TACACS+ packet from unknown Network Device or AAA Client

Similar Messages

• 13017 Received TACACS+ packet from unknown Network Device or AAA Client

  I am adding new routers to our Corporate network for a new MPLS network.  I am getting 13017 Received TACACS+ packet from unknown Network Device or AAA Client  errors for these new routers.  They are added to ACS 5.4.0.30 correctly just like all of our other devices.  We have never had real routers on the network before, just switches and access points.  Is there something special I need to set in ACS for these to work and authenticate correctly?  I can only access the currently with built in login locally.
  One of the new router configs
  Current configuration : 2370 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname T666
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$h7b3$.T2idTKb9H98BQ8Op0MAC/
  aaa new-model
  aaa authentication login default group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ local if-authenticated
  aaa accounting exec default start-stop group tacacs+
  aaa session-id common
  clock timezone CST -6
  clock summer-time CDT recurring
  ip cef
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  voice-card 0
  crypto pki trustpoint TP-self-signed-2699490457
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2699490457
   revocation-check none
   rsakeypair TP-self-signed-2699490457
  username netadmin privilege 15 secret 5 $1$SIR2$A3MpShVNeAOlTPyLZESr..
  interface FastEthernet0/0
   ip address 10.114.2.1 255.255.255.0
   ip helper-address 10.30.101.4
   duplex auto
   speed auto
  interface FastEthernet0/1
   no ip address
   shutdown
   duplex auto
   speed auto
  interface Serial0/1/0
   ip address X.X.X.X 255.255.255.252
   no fair-queue
   service-module t1 timeslots 1-24
   service-module t1 remote-alarm-enable
   service-module t1 fdl ansi
   no cdp enable
  router bgp 65065
   no synchronization
   bgp log-neighbor-changes
   network 10.114.2.0 mask 255.255.255.0
   neighbor X.X.X.X remote-as 209
   neighbor X.X.X.X default-originate
   default-information originate
   no auto-summary
  ip forward-protocol nd
  ip bgp-community new-format
  ip http server
  ip http authentication aaa
  ip http secure-server
  ip tacacs source-interface FastEthernet0/0
  no logging trap
  tacacs-server host 10.30.101.221 key 7 1429005B5C502225
  tacacs-server host 10.30.101.222 key 7 1429005B5C502225
  tacacs-server directed-request
  control-plane
  banner exec ^CC
  C
  Login OK
  ^C
  banner motd ^CC
  C
  **  UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED.  USE OF
  **  THIS SYSTEM CONSTITUES CONSENT TO MONITORING AT ALL TIMES.
  **  RUAN Transport Corporation
  **  Network Services
  **  [email protected]
  **  515.245.2512
  ^C
  line con 0
  line aux 0
  line vty 0 4
   exec-timeout 30 0
   transport input all
  line vty 5 15
   exec-timeout 30 0
  scheduler allocate 20000 1000
  end
  T666#

  AAA Protocol > TACACS+ Authentication Details
  Date :
  September 19, 2014
  Generated on September 19, 2014 10:21:27 AM CDT
  Authentication Details
  Status:
  Failed
  Failure Reason:
  13017 Received TACACS+ packet from unknown Network Device or AAA Client
  Logged At:
  Sep 19, 2014 10:21 AM
  ACS Time:
  Sep 19, 2014 10:21 AM
  ACS Instance:
  acs01
  Authentication Method:
  Authentication Type:
  Privilege Level:
  User
  Username:
  Remote Address:
  Network Device
  Network Device:
  Network Device IP Address:
  10.114.2.1
  Network Device Groups:
  Access Policy
  Access Service:
  Identity Store:
  Selected Shell Profile:
  Active Directory Domain:
  Identity Group:
  Access Service Selection Matched Rule :
  Identity Policy Matched Rule:
  Selected Identity Stores:
  Query Identity Stores:
  Selected Query Identity Stores:
  Group Mapping Policy Matched Rule:
  Authorization Policy Matched Rule:
  Authorization Exception Policy Matched Rule:
  Other
  ACS Session ID:
  Service:
  AV Pairs:
  Response Time:
  Other Attributes:
  ACSVersion=acs-5.3.0.40-B.839 
  ConfigVersionId=359 
  Device Port=59840 
  Protocol=Tacacs
  Authentication Result
  Steps
  Received TACACS+ packet from unknown Network Device or AAA Client
  Additional Details
  DiagnosticsACS Configuration Changes

