10.5 server, 10.4 clients getting multiple mobile accounts - weird results

Similar Messages

• Is there a way to get multiple email accounts on the front page of my Iphone?  Also I would like to have different sounds when I receive mail in the different accounts. Is this possible?

  Is there a way to get multiple email accounts on the front page of my iphone instead of just the generic mail icon?  Also is there a way to get a different alert sound for each email?

  No.
  You need to review this (WYSISWG):
  http://manuals.info.apple.com/en_US/iPhone_iOS4_User_Guide.pdf

• Getting multiple Mobile device quarantine notices for previously approved devices.

  Recently we have started getting multiple notices to the user and to our help desk about a device being quarantined that is not. I've got one user getting them about every 15 minutes. When I use the following powershell this user is not listed
  Get-ActiveSyncDevice -filter {deviceaccessstate -eq 'quarantined'} | select deviceid, userdisplayname
  i've also had devices show up in the ECP that are not consistant with what shows in the above command and i've been unable to approve them to clear them so I blocked them instead which clears them then I fix them with powershell if they should be approved.
  I am at a loss as to where to look and my users are getting annoyed by the spam. I'm about to turn off device quarantine to "fix it" but i'd rather not.
  Oh and right now at least these are all iphones 
  Thanks for any assistance.

  Hi,
  From your description, users are quarantined despite they are in Allow list.
  Please create a new policy and apply to a test user that this happens
  to often, and see if they still get
  quarantined.
  And please enable Mailbox Logging for ActiveSync to check result.
  http://blogs.technet.com/b/jasonsla/archive/2013/03/19/exchange-activesync-mailbox-logging.aspx
  Best regards,
  Belinda Ma
  TechNet Community Support

