Reseting User ddic uflag parameter in Client 00 On Iseries as400 v5r4m0
Hi
I am busy doing a homogenous system copy from my prd system to a new 4th system (for Migration possibilities). I know that at the end of my db copy it will prompt ,me to provide the ddic password. My source system ddic user id (prd) at the moment is locked. I intend backuping up the prd sytem tonight, but i need to reset user ddic first, as whatever gets backed up will come across.
Does anyone know how to reset the uflag paramter of ddic in client 000.
I have only two users in client 000 i.e ddic and sap* and i cant do anythign with sap* as it has no profiles attached to it.(security issue) I know how to do the unlock of the user in oracle i.e
Oracle
Update USR02 set UFLAG=0 where BNAME='DDIC' and MANDT=000.
Can anyone help on the as400 side.
Hi Morga,
If I understand correctly, you just need help how to issue SQL commands natively on the iSeries, is that right?
If so, that's how you'd proceed:
Sign on to the machine via green screen as user <sid>OFR and then type STRSQL. You'll then get as screen that allows you to enter the SQL statement like you suggested it for Oracle.
STRSQL is a product which does not come for free. So, if you do not have that installed, you could use SQLUTIL. SQLUTIL is free, but not per default on the system. (Search for library QGPTOOLS.)
In case you don't have it, read SAP note 68732 for more information of how to get it.
Hope that helps.
Best regards,
Dorothea
Similar Messages
-
Forgot password for client 000 user DDIC
We forgot password for client 000 user DDIC & SAP*
please suggest any one how to recover the password
Thanks in advanceHi,
Pls refer below link explaining step by step details of activating SAP* user login.
[http://forums.sdn.sap.com/thread.jspa?threadID=1497131]
[http://www.sap-img.com/basis/changing-the-default-password-for-sap-user.htm]
Regards, -
SAP* and DDIC passwords for new clients in Sol Man 4.0
Hello all,
I just recently finished a Solution Manager 4.0 on Windows 2003 server box. Then, I performed some of the post installation steps until I had to create a new client. So, I went to scc4 and created a new client. When trying to get access to this new client through SAP*, the default password did not work and the entries were not created in the table usr02. Also, I tried to insert the missing entries into the usr02 table, but had no success after all.
I hope some of you can help on this, because I am stucked on it.
Regards,
Luis Alberto ZeróHi guys ..
i thing you can check in Document Installation guide Solution manager on Page <b>108</b>
If you install a new ABAP or ABAP+Java system, in most cases you do not need to perform the client copy for
the ABAP stack. SAPinst creates three ABAP clients during the installation, client 000, client 001, and client 066.
You can use client 001 for production.
The following procedure describes how to perform a client copy manually. We recommend that you
use client 001 as source client.
<b>Caution</b>
If you want to use a client other than the default of 001 as your production client, you have to reconnect
the Java part to the production client as described in <b>SAP Note 937323</b>.
<b>Procedure</b>
1. Maintain the new client with transaction SCC4.
2. Activate kernel user SAP*:
a) Set the profile parameter
Login/no_automatic_user_sapstar to 0.
b) Restart the application server.
3. Log on to the new client with kernel user SAP* and password PASS.
4. Copy the client with transaction SCCL and profile SAP_CUST.
5. Check the log files with transaction SCC3.
6. Deactivate kernel user SAP*:
a) Reset login/no_automatic_user_sapstar to 1.
<b>Caution</b>
You create SAP system user SAP* on the new client
before resetting
<b>login/no_automatic_user_sapstar.</b>
b) Restart the application server.
rgds
echo -
Unable to access user DDIC and SAP*
+Hi GURUS,+
+I installed solutionmanager 4.0 and i loggen in the system(000) with DDIC user and check the TCODE SICK.+
++When i restarted the server it was not allow me to login awith user DDIC and SAP in 000 client.++*
+It's giving error message:+
+Password log on nolonger possible too many times failed attempts.+
++Could you please help me out is there any way to set DDIC and SAP from windows level(i mean sap inst directry..usr/sap/<sid>/sys/profile)*
Regards
JAnHi,
Unlock it at Database level
UPDATE usr02 SET uflag = 0 WHERE bname = "SAP*" AND mandt = <client number>
Or
Run the sql query at sql prompt and then login to sap with sap* and password "pass".
