WCF service setup with certificate authentication error

I have a WCF service setup and I need to use a certificate with it and are getting numerous errors when I attempt to browse it. The 1st error I get is "Security settings for this service require 'Anonymous' Authentication but it is not enabled for
the IIS application that hosts this service."
This sounds like a straightforward error message and setting the authentication method in IIS to anonymous resolves being able to browse the service. But I need to use a certificate and setting authentication to anonymous is obviously not right since we
only want those with the proper certificate to access the service. I have all authentication methods in IIS set to disabled when I get the above error message. I have the SSL settings in IIS for the service set to require a certificate as well. I am using
IIS 8.5 as well.
Here is my config file in hoping someone could point me in the correct direction. The service should only work over HTTPS since we are using a certificate and I need the meta data exposed as well hence the mexHttpBinding. I have searched the web but no solution
is working. Any help is appreciated.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="HEALookupProxy.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<authentication mode="None"></authentication>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
<baseAddressPrefixFilters >
<add prefix="https"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<services>
<service name="HEALookupProxy.HEALookupService" behaviorConfiguration="HEALookupServiceBehavior">
<endpoint address="" binding="wsHttpBinding" contract="HEALookupProxy.IHEALookupService" bindingConfiguration="HEALookupConfig" />
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="HEALookupConfig">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HEALookupServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" findValue="certnameremoved" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="false" />
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="user1, user2" />
</authorization>
</security>
</system.webServer>
</configuration>

Hi spark29er,
>>The service should only work over HTTPS since we are using a certificate and I need the meta data exposed as well hence the mexHttpBinding.
For creating the HTTPS WCF service, first please change the mexHttpBinding to
mexHttpsBinding as following:
<endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />
For more information, please try to refer to:
#Seven simple steps to enable HTTPS on WCF WsHttp bindings:
http://www.codeproject.com/Articles/36705/simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi .
Then please try to check the following article about how to do the certificate authentication on HTTPS WCF Service:
http://blogs.msdn.com/b/imayak/archive/2008/09/12/wcf-2-way-ssl-security-using-certificates.aspx .
Besides, setting the
includeExceptionDetailInFaults as false can give us more detailed error information.
Best Regards,
Amy Peng
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Similar Messages

  • Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

    I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
    When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
    to use to log in   and after 3-5 second
     and return me the logon page with error message “Authentication failed” 
    I base my setup on the technet article
    http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
    I validated than all my certificate are valid and able to retrieve the crl
    I got in eventlog id 300
    The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
    Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
    Additional Data
    Exception details:
    Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
    ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
    correctly, but one of the CA certificates is not trusted by the policy provider.
    at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
    at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
    --- End of inner exception stack trace ---
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
    at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
    serializationContext, AsyncCallback asyncCallback, Object asyncState)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
    trustNamespace, AsyncCallback callback, Object state)
    System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
    failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
    at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
    at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
    thx
    Stef71

    This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
    on my case was :
    PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
    cer\SP2K10\ad0001.cer")
    PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
    Certificate                 : [Subject]
                                    CN=domain.AD0001CA, DC=domain, DC=com
                                  [Issuer]
                                    CN=domain.AD0001CA, DC=portal, DC=com
                                  [Serial Number]
                                    blablabla
                                  [Not Before]
                                    22/07/2014 11:32:05
                                  [Not After]
                                    22/07/2024 11:42:00
                                  [Thumbprint]
                                    blablabla
    Name                        : domain.ad0001
    TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
    DisplayName                 : domain.ad0001
    Id                          : blablabla
    Status                      : Online
    Parent                      : SPTrustedRootAuthorityManager
    Version                     : 17164
    Properties                  : {}
    Farm                        : SPFarm Name=SharePoint_Config
    UpgradedPersistedProperties : {}
    PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
    cer\SP2K10\ADFS_Signing.cer")
    PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
    Certificate                 : [Subject]
                                    CN=ADFS Signing - adfs.domain
                                  [Issuer]
                                    CN=ADFS Signing - adfs.domain
                                  [Serial Number]
                                    blablabla
                                  [Not Before]
                                    23/07/2014 07:14:03
                                  [Not After]
                                    23/07/2015 07:14:03
                                  [Thumbprint]
                                    blablabla
    Name                        : Token Signing Cert
    TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
    DisplayName                 : Token Signing Cert
    Id                          : blablabla
    Status                      : Online
    Parent                      : SPTrustedRootAuthorityManager
    Version                     : 17184
    Properties                  : {}
    Farm                        : SPFarm Name=SharePoint_Config
    UpgradedPersistedProperties : {}
    PS C:\Users\administrator.PORTAL>

  • Weblogic app server wsdl web service call with SSL Validation error = 16

    Weblogic app server wsdl web service call with SSL Validation error = 16
    I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
    Cannot complete the certificate chain: No trusted cert found
    Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
    Validation error = 16
    From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
    Here is how I load trustStore and keyStore in my java program:
         System.setProperty("javax.net.ssl.trustStore",”cacerts”);
         System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
         System.setProperty("javax.net.ssl.trustStoreType","JKS");
    System.setProperty("javax.net.ssl.keyStoreType","JKS");
    System.setProperty("javax.net.ssl.keyStore", keyStoreName);
         System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd);      System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
    Here is how I create cacerts using verisign hierarchy certs (in this order)
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
    Because my program is a weblogic app server, when I start the program, I have java command line options set as:
    -Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
    -Dweblogic.security.SSL.ignoreHostnameVerification=true
    -Dweblogic.security.SSL.enforceConstraints=strong
    That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
    In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
    I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
    1.     Do I create “cacerts” the correct order with right keeltool options?
    2.     Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
    3.     Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
    4.     Do I need to put the “cacerts” to some specific weblogic directory?
    ---------------------------------wsdl file
    <wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
         <wsp:Policy wsu:Id="TokenServices_policy">
              <wsp:ExactlyOne>
                   <wsp:All>
                        <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                             <wsp:Policy>
                                  <sp:TransportToken>
                                       <wsp:Policy>
                                            <sp:HttpsToken RequireClientCertificate="true"/>
                                       </wsp:Policy>
                                  </sp:TransportToken>
                                  <sp:AlgorithmSuite>
                                       <wsp:Policy>
                                            <sp:Basic256/>
                                       </wsp:Policy>
                                  </sp:AlgorithmSuite>
                                  <sp:Layout>
                                       <wsp:Policy>
                                            <sp:Strict/>
                                       </wsp:Policy>
                                  </sp:Layout>
                             </wsp:Policy>
                        </sp:TransportBinding>
                        <wsaw:UsingAddressing/>
                   </wsp:All>
              </wsp:ExactlyOne>
         </wsp:Policy>
         <wsdl:types>
              <xsd:schema targetNamespace="http://tempuri.org/Imports">
                   <xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
                   <xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
              </xsd:schema>
         </wsdl:types>
         <wsdl:message name="ITokenServices_GetUserToken_InputMessage">
              <wsdl:part name="parameters" element="tns:GetUserToken"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
              <wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
              <wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
              <wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
         </wsdl:message>
         <wsdl:portType name="ITokenServices">
              <wsdl:operation name="GetUserToken">
                   <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
                   <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
              </wsdl:operation>
              <wsdl:operation name="GetSSOUserToken">
                   <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
                   <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
              </wsdl:operation>
         </wsdl:portType>
         <wsdl:binding name="TokenServices" type="tns:ITokenServices">
              <wsp:PolicyReference URI="#TokenServices_policy"/>
              <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
              <wsdl:operation name="GetUserToken">
                   <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
                   <wsdl:input>
                        <soap12:body use="literal"/>
                   </wsdl:input>
                   <wsdl:output>
                        <soap12:body use="literal"/>
                   </wsdl:output>
              </wsdl:operation>
              <wsdl:operation name="GetSSOUserToken">
                   <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
                   <wsdl:input>
                        <soap12:body use="literal"/>
                   </wsdl:input>
                   <wsdl:output>
                        <soap12:body use="literal"/>
                   </wsdl:output>
              </wsdl:operation>
         </wsdl:binding>
         <wsdl:service name="TokenServices">
              <wsdl:port name="TokenServices" binding="tns:TokenServices">
                   <soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
                   <wsa10:EndpointReference>
                        <wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
                   </wsa10:EndpointReference>
              </wsdl:port>
         </wsdl:service>
    </wsdl:definitions>
    ----------------------------------application log
    adding as trusted cert:
    Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
    Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
    adding as trusted cert:
    Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
    Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
    adding as trusted cert:
    Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
    Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
         at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
         at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
         at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
         at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
         at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
         at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
         at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
         at javax.xml.ws.Service.<init>(Service.java:56)
         at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
         at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
         at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
         at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
         at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
         at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
         at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
         at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
         at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
         at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
         at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
         at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
         at javax.xml.ws.Service.<init>(Service.java:56)
         at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
         at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
         at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
         at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
         at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>

