RSA Secure ID ACE/Server and gateway  IDM

Similar Messages

• Secure ID Ace Server

  We are trying to configure SecurID ACE/Server for Windows (ACE Server version 6.0). We have followed the below steps.
  <ol><li>Installed the Sun IdM Gateway on the NT where the ACE Accounts are being created </li>
  <li>Copied the apidemon from the ACE/Server installation directory to c:\winnt\system32 </li>
  <li>RSA ACE Agent Host added. </li>
  </ol>
  When we check for the Test Configuration we get connection Timed out error with port 9278.
  And with the ports : 8098 java.io.EOFException: \n
  With port 8198 java.net.SocketException: Connection reset\n
  Please help us out with your ideas.
  Thanks
  Swarna

  The port should be 9278. Enable the gateway trace and see if it is logging anything to the trace file.

• Deploying Remote Desktop Server and Gateway

  I have a single Win2008r2 server on my domain that I would like to deploy RDS on and want to add RDS Gateway as well.  Can both run on a single server, and if so, is there a documented order of installation of all the pieces? 
  Thanks

  Try this page -> http://technet.microsoft.com/en-us/library/dd983941(v=ws.10).aspx
  HTH,
  JB

• NB200-13J - No response from DNS server and Gateway

  Hi
  I have netbook NB200-13J with XP SP3. Its impossible to connect in the internet wireless and the error messages are
  THERE IS NO RESPONSE FROM DNS SERVER
  THERE IS NO RESPONSE FROM DEFAULT GATEWAY
  The connection with ethernet cable is ok withe the reltek adpter also the wirless adpter atheros ar9285 is enble, working properly and the signal from the modem router is strong.

  Hi abk55,
  From which program you receive this error message?
  Have you tried another browser, e. g. Firefox or Opera?
  I assume it has something to do with your WLAN card or WLAN settings if the LAN cable works properly. So you should try updating the WLAN driver from the Toshiba website.
  Try also to disable the MAC address filter and use another encryption.

• AP 1200 and RSA Secure ID

  I know a RSA secure ID radius server be used to authenticate to the 1200 access point, and we have to use PEAP. I want to know how does that work... is there a separate pop-up to authenticate to the wep and then the login to the active directory?
  Can someone link me to a CCO document which gives me a good reading on the topic?

  You might want to check out:
  http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_WLAN_PEAP_ACE5.pdf

• RSA SecureID ACE/Server 6.1.2 integration issue with IDM2005Q4M3

  I tried the SecureID adapter with the following steps:
  1.setup the idm gateway on SecureID Server
  2.copy SecureID's apidemon.exe to gateway.exe folder
  3.add the administrator on secureid server and use it on idm resource adapter
  4.run gateway.exe -d -fsso.log -l6
  5.configure the SecureID adapter resource and test configuration is ok
  6.add a rsa_test user on IDM, then assign the SecureID resource to the user
  before step 6 every thing is fine, but the step 6 cause the IDM hangup, nothing response from gateway.
  while I assign the user with SecureID resource in IDM, the gateway trace log print the trace log below and then hanged up:
  01/09/2008 17.44.55.234000 [2464] (../../../../src/wps/agent/securid/SecurIdExtension.cpp,1439): Enter: login
  01/09/2008 17.44.55.234000 [2464] (../../../../src/wps/agent/connect/RAEncryptor.cpp,69): RAEncryptor::Decrypt3DES: input length (8) moded to 1
  my environment:
  idm 2005Q4M3 on linux
  gateway: Sun Java System Identity Manager 6.0 SP1 HF82 on windows 2003 sp1
  RSA SecureID ACE/Server: 6.1.2 on windows 2003 sp1
  Any help on RSA SecureID ACE/Server 6.1.2 integration with IDM2005Q4M3 is greatly appreciated.
  Or anybody can send me some more docs on the integration process and the check point?
  My email: [email protected]
  Please help!
  Edited by: Brave on Jan 9, 2008 4:36 AM

  Found the solution. Problem was the acecInt.dll in the System32 folder was mismatching with the one in the RSA install folder. I copied the dll from the RSA install folder to the System32 and it started to work fine.
  The error i was getting was "Get file operation with no or unknown handle aborted".

