Rdep Thread Timeout error to AIP - SSM

Similar Questions

• semaphore timeout error 0 x 80070079

  Backups continue to fail.  I tried "autobackup" and it stops.  Used backup vista and has received 0 x 80070079 semaphore timeout error.  How can I remove or change this feature.

  Hello

  Method 1:

  Temporarily disable the antivirus on the computer running software and check if you are able to install the software.

  Disable the anti-virus software

  http://Windows.Microsoft.com/en-us/Windows-Vista/disable-antivirus-software

  WARNING: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software. If you need to disable temporarily to install other software, you must reactivate as soon as you are finished. If you are connected to the Internet or a network, while your antivirus software is disabled, your computer is vulnerable to attacks.

  Method 2:

  I suggest you perform the clean boot and check.

  How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

  http://support.Microsoft.com/kb/929135

  Note: After a repair, be sure to set the computer to start as usual as mentioned in step 7 in the above article.

  See also:

  Error 0 x 80070079: the semaphore timeout period has expired

  http://social.technet.Microsoft.com/forums/en-us/itprovistanetworking/thread/c3fc9f5d-c073-4A9F-bb3d-b7bb8f893f78/

• Cannot access the AIP SSM via ASDM

  CISCO recommendations below:

  Cannot access the AIP SSM via ASDM

  Problem:

  This error message appears on the GUI.

  Error connecting to sensor. Error Loading Sensor error

  Solution:

  Make sure that the IPS SSM management interface is up/down and check his IP address configured, default gateway and the subnet mask. It is the interface to access the software from Cisco Adaptive Security Device Manager (ASDM) on the local computer. Try to ping the address of management of IPS SSM IP interface on the local computer that you want to access the ASDM. If it is impossible to do a ping check the ACLs on the sensor

  ----------------------------------------------------------------------------------------------------------------------------------------------

  I've tried everything recommended above. I can ping the host ASDM the FW and the SSM-10 module. Well, I ping the host machine and the SSM of the ASDM. I opened as wide as possible ACL. I changed the IP addresses and masks several times. The management of the ASA port and the SSM and the PC are on the same subnet.

  A trace of package from the PC to the SSM shows that it is blocked by an ACL rule, and yet I opened wide.   I've seen this kind of problem before and it was solved by applying the double static NAT, but I don't know how to do that if all the IP addresses are on the same subnet.

  Tried everything, need help from high level.

  The IDM software that comes with ASDM does not support java 1.7. The portion of the ASDM ASA supports 1.7 but launch the IPS cmdlet works only with 1.6. The TAC enginner suggested that I use the IME (IPS Manager Express) which is available for free on the Cisco's (http://www.cisco.com/en/US/products/ps9610/tsd_products_support_general_information.html) Web site.

  I've been playing with it today, and so far it seems to work pretty well.

• (ASA) AIP - SSM 10 Inline; Supreme events?

  A 5520 ASA with SSM-10 GOAL is set to inline mode, but the events of the show for 2 hours (sensor > HS event past 02:00) of the Interior of the sensor shows and "promicuous mode", "left promicuous mode'."

  This AIP SSM - 10 has only one gig0/0 and gig0/1 where o/o is taken out of service and a value default virtual sensor (vs0) is assigned to gig0/1. I see the statistics (sensor > sh SEO-engine of analysis) to gig0/1 so I collect statistics.

  If the configuration of the ASA 5520 has the following policy of inline and events log shows that enter and exit in promiscuous mode so how do I check if I am inspection/recovery in inline mode?

  (ASA > sh run access-list IPS)

  IPS list extended access permitted ip DMZ 255.255.255.0 26.26.1.0 255.255.255.0

  (ASA > sh run | b class-map)

  class-map IPS

  corresponds to the IP access list

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the netbios

  inspect the rsh

  inspect the rtsp

  inspect the skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect the tftp

  inspect the sip

  inspect xdmcp

  inspect the waas

  inspect the icmp

  class IPS

  IPS inline help

  !

  global service-policy global_policy

  (sensor > sh interfaces)

  ...

  Statistics interface GigabitEthernet0/1 MAC

  Function of interface = interface detection

  Description =

  Support type = backplane

  By default Vlan = 0

  Inline = unpaired mode

  Pair of status = n/a

  Circumvention of Capable hardware = no.

