CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

Similar Messages

• %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=1777, sequence number=161369

  I have a pair of 3945E routers I use as redundant VPN head-ends in our data center and numerous 2901 and one 2951 used as spoke routers.  Each of the spokes is connected to the 3945's over VTI tunnels three and four.  We regularly see replay errors occur, but this morning, we had it get disruptive enough on one of the tunnels on the 2951 where we were experienced 80 to 90 percent packet loss across that one tunnel.  This caused an outage which I was only able to rectify by shutting down the tunnel interface on each router and bringing them back up, thus resetting the SA.
  I'm needing to understand how to reduce or completely eliminate the replay errors.  I've read something about increasing the replay window size, but don't have a clue where to start.  What is the best way to fix this without disabling replay checking?  Or, since the VPN head-ends and spoke routers only have static routes established across the Internet to each other, is replay checking even necessary or desired?
  Thanks in advance!
  Paul WIshart

  Adam,
  I don't have a resolution yet, so I opened a TAC case last Saturday.  I'll keep you posted on this forum.

• "Crypto replay check failed" errors

  Hey folks,
  I have a site-to-site IPSEC VPN using 2 catalyst 6500's running IOS 12.2(18)SXD7b on each end.
  After reviewing the syslog files this morning, I noticed that for the last 4 days at approximately the same time each nite, my router reports this error:
  Local7.Warning: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
  The error reporting tool on cisco.com says this error is benign, but does not give much info or troubleshooting tips. I've double checked my configuration and everything looks fine. Have you guys seen this before? Any tips?
  Thanks,
  SM

  Hi Steve, check this link if it can help you:
  http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K07229553
  Regards,
  Ricardo

• %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt mac verify failed

  Hello,
  I know this question has been asked many times on the forum, I am constantly getting the below error message on my 2811 Router:
  *Aug  9 07:07:01.507: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3004 local=3.3.3.1 remote=3.3.3.2 spi=CDE6EACF seqno=00005214
  N.R-HQ#        
  *Aug  9 07:08:33.231: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3004 local=3.3.3.1 remote=3.3.3.2 spi=CDE6EACF seqno=000056E4
  I did some research and found the IOS is in the KAV list of bug#CSCsv43145. I upgraded the IOS to 12.4(25e) which doesn't appear in the list but still same error occurs.
  -is the error just cosmetic
  -is there anyway to go around it?
  I have attached the config.
  10x,
  E.B:.

  Hi,
  12.4(25e) should not be affected by CSCsv43145, which is cosmetic. The issue you are seeing is likely not cosmetic, and is actually resulting in dropped packets due to mac authentication failures. To troubleshoot this type of issue, you really need to get sniffer traces on the WAN (encrypted) side from both tunnel end points and compare the packet in question (based on the spi/seq number reported in the log) and see if the packet is corrupted somehow. There is no easy way to get around this other than turning off authentication check in your ipsec transform, in which case no mac authentication will be performed on the packet, and you do need to consider the security implications when doing that.
  Hope this helps,
  Thanks,
  Wen

• %CRYPTO-4-PKT_REPLAY_ERR:

  I have been seeing the following error message in the logs for a few days now.
  %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=4587, sequence number=17094
  I managed to track down the connection id:4587 and I can see the peer IP with the actual recv errors. There is no issues with the VPN itself, traffic is working fine.
  I have tried to increase the actual window size under the specific crypto map for that particular peer and it makes no difference. Even cleared the sa after applying the changes.
  crypto map xxxxxxxxx 1 ipsec-isakmp
  set peer xxx.xxx.xxx.xxx
  security-association replay window-size 1024
  Have increased the replay window globally to 1024 however the errors keep appearing.
  crypto ipsec security-association replay window-size 1024
  Has anyone actually disabled the replay window checking? did it impact anything?
  crypto ipsec security-association replay disable
  no crypto ipsec security-association replay window-size 1024
  does it actually stop the replay_errors?
  or to stop these errors do you need to change the hash algorithm from sha instead of md5?

  Adam,
  I don't have a resolution yet, so I opened a TAC case last Saturday.  I'll keep you posted on this forum.

• CRYPTO-4-PKT_REPLAY_ERR syslog parsing

  Every time ios generates the "CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed" log msg I receive 3 syslog messages, like ios is not concatenating them into 1 msg string before sending.  It's really annoying because I can't filter a null string that also has a null message type on my nms. I tried changing the facility settings and get the same result.  If i use TCL to filter the syslog msg by type "CRYPTO-4-PKT_REPLAY_ERR" it will only filter the 1st syslog message since the types on the other 2 msgs are null. 
  I can't find a bug or discussion about this so I am hoping somebody out there might have a solution ... 
  DEVICE INFO:
  c3825-advipservicesk9-mz.124-25b.bin
  logging buffered 15000 debugging
  logging rate-limit all 3
  no logging console
  no logging monitor
  crypto logging session
  logging origin-id hostname
  logging facility syslog
  logging source-interface GigabitEthernet0/0
  logging 11.22.33.44
  FROM LOGGING BUFFER:
       Dec 14 08:00:37 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success       [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:00:37       CST Wed Dec 14 2011
  #1>> Dec 14 08:01:41 CST: %CRYPTO-4-PKT_REPLAY_ERR:       decrypt: replay check failed
  #2>>     connection id=70, sequence       number=43990
  #3>>
      Dec 14 08:10:36 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login       Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at       08:10:36 CST Wed Dec 14 2011
  THREE SYSLOG MSG's RECEIVED:
       #1
           MSG TYPE:   CRYPTO-4-PKT_REPLAY_ERR
           MSG STRING: 7015321: routerA: decrypt:       replay check failed
       #2
          MSG TYPE:   null
           MSG STRING: 7015322: routerA: connection id=70, sequence       number=43990
      #3
          MSG TYPE:   null
           MSG STRING: 7015323: routerA:       

  Every time ios generates the "CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed" log msg I receive 3 syslog messages, like ios is not concatenating them into 1 msg string before sending.  It's really annoying because I can't filter a null string that also has a null message type on my nms. I tried changing the facility settings and get the same result.  If i use TCL to filter the syslog msg by type "CRYPTO-4-PKT_REPLAY_ERR" it will only filter the 1st syslog message since the types on the other 2 msgs are null. 
  I can't find a bug or discussion about this so I am hoping somebody out there might have a solution ... 
  DEVICE INFO:
  c3825-advipservicesk9-mz.124-25b.bin
  logging buffered 15000 debugging
  logging rate-limit all 3
  no logging console
  no logging monitor
  crypto logging session
  logging origin-id hostname
  logging facility syslog
  logging source-interface GigabitEthernet0/0
  logging 11.22.33.44
  FROM LOGGING BUFFER:
       Dec 14 08:00:37 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success       [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:00:37       CST Wed Dec 14 2011
  #1>> Dec 14 08:01:41 CST: %CRYPTO-4-PKT_REPLAY_ERR:       decrypt: replay check failed
  #2>>     connection id=70, sequence       number=43990
  #3>>
      Dec 14 08:10:36 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login       Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at       08:10:36 CST Wed Dec 14 2011
  THREE SYSLOG MSG's RECEIVED:
       #1
           MSG TYPE:   CRYPTO-4-PKT_REPLAY_ERR
           MSG STRING: 7015321: routerA: decrypt:       replay check failed
       #2
          MSG TYPE:   null
           MSG STRING: 7015322: routerA: connection id=70, sequence       number=43990
      #3
          MSG TYPE:   null
           MSG STRING: 7015323: routerA:       

• Signer restraint check failed exception using JCE with JDev 10.1.2

  I am developing an app which receives an string which is encrypted on another server and passed back in an HTTP header.
  When trying to decrypt the string, I receive the following exception:
  java.lang.ExceptionInInitializerError
       at javax.crypto.SecretKeyFactory.getInstance(DashoA6275)
       at common.encryption.EncryptionUtil.decrypt(EncryptionUtil.java:170)
       at login.jspService(_login.java:222)
       [SRC:/login.jsp:157]
       at com.orionserver[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
       at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:350)
       at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:509)
       at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:413)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:285)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:126)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
       at java.lang.Thread.run(Thread.java:534)
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs: java.lang.SecurityException: Signer restraint check failed!
       at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
       ... 15 moreSun's documents state that: The two crypto policy files and jce framework jar files should be signed by the same entity. This restraint is now enforced. If this is not the case, a SecurityException will be thrown stating that "Signer restraint check failed".
  I am deploying and running from to a standalone OC4J implementing SSL.
  I am using the versions that come with JDK 1.4.2.11
  Does anyone have any idea what is going on here?
  Thanks.

  I'm experiencing the exact same issue and I can't find the solution either. Keep me posted if you find anything out

• Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages

  Hi All,
  I get following log message on my spoke 881 router from time to time.
  For instance today I got 80 messages like this.
  Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages
  This is dual hub DMVPN connectivity and both tunnels are stable during the day and EIGRP never dropped.
  User behind this router also never complained. They run mainly voip traffic and I have QoS both on HUB and Spokes defined under tunnel as qos-preclassify and policy-map is applied on the physical interface.
  I have also increased replay window size up to 1024, but it did not help.
  Wondering what else can be done here.
  IOS ver both on spokes and hub is 15.2.3(T3)

  Don't know where they came from, but you could turn on debugging ipsec and isakmp to see if there is a relation with other events like rekeying.
  Michael
  Please rate all helpful posts

• How can I stop a task sequence if a custom HTA preflight check fails?

