ACS5 : Invalid EAP payload dropped

Similar Messages

• 802.1x wired EAP requestes dropped by clients

  Dears,
  i am facing the following problems with most of my windows 7 machines in the network.
  we have an Aruba CPPM NAC solution that we integrated with our Domain Controller.
  Once a windows 7 clients try to connect to the network everything works well then after a couple of seconds the client a disconnected. i did some sniffing on the network and found that the authentication is working well and the NAC starts sending EAP requests
  to the client and the client answers with EAP replies. everything works well for the first 4 requests then when the 5th request is sent to the client, the client drops it and no replies are sent back to the NAC solution.
  it's a very weird problem and can't understand why it's always on the 5th EAP request the client stops replying.
  I tried formatting one of the PCs and joining it to the domain and testing the solution, everything went well but it won't be possible for me to format 2000 PCs to get the solution running.
  is it possible to get your support with this issue?
  regards,
  Joseph Salameh.

  Hi,
  In some cases, routers or firewalls drop packets because they are configured to discard packets that require fragmentation.
  Did you use NPS for authentication?
  Follow this procedure to lower the maximum size that NPS uses for EAP payloads by adjusting the Framed-MTU attribute in a network policy.
  Configure the EAP Payload Size
  http://technet.microsoft.com/en-us/library/cc755205%28v=ws.10%29
  Hope this helps.

• In obiee 11.1.1.6.2 analytics error "Invalid JSON payload ....."

  Hi Friends,
  We are use obiee 11.1.1.6.2 analytics in both Firefox and IE 7. When we save an report in catalog/shared/newfolder/report1 .After 10 mins or so, when we try to open it again , it pops up an error message about invalid json payload and report comes up correct later. That error only pops up for some fraction of second. Its irritating because it keeps on displaying on screen when you open any saved report . we tried clearing browser cache and still problem exist . I read other thread regarding this ,but could not resolve with their solution . please help
  Thanks,
  Srikanth.

  Could you Clear the browser cache and re-load the page or log in to OBIEE.
  if its not working then try to Re-deploy the Analytics Application, using the file $Middleware_Home\Oracle_BI1\bifoundation\jee\analytics.ear
  Do let me know for any updates?

• Problem in ACS5.1 : "EAP session timed out", "RADIUS Request dropped "

  Hi .
  Part of my access points do not want to authenticate wi-fi users (through Radius server and Microsoft AD) .
  The scheme is: wi-fi PC-access point -ACS server 5.1 (Radius)-Microsoft AD
  After I  configured some AP, next logs we can see :
  EAP session timed out (many)
  RADIUS Request dropped (many)
  Could not establish connection with ACS Active Directory agent
  User's Groups retrieval from Active Directory failed
  The user is not found in the internal users identity store.
  Another part of devices (AP) works well.
  Anyone can help me to solve this problem please?

  Hi Nicolas.
  In logs usually we see some steps of beginning relations between devices. But here we see only one log line:
  What can it mean?
  The other messages seem to indicate that there is a problem with your AD. Did you test the bind ? Can you retrieve the AD groups list from ACS ?
  Yes, we tested relations between AD and ACS, AD groups list retrieve fine from AD. In addition half of devices in network works fine: wi-fi devices authenticates excellent .
  Do you use AD with the ACS for another part of your network that would be working fine ?
  Yes, there is single AD and ACS.

• SOAP Payload Error in AE

  Hi All,
  We are facing a production issue for SOAP Receiver Comm channel.
  In the Adapter Engine the messages are stuck in System Error state and only SOAP document is there in message content but no payload drop down is coming.
  There are few successful messages also in between where the payload is also visible.
  Also the same error payload when tested in Quality environment is visible in the Adapter engine.
  Could you suggest what could be the reason?
  Thanks,
  Ankesh

  Ankesh
  I would always have a HTTP client to debug any kind of SOAP or HTTP adapter problems, you can exactly see what you are receiving.
  If you are still experiencing same issue, please let me know, I can send you the HTTP server and HTTP client that I wrote in java.
  Regards.

