ACE - Radius Auth - Server Deadtime strange behavior... bug?

Similar Messages

• RADIUS auth-server unavailable messages

  Hello,
  during troubleshooting of some other WLC (WiSM2, 7.4.121.0) issues I have noticed that there is some messages like this:
  hu Feb 27 15:01:11 2014    RADIUS auth-server 192.168.4.66:1812 available
  1    Thu Feb 27 15:01:06 2014    RADIUS auth-server 192.168.4.66:1812 unavailable
  2    Thu Feb 27 15:01:06 2014    RADIUS server 192.168.4.66:1812 failed to respond to request (ID 216) for client 9c:d2:4b:bd:82:fb / user '***'
  3    Thu Feb 27 14:58:24 2014    RADIUS auth-server 192.168.4.66:1812 available
  4    Thu Feb 27 14:58:22 2014    RADIUS auth-server 192.168.4.66:1812 unavailable
  5    Thu Feb 27 14:58:22 2014    RADIUS server 192.168.4.66:1812 failed to respond to request (ID 128) for client 9c:d2:4b:bd:82:fb / user '***'
  6    Thu Feb 27 14:57:56 2014    RADIUS auth-server 192.168.4.66:1812 available
  7    Thu Feb 27 14:57:43 2014    RADIUS auth-server 192.168.4.66:1812 unavailable
  8    Thu Feb 27 14:57:43 2014    RADIUS server 192.168.4.66:1812 failed to respond to request (ID 103) for client 9c:d2:4b:bd:82:fb / user '***'
  9    Thu Feb 27 14:57:18 2014    RADIUS auth-server 192.168.4.66:1812 available
  10    Thu Feb 27 14:57:12 2014    RADIUS auth-server 192.168.4.66:1812 unavailable
  During that time I have ping radius server from console but it looks OK:
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >
  (WiSM-slot25-1) >show time
  Time............................................. Thu Feb 27 15:00:10 2014
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  (WiSM-slot25-1) >ping 192.168.4.66
  Send count=3, Receive count=3 from 192.168.4.66
  There is only one radius configured in WLC.
  (WiSM-slot25-1) >show radius auth statistics
  Authentication Servers:
  Server Index..................................... 1
  Server Address................................... 192.168.4.66
  Msg Round Trip Time.............................. 11 (msec)
  First Requests................................... 31952
  Retry Requests................................... 285
  Accept Responses................................. 4002
  Reject Responses................................. 274
  Challenge Responses.............................. 27620
  Malformed Msgs................................... 0
  Bad Authenticator Msgs........................... 0
  Pending Requests................................. 0
  Timeout Requests................................. 341
  Unknowntype Msgs................................. 0
  Other Drops...................................... 0
  What I can do to troubleshoot this, some debug commands, timer tuning... ?
  Regrds,
  Mladen

  that could also be load on the AAA server.  the WLC callas a radius server dead/unavailable if it doesn't respond to 3 requests for a client authetication.
  You may want to also try disabling agressive failover.
  config radius aggressive-failover disable.
  this changes the behavior of the WLC that the AAA has to not responde to three consecutive clients before it's called dead.  but if you only have the one server it may not help too much.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Creating Albums in A2: Strange behavior, bug or operator error