    I received a workaround by an internal message.
    The how to guide is :
    -Download the wsdl file (with bindings, not the one from ESR)
    -Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
    -Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
    -Create a new logicial destination that point to the wsdl file modified
    -Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
    Then the received data is check by the metadata logical destination but the data is retrieved from the correct server.

  • Adding Silverlight-enabled WCF Service failed with error code 50

    Hello everyone,
    I am very new to Silverlight ,and I am working on silverlight with WCF.
    When I tried to add a silverlight-enabled WCF service. I kept getting the error
       Method failed with unexpected error code 50.
    I am working with Silverlight 5 and VS 2013 ,I have no idea about it. I appreciate that if anyone can help?
    Thank you

    Hi,
    Please make sure your wcf is valid.
    Here are some resources which could help you:
    https://msdn.microsoft.com/library/cc838234(VS.95).aspx
    http://www.codeproject.com/Articles/262164/Using-WCF-Service-with-Silverlight#_articleTop
    Best Regards,
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Visual Studio generates wrong proxy and client config for WCF Service Host with customBinding

    Hi,
    I have  a simple WCF test service.
    The serviceModel configuration for the looks like this:
    <system.serviceModel>
    <bindings>
    <customBinding>
    <binding name="NewBinding0">
    <byteStreamMessageEncoding>
    <readerQuotas maxDepth="10" maxStringContentLength="10000" maxArrayLength="10000"
    maxBytesPerRead="1000" maxNameTableCharCount="200" />
    </byteStreamMessageEncoding>
    <tcpTransport />
    </binding>
    </customBinding>
    </bindings>
    <diagnostics>
    <messageLogging logMalformedMessages="true" logMessagesAtTransportLevel="true" />
    </diagnostics>
    <services>
    <service name="WcfServiceLibrary2.Service1">
    <endpoint address="mex" binding="mexHttpBinding" name="mexName"
    contract="IMetadataExchange" />
    <endpoint address="net.tcp://localhost:8734/WcfServiceLibrary2/Service1.svc"
    binding="customBinding" bindingConfiguration="NewBinding0" name="tcpName"
    bindingName="" contract="WcfServiceLibrary2.IService1" />
    <host>
    <baseAddresses>
    <add baseAddress="http://localhost:8733/Design_Time_Addresses/WcfServiceLibrary2/Service1/" />
    </baseAddresses>
    </host>
    </service>
    </services>
    <behaviors>
    <serviceBehaviors>
    <behavior name="">
    <serviceMetadata httpGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="false" />
    </behavior>
    </serviceBehaviors>
    </behaviors>
    </system.serviceModel>
    However the auto generated client side serviceModel looks like this:
    <system.serviceModel>
    <bindings>
    <customBinding>
    <binding name="tcpName">
    <textMessageEncoding messageVersion="Soap12" />
    <tcpTransport />
    </binding>
    </customBinding>
    </bindings>
    <client>
    <endpoint address="net.tcp://localhost:8734/WcfServiceLibrary2/Service1.svc"
    binding="customBinding" bindingConfiguration="tcpName" contract="ServiceReference2.IService1"
    name="tcpName" />
    </client>
    </system.serviceModel>
    Note the Encoding has changed to from byteStreamMessageEncoding to textMessageEncoding.
    When I test the service with WCF Test Client, I get the error "Addressing Version 'AddressingNone (http://schemas.microsoft.com/ws/2005/05/addressing/none)' does not support adding
    WS-Addressing headers."
    The error message makes sense in considering the client is mis-configured. I could manually modify the client side configuration, but I don't know how to give that to the WCF Test Client.
    When I run my own test client code, I get a NullReferenceException creating the Channel
    at System.Text.UTF8Encoding.GetByteCount(String chars)
    at System.ServiceModel.Channels.EncodedFramingRecord..ctor(FramingRecordType recordType, String value)
    at System.ServiceModel.Channels.EncodedContentType.Create(String contentType)
    at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.CreatePreamble()
    at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel..ctor(ChannelManagerBase factory, IConnectionOrientedTransportChannelFactorySettings settings, EndpointAddress remoteAddresss, Uri via, IConnectionInitiator connectionInitiator, ConnectionPool connectionPool, Boolean exposeConnectionProperty, Boolean flowIdentity)
    at System.ServiceModel.Channels.ConnectionOrientedTransportChannelFactory`1.OnCreateChannel(EndpointAddress address, Uri via)
    at System.ServiceModel.Channels.ChannelFactoryBase`1.InternalCreateChannel(EndpointAddress address, Uri via)
    at System.ServiceModel.Channels.ServiceChannelFactory.ServiceChannelFactoryOverDuplexSession.CreateInnerChannelBinder(EndpointAddress to, Uri via)
    at System.ServiceModel.Channels.ServiceChannelFactory.CreateServiceChannel(EndpointAddress address, Uri via)
    at System.ServiceModel.Channels.ServiceChannelFactory.CreateChannel(Type channelType, EndpointAddress address, Uri via)
    at System.ServiceModel.ChannelFactory`1.CreateChannel(EndpointAddress address, Uri via)
    at System.ServiceModel.ClientBase`1.CreateChannel()
    at System.ServiceModel.ClientBase`1.CreateChannelInternal()
    at System.ServiceModel.ClientBase`1.get_Channel()
    at ConsolWCFTestApp.ServiceReference2.Service1Client.GetXSDFiles(String path) in c:\Users\malley\Documents\Visual Studio 2013\Projects\WcfService1\ConsolWCFTestApp\Service References\ServiceReference2\Reference.cs:line 127
    at ConsolWCFTestApp.Program.Main(String[] args) in c:\Users\malley\Documents\Visual Studio 2013\Projects\WcfService1\ConsolWCFTestApp\Program.cs:line 14
    at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
    at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
    at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    at System.Threading.ThreadHelper.ThreadStart()
    Any suggestions much appreciated.
    Martin