• ISE Could not locate Network Device or AAA Client

  When authenticating using 802.1x and MAB, I recieve an authentication failure with the error 11007(Could not locate Network Device or AAA Client). The root cause that ISE spits back at me is "Could not find the network device or the AAA Client while accessing NAS by IP during authentication." I did pretty much everything by the book except instead of using a loopback interface I used a vlan with a defined ip address.  Could this be causing the problem?
  Here is the config of the port that I'm testing on:
  interface GigabitEthernet1/0/9
   switchport access vlan 9
   switchport mode access
   switchport voice vlan 8
   ip access-group ACL-ALLOW in
   srr-queue bandwidth share 1 30 35 5
   queue-set 2
   priority-queue out
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 4
   authentication event server dead action authorize voice
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication violation restrict
   mab
   mls qos trust device cisco-phone
   mls qos trust cos
   dot1x pae authenticator
   dot1x timeout tx-period 10
   auto qos voip cisco-phone
   spanning-tree portfast
   service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
  end

  I can ping both the vlan and the endpoint from the ISE.  As far as allowing ISE to speak snmp and RADIUS to the NAD, I have enabled it on the NAD config inside the ISE. I have also double checked the snmp and radius shared passwords.
  I have gotten MAB authentication to work but I am still getting the same error for dot1x authentication. Here are some of the configs on the switch.
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authentication dot1x defualt group radius
  aaa authentication dot1x group group radius
  aaa authorization network default group radius
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
  aaa session-id common
  ip radius source-interface TenGigabitEthernet1/0/1
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server host 10.10.10.47 auth-port 1812 acct-port 1813 test username test key 7 097940581F5412162B464D
  radius-server vsa send accounting
  radius-server vsa send authentication
  dot1x system-auth-control
   authentication order dot1x mab
   authentication priority dot1x mab
   dot1x pae authenticator
   dot1x timeout tx-period 10

• 11007 could not locate network device or aaa client

  Dears,
  I have two redundant WLC and two ISE configured as primary and secondary.
  I configured the Dot1x and users authenticated successfully, but my issue that i'm still receiving this error message (11007 could not locate network device or aaa client).
  Any ideas or suggestions highly appreciated,

  ISE NAD Import via CSV passes with invalid IP, unable to load NAD config
  CSCur65990
  Description
  Symptom:
  RADIUS requests dropped due to failure reason "11007 Could not locate Network Device or AAA Client", even though they are successfully loaded in ISE.
  Conditions:
  Issue with Network Device import via CSV.
  Known Affected Releases:
  (2)
  1.2(0.912)
  1.3(0.876)

• Homehub 5 deleted device from Home Network - Devic...

  Hi guys.  I'm setting up a Homehub 5 for the first time.  I have previously had a Homehub 3 and could do anything I wanted with it but I've come across an oddity.
  It's a simple query, in the Home Networks - Device section, I have deleted a device from the Wired Connections.  I now want it back!  How do I get it recognised and added again?  I have tried disabling the network (wired) and enabling, restarting the device, restarting the Homehub, nothing seems to work.  Can someone please tell me what I am missing?

  Ok.  Most of this issue seems to be solved by my fiddling.
  A bit more playing around has given me a new view of the problem.  The device I removed was set up in it's own TCP/IP settings to request a static IP address of its own choosing.  I did this because I could not find a way to allocate a static IP address for a wired device in the Homehub.  For some reason, when I first tried it, it would not allow me to edit the IP address for the chosen device.  I think this may be because the address had been set locally on the PC.  When I returned the PC to DHCP allocation it reappears in the Devices display and I am setting a static address from there.  I also have a NAS drive which is set to request its own static IP address and this also does not show up in the display.  I have changed the NAS drive in its own local settings to allow DHCP and it now also shows up in the router's Device plan.  So...
  Am I right in assuming that the BT Home Hub 5 only displays those devices it controls under DHCP and will not display others which have requested their own fixed address?
  If so, is there anywhere that devices which request their own static addresses can be viewed in the Home Hub settings or are they simply non-existent as far as administration is concerned?
  I would find this last point strange as they are still connected to the network and as such need to be managable.  It would almost seem that you are forced to use DHCP via the Home Hub if you want to set up anything to do with any device.