SQL> delete from usr02 where mandt=<your login client> and banme='SAP*';
Rakesh -
Start SQL Server in single user mode with parameter -m doesn't work well
C:\Windows\system32>net start mssqlserver /m "Microsoft SQL Server Management St
udio - Query"
The SQL Server (MSSQLSERVER) service is starting.
The SQL Server (MSSQLSERVER) service was started successfully.
C:\Windows\system32>sqlcmd -S . -e
1> go
1> select @@servername;
2> go
select @@servername;
myserver
(1 rows affected)
1>
As you can see, I'm still able to connect with sqlcmd prompt to SQL Server. According production doc of SQL Server 2014, it should not be conncting by sqlcmd. it shall only be connected by SSMS.
below the original doc on msdn:
Start SQL Server in Single-User Mode
Provide Feedback
Under certain circumstances, you may have to start an instance of SQL Server
in single-user mode by using the startup option -m. For
example, you may want to change server configuration options or recover a
damaged master database or other system database. Both actions require starting
an instance of SQL Server in single-user mode.
Starting SQL Server in single-user mode enables any member of the computer's
local Administrators group to connect to the instance of SQL Server as a member
of the sysadmin fixed server role. For more information, see Connect to
SQL Server When System Administrators Are Locked
Out.
When you start an instance of SQL Server in single-user mode, note the
following:
Only one user can connect to the server.
The CHECKPOINT process is not executed. By default, it is executed
automatically at startup.
Note
Stop the SQL Server Agent service before connecting to an instance of SQL
Server in single-user mode; otherwise, the SQL Server Agent service uses the
connection, thereby blocking it.
When you start an instance of SQL Server in single-user mode, SQL Server
Management Studio can connect to SQL Server. Object Explorer in Management
Studio might fail because it requires more than one connection for some
operations. To manage SQL Server in single-user mode, execute Transact-SQL
statements by connecting only through the Query Editor in Management Studio, or
use the
sqlcmd utility.
When you use the -m option with sqlcmd or
Management Studio, you can limit the connections to a specified client
application. For example, -m"sqlcmd" limits connections to a
single connection and that connection must identify itself as the
sqlcmd client program. Use this option when you are starting
SQL Server in single-user mode and an unknown client application is taking the
only available connection. To connect through the Query Editor in Management
Studio, use -m"Microsoft SQL Server Management Studio - Query".
ShawnHi Shawn Xiao,
For starting SQL Server instance in single user mode, we can add –m; parameter in SQL Server Configuration Manager, also we can run CMD with ‘Run as administrator’ and input the following statement.
NET START MSSQLSERVER /m
I do a test in SQL Server 2014 Express version, after starting SQL with Single User Mode, SQL Server will only accept one connection. If you connect to SQL Server with a user account, the following error will occur.
Login failed for user ‘domain\username’. Reason: Server is in single user mode. Only one administrator can connect at this time.
However, in your situation, you can connect to SQL Server and run T-SQL statement successfully, it can be due to connection with the administrator account in your sqlcmd.
For more information, you can review the following article.
http://zarez.net/?p=117
Regards,
Sofiya Li
Sofiya Li
TechNet Community Support -
How to login with ddic in newly created client
dear all,
I am using SAP NETWEAVER 7.0 EHP1. I have created a client 400 in production and i want to login with ddic but i dont understand what will be the password for that.As for sap* is pass and for ddic=? . I also use 19920706 for ddic but still it is not allowing to log on.please tell me is it possible to log on with ddic in newly created client. and sap* is working but not ddic.
thanksDear Abhishek,
Before you proceed to Create Jobs & Positions first you check whether the Personnel Actions (PA40) is configured or not. Then after uploading the employeee master data you can proceed to other process.
if PA40 is not configured then Configure in SPRO using PA/PM/Customizing procudures/ Infotype Menus etc. You can also maintain user profile using Tcode. SU3.