  In our currently deployment method, we launch an HTA program before initiating the OSD process. This is only when run from the RAP menu, not via PXE.  When a user initiates OSD through that menu, they get a message prompting them to close Outlook, and
  a countdown of 5 mins, then OSD starts.  They also have the ability to click on an 'OK' button to proceed on their own.
  I've created a new script which checks WMI if Outlook and/or OCS are open, and if the machine is running on battery, spit out a "Failed" response and stop the HTA.  I've also added a "recheck" button to re-do the check, and an 'OK
  button if people jsut want to continue.  
  I'm curious if there is a way to prevent the task sequence from continuing if any of those conditions arent met.  Currently it just pops up and says "Failed, Cannot conitue", but if they close the window, the task sequence thinks the program
  has run, and the OSD migration starts.  I'd like to be able and get the script to cancel the OSD process if a check fails.
  Has anyone had success with this, using WINXP? I'd use the MS pre-flight check but it's only for WIN7.

  Interesting. Thanks for the response.  Is there anybody out there that can assist with VBS part of the solution?
  Here's the code I'm working with.  Currently the battery piece isnt working as it should but I can figure that our, eventually.  I'd like to get Jason's proposed solution in the code.  If this isn't the right place, I'll take this somewhere
  else.
  <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
  <title>OSD Preflight checks</title>
  <HTA:APPLICATION
  APPLICATIONNAME="OSD Preflight checks"
  ID="objOSDPreReqChecks"
  SCROLL="no"
  CONTEXTMENU="no"
  SINGLEINSTANCE="no"
  MAXIMIZEBUTTON="no"
  MINIMIZEBUTTON="no"
  WINDOWSTATE="normal"/>
  <!-- #region STYLEs-->
  <style type="text/css">
  H1{color:Black;text-align:center;font-family: Arial, Helvetica, sans-serif;font-size: 26px;}
  p{font-family:"Arial";font-size:10px;}
  fail{color:Red;text-align:center;}
  .Version {float:left; font-size:1.0em;font-style:italic;color:#888888;font-weight:bold;}
  .Header1 {width: 180px; text-align: right;font-weight:bold;}<!-- '1st column heading -->
  H2 {font-family: Arial, Helvetica, sans-serif; text-align: center;}
  H3 {font-style: italic;}
  .style2 {width: 180px; text-align: left;}
  .Header2 {width: 150px; text-align: right;font-weight:bold;}<!-- '2nd column heading -->
  .style4 {width: 410px; text-align: left;}
  .StatusBar
  font-family: Arial, Helvetica, sans-serif;
  text-align: center;
  .hidden {display: none; visibility: hidden;}
  </style><!-- #endregion -->
  </head>
  <script language="VBScript" type="text/vbscript">
  '======================================================================================
  ' Script
  ' Version
  ' Purpose To check a machine is suitable for taking an OS deployment
  '======================================================================================
  'Features
  ' Modular design
  ' Verbose "Debug Mode"
  ' In-built data validation
  ' Custom error handling
  ' Custom error codes - 90x0
  ' Generic WMI handler
  'BUGfix: Change CLng to CDbl to avoid overflow (in GetRAM)
  'fixed - moved head section to top to become head > script > body
  'fixed - fCheckModel display with leading ,
  'fixed - fgetmodels dictionary list
  Option Explicit
  ' #region GLOBAL DECLARATIONS: Persistent fold region
  '======================================================================================
  'GLOBAL Vars
  'Things to just display (in GUI)
  Dim strRAM
  Dim strCPUInfo
  Dim strCPUName
  Dim strCPUDesc
  Dim iCPUCount
  Dim iCPUCoreCount
  Dim iRAM
  Dim strBIOSver, strBIOSDate, strBIOSInfo
  'Time related
  Dim TimerInterval 'timer to refresh HTA at start
  Dim iTimer 'abort timer
  Const iAbortTimeout=300000 'delay before window closes (in milliseconds)
  Dim pbTimerID
  Dim pbHTML
  Dim pbWaitTime
  Dim pbHeight
  Dim pbWidth
  Dim pbBorder
  Dim pbUnloadedColor
  Dim pbLoadedColor
  Dim pbStartTime
  'Dictionary
  Dim objModelsDict,colKeys,strKey 'models
  Dim objApprovedMakesDict
  'Misc GLOBAL vars
  Dim blnDebug 'set TRUE to trigger debug mode
  Dim bAbortBuild 'Boolean flag to abort or not abort
  Dim strTemp 'throwaway/scratch
  Dim strNamespace 'wmi default namespace for ANY machine
  Dim strComputer 'wmi reference to current machine, just .
  Dim strService 'WMI service
  Dim strQuery 'custom WQL
  Dim ErrMsg 'custom error messages
  Dim iErrMode 'State machine for error mode
  Dim lFlags 'WMI flag
  Dim strDisks
  'Pre-requisites - things that will cause build to abort if values do not meet spec
  Dim strHTAVendor 'Make of hardware
  Dim strHTAVendorState
  Dim strHTAModel 'Model of hardware
  Dim strHTAModelState 'Model state
  Dim strHTARAM 'RAM
  Dim strHTARAMState 'RAM state
  Dim strHTACPUSpeed 'Processor speed
  Dim strHTACPUCores 'Number of cores
  Dim strHTACPUFullInfo 'CPU + cores
  Dim strHTAHDD 'Disk info
  Dim strHTAHDDState 'Disk state
  Dim strHTACheckRAW 'NTFS check
  Dim strHTAArchitecture 'Processor support
  Dim strHTAProduct 'Product ID
  Dim strHTAOutlook 'Outlook running
  Dim strHTAOutlookState 'Outlook state
  Dim strHTABattery 'Battery check
  Dim strHTABatteryState 'Battery state
  'for WQL filters
  Dim strWQLPCInfo 'Pre-req - (1) for various inc. domain role (servers)
  Dim strWQLRAM 'Pre-req - (2) RAM
  Dim strWQLCPU 'Pre-req - CPU speed string (not int)
  Dim strWQLBootOrder 'Pre-req - Boot order string
  Dim strWQLSATAMode 'Pre-req - HDD mode
  Dim strWQLGenericBIOS
  Dim strWQLCPUCount 'Pre-req - how many CPUs
  Dim strWQLCPUInfo
  Dim strWQLFSType 'Pre-req - Check HDD not RAW (i.e. is NTFS)
  Dim strWQLDisks 'Disks
  Dim strWQLChassis 'Machine type
  Dim strWQLID 'Unique code from OEM
  Dim strWQLProc 'is Outlook running = False
  Dim strWQLBattery 'is on Battery = False
  'State
  Const cProblem = " Problem!"
  Const cRunAgain =" RunCheck: Run System Check Again"
  Const cSuccess = " Success!"
  Const cPassed=" Pass"
  Const cFail=" Fail"
  'Pre-requisite to check: SET VALUES HERE vvvvvvvvvvvvvvvv
  Const cApprovedOEM="Hewlett-Packard"
  Const LegacyOEM1="Dell Inc."
  Const LegacyOEM2="IBM"
  Const cMinimumMemoryMB = 1000 'RAM in MB
  'Const cMinimumMemoryMB = 1000000 'force fail test data RAM in MB
  Const cMinFS="NTFS"
  ' Const cMinFS="HPFS" 'force fail test data
  Const iMinCores=1
  'Const iMinCores=10099 'force fail cores test data
  Const iMinCPUSpeed=2 '20 'in GHz
  'Const iMinCPUSpeed=90000 'in GHz
  Const iMinCPUArch=32
  'Const iMinCPUArch=64
  ' #endregion
  ' To hide anything use ID.className = "hidden", to show set to "", e.g. NotFoundArea.className = "hidden"
  Sub Window_Onload
  Err.Clear
  VersionSpan.InnerText = objOSDPreReqChecks.Version 'Get version
  self.focus
  self.moveTo 100,100 'Move window top left
  StatusBar.InnerText="Validating machine..."
  document.body.style.cursor = "wait" 'hourglass cursor
  'Call PreflightChecks 'use for testing as a VBS only, otherwise HTA timer will call below
  TimerInterval = window.setInterval("PreflightChecks",10)
  End Sub
  Function PreflightChecks
  ' #region HEADER NOTES: Persistent fold region
  'Version history
  'ver 5 OCTOBER 2011 - added error handler
  'ver 3rd Nov - removed HPonly queries
  '// Solution: Custom Script for use with MDT - Adapted from hardwareinfo.vbs Mikael Nystrom – http://deploymentbunny.com
  'Typical BIOS content
  'Processor Speed = 2133/1066 MHz
