UCCX CAD authentication issue when pub is down
Hi,
we are using LDAP CUCM authentication and agents were unable to login to the CAD (login timeout...) when publisher server is down. It seems that LDAP authentication is not working when publisher is down.
Tomas
Hi
1) You can test whether LDAP is working when the pub is down by logging into ccmuser on a subscriber when the publisher is offline.
2) I would first check your CM configuration in UCCX. On the System/Unified CM Configuration menu, check that you have more than one server configured for AXL, this is a common misconfiguration. You'll also need to verify that the AXL service is activated on the CUCM servers you select. AXL is what UCCX uses to authenticate the users.
Regards
Aaron HarrisonPrincipal Engineer at Logicalis UK
Please rate helpful posts...
Similar Messages
-
How to adding ip phone to sub when pub is down
hi
two cucm are running in network as publisher and subscriber with 7.1.
how can a ip phone will add to sub when there is no pub(dead).
the sub with out pub will be a read only. so please tell me how to over come
thanks.Hi GVK,
in addition to what Jose and Nadeem has said[+5], u can make some changes in existing phones when PUB is down called as User Facing Features[UFF]
https://supportforums.cisco.com/docs/DOC-13672#User_Facing_Features
User Facing Features
Below is a list of user facing features that can be updated by the subscriber and therefore updated while the publisher is down.
User Facing Features
Call Forward All (CFA)
Message Waiting Indication (MWI)
Privacy Enable/Disable
Do Not Disturb Enable/Disable (DND)
Extension Mobility Login (EM)
Monitor (for future use, currently no updates at the user level)
Hunt Group Logout
Device Mobility
CTI CAPF status for end users and application users
Credential hacking and authentication
regds,
aman -
Authentication Issue, When Profile ReCreate
Hi,
i face authentication issue in SQL Server 2012 Evalution after i login in new account.
Take a look situation and what i did.
1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
2). Every Thing i Did i by using AD User name "SP_Farm"
3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
Note: during the whole process i only use SP_Farm (AD Admin User)
Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
after that i cant access Management Studio. :(
Please Guide if is there any other way.
Thanks you
Shariq Ayaz
[email protected]
www.shariqdon.com
www.shariqdon.com/itworld
www.shariqdon.comHi,
i face authentication issue in SQL Server 2012 Evalution after i login in new account.
Take a look situation and what i did.
1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
2). Every Thing i Did i by using AD User name "SP_Farm"
3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
Note: during the whole process i only use SP_Farm (AD Admin User)
Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
Creating a user with the same name is
not the same user :-)
A user has a unique ID and you did not create the same ID, but a new user with same name.
after that i cant access Management Studio. :(
Please Guide if is there any other way.
Thanks you
Shariq Ayaz
[email protected]
www.shariqdon.com
www.shariqdon.com/itworld
www.shariqdon.com
You can try to use This solution:
http://blogs.msdn.com/b/raulga/archive/2007/07/12/disaster-recovery-what-to-do-when-the-sa-account-password-is-lost-in-sql-server-2005.aspx
* After the SQL Server Instance starts in single-user mode, the Windows Administrator account is able to connect to SQL Server using the sqlcmd utility using Windows authentication.
[Personal Site] [Blog] [Facebook] -
Wireless Client Authentication issues when roaming Access Points (Local)
I have a Cisco 5508 with Software version 7.4.121.0 and Field Recovery 7.6.101.1.
There are a handful of clients that when roaming between AP's with the same SSID that get an authentication issue and have to restart the wireless to get back on.
From Cisco ISE
Event
5400 Authentication failed
Failure Reason
11514 Unexpectedly received empty TLS message; treating as a rejection by the client
Resolution
Ensure that the client's supplicant does not have any known compatibility issues and that it is properly configured. Also ensure that the ISE server certificate is trusted by the client, by configuring the supplicant with the CA certificate that signed the ISE server certificate. It is strongly recommended to not disable the server certificate validation on the client!
