Two effictive policy issue
ZCM11.2.1 on windows MSsql. Endpoint disabled. School system with generic
student user names in multiple contexts.
Scenario: Users are in edirectory. Because of the limited LDAP connector I
could not assign policies to my generic users in multiple contexts at the
same school. As expected the the first generic named user would get the
policy and or bundle and then LDAP would search no longer. To solve this I
assigned the policy to the folder the generic user exists in and let it be
inherited. Problem solved for multiple generic student accounts in multiple
contexts in the same school. But if I have a unique named user in the same
folder / context as the generic user and I assign a less restrictive policy
directly to the user the more restrictive inherited policy (which is first
in order listed in the agent) is what is being enforced. looking at the
agent status for policy the inherited restrictive policy is effective and
the directly assigned admin policy is effective. In that order.
Question: how do I make the less restrictive directly assigned policy
override the inherited policy?
CCPS,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com
Similar Messages
-
Any fix for the "Hardware cannot render at the requested size and depth" when having two video cards issue?
Now, the strange thing is: after a few initial issues one of the macs is doing fine. The second one, on the contrary, is a nightmare. Finalcut gives a green screen of death and hangs up suddenly while performing simple operations (like dropping a clip on the timeline).
I'm thinking of trying to replace the two video cards with an older single dual display card, and giving up the fancy lcd monitors (that i bought at vast cost), at least until apple issues an upgrade that adresses the two video card problem. <
If the machines are mechanically equal, it's obviously not the cards. Although you can only be absolutely certain if you swap the cards between machines and see if the green screen issue follows one or both cards.
However, that new LCD display and card combination doesn't have much time in the pipeline so there could be other issues and you're doing the beta testing for all of us. Blaming the reseller is pointless; no one can keep track of all of these issues. We only find out about them only because of reported failures.
You should research the "green screen" here on the forum. I do not recall if there are display or graphics cards issues associated with it. That seems unlikely. IIRC, it appears to be a QT issue.
bogiesan -
Access policy issues and daylight savings
I have the WRVS4400N. I have purchased a few Linksys routers in the past and have been happy with their operation. The wireless access however, was mediocre until I purchased this model. This model has great a great wireless connection. I like the fact that I can make many changes to the settings on the router without having to reboot the router. The performance of this router in combination with the cable modem has been excellent. It far outperforms the equipment that it replaced. I will normally pick a linksys product over another brand.
I am having 2 intermittent issues that are really causing me grief and an additional couple of annoying issues. I need help in fixing these issues. I have confirmed that I have the latest firmware version.
1) Some computers do not have connection to the internet. As if the security policy is confused about the time or connection. I really think this is a security policy issue, but I will let you decide.
2) There are some computers that I allow a 24/7 connection to the internet. For the rest I don’t want them to have access between the hours of 12a-6a. I have found that the connection doesn’t always shut-off. I have kids and do not want them to have access during those hours. I never had problems with my previous linksys router.
3) I am unable to set an access policy that spans the 5 min between 11:55p and 12a. In my previous linksys router I could.
4) The new daylight savings schedule is not part of my current firmware. This really threw off my security policies.
I have found that if I reboot or if I simply goto the security policy screen and click on save settings it seems to correct itself. But, I shouldn’t have to babysit it to make sure that it’s working correctly. When I am out of town I need to know that my security policies will continue to work while I am away.
Here’s my set up:
1) I have a linksys cable modem that connects me to the internet through my cable provider.
2) I have the linksys wireless (WRVS4400N) router that connects to the cable modem.
3) I have a 3Com Superstack II switch as the backbone of my network which connects to the router.
4) I have several devices connected to this router: computers, xbox, vonage phone line.This is EXACTLY what my router is doing...
2) Access restrictions do not work, PERIOD...."ALLOW" will disable internet access for the entire subnet (regardless of the rule), and "DENY" will prevent uploading of file attachments to hotmail, myspace, facebook etc....for every computer on the subnet.
Message Edited by DSMKilla on 10-26-2008 11:08 AM
(Edited post for guideline compliance. Thanks!)
Message Edited by JOHNDOE_06 on 10-26-2008 11:39 AM -
CS5 HDR pro two photos alignment issue
Although I really enjoy the new tool, I'm having trouble aligning two photograph when I open then through the HDR pro tool.
Why is alignment of two photos so bad in HDR pro and perfect if you align the two same photos as two layers? I've even tried reopening the same files over and over and get different results each time in HDR pro.
In view of this, shouldn't there be a realign button in the slider adjustment screen, or options for alignment, such as Use the regular auto-align?
Since alignment works fine with layers, is it possible to have an option to use layers as a starting point for HDR pro instead of opening saved photos only? I realize this probably might not give perfect results as just fixing the automatic alignment issue...
But hey, I'm just trying to find a workflow around this if I didn't have my tripod with me at time of shoot... and I shot only two photos to composite.Hi Chris,
thanks for looking into this matter. Where do you want me to send the files (over 50 megs zipped).. they're CR2 files...