• ACE Drop (Dest nat fail):

  Hi All,
  I'm using ACE module A2(2.4)
  I'm trying to use parameter server-conn reuse, but clients get sometimes statuscode 503.
  A#1/Test1# show np 1 me-stats "-socm -v"
  OCM Statistics: (Current)
  Errors:                                           0             0
  Connection create received:               231121503          1142
  LB dest decision received:                365473159          1473
  Nat app fixup recieved:                           0             0
  Connection unproxy received:               52997475           393
  Connection reproxy received:               51249279           375
  IPCP received:                                83227             2
  ACK trigger received:                      52733008           390
  TCP connected received                    218498529          1065
  Unknown message received:                         0             0
  Drop [LB dest decision fail]:                 29392             0
  Drop [invalid ifid]                               0             0
  Drop [Out of buffers]:                            0             0
  Dest decision transmitted:                248735645          1174
  TCP connect transmitted:                  212827881           828
  ACK trigger transmitted:                         12             0
  IPCP transmitted:                             83227             2
  NAT[static mapped]:                               0             0
  NAT[static real]:                                 0             0
  NAT[xlate alloc fail]:                            0             0
  NAT[xlate real hit]:                              0             0
  NAT[xlate mapped hit]:                            0             0
  NAT[invalid xlate]:                               0             0
  NAT[dump xlate]:                                  0             0
  NAT[xlate release failed]:                        0             0
  NAT Pool Alloc [fail]:                            0             0
  NAT Pool Alloc [addr]:                            0             0
  NAT Pool Alloc [addr/port]:                33689970            81
  NAT Pool Free [addr]:                             0             0
  NAT Pool Free [addr/port]:                 33689214            88
  NAT Pool Free [orphan IP]:                        0             0
  Reuse retrieve link update conn invalid           0             0
  Reuse retrieve link update conn not on r          0             0
  Reuse retrieve success but conn invalid:          0             0
  Drop [Next Hop queue full]:                       0             0
  Reuse retrieve miss:                         845627             3
  OCM Packet count (Hi & Lo):               976499360          4850
  Packet forward received:                    4343180            10
  NAF Error [no route or unresolved adjace          0             0
  NAF Error [nat resp fail]:                        0             0
  UDP Chaser received:                          10406             0
  (Context 1 Statistics)
  Drop [out of connections]:                        0             0
  Drop [out of proxies]:                            0             0
  Drop [out of ssl]:                                0             0
  Drop [mac lookup fail]:                           0             0
  Drop [route lookup fail]:                         0             0
  Drop [nat fail]                                   0             0
  Drop [ip sanity check fail]                       0             0
  Drop [acl deny]:                                  0             0
  Drop [redundant connection]:                      0             0
  Connection inserted:                         862670             3
  Packet message transmitted:                 6409302           230
  Reuse conns retrieved:                      6390611           238
  Drop [Reproxy fail]:                            171             0
  Drop [dest nat fail]:                         58286             2
  The last counter is increasing. What does it mean? Can this be the problem?
  I do not get 503 in the retcode map of the servers.
  Regards
  Mats

  Hi Mats,
  I find it very strange that the ACE is sending a 503 message back to the client, because, in case of issues, it normally just resets the connection. With that in mind, we should also investigate the server itself.  This is not trivial, so, you should open a TAC case.
  Let me just explain the meaning of the "Drop [dest nat fail]" counter. It will be incremented if, after a connection has been natted, one of the servers tries to open a new connection against the natted IP and port. This shouldn't happen unless you are using a protocol composed of several connections (for example, FTP)
  Regards
  Daniel

• Keep getting invalid certificate notifications on certain sites on Safari. How do I get sites to trust?

  About a week ago my MB Pro (wife's computer) said date and location was lost. Wife went in and reset. A day later on my side I started getting invalid certification notices dropping down from menu bar. Mostly an annoyance and would either click cancle or resume. However some sites, Facebook in particular, I lost the page altogether. I get a white screen with blue and whit text along left margin. I've worked with an online tech for 4 days and have not resolved. Does anyone know the fix or had similar problem. I'm at wits end.

  You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History > Show All History" or "View > Sidebar > History") or via the about:permissions page.
  Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks, cookies, passwords, cache, history, and exceptions, so be cautious and if you have a password or other data from that domain that you do not want to lose then make sure to backup this data or make a note.
  You can't recover from this 'forget' unless you have a backup of the involved files.
  It doesn't have any lasting effect, so if you revisit such a 'forgotten' website then data from that website will be saved once again.