  'Boot Order = Network Controller,ATAPI CD-ROM Drive,USB device,Hard Drive,Diskette Drive,PnP Device #2,PnP Device #3,PnP Device #4,PnP Device #5,PnP Device #6,PnP Device #7,PnPe #8,PnP Device #9,PnP Device #10,PnP Device #11
  'SATA (disk) mode: *IDE,--,RAID,-- or IDE,*AHCI,RAID
  'On Error Resume Next
  ' #endregion
  ' #region CONSTANTS: Persistent fold region
  '======================================================================================
  'Fields available in HP BIOS
  Const sAsset = "Notebook Asset Tag"
  Const sOwner = "Notebook Ownership Tag"
  Const sMan = "Manufacturer"
  Const sNoteModel = "Notebook Model"
  Const sCPU = "Processor Type"
  Const sCPUSpeed = "Processor Speed"
  Const sRAM = "Memory Size"
  Const sModel = "Product Name"
  Const sBIOSName ="System BIOS"
  Const sBIOSVer = "BIOS Version"
  Const sBIOSDate = "BIOS Date"
  'Other BIOS stuff you could use too
  'Const sOwnerTag = "Enter Ownership Tag"
  'Const sBIOS = "PCID"
  'Const sBIOS = "Define Custom URL"
  'Const sBIOS = "Set Alarm Time"
  'Const sBIOS = "PCID Version"
  Const TextMode="1" 'text case sensitive for dict obj
  'WMI core constants
  Const wbemFlagReturnImmediately = 16 'wmi - Causes the call to return immediately.
  Const wbemFlagForwardOnly = 32 'wmi - Causes a forward-only enumerator to be returned.
  'Forward-only enumerators are generally much faster and
  'use less memory than conventional enumerators, but don't allow calls to SWbemObject.Clone_
  'Advisory config values - as in "you want to the change these"
  Dim strHTABootOrder
  Dim strHTASATAMode
  'Dim strHTACPU
  ' #endregion
  '======================================================================================
  ' #region WQL: Persistent fold region
  lFlags = wbemFlagReturnImmediately + wbemFlagForwardOnly
  'Queries of things to check (HP)
  strWQLBootOrder = "select Name, value from HP_BIOSSetting where Name='Boot order'"
  strWQLSATAMode = "select Name, value from HP_BIOSSetting where (Name='SATA emulation' or name='SATA device mode')"
  strWQLDisks ="SELECT * FROM Win32_DiskDrive where mediatype like 'Fixed%hard disk%'" 'win32_disk only avail after W7
  strWQLFSType ="SELECT * from Win32_LogicalDisk where DriveType='3'" 'only bother with HDDs
  'Generic WMI query strings
  strWQLGenericBIOS="SELECT Manufacturer,SMBIOSBIOSVersion,ReleaseDate FROM Win32_BIOS WHERE PrimaryBIOS = True"
  strWQLCPUCount= "SELECT NumberOfProcessors,NumberOfLogicalProcessors from Win32_ComputerSystem"
  strWQLCPUInfo="SELECT Name,DataWidth,description,MaxClockSpeed,NumberofCores,NumberOfLogicalProcessors from Win32_Processor"
  strWQLPCInfo="SELECT Domain,DomainRole,SystemType,Manufacturer,Model,TotalPhysicalMemory FROM Win32_ComputerSystem"
  ' strWQLPCInfo="SELECT Domain,DomainRole,SystemType,Manufacturer FROM Win32_ComputerSystem"
  strWQLChassis="SELECT ChassisTypes from Win32_SystemEnclosure"
  strWQLID="SELECT IdentifyingNumber,UUID from Win32_ComputerSystemProduct"
  strWQLRAM="SELECT * FROM Win32_PhysicalMemory"
  strWQLProc="SELECT * FROM Win32_Process"
  strWQLBattery="SELECT * FROM BatteryStatus Where Voltage > 0"
  ' #endregion
  ' #region MAIN algorithm
  '=====================================================================================================
  ' MAIN
  'Algorithm
  '1) Check make (vendor)
  '2) Check model (in list)
  '3) Check RAM >x
  '4) Check HDD TYPE (HDD is not RAW)
  '5) Check CPU architecture
  '6) Check outlook
  '7) Check battery
  '=====================================================================================================
  'Initialise
  window.clearInterval(TimerInterval) 'Reset timer to 0
  ' blnDebug=True
  blnDebug=False
  bAbortBuild=False 'default to DON'T abort
  ' bAbortBuild=True
  'Build list of approved vendors
  Set objApprovedMakesDict = CreateObject("Scripting.Dictionary")
  objApprovedMakesDict.comparemode=VBTextCompare
  objApprovedMakesDict.add cApprovedOEM,"OK"
  objApprovedMakesDict.add LegacyOEM1,"OK"
  objApprovedMakesDict.add LegacyOEM2,"OK"
  objApprovedMakesDict.add "Lenovo","Testdata"
  If blnDebug Then Stop
  '1) all machines check make
  strHTAVendor=fCheckVendor(strWQLGenericBIOS) 'check vendor in BIOS - if vendor not approved ABORT without proceeding
  If bAbortBuild=True Then
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - goodbye cruel world"
  iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
  Else
  StatusBar.InnerText="Vendor: " & strHTAVendor & vbTab & " " & strHTAVendorState
  '2) Discover current Model
  strHTAModel=fGetModelName(strWQLPCInfo) 'get model name from WMI
  strHTAModel=fUniversalCheckData(strHTAModel,"'Discover Model - fGetModelName'") 'validate
  Call fGetModels 'get list of all valid models (from text file)
  strHTAModel=fCheckModel(strHTAModel)
  '2a) Model number (optional)
  strHTAProduct=fGetComputerSystemProdIDNumber(strWQLID) 'manufacturer's product ID
  strHTAProduct=fUniversalCheckData(strHTAProduct,"'Discover ID - fGetComputerSystemProdIDNumber'")
  ' StatusBar.InnerText=StatusBar.InnerText & VbCrLf & vbTab & "Product Code: " & vbTab & strHTAProduct
  '3) Check installed Memory
  strHTARAM=fGetRAM(strWQLRAM) 'find RAM size
  strHTARAM=fUniversalCheckData(strHTARAM,"'Detect RAM - fCheckRAM'")
  strHTARAM=fCheckRAM(strHTARAM) 'check RAM meets req
  If strHTARAMState=cFail Then Exit Function
  '4) Disk format IS NTFS
  strDisks=fGetDrives(strWQLFSType) 'Get formatting info for all drives
  strHTACheckRAW=fUniversalCheckData(strDisks,"'Detect filesystem - fCheckNTFS'") 'Validate data
  strHTACheckRAW=fCheckNTFS(strDisks) 'Check FS format is acceptable (not RAW)
  If strHTACheckRAW=cFail Then Exit Function
  'Generic CPU calls
  strHTACPUFullInfo="CPUs:" & fGetCPUInfo(strWQLCPUInfo) & " with CPU cores:" & iCPUCoreCount
  strBIOSInfo="BIOS version: " & strBIOSver & ", dated " & strBIOSDate
  '5a) CPU Speed check (info from http://www.robvanderwoude.com/wmiexamples.php)
  strCPUInfo=WMI(strWQLCPUInfo,strNamespace) 'Get CPU details
  strTemp=split(strCPUInfo,"@"): strHTACPUSpeed=strTemp(1)
  strHTACPUSpeed=fUniversalCheckData(strHTACPUSpeed,"'Check processor - fCheckCPUSpeed'") 'Validate data
  strHTACPUSpeed=fCheckCPUSpeed(strHTACPUSpeed) 'Check CPU clock speed
  '5b) cores check
  strHTACPUCores=fUniversalCheckData(iCPUCoreCount,"Check core count - fCheckCores") 'Validate data
  iCPUCoreCount=fCheckCores(iCPUCoreCount) 'pass or fail?
  '5c) CPU address width
  strHTAArchitecture=fUniversalCheckData(strHTAArchitecture,"Check core count - fCheckCores") 'Validate data
  strHTAArchitecture=fCheckCPUArch(strHTAArchitecture)
  '6) Check outlook
  strHTAOutlook=fCheckProcess(strWQLProc)
  '7) Check Battery
  strHTABattery=fCheckBattery(strWQLBattery)
  'end checkss
  document.body.style.cursor = "default"
  'Display hardware values in GUI (in table)
  Vendor.innerhtml = strHTAVendor 'Use str...var..STATE if you want Pass/fail text instead
  Model.innerhtml = strHTAModel
  Product.innerhtml = strHTAProduct
  RAM.innerhtml = strHTARAM
  CPUspeed.innerhtml = strHTACPUSpeed
  CPUInfo.innerhtml = strHTACPUFullInfo
  HDDFS.innerhtml = strHTACheckRAW
  CapableArchitecture.innerhtml=strHTAArchitecture
  BIOSversion.innerhtml = strBIOSver
  BIOSDate.innerhtml = strBIOSDate' CPUName.innerhtml = strCPUDesc 'GetCPUName
  End If
  '======================================================================================
  ' #endregion
  End Function
  'generic WMI queries, by field and namespace
  Function WMI(strQuery,strNameSpace)
  'Aim: generic WMI calls
  'return value of BIOS
  On Error Resume Next
  Dim colItems,objItem
  Dim objWMI