• Not able to run a reconciliation from IDM on a the securID/ACE server UNIX

  I have configured a securID/ACE adapter in IDM 7.1 so that it can provision updates of user accounts. RSA 6.1.2 server is running on Linux RHEL 2.6.9. I am able to connect to RSA form IDM, but when I run a reconciliation I get the following error,
  Error iterating accounts for resource RES-User-RSA-Projects:
  com.waveset.util.WavesetException: Trouble constructing User 'null'
  Below is the stack trace that I extracted from IDM (debug): The stack below tells me that IDM is not able to establish a connection to the RSA server. I have made sure that the login account that I am using in the RSA adapter parameters belongs to the same group that owns /opt/ace/utils/tcl/bin/tcl-sd.
  Is there anything else I need to do? Has anybody out there faced a similar issue and found a resolution?
  SecurIdUnixResourceAdapter#getFeatures() Entryno args
  SecurIdUnixResourceAdapter#getFeatures() Exit void
  SecurIdUnixResourceAdapter#getFeatures() Entry no args
  SecurIdUnixResourceAdapter#getFeatures() Exit void
  SecurIdUnixResourceAdapter#getFeatures() Entry no args
  SecurIdUnixResourceAdapter#getFeatures() Exit void
  SecurIdUnixResourceAdapter#getLoginScript() Entry no args
  SecurIdUnixResourceAdapter#getTclshPath() Entry no args
  SecurIdUnixResourceAdapter#getTclshPath() Exit returned= /opt/ace/utils/tcl/bin/tcl-sd
  SecurIdUnixResourceAdapter#getResourceAttributeValue() Entry no args
  SecurIdUnixResourceAdapter#getResourceAttributeValue() Exit returned= 24
  SecurIdUnixResourceAdapter#getResourceAttributeValue() Entry no args
  SecurIdUnixResourceAdapter#getResourceAttributeValue() Exit returned= 2
  SecurIdUnixResourceAdapter#getResourceAttributeValue() Entry no args
  SecurIdUnixResourceAdapter#getResourceAttributeValue() Exit returned= 6
  SecurIdUnixResourceAdapter#getUserExtensionMapNames() Entry no args
  SecurIdUnixResourceAdapter#getUserExtensionMapNames() Exit void
  SecurIdUnixResourceAdapter#getLoginScript() Exit void
  SecurIdUnixResourceAdapter#getAccountIteratorscript() Entry no args
  SecurIdUnixResourceAdapter#procSetup() Entry no args
  SecurIdUnixResourceAdapter#procSetup() Exit void
  SecurIdUnixResourceAdapter#procTearDown() Entry no args
  SecurIdUnixResourceAdapter#procTearDown() Exit void
  SecurIdUnixResourceAdapter#getAccountIteratorscript() Exit void
  SecurIdUnixResourceAdapter#getAccountIteratorResult() Entry no args
  SecurIdUnixResourceAdapter#getAccountIteratorResult() Exit void
  SecurIdUnixResourceAdapter#constructUser() Entry no args
  SecurIdUnixResourceAdapter#constructUser() Info Database connection is not established!
  SecurIdUnixResourceAdapter#getFeatures() Entry no args
  SecurIdUnixResourceAdapter#getFeatures() Exit void

  Anybody out there who has configured SUN IDM to provision into RSA SecureID Ace/Server UNIX? Any help on this is greatly appreciated!

• Rsa/ace server radius authentication

  Hi ,
  I am in the process of setting up cisco routers/swithces to authenticate to an RSA/ACE radius server. Basically I would like it to work as follows.
  SSH/Telnet to router switch.I have ace side configured. I have added the necessary users to authenticate list on agent host.
  Username:joebloggs
  Password : ( rsa secure id token here ). Do I have to authenticate then using enable password or what is best practice here ??
  router>en
  router#
  I have the following lines added so far and need some help on the aaa authentication as there seems to be a lot of options
  aaa new-model
  aaa authentication banner # Connection to this device is for authorized users only #
  aaa authentication fail-message # You are not authorized to log on to this device #
  radius-server host x.x.x.x auth-port 1645 acct-port 1813
  radius-server retransmit 3
  radius-server key xxxxxx

  francis
  if you want users who telnet/SSH to vty ports or who are on the console to authenticate with the radius server you should add something like this to your configuration:
  aaa authentication login default group radius line
  This will send an authentication request to the configured radius server and if there is an error from the radius server (this is different from a negative response) then the router will authenticate using the configured line password. This will work for both telnet and SSH connections and for login from the console.
  You are correct that there are quite a few optional parameters. These are to allow flexibility in what is the primary authentication method and what (if any) fall back methods you wish to use.
  From user mode going to enable mode you could configure the router to use the enable password/enable secret or you can configure it to use radius. I believe that best practice is to use radius rather than the local enable password/enable secret.
  aaa authentication enable default group radius enable
  HTH
  Rick

