Steup ipsec in solaris 10

Hi Everybody
is there a doc or white paper that explain step by step how configure ipsec under solaris 10
Thanks

http://docs.sun.com

Similar Messages

  • Problem with IPSec on  solaris 9

    Hi all
    I'm facing a problem with IPSec on solaris 9 that I didn't have with Solaris 8 (With the Security package installed).
    I've an application that creates SA's by using the pf-key interface.
    What it does is first doing a GETSPI to a specific SPI and a specific Destination IP Address.
    This will create an SA and put it in a LARVAL state. After about a minute my application will do an UPDATE to this SPI and that command should change the state of the SA from LARVAL to MATURE but instead I get an error saying that this SPI & IP address already exist (errno = 17).
    Well of course it's already exist that's the all point it should just change the state of an existing SA.
    This exact scenarion was is working fine on Solaris 8.
    Am I doing somthing wrong (maybe there is a package on the solaris 9 that I need to install ?)
    or is this a bug in solaris 9.
    If anyone has any idea on how to do that (without using a one step ADD for a new SA) I will be very thankfull.

    Sorry for using reply for querying.
    I got a problem in creating a Security Association using the PF_KEY Socket (first used SADB_GETSPI and got SPI,with SPI tried to update SADB_UPDATE).
    Getting this problem on Sun Solaris 8.
    It returns errno 122 . operation not supported.
    Here is my mailId [email protected]
    I got few more queries regarding PF_KEY socket.
    Not much directions are available also for pf_key socket in internet.
    Monitor produces the following error.
    # ipseckey monitor
    "Base message (version 2) type UPDATE, SA type AH.
    Error Operation not supported on transport endpoint from PF_KEY.
    Message length 16 bytes, seq=4294967294, pid=450."
    Here is my mailId [email protected]
    Thanks in Advance.
    ssundar.

  • Configuring IPSec in Solaris 9

    Hello Friends,
    I want to configure IPSec in solaris 9 so that a win2k/XP machine can communicate with that solaris m/c using IPSec. Could anybody help me regarding this. I have a basic idea of IPSec. I just want a step by step instructions for how to configure it. I have searched through google and found many docs which instructs how to configure IPSec between solaris only and also between windows only and I have succeeded to do so. But failed to configure it within solaris and windows.
    Thanks and Regards
    Dipta P Banerjee

    yes, you can use oracle thin driver.
    Your connection pool configuration is actually using datasource of oracle thin driver.
    1) download oracle thin driver from oracle
    2) .jar need to be kept in AS_INSTALL/domains/<domain-name>/lib/ext
    3) restart AS
    4) set all the necessary properties for Oracle thin driver - conn. pool (refer App Server Administration Guide > JDBC Resources > Config. for specific JDBC Drivers > Oracle thin type 4 driver
    5) Ping conn. pool
    If you are still getting the failure message, please post
    1) exception got during ping, from domains/<domain-name>/logs/server.log
    2) connection pool configuration
    Thanks,
    -Jagadish

  • Certificate Authority Support for IPSEC in Solaris

    I'm wondering when Solaris SPARC or X86 will support a IKE daemon that supports Certificates.
    The whole manual IPSEC is not desirable nor is it the best method of security

    You may want to pose your question over on the Solaris Suggestion Board as well:
    http://www.sun.com/bigadmin/discussions/

  • Using IPsec in solaris 10 with zones - in the zones.

    I manage to set up the IPsec feature in the global zone , However, i need to use it in one of the zones,
    How can i do it?????

    Hi Peter - thanks for your reply.
    I had already tried including the full path to srcore in AccessKeyMouseEvents (apologies for not mentioning this before) and still no luck.
    I've just now re-verified that I made the correct changes as outlined in the JDS3 accessibility guide. My AccessKeyMouseEvents line is:
    <Control>s 1 1000 1000 /usr/sfw/bin/srcore login disable-magnifier enable-speech enable-braille
    (it is all on one line)
    Any other suggestions?
    Is there a way I can determine (via a non graphical method) whether the proper modules are being loaded by gdm?
    Thanks,
    Ivan Fetch.

  • IPsec tunnel to a windows 2008 R2 server

    I have an application that uses FTP to a win2k8r2 server. I'd like to setup an IPSEC tunnel to the windows server to encapsulate this traffic.
    I've configured IPSEC in Solaris before, but not in LINUX. The implementation eludes me. I've searched online and not found anything that appears to work.
    anyone got any ideas or secret documents that lines out how to do this?

    yes, but not very helpful educationally. What I am trying to do is establish a permanent tunnel to a win2k8r2 server. I've got it to the point where it will establish a tunnel if the windows box initiates the transaction but my attempts fail. addtionally, the connection is not permanent. it drops every so often.
    I keep getting the following errors over and over again until the windows box tries to send something.
    Apr 16 13:47:01 LINUXHOST pluto[12025]: "WINHOST_Conn" #29: initiating Quick Mode PSK+ENCRYPT+TUNNEL+DONTREKEY+UP+IKEv2ALLOW+SAREFTRACK to replace #27 {using isakmp#14 msgid:41efece2 proposal=defaults pfsgroup=no-pfs}
    Apr 16 13:47:01 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
    Apr 16 13:47:01 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: received and ignored informational message
    Apr 16 13:47:11 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
    Apr 16 13:47:11 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: received and ignored informational message
    Apr 16 13:47:12 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
    Apr 16 13:47:12 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: received and ignored informational message
    Apr 16 13:47:26 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: received Delete SA payload: replace IPSEC State #16 in 10 seconds
    Apr 16 13:47:26 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: received and ignored informational message
    Apr 16 13:47:31 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
    Apr 16 13:47:31 LINUXHOST pluto[12025]: "WINHOST_Conn" #14: received and ignored informational message
    Apr 16 13:47:36 LINUXHOST pluto[12025]: "WINHOST_Conn" #30: initiating Quick Mode PSK+ENCRYPT+TUNNEL+DONTREKEY+UP+IKEv2ALLOW+SAREFTRACK to replace #16 {using isakmp#14 msgid:219d57e8 proposal=defaults pfsgroup=no-pfs}
    problem is the windows server is the recipient in these transactions.

  • [Q] IPsec setup

    I am trying to use(& install) IPsec in Solaris 8, SunOS 5.8, ULTRA 10.
    when I try to use "ipcseckey", problem occured...
    log message is followed..
    #ipsecconf -a /etc/inet/ipsecinit.conf
    #ipseckey
    ipseckey>add ah spi 0x90125 src free.domain.com dst ultra.domain.com \
    authalg md5 authkey 1234567890abcdef1234567890abcdef
    ipseckey>Reply message from PF_KEY timed out.
    tell me solution for this problem...
    thanks

    Hi
    I have seen this problem before, it is normally a result of a missing
    package that goes with the ipsec feature, I cant remember which one
    out of the top of my head.
    If you have not yet fixed the problem, let me know and I will be happy
    to figure out which is the missing package at your end.
    -manish

  • Solaris 9 IPSec support

    I am currently attempting to activate IPSecurity on Solaris and I am having a host of issues. I am hoping someone on the forums have done this before.
    Here are the steps that I have figured out:
    1) Create Certificates and add them into the database: I am fairly certain that this has been done correctly since when the in.iked daemon comes up it reads in my CA certificate and my server certificate that I have created.
    2) Edit the /etc/inet/ike/config file. I have edited this file but there is an odd thing here. Looking at the man page it says that I should be able to do use AES for the phase 1 SA. However when I use the key word for the aes it tells me it is an error. <Question> Is the AES support only on 10? Is there away I can tell the version of the in.iked daemon I am working with?
    3) Activate the in.iked server with the config file. I have done this and used the -p2 -d options so I can see the log file that goes with it.
    4)Update the /etc/inet/ipsec.init file: I have done this but here is another instance that things do not make sense. I create a phase 2 proposal devoid of all encryption algorithms and the default one came up. It only had AES and Blowfish. There was no Triple DES option available even though in the man page is there. <question> how do I get the version number of the ipsecconf command.
    5)I then use the ipsecconf command to suck in the ipsec.init profile. I have done this successfully with AES and can do a list display.
    Usage<<<< I attempt to run a traffic from my solaris to my partner machine that matches the phase 2 traffic descriptors however when the traffic arrives it is not encrypted and the solaris did not attempt to negotiate a tunnel.
    When I attempt to initiate a VPN from the other side all I get is parameter mismatch on the Solaris side however the parameters that I have configured all seem to match.
    <Questions>
    1) Is there some better messages available above -p2 -d
    2) Is there a way to initiate a phase 1 negotiation on the SA. ikeadm command does not seem to have that.
    3) Is there a service that I have to activate to start the IPSecurity pieces?

