WDS: Keys managment with PEAP

Similar Messages

• Any best practice for Key Management with Oracle Obfuscation?

  Hi,
  I was wondering if anyone is aware if there are any best practices regarding key management when using Oracle's DBMS_OBFUSCATION_TOOLKIT? I'm particularly interested in how we can protect the encryption/decryption key that we would use.
  Thanks,
  Jim

  Oracle offers this document, which includes a strategy for what you're after:
  http://download-west.oracle.com/docs/cd/B13789_01/network.101/b10773/apdvncrp.htm#1006234
  -Chuck

• SCP, SSH and SFTP in CMD / File-Explorer and SSH key management with Windows Credential Manger

  Please add SSH, SFTP and SCP in CMD and File Explorer.
  Also, allow us to copy to FTP in File Explorer.
  Would be nice to have the SSH credentials managed by Windows Credentials Manager.

  Even with the RHEL firewall completely disabled, it has the same upper limit. SCP between the Solaris systems, with ipfilter running on both systems and both systems on completely different networks, is not a problem. Between Solaris and RHEL, same network but different subnet, RHEL with no firewall running (only while troubleshooting this, don't panic), still a problem. Using PuTTY SFTP from/to any of the systems is fine, even though on different networks. The mtu on the RHEL was the same as the Solaris systems (1500) - changing values on the RHEL increased the upper limit but still hit a ceiling. Only have one RHEL system so I can't see whether RHEL-RHEL transfers are affected, only those between Solaris, PuTTY on Windows, and the one RHEL system.

• Problem managing keys/certificates with SunPKCS11

  Hi:
  I am trying to create a small applet to manage certificates stored on a smart card using SunPKCS11. I can successfully import a key/certificate from a P12 file, however I have some problems managing keys and certificates that appears to be related.
  First, creating a KeyStore entry creates one object with one alias. But reading the card from another application such as safesign, I see a public object with the chosen alias but the private key appears with no alias specified. if I import the whole certificate chain, only the certificate will have the chosen alias the others will have no defined alias.
  Everything works ok, I can sign with the certificate on the card. But managing certificates and keys becomes incompatible with other applications, if multiple keys . Is there some way I can specify the alias so it will show for the private object?
  Secondly, I cannot get the installed certificate from my java application without authenticating. Other applications can read the certificate, authentication is required only to access the private object.
  I see further that if I delete the private object with safesign but let the certificates remain, I no longer get any certificates or keys when listing from SunPKCS11, while safesign still lists the certificates. Also, I can't access the card read only to list certificates.
  I think these things are related: SunPKCS11 creates and sees only one object which is protected if it has been created with SetKeyEntry.
  Is there any way to gain more fine grained control over the key store with SunPKCS11?
  Thanks, Erik

  i came up with the same problem. Can you tell me your way to deal with it ?
  thanks!
  [email protected]

• Ssh client with key management

  hi,
  i search of a ssh client with rsa/dsa key management, and i can't find one
  thanks
  C

  Not sure precisely if this is what you're looking for, but Fugu
  http://rsug.itd.umich.edu/software/fugu/
  seems to be a pretty effective SSH client, with graphical interface.
  Does running shh from the Terminal (command line) do what you need?

• 7920 IP Phone with PEAP

  Hi,
  I am trying to install Cisco wireless IP Phone 7920 with Unified Call Manager Express
  Wireless AP 1241 configured with PEAP and WPA
  Does the 7920 phones support PEAP ?
  Regards
  Mohamed

