Remotely set Security on client computers

Similar Messages

• How can I turn on Remote Apple Events on client computers via MCX?

  I would like to turn on Remote Apple Events on all client computers in our network. Is there some way to push this out via MCX?
  Thanks
  Christian

  I think if there is a way to program a different remote first like a direct tv remote, then you could turn on home sharing and then use either that universal remote or the IOS device. I cannot figure out how to program my direct tv remote for my apple tv though.

• How can I set the desktop image for client computers?

  How can I set the desktop image for client computers using ARD or terminal?

  How can I set the desktop image for client computers using ARD or terminal?

• Cannot set up or modify backup for client computers.

  I am running Windows Server 2012 R2 Essentials and was able to set up back ups for all of my machines when I initially set up the network. All backups were running fine.
  I have added a disk drive to one of my machines and correctly started receiving messages that the drive should be added to the backup. When I try to customize the backup for the machine I get an error pop up with the message ""The
  task "Customize Backup for the computer" did not complete successfully"". I tried all of my other machines and get the same message.
  I also needed to reconnect a machine to the server and in doing so had to disconnect it from the server, losing the backups stored and now I get the message ""The task "Set up Backup for the computer" did not complete successfully""
  and cannot backup this computer.
  I have checked all of the logs and cannot find any definitive errors occurring at the times I have tried to modify or set up backups. Can anyone help?
  Since originally asking this question, the Server 2012 R2 Update applied and now I no longer have Client's, User's or Storage listed on the tabs in the dashboard so I do not know if backups are being done or not. I tried to run the connector on the clients
  but get a forbidden error when I try to connect to the link. does anyone have any suggestions on how to correct these errors?

  Hi,
  Before going further, would you please let me know if the client computers are dynamic disks? Please understand that Windows Server 2012 Essentials does not support backing up and restoring
  dynamic disks on client computers. In addition, if the client backup folder is on the storage pool? At this time, please also run the Windows Server 2012 Essentials BPA to have a general health check on the server, for details, there is a link for your reference:
  Run the Windows Server 2012 Essentials Best Practices Analyzer
  http://technet.microsoft.com/en-us/library/jj713500.aspx
  Hope this helps.
  Best Regards,
  Andy Qi
  Andy Qi
  TechNet Community Support

• Windows Server 2012 Essentials (not R2) - all client computers offline

  The server is Windows Server 2012 Essentials (not R2). I have had this problem ever since I first installed the Windows Server 2012 Essentials server in the summer of 2013 (before R2 was released). The Windows Server 2012 Essentials server shows offline
  for all Devices under Dashboard. (Allow me to add that I just installed another site with Windows Server 2012 Essentials R2, and it was a breeze - all of the computers at the second install site are online.) I have one Windows 8.1 Pro client and the rest
  are Windows 7 Pro clients. The problem occurs on ALL client computers.
  I have removed computers from Devices in Dashboard on the server, rebooted the server, changed the client computer to a workgroup, rebooted the client computer, and reinstalled the connector software on the client computer. Same result. I
  have tried this on a Windows 7 Pro client and a Windows 8.1 Pro client with the same results.
  After running the connector on a client computer and waiting for the server to update its Devices status, if I look under Devices on the server Dashboard, the Windows 8.1 client computer will say online but within 24 hours it goes offline again. The
  Windows 7 client computers never show online. Both computers stay offline - they NEVER show an online status (referring to the status under Devices in Dashboard).
  I should make it clear that the clients can access the server shares with no problem. File synchronization works great. The clients can ping the server and the server can ping the clients. But client backups on the server fail.
  One of the most troublesome things about this problem is that it prevents the client computers from being accessed remotely using the website setup by Anywhere Access. I can login to get remote access to the shared files on the server, but
  the only computer that says "online" is the server. All of the other computers are "offline".
  The server and clients are only using Windows firewall. The clients all use Microsoft Security Essentials for their anti-virus.
  I used a troubleshooting tool that tells me that there are problems with port 6602 on the server, but the clients are all fine with port 6602. I know port 6602 is important for using Anywhere Access but I am still trying to find out more details on that.
  I have checked all of the firewall settings related to port 6602 on the server, and the firewall settings look like the standard Windows settings for this port. I used netstat to find the PID associated with the port, and I looked up the PID to find the service.
  That all looked standard, too.
  I have been working on this problem since the summer of 2013!! Does anyone have ANY suggestions?!!
  HELP!

