AM 7.1 CDSSO Could not get agent for the realm

Hi,
We are trying to configure the Cookie highjacking fix in AM 7.1 and apache agent 2.2. When we try to go the agent, the browser gets redirected to the Access Manager. After authentication, I get the error message on the browser "resource access denied".
On the AM side, I get following error in amCDC file:
04/19/2007 06:19:19:919 PM PDT: Thread[service-j2ee-3,5,main]
CDCServlet Initializing...
04/19/2007 06:19:19:922 PM PDT: Thread[service-j2ee-3,5,main]
CDCServlet init params. Restricted Token Enabled: false Auth URL Cookie Name: sunIdentityServerAuthNServer Auth URL Cookie Domain:Deployment Descriptor: /amserver
04/19/2007 06:19:19:925 PM PDT: Thread[service-j2ee-3,5,main]
CDCServlet.doGetPost: Query String received: goto=http%3A%2F%2Feauthdev.etc.net%2Fcgi-bin%2Fprintenv%3FsunwMethod%3DGET&RequestID=15432&MajorVersion=1&MinorVersion=0&ProviderID=http%3A%2F%2Feauthdev.etc.net%3A80%2Famagent&IssueInstant=2007-04-19T18%3A19%3A19Z
04/19/2007 06:19:19:934 PM PDT: Thread[service-j2ee-3,5,main]
SSOException caught: com.iplanet.sso.SSOException: Invalid session ID.
04/19/2007 06:19:20:430 PM PDT: Thread[service-j2ee-3,5,main]
Forwarding for authentication to: /UI/Login?goto=%2Famserver%2Fcdcservlet%3FTARGET%3Dhttp%253A%252F%252Feauthdev.etc.net%252Fcgi-bin%252Fprintenv%253FsunwMethod%253DGET%26RequestID%3D15432%26MajorVersion%3D1%26MinorVersion%3D0%26ProviderID%3Dhttp%253A%252F%252F
eauthdev.etc.net%253A80%252Famagent%26IssueInstant%3D2007-04-19T18%253A19%253A19Z
04/19/2007 06:19:27:293 PM PDT: Thread[service-j2ee-4,5,main]
CDCServlet.doGetPost: Query String received: TARGET=http%3A%2F%2Feauthdev.etc.net%2Fcgi-bin%2Fprintenv%3FsunwMethod%3DGET&RequestID=15432&MajorVersion=1&MinorVersion=0&ProviderID=http%3A%2F%2Feauthdev.etc.net%3A80%2Famagent&IssueInstant=2007-04-19T18%3A19%3A19Z
04/19/2007 06:19:27:294 PM PDT: Thread[service-j2ee-4,5,main]
WARNING: Advice List is : null
04/19/2007 06:19:27:294 PM PDT: Thread[service-j2ee-4,5,main]
CDCServlet.doGetPost: targetURL = http://eauthdev.etc.net/cgi-bin/printenv?sunwMethod=GET
04/19/2007 06:19:27:294 PM PDT: Thread[service-j2ee-4,5,main]
CDCServlet.doGetPost: gotoURL = http://eauthdev.etc.net/cgi-bin/printenv?sunwMethod=GET
04/19/2007 06:19:27:321 PM PDT: Thread[service-j2ee-4,5,main]
CDC Servlet: Directory matches for http://eauthdev.etc.net:80/ is:{AMIdentity object: id=eauthdev_apache_8080,ou=agent,dc=mycompany,dc=com AMSDKDN=uid=eauthdev_apache_8080,ou=agents,dc=mycompany,dc=com={sunidentityserverdevicestatus=[Active], sunidentityserverdevicekeyvalue=[agentRootURL=http://eauthdev.etc.net:80/]}}
04/19/2007 06:19:27:400 PM PDT: Thread[service-j2ee-4,5,main]
WARNING: Invalid GoTo URL: http://eauthdev.etc.net/cgi-bin/printenv?sunwMethod=GET for Agent ID: http://eauthdev.etc.net:80/
04/19/2007 06:19:27:400 PM PDT: Thread[service-j2ee-4,5,main]
ERROR: CDCServlet.doGetPost:Exception occured
java.lang.Exception: Invalid Agent: Could not get agent for the realm
at com.iplanet.services.cdc.LdapSPValidator.validateAndGetRestriction(LdapSPValidator.java:200)
at com.iplanet.services.cdc.CDCServlet.redirectWithAuthNResponse(CDCServlet.java:288)
at com.iplanet.services.cdc.CDCServlet.doGetPost(CDCServlet.java:247)
at com.iplanet.services.cdc.CDCServlet.doGet(CDCServlet.java:194)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:796)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:391)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:297)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:178)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:178)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:270)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:241)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:182)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:160)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at com.sun.webserver.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:149)
at com.sun.webserver.connector.nsapi.NSAPIConnector.service(NSAPIConnector.java:995)
Does anybody knows what is going wrong?
Thanks in advance,
Vivek