    http://www.sun.com/servers/coolthreads/t2000/specs.xml
    no.
    Darren

  • Solaris 11 responds to IPSEC VPN traffic ONLY one direction

    I have established a IPSEC VPN tunnel between my remote solaris 11 and office Sonicwall router using Site to Site. Everything works fine if the traffic initiates from the Solaris side. However when I try to ping or any network services like nfs,ssh, samb, etc. on the remote solaris box from our office. The server does NOT respond to the incoming packets but packets are going through the tunnel and appears on the remote end when I do snoop –d tun0 and snoop –I vnic0. What I do notice is that snoop –d vnic0 shows no packets and it doesn’t seem to get any traffic at all (see netstat –rn). Could it be my routing table? Ip zones? Any ideas? I followed the Oracle Documents very carefully and with extra help from other extern Solaris 11 admin sites. I know people would suggest using OpenSwan or OpenVPN but this setup should work.
    Here is the network info on my IPSEC VPN setup. Tunnel is configured in Transport Mode and IPSEC/IKE is working fine.
    Solaris 11 vnic0/10.4.0.1/24, external Internet Nic is nge0/209.xxx.xxx.194/25
    # dladm show-link
    LINK CLASS MTU STATE OVER
    nge0 phys 1500 up --
    tun0 iptun 1402 up --
    vnic0 vnic 1500 up nge0
    # dladm show-iptun
    LINK TYPE FLAGS LOCAL REMOTE
    tun0 ipv4 s- 209.xxx.xxx.194 64.xxx.xxx.34
    # ipadm show-if
    IFNAME CLASS STATE ACTIVE OVER
    lo0 loopback ok yes --
    nge0 ip ok yes --
    vnic0 ip ok yes --
    tun0 ip ok yes --
    # ipadm show-addr
    ADDROBJ TYPE STATE ADDR
    lo0/v4 static ok 127.0.0.1/8
    nge0/v4 static ok 209.xxx.xxx.194/25
    vnic0/inside static ok 10.4.0.1/24
    tun0/v4 static ok 10.4.0.1->172.20.0.1
    lo0/v6 static ok ::1/128
    # netstat -rn
    Routing Table: IPv4
    Destination Gateway Flags Ref Use Interface
    default 209.xxx.xxx.129 UG 6 16874898 nge0
    10.4.0.0 10.4.0.1 U 2 0 vnic0
    10.181.0.0 172.20.0.1 UGS 3 16862235 tun0
    127.0.0.1 127.0.0.1 UH 2 1786 lo0
    172.20.0.1 10.4.0.1 UH 3 16862235 tun0
    Routing Table: IPv6
    Destination/Mask Gateway Flags Ref Use If
    ::1 ::1 UH 2 42 lo0
    # routeadm
    Configuration Current Current
    Option Configuration System State
    IPv4 routing disabled disabled
    IPv6 routing disabled disabled
    IPv4 forwarding disabled disabled
    IPv6 forwarding disabled disabled
    Routing services "route:default ripng:default"
    Routing daemons:
    STATE FMRI
    disabled svc:/network/routing/ripng:default
    disabled svc:/network/routing/rdisc:default
    disabled svc:/network/routing/route:default
    disabled svc:/network/routing/legacy-routing:ipv4
    disabled svc:/network/routing/legacy-routing:ipv6
    online svc:/network/routing/ndp:default
    Solaris># ping 10.181.1.218
    10.181.1.218 is alive
    C:\>ping 10.4.0.1
    Pinging 10.4.0.1 with 32 bytes of data:
    Request timed out.
    Request timed out.
    # snoop -d tun0 10.181.1.218
    Using device tun0 (promiscuous mode)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 33) (1 encap)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 34) (1 encap)
    # snoop -I vnic0 10.181.1.218
    Using device ipnet/vnic0 (promiscuous mode)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 36)
    10.181.1.218-> 10.4.0.1 -i ICMP Echo request (ID: 1 Sequence number: 37)
    # ipadm show-prop
    PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    ipv4 forwarding rw off off off on,off
    ipv4 ttl rw 255 -- 255 1-255
    ipv6 forwarding rw off -- off on,off
    ipv6 hoplimit rw 255 -- 255 1-255
    ipv6 hostmodel rw weak -- weak strong,
    src-priority,
    weak
    ipv4 hostmodel rw strong strong weak strong,
    src-priority,
    weak
    icmp max_buf rw 262144 -- 262144 65536-1073741824
    icmp recv_buf rw 8192 -- 8192 4096-262144
    icmp send_buf rw 8192 -- 8192 4096-262144
    tcp cong_default rw newreno -- newreno newreno,cubic,
    highspeed,vegas
    tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
    highspeed, highspeed, highspeed,vegas
    vegas vegas
    tcp ecn rw passive -- passive never,passive,
    active
    tcp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    tcp largest_anon_port rw 65535 -- 65535 32768-65535
    tcp max_buf rw 1048576 -- 1048576 128000-1073741824
    tcp recv_buf rw 128000 -- 128000 2048-1048576
    tcp sack rw active -- active never,passive,
    active
    tcp send_buf rw 49152 -- 49152 4096-1048576
    tcp smallest_anon_port rw 32768 -- 32768 1024-65535
    tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    udp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    udp largest_anon_port rw 65535 -- 65535 32768-65535
    udp max_buf rw 2097152 -- 2097152 65536-1073741824
    udp recv_buf rw 57344 -- 57344 128-2097152
    udp send_buf rw 57344 -- 57344 1024-2097152
    udp smallest_anon_port rw 32768 -- 32768 1024-65535
    udp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    sctp cong_default rw newreno -- newreno newreno,cubic,
    highspeed,vegas
    sctp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
    highspeed, highspeed, highspeed,vegas
    vegas vegas
    sctp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    sctp largest_anon_port rw 65535 -- 65535 32768-65535
    sctp max_buf rw 1048576 -- 1048576 102400-1073741824
    sctp recv_buf rw 102400 -- 102400 8192-1048576
    sctp send_buf rw 102400 -- 102400 8192-1048576
    sctp smallest_anon_port rw 32768 -- 32768 1024-65535
    sctp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    # ipadm show-addrprop
    ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    lo0/v4 broadcast r- -- -- -- --
    lo0/v4 deprecated rw off -- off on,off
    lo0/v4 prefixlen rw 8 8 8 1-30,32
    lo0/v4 private rw off -- off on,off
    lo0/v4 reqhost r- -- -- -- --
    lo0/v4 transmit rw on -- on on,off
    lo0/v4 zone rw global -- global --
    nge0/v4 broadcast r- 209.xxx.xxx.255 -- 209.xxx.xxx.255 --
    nge0/v4 deprecated rw off -- off on,off
    nge0/v4 prefixlen rw 25 25 24 1-30,32
    nge0/v4 private rw on on off on,off
    nge0/v4 reqhost r- -- -- -- --
    nge0/v4 transmit rw on -- on on,off
    nge0/v4 zone rw global -- global --
    vnic0/inside broadcast r- 10.4.0.255 -- 10.255.255.255 --
    vnic0/inside deprecated rw off -- off on,off
    vnic0/inside prefixlen rw 24 24 8 1-30,32
    vnic0/inside private rw off -- off on,off
    vnic0/inside reqhost r- -- -- -- --
    vnic0/inside transmit rw on -- on on,off
    vnic0/inside zone rw global -- global --
    tun0/v4 broadcast r- -- -- -- --
    tun0/v4 deprecated rw off -- off on,off
    tun0/v4 prefixlen rw -- -- -- --
    tun0/v4 private rw off -- off on,off
    tun0/v4 reqhost r- -- -- -- --
    tun0/v4 transmit rw on -- on on,off
    tun0/v4 zone rw global -- global --
    ipadm show-ifprop
    IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    nge0 arp ipv4 rw on -- on on,off
    nge0 forwarding ipv4 rw off off off on,off
    nge0 metric ipv4 rw 0 -- 0 --
    nge0 mtu ipv4 rw 1500 -- 1500 68-1500
    nge0 exchange_routes ipv4 rw on -- on on,off
    nge0 usesrc ipv4 rw none -- none --
    nge0 forwarding ipv6 rw off -- off on,off
    nge0 metric ipv6 rw 0 -- 0 --
    nge0 mtu ipv6 rw 1500 -- 1500 1280-1500
    nge0 nud ipv6 rw on -- on on,off
    nge0 exchange_routes ipv6 rw on -- on on,off
    nge0 usesrc ipv6 rw none -- none --
    nge0 group ip rw -- -- -- --
    nge0 standby ip rw off -- off on,off
    vnic0 arp ipv4 rw on -- on on,off
    vnic0 forwarding ipv4 rw on on off on,off
    vnic0 metric ipv4 rw 0 -- 0 --
    vnic0 mtu ipv4 rw 1500 -- 1500 68-1500
    vnic0 exchange_routes ipv4 rw on -- on on,off
    vnic0 usesrc ipv4 rw none -- none --
    vnic0 group ip rw -- -- -- --
    vnic0 standby ip rw off -- off on,off
    tun0 arp ipv4 rw off -- on on,off
    tun0 forwarding ipv4 rw on on off on,off
    tun0 metric ipv4 rw 0 -- 0 --
    tun0 mtu ipv4 rw 1402 -- 1402 68-65515
    tun0 exchange_routes ipv4 rw on -- on on,off
    tun0 usesrc ipv4 rw none -- none --
    tun0 group ip rw -- -- -- --
    tun0 standby ip rw off -- off on,off
    Edited by: user1233039 on Jun 20, 2012 9:18 AM

