SNMP integration with ISE 1.2
Hi Guys,
Did anyone have a hard time integrating ISE 1.2 with SNMP server for polling system parameters? I'm trying to add ISE 1.2.1 to solarwinds SNMP server but when adding the required parameters like IP address and community string and doing an SNMP test connection it returns a failure message. SNMP configuration on ISE is quit simple. Only two commands are needed which are the SNMP server IP and community string values. Searching on the web, i saw a bug CSCun42967 that documents SNMP problems with ISE 1.2. Could that be the problem? or if there is any limitations for this integration?
Thanks,
Mohammad
Here is the helpful link :
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.pdf
Similar Messages
-
We are doing an LDAP integration with ISE but we are getting following error. We are not able to identiry the problem when we tested the following scenirios.
1. When we check with Anonymous access we are successful and we get the message “ Bind Successful to gluetest.systems.XXXX:3269”
2. When we use the user name and password CN=GRHIIISEPOC,OU=,XXXX, DC=YYYY, DC=ADROOTTEST,DC=YYYY. We are not successful and we get the message “ Test Failed: Invalid Admin Credentials or Security Settings: Check Admin Username and Password and make the security settings are compatible with the server:”
Please confirm is the user id what i am using is not having an admin preveliages or i am entered the parameters correctly.
ThanksDid you use softerra or an ldap browser to pull the dn of this user account.
Thanks
Sent from Cisco Technical Support Android App -
Is ASA integration with ISE and RSA for 2 factor authentication a valid/tested design
Hi,
Customer currently uses ASA to directly integrate with RSA kind of solution to provide 2 factor authentication mechanism for VPN user access. We're considering to introduce ISE to this picture, and to offload posture analysis from ASA to ISE. And the flow we're thinking is to have ASA interface to ISE and ISE interface to RSA and AD backend infrastructure. And we still need the 2 factor authentication to work, i.e., customer gets a SMS code in addition to its login username and password. I'm wondering if ASA/ISE/RSA/AD integrated solution (and with 2 factor authentication to work) is a tested solution or Cisco validate design? Any potential issue may break the flow?
Thanks in advance for any input!
TinaHi,
I have an update for this quite broad question.
I have now came a bit further on the path.
Now the needed Radius Access Attribute are available in ISE after adding them in
"Policy Elements" -> "Dictionaris" -> "System" -> "Radius" -> "Cisco-VPN3000".
I added both the attribute 146 Tunnel-Group-Name which I realy need to achive what I want(select diffrent OTP-backends depending on Tunnel Group in ASA) and the other new attribute 150 Client-Type which could be intresting to look at as well.
Here the "Diagnostics Tools" -> "Generel tools" -> "TCP Dump" and Wireshare helped me understand how this worked.
With that I could really see the attributes in the radius access requests going in to the ASA.
Now looking at a request in "Radius Authentication details" I have
Other Attributes:
ConfigVersionId=29,Device Port=1025,DestinationPort=1812,RadiusPacketType=AccessRequest,Protocol=Radius,CVPN3000/ASA/PIX7.x-Tunnel-Group-Name=SMHI-TG-RA-ISESMS,CVPN3000/ASA/PIX7.x-Client-Type=,CPMSessionID=ac100865000006294FD60A7F,.....
Ok, the tunnel group name attribute seems to be understood correct, but Client-Type just say =, no value for that.
That is strange, I must have defined that wrong(?), but lets leave that for now, I do not really need it for the moment being.
So now when I have this Tunnel-Group-Name attribute available I want to use it in my Rule-Based Authentication Policy.
Problem now is that as soon as I in an expression add a criteria containing Cisco-VPN3000:CVPN3000/ASA/PIX7.x-Tunnel-Group-Name matches .* (just anything), then that row does not match any more. It still work matching against NAS-IP and other attributes.
What could it be I have missed?
Best regards
/Mattias -
Hi Everyone,
I have a issue trying to deploy Flexconnect in WLC integrated with ISE.