• SCCM Client installation to only Online machines from All Systems Device collection through Client Push

  Hi,
  How can we create a device collection based on only online machines , than use that collection to install the sccm client through client push method.
  Shailendra Dev

  You can run a ping report and then create a collection from only the online machines:
  Ping Report Script (Put the machine list in "pclist.txt" in the same folder):
  Const ForReading = 1
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  Set objShell = CreateObject("WScript.Shell")
  If not objFSO.FileExists("Pclist.txt") THEN
  wscript.echo "File not found,"&_
  vbcrlf&"with a hard return at the end of each line."
  wscript.quit
  end if
  tempobj="temp.txt"
  Set objTextFile = objFSO.OpenTextFile("Pclist.txt", ForReading)
  logfile="results.csv"
  Set ofile=objFSO.CreateTextFile(logfile,True)
  strText = objTextFile.ReadAll
  objTextFile.Close
  wscript.echo "Ping starting"
  ofile.WriteLine ","&"Ping Report -- Date: " & Now() & vbCrLf
  arrComputers = Split(strText, vbCrLF)
  for each item in arrcomputers
  objShell.Run "cmd /c ping -n 1 -w 1200 " & item & " >temp.txt", 0, True
  Set tempfile = objFSO.OpenTextFile(tempobj,ForReading)
  Do Until tempfile.AtEndOfStream
  temp=tempfile.readall
    striploc = InStr(temp,"[")
          If striploc=0 Then
              strip=""
          Else
              strip=Mid(temp,striploc,16)
              strip=Replace(strip,"[","")
              strip=Replace(strip,"]","")
              strip=Replace(strip,"w"," ")
              strip=Replace(strip," ","")
          End If     
          If InStr(temp, "Reply from") Then
               ofile.writeline item & ","&strip&","&"Online."
          ElseIf InStr(temp, "Request timed out.") Then
               ofile.writeline item &","&strip&","&"No response (Offline)."
          ELSEIf InStr(temp, "try again") Then
               ofile.writeline item & ","&strip&","&"Unknown host (no DNS entry)."
  End If
  Loop
  Next
  tempfile.close
  objfso.deletefile(tempobj)
  ofile.writeline
  ofile.writeline ","&"Ping complete "&now()
  wscript.echo "completed."
  objShell.Run("""C:\Program Files\Microsoft Office\OFFICE11\excel.exe """&logfile)
  -RG

• How to count the number of AAA clients

  Hi,
  As we know, ACS5.2 is required with a base license-- supporting 500 network devices.
  Sometimes there are lots of AAA clients or network devices that are authenticating simultanious. So my question is, how to count the network devices allowed to auth on ACS5.2? Does that only include network devices, or including both any network devices or AAA clients?
  Rgds,
  Laowu5017

  Hi,
  ACS 5.x counts the number of AAA clients that are configured on the ACS.
  Please note that AAA clients and networks devices is the same and they comply switches, routers, WLCs, or whatever other device configured under
  Network Resources >
  ... >
  Network Devices and AAA Clients
  AAA Clients are NOT the AAA suplicants.
  The end user clients PCs are the AAA suplicants, and for this there is no limit number.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• ACS 4.1.1.24 to 5.2.0.26.3 Network Device Migration issue

  Hello all.
  I'm getting an error when I run the migration.bat script to migrate data from ACS 4.1 to 5.2 and analyse the Network Devices in the 4.1 database.
  hqssec01
  AnalyzeAndExport
  Network Device
  hqsvg22417k
  error
  invalid_sharedsecret
  Cannot migrate Network Device that has Shared secret key with a name that contains any of the following characters: "'{}
  hqssec01
  AnalyzeAndExport
  Network Device
  hqsvg22418k
  error
  invalid_sharedsecret
  Cannot migrate Network Device that has Shared secret key with a name that contains any of the following characters: "'{}
  hqssec01
  AnalyzeAndExport
  Network Device
  milswi1a1
  error
  invalid_sharedsecret
  Cannot migrate Network Device that has Shared secret key with a name that contains any of the following characters: "'{}
  hqssec01
  AnalyzeAndExport
  Network Device
  DS2000_Storm_Standby
  error
  invalid_sharedsecret
  Cannot migrate Network Device that has Shared secret key with a name that contains any of the following characters: "'{}
  We use a common shared secret key for 253 devices to use for TACACS authentication.  Unfortunately ACS 4.1 allows you to use the " character in this key but 5.2 doesn't.  Is there a way of changing  the  key in the 4.1 database for all 253 devices without having to manually change all devices individually?
  I can change the AAA client's key with various tools no problem, but the issue is the key stored on the ACS database.
  Any help would be great!

