web asccess for Juniper SSL VPN

On a XP - SP3 computer, webaccess juniper VPN V7 stopped working reliably a few days ago.  Sometimes it connects, sometimes it crashes.   Even after a reboot, same thing.  It works fine on another computer on the same network.

I went to the center of fixit, and I get

"Input string was not in a correct format" when I try to install "diagnose and repair windows security issues...". »

So I looked in the event viewer.

I have several errors

DCOM got error "the service cannot be started, either because it is disabled or because it has no enabled devices associated with" try to start the service gupdate1ca2f26cf03c938 with arguments "/ comsvc" to start the server:

{4EB61BAC-A3B6-4760-9581-655041EF4D69}

This one is more disturbing

The Security Accounts Manager service failed to start due to the following error:

The system cannot find the specified file.

of course, brings us to this error

Windows Service Pack Installer update service depends on the Security Accounts Manager service which failed to start because of the following error:

The system cannot find the specified file.

Given that I can't identify the file that is missing.  Active system with bootlog startup does not reveal something special.

I hate the idea of having to reload, because there was no stacking of XP to create a wake to install a clean system without patches more than 100.

ideas in addition to reload?

Hi devicedoc,

Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet forums.

http://social.technet.Microsoft.com/forums/en-us/category/windowsxpitpro

Tags: Windows

Similar Questions

  • Should what license I for 25 SSL VPN peers

    Hi all

    I want to implement cluster active / standby with a pair of ASAs 5550 and I have a licensing question. Here's the "sh - key retail activation" leave two output devices...

    ASA1:

    SH - activation in detail key:

    Serial number: XXXXX

    No temporary key assets.

    Activation key running: XXXXX XXXXX XXXXX XXXXX XXXXX

    The devices allowed for this platform:

    The maximum physical Interfaces: unlimited

    VLAN maximum: 250

    Internal hosts: unlimited

    Failover: Active/active

    VPN - A: enabled

    VPN-3DES-AES: enabled

    Security contexts: 2

    GTP/GPRS: disabled

    SSL VPN peers: 2

    Total of the VPN peers: 5000

    Sharing license: disabled

    AnyConnect for Mobile: disabled

    AnyConnect Cisco VPN phone: disabled

    AnyConnect Essentials: disabled

    Assessment of Advanced endpoint: disabled

    Proxy sessions for the UC phone: 2

    Total number of Sessions of Proxy UC: 2

    Botnet traffic filter: disabled

    This platform includes an ASA 5550 VPN Premium license.

    Flash activation key is the SAME as the key running.

    ASA2:

    SH - activation in detail key:

    Serial number: XXXXX

    No temporary key assets.

    Activation key running: XXXXX XXXXX XXXXX XXXXX XXXXX

    The devices allowed for this platform:

    The maximum physical Interfaces: unlimited

    VLAN maximum: 250

    Internal hosts: unlimited

    Failover: Active/active

    VPN - A: enabled

    VPN-3DES-AES: enabled

    Security contexts: 2

    GTP/GPRS: disabled

    VPN SSL counterparts: 25

    Total of the VPN peers: 5000

    Sharing license: disabled

    AnyConnect for Mobile: disabled

    AnyConnect Cisco VPN phone: disabled

    AnyConnect Essentials: disabled

    Assessment of Advanced endpoint: disabled

    Proxy sessions for the UC phone: 2

    Total number of Sessions of Proxy UC: 2

    Botnet traffic filter: disabled

    This platform includes an ASA 5550 VPN Premium license.

    Flash activation key is the SAME as the key running.

    --------------------------------------------------------------

    It seems so obvious that I have to upgrade the first ASA to support 25 SSL VPN peers in order to create the cluster HA, right?

    Now, I want to know do I need the license "ASA5505-SSL25-K9" or something else.

    Thank you very much in advance for any help!

    Ah OK I see - right then: upgading pole will allow the license to share.

    Re the version target, I would recommend going directly to 8.4 (4.1). I have it deployed on several sites without problem.

