11501s and SSL termination
We have several 11501. Some of them have a module CSS501-SSL-INT listed when a show module is issued. Others don't have this module listed and a search on CCO for "CSS501-SSL-INT" came up blank. Is this module required to terminate SSL on a 501? Can it be added? Is this the only thing required to terminate SSL?
Yes, you need this module to terminate SSL traffic on the CSS.
No, this module can't be added to a CSS11501.
You can buy such module for CSS11503 or CSS11506 but not for the CSS11501.
The 11501 with SSL module is a CSS11501S.
Once you have the module you nede to install at least 1 key and 1 certificate and then configure the module.
Here is the configuration guide should you need it.
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080292a11.html
Regards,
Gilles.
Similar Messages
-
11503 and SSL Termination - Cookie Handling
I'm looking for some insight on how the 11503 handles SSL termination,
specifically with regard to cookie handling. We are going to be
installing a 11503, so it can handle load balancing, content switching
and SSL termination instead of IIS / WLBS. If you move SSL termination
off of the Web servers and disable SSL in IIS, how does ASP.NET handle
secure cookies? We want to set requireSSL="true" in Web.config, but
since the Web server will no longer be running SSL, it won't enforce
that attribute. I was wondering if the content switch passed any
special header to IIS, or if the content switch can be configured to
add the secure attribute to all cookies. I haven't found anything in
the documentation so far.Depending on your software version, this page has links to CSS SSL configuration Guides based upon the software you're running.
http://www.cisco.com/en/US/customer/products/hw/contnetw/ps792/products_installation_and_configuration_guides_list.html
You can configure the CSS to issue cookies in place of the actual server. -
OWA CSS11501 and ssl termination
Hi,
Is it possible to use the css to load balance for OWA and offload SSL ?
have tried this and it appears to break OWA even though other web apps work ok through same CSS.
When removing ssl termination could only make load balancing work when incoming tcp port on the content rule and outgoing tcp port to OWA server were set to 80.
If content rule port was set to anyhting other than 80, OWA breaks.
guess there is some form of embedded redirection going on.owa is sending a 302 of the form
http://servername.
because we are doing ssl offload on the css the redirect needs to be of the https://servername
We followed some guides for configuring exchange to do this but it did not seem to work. -
Apache reverse proxy and SSL termination
Hi Guru's
Can anyone tell me, how to do SSL termination at apache reverse proxy. I am using apache reverse proxy for accesing portal from internet. Apache is configured for SSL and portal is NON SSL.
I am using header variable login module in portal. i wanted to terminate SSL at apache reverse proxy and then all traffic after that should be clear text.
should i maitain any property. is there any documentation for it.
Please help me
TomThe majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.
You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.
what level I need to configure SSL and how do I proceed in both scenarios?
Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.
how do I proceed in both scenarios?
From a portal perspective, the configuration should remain the same.
Do I have to install SSL at portal, web dispatcher or at Apache level?
SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.
See the following for possible SSL implementation options:
http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
https://cw.sdn.sap.com/cw/docs/DOC-115509
Will SSL termination work for scenario 2?
Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm
However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.
I would recommend you to take a step by step (backward approach).
First, enable SSL on your portal and make sure it works - going directly to the server.
Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.
Finally - you can test the end to end flow - with your Reverse proxy involved.
- Shanti -
Hi,
I have a few questions regarding the CSS and SSL certificates.
I have 2 CSS 11501 and 3 web servers, how many SSL certificates do I need?
I want to configure the CSS as active - active, is this supported using the SSL accelleration module? If it is, is it configured the same way as a standalone CSS. The documentation only mentions configurations using single module and 2 modules in the same CSS.
And a clarificacion: Does the term Backend in the CSS SSL config refer to servers on a different subnet (in our case physically separated). Our config is 2 FW -> 2 CSS -> 3 Web servers -> 2 backend FW -> 6 Backend servers (app and DB). Am I correct in assuming that Backend refer to this backend? (This might seem like a silly question but the documentation has me confused)
Any help is much appreciated.
Thanks,
NielsNiels,
there is currently an ASK THE EXPERT event.
Please join us if you have more questions.
Regarding the certificate, you could just use one.
Get 1 certificate for your VIP and upload it on both SSL module.
However, you might have to get 2, because certificate providers usually say it's one per physical device.
If you plan on doing SSL on the servers as well, you need 3 more certificates. Or you coul use a single certificate if this is allowed by the company that will give it to you.
Backend refers to server behind the CSS.
Like a firewall defines inside and outside interfaces, the CSS define the frontend and the backend.
The frontend is the client side and the backend the server side.
When you say active/active, what do you want to achieve exactly ?
You can indeed have 2 Vip and one is active on CSS1 while the other is active on CSS2.
However, if the CSS shares the same set of servers, you need to be careful that the return traffic from the server to the client goes back to the same server. This may require client nat (group config).
Regards,
Gilles. -
Configuring JMS and loadbalancer with SSL termination? Has Anyone done it?
Hi all,
I'm having a problem getting JMS or even any JNDI lookup to work with a hardware load balancer and SSL termination. Has anyone used such a configuration? The load balancer in question is a Cisco CSS 11500 Series which has an SSL module. A client communicates with the CSS over SSL, the SSL module decrypts the packets and sends it for content switching and on to WebLogic as cleartext.
Without SSL termination everthing works fine. With SSL termination active, Web service and web content all work fine, but I can't get SSL tGetting Initial context from ms01
<29-Sep-2006 16:07:22 o'clock IST> <Debug> <TLS> <000000> <SSL/Domestic license found>
<29-Sep-2006 16:07:22 o'clock IST> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
<29-Sep-2006 16:07:23 o'clock IST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
<29-Sep-2006 16:07:23 o'clock IST> <Debug> <TLS> <000000> <Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeyS
ore.keystore>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 886220>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> < cert[0] = [
Version: V3
Subject: EMAILADDRESS="[email protected] ", CN=10.51.0.200, OU=Web Administration, O=Revenue Commissioners, L=Dublin, ST=Dublin,
=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
a8f60248 b87c5860 229b9044 a666a9ae 27eb488c 424d9e67 e7b9d6d0 c292f081
cfa76c04 f3d89b28 1bf544f9 5de2b66d 576ebeca 5dc5ca8a fceead9a 52e2ce6c
2b91afef e4da5071 49b8784c 12d7f5f3 99f76482 79efe1d8 0a24f664 4c8d6e9e
b0bc63be 1faf8319 eeb23e8a 019b65b2 59dd086d 1b714d4c 01618804 66f416bb
Validity: [From: Fri Sep 08 11:44:28 BST 2006,
To: Mon Sep 05 11:44:28 BST 2016]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 0131]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0E 6E 72 2E B1 3B B6 A3 59 79 5A C5 41 26 B7 B6 .nr..;..YyZ.A&..
0010: A2 39 4C 73 .9Ls
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 2C A0 0C 34 4E 0D CA 24 A5 C3 03 3A 71 A1 2D D3 ,..4N..$...:q.-.
0010: 65 A2 FA EF C1 5D D4 4A 28 8C 1A 70 5F 92 73 5E e....].J(..p_.s^
0020: 7B 13 D4 AE 36 A8 86 EA 60 7F A5 E3 86 6E 84 1F ....6...`....n..
0030: 5E 5F 30 06 B4 AA 2E 5C A7 65 74 32 09 0A 91 14 ^_0....\.et2....
]>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> < cert[1] = [
Version: V3
Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
Validity: [From: Mon May 31 15:22:15 BST 2004,
To: Thu May 29 15:22:15 BST 2014]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 <d....H.pt...,.s
0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....
]>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>
<29-Sep-2006 16:07:24 o'clock IST> <Debug> <TLS> <000000> <Trust status (0): NONE>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <Performing hostname validation checks: 10.51.0.200>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 134>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3941240 received HANDSHAKE>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 272>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <3445873 read(offset=0, length=2048)>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3941240 received APPLICATION_DATA: databufferLen 0, contentLength 372>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read databufferLen 372>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read A returns 372>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 339>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3445873 read(offset=372, length=1676)>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 6771926>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 93>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received HANDSHAKE>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received HANDSHAKE>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 402>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 1707>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read(offset=0, length=2048)>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 SSL3/TLS MAC>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <3840954 received APPLICATION_DATA: databufferLen 0, contentLength 174>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read databufferLen 174>
<29-Sep-2006 16:07:29 o'clock IST> <Debug> <TLS> <000000> <23328673 read A returns 174>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <NEW ALERT with Severity: WARNING, Type: 0
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
at weblogic.net.http.HttpClient.closeServer(HttpClient.java:466)
at weblogic.net.http.KeepAliveCache$1.run(KeepAliveCache.java:120)
at java.util.TimerThread.mainLoop(Unknown Source)
at java.util.TimerThread.run(Unknown Source)
>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <avalable(): 23328673 : 0 + 0 = 0>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <write ALERT, offset = 0, length = 2>
<29-Sep-2006 16:07:44 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.removeContext(ctx): 6771926>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3941240 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3941240 received APPLICATION_DATA: databufferLen 0, contentLength 98>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3445873 read databufferLen 98>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <3445873 read A returns 98>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 8406772>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 93>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received HANDSHAKE>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 SSL3/TLS MAC>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <21830977 received HANDSHAKE>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 339>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <5618579 read(offset=0, length=2048)>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:08:13 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
Exception in thread "main" javax.naming.CommunicationException [Root exception is java.net.ConnectException: https://10.51.0.200:8143: Boot
trap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or timed out]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:47)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:636)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:306)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:239)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:135)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at TestAllManagedServers.main(TestAllManagedServers.java:54)
Caused by: java.net.ConnectException: https://10.51.0.200:8143: Bootstrap to: 10.51.0.200/10.51.0.200:8143' over: 'https' got an error or t
med out
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:200)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:296)
... 7 more
o work for a simple JNDI lookup. With SSL debugging turned on, the following output is given:
When I compare the Server HTTP logs I see that an initial context lookup involves 3 HTTP requests, e.g.
25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A&r
and=3018901804201457976&AS=255&HL=19 HTTP/1.1" 200 17
25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=7332722597180897050 HTTP/1
.1" 200 2341
25.2.1.210 - - [29/Sep/2006:16:29:12 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0&rand=3415396992694182025 HTTP/
1.1" 200 17
When my request goes through the load balancer I see the following in the HTTP logs:
10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "GET /bea_wls_internal/HTTPClntLogin/a.tun?wl-login=https+dummy+WLREQS+8.1.5+dummy+%0A&
rand=8279752507152372405&AS=255&HL=19 HTTP/1.1" 200 17
10.51.0.200 - - [29/Sep/2006:16:31:33 +0100] "POST /bea_wls_internal/HTTPClntSend/a.tun?connectionID=0&rand=1051450669479197885 HTTP
/1.1" 200 17
10.51.0.200 - - [29/Sep/2006:16:32:28 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=6035654607615870287 HTTP/
1.1" 200 5
10.51.0.200 - - [29/Sep/2006:16:33:13 +0100] "GET /bea_wls_internal/HTTPClntRecv/a.tun?connectionID=0&rand=8245112057388607005 HTTP/
1.1" 200 5
Notice the time delay in some of the messages.
The following error appears in the WebLogic server log, however I've verified that all IP addresses referenced by the load balancer configuration match those in the WebLogic configuration:
<29-Sep-2006 16:31:43 o'clock IST> <Error> <RJVM> <BEA-000572> <The server rejected a connection attempt JVMMessage from: '266014296
868812899C:25.2.1.210R:2462711729186814398S:10.51.0.2:[8113,8113,8114,8114,8113,8114,-1,0,0]:10.51.0.1:8103,10.51.0.1:8105,10.51.0.1
:8107,10.51.0.2:8109,10.51.0.2:8111,10.51.0.2:8113:risIntCluster01:ms06' to: '0S:10.51.0.200:[-1,-1,-1,8143,-1,-1,-1,-1,-1]' cmd: 'C
MD_IDENTIFY_REQUEST', QOS: '102', responseId: '0', invokableId: '0', flags: 'JVMIDs Sent, TX Context Not Sent', abbrev offset: '228'
probably due to an incorrect firewall configuration or admin command.>
When a JNDI lookup is made directly to a WebLogic server on the https port, the client gives the following output:
Getting Initial context from ms01
<29-Sep-2006 16:29:22 o'clock IST> <Debug> <TLS> <000000> <SSL/Domestic license found>
<29-Sep-2006 16:29:22 o'clock IST> <Debug> <TLS> <000000> <Not in server, Certicom SSL license found>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSL Session TTL :90000>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <Trusted CA keystore: D:/eclipse/workspace/LoadBalancerTest/ssl/keystores/cssKeySt
ore.keystore>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx): 7860099>
<29-Sep-2006 16:29:23 o'clock IST> <Debug> <TLS> <000000> <SSLSocket will NOT be Muxing>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <validationCallback: validateErr = 0>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> < cert[0] = [
Version: V3
Subject: CN=10.52.0.3, OU=Revenue Integration Server, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
ac47cae5 45e55fe4 8ec06362 84aab923 af35d7f1 8b7e8aaa 32772d8a d8185106
0ba91363 07162207 6eaa33b4 db8a3fbb 1e228e93 841ff322 e319242a 04ae7447
Validity: [From: Mon May 31 16:45:21 BST 2004,
To: Thu May 29 16:45:21 BST 2014]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 05]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 B3 92 7B C7 4E 2F 5D F3 97 CB 3B F9 FB 0A 1E .....N/]...;....