Date: Fri, 28 May 2010 14:38:51 -0600
From: [email protected]
To: [email protected]
Subject: CS5 HDR pro two photos alignment issue
Don't know what could be going wrong. Can we get the files so we can try to reproduce the problem here at Adobe?
> -
I have two Domain Controllers Main ( Main DC ) and Second DC.
the date of some policies is not out of date....
please check these files to know the problem.
dcdiag.txt output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine ASMDC, is a Directory Server.
Home Server = ASMDC
* Connecting to directory service on server ASMDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... ASMDC passed test Connectivity
Testing server: Default-First-Site-Name\BSMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... BSMDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Advertising
The DC ASMDC is advertising itself as a DC and having a DS.
The DC ASMDC is advertising as an LDAP server
The DC ASMDC is advertising as having a writeable directory
The DC ASMDC is advertising as a Key Distribution Center
The DC ASMDC is advertising as a time server
The DS ASMDC is advertising as a GC.
......................... ASMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... ASMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... ASMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ASMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... ASMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... ASMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC ASMDC on DC ASMDC.
* SPN found :LDAP/ASMDC.buc.edu/buc.edu
* SPN found :LDAP/ASMDC.buc.edu
* SPN found :LDAP/ASMDC
* SPN found :LDAP/ASMDC.buc.edu/BUC
* SPN found :LDAP/5e88f85b-15a6-4ff5-b0fd-6df748df06fd._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e88f85b-15a6-4ff5-b0fd-6df748df06fd/buc.edu
* SPN found :HOST/ASMDC.buc.edu/buc.edu
* SPN found :HOST/ASMDC.buc.edu
* SPN found :HOST/ASMDC
* SPN found :HOST/ASMDC.buc.edu/BUC
* SPN found :GC/ASMDC.buc.edu/buc.edu
......................... ASMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ASMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... ASMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ASMDC\netlogon
Verified share \\ASMDC\sysvol
......................... ASMDC passed test NetLogons
Starting test: ObjectsReplicated
ASMDC is in domain DC=buc,DC=edu
Checking for CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... ASMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... ASMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7604 to 8103
* rIDPreviousAllocationPool is 7604 to 8103
* rIDNextRID: 7640
......................... ASMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ASMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x825A0024
Time Generated: 08/21/2014 00:22:16
Event String:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system
time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources.
Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
An Warning Event occurred. EventID: 0x8000000E
Time Generated: 08/21/2014 00:32:29
Event String:
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential BUC.EDU\administrator.
An Error Event occurred. EventID: 0x00000422
Time Generated: 08/21/2014 00:32:29
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\buc.edu\sysvol\buc.edu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not
successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... ASMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=ASMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... ASMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\BSMDC
Starting test: Advertising
The DC BSMDC is advertising itself as a DC and having a DS.
The DC BSMDC is advertising as an LDAP server
The DC BSMDC is advertising as having a writeable directory
The DC BSMDC is advertising as a Key Distribution Center
The DC BSMDC is advertising as a time server
The DS BSMDC is advertising as a GC.
......................... BSMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... BSMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... BSMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BSMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... BSMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... BSMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC BSMDC on DC BSMDC.
* SPN found :LDAP/BSMDC.buc.edu/buc.edu
* SPN found :LDAP/BSMDC.buc.edu
* SPN found :LDAP/BSMDC
* SPN found :LDAP/BSMDC.buc.edu/BUC
* SPN found :LDAP/93561cab-4fb3-421f-9a67-af6b4c280eca._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/93561cab-4fb3-421f-9a67-af6b4c280eca/buc.edu
* SPN found :HOST/BSMDC.buc.edu/buc.edu
* SPN found :HOST/BSMDC.buc.edu
* SPN found :HOST/BSMDC
* SPN found :HOST/BSMDC.buc.edu/BUC
* SPN found :GC/BSMDC.buc.edu/buc.edu
......................... BSMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BSMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... BSMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BSMDC\netlogon
Verified share \\BSMDC\sysvol
......................... BSMDC passed test NetLogons
Starting test: ObjectsReplicated
BSMDC is in domain DC=buc,DC=edu
Checking for CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... BSMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... BSMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8104 to 8603
* rIDPreviousAllocationPool is 8104 to 8603
* rIDNextRID: 8106
......................... BSMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BSMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:15
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver SolidPDF XChange required for printer SolidPDF XChange is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!net_pc5!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:19
Event String:
Driver Send To Microsoft OneNote Driver required for printer !!BUCLAPTOP1!Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:20
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/20/2014 23:52:20
Event String:
The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 2) were deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) will be deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) was deleted, and users will no longer be able to print to this printer. No user action is required.
To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click
the Advanced tab, and then clear the Log spooler information events check box.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:22
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 (Copy 1) is unknown. Contact the administrator to install the driver before you log in again.