  Just to update.
  RDBMS syncronization using csv files is only available on 4.2 so I updated from 4.1 to 4.2.
  Using the accountActions.csv file, I made a copy accountActions2.csv and used the action id 225 to dump the NAS database to a file DumpNAS.txt.
  I then imported the relevant fields from DumpNAS.txt into a new file accountActions3.csv and used action ID 224 to update the NAS database.
  The issue I had was that the Value 3 field "Vendor ID" I could not locate the corrent string to use.
  In the end I used the 'File Operations' function in ACS 5.2 and used the network device template to load the devices into ACS 5.2 with the new shared secret.  The only thing missing from was Network Device Groups, which had to be created manually and then manually move each device into the relevant NDG.
  This may prove useful for anyone having a similar problem.

• More than 4 network Devices - how do i connect?

  Hi,
  I have a new Home Hub 4 and i am currently using all the outlets from my network devices. I now need another connection in my lounge for my blue ray player, but i obviously do not have anymore network connections available?
  I have an old home hub 3, could i swap the connection to the spare LAN2 at my modem and put the hub 3 on the other end and then have 4 connections available instead of the original 1?
  I am a novice as this and would appreciate any help to solve my current problem - diagrams would be very useful.
  Regards
  Rob
  Solved!
  Go to Solution.

  >Disable the wifi card on your computer/laptop as you dont want to change settings on master hub by accident.
  >Power on old hub but do not connect to phone line just plug it into the wall and connect an ethernet cable from this to your computer.
  >Navigate to 192.168.1.254 on your browser this will bring up your hub configuration page.
  > Goto Advanced - Firewall - Configuration - Disable.
  > HUB 4 AND 5 ONLY: Goto Advanced - Home network - Smart Setup - Disable.
  > Goto Advanced - Home Network - IP addresses - In the IP address box type 192.168.1.10 and then click on DHCP server disable - apply. (Do both steps then hit apply or you will loose connection and it will be difficult to get back)
  > Now plug the old Hub into the main hub via ethernet or powerline network plugs and voila you have an access point.
  At this point you will have 2 seperate wireless networks broadcasting 2 names (ssid) and using 2 different wireless keys, which itself is not a problem just point your devices at the one you want to connect to and it will work, however now would be a good time to set yourself a nice custom SSID and wireless key that you can remember easily and to do this follow instructions below.
  To set master Hub goto 192.168.1.254 in your browser
  To set slave Hub goto 192.168.1.10 in your browser.
  Instructions are the same for both.
  Goto advanced - wireless - and now set SSID - Wireless key to a custom choice, if you are using the same SSID and Key for both hubs make sure you set the same security type or devices may not be able to connect to one or the other.
  Below applies to secondary hubs only and your main hub will have the same status lights as normal.
  On Hubs V2 and V3 you will be left with just the wireless and power lights illuminated the broadband light will be off.
  Hub V4 your status light will be orange and your broadband light will flash constantly this is normal.
  Hub V5 your status light will be orange and broadband light will flash constantly, however occaisionally the status light will flash as if its trying to connect, again this is normal and does not effect operation.

