Cisco :: Upgrade From LMS 3.0.1 To 3.1 Or 3.2 - INVREP0102 / User Credentials Are Invalid
Feb 20, 2012
How to upgrade from LMS 3.0 December 2007 update to LMS 3.1 or LMS 3.2. The problem is the large number of C2960S-24TS-L switches that my organization has and cannot managed them.. I tried to upgrade devices through Software Center but always Ciscoworks informs me with the following message."Error while downloading package information from [URL] for the selected products. See the log file for details". Also i can not run EOL/EOS inventory report. The message is " INVREP0102: Cisco.com user credentials are invalid. Enter correct credentials." I check my credentials and is right. The server has access to www through proxy without any restrictions. In the past I've already updated devices through the software center. Also in the past i ve run EOS/EOL inventory reports.The LMS 3.0 December 2007 has the following products LMS3.0.116 May 2008
I am setting up a new ASA. Actually it's an old 5510, but this is a new temporary install until the one we ordered comes in. Everything is working except for SSH. I have SSH open on the inside and outside interfaces and I get a prompt when I try to SSH to it from either the inside or outside. But after I put in my username and password it tells me that my credentials are invalid. I am using a local username/password, not AAA and it accepts that username and password for the console. Console and telnet (password only) both work so I can get in to make changes. When I debug SSH, the error states that my username and password are incorrect. But this happens even when I create a new, simple username/password to test. I've even gone so far as to copy/paste the username and password into the login window just to be safe (making sure I don't copy spaces, etc). Below is a copy of the SSH Debug output followed by a sanitized copy of the config. I have AAA configured for remote VPN users, but not for access to the ASA. Also, this problem existed before I created the AAA settings for the VPN users. Also, I have zeroized and regenerated the RSA keys a couple of times to no avail. [code]
i'm having some trouble pushing CLI templates to controllers in my lab. i get an invalid credentials error but it is random. sometimes i can push the template fine but 30 seconds later if i push the same template it will fail with error. several minutes later try it again and it fails. i have verified the credentials by reconfiguring them consistantly accrosss the devices but if the credentials were actually wrong it should fail every time, not intermittently. there are also 2 controllers i am testing this against and it is also random which controller fails. on the instances where i don't get the credential error my CLI template fully executes without error.
i am using WCS 7.0.230.0 on WIN2K and two 4400 controllers running 7.0.230.0.both controllers are configured with SNMPv3 and SSH. telnet and lower versions of SNMP are disabled.
I have been reading article url....wp1430161 and I am trying to get my head around the type of port authentication Methods & Modes I am going to require for a Proof of Concept using a Cisco ISE as the Authentication Server.
The switchport will have a single IP Phone in a Voice VLAN and then a Single host in a Data VLAN. Reading this article, I think I should be configuring "802.1x" authentication method using "Single Host" Mode.
However will that support a Downloadable ACL dependent on the user credentials? And will it allow a restricted ACL to be downloaded if authentication of the Machine or the User fails.? I dont really want to create & manage Guest & Remediation VLANs with thier respective ACLs on every switch in my enterprise, including our remote branch offices.
I have ACS4 and i am planning to upgrade to ACS5.I would like to have such a rules:I have user1, one ASA device which is VPN concentrator for remote users.ASA have two different tunnel-groups: one which allow for logging via certificate (with mandatory pki authorization thru ACS) with disabled Xauth,and second tunnel-group with allow login thru typical Xauth with authorization thru ACS which users external database (RSA Tokens).So i have one user1 which can login thru VPN using RSA tokencode or certificate.For example: on phone user1 uses certificate, and on PC station the same user1 uses token password.For tunnel-group with pki authorization ASA checks username in ACS and in typical scenario login="CN from certificate" and password="CN from certificate". So we would need "two credentials" for the user - one for pki authorization, and second one external database (RSA token).Is such scenatio possible under ACS 5 ? where one user uses different credentials based on tunnel-group usage ?
I have problem with Cisco ACS 4.0 "Windows" with core 4500 switch "cat4500-ENTSERVICESK9-M 12.2" the problem shows only on one device "x.x.x.x" the problem is " Authen failed-------badcred------External DB user invalid or bad password" i can see it in failed attempt. on the same side i can see in Passed Authentications for same record "Authen OK", i can login to the mentioned switch using my ACS credentials and not local database credentials
can debug this from ACS if not how can view the authentication records from core switch?
I have a RV220W running 1.0.1.0. When trying to upgrade to 1.0.4.17 I receive an error: "Upgrade failed due to invalid/corrupted firmware".
I found this article: [URL]
I assume I have to do a factory reset then an upgrade in order to upgrade properly.
If I do a backup running 1.0.1.0, then upgrade to 1.0.4.17, then do a restore, would that put me back to 1.0.1.0? I'm trying to avoid configuring the router manually all over again.
Prior to version 8.4(1) Cisco called their licensing name for SSL/VPN users AnyConnect Premium SSL VPN and currently the new name of the licensing is simply AnyConnect Premium. Also, the IOS display name for the amount of SSL/VPN users enabled via your licensing (ex. 2, 10, 25, 50, ...) by running a 'show activation-key' was changed from SSL VPN Peers to AnyConnect Premium Peers.With that said, my question is if the license for upgrading 10 users to 25 users (L-ASA-SSL-10-25= - ASA 5500 SSL VPN 10 to 25 Premium User Upgrade License) on an ASA prior to 8.4(1) and an ASA with 8.4(1) is still valid and the correct part number to peform these upgrades for both ASAs. The description of this part number is throwing me off because it says SSL VPN to Premium User, which was the name prior to 8.4(1). I could not locate any documentation regarding this part number or upgrading 10 users to 25 users for both ASAs.