0010: 97 C5 DD F1 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 57 B6 54 4E 1A 54 91 66 5C A8 FE AF B6 50 AB 23 W.TN.T.f\....P.#
0010: 6A 32 42 77 06 44 D5 7D 40 81 E4 DD 84 E3 7B 55 [email protected]
0020: 96 A6 BC E9 E9 51 96 B9 E4 01 56 F9 41 B7 0C C3 .....Q....V.A...
0030: 0A 92 C0 17 6E 6B 9D D6 9A 87 6D 6E 15 5A 86 F4 ....nk....mn.Z..
]>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> < cert[1] = [
Version: V3
Subject: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
bc61b29f a830c97a 7a76883e 1665a241 a68b891f 8e4167eb 62e578ac 9e342c3e
53c9de8b e756634b e364010f 4d36c1c5 21a65b37 b64b4861 6f4dda29 b932191f
Validity: [From: Mon May 31 15:22:15 BST 2004,
To: Thu May 29 15:22:15 BST 2014]
Issuer: CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 66 DD FC 06 C2 BC 7E 18 D5 64 38 AD 6E D0 0A .f........d8.n..
0010: AA 97 05 0D ....
[CN=Revenue CA, OU=Revenue Certificate Authority, O=Office Of The Revenue Commissioners, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 3C 64 7C 9E 0B 90 48 9D 70 74 06 80 7F 2C AF 73 <d....H.pt...,.s
0010: 92 1C C3 39 DD C3 45 B6 A4 8E 11 27 8E 21 18 4B ...9..E....'.!.K
0020: FD AA 31 5E 35 FC DF 9E 70 42 F4 65 5C DF 56 9A ..1^5...pB.e\.V.
0030: DD 8C 6B B7 3B BE E5 A7 D5 4A 16 23 C1 91 07 CA ..k.;....J.#....
]>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <SSLTrustValidator returns: 0>
<29-Sep-2006 16:29:24 o'clock IST> <Debug> <TLS> <000000> <Trust status (0): NONE>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <Performing hostname validation checks: 10.51.0.1>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 70>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write HANDSHAKE, offset = 0, length = 16>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received CHANGE_CIPHER_SPEC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 received HANDSHAKE>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Finished>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 0>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <write APPLICATION_DATA, offset = 0, length = 270>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <30340343 read(offset=0, length=2048)>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <isMuxerActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLS> <000000> <32915800 SSL3/TLS MAC>
<29-Sep-2006 16:29:28 o'clock IST> <Debug> <TLYou will need an AAM set with the internal (http) address.
http://blogs.msdn.com/b/ajithas/archive/2009/09/11/alternate-access-mapping-in-reverse-proxy-configuration.aspx
Dimitri Ayrapetov (MCSE: SharePoint) -
ACE - SSL Termination is not working
HTTPS is not working from official IE browser but it is working from test Firefox browser. However HTTP is working with both IE and Firefox browsers. This is true for multiple implementations on the ACE service module with SSL termination.
ACE software 3.0(0)A1(4a)
IE v6 SP3 Cipher 128
Firefox v3.6.3
Sample configuration:
access-list FT ethertype permit bpdu
access-list ALL-ACCESS extended permit icmp any any
access-list ALL-ACCESS extended permit ip any any
crypto chaingroup ROOT-CERT
cert abc.PEM
cert xyz.PEM
parameter-map type ssl SSL-PARAMETER-1
cipher RSA_WITH_RC4_128_MD5
cipher RSA_WITH_RC4_128_SHA
cipher RSA_WITH_AES_128_CBC_SHA priority 2
cipher RSA_WITH_AES_256_CBC_SHA
cipher RSA_EXPORT1024_WITH_DES_CBC_SHA
parameter-map type ssl SSL-PARAMETER-2
cipher RSA_WITH_AES_128_CBC_SHA priority 2
ssl-proxy service SSL-1
key KEY-1.PEM
cert CERT-1.PEM
chaingroup ROOT-CERT
ssl advanced-options SSL-PARAMETER-1
ssl-proxy service SSL-2
key KEY-1.PEM
cert CERT-1.PEM
chaingroup ROOT-CERT
ssl advanced-options SSL-PARAMETER-2
ssl-proxy service SSL-3
key KEY-1.PEM
cert CERT-1.PEM
chaingroup ROOT-CERT
rserver host server1
ip address 10.100.15.89
inservice
rserver host server2
ip address 10.100.15.121
inservice
probe http PROBE-1
interval 30
faildetect 2
request method get url /keepalive.htm
expect status 200 200
serverfarm host SERVERFARM-1
probe PROBE-1
rserver server1 80
inservice
rserver server2 80
inservice
sticky ip-netmask 255.255.255.255 address both STICKY-1
timeout 30
replicate sticky
serverfarm SERVERFARM-1
class-map type management match-any REMOTE-ACCESS
match protocol icmp any
match protocol snmp any
match protocol ssh any
match protocol https any
class-map match-all VIP-1
match virtual-address 10.100.15.140 tcp eq https
class-map match-all VIP-2
match virtual-address 10.100.15.140 tcp eq www
policy-map type management first-match REMOTE-ACCESS
class REMOTE-ACCESS
permit
policy-map type loadbalance first-match POLICY-1
class class-default
sticky-serverfarm STICKY-1
policy-map multi-match LB-1
class VIP-1
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy POLICY-1
ssl-proxy server SSL-1
(i have tried with ssl-proxy server SSL-2 and ssl-proxy server SSL-3 but did not helP)
policy-map multi-match LB-2
class VIP-2
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy POLICY-1
interface vlan 15
description client vlan
bridge-group 15
mac-sticky enable
access-group input FT
access-group input ALL-ACCESS
access-group output ALL-ACCESS
service-policy input REMOTE-ACCESS
service-policy input LB-1
service-policy input LB-2
no shutdown
interface vlan 2015
description server vlan
bridge-group 15
mac-sticky enable
access-group input FT
access-group input ALL-ACCESS
access-group output ALL-ACCESS
service-policy input REMOTE-ACCESS
no shutdown
interface bvi 15
description bridge group
ip address 10.100.15.5 255.255.255.0
peer ip address 10.100.15.6 255.255.255.0
alias 10.100.15.4 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.100.15.1
note: Subnet, Server Name, Certificate Name and Key Name are modified for security reason.Hello,
We will not be able to determine why your SSL terminated connections fail with only your config. You may want to take a look at a similar thread where someone else was having problems with IE and SSL termination, but Firefox worked fine. It also includes a solid action plan you can use to gather data needed to diagnose root cause. That thread can be viewed at the following link:
https://supportforums.cisco.com/thread/2025417?tstart=0
Also, the ACE software you are running is extremely old now and very buggy. I would strongly urge you to upgrade to A2(2.4) as soon as possible. It will help you avoid some headaches as you move forward.
Hope this helps,
Sean -
SSL termination and URL redirection
Hi All,
I have configured application in cisco ACE module for which i got more requirement for URL redirection.
Application setup is as below.
VIP : 10.232.92.x/24 which is pointing to 2 Web server 10.232.94.x/24 range. In addition to that app team want APP server also need to be loadbalanced hence new VIP is configured for 10.232.92.x/24 which is pointing to 2 different app server 10.232.94.x/24.
Both Web and App servers are having different IP but in same broadcastdomain. SSL termination is done on ACE.
Issue : 1) After initiating connection i am getting login page but after login its again giveing login page. After 2 to 3 trial its giving me application page but with invalid session error.
2) How to do https connection redirecting to different path.
Ex. https://apps.xyz.com to https://apps.xyz.com/abc
configuration :
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
serverfarm host app_tcp
predictor leastconns
probe rem_app_tcp
rserver server1 2100
inservice
rserver server2 2100
inservice
serverfarm host rem_https
predictor leastconns
probe rem_itsm_https
rserver server3 80
inservice
rserver server4 80
inservice
action-list type modify http remurlrewrite
ssl url rewrite location "apps\.xyz\.com"
policy-map type loadbalance first-match app_tcp
class class-default
serverfarm app_tcp
policy-map type loadbalance first-match app_https
class class-default
serverfarm rem_https
action remurlrewrite
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map multi-match VIPS
class real_servers_vlan273
nat dynamic 1 vlan 273
class VIP_rem_app_tcp
loadbalance vip inservice
loadbalance policy rem_app_tcp
loadbalance vip icmp-reply
class VIP_rem_itsm_https
loadbalance vip inservice
loadbalance policy rem_itsm_https
loadbalance vip icmp-reply
ssl-proxy server Remedy-SSL-PROXYHi Kanwaljeet,
I have applied below config for HTTPS URL redirection. Seems it dint work for me. Redirect serverfarm and policy map was not hitted.
access-list ANY line 8 extended permit ip any any
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
ip domain-name nls.jlrint.com
ip name-server 10.226.0.10
ip name-server 10.226.128.10
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h/arsys 301
inservice
rserver host serv1
ip address 10.232.94.74
inservice
rserver host serv2
ip address 10.232.94.75
inservice
rserver host serv3
ip address 10.232.94.76
inservice
rserver host serv4
ip address 10.232.94.77
inservice
serverfarm redirect REDIRECT-SERVERFARM
predictor leastconns
rserver REDIRECT-TO-HTTPS
inservice
serverfarm host rem_app_tcp
predictor leastconns
probe rem_app_tcp
rserver serv1 2100
inservice
rserver serv2 2100
inservice
serverfarm host rem_itsm_https
predictor leastconns
probe rem_itsm_https
rserver serv3 80
inservice
rserver serv4 80
inservice
ssl-proxy service Remedy-SSL-PROXY
key Remkey.pem
cert Remcert.pem
class-map type management match-any MANAGEMENT_CLASS
3 match protocol ssh any
4 match protocol snmp any
5 match protocol icmp any
6 match protocol http any
7 match protocol https any
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_http
2 match virtual-address 10.232.92.9 tcp eq www
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map type management first-match MANAGEMENT_POLICY
class MANAGEMENT_CLASS
permit
policy-map type loadbalance first-match REDIRECT-PM
class class-default
serverfarm REDIRECT-SERVERFARM
policy-map type loadbalance first-match rem_app_tcp
class class-default
serverfarm rem_app_tcp
policy-map type loadbalance first-match rem_itsm_https
class class-default
serverfarm rem_itsm_https
policy-map multi-match VIPS
class real_servers_vlan273
nat dynamic 1 vlan 273
class VIP_rem_itsm_http
loadbalance vip inservice
loadbalance policy REDIRECT-PM
class VIP_rem_itsm_https
loadbalance vip inservice
loadbalance policy rem_itsm_https
loadbalance vip icmp-reply
ssl-proxy server Remedy-SSL-PROXY
class VIP_rem_app_tcp
loadbalance vip inservice
loadbalance policy rem_app_tcp
loadbalance vip icmp-reply
interface vlan 270
description VIP
ip address 10.232.92.4 255.255.255.0
alias 10.232.92.6 255.255.255.0
peer ip address 10.232.92.5 255.255.255.0
access-group input ANY
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown
interface vlan 273
description Real server
ip address 10.232.94.66 255.255.255.192
alias 10.232.94.65 255.255.255.192
peer ip address 10.232.94.67 255.255.255.192
access-group input ANY
nat-pool 1 10.232.92.253 10.232.92.253 netmask 255.255.255.0 pat
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown -
We have moved SSL termination to a loadbalancer (F5) from the Sun webservers. The load balancer after terminating SSL goes to the http listener on the webservers. We have some NSAPI code that does a redirect. It used to do the redirect based on the original scheme of the listener (if http then the redirect was http based. If https then redirect https). Of course, now all redirects come back http even though the user may have an https session.
For weblogic we can feed a header from the F5 (WL-PROXY-SSL) and it would recognize that a load balancer was used for SSL termination and perform java redirects using the correct scheme. Is there any header like this I can feed to the Sun Webserver so it recognizes that a loadbalancer has terminated the SSL session and any redirects should be https?It might be easiest to configure separate HTTP listeners (e.g. separate ports) for SSL and non-SSL requests. You can configure which scheme should be used in self-referencing URLs (such as those used in redirects) per HTTP listener. In Sun Java System Web Server 7.0, you can do that using the admin GUI, CLI, or by editing the server.xml configuration. If you edit server.xml, you need to specify the <server-name> element in the appropriate <http-listener> element.
-
CSS 11503 SSL termination and 256 bit support
Does anyone know if the CSS11503 can support 256 bit SSL termination?
switch/Admin(config-parammap-ssl)# cipher ?