Root cause
While trying to negotiate a TLS handshake with the client, ISE expected to receive a non-empty TLS message or TLS alert message, but instead received an empty TLS message. This could be due to an inconformity in the implementation of the protocol between ISE and the supplicant. For example, it is a known issue that the XP supplicant sends an empty TLS message instead of a non-empty TLS alert message. It might also involve the supplicant not trusting the ISE server certificate for some reason. ISE treated the unexpected message as a sign that the client rejected the tunnel establishment.
I am having a hard time figuring out what is causing this. My assumption is if there were a problem with the Controller or AP configurations then it would happen to everyone. My further assumption is if the client had a problem with their laptop (windows 7) then why does work at other times? So I have checked and the ISE certificate is trusted by client.
Is something happening that the previous access point is holding on to the mac and the return authentication traffic is going to the old AP instead of the new one or something like that which is corrupting the data?
I also had this from Splunk for the same client:
Mar 5 13:44:51 usstlz-piseps01 CISE_Failed_Attempts 0014809622 1 0 2015-03-05 13:44:51.952 +00:00 0865003824 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario
FailureReason="12929 NAS sends RADIUS accounting update messages too frequently"
Any help on this would be appreciated. These error messages give me an idea but doesn't give me the exact answer to why the problem occurred and what needs to be done to fix it.
ThanksFurther detail From ISE for the failure:
11001
Received RADIUS Access-Request
11017
RADIUS created a new session
15049
Evaluating Policy Group
15008
Evaluating Service Selection Policy
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
11507
Extracted EAP-Response/Identity
12500
Prepared EAP-Request proposing EAP-TLS with challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12301
Extracted EAP-Response/NAK requesting to use PEAP instead
12300
Prepared EAP-Request proposing PEAP with challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12302
Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
12318
Successfully negotiated PEAP version 0
12800
Extracted first TLS record; TLS handshake started
12805
Extracted TLS ClientHello message
12806
Prepared TLS ServerHello message
12807
Prepared TLS Certificate message
12810
Prepared TLS ServerDone message
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
11514
Unexpectedly received empty TLS message; treating as a rejection by the client
12512
Treat the unexpected TLS acknowledge message as a rejection from the client
11504
Prepared EAP-Failure
11003
Returned RADIUS Access-Reject -
802.1X Authentication issues when moving between switch ports
Hi Guys,
We are having some issues at our office where when users move from one switch to another, the 802.1X authentication does not want to take place. The PC just gets an APIPA address. Now I have read about features that MAC Move and MAC replace but they seem to be used when moving from one port a switch to another port on that same switch. Will MAC move help for issues between switches? And should I focus my attention on the switch's configuration or have a look at the NPS server that might be blocking that authentication as the user is already authenticated?
My configuration we have on the switch ports look as follows:
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
dot1x pae authenticator
Your help is greatly appreciated.
GrantHi Neno,
Thanks for the reply. We are using NPS on a Server 2008 R2 virtual machine. The switches are stacked 2960S-48FPS-L running 15.0(2)SE. I will quickly do the debugs and get back to you.
Here is the config:
aaa group server radius customer-nps
server name radius1
server name radius2
aaa authentication dot1x default group radius
dot1x system-auth-control
radius server radius1
address ipv4 172.28.130.52 auth-port 1645 acct-port 1646
key 7 05392415365959251C283630083D2F0B3B2E22253A
radius server radius2
address ipv4 172.28.131.52 auth-port 1645 acct-port 1646
key 7 107C2B031202052709290B092719181432190D000C
interface GigabitEthernet1/0/1
switchport access vlan 300
switchport mode access
switchport voice vlan 2
srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication periodic
authentication timer reauthenticate 28800
authentication timer inactivity 1800
mab
no snmp trap link-status
mls qos trust cos
dot1x pae authenticator
auto qos trust cos
storm-control broadcast level 1.00
storm-control multicast level 1.00
spanning-tree portfast
spanning-tree bpdufilter enable -
User authentication issues when auth by external radius server
We tend to use FF in a corporate environment to manage our networking devices (firewalls/switches/routers etc). Came across a bizarre problem under the following conditions:
ZyXEL Network Switch (GS2200-24) uses external authentication (RADIUS) to allow management and accounting of who makes changes.