I need to edit device information for multiple devices using feature Edit Credentials. I'm not able to overwrite all device credentials using a new set.
I recently tried to deploy an ACS appliance with version 5.2 installed on it for a customer.
After setting up the WLC to use the ACS as a radius server, and successfully testing connection from the ACS to the AD, I get an error message " 12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate" anytime a client tries to connect to the network.
This is surprising because I had already generated a certficate for the ACS from a CA and binded the CA signed certificate with the ACS, I also specified the CA in the client machine's wireless properties and checked the "validate certificate" button.
When I tried to connect using the internal identity store, the client was successfully authenticated without any certificate issues.
I have a problem when doing this report. If I do a device credentials report on a user defined group (40 devices) 11 of these devices fails to connect via SSH. I can make an SSH connection to all 11 devices from the CiscoWorks server, but 11 devices still fails on the report
Device Name Read Community Read Write Community SSH 1. 149.212.XXX.164 Ok Ok Failed to connect. 2. 149.212.XXX.153 Ok Ok Failed to connect. 3. 149.212.XXX.152 Ok Ok Failed to connect. 4. 149.212.XXX.151 Ok Ok Failed to connect. 5. 149.212.XXX.150 Ok Ok Failed to connect.
I am trying to copy a setup from a Nortel IAX100 where the carrier provides two ATM PVC's over ADSL - one for voice (VoIP) and one for data (IP). Relevant lines from the backup of the IAX's configuration include the following for the PPP authentication over the voice circuit:
The null username and password for the PPP connection have me a bit stumped. Does the PPP connection not use any authenetication at all? (Is that possible/likely? How could I deubg it?) Or does does the IAX100 supply a chap/pap response with null credentails? (If so, how would I duplicate that using an instruction to a dialer interface?I am configuring an 877 with 12.4T and advanced IP services.
We have a building with 6 Cisco Airnet 1140 connected to a Cisco 2100 WLC, all tied into a nice Central Certificate server and a Win2008 NPS/Radius server on a Win2008 AD. Our trusted PC wireless access is fine, with domain laptops with certificates authenticating with DHCP all round the building. We use GP to apply settings to an AD integrated Proxy server for internet access.
The problem I now have is with guest access...
We are an education establishment, so students could turn up with anything from a laptop to an iPad to an Android phone, which immediately rules out using proxy PAC files to configure the proxy.
What I really want is a method of using the radius to verify the guest user against their existing AD user account, which I believe is possible. The one snag we have is in order to avoid the user having to configure the Internet proxy we would have to switch it to a transparent mode, which immediately restricts our ability to report on AD username, we would only have an IP address to report on, which is next to useless!
We've looked at a Gateway product (Astaro), which integrates the Filtering onto the Gateway, but the downside is that you have to use their APs, so we would be replicating existing work, whilst also managing two filters.
I'm trying to configure WLAN authentication on my WCS to prompt users about their credentials.I'm using a Windows 2008 NPS as Radius server but I can also use a Cisco ACS 3.3 if needed.With each setup I tried, the credentials are sent automatically to the Radius server using the Windows user session credentials.How can I force the WCS to ask for a username and password before sending them to the Radius Server ?
To enable our receptionits to print a guest user ticket on a small A8 ticket printer I'm looking for a way to adjust the layout and formatting of the guest account credentials page.
I have searched through the javascript and css files but with no success.
Does WLC 5508 has capability to create login credentials with specific time of validity? Could it be used in hotel set-up to provide prepaid access account to guest?
We are running ACS 5.2 patch 6 and want to restrict access for users to be able to add devices to the system.For example, admin person in site A can only add devices into the site A group and cannot see/access other sites groups.
We are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy? Can the message be displayed when the action is "Continue" rather than "Terminate"? I can't seem to get this to work and wondered if there was a LUA function to do this.
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.
I have ASA 5510 with CSC-SSM-10 .ASA 5510 IOS version- 8.4.2 and CSC-SSM-10 IOS version 6.6.1162.Web filtering is working fine with respective to my configuration.From yesterday morning, i was facing issue with the sites like gmail, webmail.After giving credentials like username and password in the web page, the page is not resonding.In troubleshooting process, i removed all the acls, class maps which will direct all the traffic towards the CSC. In this scenario all my mail service sites are opening.If we apply the these ACLs and Class-Maps, only my mail service sites only affecting.
We have a Linksys WRT120N wireless router set up at one of our small offices. I noticed recently when trying to log in to the router to make some admin configurations that it will not accept the login credentials when trying to log in from IE10 browser. Works fine from Chrome, IE9, ect. logging in to a linksys router with IE10?
I have made a test lab on packet tracer with three routers in triangle shape after each router i connected a switch with on each switch four end devices . now i want to make a routing table on each router, but the probleme is that each time i get an error "invalid next hop address ( its this router)". i am sure its the right gateway i type in .
I did some testing in WLC in our company wireless network.However, after my 3 hours testing, I had tried to login WLC again by GUI and SSH. The admin username and password does not work any more. All Read only and Guest Account did not work as well.Is any one had this issue before? Is there a restriction for access to WCL per 3 hours or one day? By the way, I did not change any password.
I have a small problem with a lot of invalid syslog messages in LMS 3.2. Something about 30% of all messages are invalid.
Is there any posibility to get out from which devices those messages are?
Is it a big problem for the application if there are such a lot of invalid messages? I have a lot of devices in my LMS and don't want to get high load because of such unneeded messages.