  Hi,
  Just addition, please check if all necessary Windows updates are installed on those
  “Offline” client computer.
  When connect client computers to the Windows Server 2012 Essentials server by using the Connector software, there
  will be LAUNCHPAD on the client computer. Was this LAUNCHPAD grayed out? Please check if can access Shared Folders via this LAUNCHPAD. Meanwhile, please ping the Windows Server 2012 Essentials via IP address and server name when client computers show as
  Offline. Any find?
  Get Connected in Windows Server Essentials
  In addition, please follow the path on Server and client computer:
  %programdata%\Microsoft\Windows Server\Logs. Did you check any relevant Server-side logs and
  Client-side Logs if find more clues?
  Windows
  Server Essentials 2012/2012 R2 Log Files
  If any update, please feel free to let us know.
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• I can no longer run reports of my client computers

  RDC 3.2.2 I recently need to run some reports of all my client computers. First, I attempted to run report of several computers. It never got beyond "Waiting for report data", so, I attepted to do separate clients, one at a time. Same result. All users are upgraded to the current client. Users are on a 1000BaseT network. Thought it may be 10.5.6 update related, but not all of my users are on Leopard. I have testing a variety of different clinet configs and I cannot generate a report.

  Starting on May 29th, 2008, I noticed that some of the computers that have been added to ARD were showing up with their IP address as 0.0.0.0. Some of the systems could have reports done for them while other would not. At the time, out of 140 computers currently listed, only 120 returned reports.
  After troubleshooting I called Apple to attempt to figure out where this problem may reside. Apple indicated that the IP numbers would get zeroed out when another device takes over the IP address of the client computer. This made sense since we were setup via DHCP. They could not determine why the reporting was not functioning without further troubleshooting through Enterprise support. This would require funding to get additional support.
  On January 22nd, 2009 I called Apple support back and started the support via their Enterprise support. The technician asked if we were using spanning tree with our network switches. I verified with the network team that we are using multicast spanning tree for Semantic Ghost. The technician also asked that I set up ARD on another test computer to see if the problem occurs with that system as well.
  On February 5th I setup both a second system for ARD Admin and a test client computer. In Mid February I set up the SQL database used by ARD to be accessed but other applications, such as a PHP webpage. This would allow me to see what information was in the database without needing to use ARD admin.
  By March 5, I had completed my tests and determined that the information is still being lost using this second computer setup. Keep in mind that the test client computer had been turned off by mid February so its network IP number would be release for another device to use. A few days before I had created a second account on the test ARD admin computer and re-imported the original list of systems used when this test started. This second account did not have the ARD test client computer added into ARD admin. This would allow for reports to be collected for a few days on this system. I then went back to the original account for ARD admin on March 5 and attempted to run the report for the test client. In ARD admin I was not able to acquire any report information. I was, however, able to see the data using the PHP webpage I have created earlier.
  I called Apple back to continue troubleshooting this problem. Remember that we had paid for support for this problem, $199. The technician indicated that the case had been resolved and closed. I explained that the issue was not resolved and troubleshooting was still ongoing. The technician remained adamant that the case was resolved and would not open a new case for further support.
  I spoke with my Technical Director in regards to this. We both called Apple Enterprise support back to see if we could get further support for this unresolved issue. The technician did give us a bit of support, however, he continued to insist that we were adding the client computers in via IP and this was causing our problems. We explained exactly how we have been adding computers into ARD admin; by scanning them through our network and dragging them to the main list, not by adding them by direct IP. The technician then continued to be unclear as to how to go about correcting this situation of lost data. He indicated that when the client computer's IP was taken over by another device the only way to get the client to report again was to remove and re-add the client back in.
  According to the document "ARD 3.1 Admin Guide.pdf"; Chapter 8 page 104, in the section titled "Installing Software on Offline Computers", paragraph 2, it states "When the client comes online, it contacts the Task Server and notifies it of its network state and any setting changes (like a DHCP-assigned IP address change)." Even after reading this statement to the technician he still was not clear as to why the client computers did not update their IP information correctly (from their current 0.0.0.0 IP) when reconnected back to the network.
  Because information is continuing to become lost Apple Remote Desktop is not meeting the needs of our department and the community college for tracking the Macintosh hardware currently in use. It may take an extended time to retrieve requested information if this data does not get reported on in ARD admin. Currently, one of my coworkers is in the process of creating a whitepaper to include alternatives for asset management for the Macintosh community.