All the best.
Rgds,
Vikrant -
How to publish xterm to a specific user on a sun thin client
I need help publishing xterm to a specific user on a sun thin client. tell me how i can do that . also on thin client i have problems mapping keystrokes eg alt+123 on a normal pc doesnt work on a thin client .
Struts has an inbuild Action class for downloading the file from a site use that..
In Struts config...
<action
path="/DownloadFile"
type="com.test.struts.action.DocumentDownloadAction"
parameter="./applications/J2EE/common/file.pdf">
</action>In DocumentDownloadAction,
import java.io.File;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.actions.DownloadAction;
* @author Bala
public class DocumentDownloadAction extends DownloadAction{
protected StreamInfo getStreamInfo(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
try {
String fileLocation = mapping.getParameter(); // Give the path in the server which i have given in Struts config...
String contentType = "application/pdf";
response.setHeader("Content-disposition","attachment; filename= file.pdf");
File file = new File(fileLocation);
return new FileStreamInfo(contentType, file);
}catch(Exception e) {
e.printStackTrace();
//errorHandler(request, response, e);
return null;
} -
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
-
Not able to create J2EE user DDIC in portal
Hi All,
I am trying to configure the BI 7.0 system in EP 7.0. My systems are running on Windows 2003 32 bit edition. SP level is SPS11 & SP10
I have configured the UME where datasource is ABAP system. After using the supportdesk tool I am getting the below three erros in the system.
Import of Web Templates in active version will fail because the J2EE user DDIC is not properly mapped to an ABAP user other than DDIC Maintain a user mapping for J2EE user DDIC - see note 945055 for details
Check could not be executed because retrieval of WebAS ABAP settings failed Check connectivity to WebAS ABAP and make sure the ABAP coding correction from note 937697 is applied in the latest version available
Check could not be executed because retrieval of WebAS ABAP settings failed Check connectivity to WebAS ABAP and make sure the ABAP coding correction from note 937697 is applied in the latest version available
To resolve these issues i tried to create user id DDIC in portal but I am not able to create it. It is giving below error
A user with the specified logon ID already exists; choose a different, unique logon ID
As it is trying to create this user id in ABAP datasource. Please let me know how to create DDIC in J2EE engine where ABAP is the datasource.
Please help me resolve this issue.
Thanks,
ShamboHi,
In defaulttrace.trc I am getting the below errors
#1.5#00055D4A98DC0061000004BC00001610000460FCEAE15F00#1232539295495#com.sap.ip.bi.preexecutionservices.PreexecutionservicesRfcService#sap.com/com.sap.prt.application.rfcframework#com.sap.ip.bi.preexecutionservices.PreexecutionservicesRfcService#Administrator#9873####403302b0e7b311ddbd4500055d4a98dc#SAPEngine_Application_Thread[impl:3]_27##0#0#Fatal#1#/Applications/BI#Plain###Exception caught: com.sap.ip.bi.base.exception.BIBaseRuntimeException: SAX Exception
com.sap.ip.bi.base.exception.BIBaseRuntimeException: SAX Exception
at com.sap.ip.bi.webapplications.runtime.preexecution.impl.PreexecutionDispatcher$DocumentAnalysis.createMutableDocument(PreexecutionDispatcher.java:93)
at com.sap.ip.bi.webapplications.runtime.preexecution.impl.PreexecutionDispatcher.validateDocument(PreexecutionDispatcher.java:571)
