Setup AD integration With SGD
I'm in the process of setting up a test for use of SGD within our organisation. I want to get rid of our current remote access procedure of using PPTP/VPN clients and give the user a complete browser experience. As part of this test I have a Solaris 10 VM running v4.20.983 of the SGD software. My question is now, is there a step by step guide I can follow to configure SGD with Windows 2003 AD integration so I can present remote users with a Windows Terminal Services session within a browser. This session would be a full desktop and not just a remote application?
TIA.
Many thanks for the clarification. Here's the last portion of the jserver log file with some warning errors etc:
2010/02/03 18:52:39.430 (pid 13528) server/ldap/warningerror #1265223159430
Sun Secure Global Desktop Software (4.5) WARNING:
Directory Service Error from host
Active Directory(ldap://172.16.0.5:3268::wm-exchange1.wmnet.local[/172.16.0.5]:[Down])
Message:
Socket timed out: connect timed out
SGD will retry this directory server and if another failure is detected, SGD will failover to the next available directory server.
To troubleshoot this error:
- Verify that this host is contactable.
- Verify that the LDAP service is available.
2010/02/03 18:52:39.430 (pid 13528) server/ad/warningerror #1265223159431
Sun Secure Global Desktop Software (4.5) WARNING:
Failed to connect to the global catalog
Active Directory(ldap://172.16.0.5:3268::wm-exchange1.wmnet.local[/172.16.0.5]:[Down]).
Reason
Socket timed out: connect timed out
Global catalog
Active Directory(ldap://172.16.0.5:3268::wm-exchange1.wmnet.local[/172.16.0.5]:[Down])
cannot be used to retrieve data from the forest.
To help troubleshoot this warning,
- Verify that this global catalog is available on the network.
- Verify that SGD can resolve the global catalog's hostname via DNS.
- Verify that SGD can connect to port 3268 on the global catalog.
- Verify that this server is a global catalog for the forest.
2010/02/03 18:52:54.640 (pid 13528) server/ad/warningerror #1265223174640
Sun Secure Global Desktop Software (4.5) WARNING:
DNS lookup failed to find wm-sgd1
Reason:
javax.naming.ServiceUnavailableException: DNS server failure [response code 2]; remaining name 'wm-sgd1'
wm-sgd1
cannot be used by SGD.
Make sure the DNS server contains a valid entry for this host.
2010/02/03 18:52:54.640 (pid 13528) server/ad/warningerror #1265223174641
Sun Secure Global Desktop Software (4.5) WARNING:
Active Directory service discovery failed
Failed to get IP addresses for the peer DNS name
Current state:
Looking up Global Catalog DNS name: _gc._tcp.WMNET.local. - HIT
Looking for GC on server: Active Directory(ldap://172.16.0.5:3268::wm-exchange1.wmnet.local[/172.16.0.5]:[Up]) - ERROR
Looking for GC on server: Active Directory(ldap://192.168.1.200:3268::wm-office1.wmnet.local[/192.168.1.200]:[Up]) - HIT
Checking for CN=Configuration: DC=WMNET,DC=local - MISS
Checking for CN=Configuration: CN=Configuration,DC=WMNET,DC=local - HIT
Looking up domain root context: DC=WMNET,DC=local - HIT
Looking up site context: CN=Sites,CN=Configuration
Searching for sites: (&(objectClass=site)(siteObjectBL=*)) - HIT
Looking up addresses for peer DNS: wm-sgd1 - HIT
Failed to discover Active Directory Site, Domain and server data.
Make sure the DNS server contains the Active Directory service
records for the forest. Make sure a Global Catalog server is available.
2010/02/03 18:52:54.645 (pid 13528) server/ldap/warningerror #1265223174645
Sun Secure Global Desktop Software (4.5) WARNING:
LDAP call failed:
null lookupLink-.../_ldapmulti/forest/("DC=WMNET,DC=LOCAL")
Call took 35386ms.
Reason:
javax.naming.NameNotFoundException: Failed to get IP addresses for the peer DNS name.
The call to the directory server failed.
Check the operation was correct, the LDAP configuration is valid, and the
LDAP server is still running.
Similar Messages
-
AD Integration with sap abap R/3 system
Hi All,
We are in the planning to setup AD integration with our present sap system, where ad user name is differently maintained and sap user ids are different. we don't have any java systems in our landscape. our requirement is simple , user id and password authentication should be through AD.