When logging into the switch with FF, we get repeated prompts for user authentication. Eventually the user is logged in (and no it's not a typo!). Looking through the dev console in the beta, it seems to get a 401 unauthorised back from the switch once it tries to load another html file.
The browser *should* be presenting the same credentials to each called page within the site, it doesn't seem to :-(
No site added as it's an internal IP address....We tend to use FF in a corporate environment to manage our networking devices (firewalls/switches/routers etc). Came across a bizarre problem under the following conditions:
ZyXEL Network Switch (GS2200-24) uses external authentication (RADIUS) to allow management and accounting of who makes changes.
When logging into the switch with FF, we get repeated prompts for user authentication. Eventually the user is logged in (and no it's not a typo!). Looking through the dev console in the beta, it seems to get a 401 unauthorised back from the switch once it tries to load another html file.
The browser *should* be presenting the same credentials to each called page within the site, it doesn't seem to :-(
No site added as it's an internal IP address.... -
Authentication issue when downloading jar files
Hi,
I am having a problem starting up my application when the application server, in this case WebSphere 5.0, requires the user to be authorized.
In our development environment the server uses basic authentication but once deployed in our test environment we are required to use form based authentication, which I've read that JWS cannot handle.
The current flow is as follows:-
1. The user navigates to a protected page and is prompted to enter a user name and password.
2. Once authenticated they are shown the page that contains a link to a JNLP file.
3. The user clicks on the link, JWS processes the JNLP file and requests the first jar file.
4. The application server sees that there is no 'authorization' header set on the request so asks for the credentials again.
5. For basic authentication the user is prompted by JWS to enter the user name and password and the download succeeds.
6. For form based authentication, JWS instead receives an HTML login page and, after a short period, reports that it received a corrupted jar file.
I was wondering if there is any way to pass key/value pairs within the JNLP file (or any other approach to pass this data) that JWS could then use to populate the 'authorization' header of the request to load the jar files?
If this is not possible, are there any other techniques I could use to get round this?
I am currently passing other data via the 'JSP as JNLP' approach with my own servlet so can make dynamic changes to the JNLP file as needed.
Thanks in advance.Hi ipooley,
I came upon your posting here after I've been searching for long for some "standard-conform" decision to this IMHO very popular problem and I was not able to find something so far apart of adding some jsessionid to the jar files in the href tag in order to hack the app server to believe the client is authenticated. In my case this doesn't help as well because the authentication is done separately through the company portal. Could you please give me some more details about your "hack"? I've tried to call the jnlp file from an applet (simply with showDocument(jsp generating jnlp) but this doesn't (and actually it can't) work too. And what about the jnlp file itself - if I set the href in the jnlp I have the same problems with the jnlp too?
thanks in advance for your reply,
Ilko -
Having authentication issue when trying to add a subscription to an internal billing account
I am trying to add a subscription to an account on the Azure Internal Billing Registration page. But I am hitting an authentication error. How do I get someone to contact me so that I can get this solved?
Hi,
This issue is out of my scope, if you have any problems or questions about using Azure Internal Billing Registration or need help with a registration issue, please try to contact with the support: http://aka.ms/azdesk
Best Regards,
Jambor
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
ACE slowness issue when one server goes down
Hi,
We are having two application servers.Both are load balanced using ACE.
When we bring down one server, we find that when we upload some files into the second application server, its too slow.
But when primary server comes up again the performance increases.This issue happens only when we bring the primary server down.
We are using cookie based stickiness.Any ideas where we can look into.
Rgds.,
SachinDepending on the load-balancing algorithm or predictor that you configure, the ACE performs a series of checks and calculations to determine which server can best service each client request. The ACE bases server selection on several factors including the source or destination address, cookies, URLs, HTTP headers, or the server with the fewest connections with respect to load.
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/classlb.html -
TS2570 Please help me in this issue. when I use C hold down when mac start nothing happed
Please help me in this issue. when I use C hold down when mac start nothing happed
This causes the Mac to boot from the DVD drive. Hold the C key down between the startup tone and the logo.
(the shift key is not required).