  I've just bought A2 and imported my 13,000 photos into it. They are imported as "referenced masters". On disk, my photos are arranged in folders by year, month and day that the pictures were taken:
  Photos/
  ....2008/
  ....2007/
  ........01/
  ........05/
  ........10/
  ............IMG1.NEF
  ............IMG2.NEF
  ............IMG3.NEF
  The only way to import directories of photos into A2 is "Import folders as projects" (It seems like you should be able to just import all the photos in a directory tree, but apparently you can't. Why not?)
  Anyway, so now I have a bunch of projects, one for each year. Then folders for each month and albums for each day. This is only mildly useful since I could create smart albums, but... (Is there a way to get rid of the projects without losing the photos? Can I delete them all and leave the photos in my library?)
  Anyway, the next thing I wanted to do was to create some folders of albums of my photos. I'm a hobbiest and I take most of my photos when I travel. I wanted to create an album for each "trip" I went on. So, for example, I went to Southeast Asia in October of 2004.
  I created a (root level) folder called "Trips". Then I created an album called "Southeast Asia 2004". I selected the folder named "10" (i.e. October) in project "2004" and selected all the photos. (I apparently hadn't taken any other pictures in October 2004 besides what I had done on my trip). I dragged the selection to my new album and saw a "+" icon (as if to say "add these photos to this album"). When I released the mouse button, it did nothing. I couldn't add the photos to my album.
  After screwing around for a while, I found that I could not add photos to an album unless I selected them from a higher level in the project tree. So if I created my album as a child of 2004, I couldn't add photos selected from 2004/10. But I could add them if I selected them from within 2004. Similarly, I couldn't add photos to my album at Trips/SoutheastAsia unless I selected them from "All Photos" under "Library."
  Maybe I'm not understanding what folders and projects are /supposed/ to be. But this doesn't make sense to me. Is this intentional? Is it a bug? Can someone explain the reasoning behind this -- or tell me what I am doing wrong?
  Thanks!
  tim

  Aarrgghh. I know part of the problem is that I don't quite grok Aperture's model yet. But, still, something is not right.
  I had created a new project called "Trips". In that project I created an album. If I selected photos from the "All Photos" smart album, I could put them in that album in that other project. But the photos still weren't in that other project. Just the album. This seems wrong, but I'm not sure.
  So, instead of creating a project called Trips, I created a top-level folder. In that, I created an album for my one trip. Once again, I could select photos from another project. When I dragged them to the new album, I got a green "+". But when I dropped them, nothing happened. But, if I drag them from "All Photos" it works.
  That can't be right. If I can put photos from any project into an album, I should be able to do it from anywhere. If I can't, I shouldn't be able to do it from "All Photos." If anyone knows which is right, let me know. Also, if anyone knows how to file a bug, let me know -- I will file this one with a good use case description.
  Thanks,
  tim

• Strange behavior with Zoom and Image control

  HELP - I have a strange behavior (bug?) with using Zoom
  effect on an Image that has been placed on a Canvas. I am using
  dynamically instantiated images which are placed on a canvas inside
  a panel. I then assign a Zoom IN and Zoom Out behavior to the
  image, triggered by ROLL_OVER and ROLL_OUT effect triggers. THE BUG
  is that the image jumps around on the Zoom OUT and lands on a
  random place on the canvas instead of coming back to the original
  spot. This is especially true if the mouse goes in and out of the
  image very quickly. HELP -- what am I doing wrong? Computer = Mac
  OS X 10.4.9 Flex 2.0.1
  Here's a simple demo of the bug -- be sure to move the mouse
  in and out rapidly:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:Application xmlns:mx="
  http://www.adobe.com/2006/mxml"
  layout="absolute" creationComplete="setUp();">
  <mx:Script><![CDATA[
  import mx.events.EffectEvent;
  import mx.effects.Fade;
  import mx.effects.Zoom;
  import mx.rpc.events.ResultEvent;
  import flash.display.Sprite;
  import mx.core.UIComponent;
  import mx.controls.Image;
  private var zoomIn:Zoom;
  private var zoomOut:Zoom;
  private function setUp():void {
  var image:Image = new Image();
  image.id = "album_1_1";
  image.x = 200;
  image.y = 200;
  image.width = 64;
  image.height = 64;
  image.source = "
  http://s3.amazonaws.com/davidmccallie/album-128.jpg";
  image.addEventListener(MouseEvent.ROLL_OVER, doZoom);
  image.addEventListener(MouseEvent.ROLL_OUT, doZoom);
  myCanvas.addChild(image);
  zoomIn = new Zoom();
  zoomIn.zoomHeightTo = 2.0;
  zoomIn.zoomWidthTo = 2.0;
  zoomIn.captureRollEvents = true;
  zoomIn.suspendBackgroundProcessing = true;
  zoomOut = new Zoom();
  zoomOut.zoomHeightTo = 1.0;
  zoomOut.zoomWidthTo = 1.0;
  zoomOut.captureRollEvents = true;
  zoomOut.suspendBackgroundProcessing = true;
  private function doZoom(event:MouseEvent):void {
  var image:Image = Image(event.currentTarget);
  if (event.type == MouseEvent.ROLL_OVER) {
  zoomIn.target = event.currentTarget;
  zoomIn.play();
  } else if (event.type == MouseEvent.ROLL_OUT) {
  zoomOut.target = event.currentTarget;
  zoomOut.play();
  ]]>
  </mx:Script>
  <mx:Panel width="100%" height="100%"
  layout="absolute">
  <mx:Canvas id="myCanvas" width="100%" height="100%">
  </mx:Canvas>
  </mx:Panel>
  </mx:Application>