One more thing Vivek : seems like the problem comes from the fact that the there's 3 checks done to ensure the goto URL matches what's in the agent profile, and one of them (the port check) fails.
agentRootURL has port 80. The gotoURL doesn't.
Try not specifying a port number for key agentRootURL and tell me if that works.
Side note : it seems you might not have the following property enabled in your AMConfig.properties :
com.sun.identity.enableUniqueSSOTokenCookie = true
HTH,
N.

Similar Messages

  • CDSSO Invalid Agent: Could not get agent for realm

    Hi,
    This post follows on from a previous post (http://forum.java.sun.com/thread.jspa?threadID=5276012) but describes a subsequent problem.
    I'm getting the following error in my amCDC log. I believe it is related to the post (http://forum.java.sun.com/thread.jspa?threadID=5162908&messageID=9623898)
    03/18/2008 10:17:58:826 AM GMT: Thread[httpSSLWorkerThread-443-0,10,Grizzly]
    CDCServlet.doGetPost: Query String received: goto=http%3A%2F%2Fbonecrusher.test.local%3A80%2F%3FsunwMethod%3DGET&RequestID=20798&MajorVersion=1&MinorVersion=0&ProviderID=http%3A%2F%2Fbonecrusher.test.local%3A80%2Famagent&IssueInstant=2008-03-18T10%3A18%3A09Z
    03/18/2008 10:17:58:826 AM GMT: Thread[httpSSLWorkerThread-443-0,10,Grizzly]
    SSOException caught: com.iplanet.sso.SSOException: Invalid session ID.
    03/18/2008 10:17:59:091 AM GMT: Thread[httpSSLWorkerThread-443-0,10,Grizzly]
    Forwarding for authentication to: /UI/Login?goto=%2Famserver%2Fcdcservlet%3FTARGET%3Dhttp%253A%252F%252Fbonecrusher.test.local%253A80%252F%253FsunwMethod%253DGET%26RequestID%3D20798%26MajorVersion%3D1%26MinorVersion%3D0%26ProviderID%3Dhttp%253A%252F%252Fbonecrusher.test.local%253A80%252Famagent%26IssueInstant%3D2008-03-18T10%253A18%253A09Z
    03/18/2008 10:18:04:482 AM GMT: Thread[httpSSLWorkerThread-443-2,10,Grizzly]
    CDCServlet.doGetPost: Query String received: TARGET=http%3A%2F%2Fbonecrusher.test.local%3A80%2F%3FsunwMethod%3DGET&RequestID=20798&MajorVersion=1&MinorVersion=0&ProviderID=http%3A%2F%2Fbonecrusher.test.local%3A80%2Famagent&IssueInstant=2008-03-18T10%3A18%3A09Z
    03/18/2008 10:18:04:482 AM GMT: Thread[httpSSLWorkerThread-443-2,10,Grizzly]
    WARNING: Advice List is : null
    03/18/2008 10:18:04:482 AM GMT: Thread[httpSSLWorkerThread-443-2,10,Grizzly]
    CDCServlet.doGetPost: targetURL = http://bonecrusher.test.local:80/?sunwMethod=GET
    03/18/2008 10:18:04:482 AM GMT: Thread[httpSSLWorkerThread-443-2,10,Grizzly]
    CDCServlet.doGetPost: gotoURL = http://bonecrusher.test.local:80/?sunwMethod=GET
    03/18/2008 10:18:04:482 AM GMT: Thread[httpSSLWorkerThread-443-2,10,Grizzly]
    CDC Servlet: Directory matches for http://bonecrusher.test.local:80/ is:{AMIdentity object: id=TestCDSSOAgent,ou=agent,dc=test-sun,dc=local={objectclass=[person, inetorgperson, organizationalperson, inetuser, top], sunIdentityServerDeviceKeyValue=[agentRootURL=http://bonecrusher.test.local:80/, agentRootURL=http://bonecrusher.test.local/], sunIdentityServerDeviceStatus=[Active], userpassword=[Q8Ea8sKa1CMyUaxgkqhC0PVeKV8=]}}
    03/18/2008 10:18:04:482 AM GMT: Thread[httpSSLWorkerThread-443-2,10,Grizzly]
    CDC Servlet: Restriction string for: http://bonecrusher.test.local:80/ is: id=TestCDSSOAgent,ou=agent,dc=test-sun,dc=local [bonecrusher.test.local, bonecrusher.test.local]
    03/18/2008 10:18:04:482 AM GMT: Thread[httpSSLWorkerThread-443-2,10,Grizzly]
    ERROR: CDCServlet.doGetPost:Exception occured
    java.lang.Exception: Invalid Agent: Could not get agent for the realm
    at com.iplanet.services.cdc.LdapSPValidator.validateAndGetRestriction(LdapSPValidator.java:200)
    at com.iplanet.services.cdc.CDCServlet.redirectWithAuthNResponse(CDCServlet.java:303)
    at com.iplanet.services.cdc.CDCServlet.doGetPost(CDCServlet.java:262)
    at com.iplanet.services.cdc.CDCServlet.doGet(CDCServlet.java:208)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:718)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
    Based on the previous post I believe it has something to do with the validity checks performed by the CDC. The post describes 3 checks and I believe my solution is failing one of these, however I am not sure which.
    As far as I understand it my logs above demonstrate that the agentRootURL is correctly set, but I'm not sure what other values are needed.
    Any advice would be greatly received.
    R