......................... BSMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=BSMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... BSMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : buc
Starting test: CheckSDRefDom
......................... buc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... buc passed test CrossRefValidation
Running enterprise tests on : buc.edu
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
PDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
KDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
......................... buc.edu passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... buc.edu passed test Intersite
====================================================================
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\ASMDC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5e88f85b-15a6-4ff5-b0fd-6df748df06fd
DSA invocationID: 1355f657-cd24-4ad4-b890-f04f5c624acd
==== INBOUND NEIGHBORS ======================================
DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:43:56 was successful.
CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:41:11 was successful.
CN=Schema,CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
DC=DomainDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:45:39 was successful.
DC=ForestDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
Regards and thanks in advance
MhiarHi,
Based on the description, the Sysvol is replicated by FRS service.
>>some policies at the main DC are not updated like same policies in second DC.
In this case, we can do a non-authoritative restore on the main DC.
To do so:
Click Start, and then click
Run.
In the
Open box, type cmd and then press ENTER.
In the
Command box, type net stop ntfrs.
Click Start, and then click
Run.
In the
Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click
BurFlags.
In the
Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the
Command box.
In the
Command box, type net start ntfrs.
Quit the
Command box.
Regarding reinitializing File Replication Service replica sets, the following article can be referred to for more information.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Best regards,
Frank Shen -
Group Policy - Issues deploying software packages through GPO
Hello everyone,
I am having issues successfully deploying MSI packages through group policy. I have set my computer account up in its own test OU in my domain, but yet the software will not deploy. Example, I'm trying to deploy AVG Anti-Virus and make sure it
is installed on each and every PC in my domain. As for the GPO, I set it up as an assigned package and pointed to the location of the package with the UNC file path (visible to both the DC and my computer that is part of the affected OU)
On the domain controller, I get these messages in application event logs:
Beginning a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
Ending a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
This shows up when I refresh GP on my computer. I run gpresult /h GPReport.html and get the following message:
Software Installation failed due to the error listed below.
Fatal error during installation.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between
The software is in a share on the domain controller that is visible from my computer, and permissions are set where "Everyone" has read access. I have tested the package on my computer and it installs
correctly if I do it manually, so it's a good package.
I'm at a loss. I am admitedly very new to GP management, but I'm pretty sure I have covered all my bases here. I humbly ask for any and all help that you all can provide.
Thank you all very much, have a great weekend!> Magnolia_Schools.exe
What's that???
> \\hs-dc2\software\avg\installavg.msi
> <file://\\hs-dc2\software\avg\installavg.msi> /qb addeploy=1
/qb ADDEPLOY=1
Uppercase matters (:
A bissle "Experience", a bissle GMV... Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
I should have explained, my apologies. The InstallAVG.msi is the package I have GP deploying. it is a package that AVG wrote for us that goes in, uninstalls the two previous antivirus softwares we have on our network if it is present, and
then wraps it to run magnolia_schools.exe which installs the AV software. I am uninstalling AVG now and will try reinstalling with
\\hs-dc2\software\avg\installavg.msi /qb ADDEPLOY=1 and report back.
also, the only logs I found that were around the time of the install attempt were such as these:
1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
Does that tell you anything?
I will say this, if this means anything...now that AVG is installed, the event logs are changing from an error %%1603 to this:
Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
The removal of the assignment of application exe2msiSetupPackage from policy Install AVG failed. The error was : %%2
So it acts like it's at least seeing that the package is installed...and reacting differently, correct?
Thanks so much -
Hi All,
we have enabled 2 way SSL in weblogic, we have one Admin Server and one managed (soa) server version 11.1.1.5
steps we have followed:
we have imported identity certificate and key file to a custom identity store
improted trust certificates to a custom trust keystore
in weblogic consile: soa_server1-> keystires : we have updated custom identity and trust details
in weblogic consile: soa_server1-> ssl - we have updated required custom identity details and selected " Client Certs Requested And Enforced" for Two Way Client Cert Behavior.
but while testing our process we are getting below error:
we have tried openssl to test the connectivity but not sure about the output, is there any way to trace the SSL connection?
any input will be really helpful.
<AIASessionPoolManagerFault xmlns="http://xmlns.oracle.com/AIASessionPoolManager">
-<part name="summary">
<summary xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
com.oracle.bpel.client.BPELFault: faultName: {{http://xmlns.oracle.com/AIASessionPoolManager}AIASessionPoolManagerFault}
messageType: {{http://schemas.oracle.com/bpel/extension}RuntimeFaultMessage}
parts: {{
summary=<summary xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel when attempting Get operation</summary>
,detail=<detail xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel: Operation=Get.