  There must be bugs in the Zoom effect code -- I changed the
  Zoom to Resize in the above code, and it works perfectly. Of
  course, Resize is not as nice as Zoom because you can't set the
  resize to be around the center of the image, but at least it works.
  Does anyone know about bugs in the Zoom effect?

• 802.1x "MachineorUser" Auth Mode strange behavior in 2950 & 3750 Switches

  Good Day Support Team around the world,
  Having started recently  tests with 802.1x in a lab environment, I noticed  a strange behavior related to authentication. First let me provide you with the network components I used.
  supplicant:                    domain-joined laptop with Windows XP SP3 802.1x embedded client
  authenticator1:              Cisco 2950-24   
  authenticator2:              Cisco 3750-24
  authentication server:     MS NPS Windows Server 2008
  1.     In the first scenario with 3750 switch when I connect the laptop to relevant port the machine authentication is successful. Then I try to login with a domain account and again the authentication is completed without any problem. Then I log off and user authentication is revoked and the machine authentication is used again without any issue. When I try to login again as local user the authentication fails as expected but the port remains disabled (port blinking amber) regardless the fact that port is configured for Auth-Fail Vlan. When I log off then the machine authentication is used again and the access is granted.
  2.     In the second scenario with 2950 switch as authenticator, I follow the same steps as before and when I try to login as local user the authentication is failed and the port is assigned the Auth-Fail Vlan (as expected based on configuration). However when I log off it seems that the 2950 switch still use the Auth-Fail Vlan for that port and never authenticates again for machine authentication.
  Could you please let me someone know if this is normal ( I suppose no). Please find attached the relevant debug output from the second scenario.
  Thank you!!!

  Hi,
  basically what happens is that the maximum EAP packet size for communication between client and RADIUS server is negotiated. Therefore, in your case the switch notifies NPS that the client is capable of handling packets up to 9000 bytes in size.
  EAP messages, especially those containing the server certificate, are usually bigger than 1500 bytes and arrive at the switch in multiple fragments:
  Mar  6 15:50:11.881: RADIUS(0000002C): Received from id 1645/41
  Mar  6 15:50:11.881: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253+253+253+253+253+20, total 2044 bytes
  Having learned that 2044 bytes is acceptable for the client, the switch forwards the full message in one chunk, but since your client is likely to have set the interface MTU to 1500, the packet is oversized and never reaches its destination.
  And yes, I think changing the System Jumbo MTU to 1500 bytes would lead to the same result. If my memory serves me right, a new setting takes effect only after a reboot, so I'd suggest giving it a go in your lab first.
  Best regards,
  Josef

