ACE SSL Connections Failing
We have a new secure site where we are using the ACE as a ssl-proxy. I see connections make it all the way to the servers, but the session eventually times out (Browser responds with "The connection has timed out"). I haven't been able to grab a packet capture yet, but I am looking for some input since I am new to the ACE. We are also set up for sticky connections using cookies.
I see connections to the server but no response back. I also see the cookie places in my browser. Once I close the browser window, the current connection drops.
sh serverfarm SECUREMAIL
serverfarm : SECUREMAIL, type: HOST
total rservers : 2
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: E01
10.0.0.95:8080 8 OPERATIONAL 1 4 0
rserver: E02
10.0.0.98:8080 8 OPERATIONAL 0 1
I verified the cert and keys match with the verify cryto command. If I bypass https and connect via http, I am able to hit the server test page. I attached the scrubbed config.
Any info is appreciated.
Make sure clock on supervisor/device has correct date to avoid not before not after check of cert.
Once the configuration is complete, check to make sure the VIP address can be accessed via HTTPS in a web browser. If any certificate errors are shown, this indicates a problem with the certificate, not with the Cisco ACE configuration. The above commands can be used to verify that SSL sessions are being terminated successfully.
When a client’s web browser connects to an SSL server on any device, the browser and server negotiate which encryption cipher to use for the session. The list and order of ciphers presented by the ACE in a default configuration are as follows.
1. CM_SSL_RSA_WITH_RC4_128_MD5
2. CM_SSL_RSA_WITH_RC4_128_SHA
3. CM_SSL_RSA_WITH_DES_CBC_SHA
4. CM_SSL_RSA_WITH_3DES_EDE_CBC_SHA
5. CM_SSL_RSA_WITH_AES_128_CBC_SHA
6. CM_SSL_RSA_WITH_AES_256_CBC_SHA
7. CM_SSL_RSA_EXPORT_WITH_RC4_40_MD5
8. CM_SSL_RSA_EXPORT1024_WITH_RC4_56_MD5
9. CM_SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
10. CM_SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
11. CM_SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
If this list is not desirable or the order needs to be changed, an SSL parameter map can be configured to make such changes.
Can you send the output of the following commands to suggest more on your config
ACE-1/routed#show crypto authgroup all
ACE-1/routed# show conn display 1000 detail
ACE-1/routed# show crypto files
ACE-1/routed# show crypto certificate all
ACE-1/routed# show crypto key all
ACE-1/routed# show crypto session
ACE-1/routed# show crypto hardware
ACE-1/routed# show service-policy detail
Please Display client SSL statistics by entering the the following command and also attach it here so that I can also see what is happening in your ace device:
ACE_module5/Admin# show stats crypto client
+----------------------------------------------+
+---- Crypto client termination statistics ----+
+----------------------------------------------+
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 0
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
SSLv3 rehandshakes: 0
TLSv1 full handshakes: 0
TLSv1 resumed handshakes: 0
TLSv1 rehandshakes: 0
SSLv3 handshake failures: 0
SSLv3 failures during data phase: 0
TLSv1 handshake failures: 0
TLSv1 failures during data phase: 0
Handshake Timeouts: 0
total transactions: 0
SSLv3 active connections: 0
SSLv3 connections in handshake phase: 0
SSLv3 conns in renegotiation phase: 0
SSLv3 connections in data phase: 0
TLSv1 active connections: 0
TLSv1 connections in handshake phase: 0
TLSv1 conns in renegotiation phase: 0
TLSv1 connections in data phase: 0
+----------------------------------------------+
+------- Crypto client alert statistics -------+
+----------------------------------------------+
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 0
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 0
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 0
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
+-----------------------------------------------+
+--- Crypto client authentication statistics ---+
+-----------------------------------------------+
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL client authentication cache hits: 0
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 0
Failed SSL server authentications: 0
+-----------------------------------------------+
+------- Crypto client cipher statistics -------+
+-----------------------------------------------+
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
Cipher tlsv1_rsa_rc4_128_md5: 0
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 0
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