    Quick follow up :)
    This problem was caused by the Access Manager instance not being able to resolve the IP address for 'bonecrusher.test.local'
    After I added the entry for this into the hosts file everything worked.
    R

  • I have a message: "Could not get session for the OEM Repository."

    Dear Sir,
    I browsed reports that has been published in OEM. But I received an error:
    "Could not get session for the OEM Repository. Check to ensure that the OEM Repository is up."
    What can I do?
    Thank a lot

    You will need to go into your Files and locate the song.  By default, iTunes saves songs in the iTunes Media Folder which can be found in the following locations:
    Mac OS X: /Users/username/Music
    Windows XP: \Documents and Settings\username\My Documents\My Music\
    Windows Vista: \Users\username\Music\iTunes
    Windows 7 and Windows 8: \Users\username\My Music\iTunes
    If you locate your song file, when you try to play it in iTunes, you will be given an option to locate.  Navigate to the file in the pop up window and iTunes will re-path the file location.
    Most people encounter this issue when moving to a new computer or if you have your music saved on an external drive or folder that you have since moved or removed.  The imperative part is finding the song so you can re-map it.

  • Downloading artwork - "could not get artwork for some albums"

    This might have been addressed before, but I browsed the forum and couldn't find a thread. Sorry if it's been gone over several times.
    I live in Turkey and I've added albums to my iTunes. I checked the box in the Get Info next to Artwork and I selected Get Album Artwork from the Advanced tab. It scans through all the albums and then says "could not get artwork for some albums." "Some" albums means all of them actually. And the error tab details say "artwork not available." I also tried getting artwork by right clicking on a single album but I get the same error. Before it was a 609 error. Now it just says not available.
    I logged out of the store, quit iTunes, loaded it again, re-signed in to the store and tried to get artwork that way, but got the same result. No artwork. The albums are things like Let It Be, Allman Brothers, Ella Fitzgerald... Albums that should certainly have artwork available.
    I'm using Windows Vista.
    Has anyone had and conquered this problem? Any ideas on what I should do? I have 300+ albums, so getting the cover art from wikipedia would be a bit tedious. I'd appreciate any help anyone can give!