RSA_EXPORT1024_WITH_DES_CBC_SHA Accept RSA_EXPORT1024_WITH_DES_CBC_SHA cipher
RSA_EXPORT1024_WITH_RC4_56_MD5 Accept RSA_EXPORT1024_WITH_RC4_56_MD5 cipher
RSA_EXPORT1024_WITH_RC4_56_SHA Accept RSA_EXPORT1024_WITH_RC4_56_SHA cipher
RSA_EXPORT_WITH_DES40_CBC_SHA Accept RSA_EXPORT_WITH_DES40_CBC_SHA cipher
RSA_EXPORT_WITH_RC4_40_MD5 Accept RSA_EXPORT_WITH_RC4_40_MD5 cipher
RSA_WITH_3DES_EDE_CBC_SHA Accept RSA_WITH_3DES_EDE_CBC_SHA cipher
RSA_WITH_AES_128_CBC_SHA Accept RSA_WITH_AES_128_CBC_SHA cipher
RSA_WITH_AES_256_CBC_SHA Accept RSA_WITH_AES_256_CBC_SHA cipher
RSA_WITH_DES_CBC_SHA Accept RSA_WITH_DES_CBC_SHA cipher
RSA_WITH_RC4_128_MD5 Accept RSA_WITH_RC4_128_MD5 cipher
RSA_WITH_RC4_128_SHA Accept RSA_WITH_RC4_128_SHA cipher
The following 256 bits cipher is already supported :
RSA_WITH_AES_256_CBC_SHA
Gilles. -
Apache, iPrint and SSL/nile.nlm
Hi,
Getting various abends on a daily basis. Server is running as a vm on ESX 4.1 on an AMD platform. The running process is not always the same (apache_workprocess, seg.nlm, pcountdp.nlm) but the type of abend seems to be very consistent. It is the "Kernel detected an attempted context switch in an MPK Fast WTD". Another consistency seems to be that SSL and nile.nlm are high up on the stack - but maybe that is just normal for any iPrint server with secure iprint enabled on every printer (about 400 printer agents).
Thinking it might be a bad cert I have tried using both the self-signed "SSL CertificateDNS" cert and a third-party (Thawte) cert. Same result in either case. I have also tried the various tweaks on ESX for NetWare guest vm's :
- setting the memory reservation
- settting cpu affinity,
- setting the virtualization method to use hardware (Intel/AMD mmu and Intel/AMD instruction set) rather than automatic,
- removing the acpidrv.psm module from startup.ncf
- I have NOT set the NUMA memory node affinity.
The last thing I can think of to try is to turn off secure iPrint. If I do that, can I load apache without it listening on port 443 and not break any iPrint services? I do have iManager running on this same guest as well but I do not need it there.
Any other ideas?
Thanks,
Ron
Below are two recent abends, one with pcountdp.nlm and the second with apache_worker process. I've cut the nlm list on the second abend to get it to fit into this post.
Server N05 halted Monday, November 21, 2011 12:53:52.463 pm
Abend 1 on P00: Server-5.70.08-1315: Kernel detected an attempted context switch in an MPK Fast WTD.
Registers:
CS = 0008 DS = 0010 ES = 0010 FS = 0010 GS = 0023 SS = 0010
EAX = 00000000 EBX = 00000001 ECX = 00000000 EDX = 00090009
ESI = 00000006 EDI = A00D19D8 EBP = FBF138DB ESP = 8FD9DE9C
EIP = 0021AB7A FLAGS = 00000002
0021AB7A 83C404 ADD ESP, 00000004
EIP in SERVER.NLM at code start +00019B5Ah
The violation occurred while processing the following instruction:
0021AB7A 83C404 ADD ESP, 00000004
0021AB7D 833D14D0030000 CMP [SERVER.NLM|SleepNotAllowedUseCount]=00000001
, 00000000
0021AB84 7482 JZ 0021AB08
0021AB86 833DACC1030000 CMP [0003C1AC]=00000000, 00000000
0021AB8D 0F84D5000000 JZ 0021AC68
0021AB93 85DB TEST EBX, EBX
0021AB95 0F84BA000000 JZ 0021AC55
0021AB9B 8B1DE843F0FB MOV EBX, [FBF043E8]=FBF24D68
0021ABA1 53 PUSH EBX
0021ABA2 E8CFDBEFFF CALL LOADER.NLM|Abend
Running process: PCOUNTDP.NLM 236 Process
Thread Owned by NLM: PCOUNTDP.NLM
Stack pointer: 8FD9E1A8
OS Stack limit: 8FD9B360
CPU 0 (Thread A52305C0) is in a NO SLEEP state
Scheduling priority: 67371008
Wait state: 5050010 Blocked on a Mutex
Stack: --FBF138DB ?
--A00D19E0 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--A00D19C0 ?
002186BC (SERVER.NLM|SchedSwitch+48)
--00000001 (LOADER.NLM|KernelAddressSpace+1)
--A00D19E0 ?
--A00D19D8 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--A00D19C0 ?
002064BC (SERVER.NLM|kMutexLock+1AC)
--A00D19E4 ?
--A00D1A40 ?
--8FD9DEF0 ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--04B4E504 ?
--9D96379C ?
883E6AC9 (LIBC.NLM|pthread_mutex_lock+A9)
--A00D19C0 ?
--04B4E504 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--8FD9DEFC ?
9EDD3AF1 (NILE.NLM|SSL_library_init+26C)
--9D96379C ?
--8FD9DF20 ?
9EDE3ABF (NILE.NLM|CRYPTO_lock+8F)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-9FE9C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
-9FEC9448 (NILE.NLM|serverPostFix+1968)
--8FD9DF24 ?
--04B4E504 ?
--8FD9DF48 ?
9EDE3B44 (NILE.NLM|CRYPTO_add_lock+5A)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-9FE9C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
-9FEC9448 (NILE.NLM|serverPostFix+1968)
--04B4E504 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--8FD9DF70 ?
9EDE00AF (NILE.NLM|RSA_free+2E)
--04B6E43C ?
--FFFFFFFF ?
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-9FE9C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
-9FEC9448 (NILE.NLM|serverPostFix+1968)
--04B4E504 ?
--04B4E504 ?
--8FD9DF80 ?
9EDE7A81 (NILE.NLM|EVP_PKEY_free+97)
--04B6E404 ?
--00000002 (LOADER.NLM|KernelAddressSpace+2)
--8FD9DF94 ?
9EDE7A2A (NILE.NLM|EVP_PKEY_free+40)
--046B3A84 ?
9EDF8F2C (NILE.NLM|ASN1_template_free+8A)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--8FD9DFA8 ?
9EDF3660 (NILE.NLM|PKCS7_DIGEST_free+35)
--046B3A84 ?
-9FEA2C70 (NILE.NLM|X509_PUBKEY_it+0)
--047E85C4 ?
--8FD9DFEC ?
9EDF8E7A (NILE.NLM|ASN1_item_ex_free+2A6)
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--009052DC ?
-9FEA2C70 (NILE.NLM|X509_PUBKEY_it+0)
--A00D1540 ?
-9FEA2C28 (NILE.NLM|PKCS7_ATTR_VERIFY_it+34)
-9FEA2C3C (NILE.NLM|PKCS7_ATTR_VERIFY_it+48)
--A00D1540 ?
--8FD9DFE8 ?
-9FEA2C10 (NILE.NLM|PKCS7_ATTR_VERIFY_it+1C)
9EDF3641 (NILE.NLM|PKCS7_DIGEST_free+16)
--00000002 (LOADER.NLM|KernelAddressSpace+2)
--046DFC84 ?
--047E85C4 ?
--04B4E504 ?
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--8FD9E010 ?
9EDF8F2C (NILE.NLM|ASN1_template_free+8A)
--009052DC ?
-9FEA2C70 (NILE.NLM|X509_PUBKEY_it+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--04622844 ?
--00000005 (LOADER.NLM|KernelAddressSpace+5)
--009052DC ?
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--8FD9E050 ?
9EDF8E55 (NILE.NLM|ASN1_item_ex_free+281)
--009052DC ?
-9FE9B6C4 (NILE.NLM|OID_AES256+760)
--0000000A (LOADER.NLM|KernelAddressSpace+A)
-9FE9B6C4 (NILE.NLM|OID_AES256+760)
-9FE9B6C4 (NILE.NLM|OID_AES256+760)
Additional Information:
The NetWare OS detected a problem with the system while executing a process owned by SERVER.NLM. It may be the source of the problem or there may have been a memory corruption.
Loaded Modules:
PCOUNTWI.NLM Pcounter Web Interface
Version 5.50 October 27, 2011
Code Address: A13A6000h Length: 00006A0Ch
Data Address: A653C000h Length: 00003AA0h
NDPSGW.NLM NDPS Gateway
Version 4.01.02 March 2, 2010
Code Address: A5D20000h Length: 0000E7FCh
Data Address: A5199000h Length: 0000737Ch
PCOUNTDP.NLM Pcounter for NDPS
Version 5.50 October 27, 2011
Code Address: A5CE3000h Length: 0002230Bh
Data Address: A3071000h Length: 00005154h
NETDB.NLM Network Database Access Module
Version 4.11.05 January 6, 2005
Code Address: A5CC9000h Length: 0001394Dh
Data Address: A5CDD000h Length: 000025FCh
FPSM.NLM Novell Floating-Point Support Module for NLMs [debugging, 0A10]
Version 5.90.01 December 12, 2000
Code Address: A2E26000h Length: 0000003Ch
Data Address: 00000000h Length: 00000000h
LPR2NDPS.NLM NDPS Utility to accept UNIX jobs via LPR
Version 4.00.06 April 16, 2010
Code Address: A5CB9000h Length: 00009975h
Data Address: A2D9B000h Length: 00001AE8h
NDPSM.NLM NDPS Manager
Version 3.03.02 May 18, 2010
Code Address: A2A97000h Length: 00083318h
Data Address: A5C48000h Length: 00025E80h
RMANSRVR.NLM NDPS Resource Manager
Version 3.07.02 March 2, 2010
Code Address: A5C01000h Length: 0001DE5Fh
Data Address: A2188000h Length: 00004A24h
NIPPZLIB.NLM General Purpose ZIP File Library for NetWare
Version 1.00.01 November 28, 2005
Code Address: A5BE7000h Length: 00002A23h
Data Address: A2760000h Length: 00000048h
ZLIB.NLM ZLIB 1.1.4 General Purpose Compression Library for NetWare
Version 1.01.04 December 20, 2002
Code Address: A5BF5000h Length: 0000BAB4h
Data Address: A273B000h Length: 000014D8h
BROKER.NLM NDPS Broker
Version 3.00.12 February 20, 2008
Code Address: A5B9B000h Length: 0000FFECh
Data Address: A137A000h Length: 000071A5h
DBNET6.NLM Debug Network IO Support
Version 1.45.02 March 16, 2006
Code Address: A5508000h Length: 0001B831h
Data Address: A5524000h Length: 000127B8h
IPMCFG.NLM Web Interface for IP Address Management
Version 1.01.16 October 22, 2005
Code Address: A54AC000h Length: 0000A479h
Data Address: A54B7000h Length: 0000B610h
NIRMAN.NLM TCPIP - NetWare Internetworking Remote Manager
Version 1.06.04 September 18, 2007
Code Address: A2492000h Length: 00060760h
Data Address: A542C000h Length: 00018FCAh
TCPSTATS.NLM Web Interface for Protocol Monitoring
Version 6.50.10 June 20, 2003
Code Address: A5412000h Length: 0000E5ECh
Data Address: A1318000h Length: 00005460h
HWDETECT.NLM Novell Hardware Insertion/Removal Detection
Version 1.19.05 February 20, 2003
Code Address: A53E2000h Length: 00002B33h
Data Address: A0F11000h Length: 00000D3Ch
IPPSRVR.NLM Novell iPrint Server
Version 4.02.02 June 16, 2010
Code Address: A39CF000h Length: 00017550h
Data Address: A39E7000h Length: 000081F8h
DPLSV386.NLM NetWare 6.x Distributed Print Library - DPLSV386
Version 1.15.03 April 16, 2010
Code Address: A2FF3000h Length: 000541E9h
Data Address: A39A8000h Length: 0000C724h
NIPPED.NLM NetWare 5.x, 6.x INF File Editing Library - NIPPED
Version 1.03.09 February 26, 2010
Code Address: A1571000h Length: 00005345h
Data Address: A398C000h Length: 0000016Ch
DPRPCNLM.NLM Novell NDPS RPC Library NLM
Version 3.00.17 October 10, 2006
Code Address: A1547000h Length: 00005324h
Data Address: A13DB000h Length: 00001F20h
MONITOR.NLM NetWare Console Monitor
Version 12.02.02 April 4, 2006
Code Address: A38FD000h Length: 00022BEFh
Data Address: A1312000h Length: 00005F15h
NWSNUT.NLM NetWare NLM Utility User Interface
Version 7.00.01 July 11, 2008
Code Address: A38CC000h Length: 000134EBh
Data Address: A38E1000h Length: 00000790h
ROTLOGS.NLM Apache 2.0.63 Log Rotation Utility for NetWare
Version 2.00.63 April 25, 2008
Code Address: A3200000h Length: 000009F9h
Data Address: A3201000h Length: 00000438h
ROTLOGS.NLM Apache 2.0.63 Log Rotation Utility for NetWare
Version 2.00.63 April 25, 2008
Code Address: A31E1000h Length: 000009F9h
Data Address: A31E2000h Length: 00000438h
REWRITE.NLM Apache 2.0.63 Rewrite Module
Version 2.00.63 April 25, 2008
Code Address: A15A1000h Length: 00006C99h
Data Address: A31DB000h Length: 00001EA8h
HEADERS.NLM Apache 2.0.63 Headers Module
Version 2.00.63 April 25, 2008
Code Address: A31BE000h Length: 00000E39h
Data Address: A31BF000h Length: 00000538h
EXPIRES.NLM Apache 2.0.63 Expires Module
Version 2.00.63 April 25, 2008
Code Address: A31BA000h Length: 00000B89h
Data Address: A31BB000h Length: 00000388h
MOD_IPP.NLM iPrint Module
Version 1.00.04 June 7, 2006
Code Address: A31B4000h Length: 00000B76h
Data Address: A31B5000h Length: 000004CCh