  Hi Mohamed,
  The 7920 does not support PEAP :( Have a look;
  The Cisco 7920 Wireless IP Phone supports both Static Wired Equivalent Privacy (WEP) and Cisco LEAP for authentication and data encryption. If either encryption model is used, both the signaling (Skinny Client Control Protocol, or SCCP) and media (RTP) are encrypted between the Cisco 7920 phone and the AP.
  Static WEP
  Static WEP requires that a 40-bit or 128-bit key be entered manually on all of the Cisco 7920 phones as well as the APs. It performs AP-based authentication by verifying that the accessing device (in this case, the Cisco 7920 phone) has a matching key.
  LEAP
  LEAP allows devices (such as the Cisco 7920 phone and AP) to be authenticated mutually (phone-to-AP and AP-to-phone) based on a user name and password. Upon authentication, a dynamic key is used between the Cisco 7920 phone and the AP to encrypt traffic.
  If LEAP is used, a LEAP-compliant RADIUS server, such as the Cisco Access Control Server (ACS), is required to provide access to the user database. The Cisco ACS can either store the user name and password database locally, or it can access that information from an external Microsoft Windows NT directory.
  When using LEAP, ensure that strong passwords are used on all wireless devices. Strong passwords are defined as being between 10 and 12 characters long and can include both uppercase and lowercase characters as well as the special characters * & % $ # @.
  Because most users save their passwords on the phone, Cisco recommends that you use different user names and passwords on data clients and wireless voice clients. This practice helps with tracking and troubleshooting as well as security.
  From this excellent doc;
  http://www.cisco.com/en/US/products/hw/phones/ps379/products_implementation_design_guide_chapter09186a00802a0a2d.html
  Hope this helps!
  Rob

• Combine two reports in query designer using key figure with sap exit

  Hi experts,
  i want to combine two reports in query designer using key figure with sap exit
  in the report 1 key figure calculation based on the open on key date(0P_DATE_OPEN)
  to calculate due and not due in two columns
  in report 2 key figure calculate in the time zones using given in variable Grid Width (0DPM_BV0) like due in 1 to 30 days, 31 to 60 days...the due amount based on the open on key date(0P_DATE_OPEN)
  to calculate in 1-30, 31-60, 61-90, 91-120, 121-150 and >150 days in 6 columns
  now i have requirement like this
  not due, 1-30, 31-60, >60, due,1-30, 31-60, >60 in 8 columns
  or
  not due, due, 1-30, 31-60, 61-90, 91-120, 121-150 and >150 in 8 col
  thank you

  Hi Dirk,
  you perhaps know my requirement,
  for the management to make used in one report,
  we have in reporting finacials Ehp3.
  Vendor Due Date Analysis - which show due, not due
  Vendor Overdue Analysis - show only due and analysis in time grid frame
  i want to combine in one report that show NOT DUE, DUE, DUE time frames in grid.
  krish...

• How to use Restricted or Calculated Key figure with Characteristics?

  Hi,
  Query has characteristics 'Indicator' which has values  'X' and 'Y' depending this value, the Key figure Quantity(which is always +ve) has to be shown on the report either as -ve or +ve.
  Do I use Restricted Key figure if so, how? Or can I manage with a Calculated Key figure?
  Thanks,
  Kamala

  Hi Kamala,
  You can create 2 RFKs each in which you are restricting the KF with char value X and Y. For the one that needs to be -ve, create a CKF with this RKF and multiply it by -1 in the formula. Then you can create a new CKF that will add this CKF and the other RKF.
  Hope this helps...