• ACS 5.0 having issues with different subnet AAA Clients

  Dear All,
  I am getting weird issue. My ACS 5.0 is in subnet 10.1.1.0/24. All the AAA clients which are in the same subnet can communicate with the ACS but different subnet cannot.
  I have checked the firewall between them, Its allow any any with all services.
  One more thing I have faced today is that now from only one switch (10.1.2.10) can access ACS but switches in the same subnet (10.1.2.0/24) cant access ACS as same previous issue.
  Following are the logs of one switch(10.1.2.10) in different subnet can access ACS :
  Working Switch with Same configuration:
  SW-A#test aaa group tacacs+ test cisco legacy
  Attempting authentication test to server-group tacacs+ using tacacs+
  User was successfully authenticated.
  SW-A#
  *Nov 17 00:05:52.041: AAA: parse name=<no string> idb type=-1 tty=-1
  *Nov 17 00:05:52.041: AAA/MEMORY: create_user (0x1B1FD04) user='test' ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
  *Nov 17 00:05:52.041: TAC+: send AUTHEN/START packet ver=192 id=3237327729
  *Nov 17 00:05:52.041: TAC+: Using default tacacs server-group "tacacs+" list.
  *Nov 17 00:05:52.041: TAC+: Opening TCP/IP to 10.1.1.2/49 timeout=5
  *Nov 17 00:05:52.041: TAC+: Opened TCP/IP handle 0x1B44D48 to 10.1.1.2/49
  *Nov 17 00:05:52.041: TAC+: 10.1.1.2 (3237327729) AUTHEN/START/LOGIN/ASCII queued
  SW-A#
  *Nov 17 00:05:52.243: TAC+: (3237327729) AUTHEN/START/LOGIN/ASCII processed
  *Nov 17 00:05:52.243: TAC+: ver=192 id=3237327729 received AUTHEN status = GETPASS
  *Nov 17 00:05:52.243: TAC+: send AUTHEN/CONT packet id=3237327729
  *Nov 17 00:05:52.243: TAC+: 10.1.1.2 (3237327729) AUTHEN/CONT queued
  *Nov 17 00:05:52.444: TAC+: (3237327729) AUTHEN/CONT processed
  *Nov 17 00:05:52.444: TAC+: ver=192 id=3237327729 received AUTHEN status = PASS
  *Nov 17 00:05:52.444: AAA/MEMORY: free_user (0x1B1FD04) user='test' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)
  Logs from the same subnet switch (10.1.2.20) which cannot access ACS:
  SW-B#test aaa group tacacs+ test cisco legacy
  Attempting authentication test to server-group tacacs+ using tacacs+
  No authoritative response from any server.
  SW-B#
  *Oct 20 00:54:12.834: AAA: parse name=<no string> idb type=-1 tty=-1
  *Oct 20 00:54:12.842: AAA/MEMORY: create_user (0x1A6F3F0) user='test' ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
  *Oct 20 00:54:12.842: TAC+: send AUTHEN/START packet ver=192 id=3281146755
  *Oct 20 00:54:12.842: TAC+: Using default tacacs server-group "tacacs+" list.
  *Oct 20 00:54:12.842: TAC+: Opening TCP/IP to 10.1.1.2/49 timeout=5
  *Oct 20 00:54:12.842: TAC+: Opened TCP/IP handle 0x1B1E888 to 10.1.1.2/49
  *Oct 20 00:54:12.842: TAC+: 10.1.1.2 (3281146755) AUTHEN/START/LOGIN/ASCII queued
  SW-B#
  *Oct 20 00:54:12.943: TAC+: (3281146755) AUTHEN/START/LOGIN/ASCII processed
  *Oct 20 00:54:12.943: TAC+: received bad AUTHEN packet: type = 0, expected 1
  *Oct 20 00:54:12.943: TAC+: Invalid AUTHEN/START/LOGIN/ASCII packet (check keys).
  *Oct 20 00:54:12.943: TAC+: Closing TCP/IP 0x1B1E888 connection to 10.1.1.2/49
  *Oct 20 00:54:12.943: TAC+: Using default tacacs server-group "tacacs+" list.
  *Oct 20 00:54:12.943: AAA/MEMORY: free_user (0x1A6F3F0) user='test' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)
  Waiting for your responses.
  Regards,
  Anser

  Ok, cool,
  So this usually means that the switch is sourcing the requests from a difernet interface that is configured on the ACS.
  I would guess that the ACS is reporting unknown NAS...
  Can you please use the "ip tacacs source-interface" command to make sure the switch will source the Tacacs+ packets from the interface with the IP address for which you have the ACS configured to?
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• How to stop ACS intergated AD users to login in AAA clients(network device)

  I have ACS 4.2 Appliance which is integrated with Active directory.
  AD users are able to login in network devices. Is there any so that I can stop AD user and other local users to login in AAA clinets (network devices).

  These types of configurations are a two-way street. ACS must be configured to actually perform the authentication/authorization, and the AAA clients must also be configured for authentication/authorization. I would look at the AAA client configurations, first.
  What kind of AAA clients are we talking about? Cisco switches, Cisco WLC's? Swicthing gear from other companies?
  For Cisco switches, lines like the following will tell them to use your ACS server for administrative user auth (RADIUS ro TACACS+, respectively):
  aaa group server radius rad_admin
  server xxx.xxx.xxx.xxx
  aaa group server tacacs+ tac_admin
  server xxx.xxx.xxx.xxx
  If your AAA client is a WLC, then you need to uncheck the "Management" box where the RADIUS server is defined for authentication (Security -> AAA -> RADIUS -> Auth).