• The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server

  wireless authentication not working 
  I found the following in the radius
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          1/15/2014 2:07:57 AM
  Event ID:      6273
  Task Category: Network Policy Server
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:     NAP01.test.local
  Description:
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
   Security ID:   doamin \user.a
   Account Name:   user.a
  Client Machine:
   Security ID:   NULL SID
   Account Name:   -
   Fully Qualified Account Name: -
   OS-Version:   -
   Called Station Identifier:  00-0F-7D-C4-45-20:staff
   Calling Station Identifier:  0C-74-C2-EF-Dd-0B
  NAS:
   NAS IPv4 Address:  192.168.9.10
   NAS IPv6 Address:  -
   NAS Identifier:   -
   NAS Port-Type:   Wireless - IEEE 802.11
   NAS Port:   497
  RADIUS Client:
   Client Friendly Name:  wcont1
   Client IP Address:   192.168.9.10
  Authentication Details:
   Connection Request Policy Name: Wireless
   Network Policy Name:  wism
   Authentication Provider:  Windows
   Authentication Server:  NAP01.test.local
   Authentication Type:  EAP
   EAP Type:   -
   Account Session Identifier:  -
   Logging Results:   Accounting information was written to the local log file.
   Reason Code:   22
   Reason:    The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
  Please help

  Hi,
  Anything updates?
  In addition, this issue may also because your client didn't have CA certificate of your domain. Please make sure that your client has CA certificate.
  Besides, the error "The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server" may be due to that the default maximum transmission unit that NPS uses for EAP payloads is 1500
  bytes. You can lower the maximum size that NPS uses for EAP payloads by adjusting the Framed-MTU attribute in a network policy to a value no greater than 1344:
  Configure the EAP Payload Size
  Best regards,
  Susie

• Facing issue in integrating with Cisco ISE

  We are trying to integrate our product(Cisco Prime Infrastructure) with Cisco ISE for Authentication and Authorizations. We already support PAP/CHAP, and not trying to add support for EAP-TLS.
  Currently during our integration, facing TLS payload errors. We are using jradius library for talk to Cisco ISE for authentication and facing the below TLS error in ISE logs. Tried with Cisco ISE 1.2 and 1.3 versions.
  Event                                    5400 Authentication failed         
  Failure Reason                  11500 Invalid or unexpected EAP payload received        
  DetailedInfo                      TLS packet parsing failed: total accumulated size plus this last fragment size is greater than expected total TLS message size
  Any pointers to resolve this problem or any other free java based client library instead of jradius which is tried out successfully with Cisco ISE would also be great.
  Regards
  Chandrakumar

  DECLARE
  CURSOR s_cur
  IS
  SELECT eno FROM emp;
  TYPE fetch_array IS TABLE OF s_cur%ROWTYPE;
  s_array fetch_array;
  BEGIN
  OPEN s_cur;
  FETCH s_cur
  BULK COLLECT INTO s_array;
  CLOSE s_cur;
  FORALL i IN 1 .. s_array.COUNT
  INSERT INTO (select eno from emp_temp)
  VALUES s_array (i);
  END;
  Its working, but not understood the concept.
  INSERT INTO  (select eno from emp_temp)
  VALUES s_array (i);
  How it works?

• How about joining IEEE 802.1X wired client to a AD domain ?

  http://technet.microsoft.com/en-us/library/bb727033.aspx
  This nice Technet link says clearly that there is three methods could be used for joining Wireless IEEE 802.1X client to a domain. Do these methods also apply for joining Wired IEEE 802.1X clients to a domain ?

  Hi,
  In some cases, routers or firewalls drop packets because they are configured to discard packets that require fragmentation.
  Did you use NPS for authentication?
  Follow this procedure to lower the maximum size that NPS uses for EAP payloads by adjusting the Framed-MTU attribute in a network policy.
  Configure the EAP Payload Size
  http://technet.microsoft.com/en-us/library/cc755205%28v=ws.10%29
  Hope this helps.