  Const strService = "winmgmts:{impersonationlevel=impersonate}//" 'binding to WMI
  Const strComputer = "." 'this machine
  Set objWMI = GetObject(strService & strComputer & strNamespace) 'GLOBAL wmi
  Set colItems = objWMI.ExecQuery(strQuery,,lFlags)
  For Each objItem In colItems
  If Err Then
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "WMI query: " & strQuery & " in " & strNamespace & objItem.Name
  Call ErrHandler("WMI error " & strQuery,1)
  Else
  WMI=objItem.Name 'Return value
  End If
  Next
  End Function
  Function fGetModelName(strWQLPCInfo)
  'Aim: Get model name from BIOS - WMI field sometimes varies if laptop, so try two
  'Return STRING: Model string from BIOS or "UNKNOWN" if null
  On Error Resume Next
  Dim colPCInfo,objPCItem
  Dim strModel
  Set colPCInfo = GetObject("winmgmts:").ExecQuery(strWQLPCInfo,"WQL",lFlags)
  If Err Then
  Call ErrHandler("fGetModelName: Error querying WMI " & strWQLPCInfo,2)
  Else
  For Each objPCItem In colPCInfo
  If Not IsNull(objPCItem.Model) Then
  strModel=objPCItem.Model
  ' iRAM=objPCItem.TotalPhysicalMemory
  Else
  If (strHTAVendor=cApprovedOEM And IsLaptop = True) Then ' resort to HP specific query for older laptops
  'Notebook
  strModel=QueryHPBIOS(sNoteModel)
  if strModel="" then strModel=QueryHPBIOS(sModel) 'try alt value
  Else
  strModel=QueryHPBIOS(sModel)
  End If
  End If
  Next
  End If
  If strModel = "" Then
  fGetModelName = "UNKNOWN"
  Model.style.visibility="hidden"
  Else
  fGetModelName=strModel
  End If
  End Function
  '====================================================
  '====================================================
  Function fGetRAM(strQuery)
  'Aim: get RAM installed. NB Win32_ComputerSystem::TotalPhysicalMemory may not be accurate
  'Return integer
  On Error Resume Next 'equiv to Err.Clear
  Dim colItems, item
  Dim iTotalMemory
  Set colItems = GetObject("winmgmts:").ExecQuery(strQuery,"WQL",lFlags)
  If Err Then
  Call ErrHandler("fGetRAM: Error querying " & strQuery,2)
  Else
  iTotalMemory = 0
  For Each item In colItems
  iTotalMemory = iTotalMemory + CDBL(item.Capacity)/(1024^2)
  Next
  End If
  If iTotalMemory = "" Then
  fGetRAM = "RAM UNKNOWN"
  RAM.style.visibility="hidden"
  Else
  fGetRAM=iTotalMemory
  End If
  End Function
  '====================================================
  '====================================================
  Function fGetCPUInfo(strQuery)
  'Aim: query WMI for CPU info - number and number of cores
  'Return: function=CPU count, var for the cores: iCPUCoreCount, strHTAArchitecture, strCPUDesc
  On Error Resume Next
  Dim colItems, objItem
  Dim NumberOfProcessors
  Set colItems = GetObject("winmgmts:").ExecQuery(strQuery,"WQL",lFlags)
  If Err Then
  Call ErrHandler("GetCPUInfo: Error querying " & strQuery,2)
  Else
  For Each objItem In colItems
  If Err Then
  Else
  If Not IsNull(objItem.NumberOfCores) Then
  NumberOfProcessors = Trim(objItem.NumberOfCores) 'NumberOfProcessors
  End If
  If Not IsNull(objItem.NumberOfLogicalProcessors) Then
  iCPUCoreCount = Int(Trim(objItem.NumberOfLogicalProcessors))
  End If
  If Not IsNull(objItem.DataWidth) Then
  strHTAArchitecture=Trim(objItem.DataWidth) & "-bit"
  End If
  If Not IsNull(objItem.description) Then
  strCPUDesc = Trim(objItem.description) 'cpu name
  End If
  End If
  Next
  If NumberOfProcessors = "" Then
  NumberOfProcessors = "UNKNOWN"
  End If
  fGetCPUInfo = Int(NumberOfProcessors)
  ' iCPUCoreCount = Int(NumberOfLogicalProcessors)
  End If
  End Function
  '====================================================
  '====================================================
  Function fGetComputerSystemProdIDNumber(strWQLID)
  'Aim: Get UUID from Win32_ComputerSystemProduct
  'Return: great big integer
  Dim colSys,objSys
  Dim strUUID
  On Error resume next
  Set colSys = GetObject("winmgmts:").ExecQuery(strWQLID,"WQL",lFlags)
  If Err then
  Call ErrHandler("fGetComputerSystemProdIDNumber: Error querying " & strWQLID,2)
  Else
  For Each objSys In colSys
  If Not IsNull(objSys.IdentifyingNumber) Then
  strUUID = Trim(objSys.IdentifyingNumber)
  End If
  Next
  If strUUID = "" Then
  fGetComputerSystemProdIDNumber = "UNKNOWN"
  Else
  fGetComputerSystemProdIDNumber = strUUID
  End If
  End If
  End Function
  '=================================================================================
  '=================================================================================
  Function fGetDrives(strQuery)
  Dim colDisks,objHDD
  Dim strDriveType, strDiskSize, strDisk
  Dim strDiskFSType
  Dim iGBUnits
  On Error Resume Next
  iGBUnits=1073741824
  Dim iRAW
  iRAW=0
  Set colDisks = GetObject("winmgmts:").ExecQuery(strQuery)
  For Each objHDD In colDisks
  Select Case objHDD.DriveType
  Case 1 strDriveType = "Drive could not be determined."
  Case 2 strDriveType = "Removable Drive"
  Case 3 strDriveType = "Local hard disk."
  Case 4 strDriveType = "Network disk."
  Case 5 strDriveType = "Compact disk (CD)"
  Case 6 strDriveType = "RAM disk."
  Case Else strDriveType = "Drive type Problem."
  End Select
  strDiskFSType = objHDD.FileSystem
  'Find C
  If objHDD.Name="C:" Then
  If isNull(objHDD.FreeSpace) Then
  If blnDebug=True then Call ErrHandler("ALERT!! Volume " & objHDD.Name & "is RAW",1) 'Abort/clean
  fCheckDrives="ALERT!! Volume " & objHDD.Name & "is RAW"
  End If
  End If
  strDiskSize = Int(objHDD.Size /iGBUnits) & "GB" 'calc size of disk
  strDisk = strDisk & VbCrLf & "Vol " & objHDD.Name & " (" & strDriveType & ") size: " & strDiskSize & " (free: " & Int(objHDD.FreeSpace /iGBUnits) & "GB), " & strDiskFSType
  fGetDrives=strDisk
  Next
  If (Err.Number <>0) Then
  Call ErrHandler("WMI Property Query Error: [" & Err.Number & "]",2)
  fGetDrives = -1
  Exit Function
  End If
  End Function
  '=================================================================================
  '=================================================================================
  Function fUniversalCheckData(varData,strStage) 'template
  'Aim: Check value passed...
  'is not blank
  'is in range x..y
  'spelt OK
  'is in a list
  'format is text, numeric
  'return: string: the original value
  On Error Resume Next
  Dim Err
  if blnDebug Then StatusBar.InnerText = StatusBar.InnerText & VbCrLf & "Validating " & strStage & " data..."
  If Err Then
  Call ErrHandler("WARNING: Error discovering value in " & strStage,2) '1=Quit,2=Warn
  strHTAModel="Unknown"
  Else
  Select Case varData
  Case IsEmpty(varData) Or IsNull(varData)
  Call ErrHandler("WARNING: Error in "& strStage,2) '1=Quit,2=Warn
  fUniversalCheckData="Unknown"
  Case IsNumeric(varData)
  If varData<0 Then
  Call ErrHandler("WARNING: Value negative"& strStage,2) '1=Quit,2=Warn
  fUniversalCheckData="Unknown"
  End if
  ' & varData &
  Case IsDate(varData)
  Case Else
  fUniversalCheckData=varData 'Data OK - return value unchanged
  End Select
  End If
  End Function
  '=================================================================================
  'Checks - follow if true DO, if false warn/abort
  '=================================================================================
  Function fCheckBattery(strQuery)
  'Aim: Find if battery is running
  'Return pass/fail
  On Error Resume Next 'equiv to Err.Clear
  Const wbemFlagReturnImmediately = &h10
  Const wbemFlagForwardOnly = &h20
  Dim colItems, item
  Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\WMI")
  Set colItems = objWMIService.ExecQuery("SELECT * FROM BatteryStatus Where Voltage > 0", "WQL", _
  wbemFlagReturnImmediately + wbemFlagForwardOnly)