AUTHLDDN.NLM LdapDN Module
Version 1.00 November 9, 2005
Code Address: A31AF000h Length: 00001926h
Data Address: A31B1000h Length: 00000EC8h
UTILLDP2.NLM LdapDN Module
Version 1.00 November 9, 2005
Code Address: A1544000h Length: 00002A56h
Data Address: A3194000h Length: 00001E80h
JNET.NLM Java jnet (based on 1.4.2_18)
Version 1.43 October 16, 2008
Code Address: A153D000h Length: 0000653Eh
Data Address: A318E000h Length: 00001100h
MOD_JK.NLM Apache 2.0 plugin for Tomcat
Version 1.02.23 April 25, 2008
Code Address: A315B000h Length: 00025B33h
Data Address: A3181000h Length: 0000CDD0h
LIBGCC_S.NLM gcc runtime and intrinsics support
Version 3.04.03 April 29, 2005
Code Address: A13B5000h Length: 00004ABCh
Data Address: A1086000h Length: 00000A74h
AUTHLDAP.NLM Apache 2.0.63 LDAP Authentication Module
Version 2.00.63 April 25, 2008
Code Address: 9D909000h Length: 00001BB9h
Data Address: 9EC05000h Length: 000019D0h
UTILLDAP.NLM Apache 2.0.63 LDAP Authentication Module
Version 2.00.63 April 25, 2008
Code Address: A12A0000h Length: 000034A9h
Data Address: A12A4000h Length: 00002598h
TSAFS.NLM SMS - File System Agent for NetWare 6.X
Version 6.53.03 October 16, 2008
Code Address: A1467000h Length: 0005F9A2h
Data Address: A14C7000h Length: 0000D7B0h
SMDR.NLM SMS - Storage Data Requestor
Version 6.58.01 October 16, 2008
Code Address: A101B000h Length: 00047EF8h
Data Address: A1364000h Length: 0000D8E0h
SMSUT.NLM SMS - Utility Library for NetWare 6.X
Version 1.01.03 June 26, 2008
Code Address: A12CB000h Length: 00010201h
Data Address: A12DC000h Length: 00001DF0h
LLDAPX.NLM NetWare Extension APIs for LDAP SDK (LibC version)
Version 3.05.01 October 26, 2010
Code Address: A1297000h Length: 0000754Ch
Data Address: A129F000h Length: 00000F70h
LLDAPSSL.NLM NetWare SSL Library for LDAP SDK (LibC version)
Version 3.05.01 October 26, 2010
Code Address: A109B000h Length: 0009CD03h
Data Address: A1138000h Length: 0002FFD0h
APACHE2.NLM Apache Web Server 2.0.63
Version 2.00.63 April 25, 2008
Code Address: A0EBF000h Length: 00039D29h
Data Address: A0EF9000h Length: 00011A9Ch
APRLIB.NLM Apache Portability Runtime Library 0.9.17
Version 0.09.17 April 25, 2008
Code Address: A0E4E000h Length: 0002E688h
Data Address: A0E7D000h Length: 00008088h
SASL.NLM Simple Authentication and Security Layer 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: A0CA6000h Length: 00000C7Ch
Data Address: A0CA7000h Length: 00000160h
LBURP.NLM LDAP Bulkload Update/Replication Protocol service extension for Novell eDirectory 8.8.
Version 20504.02 May 24, 2010
Code Address: A0CA3000h Length: 0000111Ch
Data Address: A0CA5000h Length: 00000444h
LDAPXS.NLM (Clib version)
Version 3.05.01 October 26, 2010
Code Address: A0C9B000h Length: 000047F3h
Data Address: A0CA0000h Length: 000008FCh
NMASLDAP.NLM NMAS LDAP Extensions 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: A07EC000h Length: 00004E5Ch
Data Address: A0C6D000h Length: 000007D0h
SEG.NLM NetWare Memory Analyzer
Version 2.00.25 April 27, 2009
Code Address: A0C03000h Length: 00032CB4h
Data Address: A0C36000h Length: 0001C656h
AFREECON.NLM AdRem Free Remote Console (NCPE)
Version 6.00 February 28, 2006
Code Address: A0801000h Length: 00005A8Dh
Data Address: A0807000h Length: 00002490h
RCONAG6.NLM RConsole Agent for Netware
Version 6.11 November 20, 2007
Code Address: A0425000h Length: 00006C5Bh
Data Address: 9EEC0000h Length: 00003304h
SAS.NLM Secure Authentication Services
Version 1.75 March 13, 2004
Code Address: A0864000h Length: 00056640h
Data Address: A0B8B000h Length: 0001E890h
NLDAP.NLM LDAP Agent for Novell eDirectory 8.8 SP5
Version 20506.05 December 30, 2010
Code Address: A091C000h Length: 0008F8BBh
Data Address: A09AC000h Length: 00052D20h
PMPORTAL.NLM NetWare License Information Portal
Version 2.16 November 21, 2003
Code Address: 9FD18000h Length: 000071C9h
Data Address: 9FD20000h Length: 00004360h
NDSIMON.NLM NDS iMonitor 8.8.5 SP5
Version 20506.01 December 24, 2010
Code Address: A02D0000h Length: 00113D69h
Data Address: 9FC46000h Length: 00091E24h
LANGMANI.NLM Novell Cross-Platform Language Manager
Version 20504.01 May 24, 2010
Code Address: 9F92A000h Length: 000040F2h
Data Address: 9EC71000h Length: 00001084h
XI18N.NLM Novell Cross-Platform Internationalization Package
Version 10310.53 August 2, 2005
Code Address: A0ABE000h Length: 0001CA12h
Data Address: 9F753000h Length: 00007EC8h
PORTAL.NLM Novell Remote Manager NLM
Version 4.03 September 22, 2008
Code Address: A0540000h Length: 0010147Ch
Data Address: 9FBDC000h Length: 00069EA4h
NWIDK.NLM CDWare Volume Module
Version 3.01.01 September 19, 2003
Code Address: 9EF30000h Length: 00004640h
Data Address: 9EFF9000h Length: 00000730h
BTCPCOM.NLM BTCPCOM.NLM v7.90.000, Build 253
Version 7.90 July 9, 2003
Code Address: 9ED88000h Length: 00004450h
Data Address: 9EF96000h Length: 00000CECh
HTTPSTK.NLM Novell Small Http Interface
Version 4.03 September 4, 2008
Code Address: 9FFB3000h Length: 000317C6h
Data Address: 9FFE5000h Length: 00019C10h
WSPSSL.NLM NetWare Winsock Service 1.0 NLM for SSL
Version 6.26 December 4, 2007
Code Address: 9FEEF000h Length: 00008AFFh
Data Address: 9FEF8000h Length: 0001095Fh
NILE.NLM Novell N/Ties NLM ("") Release Build with symbols
Version 7.00.01 August 20, 2007
Code Address: 9EDC3000h Length: 00090A31h
Data Address: 9FE99000h Length: 00030C70h
PKI.NLM Novell Certificate Server
Version 3.33 April 16, 2009
Code Address: 9F79D000h Length: 0017C9E5h
Data Address: 9ECAA000h Length: 00092270h
PKIAPI.NLM Public Key Infrastructure Services
Version 2.23.10 November 20, 2004
Code Address: 9FE61000h Length: 00037721h
Data Address: 9ECA3000h Length: 00006A14h
NWUTIL.NLM Novell Utility Library NLM (_NW65[SP7]{""})
Version 3.00.02 August 20, 2007
Code Address: 9FE13000h Length: 0000EE40h
Data Address: 9FE22000h Length: 00023BD4h
NWBSRVCM.NLM NWBSRVCM.NLM v7.90.000, Build 230
Version 7.90 March 20, 2001
Code Address: 9EBB4000h Length: 00006776h
Data Address: 9FDCA000h Length: 00000AD0h
VOLSMS.NLM NSS Distributed Volume Manager (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9FD48000h Length: 00018771h
Data Address: 9D8FD000h Length: 00001780h
VLRPC.NLM DFS Volume Location Database (VLDB) RPC interface (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9EBA4000h Length: 00003383h
Data Address: 9FD45000h Length: 000002FDh
VMRPC.NLM DFS Volume Manager RPC interface (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9EB83000h Length: 00003703h
Data Address: 9FD43000h Length: 000002FDh
JSTCP.NLM Jetstream TCP Transport Layer (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9EDBD000h Length: 000050F0h
Data Address: 9FB0F000h Length: 000001E0h
JSMSG.NLM Jetstream Message Layer (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9EDB6000h Length: 00006E80h
Data Address: 9FAF2000h Length: 00000220h
DFSLIB.NLM DFS Common Library (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 9F680000h Length: 000005C3h
Data Address: 9F681000h Length: 00000080h
NLSTRAP.NLM NetWare License Server Trap
Version 5.02 February 19, 2004
Code Address: 9E448000h Length: 0000298Ah
Data Address: 9F1F9000h Length: 00000695h
ZIP.NLM Java zip (based on 1.4.2_18)
Version 1.43 October 16, 2008
Code Address: 9F667000h Length: 0000ADCCh
Data Address: 9D972000h Length: 00001C90h
JVMLIB.NLM Java jvmlib (based on 1.4.2_18)
Version 1.43 October 16, 2008
Code Address: 9F62C000h Length: 00017134h
Data Address: 9F644000h Length: 00008670h
VERIFY.NLM Java verify (based on 1.4.2_18)
Version 1.43 October 16, 2008
Code Address: 9F5D5000h Length: 000087B4h
Data Address: 9D4B1000h Length: 00001BC0h
JVM.NLM Java Hotspot 1.4.2_18 Interpreter
Version 1.43 October 16, 2008
Code Address: 9F230000h Length: 00222FFFh
Data Address: 9F064000h Length: 00065A60h
LIBPERL.NLM Perl 5.8.4 - Script Interpreter and Library
Version 5.00.05 September 13, 2005
Code Address: 9F0EE000h Length: 000B3D60h
Data Address: 9F1A2000h Length: 0001ADE0h
IPMGMT.NLM TCPIP - NetWare IP Address Management
Version 1.03.01 May 29, 2007
Code Address: 9EA5B000h Length: 000307CDh
Data Address: 9EA8C000h Length: 0000D778h
JSOCK6X.NLM NetWare 6.x Support For Java Sockets (JDK 1.4.2)
Version 1.43 October 16, 2008
Code Address: 9EA47000h Length: 0000FDB1h
Data Address: 9EA57000h Length: 00002C44h
JAVA.NLM java.nlm (based on 1.4.2_18) Build 08101613
Version 1.43 October 16, 2008
Code Address: 9E99D000h Length: 000385DEh
Data Address: 9E9D6000h Length: 0003DD40h
JSOCK.NLM Support For Java Sockets (loader)
Version 1.43 October 16, 2008
Code Address: 9E97C000h Length: 00000086h
Data Address: 9E97D000h Length: 00000064h
CRLSM.NLM Challenge Response LSM v2.8.1.0
Version 2.08.01 October 28, 2008
Code Address: 9E926000h Length: 00021E46h
Data Address: 9E948000h Length: 00009456h
LCMCIFS2.NLM Windows Native File Access Login Methods (Build 83 SP)
Version 2.00.09 July 25, 2005
Code Address: 9E862000h Length: 0000E011h
Data Address: 9E871000h Length: 000016B0h
LSMCIFS2.NLM Windows Native File Access Login Methods (Build 94 SP)
Version 2.00.07 July 25, 2005
Code Address: 9E834000h Length: 0000F051h
Data Address: 9E844000h Length: 000017B0h
LSMAFP3.NLM Macintosh Native File Access Login Methods (Build 106 SP)
Version 2.00.11 January 3, 2005
Code Address: 9E80D000h Length: 0000F24Eh
Data Address: 9E81D000h Length: 000013C0h
NMASGPXY.NLM NMAS Generic Proxy 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: 9E7EA000h Length: 0000159Ch
Data Address: 9E7EC000h Length: 000000E0h
VMWTOOL.NLM VMware Tools
Version 1.01 May 24, 2010
Code Address: 9E795000h Length: 0001F9A0h
Data Address: 9E7B5000h Length: 00019A20h
PWDLCM.NLM Novell Simple Password Proxy LCM 2.8.2.1 20090422
Version 28210904.22 April 22, 2009
Code Address: 9E764000h Length: 0000E228h
Data Address: 9E773000h Length: 000014B0h
PWDLSM.NLM Novell Simple Password LSM 2.8.2.1 20090422
Version 28210904.22 April 22, 2009
Code Address: 9E720000h Length: 00010538h
Data Address: 9E731000h Length: 00001A60h
ACPISBD.NLM System Bus Driver for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 9DA39000h Length: 00002BBAh
Data Address: 9E6F4000h Length: 000004E1h
NCM.NLM Novell Configuration Manager
Version 1.15.01 October 20, 2004
Code Address: 9E6ED000h Length: 000054CCh
Data Address: 9E6F3000h Length: 00000FB0h
LSMCIFS.NLM NMAS Login Server Module for CIFS - MS Windows File System for NetWare
Version 1.20 March 5, 2003
Code Address: 9E6A0000h Length: 0000EB2Ah
Data Address: 9E6AF000h Length: 00001610h
SLPTCP.NLM SERVICE LOCATION TCP/UDP INTERFACE (RFC2165/RFC2608)
Version 2.13 November 15, 2005
Code Address: 9DA32000h Length: 0000386Ah
Data Address: 9E60F000h Length: 0000108Ch
NSPDNS.NLM NetWare Winsock 2.0 NSPDNS.NLM Name Service Providers
Version 6.20.03 September 8, 2003
Code Address: 9DA36000h Length: 00002527h
Data Address: 9E604000h Length: 000004E4h
WSPIP.NLM NetWare Winsock Service 1.0 NLM for TCP and UDP
Version 6.24 December 4, 2007
Code Address: 9E4B3000h Length: 000124C4h