• AnyConnect Secure Mobility Client with Oracle ESSO 11.1.1.5

  Hello,
  we are about to implement Oracle SSO for our client whose employees use Cisco AnyConnect Secure Mobility Client 3.0.5080 to access their internal network. The VPN access requires having the correct certificate installed on the client computers and users are required to enter their credentials (the same credentials that are stored in MS AD). All the client computers run Win 7.
  Now - what we want to achieve is following: A client's employee logs into a domain, using domain account and starts the Cisco AnyConnect. The best option would be that the Oracle SSO would take it from here and do the rest in setting up the VPN connection - confirming the pre-selected profile, clicking the connect button, then filling the user credentials (from Oracle SSO database) in and confirming the dialog. Or, which is probably more viable way - the user will start AnyConnect, selecting which network to login in and the SSO will only enter the credentials and submit them to establish the connection.
  So far we have been able to create templates for Oracle SSO to automatically enter the credentials for various applications, including SAP, but we are not able to create working template for AnyConnect. We are able to catch all the fields in the login window - Username, Password, Ok/Submit - when creating the template in ESSO-LM Admin Console but once the template is published to the repository and added to the test user in ESSO-PG, the SSO does not fill the credentials in. We also tried to "bypass this" using SendKeys with no result as well. All other applikcatios work.
  Do you have any experience with such situation or have any hints what can we try?
  Thank you for any answers,
  Ondrej
  PS: I have found https://supportforums.cisco.com/message/3852541. Is it really that the AnyConnect does not allow any application any input?

  Here is a link to an example of configuring AnyConnect to use IKEv2. According to this ASA 8.4 and AnyConnect 3.1 should be ok.
  http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/113692-ac-ikev2-ca-00.html
  HTH
  Rick

• How many client computers can you control with the $79.99 version on Mac App Store?

  I mean client computers by the ones you control, not by the admin computers.

  From: http://www.apple.com/remotedesktop/
  No Per-Client Tax
  Apple Remote Desktop 3 is incredibly affordable. With the Unlimited Managed Systems edition, you can manage any number of client computers — there is no per-client charge.
  Apple's website says Unlimited Managed Systems, There are probable some technical limit, but i've never found it. How many client computers do you want to manage, are they all on the same lan? same subnet?

• Failed to set security on SQL Server registry key. Error: 2

  Hi,
  I have a Primary site (mixed mode) running SCCM 2007 SP1 for many months now with no issues.
  This site is made up of two Win 2008 sp2 servers sharing the SCCM roles:-
  SCCM01 - Site server, DP, RP, PXE and SQL2005 hosting the SCCM database
  SCCM02 – SUP, MP, FSP, SLP
  The SQL2005 on SCCM01 is running under a domain service account called
  domain\service_sccm which is also a sysadmin in SQL as is the SCCM02 server.
  In an effort to resolve the isse I have made this account a Domain Admin.
  I have also used this account to log onto SEC01 to run the Secondary Site installation and to be the SQL Service account.
  I'm now trying to add a Secondary Site on a Domain Controller called SEC01 (also Win2008 sp2) and on the same LAN as the SCCM01/02.
  This is where I get problems.
  I run the installation locally on the Sec Site server (DC) as a Domain Admin and the installation completes OK (all green ticks),
  the ComponentSetup.log and Pre-Reqs are all good as well however when I check the ConfigMgrSetup.log I see the below -
  Failed to set security on SQL Server registry key. Error: 2.
  <11-09-2010 22:46:59> SMS Setup full version is 4.00.6221.1000
  <11-09-2010 22:46:59> Successfully set security on Setup registry key.
  <11-09-2010 22:46:59> Failed to set security on SQL Server registry key. Error: 2
  <11-09-2010 22:46:59> Successfully set security on Identification registry key.
  <11-09-2010 22:46:59> Creating SMS Inbox Source registry key ...
  <11-09-2010 22:46:59> Installing SMS Site Component Manager ...
  <11-09-2010 22:46:59> Installing Site Component Manager under acct <NT AUTHORITY\SYSTEM> path <C:\Program Files (x86)\Microsoft
  Configuration Manager\bin\i386\sitecomp.exe>
  <11-09-2010 22:47:01> Started Site Component Manager service
  <11-09-2010 22:47:01> SMS Site Component Manager installation completed.
  <11-09-2010 22:47:01> Done with service installation
  Adding the PMP role to SEC01 also fails to install and no MPSetup or MPControl logs are created.
  WebDav and win2008 roles, features all added and server fully patched.
  Despooler.log on SCCM01 seems good and passing keys.
  Tried installing to default path and to shortened path such as C:\SCCM
  The new secondary site is listed in the console and an address can be added for the Secondary Site
  BITS Server Extensions and Remote Differential Compression Features are enabled.
  The Group memberships all appear ok:-
  SCCM01
  Local Admins    
  contains the sec site server SEC01, SCCM01, installation accounts
  SMS_SiteToSiteConnection_001              
  SEC01 (the sec site server)
  SMS_SiteSystemToSiteServerConnection_001                 
  SCCM02
  SEC01
  No Local Admins as a DC
  SMS_SiteToSiteConnection_002              
  SCCM01
  SMS_SiteSystemToSiteServerConnection_002     
  empty
  SQL 2005
  This has the account logged in during installation as a sysadmin
  SCCM02 is also sysadmin
  The fundamental issue appears to be that the SEC01$ server account is not being added to SQL Logins (and therefore SCCM database Roles)
  therefore the installation cannot complete.
  I have tried to manually add the SEC01 account to SQL Logins before installation of Sec Site but this did not work.
  Not sure if the fact that SEC01 is a DC may be a factor.
  Appreciate any help if anyone has seen this before or can suggest a resolution.
  Thanks

