RV320 Cisco Remote management fails PCI compliance

Similar Questions

• Profile Manager - failed to install the remote access profile in the domain environment & multi-Active Network Directory

  Hi all

  I am a COMPUTER administrator for a college and I am trying to fix what seems to be the last hurdle in getting the Profile Manager works correctly.

  I worked for a while now trying to get the Profile Manager capable of pushing the device and profiles for Mac in our group network environment. I was able to operate intermittently, but not often. Most of the time I'm unable to install the remote management profile.

  When you try to install the remote management profile, I give myself one of the two errors-

  The first error is:

  The Installation of the profile failed.

  The «TeleManagement (com.apple.config. » profile (Server.FQDN.mdm:GUID) "could not be installed because of an unexpected error < MDMResponseStatus:500 >

  (Obviously server.fqdn and GUID are placeholders for their actual values)

  

  The second mistake is:

  The Installation of the profile failed.

  Failed to contact the Protocol SCEP server to ""http://server.fqdn: 1640/CEP / "."

  

  The server Mac OS X 10.11.4 works

  OS X Server is version 5.1

  Client Mac is for most running 10.10.4

  Here's a quick run down on the environment and the steps I have already taken to solve the problem.

  • The network is an Active Directory with several networks multi-domain environment. I mainly work with two different networks, each associated with one of the two areas.
  • The Mac server hosting the Profile Manager is a Mac Pro. The two network cards is used, each on one of the two networks. The Mac server is joined to the domain in the primary forest.
  • I opened all the ports and IP ranges for Apple's Push Notification service for two on our firewall and tested networks between the two networks to ensure that the AFN is accessible.
  • I created a static DNS entry for the server in the DNS zone for the main domain. I also have a separate DNS zone for the DNS record for the interface on the secondary network. I also confirmed that Macs see the correct IP address of the Mac server for their network.
  • I tried to change the settings for network access for the Profile Manager. The first error seems to happen when the Profile Manager are restricted to the network the Mac client is not connected. This same error also occurs if I open Manager profile access to "all networks".
  • I have experiemented with the different certificate types. In general, I use the self-signed certificates that are generated automatically. In this scenario, I install the profile Trust first (which works seamlessly regardless of network or domain). I also tried to use a certificate for Code signing signed with our own CA to sign the profile of remote management. The same errors will occur no matter what certificates are used.
  • The second error occurs when the access profile manager is limited to the same network that is connected to the Mac client
  • I ran Wireshark captures on several client computers, as well as on the Mac server interfaces and haven't seen any traffic blocked or rejected that seemed related to the Profile Manager
  • I've deleted and rebuilt my OD master
  • I also scoured newspapers for clues Profile Manager and haven't found much
  • In addition, I have also studied the problem and error codes/etc widely and have not found a lot of useful information
  • I don't know there are any other troubleshooting steps I took as well, but I've been question bout this for awhile and I don't remember everyone.

  That's a strange thing - I had it working for Mac on the main network and the domain. However, I discovered that the Mac on the secondary network and the field was unable to download the profile of remote management. This is when I started to change the Profile Manager, access network, which eventually introduce the problem on Macs connected to the primary/field of experimentation network. Change access return settings in Profile Manager does not restore functionality for pimps who worked.

  Another thing odd in this test scenario all - Mac on the network high school/area would not install remote profile unless management I temporarily moved it to the main network (I do not untie / reassign to one the main domain on these Macs) I could get the profile of remote management to install and then pushing profiles has worked. Even more strange, it's the Mac that I had to move temporarily secondary network to the main network to allow remote management profile install only works always as long as the Profile Manager are restricted to the secondary network and 'the Mac'. However, Macs in the same room, on the same network in the same field, using the exact image even get the errors described above.

  The only thing I have not yet done is delete/reconstruction Profile Manager. I would really like to avoid this if possible. Solutions that involve something like Casper or other software integration AD for Macs are also a non-starter.

  I'm happy to elaborate if necessary. I appreciate the help.

  Okay, I think I can find the root cause.