    I have established a IPSEC VPN tunnel between my remote solaris 11 and office Sonicwall router using Site to Site. Everything works fine if the traffic initiates from the Solaris side. However when I try to ping or any network services like nfs,ssh, samb, etc. on the remote solaris box from our office. The server does NOT respond to the incoming packets but packets are going through the tunnel and appears on the remote end when I do snoop –d tun0 and snoop –I vnic0. What I do notice is that snoop –d vnic0 shows no packets and it doesn’t seem to get any traffic at all (see netstat –rn). Could it be my routing table? Ip zones? Any ideas? I followed the Oracle Documents very carefully and with extra help from other extern Solaris 11 admin sites. I know people would suggest using OpenSwan or OpenVPN but this setup should work.
    Here is the network info on my IPSEC VPN setup. Tunnel is configured in Transport Mode and IPSEC/IKE is working fine.
    Solaris 11 vnic0/10.4.0.1/24, external Internet Nic is nge0/209.xxx.xxx.194/25
    # dladm show-link
    LINK CLASS MTU STATE OVER
    nge0 phys 1500 up --
    tun0 iptun 1402 up --
    vnic0 vnic 1500 up nge0
    # dladm show-iptun
    LINK TYPE FLAGS LOCAL REMOTE
    tun0 ipv4 s- 209.xxx.xxx.194 64.xxx.xxx.34
    # ipadm show-if
    IFNAME CLASS STATE ACTIVE OVER
    lo0 loopback ok yes --
    nge0 ip ok yes --
    vnic0 ip ok yes --
    tun0 ip ok yes --
    # ipadm show-addr
    ADDROBJ TYPE STATE ADDR
    lo0/v4 static ok 127.0.0.1/8
    nge0/v4 static ok 209.xxx.xxx.194/25
    vnic0/inside static ok 10.4.0.1/24
    tun0/v4 static ok 10.4.0.1->172.20.0.1
    lo0/v6 static ok ::1/128
    # netstat -rn
    Routing Table: IPv4
    Destination Gateway Flags Ref Use Interface
    default 209.xxx.xxx.129 UG 6 16874898 nge0
    10.4.0.0 10.4.0.1 U 2 0 vnic0
    10.181.0.0 172.20.0.1 UGS 3 16862235 tun0
    127.0.0.1 127.0.0.1 UH 2 1786 lo0
    172.20.0.1 10.4.0.1 UH 3 16862235 tun0
    Routing Table: IPv6
    Destination/Mask Gateway Flags Ref Use If
    ::1 ::1 UH 2 42 lo0
    # routeadm
    Configuration Current Current
    Option Configuration System State
    IPv4 routing disabled disabled
    IPv6 routing disabled disabled
    IPv4 forwarding disabled disabled
    IPv6 forwarding disabled disabled
    Routing services "route:default ripng:default"
    Routing daemons:
    STATE FMRI
    disabled svc:/network/routing/ripng:default
    disabled svc:/network/routing/rdisc:default
    disabled svc:/network/routing/route:default
    disabled svc:/network/routing/legacy-routing:ipv4
    disabled svc:/network/routing/legacy-routing:ipv6
    online svc:/network/routing/ndp:default
    Solaris># ping 10.181.1.218
    10.181.1.218 is alive
    C:\>ping 10.4.0.1
    Pinging 10.4.0.1 with 32 bytes of data:
    Request timed out.
    Request timed out.
    # snoop -d tun0 10.181.1.218
    Using device tun0 (promiscuous mode)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 33) (1 encap)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 34) (1 encap)
    # snoop -I vnic0 10.181.1.218
    Using device ipnet/vnic0 (promiscuous mode)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 36)
    10.181.1.218-> 10.4.0.1 -i ICMP Echo request (ID: 1 Sequence number: 37)
    # ipadm show-prop
    PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    ipv4 forwarding rw off off off on,off
    ipv4 ttl rw 255 -- 255 1-255
    ipv6 forwarding rw off -- off on,off
    ipv6 hoplimit rw 255 -- 255 1-255
    ipv6 hostmodel rw weak -- weak strong,
    src-priority,
    weak
    ipv4 hostmodel rw strong strong weak strong,
    src-priority,
    weak
    icmp max_buf rw 262144 -- 262144 65536-1073741824
    icmp recv_buf rw 8192 -- 8192 4096-262144
    icmp send_buf rw 8192 -- 8192 4096-262144
    tcp cong_default rw newreno -- newreno newreno,cubic,
    highspeed,vegas
    tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
    highspeed, highspeed, highspeed,vegas
    vegas vegas
    tcp ecn rw passive -- passive never,passive,
    active
    tcp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    tcp largest_anon_port rw 65535 -- 65535 32768-65535
    tcp max_buf rw 1048576 -- 1048576 128000-1073741824
    tcp recv_buf rw 128000 -- 128000 2048-1048576
    tcp sack rw active -- active never,passive,
    active
    tcp send_buf rw 49152 -- 49152 4096-1048576
    tcp smallest_anon_port rw 32768 -- 32768 1024-65535
    tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    udp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    udp largest_anon_port rw 65535 -- 65535 32768-65535
    udp max_buf rw 2097152 -- 2097152 65536-1073741824
    udp recv_buf rw 57344 -- 57344 128-2097152
    udp send_buf rw 57344 -- 57344 1024-2097152
    udp smallest_anon_port rw 32768 -- 32768 1024-65535
    udp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    sctp cong_default rw newreno -- newreno newreno,cubic,
    highspeed,vegas
    sctp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
    highspeed, highspeed, highspeed,vegas
    vegas vegas
    sctp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    sctp largest_anon_port rw 65535 -- 65535 32768-65535
    sctp max_buf rw 1048576 -- 1048576 102400-1073741824
    sctp recv_buf rw 102400 -- 102400 8192-1048576
    sctp send_buf rw 102400 -- 102400 8192-1048576
    sctp smallest_anon_port rw 32768 -- 32768 1024-65535
    sctp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    # ipadm show-addrprop
    ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    lo0/v4 broadcast r- -- -- -- --
    lo0/v4 deprecated rw off -- off on,off
    lo0/v4 prefixlen rw 8 8 8 1-30,32
    lo0/v4 private rw off -- off on,off
    lo0/v4 reqhost r- -- -- -- --
    lo0/v4 transmit rw on -- on on,off
    lo0/v4 zone rw global -- global --
    nge0/v4 broadcast r- 209.xxx.xxx.255 -- 209.xxx.xxx.255 --
    nge0/v4 deprecated rw off -- off on,off
    nge0/v4 prefixlen rw 25 25 24 1-30,32
    nge0/v4 private rw on on off on,off
    nge0/v4 reqhost r- -- -- -- --
    nge0/v4 transmit rw on -- on on,off
    nge0/v4 zone rw global -- global --
    vnic0/inside broadcast r- 10.4.0.255 -- 10.255.255.255 --
    vnic0/inside deprecated rw off -- off on,off
    vnic0/inside prefixlen rw 24 24 8 1-30,32
    vnic0/inside private rw off -- off on,off
    vnic0/inside reqhost r- -- -- -- --
    vnic0/inside transmit rw on -- on on,off
    vnic0/inside zone rw global -- global --
    tun0/v4 broadcast r- -- -- -- --
    tun0/v4 deprecated rw off -- off on,off
    tun0/v4 prefixlen rw -- -- -- --
    tun0/v4 private rw off -- off on,off
    tun0/v4 reqhost r- -- -- -- --
    tun0/v4 transmit rw on -- on on,off
    tun0/v4 zone rw global -- global --
    ipadm show-ifprop
    IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    nge0 arp ipv4 rw on -- on on,off
    nge0 forwarding ipv4 rw off off off on,off
    nge0 metric ipv4 rw 0 -- 0 --
    nge0 mtu ipv4 rw 1500 -- 1500 68-1500
    nge0 exchange_routes ipv4 rw on -- on on,off
    nge0 usesrc ipv4 rw none -- none --
    nge0 forwarding ipv6 rw off -- off on,off
    nge0 metric ipv6 rw 0 -- 0 --
    nge0 mtu ipv6 rw 1500 -- 1500 1280-1500
    nge0 nud ipv6 rw on -- on on,off
    nge0 exchange_routes ipv6 rw on -- on on,off
    nge0 usesrc ipv6 rw none -- none --
    nge0 group ip rw -- -- -- --
    nge0 standby ip rw off -- off on,off
    vnic0 arp ipv4 rw on -- on on,off
    vnic0 forwarding ipv4 rw on on off on,off
    vnic0 metric ipv4 rw 0 -- 0 --
    vnic0 mtu ipv4 rw 1500 -- 1500 68-1500
    vnic0 exchange_routes ipv4 rw on -- on on,off
    vnic0 usesrc ipv4 rw none -- none --
    vnic0 group ip rw -- -- -- --
    vnic0 standby ip rw off -- off on,off
    tun0 arp ipv4 rw off -- on on,off
    tun0 forwarding ipv4 rw on on off on,off
    tun0 metric ipv4 rw 0 -- 0 --
    tun0 mtu ipv4 rw 1402 -- 1402 68-65515
    tun0 exchange_routes ipv4 rw on -- on on,off
    tun0 usesrc ipv4 rw none -- none --
    tun0 group ip rw -- -- -- --
    tun0 standby ip rw off -- off on,off
    Edited by: user1233039 on Jun 20, 2012 9:18 AM