at com.sap.ip.bi.preexecutionservices.PreexecutionservicesRfcService.handleRequestForRSWR_PREEXECUTION_PROXY(PreexecutionservicesRfcService.java:109)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.ip.bi.portalrfc.dispatcher.services.BIServicesRfcDispatcherService.handleServiceRequestGeneric(BIServicesRfcDispatcherService.java:283)
at com.sap.ip.bi.portalrfc.dispatcher.services.BIServicesRfcDispatcherService.doHandleRequest(BIServicesRfcDispatcherService.java:177)
at com.sap.ip.bi.portalrfc.services.BIRfcService.handleRequest(BIRfcService.java:235)
at com.sapportals.portal.prt.service.rfc.RFCEngineService.handleEvent(RFCEngineService.java:341)
at com.sapportals.portal.prt.service.rfc.PRTRFCBean.processFunction(PRTRFCBean.java:37)
at com.sapportals.portal.prt.service.rfc.PRTRFCRemoteObjectImpl0_0.processFunction(PRTRFCRemoteObjectImpl0_0.java:118)
at sun.reflect.GeneratedMethodAccessor299.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.services.ejb.session.stateless_sp5.ObjectStubProxyImpl.invoke(ObjectStubProxyImpl.java:187)
at $Proxy119.processFunction(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.services.rfcengine.RFCDefaultRequestHandler.call(RFCDefaultRequestHandler.java:284)
at com.sap.engine.services.rfcengine.RFCDefaultRequestHandler.handleRequest(RFCDefaultRequestHandler.java:219)
at com.sap.engine.services.rfcengine.RFCJCOServer$J2EEApplicationRunnable.run(RFCJCOServer.java:254)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad attribute list. Expected WhiteSpace, / or >:(:main:, row:1, col:59)(:main:, row=1, col=59) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad attribute list. Expected WhiteSpace, / or >:(:main:, row:1, col:59)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
at com.sap.engine.lib.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:127)
at com.sap.ip.bi.webapplications.runtime.preexecution.impl.PreexecutionDispatcher$DocumentAnalysis.createMutableDocument(PreexecutionDispatcher.java:85)
... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad attribute list. Expected WhiteSpace, / or >:(:main:, row:1, col:59)
at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1590)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1710)
at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2843)
at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:229)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:165)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:245)
at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
... 30 more
#1.5#00055D4A98DC0061000004BF00001610000460FCEAE18738#1232539295511#com.sap.ip.bi.base.application.message.impl.MessageBase#sap.com/com.sap.prt.application.rfcframework#com.sap.ip.bi.base.application.message.impl.MessageBase#Administrator#9873####403302b0e7b311ddbd4500055d4a98dc#SAPEngine_Application_Thread[impl:3]_27##0#0#Error#1#/Applications/BI#Plain###A message was generated:
ERROR
Transformer exception while transforming BEx Web templates
com.sap.ip.bi.deploytime.BISP2Jsp SAPXMLTransformer
SAX Exception
Transformer exception while transforming BEx Web templates
com.sap.ip.bi.deploytime.BISP2Jsp SAPXMLTransformer
SAX Exception# -
Hi everyone,
it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ... encrypted
names
name 10.0.1.0 LAN-10-0-1-x
dns-guard
ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif Internal
security-level 100
ip address 10.0.1.254 255.255.255.0
interface Vlan2
nameif External
security-level 0
ip address dhcp setroute
regex BlockFacebook "facebook.com"
banner login This is a monitored system. Unauthorized access is prohibited.