  Twin derivation material = n/a

  Link status = upwards

  Link speed = Auto_1000

  Link Duplex = Auto_Full

  Lack of Packet percentage = 0

  Total packets received = 95044

  Total number of bytes received = 8715230

  Total multicast packets received = 0

  Total of broadcast packets received = 0

  Total fat packets received = 0

  Total sousdimensionnés packets received = 0

  Receive the total errors = 0

  Receive FIFO overruns total = 0

  Total packets transmitted = 95044

  Total number of bytes sent = 9047702

  Total multicast packets sent = 0

  Total broadcast packets sent = 0

  Total fat transmitted packets = 0

  Total packets transmitted sousdimensionnés = 0

  Total transmit errors = 0

  Total transmit FIFO overruns = 0

  sensor > sh events last 02:00

  evStatus: eventId = 1203360411830836145 = Cisco vendor

  Author:

  login host: ASA2_IPS

  appName: kernel

  appInstanceId:

  time: 2008-02-20 19:01:46 2008/02/20 19:01:46 UTC

  syslogMessage:

  Description: device ge0_1 entered promiscuous mode

  evStatus: eventId = 1203360411830836146 = Cisco vendor

  Author:

  login host: ASA2_IPS

  appName: kernel

  appInstanceId:

  time: 2008-02-20 19:01:53 2008/02/20 19:01:53 UTC

  syslogMessage:

  Description: the promiscuous mode device ge0_1 left

  The left State events and entered promiscuous mode are usually generated when you do a 'package of display' or 'the capture of packets' command on the CLI of the sensor.

  Track order of the package is promiscuity but is independent of promiscuity or inline followed by analysis of the probe engine.

  If you have inline monitoring using the probe analysis engine.

  And still make command package to the cli for your own monitoring promiscuity of those same packets. Here are 2 independent monitors of the same packages.

  If I remember right inline monitored packets always get returned to the ASA (unless expressly denied), which is not promiscuous packets. So check sensors gig0/1 interface statistics and the number of packets for transmission. If receive and transmit accounts are quite close, then packets are monitored by the analytical engine InLine. If the number of transmission is nil or very low then the packets are likely promiscuous monitored.

  With the configuration of your ASA you are correctly configured for online tracking.

  So I don't think that you are investigating inline, and status messages are specific to your start and stop of the command 'package' on the CLI for your own independent viewing packages promiscuity.

• AIP-SSM-20 upgrade

  Try to upgrade an AIP-SSM-20.

  We have 2 ASA in a failover configuration, upgrade on the AIP-SSM-20 secondary has been a success.

  On the primary AIP-SSM-20, we get the following error when you try to upgrade via FTP from the same server that we have updated the secondary SSM module of:

  execUpgradeSoftware: permission denied

  The current version is 1,0000 E1, tyring 4,0000 E1 upgrade

  We tried when the module is active and when it's not... same error in both directions. Doesn't seem to be a user FTP error since we get a different when error deliberately hits the user or password.

  Our SSM user has administrator privileges (cisco default user) and we tried to restart the SSM... no luck

  Anyone has any idea on this?

  Thank you

  John Stemke

  I don't know if the error is generated by the sensor itself, or from the ftp server.

  To discover the try running a sniffer of packages on the ftp server or the 'package' command on the CLI for the command of the probe and control interface.

  Run the command to upgrade and see if a ftp connection is still attempted by the sensor.

  If no ftp connection is attempted, then the error would be to the sensor itself, and it would seem that the user doesn't have permissions admin (which doesn't seem to be your case by what you wrote).

  If the ftp connection is attempted, then the error is probably coming from the ftp server. Look at the packages that you have captured and see if an error is coming from the ftp server. The problem may be a permissions issue on the file on the ftp server. The ftp directory or the file itself may not have read permission for the file.

  You can also try a ftp from your own desktop to the same ftp server by using the same user and password used for the sensor and see if you can download it on your own desktop.

  As a work around to get your updated sensor to update and work on this authorization the problem is later to copy the upgrade on your desktop.

  Run IDM and use IDM to repel the upgrade of your desktop directly on the sensor.

• AIP - SSM recreate the image in secondary ASA 5500 (failover) with virtual contexts

  Hello guys,.

  The scenario is as follows:

  2 ASA 5500 with virtual contexts for failover.

  The ASA elementary school has the work of the AIP-SSM20.

  ASA school (which is in active / standby) has its SSM20 AIP to work now and everything is in production.

  Someone tried to configure this 2nd AIP - SSM, changed the password and lost, so I tried to re - the image (without authorized passage recovery), but the connection fails on the TFTP server, where is the image of the AIP - SSM.