• Wireless WPA2 + AD + RSA ACE Server possible

  I have a client that wants to use WPA2 authenticated to the Windows Active Directory and also has an RSA ACE Server. The goal os to provide 802.1x security with these 3 devices. I am NOT looking to USE the RSA tokens for this, only the underlying RSA RADIUS service to authenticate clients. Is this possible or do I also need a ACS server?
  The alternative is to use Wireless WPA2 + AD + Windows IAS RADIUS.
  Thanks for any comments,
  Chris Serafin
  Security Engineer
  [email protected]

  Hi Chris,
  I don't think you can use the RSA's radius server without using tokens. If you are looking to authenticate to Active Directory then either use Wireless + IAS + AD or use Wireless + ACS + AD
  There will be no need to bring the RSA into the solution.

• RSA ACE server SYSLOG collector, Parsing help!

  Hi Board.
  I am in a very big hurry for developing a RSA ACE collector script. The
  already released RSA ACE Collector script is file based and the RSA ACE
  server can dump a CSV log report with an interval of a hour as the
  fastest possible interval. This is not at all satisfying for the
  customer which - due to the latest issue with hacking attacks on EMC's
  network both announced in the press and by letter from EMC and to their
  customers - is not at all acceptable. They need to have logic for
  pattern searches and correlation rules that can respond as close to real
  time as possible.
  We have with success and without any troubles or big efforts installed
  the SNARE agent on the RSA ACE Appliance box. We are receiving the
  events from the RSA server correctly (or we are receiving the events as
  unsupported events because the events is not parsed correctly, but all
  the needed information is there) and I have started development of a new
  Collector script based on the Generic Event Collector (Just
  doubleclicked on New Collector script in the Ant menu).
  So far I have tryed some different approaches. I know that I can totaly
  manipulate with the events received from the Source because I can
  pre-set values via the protoEvt.map file. Even further have I been able
  to set some other values in the Parse function by using the rec2Evt.map
  and then hardcode a value to the desired field by using
  rec.-input_record_field-.
  Therefor I am pretty convinced that I am on the right track.
  Now here is my question:
  Based on this copy-pasted s_RXBufferString value (IP addresses and
  host+domain values changed for protecting the customer):
  Code:
  Mar 26 05:48:12 192.168.1.100 hostname[tab]MSWinEventLog[tab]4[tab]Application[tab]14765[tab]Sat Mar 26 10:48:12 2011[tab]1011[tab]ACESERVER6.1[tab]Unknown User[tab]N/A[tab]Information[tab]hostname[tab]Devices[tab][tab][tab]Passcode accepted (Login:'jodo'; User Name:'Doe, John'; Token:'000123456789'; Group:''; Site:''; Agent Host:'remotehost.domain.com'; Server:'serverhost').[tab]14617
  *NB!* Swap out [tab] with tablulator delimiter!
  I have tryed this approach (this is the entire Parse Functiomn):
  Code:
  var ValueArray = this.s_RXBufferString.split("\\t");
  rec.msg = this.s_RXBufferString;
  var SourceInfo = ValueArray[0];
  rec.sun = ValueArray[1];
  //e.InitServiceName = ValueArray[1];
  //rec.Service = ValueArray[1];
  //e.EventTime = ValueArray[5];
  //rec.EvtTime = ValueArray[5];
  //e.VendorEventCode = ValueArray[6];
  rec.evtCode = ValueArray[6];
  e.DeviceName = ValueArray[7];
  rec.sun = ValueArray[8];
  //e.EffectiveUserID = ValueArray[8];
  //var OSInitUser = ValueArray[8];
  //e.InitHostName = ValueArray[11];
  rec.shd = ValueArray[11];
  //ValueArray[12] = ValueArray[12].ltrim();
  var AppSpecificMessage = '';
  for(var t = 12; t<count(ValueArray); t+1)
  AppSpecificMessage += ValueArray[t];
  //e.InitIP = SourceInfo.match("[0-9]+.[0-9]+.[0-9].[0-9]");
  rec.sip = this.s_RXBufferString.match("\d+\.\d+\.\d+\.\d+");
  var A = AppSpecificMessage.search('\(.+\)');
  //e.EventName = 'Debugging RSA';
  //e.EventName = AppSpecificMessage.substring(0,A-1).ltrim();
  rec.evt = AppSpecificMessage.substring(0,A-1).ltrim();
  AppSpecificMessage = AppSpecificMessage.match('\(.+\)');
  // var B = AppSpecificMessage.search(')');
  //var B = AppSpecificMessage.search(')');
  // var BaseInfo = AppSpecificMessage.substring(A+1,B-1);
  // var BaseTmpArray = BaseInfo.split(';');
  // var BaseArray = new Array();
  /*for(var i = 0; i<count(BaseTmpArray); i+1)
  var str = BaseTmpArray[i].ltrim();
  var TempAr = str.split(':');
  BaseArray.push(TempAr[1].substring(1,-1));
  /*var AgentArr = BaseArray[6].split(".");
  AgentArr.reverse();
  AgentArr.pop();
  AgentArr.reverse();
  e.InitHostDomain = AgentArr.join(".");
  //rec.InitDomain = AgentArr.join(".");
  e.InitHostDomain = "corp.ad.local";
  if (ValueArray[10] == "Information")
  rec.sev = "0";
  //e.Severity = "0";
  else if (ValueArray[10] == "Warning")
  rec.sev = "3";
  //e.Severity = "3";
  else if (ValueArray[10] == "Error")
  rec.sev = "4"
  //e.Severity = "4";
  else
  rec.sev = "1";
  //e.Severity = "1";
  //e.InitUserID = BaseArray[0];
  rec.LoginName = BaseArray[0];
  //e.InitUserName = BaseArray[1];
  rec.UserName = BaseArray[1];
  //e.customerVar35 = BaseArray[2];
  //rec.Token = BaseArray[2];
  //e.customerVar36 = BaseArray[5];
  //rec.Agent = BaseArray[5];
  instance.SEND_EVENT = true;
  // parsing logic goes here
  /*if (1==1) { // set SEND_EVENT to true if your parsing logic worked correctly
  instance.SEND_EVENT = true;
  // If you can't parse...
  //rec.sendUnsupported();
  return true;
  But it just laughs at me and wont work. It states that there is a
  parsing error: match function something with input.
  Can you please help me build a logic that will work as intended? It
  should be clear what information or which piece of the text that I try
  map to which Event fields (look at the outcommented bits right above or
  below the ones that point to a rec.something because there I have tryed
  just map the information directly).
  kkrasmussen
  kkrasmussen's Profile: http://forums.novell.com/member.php?userid=20966
  View this thread: http://forums.novell.com/showthread.php?t=435715