  For Each item In colItems
  if objItem.PowerOnline = True Then
  strHTABattery=objItem.PowerOnline
  strHTABatteryState = cFail
  Err.Raise 9010,"fCheckBattery",strHTABattery & " Laptop running on battery. OSD Cannot continue."
  Call ErrHandler(ucase(strHTABatteryState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - Laptop on Battery. Please plug into an outlet before proceeding."
  iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
  Else
  strHTABatteryState = cPassed
  End if
  Next
  fCheckBattery=strHTABattery
  End Function
  '====================================================
  Function fCheckProcess(strQuery)
  'Aim: Find if outlook is running
  'Return pass/fail
  On Error Resume Next 'equiv to Err.Clear
  Dim colItems, item
  Set colItems = GetObject("winmgmts:").ExecQuery(strQuery,"WQL",lFlags)
  For Each item In colItems
  if item.Name = "OUTLOOK.EXE" Then
  strHTAOutlook=item.Name
  strHTAOutlookState = cFail
  Err.Raise 9010,"fCheckOutlook",strHTAOutlook & " running. OSD Cannot continue."
  Call ErrHandler(ucase(strHTAOutlookState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - Outlook Running, please close outlook before proceeding."
  iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
  Elseif item.Name = "communicator.exe" Then
  strHTAOutlook=item.Name
  strHTAOutlookState = cFail
  Err.Raise 9010,"fCheckOutlook",strHTAOutlook & " running. OSD Cannot continue."
  Call ErrHandler(ucase(strHTAOutlookState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - Communicator Running, please close OCS before proceeding."
  iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
  Else
  strHTAOutlookState = cPassed
  End if
  Next
  fCheckProcess=strHTAOutlook
  End Function
  '====================================================
  '1 - Make
  Function fCheckVendor(strVendor)
  'Aim: Check make is one the OS/build is designed For
  'Return: STRINGS for "Make", BIOS version and BIOS date (generic): strHTAVendorState pass or fail
  On Error Resume Next
  Dim colItems,objItem
  Set colItems = GetObject("winmgmts:").ExecQuery(strVendor, "WQL", lFlags)
  For Each objItem In colItems
  strHTAVendor=objItem.Manufacturer
  if objApprovedMakesDict.exists(strHTAVendor) then
  strBIOSver=objItem.SMBIOSBIOSVersion
  strBIOSDate=Mid( objItem.ReleaseDate, 5, 2 ) & "/" & Mid( objItem.ReleaseDate, 7, 2 ) & "/" & Left( objItem.ReleaseDate, 4 )
  strHTAVendorState=cPassed
  Else
  strHTAVendorState=cFail
  Err.Raise 9010,"fCheckVendor",strHTAVendor & " found. The build will not work on this make of hardware"
  Call ErrHandler(ucase(strHTAVendorState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
  bAbortBuild=True
  end if
  Next
  fCheckVendor=strHTAVendor
  End Function
  '=================================================================================
  '=================================================================================
  '2 - Models check
  Function fCheckModel(strThisModel)
  'Aim Check target machine is in list of models
  'Return string
  On Error Resume Next
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking model..." & VbCrLf
  If objModelsDict.exists(trim(strThisModel)) then ' if current model in objDict then huzzah
  strHTAModelState=cPassed
  StatusBar.InnerText=StatusBar.InnerText & vbTab & "Model detected: " & vbTab & strHTAModelState
  Else
  strHTAModelState=cFail
  Err.Raise 9010,"fCheckModel",strThisModel & " found. The build will not work on this model of hardware"
  Call ErrHandler(ucase(strHTAModelState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
  end if
  fCheckModel=strHTAModel
  End Function
  '=================================================================================
  '=================================================================================
  '3 - RAM
  Function fCheckRAM(strRAM)
  'Aim: Check installed RAM > x
  'Return string digits with units, e.g. 4GB
  'use strHTARAM for value
  '==================================================================
  ' Memory Preflight Check (from MDT2012)
  '==================================================================
  On Error Resume Next
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking RAM..."
  If Err.Number <> 0 Then
  Call ErrHandler("Error occurred while calculating computer's memory.",2)
  End If
  fCheckRAM = Int(strRAM/1024) & "GB" 'format in GB
  If Int(strRAM) > cMinimumMemoryMB Then
  strHTARAMState=cPassed 'Sufficient memory - show whole number in GB"
  StatusBar.InnerText=StatusBar.InnerText & vbTab & "RAM installed: " & vbTab & strHTARAMState
  Else
  strHTARAMState=cFail
  Err.Raise 9030 ,"fCheckRAM","Not enough memory in this machine!" & " Required physical memory is: " & cMinimumMemoryMB & " MB."
  Call ErrHandler(ucase(strHTARAMState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1) 'abort build
  End If
  End Function
  '=================================================================================
  '=================================================================================
  '4 - NTFS disk
  Function fCheckNTFS(strDiskFS)
  'Aim: Check HDD is NTFS
  'Return string
  On Error Resume Next
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking file system is not RAW..."
  If Instr(1,strDiskFS,cMinFS,VBTextCompare)<>0 Then
  fCheckNTFS=cMinFS 'disk format is OK (NTFS)
  StatusBar.InnerText=StatusBar.InnerText & vbTab & " File system: " & cPassed
  Else
  fCheckNTFS=cFail
  Err.Raise 9040 ,"fCheckNTFS","WARNING: Disk not correct file-system. Type required is: " & cMinFS & "." & VbCrLf & _
  "The deployment will fail unless you reformat the target disk immediately."
  Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",2) 'halt build
  End If
  End Function
  '====================================================
  '=================================================================================
  '5 - CPU checks
  '=================================================================================
  Function fCheckCPUSpeed(strCPU) 'any HW
  'Aim: Check CPU speed
  'Return string = number + appropriate units, e.g. 5HGz (strCPU)
  On Error Resume Next
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking CPU spec..."
  Select Case Right(strCPU,3) 'check units
  Case "MHz"
  strCPU=Left(strCPU,4)/1000 'reformat to GHz
  Case "GHz"
  strCPU=strCPU 'unit already OK
  Case Else
  Call ErrHandler("CPU units are unknown",2)
  End Select
  'Check clock speed
  If Int(Left(trim(strCPU),1))>=iMinCPUSpeed Then
  fCheckCPUSpeed=strHTACPUSpeed 'CPU is fine i.e don't change value
  StatusBar.InnerText=StatusBar.InnerText & vbTab & "CPU Speed: " & cPassed
  Else
  fCheckCPUSpeed=cFail 'already in GHz
  Err.Raise 9050,"fCheckCPUSpeed","CPU speed pre-requisite failed. Minimum processor clock speed is: " & iMinCPUSpeed
  Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1) 'halt build
  End If
  End Function
  '=================================================================================
  '=================================================================================
  Function fCheckCPUArch(strCPUArch) 'any HW
  'Aim: Check CPU width
  'Return string
  On Error Resume Next
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking CPU bus width..."
  'Check clock speed
  If Int(Left(trim(strCPUArch),2))>=iMinCPUArch Then
  fCheckCPUArch=strHTAArchitecture 'CPU is fine i.e don't change value
  StatusBar.InnerText=StatusBar.InnerText & vbTab & "CPU width: " & cPassed
  Else
  fCheckCPUArch=cFail 'already in GHz