  • Use IPSEC client on Solaris

    We're using Solaris 8, 9 & 10. (Mainly version 9)
    We need to connect to our DMZ servers via an IPSEC tunnel, but the solution seems to be unstable and does not work properly from a UNIX Solaris workstation.
    Is there an IPSEC client that will allow secure stable access to manage Web servers? We need to be able use X-base GUI over this tunnel.

    Are you using a real IP-in-IP tunnel protected with IPsec? Or do you just want the IPsec protection? (Many vendors think all IPsec protection is a "tunnel", which is wrong.)
    A few more details would be helpful here. And I'm sorry for not seeing this sooner.
    Dan - Solaris IPsec developer

  • Zfs core dumps in Solaris Zones after patchcluster installation

    Hi
    I've installed the recommended patch cluster for Solaris 10 (SPARC) on my T2000 Server.
    Now after the reboot all the Solaris Zones (got about 10 of them) instantly do zfs core dumps when their booted.
    Some Output:
    Dec 15 15:34:43 XXXXX genunix: NOTICE: core_log: zfs[1711] core dumped: /var/core/core_XXXXXX_zfs_0_0_1292423682_1711
    bash-3.00# svcs
    STATE STIME FMRI
    online 13:58:50 svc:/system/svc/restarter:default
    online 13:58:51 svc:/system/filesystem/root:default
    online 13:58:51 svc:/network/loopback:default
    online 13:58:53 svc:/network/pfil:default
    online 13:58:54 svc:/system/installupdates:default
    online 13:58:55 svc:/system/boot-archive:default
    online 13:58:56 svc:/network/physical:default
    online 13:58:57 svc:/system/filesystem/usr:default
    online 13:58:57 svc:/system/identity:node
    online 13:58:58 svc:/system/device/local:default
    online 13:58:58 svc:/system/keymap:default
    online 13:58:58 svc:/milestone/devices:default
    online 13:58:58 svc:/system/filesystem/minimal:default
    online 13:58:58 svc:/system/rmtmpfiles:default
    online 13:58:58 svc:/system/cryptosvc:default
    online 13:58:59 svc:/system/identity:domain
    online 13:58:59 svc:/system/name-service-cache:default
    online 13:58:59 svc:/system/coreadm:default
    online 13:58:59 svc:/network/ipsec/ipsecalgs:default
    online 13:58:59 svc:/application/print/ppd-cache-update:default
    online 13:58:59 svc:/network/ipsec/policy:default
    online 13:59:00 svc:/milestone/network:default
    online 13:59:00 svc:/network/initial:default
    online 13:59:00 svc:/system/manifest-import:default
    online 13:59:00 svc:/network/service:default
    online 13:59:00 svc:/milestone/single-user:default
    online 13:59:00 svc:/network/dns/client:default
    online 13:59:00 svc:/network/routing-setup:default
    online 13:59:00 svc:/milestone/name-services:default
    online 13:59:03 svc:/milestone/sysconfig:default
    online 13:59:03 svc:/system/utmp:default
    online 13:59:03 svc:/system/console-login:default
    offline 13:58:51 svc:/system/sysidtool:net
    offline 13:58:51 svc:/network/rpc/bind:default
    offline 13:58:51 svc:/system/sysidtool:system
    offline 13:58:52 svc:/network/nfs/status:default
    offline 13:58:52 svc:/network/nfs/nlockmgr:default
    offline 13:58:52 svc:/network/nfs/cbd:default
    offline 13:58:52 svc:/network/nfs/mapid:default
    offline 13:58:52 svc:/network/inetd:default
    offline 13:58:52 svc:/network/nfs/client:default
    offline 13:58:52 svc:/system/filesystem/autofs:default
    offline 13:58:53 svc:/system/system-log:default
    offline 13:58:53 svc:/network/smtp:sendmail
    offline 13:58:53 svc:/system/cron:default
    offline 13:58:53 svc:/milestone/multi-user:default
    offline 13:58:54 svc:/application/management/snmpdx:default
    offline 13:58:54 svc:/application/management/dmi:default
    offline 13:58:54 svc:/application/management/seaport:default
    offline 13:58:54 svc:/network/ssh:default
    offline 13:58:54 svc:/milestone/multi-user-server:default
    offline 13:58:54 svc:/application/font/fc-cache:default
    offline 13:58:55 svc:/application/management/sma:default
    offline 13:58:58 svc:/system/sac:default
    offline 13:59:00 svc:/network/shares/group:default
    offline 13:59:00 svc:/system/boot-archive-update:default
    maintenance 15:34:43 svc:/system/filesystem/local:default
    uninitialized 13:58:52 svc:/network/rpc/gss:default
    uninitialized 13:58:54 svc:/application/font/stfsloader:default
    uninitialized 13:58:55 svc:/network/rpc/rstat:default
    uninitialized 13:58:55 svc:/application/print/rfc1179:default
    uninitialized 13:58:55 svc:/application/x11/xfs:default
    uninitialized 13:58:55 svc:/network/finger:default
    uninitialized 13:58:55 svc:/network/ftp:default
    uninitialized 13:58:56 svc:/network/login:rlogin
    uninitialized 13:58:56 svc:/network/nfs/rquota:default
    uninitialized 13:58:56 svc:/network/rpc/rusers:default
    uninitialized 13:58:56 svc:/network/rpc/smserver:default
    uninitialized 13:58:57 svc:/network/security/ktkt_warn:default
    uninitialized 13:58:57 svc:/network/shell:default
    uninitialized 13:58:57 svc:/network/telnet:default
    uninitialized 13:58:58 svc:/network/rpc-100235_1/rpc_ticotsord:default
    uninitialized 13:58:58 svc:/network/rpc/cde-calendar-manager:default
    uninitialized 13:58:59 svc:/network/rpc/cde-ttdbserver:tcp
    bash-3.00# svcs -x
    svc:/system/filesystem/local:default (local file system mounts)
    State: maintenance since Wed Dec 15 15:34:43 2010
    Reason: Start method exited with $SMF_EXIT_ERR_FATAL.
    See: http://sun.com/msg/SMF-8000-KS
    See: /var/svc/log/system-filesystem-local:default.log
    Impact: 24 dependent services are not running. (Use -v for list.)
    svc:/network/rpc/gss:default (Generic Security Service)
    State: uninitialized since Wed Dec 15 13:58:52 2010
    Reason: Restarter svc:/network/inetd:default is not running.
    See: http://sun.com/msg/SMF-8000-5H
    See: gssd(1M)
    Impact: 11 dependent services are not running. (Use -v for list.)
    svc:/network/rpc/rstat:default (kernel statistics server)
    State: uninitialized since Wed Dec 15 13:58:55 2010
    Reason: Restarter svc:/network/inetd:default is not running.
    See: http://sun.com/msg/SMF-8000-5H
    See: rpc.rstatd(1M)
    See: rstatd(1M)
    Impact: 1 dependent service is not running. (Use -v for list.)
    bash-3.00# cat /var/svc/log/system-filesystem-local:default.log
    [ Jul 10 03:41:35 Enabled. ]
    [ Jul 10 03:43:45 Rereading configuration. ]
    [ Jul 10 03:44:17 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 10 03:44:18 Method "start" exited with status 0 ]
    [ Jul 10 12:44:36 Enabled. ]
    [ Jul 10 12:44:45 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 10 12:44:45 Method "start" exited with status 0 ]
    [ Jul 10 12:45:03 Enabled. ]
    [ Jul 10 12:45:09 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 10 12:45:09 Method "start" exited with status 0 ]
    [ Jul 10 13:54:39 Enabled. ]
    [ Jul 10 13:54:46 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 10 13:54:46 Method "start" exited with status 0 ]