To Display SSL server statistics by entering the following command and send the results to us for further suggestions:
ACE_module5/Admin# show stats crypto server
+----------------------------------------------+
+---- Crypto server termination statistics ----+
+----------------------------------------------+
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 0
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
SSLv3 rehandshakes: 0
TLSv1 full handshakes: 0
TLSv1 resumed handshakes: 0
TLSv1 rehandshakes: 0
SSLv3 handshake failures: 0
SSLv3 failures during data phase: 0
TLSv1 handshake failures: 0
TLSv1 failures during data phase: 0
Handshake Timeouts: 0
total transactions: 0
SSLv3 active connections: 0
SSLv3 connections in handshake phase: 0
SSLv3 conns in renegotiation phase: 0
SSLv3 connections in data phase: 0
TLSv1 active connections: 0
TLSv1 connections in handshake phase: 0
TLSv1 conns in renegotiation phase: 0
TLSv1 connections in data phase: 0
+----------------------------------------------+
+------- Crypto server alert statistics -------+
+----------------------------------------------+
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 0
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 0
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 0
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
+-----------------------------------------------+
+--- Crypto server authentication statistics ---+
+-----------------------------------------------+
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL client authentication cache hits: 0
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 0
Failed SSL server authentications: 0
+-----------------------------------------------+
+------- Crypto server cipher statistics -------+
+-----------------------------------------------+
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
Cipher tlsv1_rsa_rc4_128_md5: 0
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 0
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
Also you can Display the number of SSL data messages sent and SSL FIN/RST messages sent by entering the following command and send the output from your ACE devices:
ACE_module5/Admin# show stats http
+------------------------------------------+
+-------------- HTTP statistics -----------+
+------------------------------------------+
LB parse result msgs sent : 0 , TCP data msgs sent : 0
Inspect parse result msgs : 0 , SSL data msgs sent : 0 <-------
sent
TCP fin/rst msgs sent : 0 , Bounced fin/rst msgs sent: 0
SSL fin/rst msgs sent : 0 , Unproxy msgs sent : 0 <-------
Drain msgs sent : 0 , Particles read : 0
Reuse msgs sent : 0 , HTTP requests : 0
Reproxied requests : 0 , Headers removed : 0
Headers inserted : 0 , HTTP redirects : 0
HTTP chunks : 0 , Pipelined requests : 0
HTTP unproxy conns : 0 , Pipeline flushes : 0
Whitespace appends : 0 , Second pass parsing : 0
Response entries recycled : 0 , Analysis errors : 0
Header insert errors : 0 , Max parselen errors : 0
Static parse errors : 0 , Resource errors : 0
Invalid path errors : 0 , Bad HTTP version errors : 0
Headers rewritten : 0 , Header rewrite errors : 0
Lastly to Display session cache statistics for the current context by entering the following command:
switch/Admin# show crypto session
SSL Session Cache Stats for Context
Number of Client Sessions: 0
Number of Server Sessions: 0
Please send the output of all the commands requested to see in more detail for your issue.
HTH
Sachin
Similar Messages
-
ACE Total Connections Failed stats
I have been monitoring connection stats on an ACE Module context (show stats connection).
During recent load testing I observer that about 1/3 of all connections were failing and some timing out.
How can I find out more details about the connections that are failing and timing out?
ie which specific connection are failing, what type of failures increment this counter, etc
Cheers,
Karl
# sh stats conn
+------------------------------------------+
+------- Connection statistics ------------+
+------------------------------------------+
Total Connections Created : 5725
Total Connections Current : 2382
Total Connections Destroyed: 3590
Total Connections Timed-out: 11
Total Connections Failed : 2112Hi Kim,
Thanks for responding.
A load test was run earlier today. I cleared the counters and collected some stats (see below).
I also had a look at various other stats for drops.
As far as I could see all relevant, rservers, serverfarms and service-policies were:
in service BUT
drop stats were not incrementing at anywhere near the same rate as the Total Connections Failed stat.
Another load test is scheduled for tomorrow.
Any thoughts on what to check next?