  Before this discovery, I had completely rebuilt Profile Manager. Now, I managed by pushing the management profile remote for Mac in the two fields/networks. However, many of them still refuse to install remote management profile.

  Macs who encounter the problem are all were imaged using NetRestore using an image captured from an another similar iMac. IMac even that was used to build the image has now been reassigned in a test of Mac. I found that when you attempt to register one of the Mac who had received this image it shows already as "registered" when you go to "mydevices" on my Mac server. I also noticed that they all have the serial number of the test Mac when viewing their "register". Among the issues of Macs, I activated the lock of the device from the page "mydevices" for the so-called problematic Mac registered (showing the serial number of the iMac used to create the image) and it locked the iMac used to create the image - not the Mac issue.

  This tells me that the CID (or Mac equivalent) is set on the Mac CID used to create the image for all of the Mac said image was deployed to. If it's a Windows box I have a sysprep prior to deployment or could perform a rearm after the fact. I am unaware of how to perform similar functions in OS X.

  I tested also since on some Macs that do not have this image, and they are able to register and install the profile of Managing remotely with success.

  If anyone has any suggestions on how to reset the CID (the computer ID) under OS X, I'd appreciate it. Thank you.

• TP Cisco virtual server fails

  Hello

  I have a problem where my Cisco telepresence virtual (version 4.2) server fail at random, I can't access the if GUI or CLI. From the console VM

  I get incomplete newspapers as the screenshot below

  .

  vts_console.jpg

  

  The server is remotly managed via driver Cisco, when this problem occurs, the driver cannot reach the server & give the error below:

  Status: unusable:

  "{{Status Details: communication error with Bridge: error ="Conference Bridge Timed out", RequestMessage =" {message_type: device.query, params: {'authenticationPassword': 'hidden', 'authenticationTrustSecret': ' MWeE2yoHoX3n1GV/geSgGvmcvPLOOBBpdOwOELBho + LX3bvq98KOy29peViYAcH4kDXqLSQS4Ie5 / NTKIC6z + has is ', 'authenticationUser': u'CondAdmin}} "}}" Conference bridge = "63b80035-5246-4fb9-bedc-8370cc1b4705."

  Resource VM performance is quite normal, any recommendations?

  Best regards

  Ahmed

  Any chance you take / the vTPS snapshot backups?

  If you take snapshots of the vTPS there has been some cases where this caused such an incident/problem. If you take automatic snapshots, I would recommend not having this feature enabled to the vTPS.

  A configuration backup should be sufficient as the vTPS is really just a big CPU and the configuration remains consistent.

• IDM and PCI compliance

  Hello, I have a 5510 ASA with and AIP - SSM installed. The question is, IDM will store the logs from the IPS module even when it is closed, or does it stay open? In addition, if either one loses power, are newspapers lost and they'll start back automatically? If this is not the case, how can I make this happen for purposes of PCI compliance?

  Hello

  The IDm will not store dressing room are events. You must enable external syslog are you can use Cisco IPS Manager Express (IME).

  Feisal.

• PCI Compliance Server 2012 IIS 6.2

  I have a client that is running Server 2012 with IIS 6.2 and so far I've supported all the questions except two to make them compatible PCI.

  Here are the two imminent failures.

  Server is sensitive to the BEAST attack 443/tcp
  STATE OF PCI COMPLIANCE
  PCI severity: MEDIUM
  IN CASE OF FAILURE
  DETAILS OF THE VULNERABILITY
  CVSSv2 Base Score: 4.3 (AV:N / AC:M / to the: N / reports / i: s/o: N)
  Gravity: potential
  Category: Browser Exploit against SSL TLS
  CVE ID: CVE 2011-3389
  Bugtraq ID: 49388 49778
  OSVDB: 74829
  References Microsoft: MS12-006
  References of providers: CERT: TA12-010 has CERT - VN:VU #864643 HP: HPSBMU02900
  UBUNTU:USN - 1263-1 SECTRACK:1026103 SECTRACK:1025997
  SECTRACK:1029190 APPLICATION: 49778 SUBMISSION: 49388 REDHAT:RHSA - 2012:0006
  REDHAT:RHSA - 2011:1384 MS: MS12 - 006-201406-32 GENTOO:GLSA