  After a lot of digging around and head scratching I eventually found the resolution.
  The original thread title Error turned out to be a bit of a red herring in that my failure to deploy Sec Sites came down to two separate issues seemingly unrelated to the error message of the thread title.
  The first part of the resolution was to manually create the SQL Server accounts for the Sec Site Servers and assign them to the smsdbrole_MP DB role to
  let the SQL side of the SCCM install complete a s these were not being created automatically.
  This then left the fact that that the installation of the Sec Site completed successfully according to the install logs in C:\ however the DP and MP would
  never install.
  The big clue was eventually contained in the mpfdm.log errors relating to
  **ERROR: Cannot find path for destination inbox SMS_AMT_PROXY_COMPONENT on server REGISTRY SMS_MP_FILE_DISPATCH_MANAGER 
  and
  **ERROR: Cannot find path for destination inbox Asset Intelligence KB Manager on server REGISTRY SMS_MP_FILE_DISPATCH_MANAGER 
  Thankfully the errors led me to these two blogs:
  http://myitforum.com/cs2/blogs/scassells/archive/2009/07/20/error-cannot-find-path-for-destination-inbox-sms-amt-proxy-component-on-server-registry.aspx
  and
  http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/5fcc53d4-8629-4b34-9eaa-6cb020eedc13/
  As it turned out the SCCM installation registry and folder creation does not complete and I had to manually enter the reg settings as detailed in the
  links above to complete the installation. Once I did as described everything worked a treat – all my MPs and DPs are 100% now.
  Solutions
  Add the following reg keys to each of your effected secondary sites.
  Inbox Fix
  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\MPFDM\Inboxes]
  "Asset Intelligence KB Manager"="E:\\Program Files\\Microsoft Configuration Manager\\inboxes\\AIKbMgr.box"
  "SMS_AMT_PROXY_COMPONENT"="E:\\Program Files\\Microsoft Configuration Manager\\inboxes\\amtproxy.box" 
   Asset Intelligence fix:
   Note: you will need to identify the next largest key value. 
  In my example it was key 49
   Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Inbox Source\Inbox Definitions\49]
  "Inbox Name"="Asset Intelligence KB Manager"
  "Relative Path"="inboxes\\AIKbMgr.box"
  "NAL Path"=""
  "User Rights"=dword:00000000
  "Service Rights"=dword:00000004
  "Monitoring Enabled"=dword:00000001
  "Location Type"=dword:00000001
  "Guest Rights"=dword:00000001
  AMT registry Fix.
    Note: you will need to identify the next largest key value. 
  In my example it was key 50
  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Inbox Source\Inbox Definitions\50]
  "Inbox Name"="SMS_AMT_PROXY_COMPONENT"
  "Relative Path"="inboxes\\amtproxy.box"
  "NAL Path"=""
  "User Rights"=dword:00000000
  "Service Rights"=dword:00000004
  "Monitoring Enabled"=dword:00000001
  "Location Type"=dword:00000001
  "Guest Rights"=dword:00000001
  Big thanks to Shaun Cassells and John Marcum for these blogs

