CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
Center router is cisco 7300 :
Cisco IOS Software, 7301 Software (C7301-ADVIPSERVICESK9-M), Version 15.1(4)M2
branch router is cisco1900:
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
one branch router use EZVPN to connect the Center router .
branch router logg :
%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
and 10% lose packets .
but other branch use EZVPN to connect the Center router , is OK :
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(24)T5, RELEASE SOFTWARE (fc3)
What can do for this issue ?
Should I change the cisco1900 IOS to the 12.4 as the same as cisco880 ?
Hi Anuj
Thanks for your reply.
Yes , the issue happens frequently , and lost packets . The log happand every 3 minutes.
As I am not in charge the router in branch , I can not change the hardware accelerator.
I have change the windows-size to 1024 in the branch router , but the issue is as befroe .
Here is the show crypto ipse sa and the whole error message:
sh crypto ipsec sa
interface: Virtual-Access1
Crypto map tag: Virtual-Access1-head-0, local addr
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 519, #pkts encrypt: 519, #pkts digest: 519
#pkts decaps: 665, #pkts decrypt: 665, #pkts verify: 665
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: , remote crypto endpt.:
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0x550C1C42(1426857026)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x38F532D7(955593431)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2091, flow_id: Onboard VPN:91, sibling_flags 80000046, crypto map: Virtual-Access1-head-0
sa timing: remaining key lifetime (k/sec): (4561181/3566)
IV size: 16 bytes
replay detection support: Y replay window size: 1024
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x550C1C42(1426857026)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2092, flow_id: Onboard VPN:92, sibling_flags 80000046, crypto map: Virtual-Access1-head-0
sa timing: remaining key lifetime (k/sec): (4561911/3566)
IV size: 16 bytes
replay detection support: Y replay window size: 1024
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
Dec 20 01:34:32.656: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
connection id=91, sequence number=12353
Dec 20 01:39:06.552: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
connection id=91, sequence number=18191
Dec 20 01:40:38.532: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
connection id=91, sequence number=20363
Dec 20 01:43:05.856: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
connection id=91, sequence number=23609
Similar Messages
-
I have a pair of 3945E routers I use as redundant VPN head-ends in our data center and numerous 2901 and one 2951 used as spoke routers. Each of the spokes is connected to the 3945's over VTI tunnels three and four. We regularly see replay errors occur, but this morning, we had it get disruptive enough on one of the tunnels on the 2951 where we were experienced 80 to 90 percent packet loss across that one tunnel. This caused an outage which I was only able to rectify by shutting down the tunnel interface on each router and bringing them back up, thus resetting the SA.
I'm needing to understand how to reduce or completely eliminate the replay errors. I've read something about increasing the replay window size, but don't have a clue where to start. What is the best way to fix this without disabling replay checking? Or, since the VPN head-ends and spoke routers only have static routes established across the Internet to each other, is replay checking even necessary or desired?
Thanks in advance!
Paul WIshartAdam,
I don't have a resolution yet, so I opened a TAC case last Saturday. I'll keep you posted on this forum. -
"Crypto replay check failed" errors
Hey folks,
I have a site-to-site IPSEC VPN using 2 catalyst 6500's running IOS 12.2(18)SXD7b on each end.
After reviewing the syslog files this morning, I noticed that for the last 4 days at approximately the same time each nite, my router reports this error:
Local7.Warning: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
The error reporting tool on cisco.com says this error is benign, but does not give much info or troubleshooting tips. I've double checked my configuration and everything looks fine. Have you guys seen this before? Any tips?
Thanks,
SMHi Steve, check this link if it can help you:
http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K07229553
Regards,
Ricardo -
%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt mac verify failed
Hello,
I know this question has been asked many times on the forum, I am constantly getting the below error message on my 2811 Router:
*Aug 9 07:07:01.507: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3004 local=3.3.3.1 remote=3.3.3.2 spi=CDE6EACF seqno=00005214
N.R-HQ#
*Aug 9 07:08:33.231: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3004 local=3.3.3.1 remote=3.3.3.2 spi=CDE6EACF seqno=000056E4
I did some research and found the IOS is in the KAV list of bug#CSCsv43145. I upgraded the IOS to 12.4(25e) which doesn't appear in the list but still same error occurs.
-is the error just cosmetic
-is there anyway to go around it?
I have attached the config.
10x,
E.B:.Hi,
12.4(25e) should not be affected by CSCsv43145, which is cosmetic. The issue you are seeing is likely not cosmetic, and is actually resulting in dropped packets due to mac authentication failures. To troubleshoot this type of issue, you really need to get sniffer traces on the WAN (encrypted) side from both tunnel end points and compare the packet in question (based on the spi/seq number reported in the log) and see if the packet is corrupted somehow. There is no easy way to get around this other than turning off authentication check in your ipsec transform, in which case no mac authentication will be performed on the packet, and you do need to consider the security implications when doing that.
Hope this helps,
Thanks,
Wen -
%CRYPTO-4-PKT_REPLAY_ERR:
I have been seeing the following error message in the logs for a few days now.
%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
connection id=4587, sequence number=17094
I managed to track down the connection id:4587 and I can see the peer IP with the actual recv errors. There is no issues with the VPN itself, traffic is working fine.
I have tried to increase the actual window size under the specific crypto map for that particular peer and it makes no difference. Even cleared the sa after applying the changes.
crypto map xxxxxxxxx 1 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
security-association replay window-size 1024
Have increased the replay window globally to 1024 however the errors keep appearing.
crypto ipsec security-association replay window-size 1024
Has anyone actually disabled the replay window checking? did it impact anything?
crypto ipsec security-association replay disable
no crypto ipsec security-association replay window-size 1024
does it actually stop the replay_errors?
or to stop these errors do you need to change the hash algorithm from sha instead of md5?Adam,
I don't have a resolution yet, so I opened a TAC case last Saturday. I'll keep you posted on this forum. -
CRYPTO-4-PKT_REPLAY_ERR syslog parsing
Every time ios generates the "CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed" log msg I receive 3 syslog messages, like ios is not concatenating them into 1 msg string before sending. It's really annoying because I can't filter a null string that also has a null message type on my nms. I tried changing the facility settings and get the same result. If i use TCL to filter the syslog msg by type "CRYPTO-4-PKT_REPLAY_ERR" it will only filter the 1st syslog message since the types on the other 2 msgs are null.
I can't find a bug or discussion about this so I am hoping somebody out there might have a solution ...
DEVICE INFO:
c3825-advipservicesk9-mz.124-25b.bin
logging buffered 15000 debugging
logging rate-limit all 3
no logging console
no logging monitor
crypto logging session
logging origin-id hostname
logging facility syslog
logging source-interface GigabitEthernet0/0
logging 11.22.33.44
FROM LOGGING BUFFER:
Dec 14 08:00:37 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:00:37 CST Wed Dec 14 2011
#1>> Dec 14 08:01:41 CST: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
#2>> connection id=70, sequence number=43990
#3>>
Dec 14 08:10:36 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:10:36 CST Wed Dec 14 2011
THREE SYSLOG MSG's RECEIVED:
#1
MSG TYPE: CRYPTO-4-PKT_REPLAY_ERR
MSG STRING: 7015321: routerA: decrypt: replay check failed
#2
MSG TYPE: null
MSG STRING: 7015322: routerA: connection id=70, sequence number=43990
#3
MSG TYPE: null
MSG STRING: 7015323: routerA:Every time ios generates the "CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed" log msg I receive 3 syslog messages, like ios is not concatenating them into 1 msg string before sending. It's really annoying because I can't filter a null string that also has a null message type on my nms. I tried changing the facility settings and get the same result. If i use TCL to filter the syslog msg by type "CRYPTO-4-PKT_REPLAY_ERR" it will only filter the 1st syslog message since the types on the other 2 msgs are null.
I can't find a bug or discussion about this so I am hoping somebody out there might have a solution ...
DEVICE INFO:
c3825-advipservicesk9-mz.124-25b.bin
logging buffered 15000 debugging
logging rate-limit all 3
no logging console
no logging monitor
crypto logging session
logging origin-id hostname
logging facility syslog
logging source-interface GigabitEthernet0/0
logging 11.22.33.44
FROM LOGGING BUFFER:
Dec 14 08:00:37 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:00:37 CST Wed Dec 14 2011
#1>> Dec 14 08:01:41 CST: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
#2>> connection id=70, sequence number=43990
#3>>
Dec 14 08:10:36 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:10:36 CST Wed Dec 14 2011
THREE SYSLOG MSG's RECEIVED:
#1
MSG TYPE: CRYPTO-4-PKT_REPLAY_ERR
MSG STRING: 7015321: routerA: decrypt: replay check failed
#2
MSG TYPE: null
MSG STRING: 7015322: routerA: connection id=70, sequence number=43990
#3
MSG TYPE: null
MSG STRING: 7015323: routerA: -
Signer restraint check failed exception using JCE with JDev 10.1.2
I am developing an app which receives an string which is encrypted on another server and passed back in an HTTP header.