labcorelb/DZ1ENV# sh stats conn
+------------------------------------------+
+------- Connection statistics ------------+
+------------------------------------------+
Total Connections Created : 131698
Total Connections Current : 3660
Total Connections Destroyed: 67558
Total Connections Timed-out: 70
Total Connections Failed : 64090
+------------------------------------------+
+-------------- HTTP statistics -----------+
+------------------------------------------+
LB parse result msgs sent : 91904 , TCP data msgs sent : 187614
Inspect parse result msgs : 0 , SSL data msgs sent : 0
sent
TCP fin msgs sent : 75 , TCP rst msgs sent: : 3
Bounced fin msgs sent : 0 , Bounced rst msgs sent: : 0
SSL fin msgs sent : 0 , SSL rst msgs sent: : 0
Drain msgs sent : 31831 , Particles read : 397303
Reuse msgs sent : 0 , HTTP requests : 64390
Reproxied requests : 58314 , Headers removed : 0
Headers inserted : 0 , HTTP redirects : 0
HTTP chunks : 741 , Pipelined requests : 0
HTTP unproxy conns : 64360 , Pipeline flushes : 0
Whitespace appends : 0 , Second pass parsing : 0
Response entries recycled : 0 , Analysis errors : 0
Header insert errors : 0 , Max parselen errors : 0
Static parse errors : 0 , Resource errors : 0
Invalid path errors : 0 , Bad HTTP version errors : 0
Headers rewritten : 0 , Header rewrite errors : 0
SSL headers inserted : 0 , SSL header insert errors : 0
SSL spoof headers deleted : 0
Unproxy msgs sent : 64362
+------------------------------------------+
+--------- HTTP Inspect statistics --------+
+------------------------------------------+
Total request/response : 0
Total allow decisions : 0
Total drop decisions : 0
Total logging decisions : 0
+------------------------------------------+
+------- Loadbalance statistics -----------+
+------------------------------------------+
Total version mismatch : 0
Total Layer4 decisions : 142
Total Layer4 rejections : 0
Total Layer7 decisions : 64401
Total Layer7 rejections : 0
Total Layer4 LB policy misses : 0
Total Layer7 LB policy misses : 0
Total times rserver was unavailable : 0
Total ACL denied : 0
Total IDMap Lookup Failures : 0
+------------------------------------------+
+----------- Sticky statistics ------------+
+------------------------------------------+
Total sticky entries reused : 0
prior to expiry
Total active sticky entries : 0
Total active reverse sticky : 0
entries
Total active sticky conns : 0
Total static sticky entries : 0
+-----------------------------------------------------+
+---------------- KAL-AP(UDP) statistics -------------+
+-----------------------------------------------------+
Total bytes received : 0
Total bytes sent : 0
Total requests received : 0
Total responses sent : 0
Total requests successfully received : 0
Total queries successfully received : 0
Total responses successfully sent : 0
Total secure requests received : 0
Total secure responses sent : 0
Total requests with errors : 0
Total requests with parse errors : 0
Total requests dropped due to queue overflow : 0
Total response transfer errors : 0
labcorelb/DZ1ENV#sh service-policy Vip_POLICY summary
service-policy: Vip_POLICY
Class VIP Prot Port VLAN State Curr Conns Hit Count Conns Drop
xxxx34_HTTP_CLASS xxxx.34 tcp eq 80 ALL IN-SRVC 0 0 0
WCMST-WWW_HTTP_CLASS xxxx.50 tcp eq 80 ALL IN-SRVC 7 48 0
WCMST-FORUM_HTTP_CLASS xxxx.111 tcp eq 80 ALL IN-SRVC 8 577 0
WCMST-SEARCH_HTTP_CLASS xxxx.51 tcp eq 80 ALL IN-SRVC 0 174 0
WCMST-ENGINEADM_HTTP_CLASS xxxx.112 tcp eq 80 ALL IN-SRVC 0 0 0
INTERNET-WWW_HTTP_CLASS xxxx.110 tcp eq 80 ALL IN-SRVC 1794 33919 18 -
I can create a new user using the following code
public void createUser()
System.setProperty("javax.net.ssl.trustStore","C:\\j2sdk1.4.2_02\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword","xxxx");
env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://xxx.xxx.xxx.xxx:636/dc=sxxxx, dc=xxxx, dc=ac, dc=uk");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "xxxx");
env.put(Context.REFERRAL, "throw");
env.put(Context.SECURITY_PROTOCOL, "ssl");
try
ctx = new InitialDirContext(env);
BasicAttribute oc = new BasicAttribute("objectClass");
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("user");
BasicAttribute cn = new BasicAttribute("cn", "TestUser2");
BasicAttribute gn = new BasicAttribute("givenName", "Test2");
BasicAttribute sn = new BasicAttribute("sn", "User");
BasicAttribute dn = new BasicAttribute("displayName", "Test User2");
BasicAttribute uac = new BasicAttribute("userAccountControl", "512");
BasicAttribute sam = new BasicAttribute("sAMAccountName", "TestUser2");
BasicAttribute upn = new BasicAttribute("userPrincipalName", "[email protected]");
BasicAttribute des = new BasicAttribute("description", "Systems Team");
BasicAttribute ras = new BasicAttribute("msNPAllowDialin", "TRUE");
String newVal = new String("\"swansea\"");
byte _bytes[] = newVal.getBytes("Unicode");
byte bytes[] = new byte[_bytes.length-2];
System.arraycopy(_bytes, 2, bytes, 0, _bytes.length-2);
BasicAttribute pwd = new BasicAttribute("unicodePwd");
pwd.add((byte[])bytes);
BasicAttributes attrs = new BasicAttributes();
attrs.put(oc);
attrs.put(gn);
attrs.put(sn);
attrs.put(cn);
attrs.put(dn);
attrs.put(uac);
attrs.put(sam);
attrs.put(upn);
attrs.put(des);
attrs.put(pwd);
attrs.put(ras);
ctx.createSubcontext("cn=TestUser2, ou=Systems", attrs);
System.out.println("User has been created");
ctx.close();
catch(NameAlreadyBoundException ex)
System.err.println("Username is already in use.");
catch(Exception ex)
System.err.println("Failed to create user account.");
ex.printStackTrace();
}but when I try to modify the user i've created using the code below, i get a error saying couldn't find trusted certificate, but surely it used it to create the user in the first place.