  ------------------------------------------------------

  osCommerce allows cross-site scripting 443/tcp
  STATE OF PCI COMPLIANCE
  PCI severity: MEDIUM
  FAILURE of the XSS/SQL/SSL vulnerabilities are not compatible PCI
  DETAILS OF THE VULNERABILITY
  CVSSv2 Base Score: 4.3 (AV:N / AC:M / to the: N / c: n / I: P / A:N)
  Severity: concern
  Category: Cross site scripting
  CVE ID: CVE-2003-1219
  Bugtraq ID: 9238
  OSVDB: -.
  Microsoft references: -.
  References of providers: QUOTE: 9238
  Details: Cross-site scripting (XSS) vulnerability in the function tep_href_link in
  for osCommerce before 2.2 - MS3 html_output.php allows remote

  Hello

  Question about Windows Server 2012 are best addressed in the TechNet forums. Ask your questions here: https://social.technet.microsoft.com/Forums/windowsserver/en-US/home

• Remote command fails when cross Foglight, but ok using command line

  Try to perform an action simple remote command when a rule triggers the file /sharedScripts of monitoring system.  When the alarm is triggered, an email is sent and action of remote command to find and remove the logs more than 10 days is supposed to work.

  The command to run is:

  find/sharedScripts/set - name "* .log" \ (-type f-mtime + 10 \)-exec rm {} \;) ""

  This command works well from the command line on the server, but when it is run by a remote control action, we get the following exception:

  2015-07-20 19:04:30.556 WARN [Action-4-wire-3856] com.quest.nitro.service.action.impl.command.RemoteCommandAction - the remote execution failed on the host prod - 108.llbean.com for the command "find/sharedScripts/set - name" * .log "------(-type f-mtime + 10 \)-exec rm {}------;)" "with the following error: 1.»

  I tried many iterations of escape characters, single/double quotes, etc...

  Has anyone else tried something like this?  I understand that I could create a script that has this command in it, but if I can avoid that I would because a similar process will be implemented through a hundred servers with different commands according to the system of files in place. In this regard, I would like to manage everything centrally if I can.

  Hi Golan-

  Thanks for the reply.  I got a response back from support today and it turns out that some avoidance that is required to run the command from the command line has been the cause of the problem running like a remote control action.

  This command works well on the command line:

  find/sharedScripts/set - name "* .log" \ (-type f-mtime + 10 \)-exec rm {} \;) ""

  but the avoidance of parentheses problem in Foglight. The following seems to work as a remote command:

  find/sharedScripts/set - name "* .log"(-type f-mtime+10)-exec rm {} \; "."

• API License - Cisco Security Manager

  I would like to know the license API to integrate a solution Algosec Cisco CSM. This license would cost or not?

  Q. what are the features of the API?

  A. based on the API access Cisco Security Manager to share information with other services essential network such as respect and analysis of advanced security systems to streamline their operations, security and compliance. Using a representational state transfer, external firewall compliance systems can directly request access to data from any security device managed by the Cisco Security Manager. Several suppliers of conformity of safety including Tufin Algosec and Skybox, have updated their products to work with the new APIs in the Cisco Security Manager

  http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5739/ps6498/qa_c67-727089.html

  I'm waiting for return,

  Aldo Melo Lopes

  Yes. The fare is US$ 5,000.

  The product number is 'L-CSMPR-API' (Cisco Security Manager Pro - license for access to the API).

• SSL and PCI compliance?

  I install a new 5520 with IPS for a client, and they ask on the SSL (WebVPN) being self-signed PCI compliance.  I don't know what document to find this information under the PCI DSS.  There was also mention on double authentication required, but without seeing the actual needs, I guess just to her.

  If anyone can point me in the right direction or explain the low down on what is needed to make SSL compatible PCI, I would be very grateful.