However was not able to find any specific implementation guide, it would be great if any one can share the best possible solution with steps to take an approach.
I have already gone through many post but couldn't find any thing suitable for our scenario.
Please help.
Thanks and Regards
JADS.Hi Patrick,
Thanks for the link , we do not have SSO installed ,do we have to installation sso. if yes could you please let me know were can I find the installation Guide for the same.
1. Our requirement is very simple we want achieve the user id disable unable locked unlock through AD and our ad user names and sap user names are different. and we have only abap systems as you mentioned abap does not support ad integration. what will be the best Approch if we have to achieve this in our landscape.
Kindly help since im new to ad integration.
Regards
Jads. -
How To Setup A Local Exchange Server Integrated With Office365 For A Single Mailbox
Hello,
We recently migrated to Office365 but had an issue since we need more than 16 simultaneous connections to a single mailbox. Because of this, we need to deploy a local Exchange Server that will be used to host a single mailbox that requires up to 500 simultaneous
connections for a Contact Center application. I'm looking for information on how to setup the local Exchange Server to basically create a local instance of a mailbox hosted on Office 365. So we can have our application open the numerous simultaneous connections
to our local server which will then connection to Office 365 to send/receive email through the mailbox hosted on Office365.
Please let me know if you have any information or resources you can direct me toward.
Thanks,
ChrisHi,
To deploy local Exchange server integrated with Office 365, we can depend on Exchange Server Deployment Assistant:
http://technet.microsoft.com/en-us/exdeploy2013/Checklist?state=2419-W-AAAAAAAAQAAAAAEAAAAAAAA%7e
Please note that there may be 9646 error if there are many simultaneous connections at the same time.
Thanks,
Angela Shi
TechNet Community Support -
Service desk integration with 3rd party tool
Hi all,
I've problems understanding the setup of connecting a 3rd party service desk tool with solman itsm.
So far it's clear that I need to activate and configure the service provider and consumer in soamanager.
The webservice then will be called by the 3rd party tool with corresponding data.
However, according to spro I need to define a value mapping for incoming/outgoing calls.
I do not understand this mapping... the WSDL of webservice ICT_SERVICE_DESK_API contains lots of fields, but in spro -> value mapping I can only define the following fields (which are hard coded in type pool AIICT):
SAPCategory
SAPComponent
SAPDatabase
SAPFrontend
SAPIncidentID
SAPIncidentStatus
SAPInstNo
SAPOperatingSystem
SAPSoftwareComponent
SAPSoftwareComponentPatch
SAPSoftwareComponentRelease
SAPSubject
SAPSystemClient
SAPSystemID
SAPSystemType
SAPUserStatus
What about attachments, priority etc.?
Will the interface parameters mapped to these ones?
For what purpose do I need to maintain the value mapping?
Can you give me a hint?
Regards, Richard Pietschcan you please check the WIKI Solution manager Service Desk Integration with third party service desk - SAP Solution Manager - Security and Authorizat…
-
Hi!
The setup process fails with this error:
Configuration error code:
0x1C2074D8@1216@1
Configuration error description: There was an error setting private property 'VirtualServerName' to value 'CLUSTER02' for resource 'SQL Server'. Error: Value does not fall within the expected range.
I have found some hints by google, but nothing really helpfull.
Has anyone had a simular problem when installing SQL server 2008 R2?
All posts I found are about sql server 2008 (no R2!).
The cluster itself is working (storage, network, msdtc, quorum...).
Any hints?