public void change(String user)
System.setProperty("javax.net.ssl.trustStore","C:\\j2sdk1.4.0_02\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword","xxxx");
env = new Hashtable();
DirContext ctx = null;
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://xxx.xxx.xxx.xxx:636/dc=xxxxx, dc=xxxx, dc=ac, dc=uk");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "xxxx");
env.put(Context.REFERRAL, "ignore");
env.put(Context.SECURITY_PROTOCOL, "ssl");
try
ctx = new InitialDirContext(env);
BasicAttribute attribute = new BasicAttribute("msNPAllowDialin");
attribute.add("FALSE");
Attributes bAttrs = new BasicAttributes();
bAttrs.put(attribute);
ctx.modifyAttributes(user, ctx.REPLACE_ATTRIBUTE, bAttrs);
System.out.println("success");
ctx.close();
catch (Exception ex)
ex.printStackTrace();
}any suggestions gratefully recieved
Thanks
DeanDid you ever figure this error out? I'm seeing not exactly this error, but similar. I had an SSL connection to Active Directory set up and working with a temporary certificate. Then the Active Directory administrator got the permanent certificate. I imported the certificate of the Active Directory server and rootCA and restarted my server and added code to set trustStore:
System.setProperty("javax.net.ssl.trustStore","C:\\j2re1.4.2_03\\bin\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://ourserver.edu:636");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.putContext.SECURITY_PRINCIPAL, "cn=Admin,ou=something....dc=edu");
env.put(Context.SECURITY_CREDENTIALS, "the_password");
env.put(Context.SECURITY_PROTOCOL,"ssl");
DirContext ctx = new InitialDirContext(env);
but still I get
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
etc.
Any ideas would be GREATLY appreciated. Thanks in advance. -
WLS 5.1/128-bit w/1024/128 certificate SSL connections fail
We have a 128-bit version of WLS 5.1 with the 128-bit SP8. SSL connections work with our original low-strength certificate, reporting during startup that it is "Using low strength SSL". If we replace the key/certificate pair with a new 128-bit version, SSL connections no longer work. The ciphersuites list has all of the supported suites in it. There are no exceptions or other problems reported in the log, but browsers fail to connect via SSL. I've not seen anything obvious online that suggests what may be misconfigured.
Thanks in advance for any insights.I found that Netscape is reporting that the problem is an "Incorrect Message Authentication Code". What else do I need to change beyond replacing the key and certificate? Thanks.
-
QuickVPN SSL connection issue to RV042 only through specific ISP
Hi,
I've noticed a frequent problem using QuickVPN to connect through a RV042. With a specific ISP (Rogers cable internet in Canada) occasionally from a particular location QuickVPN will stop being able to connect into my work VPN (though a RV042), although it had been connecting fine before (and can often connect through the same ISP at a different location). Although the RV042 is contactable and a TCP connection is formed, the SSL connection fails and the problem persists indefinitely. If I connect the same computer (a Windows Vista laptop) to a different ISP I am able to connect fine. Rebooting the cable modem/router do not solve the problem. I once saw a similar problem occuring with a different ISP (Bell DSP internet in Canada), but in that case rebooting the DSL modem/router solved the problem.
I suspect the edge-router in the ISP encounters some problem pertaining to SSL connection routing.