Another way to do it is to hold down the Option key during boot and the bootmanager will show you all the possible boot devices and you can pick from there. -
We've had authentication issues with Infinity since the install just over a week ago (BT Business package)
The router will drop the connection and then we have a problem reconnecting (won't). Out of sheer frustration I've discovered a workaround that sometimes works that is to change the user name to the BT test account, connect, and then change the router user name setting back to our own. The BT test account always works, so despite a BT engineer being sent to trace the problem onsite yesterday the issue remains. We've also been sent a new router, and the BT engineer arrived with yet another new one yesterday
The problem seems to be purely authentication. The Technical Helpdesk have changed our password (twice) but we still get the problem. Yesterday I was told that some other users in our area have also had an authentication issue and that over the weekend 'patches' were going to be applied at our local exchange.
When the service works we get quite good speeds (37 down, 8 up) but we're frustrated with the lack of knowledge from the help-desk and have doubts that the 'patches' will resolve the issue
Such is the problem that BT will downgrade us back to ADSL2 (which was rock solid in comparison) next week if we're still unhappy
I did ask if our user name could be changed but told no. I'm curious to know as to what the switch to fibre could cause authentication problems?hi this is a BT Residential forum as a Business user you may get more help from the BT business forum
http://business.forums.bt.com/t5/Broadband-and-internet/bd-p/Broadband
If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’ -
W520 - Cold boot issues when docking, undocking
Has anyone seen this? My W520, BIOS 1.34, has issues when I cold boot for the FIRST time when I move the machine either to or from the mini-dock. What I mean is it doesn't boot quite right if I shut it down docked, then cold boot it undocked or vise versa.
By issues, I mean that although it boots into the Windows 7 desktop, most apps won't load. It is hard to describe.
My solution is to cold boot again. Then everything is ok.
I know the stock response - boot a minimal system, upgrade drivers and BIOS etc etc etc. I'm just wondering if anyone has seen this before and knows the exact cause of this issue. It sure would save me some time investigating.
Speaking of BIOS, what are the odds of Lenovo releasing anything further for the W520 i.e. "Version 1.4" without the 1333Mhz cap on memory?http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8buj14uc.iso
W520, i7-2820QM, BIOS 1.42, 1920x1080 FHD, 32 GB RAM, 2000M NVIDIA GPU, Samsung 850 Pro 1TB SSD, Crucial M550 mSata 512GB, WD 2TB USB 3.0, eSata Plextor PX-LB950UE BluRay
W520, i7-2760QM, BIOS 1.42 1920x1080 FHD, 32 GB RAM, 1000M NVIDIA GPU, Crucial M500 480GB mSata SSD, Hitachi 500GB HDD, WD 2TB USB 3.0 -
Mid 2009 17" MacBook Pro battery shutdown issue when waking from sleep.
My unibody 17" MacBook Pro occasionally shuts down on waking from sleep when it isn't plugged in.
When I open the lid to wake it I can hear the hard drive and fans starting to spool, and then the next second it's off and silent. The laptop doesn't mind being turned on again after it does this and might go a week without doing it again, equally it might do it next time I try and wake it from sleep. It does this regardless of battery charge level.
coconutBattery says the battery still has 86% of its designed capacity, and I haven't noticed anything else untoward regarding battery charging or performance when in use.
So my question is two fold:
1) Does it sound like the battery's internal processor is malfunctioning, or could it be something else?
2) If it is the battery's internal processor, will replacing the battery replace the processor, or are they fitted separately (in defference to the 'internal' part of its name)?
Cheers,
James
nb. just in case it makes any difference, the laptop is a 17" Mid-2009 MacBook Pro, 2.8GHz Core 2 Duo with 4Gb Ram running OSX 10.7.3James
I have had issues when i press the space bar from sleep, sometimes it wakes but others i'm forced to power it on with the power button.
Is this similar to anything you've experianced?
Its so inconsistantly these days, but i'm also connected to an external screen. -
Security issue with page drop down on planning form 11.1.1.3
I'll buy a round of Newcastles for anyone that can fix this issue.