When trying to decrypt the string, I receive the following exception:
java.lang.ExceptionInInitializerError
at javax.crypto.SecretKeyFactory.getInstance(DashoA6275)
at common.encryption.EncryptionUtil.decrypt(EncryptionUtil.java:170)
at login.jspService(_login.java:222)
[SRC:/login.jsp:157]
at com.orionserver[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:350)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:509)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:413)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:285)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:126)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs: java.lang.SecurityException: Signer restraint check failed!
at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
... 15 moreSun's documents state that: The two crypto policy files and jce framework jar files should be signed by the same entity. This restraint is now enforced. If this is not the case, a SecurityException will be thrown stating that "Signer restraint check failed".
I am deploying and running from to a standalone OC4J implementing SSL.
I am using the versions that come with JDK 1.4.2.11
Does anyone have any idea what is going on here?
Thanks.I'm experiencing the exact same issue and I can't find the solution either. Keep me posted if you find anything out
-
Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages
Hi All,
I get following log message on my spoke 881 router from time to time.
For instance today I got 80 messages like this.
Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages
This is dual hub DMVPN connectivity and both tunnels are stable during the day and EIGRP never dropped.
User behind this router also never complained. They run mainly voip traffic and I have QoS both on HUB and Spokes defined under tunnel as qos-preclassify and policy-map is applied on the physical interface.
I have also increased replay window size up to 1024, but it did not help.
Wondering what else can be done here.
IOS ver both on spokes and hub is 15.2.3(T3)Don't know where they came from, but you could turn on debugging ipsec and isakmp to see if there is a relation with other events like rekeying.
Michael
Please rate all helpful posts -
How can I stop a task sequence if a custom HTA preflight check fails?
In our currently deployment method, we launch an HTA program before initiating the OSD process. This is only when run from the RAP menu, not via PXE. When a user initiates OSD through that menu, they get a message prompting them to close Outlook, and
a countdown of 5 mins, then OSD starts. They also have the ability to click on an 'OK' button to proceed on their own.
I've created a new script which checks WMI if Outlook and/or OCS are open, and if the machine is running on battery, spit out a "Failed" response and stop the HTA. I've also added a "recheck" button to re-do the check, and an 'OK
button if people jsut want to continue.
I'm curious if there is a way to prevent the task sequence from continuing if any of those conditions arent met. Currently it just pops up and says "Failed, Cannot conitue", but if they close the window, the task sequence thinks the program
has run, and the OSD migration starts. I'd like to be able and get the script to cancel the OSD process if a check fails.
Has anyone had success with this, using WINXP? I'd use the MS pre-flight check but it's only for WIN7.Interesting. Thanks for the response. Is there anybody out there that can assist with VBS part of the solution?
Here's the code I'm working with. Currently the battery piece isnt working as it should but I can figure that our, eventually. I'd like to get Jason's proposed solution in the code. If this isn't the right place, I'll take this somewhere
else.
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>OSD Preflight checks</title>
<HTA:APPLICATION
APPLICATIONNAME="OSD Preflight checks"
ID="objOSDPreReqChecks"
SCROLL="no"
CONTEXTMENU="no"
SINGLEINSTANCE="no"
MAXIMIZEBUTTON="no"
MINIMIZEBUTTON="no"
WINDOWSTATE="normal"/>
<!-- #region STYLEs-->
<style type="text/css">
H1{color:Black;text-align:center;font-family: Arial, Helvetica, sans-serif;font-size: 26px;}
p{font-family:"Arial";font-size:10px;}
fail{color:Red;text-align:center;}
.Version {float:left; font-size:1.0em;font-style:italic;color:#888888;font-weight:bold;}
.Header1 {width: 180px; text-align: right;font-weight:bold;}<!-- '1st column heading -->
H2 {font-family: Arial, Helvetica, sans-serif; text-align: center;}
H3 {font-style: italic;}
.style2 {width: 180px; text-align: left;}
.Header2 {width: 150px; text-align: right;font-weight:bold;}<!-- '2nd column heading -->
.style4 {width: 410px; text-align: left;}
.StatusBar
font-family: Arial, Helvetica, sans-serif;
text-align: center;
.hidden {display: none; visibility: hidden;}
</style><!-- #endregion -->
</head>
<script language="VBScript" type="text/vbscript">
'======================================================================================
' Script
' Version
' Purpose To check a machine is suitable for taking an OS deployment
'======================================================================================
'Features
' Modular design
' Verbose "Debug Mode"
' In-built data validation
' Custom error handling
' Custom error codes - 90x0
' Generic WMI handler
'BUGfix: Change CLng to CDbl to avoid overflow (in GetRAM)
'fixed - moved head section to top to become head > script > body
'fixed - fCheckModel display with leading ,
'fixed - fgetmodels dictionary list
Option Explicit
' #region GLOBAL DECLARATIONS: Persistent fold region
'======================================================================================
'GLOBAL Vars
'Things to just display (in GUI)
Dim strRAM
Dim strCPUInfo
Dim strCPUName
Dim strCPUDesc
Dim iCPUCount
Dim iCPUCoreCount
Dim iRAM
Dim strBIOSver, strBIOSDate, strBIOSInfo
'Time related
Dim TimerInterval 'timer to refresh HTA at start
Dim iTimer 'abort timer
Const iAbortTimeout=300000 'delay before window closes (in milliseconds)
Dim pbTimerID
Dim pbHTML
Dim pbWaitTime
Dim pbHeight
Dim pbWidth
Dim pbBorder
Dim pbUnloadedColor
Dim pbLoadedColor
Dim pbStartTime
'Dictionary
Dim objModelsDict,colKeys,strKey 'models
Dim objApprovedMakesDict
'Misc GLOBAL vars
Dim blnDebug 'set TRUE to trigger debug mode
Dim bAbortBuild 'Boolean flag to abort or not abort
Dim strTemp 'throwaway/scratch
Dim strNamespace 'wmi default namespace for ANY machine
Dim strComputer 'wmi reference to current machine, just .
Dim strService 'WMI service
Dim strQuery 'custom WQL
Dim ErrMsg 'custom error messages
Dim iErrMode 'State machine for error mode
Dim lFlags 'WMI flag
Dim strDisks
'Pre-requisites - things that will cause build to abort if values do not meet spec
Dim strHTAVendor 'Make of hardware
Dim strHTAVendorState
Dim strHTAModel 'Model of hardware
Dim strHTAModelState 'Model state
Dim strHTARAM 'RAM
Dim strHTARAMState 'RAM state
Dim strHTACPUSpeed 'Processor speed
Dim strHTACPUCores 'Number of cores
Dim strHTACPUFullInfo 'CPU + cores
Dim strHTAHDD 'Disk info
Dim strHTAHDDState 'Disk state
Dim strHTACheckRAW 'NTFS check
Dim strHTAArchitecture 'Processor support
Dim strHTAProduct 'Product ID
Dim strHTAOutlook 'Outlook running
Dim strHTAOutlookState 'Outlook state
Dim strHTABattery 'Battery check
Dim strHTABatteryState 'Battery state
'for WQL filters
Dim strWQLPCInfo 'Pre-req - (1) for various inc. domain role (servers)
Dim strWQLRAM 'Pre-req - (2) RAM
Dim strWQLCPU 'Pre-req - CPU speed string (not int)
Dim strWQLBootOrder 'Pre-req - Boot order string
Dim strWQLSATAMode 'Pre-req - HDD mode
Dim strWQLGenericBIOS
Dim strWQLCPUCount 'Pre-req - how many CPUs
Dim strWQLCPUInfo
Dim strWQLFSType 'Pre-req - Check HDD not RAW (i.e. is NTFS)
Dim strWQLDisks 'Disks
Dim strWQLChassis 'Machine type
Dim strWQLID 'Unique code from OEM
Dim strWQLProc 'is Outlook running = False
Dim strWQLBattery 'is on Battery = False
'State
Const cProblem = " Problem!"
Const cRunAgain =" RunCheck: Run System Check Again"
Const cSuccess = " Success!"
Const cPassed=" Pass"
Const cFail=" Fail"
'Pre-requisite to check: SET VALUES HERE vvvvvvvvvvvvvvvv
Const cApprovedOEM="Hewlett-Packard"
Const LegacyOEM1="Dell Inc."