Has anyone experienced this issue or knows a resolution?
thanks,
MarkHi Tom,
Thanks for the response. The subnets involved (the local LAN subnet and the subnet of the RV042) are different. The QuickVPN log says SSL connection failure. When I do a network capture of the failed quickvpn connection I see that a TCP connection is opened between my laptop and the RV042 and the QuickVPN application sends SSL client hello packets to the RV042 but do not receive the necessary SSL ack-response packets in return (the client hello is repeated a few times without response and then the connection is reported as failed)
Mark -
MAC OS X Connection failed, retry in progress SCCM
Hi everyone,
I give up so just looking for a new solution to agent deployment on MAC OS clients!
I tried everything and everything but there is no way! Here it is my configuration;
System Center 2012 R2 Configuration Manager, Windows Server 2012 R2
Certification Auth. (Enterprise), Windows Server 2012
Mac OS X 10.6
Please take a look to my logs;
No Preferences found for Key - 'SMSID', Domain - 'com.microsoft.ccmclient'.
1.1.1601 00:00:00 0 (0x0000)
Status of SecKeychainGetCSPHandle : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeyGetCSSMKey : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeyGetCredentials 0 1.1.1601 00:00:00
0 (0x0000)
Status of CreateSignatureContext : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeychainGetCSPHandle : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeyGetCSSMKey : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeyGetCredentials 0 1.1.1601 00:00:00
0 (0x0000)
Status of CreateSignatureContext : 0 1.1.1601 00:00:00
0 (0x0000)
No Preferences found for Key - 'OMAMaxMessageLimit', Domain - 'com.microsoft.ccmclient'.
1.1.1601 00:00:00 0 (0x0000)
MaxMessageSize from Config file is <= 25KB. Defaulting to 49152
1.1.1601 00:00:00 0 (0x0000)
No Preferences found for Key - 'SMSID', Domain - 'com.microsoft.ccmclient'.
1.1.1601 00:00:00 0 (0x0000)
Failed to GetProperty Mode from Configuration Provider : 80070490
1.1.1601 00:00:00 0 (0x0000)
No Preferences found for Key - 'SMSID', Domain - 'com.microsoft.ccmclient'.
1.1.1601 00:00:00 0 (0x0000)
Status of SecKeychainGetCSPHandle : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeyGetCSSMKey : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeyGetCredentials 0 1.1.1601 00:00:00
0 (0x0000)
Status of CreateSignatureContext : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeychainGetCSPHandle : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeyGetCSSMKey : 0 1.1.1601 00:00:00
0 (0x0000)
Status of SecKeyGetCredentials 0 1.1.1601 00:00:00
0 (0x0000)
Status of CreateSignatureContext : 0 1.1.1601 00:00:00
0 (0x0000)
SSL Connection failed. HTTP Response code is 403 and reason is Forbidden
1.1.1601 00:00:00 0 (0x0000)
OMA Session failed with error code 0x80004005
1.1.1601 00:00:00 0 (0x0000)
Failed to connect to DMP 1.1.1601 00:00:00
0 (0x0000)
OMA : Sending Notification to UI : <CCMClientNotification><Sender>Service</Sender><Name></Name><Id></Id><Type>CCM_OMA</Type><State>Error</State><Data>-2147467259</Data><Data2></Data2><Data3></Data3><Data4></Data4></CCMClientNotification>
1.1.1601 00:00:00 0 (0x0000)
No Preferences found for Key - 'OMAFailureRetryDelayInSec', Domain - 'com.microsoft.ccmclient'.
1.1.1601 00:00:00 0 (0x0000)
CCMClient - Broadcasting Msg to UI : <CCMClientNotification><Sender>Service</Sender><Name></Name><Id></Id><Type>CCM_OMA</Type><State>Error</State><Data>-2147467259</Data><Data2></Data2><Data3></Data3><Data4></Data4></CCMClientNotification>
1.1.1601 00:00:00 0 (0x0000)
Thanks.Yes, I know this is an old post, but I’m trying to clean them up.
It look like from the error message that there is a certificate issue. Did you check to make sure that your certs are right?