Andreas
Here is the complete log:
Overall summary:
Final result: Failed: see details below
Exit code (Decimal): -2067791871
Exit facility code: 1216
Exit error code: 1
Exit message: Failed: see details below
Start time: 2012-04-06 11:23:57
End time: 2012-04-06 12:01:21
Requested action: InstallFailoverCluster
Log with failure: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\Detail.txt
Exception help link: http%3a%2f%2fgo.microsoft.com%2ffwlink%3fLinkId%3d20476%26ProdName%3dMicrosoft%2bSQL%2bServer%26EvtSrc%3dsetup.rll%26EvtID%3d50000%26ProdVer%3d10.50.2500.0%26EvtType%3d0x625969A3%400x294A9FD9
Cluster properties:
Machine name: OC-SQLCL02ND01
Product Instance Instance ID
Feature Language
Edition Version Clustered
Machine name: OC-SQLCL02ND02
Product Instance Instance ID
Feature Language
Edition Version Clustered
Machine Properties:
Machine name: OC-SQLCL02ND01
Machine processor count: 32
OS version: Windows Server 2008 R2
OS service pack: Service Pack 1
OS region: United States
OS language: English (United States)
OS architecture: x64
Process architecture: 64 Bit
OS clustered: Yes
Product features discovered:
Product Instance Instance ID
Feature Language
Edition Version Clustered
Package properties:
Description: SQL Server Database Services 2008 R2
ProductName: SQL Server 2008 R2
Type: RTM
Version: 10
Installation location: G:\x64\setup\
Installation edition: STANDARD
Slipstream: True
SP Level 1
User Input Settings:
ACTION: InstallFailoverCluster
AGTDOMAINGROUP: <empty>
AGTSVCACCOUNT: MANAGEMENT\sqladmin
AGTSVCPASSWORD: *****
ASBACKUPDIR: S:\OLAP\Backup
ASCOLLATION: Latin1_General_CI_AS
ASCONFIGDIR: S:\OLAP\Config
ASDATADIR: S:\OLAP\Data
ASDOMAINGROUP: <empty>
ASLOGDIR: S:\OLAP\Log
ASPROVIDERMSOLAP: 1
ASSVCACCOUNT: MANAGEMENT\sqladmin
ASSVCPASSWORD: *****
ASSVCSTARTUPTYPE: Automatic
ASSYSADMINACCOUNTS: MANAGEMENT\administrator
ASTEMPDIR: S:\OLAP\Temp
CONFIGURATIONFILE: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\ConfigurationFile.ini
CUSOURCE:
ENU: True
ERRORREPORTING: False
FAILOVERCLUSTERDISKS: Cluster Disk 3,Cluster Disk 4,Cluster Disk 5
FAILOVERCLUSTERGROUP: SQL Server (MSSQLSERVER)
FAILOVERCLUSTERIPADDRESSES: IPv4;172.29.2.122;Cluster Network 2;255.255.255.0,IPv4;172.29.3.122;Cluster Network 3;255.255.255.0
FAILOVERCLUSTERNETWORKNAME: CLUSTER02
FARMACCOUNT: <empty>
FARMADMINPORT: 0
FARMPASSWORD: *****
FEATURES: SQLENGINE,REPLICATION,FULLTEXT,AS,RS,BIDS,CONN,IS,BC,SSMS,ADV_SSMS
FILESTREAMLEVEL: 0
FILESTREAMSHARENAME: <empty>
FTSVCACCOUNT: NT AUTHORITY\LOCAL SERVICE
FTSVCPASSWORD: *****
HELP: False
INDICATEPROGRESS: False
INSTALLSHAREDDIR: C:\Program Files\Microsoft SQL Server\
INSTALLSHAREDWOWDIR: C:\Program Files (x86)\Microsoft SQL Server\
INSTALLSQLDATADIR: S:\
INSTANCEDIR: C:\Program Files\Microsoft SQL Server\
INSTANCEID: MSSQLSERVER
INSTANCENAME: MSSQLSERVER
ISSVCACCOUNT: NT AUTHORITY\SYSTEM
ISSVCPASSWORD: *****
ISSVCSTARTUPTYPE: Automatic
PASSPHRASE: *****
PCUSOURCE: d:\install\mssql\sp1
PID: *****
QUIET: False
QUIETSIMPLE: False
RSINSTALLMODE: FilesOnlyMode
RSSVCACCOUNT: MANAGEMENT\sqladmin
RSSVCPASSWORD: *****
RSSVCSTARTUPTYPE: Automatic
SAPWD: *****
SECURITYMODE: SQL
SQLBACKUPDIR: <empty>
SQLCOLLATION: SQL_Latin1_General_CP1_CI_AS
SQLDOMAINGROUP: <empty>
SQLSVCACCOUNT: MANAGEMENT\sqladmin
SQLSVCPASSWORD: *****
SQLSYSADMINACCOUNTS: MANAGEMENT\administrator
SQLTEMPDBDIR: <empty>
SQLTEMPDBLOGDIR: L:\MSSQL10_50.MSSQLSERVER\MSSQL\Data
SQLUSERDBDIR: T:\MSSQL10_50.MSSQLSERVER\MSSQL\Data
SQLUSERDBLOGDIR: L:\MSSQL10_50.MSSQLSERVER\MSSQL\Data
SQMREPORTING: False
UIMODE: Normal
X86: False
Configuration file: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\ConfigurationFile.ini
Detailed results:
Feature: Database Engine Services
Status: Failed: see logs for details
MSI status: Passed
Configuration status: Failed: see details below
Configuration error code:
0x1C2074D8@1216@1
Configuration error description: There was an error setting private property 'VirtualServerName' to value 'CLUSTER02' for resource 'SQL Server'. Error: Value does not fall within the expected range.
