RME - Compliance Management - Deploy strangeness

Similar Messages

• Ciscoworks 3.2 RME Compliance Management w/ 802.1x Port Configs

  I am currently trying to use LMS 3.2 Compliance management to verify and alter our access port configurations for 802.1x. Below is our current configuration:
  switchport access vlan XX
  switchport mode access
  authentication control-direction in
  authentication event fail retry 0 action authorize vlan XXX
  authentication event no-response action authorize vlan XXX
  authentication port-control auto
  authentication periodic
  dot1x pae authenticator
  dot1x timeout quiet-period 10
  dot1x timeout tx-period 10
  dot1x timeout supp-timeout 10
  dot1x max-req 1
  dot1x max-reauth-req 1
  storm-control broadcast level 75.00
  spanning-tree portfast
  spanning-tree bpduguard enable
  I require the configurations to be changed to:
  switchport access vlan XX
  switchport mode access
  authentication event fail action authorize vlan XXX
  authentication event no-response action authorize vlan XXX
  authentication port-control auto
  authentication periodic
  dot1x pae authenticator
  dot1x timeout tx-period 8
  storm-control broadcast level 10.00
  storm-control multicast level 10.00
  spanning-tree portfast spanning-tree bpduguard enable
  Addtionally, I require LMS to verify that the port is indeed an access port with 802.1x already applied to it before adjusting the configurations. I have tried pushing this compliance check out with a prerequisite of having "switchport mode access" applied to it, and then having the next command set state:
  Submode: interface [#Ethernet*/*/*#]
  - dot1x max-req 1
  - dot1x max-reauth-req 1
  + no dot1x max-req 1
  + no dot1x max-reauth-req 1
  This was a simple test on a single device to see if I could remove the limits on authentication and requests entered. The job states successful and there are no devices that are non-compliant, however no changes to the device configurations have been made. I seek assistance in command syntax or if there is another way to push this out, as I have about 1k network devices to go through and make these changes.

  The following tempalte should do what you want:
  Name: Global     SubMode: No      isPrerequisite: No
  Ordered : No     Prerequisite-Commandset : none     Parent: none
  Name: Switchport     SubMode: Yes      isPrerequisite: Yes
  Ordered : No     Prerequisite-Commandset : none     Parent: none
    interface   [#FastEthernet.*#]
  +[#switchport mode access#]
  Name: 802fix     SubMode: No      isPrerequisite: No
  Ordered : No     Prerequisite-Commandset : Switchport     Parent: Switchport
  -dot1x max-req 1
  -dot1x max-reauth-req 1
  Note that I have changed to [#FastEthernet.*#] to be applied on
  FastEthernet interfaces.

• RME/compliance mgmt - deploy ntp

       Hi,
  Using RME 4.3.0
  I'm trying to deploy new ntp settings across all network infrastructure. I prepare baseline template and check complance. When i try to deploy i'v got this issue:
  Job finished sucessfully, but some of devices are still in pending state. All of this devices "wating" for deploy this command:
  no ntp server X.X.X.X key 1 prefer
  My template looks like this:
  +   ntp   server   A.A.A.A
  +   ntp   server   B.B.B.B
  -  [#ntp   server   (?!A.A.A.A|B.B.B.B).*#]
  Is there any way to change this bahavior? To generate simply: "no ntp server X.X.X.X" instead of "no ntp server X.X.X.X key 1 prefer" while complance check?

  HI,
  This error states that "but some of devices are still in pending state". So, kindly check if you have any device showing under " Pending Devices" category.
  Kindly go to RME > Devices. Post the screenshot of this location here.
  Thanks,
  Gaganjeet

• Does Cisco Prime have a replacement product for NCM or Network Compliance Manager?

  Does the Cisco Prime application development team have a product that replaces the NCM or Network Compliance Manager?

  Both Prime and LMS can do baseline compliance, after a fashion. LMS's is much more mature in my estimation. Prime is more around the lines of deploying templates.
  The regulatory compliance functions as of now are in only LMS's Compliance and Audit Manager (CAAM) function. It's quite useful, matching the baseline compliance features.
  An LMS license is included with PI, but it does need to be on its own server (or separate VM).

• Cisco Works Network Compliance Manage NCM

  I'm working on the Cisco Works Network Compliance Manager.
  I would like to add a device which is behind a firewall.
  For this I use the option bastion host to authen. on the firewall and
  to get access to the device self.
  The problem is the firewall is not listing  to the port 22/23, it a different port number
  like example 1234.
  Is it possible to change the port  manually in a configfile, as the webinterface has no option for this  ?
  I use the version 1.7.1 the latest one.