Planning 11.1.1.3 a given user is given @idescendants write access to a cost center rollup that has shared members underneath. The stored members are in a primary rollup higher up in the hierarchy. The webform has the cost center selection on the page drop down. The first child in the rollup does not display. This occurs for every rollup, the first child member is not visible i nthe drop down. So for example, the outline looks like this:
primary cost center hierarchy (stored)
rollup1
--ccxxx stored
--ccyyy stored
alternate hierarchy (shared members)
rollup2 <--------------user has write access to @Idescendants of this rollup
--ccxxx shared
--ccyyy shared
In the page drop down, only the ccyyy member shows. Not the ccxxx. Dev has the same access applied and both show correctly. I've tried refreshing security, pushing filters from plan to essbase (even though this is metadata security in planning) and nothing fixes. Webforms are identical. My next step is to restart the planning service when i get down time but was wondering if anyone else has seen this issue.Always the first child of the shared rollup that doesnt display.
Edited by: EssbaseInAz on Nov 4, 2009 3:11 PMExports are identical. In fact, prod security was cleared and reloaded using an export from dev. after the upload i re-exported prod and compared the export to what was loaded (export from dev). Security is identical. This only for users with security set on the alternate hierarchy rollups up. Admin members are fine. One test i did do was to give access to the first child that is not displaying up on the stored member. If i do that, the member will show. But that's not really feasible in this security setup and it does not explain why the exact same security works fine in dev.
I thought about about the second issue you raise. it does seem to behave like that. but the part is tagged never share, not label. Same as in dev, which works. plus like you said, that situation only seems to arise when the members are on the row and even then, the member displays, it's just set to read only. I'm wondering if there's some flag set in the relational backend that's causing an issue or something like that. I've pushd the filters to essbase and using a test id setup i can replicate this issue, but with an excel retrieve i can obviously see the member (since metadata security isnt applied in excel) and i can also see the data for the missing cost center. So, its somewhere in planning where the metadata security is applied. I might poke around the planning tables and compare to dev to see if i can find any smoking guns. Really bizarre. Plus tomorrow i've got a window to restart the planning service to see if that helps.
Thx for the response Jake and if you have any other suggestions i'm open. If i find a solution i'll let you know.
Pete -
When I shut down the Mac Pro, it restarts
Has anyone run into this issue with their Mac Pro? When I shut down the computer (either via the Ctrl + Option + Cmd + Eject or the Shut Down command from the Apple menu drop down), the Mac Pro will simply restart and take me back to my log-in screen.
At this point, I can hit the shut down button on the login window and it will shutdown, but this is annoying, a waste of time, and unnecessary.
I have tried performing an SMC reset, but it has not resolved this issue.
Specs: Mac Pro (2010)
3.33 GHz 6-Core
(2) 2TB Internal HDD
12GB ram
ATI 5870 graphics card (1GB)I have noticed the exact same behaviour. It only happens when I have something plugged into one of the front USB ports (example : external HD, USB key)
Apparently the system crashes during the shut down process, and then reboots.
Unfortunately, I have not yet found a solution
Maybe you are looking for
-
Installing Linux system on a Satellite A100
Hi - I am new to these forums so please be kind with my limited knowledge . My partner has a satellite A100 laptop that has Windows XP installed on it. Due to driver and upgrade probs - he now wishes to install a linux op system on it (Ubuntu). Wh
-
I'm having a problem running games, and I can't figure out why it's happening or how to fix it. I'm using a base model Macbook, about three weeks old, running Windows XP Home...first with SP2, now with SP3. I had gb of RAM, but I dropped it back down
-
I haven't posted here for quite a while but was wondering if anyone has ever found a way to speed up the printing. When I was using OS 9 and I hit "print", the printer responded instantaneously and was quick. Ever since I upgraded to OS 10 it has alw
-
Hello guys, i need your help, so whats going on is that i have builded a database trigger and it fires "before update".When im testing that trigger and try to update a certain field (in my case,the end_date) , the data base blocks and..it does nothin
-
Hide the group section while previewing the report
Post Author: sanjay_usa1 CA Forum: General In CMC when i preview the reports which has a group category i can see the groups showing up in the left hand side by default everytime when i preview the reoport i can disable it in the upper toolbar but is