Const LegacyOEM2="IBM"
Const cMinimumMemoryMB = 1000 'RAM in MB
'Const cMinimumMemoryMB = 1000000 'force fail test data RAM in MB
Const cMinFS="NTFS"
' Const cMinFS="HPFS" 'force fail test data
Const iMinCores=1
'Const iMinCores=10099 'force fail cores test data
Const iMinCPUSpeed=2 '20 'in GHz
'Const iMinCPUSpeed=90000 'in GHz
Const iMinCPUArch=32
'Const iMinCPUArch=64
' #endregion
' To hide anything use ID.className = "hidden", to show set to "", e.g. NotFoundArea.className = "hidden"
Sub Window_Onload
Err.Clear
VersionSpan.InnerText = objOSDPreReqChecks.Version 'Get version
self.focus
self.moveTo 100,100 'Move window top left
StatusBar.InnerText="Validating machine..."
document.body.style.cursor = "wait" 'hourglass cursor
'Call PreflightChecks 'use for testing as a VBS only, otherwise HTA timer will call below
TimerInterval = window.setInterval("PreflightChecks",10)
End Sub
Function PreflightChecks
' #region HEADER NOTES: Persistent fold region
'Version history
'ver 5 OCTOBER 2011 - added error handler
'ver 3rd Nov - removed HPonly queries
'// Solution: Custom Script for use with MDT - Adapted from hardwareinfo.vbs Mikael Nystrom – http://deploymentbunny.com
'Typical BIOS content
'Processor Speed = 2133/1066 MHz
'Boot Order = Network Controller,ATAPI CD-ROM Drive,USB device,Hard Drive,Diskette Drive,PnP Device #2,PnP Device #3,PnP Device #4,PnP Device #5,PnP Device #6,PnP Device #7,PnPe #8,PnP Device #9,PnP Device #10,PnP Device #11
'SATA (disk) mode: *IDE,--,RAID,-- or IDE,*AHCI,RAID
'On Error Resume Next
' #endregion
' #region CONSTANTS: Persistent fold region
'======================================================================================
'Fields available in HP BIOS
Const sAsset = "Notebook Asset Tag"
Const sOwner = "Notebook Ownership Tag"
Const sMan = "Manufacturer"
Const sNoteModel = "Notebook Model"
Const sCPU = "Processor Type"
Const sCPUSpeed = "Processor Speed"
Const sRAM = "Memory Size"
Const sModel = "Product Name"
Const sBIOSName ="System BIOS"
Const sBIOSVer = "BIOS Version"
Const sBIOSDate = "BIOS Date"
'Other BIOS stuff you could use too
'Const sOwnerTag = "Enter Ownership Tag"
'Const sBIOS = "PCID"
'Const sBIOS = "Define Custom URL"
'Const sBIOS = "Set Alarm Time"
'Const sBIOS = "PCID Version"
Const TextMode="1" 'text case sensitive for dict obj
'WMI core constants
Const wbemFlagReturnImmediately = 16 'wmi - Causes the call to return immediately.
Const wbemFlagForwardOnly = 32 'wmi - Causes a forward-only enumerator to be returned.
'Forward-only enumerators are generally much faster and
'use less memory than conventional enumerators, but don't allow calls to SWbemObject.Clone_
'Advisory config values - as in "you want to the change these"
Dim strHTABootOrder
Dim strHTASATAMode
'Dim strHTACPU
' #endregion
'======================================================================================
' #region WQL: Persistent fold region
lFlags = wbemFlagReturnImmediately + wbemFlagForwardOnly
'Queries of things to check (HP)
strWQLBootOrder = "select Name, value from HP_BIOSSetting where Name='Boot order'"
strWQLSATAMode = "select Name, value from HP_BIOSSetting where (Name='SATA emulation' or name='SATA device mode')"
strWQLDisks ="SELECT * FROM Win32_DiskDrive where mediatype like 'Fixed%hard disk%'" 'win32_disk only avail after W7
strWQLFSType ="SELECT * from Win32_LogicalDisk where DriveType='3'" 'only bother with HDDs
'Generic WMI query strings
strWQLGenericBIOS="SELECT Manufacturer,SMBIOSBIOSVersion,ReleaseDate FROM Win32_BIOS WHERE PrimaryBIOS = True"
strWQLCPUCount= "SELECT NumberOfProcessors,NumberOfLogicalProcessors from Win32_ComputerSystem"
strWQLCPUInfo="SELECT Name,DataWidth,description,MaxClockSpeed,NumberofCores,NumberOfLogicalProcessors from Win32_Processor"
strWQLPCInfo="SELECT Domain,DomainRole,SystemType,Manufacturer,Model,TotalPhysicalMemory FROM Win32_ComputerSystem"
' strWQLPCInfo="SELECT Domain,DomainRole,SystemType,Manufacturer FROM Win32_ComputerSystem"
strWQLChassis="SELECT ChassisTypes from Win32_SystemEnclosure"
strWQLID="SELECT IdentifyingNumber,UUID from Win32_ComputerSystemProduct"
strWQLRAM="SELECT * FROM Win32_PhysicalMemory"
strWQLProc="SELECT * FROM Win32_Process"
strWQLBattery="SELECT * FROM BatteryStatus Where Voltage > 0"
' #endregion
' #region MAIN algorithm
'=====================================================================================================
' MAIN
'Algorithm
'1) Check make (vendor)
'2) Check model (in list)
'3) Check RAM >x
'4) Check HDD TYPE (HDD is not RAW)
'5) Check CPU architecture
'6) Check outlook
'7) Check battery
'=====================================================================================================
'Initialise
window.clearInterval(TimerInterval) 'Reset timer to 0
' blnDebug=True
blnDebug=False
bAbortBuild=False 'default to DON'T abort
' bAbortBuild=True
'Build list of approved vendors
Set objApprovedMakesDict = CreateObject("Scripting.Dictionary")
objApprovedMakesDict.comparemode=VBTextCompare
objApprovedMakesDict.add cApprovedOEM,"OK"
objApprovedMakesDict.add LegacyOEM1,"OK"
objApprovedMakesDict.add LegacyOEM2,"OK"
objApprovedMakesDict.add "Lenovo","Testdata"
If blnDebug Then Stop
'1) all machines check make
strHTAVendor=fCheckVendor(strWQLGenericBIOS) 'check vendor in BIOS - if vendor not approved ABORT without proceeding
If bAbortBuild=True Then
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - goodbye cruel world"
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
Else
StatusBar.InnerText="Vendor: " & strHTAVendor & vbTab & " " & strHTAVendorState
'2) Discover current Model
strHTAModel=fGetModelName(strWQLPCInfo) 'get model name from WMI
strHTAModel=fUniversalCheckData(strHTAModel,"'Discover Model - fGetModelName'") 'validate
Call fGetModels 'get list of all valid models (from text file)
strHTAModel=fCheckModel(strHTAModel)
'2a) Model number (optional)
strHTAProduct=fGetComputerSystemProdIDNumber(strWQLID) 'manufacturer's product ID
strHTAProduct=fUniversalCheckData(strHTAProduct,"'Discover ID - fGetComputerSystemProdIDNumber'")
' StatusBar.InnerText=StatusBar.InnerText & VbCrLf & vbTab & "Product Code: " & vbTab & strHTAProduct
'3) Check installed Memory
strHTARAM=fGetRAM(strWQLRAM) 'find RAM size
strHTARAM=fUniversalCheckData(strHTARAM,"'Detect RAM - fCheckRAM'")
strHTARAM=fCheckRAM(strHTARAM) 'check RAM meets req
If strHTARAMState=cFail Then Exit Function
'4) Disk format IS NTFS
strDisks=fGetDrives(strWQLFSType) 'Get formatting info for all drives
strHTACheckRAW=fUniversalCheckData(strDisks,"'Detect filesystem - fCheckNTFS'") 'Validate data
strHTACheckRAW=fCheckNTFS(strDisks) 'Check FS format is acceptable (not RAW)
If strHTACheckRAW=cFail Then Exit Function
'Generic CPU calls
strHTACPUFullInfo="CPUs:" & fGetCPUInfo(strWQLCPUInfo) & " with CPU cores:" & iCPUCoreCount
strBIOSInfo="BIOS version: " & strBIOSver & ", dated " & strBIOSDate
'5a) CPU Speed check (info from http://www.robvanderwoude.com/wmiexamples.php)
strCPUInfo=WMI(strWQLCPUInfo,strNamespace) 'Get CPU details
strTemp=split(strCPUInfo,"@"): strHTACPUSpeed=strTemp(1)
strHTACPUSpeed=fUniversalCheckData(strHTACPUSpeed,"'Check processor - fCheckCPUSpeed'") 'Validate data
strHTACPUSpeed=fCheckCPUSpeed(strHTACPUSpeed) 'Check CPU clock speed
'5b) cores check
strHTACPUCores=fUniversalCheckData(iCPUCoreCount,"Check core count - fCheckCores") 'Validate data
iCPUCoreCount=fCheckCores(iCPUCoreCount) 'pass or fail?