• SSTP problem on Windows Server 2008 r2, clients getting error 0x8007274C

  PROBLEM: Clients keep getting error 0x8007274C when attempting to connect to the VPN server using SSTP.
  SYMPTOMS:
  - L2TP connections works great
  --- L2TP connections generate RemoteAccess events in Event viewer, but none whatsoever for the failed SSTP attempts
  - Client CANNOT ACCESS
  https://vpn.mycompany.net/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}
  - After several attempts to check and recheck RRAS Setup.  Added IIS Role (much later) just to prove that cert is valid.
  --- If server's RRAS service disabled, IIS enabled, client is able to browse to that VPN server, certificate checks out. 
  http://vpn.mycompany.net &
  https://vpn.mycompany.net.
  --- However, if RRAS service is running, IIS would not respond to either HTTP nor HTTPS traffic.
  --- SSTP won't work whether or not WWW service is running.
  - Port Scanner tests to the VPN Server reveals that port 80 & 443 are not open when RRAS service is running and IIS service stopped.
  --- But, when RRAS service is stopped and IIS is running, port 80 & 443 responds.
  --- Not sure whether 443 is [b]supposed to be open[/b] when only RRAS is running.
  ============================================================================
  CLIENT:
  ============================================================================
  - Vista SP1 (32-bit), Windows 7 (32-bit), Windows 7 x64 SP1
  - CRL entry is resolvable
  - vpn.mycompany.net certificate installed in Local Computer > Trusted Root CA
  - SSTP Client connecting to FQDN vpn.mycompany.net
  - Windows Firewall is DISABLED  (for testing purposes)
  - No Anti Virus nor Anti Malware protection running  (for testing purposes)
  - Can access other HTTPS sites
  ============================================================================
  SERVER (Windows 2008 Svr r2; Roles: DNS, AD, RRAS):
  ============================================================================
  - 2 NICS (1 bound to an internal IP, 1 bound to an external IP addr)
  -- External NIC bound to a valid ISP IP Address, with a FQDN vpn.mycompany.net
  - Windows Firewall Service on Server DISABLED
  - No other device in front of the external IP addr NIC
  - IPV6 on RRAS DISABLED
  - NO RRAS Inbound/Outbound filter at all
  - Windows Firewall Service disabled
  - Using external Certificate Authority
  - Certs bound to port 443 seem to match in registry key HKLM\...\SstpSvc\Parameters
  It seems that the VPN server is simply not accepting the SSTP traffic.  I don't think we've even gotten to certificate negotiation.
  Been trying for a few days now, have consulted many SSTP online resources (MS and others) before posting.
  Am stumped.  Any help would be greatly appreciated.
  ============================================================================
  SERVER CONFIGURATION CHECKLIST:
  ============================================================================
  SERVICE_NAME: remoteaccess
          TYPE               : 20  WIN32_SHARE_PROCESS 
          STATE              : 4  RUNNING
                                  (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
          WIN32_EXIT_CODE    : 0  (0x0)
          SERVICE_EXIT_CODE  : 0  (0x0)
          CHECKPOINT         : 0x0
          WAIT_HINT          : 0x0
  ============================================================================
  SERVICE_NAME: sstpsvc
          TYPE               : 20  WIN32_SHARE_PROCESS 
          STATE              : 4  RUNNING
                                  (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
          WIN32_EXIT_CODE    : 0  (0x0)
          SERVICE_EXIT_CODE  : 0  (0x0)
          CHECKPOINT         : 0x0
          WAIT_HINT          : 0x0
  ============================================================================
    TCP    0.0.0.0:443            0.0.0.0:0              LISTENING       4
    TCP    192.168.2.109:3268     192.168.2.116:45443    ESTABLISHED     500
    TCP    [::]:443               [::]:0                 LISTENING      
  4
    UDP    0.0.0.0:59443          *:*                                   
  1616
    UDP    0.0.0.0:60443          *:*                                   
  1616
    UDP    0.0.0.0:61443          *:*                                   
  1616
  ============================================================================
  SSL Certificate bindings:
      IP:port                 : 0.0.0.0:443
      Certificate Hash        : 4cbfd1fc43d4fea1cd9dce519a0c0901330a343d
      Application ID          : {ba195980-cd49-458b-9e23-c84ee0adcd75}
      Certificate Store Name  : MY
      Verify Client Certificate Revocation    : Enabled
      Verify Revocation Using Cached Client Certificate Only    : Disabled
      Usage Check    : Enabled
      Revocation Freshness Time : 0
      URL Retrieval Timeout   : 0
      Ctl Identifier          : 
      Ctl Store Name          : 
      DS Mapper Usage    : Disabled
      Negotiate Client Certificate    : Disabled
      IP:port                 : [::]:443
      Certificate Hash        : 4cbfd1fc43d4fea1cd9dce519a0c0901330a343d
      Application ID          : {ba195980-cd49-458b-9e23-c84ee0adcd75}
      Certificate Store Name  : MY
      Verify Client Certificate Revocation    : Enabled
      Verify Revocation Using Cached Client Certificate Only    : Disabled
      Usage Check    : Enabled
      Revocation Freshness Time : 0
      URL Retrieval Timeout   : 0
      Ctl Identifier          : 