    Hi Martin00,
    I have tested your code in my side and I can meet the same exception as you.
    >>"Addressing Version 'AddressingNone (http://schemas.microsoft.com/ws/2005/05/addressing/none)' does not support adding WS-Addressing headers."
    Based the above exception, I try to use the following config:
    <textMessageEncoding messageVersion="Soap12" />
    Instead of this config code:
    <byteStreamMessageEncoding>
    <readerQuotas maxDepth="10" maxStringContentLength="10000" maxArrayLength="10000"
    maxBytesPerRead="1000" maxNameTableCharCount="200" />
    </byteStreamMessageEncoding>-->
    After that it works fine as following:
    Best Regards,
    Amy Peng
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Web Service Call with Basic Authentication does not work

    If I try to use Basic Authentication in my Web Service Client with the automatically created methods
    setUsername(inUserName)
    setPassword(inPassword)
    setAddress(inAddress)
    the application does not make a call. Did I forget something?
    Is it possible to use "Test Method" with Basic Authentication?
    Thank you.

    Thank you for your answer.
    But: I already read this article. And it doesn't help me.
    I use the following code:
                getMyServiceClient1().setUsername(inUserName);
                getMyServiceClient1().setPassword(inPassword);With this code I always get a java.lang.NullPointerException.
    The methods setUsername and setPassword are definded as follows:
    public void setUsername(String inUserName) {
            myStub._setProperty(Stub.USERNAME_PROPERTY, inUserName);
      public void setPassword(String inPassword) {
            myStub._setProperty(Stub.PASSWORD_PROPERTY, inPassword);
      }But if I look at the methods which are generated automatically by Sun Java Studio Creator I cannot find _setProperty.
    I also found this thread in your forum:
    http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=54773

  • WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

    Hi,
    I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http. 
    When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl. 
    What change should I make so that WSDL url will have https instead of http ? 
    This is service side configuration.
    <system.serviceModel>
        <services>
          <service name="Service.IService">
            <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
          </service>
        </services>
        <bindings>
          <basicHttpBinding />
        </bindings>
        <client />
        <behaviors>
          <serviceBehaviors>
            <behavior>
              <serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
    Thanks in advance !!

    Hi,
    For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
    <behaviors>
    <serviceBehaviors>
    <behavior
    name="MyServiceTypeBehaviors"
    >
    <serviceMetadata
    httpGetEnabled="true"
    />
         </behavior>
    </serviceBehaviors>
    </behaviors>
    For more information, you could refer to:
    http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
    http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
    Regards

  • Error when adding new service invoice with DI Server, error -1114

    <b>Hi everybody.
    I'm trying to add an serviceinvoice (DocType = 'Service Transaction') with DI Server AddObject method.
    The xml-request document looks like this:</b>
    <?xml version='1.0' encoding='UTF-16' ?>
    <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
    <env:Header>
    <SessionID>........</SessionID>
    </env:Header>
    <env:Body>
    <dis:AddObject xmlns:dis='http://www.sap.com/SBO/DIS'>
    <BOM>
    <BO>
    <AdmInfo>
    <Object>oInvoices</Object>
    </AdmInfo>
    <Documents>
    <row>
    <DocNum>1241</DocNum>
    <HandWritten>1</HandWritten>
    <DocDate>10/08/2005</DocDate>
    <DocDueDate>10/08/2005</DocDueDate>
    <CardCode>V1010</CardCode>
    <DocType>S</DocType>
    </row>
    </Documents>
    <Document_Lines>
    <row>
    <Currency>USD</Currency>
    <LineTotal>7500,00</LineTotal>
    <AccountCode>_SYS00000000001</AccountCode>
    <TaxCode>LA</TaxCode>
    </row>
    <row>
    <Currency>USD</Currency>
    <LineTotal>-7500,00</LineTotal>
    <TaxCode>LA</TaxCode>
    </row>
    </Document_Lines>
    </BO>
    </BOM>
    </dis:AddObject>
    </env:Body>
    </env:Envelope>
    <b>...But I get error eveytime I try to do it, the response document as follows:</b>
    <?xml version="1.0"?>
    <env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
    <env:Body>
    <env:Fault>
    <env:Code>
    <env:Value>env:Receiver</env:Value>
    <env:Subcode>
    <env:Value>-1114</env:Value>
    </env:Subcode>
    </env:Code>
    <env:Reason>
    <env:Text xml:lang="en">Schema Validation Failed</env:Text>
    </env:Reason>
    <env:Detail>
    <ErrorList>
    <Error>System Id = 193271344, Line Number = 1, Column Number = 359, Description = Datatype error: Type:InvalidDatatypeFacetException, Message: Invalid chars encountered..</Error><Error>System Id = 193271344, Line Number = 1, Column Number = 488, Description = Datatype error: Type:InvalidDatatypeFacetException, Message: Invalid chars encountered..</Error>
    </ErrorList>
    <Object>13</Object>
    <ObjectIndex>1</ObjectIndex>
    <Command>AddObject</Command>
    <SessionID>............</SessionID>
    </env:Detail>
    </env:Fault>
    </env:Body>
    </env:Envelope>
    <b>Why? Which fields are missing or which field values of those I'm sending might be wrong?</b>

    Did you try to set the AccountCode also for the 2nd line?
    HTH,
    Frank

  • Job rejected with "2015 -Authentication errors"

    Environment:
    Oracle server : Sun Solaris 2.8, Oracle 8.1.5
    OEM/Management server: Windows 2000, Oracle 8.1.6
    Agent is running fine on Solaris and pingable from Windows OEM Console.
    Preferred confidential setting:
    For oracle database: SYS/syspassword, Role: SYSDBA
    For SunOS node: Oracle/oracel_account_password
    For listener: none
    Problem:
    Created a job, run task "Run SQL script", got "2015 -Authentication errors" and job failed.
    Thanks in advance

