Ultimate x64 | Windows Server 2008 R2

Thanks... I got that far as the boot loader is x86... but I'm trying to figure out which specific INF rather than load all of them as its a manual process.
AC
============
ThinkPad w520 | Intel i7 2.5Ghz | 2x 512GB Crucial SSD | 16GB | NVIDIA GeForce Quadro 2000M 2GB | 6.9 Windows Exp Index
Ultrabay DVD + modular Ultrabay 256GB Crucial SSD SATA
Win7 Ultimate x64 | Windows Server 2008 R2 | Win8 Release Preview
ThinkPad x200s | Core2 Duo 1.86 | 256GB Crucial SSD | 4GB | Intel Mobile Chipset Video | 3.4 Windows Exp. Index
Win7 Ultimate x64 | Windows Server 2008 R2

HTTP.SYS fails to load after ProLiant NIC driver update on Server 2008 R2

Hi team,
This has been driving me crazy for a week and I can't find any reference to solving the problem in Technet or any forums...
I have a ProLiant ML350G5 server that I installed Server 2008 R2 on and migrated all my domain AD, DNS, File Services, Shares and files from SBS2003 (end of life, so let's take that out of the network) - Exchange and SharePoint were not being used so Standard
server 2008 was the choice seeing that the server hardware is 4 years old...
Everything went well, migration was successful, AD was primary and active.
Then (stupidly) I decided I'd better install all the updated drivers and management software from HP. The NIC is showing as an HP NC373i which is a Broadcom BCM5708C. I updated the FLASH in that card (HP utility) and updated the driver to the latest version
7.8.52.0 along with a bunch of other updates all handled by HP's Support Solutions Framework (msi).
After the reboot required, I noticed that the Print Spooler (set to Automatic) didn't start, neither did IIS or Web Services...
Trying to manually start them gives the error that a dependency failed. Now Print Spooler only uses HTTP (no longer a "service" but integrated into the kernel for multiple http connections on the same port and controlled using netsh http command
prompt...) DCOM and RPC. The last 2 are running, so that leaves HTTP as the culprit.
The Event Log shows that HTTP failed to load as "the services cannot be started. Either because it is disabled or because
it has no enabled devices associated with it"
From an administrator cmd prompt, net start http gives the same failure error.
netsh http show servicestate returns "The handle is invalid" - it's not seeing http at all...
OK. If you've read this far, thank you - keep going...
Here's my thinking... Updating the NIC driver has "broken" the association with HTTP.SYS - How to I get that association back?
I uninstalled anything http related, IIS, BITS, Web, Printing Services. Reboot after reboot and still no HTTP. I deleted http.sys from \windows\system32\drivers and did sfc to get windows to give me a clean one. Reboot, still doesn't load so it's not a damaged
http.sys.
I uninstalled EVERYTHING ProLiant, uninstalled the NIC, deleted the bxnd60a.sys driver so Windows would use it's own, rebooted, let it load NIC drivers, set the IP's up again, reboot - still no http.sys loading...
I've tried older versions of drivers from Broadcom, the latest version of drivers, still in the same hole...
Does anyone know how I can get HTTP.SYS to associate with the NIC? Can I do anything in the registry to achieve this? Do I have to do a System State Backup (is that the only way to preserve the AD and DNS?) scrub the server and start from scratch and then
restore the System State to get my AD and DNS back? If I do that will it bring the http.sys fault back?
I'm really at a loss - please, someone, please help...