  > - I'm not sure I understand why you replace the tabs with '|' just to do
  > the split; why can't you just split on tab? You can also investigate our
  > 'safesplit()' method, which understands quoted delimited strings:
  > Novell Login
  > (not sure that's necessary in this case)
  I replaced the tabs with '|' foir easier regex searchess for both
  numbers, alphanummeric and spaces in same match cases - but with the
  opportunity to index better for those searches because I did not need to
  worry about the tabs being recognised as whitespaces anymore.
  The safesplit works fine with '|' but not for this one:
  Code:
  var AppSpecificArray = AppSpecificMessage.safesplit(";");
  It reports that: "Cannot find function safesplit".
  If I change that to:
  Code:
  var AppSpecificArray = AppSpecificMessage.split(/\;/);
  It reports that: "Cannot find function split".
  > - The 'substring()' method is defined as taking two arguments:
  > from Required. The index where to start the extraction. First character
  > is at index 0
  > to Optional. The index where to stop the extraction. If omitted, it
  > extracts the rest of the string
  > Neither of those two arguments will *ever* be negative - they always
  > count from the beginning of the string. What you're really trying to do
  > is to extract the substring from the beginning +1 character, to the end
  > -2 characters, which is not how substring() works. But you *can* do
  > something like:
  > this.evt = Msg.substring(1,Msg.length - 2);
  >
  Aha I see. Thanks for the info. However, I tried the suggested this.evt
  = Msg.substring(1,Msg.length - 2); but it reports: Cannot call method
  "substring" of null. Remember that I have already testet and verified
  that I do have a value in the Msg variable.
  Here is the newest code. Please notice that I have outcommented the
  desired "result" and is just trying to get something from at least the
  part of the string that I want to parse.
  Code:
  this.msg = this.s_raw_message2;
  var TempTxt = this.s_raw_message2.replace(/\t/g,"|");
  var ValueArray = TempTxt.safesplit("|");
  var SourceInfo = ValueArray[0];
  this.evtCode = ValueArray[6];
  this.sip = TempTxt.match(/\d+\.\d+\.\d+\.\d+/);
  e.DeviceName = ValueArray[7];
  //AppSpecificMessage = TempTxt.match(/(?:\().+(?:\))/);
  var Msg = ValueArray[14].match(/(?:\|)[^\|]+(?:\()/);
  this.evt = Msg.substring(1,Msg.length - 2);
  //this.evt = Msg;
  AppSpecificMessage = ValueArray[14].match(/(?:\().+(?:\))/);
  if (ValueArray[10] == "Information")
  this.sev = "0";
  else if (ValueArray[10] == "Warning")
  this.sev = "3";
  else if (ValueArray[10] == "Error")
  this.sev = "4"
  else
  this.sev = "1";
  if(TempTxt.match(/(?:Login:\')\S+(?:')/) != false)
  //var apptemp = AppSpecificMessage.substring(1,AppSpecificMessage. length - 1);
  //var AppSpecificArray = apptemp.safesplit(";");
  var AppSpecificArray = AppSpecificMessage.safesplit(";");
  for(var c = 0; c<count(AppSpecificArray); c + 1)
  var key = AppSpecificArray[c].split(/:/);
  if (key[0] == "(Login")
  if (key[1] == "''")
  this.iuid = ValueArray[8];
  else
  this.iuid = key[1];
  //this.iuid = key[1].substring(1,key[1].length - 1);
  if (key[0] == " User Name")
  if (key[1] == "''")
  this.sun = "System";
  else
  this.sun = key[1];
  //this.sun = key[1].substring(1,key[1].length - 1);
  if (key[0] == " Agent Host")
  if (key[1] == "'')")
  this.shd = "Unknown Host Domain";
  else
  //var TempArr = key[1].substring(1,key[1].length - 1).safesplit(".");
  var TempArr = key[1].plit(/\./);
  TempArr.reverse();
  TempArr.pop();
  TempArr.reverse();
  this.shd = TempArr.join(".");
  if (key[0] == " Token")
  if (key[1] != "''")
  e.CustomerVar35 = key[1];
  //e.CustomerVar35 = key[1].substring(1,key[1].length - 1);
  else
  this.shd = "Unknown Host Domain";
  this.iuid = ValueArray[8];
  this.sun = "System";
  instance.SEND_EVENT = true;
  return true;
  kkrasmussen
  kkrasmussen's Profile: http://forums.novell.com/member.php?userid=20966
  View this thread: http://forums.novell.com/showthread.php?t=435715