    Preferred confidential setting:
    For oracle database: SYS/syspassword, Role: SYSDBA
    For SunOS node: Oracle/oracel_account_password
    For listener: none
    Above is what you listed in your post. Try using your SunOS username and logon instead of the Oracle/oracel_account_password.
    Also, on Windows NT, the os user must have the advanced user right "logon to submit batch jobs" or something like that.
    Hope this helps What about node password
    one think more give right {Batch job create } to nt user

  • Problem with certificate authentication at wlc 4402

    Hi,
    we have a problem to get a connection from the client to the WLC. 
    we  are using Cisco Aironet 1130 AG and a Cisco 4402 WLC in our network. The certificate service is installed on a Windows 2008 R2 server. We use a standalone Root CA with a Enterprise Sub CA hierarchy. Issueing certificates to clients works fine. The vendor and ca certificates are installed on the WLC and the user have his user certificate. During implementation we used following document: "http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml#wlc". Instead of Anonymous Bind, we use a service user to read in AD (works fine, too).
    We use the Intel/PRO wireless utility on our Testclient and configured it for EAP-FAST and TLS. We can select the installed certificate in the utility, but when we try to connect, the utility throw the message: "Authentication failed due to an invalid certificate".
    We´ve logged the WLC and thats a part of the logfile (i´ve greyed out all enterprise data):
    *EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
    *LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
    *LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
    *LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (...)))
    *LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
    *LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
    *LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
    *LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
    *LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="..." (rc = 0 - Success)
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=... (size 76)
    *LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
    *LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
    *LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
    *LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
    *LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
    *LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
    *LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
    *LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
    *LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
    *EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: ...(0x78000041)
    *EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
    *EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
    *EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
    *EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
    *EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
    *EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
    *EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1  Flags:S  Length:0x0014
    *EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422:     Payload:  00040010436973636F00000000000000 ...
    *EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x001a  Type:FAST
    *EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422:     Payload:  2100040010436973636F000000000000 ...
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
    *EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST  ID:0x 2  Length:0x001a  Type:FAST
    *EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422:     Payload:  2100040010436973636F000000000000 ...
    *EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
    *EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
    *EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
    *EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
    *aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
    *aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
    *aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
    *EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
    *EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE  ID:0x 2  Length:0x0042  Type:FAST
    *EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422:     Payload:  810000003816030100330100002F0301 ...
    *EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
    *EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
    *EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
    *EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE  ID:0x 2  Length:0x0042  Type:FAST
    *EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422:     Payload:  810000003816030100330100002F0301 ...
    *EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
    *EAP
    Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event
    'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
    *EAP
    Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile
    *EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
    *EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
    *EAP
    Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : ...
    *EAP Framework: Jan 18
    12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : ...
    *EAP Framework: Jan 18
    12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th,
    17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
    *EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
    *EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
    *EAP
    Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject :
    *EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=...
    *EAP
    Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from
    '2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
    *EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
    *EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
    *EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
    *EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
    *EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
    *EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
    *EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0033
    *EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422:     Payload:  0100002F03014F16A8262631FC9DC042 ...
    *EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello  Length:0x002F
    *EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422:     Payload:  03014F16A8262631FC9DC042253D3E24 ...
    *EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
    *EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
    *EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
    *EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
    *EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
    *EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_RSA_WITH_AES_128_CBC_SHA
    *EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    *EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_RSA_WITH_RC4_128_SHA
    *EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT:     TLS_DH_anon_WITH_AES_128_CBC_SHA
    *EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
    *EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    *EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
    *EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x002A
    *EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422:     Payload:  0200002603015F3325EADF12E6296F91 ...
    *EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello  Length:0x0026
    *EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422:     Payload:  03015F3325EADF12E6296F91530FE67F ...
    *EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0B54
    *EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422:     Payload:  0B000B50000B4D00059F3082059B3082 ...
    *EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate  Length:0x0B50
    *EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422:     Payload:  000B4D00059F3082059B30820483A003 ...
    *EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
    *EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
    *EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
    *EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
    *EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x028D
    *EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422:     Payload:  0C0002890100FFFFFFFFFFFFFFFFC90F ...
    *EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange  Length:0x0289
    *EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422:     Payload:  0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
    *EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x000B
    *EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422:     Payload:  0D00000704030401020000
    *EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request  Length:0x0007
    *EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422:     Payload:  04030401020000
    *EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0004
    *EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422:     Payload:  0E000000
    *EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done  Length:0x0000
    *EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
    *EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
    *EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
    *EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
    *EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1  Flags:LM  Length:0x03DE
    *EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422:     Payload:  160301002A0200002603015F3325EADF ...
    *EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x03e8  Type:FAST
    *EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422:     Payload:  C100000E33160301002A020000260301 ...
    *EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
    *EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
    *EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
    *EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
    *EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST  ID:0x 3  Length:0x03e8  Type:FAST
    *EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422:     Payload:  C100000E33160301002A020000260301 ...
    *EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
    *EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
    *EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
    *EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
    *aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
    *aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
    *aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
    *EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
    *EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE  ID:0x 6  Length:0x015c  Type:FAST
    *EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422:     Payload:  810000015216030100070B0000030000 ...
    *EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
    *EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
    *EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
    *EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE  ID:0x 6  Length:0x015c  Type:FAST
    *EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  810000015216030100070B0000030000 ...
    *EAP
    Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received
    TLS record type: Handshake in state: Sent provisioning Server Hello
    *EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
    *EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0007
    *EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  0B000003000000
    *EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate  Length:0x0003
    *EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  000000
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
    *EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
    *EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert  Version:0301  Length:0x0002
    *EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  0228
    *EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1  Flags:L  Length:0x0007
    *EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  15030100020228
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x0011  Type:FAST
    *EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  810000000715030100020228
    *EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
    *EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
    *EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
    *EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
    *EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST  ID:0x 7  Length:0x0011  Type:FAST
    *EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422:     Payload:  810000000715030100020228
    *EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
    *EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
    *EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
    We think that the reason why it didn´t work, is the part:
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
    *EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
    *EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
    But we aren´t sure.
    Maybe anyone can help us. Many thanks in advance.
    =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.01.18 12:08:18 =~=~=~=~=~=~=~=~=~=~=~=
    debug aaa all disable                     debug aaa all enable(Cisco Controller) >*Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc Audit Session ID added to the mscb: 0a63081e000000994f16a825
    *Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: Creating audit session ID (dot1x_aaa_eapresp_supp) and Radius Request
    *aaaQueueReader: Jan 18 12:08:21.917: AuthenticationRequest: 0x30b52e90