  • New for mapping SSL VPN ACS ASA - ASA groups

    Greetings,

    I am new to ASA, so any help is greatly appreciated.

    I just installed and installed an ASA 5520. I installed an SSL VPN. What I'm trying to achieve is to configure profiles of different groups and different users can access various resources when they access the VPN.

    Current config-

    ASA 5520 v8.3

    ACS 4.0

    Field of Windwos 2003

    I have different installation profiles in the ASA. (i.e. business Dept.) When I choose in the drop down menu, it allows me to open a session and displays the options I've chosen for this group. The problem is that I can connect in this group with any account. GBA, all windows domain users are in the default group. I guess the default group is being processed and which has hosted and user logon.

    Can anyone provide a good article or tips on how to configure the ASA and the ACS for several groups of users. We have several departments that will have to get the parameters when they connect. The ACS groups are mapped to the Windows groups that correspond to each Department

    Any help is greatly appreciated.

    Thank you

    Tim

    Hello

    I think that you need to activate locking group.

    In order to configure Group locking, send group policy name in the attribute class 25 on the Authentication Dial - In User Service (RADIUS Remote) server and choose the group to lock the user in policy.  For example, to lock the user 123 of Cisco in the RemoteGroup group, define the class of attributes 25 Internet Engineering Task Force (IETF) UO = RemotePolicy; for this user on the RADIUS server.

  • which product is right for the ssl vpn: asa 5505 cisco 1841 or

    Hello

    I want to install an outside link management related so that we can ssh to our cisco devices and microsoft RDP toour servers. It's my configuration (based on what I know):

    Internet > DSL modem > ASA 5505 > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server

    or

    Internet > 1841 with DSL HWIC > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server

    My questions are:

    Should I go for ASA or 1841 router?

    What options is better? and ASA will do the job?

    Are there any technical support prior to purchase of products in Australia? I need technical advice on the choice of the right products, not justs eiling me products.

    Hello

    Its strongly suggested to go with ASA 5505 in the first place, it is supposed to feature for the main functionality of ssl vpn server from 1841 which has this feature to be a vpn server.

    ASDM also gives you the freedom to config box on your own based on your condition.

    regds

  • Control the access of the user for the SSL VPN profile.

    I have two ssl vpn profile, can I restricted the user to access only ssl vpn profile, when they get to the page of the ssl vpn service. Each profile to create different types of access, and they will have different client IP address.

    Hello

    Yes, using different ways; one of them is using group-lock, which is a simple check to validate if the Tunnel group or the connection profile as you called it with that sign corresponds to what you have defined under group policy. If the value of Tunnel-Group-Lock (condition true), the VPN remote access session is allowed to install;  otherwise the session is not allowed to be implemented.

    The tunnel-group-lock featurecan be defined as follows:

    • via the group-policy setting locally on ASA
    • via the LDAP attribute
    • via the Radius attribute

    http://www.Cisco.com/en/us/partner/docs/security/ASA/asa82/configuration/guide/vpngrp.html#wp1134870

    Step 4

    Kind regards

  • Juniper ssl vpn / 64-bit

    Hello

    We have configured the Juniper to start virtual desktops with Vmware View. But I have a problem with win7 64-bit. If I try to connect for the first time, the system detects there is no customer of vmware on it and download the client 64-bit (4.5). So the next time I want to connect to the desktop computer, Juniper starts the vmware customer, but I have no GUI (I don't even see the client connection).  I only see that the wswc.exe * 32 is started, but no application.

    When I do the same thing on a 32-bit win7, no problem, perfect on my virtual office connection. Even on XP-32 bt, perfect.

    A person who recognizes the problem?

    view client.jpg

    Maybe a strange question, but did restart after installation?

    Edit:

    What is the version of the vmware view client you use?