• Call for participation: OASIS Enterprise Key Management Infrastructure TC

  We would welcome your participation in this process. Thank you.
  Arshad Noor
  StrongAuth, Inc.
  To: OASIS members & interested parties
  A new OASIS technical committee is being formed. The OASIS Enterprise Key
  Management Infrastructure (EKMI) Technical Committee has been proposed by the
  members of OASIS listed below. The proposal, below, meets the requirements of
  the OASIS TC Process [a]. The TC name, statement of purpose, scope, list of
  deliverables, audience, and language specified in the proposal will constitute
  the TC's official charter. Submissions of technology for consideration by the
  TC, and the beginning of technical discussions, may occur no sooner than the
  TC's first meeting.
  This TC will operate under our 2005 IPR Policy. The eligibility
  requirements for becoming a participant in the TC at the first meeting (see
  details below) are that:
  (a) you must be an employee of an OASIS member organization or an individual
  member of OASIS;
  (b) the OASIS member must sign the OASIS membership agreement [c];
  (c) you must notify the TC chair of your intent to participate at least 15
  days prior to the first meeting, which members may do by using the "Join this
  TC" button on the TC's public page at [d]; and
  (d) you must attend the first meeting of the TC, at the time and date fixed
  below.
  Of course, participants also may join the TC at a later time. OASIS and the TC
  welcomes all interested parties.
  Non-OASIS members who wish to participate may contact us about joining OASIS
  [c]. In addition, the public may access the information resources maintained for
  each TC: a mail list archive, document repository and public comments facility,
  which will be linked from the TC's public home page at [d].
  Please feel free to forward this announcement to any other appropriate lists.
  OASIS is an open standards organization; we encourage your feedback.
  Regards,
  Mary
  Mary P McRae
  Manager of TC Administration, OASIS
  email: mary.mcrae(AT)oasis-open.org
  web: www.oasis-open.org
  a) http://www.oasis-open.org/committees/process.php
  b) http://www.oasis-open.org/who/intellectualproperty.php
  c) See http://www.oasis-open.org/join/
  d) http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ekmi
  CALL FOR PARTICIPATION
  OASIS Enterprise Key Management Infrastructure (EKMI) TC
  Name
  OASIS Enterprise Key Management Infrastructure (EKMI) TC
  Statement of Purpose
  Public Key Infrastructure (PKI) technology has been around for more than a
  decade, and many companies have adopted it to solve specific problems in the
  area of public-key cryptography. Public-key cryptography has been embedded in
  some of the most popular tools -- web clients and servers, VPN clients and
  servers, mail user agents, office productivity tools and many industry-specific
  applications -- and underlies many mission-critical environments today.
  Additionally, there are many commercial and open-source implementations of PKI
  software products available in the market today. However, many companies across
  the world have recognized that PKI by itself, is not a solution.
  There is also the perception that most standards in PKI have already been
  established by ISO and the PKIX (IETF), and most companies are in
  operations-mode with their PKIs -- just using it, and adopting it to other
  business uses within their organizations. Consequently, there is not much left
  to architect and design in the PKI community.
  Simultaneously, there is a new interest on the part of many companies in the
  management of symmetric keys used for encrypting sensitive data in their
  computing infrastructure. While symmetric keys have been traditionally managed
  by applications doing their own encryption and decryption, there is no
  architecture or protocol that provides for symmetric key management services
  across applications, operating systems, databases, etc. While there are many
  industry standards around protocols for the life-cycle management of asymmetric
  (or public/private) keys -- PKCS10, PKCS7, CRMF, CMS, etc. -- however, there is
  no standard that describes how applications may request similar life-cycle
  services for symmetric keys, from a server and how public-key cryptography may
  be used to provide such services.
  Key management needs to be addressed by enterprises in its entirety -- for both
  symmetric and asymmetric keys. While each type of technology will require
  specific protocols, controls and management disciplines, there is sufficient
  common ground in the discipline justifying the approach to look at
  key-management as a whole, rather than in parts. Therefore, this TC will
  address the following:
  Scope
  A) The TC will create use-case(s) that describe how and where
  the protocols it intends to create, will be used;
  B) The TC will define symmetric key management protocols,
  including those for:
  1. Requesting a new or existing symmetric key from a server;