Data Address: 9DA2F000h Length: 0000287Ch
NCPIP.NLM NetWare NCP Services over IP
Version 6.02.01 September 30, 2008
Code Address: 9E41C000h Length: 000168E9h
Data Address: 9DA23000h Length: 00003540h
BSDSOCK.NLM Novell BSDSOCK Module (Domestic)
Version 6.92.02 December 23, 2009
Code Address: 9E38A000h Length: 00012099h
Data Address: 9E39D000h Length: 0000C0E0h
TCPIP.NLM Novell TCP/IP/IPSec Module (Domestic) NICI Enabled
Version 6.92.02 September 30, 2009
Code Address: 9D9A3000h Length: 00078AB4h
Data Address: 9D468000h Length: 000405F0h
TCP.NLM Novell TCP/IP Stack - Transport module (Domestic)
Version 6.92.05 December 23, 2009
Code Address: 9DB5A000h Length: 00025862h
Data Address: 9DB80000h Length: 00082F60h
NETLIB.NLM Novell TCPIP NETLIB Module
Version 6.50.22 February 12, 2003
Code Address: 9DA7C000h Length: 00005AACh
Data Address: 9DA82000h Length: 000D0710h
CSLIND.NLM TCPIP CSL INDEPENDENCE MODULE 7Dec99 7Dec99
Version 4.21 December 7, 1999
Code Address: 9D97D000h Length: 000003CCh
Data Address: 9D97E000h Length: 000024E0h
E1000.LAN Intel(R) PRO/1000 PCI/PCI-X Network Connections Driver
Version 8.24 December 22, 2005
Code Address: 9D84B000h Length: 00016B5Dh
Data Address: 006A7000h Length: 00009973h
ETHERTSM.NLM Novell Ethernet Topology Specific Module
Version 3.90 March 20, 2006
Code Address: 9D847000h Length: 000024CEh
Data Address: 9D84A000h Length: 000002BCh
MSM.NLM Novell Multi-Processor Media Support Module
Version 4.12 August 22, 2007
Code Address: 9D831000h Length: 0000E5B3h
Data Address: 9D840000h Length: 00003DFCh
LSAPI.NLM NLS LSAPI Library
Version 5.02 January 7, 2003
Code Address: 9D817000h Length: 0000A51Bh
Data Address: 9D822000h Length: 00001B00h
NLSAPI.NLM NLSAPI
Version 5.02 August 7, 2003
Code Address: 9D7EB000h Length: 000124DBh
Data Address: 9D740000h Length: 000022A4h
NLSLSP.NLM NLS - License Service Provider
Version 5.02 May 25, 2005
Code Address: 9D74E000h Length: 0006DF03h
Data Address: 9D7BC000h Length: 000205DCh
CSL.NLM NetWare Call Support Layer For NetWare
Version 2.06.02 January 13, 2000
Code Address: 9D71A000h Length: 0000CB32h
Data Address: 90203000h Length: 000028F4h
BTRIEVE.NLM BTRIEVE.NLM v7.90.000
Version 7.90 March 21, 2001
Code Address: 8FEF1000h Length: 000013BFh
Data Address: 8FEF3000h Length: 00000980h
NWMKDE.NLM NWMKDE.NLM v7.94.251.000
Version 7.94 December 11, 2001
Code Address: 8FCB5000h Length: 00053D55h
Data Address: 9D127000h Length: 0000F784h
NWENC103.NLM NWENC103.NLM v7.90.000 (Text Encoding Conversion Library)
Version 7.90 February 24, 2001
Code Address: 8FEA0000h Length: 0004D0F5h
Data Address: 9CF76000h Length: 001B0208h
NWAIF103.NLM nwaif103.nlm v7.94, Build 251 ()
Version 7.94 November 30, 2001
Code Address: 9CF5C000h Length: 00010E51h
Data Address: 8FC86000h Length: 00006828h
PSVCS.NLM Portability Services
Version 251.00 November 30, 2001
Code Address: 9CF25000h Length: 0001270Fh
Data Address: 9CF38000h Length: 00009464h
NWUCMGR.NLM NWUCMGR.NLM v1.5 Build 230
Version 1.05 March 14, 2001
Code Address: 9CEF5000h Length: 0000D920h
Data Address: 8FC49000h Length: 000078D4h
SPMDCLNT.NLM Novell SPM Client for DClient 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: 9CE6F000h Length: 000145E8h
Data Address: 8F9DB000h Length: 00001370h
NPKIAPI.NLM Public Key Infrastructure Services
Version 3.33 April 16, 2009
Code Address: 9CE17000h Length: 00038627h
Data Address: 9CE50000h Length: 0001E73Fh
LDAPSDK.NLM LDAP SDK Library (Clib version)
Version 3.05.02 October 26, 2010
Code Address: 9CDF5000h Length: 00021500h
Data Address: 8F4FE000h Length: 000065ADh
SNMP.NLM Netware 4.x/5.x/6.x SNMP Service
Version 4.18 July 25, 2006
Code Address: 9CDB2000h Length: 00013E90h
Data Address: 8F432000h Length: 00003220h
TLI.NLM NetWare Transport Level Interface Library
Version 4.30.02 December 19, 2000
Code Address: 8F423000h Length: 00003859h
Data Address: 8F427000h Length: 00000164h
Global Code Address: 8F428000h Length: 00001000h
Global Data Address: 8F429000h Length: 00002000h
DHOST.NLM Novell DHost Portability Interface 1.0.0 SMP
Version 10010.97 September 18, 2006
Code Address: 8F224000h Length: 00006621h
Data Address: 8F0CD000h Length: 0000234Ch
CONLOG.NLM System Console Logger
Version 3.01.02 August 8, 2006
Code Address: 8EF13000h Length: 0000243Ch
Data Address: 8EF16000h Length: 00001CE0h
NPKIT.NLM Public Key Infrastructure Services
Version 3.33 April 16, 2009
Code Address: 9028C000h Length: 0002E5BEh
Data Address: 902BB000h Length: 000166ABh
LLDAPSDK.NLM LDAP SDK Library (LibC version)
Version 3.05.02 October 26, 2010
Code Address: 90269000h Length: 00022600h
Data Address: 8EF0A000h Length: 000065C0h
NSPNDS.NLM NetWare Winsock 2.0 NSPNDS.NLM Name Service Provider
Version 6.20 November 12, 2001
Code Address: 896E7000h Length: 00006547h
Data Address: 88206000h Length: 00000518h
DS.NLM Novell eDirectory Version 8.8 SP5 SMP
Version 20506.07 March 18, 2011
Code Address: 8FF37000h Length: 002CBA43h
Data Address: 8F338000h Length: 0008D794h
ROLLCALL.NLM RollCall NLM (101, API 1.0)
Version 5.00 July 27, 1998
Code Address: 80133000h Length: 0000055Dh
Data Address: 88258000h Length: 000002D4h
NTLS.NLM NTLS 2.0.5.0 based on OpenSSL 0.9.7m
Version 20510.01 March 11, 2009
Code Address: 8F44B000h Length: 000A72C6h
Data Address: 8FEFD000h Length: 0003915Fh
DSLOG.NLM DS Log for Novell eDirectory 8.8.0
Version 20219.15 May 12, 2009
Code Address: 8EEFC000h Length: 00003CCFh
Data Address: 8966E000h Length: 0000B06Ch
SPMNWCC.NLM Novell SPM Client for NWCC 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: 8FA66000h Length: 00011688h
Data Address: 8FA78000h Length: 00001340h
NMAS.NLM Novell Modular Authentication Service 3.3.2.3 20091224
Version 33230912.24 December 24, 2009
Code Address: 8F1C9000h Length: 0005AB78h
Data Address: 8FA54000h Length: 0000D5A0h
GAMS.NLM Graded Authentication Management Service
Version 2.00.01 September 2, 2008
Code Address: 8FA44000h Length: 0000DFC7h
Data Address: 8FA52000h Length: 00001348h
NDSAUDIT.NLM Directory Services Audit
Version 2.09 May 22, 2003
Code Address: 8FA33000h Length: 00010844h
Data Address: 8EEF6000h Length: 00002ED0h
SAL.NLM Novell System Abstraction Layer Version 8.8.0
Version 20504.01 May 24, 2010
Code Address: 8F9FC000h Length: 000086E6h
Data Address: 8FA05000h Length: 00001554h
NICISDI.NLM Security Domain Infrastructure
Version 27610.01.01 March 30, 2009
Code Address: 8F9BD000h Length: 0000ADA2h
Data Address: 006A5000h Length: 00001320h
SASDFM.NLM SAS Data Flow Manager
Version 27610.01.01 March 30, 2009
Code Address: 8F9A0000h Length: 000040AEh
Data Address: 32D56000h Length: 00000980h
CALNLM32.NLM NetWare NWCalls Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F971000h Length: 0001CEB9h
Data Address: 8F25F000h Length: 00000510h
POLIMGR.NLM NetWare License Policy Manager
Version 6.27 November 3, 2005
Code Address: 8F918000h Length: 00013F5Ch
Data Address: 8F92C000h Length: 00008E90h
TIMESYNC.NLM NetWare Time Synchronization Services
Version 6.61.01 October 14, 2005
Code Address: 8F8EF000h Length: 0000E13Ch
Data Address: 8F835000h Length: 00004240h
CLXNLM32.NLM NetWare NWCLX Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F833000h Length: 000011F3h
Data Address: 8F245000h Length: 000001B0h
DSAPI.NLM NetWare NWNet Runtime Library
Version 6.00.04 January 27, 2006
Code Address: 8F243000h Length: 00000043h
Data Address: 8F244000h Length: 00000024h
DSEVENT.NLM NetWare DSEvent Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F241000h Length: 00000633h
Data Address: 8F242000h Length: 00000034h
NETNLM32.NLM NetWare NWNet Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F8B9000h Length: 00035B77h
Data Address: 8F82A000h Length: 00004DA5h
NCPNLM32.NLM NetWare NWNCP Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F899000h Length: 0001F473h
Data Address: 00000000h Length: 00000000h
CLNNLM32.NLM NetWare NWClient Runtime Library
Version 6.01.03 August 26, 2008
Code Address: 8F824000h Length: 00001CC2h
Data Address: 8F240000h Length: 00000150h
CLIB.NLM (Legacy) Standard C Runtime Library for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F85B000h Length: 0001898Eh
Data Address: 8EEA4000h Length: 00002FB0h
NIT.NLM NetWare Interface Tools Library for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F83E000h Length: 0001C694h
Data Address: 8F23E000h Length: 00000690h
NLMLIB.NLM Novell NLM Runtime Library
Version 5.90.15 March 10, 2008
Code Address: 8F7F5000h Length: 000263EDh
Data Address: 8EE9D000h Length: 000038C0h
STREAMS.NLM NetWare STREAMS PTF
Version 6.00.06 May 4, 2005
Code Address: 8F7DA000h Length: 0001206Dh
Data Address: 8F7ED000h Length: 000010A0h
Global Code Address: 8F23D000h Length: 00001000h
REQUESTR.NLM Novell NCP Requestor for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F7A0000h Length: 00020DE3h
Data Address: 8F7C1000h Length: 000010D0h
THREADS.NLM Novell Threads Package for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F775000h Length: 00018CF8h
Data Address: 8F78E000h Length: 000116A0h
LIB0.NLM Novell Ring 0 Library for NLMs
Version 5.90.15 March 10, 2008
Code Address: 8F506000h Length: 000250EAh
Data Address: 8F52C000h Length: 00228070h
MASV.NLM Mandatory Access Control Service
Version 2.00.01 September 2, 2008
Code Address: 8F1B6000h Length: 00012386h
Data Address: 8EE91000h Length: 000023A0h
NSPSLP.NLM NetWare Winsock 2.0 NSPSLP.NLM Name Service Provider
Version 6.20.04 December 6, 2007
Code Address: 8F119000h Length: 00005ED3h
Data Address: 8F11F000h Length: 00000B30h
PMLODR.NLM PMLodr for NW65
Version 1.26 October 7, 2005
Code Address: 8F123000h Length: 0000E63Ah
Data Address: 8F132000h Length: 00001658h
SLP.NLM SERVICE LOCATION PROTOCOL (RFC2165/RFC2608)
Version 2.13 November 15, 2005
Code Address: 8F0EC000h Length: 0001A658h
Data Address: 8F107000h Length: 00005384h
CCS.NLM Controlled Cryptography Services from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8F081000h Length: 00019EE4h
Data Address: 006A2000h Length: 00002F90h
DSLOADER.NLM Novell eDirectory Version 8.8.5 Loader SMP
Version 20506.07 March 18, 2011
Code Address: 8F002000h Length: 0000CB1Ch
Data Address: 8F00F000h Length: 00001720h
XENGUSC.NLM NICI U.S./Worldwide XENG from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EFEE000h Length: 00000058h
Data Address: 00000000h Length: 00000000h
XNGAUSC.NLM NICI U.S./Worldwide XMGR Assistant XENG from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EFBB000h Length: 000153E4h
Data Address: 00098000h Length: 00004864h
XENGEXP.NLM NICI Import Restricted XENG from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8961D000h Length: 00050DD4h
Data Address: 0068D000h Length: 00014C3Ch
XENGNUL.NLM NICI NULL XENG from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EFAE000h Length: 00001DC9h
Data Address: 32EC4000h Length: 00000860h
XMGR.NLM NICI XMGR from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EE2D000h Length: 00025F01h
Data Address: 00682000h Length: 0000AA10h
XSUP.NLM NICI XSUP from Novell, Inc.