• Strange Behavior with gMSA in Server 2012 R2

  Greetings,
  I have been doing some testing with gMSA Accounts in a Server 2012 R2 environment (two separate environments, actually), and I have noticed something very strange that occurred in both environments, which does not appear to be occurring in one of our customer's
  self-managed environments.
  We created a Group Managed Service Account using the following article:
  http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
  Everything went smoothly, and the account installs/tests successfully on both of the hosts that we are testing on. I am able to set my services to run under the account, and most of them appear to work fine. I am having some issues with a few of my services,
  and I believe that the strange behavior I am seeing may have something to do with this - described below: 
  As soon as I set the service's Log On Account (via the Log On Tab under the Service's Properties), the entirety of the "Log On" tab changes to "greyed out," and I am unable to change the Log On account back via the GUI (Screenshot
  attached).
  I found that I am able to successfully change the account via Command Line using sc.exe, but the Log On tab remains greyed out! So far, I have found nothing to remedy this, but confirmed that it happens for any service I set to use the gMSA as the Logon
  Account, and that it happens in 2 separate test environments, but not in a Customer's production environment - very strange.
  All servers in this environment are running Server 2012 R2, and domain Functional Level is currently Server 2012.
  I have been unable to find any information online about this behavior, so I am hoping someone has seen this before, and can explain why this is happening.
  Nick

  VIvian,
  Yes, we used the Install-AdServiceAccount gMSA command on each host using the gMSA account, and then ran Test-AdServiceAccount gMSA, which returned "True."
  However, one thing I noticed is that if I run Test-ADServiceAccount gMSA as a Local Administrator, it fails with the following:
  PS C:\Users\Administrator> Test-AdServiceAccount gMSA$
  Test-AdServiceAccount : The server has rejected the client credentials.
  At line:1 char:1
  + Test-AdServiceAccount gMSA$
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : SecurityError: (:) [Test-ADServiceAccount], AuthenticationException
      + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.Security.Authentication.AuthenticationException,Microsoft.A
     ctiveDirectory.Management.Commands.TestADServiceAccount
  If I run Test-ADServiceAccount gMSA as Domain Administrator, it returns true:
  PS C:\Users\Administrator.<domainname>> Test-AdServiceAccount gMSA$
  True
  Is this normal?
  Overall, I think the issue I am running into is at the Application Level, and not a problem with the gMSA, as it appears to be working. (Can Start/Stop services without any issues). I will be investigating my issue further with 3rd-party vendors, unless
  you think there is something wrong with my gMSA accounts based on the information I have provided.
  Nick

• Local adjustement strange behavior. Bug ?

  Hallo,
       Whilte retouching picture from a wedding I got some strange behavior. I wanted to hightlight the couple using local adjustement / Brightness.
  But the result get "noisy". Look at the screenshot.
  More about the picture:
    Very low light, EOS 5D Mark II, 3200 ISO, RAW/CR2
       Any opinion ?
       Regards

  If it doesnt help, can you provide a different photo that has the same behavior happening. It's hard to tell what's going on with the one that you provided

• Managing roles for ACE RADIUS authentication

  Hi,
  I have an ACE module running virtual contexts. I have configured the ACE contexts to authenticate against a RADIUS server (Windows IAS).
  When I log in, I am always given the role of 'network-monitoring'. I would like to configure the RADIUS server so it authenticates users as 'Admin'.
  Attached is a screeprint of the RADIUS clients set up on IAS (client names and IP addresses removed). The question here is if they should be configured as 'RADIUS Standard' or 'Cisco' in the 'Client-Vendor' field.
  Also attached is a screenshot of the IAS 'Remote Access Policy' that i have set up for the network devices (these include the ACE contexts aswell as Switches and FWSM contexts). The question here is whether I need both the 'Vendor-Specific' and 'Cisco-AV-Pair' attributes. Also, how do I need to configure these attributes so they will authenticate the Switches, Routers and FWSM contexts (allowing enable level 15) and authenticate the ACE contexts (allowing the 'Admin' role).
  I have also attached the RADIUS config lines that have been configured on the ACE contexts (IP address of server removed).
  I would appreciate any input.