  Err.Raise 9052,"fCheckCPUArch","CPU width pre-requisite failed. Minimum processor width required is: " & iMinCPUArch
  Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1) 'abort build
  End If
  End Function
  '=================================================================================
  Function fCheckCores(iCores)
  'Aim: Check hardware (CPU) has a minimum number of cores
  'Return Integer
  On Error Resume Next
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking CPU cores..."
  If iCores>=iMinCores Then
  fCheckCores=iCores
  StatusBar.InnerText=StatusBar.InnerText & vbTab & "Core count: " & vbTab & cPassed
  'StatusBar.InnerText=StatusBar.InnerText & vbTab & "CPU cores: " & cPassed
  Else
  fCheckCores=cFail
  Err.Raise 9051,"fCheckCores","WARNING: Not enough cores on the CPU to support the build. Minimum CPU cores is: " & iMinCores
  Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",2) 'halt build
  End If
  End Function
  '=================================================================================
  '=================================================================================
  Function fCheckHPCPUSpeed 'HP ONLY
  'Aim: Check CPU speed
  'return: string
  'Check CPU speed
  On Error Resume Next
  strWQLCPU = "processor speed"
  strTemp=QueryHPBIOS(strWQLCPU,"")
  Select Case Right(strTemp,3)
  Case "MHz"
  strTemp=Left(strTemp,4)/1000 'reformat to GHz
  Case "GHz"
  strTemp 'is OK
  Case Else
  Call ErrHandler("CPU is unknown",2)
  End Select
  'Check clock speed
  If strTemp>=iMinCPUSpeed Then
  fCheckCPUSpeed= strTemp & "GHz"
  Else
  Err.Raise 9050,,"CPU speed pre-requisite failed"
  Call ErrHandler("CPU is too slow",1)
  fCheckCPUSpeed=cFail 'already in GHz
  End If
  End Function
  '=================================================================================
  '=================================================================================
  Function fGetModels
  'Aim: Read external text file
  'return: dictionary object - models as key, integer as value e.g. Dell Optiplex,12
  'On Error Resume Next
  Dim objFSO
  Dim objFile
  Dim strFile
  Dim strEntry
  Dim n
  Dim strfilepath
  Dim iLineCount 'count lines to avoid listing first item with ,.
  Set objModelsDict = CreateObject("Scripting.Dictionary")
  set objFSO=CreateObject("Scripting.FileSystemObject")
  Const ForReading=1
  strfilepath = Left(window.location.pathname,InStrRev(window.location.pathname,"\"))
  strFile=strfilepath & "Models.txt"
  set objFile=objFSO.OpenTextFile(strFile,ForReading)
  iLineCount=0
  'read in each line of data until you reach the end of the file
  do While objFile.AtEndOfStream<>True
  strEntry=objFile.ReadLine
  'you can now do what ever you want with the line as referenced with the strEntry variable such as
  'echoing it back (e.g. wscript.Echo strEntry) or passing it as a variable to a function of subroutine (e.g. MyFunction strEntry)
  objModelsDict.comparemode=VBTextCompare
  objModelsDict.Add strEntry,iLineCount
  iLineCount=iLineCount+1
  If blnDebug then
  If iLineCount=1 Then
  StatusBar.InnerText=trim(strEntry)
  Else
  StatusBar.InnerText=StatusBar.InnerText & ", " & trim(strEntry) 'list models
  End If
  End If
  Loop
  objFile.Close
  End Function
  '=================================================================================
  '=================================================================================
  '====================================================
  Function ErrHandler(strErrorMsg,iErrMode)
  'Aim: to handle error states
  ' 1 = Abort
  ' 2 = Warn
  'Return 'Appropriate text message explaining the error
  '====================================================
  Const msgTitle="SCCM Deployment Preflight Checklist"
  'On Error Resume Next '< don't use that as we want to KEEP the error properties
  'Abort=1
  If iErrMode=1 Then
  StatusBar.InnerText=strErrorMsg 'overwrite status with Error message
  ' StatusBar.InnerText=StatusBar.InnerText & VbCrLf & " " & strHTAOutlook & " " & strHTAVendor & " " & strHTAVendorState & _
  ' VbCrLf & " " & strHTAModel & strHTAModelState & _
  ' VbCrLf & " " & strHTARAM & strHTARAMState & _
  ' VbCrLf & " " & strHTAHDD & strHTAHDDState
  iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript") 'Abort (close) after n seconds
  'MsgBox strErrorMsg,vbExclamation,msgTitle
  'ErrBar.class=""
  ElseIf iErrMode=2 Then
  'Warning
  StatusBar.InnerText=StatusBar.InnerText & VbCrLf & strErrorMsg & " " '& "(" & Err.Description & " :" & Err.Number & ")"',vbExclamation,msgTitle
  Err.Clear
  End If
  End Function
  '====================================================
  Sub Abort
  'Aim: Quit gracefully
  window.close()
  End Sub
  </script>
  <!-- #region BODY -->
  <body>
  <br />
  <div>
  <span style="version"> <span id="VersionSpan"></span></div>
  <div style="text-align: center;">
  <H1 style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-align: center; color: #000000; text-transform: capitalize">System information</H1>
  <span>
  <table border="1" cellspacing="0" cellpadding="0" style="width: 912px"
  id="SysInfoTable">
  <tr class="h1">
  <td align="right" class="Header1" style="width: 76px; height: 18px">
  </td>
  <td align="right" class="Header1" style="height: 18px"><em id="VendorCaption">Vendor</em></td>
  <td align="left" class="style2" style="height: 18px"><span id="Vendor"></span></td>
  <td align="right" class="Header2" style="height: 18px"><em id="ModelCaption">Model</em></td>
  <td align="center" class="style4" style="width: 400px; height: 18px"><span id="Model"></span></td>
  </tr>
  <tr>
  <td align="right" class="Header1" style="width: 76px">
  </td>
  <td align="right" class="Header1"><em id="ProductCaption">Product ID</em></td>
  <td align="left" class="style2"><span id="Product"></span></td>
  <td align="right" class="Header2"><em id="RAMCaption">Memory(in MB)</em></td>
  <td align="left" class="style4" style="width: 400px"><span id="RAM"></span></td>
  </tr>`
  <tr>
  <td align="right" class="Header1" style="width: 76px">
  </td>
  <td align="right" class="Header1"><em id="CPUCaption">CPU speed (in GHz)</em></td>
  <td align="left" class="style2"><span id="CPUspeed"></span></td>
  <td align="right" class="Header2"><em id="CPUInfoCaption">No: CPU\Cores</em></td>
  <td align="left" class="style4" style="width: 400px"><span id="CPUInfo"></span></td>
  </tr>
  <tr>
  <td align="right" class="Header1" style="width: 76px">
  </td>
  <td align="right" class="Header1"><em id="DiskFSCaption">Filesystem info</em></td>
  <td align="left" class="style2"><span id="HDDFS"></span></td>
  <td align="right" class="Header2"><em id="CapableArchCaption">Architecture</em></td>
  <td align="left" class="style4" style="width: 400px"><span id="CapableArchitecture"></span></td>
  </tr>
  <tr>
  <td align="right" class="Header1" style="width: 76px">
  </td>
  <td align="right" class="Header1"><em id="BIOSVerCaption">BIOS version</em></td>
  <td align="left" class="style2" ><span id="BIOSVERSION"></span></td>
  <td align="right" class="Header2"><em id="BIOSDateCaption">BIOS Date</em></td>
  <td align="left" class="style4" style="width: 400px"><span id="BIOSDate"></span></td>
  </tr>
  </table>
  </span>
  </div>
  <div class="StatusBar">
  <br />
  <Span id="StatusBar">Loading...please wait.</Span>
  </div> <br><br>
  <div align="center">
  <input type="button" name="btnStop" id="btnStop" value="Continue" onclick="Abort">
  <input type="Button" value="Re-Scan Machine" name="button1" onClick="Window_Onload" class="button">
  </div>
  </body><!-- #endregion -->
  </html>