  Now questions, documentation Cisco re-imaging view orders under ASA #.

  but as this scenario has several virtual contexts the ASA # shell contains no IP address as you know (which I suppose is the reason why the ASA cannot download the image from the TFTP server) and switch to another context (ASA / admin #) re-imaging commands do not work (hw-module module 1... etc...).

  What is the solution? Is there documentation for it (with security contexts)?

  Thank you very much for reading ;) comment on possible solutions.

  Yes,

  Some things to keep in mind.

  (1) run 'debug module start' on the SAA before running the command "hw-module module 1 recover boot. This will show you the ROMMON of the MSS output as it tries to make the new image and you can look for any errors.

  (2) before trying to download from the SSM, first use a machine separate download tftp from your laptop. This will ensure the TFTP on your laptop works and confirm what directory (if any) that you can use as the file location.

  (3) if the tftp download does not SSM, then the SSM is unable to properly connect to your laptop. You need a crossover cable to connect your laptop to the SSM. If you have a crossover cable, then you could try to connect the MSS and your laptop to a small hub, or configure a new vlan on your switch with only 2 ports and connect the MSS and your computer laptop this vlan 2 port.

  (4) also try the download first at the end of the gateway to 0.0.0.0 since your laptop and the SSM will be on the same subnet. If this does not work then you can try a non-existent 30.0.0.4 address as gateway.

  (5) understand that the IP address that you specify for the MSS using the command "configure the hw-module module 1 recover" is just temporary for download. Once an image is installed, then sitting at the module and run the "setup" command in order to configure the permanent address you want ure on external port of the SSM. This address in the "setup" command can the same as that used in the command 'get the 1 hw-module module configure' or a completely new (as in your case). Just make sure that you connect to the network just to what address you give.

• AIP - SSM, failure to update the cisco Web site

  Hi all

  I want to know the reason why my AIP - SSM fails to update its signatures automatically from cisco website. I put the module do cisco automatic signature update, but it doesn't matter when he tries to update, it displays an error message that reads "= error: exception Autoupdate: HTTP failed to connect (1 111) ' find the exact error message attached. The interface of my AIP - SSM is behind the proxy of the company and I put the proxy to allow Module AIP - SSM establish a connection to the internet.  What could be wrong?

  Your help will be very appreciated.

  Concerning

  Automatic update to the signature of the IPS is not supported through proxy server.

  The configuration of the proxy server on the IPS is only for the overall correlation.

  You must allow direct access for the automatic update of signature to IPS.

• VISA read timeout error - Keithley 2400

  I am using LabView 2010 to control a Keithley 2400 Sourcemeter on an RS-232 Interface. I want to set up a measure and take a reading (e.g. ground voltage / time)

  I took an example of "Keithley ReadOnly" library code, but the 1073807346 error to retrieve box "initialize". Then I looked in 'Initialize. VI"and found there is a VISA (timeout error?) reading error. I have attached two screenshots that shows errors. Can someone tell me how to solve the problem? Moreover, I am very new to labview, if someone could suggest a solution that is not too 'Advanced '? Thank you very much.

  
  

• VISA READ timeout error - several GPIB resources

  Hello

  I'm working on a network 3 GPIB instruments (Optical Attenuator, amplifier in fiber, spectrum analyser), controlled using VISA sessions in Labview. When it is run separately, the three corresponding screws (which are located in three different Labview projects) works as expected. However, when they ran at the same time, one gives them timeout-1073807339 VISA READ errors. These errors seem to occur when another instrument is sending / receiving data / instructions at the same time that she is.

  The exact context of the error is either:

  -an another VI is running, which includes sending several requests and responses every 100 ms, reading

  -by failing VI starts, I get an error of waiting time among the first Subvi containing a VISA READ operation to perform (sometimes initialize.vi (in situation 1), sometimes one of the subVIs connected the rest State (State 0) on the time-out of the structure of the event).

  or:

  -the default VI is running,

  -by starting another VI, which includes repeatedly sending requests and reading the responses, the failing VI up a mistake among the first Subvi containing a VISA READ operation to run (one of the subVIs linked the State of rest (0) on the time-out of the structure of the event).

  What I tried:

  -gradually increasing the delay between the VISA WRITE and READ operations to the relevant instrument (from 10 ms to 10 s), without success. More surprising are my observations which, by operating this single VI, increasing WRITE it / READ delay results in the same timeout errors. I have found no mention of such behavior through research google and forum. I hope that this may point to a solution to the main issue,

  -switching between synchronous and asynchronous VISA WRITE / READ operations.

  -reorganization of the network GPIB to a star to a linear topology topology (three instruments have different GPIB addresses in case anyone is wondering).