    It may be the version that does not work when some Microsoft hotfixes are installed, see:

    http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalID=1034262

  • Try to customize login page for ASA 5505 SSL - VPN

    Nice day

    I'm looking for help to customize the login page for the ssl - vpn as mentioned. When the vpn is configured, the default template allows my customers to connect with this: IMAGE 1

    While trying to change the login page, I have to create a new customization without CLIENT SSL VPN ACCESS-> PORTAL-> CUSTOMIZATION file in the ASDM. When I do this and I'm trying to change the login page, it comes up with 2 forms of authentication and a fast internal password like this: IMAGE 2

    How can I change the login page, I created so that users only see the fields username and password for regular as the default template?

    Thank you all for your time and assistance

    Joel

    Hi Joel,

    What you see is just the preview, right?

    Preview displays the purpose of customization, since the password internal and the second authentication controls are the features that are activated in different parts of the configuration.

    WebVPN

    allow outside

    internal-password enable

    !

    attributes global-tunnel-group DefaultWEBVPNGroup

    secondary-authentication-server-group second_authentication_server


    INFO: This command applies only to the SSL VPN - Clientless and AnyConnect.

    So I recommend to assign this object of customization to a group policy and test access to the content of the specific connection profile.

    Thank you.

    Portu.

    Please note all useful posts

  • SSL VPN ASA 5510 connect Any

    Hello

    I want to configure SSL VPN for mobile users on ASA 5510 I have following requirements

    > What are the condition of licence on ASA 5510 VPN with Anyconnect SSL?

    > VPN users have full access to the local network via ASA

    > Authentication method preferred, Local or AD (LDAP)

    > users use not laptops should be limited to the Clientless SSL VPN

    > How to add a URL is visible to users in the Web page

    > Can someone view example configuration for the above requirements

    TIA

    Hitesh Vinzoda

    > If you need both AnyConnect and WebVPN (Clientless SSL VPN), you can buy the AnyConnect Premium license (and this is a base user license). The ASA would come with default 2 SSL VPN license.

    > To have full access to the local network, you must use AnyConnect SSL VPN. Here is an example of configuration:

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808efbd2.shtml

    > You can authenticate to AD or Local or RADIUS, etc. By default, this would be local authentication.

    > Here's some example configuration for clientless SSL VPN:

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008072462a.shtml

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00806ea271.shtml

    Hope that helps.

  • prevent the SSL VPN user to access ASA cli

    Hello

    I set up multiple users on my ASA in its local database.

    These users are used for the ssl vpn connection, but the problem I have is that users

    also have SSH access. Is it possible to avoid this?

    Thank you

    Hello Raf,

    If you do something like this:

    username xxx attributes

    type of remote access service

    the user should not get access CLI more.

    Kind regards

    Bastien

  • Calculation of SSL VPN license

    Hello

    I need to purchase licenses for my SSL VPN (AnyConnect) 2901 router, and I would like to know how it is affected.

    If I buy a license 10 users, it is up to the 10 named user, or it is counted by concurrent users?

    If a user connects from a laptop computer and a mobile phone at the same time, with the same username, it counted as 2 user license, or just one?

    Also, AFAIK, the AnyConnect Essentials license is only available to ASA and not IOS routers. Is that still OK?

    Thank you.

    The number of licenses using simultaneous connections, regardless of the associated user ID.

    75 connected both unique usernames or a different user connected of 75 endpoints name would be count as 75 licenses in use. Laptop more phone = 2 users if the connections are simultaneous.

    The Essentials vs Premium distinction is unique to the ASA. Premium features only as a clientless SSLVPN, hostscan etc are not available based on the IOS SSL VPN

  • Order SSL VPN with Cisco Cloud Web Security

    We have implemented Cisco Cloud Web Security with the connector of the ASA and transfer all traffic port 80 and 443 to the Tower of the CCW. We have enabled HTTPS inspection, and I was wondering if there was anything, we can add in the configuration that would allow us to control (allow/block) SSL VPN?

    #Clientless SSL VPN is not supported with Cloud Security Web; don't forget to exempt all SSL VPN traffic without client service ASA for Cloud Web Security Strategy.

    Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/gu...

  • access of entrepreneurs and employees of the web site in-house using clientless ssl vpn.

    We have a layout of web SSL VPN without customer who allow employees and suppliers of connection and internal display web page.  I wonder if possible separate employees and contractors to access internal pages.  The internal web page has no authentication of users.  They would like to see if it is possible that traffic employees get proxy behind interface INSIDE IP de ASA and entrepreneur behind a different IP address proxy traffic.  Thus, the internal web page can check IP to contractor and only give them access to view certain web page, but not all pages.

    Hello

    Creating a group policy for each user group will be a good option, you can also use DAP to assign an ACL web to the user who logs on the portal without client, you can use the Radius, LDAP or Cisco attributes to associate the DAP for the user. For example, if you are using LDAP, you can create 2 groups separated here for employees and entrepreneurs and based on the LDAP user group membership, they will be assigned to specific web acl configured according to their access restrictions.

    You can follow this link to set up an acl of web:

    http://www.Cisco.com/c/en/us/TD/docs/security/ASA/asa83/asdm63/Configura...

    Once the ACL is ready, you can follow this guide to configure the DAP Protocol: "check the web for acls figure10.

    http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...

    Thank you, please note!

  • How's IOS for SSL VPN

    Dear all,

    I have ASA 5510 and Version 8. I want to know IOS for SSL VPN, but I don't know which...

    Please help me show...

    HQ-ASA5510 # HS, fla

    path-# - length - time -.

    177 14137344 January 1, 2003 00:06:12 asa804 - k8.bin

    75 4096 November 21, 2008 12:17:46 log

    79 4096 crypto_archive November 21, 2008 12:18

    178 7562988 November 21, 2008 12:19:30 Amps - 613.bin

    180 4863904 November 21, 2008 12:21:10 securedesktop_asa_3_3_0_129.pkg.zip

    181 4096 November 21, 2008 12:21:10 sdesktop

    188 1462 November 21, 2008 12:21:10 sdesktop/data.xml

    182 2153936 November 21, 2008 12:21:10 anyconnect-victory - 2.2.0133 - k9.pkg

    183 3446540 November 21, 2008 12:21:12 anyconnect-macosx-powerpc - 2.2.0133 - k9.pkg

    184 3412549 November 21, 2008 12:21:16 anyconnect-macosx-i386 - 2.2.0133 - k9.pkg

    185 3756345 November 21, 2008 12:21:16 anyconnect-linux - 2.2.0133 - k9.pkg

    For Version 7. he say the ssl VPN.

    Please help me which line as SSL VPN.

    Best regards

    Rechard

    Richard, you already have the code that supports SSL webvpn on your ASA.

    See page medium low SSL VPN VPN/Web for more detailed examples, which provides all the necessary information for any additional/optional

    plug-ins needed.

    http://www.Cisco.com/en/us/products/ps6120/prod_configuration_examples_list.html

    Details of the sample SSL VPN configuration and types... but all the SSL.

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00806ea271.shtml

    What you have in your directory ASA applies the Anyconnect client who is also driven SSL but is a bit different from plain SSL webvpn, I suggest you go to the configuration examples of link that can provide information on the implementation of SSL vpn varios.

    Concerning

  • possible redirect Web SSL VPN to another external ip?

    Hi, it is possible to redirect the web ssl vpn to another external ip of my external range or could I do not use the external interface?

    For example:

    ASA outdoors: 213.23.4.50 (https://213.23.4.50)

    Redirect outside: 213.23.4.51 (https://213.23.4.51)

    same question to redirect the vpn client ip address external to the other that the IP outside of asa.

    concerning

    Jason

    Jason,

    Pretty easy

    BSNs-ASA5520-10 (config) # webvpn
    BSNs-ASA5520-10(config-WebVPN) # port?

    the WebVPN mode options/controls:
      <1-65535>The WebVPN Server SSL listening port. The TCP 443 port is the
    by default.