      Ctl Store Name          : 
      DS Mapper Usage    : Disabled
      Negotiate Client Certificate    : Disabled
  ============================================================================
  Selected (some, not all) Info about Certificate bound to SSTP viewed through RRAS MMC:
  Version: V3
  Valid To: ‎Thursday, ‎August ‎30, ‎2012 6:59:59 PM
  Subject:
   CN = vpn.mycompany.net
   OU = nsProtect Secure Xpress
   OU = Domain Control Validated
  Enhanced Key Usage:
   Server Authentication (1.3.6.1.5.5.7.3.1)
   Client Authentication (1.3.6.1.5.5.7.3.2)
  CRL Distribution Points:
  [1]CRL Distribution Point
       Distribution Point Name:
            Full Name:
                 URL=http://crl.netsolssl.com/NetworkSolutionsDVServerCA.crl
  Thumbprint Algorithm: sha1
  Thumbprint: ‎4c bf d1 fc 43 d4 fe a1 cd 9d ce 51 9a 0c 09 01 33 0a 34 3d
  ============================================================================
  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SstpSvc\Parameters]
  "ServiceDllUnloadOnStop"=dword:00000001
  "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
    00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    73,00,73,00,74,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
  "ServerURI"="/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"
  "ListenerPort"=dword:00000000
  "UseHttps"=dword:00000001
  "SHA1CertificateHash"=hex:4c,bf,d1,fc,43,d4,fe,a1,cd,9d,ce,51,9a,0c,09,01,33,\
    0a,34,3d
  "isHashConfiguredByAdmin"=dword:00000001
  "SHA256CertificateHash"=hex:ee,06,d8,78,2a,8c,95,d6,a1,40,d1,80,77,2c,e5,4c,f9,\
    83,a1,e4,94,60,82,28,3d,56,49,82,44,bc,1e,a9
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SstpSvc\Parameters\ConfigStore]
  "ListenerPort"=dword:000001bb
  "UseHttps"=dword:00000001
  "V4CertPlumbedBySstp"=dword:00000000
  "V6CertPlumbedBySstp"=dword:00000000
  ============================================================================
  SELECTED EVENT VIEWER ENTRIES AFTER RESTART OF RRAS + SUCCESSFUL ATTEMPT OF L2TP (BUT NO ENTRIES AT ALL FOR SSTP CONN ATTEMPTS):
  Level Date and Time Source Event ID Task Category
  Information 8/31/2011 11:36:42 AM Microsoft-Windows-Time-Service 37 None The time provider NtpClient is currently receiving valid time data from zeus.olympia.local (ntp.d|0.0.0.0:123->192.168.2.114:123).
  Information 8/31/2011 11:35:22 AM RemoteAccess 20275 None CoID={075CE235-832C-45FE-BE27-8B41BC765125}: The user with ip address 192.168.2.145 has disconnected
  Information 8/31/2011 11:35:22 AM RemoteAccess 20272 None CoID={075CE235-832C-45FE-BE27-8B41BC765125}: The user OLYMPIA\inul connected on port VPN2-15 on 8/31/2011 at 11:34 AM and disconnected on 8/31/2011 at 11:35 AM.  The user
  was active for 0 minutes 32 seconds.  17264 bytes were sent and 21956 bytes were received. The reason for disconnecting was user request. The tunnel used was WAN Miniport (L2TP). The quarantine state was 'not nap-capable'.
  Information 8/31/2011 11:34:57 AM Microsoft-Windows-Iphlpsvc 4200 None Isatap interface isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD} with address fe80::5efe:192.168.2.144 has been brought up.
  Information 8/31/2011 11:34:51 AM Microsoft-Windows-UserPnp 20003 (7005) Driver Management has concluded the process to add Service tunnel for Device Instance ID ROOT\*ISATAP\0002 with the following status: 0.
  Information 8/31/2011 11:34:50 AM RemoteAccess 20274 None CoID={075CE235-832C-45FE-BE27-8B41BC765125}: The user OLYMPIA\inul connected on port VPN2-15 has been assigned address 192.168.2.145
  Information 8/31/2011 11:34:50 AM RemoteAccess 20250 None CoID={075CE235-832C-45FE-BE27-8B41BC765125}: The user OLYMPIA\inul has connected and has been successfully authenticated on port VPN2-15.
  Information 8/31/2011 11:34:49 AM RemoteAccess 20088 None The Remote Access Server acquired IP Address 192.168.2.144 to be used on the Server Adapter.
  Information 8/31/2011 11:30:26 AM Microsoft-Windows-HttpEvent 15007 None Reservation for namespace identified by URL prefix
  https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ was successfully added.
  Information 8/31/2011 11:30:26 AM Microsoft-Windows-HttpEvent 15008 None Reservation for namespace identified by URL prefix
  https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ was successfully deleted.
  Information 8/31/2011 11:30:26 AM Service Control Manager 7036 None The Application Layer Gateway Service service entered the running state.
  Information 8/31/2011 11:30:26 AM Service Control Manager 7036 None The Routing and Remote Access service entered the running state.
  Error 8/31/2011 11:30:26 AM RemoteAccess 20106 None "Unable to add the interface {BBF2BA88-DCC5-4D36-9256-E1C8AF602467} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
  Error 8/31/2011 11:30:26 AM RemoteAccess 20106 None "Unable to add the interface {DF914ECC-AC6A-441E-A47C-57CE90C7F8B0} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
  Information 8/31/2011 11:30:21 AM Service Control Manager 7036 None The Routing and Remote Access service entered the stopped state.
  Information 8/31/2011 11:30:20 AM Service Control Manager 7036 None The Application Layer Gateway Service service entered the stopped state.
  Information 8/31/2011 11:30:01 AM Microsoft-Windows-Eventlog 104 Log clear The System log file was cleared.
  ============================================================================
  ============================================================================