SessionPoolHost.getSession(Siebel,170006): getSession(Siebel,170006) failed: Thread [weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4] faild to initialize the session pool. SessionPoolHost.create() thread[weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4]: Failed to obtain a session after 3 attempts. SPM cannot successfully connect to web server Login credentials [endpoint: https://+<host>+:443/ngbeai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute&WSSOAP=1 ]
java.lang.Throwable: SOAPException occured when requesting : javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure
javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure.
</detail>
,code=<code xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error</code>}
</summary>
</part>
-<part name="detail">
<detail xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Error on AIASessionPoolManager.bpel: Operation=Get.
SessionPoolHost.getSession(Siebel,170006): getSession(Siebel,170006) failed: Thread [weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4] faild to initialize the session pool. SessionPoolHost.create() thread[weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@107d5bb4]: Failed to obtain a session after 3 attempts. SPM cannot successfully connect to web server Login credentials [endpoint: https://+<host>+/ngbeai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute&WSSOAP=1 ]
java.lang.Throwable: SOAPException occured when requesting : javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure
javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure.
</detail>
</part>
TIA,
Vivek
Edited by: 909283 on Apr 15, 2013 12:07 AMHi Kishor/Rene,
Thanks for the reply, we have already referred to the mentioned Oracle Note and enabled SSL debugging.
while starting Admin server we are getting below output:
Can you please confirm from below logs that SSL connection is correct, i have also provided below the error message we are getting in our process.
<Apr 2, 2013 6:49:56 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 316588026>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 105197569742293346305268
Issuer:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN= Test AD Objects CA1
Subject:C=AU, ST=NSW, L=Sydney, O=<xyz>, OU=Operations and Shared Services, CN= xyz>.com.au, EMAIL=<abcd>@<.com>
Not Valid Before:Thu Oct 11 11:00:23 EST 2012
Not Valid After:Sat Oct 11 11:00:23 EST 2014
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 458601664052503175495693
Issuer:CN=<xyz> Test Policy CA
Subject:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN=<xyz> Test AD Objects CA1
Not Valid Before:Thu Nov 10 15:24:24 EST 2011
Not Valid After:Thu Nov 10 15:34:24 EST 2016
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 105197569742293346305268
Issuer:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN=<xyz> Test AD Objects CA1
Subject:C=AU, ST=NSW, L=Sydney, O=<xyz>, OU=Operations and Shared Services, CN=<abcd>.<.com>, EMAIL=<abcd>@<.com>
Not Valid Before:Thu Oct 11 11:00:23 EST 2012
Not Valid After:Sat Oct 11 11:00:23 EST 2014
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 458601664052503175495693
Issuer:CN=<xyz> Test Policy CA
Subject:DC=com, DC=<xyz>, DC=dir, DC=test, DC=testcore, CN=<xyz> Test AD Objects CA1
Not Valid Before:Thu Nov 10 15:24:24 EST 2011
Not Valid After:Thu Nov 10 15:34:24 EST 2016
Signature Algorithm:SHA1withRSA
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: <abcd>.<.com>>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerKeyExchange RSA>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm MD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 70>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received CHANGE_CIPHER_SPEC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received HANDSHAKE>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Finished>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 8>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 26>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 26>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 26>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 24>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 45>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 45>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 45>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 15>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 30>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 30>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 30>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 18>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 23>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 23>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 23>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 20>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 41>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 41>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 41>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 7>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read(offset=0, length=8192)>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 SSL3/TLS MAC>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316569006 received APPLICATION_DATA: databufferLen 0, contentLength 13>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read databufferLen 13>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <316565651 read A returns 13>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <avalable(): 316565651 : 0 + 0 = 0>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLLayeredSocket.close(Unknown Source)
at weblogic.nodemanager.client.NMServerClient.disconnect(NMServerClient.java:276)
at weblogic.nodemanager.client.NMServerClient.done(NMServerClient.java:138)
at weblogic.nodemanager.mbean.NodeManagerRuntime.getState(NodeManagerRuntime.java:423)
at weblogic.nodemanager.mbean.NodeManagerRuntime.getState(NodeManagerRuntime.java:440)
at weblogic.server.ServerLifeCycleRuntime.getStateNodeManager(ServerLifeCycleRuntime.java:752)
at weblogic.server.ServerLifeCycleRuntime.getState(ServerLifeCycleRuntime.java:584)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.getAttribute(WLSModelMBean.java:525)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(DefaultMBeanServerInterceptor.java:666)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(JmxMBeanServer.java:638)
at weblogic.management.mbeanservers.domainruntime.internal.FederatedMBeanServerInterceptor.getAttribute(FederatedMBeanServerInterceptor.java:308)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.getAttribute(JMXContextInterceptor.java:157)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$12.run(WLSMBeanServerInterceptorBase.java:326)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:324)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.getAttribute(SecurityInterceptor.java:299)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.getAttribute(WLSMBeanServer.java:279)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$5$1.run(JMXConnectorSubjectForwarder.java:326)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$5.run(JMXConnectorSubjectForwarder.java:324)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.getAttribute(JMXConnectorSubjectForwarder.java:319)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1404)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1367)
at javax.management.remote.rmi.RMIConnectionImpl.getAttribute(RMIConnectionImpl.java:600)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1035_WLStub.getAttribute(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.getAttribute(RMIConnector.java:878)
at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:263)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:504)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy138.getState(Unknown Source)
at com.bea.console.actions.core.server.ServerTableAction.populateServerRuntimeTableBean(ServerTableAction.java:365)
at com.bea.console.actions.core.server.ServerTableAction$ServerTableWork.run(ServerTableAction.java:498)
at weblogic.work.commonj.CommonjWorkManagerImpl$WorkWithListener.run(CommonjWorkManagerImpl.java:203)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 316565651>
<Apr 2, 2013 6:49:57 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 316588026>
error in bpel process:
summary=<summary xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel when attempting Get operation</summary>
,detail=<detail xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error on AIASessionPoolManager.bpel: Operation=Get.