Configuration log: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\Detail.txt
Feature: SQL Server Replication
Status: Failed: see logs for details
MSI status: Passed
Configuration status: Failed: see details below
Configuration error code:
0x1C2074D8@1216@1
Configuration error description: There was an error setting private property 'VirtualServerName' to value 'CLUSTER02' for resource 'SQL Server'. Error: Value does not fall within the expected range.
Configuration log: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\Detail.txt
Feature: Full-Text Search
Status: Failed: see logs for details
MSI status: Passed
Configuration status: Failed: see details below
Configuration error code:
0x1C2074D8@1216@1
Configuration error description: There was an error setting private property 'VirtualServerName' to value 'CLUSTER02' for resource 'SQL Server'. Error: Value does not fall within the expected range.
Configuration log: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\Detail.txt
Feature: Analysis Services
Status: Passed
MSI status: Passed
Configuration status: Passed
Feature: Reporting Services
Status: Passed
MSI status: Passed
Configuration status: Passed
Feature: Integration Services
Status: Passed
MSI status: Passed
Configuration status: Passed
Feature: Client Tools Connectivity
Status: Passed
MSI status: Passed
Configuration status: Passed
Feature: Management Tools - Complete
Status: Passed
MSI status: Passed
Configuration status: Passed
Feature: Management Tools - Basic
Status: Passed
MSI status: Passed
Configuration status: Passed
Feature: Client Tools Backwards Compatibility
Status: Passed
MSI status: Passed
Configuration status: Passed
Feature: Business Intelligence Development Studio
Status: Passed
MSI status: Passed
Configuration status: Passed
Rules with failures:
Global rules:
There are no scenario-specific rules.
Rules report file: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\SystemConfigurationCheck_Report.htmHi Andreas Plachy,
Please make sure that the Virtual Server Name ‘CLUSTER02’ is unique on the network. In addition, are there any resources named ‘SQL Server’ on the Windows cluster? If that is the case, you may need to rename the related resources to avoid conflicting with
SQL Server, and try again.
Stephanie Lv
TechNet Community Support -
Integration with mm,sd ,pp
HI,
ALL
I need to now the integration betwwen sd mm pp with fi co i am going to work on an implementation project pls give clear explanation with all steps in all modules related to integration with fi/co. and pls give the effect for field selection in other modules except fi. i am an fi consultant but never worked on integration area . pls send the needful information to this mail id
[email protected] .
thank u all
Regards
chandra.Dear Chandra,
Visit the following links:
http://surya-padhi.net/documents/fi_mm_integration.pdf
http://surya-padhi.net/documents/fi_sd_integration.pdf
http://www.sap-img.com/sap-sd/link-between-sap-sd-mm-and-fi.htm
FI_MM:
1) Define plant OX10
2) Define division OVXB
3) Define storage location OX09
4) Maintain purchasing org
5) Assign plant co code OX18
6) Assign bus area to plant/valuation area and division OMJ7
7) Assign purchasing org to co. code OX01
8) Assign purchasing to plant OX17
9) Create material grp OMSF
10) Creation of purchasing grp OME4
11) Maintain co. codes for material mgt OMSY
12) Define attributes of material types OMS2
13) aintain plant parameters
14) Set tol limits for price variance for purchase order
15) Set tol limits for goods receipt OMC0
16) Maintain default values for tax codes OMR2
17) Set tol limits for invoice verification OMR6
18) Define automatic status change for invoice verification in background
19) Group together valuation areas OMWD
20) Define valuation class OMSK
21) Creation of G/L masters FS00
22) Assignment of accts for automatic postings OBYC
23) Doc types and No. ranges OBA7
24) MM vendor master creation XK01
25) Material master creation MM01
26) Creation of purchase order ME21N
27) Goods receipt MIGO
28) To view material doc MB03
29) Invoice verification MIRO
30) Goods issue for consumption MB1A
31) To view material ledger MB5B
FI-SD:
The basis of the sales process is the sales order. After receiving an inquiry from a customer a sales order has to be created to start the process.