    [ Jul 18 12:34:19 Enabled. ]
    [ Jul 18 12:34:27 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 18 12:34:27 Method "start" exited with status 0 ]
    [ Jul 18 17:29:08 Enabled. ]
    [ Jul 18 17:29:15 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 18 17:29:15 Method "start" exited with status 0 ]
    [ Jul 19 11:13:34 Enabled. ]
    [ Jul 19 11:13:42 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 19 11:13:42 Method "start" exited with status 0 ]
    [ Jul 19 11:32:23 Enabled. ]
    [ Jul 19 11:32:30 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 19 11:32:31 Method "start" exited with status 0 ]
    [ Jul 19 11:57:06 Enabled. ]
    [ Jul 19 11:57:13 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 19 11:57:13 Method "start" exited with status 0 ]
    [ Jul 19 12:40:05 Enabled. ]
    [ Jul 19 12:40:12 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 19 12:40:12 Method "start" exited with status 0 ]
    [ Jul 20 15:51:46 Enabled. ]
    [ Jul 20 15:51:54 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 20 15:51:54 Method "start" exited with status 0 ]
    [ Jul 24 11:42:17 Enabled. ]
    [ Jul 24 11:42:25 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 24 11:42:25 Method "start" exited with status 0 ]
    [ Jul 27 12:05:06 Stopping because service disabled. ]
    [ Jul 27 12:05:07 Executing stop method (null) ]
    [ Jul 27 12:13:10 Enabled. ]
    [ Jul 27 12:13:17 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 27 12:13:17 Method "start" exited with status 0 ]
    [ Jul 27 13:10:26 Stopping because service disabled. ]
    [ Jul 27 13:10:26 Executing stop method (null) ]
    [ Jul 27 13:18:19 Enabled. ]
    [ Jul 27 13:18:26 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 27 13:18:26 Method "start" exited with status 0 ]
    [ Jul 31 10:12:31 Enabled. ]
    [ Jul 31 10:12:38 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jul 31 10:12:39 Method "start" exited with status 0 ]
    [ Aug  7 10:08:52 Stopping because service disabled. ]
    [ Aug  7 10:08:52 Executing stop method (null) ]
    [ Aug  7 10:34:50 Enabled. ]
    [ Aug  7 10:34:57 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug  7 10:34:58 Method "start" exited with status 0 ]
    [ Aug  9 09:14:50 Stopping because service disabled. ]
    [ Aug  9 09:14:50 Executing stop method (null) ]
    [ Aug  9 09:55:03 Enabled. ]
    [ Aug  9 09:55:10 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug  9 09:55:11 Method "start" exited with status 0 ]
    [ Aug 16 10:46:43 Enabled. ]
    [ Aug 16 10:46:50 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 16 10:46:50 Method "start" exited with status 0 ]
    [ Aug 16 12:06:56 Enabled. ]
    [ Aug 16 12:07:02 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 16 12:07:02 Method "start" exited with status 0 ]
    [ Aug 16 13:45:10 Enabled. ]
    [ Aug 16 13:45:16 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 16 13:45:16 Method "start" exited with status 0 ]
    [ Aug 16 14:36:59 Enabled. ]
    [ Aug 16 14:37:07 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 16 14:37:07 Method "start" exited with status 0 ]
    [ Aug 16 15:00:40 Enabled. ]
    [ Aug 16 15:00:47 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 16 15:00:47 Method "start" exited with status 0 ]
    [ Aug 22 16:00:13 Enabled. ]
    [ Aug 22 16:00:21 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 22 16:00:21 Method "start" exited with status 0 ]
    [ Aug 23 09:49:04 Enabled. ]
    [ Aug 23 09:49:10 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 23 09:49:11 Method "start" exited with status 0 ]
    [ Aug 23 09:49:23 Stopping because service disabled. ]
    [ Aug 23 09:49:23 Executing stop method (null) ]
    [ Aug 23 10:04:13 Enabled. ]
    [ Aug 23 10:04:20 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 23 10:04:20 Method "start" exited with status 0 ]
    [ Aug 23 10:06:57 Enabled. ]
    [ Aug 23 10:07:04 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 23 10:07:05 Method "start" exited with status 0 ]
    [ Oct 23 08:43:05 Enabled. ]
    [ Oct 23 08:43:14 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Oct 23 08:43:14 Method "start" exited with status 0 ]
    [ Nov 21 14:51:50 Enabled. ]
    [ Nov 21 14:51:58 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Nov 21 14:51:59 Method "start" exited with status 0 ]
    [ Nov 29 15:33:19 Enabled. ]
    [ Nov 29 15:33:26 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Nov 29 15:33:27 Method "start" exited with status 0 ]
    [ Dec 18 13:37:35 Enabled. ]
    [ Dec 18 13:37:42 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Dec 18 13:37:42 Method "start" exited with status 0 ]
    [ Dec 19 08:48:07 Enabled. ]
    [ Dec 19 08:48:14 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Dec 19 08:48:14 Method "start" exited with status 0 ]
    [ Dec 19 08:56:07 Enabled. ]
    [ Dec 19 08:56:14 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Dec 19 08:56:14 Method "start" exited with status 0 ]
    [ Dec 19 08:57:41 Enabled. ]
    [ Dec 19 08:57:48 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Dec 19 08:57:48 Method "start" exited with status 0 ]
    [ Feb  1 10:39:48 Enabled. ]
    [ Feb  1 10:39:55 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Feb  1 10:39:56 Method "start" exited with status 0 ]
    [ Feb  8 11:12:50 Enabled. ]
    [ Feb  8 11:12:57 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Feb  8 11:12:57 Method "start" exited with status 0 ]
    [ Jun  6 10:08:34 Enabled. ]
    [ Jun  6 10:08:44 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Jun  6 10:08:46 Method "start" exited with status 0 ]
    [ Aug  8 09:45:48 Enabled. ]
    [ Aug  8 09:46:35 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug  8 09:46:36 Method "start" exited with status 0 ]
    [ Aug 14 17:53:59 Enabled. ]
    [ Aug 14 17:54:06 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 14 17:54:06 Method "start" exited with status 0 ]
    [ Aug 14 17:55:20 Enabled. ]
    [ Aug 14 17:55:27 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 14 17:55:27 Method "start" exited with status 0 ]
    [ Aug 18 15:19:17 Enabled. ]
    [ Aug 18 15:19:24 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 18 15:19:24 Method "start" exited with status 0 ]
    [ Aug 29 12:56:48 Enabled. ]
    [ Aug 29 12:56:55 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 29 12:56:55 Method "start" exited with status 0 ]
    [ Oct 13 11:59:43 Enabled. ]
    [ Oct 13 11:59:50 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Oct 13 11:59:51 Method "start" exited with status 0 ]
    [ Feb 26 16:47:00 Enabled. ]
    [ Feb 26 16:47:07 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Feb 26 16:47:07 Method "start" exited with status 0 ]
    [ Apr 14 15:54:17 Enabled. ]
    [ Apr 14 15:54:24 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Apr 14 15:54:25 Method "start" exited with status 0 ]