  Hi, I'm in the exact same situation and for once google is of no help. I have tried to get a simple connect through to my server (by using "telnet vpn.myserver.com 443") but it will only timeout. After deactivating the Windows firewall on the VPN box (which
  is a virtual machine on a Hyper-V R2 SP1) I can locally telnet the VPN box and even get the special url (https://vpn.myserver.com/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/) to work. But this only works on the VPN box itself, no other server or client is
  able to contact it. I have tried to connect from another server sitting next to the vpn box and in the same subnet (public IPs) but couldn't connect either. PPTP and L2TP connections are working but not SSTP. Another approach was to manually bind the http.sys
  to specific IPs. No change. I'm fresh out of ideas. Anyone? regards, ck

• Update driver on print server - shouldn't clients get it?

  We are having an issue with a Kyocera driver.  We recently started getting new models of some of these Kyocera copiers, and with it a newer version of the same driver.  The new copiers are slightly different.  The driver version went from
  5.x to 6.x  We soon discovered that the two don't work well together on the same print server.  Some departments all of the sudden can't print.  The error they get is "can't connect to printer".  As if there is no driver.
  On the print server I updated the driver for our printer here in the IT department.  I didn't just update it from the existing printer (Properties>Advanced Tab>New Driver), I instead deleted the printer, recreated it, and used the new driver when
  I recreated it.  That worked here in the IT dept.  It does not work in other departments.  A day later they still have the old driver.  Rebooting does nothing.  I got the new driver within 3 minutes of updating it on the server.
  Seems like a rights issue.  I give them "manage printer" rights.  Still don't download the new driver.  But... they can all of the sudden print - with the old driver!  Makes no sense.
  Under normal circumstances, shouldn't they get the new driver whenever I update it on the server?

  Typically the clients will not request the new driver until the next time they perform a print task.
  What operating system on the print server and on the client machines?
  If server 2008 or greater, is the print driver package aware?  You can see this in PrintManagement.
  Are you admin on your own machine?  Are the users that are not in IT admins on their machines?
  Alan Morris Windows Printing Team
  What operating system on the print server and on the client machines?
  On the Server it's 2008 R2.  Clients are all Windows 7
  is the print driver package aware?
  In Print Management>Server>Drivers, it says "true" in the "packaged" column
  Are you admin on your own machine?  Are the users that are not in IT admins on their machines?
  I am an admin on my machine.  The non-IT users are not admins.
  FYI:  if the user attempts to print, they do not pull the new driver after that.  They still have the old driver