  Both Prime and LMS can do baseline compliance, after a fashion. LMS's is much more mature in my estimation. Prime is more around the lines of deploying templates.
  The regulatory compliance functions as of now are in only LMS's Compliance and Audit Manager (CAAM) function. It's quite useful, matching the baseline compliance features.
  An LMS license is included with PI, but it does need to be on its own server (or separate VM).

• Sun Identity Compliance Manager Questions

  Hi Everyone,
  We are looking for a complete list of supported managed resources for the Sun Identity Compliance Manager (SICM) tool.
  Also we have the following specific questions:
  1.     Does SICM have connectors/adapters to Solaris 8/9/10 and Oracle EBS (as managed resources) to perform access certification of user accounts and associated entitlements/privileges/roles.
  For example: Can SICM be used to analyze/report on the status of current and newly provisioned Solaris unix-level accounts and associated RBAC roles (say) -or- Oracle EBS accounts and associated roles /responsibilities to identify if they have been certified or have any SOD conflicts?
  2.     Can SICM be implemented as a fully functional stand-alone product as opposed to it being integrated with Sun Identity Manager (SIM) ?
  3.     In a scenario where SIM and SICM are integrated, can SIM do a hand-off to SICM for SOD analysis and checking as part of it account provisioning workflows?
  Any insight and/or pointers will be greatly appreciated!
  Thanks in advance and please let me know if there is a more relevant forum to post this question.
  -TS

  I have resolved the problem, the problem is because of the idmmanager attribute. In onsite they are using some other idm 6.0 with some patch, so they are getting the idm manager attribute but in offshore we dont have any patch installed for getting the idm manager attribute. Do you have any idea about how to get the idm manager attribute in the idm 6.0 with some patch? Thanks for your help ya.

• Compliance Management in B2B

  Hi, can anyone help in how we can answer for Compliance Management in B2B

  Hello,
  Can you please elaborate this query to help us answer better.
  Rgds,Ramesh

• CiscoWorks LMS3.2 device selectability in RME Config Management

  Hello
  All of a sudden we are unable to select individual devices in RME / Config Management, devices appear grayed out, we are able to select the whole device group and run the job but not individual devices. If we go to Device Center we can select individual devices and perform tasks.
  We have tried restarting server (windows) and stopping and starting CW Daemon Manager, not sure what else to look at.
  Thanks in advance.
  carl bagge

  Please try to break the integration with the following procedure:
  CiscoWorks to local login mode (bring down ACS integration)
  1. Stop the daemon manager using:
  On Windows: net stop crmdmgtd
  On Solaris: /etc/init.d/dmgtd stop
  2. Execute the following script:
  On Windows: NMSROOT/bin/perl ResetLoginModule.pl
  On Solaris:/opt/CSCOpx/bin/ResetLoginModule.pl
  3. Start the daemon manager using:
  On Windows: net start crmdmgtd
  On Solaris: /etc/init.d/dmgtd start.
  Note: You must have appropriate privileges on the system
  Windows =  Administrator 
  Solaris = root
  After this check if you are able to perform all the tasks without being integrated with ACS and then integrate again,  but in CW Common Services>Server>Security>AAA Mode Setup, please do not check the Application Registration box.

• Need running java sample for sun access manager deployed on weblogic 8.1

  Hi All,
  I have deployed amserver.war in weblogic 8.1 through amserver.war.
  I am able to login through user amAdmin. It's working fine. I have used file system at the time of configuration of access manager.
  I want to communicate with the sunaccess manager deployed on weblogic through stand alone application. for example i want to access information stored in access manager from application by passing some input. What are the configuration that i need to do for this.
  Use case: I have created a subject(user) now i want to retrieve user information that is stored in access manager or want to authenticate the user by passing the user name and password from a stand alone java application.
  Thanks & Regs,
  Deepak Dabas
  [email protected]
  Edited by: Deepak.Dabas on Jan 16, 2008 9:37 PM