  2. Requesting policy information from a server related to caching of keys on the
  client;
  3. Sending a symmetric key to a requestor, based on a request;
  4. Sending policy information to a requestor, based on a request;
  5. Other protocol pairs as deemed necessary.
  C) To ensure cross-implementation interoperability, the TC will create a test
  suite (as described under 'Deliverables' below) that will allow different
  implementations of this protocol to be certified against the OASIS standard
  (when ratified);
  D) The TC will provide guidance on how a symmetric key-management infrastructure
  may be secured using asymmetric keys, using secure and generally accepted
  practices;
  E) Where appropriate, and in conjunction with other standards organizations that
  focus on disciplines outside the purview of OASIS, the TC will provide input on
  how such enterprise key-management infrastructures may be managed, operated and
  audited;
  F) The TC may conduct other activities that educate users about, and promote,
  securing sensitive data with appropriate cryptography, and the use of proper
  key-management techniques and disciplines to ensure appropriate protection of
  the infrastructure.
  List of Deliverables
  1. XSchema Definitions (XSD) of the request and response protocols (by August
  2007) 2. A Test Suite of conformance clauses and sample transmitted keys and
  content that allows for clients and servers to be tested for conformance to the
  defined protocol (by December 2007)
  3. Documentation that explains the communication protocol (by August 2007)
  4. Documentation that provides guidelines for how an EKMI may be built,
  operated, secured and audited (by December 2007)
  5. Resources that promote enterprise-level key-management: white papers,
  seminars, samples, and information for developer and public use. (beginning
  August 2007, continuing at least through 2008)
  Anticipated Audiences:
  Any company or organization that has a need for managing cryptographic keys
  across applications, databases, operating systems and devices, yet desires
  centralized policy-driven management of all cryptographic keys in the
  enterprise. Retail, health-care, government, education, finance - every industry
  has a need to protect the confidentiality of sensitive data. The TC's
  deliverables will provide an industry standard for protecting sensitive
  information across these, and other, industries.
  Security services vendors and integrators should be able to fulfill their use
  cases with the TC's key management methodologies.
  Members of the OASIS PKI TC should be very interested in this new TC, since the
  goals of this TC potentially may fulfill some of the goals in the charter of the
  PKI TC.
  Language:
  English
  IPR Policy:
  Royalty Free on Limited Terms under the OASIS IPR Policy
  Additional Non-normative information regarding the start-up of the TC:
  a. Identification of similar or applicable work:
  The proposers are unaware of any similar work being carried on in this exact
  area. However, this TC intends to leverage the products of, and seek liaison
  with, a number of other existing projects that may interoperate with or provide
  functionality to the EKMI TC's planned outputs, including:
  OASIS Web Services Security TC
  OASIS Web Services Trust TC
  W3C XMLSignature and XMLEncryption protocols and working group
  OASIS Digital Signature Services TC
  OASIS Public Key Infrastructure TC
  OASIS XACML TC (and other methods for providing granular access-control
  permissions that may be consumed or enforced by symmetic key management)
  b. Anticipated contributions:
  StrongAuth, Inc. anticipates providing a draft proposal for the EKMI protocol,
  at the inception of the TC. The current draft can be viewed at:
  http://www.strongkey.org/resources/documentation/misc/skcl-sks-protocol.html
  and a working implementation of this protocol is available at:
  http://sourceforge.net/projects/strongkey for interested parties.
  c. Proposed working title and acronym for specification:
  Symmetric Key Services Markup Language (SKSML), subject to TC's approval or
  change.
  d. Date, time, and location of the first meeting:
  First meeting will be by teleconference at:
  Date: January 16, 2007
  Time: 10 AM PST, 1PM EST
  Call in details: to be posted to TC list
  StrongAuth has agreed to host this meeting.
  e. Projected meeting schedule:
  Subject to TC's approval, we anticipate monthly telephone meetings for the first
  year. First version of the protocol to be voted on by Summer 2007. StrongAuth is
  willing to assist by arranging for the teleconferences; we anticipate using
  readily available free teleconference services.
  f. Names, electronic mail addresses, of supporters:
  Ken Adler, ken(AT)adler.net
  June Leung,June.Leung(AT)FundServ.com
  John Messing, jmessing(AT)law-on-line.com
  Arshad Noor, arshad.noor(AT)strongauth.com
  Davi Ottenheimer, davi(AT)poetry.org
  Ann Terwilliger, aterwil(AT)isa.com
  g. TC Convener:
  Arshad Noor, arshad.noor(AT)strongauth.com