• Need help getting multiple user accounts access an app and its data

  Hello All,
  We recently got a new iMAC. We set up 3 user accounts in it. Two are admin accounts (one for me and one for my husband). The third is a user account with parental controls turned on (for our kid). Here is the basic setup:
  1. Accnt1 - admin
  2. Accnt2 - admin
  3. Accnt3 - user
  Now, I installed the complete national geographic application on the iMAC along with all the data. This is a 6 CD set that took several hours to install. I installed it logged in with Accnt1 (please see above). This installed all the data (150 years worth of data) onto the Documents folder for Accnt1.
  The installation was successful and when I launch the application, I can view all the data from Accnt1.
  So what is the problem? I tried logging in from Accnt2 and Accnt3. While the applciation is visible and will launch from both those user profiles, no data gets displayed. My guess is that this is because the data from the 6 CD's got installed onto the Documents folder for Accnt1 which is not viewable/accessible from Accnt2 and Accnt3. Therefore, nothing gets displayed.
  How do I fix this issue without reinstalling the software so that ALL 3 user accounts on my iMac can access the application AND its data?
  My guess is that I will have to provide user permissions/access to the Documents folder for Accnt1 such that both Accnt2 and Accnt3 are read/write. I tried to do that via the Finder and 'More info' operation wherein I click on the tiny lock icon at the bottom of the screen and add Accnt2 and Accnt3 as read/write. But this does not fix the problem for ALL folders further down and I dont want to fix each and every folder.
  Is there a quick way to resolve this problem? Can I fix this issue via a terminal window with a command?
  Please do help me out.
  Thanks in advance
  Anonymous76

  Move the data folder out of A's documents folder and into /Users/Shared. Then, control-option-command-drag the data folder from its new location back to its original location in A's documents folder. This makes an alias. Log in to the other user accounts and repeat the process for making aliases, to each user's Documents folder.
  You might also contact the developer and politely suggest that they learn how to write programs properly for Mac OS X.

• Multiple Email Account Weirdness

  Hi-
  I have 3 email accounts that I use with my mail program, 2 .Mac email accounts, and 1 SBC email account.
  I set up these accounts from home, but for some reason I can only receive incoming messages when using my home internet access. Outgoing messages just stall out and are unable to be sent from any account. Each account appears to be configured properly, and selected properly when composing/sending.
  When I'm at work, using their internet connection, I have no trouble sending and receiving emails.
  I realize I can always log on to .Mac through my browser to do my emailing, but that kind of defeats the purpose....

  Hi dreamsareweird.
  When you talk about being at home or at work, are you talking about using the same computer in both places?
  Don’t you get any error messages?
  Read the following article, which applies to all versions of Mac OS X (not just Mac OS X 10.4.2 and earlier as the article states) and can be useful for other mail accounts as well (not just .Mac):
  .Mac: Server timeout alert message when sending email
  Go to Apple Menu > System Preferences > Network, choose Network Port Configurations from the Show popup menu, and make sure that the configuration used to connect to Internet appears at the top of the list. Leave checked (enabled) only the port configuration needed to connect to Internet and Built-in Ethernet (in that order if not the same), uncheck (disable) the rest of network port configurations and see whether that helps — if it doesn’t, turn ON again the ones you want enabled.
  Mail keeps information about outgoing (SMTP) servers in a separate list independently of the mail accounts themselves. The account settings just associate one of the available outgoing servers with each account. Deleting an account doesn’t remove from the list the outgoing server that was associated with it. Orphaned or dangling outgoing server entries (i.e. not associated with any account) sometimes cause weird sending problems.
  Go to Preferences > Accounts > Account Information > Outgoing Mail Server (SMTP), choose Edit Server List from the popup menu, and delete any servers that shouldn’t be there. The Edit Server List panel shows the account each outgoing server is associated with.

• Multiple email accounts to MfE?

  Hi,
  quick question: is it possible to get multiple email accounts installed to Mail for Exchange phone client? If not will there a possibility for this in the future?
  Any workarounds for this issue? All help is highly appreciated. We are using E90 models.

  With www.seven.com you can have multiple accounts, but only one can be exchange or notus lotes (to sync contacts, calendar,etc). In addition, you can add accounts for gmail, yahoo, aol, pop, imap, etc. IMHO Seven is better than MFE or Roadsync.