• Problem accessing company resources remotely using Cisco VPN Client

  I connect to my company's network remotely using Cisco VPN client both from a PC (v 4.0.1) and from a MacBook Pro (v 4.9.00)(same configs), and use Remote Desktop to connect to my work computer, and now i'm able to use Citrix to run applications on the company server.
  The problem occurs on the Mac when I'm connecting from a location that uses the same private domain IP as our company's private domain. Our company's private domain is 192.168.1.x, so when I'm using the Mac on a WiFi router that happens to be set to 192.168.1.1, the Mac can connect using VPN but the remote desktop cannot connect to my work computer. Presumably, the Mac doesn't "know" that I'm trying to go through the VPN for the connection and not connect to something locally.
  This problem seems to be unique to the Mac. Every Windows machine with the same client installed has no problems no matter what WiFi I've tried. The Mac works fine on any WiFi that is not 192.168.1.x.
  However, since 192.168.1.x is very common (hotels, airports, etc., its a major problem with the Mac.
  Suggestions are greatly appreciated!
  Also, now that we're moving to Citrix, our administrator has created a webpage on the intranet that we launch applications from, but the Mac cannot find that page when connected to VPN from 192.168.1.x. Same problem.
  Thanks in advance.

  Hi,
  I presume you have split-tunneling activated.
  1. Make sure the 192.168.1.x is on the protected networks and on the MacBook client, disable "Allow local LAN access"
  2. Create a separate group for the Mac users and assgn them a different pool (192.168.100.x )and advertise it in your company to point to the VPN Concentrator.
  3. Use the NAT feature on your VPN concentrator.
  If this helped, please rate.
  Regards,
  Daniel

• Can't login to client computers

  Hello,
  I try to evaluate Leopard Server for my home network and have come to a dead end. The most important task for it would be to share user accounts among several client computers, that is to finally use portable homes. I tried to set up networked accounts as a first step but if I try to login as a user on a client computer the loginwindow only shakes and a error window tells me that an error occured. Nothing more, I dont even know where to look for additional information. Could someone please help me?
  This is what I've done and what works:
  - Setup server with networked home directories.
  - Setup client computers in workgroup manager.
  - Create user accounts in workgroup manager. The network home directories show up in home folder tab while setting up users. The user home is created on the server. Portable homes with syncing ist left for later.
  - Created users show up in the login window list both on server and client. Users can login on the server but not on the client.
  - Using a local admin account on the client I can see the shared folders Groups, Public and Users. In Users I can see the home folder for the networked accounts.
  Thank you very much for any help,
  Markus

  SOLVED..
  my problem was something really silly... The users did not have a value in "home directory" inside the OD.
  You'd think that OSX server puts some default value in there when you create the user. Windows server does it... I guess that was my downfall.
  Anyway. I worked it out the REALLY hard way, which is, corrupting the LDAP database. Thanks to another old windows trick (pull the plug on a machine that doesn't want to shut down) I ended up with a corrupted OD and no backup. So I had to re create it from scratch.
  Whilst doing this I realized that I never tried logging onto the clients with the OD administrator account. Tried it and it worked fine. Then I created a new account and I could not log on to the clients. So I compared the settings between the two accounts and the only difference was the value in "Home directory".
  Live and learn.... Fortunately I only had 5 users to begin with and I hadn't got them to start using the server heavily (only file sharing) until I could upgrade them all to Leopard.... I had setup fairly complex OD groups and permissions... I hope I still have some handwritten notes about that somewhere....

• NAC-L2-802.1x (EAP-FAST) and Cisco Secure Services Client 5.0 in wired net

  Hi!
  (Sorry, if this is a wrong forum.)
  Does anybody have any success with Cisco SSC and EAP-FAST in the wired network?
  I'm going to use NAC, so I'm trying to set up EAP-FAST. I see the pop-up window on the client to enter user credentials and I see a lot of "debug radius" messages on my 3750 12.2(44)SE switch:
  Access-Requests with User-Name="anonymous"
  Access-Challenges (I see certificate is sent from ACS)
  Access-Reject
  CS ACS Failed Attempts Report shows "ACS user unknown" failure for "anonymous".
  So far as I understood, EAP-FAST is a tunneled method and it uses "anonymous" to protect user's identity during phase 0 / phase 1 transactions. The actual username is sent in phase 2 transaction.
  The following is excerpt from the CS ACS documentation:
  "EAP-FAST can protect the username in all EAP-FAST transactions. ACS does not perform user authentication based on a username that is presented in phase one; however, whether the username is protected during phase one depends on the end-user client. If the end-user client does not send the real username in phase one, the username is protected. The Cisco Aironet EAP-FAST client protects the username in phase one by sending FAST_MAC address in place of the username. After phase one of EAP-FAST, all data is encrypted, including username information that is usually sent in clear text."
  SSC 5.0 is indeed set up with "Unprotected Identity Pattern"=anonymous and "Protected Identity Pattern"=[username] using sscManagementUtility.exe
  So, the question is: Why is ACS 4.1 trying to authenticate username "anonymous" if it knows that the user is fake? Does anybody have working configuaration for EAP-FAST in a wired network?
  Any help is greatly appreciated.