    Hello, Welcome to Apple Discussions.
    Are your songs from Audio CDs or iTunes Store? If not you may need to manually find the album artwork for them as these songs may not be listed in the iTunes Store database for your region.
    iTunes: Album art may not download properly
    http://support.apple.com/kb/TS1815
    iTunes will only download album artwork for songs that it can find in the iTunes Store. iTunes will check each song in your iTunes library and attempt to match it up with a song in the iTunes Store. If the data matches, iTunes will download the album artwork from the iTunes Store and add it to the song in your iTunes library. If iTunes does not find a particular song's artwork in the iTunes Store, you will not see an alert message. iTunes simply does not download artwork for that song.

  • Java.lang.Exception: Could not get name for DC project

    Hello Experts,
    We have a code which is downloaded from SVN repository.
    I have imported the code from my desktop into NWDS and when I try to deploy it throws,
    java.lang.Exception: Could not get name for DC project
    I have referred few threads in SCN and solution suggested is to change the workspace and create a new DC & copy the _comp from old DC.
    I tried the above solution but there are lot of build errors as we have few RFC models and it is throwing build errors for missing model reference.
    Kindly help me on how to fix the error.
    Thanks, Swarnaprakash

    Dear Swarnaprakash,
    The Web Dynpro DCs Import C:\----\user\.dtc\LocalDevelopment\DCs\sap.com\test and
    the related package for DC  is missing once check it after try to import.
    Depending on which Java compiler preferences are set, you may see some
    warnings in the "Task" view after importing the project. If the severity level for problems of type "Unused imports" (set in Preferences – Java – Compiler) has the value "Warning", the compiler will issue a warning for unused import references. Ignore these warnings!
    Still You getting means delete your .metadata before take the backup.after open the NWDS again it will set new configurations in your system.
    Thanks & Regards,
    Durga Rao.

  • Could not get stream for task attachment

    When uploading Document and Trying to view documents in Worklits we get the following error:
    <Error> <oracle.soa.services.workflow.worklist> <BEA-000000> <<oracle.bpel.services.workflow.worklist.servlet.ADFAttachmentHelper.getTaskAttachment>
    Could not get stream for task attachment:
    This seem to have been a bug on previous versions of Oracle BPM but we're receiving it on 11.1.1.7
    Any idea what might be causing this?
    someone that experienced a similar issue but was resolved bu applying a patch
    ID 1453480 - someone that experienced a similar issue but was resolved bu applying a patch
    Thanks

    Complete restart of the environment solved issue

  • Error: Could not get markup. The cookie or session is invalid or ...

    When I run the portlet getting the below error:
    Error: Could not get markup. The cookie or session is invalid or there is a runtime exception.
    I have gone through the log, it's processing the request.
    Any help on this ...

    first can you give us some idea about which product/component/platform/version are you working with. and how did you edit the 'portal prefs'.
    thanks!

  • Could not get metamodel for project

    Hallo
    Something strange happened...
    I developed ein Composited Application under SAP Netweaver 7.1 SP 3.
    Today I changed some code and run build.. And I get the error could not get metamodel for project.
    And furthmore illegal reference to a non-used resource found.
    Any Hints to resolve this problem?
    Thanks in advance
    Kind Regards!
    Ping

    Hallo
    Thanks for your reply!
    The stacktrace I dont' have. Because I had the problem before the build. Thus I cannot have any trace on the server... I don't know where I can find the trace in Devstudio.
    I closed all the project and Reopened again. Now I only have the problem as followed: (in the problem tab)
    Severity and Description     Path     Resource     Location     Creation Time     Id
    Could not get metamodel for project LocalDevelopmentLocalDevelopmentzukoprototyp(2fdictionarych.post.it.sap          LocalDevelopmentLocalDevelopmentzukoprototyp(2fdictionarych.post.it.sap     Unknown     1200043648781     35143
    But I can build the projekt and redeploy it.
    Thanks anyway and have a nice day!
    Ping

  • Could not get response for challenge?

    I could succefully use podcast capture to post video to groupblog.
    But when I used command line "pcastaction groupblog", it always said that
    "ERROR: could not get response for challenge"
    But "pcast_post2groupblog" works well for me. I wonder why this happened?
    P.S:
    I've updated my server to the latest version.