SessionPoolHost.getSession(Siebel,190001): SessionPoolHost.create() thread[weblogic.work.j2ee.J2EEWorkManager$WorkWithListener@16670d1d]: Failed to obtain a session after 3 attempts. SPM cannot successfully connect to web server Login credentials [endpoint: https://<host>:443/eai_enu/start.swe?SWEExtSource=SecureWebService&SWEExtCmd=Execute&WSSOAP=1 ].
java.lang.Throwable: SOAPException occured when requesting : javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure
javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Received fatal alert: handshake_failure</detail>
,code=<code xmlns:def="http://www.w3.org/2001/XMLSchema" xsi:type="def:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Error</code>}
</summary>
TIA,
Vivek
Edited by: 909283 on Apr 15, 2013 12:08 AM -
Portable Device blocking Policy issue
Hi,
We have recently applied GPO to block Portable devices using GP setting under computer configuration/admin tools/system/removable storage devices/WPD devices
We have also created exception policy based on group membership.
We have some of the users who uses Windows CE devices for business purpose. The policy was applied on them as well for which those devices were also blocked. We have later added those PC's to exception group and the policy was reverted back as we can see
from RSOP.MSC but the devices are still inaccessible and giving error that "you does not have permission to access the device"
Also the DVD burning softwares are not able to identify the DVD drives but those are visible in My Computer. I am not sure why this kind of issue happened even when the policy is rolled back.
We have deleted the GPO history and tried but no use. Even we have disjoined the PC from Domain but the issue remains.
If we do system restore to old date then it starts working.
I am not able to understand is it because of policies or something elseHi,
As far as I know, if we configure any settings under Computer Configuration\ Administrative Templates\System\Removable Storage Access
The following registry entry should be created:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices
If we configure any settings under User Configuration\ Administrative Templates\System\Removable Storage Access
The following registry entry should be created:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices
Under these two entries, there should be GUIDs for the corresponding policy settings we have configured. After clicking a GUID, we should be able to see the registry value
for the policy setting.
In this case, if we enable WPD Devices: Deny read access or Deny write access, the value of Deny_Read or Deny_write should be 1, and if we disable WPD Devices: Deny read access
or Deny write access, the value of Deny_Read or Deny_write should be 0.
Besides, if we don’t configure any settings under Computer Configuration and User Configuration\ Administrative Templates\System\Removable Storage Access, there should
be no such registry entries.
Best regards,
Frank Shen -
Windows 7 DNS and Group Policy Issues
Hi,
We have several suites of Windows 7 domain connected PC's.
In one of the suites I have been called into look at 3 different PC's where the users have not got mapped drives, desktop backgrounds, internet connectivity - because their group policies have not applied.
When I look at the error logs I find DNS 1014 errors, and Group Policy 1054 errors.
I have looked at the logs on the switches, and there is nothing on them - Could a pupil pulling the network cable out cause these errors?... Possibly they could have put it back in before I got back in the room.
The user logs off of the PC and back on again and are fine, as are the users that logon after them.
We have 2 DC's/DNS servers, which I would have thought would be able to cope with the load here.
Please let me know what you think the likely cause could be.Hello John555444,
What is your current situation?
Is this issue resolved?
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
ISE Authorization Policy Issues
Hello Team,
I´m getting troubles during my implementation: The User PC never gets IP Address from Access VLAN after AuthZ Policy succeded.
I have two vlans in my implementation:
Vlan ID 802 for Authentication (Subnet 10.2.39.0)
Vlan ID 50 for Access Users (Subnet Y.Y.Y.Y)
When I start my User PC, I get IP for VLAN 802 (10.2.39.3) and After Posture process, ISE inform the switch to put the User PC port in VLAN 50.