  I am not aware of a pure and simple ban against self-signed certificates, but personally would prefer those to a root of trust CA - PKI company or third party. For me, it shows a greater awareness to safety.

  PCI DSS 8.3 requirements requires two-factor authentication:

  8.3 incorporate two-factor authentication for remote access (access level network from outside the network) to the network by employees, administrators, and third parties. (For example, remote authentication and remote service (RADIUS) with tokens, access controller access control system terminal access (GANYMEDE) with chips; or other technologies that facilitate two-factor authentication.)

  Note: Two-factor authentication requires two of the three authentication methods (see 8.2 requirement for a description of the authentication methods) be used for authentication. Using a factor twice (for example, using two separate passwords) is not two-factor authentication.

  You can configure an ASA with two factors schemens (RSA SecureID and LDAP etc.).

• Remote deployment failed

  Hi, can someone help me please? I'm trying to deploy the application of these last two days on the remote server, but don't know what's wrong with that.

  [17:39:12]-deployment began.  ----

  [17:39:12] the target platform's (Weblogic 10.3).

  [17:39:13] recovery of the existing application information

  [17:39:13] analysis of the dependence running...

  [17:39:13] building...

  [17: 39:14] deployment of 4 profiles...

  [17: 39:15] wrote on the Web for C:\JDeveloper\mywork\KNM\All Approvals\APPViewController\deploy\All Approvals_APPViewController_webapp.war application Module

  [17: 39:15] Mobile WEB-INF/adfc - config.xml for META-INF/adfc-config. XML

  [17: 39:15] wrote the Archives Module C:\JDeveloper\mywork\KNM\All Approvals\APPViewController\deploy\AdfLIBallApproval.jar

  [17: 39:15] wrote the Archives Module to C:\JDeveloper\mywork\KNM\All Approvals\APPModel\deploy\All Approvals_APPModel_adflib.jar

  [17: 39:16] wrote the Module Enterprise Application C:\JDeveloper\mywork\KNM\All Approvals\deploy\ApprovalEARDeploy.ear

  [17: 39:16] Application deployment...

  [17: 39:20] [Deployer: 149193] Operation "deploy" on demand "ApprovalEARDeploy" failed on "AdminServer.

  [17: 39:20] [Deployer: 149034] an exception has occurred for task [Deployer: 149026] deploy ApprovalEARDeploy on AdminServer. : could not load the webapp: 'All-amenities-APPViewController-context-root ".

  [17: 39:20] WebLogic Server Exception: weblogic.application.ModuleException: could not load the webapp: 'All-amenities-APPViewController-context-root ".

  [17: 39:20] caused by: weblogic.management.DeploymentException: error: unresolved references Webapp library "[ServletContext@47003767[app:ApprovalEARDeploy module: all-approvals-APPViewController-context-root path: / All-amenities-APPViewController-context-root spec-version: 2.5]", defined in weblogic.xml [Extension-name: jsf, Specification-Version: 2, exact match: false]

  [17: 39:20] check the server logs or the console of the server for more details.

  [17: 39:20] weblogic.application.ModuleException: failed to load the webapp: 'All-amenities-APPViewController-context-root ".

  [17: 39:20] undeployment.

  [17: 39:20] - incomplete deployment.

  [17: 39:20] remote deployment failed (oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer)

  [17: 39:20] caused by: weblogic.management.DeploymentException: error: unresolved references Webapp library "[ServletContext@47003767[app:ApprovalEARDeploy module: all-approvals-APPViewController-context-root path: / All-amenities-APPViewController-context-root spec-version: 2.5]", defined in weblogic.xml [Extension-name: jsf, Specification-Version: 2, exact match: false]

  indicates that the remote server is installed the right ADF runtime. Check if the target server has a duration of adf installed that corresponds to the version jdev that allows you to develop the application. Check JDeveloper Versions vs Weblogic Server Versions. JDev & amp; ADF Goodies for corresponding versions.