In the scenario, the users are working properly through the wireless network and they are able to authenticate, the NAC agent is invoked and everyone can get authorization access to the network using Radius NAC as NAC State. But when we tick the feature ""FlexConnect Local Switching"" and change the users cannot get IP Address from DHCP and the client status in WLC show POSTURE_REQD.
We can see this in ISE that the user is able to authenticate but never get authorization and the NAC state is not showing in the PC.
Any idea about this issue?? This is maybe any limitation or configuration error?
RegardsThere are some documents for this type of deployment:
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080c090eb.shtml
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bcb905.shtml#anc13
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Cisco ISE integration with third-party firewalls
Can Cisco ISE be integrated with a third-party firewall (such as Checkpoint), to provide authentication/authorization services to remote VPN user devices (based on device MAC address)?
The remote user would establish a VPN connection to a third-party firewall, based on a username/password authentication, but the user would only be allowed to send/receive traffic to the internal network if the MAC address of the device being used was authorized by Cisco ISE.
Thank you in advance.Rui,
I do not think the vpn client sends the ip address in a called-station-id, that might be the public ip address that the client is initiating the request from. If you have an existing radius server or can run a packet capture you should be able to verify that.
If the client does send the mac address in the radius packet then you can create a custom condition that can be used to check the mac address along with the username to allow it access to the session. However in VPN deployments there is no concept of profiling since 802.1x deployments usually include the client's mac address.
Thanks,
Tarik Admani
*Please rate helpful posts* -
ISE - Unable to get SNMP information with the community
this is the output on the switch when clicking on a switch interface in authentications monitoring in ise
test2#sh snmpChassis: FOC1330W1K0112 SNMP packets input 0 Bad SNMP version errors 4 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 44 Number of requested variables 0 Number of altered variables 44 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 Input queue packet drops (Maximum queue size 1000)143 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 108 Response PDUs 35 Trap PDUsSNMP global trap: enabledSNMP logging: enabled Logging to xxx.xxx.yyy.5.162, 0/10, 7 sent, 0 dropped. (admin/monitoring)SNMP agent enabled
config of snmp:
snmp-server community snmp-com.public RO 33access-list 3 permit xxx.xxx.kk.0 0.0.0.255access-list 3 permit xxx.xxx.zz.0 0.0.0.255access-list 3 permit xxx.xxx.yyy.0 0.0.0.255 (admin/monitoring)
Unknown community name keeps rising when I click on the switch interface name in ise ... any suggestion ?
Snmp is configured for the switch added to ise with the right community name (v2c - snmp-com.public )
Ise ver 1.1.2.145
thank you for your helpthank you for your feedback and yes the acl in this situation is the only secure option
once again... it's a shame that a security appliance forces you to use unsecure passwords and protocols..
marking your answer as correct
hopefully this thread will help others
thank you again -
ISE integration with Mobile Device Management ( MDM ) help required
Dear Techies,
Am here bring to your notice an different issue and no much resources to support even in PEC or Cisco Document.
We are conduction a Proof Of Concept (PoC) on Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
Setup Brief :
=========
Our Setup has ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory
Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
Activity Brief:
=========
As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
Clarifications Required
================
Wired Scenario - Require some configuration / steps on how to carryout posture for the guest wired users i.e. LAPTOP.
Wireless Scenario
MDM can be integrated to ISE ?
How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
Is MDM will do client provisioning or ISE should do ?
Is MDM send or update patches of Mobile Devices ?
As of now these are the scenarios, kindly revert if any good documents to show this or share your expertise on the Integration Part.
Thanks for Reading...
ArunI would like to avail your valuable inputs to understand on the Client provisioning part for the Mobile Devices/ Laptop. I understand from your reply that MDM integration is not available in the current release ISE 1.1 - That is correct.
Kindly let me know your views or any documents on the following scenarios with the current release in mind
1. User with Mobile devices connecting to Wireless ( both Employee and Guest ) , How the Flow differs for the Employee and Guest. How the client provisioning is done ( i.e. Like Posturing or Compliance Check ).