  My thoughts:

  It seems to me that the error is related to a delay introduced between a VISA request and its read operation by the transmission of another query associated another instrument in the same network GPIB. But I have no idea why pass a query to another instrument would introduce such a delay, or why this delay would result in a timeout error (and only an instrument, while writing / reading in each pilot screws are basically the same). Hopefully a more experienced Labview-er will be able to shed some light on my problem.

  Included is the project that contains the default VI (main.vi) and the driver custom made use of.

  There are a number of ways. If you want to keep separate projects for instruments, you can use semaphores often slandered around calls for screws in each project. Locking is not expected or predictable, but it would give controlled access to the GPIB resource.

• Updated AIP-SSM-10 on ASA 5510

  Hello

  I want to upgrade the IPS module in an ASA 5510, and I have a few questions. The AIP - SSM is running E3 479.0 1.0000 and I have a valid account of the ORC etc for this.

  1. What is the version of the software on the question of the ASA?
  2. When I look in the software downloads< ips="" there="" are="" .pkg="" and="" .img="" files.="" i="" want="" to="" upgrade="" to="" 6.3(3)e4.="" do="" i="" have="" to="" re-image="" the="" ips="">
  3. AFAIK redefinition to wipe the device so I just reload the config after, right?
  4. I guess I can apply any update after going to E4?
  5. Can you give me links for this upgrade?

  see you soon

  Let me give some clarification on a few points:

  2. There is no need to recreate the image on the device using the .img file.  You can improve the mechanism of maintenance of your existing configuration using the .pkg file.  It is the recommended method for upgrading to Cisco IPS devices/modules.  The .img file to recreate the image should only be used to restore the default device.

  5 here are links for the upgrade of the probe using a .pkg file.  For updates through the IDM user interface:

  http://www.Cisco.com/en/us/docs/security/IPS/6.2/configuration/guide/IDM/idm_sensor_management.html#wp2126670

  For upgrades via the CLI:

  http://www.Cisco.com/en/us/docs/security/IPS/6.2/configuration/guide/CLI/cli_system_images.html#wp1142504

  Another point of clarification; current releases of IPS software supported on the AIP-SSM-10 are (taking into account you are currently running 6.2 (1) E3):

  6.2 (3) E4

  7.0 (4) E4

  You can go directly to each output.

  Scott

• AIP - SSM 40-level question.

  Hello

  I am trying to upgrade the AIP - SSM software file 'IPS - K9 - 6.0 - 6 - E4' in 'IPS-engine-E4-req-7.0-2 '. But it is not allow.

  "Could not pass the software on the sensor.

  Level the current signature is S698. The current level of the signature must be less than S480 for this installation package. »

  So I tried to update the signature file less than S480, "IPS-GIS-S460-req-E3".

  "Can not upgrade the sensor software be"
  This update can be installed on the sensor with and the version of the 3 engine.

  The currently installed engine version is 4.

  There is no signature file in cisco downloads less S480 in version 4 engine.

  See the version

  AIP - SSM # sho version

  Application partition:

  Cisco Intrusion Prevention System, Version 6,0000 E4

  Host:

  Domain keys key1.0

  Definition of signature:

  Update of the signature S698.0 2013-02-19

  OS version: 2.4.30 - IDS-smp-bigphys

  Platform: ASA-SSM-40

  Serial number:

  License expires: November 3, 2013 UTC

  Sensor time is 3 days.

  Using 4203216896 bytes of available memory (24% of use) 1045143552

  application data using 41.4 M off 167.8 M bytes of disk space available (26% of use)

  startup is using 37.8 M off 70.5 M bytes of disk space available (57% of use)

  MainApp N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07 - 15 T 01: 15:08 - 0500 Running

  AnalysisEngine NO-NUBRA_E4_2010_MAR_24_22_44_6_0_6 (Ipsbuild) 2010-03 - 24 T 22: 47:53 - 0500 Running

  CLI N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07 - 15 T 01: 15:08 - 0500

  Upgrade history:

  * IPS - K9 - 6.0 - 6 - E4 21:14:06 UTC Wednesday, March 24, 2010

  IPS-GIS-S698-req - E4.pkg 15:44:43 UTC Sunday, February 24, 2013

  Version 1.1 - 6, 0000 E4 recovery partition

  ____________________________________________________________________________

  Any help will be much appreciated... Thanks in advance.

  Liénard

  If you try the software version Upgrade, try to use the IPS-K9-7, 0-2 - E4.pkg instead of the engine update package.