  Hi Roble,
  That makes sense. I will configure the other contexts aswell.
  By the way, I noticed you have some 6513s using the RADIUS server with the same settings. I also have some 6513s and 6509s. I have configured them as follows:-
  aaa new-model
  aaa group server radius radius-grp
  server auth-port 1645 acct-port 1646
  aaa authentication attempts login 5
  aaa authentication fail-message ^CCCFailed login. Five consecutive fails will revoke.^C
  aaa authentication login default group radius-grp local
  aaa authentication enable default group radius-grp enable
  aaa session-id common
  radius-server host auth-port 1645 acct-port 1646 key
  radius-server source-ports 1645-1646
  line con 0
  password 7
  logging synchronous
  line vty 0 4
  exec-timeout 30 0
  password 7
  transport input telnet ssh
  line vty 5 15
  exec-timeout 30 0
  password 7
  transport input telnet ssh
  For some strange reason, when I log in, I can authenticate against the RADIUS server on IAS. When I try to go into enable mode, I am prompted for the password but the authentication fails. When I check the IAS server logs, I see the initial login request is coming into the IAS server with my username, however the enable request is coming into the IAS server with the user $enable15$.
  Do you know why this is the case? How do I configure the switches to insert the username in the enable authentication request?
  I have attached a screenshot of my current IAS attributes.
  I would really appreciate any input you may have on this second issue.

• WAP321 ignore global radius active server ip address

  Hello everyone,
  I have few WAP321 with a radius server listening on 2 different IPs (one for each SSID).
  I configured the global radius server with theses two IPs.
  Then I created 2 wireless networks with WPA enterprise, global radius settings.
  I selected global radius "active server ip address 1" for the first network and global radius "active server ip address 2" for the second but it does not work. After saving the 2 networks only connect to the first IP of the radius and the select field only display "active server ip address 1" for both networks.
  Is it a bug ? or something I haven't understood ?
  Using firmware 1.0.5.3.
  Thank you.

  Hi flallart1
  Personally I can't confirm this behavior as I have no WAP321 unit by hand. But I wanted to say something about your setup.
  You've configured RADIUS server with two different IP's.
  Each RADIUS IP provides different authentication rules - like different user database or different set of authorization rules.
  You have added both RADIUS IPs inside Global RADIUS setting configuration.
  And inside each SSID (Virtual Access Point) setting you kept "Use global RADIUS server settings" checked, but you have explicitly selected "Active Server" for that particular SSID for which is suited.
  What "Active Server" means: Enables the administrative selection of the active RADIUS server, rather than having the WAP device attempt to contact each configured server in sequence and choose the first server that is up.
  In reality this means that from existing pool of available RADIUS servers you can choose preferred server by your own. But in case that preferred RADIUS server is not reachable, another one will be used for that SSID. But this is not good behavior in your case - because once that situation happen and your WAP selected different IP for particular SSID, your authentication scheme will be completely different as second RADIUS IP provides different authentication/authorization rulebase. If that RADIUS IP change happen, all clients already connected to that SSID according rulebase of first RADIUS IP will be denied in few next minutes, because re-authentication will fail as now it will be done according rulebase of second RADIUS IP. Also new clients will not be able to connect which normally works for them.
  In your case you should ignore global RADIUS settings and explicitly configure RADIUS IP inside each SSID (Virtual Access Point) - i.e. IP of RADIUS server which is only related to that SSID. In your scenario, there is no Backup RADIUS IP as both of them provides different authentication.