• 802.1x ACS RSA Secure ID/Safeword Token server

  Hello, We are trying to impliment wireless scurity in our network. We want to issue badges with attached tokens so clients can come into our office and login to our wireless network, They would then be prompted for their login and password which would be their Badge ID an their token credentials.
  We are using an airespace wireless security device, We specify ACS as the 802.1x radius server. Airespace is sending the requests to ACS just fine but ACS does not seem to like what it's seeing. We also imported a custom VSA vendor file for the airespace wireless security device. The log below reflects this.
  We have tested by creating local ACS users, and authentication works and we can get onto our network. But when we specify the AAA servers as our Radius Token Server, Set the unknown user DB to that Server and test auth, We are not granted permission to our WLAN. It's as if Cisco does not recognize the PEAP auth information and rejects it by default. We ARE required to get this working with XPSP1, as we would hate to have to install software on every clients laptop.
  A wireless client of ours DID work when we specified EAP-GTC on the client side, But it will never work when we specify PEAP on the client side, We never seem to see communications from ACS to our Safeword token server regardless of what we do(including the successful EAP-GTC login). Our radius strings are correct etc. Safeword is listening on 1812, But also has protols EASSP-1/2 listening on ports we have set manually(are these relevant to our needs?)
  The failed attempts log show "External DB Auth Failed"
  Here is a snip of the CSRadius/RDS.log when we try to auth, when we sniff traffic we see the eap request and the radius reject on the wire, but we never see ACS ask the token server. If anyone can make any suggestions on how we could troubleshoot further/test or make forward progress in any way please do. Thank you all in advance.
  Cisco RDS log attached.