• Java ME 8 Permission check failed when opening a serial port

  I have a larger Jave ME8.1 application that was going well until I tried to add one last piece, reading and writing data from a serial port. This was left to last because it is trivial, at least in most programming languages. The is IDE NetBeans 8.0.2 running on a Windows 7 PC. The platform is a Raspberry Pi B or B+ (I have tried both) with the most current Raspbian (12/24/2014 I believe). To simplify the process I created a new app with just the open and close code and this generates the same error I am experiencing in the larger application. The program is as follows:
  package javamecomapp;
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.OutputStream;
  import java.util.logging.Level;
  import java.util.logging.Logger;
  import javax.microedition.io.CommConnection;
  import javax.microedition.io.Connector;
  import javax.microedition.midlet.MIDlet;
  * @author ****
  public class JavaMEcomApp extends MIDlet {
      static int BAUD_RATE = 38400;
      static String SERIAL_DEVICE = "ttyAMA0";
      static CommConnection commConnection = null;
      static OutputStream os = null;
      static InputStream is = null;
      static String connectorString;
      private int rtnValue = -1;
      @Override
      public void startApp() {
          java.lang.System.out.println("Opening comm port.");
          try {
              rtnValue = JavaMEcomApp.openComm();
          } catch (IOException ex) {
              Logger.getLogger(JavaMEcomApp.class.getName()).log(Level.SEVERE, null, ex);
      @Override
      public void destroyApp(boolean unconditional) {
          java.lang.System.out.println("Closing comm port.");
          try {
              rtnValue = JavaMEcomApp.closeComm();
          } catch (IOException ex) {
              Logger.getLogger(JavaMEcomApp.class.getName()).log(Level.SEVERE, null, ex);
          private static int openComm()throws IOException {
              java.lang.System.out.println("Opening comm port.");
              connectorString = "comm:" + SERIAL_DEVICE + ";baudrate=" + BAUD_RATE;
              commConnection = (CommConnection)Connector.open(connectorString);
              is  = commConnection.openInputStream();
              os = commConnection.openOutputStream();
          return 0;
      private static int closeComm()throws IOException {
          java.lang.System.out.println("Closing comm port.");
              is.close();
              os.close();
              commConnection.close();
          return 0;
  If I comment out the JavaMEcomApp.openComm and closeComm lines it runs fine. When they are included, the following error is dumped to the Raspberry Pi terminal:
  Opening comm port.
  Opening comm port.
  [CRITICAL] [SECURITY] iso=2:Permission check failed: javax.microedition.io.CommProtocolPermission "comm:ttyAMA0;baudrate=38400" ""
  TRACE: <at java.security.AccessControlException: >, startApp threw an Exception
  java.security.AccessControlException:
  - com/oracle/meep/security/AccessControllerInternal.checkPermission(), bci=118
  - java/security/AccessController.checkPermission(), bci=1
  - com/sun/midp/io/j2me/comm/Protocol.checkForPermission(), bci=16
  - com/sun/midp/io/j2me/comm/Protocol.openPrim(), bci=31
  - javax/microedition/io/Connector.open(), bci=77
  - javax/microedition/io/Connector.open(), bci=6
  - javax/microedition/io/Connector.open(), bci=3
  - javamecomapp/JavaMEcomApp.openComm(), bci=46
  - javamecomapp/JavaMEcomApp.startApp(), bci=9
  - javax/microedition/midlet/MIDletTunnelImpl.callStartApp(), bci=1
  - com/sun/midp/midlet/MIDletPeer.startApp(), bci=5
  - com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=246
  - com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
  - com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
  - com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
  - com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
  java.security.AccessControlException:
  - com/oracle/meep/security/AccessControllerInternal.checkPermission(), bci=118
  - java/security/AccessController.checkPermission(), bci=1
  - com/sun/midp/io/j2me/comm/Protocol.checkForPermission(), bci=16
  - com/sun/midp/io/j2me/comm/Protocol.openPrim(), bci=31
  - javax/microedition/io/Connector.open(), bci=77
  - javax/microedition/io/Connector.open(), bci=6
  - javax/microedition/io/Connector.open(), bci=3
  - javamecomapp/JavaMEcomApp.openComm(), bci=46
  - javamecomapp/JavaMEcomApp.startApp(), bci=9
  - javax/microedition/midlet/MIDletTunnelImpl.callStartApp(), bci=1
  - com/sun/midp/midlet/MIDletPeer.startApp(), bci=5
  - com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=246
  - com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
  - com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
  - com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
  - com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
  Closing comm port.
  Closing comm port.
  TRACE: <at java.lang.NullPointerException>, destroyApp threw an Exception
  java.lang.NullPointerException
  - javamecomapp/JavaMEcomApp.closeComm(), bci=11
  - javamecomapp/JavaMEcomApp.destroyApp(), bci=9
  - javax/microedition/midlet/MIDletTunnelImpl.callDestroyApp(), bci=2
  - com/sun/midp/midlet/MIDletPeer.destroyApp(), bci=6
  - com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=376
  - com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
  - com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
  - com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
  - com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
  java.lang.NullPointerException
  - javamecomapp/JavaMEcomApp.closeComm(), bci=11
  - javamecomapp/JavaMEcomApp.destroyApp(), bci=9
  - javax/microedition/midlet/MIDletTunnelImpl.callDestroyApp(), bci=2
  - com/sun/midp/midlet/MIDletPeer.destroyApp(), bci=6
  - com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=376
  - com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
  - com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
  - com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
  com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
  I have tried this with three different serial ports, /dev/ttyAMA0 (yes I did disable the OS from using it), an arduino board /dev/ttyACM0, and a USB to RS485 adaptor /dev/ttyUSB0. All of these ports could be connected and use normally with both a C program and terminal program in the Pi. The API Permissions were set in the project properties / Application Descriptor / API Permissions to jdk.dio.DeviceMgmtPermission "/dev/ttyAMA0". This of course was changed as I tested different devices.
  I found a reference suggesting adding the line "authentication.provider = com.oracle.meep.security.NullAuthenticationProvider" to the end of the jwc_properties.ini file. This had no effect. I found references that during development in eclipse and NetBeans, the app is already elevated to the top level so this should not be an issue until deployment. This does not appear to be the case.
  I am out of time and need a solution quickly. Any suggestions are welcome.

  Terrence,
     Thank you for responding and confirming the issues I'm having with static addressing.  As far as the example above, I do have the standard LEDs working correctly, however, the example I'm referring to above is from the JavaME samples using the GPIO Port for the LEDS, according to the Device I/O Preconfigured List you referenced:
  GPIO Ports
  The following GPIO ports are preconfigured.
  Devicel ID
  Device Name
  Mapped
  Configuration
  8
  LEDS
  PTB22
  PTE26
  PTB21
  direction = 1 (Output only)
  initValue = 0
  GPIOPins:
  controllerNumber = 1
  pinNumber = 22
  mode = 4 (Push-pull mode)
  controllerNumber = 4
  pinNumber = 26
  mode = 4 (Push-pull mode)
  controllerNumber = 1
  pinNumber = 21
  mode = 4 (Push-pull mode)
  So is the assumption that using GPIOPort for accessing the GPIO port for Device ID 8 as listed in the Device I/O Preconfigured list not supported?

• Post install checks failed for DBC file - Oracle App11.5.10.2 Linux  5.3

  Hi everybody,
  I tried Installing Oracle E-Business Suite 11.5.10.2 on Red Hat Enterprise Linux Server release 5.3
  The Post install checks failed for DBC file, HTTP, JSP and PHP. Apparently the DBC hadn’t been created. I had verified the log file, while executing adgendbc.sh, it throwing below error.
  Generating /jith/d01/oracle/appl/visappl/fnd/11.5.0/secure/prithvi.bangalore.bedford.local_vis.dbc
  DBC generation failed with exit code 127
  Generating /jith/d01/oracle/appl/visappl/fnd/11.5.0/secure/prithvi_vis.dbc
  DBC generation failed with exit code 127
  Updating Server Security Authentication
  Updating Server Security Authentication failed with exit code 127
  adgendbc.sh exiting with status 127
  ERRORCODE = 127 ERRORCODE_END
  .end std out.
  touch: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory
  sqlplus: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
  mkdir: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
  grep: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
  sed: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
  /jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
  cp: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
  /jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
  cp: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
  /jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
  cp: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
  /jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
  /jith/d01/oracle/appl/viscomn/util/java/1.4/j2sdk1.4.2_04/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
  .end err out.
  Thanks in advance.
  sreejith

  Welcome to the forums !
  Pl post EBS related question in the EBS forums at http://forums.oracle.com/forums/category.jspa?categoryID=3
  HTH
  Srini

• System architecture check failed while adding a New Node in RAC

  Hi Friends,
  Environment:SUN Solris 10
  Cluster Version:10.2.0.3
  database Version:10.2.0.3.0
  Due to H/W failure one of our RAC node(prod1) got formatted.
  We have deleted the node(prod1) from RAC successfully.
  But When i am again trying to add the node and checking prerequistes i am facing the below issue.
  $ cd /software/oracle/product/crs/bin
  $ ./cluvfy stage -pre crsinst -n prod1,prod2
  Check: System architecture
    Node Name     Available                 Required                  Comment
    prod2        unknown                   64-bit                    failed
    prod1        64-bit                    64-bit                    passed
  Result: System architecture check failed.But issue is that prod2 is my active(running node), so how to resolve this issue?
  please suggest..
  Regards
  Umesh

  Resolved..
  Thanks...

• Exchange 2013 SP1 readiness check failing

  Trying to install our first Exchange 2013 SP1 server on Windows 2012 R2 in our datacentre, the readiness check fails with:
  Error:
  The Active Directory schema isn't up-to-date, and this user account isn't a member of the 'Schema Admins' and/or 'Enterprise Admins' groups.
  For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.SchemaUpdateRequired.aspx
  There are many more errors relating to Enterprise admin rights etc.
  Please note that:
  My account is Domain admin, Schema admin and Enterprise admin member, it always has been.
  I tried the built-in AD Administrator which of course is part of the groups as well, no difference.
  Active Directory is at 2008 R2 for domain and forest functional levels.
  I tried rejoining the new Exchange designated server to the domain
  I've installed RSAT-ADDS, the Managed API 4.0 and all the other windows roles via powershell
  There is a local domain controller that is a global catalog server on the new Exchange server subnet
  I tried running the Exchange Setup on a different server on the same subnet as where the active 2010 Exchange server resides as well as the FSMO AD role holder resides, this works fine. I even did the AD prep from there no problem, that made no difference
  on the datacentre server
  AD replicates fine between the FSMO role holder and the Datacentre (no errors in dcdiag or repadmin /showrepl)
  This error is in the event log:
  The description for Event ID 4027 from source MSExchange ADAccess cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
  If the event originated on another computer, the display information had to be saved with the event.
  The following information was included with the event:
  ExSetupUI.exe
  6724
  Get Servers for domain.local
  TopologyClientTcpEndpoint (localhost)
  3
  System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of 00:00:02.0475315. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:890. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:890
  at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
  at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
  at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
  --- End of inner exception stack trace ---
  Server stack trace:
  at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
  at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
  at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
  at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
  at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
  at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
  at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
  Exception rethrown at [0]:
  at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
  at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
  at System.ServiceModel.ICommunicationObject.Open()
  at Microsoft.Exchange.Net.ServiceProxyPool`1.GetClient(Boolean useCache)
  at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
  the message resource is present but the message is not found in the string/message table

  So I decided to re-install the OS, worked perfectly now. Only difference from before would be:
  SCCM hasn't pushed SCEP 2012 to the new build of the same server yet
  The original server was installed in a different AD site and then it was physically mode and reassigned to an new AD site and subnet
  I might have installed the pre-reqs in a slightly different order (RSAT-ADDS, all the IIS etc things via powershell
  and then the UCM API 4.0. (saw few comments that the order of how you install them matters in other forums).
  10 or so Microsoft Windows updates haven't installed on the new OS build yet.
  Other than that, its identical. But if its not broken don't fix it, perhaps the above can help someone else though. 

• Exchange 2010 - The certificate status could not be determined because the revocation check failed.