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup Internal
dns domain-lookup External
dns server-group DefaultDNS
name-server 10.0.1.11
name-server 75.153.176.1
name-server 75.153.176.9
domain-name ingo.local
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-10-0-1-x
subnet 10.0.1.0 255.255.255.0
object network Company-IP1
host xxx.xxx.xxx.xxx
object network Company-IP2
host xxx.xxx.xxx.xxx
object network HYPER-V-DUAL-IP
range 10.0.1.1 10.0.1.2
object network LAN-10-0-1-X
access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389
tcp-map Normalizer
check-retransmission
checksum-verification
no pager
logging enable
logging timestamp
logging list Threats message 106023
logging list Threats message 106100
logging list Threats message 106015
logging list Threats message 106021
logging list Threats message 401004
logging buffered errors
logging trap Threats
logging asdm debugging
logging device-id hostname
logging host Internal 10.0.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 10.0.1.11 / asa *****
logging permit-hostdown
mtu Internal 1500
mtu External 1500
ip verify reverse-path interface Internal
ip verify reverse-path interface External
icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo External
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (Internal,External) dynamic interface
object network LAN-10-0-1-x
nat (Internal,External) dynamic interface
object network HYPER-V-DUAL-IP
nat (Internal,External) static interface service tcp 3389 3389
access-group 100 in interface External
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius protocol radius
aaa-server radius (Internal) host 10.0.1.11
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console radius LOCAL
http server enable
http LAN-10-0-1-x 255.255.255.0 Internal
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto ca trustpoint srv01_trustpoint
enrollment terminal
crl configure
crypto ca trustpoint asa_cert_trustpoint
keypair asa_cert_trustpoint
crl configure
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpool policy
crypto ca server
cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
issuer-name CN=...
database path disk0:/LOCAL_CA_SERVER/
smtp from-address ...
publish-crl External 44436
crypto ca certificate chain srv01_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain asa_cert_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain LOCAL-CA-SERVER
certificate <output omitted>
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable External client-services port 44455
crypto ikev2 remote-access trustpoint asa_cert_trustpoint
telnet timeout 5
ssh LAN-10-0-1-x 255.255.255.0 Internal
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh timeout 5
ssh version 2
console timeout 0
no vpn-addr-assign aaa
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd dns 75.153.176.9 75.153.176.1
dhcpd domain ingo.local
dhcpd option 3 ip 10.0.1.254
dhcpd address 10.0.1.50-10.0.1.81 Internal
dhcpd enable Internal
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter use-database
dynamic-filter enable interface Internal
dynamic-filter enable interface External
dynamic-filter drop blacklist interface Internal
dynamic-filter drop blacklist interface External
ntp server 128.233.3.101 source External
ntp server 128.233.3.100 source External prefer
ntp server 204.152.184.72 source External
ntp server 192.6.38.127 source External
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
ssl trust-point asa_cert_trustpoint External
webvpn
port 44433
enable External
dtls port 44433
anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
anyconnect profiles profile1 disk0:/profile1.xml
anyconnect enable
smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
webvpn
anyconnect profiles value profile1 type user
username write.ingo password ... encrypted
username ingo password ... encrypted privilege 15
username tom.tucker password ... encrypted
class-map TCP
match port tcp range 1 65535
class-map type regex match-any BlockFacebook
match regex BlockFacebook
class-map type inspect http match-all BlockDomains
match request header host regex class BlockFacebook
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 1500
id-randomization
policy-map TCP
class TCP
set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
set connection timeout dcd
set connection advanced-options Normalizer
set connection decrement-ttl
policy-map type inspect http HTTP
parameters
protocol-violation action drop-connection log
class BlockDomains
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect dns preset_dns_map dynamic-filter-snoop
inspect http HTTP
service-policy global_policy global
service-policy TCP interface External
smtp-server 199.185.220.249
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
: end
Many thanks,
IngoHi Jose,
here is what I got now:
ASA(config)# sh run | begin tunnel-group
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPool
authorization-required
and DAP debugging still the same:
ASA(config)# DAP_TRACE: DAP_open: CDC45080
DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
DAP_TRACE: Username: tom.tucker, DAP_add_AC:
endpoint.anyconnect.clientversion="3.1.02026";
endpoint.anyconnect.platform="win";
DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
Thanks,
Ingo -
Dear All,
We are having an infrastructure setup of around 500 client computers managed through group policy.
Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
It would be great if you can assist me with the following query.
How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
Can we disable Network Tab on the left hand pane ?
explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.> * explorer.exe is blocked already, but users are able to enter the
> Windows Explorer by clicking on the name which is visible on the
> Start Menu.