• Cisco ASA 5510 + license + AIP - SSM

  Hello.

  I have this box.

  I have a few questions about it.

  (1) I'll be able to update the firmware (from 8.2 to 8.3 or greater for example) without smarnet for ASA 5510? And what can not do without smartnet?

  (2) I have only AIP-SSM-10 module this ASA 5510. is there a smartnet, too? And when I buy only one module is it build in a subscription for 1 year for the signatures of the IPS?

  (3) if I have the Cisco ASA 5510 base license, my IPS on AIP-SSM-10 will work?

  (4) as I foresee in a purchase of the year a 5510 more with the same module and mount ther of failover. I really need license Security more than failover (active / standby)? For active/active, I know I need one, Yes?

  Please help me.

  (1) you must Smartnet in order to download the software from the download from cisco.com site.

  (2) Yes, there is also a smartnet for the AIP module. Module AIP does not come with one year subscription, but you can ask for a demo license.

  (3) Yes, the basic license is OK for the AIP module.

  (4) Yes, you would need license security more on the two ASA to be able to run any type of failover on ASA5510.

  Hope that answers your questions.

• Getting started: ASA5520 w / AIP - SSM

  I'm trying to deploy an ASA5520 to a customer. I have no problem with the piece of implementing firewall, but I don't know where to start with the piece of IPS.

  I searched a bit on the ASA55XX & AIP - SSM, but can't seem to find much on what to do with the AIP - SSM beyond the initial Setup.

  Can someone point me to some beginners IPS documentation that focuses on the AIP - SSM?

  Thank you

  Jeff

  In my view, there is a lack of documentation on how to get the IPS module to work with the ASA. It would be nice if there was a single document on how to get IPS working module with the ASA.

  Start with the documentation of the IPS. It's just on how to configure the IPS himself module. Assign an IP address for management, set the admin password, etc..

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids12/index.htm

  Then go to the documentation of the SAA on how to configure ASA to send traffic to IP addresses (via a service-policy):

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids11/cliguide/clissm.htm#wp1033926

  There is a free viewer of IPS Cisco event offering to monitor events on the IPS. It can be downloaded from the download page of the Cisco IPS software.

  Finally, read the whitepaper SAFE on the deployment of the IPS and the setting.

  http://www.Cisco.com/en/us/NetSol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a00801bc111.shtml

  I hope this helps. Remember messages useful rate. Thank you!

• Help configuration AIP - SSM

  I have two questions about the AIP - SSM.

  (1) is the ACL in AIP - SSM has any type of relations to the ASA ACL?

  2) our four interfaces are all used. Is it possible to assign the SSM an IP address in the same subnet as the management interface?

  (3) should then the management interface serve as a gateway for the SSM?

  interface GigabitEthernet0/0

  nameif outside

  security-level 0

  IP address 65.x.x.1 255.255.255.0 watch 65.x.x.2

  !

  interface GigabitEthernet0/1

  nameif dmz

  security-level 50

  IP address 172.16.x.1 255.255.255.0 watch 172.16.x.2

  !

  interface GigabitEthernet0/2

  nameif inside

  security-level 100

  IP address 255.255.255.0 192.168.x.1 watch 192.168.x.2

  !

  interface GigabitEthernet0/3

  STATE/LAN failover Interface Description

  !

  interface Management0/0

  Speed 100

  full duplex

  nameif management

  security-level 100

  IP address 10.0.x.1 255.255.255.0 watch 10.0.x.2

  management only

  Here are the answers to your questions-

  (1) is the ACL in AIP - SSM has any type of relations to the ASA ACL?

  No of years) ACL on SSM is completely independent of the ACLs on the ASA.

  2) our four interfaces are all used. Is it possible to assign the SSM an IP address in the same subnet as the management interface?

  VNA) absolutely. You can assign the SSM management port IP address in the same subnet as your managemnet interface. In this way, all management traffic will remain independent of normal DATA traffic.

  (3) should then the management interface serve as a gateway for the SSM?

  VNA) you're right... :-)

  Hope that helps.

  Kind regards

  Maryse.

• Reloading of the AIP - SSM

  reload the module AIP - SSM affect the ASA?

  Exactly. If you don't have a political card by using the SSM module, then you can reload the module SSM and it does not affect the traffic passing by ASA. To give you more information, here is a link that gives you information on how to configure ASA to use the SSM module:

  http://www.Cisco.com/univercd/CC/TD/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/SSM.htm#wp1050744

  Hope that helps.

  Kind regards

  Maryse.