Here I have my Switch Port Configuration:
interface GigabitEthernet0/38
switchport access vlan 802
switchport mode access
switchport nonegotiate
switchport voice vlan 120
ip access-group ACL-DEFAULT in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 50
authentication event server dead action authorize voice
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
end
And Here, I have outputs AuthZ Policy in Action:
Oct 7 09:22:01.574 ANG: %DOT1X-5-SUCCESS: Authentication successful for client (0022.1910.4130) on Interface Gi0/38 AuditSessionID 0A022047000000F6126E9B17
Oct 7 09:22:01.582 ANG: %AUTHMGR-5-VLANASSIGN: VLAN 50 assigned to Interface Gi0/38 AuditSessionID 0A022047000000F6126E9B17
Oct 7 09:22:01.591 ANG: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC 0022.1910.4130| AuditSessionID 0A022047000000F6126E9B17| AUTHTYPE DOT1X| EVENT APPLY
Oct 7 09:22:01.591 ANG: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-537cb1d6| EVENT DOWNLOAD-REQUEST
Oct 7 09:22:01.633 ANG: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-537cb1d6| EVENT DOWNLOAD-SUCCESS
Oct 7 09:22:01.633 ANG: %EPM-6-IPEVENT: IP 0.0.0.0| MAC 0022.1910.4130| AuditSessionID 0A022047000000F6126E9B17| AUTHTYPE DOT1X| EVENT IP-WAIT
SWISNGAC8FL02#
Oct 7 09:22:02.069 ANG: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0022.1910.4130) on Interface Gi0/38 AuditSessionID 0A022047000000F6126E9B17
SWISNGAC8FL02#
Oct 7 09:22:02.731 ANG: %EPM-6-IPEVENT: IP 10.2.39.3| MAC 0022.1910.4130| AuditSessionID 0A022047000000F6126E9B17| AUTHTYPE DOT1X| EVENT IP-ASSIGNMENT
Oct 7 09:22:02.731 ANG: %EPM-6-POLICY_APP_SUCCESS: IP 10.2.39.3| MAC 0022.1910.4130| AuditSessionID 0A022047000000F6126E9B17| AUTHTYPE DOT1X| POLICY_TYPE Named ACL| POLICY_NAME xACSACLx-IP-PERMIT_ALL_TRAFFIC-537cb1d6| RESULT SUCCESS
After that, I have:
SWISNGAC8FL02#sh auth sess int g0/38
Interface: GigabitEthernet0/38
MAC Address: 0022.1910.4130
IP Address: 10.2.39.3
User-Name: SNL\enzo.belo
Status: Authz Success
Domain: VOICE
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 50
ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-537cb1d6
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A022047000000F6126E9B17
Acct Session ID: 0x000001A7
Handle: 0x710000F7
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
Apparently, everything is OK, but NOT. The User PC never gets IP Address from Access VLAN 50.
If I do SWISNGAC8FL02#sh mac address-table | inc 0022.1910.4130
50 0022.1910.4130 STATIC Gi0/38
802 0022.1910.4130 STATIC Gi0/38
And
SWISNGAC8FL02#sh epm session summary
EPM Session Information
Total sessions seen so far : 17
Total active sessions : 1
Interface IP Address MAC Address VLAN Audit Session Id:
GigabitEthernet0/38 10.2.39.3 0022.1910.4130 802 0A022047000000F6126E9B17
My Switch is a Cisco IOS Software, C3560E Software (C3560E-IPBASEK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)
I am using ISE Version 1.2.1.198 Patch Info 2
Could you help me in this Case ?
Best Regards,
Daniel StefaniIt seems like the PC is operating in the VOICE-domain according to the cmd auth sess int you showed. Do you think that has something to do with your problem? I've experienced some PC's having problem with that.
If you could, try getting the PC to operate in the DATA-domain by not sending the voice-attribute from ISE after the authorization. -
Urgent Group Policy Issue - not applying despite saying it does
Thank you for this urgent help. Auditors checking this out tomorrow morning.
We have a GPO that sets the eventlog audit settings for success or failure security events. The scope is set to Authenticated Users.
When I run the group policy wizard in GPMC it shows the settings applying to one of our servers in that OU.
When I run gpresult/z from that server it shows the policy applying to that server.
But when I go into gpedit.msc the security audit settings are all set to "not defined" and they are grayed out so I can't edit them manually.
As a test I set the GPO to deny applying to that server. I ran gpudpate/force on the system and then gpresult and it shows the GPO now not applying. But the settings are still set to not defined and still not editable. they are not being set by any other GPO.
In the event logs I only see three GPO errors but they are unrelated. A separate GPO is having issues creating user accounts. No other GPOs apply.
Quick help would be fantastic.
Server runs on Windows Server 2008 R2 (I can edit GPO but not the domain ones and I don't have access to the domain controllers).OK, After several hours I figured it out. Turns out there's bugs and odd functionality.