    If you look at the workflow, there is probably something in there like this:
    <string>--otp=##Groups Administrator Username:Groups Administrator Password##</string>
    That's a one time pad. I ran into this when troubleshooting our iTunes U workflow from the command line. To get my iTunes U stuff to work from the command line I had to generate a OTP each time, like so:
    $sudo pcastconfig --add_access "token" --properties "iTunes U Shared Secret"
    Except yours will be different because it's for group blog.... if indeed this is your problem. I only guessed this looking at the stock blog workflow, it uses an OTP.
    Hope that was helpful and not way off the mark.

  • COREid Federation Error: A local user session could not be created for the

    Hi,
    I installed two instances of COREid Federation in my machine. Also installed SiteMinder and LDAP. Source Domain of COREid (8101) uses LDAP as IdMBridge and Destination Domain (9101) uses SiteMinder as IdMBridge. I am trying to access the resource protected by the SiteMinder from the source domain using the URL which is constructed using the pattern given in the PDF:
    http://mymachine.domain.com:8101/shareid/saml/ObSAMLTransferService?DOMAIN=DestinationDomain&method=POST&TARGET=http://mymachine.domain.com:8887/Source/Source.html
    Assertions are generated and I can see the assertion in the Source domain and transferred to the Destination Domain.
    I get the following error in the Destination Domain Shareid Log file:
    ERROR - [http10113-Processor3] - RECEIVER: ERROR: A local user session could not be created for the assertion
    Please help me to solve this issue?
    Note: The Web agent runs on the web server instance 8887.
    SiteMinder is able to protect the resource when accessed.

    Typically that error occurs when the destinations access management system can't find the user based on the SAML attribute. Check to make sure that the attribute that you are matching on matches exactly.

  • Error "codepage could not be determined for the receiver-system"

    Hi,
    we use the idoc-adapter to send message from mySAP ERP to PI.
    All worked fine.
    So, this morning I have changed the datatype of the messageId from "char" to "int" in mySAP ERP in the customizing menue (install param). So, no message received in SAP PI.
    When I start transction "we05" in mySAPERP" I get the following error:
    "codepage could not be determined for the receiver-system" status 02.
    I have changed the datatyp to "char" but the same probleme
    Can anybody help me please?
    Regards
    Stefan

    This error shouldn't occur unless there is some modification at the OS level codepages.
    Please check the entried in the RFC destination for connecting to the XI system. Unicode settings.
    Regards,
    Prateek

  • An RFC destination could not be specified for the logical system

    Hello Experts,
    I am trying post goods receipt in EWM system in a simple inbound delivery process. It is not getting posted back in ECC. I have my RFC connection setup properly(I assume since I was able to transfer inbound delivery to EWM in first place).It seems some setting related to Outbound queue in EWM is missing.Can anyone tell me in detail what settings are required?Is it something to do with WE20 transaction?I am not sure what settings should be done there.The error log is as below-
    An RFC destination could not be specified for the logical system
    SB3CLNT011
    Message No. B1550
    Diagnosis
    An RFC destination should be specified for the logical system SB3CLNT011.
    This could not be done in this case. SB3CLNT011 is not your local logical system
    and this system is not included in the relevant Customizing tables.
    Procedure
    Check:
    RFC
    destination
    Port
    definitions
    oubound partner profile of
    message type SYNCH for this logical system
    Regards,
    Khushboo

    Hi Oritra and Suraj,
    I have checked remote connection in SM59 for both the logical system.It works fine.I understand this is more of a technical issue,but I don't have A local basis team to help me so reaching out to experts here.Can you guide me what technical settings could be checked for EWM-->ECC connection?When I execute BD82 for SB3CLNT011 it shows me green status with message "No messages have been defined for the selection conditions in the model".
    Although when I do this for EWM logical system SB3CLNT012 it shows me this with all green status-
    System SB3CLNT011 as a partner type already exists
    System SB3CLNT012 as a partner type already exists
    Port A000000018 with RFC destination SB3CLNT011 already exists
    Outbound parameters for message type SHP_IBDLV_CHANGE SHP_IBDLV_CHANGE01 already
    Outbound parameters for message type SHP_IBDLV_SAVE_REPLICA SHP_IBDLV_SAVE_REPLI
    Outbound parameters for message type SYNCH SYNCHRON already exist
    Am I missing something in WE20?
    Regards,
    Khushboo