• Support for multiple Exchange accounts

  I can't seem to get multiple exchange accounts to work in Mail. Everything I have read says it should work but no such luck.
  I have 4 accounts on our exchange server so i need them all in Mail. The first one I set up works fine, but if I add others, the messages do not appear in the mailboxes anymore.
  Has this happened to anybody else? I have tried it on my iMac and my MacBook Pro and the same thing happens on both.

  Same thing happens to me.
  When I add a second exchange account, all of the mail (including folders) from the first account move into the second one. The first account that was added is empty. I have two other exchange accounts, but haven't dared to add them. For now, I deleted the second account and have just the one (that is used the most) setup in Mail.

• Getting error while hitting weblogic server from EBS client instance

  Hi,
  We are trying to hit weblogic server from EBS client instance.
  Steps Done from our side :-
  1. Created a self signed key store and certificate (.cer file) with server host name and used it for SSL enabling on weblogic server.
  2. Created a self signed key store and certificate (.cer file) with client host name and used it for SSL enabling on oracle EBS client.
  3. Imported client certificate .cer file in Server Side Trust Store.
  4. Used Server keystore for client side verification.
  We are getting these logs from Client Side (Oracle EBS AS) :-
  <Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Nov 9, 2012 10:40:34 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Nov 9, 2012 10:40:34 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Nov 9, 2012 10:40:34 AM AST> <Warning> <Security> <BEA-090542> <Certificate chain received from whjed-ebspay.nmc.com - 192.168.100.169 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
  <Nov 9, 2012 10:40:34 AM AST> <Warning> <Security> <BEA-090542> <Certificate chain received from whjed-ebspay.nmc.com - 192.168.100.169 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
  <Nov 9, 2012 10:40:34 AM AST> <Warning> <Security> <BEA-090542> <Certificate chain received from whjed-ebspay.nmc.com - 192.168.100.169 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
  javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from whjed-ebspay.nmc.com - 192.168.100.169 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
  at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
  at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
  at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:158)
  at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:363)
  at oracle.apps.nmc.filetransmission.DigitalSigner.sendSignedFileToBank(DigitalSigner.java:532)
  at oracle.apps.nmc.filetransmission.DigitalSigner.signXmlFile(DigitalSigner.java:330)
  at oracle.apps.nmc.filetransmission.DigitalSigner.invokerInit(DigitalSigner.java:437)
  at oracle.apps.nmc.filetransmission.DigitalSigner.runProgram(DigitalSigner.java:390)
  at oracle.apps.fnd.cp.request.Run.main(Run.java:157)
  We are getting these logs from Server Side (Weblogic server) :-
  <Nov 9, 2012 10:34:51 AM AST> <Warning> <Security> <BEA-090482> <BAD_CERTIFICATE alert was received from whjed-apstest3.nmc.com - 192.168.100.246. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
  Kindly suggest on this.
  Regards
  Deepak Gupta

  Hi;
  Please make a search BEA-090482 Check the peer to determine why it rejected at metalink. There are 8 docs avaliable, please review them
  Regard
  Helios

• Configuring DNS when clients get DHCP from a Windows server

  Hi
  I'm getting to grips with OD and have managed to configure a test environment at home with static IPs and all the DNS entries being entered manually for each computer.
  However, how do I configure the DNS in an environment where clients get their IPs from a Windows DHCP server (which I have no access to)?
  Setting clients to have static IPs is not an option nor enabling DHCP on the Mac server, I suspect.
  Your help is really appreciated.
  Steve