    [ Aug 28 08:49:58 Stopping because service disabled. ]
    [ Aug 28 08:49:58 Executing stop method (null) ]
    [ Aug 28 08:52:54 Enabled. ]
    [ Aug 28 08:53:01 Executing start method ("/lib/svc/method/fs-local") ]
    bootadm: this operation is not supported on sparc
    [ Aug 28 08:53:01 Method "start" exited with status 0 ]
    [ Aug 28 09:08:20 Stopping because service disabled. ]
    [ Aug 28 09:08:20 Executing stop method (null) ]
    [ Sep  1 16:05:36 Enabled. ]
    [ Sep  1 16:06:05 Executing start method ("/lib/svc/method/fs-local") ]
    [ Sep  1 16:06:05 Method "start" exited with status 0 ]
    [ Sep  1 19:29:19 Enabled. ]
    [ Sep  1 19:29:27 Executing start method ("/lib/svc/method/fs-local") ]
    [ Sep  1 19:29:27 Method "start" exited with status 0 ]
    [ Sep  1 23:04:00 Enabled. ]
    [ Sep  1 23:04:08 Executing start method ("/lib/svc/method/fs-local") ]
    [ Sep  1 23:04:08 Method "start" exited with status 0 ]
    [ Sep  2 00:23:41 Stopping because service disabled. ]
    [ Sep  2 00:23:42 Executing stop method (null) ]
    [ Sep  2 00:46:46 Enabled. ]
    [ Sep  2 00:46:53 Executing start method ("/lib/svc/method/fs-local") ]
    [ Sep  2 00:46:54 Method "start" exited with status 0 ]
    [ Sep 26 12:04:34 Enabled. ]
    [ Sep 26 12:04:41 Executing start method ("/lib/svc/method/fs-local") ]
    [ Sep 26 12:04:42 Method "start" exited with status 0 ]
    [ Oct 20 13:05:09 Stopping because service disabled. ]
    [ Oct 20 13:05:10 Executing stop method (null) ]
    [ Oct 20 13:24:01 Enabled. ]
    [ Oct 20 13:24:08 Executing start method ("/lib/svc/method/fs-local") ]
    [ Oct 20 13:24:09 Method "start" exited with status 0 ]
    [ Oct 21 16:30:59 Enabled. ]
    [ Oct 21 16:31:09 Executing start method ("/lib/svc/method/fs-local") ]
    [ Oct 21 16:31:09 Method "start" exited with status 0 ]
    [ Oct 21 16:32:42 Stopping because service disabled. ]
    [ Oct 21 16:32:42 Executing stop method (null) ]
    [ Oct 21 16:42:05 Enabled. ]
    [ Oct 21 16:42:15 Executing start method ("/lib/svc/method/fs-local") ]
    [ Oct 21 16:42:15 Method "start" exited with status 0 ]
    [ Oct 21 17:27:37 Enabled. ]
    [ Oct 21 17:27:47 Executing start method ("/lib/svc/method/fs-local") ]
    [ Oct 21 17:27:47 Method "start" exited with status 0 ]
    [ Oct 22 11:08:34 Enabled. ]
    [ Oct 22 11:08:43 Executing start method ("/lib/svc/method/fs-local") ]
    [ Oct 22 11:08:43 Method "start" exited with status 0 ]
    [ Dec  9 09:17:33 Stopping because service disabled. ]
    [ Dec  9 09:17:33 Executing stop method (null) ]
    [ Dec 10 11:47:14 Enabled. ]
    [ Dec 10 11:47:24 Executing start method ("/lib/svc/method/fs-local") ]
    [ Dec 10 11:47:25 Method "start" exited with status 0 ]
    [ Dec 15 10:52:25 Stopping because service disabled. ]
    [ Dec 15 10:52:25 Executing stop method (null) ]
    [ Dec 15 12:42:16 Enabled. ]
    [ Dec 15 12:42:26 Executing start method ("/lib/svc/method/fs-local") ]
    Abort - core dumped
    WARNING: /usr/sbin/zfs mount -a failed: exit status 134
    [ Dec 15 12:42:28 Method "start" exited with status 95 ]
    [ Dec 15 13:13:19 Enabled. ]
    [ Dec 15 13:13:28 Executing start method ("/lib/svc/method/fs-local") ]
    Abort - core dumped
    WARNING: /usr/sbin/zfs mount -a failed: exit status 134
    [ Dec 15 13:13:30 Method "start" exited with status 95 ]
    [ Dec 15 13:58:51 Enabled. ]
    [ Dec 15 13:59:00 Executing start method ("/lib/svc/method/fs-local") ]
    Abort - core dumped
    WARNING: /usr/sbin/zfs mount -a failed: exit status 134
    [ Dec 15 13:59:03 Method "start" exited with status 95 ]
    [ Dec 15 15:34:41 Leaving maintenance because clear requested. ]
    [ Dec 15 15:34:41 Enabled. ]
    [ Dec 15 15:34:41 Executing start method ("/lib/svc/method/fs-local") ]
    Abort - core dumped
    WARNING: /usr/sbin/zfs mount -a failed: exit status 134
    [ Dec 15 15:34:43 Method "start" exited with status 95 ]
    bash-3.00# /usr/sbin/zfs mount -a
    internal error: Unknown error
    Abort (core dumped)
    Before that I've installed the patch cluster with halted solaris zones which produced following output:
    Application of patches finished : 2010.12.15 12:08:43
    Following patches were applied :
    119254-77 119812-10 125719-31 140159-03 142911-01
    141588-04 119900-11 125731-05 142292-01 142933-02
    142251-02 119906-16 126206-05 141444-09 142909-17
    118666-28 120460-17 126363-08 141500-07 143140-04
    118667-28 121012-03 126365-16 141502-02 143502-01
    118777-16 121308-20 126868-04 141506-09 143506-01
    140860-02 122212-40 127724-02 141514-02 143615-02
    119059-56 122261-03 136998-09 141518-12 143731-01
    119213-23 122675-05 137000-07 141552-03 143733-01
    124628-10 123003-04 137080-05 141558-01 143977-01
    119252-29 123590-12 137147-06 141586-01 144053-04
    119280-23 123893-22 138195-04 141590-02 144106-01
    124188-03 124393-11 138822-07 141874-09 144254-01
    120199-15 124457-02 138826-07 141876-07 144488-04
    119534-19 124630-42 138880-02 142084-04 144492-01
    120272-28 125215-03 139099-04 142397-01 145124-01
    119757-18 125388-03 139620-01 142529-01 145796-01
    119783-15 125555-07
    Following patches were skipped :
    Patches already applied
    120900-04 119063-01 119810-05 123005-07 137093-01
    121133-02 119081-25 119986-03 124444-01 138866-03
    119317-01 119130-33 120061-02 124939-03 137137-09
    121296-01 123611-04 120201-05 124943-01 137871-02
    138215-01 140899-01 120292-02 124997-01 138181-01
    127884-01 122640-05 120329-02 125279-05 138361-01
    118712-23 126897-02 121975-01 125539-06 138373-02
    118918-24 127755-01 120719-02 125891-01 138647-01
    138217-01 125503-02 120830-06 126440-01 141016-01
    119578-30 125547-02 121095-02 126540-02 139555-08
    121453-02 140796-01 121606-04 127127-11 139967-01
    121453-02 120011-14 124171-07 136882-02 140455-01
    121118-16 139520-02 123630-03 137032-01 140563-01
    118833-36 119764-06
    Patches obsoleted by one or more patches already applied
    118731-01 124204-04 122660-10
    Patches not applicable to packages on the system
    121181-03 120410-33 121211-02 125533-15 143317-03
    119115-35 120412-11 122259-03 125541-06 143510-01
    119117-52 120414-27 122470-03 125952-20 143725-01
    119315-19 120543-21 122911-24 137004-08 143727-01
    119548-14 120739-06 122958-06 138387-01 143739-01
    119903-02 120811-09 123938-02 138824-07 144325-01
    120094-30 120849-04 125136-24 138876-01 145006-02
    120185-21 121104-11 125137-24 139986-01 145080-01
    119368-04 121136-02 125332-14 142244-02 145200-01
    120286-03
    Installation of patch set complete. PLEASE REBOOT THE SYSTEM.
    when i tried to reboot the system by init 6 the service iscsi hanged and produced syslog errors about a unkown iocall -> killed the process. System rebooted w/o errors.
    Does anyone have got an idea how to find out which patch or whatever do produce these errors?