Version 27610.01.01 March 30, 2009
Code Address: 8EDB8000h Length: 00006EF2h
Data Address: 0065E000h Length: 00023170h
XIM.XLM Novell NICI Signed Loader
Version 27510.02.01 August 25, 2008
Code Address: 8ED56000h Length: 0002C680h
Data Address: 00656000h Length: 00007CE4h
WS2_32.NLM NetWare Winsock 2.0 NLM
Version 6.24.01 February 14, 2008
Code Address: 8E5C0000h Length: 00037F28h
Data Address: 8E5F8000h Length: 00011B84h
NCP.NLM NetWare Core Protocol (NCP) Engine
Version 5.61.01 September 30, 2008
Code Address: 8E577000h Length: 00026DEFh
Data Address: 8E59E000h Length: 00018B24h
QUEUE.NLM NetWare Queue Services NLM
Version 5.60 May 24, 2001
Code Address: 8E56E000h Length: 00006D8Dh
Data Address: 8E575000h Length: 00000473h
VDISK.NLM NetWare Virtual Disk
Version 1.00 November 30, 2004
Code Address: 8E52A000h Length: 00001FEEh
Data Address: 8E52D000h Length: 00001160h
NWTERMIO.NLM NetWare Terminal Emulation
Version 1.00 September 11, 2006
Code Address: 89DB8000h Length: 00007570h
Data Address: 89DC0000h Length: 00004560h
MALHLP.NLM NSS Configure help messages (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89547000h Length: 000000BAh
Data Address: 89548000h Length: 0000002Ah
CDDVD.NSS NSS Loadable Storage System (LSS) for CD/UDF (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89DC9000h Length: 00014B00h
Data Address: 89972000h Length: 00001050h
NSSIDK.NSS NSS Pool Configuration Manager (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 8943D000h Length: 000039C5h
Data Address: 89544000h Length: 00000090h
PARTAPI.NLM Partition APIs for NetWare 6.1
Version 2.00 April 17, 2002
Code Address: 89543000h Length: 00000007h
Data Address: 00000000h Length: 00000000h
VOLMN.NSS NSS Distributed Volume Manager (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89D99000h Length: 0000A6A3h
Data Address: 8953C000h Length: 000005B0h
NWSA.NSS NSS NetWare Semantic Agent (NWSA) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 898B3000h Length: 0004ADEEh
Data Address: 89CE6000h Length: 000A1390h
ZLSS.NSS NSS Journaled Storage System (ZLSS) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89C0C000h Length: 000CD166h
Data Address: 89CDA000h Length: 0000BE30h
MAL.NSS NSS Media Access Layer (MAL) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89439000h Length: 00003196h
Data Address: 89531000h Length: 00000170h
MANAGE.NSS NSS Management Functions (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89914000h Length: 0004F275h
Data Address: 8952F000h Length: 00000C20h
COMN.NSS NSS Common Support Layer (COMN) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 899F5000h Length: 000EF408h
Data Address: 89AE5000h Length: 00015E50h
NSS.NLM NSS (Novell Storage Services) (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 8978E000h Length: 00030420h
Data Address: 8949D000h Length: 00091830h
SYSLOG.NLM NetWare Logfile Daemon
Version 6.05.03 October 22, 2007
Code Address: 89417000h Length: 0000616Ah
Data Address: 89727000h Length: 00026140h
LIBNSS.NLM Generic Library used by NSS (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89428000h Length: 0000464Ch
Data Address: 8949C000h Length: 000003D0h
NSSWIN.NLM NSS ASCI Window API Library (Build 212 MP)
Version 3.27.02 November 11, 2009
Code Address: 89423000h Length: 000047DCh
Data Address: 8949A000h Length: 000000FCh
LOCNLM32.NLM NetWare NWLocale Runtime Library
Version 6.00.04 November 29, 2005
Code Address: 89412000h Length: 000044BBh
Data Address: 89499000h Length: 00000B30h
UNICODE.NLM NetWare Unicode Runtime Library (UniLib-based) [optimized]
Version 7.00 October 26, 2004
Code Address: 89619000h Length: 000016F5h
Data Address: 89466000h Length: 00000504h
FILESYS.NLM NetWare File System NLM
Version 5.14 April 16, 2008
Code Address: 89567000h Length: 0008E4E7h
Data Address: 895F6000h Length: 00012C90h
LFS.NLM NetWare Logical File System NLM
Version 5.12 September 21, 2005
Code Address: 89481000h Length: 000098A2h
Data Address: 8948B000h Length: 000084BCh
CONNMGR.NLM NetWare Connection Manager NLM
Version 5.60.01 September 7, 2006
Code Address: 89443000h Length: 0001172Bh
Data Address: 89402000h Length: 00003CE8h
ACPIPWR.NLM ACPI Power Management Driver for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 89421000h Length: 00000C9Ah
Data Address: 89422000h Length: 00000904h
ACPICMGR.NLM ACPI Component Manager for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 89400000h Length: 00000A6Fh
Data Address: 89401000h Length: 000002F4h
LSIMPTNW.HAM LSI Corporation Common Architecture NWPA-HAM SAS/Fibre/SCSI Driver.
Version 5.03.01 January 23, 2008
Code Address: 89396000h Length: 00033686h
Data Address: 00A40000h Length: 0000787Eh
SCSIHD.CDM Novell NetWare SCSI Fixed Disk Custom Device Module
Version 3.03.10 May 30, 2008
Code Address: 89380000h Length: 00005523h
Data Address: 00A4B000h Length: 000017C0h
ACPIDRV.PSM ACPI Platform Support Module for ACPI compliant systems
Version 1.05.19 January 16, 2007
Code Address: 89339000h Length: 0000AD1Eh
Data Address: 00A4D000h Length: 0000C694h
ACPICA.NLM ACPI Component Architecture for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 892BD000h Length: 0002BA90h
Data Address: 892E9000h Length: 00011C74h
ACPIASL.NLM ACPI Architecture Services Layer for ACPI compliant systems
Version 1.05.16 January 16, 2007
Code Address: 88DE1000h Length: 00000F9Bh
Data Address: 88DE2000h Length: 0000019Ch
CIOS.NLM Consolidated IO System
Version 1.60 February 12, 2008
Code Address: 89230000h Length: 00042C15h
Data Address: 31961000h Length: 00008B4Ah
LSL.NLM Novell NetWare Link Support Layer
Version 4.86 February 2, 2006
Code Address: 88DE4000h Length: 0000A7A7h
Data Address: 88DEF000h Length: 00009EC8h
NWPALOAD.NLM NetWare 5 NWPA Load Utility
Version 3.00 July 10, 2000
Code Address: 88D08000h Length: 00000007h
Data Address: 00000000h Length: 00000000h
NWPA.NLM NetWare 6.5 NetWare Peripheral Architecture NLM
Version 3.21.02 October 29, 2008
Code Address: 88CE5000h Length: 00016C82h
Data Address: 8823A000h Length: 00002A5Ch
MM.NLM ENG TEST - NetWare 6.5 Media Manager
Version 3.22.08 April 24, 2009
Code Address: 88D1A000h Length: 0004C524h
Data Address: 88C90000h Length: 0000B84Ch
SGUID.NLM NetWare GUID Services
Version 6.01 September 27, 2002
Code Address: 88C8E000h Length: 00000E04h
Data Address: 88C8F000h Length: 0000018Ah
NBI.NLM NetWare Bus Interface
Version 3.01.01 July 13, 2007
Code Address: 88C80000h Length: 0000D72Dh
Data Address: 88233000h Length: 00003D8Dh
NEB.NLM Novell Event Bus
Version 5.60 September 27, 2004
Code Address: 88CA6000h Length: 00005843h
Data Address: 88316000h Length: 0000097Ch
DIAG500.NLM Diagnostic/coredump utility for NetWare 6.x
Version 3.04.03 October 31, 2007
Code Address: 88C06000h Length: 00007FC0h
Data Address: 88C0F000h Length: 0001DF84h
CPUCHECK.NLM NetWare Processor Checking Utility
Version 5.60.01 December 6, 2007
Code Address: 88344000h Length: 00001B5Ch
Data Address: 88CAE000h Length: 00004B3Ch
NWKCFG.NLM NetWare Kernel Config NLM
Version 2.16 June 24, 2005
Code Address: 88228000h Length: 00003F4Fh
Data Address: 8822C000h Length: 00003CA4h
CDBE.NLM NetWare Configuration DB Engine
Version 6.01 September 21, 2006
Code Address: 88995000h Length: 000116E6h
Data Address: 889A7000h Length: 000161FAh
FATFS.NLM FAT Filesystem Module for NetWare
Version 1.24 August 27, 2007
Code Address: 8844F000h Length: 00020526h
Data Address: 88470000h Length: 0002B32Fh
LIBC.NLM Standard C Runtime Library for NLMs [optimized, 7]
Version 9.00.05 October 3, 2008
Code Address: 8834B000h Length: 000D0CD6h
Data Address: 80140000h Length: 000415E0h
PVER500.NLM NetWare 6.XX Version Library
Version 3.00 February 1, 2007
Code Address: 80135000h Length: 00000837h
Data Address: 80136000h Length: 000003DCh
SERVER.NLM NetWare Server Operating System
Version 5.70.08 October 3, 2008
Code Address: 00201020h Length: 0016A000h
Data Address: 00401020h Length: 00216FE0h
Memory at EAX
Invalid dump address
Memory at EBX
Invalid dump address
Memory at ECX
Invalid dump address
Memory at EDX
00090009 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090019 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090029 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090039 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090049 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090059 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090069 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090079 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090089 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
00090099 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900A9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900B9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900C9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900D9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900E9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
000900F9 46656572 46656572-46656572 46656572 Feer Feer Feer Feer
Memory at ESI
Invalid dump address
Memory at EDI
A00D19D8 A52305C0 A52305C0-00000000 00000000 %#.@ %#.@ .... ....
A00D19E8 00000000 00000000-00000000 00000000 .... .... .... ....
A00D19F8 00000000 00000000-72687470 20646165 .... .... rhtp dae
A00D1A08 6574756D 00000078-00000000 00000000 etum ...x .... ....
A00D1A18 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1A28 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1A38 00000000 00000000-893CA160 A00D1B04 .... .... .<!` ...
A00D1A48 A00D1984 0000008F-00000001 00000000 ... .... .... ....
A00D1A58 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1A68 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1A78 00000000 34343434-1515071E 00000000 .... 4444 .... ....
A00D1A88 A52305C0 00000000-000052E6 00000000 %#.@ .... ..Rf ....
A00D1A98 00000000 A00D1A98-00000000 00000000 .... ... .... ....
A00D1AA8 00000000 00000000-00000000 00000000 .... .... .... ....
A00D1AB8 00000000 00000000-72687470 20646165 .... .... rhtp dae
A00D1AC8 6574756D 00000078-00000000 00000000 etum ...x .... ....