The sales order is generated on the level of the distribution chain. The ordered items may belong to different divisions. The sales order is an SD document and does not lead to posting in Financial Accounting.
After the sales order is entered, the system performs an availability check for the desired delivery date.
At the day of the shipping , a delivery document is created. The delivery is not ready for billing before the goods are picked from the warehouse inventory and posted as goods issue.
For the picking process, the warehouse management functionality is used. A warehouse transfer order has to be created which generates the picking request. The requested goods are picked from the warehouse and prepared for the delivery.
The goods to deliver are posted as goods issued . A goods issue document is created in MM and an accounting document is created in FI to post the goods issued on the right G/L accounts.
The concluding activity in Sales and Distribution is billing . A billing document is created in SD and a printed invoice is sent to the customer. Simultaneously, an FI document is generated to post the receivables and revenues on the right accounts.
1)Insert regions OVK2
2)Define sales organization OVX5
3) Define distribution channel OVX1
4) Define shipping point OVXD
5) Assign sales organization to co.code OVX3
6) Assign distribution channel to sales organization OVXK
7) Assign division to sales org OVXA
8) Assign sales org/distribution channel to plant OVX6
9) Assign shipping point to plant OVXC
10) Setup sales area OVXG
11) Define rules by sales area OVF2
12) Define pricing procedure determination
13) Define tax determination rules
14) Creation of G/L accts FS00
15) Assign G/L accts VKOA
16) Setup partner determination
17) Assign shipping points OVKC
18) Creation of SD customer master XD01
19) Creation of finished goods material master MM01
20) Maintain condition types VK11
Regards,
Naveen. -
SAP B1 8.8 integration with Crystal report
Hi Experts,
Is there different Installer for SAP B1 8.8 version.
I installed crystal report for SAP B1, but I am getting following error
" External connection to database failed. SAP Crystal add on may not function properly. Please rerun the Account setup with Superuser login"
I am login as Super User & When i am trying to open Account Setup , i am getting following error -
" Item - Could not commit action because the item is currently in focus. [ 66000-23]
could you please suggest, possible solution
tks,
Sb1Hi Sb1,
There is no external addon and installer for Crystal report integration with SBO 8.8. Just install SBO8.8 and CR2008 is using for only designing the reports. SAP already incorporated all the related integration in SBO 8.8 version.
Thanks
Sachin -
CRM IC email integration with Google
Dear all,
We have a CRM IC („OnPrem“) prospect. The customer's corporate email system is based on Google.
Would anybody be able to share some information regarding the feasibility of CRM IC ERMS integration
with Google for in and outbound email communication (SCOT interface).
Your input is very much appreciated.
Best regards,
Henrik
Mit freundlichen Grüßen / Best
Regards,
Henrik Vogt
Senior Consultant
SAP Deutschland SE & Co. KG I
Rosenthaler Str. 30 I 10178 Berlin I Germany
M +49 160 90819696 I mailto:[email protected] I http://www.sap.deHello,
I think you're missing one setup step in the client-side groupware integration: the customizing.
In SPRO>CRM>CRM Middleware and related comp-->Settings for client-based synchronization.
The reason why your reply button is inactive is probably due to the missing custo setting. In the custo activity mentioned above you must specify which transaction types you'll use for incoming and outgoing e-mails. If eg the outgoing email transaction type is disabled, the buttons on the screen to send an outgoing e-mail (reply) will also be disabled.
P.S. The setup of client-based groupware integration is also described in building block C31 Activity Management (chapter 3.6) of the SAP best practices on help.sap.com. An installation guide is also available on service.sap.com.
Hope this helps,
Kind regards,
Joost -
Autodiscover not working correctly when Office 365 integrated with Server Essentials 2012 R2
Hello!
This last weekend I setup our server as new and to ease the creation of users, integrated with our Office 365 (which to this point has worked fine) and imported the users. This had a somewhat unexpected side effect in that the import used the email address
as for the user forename and then synced that change back to Office 365 and so needed to enter this information back in on the dashboard which synced back to Office 365. This may or may not have any relevance to our issue below.
I should also point out that we have our own domain name so within the original Office 365 setup we had just one .onmicrosoft.com user with all the rest setup with our own domain name.