If someone ever tested the 'advanced audit settings' (which I did in the same GPO at some point) then it sets a registry key to disable the use of the older basic audit settings. But when you stop using those advanced settings in your GPO it doesn't remove
that registry bit. So I used the GPO to undo that setting. This was the first step. This is found Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > "Audit: Force audit policy subcategory
settings (Windows Vista or later) to override audit policy category settings" to DISABLED.
Even though this is done, sometimes the GPO files on the domain controllers don't remove the old audit settings. So in the comments of another thread I found out you may have to go to
\\domain-fqdn\SYSVOL\domain-fqdn\Policies\{your-policy-id-where-this-setting-was-originally-set}\Machine\Microsoft\Windows NT\ and delete the Audit folder which is left behind due to some odd bug. If you don't do this even after doing the next step the
next gpupdate will bring that security setting above back down.
Next you have to reset your audit settings on your PC to the defaults. Unfortunately there is no way to do this. Auditpol /clear does not accomplish this. The only way to do this is to take the audit settings from another working system, export them and
then 'restore' those same settings to the affected server. To do this:
1. On 'working system' run cmd.exe as administrator and export the audit settings to a folder like this:
auditpol /backup /file:c:\working-auditpol-settings.txt
2. Copy that file to the broken system such as the C:\ drive and run this on the broken system:
auditpol /restore /file:c:\working-auditpol-settings.txt
Open GPEDIT.MSC and verify the audit settings are back to normal. Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy
Then run gpupdate/force on the formerly broken system. Close gpedit.msc and reopen and verify the settings were not overwritten. If you skipped the sysvol audit folder deletion step they may come back.
Hope this helps someone. -
Two semi-serious issues with 21.5" i5 iMac...
1. The AirPort internet connection stalls out. When I'm using Safari or Chrome it just acts like the computer isn't connected to the internet. Sometimes the upper-right icon drops to two bars when this happens (it's usually five), and sometimes it doesn't. Then I'll turn the AirPort off and on again, and it will work. On two occasions it took about three times of doing this for it to work again. This happens daily.
2. I just got a message prompting me to force quit an application because there wasn't enough startup disk space or "application memory" to keep running all TWO of them. I was running iTunes and Safari. I was actively using Safari (reading wikipedia, so nothing too demanding), with iTunes "hidden" playing songs from a playlist. I just got another one while typing this. EDIT: just before I submitted this question I got about five more of them in a row.
3. In general over the last two days it has been running much slower than it should. I was using Google Earth with iTunes playing in the background and the graphics were extremely choppy and it kept glitching/freezing every few seconds.
My iMac is about 2.5 weeks old, and I'm positive that all the software is up to date, as I just checked with the Software Update application. What should I do???The Airport issue sounds like interference, which can be from any number of sources: microwave ovens, other strong, nearby signals, cordless phones etc. Try switching to a different channel. Adjust the router antenna or move its location, if possible. Might also try rebooting the router.
For the other issue, first just try restarting. Sometimes this will help for system "glitches." If that doesn't help, then open Activity Monitor in Utilities, go to System Memory and see how much free and inactive RAM there are when you get these messages or things are slowing down. Also, look down at "page outs" and "swap used." With only iTunes and Safari open, and not having run anything else memory intensive before, you should be seeing zero for both. Are you sure you had no other applications still open?
The Google Earth issue sounds like, maybe, your internet speed was dropping out
Still in Activity Monitor, switch to CPU>All processes and see how much idle CPU there is.
Another general thing to try is Verify Disk in Disk Utility in Utilities.
Your Profile is showing 10.6.7, and you say all software is up to date. Try applying the 10.6.8 Combo update in Safe Boot. You can run this over the current 10.6.8. It might fix anything that's damaged or missing in the system files.
http://support.apple.com/kb/DL1399
Have a look at my recommendations for updating.
https://discussions.apple.com/thread/3139323?tstart=0
Finally, you might want to run the Hardware Test in Extended.
http://support.apple.com/kb/ht1509
Message was edited by: WZZZ -
Group Policy issue - Bandwidth detection failed
Hi
We have a major issue affecting multiple users (>100) where they are unable to login to the machine.It looks like core windows services do not start such as DHCPClient, EventLog, UserProfileService.
Looking at the events on the pc I can see the following events:
Event 6314
Group policy bandwidth estimation failed. Group policy processing will continue. Assuming fast link.
Event 6323
Group Policy dependency (Network Location Awareness) did not start. As a result, network related features of Group Policy such as bandwidth estimation and response to network changes will not work.
I can see the NLA service started but I am worried alot more machines will become unusable. A change was made to group policy regarding searching items in the start menu
User Configuration\Administrative Templates\Start Menu and Taskbar
Do not search files
Enabled
Do not search Internet
Enabled
Remove Games link from Start Menu
Enabled
Remove Help menu from Start Menu
Enabled
Remove Music icon from Start Menu
Enabled
Remove Network Connections from Start Menu
Enabled
Remove Network icon from Start Menu
Enabled
Remove Run menu from Start Menu
Disabled
Remove the networking icon
Enabled
Remove the volume control icon
Disabled
Remove user's folders from the Start Menu
Enabled
The clients are mostly Vista SP2 with some Windows 7. DCs are Server 2008.