  Hi
  Your suspicion is correct.
  To be honest I would what is available on the Windows Server as the basis for your Open Directory deployment. If the Windows Server is already the DHCP Server odds are it is also the DNS Server. DNS can be provided to your clients using the Windows based DHCP service.
  If you have no direct access to the windows server you should be able at the least ask the windows administrator to add a Host Record with a Reverse Pointer for the OSX Server. Make sure its resolving correctly first using the relevant tools first then add the IP address of the Windows Server in the network preferences pane on your OSX Server. Thereafter you should be able to promote from Standalone to Open Directory Master without too many problems.
  If the Windows Server is using .local as its FQDN then it could scupper any chances you have of providing OSX LDAP services to your mac clients. It can work with .local, its just better if its not used.
  Hope this helps – Tony

• Multiple Mobile Clients

  Hi to all.
  I want to use multiple mobile clients (up to 50) to send data (texts/numbers) to the same server wirelessly.
  What is the best way to go? Bluetooth or WiFi? Is there any limitation in any of the protocols? Which one will quarantee that the data of all the clients will be received at the server?
  Thanks, appreciate your concern...
  Std.

  The thing that causes the "-" half-slected buttons on the Account Creation tab is the absence of a value for the (new in 10.5?) attribute in the com.apple.MCX plist file. You can find this by using the Inspector in Workgroup Manager, getting the user account and editing the MCXSettings attrbute:
  cachedaccounts.WarnOnCreate.allowNever
  otherwise known as "Show Mobile Account Dialog's Never Option" if you look in the Details tab of Workgroup Manager,
  otherwise known as "Show "Don't ask me again" checkbox" if you look in the Account Creation tab of Workgroup Manager.
  Pet peeve -- three different terms for the same thing?

• Puzzling situation: XP clients cannot ping server while W7 clients can

  We have an SBS 2011 server with XP and Win7 clients.  The server provides DHCP and DNS services. Clients are all DHCP.
  Another DHCP server was on the network, which caused the 2011 box to shut down DHCP services. We have fixed that and all is working now, but....
  While troubleshooting, we found differences between the behavior of XP and W7 machines.  All could still connect to the internet and ping the gateway.  But only the W7 machines could communicate with the server (email, ping, DNS, RDP). 
  The XP machines could not even ping the server's IP address. Around 5-6 of each client OS were examined and the results were consistent.  Examples of configurations are as follows:
  Server
  IP:  192.168.3.1
  SM:  255.255.252.0
  GW:  192.168.3.2
  DNS:  192.168.3.1, 8..8.8.8
  W7 client
  IP:  192.168.0.20
  SM: 255.255.252.0
  GW:  192.168.3.2
  DNS:  192.168.3.1, 8.8.8.8
  DHCP:  192.168.3.1
  XP client
  IP:  192.168.1.26
  SM:  255.255.252.0
  GW:  192.168.3.2
  DNS:  192.168.3.1, 8.8.8.8
  DHCP:  192.168.3.1
  Also, upon booting an XP machine, it would not get any IP address.  After booting a W7 box, it would have the appropriate IP configuration and we were able to RDP to the server and browse the internet.
  As I said, everything is working now after removing the foreign DHCP server, but we found the behavior odd and would like to understand why there were differences between the two client platforms.

  Well, I can't really do this now, because everything is working.  I know - why waste time trying to fix something that isn't broken.  It just doesn't make sense to me. 
  I am just trying to determine why XP machines behaved in one way and W7 machines in another - but only while the DHCP service was down on the SBS box.  I looked at several of each, so I don't think I was a problem with the IP stack, unless
  all XP clients had the same issue at the same time, and all spontaneously resolved when the DHCP server came back up.
  I tested multiple XP machines and multiple W7 machines in multiple buildings, so I'm confident that the problem was platform-specific.

• Sockets: How can server detect that client is no longer connected?