    *aaaQueueReader: Jan 18 12:08:21.917: Callback.....................................0x10b7803c*aaaQueueReader: Jan 18 12:08:21.917: protocolType.................................0x00140001*aaaQueueReader: Jan 18 12:08:21.917: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.917: Packet contains 16 AVPs (not shown)*aaaQueueReader: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc [Error] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
    *aaaQueueReader: Jan 18 12:08:21.918: 18:3d:a2:0a:ec:bc Returning AAA Error 'No Server' (-7) for mobile 18:3d:a2:0a:ec:bc
    *aaaQueueReader: Jan 18 12:08:21.918: AuthorizationResponse: 0x3e04bd08
    *aaaQueueReader: Jan 18 12:08:21.918: structureSize................................32*aaaQueueReader: Jan 18 12:08:21.918: resultCode...................................-7*aaaQueueReader: Jan 18 12:08:21.918: protocolUsed.................................0xffffffff*aaaQueueReader: Jan 18 12:08:21.918: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.918: Packet contains 0 AVPs:*aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: EAP: Received an auth request
    *aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: Creating new context
    *aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received context create from lower layer (0x0000013F)
    *aaaQueueReader: Jan 18 12:08:21.918: id_manager.c-AUTH-SM: Got new ID 78000041 - id_get
    *aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received credential profile name: "(null)" from LL
    *aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Allocated new EAP context (handle = 0x78000041)
    *aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: Created new context eap session handle 78000041
    *aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 1) to EAP subsys
    *EAP Framework: Jan 18 12:08:21.919: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-RX-PAK:
    *EAP Framework: Jan 18 12:08:21.920: eap_core.c:1484: Code:RESPONSE  ID:0x 1  Length:0x002b  Type:IDENTITY
    *EAP Framework: Jan 18 12:08:21.920: eap_core.c:1422:     Payload:  416E6472652E54736368656E74736368 ...
    *EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
    *EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response type = Identity
    *EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: Received peer identity: [email protected]
    *EAP Framework: Jan 18 12:08:21.920: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_USERNAME' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.920: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:21.921: LOCAL_AUTH: (EAP) Sending user credential request username '[email protected]' to LDAP
    *aaaQueueReader: Jan 18 12:08:21.921: AuthenticationRequest: 0x33a6ae18
    *aaaQueueReader: Jan 18 12:08:21.921: Callback.....................................0x10765234*aaaQueueReader: Jan 18 12:08:21.921: protocolType.................................0x00100002*aaaQueueReader: Jan 18 12:08:21.921: proxyState...................................18:3D:A2:0A:EC:BC-00:00*aaaQueueReader: Jan 18 12:08:21.921: Packet contains 2 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
    *LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
    *LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
    *LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.922: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
    *LDAP DB Task 1: Jan 18 12:08:21.925: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 0 - Success)
    *LDAP DB Task 1: Jan 18 12:08:21.925: LDAP server 1 changed state to CONNECTED
    *LDAP DB Task 1: Jan 18 12:08:21.925: disabled LDAP_OPT_REFERRALS*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (base=DC=group,DC=jenoptik,DC=corp, pattern=(&(objectclass=Person)([email protected])))
    *LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
    *LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
    *LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
    *LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
    *LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="DC=group,DC=jenoptik,DC=corp" type="Person" attr="userPrincipalName" user="[email protected]" (rc = 0 - Success)
    *LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (size 76)
    *LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
    *LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
    *LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
    *LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc
    *LDAP DB Task 1: Jan 18 12:08:21.927: structureSize................................180*LDAP DB Task 1: Jan 18 12:08:21.927: resultCode...................................0*LDAP DB Task 1: Jan 18 12:08:21.927: protocolUsed.................................0x00000002*LDAP DB Task 1: Jan 18 12:08:21.927: proxyState...................................18:3D:A2:0A:EC:BC-00:00*LDAP DB Task 1: Jan 18 12:08:21.928: Packet contains 2 AVPs:*LDAP DB Task 1: Jan 18 12:08:21.928:     AVP[01] Unknown Attribute 0......................CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (76 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928:     AVP[02] User-Name................................Andre.Tschentscher@group.jenoptik.corp (38 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
    *LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
    *LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
    *LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
    *LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
    *LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
    *EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: [email protected] (0x78000041)
    *EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
    *EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
    *EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
    *EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
    *EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
    *EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
    *EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
    *EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1  Flags:S  Length:0x0014
    *EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422:     Payload:  00040010436973636F00000000000000 ...
    *EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x001a  Type:FAST
    *EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422:     Payload:  2100040010436973636F000000000000 ...
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
    *EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
    *EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST  ID:0x 2  Length:0x001a  Type:FAST
    *EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422:     Payload:  2100040010436973636F000000000000 ...
    *EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
    *EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
    *EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc
    *EAP Framework: Jan 18 12:08:21.933: structureSize................................74*EAP Framework: Jan 18 12:08:21.933: resultCode...................................255*EAP Framework: Jan 18 12:08:21.933: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:21.933: proxyState...................................18:3D:A2:0A:EC:BC-02:00*EAP Framework: Jan 18 12:08:21.934: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
    *EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
    *aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
    *aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
    *aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
    *EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
    *EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE  ID:0x 2  Length:0x0042  Type:FAST
    *EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422:     Payload:  810000003816030100330100002F0301 ...
    *EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
    *EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
    *EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
    *EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE  ID:0x 2  Length:0x0042  Type:FAST
    *EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422:     Payload:  810000003816030100330100002F0301 ...
    *EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
    *EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile '[email protected]' (username '[email protected]')
    *EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
    *EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
    *EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : C=DE, ST=Thuringia, L=Jena, O=Jenoptik AG, OU=Jenoptik SSC GmbH, CN=Cisco WLC 1st, [email protected]
    *EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
    *EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th, 17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
    *EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
    *EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
    *EAP Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
    *EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=Jenoptik Certificate Authority
    *EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from '2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
    *EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
    *EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
    *EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
    *EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
    *EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
    *EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
    *EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0033
    *EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422:     Payload:  0100002F03014F16A8262631FC9DC042 ...
    *EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello  Length:0x002F
    *EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422:     Payload:  03014F16A8262631FC9DC042253D3E24 ...
    *EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
    *EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
    *EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
    *EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
    *EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
    *EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_RSA_WITH_AES_128_CBC_SHA
    *EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    *EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT:     TLS_RSA_WITH_RC4_128_SHA
    *EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT:     TLS_DH_anon_WITH_AES_128_CBC_SHA
    *EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
    *EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT:     TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    *EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
    *EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x002A
    *EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422:     Payload:  0200002603015F3325EADF12E6296F91 ...
    *EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello  Length:0x0026
    *EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422:     Payload:  03015F3325EADF12E6296F91530FE67F ...
    *EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0B54
    *EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422:     Payload:  0B000B50000B4D00059F3082059B3082 ...
    *EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate  Length:0x0B50
    *EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422:     Payload:  000B4D00059F3082059B30820483A003 ...
    *EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
    *EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
    *EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
    *EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
    *EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x028D
    *EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422:     Payload:  0C0002890100FFFFFFFFFFFFFFFFC90F ...
    *EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange  Length:0x0289
    *EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422:     Payload:  0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
    *EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x000B
    *EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422:     Payload:  0D00000704030401020000
    *EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request  Length:0x0007
    *EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422:     Payload:  04030401020000
    *EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0004
    *EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422:     Payload:  0E000000
    *EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done  Length:0x0000
    *EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
    *EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
    *EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
    *EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
    *EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1  Flags:LM  Length:0x03DE
    *EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422:     Payload:  160301002A0200002603015F3325EADF ...
    *EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x03e8  Type:FAST
    *EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422:     Payload:  C100000E33160301002A020000260301 ...
    *EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
    *EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
    *EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
    *EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
    *EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST  ID:0x 3  Length:0x03e8  Type:FAST
    *EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422:     Payload:  C100000E33160301002A020000260301 ...
    *EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
    *EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
    *EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc
    *EAP Framework: Jan 18 12:08:22.687: structureSize................................1048*EAP Framework: Jan 18 12:08:22.687: resultCode...................................255*EAP Framework: Jan 18 12:08:22.687: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.688: proxyState...................................18:3D:A2:0A:EC:BC-02:01*EAP Framework: Jan 18 12:08:22.688: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
    *EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
    *aaaQueueReader: Jan 18 12:08:22.700: LOCAL_AUTH: EAP: Received an auth request
    *aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: Found context matching MAC address - 319
    *aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 3) to EAP subsys
    *EAP Framework: Jan 18 12:08:22.701: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.701: EAP-AUTH-RX-PAK:
    *EAP Framework: Jan 18 12:08:22.702: eap_core.c:1484: Code:RESPONSE  ID:0x 3  Length:0x0006  Type:FAST
    *EAP Framework: Jan 18 12:08:22.702: eap_core.c:1422:     Payload:  01
    *EAP Framework: Jan 18 12:08:22.702: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
    *EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response type = Method (43)
    *EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.704: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.704: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
    *EAP Framework: Jan 18 12:08:22.704: eap_fast.c:2367: eap-fast tx packet:
    *EAP Framework: Jan 18 12:08:22.704: eap_fast.c:138: Version: 1  Flags:M  Length:0x03E2
    *EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422:     Payload:  3A2F2F2F434E3D4A656E6F7074696B25 ...
    *EAP Framework: Jan 18 12:08:22.705: eap_fast.c-TX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.705: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x03e8  Type:FAST
    *EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422:     Payload:  413A2F2F2F434E3D4A656E6F7074696B ...
    *EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method state: Continue
    *EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method decision: Unknown
    *EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Current method = 43
    *EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.707: EAP-AUTH-TX-PAK:
    *EAP Framework: Jan 18 12:08:22.707: eap_core.c:1484: Code:REQUEST  ID:0x 4  Length:0x03e8  Type:FAST
    *EAP Framework: Jan 18 12:08:22.707: eap_core.c:1422:     Payload:  413A2F2F2F434E3D4A656E6F7074696B ...
    *EAP Framework: Jan 18 12:08:22.707: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Started EAP tick timer
    *EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: (EAP:319) transmit event
    *EAP Framework: Jan 18 12:08:22.709: AuthorizationResponse: 0x13c713fc
    *EAP Framework: Jan 18 12:08:22.709: structureSize................................1048*EAP Framework: Jan 18 12:08:22.709: resultCode...................................255*EAP Framework: Jan 18 12:08:22.709: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.710: proxyState...................................18:3D:A2:0A:EC:BC-02:02*EAP Framework: Jan 18 12:08:22.710: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.710: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
    *EAP Framework: Jan 18 12:08:22.711: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
    *aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: EAP: Received an auth request
    *aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: Found context matching MAC address - 319
    *aaaQueueReader: Jan 18 12:08:22.724: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 4) to EAP subsys
    *EAP Framework: Jan 18 12:08:22.724: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.725: EAP-AUTH-RX-PAK:
    *EAP Framework: Jan 18 12:08:22.725: eap_core.c:1484: Code:RESPONSE  ID:0x 4  Length:0x0006  Type:FAST
    *EAP Framework: Jan 18 12:08:22.725: eap_core.c:1422:     Payload:  01
    *EAP Framework: Jan 18 12:08:22.725: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
    *EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response type = Method (43)
    *EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.726: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.727: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
    *EAP Framework: Jan 18 12:08:22.727: eap_fast.c:2367: eap-fast tx packet:
    *EAP Framework: Jan 18 12:08:22.727: eap_fast.c:138: Version: 1  Flags:M  Length:0x03E2
    *EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422:     Payload:  BD84CC4BF49A766267DA94429BEBE087 ...
    *EAP Framework: Jan 18 12:08:22.728: eap_fast.c-TX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.728: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x03e8  Type:FAST
    *EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422:     Payload:  41BD84CC4BF49A766267DA94429BEBE0 ...
    *EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method state: Continue
    *EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method decision: Unknown
    *EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Current method = 43
    *EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.730: EAP-AUTH-TX-PAK:
    *EAP Framework: Jan 18 12:08:22.730: eap_core.c:1484: Code:REQUEST  ID:0x 5  Length:0x03e8  Type:FAST
    *EAP Framework: Jan 18 12:08:22.730: eap_core.c:1422:     Payload:  41BD84CC4BF49A766267DA94429BEBE0 ...
    *EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started EAP tick timer
    *EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.731: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:22.732: LOCAL_AUTH: (EAP:319) transmit event
    *EAP Framework: Jan 18 12:08:22.732: AuthorizationResponse: 0x13c713fc
    *EAP Framework: Jan 18 12:08:22.732: structureSize................................1048*EAP Framework: Jan 18 12:08:22.732: resultCode...................................255*EAP Framework: Jan 18 12:08:22.733: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.733: proxyState...................................18:3D:A2:0A:EC:BC-02:03*EAP Framework: Jan 18 12:08:22.733: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
    *EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
    *aaaQueueReader: Jan 18 12:08:22.746: LOCAL_AUTH: EAP: Received an auth request
    *aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: Found context matching MAC address - 319
    *aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 5) to EAP subsys
    *EAP Framework: Jan 18 12:08:22.747: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.747: EAP-AUTH-RX-PAK:
    *EAP Framework: Jan 18 12:08:22.748: eap_core.c:1484: Code:RESPONSE  ID:0x 5  Length:0x0006  Type:FAST
    *EAP Framework: Jan 18 12:08:22.748: eap_core.c:1422:     Payload:  01
    *EAP Framework: Jan 18 12:08:22.748: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
    *EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response type = Method (43)
    *EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.750: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.750: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
    *EAP Framework: Jan 18 12:08:22.750: eap_fast.c:2367: eap-fast tx packet:
    *EAP Framework: Jan 18 12:08:22.750: eap_fast.c:138: Version: 1  Flags:  Length:0x0291
    *EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422:     Payload:  34C4C6628B80DC1CD129024E088A67CC ...
    *EAP Framework: Jan 18 12:08:22.751: eap_fast.c-TX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.751: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x0297  Type:FAST
    *EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422:     Payload:  0134C4C6628B80DC1CD129024E088A67 ...
    *EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method state: Continue
    *EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method decision: Unknown
    *EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Current method = 43
    *EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-TX-PAK:
    *EAP Framework: Jan 18 12:08:22.752: eap_core.c:1484: Code:REQUEST  ID:0x 6  Length:0x0297  Type:FAST
    *EAP Framework: Jan 18 12:08:22.752: eap_core.c:1422:     Payload:  0134C4C6628B80DC1CD129024E088A67 ...
    *EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started EAP tick timer
    *EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: (EAP:319) transmit event
    *EAP Framework: Jan 18 12:08:22.754: AuthorizationResponse: 0x13c713fc
    *EAP Framework: Jan 18 12:08:22.754: structureSize................................711*EAP Framework: Jan 18 12:08:22.754: resultCode...................................255*EAP Framework: Jan 18 12:08:22.754: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.754: proxyState...................................18:3D:A2:0A:EC:BC-02:04*EAP Framework: Jan 18 12:08:22.754: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
    *EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
    *aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
    *aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
    *aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
    *EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
    *EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE  ID:0x 6  Length:0x015c  Type:FAST
    *EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422:     Payload:  810000015216030100070B0000030000 ...
    *EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
    *EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
    *EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
    *EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE  ID:0x 6  Length:0x015c  Type:FAST
    *EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  810000015216030100070B0000030000 ...
    *EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Sent provisioning Server Hello
    *EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
    *EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake  Version:0301  Length:0x0007
    *EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  0B000003000000
    *EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate  Length:0x0003
    *EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422:     Payload:  000000
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
    *EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
    *EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert  Version:0301  Length:0x0002
    *EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  0228
    *EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1  Flags:L  Length:0x0007
    *EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  15030100020228
    *EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST  ID:0x 0  Length:0x0011  Type:FAST
    *EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422:     Payload:  810000000715030100020228
    *EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
    *EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
    *EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
    *EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
    *EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST  ID:0x 7  Length:0x0011  Type:FAST
    *EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422:     Payload:  810000000715030100020228
    *EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
    *EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
    *EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
    *EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
    *EAP Framework: Jan 18 12:08:22.834: structureSize................................65*EAP Framework: Jan 18 12:08:22.834: resultCode...................................255*EAP Framework: Jan 18 12:08:22.835: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.835: proxyState...................................18:3D:A2:0A:EC:BC-02:05*EAP Framework: Jan 18 12:08:22.835: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 11
    *EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
    *aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: EAP: Received an auth request
    *aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: Found context matching MAC address - 319
    *aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 7) to EAP subsys
    *EAP Framework: Jan 18 12:08:22.838: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-RX-PAK:
    *EAP Framework: Jan 18 12:08:22.839: eap_core.c:1484: Code:RESPONSE  ID:0x 7  Length:0x0006  Type:FAST
    *EAP Framework: Jan 18 12:08:22.839: eap_core.c:1422:     Payload:  01
    *EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
    *EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response type = Method (43)
    *EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: Sending method data for context 0x78000041
    *EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.839: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
    *EAP Framework: Jan 18 12:08:22.840: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
    *EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-RX-AUTH-PAK:
    *EAP Framework: Jan 18 12:08:22.840: eap_core.c:1484: Code:RESPONSE  ID:0x 7  Length:0x0006  Type:FAST
    *EAP Framework: Jan 18 12:08:22.840: eap_core.c:1422:     Payload:  01
    *EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Received ACK from peer
    *EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method state: Done
    *EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method decision: Fail
    *EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Received get canned status from lower layer (0x78000041)
    *EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Sending method directive 'Free Context' on handle 0x78000041
    *EAP Framework: Jan 18 12:08:22.840: eap_fast.c-EVENT: Free context (EAP handle = 0x78000041)
    *EAP Framework: Jan 18 12:08:22.840: id_manager.c-AUTH-SM: Entry deleted fine id f700000e - id_delete
    *EAP Framework: Jan 18 12:08:22.840: IOS_PKI_SHIM: Session 0x335ee108 deleted
    *EAP Framework: Jan 18 12:08:2