  Deepak.Dabas wrote:
  Hi All,
  I have deployed amserver.war in weblogic 8.1 through amserver.war.
  I am able to login through user amAdmin. It's working fine. I have used file system at the time of configuration of access manager.
  I want to communicate with the sunaccess manager deployed on weblogic through stand alone application. for example i want to access information stored in access manager from application by passing some input. What are the configuration that i need to do for this.
  Use case: I have created a subject(user) now i want to retrieve user information that is stored in access manager or want to authenticate the user by passing the user name and password from a stand alone java application.
  please refer http://docs.sun.com/app/docs/doc/819-4675/6n6qfk0ne?a=view#gbdlr
  http://docs.sun.com/app/docs/doc/819-2139/adubn?a=view
  you need to download the client samples SUNWamclnt from sun.com
  >
  Thanks & Regs,
  Deepak Dabas
  [email protected]
  Edited by: Deepak.Dabas on Jan 16, 2008 9:37 PM

• Compliance Management in LMS 3.2

  I'm having a hard time getting Compliance Manager to accept a "banner login" command I'm attempting to use on 6500 IOS switches. I've edited the template, tried cut-&-paste, looked for the archive file on the server to directly modify it (without success), among other things. I have this feature functioning correctly on CatOS switches, but can't seem to get it properly set on IOS switches. What's the limit, as far as the template is concerned, on the number of characters with this type of command? Where are the archive configs located on the server; in the "shadow" directory?
  Thanks,
  Rick

  Not sure what you mean when you say "not accepting", but I had some trouble with compliance templates and checking banners.  My issue was with multi-line commands as mentioned in the last post of this thread: https://supportforums.cisco.com/message/638950#638950
  Once I put the in the template it worked fine.  The thread is discussing LMS 2.6 but was applicable in my 3.2 environment.  Hope that helps.

• Installing Security and Compliance Manager on Windows 8.1

  Hi
  I am trying to install Security and Compliance Manager on my Windows 8.1 workstation.  The install is trying to install SQL Express 2008 which seems to not be compatible with Windows 8.1 and that is were the install ends.
  I tried installing SQL Express 2012 and then running the install but it looks like the database is not installed.
  Is there a new version of Security and Compliance Manager that addresses this or does anyone know how to set up SQL to accept Compliance Manager?

  Open Regedit and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  Delete this key under Session Manager "PendingFileRenameOperations". Restart the installation and it will work fine.
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Microsoft Security Compliance Manager V3 and create GPO

  I have created a GPO backup from the compliance manager for Windows 7 SP1. I am trying to find documentation for the exact process of importing these settings into a newly created "blank" gpo. In review of the Backup.xml file, I can see that
  it references Contoso.com (the generic MS domain for examples, etc). Is there a clear documented process for configuring the template then creating a domain GPO? Any help is greatly appreciated!
  wjk

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Security Compliance Manager - version 3.0.60

  Does anyone know if this version of Security Compliance Manager supports Windows Server 2012 R2:  
  3.0.60

  Hi sayerdi,
  As this question is related to Security Compliance Manager (SCM), for quick and accurate response, I would like to recommend that you ask the question in the SCM forum at
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement . It is appropriate and more experts will assist you.
  Additionally, there is a similar thread about SCM for Windows Server 2012 R2 for your reference.
  https://social.technet.microsoft.com/Forums/en-US/9a0b831e-5d38-4b26-9191-16286f10ecab/scm-update-for-windows-81-and-windows-2012-r2?forum=compliancemanagement
  Thanks,
  Lydia Zhang

• Microsoft Security Compliance Manager - Failed to installed

  Every time I try to install Microsoft Security Compliance Manager right when I getto the part where I'm installing it, it gives me this error:
  Microsoft Security Compliance Manager Setup Wizard failed while starting the installation/uninstallation The given path's format is not supported.
  Then closing the installation and telling me it failed.
  Please help I need to install this for a class.

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Upgrading from SQL Server 2005 Compact Edition [ENU] to SQL Server 2008 Express Edition OR HIGHER for Microsoft Security Compliance Manager

  I have downloaded the MS Security Compliance Manager, which is in two parts:  MS SQL Server 2008 Express Edition & the SCM. The install instructions state the the server needs to be install before the SCM.  So as the install continues I get
  an error message, which cancels the installation.  So, I am trying to install SQL 2008 EE separate from SCM.  My question is: 
  Can I upgrade from my current SQL Server 2005 Compact Edition [ENU]
  directly to SQL Server 2008 Express Edition (or higher)?

  So as the install continues I get an error message, which cancels the installation. 
  And which error message did you got?
  SQL Server Compact Edition is something different then SQL Server Express (or Standard) Edition, you can't upgrade it as you asked for,.
  Olaf Helper
  [ Blog] [ Xing] [ MVP]