'5c) CPU address width
strHTAArchitecture=fUniversalCheckData(strHTAArchitecture,"Check core count - fCheckCores") 'Validate data
strHTAArchitecture=fCheckCPUArch(strHTAArchitecture)
'6) Check outlook
strHTAOutlook=fCheckProcess(strWQLProc)
'7) Check Battery
strHTABattery=fCheckBattery(strWQLBattery)
'end checkss
document.body.style.cursor = "default"
'Display hardware values in GUI (in table)
Vendor.innerhtml = strHTAVendor 'Use str...var..STATE if you want Pass/fail text instead
Model.innerhtml = strHTAModel
Product.innerhtml = strHTAProduct
RAM.innerhtml = strHTARAM
CPUspeed.innerhtml = strHTACPUSpeed
CPUInfo.innerhtml = strHTACPUFullInfo
HDDFS.innerhtml = strHTACheckRAW
CapableArchitecture.innerhtml=strHTAArchitecture
BIOSversion.innerhtml = strBIOSver
BIOSDate.innerhtml = strBIOSDate' CPUName.innerhtml = strCPUDesc 'GetCPUName
End If
'======================================================================================
' #endregion
End Function
'generic WMI queries, by field and namespace
Function WMI(strQuery,strNameSpace)
'Aim: generic WMI calls
'return value of BIOS
On Error Resume Next
Dim colItems,objItem
Dim objWMI
Const strService = "winmgmts:{impersonationlevel=impersonate}//" 'binding to WMI
Const strComputer = "." 'this machine
Set objWMI = GetObject(strService & strComputer & strNamespace) 'GLOBAL wmi
Set colItems = objWMI.ExecQuery(strQuery,,lFlags)
For Each objItem In colItems
If Err Then
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "WMI query: " & strQuery & " in " & strNamespace & objItem.Name
Call ErrHandler("WMI error " & strQuery,1)
Else
WMI=objItem.Name 'Return value
End If
Next
End Function
Function fGetModelName(strWQLPCInfo)
'Aim: Get model name from BIOS - WMI field sometimes varies if laptop, so try two
'Return STRING: Model string from BIOS or "UNKNOWN" if null
On Error Resume Next
Dim colPCInfo,objPCItem
Dim strModel
Set colPCInfo = GetObject("winmgmts:").ExecQuery(strWQLPCInfo,"WQL",lFlags)
If Err Then
Call ErrHandler("fGetModelName: Error querying WMI " & strWQLPCInfo,2)
Else
For Each objPCItem In colPCInfo
If Not IsNull(objPCItem.Model) Then
strModel=objPCItem.Model
' iRAM=objPCItem.TotalPhysicalMemory
Else
If (strHTAVendor=cApprovedOEM And IsLaptop = True) Then ' resort to HP specific query for older laptops
'Notebook
strModel=QueryHPBIOS(sNoteModel)
if strModel="" then strModel=QueryHPBIOS(sModel) 'try alt value
Else
strModel=QueryHPBIOS(sModel)
End If
End If
Next
End If
If strModel = "" Then
fGetModelName = "UNKNOWN"
Model.style.visibility="hidden"
Else
fGetModelName=strModel
End If
End Function
'====================================================
'====================================================
Function fGetRAM(strQuery)
'Aim: get RAM installed. NB Win32_ComputerSystem::TotalPhysicalMemory may not be accurate
'Return integer
On Error Resume Next 'equiv to Err.Clear
Dim colItems, item
Dim iTotalMemory
Set colItems = GetObject("winmgmts:").ExecQuery(strQuery,"WQL",lFlags)
If Err Then
Call ErrHandler("fGetRAM: Error querying " & strQuery,2)
Else
iTotalMemory = 0
For Each item In colItems
iTotalMemory = iTotalMemory + CDBL(item.Capacity)/(1024^2)
Next
End If
If iTotalMemory = "" Then
fGetRAM = "RAM UNKNOWN"
RAM.style.visibility="hidden"
Else
fGetRAM=iTotalMemory
End If
End Function
'====================================================
'====================================================
Function fGetCPUInfo(strQuery)
'Aim: query WMI for CPU info - number and number of cores
'Return: function=CPU count, var for the cores: iCPUCoreCount, strHTAArchitecture, strCPUDesc
On Error Resume Next
Dim colItems, objItem
Dim NumberOfProcessors
Set colItems = GetObject("winmgmts:").ExecQuery(strQuery,"WQL",lFlags)
If Err Then
Call ErrHandler("GetCPUInfo: Error querying " & strQuery,2)
Else
For Each objItem In colItems
If Err Then
Else
If Not IsNull(objItem.NumberOfCores) Then
NumberOfProcessors = Trim(objItem.NumberOfCores) 'NumberOfProcessors
End If
If Not IsNull(objItem.NumberOfLogicalProcessors) Then
iCPUCoreCount = Int(Trim(objItem.NumberOfLogicalProcessors))
End If
If Not IsNull(objItem.DataWidth) Then
strHTAArchitecture=Trim(objItem.DataWidth) & "-bit"
End If
If Not IsNull(objItem.description) Then
strCPUDesc = Trim(objItem.description) 'cpu name
End If
End If
Next
If NumberOfProcessors = "" Then
NumberOfProcessors = "UNKNOWN"
End If
fGetCPUInfo = Int(NumberOfProcessors)
' iCPUCoreCount = Int(NumberOfLogicalProcessors)
End If
End Function
'====================================================
'====================================================
Function fGetComputerSystemProdIDNumber(strWQLID)
'Aim: Get UUID from Win32_ComputerSystemProduct
'Return: great big integer
Dim colSys,objSys
Dim strUUID
On Error resume next
Set colSys = GetObject("winmgmts:").ExecQuery(strWQLID,"WQL",lFlags)
If Err then
Call ErrHandler("fGetComputerSystemProdIDNumber: Error querying " & strWQLID,2)
Else
For Each objSys In colSys
If Not IsNull(objSys.IdentifyingNumber) Then
strUUID = Trim(objSys.IdentifyingNumber)
End If
Next
If strUUID = "" Then
fGetComputerSystemProdIDNumber = "UNKNOWN"
Else
fGetComputerSystemProdIDNumber = strUUID
End If
End If
End Function
'=================================================================================
'=================================================================================
Function fGetDrives(strQuery)
Dim colDisks,objHDD
Dim strDriveType, strDiskSize, strDisk
Dim strDiskFSType
Dim iGBUnits
On Error Resume Next
iGBUnits=1073741824
Dim iRAW
iRAW=0
Set colDisks = GetObject("winmgmts:").ExecQuery(strQuery)
For Each objHDD In colDisks
Select Case objHDD.DriveType
Case 1 strDriveType = "Drive could not be determined."
Case 2 strDriveType = "Removable Drive"
Case 3 strDriveType = "Local hard disk."
Case 4 strDriveType = "Network disk."
Case 5 strDriveType = "Compact disk (CD)"
Case 6 strDriveType = "RAM disk."
Case Else strDriveType = "Drive type Problem."
End Select
strDiskFSType = objHDD.FileSystem
'Find C
If objHDD.Name="C:" Then
If isNull(objHDD.FreeSpace) Then
If blnDebug=True then Call ErrHandler("ALERT!! Volume " & objHDD.Name & "is RAW",1) 'Abort/clean
fCheckDrives="ALERT!! Volume " & objHDD.Name & "is RAW"
End If
End If
strDiskSize = Int(objHDD.Size /iGBUnits) & "GB" 'calc size of disk
strDisk = strDisk & VbCrLf & "Vol " & objHDD.Name & " (" & strDriveType & ") size: " & strDiskSize & " (free: " & Int(objHDD.FreeSpace /iGBUnits) & "GB), " & strDiskFSType
fGetDrives=strDisk
Next
If (Err.Number <>0) Then
Call ErrHandler("WMI Property Query Error: [" & Err.Number & "]",2)
fGetDrives = -1
Exit Function
End If
End Function
'=================================================================================
'=================================================================================
Function fUniversalCheckData(varData,strStage) 'template
'Aim: Check value passed...
'is not blank
'is in range x..y
'spelt OK
'is in a list
'format is text, numeric
'return: string: the original value
On Error Resume Next
Dim Err
if blnDebug Then StatusBar.InnerText = StatusBar.InnerText & VbCrLf & "Validating " & strStage & " data..."