  Hi Bilge,
  did you put your text in a blender before sending it?
  I understood everything works fine except the miscellaneous menu item in the configuration tab of ERM?
  Have you already tried to clear all browser cache, close all browsers and try it again?
  Best,
  Frank

• Problem authenticating Wireless users with peap

  Good afternoon,
  I am currently trying to authenticate wireless users using PEAP and an external RADIUS server. The problem is when I try to authenticate I get this error :
  AAA/AUTHEN/PPP : Pick method list 'Permanent Local'
  DOT11-7-AUTH_FAILED : Station ... Authentication failed
  It shouldn't use local authentication, but the aaa server I configured.
  I looked on the internet but didn't find a working solution.
  Does anyone know why it is not working ?
  Here is my running configuration :
  Current configuration : 4276 bytes
  ! Last configuration change at 00:45:40 UTC Mon Mar 1 1993
  ! NVRAM config last updated at 16:38:23 UTC Thu Jul 24 2014
  ! NVRAM config last updated at 16:38:23 UTC Thu Jul 24 2014
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  logging rate-limit console 9
  enable secret 5 $1$QVC3$dIVAarlXOo52rN3ceZm1k0
  aaa new-model
  aaa group server radius rad_eap
   server 192.168.2.2 auth-port 1812 acct-port 1813
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  no ip routing
  no ip cef
  dot11 syslog
  dot11 ssid test
     authentication open eap eap_list
     authentication key-management wpa version 2
     guest-mode
  eap profile peap
   method peap
  crypto pki token default removal timeout 0
  bridge irb
  interface Dot11Radio0
   no ip address
   no ip route-cache
   encryption mode ciphers aes-ccm
   ssid test
   antenna gain 0
   stbc
   beamform ofdm
   station-role root
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface Dot11Radio1
   no ip address
   no ip route-cache
   shutdown
   antenna gain 0
   no dfs band block
   channel dfs
   station-role root
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface GigabitEthernet0
   no ip address
   no ip route-cache
   duplex auto
   speed auto
   dot1x pae authenticator
   bridge-group 1
   bridge-group 1 spanning-disabled
   no bridge-group 1 source-learning
  interface BVI1
   ip address 192.168.3.10 255.255.255.0
   no ip route-cache
  ip default-gateway IP
  ip forward-protocol nd
  ip http server
  ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.2.2 auth-port 1812 acct-port 1813 key 7 140441081E501F0B7D
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
   transport input all
  end
  Thank you

  I haven't setup autonomous APs before but I think I might see the problem. You are defining an authentication list called "eap_methods" but you never call for it in your SSID settings. Instead there you call a list named "eap_list" In addition, I think you might be missing one more command. So perhaps try this:
  dot11 ssid test
  authentication open eap eap_methods
  authentication network-eap eap_methods
  authentication key-management wpa version 2
  guest-mode
  Hope this helps!
  Thank you for rating helpful posts!

• RSA Certificate Manager with Sun Java Directory Server

  Has anyone integrated Sun Java Directory Server with RSA Certificate Manager

  we have the Key Managment System in our DSEE 6.3 through a proxy. We had to enable some OIDs for it to work.

• Non-Cumul. Management with Normal KF (Cumulative KF)

  Hi all,
  I need info, docs or experiences about <b>Non-Cumulative Management with Normal Key Figures (Cumulative Key Figures)</b> .
  I could just find this Sap Help link about it :  http://help.sap.com/saphelp_nw04/helpdata/en/8f/da1640dc88e769e10000000a155106/content.htm
  Thanks,
  Rozz

  Hi,
  Check out if these help :
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/how to handle inventory management scenarios.pdf
  http://help.sap.com/saphelp_nw04/helpdata/en/80/1a62ebe07211d2acb80000e829fbfe/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/e3/e60138fede083de10000009b38f8cf/frameset.htm
  http://help.sap.com/saphelp_bw320/helpdata/en/ad/6b023b6069d22ee10000000a11402f/frameset.htm
  Cheers,
  Kedar

• WLSE Express with PEAP

  Hi All,
  We are playing with an WLSE 1030 in combination with PEAP. We think we have a certificate mismatch somewhere. Users are getting a pop-up for there username and password, but get not authenticated.
  We imported a CA cert, Server cert and an pvk file with the private key which seems to be correct.
  Is someone having a procedure to configure the WLSE Express with PEAP?
  Thanks in advance.