  The problem could be with your Secure ID RSA server.

• Dot1x/ACS3.0/RSA ACE server 5.0

  Hi,
  I tried to configure dot1x (cat6500) with ACS 3.0 and RSA ACE server. In the first step when I configured static password in ACS everything was OK, but when I changed to the external user database I got an error: "Auth type not supported by External DB"
  Does anyone know why?
  Thanks,

  The dot1x supplicant on the PC will use Extensible Authentication Protocol (EAP) authentication to send the username/password. This authentication method cannot be used with an external RSA database, RSA has to use PAP authentication which sends the password in the clear (which is OK because it's a one-time password).
  See http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/o.htm#625794 for details on the external DB's and password protocols. Notice how all the one-time password databases can only use PAP.

• Just upgraded to Yosemite 10.10.2 on my iMac 24 inch and now my Suddenlink POP email account won't accept messages. The message says unable to receive Mail and the warning says: Mail cannot send your password securely to the server. You can remove th

  Yesterday I uploaded Yosemite 10.10.2 thinking it was fixed by now. In Mail, my POP account gets this error message: Mail cannot send your password securely to the server. You can remove this restriction in the Accounts preferences by setting “Allow insecure authentication”, which could put your password at risk.
  My provider says it's an Apple issue. The gmail accounts are logging in fine. Any help? Something simple?
  Thanks anyone.

  Thanks Csound1. That did work and Mail was able to connect to the internet. Green light status. Is it because of my provider that I may never have had secure connections? Is that an Apple thing or do PCs have the same issues? Appreciate your help. I'll research insecure connections as I am ignorant of the consequences.

• Export/import login server and user grup security

  Hi,
  I followed the instructions to export Login server, user group
  security using the ssoexp.csh, secexp.csh. Then I imported the
  login server, and user group security using the ssoimp.csh,
  secimp.csh .
  I then logged into Portal and check the users, all the users are
  imported properly. However, I didn't see any group that are
  supposed to be imported. Do I missing anything?
  The syntax to run the secimp is as follows:
  secimp.csh -s portal30 -p portal30 -o portal30 -m reuse -d
  sec.dmp -c target_database
  The import finished w/o error. How can I see the groups in the
  new portal instance that I tried to import objects in?
  I noticed that the wwsec_group$ in the source area is over 3000,
  and in the target the count is only 10, which is the number of
  group I have before the import. But during the export, I don't
  see the wwsec_group$ table being exported, is that the problem?
  P.S. versions are: 9iAS 1.0.2, portal version 3.0.9.8 on solaris.
  Thanks;
  Kelly.

  This question is best suited to the Oracle9iAS SSO and Portal Security forum.
  Thanks

• No Protection Tools! I have enabled enhanced security. This is Acrobat XI on Windows 7 64-bit. Did same install on a Win8 server and it's fine.

  I just want the protection tools to show on the Tools dropdown! So I can use them...

  Hi Sara,
  Thanks for putting me in the right place. I'm not much of an
  online-community person!
  Here's what happened after your email:
  1. I went into Acrobat and clicked the down arrow as you described. I
  previously had been clicking in the View menu. I saw the Protection
  tools and I was so excited.
  2. So then I clicked on "allow multiple panels open" whereupon the
  Protection tools disappeared! They did not reappear when I unclicked the
  "allow multiple panels open".
  3. Remembered that I hadn't reinstalled the updates after reinstalling
  Acrobat in hopes that would fix this problem, so I installed the
  updates. I'm now on 11.0.07.
  Sadly, still no protection tools appearing in either the View-> Toolsets
  or the down-arrow in the upper-right corners of the Tools panel. Bummer.
  This is so strange, since the same installation worked great on our Win8
  server!
  PNG Karen
  On 2014-06-11 15:14, Sara.Forsberg wrote:
  NO PROTECTION TOOLS! I HAVE ENABLED ENHANCED SECURITY. THIS IS ACROBAT XI ON WINDOWS 7 64-BIT. DID SAME INSTALL ON A WIN8 SERVER AND IT'S FINE.
  created by Sara.Forsberg  in Acrobat Installation & Update Issues - View the full discussion