  • IDoc type could not be determined for the IDoc

    I am trying to Post the payment run through the transaction F110.
    In the payment run log i get the following message:
    "IDoc type could not be determined for the IDoc"
    But in fact the IDoc is generated and it is displayed in We05.
    I have configured the Message type PAYEXT-PEXR2002 and EUPEXR-IDCREF01 both for the partner.
    Has anybody Idea about why this error is coming and how i can resolve this?
    This is important because in Payment run log, they need to know the IDoc number generated for that run, else it may become difficult for user to identify which IDoc was created for a particular payment run.
    Would appreciate if anyone can please help on the same.
    Thanks & Regards,
    Narayanan

    Hi,
    If you are paying the payment through F110, if the payment exceeds the limit what you are spefied in available amounts in FI12 screen. First Please check this screen.
    still if you are having any problem
    Check in the below path:
    IMG- Financial Accounting (New) - Accounts Receivable and Accounts Payable - Business Transactions - Release for Payment - 1. Create Workflow Variant for Release for Payment
    2. Assign Release Approval Procedure for Release for Payment
    3. Define Users with Authorization to Payment Release
    Thanks
    Chandra

  • RDS Gateway 2012, RemoteApp Displays "A Revocation check could not be performed for the Certificate" via RDWEB

    I have searched through the forums and there are a number of posts that are similar but all the checks they list seem to not apply to this one.
    My current setup is as follows
    All Servers are 2012 R2
    1 x DC server
    1 x RDS Gateway server with RDS Web installed
    1 x Session Host Server
    Certificate supplied by godaddy with 5 names. (included is the name of the RDS Gateway/Web server in the certificate, the internal name of the session host server is not included as the internal names are differnet to the external)
    My tests are as follows
    Navigating to the RDSWEB page from a machine inside the same network (windows 7 sp1) but not on the same domain is fine no errors and logging in and launching any published application is fine with no errors.
    However logging in on another machine that is external from the network (windows 7 sp1) is ok up to the point of launching any of the published apps I get the error about ""A Revocation check could not be performed for the Certificate". this
    prompts twice but does allow you to continue and login and use the app till the next time. If I view the certificate from the warning message all appears to be ok with all certs in the chain.
    I have imported the root and intermediate certs to each of the gateway/rdsweb server and session host server into the computer cert store just to be on the safe side. This has not helped, I have also run the following command from both windows 7 machines
    with no errors on either
    certutil -f –urlfetch -verify c:\export.cer
    I cant seem to see where this is failing and I am beginning to think there is something wrong with godaddy cert itself somehow.
    If I skip rdsweb and just use MSTSC with the gateway server settings then I can login to any machine on the network with no errors so this is only related to launching published apps on the 2012 R2 RDWEB or session host servers.
    Any help appreciated

    Hi,
    1. Please make sure the client PCs have mstsc.exe (6.3.9600) installed.
    2. If you are seeing a name mismatch error, you can set the published name via this cmdlet:
    Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
    http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
    To be clear, the above cmdlet changes the name that shows up next to Remote computer on the prompt you see when launching a RemoteApp.  You should have a DNS A record on your internal network pointing to the private ip address of your RDCB server. 
    Additionally, in RD Gateway Manager, Properties of your RD RAP, Network Resource tab, you should select Allow users to connect to any network resource or if you choose to use RD Gateway Managed group you will need to add all of the appropriate names to the
    group.
    For example, when launching a RemoteApp you would see something like Remote computer: rdcb.domain.com and Gateway server: gateway.domain.com .  Both of these names need to be on your GoDaddy certificate.
    Please verify the above and reply back so that we may assist you further if needed.  It is possible you have an issue with the revocation check but I would like you to make sure that the above is in place first.
    Thanks.
    -TP
    Thanks for the response.
    To be clear I am only seeing a name mismatch and revocation error if I assign a self signed cert to the session host as advised earlier in the thread by "Dharmesh Solanki", if I remove this and assign the 3rd party certificate I then
    just get the revocation error , I have already ran the powershell to change the FQDN's but this has not resolved the issue although the RDP connection details now match the external url for RDWEB when looking at one of the remoteapp files. The workspace
    ID still shows an internal name though inside this same file. 
    RD Gateway is already set to connect any resource, when connecting using remote app both names (RDCB/RDGateway) show as being correct and are contained within the same UCC certificate. I also already have a DNS entry for the Connection broker pointing to
    the internal ip.
    Do you know if the I need the internal name of the session host servers contained within the same UCC certificate seeing as they are different fqdn's than what I am using for external access ? I resigned the UCC certificate and included the internal name
    of the session host server to see if this would help but for some reason I am still seeing the revocation error. I will check on a windows 8 client pc this evening to see if this gets any further as the majority of the testing has been done on windows 7 sp1
    client pc's
    Thanks