  I am having a problem importing the certificate to the WLSE Express. Here is teh error that i am getting:
  An error has occurred. Please try again or contact an administrator. The error message is:
  A validation error has occurred /Radius/Services/cisco-peap/ServerRSAKeyFile: The Server RSA private key cannot be loaded from PEM:/cisco-ar/certs/cisco-peap/server-key.pem. Verify that it contains a valid PEM encoded Server RSA key and that the private key password is correct
  Any help would be greatly appreciated.

• How to register Key fingerprint with JVM 1.4.2?

  Hi,
  We need to register RSA key fingerprint with JVM 1.4.2. Does anyone know about this how to go about it?
  Thanks,
  Asawari

  Hi,
  as far as I know there is no "official" API in 1.4.2 to do this (since 1.5 there are the Management APIs). But I had the same problem once and found a pretty easy solution: Put the "perf.jar" and "perfdata.jar" from the 1.4.2 jvmstat distribution into your classpath (I hope you can find the old download somewhere...).
  The following piece of code demostrates how to access the perfdata from the JVM (note: with new VMIdentifier(0) you access your own JVM, so running the little sample program without any argument (or argument "0") would introspect the own JVM).
  import com.sun.jvmstat.perfdata.monitor.local.*;
  import com.sun.jvmstat.monitor.*;
  import java.util.*;
  public class PerfDataReader {
      public PerfDataReader() {
      public void run(String[] args) {
      try {
        PerfDataBuffer perfDataBuffer = new PerfDataBuffer(new VMIdentifier((args.length == 0 ? "0" : args[0])));
        System.out.println("VmId="+perfDataBuffer.getLocalVmId());
        List l = perfDataBuffer.findByPattern(".*");
        for (int i=0; i<l.size(); i++) {
            Monitor m = (Monitor)l.get(i);
            System.out.println(m.getName()+" = "+m.getValue());
      } catch(Exception e) {
        e.printStackTrace();
      public static void main(String[] args) {
          PerfDataReader main = new PerfDataReader();
          main.run(args);
  }Hope this helps!
  Nick.

• Office Professional Plus 2010 - Fails to Install - Error 25004 - "System error: -1073418209" - Microsoft Key Management Server

  I am receiving an error when attempting to install a site license copy of Microsoft Office Professional Plus 2010. The enterprise environment that I am in is using a Microsoft Key Management Server for the authentication of all Office 2010 and Windows 7
  installations. The error that I receive at the end of the installation is: "Error 25004. The product key you entered cannot be used on this machine. This is most likely due to previous Office 2010 trials being installed. (System error: -1073418209)".
  I have never installed a trial of Office 2010, nor did I ever install the beta of Office 2010. I do have a copy of Microsoft Office Projects 2010 installed. Before attempting to install Office 2010, I had Office 2007 installed. I used the Upgrade option
  to install 2010, instead of removing 2007 (which apparently I should have done instead) first. I have tried using the Microsoft FixIt tool to remove both Office 2007 AND Office 2010. Neither of those tools has fixed my problem. Office 2010 also does not show
  up in my Add/Remove Programs list.
  Any ideas on how to fix this? I do not have time to reformat until after the Holiday seasons, and need to have Office working!

  Hi,
  The full error text is as follows: Error 25004: The product key you entered cannot be used on this machine. 
  This is most likely due to previous Office 2010 trials being installed. (System error: 1073422308)
  The key you are currently trying to install with, is an Office Professional Plus Trial key. A machine will allow one Professional Plus Trial key installed on it ever. Meaning you can
  install a trial on a machine, used it for some time, uninstall Office. When you go back to the Microsoft website and get a new key, the second installation will be rejected with the above error message.
  If this is not the situation, try to completely uninstall all the versions of the Office programs from control panel, and then use the suggestions in this KB
  article to uninstall it:
  How do I uninstall Office 2003, Office 2007 or Office 2010 suites if I cannot uninstall it from Control Panel?
  http://support.microsoft.com/kb/290301
  Then, reinstall the Office 2010 program.
  Best Regards,
  Sally Tang