    Now we found the reason.
    The WLC doesn´t work with the Sub CA respectively with chain certificates for device authentication.
    "Support for Chained Certificate
    In controller versions earlier than 5.1.151.0, web authentication  certificates can be only device certificates and should not contain the  CA roots chained to the device certificate (no chained certificates).
    With controller version 5.1.151.0 and later, the controller allows  for the device certificate to be downloaded as a chained certificate for  web authentication.
    Certificate Levels
    Level 0—Use of only a server certificate on WLC.
    Level 1—Use of server certificate on WLC and a CA root certificate.
    Level 2—Use of server certificate on WLC, one single CA intermediate certificate, and a CA root certificate.
    Level 3—Use of server certificate on WLC, two CA intermediate certificates, and a CA root certificate.
    WLC does not support chained certificates more than 10KB size on the WLC.
    Note: Chained certificates are supported for web authentication only; they are not supported for the management certificate."
    So the WLC can´t decode the peer certificate.

  • Suddenly getting certificate authentication errors

    The last few weeks I'm suddenly getting tons of "Warning: the certificate isn't valid" error messages when I go to sites on Safari. Normal sites: Facebook, Chase bank, amazon -- nothing suspect or out of the ordinary.  I haven't downloaded anything suspect, virus scans reveal no issues, no viruses... is this problem something inherent to the latest update of Safari?  Or, is there a setting I need to change - a box I need to tick - to make this stop happening?  It's so constant now that I can barely use Safari because every new URL generates authentication messages.
    Kirby

    MacKeeper.........  bad stuff !!  Deletes system files it shouldn't...
    Get rid of it >   Uninstalling MacKeeper
    I ran a search in the  ASC forums for MacKeepr. Results here. None favorable...
    FYI... your Mac runs maintenance for you. There's no need for third party so called cleaning utilities.
    Mac OS X: About background maintenance tasks

  • Automatic service setup with network accounts

    Hi all,
    I'm having terrible trouble getting automatic service (e.g. iCal, iChat, etc.) setup to work with network accounts, either with network home directories or local home directories, and I can't work out what I'm doing wrong.
    When I log in as a local user and join the Network Account Server, all services get set up as expected, without problems. When I log in with a network account however, whether the account has a server-hosted home directory or a local home directory, services aren't automatically set up, I don't get the auto configuration wizard/dialogue, and attempting to join the network account server again fails. Surely there's a way for network accounts to have services automatically set up on initial login? Any ideas?