• SSL VPN on C2821 Radius auth issues

  I've been looking through the discussions and I can't seem to nail this one down. I'm implimenting SSL VPN on a 2821 to do SMTP only. I need it to auth off the radius server and it is only asking for local router login P/Ws. It will not auth against Radius. I've created a seperate aaa auth group to no avail and tried a few different tweaks. I'm throwing science at the wall and seeing what sticks at this point.
  I've made a new group server for Radius to test it, not working. I've tried variations in domain, not working. Can't use SDM, nor want to.
  This is what the config looks like
  Building configuration...
  Current configuration : 24735 bytes
  ! Last configuration change at 08:19:39 Arizona Tue Aug 28 2012 by dci
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname N****
  aaa new-model
  aaa group server radius IAS_AUTH
  server-private 10.12.1.7 auth-port 1645 acct-port 1646 key $*****
  aaa group server radius Global ***made for testing. Redundant
  server-private 10.12.1.7 auth-port 1645 acct-port 1646 key $*****
  aaa authentication login default local
  aaa authentication login sdm_vpn_xauth_ml_1 group IAS_AUTH
  aaa authentication login sdm_vpn_xauth_ml_2 local
  aaa authentication login SSL_Global group Global ** created for SSL VPN redundant, but did for testing
  aaa authorization network sdm_vpn_group_ml_1 local
  aaa authorization network sdm_vpn_group_ml_2 local
  aaa session-id common
  clock timezone Arizona -7
  dot11 syslog
  ip source-route
  ip cef
  password encryption aes
  crypto pki trustpoint TP-self-signed-2464190257
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2464190257
  revocation-check none
  rsakeypair TP-self-signed-2464190257
  crypto pki certificate chain TP-self-signed-2464190257
  certificate self-signed 01
  REMOVED
  interface GigabitEthernet0/0
  INTERFACES REMOVED
  ip local pool SDM_POOL_2 10.12.252.1 10.12.252.254
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip flow-cache timeout inactive 10
  ip flow-cache timeout active 5
  ip flow-export source GigabitEthernet0/0
  ip flow-export version 5 peer-as
  ip flow-export destination 10.12.1.17 2048
  ROUTES REMOVED
  ACLS REMOVED SSL IS ALLOWED
  route-map STAT_NAT permit 10
  match ip address 109
  route-map DYN_NAT permit 10
  match ip address 108
  snmp-server community $DCI$ RO
  control-plane
  banner login ^C
  line con 0
  password 7 01100F175804
  login authentication local
  line aux 0
  line vty 0 4
  privilege level 15
  transport input telnet ssh
  line vty 5 15
  privilege level 15
  transport input telnet ssh
  scheduler allocate 20000 1000
  webvpn gateway gateway_1
  ip address **outside ip*** port 443
  http-redirect port 80
  ssl trustpoint TP-self-signed-2464190257
  no inservice
  webvpn context webvpn
  secondary-color white
  title-color #CCCC66
  text-color black
  ssl authenticate verify all
  port-forward "portforward_list_1"
     local-port 3000 remote-server "10.12.1.23" remote-port 25 description "Email"
  policy group policy_1
     port-forward "portforward_list_1"
  default-group-policy policy_1
  aaa authentication list SSL_Global
  aaa authentication domain @n****
  gateway gateway_1 domain N****
  max-users 10
  no inservice
  end
  Can't change "no inservice" to "inservice" and I can't figure out why. Any help with this?

  OK, upgraded IOS to most current stable version and I'm now able to do inservice on the context and gateway. I'm trying to go through the SDM route, but Java crashes with ValidatorException errors. I'm going to try updating the SDM since it's the original version to the 2008 version since all the little "fixes" for this do not work. Any ideas on that?    