Hi team,
This has been driving me crazy for a week and I can't find any reference to solving the problem in Technet or any forums...
I have a ProLiant ML350G5 server that I installed Server 2008 R2 on and migrated all my domain AD, DNS, File Services, Shares and files from SBS2003 (end of life, so let's take that out of the network) - Exchange and SharePoint were not being used so Standard
server 2008 was the choice seeing that the server hardware is 4 years old...
Everything went well, migration was successful, AD was primary and active.
Then (stupidly) I decided I'd better install all the updated drivers and management software from HP. The NIC is showing as an HP NC373i which is a Broadcom BCM5708C. I updated the FLASH in that card (HP utility) and updated the driver to the latest version
7.8.52.0 along with a bunch of other updates all handled by HP's Support Solutions Framework (msi).
After the reboot required, I noticed that the Print Spooler (set to Automatic) didn't start, neither did IIS or Web Services...
Trying to manually start them gives the error that a dependency failed. Now Print Spooler only uses HTTP (no longer a "service" but integrated into the kernel for multiple http connections on the same port and controlled using netsh http command prompt...)
DCOM and RPC. The last 2 are running, so that leaves HTTP as the culprit.
The Event Log shows that HTTP failed to load as "the services cannot be started. Either because it is disabled or because it has no enabled devices
associated with it"
From an administrator cmd prompt, net start http gives the same failure error.
netsh http show servicestate returns "The handle is invalid" - it's not seeing http at all...
OK. If you've read this far, thank you - keep going...
Here's my thinking... Updating the NIC driver has "broken" the association with HTTP.SYS - How to I get that association back?
I uninstalled anything http related, IIS, BITS, Web, Printing Services. Reboot after reboot and still no HTTP. I deleted http.sys from \windows\system32\drivers and did sfc to get windows to give me a clean one. Reboot, still doesn't load so it's not a damaged
http.sys.
I uninstalled EVERYTHING ProLiant, uninstalled the NIC, deleted the bxnd60a.sys driver so Windows would use it's own, rebooted, let it load NIC drivers, set the IP's up again, reboot - still no http.sys loading...
I've tried older versions of drivers from Broadcom, the latest version of drivers, still in the same hole...
Does anyone know how I can get HTTP.SYS to associate with the NIC? Can I do anything in the registry to achieve this? Do I have to do a System State Backup (is that the only way to preserve the AD and DNS?) scrub the server and start from scratch and then restore
the System State to get my AD and DNS back? If I do that will it bring the http.sys fault back?
I'm really at a loss - please, someone, please help...

With Cisco Secure ACS For Windows TACACS+, authentication fails with AD

I am setting up a Cisco Secure ACS 4.2 server to act as a TACACS server for Switches and Routers I am using Windows 2003 server for the ACS,
and a Windows 2003 Active Directory server. The AD server is fine, as it is used for many other things.
I have set up ACS as defined nit he installation guide, including all the steps in the 'Member Server' section of the install guide
when using AD as an external database (i.e. setting up the services to run with a domain admin account, setting up a machine called 'CISCO'
on the domain etc).
I've set the unknown user policy to use the Windows database if the internal database doesn;t contain the user details.
If I add a user to the internal database, the authentication goes through fine, with an entry in the 'Passed Authentications' log,
02/24/2010,05:07:03,Authen failed,eXXXX,Network Administrators(NDG) ,X.X.X.X,(Default),Internal error,,(geting error message as INternal Error)
I've scoured google etc, and just cannot come up with any reason why this should be happening.
I've followed all the install guides to the letter. I need to get this up and running as soon as possible,
so am looking forward to finding out if anyone can help me with this one!
THanks and regards
Sharan

Hi Jesse,
Thasts a great answer and Soution.
My previous version was 4.2 and it was installed on 64 bit machine hence getting internal Error.
After this answer i have upgraded it to ACS4.2.1 and its started working fine
Thanks very much for the help
Dipu

Setting privileges in Cisco Secure ACS Version 5.1.0.44

I am setting privileges in Cisco Secure ACS Version 5.1.0.44.
In the command sets from the ACS server, I denied few commands as can be seen in the attached screenshot and selected 'Permit any command that is not in the table below'.
I am unable to see some commands like "Show running-configuration" from the router I was testing. What changes should I do to see all the commands other than the denied commands. Your help will be rated. Thank you.

Hi,
The ACS is able to handle permit or deny commands.
I created a configuration example that will help you to understand command shell.(see attach doc)
Instead of using show running-config please use show config.
also make sure that all the users are using privilege 15.
Regards,

Create a query in SCCM 2012 R2 for NIC Driver Version

Hello,
Is there a way to create a query for the specific NIC driver versions with SCCM 2012 R2? For example I can do this and other descriptors for video i.e.,
select SMS_R_System.Name, SMS_R_System.LastLogonUserName, SMS_R_System.HardwareID, SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model, SMS_G_System_VIDEO_CONTROLLER.DriverVersion, SMS_G_System_VIDEO_CONTROLLER.Description, SMS_G_System_VIDEO_CONTROLLER.VideoProcessor
from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_VIDEO_CONTROLLER on SMS_G_System_VIDEO_CONTROLLER.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Model
like "HP EliteBook Revolve 810 G2" and SMS_G_System_VIDEO_CONTROLLER.Description like "%intel%"
Is there a script that will give the version for NICs?
Thanks Bill