  Timo

• Adobe application manager fails to install on windows XP

  Adobe application manager fails to install on windows XP

  Hello friends,

  I was told to download photoshop through the Manager of adobe applications that I have an XP operating system. I even downloaded the application manager, but now it won't install saying "remote server not properly placed. Try a few minutes"every time that I try again I get the same message. Can anyone help me please with it? Even, I get the same message when installation of adobe flash player. The installer says always installation is not complete. Help, please.

  Thanks in advance.

  Hi Hindukala,

  Please see the Ko: http://helpx.adobe.com/creative-suite/kb/remote-server-responding-installing-aam.html .

  Kind regards

  Romit Sinha

• Is the Add On portal/site down today? Try to get the XUL Remote Manager add on.

  Cannot get to the area to search/Download Manager Remote XUL. Any ideas what's happening? I get "the connection was reset", "Problem loading Page" etc...

  https://addons.Mozilla.org/en-us/Firefox/extensions/?sort=hotness

  Hello Elwayisgod
  It is for me. Have you tried the direct link to XUL Remote Manager?
  https://addons.Mozilla.org/en-us/Firefox/addon/remote-XUL-Manager/?src=search

  Have a good day/night

• Time to update the BIOS and firmware of remote management?

  I'll put up a 'new' ThinkServer RD630 (2954A6U). It was purchased for a project that never happened, and we are now dry and reuse to replace an old Office Server. The current firmware versions are:

  • BIOS: 2.05
  • ME: 2.1.5.73
  • BMC 1.7
  • IPMI 2.0

  Page 61 of the User Guide ThinkServer says, "update the BIOS on your server only if the new BIOS version specifically solves a problem you have. We don't recommend updates to the BIOS for servers that do not need. [...]"

  As far as I know, we have no problems. The system starts fine and runs Windows Server 2012 well enough.

  HERE'S MY QUESTION:

  Should I update the BIOS and firmware IMM (remote management) to the current version? Are there hidden problems, security issues or other concerns that it is worth?

  Other indicators of initial configuration that you can share with a new admin would be much appreciated, too! Thank you.

  With the help of the Lenovo Support, I was able to fix my problem where I couldn't get to the menu of the BIOS of the 630 RD (in F1) and all I saw was a cursor on the screen. I describe the procedure in detail here:

  https://forums.Lenovo.com/T5/ThinkServer-rack-mounted/BIOS-settings-blank-with-cursor-after-BIOS-UPD...

  Thank you to all those who commented above and especially to those who have sent me suggestions via PMs.

• Enable remote management on FVS336gv2 through CLI

  So I did something incredibly stupid to try to solve a problem, that we had and I have disabled HTTPS remote management in the GUI and now I am not able to make the interface of the routers.

  I can however, Telnet to the router from Telent is activated.

  How can I enable https remote via the CLI management? I can't find anything in the CLI PDF or I'm missing something.

  Thanks in advance!

  Hey,.

  Should be enough for;

  # remote_management https system set up

  # access_type all

  y # enable_ipv4

  # ip_version ipv4

  # Save

• simple question re RD230 module for remote management

  Hello

  Just bought and installed Rd230. Installed win2008 R2 SP1 (manually... not with easystartup).

  I read the for the management module user guide remote. Is superb! One thing... How to set up the MMR? (Address IP... etc). It is not in the BIOS... I don't see any prompt at startup to access a utility of config for IT... any help?

  Thank you

  M

  You will find information conrfiguration and answers to the other questions linked MMR in

  ThinkServer RD230 and RD240 Remote Management User Guide TeleManagement ThinkServer RD230 and RD240 user's guide:

  Download.Lenovo.com/ibmdl/pub/PC/pccbbs/ThinkServers/00697mst.pdf

• Windows Server 2008 SP2 remote management for the

  I am trying to install windows on windows server remote management 2008, but it continues to tell me that this update is not appy to this system.  I'm trying to manage windows Server 2008 Windows server 2012.  I have the updated 2012 in place like active directory and Server 2008 as a file server.  I like to leave the file as a unit without a head server. Any help would be great!

  Hello

  Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

  http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

  See you soon.