Memory at EBP
FBF138DB 6E72654B 64206C65-63657465 20646574 nreK d le cete det
FBF138EB 61206E61 6D657474-64657470 6E6F6320 a na mett detp noc
FBF138FB 74786574 69777320-20686374 61206E69 txet iws hct a ni
FBF1390B 504D206E 6146204B-57207473 002E4454 PM n aF K W ts ..DT
FBF1391B 616E550A 20656C62-61206F74 636F6C6C anU. elb a ot coll
FBF1392B 20657461 6F6D656D-66207972 6420726F eta omem f yr d ro
FBF1393B 20617461 65657274-0A000A73 61766E49 ata eert ...s avnI
FBF1394B 2064696C 6E616853-206E6F6E 6146202D dil nahS non aF -
FBF1395B 54206F6E 0A656572-65520A00 70206461 T on .eer eR.. p da
FBF1396B 20747361 20646E65-7220666F 20646165 tsa dne r fo dae
FBF1397B 66667562 000A7265-7272450A 2520726F ffub ..re rrE. % ro
FBF1398B 65722064 6E696461-6F732067 65637275 er d nida os g ecru
FBF1399B 6C696620 43000A65-00344D4F 434F4C43 lif C..e .4MO COLC
FBF139AB 4C00244B 2044414F-6F72705B 74636574 L.$K DAO orp[ tcet
FBF139BB 5D6E6F69 61705B20-6C5D6874 6164616F ]noi ap[ l]ht adao
FBF139CB 5F656C62 75646F6D-5B20656C 61726170 _elb udom [ el arap
Memory at ESP
8FD9DE9C FBF138DB A00D19E0-00000006 A00D19C0 {q8[ ..` .... ..@
8FD9DEAC 002186BC 00000001-A00D19E0 A00D19D8 .!.< .... ..` ..X
8FD9DEBC 00000006 A00D19C0-002064BC A00D19E4 .... ..@ . d< ..d
8FD9DECC A00D1A40 8FD9DEF0-00000000 04B4E504 ..@ .Y^p .... .4e.
8FD9DEDC 9D96379C 883E6AC9-A00D19C0 04B4E504 ..7. .>jI ..@ .4e.
8FD9DEEC 00000006 8FD9DEFC-9EDD3AF1 9D96379C .... .Y^| .]:q ..7.
8FD9DEFC 8FD9DF20 9EDE3ABF-00000009 00000009 .Y_ .^:? .... ....
8FD9DF0C 9FE9C114 000000F6-9FEC9448 8FD9DF24 .iA. ...v .l.H .Y_$
8FD9DF1C 04B4E504 8FD9DF48-9EDE3B44 00000009 .4e. .Y_H .^;D ....
8FD9DF2C 00000009 9FE9C114-000000F6 00000000 .... .iA. ...v ....
8FD9DF3C 9FEC9448 04B4E504-00000006 8FD9DF70 .l.H .4e. .... .Y_p
8FD9DF4C 9EDE00AF 04B6E43C-FFFFFFFF 00000009 .^./ .6d< .... ....
8FD9DF5C 9FE9C114 000000F6-9FEC9448 04B4E504 .iA. ...v .l.H .4e.
8FD9DF6C 04B4E504 8FD9DF80-9EDE7A81 04B6E404 .4e. .Y_. .^z. .6d.
8FD9DF7C 00000002 8FD9DF94-9EDE7A2A 046B3A84 .... .Y_. .^z* .k:.
8FD9DF8C 9EDF8F2C 00000000-8FD9DFA8 9EDF3660 ._., .... .Y_( ._6`
Stack Walk
Current EIP: 0021AB7A SERVER.NLM|ProcessSchedulerAbendTriggers+82
Stack Contents
8FD9DEAC 002186BC SERVER.NLM|SchedSwitch+48
8FD9DEB0 00000001
8FD9DEC4 002064BC SERVER.NLM|kMutexLock+1AC
8FD9DEE0 883E6AC9 LIBC.NLM|pthread_mutex_lock+A9
8FD9DEF4 9EDD3AF1 NILE.NLM|SSL_library_init+26C
8FD9DEF8 9D96379C A00D19C0 4E8B2056 20500124 8B244811 @.. V .N$.P .H$.
8FD9DEFC 8FD9DF20 8FD9DF48 9EDE3B44 00000009 00000009 H_Y.D;^.........
8FD9DF00 9EDE3ABF NILE.NLM|CRYPTO_lock+8F
8FD9DF04 00000009
8FD9DF08 00000009
8FD9DF0C 9FE9C114 5F617372 2E62696C 00000063 5F617372 rsa_lib.c...rsa_
8FD9DF10 000000F6
8FD9DF24 9EDE3B44 NILE.NLM|CRYPTO_add_lock+5A
8FD9DF28 00000009
8FD9DF2C 00000009
8FD9DF30 9FE9C114 5F617372 2E62696C 00000063 5F617372 rsa_lib.c...rsa_
8FD9DF34 000000F6
8FD9DF4C 9EDE00AF NILE.NLM|RSA_free+2E
8FD9DF50 04B6E43C 00000001 00000006 00000000 00000000 ................
8FD9DF54 FFFFFFFF
8FD9DF58 00000009
8FD9DF5C 9FE9C114 5F617372 2E62696C 00000063 5F617372 rsa_lib.c...rsa_
8FD9DF60 000000F6
8FD9DF74 9EDE7A81 NILE.NLM|EVP_PKEY_free+97
8FD9DF78 04B6E404 00000000 00000000 9FEAF3AC 00000008 ........,sj.....
8FD9DF7C 00000002
8FD9DF84 9EDE7A2A NILE.NLM|EVP_PKEY_free+40
8FD9DF88 046B3A84 00000006 00000006 00000000 04B6E404 .............d6.
8FD9DF8C 9EDF8F2C C90CC483 55C3C9C3 5653E589 8310EC83 .D.ICICU.eSV.l..
8FD9DF98 9EDF3660 NILE.NLM|PKCS7_DIGEST_free+35
8FD9DF9C 046B3A84 00000006 00000006 00000000 04B6E404 .............d6.
8FD9DFA0 9FEA2C70 00000001 00000010 9FEA2C3C 00000002 ........<,j.....
8FD9DFAC 9EDF8E7A NILE.NLM|ASN1_item_ex_free+2A6
8FD9DFB0 00000003
8FD9DFB4 009052DC 047E85C4 00000000 00000000 00000000 D.~.............
8FD9DFB8 9FEA2C70 00000001 00000010 9FEA2C3C 00000002 ........<,j.....
8FD9DFF0 9EDF8F2C NILE.NLM|ASN1_template_free+8A
8FD9DFF4 009052DC 047E85C4 00000000 00000000 00000000 D.~.............
8FD9DFF8 9FEA2C70 00000001 00000010 9FEA2C3C 00000002 ........<,j.....
8FD9DFFC 00000000
8FD9E014 9EDF8E55 NILE.NLM|ASN1_item_ex_free+281
8FD9E018 009052DC 047E85C4 00000000 00000000 00000000 D.~.............
8FD9E01C 9FE9B6C4 00000000 00000000 00000018 9FE9B627 ............'6i.
8FD9E020 0000000A
8FD9E054 9EDF8F2C NILE.NLM|ASN1_template_free+8A
8FD9E058 04622844 009052C4 00000000 00000000 00000000 DR..............
8FD9E05C 9FE9B720 00000001 00000010 9FE9B64C 0000000A ........L6i.....
8FD9E060 00000000
8FD9E078 9EDF8E55 NILE.NLM|ASN1_item_ex_free+281
8FD9E07C 04622844 009052C4 00000000 00000000 00000000 DR..............
8FD9E080 9FE9B768 00000000 00000000 00000000 9FE9B754 ............T7i.
8FD9E084 0000000A
8FD9E0B8 9EDF8BCD NILE.NLM|ASN1_item_free+11
8FD9E0BC 8FD9E0D0 04622844 9FE9B7AC 8FD9E0F0 9EDD8B5E D(b.,7i.p`Y.^.].
8FD9E0C0 9FE9B7AC 00000001 00000010 9FE9B768 00000003 ........h7i.....
8FD9E0C4 00000000
8FD9E0CC 9EDD7D2F NILE.NLM|X509_free+10
8FD9E0D0 04622844 009052C4 00000000 00000000 00000000 DR..............
8FD9E0D4 9FE9B7AC 00000001 00000010 9FE9B768 00000003 ........h7i.....
8FD9E0D8 8FD9E0F0 8FD9E104 9EDD09AF 046F6964 55325B84 .aY./.].dio..[2U
8FD9E0DC 9EDD8B5E NILE.NLM|ssl_cert_free+8E
8FD9E0E0 04622844 009052C4 00000000 00000000 00000000 DR..............
8FD9E0E4 8FD9E0F0 8FD9E104 9EDD09AF 046F6964 55325B84 .aY./.].dio..[2U
8FD9E0F4 9EDD09AF NILE.NLM|SSL_CTX_free+D1
8FD9E0F8 046F6964 046F6984 00000000 00000000 00000000 .io.............
8FD9E0FC 55325B84 00000020 00908E64 9EDC3710 00000000 ...d....7\.....
8FD9E108 9EDC4825 NILE.NLM|SSLDeRegister+A5
8FD9E10C 04B4E504 9FEC9398 04B623A4 04B57784 04632484 ..l.$#6..w5..$c.
8FD9E118 9FEF5542 WSPSSL.NLM|WSPSSL_deleteSktProc+1D2
8FD9E11C 04B4E504 9FEC9398 04B623A4 04B57784 04632484 ..l.$#6..w5..$c.
8FD9E134 9FEEFE5A WSPSSL.NLM|SSLMapSessnReleaseWTD+EE
8FD9E138 9EBBE8A0 00000000 8E7792A0 00000080 0000000A .... .w.........
8FD9E154 9FEEFD8D WSPSSL.NLM|SSLMapSessnReleaseWTD+21
8FD9E158 8E7792A0 9FEF83CC 9FEF8430 00000001 00000000 L.o.0.o.........
8FD9E164 00361298 SERVER.NLM|kDoFastWorkToDo+28
8FD9E168 9FD2D020 00000000 9FEEFD6C 9FD74C00 00000000 ....l}n..LW.....
8FD9E184 0022476C SERVER.NLM|kWorkToDoCheckAllRunFast+A4
8FD9E19C 00224EE8 SERVER.NLM|MpkSystemWork+68
8FD9E1A8 002181C4 SERVER.NLM|SchedThreadYield+340
8FD9E1BC 003615F1 SERVER.NLM|TimerInterruptHandlerBackEnd+9A
8FD9E260 00000000
EIP invalid.
Novell Open Enterprise Server, NetWare 6.5
PVER: 6.50.08
Server N05 halted Wednesday, November 23, 2011 10:35:58.629 am
Abend 1 on P00: Server-5.70.08-1315: Kernel detected an attempted context switch in an MPK Fast WTD.
Registers:
CS = 0008 DS = 0010 ES = 0010 FS = 0010 GS = 0023 SS = 0010
EAX = 00000000 EBX = 00000001 ECX = 00000000 EDX = 00090009
ESI = 00000006 EDI = 9FE40018 EBP = FBF138DB ESP = A4930264
EIP = 002231BA FLAGS = 00000002
002231BA 83C404 ADD ESP, 00000004
EIP in SERVER.NLM at code start +00019B5Ah
The violation occurred while processing the following instruction:
002231BA 83C404 ADD ESP, 00000004
002231BD 833D14D0030000 CMP [SERVER.NLM|SleepNotAllowedUseCount]=00000001
, 00000000
002231C4 7482 JZ 00223148
002231C6 833DACC1030000 CMP [0003C1AC]=00000000, 00000000
002231CD 0F84D5000000 JZ 002232A8
002231D3 85DB TEST EBX, EBX
002231D5 0F84BA000000 JZ 00223295
002231DB 8B1DE843F0FB MOV EBX, [FBF043E8]=FBF24D68
002231E1 53 PUSH EBX
002231E2 E8AF38EFFF CALL LOADER.NLM|Abend
Running process: Apache_Worker 66 Process
Thread Owned by NLM: APACHE2.NLM
Stack pointer: A4931E20
OS Stack limit: A4922FC0
CPU 0 (Thread A4921600) is in a NO SLEEP state
Scheduling priority: 67371008
Wait state: 5050010 Blocked on a Mutex
Stack: --FBF138DB ?
--9FE40020 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--9FE40000 ?
00220CFC (SERVER.NLM|SchedSwitch+48)
--00000001 (LOADER.NLM|KernelAddressSpace+1)
--9FE40020 ?
--9FE40018 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--9FE40000 ?
0020EAFC (SERVER.NLM|kMutexLock+1AC)
--9FE40024 ?
--9FE40080 ?
--A49302B8 ?
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--04719004 ?
--9D9A589C ?
883E6AC9 (LIBC.NLM|pthread_mutex_lock+A9)
--9FE40000 ?
--04719004 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--A49302C4 ?
9F92FAF1 (NILE.NLM|SSL_library_init+26C)
--9D9A589C ?
--A49302E8 ?
9F93FABF (NILE.NLM|CRYPTO_lock+8F)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-A007C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
-A00A9448 (NILE.NLM|serverPostFix+1968)
--A49302EC ?
--04719004 ?
--A4930310 ?
9F93FB44 (NILE.NLM|CRYPTO_add_lock+5A)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-A007C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
-A00A9448 (NILE.NLM|serverPostFix+1968)
--04719004 ?