    Hi,
    I'm having the same issue of diskmon core dumps after upgrading grid and database from 11.2.0.1 to 11.2.0.2 on Solaris 10 x86-64. Following this thread, I'm trying to deinstall the Oracle 11.2.0.1 grid home.
    I answered the following questions asked by the grid deinstall tool:
    1. ASM configuration was not detected in this Oracle home. Was ASM configured in this Oracle home (y|n): y
    2. Specify the ASM Diagnostic Destination: /db01/app/oracle/diag/asm/+ASM
    3. Specify the diskgroups that are managed by this ASM instance: DATA FRA
    4. De-configuring ASM will drop all the diskgroups at cleanup time. Do you want deconfig tool to drop the diskgroups:
    If I answer no to question 1, the tool exits with error.
    How do I answer question #4? (confused about this question of dropping diskgroups, it's already been upgraded)
    Deinstall of Oracle db Home 11.2.0.1 was successful.
    The +ASM instance has been upgraded and is running fine under 11.2.0.2 except for the excessive diskmon core dumps.
    Thanks,
    Lisa
    Edited by: user12018917 on Apr 19, 2011 10:21 AM

  • Solaris 10 05/09 Update 7 - Zone shutdown issue

    I have just clean installed several servers with solaris 10 update 7 (both sparc and x64, no other software installed) and I am getting the following svc error messages whenever I shutdown a zone.
    Aug 19 18:26:22 svc.startd[25328]: svc:/network/ipsec/policy:default: Method "/usr/sbin/ipsecconf -F" failed with exit status 1.
    Aug 19 18:26:22 svc.startd[25328]: svc:/network/ipsec/policy:default: Method "/usr/sbin/ipsecconf -F" failed with exit status 1.
    Aug 19 18:26:22 svc.startd[25328]: svc:/network/ipsec/policy:default: Method "/usr/sbin/ipsecconf -F" failed with exit status 1.
    Aug 19 18:26:23 svc.startd[25328]: network/ipsec/policy:default failed: transitioned to maintenance (see 'svcs -xv' for details)
    The log file for svc:/network/ipsec/policy:default shows the following error.
    +[ Aug 19 18:26:22 Stopping because service disabled. ]+
    +[ Aug 19 18:26:22 Executing stop method ("/usr/sbin/ipsecconf -F") ]+
    ipsecconf: (loading pf_policy) socket:: Permission denied
    ipsecconf: unable to open policy socket: Permission denied
    +[ Aug 19 18:26:22 Method "stop" exited with status 1 ]+
    The errors occur in both sparse and whole root zones with a shared ip-type (does not occur in exclusive ip-type). The zonecfg is shown below.
    set zonepath=/export/zones/rdo23wok
    set autoboot=false
    set ip-type=shared
    add inherit-pkg-dir
    set dir=/lib
    end
    add inherit-pkg-dir
    set dir=/platform
    end
    add inherit-pkg-dir
    set dir=/sbin
    end
    add inherit-pkg-dir
    set dir=/usr
    end
    add net
    set address=xxx.xxx.xxx.xxx/xx
    set physical=bge0
    end
    Looking at the release notes for 05/09 update 7 it mentions that "IP security (IPsec) is now managed by the following Solaris Management Facility (SMF) services" which seems to fit with the error I am getting.
    Although I can prevent the error messages by disabling the service in each zone with svcadm it is a bit annoying and would like to have a better solution. Does anyone know how I can prevent this service from being enabled when I create a new zone?
    Thanks
    Jools
    Edited by: joolshomer on Aug 19, 2009 10:57 AM

    I have just clean installed several servers with solaris 10 update 7 (both sparc and x64, no other software installed) and I am getting the following svc error messages whenever I shutdown a zone.
    Aug 19 18:26:22 svc.startd[25328]: svc:/network/ipsec/policy:default: Method "/usr/sbin/ipsecconf -F" failed with exit status 1.
    Aug 19 18:26:22 svc.startd[25328]: svc:/network/ipsec/policy:default: Method "/usr/sbin/ipsecconf -F" failed with exit status 1.
    Aug 19 18:26:22 svc.startd[25328]: svc:/network/ipsec/policy:default: Method "/usr/sbin/ipsecconf -F" failed with exit status 1.
    Aug 19 18:26:23 svc.startd[25328]: network/ipsec/policy:default failed: transitioned to maintenance (see 'svcs -xv' for details)
    The log file for svc:/network/ipsec/policy:default shows the following error.
    +[ Aug 19 18:26:22 Stopping because service disabled. ]+
    +[ Aug 19 18:26:22 Executing stop method ("/usr/sbin/ipsecconf -F") ]+
    ipsecconf: (loading pf_policy) socket:: Permission denied
    ipsecconf: unable to open policy socket: Permission denied
    +[ Aug 19 18:26:22 Method "stop" exited with status 1 ]+
    The errors occur in both sparse and whole root zones with a shared ip-type (does not occur in exclusive ip-type). The zonecfg is shown below.
    set zonepath=/export/zones/rdo23wok
    set autoboot=false
    set ip-type=shared
    add inherit-pkg-dir
    set dir=/lib
    end
    add inherit-pkg-dir
    set dir=/platform
    end
    add inherit-pkg-dir
    set dir=/sbin
    end
    add inherit-pkg-dir
    set dir=/usr
    end
    add net
    set address=xxx.xxx.xxx.xxx/xx
    set physical=bge0
    end
    Looking at the release notes for 05/09 update 7 it mentions that "IP security (IPsec) is now managed by the following Solaris Management Facility (SMF) services" which seems to fit with the error I am getting.
    Although I can prevent the error messages by disabling the service in each zone with svcadm it is a bit annoying and would like to have a better solution. Does anyone know how I can prevent this service from being enabled when I create a new zone?
    Thanks
    Jools
    Edited by: joolshomer on Aug 19, 2009 10:57 AM

  • Solaris 10 x86 and Nortel VPN?

    Is it possible to connect to Nortel VPN (using IPSEC implementation provided in Solaris 10) ?
    Nortel doesn't provide client software for Unix/Linux
    but is it possible to connect from solaris 10, using it's IPSEC facilities?
    Nortel VPN authentication parameters include : group id, group password, user id and auth.code(password)

    Did you ever have any luck with this?

  • Solaris 10 VPN server/gateway setup

    Hi all,
    I have a V20z running Solaris 10 at home, and I would like to set it up as a VPN server. The Solaris 10 is behind a router with a reserved private IP assigned by DHCP and port forwarding set up for only SSH at the moment. The router has a static external IP.
    I'm not exactly sure what the terms are for what I'm trying to do, but this is basically it:
    When I am out of town or overseas, I want to be able to connect from my laptop running OS X or Linux to my Solaris 10 server at home, and have the S10 server act as a proxy(?) (gateway?) for all the traffic from my laptop; for example, if I was in a place where nytimes.com was blocked and wanted to be able to browse from my laptop by having the Solaris 10 server proxy (transparently) my requests and forward the responses back to me. I hope I'm explaining this ok...
    I have searched a lot online for how to do this, and I have found a lot of info, but nothing that really ties it all together. I'm pretty comfortable working in the shell and doing config stuff, but it would be a huge help if anyone could explain all the pieces I need to snap together to get this working.
    These are my questions:
    1. What is what I have described called? Just "VPN" or "VPN router," or "VPN gateway"?
    2. What software do I need on my Solaris 10 server to do this?
    A lot of what I read pointed me to OpenVPN, but I am not clear if OpenVPN alone would enable me to use the public web via the VPN.
    If not, then what would I need to have on the server to enable incoming requests over the VPN connection to be rerouted to the public internet?
    3. I'm sure I can figure this out if I can just get the server VPN working, but if anyone happens to know, I'd appreciate it:
    Built into OS X Networking Prefs I have the ability to add a VPN interface of either of these 2 types:
         "PPTP"
         "L2TP over IPsec"
    From what I have read so far, it seems like IPsec is likely the only reasonable choice, but the option of "L2TP over IPsec" confuses me since I haven't read that they are required to be used together.
    Will this option work for connecting to my Solaris VPN server or will I need a 3rd-party app?
    Any guidance would be a tremendous help.
    Thanks guys!
    Jamie

    Mobile IP???
    Assuming that you had the right security in place you could have the "Home" box export it's display back to the "Roving" box and then just run a web browser over X. Something like SSH with X forwarding.
    alan