If Err Then
Call ErrHandler("WARNING: Error discovering value in " & strStage,2) '1=Quit,2=Warn
strHTAModel="Unknown"
Else
Select Case varData
Case IsEmpty(varData) Or IsNull(varData)
Call ErrHandler("WARNING: Error in "& strStage,2) '1=Quit,2=Warn
fUniversalCheckData="Unknown"
Case IsNumeric(varData)
If varData<0 Then
Call ErrHandler("WARNING: Value negative"& strStage,2) '1=Quit,2=Warn
fUniversalCheckData="Unknown"
End if
' & varData &
Case IsDate(varData)
Case Else
fUniversalCheckData=varData 'Data OK - return value unchanged
End Select
End If
End Function
'=================================================================================
'Checks - follow if true DO, if false warn/abort
'=================================================================================
Function fCheckBattery(strQuery)
'Aim: Find if battery is running
'Return pass/fail
On Error Resume Next 'equiv to Err.Clear
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Dim colItems, item
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\WMI")
Set colItems = objWMIService.ExecQuery("SELECT * FROM BatteryStatus Where Voltage > 0", "WQL", _
wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each item In colItems
if objItem.PowerOnline = True Then
strHTABattery=objItem.PowerOnline
strHTABatteryState = cFail
Err.Raise 9010,"fCheckBattery",strHTABattery & " Laptop running on battery. OSD Cannot continue."
Call ErrHandler(ucase(strHTABatteryState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - Laptop on Battery. Please plug into an outlet before proceeding."
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
Else
strHTABatteryState = cPassed
End if
Next
fCheckBattery=strHTABattery
End Function
'====================================================
Function fCheckProcess(strQuery)
'Aim: Find if outlook is running
'Return pass/fail
On Error Resume Next 'equiv to Err.Clear
Dim colItems, item
Set colItems = GetObject("winmgmts:").ExecQuery(strQuery,"WQL",lFlags)
For Each item In colItems
if item.Name = "OUTLOOK.EXE" Then
strHTAOutlook=item.Name
strHTAOutlookState = cFail
Err.Raise 9010,"fCheckOutlook",strHTAOutlook & " running. OSD Cannot continue."
Call ErrHandler(ucase(strHTAOutlookState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - Outlook Running, please close outlook before proceeding."
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
Elseif item.Name = "communicator.exe" Then
strHTAOutlook=item.Name
strHTAOutlookState = cFail
Err.Raise 9010,"fCheckOutlook",strHTAOutlook & " running. OSD Cannot continue."
Call ErrHandler(ucase(strHTAOutlookState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - Communicator Running, please close OCS before proceeding."
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
Else
strHTAOutlookState = cPassed
End if
Next
fCheckProcess=strHTAOutlook
End Function
'====================================================
'1 - Make
Function fCheckVendor(strVendor)
'Aim: Check make is one the OS/build is designed For
'Return: STRINGS for "Make", BIOS version and BIOS date (generic): strHTAVendorState pass or fail
On Error Resume Next
Dim colItems,objItem
Set colItems = GetObject("winmgmts:").ExecQuery(strVendor, "WQL", lFlags)
For Each objItem In colItems
strHTAVendor=objItem.Manufacturer
if objApprovedMakesDict.exists(strHTAVendor) then
strBIOSver=objItem.SMBIOSBIOSVersion
strBIOSDate=Mid( objItem.ReleaseDate, 5, 2 ) & "/" & Mid( objItem.ReleaseDate, 7, 2 ) & "/" & Left( objItem.ReleaseDate, 4 )
strHTAVendorState=cPassed
Else
strHTAVendorState=cFail
Err.Raise 9010,"fCheckVendor",strHTAVendor & " found. The build will not work on this make of hardware"
Call ErrHandler(ucase(strHTAVendorState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
bAbortBuild=True
end if
Next
fCheckVendor=strHTAVendor
End Function
'=================================================================================
'=================================================================================
'2 - Models check
Function fCheckModel(strThisModel)
'Aim Check target machine is in list of models
'Return string
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking model..." & VbCrLf
If objModelsDict.exists(trim(strThisModel)) then ' if current model in objDict then huzzah
strHTAModelState=cPassed
StatusBar.InnerText=StatusBar.InnerText & vbTab & "Model detected: " & vbTab & strHTAModelState
Else
strHTAModelState=cFail
Err.Raise 9010,"fCheckModel",strThisModel & " found. The build will not work on this model of hardware"
Call ErrHandler(ucase(strHTAModelState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
end if
fCheckModel=strHTAModel
End Function
'=================================================================================
'=================================================================================
'3 - RAM
Function fCheckRAM(strRAM)
'Aim: Check installed RAM > x
'Return string digits with units, e.g. 4GB
'use strHTARAM for value
'==================================================================
' Memory Preflight Check (from MDT2012)
'==================================================================
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking RAM..."
If Err.Number <> 0 Then
Call ErrHandler("Error occurred while calculating computer's memory.",2)
End If
fCheckRAM = Int(strRAM/1024) & "GB" 'format in GB
If Int(strRAM) > cMinimumMemoryMB Then
strHTARAMState=cPassed 'Sufficient memory - show whole number in GB"
StatusBar.InnerText=StatusBar.InnerText & vbTab & "RAM installed: " & vbTab & strHTARAMState
Else
strHTARAMState=cFail
Err.Raise 9030 ,"fCheckRAM","Not enough memory in this machine!" & " Required physical memory is: " & cMinimumMemoryMB & " MB."
Call ErrHandler(ucase(strHTARAMState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1) 'abort build
End If
End Function
'=================================================================================
'=================================================================================
'4 - NTFS disk
Function fCheckNTFS(strDiskFS)
'Aim: Check HDD is NTFS
'Return string
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking file system is not RAW..."
If Instr(1,strDiskFS,cMinFS,VBTextCompare)<>0 Then
fCheckNTFS=cMinFS 'disk format is OK (NTFS)
StatusBar.InnerText=StatusBar.InnerText & vbTab & " File system: " & cPassed
Else
fCheckNTFS=cFail
Err.Raise 9040 ,"fCheckNTFS","WARNING: Disk not correct file-system. Type required is: " & cMinFS & "." & VbCrLf & _
"The deployment will fail unless you reformat the target disk immediately."
Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",2) 'halt build
End If
End Function
'====================================================
'=================================================================================
'5 - CPU checks
'=================================================================================
Function fCheckCPUSpeed(strCPU) 'any HW
'Aim: Check CPU speed
'Return string = number + appropriate units, e.g. 5HGz (strCPU)
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking CPU spec..."
Select Case Right(strCPU,3) 'check units
Case "MHz"
strCPU=Left(strCPU,4)/1000 'reformat to GHz
Case "GHz"
strCPU=strCPU 'unit already OK
Case Else
Call ErrHandler("CPU units are unknown",2)
End Select
'Check clock speed
If Int(Left(trim(strCPU),1))>=iMinCPUSpeed Then
fCheckCPUSpeed=strHTACPUSpeed 'CPU is fine i.e don't change value
StatusBar.InnerText=StatusBar.InnerText & vbTab & "CPU Speed: " & cPassed
Else
fCheckCPUSpeed=cFail 'already in GHz
Err.Raise 9050,"fCheckCPUSpeed","CPU speed pre-requisite failed. Minimum processor clock speed is: " & iMinCPUSpeed
Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1) 'halt build
End If
End Function
'=================================================================================
'=================================================================================
Function fCheckCPUArch(strCPUArch) 'any HW
'Aim: Check CPU width
'Return string
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking CPU bus width..."
'Check clock speed
If Int(Left(trim(strCPUArch),2))>=iMinCPUArch Then
fCheckCPUArch=strHTAArchitecture 'CPU is fine i.e don't change value
StatusBar.InnerText=StatusBar.InnerText & vbTab & "CPU width: " & cPassed
Else
fCheckCPUArch=cFail 'already in GHz
Err.Raise 9052,"fCheckCPUArch","CPU width pre-requisite failed. Minimum processor width required is: " & iMinCPUArch
Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1) 'abort build
End If
End Function
'=================================================================================
Function fCheckCores(iCores)
'Aim: Check hardware (CPU) has a minimum number of cores
'Return Integer
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking CPU cores..."
If iCores>=iMinCores Then
fCheckCores=iCores
StatusBar.InnerText=StatusBar.InnerText & vbTab & "Core count: " & vbTab & cPassed
'StatusBar.InnerText=StatusBar.InnerText & vbTab & "CPU cores: " & cPassed
Else
fCheckCores=cFail
Err.Raise 9051,"fCheckCores","WARNING: Not enough cores on the CPU to support the build. Minimum CPU cores is: " & iMinCores
Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",2) 'halt build
End If
End Function
'=================================================================================
'=================================================================================
Function fCheckHPCPUSpeed 'HP ONLY
'Aim: Check CPU speed
'return: string
'Check CPU speed
On Error Resume Next
strWQLCPU = "processor speed"
strTemp=QueryHPBIOS(strWQLCPU,"")
Select Case Right(strTemp,3)
Case "MHz"
strTemp=Left(strTemp,4)/1000 'reformat to GHz
Case "GHz"
strTemp 'is OK
Case Else
Call ErrHandler("CPU is unknown",2)
End Select
'Check clock speed
If strTemp>=iMinCPUSpeed Then
fCheckCPUSpeed= strTemp & "GHz"
Else
Err.Raise 9050,,"CPU speed pre-requisite failed"
Call ErrHandler("CPU is too slow",1)
fCheckCPUSpeed=cFail 'already in GHz
End If
End Function
'=================================================================================
'=================================================================================
Function fGetModels
'Aim: Read external text file
'return: dictionary object - models as key, integer as value e.g. Dell Optiplex,12
'On Error Resume Next
Dim objFSO
Dim objFile
Dim strFile
Dim strEntry
Dim n
Dim strfilepath
Dim iLineCount 'count lines to avoid listing first item with ,.
