AnyConnect Group Authentication With Cisco ISE and Downloadable ACLs (Part 2)
KB ID 0001156 Problem Carrying on from PART 1 Solution Add > Create Before. Edit the Policy Giv the policy set a name and description > Create a new condition. Set Description to Device Type. Equals > All Device Types (The Device Group You Created Above). Add attribute value. Set Description to RADIUS. NAS-Port-Type-[61]. Equals > Virtual. Edit the Authentication Policy. Change the identity source to the the identity...
AnyConnect Group Authentication With Cisco ISE and Downloadable ACLs (Part 1)
KB ID 0001155 Problem To be honest it’s probably a LOT easier to do this with Dynamic Access Policies, but hey, if you have ISE then why not use it for RADIUS, and let it deploy downloadable ACL’s to your remote clients and give them different levels of access, based on their group membership. I’m going to keep things simple, I will have a group for admins that can access anything, and a group for users that can only...
Active Directory Federation Services – Certificate Error ‘CNG Key’
KB ID 0001129 Problem When installing the Active Directory Federation Services Role, you need to supply a certificate. I was running this up using a self signed wildcard certificate when this happened; The certificate with the specified thumbprint {thumbprint} has a Cryptographic Next Generation (CNG) private key. The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy...
Event ID 8213
KB ID 0000144 Problem Event ID 8213 System Attendant Service failed to create session for virtual machine <servername>. The error number is 0xc007052e. Admin password on the Administrative group (In Exchange) needs changing to the correct domain admin password. NOTE only happens if you have an Active Directory Connector installed. Solution 1. Start > All Programs > Microsoft Exchange > Exchange System Manager. 2....
Event ID 1026
KB ID 0000134 Problem Event ID 1026 The DNS server was unable to create a name in memory for name “<host name>” in zone “<zone name>” in the Active Directory. This directory name is ignored. Use the DNS console to recreate the records associated with this name or check that the Active Directory is functioning properly and reload the zone. The event data contains the error. DNS cant be updated with...