  Correct, ACS database wasn't selected on the NAP Authentication page. It works now, but I constantly get the following message in the Windows event log: "The Cisco Secure Services Client service hung on starting". This is Windows 2000 Advanced Server system with SP4. SSC was set up with no domain authentication, no machine authentication, single sign-on. After some time the SSC service starts, but at that time my PC is already put into the guest VLAN by the switch (the tx-period is 10 seconds):
  POD1-SW#sh run int fa1/0/1
  Building configuration...
  Current configuration : 378 bytes
  interface FastEthernet1/0/1
  switchport access vlan 999
  switchport mode access
  dot1x mac-auth-bypass
  dot1x pae authenticator
  dot1x port-control auto
  dot1x timeout reauth-period server
  dot1x timeout tx-period 10
  dot1x reauthentication
  dot1x critical
  dot1x critical recovery action reinitialize
  dot1x guest-vlan 91
  dot1x critical vlan 11
  spanning-tree portfast
  end
  After all the VLAN is reassigned by the switch, but the delay is too high. How can I troubleshoot this?
  Thx.

• Http proxy setting for webservice client.

  Hi !
  I have set the following option for accessing the webservice through the proxy(webservice
  outside the firewall).
  I'm using weblogic v7.0 with sp1.
  -Dweblogic.webservice.transport.http.proxy.host=xxxx
  -Dweblogic.webservice.transport.http.proxy.port=8088
  It works fine and my soap client is able to access the webservice lying outside
  the firewall.
  But when I use the same setting, the soap client fails for accessing the webservice
  which are
  inside the firewall.
  I get "Connection refused".
  Is there any option to specify not to use proxy for specific hosts and ports ?
  For example http.nonProxyHost
  Any pointers will be of great help.
  Thanks
  Kumar Raj

  I have not worked in SoA server, but since it uses weblogic server underlying (I assume), you can try setting the -Dhttp.proxyHost , -Dhttp.proxyPort system properties ( https for secured URL's) to WLS to specify the proxy details. Also the product might not have the capability to pass user credentials for authentication at the proxy. The version of OSB we are using had this problem. To overcome this you might require to add the URL to the proxy free list in your proxy server. This prevents the proxy from prompting for the user name when you access that URL.

• Install anyconnect secure mobility client 3.1 failed on Mac 10.8.2

  Hi guys
  I tried to install cisco anyconnect secure mobility client 3.1 on my Mac laptop, the OS version is 10.8.2,
  though above error occured, the client app canbe found at /Applications/Cisco , but I cannot use it to connect to my VPN network.