• New column in ODI 11g Target

  Hi All,
  I am trying to import source gl_balances table to target table w_gl_balances.
  In this target table I have created new column called BUDGET. Other columns are auto mapped to the target table.
  BUDGET column mapping expression is DECODE(GL_BALANCES.ACTUAL_FLAG,'B', GL_BALANCES.PERIOD_NET_DR-GL_BALANCES.PERIOD_NET_CR, 0)
  While running this interface I am getting error like ora-00904 "BUDGET": Invalid identifier.
  Kindly advice regarding this.
  Thanks in advance.

  Do you have FLOW Control enabled - CKM being used ?
  Then most likely, the E$ table that was created with earlier version of the target table still exists and doesnt contain the BUDGET column and hence you get the error of invalid identifier.
  Drop the E$ table and ODI will recreate that table with the updated definition.

• Problem with a job

  DECLARE
  X NUMBER;
  BEGIN
  SYS.DBMS_JOB.SUBMIT
  ( job => X
  ,what => 'create table imad (test1 number(3,2),test2 varchar2(20));'
  ,next_date => to_date('12/07/2006 11:26:34','dd/mm/yyyy hh24:mi:ss')
  ,interval => 'SYSDATE+30/1440 '
  ,no_parse => TRUE
  END;
  and when i execute the job it gives me the error message:
  ORA-12011: execution of 1 jobs failed
  ORA-06512: at "SYS.DBMS_IJOB", line 406
  ORA-06512: at "SYS.DBMS_JOB", line 270
  ORA-06512: at line 1
  i dont understand ???

  Not the best of ideas to create tables dynamically in Oracle - or any database.
  One example - stored proc using that table becomes invalidated when you drop that table. And stays invalidated even after the table has been added again. The code needs to be recompiled. Another example - indexes added to optimise access to the table. Drop and create the table dynamically, you need to do the same for the indexes. But what happens when someone adds a new index that is not hardcoded into the create index code?
  Dealing with permanent objects in a database as dynamic objects (to be created and dropped at whim) is simply an ugly and messy "solution".
  Permanent objects are not intended to be used this way - that is why there features like temporary tables, name value contexts, etc. Or for "semi-permanent" objects features like partitioning (e.g. dealing with tables containing a sliding window period of data).
  It is important to use the right tool for the job to create a performing and scalable solution - it is seldom that dynamically creating and dropping tables are part of such a solution.

• Unable to display tree view; Error when parsing an XML document (Premature end of file.)

  Hi folks,
  I am using a cascaded mapping in my OM. I have a graphical mapping followed by the Java mapping. It is a flat file to IDOC mapping. Everything works fine in Dev but when I transport the same objects to QA, the Operation mapping though it doesn't fail in ESR testing tool, gives the following message and there is no output generated for the same payload which is successfully tested in DEV. Please advise on what could be the possible reasons.
  Unable to display tree view; Error when parsing an XML document (Premature end of file.)

  kalyan,
  There seems to be an invalid xml payload which causes this error in ESR not generating the tree view. Please find the similar error screenshot and rectify the payload.
  Mutti

• Can not Deploy Task Display Form[Workflow] in 11g

  Hi,
  I have created a human task based on the example 'VacationRequest' in the oracle complete guide for 11g.
  i have also created a Task display form(workflow) for the human task, the workflow is a seperate project in the same application.
  I am able to deploy the BPEL process containing the human task.
  but when i try deploying the workflow associated to the BPEL process, i get the following error during deployment..
  [04:36:23 PM] ---- Deployment started. ----
  [04:36:23 PM] Target platform is (Weblogic 10.3).
  [04:36:25 PM] Entering Target Selection Dialog
  [04:36:28 PM] Retrieving existing application information
  [04:36:38 PM] Running dependency analysis...
  [04:36:38 PM] Building...
  [04:38:06 PM] Deploying profile...
  [04:38:09 PM] Wrote Web Application Module to C:\JDeveloper\mywork\VacationRequest\TestFlow\deploy\TestFlow.war
  [04:38:10 PM] Deploying Application...
  [04:38:31 PM] [Deployer:149191]Operation 'deploy' on application 'TestFlow' is initializing on 'soa_server1'
  [04:38:44 PM] [Deployer:149193]Operation 'deploy' on application 'TestFlow' has failed on 'soa_server1'
  [04:38:44 PM] [Deployer:149034]An exception occurred for task [Deployer:149026]deploy application TestFlow on soa_server1.: Failed to load webapp: 'TestFlow.war'.
  [04:38:44 PM] Weblogic Server Exception: weblogic.application.ModuleException: Failed to load webapp: 'TestFlow.war'
  [04:38:44 PM] Caused by: java.lang.ClassNotFoundException: oracle.adf.library.webapp.ResourceServlet
  [04:38:44 PM] See server logs or server console for more details.
  [04:38:44 PM] weblogic.application.ModuleException: Failed to load webapp: 'TestFlow.war'
  [04:38:44 PM] #### Deployment incomplete. ####
  [04:38:44 PM] Deployment Failed
  I am following all the steps in the tutorial.
  tutorial details:
  name: Developer’s Guide for Oracle SOA Suite 11g Release 1 (11.1.1)
  page number: *589.(How To Create a Task Display Form Using the Complete Task with Payload Drop Handler)*
  How can I solve this issue ?
  Response requested at the earliest......