The posturing and compliance check is done based on the user authentication information (i.e. AD memberOf vs Guest user) combined with the users endpoint (windows, mac osx, or a mobile device), ISE then has a few decisions to make based on the authorization policies. For example, if a Domain User coming from a Windows 7 machine joins the network, then can either use the nac agent, or the web agent. Then you can scan for registry settings, file settings, program requirements, hotfix compliance...and the list goes on. If the user fails a check then you can either assign an acl for the user so they only have guest access, or you can place them into a remediation vlan the options are entirely up to the requirements and however the solution is implemented.
2. User with Laptop connecting to Wireless ( both Employee and Guest ). How the client provisioning is done ( i.e. Like Posturing or Compliance Check ).
Guests are usually redirected to the guest portal which they authenticate and their user group falls within the Guest container that is on the ISE internal database, that is usually coupled with an authorization profile that grants them internet access. For the client provisioning, that is usually done based on the operating system, via profiling (dhcp, and user agent string., netmap...etc) and can be fine tuned for all laptops or to a specific set of users based on their group membership.
3. What are advantages of having ISE also in place for Mobile devices, since most of the Mobile related tasks ( like Authentication, Authorization, Profiling and Posture ) are carried out by MDM. I am checking for the significant advantage of having ISE for Client network having only Mobile devices. Kindly clarify.
Currently the advantage of Cisco ISE is that it supports profiling within wireless and really fits well within a network that has mostly Cisco products since they are all part of of the Borderless security initiative being driven on the backend. The product teams for wireless, wired, security (vpn..etc) and ISE are pretty close in building their solutions so that you can get connected with any device any where (sorry for the sales pitch). The latests wireless code is improving and is going to have support similar to the ios sensor for wired devices where dhcp, cdp, and other attributes can be sent in the radius packet for better profiling decisions. With integration for an MDM platform coming soon, and also support for TACACS rumored (have to verify with your account rep) you have options that really stand out from a unit that only supports MDM. Cisco ISE also comes with a wireless product ID so that makes the budget work when it comes to deploying ISE if you arent looking for enforcement on your wired devices.
4. Do you recommend 802.1X Authentication to use for the Employee and Contractor? The Guest user authentication as Open ?
For internal users and vendors the best option by far is dot1x, almost all operating systems are capable of performing dot1x and the 1.1.1 MR has a piece now that can provision the supplicant for the users, by using scep to enroll certificates or configure peap settings.
There is a feature within the guest portal that allows you to statically assign guests into endpoint group, that feature is called device registration web authentication. It seems like an open network but uses mac filtering to assign these devices to an endpoint without requiring users to enter any credentials. They are presented with an AUP page, once they accept their mac address is mapped to the endpoint group
5. How can we ensure the Encryption of traffic from the Guest user to the NAD ( Network Access devices ) ?
This may be a wireless question but I am sure the encryption is done using AES and using dot1x as the key management here is a brief background for this - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#L2
You can also use the anyconnect client which can provide macsec which is layer 2 encryption for wired - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html
6. We are also looking for VDI ( Citrix, VMware ) solution for the client ( both Employee and Guest ) , how ISE can play a role in securing the VDI environment.
For most thin clients you can perform dot1x authentication on the device itself, however that is something the manufacturer will have to support. This is a little gray for me.
7. Is that any integration required with Citrix or VMware. How the VDI can be offered based on the User role ( i.e. Employee, Contractor or Guest ), since Guest database is available only with ISE, how the checks are made from the VDI environment.
IN ISE there is an identity sequence which can authenticate users in AD first, if the user is not found then it can look in the internal database.
Our solution demands MDM in the integrated solution, As on today ISE cant be integrated with MDM. so what kind of solution we can propose to have MDM and Cisco ISE .Do the clients now enter the network should have already installed the MDM agent (or) any other way of pushing the same to the Client.
Today there is no integration between the devices, the last release time I heard was December for this feature. However it would be best to confirm with your Cisco Account rep on this issue.