  Attached the install logs , hope it's helpful
  Mar  5 23:21:07 localhost Installer[1345]: Cisco AnyConnect VPN Client 3.1.02026 Installation Log
  Mar  5 23:21:07 localhost Installer[1345]: Opened from: /Users/rioliu/Downloads/cisco_anyconnect-3.1.02026.pkg
  Mar  5 23:21:07 localhost Installer[1345]: Product archive /Users/rioliu/Downloads/cisco_anyconnect-3.1.02026.pkg trustLevel=202
  Mar  5 23:21:12 localhost Installer[1345]: InstallerStatusNotifications plugin loaded
  Mar  5 23:21:15 localhost Installer[1345]: ================================================================================
  Mar  5 23:21:15 localhost Installer[1345]: User picked Standard Install
  Mar  5 23:21:15 localhost Installer[1345]: Choices selected for installation:
  Mar  5 23:21:15 localhost Installer[1345]:           Install: "Cisco AnyConnect VPN Client"
  Mar  5 23:21:15 localhost Installer[1345]:           Install: "(null)"
  Mar  5 23:21:15 localhost Installer[1345]:                     cisco_anyconnect-3.1.02026.pkg#vpn_module.pkg : com.cisco.pkg.anyconnect.vpn : 3.1.02026
  Mar  5 23:21:15 localhost Installer[1345]:                     cisco_anyconnect-3.1.02026.pkg#anyconnect_config.pkg : com.oracle.CiscoAnyConnectVPNClientConfig : 3.1.02026
  Mar  5 23:21:15 localhost Installer[1345]: ================================================================================
  Mar  5 23:21:15 localhost Installer[1345]: It took 0.00 seconds to summarize the package selections.
  Mar  5 23:21:15 localhost Installer[1345]: -[IFDInstallController(Private) _buildInstallPlan]: location = file://localhost
  Mar  5 23:21:15 localhost Installer[1345]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/Users/rioliu/Downloads/cisco_anyconnect-3.1.02026.pkg#vpn_module.pkg
  Mar  5 23:21:15 localhost Installer[1345]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/Users/rioliu/Downloads/cisco_anyconnect-3.1.02026.pkg#anyconnect_config.pkg
  Mar  5 23:21:15 localhost Installer[1345]: Set authorization level to root for session
  Mar  5 23:21:19 localhost runner[1348]: Administrator authorization granted.
  Mar  5 23:21:19 localhost Installer[1345]: Will use PK session
  Mar  5 23:21:19 localhost Installer[1345]: Starting installation:
  Mar  5 23:21:19 localhost Installer[1345]: Configuring volume "Macintosh HD"
  Mar  5 23:21:19 localhost Installer[1345]: Preparing disk for local booted install.
  Mar  5 23:21:19 localhost Installer[1345]: Free space on "Macintosh HD": 388.55 GB (388547031040 bytes).
  Mar  5 23:21:19 localhost Installer[1345]: Create temporary directory "/var/folders/0y/kj2nvp7j4yq_sy9m3cxn52wr0000gn/T//Install.1345Wuq5ze"
  Mar  5 23:21:19 localhost Installer[1345]: IFPKInstallElement (2 packages)
  Mar  5 23:21:19 localhost Installer[1345]: Using authorization level of root for IFPKInstallElement
  Mar  5 23:21:19 localhost installd[345]: PackageKit: ----- Begin install -----
  Mar  5 23:21:19 localhost installd[345]: PackageKit: request=PKInstallRequest <2 packages, destination=/>
  Mar  5 23:21:19 localhost installd[345]: PackageKit: packages=(
      "PKLeopardPackage ",
      "PKLeopardPackage "
  Mar  5 23:21:19 localhost installd[345]: PackageKit: Extracting file://localhost/Users/rioliu/Downloads/cisco_anyconnect-3.1.02026.pkg#vpn_module.pkg (destination=/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/Cleanup At Startup/PKInstallSandboxManager/1.sandbox/Root, uid=0)
  Mar  5 23:21:20 localhost installd[345]: PackageKit: update_dyld_shared_cache -overlay /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/Cleanup At Startup/PKInstallSandboxManager/1.sandbox/Root
  Mar  5 23:21:34 localhost installd[345]: PackageKit: prevent user idle system sleep
  Mar  5 23:21:34 localhost installd[345]: PackageKit: suspending backupd
  Mar  5 23:21:34 localhost installd[345]: PackageKit: Executing script "./preinstall" in /private/tmp/PKInstallSandbox.sjtRin/Scripts/com.cisco.pkg.anyconnect.vpn.yM72U9
  Mar  5 23:21:34 localhost install_monitor[1359]: Temporarily excluding: /Applications, /Library, /System, /bin, /private, /sbin, /usr
  Mar  5 23:21:34 localhost installd[345]: PackageKit: Shoving /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/Cleanup At Startup/PKInstallSandboxManager/1.sandbox/Root (4 items) to /
  Mar  5 23:21:34 localhost installd[345]: PackageKit: kextcache -system-caches
  Mar  5 23:21:36 localhost installd[345]: PackageKit: kextcache -update-volume / -Installer
  Mar  5 23:21:52 localhost installd[345]: PackageKit: Executing script "./postinstall" in /private/tmp/PKInstallSandbox.sjtRin/Scripts/com.cisco.pkg.anyconnect.vpn.yM72U9
  Mar  5 23:21:52 localhost installd[345]: ./postinstall: Setting ownership and permissions on installed files
  Mar  5 23:21:52 localhost installd[345]: ./postinstall: Determining import locations
  Mar  5 23:21:52 localhost installd[345]: ./postinstall: Installer package path: /Users/rioliu/Downloads
  Mar  5 23:21:52 localhost installd[345]: ./postinstall: Installer volume path:
  Mar  5 23:21:52 localhost installd[345]: ./postinstall: Installer DMG path:
  Mar  5 23:21:52 localhost installd[345]: ./postinstall: nothing found to load
  Mar  5 23:21:53 localhost install_monitor[1359]: Re-included: /Applications, /Library, /System, /bin, /private, /sbin, /usr
  Mar  5 23:21:53 localhost installd[345]: PackageKit: releasing backupd
  Mar  5 23:21:53 localhost installd[345]: PackageKit: allow user idle system sleep
  Mar  5 23:21:53 localhost installd[345]: PackageKit: Install Failed: Error Domain=PKInstallErrorDomain Code=112 "An error occurred while running scripts from the package “cisco_anyconnect-3.1.02026.pkg”." UserInfo=0x7fcb0430e880 {NSFilePath=./postinstall, NSURL=file://localhost/Users/rioliu/Downloads/cisco_anyconnect-3.1.02026.pkg#vpn_module.pkg, PKInstallPackageIdentifier=com.cisco.pkg.anyconnect.vpn, NSLocalizedDescription=An error occurred while running scripts from the package “cisco_anyconnect-3.1.02026.pkg”.} {
      NSFilePath = "./postinstall";
      NSLocalizedDescription = "An error occurred while running scripts from the package \U201ccisco_anyconnect-3.1.02026.pkg\U201d.";
      NSURL = "file://localhost/Users/rioliu/Downloads/cisco_anyconnect-3.1.02026.pkg#vpn_module.pkg";
      PKInstallPackageIdentifier = "com.cisco.pkg.anyconnect.vpn";
  Mar  5 23:21:53 localhost Installer[1345]: install:didFailWithError:Error Domain=PKInstallErrorDomain Code=112 "An error occurred while running scripts from the package “cisco_anyconnect-3.1.02026.pkg”." UserInfo=0x7fa25caa4ba0 {NSFilePath=./postinstall, NSURL=file://localhost/Users/rioliu/Downloads/cisco_anyconnect-3.1.02026.pkg#vpn_module.pkg, PKInstallPackageIdentifier=com.cisco.pkg.anyconnect.vpn, NSLocalizedDescription=An error occurred while running scripts from the package “cisco_anyconnect-3.1.02026.pkg”.}
  Mar  5 23:21:53 localhost Installer[1345]: Install failed: The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.
  Mar  5 23:21:53 localhost Installer[1345]: IFDInstallController 5CE28DD0 state = 7
  Mar  5 23:21:53 localhost Installer[1345]: Displaying 'Install Failed' UI.
  Mar  5 23:21:53 localhost Installer[1345]: 'Install Failed' UI displayed message:'The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.'.
  Mar  5 23:37:53 localhost Installer[1557]: @(#)PROGRAM:Install  PRO