  I have tried everything I have found online to get my DigiCert to work.
  I have exported the cert and imported it into my child domains and they look perfect.
  It is just my parent domain having issues.
  netsh winhttp show proxy
  does show my correct proxy server for http and https and port 8080
  I have tried name, FQDN and IP address.
  In the Bypass-list I have tried none, *.domain.com, and a list of all domains and child domains in my forest.
  I have flushed the cache
  certutil -urlcache crl delete
  certutil -urlcache ocsp delete
  and rebooted the Exchange 2010 (Windows 2008 R2) server
  No matter what, I still see in my Server Configuration for the parent domain's DigiCert cert the message
  The certificate status could not be determined because the revocation check failed.
  with a red X on the left hand icon.  Again, Child domains all say "The certificate is valid for Exchange Server usage."
  Note: In spite of having the red X, I was able to assign via EMS the services.
  Webmail works fine.  Outlook Anywhere fails... I suspect it is due to my red X problem.
  Suggestions?
  Thanks in Advance
  Jim.
  Jim.

  I have contacted DigiCert and they said the cert is working per their utility, hence the problem is outside the scope of their support.
  I have followed, several times, http://support.microsoft.com/kb/979694
  http://www.digicert.com/help/  reports all is well.
  The DigiCertUtil.exe reports all is well and happy.
  I have run
  netsh winhttp set proxy proxy-server="http=myproxy:8080;https=myproxy:8080" bypass-list="*.mydomain.com"
  Current WinHTTP proxy settings:
      Proxy Server(s) :  http=myproxy:8080;https=myproxy:8080
      Bypass List     :  *.mydomain.com
  I have flushed the cache using the commands
  certutil -urlcache crl delete
  certutil -urlcache ocsp delete
   I still see in my Server Configuration for the parent domain's DigiCert cert the message
  "The certificate status could not be determined because the revocation check failed."
  with a red X on the left hand certificate icon. 
  To verify the cert via command line:
  certutil -verify -urlfetch c:\mail_domain_com.cer
  LoadCert(Cert) returned ASN1 bad tag value met. 0x8009310b (ASN: 267)
  CertUtil: -verify command FAILED: 0x8009310b (ASN: 267)
  CertUtil: ASN1 bad tag value met.
  I suspect this is why I cannot get Outlook Anywhere to connect.
  Child domains show a happy certificate icon. Parent domain does not.
  Still scratching my head.
  Thanks all!
  Jim.

• EMC - Certificate status could not be determined because revocation check failed.

  I've exhausted my resources on this issue and am reaching out for some assistance. I have setup Server 2008 R2 Enterprise SP1, running Exchange 2010 SP1. In EMC I have successfully imported a GoDaddy SSL certificate. Although I am receiving the message -
  "The certificate status could not be determined because the revocation check failed."
  Here are the steps I've taken to troubleshoot this so far:
  [PS] C:\Users\Administrator\Desktop>netsh winhttp show proxy
  Current WinHTTP proxy settings:
  Direct access (no proxy server).
  As you can see, direct access. Which is true, no proxy's on this network.
  For good measure, I'll dump the urlcache.
  certutil -urlcache ocsp delete
  certutil -urlcache crl delete
  Both return 0, reboot server.
  Comes back up, same message in EMC.
  From PS, I test exactly what its getting from GoDaddy.
  [PS] C:\Users\Administrator\Desktop>certutil -f -urlfetch -verify mail.fluxlabs.net.crt
  Issuer:
  SERIALNUMBER=07969287
  CN=Go Daddy Secure Certification Authority
  OU=http://certificates.godaddy.com/repository
  O=GoDaddy.com, Inc.
  L=Scottsdale
  S=Arizona
  C=US
  Subject:
  CN=mail.fluxlabs.net
  OU=Domain Control Validated
  O=mail.fluxlabs.net
  Cert Serial Number: 27b60918638e0d
  dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
  dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
  dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_BASE
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
  Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=S
  cottsdale, S=Arizona, C=US
  NotBefore: 8/20/2011 7:49 PM
  NotAfter: 8/20/2012 7:16 PM
  Subject: CN=mail.fluxlabs.net, OU=Domain Control Validated, O=mail.fluxlabs.net
  Serial: 27b60918638e0d
  SubjectAltName: DNS Name=mail.fluxlabs.net, DNS Name=www.mail.fluxlabs.net
  33 49 57 5d 6e d8 6b aa b9 61 73 95 44 07 c9 2e 55 6e 47 10
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 4
  [0.0] http://certificates.godaddy.com/repository/gd_intermediate.crt
  ---------------- Certificate CDP ----------------
  Expired "Base CRL (05)" Time: 4
  [0.0] http://crl.godaddy.com/gds1-55.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  Expired "OCSP" Time: 4
  [0.0] http://ocsp.godaddy.com/
  CRL (null):
  Issuer: CN=Go Daddy Validation Authority, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
  e5 53 19 6c 54 87 8c 62 23 1b b9 11 e1 d8 3d 3f b2 04 77 3f
  Issuance[0] = 2.16.840.1.114413.1.7.23.1
  Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
  Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
  CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  NotBefore: 11/15/2006 8:54 PM
  NotAfter: 11/15/2026 8:54 PM
  Subject: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=
  Scottsdale, S=Arizona, C=US
  Serial: 0301
  7c 46 56 c3 06 1f 7f 4c 0d 67 b3 19 a8 55 f6 0e bc 11 fc 44
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  No URLs "None" Time: 0
  ---------------- Certificate CDP ----------------
  Verified "Base CRL" Time: 4
  [0.0] http://certificates.godaddy.com/repository/gdroot.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  Expired "OCSP" Time: 4
  [0.0] http://ocsp.godaddy.com
  CRL (null):
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  da 1e d5 63 5c 05 58 50 4e db d2 4e e8 9d 28 9d c4 36 b3 1e
  Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
  Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[2] = 1.3.6.1.5.5.7.3.4 Secure Email
  Application[3] = 1.3.6.1.5.5.7.3.3 Code Signing
  CertContext[0][2]: dwInfoStatus=109 dwErrorStatus=0
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  NotBefore: 6/29/2004 12:06 PM
  NotAfter: 6/29/2034 12:06 PM
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Serial: 00
  27 96 ba e6 3f 18 01 e2 77 26 1b a0 d7 77 70 02 8f 20 ee e4
  Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  No URLs "None" Time: 0
  ---------------- Certificate CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
  Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[2] = 1.3.6.1.5.5.7.3.4 Secure Email
  Application[3] = 1.3.6.1.5.5.7.3.3 Code Signing
  Exclude leaf cert:
  b1 04 4b 90 a1 d3 48 de 46 bd d7 50 20 e3 44 b8 3f 68 39 f7
  Full chain:
  68 36 4d 37 2e 96 bd d2 aa 77 3f d0 e8 78 a9 e6 68 bd 7d 71
  Verified Issuance Policies:
  2.16.840.1.114413.1.7.23.1
  Verified Application Policies:
  1.3.6.1.5.5.7.3.1 Server Authentication
  1.3.6.1.5.5.7.3.2 Client Authentication
  Cert is an End Entity certificate
  ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was
  offline. 0x80092013 (-2146885613)
  CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
  CertUtil: -verify command completed successfully.
  As you can see, the "revocation server is offline."
  So I run the same test from another server on the LAN.
  Verified Issuance Policies:
  2.16.840.1.114413.1.7.23.1
  Verified Application Policies:
  1.3.6.1.5.5.7.3.1 Server Authentication
  1.3.6.1.5.5.7.3.2 Client Authentication
  Cert is an End Entity certificate
  Leaf certificate revocation check passed
  CertUtil: -verify command completed successfully.
  It passes. The server's firewall has been disabled. DNS cache has been cleared. I have verified everything I can, and still failing to verify.

  [PS] C:\Users\Administrator\Desktop>Get-ExchangeCertificate |fl
  AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.Acces
  trol.CryptoKeyAccessRule}
  CertificateDomains : {mail.fluxlabs.net, www.mail.fluxlabs.net}
  HasPrivateKey : True
  IsSelfSigned : False
  Issuer : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy
  , Inc.", L=Scottsdale, S=Arizona, C=US
  NotAfter : 8/20/2012 7:16:57 PM
  NotBefore : 8/20/2011 7:49:30 PM
  PublicKeySize : 2048
  RootCAType : ThirdParty
  SerialNumber : 27B60918638E0D
  Services : IMAP, POP, IIS, SMTP
  Status : RevocationCheckFailure
  Subject : CN=mail.fluxlabs.net, OU=Domain Control Validated, O=mail.fluxlabs.net
  Thumbprint : 3349575D6ED86BAAB96173954407C92E556E4710
  [PS] C:\Users\Administrator\Desktop>Enable-ExchangeCertificate -Thumbprint 3349575D6ED86BAAB96173954407C92E556E4710 -Services POP,IMAP,SMTP,IIS
  The command has already been executed. Yes, I have seen those sites. Neither have worked. Like I said, it is directly connected; and no proxies are set.
  -- Jeremy MCSpadden Flux Labs