  • Getting SunScreen work in Solaris 9

    Hi all,
    I installed Sunscreen in Solaris 9 from the CD, path
    /cdrom/sol_9_1202_sparc_2/Solaris_9/ExtraValue/CoBundled/SunScreen_3.2/sparc
    Now i am trying:
    root# ssadm edit policyname
    could not acquire read lock.
    From sun docs:
    """""" could not acquire read lock
    Return code: 242
    Indicates that the configuration editor could not acquire a read lock.
    Likely the lock file is corrupt or some process is hanging.
    ss_lock -c policy is likely to be needed. """"""
    Then i try root# ss_lock -c
    ss_lock: Command not found.
    root# locate ss_lock
    Nothing comes.
    Does anyone have an idea how can i configure it?
    Thanks in advance ...
    Bellow the interesting outputs from command locate sunscreen:
    /dev/screen
    /dev/screen_ipsec
    /dev/screen_skip
    /devices/pseudo/clone@0:screen
    /devices/pseudo/clone@0:screen_ipsec
    /devices/pseudo/clone@0:screen_skip
    /etc/init.d/plumbsunscreen
    /etc/init.d/plumbsunscreen2
    /etc/init.d/sunscreen
    /etc/init.d/sunscreenft
    /etc/init.d/sunscreentr.sh
    /etc/rc?.d/ (startup scripts here)
    /etc/sunscreen
    /etc/sunscreen/configs
    /etc/sunscreen/configs/template.policy
    /etc/sunscreen/configs/template.registry
    /etc/sunscreen/httpd (and subfiles)
    /etc/sunscreen/ike/crls
    /etc/sunscreen/ike/publickeys
    /etc/sunscreen/ipsec.algorithms
    /etc/sunscreen/location
    /etc/sunscreen/name
    /etc/sunscreen/proxies
    /etc/sunscreen/secret
    /etc/sunscreen/secret/ike.privatekeys
    /etc/sunscreen/tmpcerts
    /etc/sunscreen/version.txt
    /usr/lib/sunscreen (and subdirs)
    /usr/lib/sunscreen/etc
    /usr/lib/sunscreen/lib
    /usr/lib/sunscreen/ssadm
    /usr/lib/sunscreen/ssadm/activate
    /usr/lib/sunscreen/ssadm/active
    /usr/lib/sunscreen/ssadm/algorithm
    /usr/lib/sunscreen/ssadm/backup
    /usr/lib/sunscreen/ssadm/certdb
    /usr/lib/sunscreen/ssadm/certlocal
    /usr/lib/sunscreen/ssadm/certrldb
    /usr/lib/sunscreen/ssadm/cmg
    /usr/lib/sunscreen/ssadm/configure
    /usr/lib/sunscreen/ssadm/configure_ts
    /usr/lib/sunscreen/ssadm/debug_level
    /usr/lib/sunscreen/ssadm/domain
    /usr/lib/sunscreen/ssadm/edit
    /usr/lib/sunscreen/ssadm/filter
    /usr/lib/sunscreen/ssadm/ha
    /usr/lib/sunscreen/ssadm/lock
    /usr/lib/sunscreen/ssadm/log
    /usr/lib/sunscreen/ssadm/logdump
    /usr/lib/sunscreen/ssadm/logmacro
    /usr/lib/sunscreen/ssadm/logstats
    /usr/lib/sunscreen/ssadm/patch
    /usr/lib/sunscreen/ssadm/policy
    /usr/lib/sunscreen/ssadm/product
    /usr/lib/sunscreen/ssadm/restore
    /usr/lib/sunscreen/ssadm/skip
    /usr/lib/sunscreen/ssadm/spf2efs
    /usr/lib/sunscreen/ssadm/sys_info
    /usr/lib/sunscreen/ssadm/traffic_stats
    /usr/lib/sunscreen/ssadm/welfmt
    /usr/lib/sunscreen/support/ (and subdirs)

    Hi all,
    I installed Sunscreen in Solaris 9 from the CD, path
    /cdrom/sol_9_1202_sparc_2/Solaris_9/ExtraValue/CoBundled/SunScreen_3.2/sparc
    Now i am trying:
    root# ssadm edit policyname
    could not acquire read lock.
    From sun docs:
    """""" could not acquire read lock
    Return code: 242
    Indicates that the configuration editor could not acquire a read lock.
    Likely the lock file is corrupt or some process is hanging.
    ss_lock -c policy is likely to be needed. """"""
    Then i try root# ss_lock -c
    ss_lock: Command not found.
    root# locate ss_lock
    Nothing comes.
    Does anyone have an idea how can i configure it?
    Thanks in advance ...
    Bellow the interesting outputs from command locate sunscreen:
    /dev/screen
    /dev/screen_ipsec
    /dev/screen_skip
    /devices/pseudo/clone@0:screen
    /devices/pseudo/clone@0:screen_ipsec
    /devices/pseudo/clone@0:screen_skip
    /etc/init.d/plumbsunscreen
    /etc/init.d/plumbsunscreen2
    /etc/init.d/sunscreen
    /etc/init.d/sunscreenft
    /etc/init.d/sunscreentr.sh
    /etc/rc?.d/ (startup scripts here)
    /etc/sunscreen
    /etc/sunscreen/configs
    /etc/sunscreen/configs/template.policy
    /etc/sunscreen/configs/template.registry
    /etc/sunscreen/httpd (and subfiles)
    /etc/sunscreen/ike/crls
    /etc/sunscreen/ike/publickeys
    /etc/sunscreen/ipsec.algorithms
    /etc/sunscreen/location
    /etc/sunscreen/name
    /etc/sunscreen/proxies
    /etc/sunscreen/secret
    /etc/sunscreen/secret/ike.privatekeys
    /etc/sunscreen/tmpcerts
    /etc/sunscreen/version.txt
    /usr/lib/sunscreen (and subdirs)
    /usr/lib/sunscreen/etc
    /usr/lib/sunscreen/lib
    /usr/lib/sunscreen/ssadm
    /usr/lib/sunscreen/ssadm/activate
    /usr/lib/sunscreen/ssadm/active
    /usr/lib/sunscreen/ssadm/algorithm
    /usr/lib/sunscreen/ssadm/backup
    /usr/lib/sunscreen/ssadm/certdb
    /usr/lib/sunscreen/ssadm/certlocal
    /usr/lib/sunscreen/ssadm/certrldb
    /usr/lib/sunscreen/ssadm/cmg
    /usr/lib/sunscreen/ssadm/configure
    /usr/lib/sunscreen/ssadm/configure_ts
    /usr/lib/sunscreen/ssadm/debug_level
    /usr/lib/sunscreen/ssadm/domain
    /usr/lib/sunscreen/ssadm/edit
    /usr/lib/sunscreen/ssadm/filter
    /usr/lib/sunscreen/ssadm/ha
    /usr/lib/sunscreen/ssadm/lock
    /usr/lib/sunscreen/ssadm/log
    /usr/lib/sunscreen/ssadm/logdump
    /usr/lib/sunscreen/ssadm/logmacro
    /usr/lib/sunscreen/ssadm/logstats
    /usr/lib/sunscreen/ssadm/patch
    /usr/lib/sunscreen/ssadm/policy
    /usr/lib/sunscreen/ssadm/product
    /usr/lib/sunscreen/ssadm/restore
    /usr/lib/sunscreen/ssadm/skip
    /usr/lib/sunscreen/ssadm/spf2efs
    /usr/lib/sunscreen/ssadm/sys_info
    /usr/lib/sunscreen/ssadm/traffic_stats
    /usr/lib/sunscreen/ssadm/welfmt
    /usr/lib/sunscreen/support/ (and subdirs)

Maybe you are looking for

  • Windows Media Player does not work on Equium A100-027

    I have an Equium Notebook A100-027 which I bought in February of this year. I have just tried to play my Windows Media Player, but nothing happens when I click on it! It was working fine yesterday, but today it is not working anymore! Can anyone help

  • IDT Audio ((((Missing Enhancements Tab )))) in Windows Sound Speaker Properties

    I have owned a HP Pavilion G4 2129TX  core i7 3632QM windows 7 ultimate 64 bit. last week, my computer crashed in a big way so I reinstalled Windows 7. I figured out all of my drivers and my Sound Works fine. The only problem is that I no longer have

  • Triggering ERMS work items for SOFM docuemnts

    we have upgraded to SP08 in CRM and when system was up ERMS event linkage in 'CRM_ERMS_WF_CUST' , ERMSSUPRT2MAILRECEIVED was deactivated. and we manually activated later after couple of hours. Now we need to process those 200 emails received to CRM f

  • CRM IView creation problem

    hello guys i am trying to make an iview out the standard par available in CRM Business package. com.sap.pct.crm.opportunity.par After creating an iview it gives me an error specifying component not found. Portal Runtime Error An exception occurred wh

  • Release Strategy (EBAN-FRGST) in PR authorization check

    Hi, Do you know if it is possible to make release strategy (EBAN-FRGST) in authorization check of purchase requisition, other than release code & release group? Thanks.