Set objModelsDict = CreateObject("Scripting.Dictionary")
set objFSO=CreateObject("Scripting.FileSystemObject")
Const ForReading=1
strfilepath = Left(window.location.pathname,InStrRev(window.location.pathname,"\"))
strFile=strfilepath & "Models.txt"
set objFile=objFSO.OpenTextFile(strFile,ForReading)
iLineCount=0
'read in each line of data until you reach the end of the file
do While objFile.AtEndOfStream<>True
strEntry=objFile.ReadLine
'you can now do what ever you want with the line as referenced with the strEntry variable such as
'echoing it back (e.g. wscript.Echo strEntry) or passing it as a variable to a function of subroutine (e.g. MyFunction strEntry)
objModelsDict.comparemode=VBTextCompare
objModelsDict.Add strEntry,iLineCount
iLineCount=iLineCount+1
If blnDebug then
If iLineCount=1 Then
StatusBar.InnerText=trim(strEntry)
Else
StatusBar.InnerText=StatusBar.InnerText & ", " & trim(strEntry) 'list models
End If
End If
Loop
objFile.Close
End Function
'=================================================================================
'=================================================================================
'====================================================
Function ErrHandler(strErrorMsg,iErrMode)
'Aim: to handle error states
' 1 = Abort
' 2 = Warn
'Return 'Appropriate text message explaining the error
'====================================================
Const msgTitle="SCCM Deployment Preflight Checklist"
'On Error Resume Next '< don't use that as we want to KEEP the error properties
'Abort=1
If iErrMode=1 Then
StatusBar.InnerText=strErrorMsg 'overwrite status with Error message
' StatusBar.InnerText=StatusBar.InnerText & VbCrLf & " " & strHTAOutlook & " " & strHTAVendor & " " & strHTAVendorState & _
' VbCrLf & " " & strHTAModel & strHTAModelState & _
' VbCrLf & " " & strHTARAM & strHTARAMState & _
' VbCrLf & " " & strHTAHDD & strHTAHDDState
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript") 'Abort (close) after n seconds
'MsgBox strErrorMsg,vbExclamation,msgTitle
'ErrBar.class=""
ElseIf iErrMode=2 Then
'Warning
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & strErrorMsg & " " '& "(" & Err.Description & " :" & Err.Number & ")"',vbExclamation,msgTitle
Err.Clear
End If
End Function
'====================================================
Sub Abort
'Aim: Quit gracefully
window.close()
End Sub
</script>
<!-- #region BODY -->
<body>
<br />
<div>
<span style="version"> <span id="VersionSpan"></span></div>
<div style="text-align: center;">
<H1 style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-align: center; color: #000000; text-transform: capitalize">System information</H1>
<span>
<table border="1" cellspacing="0" cellpadding="0" style="width: 912px"
id="SysInfoTable">
<tr class="h1">
<td align="right" class="Header1" style="width: 76px; height: 18px">
</td>
<td align="right" class="Header1" style="height: 18px"><em id="VendorCaption">Vendor</em></td>
<td align="left" class="style2" style="height: 18px"><span id="Vendor"></span></td>
<td align="right" class="Header2" style="height: 18px"><em id="ModelCaption">Model</em></td>
<td align="center" class="style4" style="width: 400px; height: 18px"><span id="Model"></span></td>
</tr>
<tr>
<td align="right" class="Header1" style="width: 76px">
</td>
<td align="right" class="Header1"><em id="ProductCaption">Product ID</em></td>
<td align="left" class="style2"><span id="Product"></span></td>
<td align="right" class="Header2"><em id="RAMCaption">Memory(in MB)</em></td>
<td align="left" class="style4" style="width: 400px"><span id="RAM"></span></td>
</tr>`
<tr>
<td align="right" class="Header1" style="width: 76px">
</td>
<td align="right" class="Header1"><em id="CPUCaption">CPU speed (in GHz)</em></td>
<td align="left" class="style2"><span id="CPUspeed"></span></td>
<td align="right" class="Header2"><em id="CPUInfoCaption">No: CPU\Cores</em></td>
<td align="left" class="style4" style="width: 400px"><span id="CPUInfo"></span></td>
</tr>
<tr>
<td align="right" class="Header1" style="width: 76px">
</td>
<td align="right" class="Header1"><em id="DiskFSCaption">Filesystem info</em></td>
<td align="left" class="style2"><span id="HDDFS"></span></td>
<td align="right" class="Header2"><em id="CapableArchCaption">Architecture</em></td>
<td align="left" class="style4" style="width: 400px"><span id="CapableArchitecture"></span></td>
</tr>
<tr>
<td align="right" class="Header1" style="width: 76px">
</td>
<td align="right" class="Header1"><em id="BIOSVerCaption">BIOS version</em></td>
<td align="left" class="style2" ><span id="BIOSVERSION"></span></td>
<td align="right" class="Header2"><em id="BIOSDateCaption">BIOS Date</em></td>
<td align="left" class="style4" style="width: 400px"><span id="BIOSDate"></span></td>
</tr>
</table>
</span>
</div>
<div class="StatusBar">
<br />
<Span id="StatusBar">Loading...please wait.</Span>
</div> <br><br>
<div align="center">
<input type="button" name="btnStop" id="btnStop" value="Continue" onclick="Abort">
<input type="Button" value="Re-Scan Machine" name="button1" onClick="Window_Onload" class="button">
</div>
</body><!-- #endregion -->
</html> -
Java ME 8 Permission check failed when opening a serial port
I have a larger Jave ME8.1 application that was going well until I tried to add one last piece, reading and writing data from a serial port. This was left to last because it is trivial, at least in most programming languages. The is IDE NetBeans 8.0.2 running on a Windows 7 PC. The platform is a Raspberry Pi B or B+ (I have tried both) with the most current Raspbian (12/24/2014 I believe). To simplify the process I created a new app with just the open and close code and this generates the same error I am experiencing in the larger application. The program is as follows:
package javamecomapp;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.microedition.io.CommConnection;
import javax.microedition.io.Connector;
import javax.microedition.midlet.MIDlet;
* @author ****
public class JavaMEcomApp extends MIDlet {
static int BAUD_RATE = 38400;
static String SERIAL_DEVICE = "ttyAMA0";
static CommConnection commConnection = null;
static OutputStream os = null;
static InputStream is = null;
static String connectorString;
private int rtnValue = -1;
@Override
public void startApp() {
java.lang.System.out.println("Opening comm port.");
try {
rtnValue = JavaMEcomApp.openComm();
} catch (IOException ex) {
Logger.getLogger(JavaMEcomApp.class.getName()).log(Level.SEVERE, null, ex);
@Override
public void destroyApp(boolean unconditional) {
java.lang.System.out.println("Closing comm port.");
try {
rtnValue = JavaMEcomApp.closeComm();
} catch (IOException ex) {
Logger.getLogger(JavaMEcomApp.class.getName()).log(Level.SEVERE, null, ex);
private static int openComm()throws IOException {
java.lang.System.out.println("Opening comm port.");
connectorString = "comm:" + SERIAL_DEVICE + ";baudrate=" + BAUD_RATE;
commConnection = (CommConnection)Connector.open(connectorString);
is = commConnection.openInputStream();
os = commConnection.openOutputStream();
return 0;
private static int closeComm()throws IOException {
java.lang.System.out.println("Closing comm port.");
is.close();
os.close();
commConnection.close();
return 0;
If I comment out the JavaMEcomApp.openComm and closeComm lines it runs fine. When they are included, the following error is dumped to the Raspberry Pi terminal:
Opening comm port.
Opening comm port.