At the weekend when it came to the client install, Outlook (2010 or 2013) would fail on the autodiscover with it asking again for credentials but critically displaying a server name of .contoso.com rather than the office365srvr.contoso.com . As I mention,
Office 365 had been operating fine for some time and DNS records where checked and have been set for sometime. I spoke to Office 365 support and after a while come up with a temporary solution (so that I could complete the client installs) of assigning each
user a onmicrosoft address, using that in the new account wizard to pick up the server correctly and then signing in the the Office 365 .contoso.com credentials.
This worked OK to get us past the weekend (although I am having to reset up profiles on quite number of users where they get disconnected but with no credentials box appearing) but isn't a solution. The clients do not see public folders or their archives
and of course we don't want to keep having to reset the profiles.
I'm think that there must be something in the internal network that needs reconfiguring but I don't know what. I have tried pointing the client to an external DNS server just in case the internal DNS server was throwing the autodiscover out but this has
made no difference.Ah - solved my own problem.
Despite the domain DNS record looking OK and the Office 365 Portal domain checker not highlighting any issue, it looks as though the autodiscover is picking up an imap account provided by the web host.
I've added an alias on the local DNS server to point to the Office 365 autodiscover server and this has solved the problem. -
Steps: SNC (Supplier Network Collaboration) Integration with ECC through XI
Hi,
Has anyone worked on the SNC(Supplier Network Collaboration) integration with SAP ECC via SAP XI.
Could you pls share any documentation related to this. And also could anybody tell me the setup required to go ahead with the integration.
Thanks,
SHi Xavier,
SNC integration with XI has predefined mappings. So ask your basis guys to download the XI content for SNC using with PI. Once they deployed you will have a builtin predefined content in XI. Within the predefined content mostly they all are xsl mappings.
If your requirement is with the standard idocs then you can use them directly. Else if their is customization they you may need to change the mappings according to your requirements.
Also check this help:
http://help.sap.com/esoa_scm_snc2007/helpdata/en/index.htm
Regards,
---Satish -
MeetingPlace Video Integration with 3515MCU problem
Hi,
I am trying to setup MeetingPlace Video Integration with a Cisco 3515 MCU and cannot get it to work. The eventlog for MeetingPlace Gateway is giving me errors about the initialization problems. A couple of such errors are:
MPAgent (0x0150) Warning: Conference technology provider initialization failed (0x80040201). err=1
MPVidSvc MPVideo 11:05:52-> CMcuController::processCmdRegAuthorize() Register as administrator failed. UNregistering....
MPVidSvc MPVideo 11:06:02-> CMcuController::uninitialize() Uninitializing CMcuController.......
Both MeetingPlace and MCU conferencing are working as they should, but I can't get the Video Integration working. From what I can tell by these messages, MeetingPlace cannot talk to the MCU to administer conferences. I have setup and configured a user on the MCU for MeetingPlace to use.
Has anyone got MeetingPlace working with a 3515 MCU?
Thanks,
Richard.Richard,
I'm having the same problem but with MCU 3540. This problem begin occur after I change the service number 70. My scenario is 2 sites. Each site have 1 cluster?s CCM, 1 MCU?s 3540 and the main site I have 1 MP system with 1 MP IP gateway and web conference in the same server. What the version of MP and MCU you are using ? I'm using MP V 5.3.333.0 and MCU V 4.2.10. -
ISE integration with Mobile Device Management ( MDM ) help required
Dear Techies,
Am here bring to your notice an different issue and no much resources to support even in PEC or Cisco Document.
We are conduction a Proof Of Concept (PoC) on Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
Setup Brief :
=========
Our Setup has ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory
Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
Activity Brief:
=========
As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
Clarifications Required
================
Wired Scenario - Require some configuration / steps on how to carryout posture for the guest wired users i.e. LAPTOP.
Wireless Scenario
MDM can be integrated to ISE ?
How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
Is MDM will do client provisioning or ISE should do ?
Is MDM send or update patches of Mobile Devices ?
As of now these are the scenarios, kindly revert if any good documents to show this or share your expertise on the Integration Part.
Thanks for Reading...
ArunI would like to avail your valuable inputs to understand on the Client provisioning part for the Mobile Devices/ Laptop. I understand from your reply that MDM integration is not available in the current release ISE 1.1 - That is correct.
Kindly let me know your views or any documents on the following scenarios with the current release in mind
1. User with Mobile devices connecting to Wireless ( both Employee and Guest ) , How the Flow differs for the Employee and Guest. How the client provisioning is done ( i.e. Like Posturing or Compliance Check ).