• Report FP_TEST_00 - Strange behavior

  Hello Gurus,
  A strange behavior with report FP_TEST_00 occurs:
  SA38 --> FP_TEST_00 --> select a device --> execute --> print preview then and error or popup is show:
  Adobe Reader
  Error initializing the font server module
  Then the SAP GUI is closed, I check the ST22 and no dump is generated and in transaction SM21 only appear:
  DP  Q0  4 Connection to user 551 (ADMIN ), terminal 86 (HUSVP-SAP-BA) lost
  DP  Q0  I Operating system call recv failed (error no. 232 )
  The #1 log entry: *
  Details Page 2 Line 28 System Log: Local Analysis of sapdev                   1
  Time     Type Nr Clt User TCode Grp N Text
  11:37:20 DP                     Q0  4 Connection to user 551 (ADMIN ), terminal 86 (HUSVP-SAP-BA) lost
  Connection to user 551 (ADMIN ), terminal 86 (HUSVP-SAP-BA) lost
  Details
  Recording at local and central time........................ 25.02.2010 11:37:20
  Task...... Process    User...... Terminal Session TCode Program Cl Problem cl         Package
  11092      Dispatcher                                           K  SAP Web AS Problem STSK
  Further details for this message type
  Module nam Line Error text..........              Caller.... Reason/cal
  dpxxdisp   1223 551  ADMIN       86  HUSVP-SAP-BA DpRTmPr    NiBufRe
  Documentation for system log message Q0 4 :
  The SAP Dispatcher (part of the application server) has lost the
  connection to a terminal process.  For example, this happens when the
  terminal program (GUI) terminates without correctly logging off the
  application server.  More detailed information about the error
  context is not available here.
  Technical details
  File Offset RecFm System log type             Grp N variable message data
     21 254340 m     Error (Function,Module,Row) Q0  4 551  ADMIN       86  HUSVP-SAP-BA     DpRTmPrNiBufRedpxxdisp1223
  The #2 Log show: *
  Details Page 2 Line 29 System Log: Local Analysis of sapdev                   1
  Time     Type Nr Clt User TCode Grp N Text
  11:37:20 DP                     Q0  I Operating system call recv failed (error no. 232 )
  Operating system call recv failed (error no. 232 )
  Details
  Recording at local and central time........................ 25.02.2010 11:37:20
  Task...... Process    User...... Terminal Session TCode Program Cl Problem cl         Package
  11092      Dispatcher                                           K  SAP Web AS Problem STSK
  Further details for this message type
  Module nam Line Error text        Caller.... Reason/cal
  nixxi.cp   4435           recv232 NiIRead    recv
  Documentation for system log message Q0 I :
  The specified operating system call was returned with an error.
  For communication calls (receive, send, etc) often the cause of errors
  are network problems.
  It could also be a configuration problem at operating system level.
  (file cannot be opened, no space in the file system etc.).
  Additional specifications for error number 232
  Name for errno number ECONNRESET
  No documentation available for error ECONNRESET
  Technical details
  File Offset RecFm System log type             Grp N variable message data
    21 254520 m     Error (Function,Module,Row) Q0  I           recv232                     NiIReadrecv   nixxi.cp4435
  Edited by: Hernando Polania Cadena on Feb 25, 2010 8:36 PM

  Hello All,
  I applied the solution in page
  http://wiki.sdn.sap.com/wiki/display/PLM/Adobe%209%20-%20SAPGUI%20crash
  Works OK
  Thanks
  Hernando

• Strange behavior of textareas in BPEL Worklist (10.1.2)

  I have a very strange behavior with linebreaks in all my <textarea>s in the BPEL-Worklist-jsps: (they work fine as <INPUT>s
  Example:
  Default-text:
  line1
  I update the textarea to:
  line1
  line2
  -> hit update
  line1
  *** (second line is completly missing)
  -> hitting update again (no change in text)
  line2line1
  *** (all on one line with the new line in front)
  As Value I use:
  <%=PayloadFormGenerator.selectNodeValue(payload, "/ns0:task/ns0:payload/ns1:abstract", form.getNamespaceMap(),"string", context.getLocale())%>
  and as mentioned: It works fine for <INPUT>.
  What do I do wrong? Is this a bug?
  Daniel
  Message was edited by:
  user552073

  Had the same problem, could not get it to be consistent. I would say this is a bug, but decided to edit payloads via the database in the end...

• Strange behavior of "Partial message encryption "  in OWSM

  Strange behavior of “Partial message encryption “  in OWSM
  If message format is like this
  <cban:transferFund xmlns:cban="http://cbank.com">
  <cban:arg0>string</cban:arg0>   
  <cban:arg1>string</cban:arg1>   
  </cban:transferFund>
  Then body element configuration in message encryption setting
  Name space  http://cbank.com
  Element arg0
  is working fine
  But my requirement is for below message
  <cban:transferFund xmlns:cban="http://cbank.com"> <!--Optional:-->    <
  <arg0>string</arg0>   
  <arg1>string</arg1 >
  </cban:transferFund>
  For this
  Name space : http://cbank.com
  Element : I tried all possible combination but none is working
  I tried these
  :arg0
  //:arg0
  //cban:arg0
  //cban//arg0
  cban:arg0
  With Regards
  Siddharth

  Had the same problem, could not get it to be consistent. I would say this is a bug, but decided to edit payloads via the database in the end...