    Please note however that your users will use

    https://my.domain.tld:port

    to connect... even for clientless and SVC.

    Marcin

  • Unable to connect to the site Web SSL VPN with firewall zone configured

    I recently updated my 2911 company and set up a firewall area.  This is my first experience with this and I used Cisco Configuration Professional to build the configuration of the firewall first and then edited the names to make it readable by humans.  The only problem I can't solve is to learn site Web SSL VPN from outside.  I can navigate the website and connect without problem from the inside, and even if it was useful to verify that the Routing and the site work properly it is really not what I.  I don't get anything on the syslog for drops because of the firewall server, or for any other reason but packet capture show that no response is received when you try to navigate to the outside Web site.  I am currently using a customer VPN IPSEC solution until I can get this to work and have no problem with it.  I have attached a sanitized with the included relevant lines configuration (deleted ~ 400 lines including logging, many inspections on the movement of the area to the area and the ipsec vpn, which I already mentioned).  I searched anything about this problem and no one has no problem connecting to their Web site, just to get other features to work correctly.  All thoughts are welcome.

    See the security box

    area to area

    Members of Interfaces:

    GigabitEthernet0/0.15

    GigabitEthernet0/0.30

    GigabitEthernet0/0.35

    GigabitEthernet0/0.45

    area outside zone

    Members of Interfaces:

    GigabitEthernet0/1

    sslvpn area area

    Members of Interfaces:

    Virtual-Template1

    SSLVPN-VIF0

    I tried to change the composition of the area on the interface virtual-Template1 to the outside the area nothing helps.

    See the pair area security

    Name of the pair area SSLVPN - AUX-in

    Source-Zone sslvpn-area-zone of Destination in the area

    Service-SSLVPN-AUX-IN-POLICY

    Name of the pair area IN SSLVPN

    Source-Zone in the Destination zone sslvpn-zone

    service-policy IN SSLVPN-POLICY

    Name of the pair area SELF SSLVPN

    Source-Zone sslvpn-area free-zone Destination schedule

    Service-SELF-to-SSLVPN-POLICY

    Zone-pair name IN-> AUTO

    Source-Zone in the Destination zone auto

    Service-IN-to-SELF-POLICY policy

    Name of the pair IN-> IN box

    In the Destination area source-Zone in the area

    service-policy IN IN-POLICY

    Zone-pair name SELF-> OUT

    Source-Zone auto zone of Destination outside the area

    Service-SELF-AUX-OUT-POLICY

    Name of the pair OUT zone-> AUTO

    Source-Zone out-area Destination-area auto

    Service-OUT-to-SELF-POLICY

    Zone-pair name IN-> OUT

    Source-Zone in the Destination area outside zone

    service-strategy ALLOW-ALL

    The pair OUT zone name-> IN

    Source-out-zone-time zone time Zone of Destination in the area

    Service-OUT-to-IN-POLICY

    Name of the pair area SSLVPN-to-SELF

    Source-Zone-Zone of sslvpn-area auto

    Service-SSLVPN-FOR-SELF-POLICY

    I also tried to add a pair of area for the outside zone sslvpn-zone passing all traffic and it doesn't change anything.

    The area of networks

    G0/0.15

    172.16.0.1 26

    G0/0.30

    172.16.0.65/26

    G0/0.35

    172.16.0.129/25

    G0/0.45

    172.18.0.1 28

    Pool of SSL VPN

    172.20.0.1 - 172.20.0.14

    Latest Version of IOS:

    Cisco IOS software, software C2900 (C2900-UNIVERSALK9-M), Version 15.0 (1) M10, RELEASE SOFTWARE (fc1)

    Glad works now. Weird question, no doubt.

    I guess that on the deployment guide said that the firewall will not support inspection of TCP to the free zone, however, class nested maps are used to accomplish this, to be completely honest, I think it's a mess and the best thing to do is action past to auto for the protocols that you want and then drop the rest.

    Let us know if you have any other problems.

    Mike

Maybe you are looking for