Thanks,
Tarik Admani
*Please rate helpful posts* -
ISE integration with Prime Infrastructure,
Hi Team,
I would like to know what are the advantages and Disadvantages of the ISE integration with Prime Infrastructre.Also how the LAN, wifi, and identity management part (guest access etc) will work together.
Cheers!!!
MinakshiPrime Infrastructure manages the wired and the wireless clients in the network. When Cisco ISE is used as a RADIUS server to authenticate clients, Prime Infrastructure collects additional information about these clients from Cisco ISE and provides all client relevant information to Prime Infrastructure to be visible in a single console.
When posture profiling is enforced in the network, Prime Infrastructure talks to Cisco ISE to get the posture data for the clients and displays it along with other client attributes. When Cisco ISE is used to profile the clients or an endpoint in the network, Prime Infrastructure collects the profiled data to determine what type of client it is, whether it is an iPhone, iPad, an Android device, or any other device.
Cisco ISE is assisting Prime Infrastructure to monitor and troubleshoot client information, and displays all the relevant information for a client in a single console. -
ISE 3315 License needed for integration with PxGrid SealthWatch
Hello Experts,
i have ISE 3315 with Version 1.3
i want to integrate it with pxgrid and ordering Sealthwatch. Can anyone tell me do i need To have ISE Advance-License for this integration ? Or with ISE Base-License it can work?
ThanksISE License Packages
Perpetual/Subscription (Terms Available)
ISE Functionality Covered
Notes
Base
Perpetual
Basic network access: AAA, IEEE-802.1X
Guest management
Link encryption (MACSec)
TrustSec
ISE Application Programming Interfaces
Plus
Subscription (1, 3, or 5 years)
Bring Your Own Device (BYOD) with built-in Certificate Authority Services
Profiling and Feed Services
Endpoint Protection Service (EPS)
Cisco pxGrid
Does not include Base services; a Base license is required to install the Plus license.
Apex
Subscription (1, 3, or 5 years)
Third Party Mobile Device Management (MDM)
Posture Compliance
Does not include Base or Plus services; a Base license is required to install the Apex license.
Note
When you use Cisco AnyConnect as unified posture agent across wired, wireless, and VPN deployments, you need Cisco AnyConnect Apex user licenses in addition to Cisco ISE Apex licenses.
Mobility
Subscription (1, 3, or 5 years)
Combination of Base, Plus, and Apex for wireless and VPN endpoints
Cannot coexist on a Cisco Administration node with Base, Plus, and/or Apex Licenses.
Mobility Upgrade
Subscription (1, 3, or 5 years)
Provides wired support to Mobility license
You can only install a Mobility Upgrade License on top of an existing Mobility license.
Evaluation
Temporary (90 days)
Full Cisco ISE functionality is provided for 100 endpoints.
All Cisco ISE appliances are supplied with an Evaluation license. -
ISE integration with XenMobile
We are trying to leverage XenMobile with ISE and have it added and it Test successfully. Devices have already been enrolled into MDM, we are wanting to query the MDM to determine if the device is Registered, JailBroke, etc to determine access. In testing the reports show that that a known device in MDM is "un-registered" and all the other fields are unknown. From ISE I can see that the endpoint id is a identifier within the XenMobile Device Manager. I am not part of the group that does the configuration of the MDM so I have limited access to it. I can login to the portal and check the device in question but I don't see any fields that reflect the exact definitions that are in ISE.
As I stated the "Test" comes back successful.