• Strange Behavior connecting to Oracle

  Hi to All,
  On Server Windows 2003 I have installed Oracle 10g R2. On this Server run Toad for Oracle.
  If I run Oracle console, all work fine; running Toad the ORA-12154 error is displayed.
  I have tried to connect to DB with Toad from a client and all works.
  Have someone an idea on this strange behavior ?
  Thank You and Best Regards
  Gaetano

  This may be a problem?NO!
  12154, 00000, "TNS:could not resolve the connect identifier specified"
  // *Cause:  A connection to a database or other service was requested using
  // a connect identifier, and the connect identifier specified could not
  // be resolved into a connect descriptor using one of the naming methods
  // configured. For example, if the type of connect identifier used was a
  // net service name then the net service name could not be found in a
  // naming method repository, or the repository could not be
  // located or reached.
  // *Action:
  //   - If you are using local naming (TNSNAMES.ORA file):
  //      - Make sure that "TNSNAMES" is listed as one of the values of the
  //        NAMES.DIRECTORY_PATH parameter in the Oracle Net profile
  //        (SQLNET.ORA)
  //      - Verify that a TNSNAMES.ORA file exists and is in the proper
  //        directory and is accessible.
  //      - Check that the net service name used as the connect identifier
  //        exists in the TNSNAMES.ORA file.
  //      - Make sure there are no syntax errors anywhere in the TNSNAMES.ORA
  //        file.  Look for unmatched parentheses or stray characters. Errors
  //        in a TNSNAMES.ORA file may make it unusable.
  //   - If you are using directory naming:
  //      - Verify that "LDAP" is listed as one of the values of the
  //        NAMES.DIRETORY_PATH parameter in the Oracle Net profile
  //        (SQLNET.ORA).
  //      - Verify that the LDAP directory server is up and that it is
  //        accessible.
  //      - Verify that the net service name or database name used as the
  //        connect identifier is configured in the directory.
  //      - Verify that the default context being used is correct by
  //        specifying a fully qualified net service name or a full LDAP DN
  //        as the connect identifier
  //   - If you are using easy connect naming:
  //      - Verify that "EZCONNECT" is listed as one of the values of the
  //        NAMES.DIRETORY_PATH parameter in the Oracle Net profile
  //        (SQLNET.ORA).
  //      - Make sure the host, port and service name specified
  //        are correct.
  //      - Try enclosing the connect identifier in quote marks.
  //   See the Oracle Net Services Administrators Guide or the Oracle
  //   operating system specific guide for more information on naming.This error is clear.
  SQL*Net is being asked to resolved TNS_ALIAS & it reports that it can not find the requested name.
  EITHER
  1) the requested name is not correct
  or
  2) SQL*Net is looking in the wrong tnsnames.ora file & still not finding the requested name.
  Good Luck solving your mystery

• Strange behavior  in entity bean : get Timestamp

  Hello:
  I'm working with SUNONE 7 AppServer , over SunOS 5.9
  I've a strange behavior with entity's get methods which return Timestamp value.
  For example, I've got
  Timestamp date;
  If I do
  entity.setF(date) , ( date is a Timestamp with value "12/12/2005 12:30:00" )
  all works right, and in database is wrote right ( "12/12/2005 12:30:00" )
  But , if I do
  date = entity.getF()
  the, date variable has the value "12/12/2005 00:00:00"
  So, in get method is lost the time value of a Timestamp data
  Could be a code bug in my source , but if I use Jboss AS over Windows XP , all work right ( set and get methods ). The database is the same one ( Oracle 9i )

  Well, I found the solution.
  The problem was the ojdbc14.jar driver, which made wrong schema files.
  Exactly, with the bad ojdbc14.jar, generated this entry
  <_type>91</_type>
  when the right one for date types ( Timestamp ) is
  <_type>93</_type>
  I dont know why the new ojdbc14.jar works fine, but I paste its size
  good ojdbc14.jar : 1181679 bytes