The posturing and compliance check is done based on the user authentication information (i.e. AD memberOf vs Guest user) combined with the users endpoint (windows, mac osx, or a mobile device), ISE then has a few decisions to make based on the authorization policies. For example, if a Domain User coming from a Windows 7 machine joins the network, then can either use the nac agent, or the web agent. Then you can scan for registry settings, file settings, program requirements, hotfix compliance...and the list goes on. If the user fails a check then you can either assign an acl for the user so they only have guest access, or you can place them into a remediation vlan the options are entirely up to the requirements and however the solution is implemented.
2. User with Laptop connecting to Wireless ( both Employee and Guest ). How the client provisioning is done ( i.e. Like Posturing or Compliance Check ).
Guests are usually redirected to the guest portal which they authenticate and their user group falls within the Guest container that is on the ISE internal database, that is usually coupled with an authorization profile that grants them internet access. For the client provisioning, that is usually done based on the operating system, via profiling (dhcp, and user agent string., netmap...etc) and can be fine tuned for all laptops or to a specific set of users based on their group membership.
3. What are advantages of having ISE also in place for Mobile devices, since most of the Mobile related tasks ( like Authentication, Authorization, Profiling and Posture ) are carried out by MDM. I am checking for the significant advantage of having ISE for Client network having only Mobile devices. Kindly clarify.
Currently the advantage of Cisco ISE is that it supports profiling within wireless and really fits well within a network that has mostly Cisco products since they are all part of of the Borderless security initiative being driven on the backend. The product teams for wireless, wired, security (vpn..etc) and ISE are pretty close in building their solutions so that you can get connected with any device any where (sorry for the sales pitch). The latests wireless code is improving and is going to have support similar to the ios sensor for wired devices where dhcp, cdp, and other attributes can be sent in the radius packet for better profiling decisions. With integration for an MDM platform coming soon, and also support for TACACS rumored (have to verify with your account rep) you have options that really stand out from a unit that only supports MDM. Cisco ISE also comes with a wireless product ID so that makes the budget work when it comes to deploying ISE if you arent looking for enforcement on your wired devices.
4. Do you recommend 802.1X Authentication to use for the Employee and Contractor? The Guest user authentication as Open ?
For internal users and vendors the best option by far is dot1x, almost all operating systems are capable of performing dot1x and the 1.1.1 MR has a piece now that can provision the supplicant for the users, by using scep to enroll certificates or configure peap settings.
There is a feature within the guest portal that allows you to statically assign guests into endpoint group, that feature is called device registration web authentication. It seems like an open network but uses mac filtering to assign these devices to an endpoint without requiring users to enter any credentials. They are presented with an AUP page, once they accept their mac address is mapped to the endpoint group
5. How can we ensure the Encryption of traffic from the Guest user to the NAD ( Network Access devices ) ?
This may be a wireless question but I am sure the encryption is done using AES and using dot1x as the key management here is a brief background for this - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#L2
You can also use the anyconnect client which can provide macsec which is layer 2 encryption for wired - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html
6. We are also looking for VDI ( Citrix, VMware ) solution for the client ( both Employee and Guest ) , how ISE can play a role in securing the VDI environment.
For most thin clients you can perform dot1x authentication on the device itself, however that is something the manufacturer will have to support. This is a little gray for me.
7. Is that any integration required with Citrix or VMware. How the VDI can be offered based on the User role ( i.e. Employee, Contractor or Guest ), since Guest database is available only with ISE, how the checks are made from the VDI environment.
IN ISE there is an identity sequence which can authenticate users in AD first, if the user is not found then it can look in the internal database.
Our solution demands MDM in the integrated solution, As on today ISE cant be integrated with MDM. so what kind of solution we can propose to have MDM and Cisco ISE .Do the clients now enter the network should have already installed the MDM agent (or) any other way of pushing the same to the Client.
Today there is no integration between the devices, the last release time I heard was December for this feature. However it would be best to confirm with your Cisco Account rep on this issue.
Thanks,
Tarik Admani
*Please rate helpful posts* -
SiteMinder integration with the internal and external facing portals
Hi ,
We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
If you maintain 2 diff(external & internal) LDAP Directories in Siteminder Policy Server what about external users which are not exit in portal data source .
I appreciate if anyone can help me for my above query .
Regards
TagHey Tag,
We do have a physical external Portal and a physical internal portal. The both the external and internal are connected to 2 LDAP directories.