  While deploying the example 'VacationRequest' in the oracle complete guide for 11g, i got an exception like this
  "12:08:15 PM] Deploying Application...
  [12:11:16 PM] [Deployer:149191]Operation 'deploy' on application 'VacationRequestTaskFlow' is initializing on 'soa_server1'
  [12:11:24 PM] [Deployer:149034]An exception occurred for task [Deployer:149026]deploy application VacationRequestTaskFlow on soa_server1.: [Deployer:149145]Unable to contact 'bam_server1'. Deployment is deferred until 'bam_server1' becomes available.; nested exception is:
       java.rmi.UnknownHostException: Could not discover administration URL for server 'bam_server1'.
  [12:11:24 PM] [Deployer:149193]Operation 'deploy' on application 'VacationRequestTaskFlow' has failed on 'soa_server1'
  [12:11:24 PM] [Deployer:149034]An exception occurred for task [Deployer:149026]deploy application VacationRequestTaskFlow on soa_server1.: Failed to load webapp: 'VacationRequestTaskFlow.war'.
  [12:11:24 PM] Weblogic Server Exception: weblogic.application.ModuleException: Failed to load webapp: 'VacationRequestTaskFlow.war'
  [12:11:24 PM] Caused by: java.lang.ClassNotFoundException: oracle.adf.library.webapp.ResourceServlet
  [12:11:24 PM] See server logs or server console for more details.
  [12:11:24 PM] weblogic.application.ModuleException: Failed to load webapp: 'VacationRequestTaskFlow.war'
  [12:11:24 PM] #### Deployment incomplete. ####
  [12:11:24 PM] Deployment Failed"
  Can anyone help in this.

• Composite Application with a Task Flow and form created manually

  Hi,
  I'm using Oracle SOA Suite 11G and i'm trying to create a task form for a human task without using the auto generate wizards and i'm having trouble getting the form to show in BPM worklist.
  I have followed instructions in the developers guide to create the form against the human task including the following
  27 Designing Task Forms for Human Tasks
  27.4.3 How To Create a Task Form Using the Complete Task with Payload Drop Handler
  27.8 Deploying a Composite Application with a Task Flow
  After i deploy and test, the task appears and works correctly in BPM worklist, but the form does not show. This is when i have the task form within a composite application or in a separate project. When i generate the form automatically using the wizards, this all works fine.
  Updated: Noticed that when i create the task form manually and deploy it does not create entries as per instructions
  20.3 Managing the URI of the Human Task Service Component Task Details Application
  I have the details in hwtaskflow.xml, but for some reason, they are not automatically created... It is annoying to have this created each time...
  Am i missing something? I don't see any errors in BPM worklist or on the server. Any advice would be appreciated.
  Thanks
  Edited by: user5535771 on Mar 12, 2010 5:01 PM

  Hi Duncan,
  Thanks for your reply.
  The later option of not using Query_Only would involve massive custmizations, as there are so many forms apart from the absence forms.
  There is just one taskflow that contains the person, assignment, Absence and SIT screen, how can we do like an standalone absence screen does not have tehe query only as Yes.
  Please let me know in case you dint get me i will mention my development steps in points.
  Many Thanks,
  Vineet