Any help in resolving this much appreciated.Hi,
>>Group Policy dependency (Network Location Awareness) did not start. As a result, network related features of Group Policy such as bandwidth estimation and response to network changes will not work.
Network Location Awareness service is a needed service for processing group policy settings since Windows Vista. It helps check the network location of the computers and helps detect slow link when processing group policy settings.
Before going further, does this happen to all clients in our environment? Please check our network configuration and make sure that the clients are able to correctly communicate with DCs. Besides, we can try to reinstall network
adapters to see if it helps. Moreover, please further check event logs to see if some other error events were logged.
Here, we can also try to clean boot our clients to troubleshoot if this is caused by some third party services or applications.
Regarding how to perform clean boot, the following article can be referred to for more information.
How to perform a clean boot in Windows
http://support.microsoft.com/kb/929135
In addition, if everything goes clean, we can try to delay the application of Group Policy at startup by following the procedure described in the Resolution section in the article below to see if it helps.
Windows 7 Clients intermittently fail to apply group policy at startup
http://support.microsoft.com/kb/2421599
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Policy issues win xp sp2 and zfd ir6
Hi, I have been having this issue for about 4 days. In our school
environment we push a very restrictive policy out to the desktop, and
also apply printers during the login process. About Tuesday afternoon, I
noticed that some labs were not receiving their printer assignments, and
then I noticed that students were gaining access to areas that were
supposed to be restricted to them (C:\ and all it's contents for one).
I have run DSRepair to rebuild the schema, rebuild the operational
database, and perform global repairs, but this has had no effect. I have
recreated the policy for the students and applied it to a test user, but
again, no effect.
We are in a Windows XP SP2, NW6, ZfD4.01 ir6, iPrint 2 environment, with
automatic updates forced to the desktop everyday at 0900 hrs. I am a
little stumped, and cannot find any suggestions in the knowledgebase.
I would appreciate any suggestions that might help.
TIA
RobRob,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
OIM 11g - User Management Authorization policy issues
Hello,
1) Created an organization -> Human Resource
2) Created an Role -> HR_Admins
3) Assigned HR_Admins roles as administrative role of Human Resource organization
4) Created user1 with organization as Human Resource & Assigned HR_Admins role to this user.
5) Created authorization policy for user management with following selections
Permission -> Create User.
Data Constraints -> Selected "Users that are members of selected Organizations" & selected above Human Resource organization.
Assignment -> HR_Admins role .
now when i log into user1 i am not able to see Administration tab where i can select Create user.
I am working on this issue for couple of days ,but not able to find the solution & have i missed some configurations ?
Thank-You
Rahul ShahHi Rahul,
I have tested your scenarion.. with below clause
1) Created an organization -> Human Resource
2) Created an Role -> HR_Admins
3) Assigned HR_Admins roles as administrative role of Human Resource organization
4) Created user1 with organization as Human Resource & Assigned HR_Admins role to this user. : default role All Users
5) Created authorization policy for user management with following selections
Permission -> Create User. :- *"Select ALL"*
Data Constraints -> Selected "Users that are members of selected Organizations" & selected above Human Resource organization.
Assignment -> HR_Admins role .
In data constraints
Organization Security Setting Hierarchy Aware (include all Child Organizations)
Now I am able to see the create user tab and, I can create user in Human Resource org only.
If it doesn't work for you. Just assign "REQUEST ADMINISTRATOR" IN AUTH POLICY. Test the result.
Also what is your OIM version?
Test it with fresh data like new role name, org and user,
-kuldeep
Edited by: Kuldeep on May 22, 2012 4:19 AM
Maybe you are looking for
-
I have .mov files recorded from an ipad with these specs: AAC, Mono, 44.100 KHZ H.264 320x568 (yes the ipad was used vertically, not horizontally) 29.96 fps I want to edit them in premiere 12, but get this error message: This type of file is not supp
-
Mis-registered system or lost?
I have a user with a laptop AB12345, which is in a remote location but joined to our domain. These systems use our external-facing (DMZ) Zenworks 11.2.4 server "over the internet", but also the user can connect via VPN which then automatically will s
-
PO created in the SRM 7.0 system is not replicated to the Backend-ECCEHP4
PO is created in the SRM 7.0 system and the PO number also generated for the backend system but could not find the PO number in the backend system
-
How do i transfer photos from my camera roll to my own folders
i cant seem to work out how to put the photos from my camera roll to my own personilised folders does anyone no how to laura
-
Program runs out of things to do, but doesn't stop
I have a program that when it ends should stop after saving the data to excel spreadsheets, but for some reason the program doesn't stop despite nothing else going on. If I select highlight execution there are no animated executions going on. The pro