For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory. The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
So each one of them is connected to 2 different LDAP Directories.
I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server. Then each of the Policies is configured to connect to the approiate LDAP Directories.
You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server. It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
Hope that helps.
Regards,
Keith -
Ale master data scenario integration with non sap syetem i.e seebeyound
hi
we have a business process scenario integrating with non sap system (i.e seebeyound)
action code itemnumber plant code
a(add) material1 plant 2
d(delete) material 3 plant 6
etc
we have upto one million materials assigned to 300 plants
we have to send all the above data to non-sap system (see beyound)
should we go for a custom idoc and setup the rfc configuration for the two sytems.
or can you please help how to go for this scaneriaothis is not one time.it is on daily basis.
please look at this scenario.what i need is how should i go for ale/idoc scenario for this one
Business case for Heiler Part/Plant Interface:
A key function of the Heiler PBC tool is to provide users a choice
between a "Global Catalog View" (e.g. all parts in the catalog) or a
"Local Catalog View" (e.g. the subset of parts in the catalog that have
a Material Master established for the user's plant in SAP). The "Local
Catalog View" is the default condition and encourages users to procure
parts that are on contract for their plant and potentially already
stocked as an inventory item at their plant. Parts that are not in a
user's "Local Catalog View" can only be procured as a spot buy purchase
order, requiring processing by a buyer.
The new Part/Plant interface is required in order for the Heiler PBC
tool to provide this "Local Catalog View" function. The Heiler
Part/Plant table will document what plants in SAP have a Material Master
record established for each part. SAP will maintain the Heiler
Part/Plant table using this interface. When a user performs a part
search in the Heiler PBC tool, the Part/Plant table determines if a part
is included in the user's "Local Catalog View". -
Performance problem with Integration with COGNOS and Bex
Hi Gems
I have a performance problem with some of my queries when integrating with the COGNOS
My query is simple which gets the data for the date interval : "
From Date: 20070101
To date:20070829
When executing the query in the Bex it takes 2mins but when it is executed in the COGNOS it takes almost 10mins and above..
Any where can we debug the report how the data is sending to the cognos. Like debugging the OLEDB ..
and how to increase the performance.. of the query in the Cognos ..
Thanks in Advance
Regards
AKHi,
Please check the following CA Unicenter config files on the SunMC server:
- is the Event Adapter (ea-start) running ?, without these daemon no event forwarding is done the CA Unicenter nor discover from Ca unicenter is working.
How to debug:
- run ea-start in debug mode:
# /opt/SUNWsymon/SunMC-TNG/sbin/ea-start -d9
- check if the Event Adaptor is been setup,
# /var/opt/SUNWsymon/SunMC-TNG/cfg_sunmctotng
- check the CA log file
# /var/opt/SUNWsymon/SunMC-TNG/SunMCToTngAdaptorMain.log
After that is all fine check this side it explains how to discover an SunMC agent from CA Unicenter.
http://docs.sun.com/app/docs/doc/817-1101/6mgrtmkao?a=view#tngtrouble-6
Kind Regards
Maybe you are looking for
-
Error 1920-Service 'Apple Mobile Device' failed to start.
Hi, When ever I try to install the Apple Mobile Device Support this message shows up "Error 1920-Service 'Apple Mobile Device' failed to start. Verify that you have sufficient privileges to start system services". I have uninstalled itunes multiple
-
Outbound binding exception: No standard agreement found
Hi , I have 2 asynchronous FILE to IDOC scenarios. These scenario work fine most of the times but strangely some times it gives the error OUTBOUND_BINDING_NOT_FOUND (outbound binding exception: No standard agreement found for , <out_BS>, , <IN_BS>, <
-
Hi Experts, At the time of balance carryforward my current year retained earning needs to be transferred to retained earnings (Prior year). I have specified FS items in Items to be carryforward config, despite that it's not getting transfred. It does
-
How can I turn subtitles on & off when playing an MP4 file?
I bought an iPad Air two days ago and I am a total newcomer to the Apple community. Some of my Blu-ray and DVD collection has been ripped to MKV files and I have used Handbrake on my PC to create iPad-optimised MP4 conversions of some of these files.
-
How to fix 2008 MacBook error: load code signature error 4 for file "airportd"?
Macbook doesn't boot, error came up when trying to boot with safe boot with status. I have never had or used Airport Express. I tried rebooting plugged in directly to router and same error occurred. Any suggestions? (Also receiving disk0s2 i o error