Thanks,
Joe2015-01-12 08:29:40,225 INFO [Thread-42][] cisco.cpm.mdm.api.MdmBaseApi -::0a1f06840002becc54b3da2b:::- GETMDM Server URL: https://xdm.XXXX.com:443/zdm/ciscoise/dev
ices/0/macaddress/48437C7ACFA0/all
2015-01-12 08:29:41,034 INFO [Thread-42][] cisco.cpm.mdm.api.MdmBaseApi -::0a1f06840002becc54b3da2b:::- MDM Server Response Code: 500
2015-01-12 08:29:41,035 WARN [Thread-42][] cisco.cpm.mdm.api.MdmBaseApi -::0a1f06840002becc54b3da2b:::- Failled to connect to MDM Server 500 : Internal Server Error
2015-01-12 08:29:41,040 WARN [MdmEventHandler-25-thread-2][] cisco.cpm.mdm.util.MDMUtil -::0a1f06840002aab854b008ad:::- Couldn't find the endpoint information for mac
address 48:43:7c:7a:cf:a0
Looks like ISE isn't getting a response from the mdm server, is it possible to check the mdm api to verify it is up and running?
Thanks,
Joe -
Hi
Can Anybody can update whether ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 , supports the command level accounting
Bascially , we have integrated Cisco Switches with Cisco ISE for Device Authentication using Radius , we are able get the authentication logs on to the devices , but for any command changes or update done on Cisco devices we are not able to get the command accounting ..
has succeed in command level accounting on Cisco ISE ..
Please update
Cisco ISE doesn't have TACACS feature ...Command Accounting is a TACACS+ feature so not for ISE....yet.
However, you can do the following to send commands to syslog and not including passwords (hidekeys). I just picked 200 commands/lines to store in the local command buffer/log. increase or decrease as you have memory. The notify syslog is what sends it via syslog.
conf t
archive
log config
logging enable
logging size 200
hidekeys
notify syslog
end
wr mem
Remember, syslog is clear text :-) log away from user traffic when possible. Or use TLS based syslog when possible.
I hope you find this answer useful, if it was satisfactory for you, please mark the question as Answered.
Please rate post you consider useful.
-James -
What is required to replace ACS with ISE in simple terms?
I am looking to basically authenticate wired and wireless access against the local/AD) user database via Cisco kit
I am thinking all I need is the BASE (perpetual) license rather than the advanced/wireless licenses
Is there a limit to how many devices or users the base can deal with in its simplest form.
I would also like to be able to push out a splash screen for wireless users during authentication. Can this be done just with the ISE Base License alone for a wireless solution (via WLC with LWAPS or Autonomous APs)
thanks
daveyes you can authenticate the user using the ISE and but you need a advance license if you want to use both wire and wireless here is small table to help you understand the license requirements also the max. devices support depends on the type of deployment and with advance feature you have the abilitity of profiling and posturing which provide very good control for admins in the network
Software Packages
Options
Base
Capabilities: Basic network access and guest access
Network deployment support: Wired, wireless, and VPN
License prerequisite: None
Perpetual license
Licenses are available for 100, 250, 500, 1000, 1500, 2500, 3500, 5000, 10,000, 25,000, 50,000, and 100,000 endpoints
Advanced
Capabilities: Profiler and feed service, posture, MDM integration, automated endpoint onboarding, and Security Group Access (SGA)
Network deployment support: Wired, wireless, and VPN
License prerequisite: Base license
Term license: 1, 3- and 5-year terms
Licenses are available for 100, 250, 500, 1000, 1500, 2500, 3500, 5000, 10,000, 25,000, 50,000, and 100,000 endpoints
Wireless
Capabilities: Basic network access, guest access, profiler, posture, and SGA
Network deployment support: Wireless
License prerequisite: None
Term license: 1, 3- and 5-year terms
Licenses are available for 100, 250, 500, 1000, 1500, 2500, 3500, 5000, 10,000, 25,000, 50,000, and 100,000 endpoints
Wireless Upgrade
Capabilities: Basic network access, guest access, profiler, posture, and SGA
Network deployment support: Wired, wireless, and VPN
License prerequisite: Wireless license
Term license: 1, 3- and 5-year terms
Upgrade licenses are available for 100, 250, 500, 1000, 1500, 2500, 3500, 5000, 10,000, 25,000, 50,000, and 100,000 endpoints
***Do rate Hekofuls posts*** -
Need some help with PKI authentication with ISE in terms of Configuration......need to deploy it in the network
Minakshitheir isnt any specific example for this , check the following link
http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116681-config-neat-cise-00.html
for cerificate config on ISE
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_04_ise_bootstrapping.pdf
Base license is intended for organizations that want to authenticate and authorize users and devices on their networks (wired, wireless, and VPN).