    Hi all,
    I'm having terrible trouble getting automatic service (e.g. iCal, iChat, etc.) setup to work with network accounts, either with network home directories or local home directories, and I can't work out what I'm doing wrong.
    When I log in as a local user and join the Network Account Server, all services get set up as expected, without problems. When I log in with a network account however, whether the account has a server-hosted home directory or a local home directory, services aren't automatically set up, I don't get the auto configuration wizard/dialogue, and attempting to join the network account server again fails. Surely there's a way for network accounts to have services automatically set up on initial login? Any ideas?

  • SSL VPN with machine certificate authentication

    Hi All,
    I've configured a VPN profile for an Anyconnect VPN connection on my test environment. I've enabled AAA (RSA) and certificate authentication, configured the RSA servers correctly and uploaded the root and issuing certificates. I managed to get this working with machine certificates using a Microsoft PKI. With crypto debugging enabled I can see the CERT API thread wake up and correctly authenticate the certificate. So far so good....
    Now I configured the same on our production environment and can't get it to work!! The anyconnect client shows an error: "certificate validation failure"
    The strange thing is that the crypto debugging doesn't give me one single line of output. It looks like the certificate doesn't even reach the ASA. My question is, what is stopping the "CERT API thread" I mentioned before from waking up and validating the certificate?? Does someone have an explenation for that?
    btw. We have other VPN configurations on the same production/live ASA's with certificate authentication the are working and show up in the debugging.
    Thanks in advance for your help
    Hardware is ASA5540, software version 8.2(5).
    Some pieces of the configuration below:
    group-policy VPN4TEST-Policy internal
    group-policy VPN4TEST-Policy attributes
      wins-server value xx.xx.xx.xx
    dns-server value xx.xx.xx.xx
    vpn-simultaneous-logins 1
    vpn-idle-timeout 60
    vpn-filter value VPN4TEST_allow_access
    vpn-tunnel-protocol IPSec svc webvpn
    group-lock none
    ipsec-udp enable
    ipsec-udp-port 10000
    split-tunnel-policy tunnelall
    default-domain value cs.ad.klmcorp.net
    vlan 44
    nac-settings none
    address-pools value VPN4TEST-xxx
    webvpn
      svc modules value vpngina
      svc profiles value KLM-SSL-VPN-VPN4TEST
    tunnel-group VPN4TEST-VPN type remote-access
    tunnel-group VPN4TEST-VPN general-attributes
    address-pool VPN4TEST-xxx
    authentication-server-group RSA-7-Authent
    default-group-policy VPN4TEST-Policy
    tunnel-group VPN4TEST-VPN webvpn-attributes
    authentication aaa certificate
    group-alias VPN4TEST-ANYCONNECT enable

    Forgot to mention, I'm using the same laptop in both situations (test and production). Tested with anyconnect versions 3.1.02.040 and 3.0.0.629.

  • Failed to load resource: the server responded with a status of 405 (Method Not Allowed) XMLHttpRequest cannot load (WCF service URL). Invalid HTTP status code 405

    Hi,
    while consuming the  WCF service POST method Jquery, getting error in Chrome and firefox, in IE  Its working fine.
    ERROR:Failed to load resource: the server responded with a status of 405 (Method Not Allowed)  XMLHttpRequest cannot load (WCF service URL). Invalid HTTP status code 405.
    Jquery used to call:
    $.support.cors = true
            $.ajax({
                type: "POST",
                url: serviceURL,
                data: JSON.stringify(managedProps),
                useDefaultXhrHeader:false,
                contentType: "application/json; charset=utf-8",
                dataType: "json",
                //processData: true,
                crossDomain: true,
                success: function (data, status, jqXHR) {
                   alert("sucess");
                error: function (xhr) {
                    alert("error");
    WCF sevice Web.config
    <webHttpBinding>
            <!--<binding name="webHttpBindingWithJsonP" transferMode="StreamedRequest" />-->
            <binding name="crossDomain" crossDomainScriptAccessEnabled="true" transferMode="StreamedResponse" />
          </webHttpBinding>
        </bindings>
        <services>
          <service name="DynamicRefinerWCF.DynamicRefiner">
            <endpoint address="" behaviorConfiguration="REST" bindingConfiguration="crossDomain" binding="webHttpBinding" contract="DynamicRefinerWCF.IDynamicRefiner" />
            <endpoint address="mex" binding="mexHttpBinding" contract="DynamicRefinerWCF.IDynamicRefiner" />
            <host>
              <baseAddresses>
                <add baseAddress="http://localhost/example.svc" />
              </baseAddresses>
            </host>
          </service>
        </services>
        <!--<protocolMapping>
            <add binding="basicHttpsBinding" scheme="https" />
        </protocolMapping>-->    
        <!--<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />-->
      </system.serviceModel>
      <system.webServer>
        <!--<modules runAllManagedModulesForAllRequests="true"/>-->
        <modules>
          <remove name="WebDAVModule" />
        </modules>
        <handlers>
          <remove name="WebDAV" />
        </handlers>
        <directoryBrowse enabled="true" />
        <httpProtocol>
          <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*"/>
            <add name="Access-Control-Allow-Headers" value="Content-Type"/>
            <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS"/>
            <add name="Access-Control-Request-Headers:" value="*" />
            <add name="Access-Control-Request-Method:" value="*" />
          </customHeaders>
        </httpProtocol>
        <!--
            To browse web app root directory during debugging, set the value below to true.
            Set to false before deployment to avoid disclosing web app folder information.
          -->
        <!--<directoryBrowse enabled="true"/>-->
      </system.webServer>
    </configuration>
    Thanks,
    Swathi

    Right on - I have done that a number of times.

  • How to authenticate with certificate?

    I wanna try to build a more secure LAN. I want every client (wired/wireless) to connect the network used a certificate not a user/password pair.
    But now, as i am a newbie, I don't know what to choose between TACACS+ and RADIUS. Because I have a Mac mini, maybe RADIUS is more suitable, but i don't know how to establish the CA.
    Any help or suggestion will be appreciated!

    We most typically do this in the context of implementing a product like Cisco's Identity Services Engine (ISE). ISE uses 802.1x and has the ability to check clients for things like a certificate during the authentication / posture assessment / remediation process.
    It also acts as a RADIUS server and can dynamically push out Change of Authorization (CoA) to the authenticator (i.e switch or Wireless controller) in order to control things like client VLAN assignment and any access-lists you may want to apply.
    On the client side, a supplicant is used to interact with the authenticator. You can use native supplicants from OS X or Windows etc. but we generally recommend use of Cisco's AnyConnect Secure Mobility client with its Network Access Module (NAM) as it's much more full-featured for that purpose.
    You could also do 802.1x with certificate authentication and use a different backend authentication server (like a regular Cisco ACS or Microsoft Network Policy Server) but you would just get more basic authentication vs. the rich functionality ISE gives (albeit ISE costs a lot more ;) ).
    Have a look at this Youtube video for an example of setting up certificate authentication on ACS: 
         https://www.youtube.com/watch?v=U7qWJ7bIMHA

Maybe you are looking for