You cannot block explorer.exe when you do not replace the shell - the
desktop you see effectively IS explorer.exe...
Your requirement sounds like you need a custom shell:
http://gpsearch.azurewebsites.net/#2812
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Designer Window does not open: User already logged In: Reset Users,Continue
Hi,
When I try to login to Business Objects XI 3.2 data services Desginer-> It opens the 'SAP BusinessObjects Data Services Repository Login' Window. I eneter the ODBC data source, Username and Password correctly.
It gives a message: The following users are already logged on: Do you want to 'Reset users', 'Continue', Exit.
When I click on either 'Reset Users' or 'Continue'.... it opens the splash window, yellow color, 'SAP Business Objects Data Services XI' and hangs there....
I tried re-installing 3.2, but that did not help...
Also the user which it mentions in the error message, The following users are already logged on: , is the user which I use to log in to my system.
Could anyone pls suggest, how do I resolve this, so that it opens the 'Designer window'.Hello LaRaju
Is better to late than never...
when you start BO you have got "cannot initialize application BODI 1270039" error message.
I got that message on Business Objects XI 3.2 installation.
Root cause of problem - BO uninstaller dont delete keys from Windows registry.
you should to do next:
1) uninstall BO when uninstaller asked you for reload your PC ask - NO (later)
2) load registry editor
3) find HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects
4) delete that branch
5) go to the BO installation directory -delete it with all content
6) reload your PC
7) repeat installation process
after that all will be work fine
Regards
Kanstantsin Chernichenka -
How to save user name and password on client tool
Hi,
In our landscape, few users are using webi rich client tool to work offline. They are entering login credentials manually everytime. Is there any way to save the user id and password, so that user can login without manually entering the login credentials everytime. Please find below my system details. Please anyone help is highly appreciated.
System Details:
Server: BOBI 4.1 SP2
Client tool : BOBI 4.1 SP2
Authentication type : Windows AD
Thanking you in anticipation
Obinna.Hello,
oh yes it is!
The Question is for which Front- Ends?
For the WRC you dont have to do anything as long as the Information under "System" is correct and "Windows AD" is selected under "Authentication. Leave "Username" and "Password" blank.
Just hit "OK" and you are logged in.
Regards
-Seb. -
WLC 4400 issue on "user login policies" parameter.
Hi,
I'm using a Cisco Wireless controller in my company.
(the model is a AIR-WLC4402-50-K9 in 4.2.207.0 version).
The WLAN is configured with WPAv2 AES and 802.1X (PEAP MS-CHAPv2) authentication on an external Microsoft IAS server (2003 R2).
the authentication rely on Active Directory login and password.
The user authentication works fine and the WLAN too.
But it's possible for a single user to log on different laptops with the same AD login and password and use the wireless network.
And it has to be forbiden by "user login policies" parameter set to 1 on the WLC (in security parameters).
Does anybody says if it's a known issue and how to solve this problem?
thanks,
raphael Paviot.Dancampb,
Many thanks , you're right, I have to find the solution on IAS server side.
In fact, I have also applied these commands on the controller and the max-user login works (in the case of an externan radius server).
I have seen it in the "message logs".
(Cisco Controller) config>advanced eap max-login-ignore-identity-response disable
(Cisco Controller) config> netuser maxuserLogin 1
But the problem still remain , because the IAS server is not case sensitive for user logins instead of the Wireless Controller.
For exemple:
raphaelpaviot login and RaphaelPAVIOT login are:
-one user for the IAS server.
-two different users on the WLC.
cordially. -
FW: (forte-users) Copy Input parameter
Peter,
That is the behaviour that I have experienced also, so I do not have such
(anchored service object) attributes in my classes anymore but instead add
that service object attribute as an input parameter to all methods in that
class that require access via that service object attribute.
Alternatively, if access to that anchored service object is only required
in the partition that it was created then overriding the Clone method of
the class to return a NIL value in the service object attribute should
work for you.