• AAA authentication for networking devices using ACS 4.1 SE

  Hi!!!
  I want to perform AAA authentication for networking devices using ACS 4.1 SE.
  I do have Cisco 4500, 6500,2960, 3750, 3560, ASA, CSMARS, routers (2821) etc in my network. I want to have radius based authentication for the same.
  I want telnet, ssh has,console attempt to be verified by radius server & if ACS goes down then it will be via local enable passwordf.
  For all users i need to have different privilege levels based upon which access will be granted.
  could u plz send me the config that is required to be done in the active devices as well as ACS!!!!

  Pradeep,
  Are you planning MAC authentication for some users while using EAP for others?
  For MAC authentication, just use the following in your AP.
  aaa authentication login mac_methods group radius
  In your AP, select the radius server for mac authentication. You must have already defined your ACS as a radius server.
  In your SSID configuration, under client authentication settings,
  check "open authentication" and also select "MAC Authentication" from the drop-down list.
  If you want both MAC or EAP, then select "MAC Authentication or EAP" from the dropdown.
  Define the mac address as the username and password in ACS. Make sure the format of the mac is without any spaces.
  You will not need to change anything in XP.
  NOTE: XP normally does not require user authentication if machine has already authenticated but it might behave differently. If it does, I can let you know the registry settings to force the behaviour change.
  HTH

• Printing directly from a mobile device that is NOT on a wifi network

  I would like to print directly from an ipad, that does not connect to a home wifi connection. 
  I have read in some forums, that the HP 6520 can create a direct ad-hoc style wifi connection that the IOS device can connect to, but this is not clearly stated in the feature set on this website. 
  Can a support admin please clarify whether printing directly from a mobile device that is NOT connected to a shared wifi network is possible?

  Hi,
  Pleae try the following setup:
      http://h10025.www1.hp.com/ewfrf/wc/document?cc=us&lc=en&docname=c02994632
  Regards.
  BH
  **Click the KUDOS thumb up on the left to say 'Thanks'**
  Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

• Remove network device inventory from SCOM database

  Hello Gurus
  I have a quick question. I think one of the internal connectors in my SCOM environment has got deleted by mistake. As a result all the network devices that were being monitored previously has now disappeared. I believe because they were present in the database,
  I can't discover them now. Is it possible somehow to list those network devices from the database, and then delete them, by using powershell and/or SQL.
  Any help in this regard will be greatly appreciated.
  Regards,

  You can delete them by:
  In the Discovery Rules option under the Administration Tab, you will be able to see all the network devices that are discovered. This shows the devices that are discovered and currently getting monitored in SCOM. You can select multiple devices and then
  remove them.
  Then Run in powershell Get-RemotelyManagedDevice to check that all Network devices deleted.
  you can also check below link to remove/restore network device
  http://technet.microsoft.com/en-us/library/hh212795.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Is it possible to control a Mac directly from an iOS device without being connected to a WiFi network, i.e. an airport or similar.

  I would like to control my MacMini (Late 2012) 2.3GHz Intel Quad Core i7 processor directly from my iOS device, either my iPhone 6 or my iPad G3. By directly I mean without having a wireless or wired network in place.
  I know there are a number of iOS apps that utilize VNC technology but I believe they all require the Mac to be connected via WiFi to an Airport or similar wireless networking device. I would like to control my MacMini remotely without having it already connected to a WiFi network and wondered is it possible? The iOS device and Mac would be in close proximity to one another.
  Has anyone had any experience with this? Thanks.

  Guys, thanks but I did not mean to control it by infrared. I know only too well that iOS devices do not have that capability. However they and the Mac both can send and receive WiFi signals so is there any reason they can't talk to each other directly.
  When I am in my home I have an airport but I would like to take the Mac Mini out on music gigs with my Apollo interface which serves as my mic preamp and mixer as it does in my studio but the Apollo needs to be connected to the mac via thunderbolt to download the plugin software that provides reverb and eq, etc. I would like to do this without the need of a monitor and keyboard, hence my dilemma. The only thing I basically need to do is start the mini and the rest happens automatically but I need to also shut down (which I know can be accomplished a couple of ways) but with out having a visual interface you can't make any changes or verify what setting are being used.