--00000006 (LOADER.NLM|KernelAddressSpace+6)
--A4930338 ?
9F93C0AF (NILE.NLM|RSA_free+2E)
--046F21BC ?
--FFFFFFFF ?
--00000009 (LOADER.NLM|KernelAddressSpace+9)
-A007C114 (NILE.NLM|RSA_version+28)
--000000F6 (LOADER.NLM|KernelAddressSpace+F6)
-A00A9448 (NILE.NLM|serverPostFix+1968)
--04719004 ?
--04719004 ?
--A4930348 ?
9F943A81 (NILE.NLM|EVP_PKEY_free+97)
--046F2184 ?
--00000002 (LOADER.NLM|KernelAddressSpace+2)
--A493035C ?
9F943A2A (NILE.NLM|EVP_PKEY_free+40)
--04790FC4 ?
9F954F2C (NILE.NLM|ASN1_template_free+8A)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--A4930370 ?
9F94F660 (NILE.NLM|PKCS7_DIGEST_free+35)
--04790FC4 ?
-A0082C70 (NILE.NLM|X509_PUBKEY_it+0)
--047571A4 ?
--A49303B4 ?
9F954E7A (NILE.NLM|ASN1_item_ex_free+2A6)
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--046C809C ?
-A0082C70 (NILE.NLM|X509_PUBKEY_it+0)
--9FD8FB40 ?
-A0082C28 (NILE.NLM|PKCS7_ATTR_VERIFY_it+34)
-A0082C3C (NILE.NLM|PKCS7_ATTR_VERIFY_it+48)
--9FD8FB40 ?
--A49303B0 ?
-A0082C10 (NILE.NLM|PKCS7_ATTR_VERIFY_it+1C)
9F94F641 (NILE.NLM|PKCS7_DIGEST_free+16)
--00000002 (LOADER.NLM|KernelAddressSpace+2)
--04772F24 ?
--047571A4 ?
--04719004 ?
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--A49303D8 ?
9F954F2C (NILE.NLM|ASN1_template_free+8A)
--046C809C ?
-A0082C70 (NILE.NLM|X509_PUBKEY_it+0)
--00000000 (LOADER.NLM|KernelAddressSpace+0)
--04748004 ?
--00000005 (LOADER.NLM|KernelAddressSpace+5)
--046C809C ?
--00000003 (LOADER.NLM|KernelAddressSpace+3)
--A4930418 ?
9F954E55 (NILE.NLM|ASN1_item_exMaybe Hamish Speirs can explain it - it was his post in another thread that gave me the idea and commands to try (see http://forums.novell.com/forums/nove...r-10038-a.html).
We had a confluence of changes at the beginning of the semester (Sept) that no doubt helped contribute to the problem and yet also mask the real cause to a certain extent.
1. The Thawte cert expired and was replaced with a new cert - Thawte does not support doing renewals on NetWare. This happened around the start of Sept.
2. School semester begins. Thousands of students return.
3. We use Pcounter for pay-for-print and it uses httpstk to provide a webpage for students to authorize print jobs.
4. Printing activity in general goes way up.
5. All printers are Secure.
6. Apache, iPrint and httpstk all use the same Thawte certificate
7. The print server was also hosting the netstorage service which also uses the Thawte cert (via apache).
8. The print server was recently (August) virtualized (via p2v using the excellent Portlock Storage Manager)
Eventually I built a new NetWare vm to host print services and got a new cert so at least the netstorage and print services were no longer running together. I suspected at that point that the likely source of the abends was NetStorage since Nile and SSL were almost always involved in the abends.
After the separation the issues continued - so it wasn't netstorage's fault. Desparate searching of the 'net lead to H.'s post. The rest is history!
It has now been 9 days up uptime without a single nile/ssl related abend ( I had one abend in pcounter but services survived).
Ron
"Seasoned Greasings and Happy New Rear!" -
Sql server service wont start after disabling TLS 1.0 and SSL 3.0 on windows
We have been hardening our servers for some time now and recently we disabled SSL 3.0 because of the poodle attack. When I did this on one of our test servers SQL Server failed to start up after the restart.
I have been able to reproduce this on Windows Server 2012 and Windows 7 by disabling TLS 1.0 and SSL 3.0 through the registry. I am using SQL Server 2012 on the server machine. On my windows 7 machine sql server 2012 and sql server 2005 will not start with
those disabled.
These are the event log errors I get:
Application Logs:
(28/10/2014 8:38:54 AM) SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
(28/10/2014 8:38:54 AM) Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
(28/10/2014 8:38:54 AM) TDSSNIClient initialization failed with error 0x80090331, status code 0x1.
(28/10/2014 8:38:54 AM) TDSSNIClient initialization failed with error 0x80090331, status code 0x80.
System Logs:
(28/10/2014 8:38:54 AM) The SQL Server (MSSQLSERVER) service terminated with service-specific error %%-2146893007.
(28/10/2014 8:38:54 AM) A fatal error occurred while creating an SSL server credential. The internal error state is 10013.
Done anyone know have we can keep SSL 3.0 and TLS 1.0 disabled and get SQLServer server to start?Hi Don,
I already have TLS 1.0 Disabled to prevent the BEAST exploit. So the values I have for:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.0\Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.0\Client
Both have enabled set to ("Enabled"=dword:00000000).
If change both of these back to ("Enabled"=dword:00000001)
to enable TLS 1.0, and restart then SQLServer is able to start again. But we are now vulnerable to the BEAST attack once again.
If I keep server enabled and disable the client or vice versa and restart. Then SQLServer starts but I
am unable to connect to it. When I check the Event logs I get the same errors as my original past.
With your last post, do you mean to backup SCHANNEL and delete it so it gets recreated? If that is the case it will probably work because if I re enable SSL 3.0 or TLS 1.0 from here it fix's the issue, but I then I won't have the exploits patched and
we need this for some of our customers.
This is my SCHANNEL Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000 -
ACE 4700 configuring SSL termination weblogic server 10.3.6
Hello,
Im trying to configure an ACE 4700 so that SSL termination is done on the ACE and HTTP reaches the weblogic server instance.
I have a working setup of a Apache reverse proxy doing SSL offloading and using a weblogic module and that works fine
Was reading http://docs.oracle.com/cd/E23943_01/web.1111/e13709/load_balancing.htm#i1045186
Can anyone point me to a working config example for doing this with the ACE4700 or give me some directions here?
Kind regards,
LaurensHi Laurens,
Here is a basic configuration for SSL termination:
rserver host test
ip address 10.198.16.98
inservice
rserver host test2
ip address 10.198.16.93
inservice
serverfarm host test
rserver test 80
inservice
rserver test2 80
inservice
ssl-proxy service TEST
key cert
cert cert
class-map match-all VIPSSL
2 match virtual-address 10.198.16.122 tcp eq https
policy-map type loadbalance first-match test
class class-default
serverfarm test
policy-map multi-match clients
class VIPSSL
loadbalance vip inservice
loadbalance policy test
loadbalance vip icmp-reply active
nat dynamic 1 vlan 112
ssl-proxy server TEST
interface vlan 112
ip address 10.198.16.91 255.255.255.192
access-group input Allow_Access
nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat
service-policy input NSS_MGMT
service-policy input clients
no shutdown
Cesar R
ANS Team -
CSS/SSL termination - cypher negotiation Q
Hi everyone
question regarding SSL termination on CSS/SSL module.
I have several several cyphers in my ssl-proxy list,
What is the algorithm to choose the cypher ?
I may assume that CSS and browser negotiate it during SSL session establishing.
The testing shows that same browser gets different cyphers when it hits
different CSSs (cyphers are in the same order in proxy-lists on CSSs)
Thanks
AlexAlex,
it's not really an algorithm.
The browser selects the first cipher that matches its requirements in the list presented by the server/CSS.
The CSS builds a list in the order of weight.
If you did not specify any weight, the list can be random depending in which order you entered the command.
I would say, if you want a specific cipher to be selected, use a highest weight for this cipher.
Gilles. -
ACE SSL Terminator doesn't work
Hi,
I should implement a balancing HTTP and for HTTPS an SSL terminator on my ACE.
Public IP 22.235.121.6 port 80 --> balanced on 192.168.250.165-166 on port 8889
Public IP 22.235.121.6 port 443 --> my ace terminate ssl and balance the traffic in clear text to 192.168.250.165-166 on port 8889
This is the configuration:
probe http EXAMPLE_IT_HTTP
port 8889
interval 5
faildetect 2
passdetect interval 10
passdetect count 2
request method get url /probe/probe.html
expect status 200 206
expect status 300 307
open 1
serverfarm host example_IT_HTTP
failaction reassign across-interface
predictor leastconns
probe example_IT_HTTP
fail-on-all
rserver H-192.168.250.165 8889
inservice
rserver H-192.168.250.166 8889
inservice
serverfarm host example_IT_HTTPS-HTTP
failaction reassign across-interface
predictor leastconns
probe example_IT_HTTP
fail-on-all
rserver H-192.168.250.165 8889
inservice
rserver H-192.168.250.166 8889
inservice
sticky ip-netmask 255.255.255.255 address both example-IT-HTTPS-HTTP
timeout 60
replicate sticky
serverfarm example_IT_HTTPS-HTTP
ssl-proxy service SSL_example_IT
key example_it.key
cert example_it.cert
chaingroup SSL_CHAIN_example_IT
crypto chaingroup SSL_CHAIN_example_IT
cert example_it.ca
class-map match-all example_IT_HTTP
2 match virtual-address 22.235.121.6 tcp eq www
class-map match-all example_IT_HTTPS-HTTP
2 match virtual-address 22.235.121.6 tcp eq www
policy-map type loadbalance first-match example_IT_HTTP-l7slb
class class-default
serverfarm example_IT_HTTP
policy-map type loadbalance first-match example_IT_HTTPS-HTTP-l7slb
class class-default
sticky-serverfarm example-IT-HTTPS-HTTP
policy-map multi-match int41
class example_IT_HTTP
loadbalance vip inservice
loadbalance policy example_IT_HTTP-l7slb
loadbalance vip icmp-reply active primary-inservice
class example_IT_HTTPS-HTTP
loadbalance vip inservice
loadbalance policy example_IT_HTTPS-HTTP-l7slb
loadbalance vip icmp-reply active primary-inservice
ssl-proxy server SSL_example_IT
the balancing on http work properly, but doesn't work the ssl termination, when I try to connect from my client in https I don't see request on the server 192.168.250.165-166 coming.
Some show:
balancer# sh crypto certificate all
example_it.cert:
Subject: /C=GB/ST=United Kingdom/L=London/O=XXXXXXXX/OU=XXXXXXXXX/CN=*.xxxx.com
Issuer: /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
Not Before: Apr 11 00:00:00 2014 GMT
Not After: Apr 12 23:59:59 2015 GMT
CA Cert: FALSE
example_it.ca:
Subject: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
Not Before: Nov 8 00:00:00 2006 GMT
Not After: Jul 16 23:59:59 2036 GMT
CA Cert: TRUE
balancer# sh crypto session
SSL Session Cache Stats for Context
Number of Client Sessions: 0
Number of Server Sessions: 0
balancer#
balancer# sh crypto files
Filename File File Expor Key/
Size Type table Cert
cisco-sample-cert 1082 PEM Yes CERT
cisco-sample-key 887 PEM Yes KEY
example_it.ca 7444 PEM Yes CERT
example_it.cert 1812 PEM Yes CERT
example_it.key 1675 PEM Yes KEY
balancer#
balancer# crypto verify example_it.key example_it.cert
Keypair in example_it.key matches certificate in example_it.cert.
balancer#
the show stats crypto client/server give me all 0
Someone can help me to understand why is not working ?
for further information please ask me
Thanks a lotHi,
The problem is here:
class-map match-all example_IT_HTTPS-HTTP
2 match virtual-address 22.235.121.6 tcp eq www
You should change it to 443 instead of WWW which means port 80.
You will never match this class "example_IT_HTTPS-HTTP".
Regards,
Kanwal
Note: Please mark answers if they are helpful.
Maybe you are looking for
-
How do I share photos on I-photo between users on the same computer?
how do I share photos on I-photo between users on the same computer?
-
Undo History box (question)
In PSE9 on my MAC I tick the undo history to show it down the right and when I shut PSE9 it stays on teh desktop and I need to tick it every time I open PSE. I'd just like to tick and have it there always... oh and not get it left behind on my destop
-
Difference between different RFCs
Hi All, Could you please provide me with some useful material or brief knowledge where i can find out : what is an s-RFC, t-RFC and q-RFC ? ? Where all these are used ? ? And what is the Difference between them ? ? Regards, Arkesh Sharma
-
Any Report that updates the GR document number of R/3 to SRM
Hi Experts Can any one tell me is there any reoprt that updated the GR numbers of R/3 to SRM Because I have done the confirmations in SRM ( 4.0) it created a confirmation number but the shoppingc art history is not updated with the GR document numb
-
At the first of the month my DSL provider quit. Because of the price, I signed up with AT&T Uverse. Ever since then my Safari (v. 5..1.2) has had trouble following hyperlinks. VERY often I click on a hyperlink, and Safari takes me to a page that