[CRITICAL] [SECURITY] iso=2:Permission check failed: javax.microedition.io.CommProtocolPermission "comm:ttyAMA0;baudrate=38400" ""
TRACE: <at java.security.AccessControlException: >, startApp threw an Exception
java.security.AccessControlException:
- com/oracle/meep/security/AccessControllerInternal.checkPermission(), bci=118
- java/security/AccessController.checkPermission(), bci=1
- com/sun/midp/io/j2me/comm/Protocol.checkForPermission(), bci=16
- com/sun/midp/io/j2me/comm/Protocol.openPrim(), bci=31
- javax/microedition/io/Connector.open(), bci=77
- javax/microedition/io/Connector.open(), bci=6
- javax/microedition/io/Connector.open(), bci=3
- javamecomapp/JavaMEcomApp.openComm(), bci=46
- javamecomapp/JavaMEcomApp.startApp(), bci=9
- javax/microedition/midlet/MIDletTunnelImpl.callStartApp(), bci=1
- com/sun/midp/midlet/MIDletPeer.startApp(), bci=5
- com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=246
- com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
- com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
- com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
- com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
java.security.AccessControlException:
- com/oracle/meep/security/AccessControllerInternal.checkPermission(), bci=118
- java/security/AccessController.checkPermission(), bci=1
- com/sun/midp/io/j2me/comm/Protocol.checkForPermission(), bci=16
- com/sun/midp/io/j2me/comm/Protocol.openPrim(), bci=31
- javax/microedition/io/Connector.open(), bci=77
- javax/microedition/io/Connector.open(), bci=6
- javax/microedition/io/Connector.open(), bci=3
- javamecomapp/JavaMEcomApp.openComm(), bci=46
- javamecomapp/JavaMEcomApp.startApp(), bci=9
- javax/microedition/midlet/MIDletTunnelImpl.callStartApp(), bci=1
- com/sun/midp/midlet/MIDletPeer.startApp(), bci=5
- com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=246
- com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
- com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
- com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
- com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
Closing comm port.
Closing comm port.
TRACE: <at java.lang.NullPointerException>, destroyApp threw an Exception
java.lang.NullPointerException
- javamecomapp/JavaMEcomApp.closeComm(), bci=11
- javamecomapp/JavaMEcomApp.destroyApp(), bci=9
- javax/microedition/midlet/MIDletTunnelImpl.callDestroyApp(), bci=2
- com/sun/midp/midlet/MIDletPeer.destroyApp(), bci=6
- com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=376
- com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
- com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
- com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
- com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
java.lang.NullPointerException
- javamecomapp/JavaMEcomApp.closeComm(), bci=11
- javamecomapp/JavaMEcomApp.destroyApp(), bci=9
- javax/microedition/midlet/MIDletTunnelImpl.callDestroyApp(), bci=2
- com/sun/midp/midlet/MIDletPeer.destroyApp(), bci=6
- com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=376
- com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
- com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
- com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
I have tried this with three different serial ports, /dev/ttyAMA0 (yes I did disable the OS from using it), an arduino board /dev/ttyACM0, and a USB to RS485 adaptor /dev/ttyUSB0. All of these ports could be connected and use normally with both a C program and terminal program in the Pi. The API Permissions were set in the project properties / Application Descriptor / API Permissions to jdk.dio.DeviceMgmtPermission "/dev/ttyAMA0". This of course was changed as I tested different devices.
I found a reference suggesting adding the line "authentication.provider = com.oracle.meep.security.NullAuthenticationProvider" to the end of the jwc_properties.ini file. This had no effect. I found references that during development in eclipse and NetBeans, the app is already elevated to the top level so this should not be an issue until deployment. This does not appear to be the case.
I am out of time and need a solution quickly. Any suggestions are welcome.Terrence,
Thank you for responding and confirming the issues I'm having with static addressing. As far as the example above, I do have the standard LEDs working correctly, however, the example I'm referring to above is from the JavaME samples using the GPIO Port for the LEDS, according to the Device I/O Preconfigured List you referenced:
GPIO Ports
The following GPIO ports are preconfigured.
Devicel ID
Device Name
Mapped
Configuration
8
LEDS
PTB22
PTE26
PTB21
direction = 1 (Output only)
initValue = 0
GPIOPins:
controllerNumber = 1
pinNumber = 22
mode = 4 (Push-pull mode)
controllerNumber = 4
pinNumber = 26
mode = 4 (Push-pull mode)
controllerNumber = 1
pinNumber = 21
mode = 4 (Push-pull mode)
So is the assumption that using GPIOPort for accessing the GPIO port for Device ID 8 as listed in the Device I/O Preconfigured list not supported? -
Post install checks failed for DBC file - Oracle App11.5.10.2 Linux 5.3
Hi everybody,
I tried Installing Oracle E-Business Suite 11.5.10.2 on Red Hat Enterprise Linux Server release 5.3
The Post install checks failed for DBC file, HTTP, JSP and PHP. Apparently the DBC hadn’t been created. I had verified the log file, while executing adgendbc.sh, it throwing below error.
Generating /jith/d01/oracle/appl/visappl/fnd/11.5.0/secure/prithvi.bangalore.bedford.local_vis.dbc
DBC generation failed with exit code 127
Generating /jith/d01/oracle/appl/visappl/fnd/11.5.0/secure/prithvi_vis.dbc
DBC generation failed with exit code 127
Updating Server Security Authentication
Updating Server Security Authentication failed with exit code 127
adgendbc.sh exiting with status 127
ERRORCODE = 127 ERRORCODE_END
.end std out.
touch: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory
sqlplus: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
mkdir: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
grep: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
sed: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
cp: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
cp: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
cp: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
/jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
.end err out.
Thanks in advance.
sreejithWelcome to the forums !
Pl post EBS related question in the EBS forums at http://forums.oracle.com/forums/category.jspa?categoryID=3
HTH
Srini -
System architecture check failed while adding a New Node in RAC
Hi Friends,
Environment:SUN Solris 10
Cluster Version:10.2.0.3
database Version:10.2.0.3.0
Due to H/W failure one of our RAC node(prod1) got formatted.
We have deleted the node(prod1) from RAC successfully.
But When i am again trying to add the node and checking prerequistes i am facing the below issue.
$ cd /software/oracle/product/crs/bin
$ ./cluvfy stage -pre crsinst -n prod1,prod2
Check: System architecture
Node Name Available Required Comment
prod2 unknown 64-bit failed
prod1 64-bit 64-bit passed
Result: System architecture check failed.But issue is that prod2 is my active(running node), so how to resolve this issue?
please suggest..
Regards
UmeshResolved..
Thanks... -
Exchange 2013 SP1 readiness check failing
Trying to install our first Exchange 2013 SP1 server on Windows 2012 R2 in our datacentre, the readiness check fails with:
Error:
The Active Directory schema isn't up-to-date, and this user account isn't a member of the 'Schema Admins' and/or 'Enterprise Admins' groups.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx
There are many more errors relating to Enterprise admin rights etc.
Please note that:
My account is Domain admin, Schema admin and Enterprise admin member, it always has been.
I tried the built-in AD Administrator which of course is part of the groups as well, no difference.
Active Directory is at 2008 R2 for domain and forest functional levels.
I tried rejoining the new Exchange designated server to the domain
I've installed RSAT-ADDS, the Managed API 4.0 and all the other windows roles via powershell
There is a local domain controller that is a global catalog server on the new Exchange server subnet
I tried running the Exchange Setup on a different server on the same subnet as where the active 2010 Exchange server resides as well as the FSMO AD role holder resides, this works fine. I even did the AD prep from there no problem, that made no difference
on the datacentre server
AD replicates fine between the FSMO role holder and the Datacentre (no errors in dcdiag or repadmin /showrepl)
This error is in the event log:
The description for Event ID 4027 from source MSExchange ADAccess cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
ExSetupUI.exe
6724
Get Servers for domain.local
TopologyClientTcpEndpoint (localhost)
3
System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of 00:00:02.0475315. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:890. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:890
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open()
at Microsoft.Exchange.Net.ServiceProxyPool`1.GetClient(Boolean useCache)
at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
the message resource is present but the message is not found in the string/message tableSo I decided to re-install the OS, worked perfectly now. Only difference from before would be:
SCCM hasn't pushed SCEP 2012 to the new build of the same server yet
The original server was installed in a different AD site and then it was physically mode and reassigned to an new AD site and subnet
I might have installed the pre-reqs in a slightly different order (RSAT-ADDS, all the IIS etc things via powershell
and then the UCM API 4.0. (saw few comments that the order of how you install them matters in other forums).
10 or so Microsoft Windows updates haven't installed on the new OS build yet.
Other than that, its identical. But if its not broken don't fix it, perhaps the above can help someone else though. -
I have tried everything I have found online to get my DigiCert to work.
I have exported the cert and imported it into my child domains and they look perfect.
It is just my parent domain having issues.
netsh winhttp show proxy
does show my correct proxy server for http and https and port 8080
I have tried name, FQDN and IP address.
In the Bypass-list I have tried none, *.domain.com, and a list of all domains and child domains in my forest.