  Hi,
  I really need help and advice with the following problem:
  I have a Client - Server socket program.
  The server listens on port 30000 using a server socket on one machine
  The client connects to localhost on port 20000, previously creating an ssh port forward connection using the Jsch package from www.jcraft.com with
  "session.setPortForwardingL(20000, addr, 30000);"
  Then the client sends Strings to the server using a PrintWriter.
  Both are connected to each other through the internet and the server uses a dynamic dns service.
  This all works well until the IP address of the Server changes, The client successfully reconnects to the server using the dynamic dns domain name, but the server keeps listening on the old socket from the previous connection, while opening a new one for the new client connection. The server doesn't seem to notice that Client has disconnected because of this IP address change.
  looks like the server is stuck inside the while loop. If i cut the connection manually on the client side, the server seems to notice that the client has disconnected, and jumps out of the while look (see code below)
  this is the code I'm using for the server:
  import java.io.BufferedReader;
  import java.io.IOException;
  import java.io.InputStreamReader;
  import java.net.Socket;
  import java.util.logging.Logger ;
  public class SocketHandler extends Thread {
      static Logger logger = Logger.getLogger("Server.SocketHandler");
      private Socket clientSocket = null;
      private BufferedReader in = null;
      private InputStreamReader inReader = null;
      public SocketHandler(Socket clientSocket) throws IOException {
          this.clientSocket = clientSocket;
          inReader = new InputStreamReader(clientSocket.getInputStream ());
          in = new BufferedReader(inReader);
      public void run() {
          try {
              String clientMessage = null;
              while ((clientMessage = in.readLine()) != null) {
                  logger.info("client says: " + clientMessage);
          } catch (IOException e) {
              logger.severe(e.getMessage());
              e.printStackTrace();
          } finally {
              try {
                  logger.info("closing client Socket: " + clientSocket);
                  clientSocket.close();
                  in.close();
                  ServerRunner.list.remove(clientSocket);
                  logger.info("currently "+ServerRunner.list.size()+" clients connected");
              } catch (IOException e) {
                  logger.severe (e.getMessage());
                  e.printStackTrace();
  }I've tried making the server create some artificial traffing by writing some byte every few seconds into the clients OutputStream. However I get no exceptions when the IP address changes. The server doesn't detect a disconnected socket connection.
  I'd really appreciate help and advice

  If a TCP/IP peer is shut down "uncleanly", the other end of the connection doesn't get the final end of connection packet, and read() will wait forever. close() sends the final packet, as will killing the peer process (the OS does the close()). But if the OS crashes or for some other reason can't send the final packet, the server never gets notification that the peer has gone away.
  Like you say, one way is timeout, if the protocol is such that there always is something coming in at regular intervals.
  The other way is a heartbeat. Write something to the other end periodically, just some kind of "hello, I'm here, ignore this message". The other end doesn't even have to answer. If the peer has gone away, TCP will retransmit your heartbeat message a few times. After about a minute it will give up, and mark the socket as broken. read() will then throw an IOException. You could send heartbeats from the client too, so that the client detects if the server computer dies.
  TCP/IP also has a TCP-level heartbeat; see Socket.setKeepAlive(). The heartbeat interval is about two hours, so it takes it a while to detect broken connections.

• How to get multiple rows from database table?

  hello !
  I need to get multiple rows from a OLEDB database table and display them on a table object.
  I did "Wrap in subfrom" on the table,  set  subform of the table to "flowed", and checked "Repeat row for each data item" of Row1 of the table.
  But I can get only one row on the table object.
  I need your help.
  Thanks

  Hi,
  best practices when deleting multiple rows is to do this on the business service, not the view layer for performance reasons. When you selected the rows to delete and press submit, then in a managed bean you access thetable instance (put a reference to a managed bean from the table "binding" property") and call getSeletedRowKeys. In JDeveloper 11g, ADF Faces returns the RowKeySet as a Set of List, where each list conatins the server side row key (e.g. oracle.jbo.Key) if you use ADF BC. Then you create a List (ArrayList) with this keys in it and call a method exposed on the business service (through a method activity in ADF) and pass the list as an argument. On the server side you then access the View Object that holds the data and find the row to delte by the keys in the list
  Example 134 here: http://blogs.oracle.com/smuenchadf/examples/#134 provides you with the code
  Frank