Mario Emmi
British Aerospace Australia
-----Original Message-----
From: Peter Sham [SMTP:[email protected]]
Sent: Thursday, 28 October 1999 05:33
To: Forte User Group
Subject: (forte-users) Copy Input parameter
Hi folks,
I have this problem where a "copy input" seems to copy
the service object too.
The case is that I have a service object, say
batchmgrso, for batch processing and an object, say
batchproc, as the process. The batchproc has an
attribute for referencing the batchmgrso as it will
create some other process and submit it to the
batchmgrso.
The problem is whenever a batchproc fails and the
batchmgrso tries to re-submit the object from the
queue, and I use a copy input as the mechanism for
passing in the batchproc to the service object, I can
find that not only does the batchproc get cloned, but
also the batchmgrso. It caused a lot of problem and
bombed the method.
When I changes the mechanism to just input in the
method signature, everything works fine.
So is it a forte feature/bug that a copy input would
clone something so "deeply" that even a SO or archored
object would get clone too. Is there any way to avoid
it?
Regards,
Peter Sham.
=====
For the archives, go to: http://lists.sageit.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: [email protected]Peter,
That is the behaviour that I have experienced also, so I do not have such
(anchored service object) attributes in my classes anymore but instead add
that service object attribute as an input parameter to all methods in that
class that require access via that service object attribute.
Alternatively, if access to that anchored service object is only required
in the partition that it was created then overriding the Clone method of
the class to return a NIL value in the service object attribute should
work for you.
Mario Emmi
British Aerospace Australia
-----Original Message-----
From: Peter Sham [SMTP:[email protected]]
Sent: Thursday, 28 October 1999 05:33
To: Forte User Group
Subject: (forte-users) Copy Input parameter
Hi folks,
I have this problem where a "copy input" seems to copy
the service object too.
The case is that I have a service object, say
batchmgrso, for batch processing and an object, say
batchproc, as the process. The batchproc has an
attribute for referencing the batchmgrso as it will
create some other process and submit it to the
batchmgrso.
The problem is whenever a batchproc fails and the
batchmgrso tries to re-submit the object from the
queue, and I use a copy input as the mechanism for
passing in the batchproc to the service object, I can
find that not only does the batchproc get cloned, but
also the batchmgrso. It caused a lot of problem and
bombed the method.
When I changes the mechanism to just input in the
method signature, everything works fine.
So is it a forte feature/bug that a copy input would
clone something so "deeply" that even a SO or archored
object would get clone too. Is there any way to avoid
it?
Regards,
Peter Sham.
=====
For the archives, go to: http://lists.sageit.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: [email protected]
Maybe you are looking for
-
Receiving Error "A Number Is Out of Range" in Acrobat 8.1.2 and 7.0
I create mapbooks for the county I work at using ESRI's ArcMap ArcEditor. Once the book is done I convert it to PDF so that officers, fire fighters, etc. can open it on their laptops. Recently I started receiving the error "A Number is Out of Range"
-
Can't upgrade from 10.1.3 to 10.4 (Tiger on DVD)
I have an old iMac which I decided to upgrade to Tiger. I added RAM to get to 640 MB. Then I installed the 10.1.3 OS that came with the computer. Now I'm trying to upgrade it to Tiger (10.4) but the computer just spits out the disk whenever I insert
-
CMS Administrator Import Wizard Help
Is there a way to grant privileges/permissions to a user so that the user can use the import wizard to migrate objects, LOV, reports with dynamic cascading parameters, etc? I am the administrator and one of our agencies is looking to use our enterpri
-
Finding my serial number for photoshop elements 10
finding my serial number for photoshop elements 10
-
ITunes could not restore iPhone because the iPhone disconnected
I cannot restore my iPhone from my encrypted backup. iTunes begins the restore process displaying 2 hours remaining and after about 45 minutes I get a message on the screen that iTunes could not restore the iPhone because it disconnected. It also say