I have flushed the cache
certutil -urlcache crl delete
certutil -urlcache ocsp delete
and rebooted the Exchange 2010 (Windows 2008 R2) server
No matter what, I still see in my Server Configuration for the parent domain's DigiCert cert the message
The certificate status could not be determined because the revocation check failed.
with a red X on the left hand icon. Again, Child domains all say "The certificate is valid for Exchange Server usage."
Note: In spite of having the red X, I was able to assign via EMS the services.
Webmail works fine. Outlook Anywhere fails... I suspect it is due to my red X problem.
Suggestions?
Thanks in Advance
Jim.
Jim.I have contacted DigiCert and they said the cert is working per their utility, hence the problem is outside the scope of their support.
I have followed, several times, http://support.microsoft.com/kb/979694
http://www.digicert.com/help/ reports all is well.
The DigiCertUtil.exe reports all is well and happy.
I have run
netsh winhttp set proxy proxy-server="http=myproxy:8080;https=myproxy:8080" bypass-list="*.mydomain.com"
Current WinHTTP proxy settings:
Proxy Server(s) : http=myproxy:8080;https=myproxy:8080
Bypass List : *.mydomain.com
I have flushed the cache using the commands
certutil -urlcache crl delete
certutil -urlcache ocsp delete
I still see in my Server Configuration for the parent domain's DigiCert cert the message
"The certificate status could not be determined because the revocation check failed."
with a red X on the left hand certificate icon.
To verify the cert via command line:
certutil -verify -urlfetch c:\mail_domain_com.cer
LoadCert(Cert) returned ASN1 bad tag value met. 0x8009310b (ASN: 267)
CertUtil: -verify command FAILED: 0x8009310b (ASN: 267)
CertUtil: ASN1 bad tag value met.
I suspect this is why I cannot get Outlook Anywhere to connect.
Child domains show a happy certificate icon. Parent domain does not.
Still scratching my head.
Thanks all!
Jim. -
EMC - Certificate status could not be determined because revocation check failed.
I've exhausted my resources on this issue and am reaching out for some assistance. I have setup Server 2008 R2 Enterprise SP1, running Exchange 2010 SP1. In EMC I have successfully imported a GoDaddy SSL certificate. Although I am receiving the message -
"The certificate status could not be determined because the revocation check failed."
Here are the steps I've taken to troubleshoot this so far:
[PS] C:\Users\Administrator\Desktop>netsh winhttp show proxy
Current WinHTTP proxy settings:
Direct access (no proxy server).
As you can see, direct access. Which is true, no proxy's on this network.
For good measure, I'll dump the urlcache.
certutil -urlcache ocsp delete
certutil -urlcache crl delete
Both return 0, reboot server.
Comes back up, same message in EMC.
From PS, I test exactly what its getting from GoDaddy.
[PS] C:\Users\Administrator\Desktop>certutil -f -urlfetch -verify mail.fluxlabs.net.crt
Issuer:
SERIALNUMBER=07969287
CN=Go Daddy Secure Certification Authority
OU=http://certificates.godaddy.com/repository
O=GoDaddy.com, Inc.
L=Scottsdale
S=Arizona
C=US
Subject:
CN=mail.fluxlabs.net
OU=Domain Control Validated
O=mail.fluxlabs.net
Cert Serial Number: 27b60918638e0d
dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=S
cottsdale, S=Arizona, C=US
NotBefore: 8/20/2011 7:49 PM
NotAfter: 8/20/2012 7:16 PM
Subject: CN=mail.fluxlabs.net, OU=Domain Control Validated, O=mail.fluxlabs.net
Serial: 27b60918638e0d
SubjectAltName: DNS Name=mail.fluxlabs.net, DNS Name=www.mail.fluxlabs.net
33 49 57 5d 6e d8 6b aa b9 61 73 95 44 07 c9 2e 55 6e 47 10
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
---------------- Certificate AIA ----------------
Verified "Certificate (0)" Time: 4
[0.0] http://certificates.godaddy.com/repository/gd_intermediate.crt
---------------- Certificate CDP ----------------
Expired "Base CRL (05)" Time: 4
[0.0] http://crl.godaddy.com/gds1-55.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
Expired "OCSP" Time: 4
[0.0] http://ocsp.godaddy.com/
CRL (null):
Issuer: CN=Go Daddy Validation Authority, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
e5 53 19 6c 54 87 8c 62 23 1b b9 11 e1 d8 3d 3f b2 04 77 3f
Issuance[0] = 2.16.840.1.114413.1.7.23.1
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
NotBefore: 11/15/2006 8:54 PM
NotAfter: 11/15/2026 8:54 PM
Subject: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=
Scottsdale, S=Arizona, C=US
Serial: 0301
7c 46 56 c3 06 1f 7f 4c 0d 67 b3 19 a8 55 f6 0e bc 11 fc 44
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
Verified "Base CRL" Time: 4
[0.0] http://certificates.godaddy.com/repository/gdroot.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
Expired "OCSP" Time: 4
[0.0] http://ocsp.godaddy.com
CRL (null):
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
da 1e d5 63 5c 05 58 50 4e db d2 4e e8 9d 28 9d c4 36 b3 1e
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[2] = 1.3.6.1.5.5.7.3.4 Secure Email
Application[3] = 1.3.6.1.5.5.7.3.3 Code Signing
CertContext[0][2]: dwInfoStatus=109 dwErrorStatus=0
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
NotBefore: 6/29/2004 12:06 PM
NotAfter: 6/29/2034 12:06 PM
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Serial: 00
27 96 ba e6 3f 18 01 e2 77 26 1b a0 d7 77 70 02 8f 20 ee e4
Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[2] = 1.3.6.1.5.5.7.3.4 Secure Email
Application[3] = 1.3.6.1.5.5.7.3.3 Code Signing
Exclude leaf cert:
b1 04 4b 90 a1 d3 48 de 46 bd d7 50 20 e3 44 b8 3f 68 39 f7
Full chain:
68 36 4d 37 2e 96 bd d2 aa 77 3f d0 e8 78 a9 e6 68 bd 7d 71
Verified Issuance Policies:
2.16.840.1.114413.1.7.23.1
Verified Application Policies:
1.3.6.1.5.5.7.3.1 Server Authentication
1.3.6.1.5.5.7.3.2 Client Authentication
Cert is an End Entity certificate
ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was
offline. 0x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
CertUtil: -verify command completed successfully.
As you can see, the "revocation server is offline."
So I run the same test from another server on the LAN.
Verified Issuance Policies:
2.16.840.1.114413.1.7.23.1
Verified Application Policies:
1.3.6.1.5.5.7.3.1 Server Authentication
1.3.6.1.5.5.7.3.2 Client Authentication
Cert is an End Entity certificate
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.
It passes. The server's firewall has been disabled. DNS cache has been cleared. I have verified everything I can, and still failing to verify.[PS] C:\Users\Administrator\Desktop>Get-ExchangeCertificate |fl
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.Acces
trol.CryptoKeyAccessRule}
CertificateDomains : {mail.fluxlabs.net, www.mail.fluxlabs.net}
HasPrivateKey : True
IsSelfSigned : False
Issuer : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy
, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter : 8/20/2012 7:16:57 PM
NotBefore : 8/20/2011 7:49:30 PM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 27B60918638E0D
Services : IMAP, POP, IIS, SMTP
Status : RevocationCheckFailure
Subject : CN=mail.fluxlabs.net, OU=Domain Control Validated, O=mail.fluxlabs.net
Thumbprint : 3349575D6ED86BAAB96173954407C92E556E4710
[PS] C:\Users\Administrator\Desktop>Enable-ExchangeCertificate -Thumbprint 3349575D6ED86BAAB96173954407C92E556E4710 -Services POP,IMAP,SMTP,IIS
The command has already been executed. Yes, I have seen those sites. Neither have worked. Like I said, it is directly connected; and no proxies are set.
-- Jeremy MCSpadden Flux Labs
Maybe you are looking for
-
Console access through USB- Solaris x86
Hi, I installed Solaris 9 on my laptop, Compaq Presario V2000 Series. My laptop does not have a Serial Port attached. I was wondering whether I can access the console through USB . And if so, can you please also provide me the instructions on how to
-
Multiple website, one MobileMe account
OK, so I have created a webiste already and it is located on a domain name that I bought from GoDaddy. I have just purchased ANOTHER domain name and want to create another website with that domain using iWeb '08. How do I do that?
-
How to download Adobe Reader? There used to be links on the Adobe webpage.
Does another company handle adobe downloads now? It used to be really easy to download Adobe Reader. Now there's no mention of it on the web page. John
-
Firefox crashes when I try to save files from a website
When I try to download info from a website Firefox stops responding. The only you can do is close Firefox and start all over.
-
pinch zoom needs to go away on this laptop running windows 7