Advanced license expands on the Base license and enables organizations to make more advanced policy decisions based on user and device compliance. Advanced license features include device onboarding and provisioning, device profiling, posture services, mobile device management (MDM) integration capabilities, and Cisco Security Group Access enforcement capabilities across the entire network (wired, wireless, and VPN) -
OIM 9.1.0 Integration with Active Directory 2008 R2
Hi,
My customer is running Root/Child AD structure based on windows 2003 w/SP2, OIM 9.1.0 deployed under one of the child domains, and integrated with child domains controllers which runs windows server 2003 as well.
My customer has decided to upgrade his AD to Windows Server 2008 R2 domain controllers across the entire AD Forest and still wants to integrate the current OIM v9.1.0 with AD for all of his Users provisioning and password synchronizations.
Am not sure if current OIM version of OIM 9.1.0 is compatible and supported by OIM v9.1.0 under active directory version 2008 / R2, and not sure if it can be integrated with such AD version.
Any guidance is really appreciated.
Also I was thinking of such scenario but also not sure of its support ability and if OIM will keep working on such scenario, the scenario is to upgrade only the AD root domain to Windows 2008 R2 while keeping the child domain holding the OIM 9.1.0 at Windows 2003 version.
Is this a working and supported scenario by OIM v9.1.0 ?I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
-Bikash -
Service desk integration with 3rd party tool
Hi all,
I've problems understanding the setup of connecting a 3rd party service desk tool with solman itsm.
So far it's clear that I need to activate and configure the service provider and consumer in soamanager.
The webservice then will be called by the 3rd party tool with corresponding data.
However, according to spro I need to define a value mapping for incoming/outgoing calls.
I do not understand this mapping... the WSDL of webservice ICT_SERVICE_DESK_API contains lots of fields, but in spro -> value mapping I can only define the following fields (which are hard coded in type pool AIICT):
SAPCategory
SAPComponent
SAPDatabase
SAPFrontend
SAPIncidentID
SAPIncidentStatus
SAPInstNo
SAPOperatingSystem
SAPSoftwareComponent
SAPSoftwareComponentPatch
SAPSoftwareComponentRelease
SAPSubject
SAPSystemClient
SAPSystemID
SAPSystemType
SAPUserStatus
What about attachments, priority etc.?
Will the interface parameters mapped to these ones?
For what purpose do I need to maintain the value mapping?
Can you give me a hint?
Regards, Richard Pietschcan you please check the WIKI Solution manager Service Desk Integration with third party service desk - SAP Solution Manager - Security and Authorizat…
Maybe you are looking for
-
Time machine stuck on 'calculating changes'
I have been using Time Machine backups to a 2TB Time Capsule for over a year, and one of my 4 computers has recently stopped backing up. The other 3 are still backing up fine, and I ran disk utility on the Time Capsule which stated that it was workin
-
How do i update a single bookmark to a new url.
probably already there but i cant find it . there are some very old bookmarks in my personal bookmark collection. Some of them point to a wrong adress. How do i update them ? Maybe something like chose 'update bookmark' while being on the new page an
-
Urgent - Unable to find last backup for iPhone 4 in iTunes
Hello, I would be grateful if someone could please help me urgently. Earlier this week I made a backup of my iPhone 4 in iTunes. In actual fact I did this several times in order to make sure that the backup was saved. I have since upgraded iOS to 5
-
Hi I have the following problem at hand for which I have been looking at tangosol coherence lately : I have a huge deal dataset (~500,000 deals which are scattered across several tables in a database) and I have a process that would need to
-
I keep getting the above error. When I try to deauthroise ADE, I get a message that deauthorisation failed. Suggestions?