  • SCCM 2012 SP1 - OS Deployment - hash could not be matched for the downloded content

    I've got a newly deployed SCCM 2012 SP1 running on Windows Server 2012. The W2K12 runs as vm on ESX 5.1. I'm having very odd issues with OS deployment. The TS keeps failing when processing SCCM client installation - it downloads the package but then it fails
    straight away with the 80091007 - hash values couldn't be matched error - some extract from smsts.log attached below. It's very consistent, it happens every time - it downloads and applies the image fine straight after that it bombs out.
    What is very interesting is that it works perfectly fine when I deploy vms (on the same or different host) - the issue seems to be be only affecting physical machines (laptops desktops). This might suggest some network issues (vSwitch with Cisco switches) but
    the config on the switch is very simple and this shouldn't be the case.
    I had a few virtualised SCCM 2007 installations (ESX 5 and 4) and it always worked with no problems.
    I tried to recreate the package (changing source directory), turn binary differential replication on and off, copy the content of the package to the dist point or not copy. Push client installation (or other package deployments) work fine
    When I tried to deploy with no download - sometimes it works but most of the time I'd get the files/folder corrupt error (can't remember the No)
    This is starting to drive me crazy - There are some significant changes in the way SCCM 2012 is validating package integrity (like Content Lib folder) but the consistency of this problem is just very odd.
    Anyone has any clues?
    thanks
     - Downloaded file from http://GTKVMGMT05.GTK.LOC...m?/x64/wic_x64_enu.exe to C:\_SMSTaskSequence\Packages\GTK0000C\x64/wic_x64_enu.exe 
     - Download done setting progress bar to 100
    VerifyContentHash: Hash algorithm is 32780
    c:\_smstasksequence\packages\GTK0000c\i386 is a directory. Setting directory security
    c:\_smstasksequence\packages\GTK0000c\x64 is a directory. Setting directory security
     - Hash could not be matched for the downloded content. Original ContentHash = 5EF3A189C48F3469440A83026EC8ECD36EAD6EAF3B5D35663F8201BDE175413C, Downloaded ContentHash = FA4516EDD2D7907F8FA472A3E1B717DF2DD4A0976CD4CEAE11045EE62EC8C661
    0L == TS::Utility::VerifyPackageHash(pszContentID, sDestination), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,2999)
     - DownloadContentAndVerifyHash(pszPackageID, L"SMSPackage", saHttpContentSources, saSMBContentSources, saMulticastContentSources, sDestination, dwFlags, L"", 0, dwPackageFlags, pszUserName, pszUserPassword ), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3106)
     - DownloadContentLocally(pszSource, sSourceDirectory, dwFlags, hUserToken, pszUserName, pszUserPassword), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3331)
    ResolveSource(pszSource, sSourceDirectory, dwFlags, 0, 0, 0), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3221)
    TS::Utility::ResolveSource(sClientPackageID, sClientPackagePath), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\osdgina\basesetuphook.cpp,1655)
     - Failed to resolve package source "GTK0000C"
     - Exiting ConfigureEx: 0x80091007
     - BaseSetupHook::configure(sWindowsDir), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\osdgina\osdsetuphook.cpp,292)
     - Failed to configure OSD setup hook (0x80091007)
     - Failed to configure OSD setup hook (0x80091007)

    is this the only indication of a problem in your smsts.log file ? did you apply the
    authenticode hotfix or have you
    downloaded the SP1 media after that hotfix was applied ?
    Step by Step Configuration Manager Guides >
    2012 Guides |
    2007 Guides | I'm on Twitter > ncbrady

Maybe you are looking for