This article provides one way to do it:
http://blogs.technet.com/b/configmgr_geek_speak/archive/2013/11/10/inventorying-and-reporting-network-adapter-driver-details-and-how-to-report-only-the-wireless-type-in-configuration-manager-2012.aspx
Jeff

Cisco Secure ACS

Hi all,
With the Base license, a Cisco Secure ACS 5.6 appliance or software virtual machine can support the deployment of up to 500 network access devices (NADs) such as routers and switches. These are not authentication, authorization, and accounting (AAA) clients. The number of network devices is based on the number of unique IP addresses that are configured.
So, when i have 1 firewall for vpn gateway, and using acs as an aaa server, how much network access device which is counted ? 1 or as many as vpn client connected to the firewall ?
500 network access device means concurrent connection or not ?

ACS is based on the number of NADs (Network Access Devices) like switches, routers, ASAs, etc. So in your example, your Firewall will consume 1 license regardless of the total number of VPN sessions.
With ISE, the licenses are based on the total number of endpoints. So in your example, each VPN session will take a license.
I hope this helps!
Thank you for rating helpful posts!

EAP-TLS witch Cisco Secure ACS

Hi everyone,
we have implemented wpa/leap in our WLAN. We would use certificates for machine authentication. There is a Cisco Secure ACS Server 3.3 installed.
Is it possible to use the ACS self generated certificate without a CA ?
The examples I found on the web describes only the configuration with CSACS with Microsoft CA.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a6b.html
We use Cisco AP1231/AP1232 with 12.3.4JA.
I think for machine authentication we have to install a CA. Let me know, how you think about that issue.
Armin

There are no much options on Client side: MS PEAP, EAP-TLS, EAP-MD5. ACS version 3.3 can generate self-signed certificate (for itself) without the need to install separate CA server. So I'd recommend you to use MS PEAP (PEAP MS-CHAPv2) with self-signed certificate on ACS.

Reporting & Audit Compliance Solutions for Cisco Secure ACS

The Cisco Secure ACS Access Control Server is probably the worlds best selling remote access security solutions and its quite likely that you're already using it! Wouldn't it be great to know exactly what it was doing? Further still, when you have to provide audit documentation regarding your policies and how effective they are, how long does this take and what valuable data remains locked inside the ACS database and logs?
extraxi offer a range of products that deliver a complete solution for harvesting, managing and analyzing your ACS/SBR log data to meet the increasing demands for regulatory compliance (SOX, COBIT) and overall enterprise monitoring and security.
We are proud to supply customers including Intel, Ford, Lego, T-Mobile, US Dept of State, US Army, British Telecom, First Energy, TNT Express, Kodak and JP Morgan and many more so why not take a look at our industry leading solutions and evaluate the benefits for your organization...
Featured Products:
* aaa-reports! enterprise edition - Automated Reporting
The best reporting system for Cisco Secure ACS and Funk SBR just got a whole lot better! Improved reports, enhanced filtering and query builder and now with up to 48GB internal storage based on SQL Server technology makes this the ideal solution for large or complex AAA deployments and those that need the additional functionality from the standard aaa-reports! tool.
With aaa-reports! enterprise you have a complete application for reporting including many canned reports (each with flexible filtering options) and a point-n-click query builder for designing custom reports.
For historic trending, forensics and audit compliance there simply is no better reporting application for Cisco Secure ACS or Funk/Juniper SBR.
* csvsync - Automated ACS Database & Log File Collection
csvsync allows you to download CSV log data (RADIUS, TACACS+, Passed/Failed Attempts etc) directly from any number of Cisco Secure ACS servers (Windows & Appliance) via http(s). Version 3.0 now supports the collection of ACS database itself for import into aaa-reports and detailed reporting based on the ACS security policies. Simple, secure and efficient, csvsync is the best solution for harvesting log data from your Cisco Secure ACS servers.
Download fully working 60 day trial versions at http://www.extraxi.com/rq.asp?utm_source=technet&utm_medium=forum
Fore more information please visit http://www.extraxi.com/?utm_source=technet&utm_medium=forum

bump

Reimage cisco 1113 ACS - NIC driver

Similar Messages

Maybe you are looking for