• Anyconnect Secure Mobility Client, Network Access Module, wired PEAP

  Hello there,
  I am testing AnyConnect Secure Mobility Client, Network Access Module as supplicant with PEAP authentication for wired network users. With default configuration it is working well.  With default configuration it is Trusting any Root CA certificates installed on the OS.  Do you know how to configure NAM that it will validate ACS certificate with specific Root CA Certificate ?
  In Network Access Module profile editor it has two options about Certificates:
  One is Certificate Trusted Authority which has two options by its self  first is too trust any Root CA certificate that is installed on OS, and second is to import Root CA certificate in Profile. Potentially Second option can help in my case, I can manually import Root CA certificates in each profile. But I think it will be hard to update Root CA certificates in future  in that way.
  Second is Certificate Trusted Server Rules,  this option have matching capability by certificate Common Name.  For what can be used this option ?

  Normally the way it works is that you set up your Enterprise Root CA, and then have it issue a certifcate for the AAA server (ie ACS, ISE, etc). You then install this certificate on the AAA server and (in an Active Directory environment) add the Root CA certificate to the client systems local certificate store. What that means is that any certificates (such as the one installed on the AAA server) that are presented to the client that are signed by the root are automatically trusted.
  Server validation is an extra step in terms of proving the identity of the AAA server to the authenticating client. As such, when you build the policy in the NAM editor, it would look similar to the image below:
  I like to use the CN (Common Name) as the match criteria and build my CA issuance policy to always include the FQDN in the certificate for identity purposes.
  Hope this helps!