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ -
when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
OS:10.7.2
Macbook Pro 2010-mid 13inchI also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
I'm also using a Macbook Pro 13-inch mid 2010. -
Hi,
I am trying to fetch report using bing API and making a SOAP call for fetching the data. I get the following error:
[Warning] fopen(): SSL: Connection reset by peer [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
02-04-2015 10:17:41 (BST) : [Warning] fopen(): Failed to enable crypto [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
02-04-2015 10:17:41 (BST) : [Warning] fopen(https://download.api.bingads.microsoft.com/ReportDownload/Download.aspx?q=rzr63XFt5qJduddohoIRyOYAP%2f1%2ftsnhk8L%2bzBmUpdU2CQlcUB98RpY%2bbOaLFFGMqAC4IUUadC%2fNdNnJqeVCY%2f%2bpy6noVsVA%2fMJp47a3Xb1VjABfKhcdKy6vqpgEdcQg%2fQZ7QcEpZ3bEloJjUtGpDquFk53BnkeHEPVWZkDYcsQegRz%2fpG4t4w6gKCCRmhArd6osr6ZU9CMJ3lbxtGXjcQEMPvP2apNyr9P%2fc8niyfWA2aBcm1aEmOLX2KL3aRJ4rz9N7gG7uBslVZH%2b4rUjHdB7CMkbb%2fHyHwvPTqGPbPCHnicefr%2b%2fDP70hlkBEGfyOOswK67%2bl1zh7CyIv%2bcMlaDsuDX1HeFf4uORfD41H1z7):
failed to open stream: operation failed [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
Whenever I execute my script. Can you please let me know what we can do to solve this issue. The version of PHP we are using is 5.3.3 with open ssl.Hi Shobha,
I can't confirm what version of PHP you are using, but to err on the side of caution please use the version specified in the sample/SDK:
PHP 5.4.14 has been installed from PHP.
Here is our code examples:
https://msdn.microsoft.com/en-US/library/bing-ads-overview-getting-started-php-with-web-services.aspx
Thanks,
Itai -
Can't connect to OID using SSL (handshake failed NZerr 29039)
Hi!
I'm trying to set up OID running on Windows Server 2003 for testing purposes.
I have downloaded the files as_windows_x86_oim_oif_101401_disk(1/2) and installed Oracle Internet Directory only.
I'm able to connect using standard clear text and using Oracle Directory Manager.
I have followed the instructions on this page (chapter 17):
[http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/ssl.htm]
Using Oracle Wallet Manager I have generated a certificate request with the key size of 2048.
I'm unsure what I was supposed to enter into the subject name of the request so I entered just "oid_idm", it looks like this now: "CN=oid_idm,C=US".
I then used my Novell eDirectory CA to sign the request and to generate the certificate. I exported the CA certificate from eDirectory and imported it into the wallet, it's listed under Trusted Certificates as "META-TREE", I then imported my signed certificate into the wallet and it says Certificate:Ready now.
The wallet is saved into C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETS.
Auto Login is enabled.
Using Directory Manager I right-clicked Configuration Set1 and selected "Create Like"
I configured the new set to listen on non-SSL port 1389 and SSL port 1636,
SSL Authentication: No SSL Authentication
SSL Enable: SSL only
SSL Wallet URL: file:C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETSSSL Port: 1636
Then I changed the OracleServiceORCL
to run as Administrator. Restarted the server, started the new instance (2).
Using this command on the OID server I can connect:
ldapsearch -D cn=orcladmin -w secret -U 1 -h 192.168.0.101 -p 1636 -b dc=lab -s base "objectclass=*"
Trying to connect from my Linux server using it's own ldapsearch it doesn't work, I get the error: ldap_bind: Can't contact LDAP server
Trying to connect using Apache Directory Studio or LDAP Browser\Editor also doesn't work (SSL connection).
I can see the following in the log no matter which of the tree tools above I try to use:
2008/10/12:13:01:09 * SSLthread:19 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed Source address: 192.168.0.15(WINDESK)
* (NZerr 29039)
Any ideas what I can do to solve this issue?
Thanks!If you are using openldap commands in your linux machine, you can get some issues with OID. Try with oracle ldap client command if you have it installed in your linux machine. Also try to use a ldapbrowser java client to confirm that your installation is fine it is the better choice to test your environment from remote machines.
-
I have installed the Firefox 4.0 Beta 11 (+updates), I try to connect to our https: website and I receive the following error:
Secure Connection Failed An error occurred during a connection.
Renegotiation is not allowed on this SSL socket.
(Error code: ssl_error_renegotiation_not_allowed)
I have installed this certificate on Firefox 3.6.13 and I am able to connect to our HTTPS site but it will not work with the Beta 4.0 11I read about this for ages. I had problems setting up a certificate for my online banking. This one solution genuinely worked for me (finally!) ...Fingers crossed it will for you too:
1) In the address bar type in '''about:config''' ...Firefox will say it's dangerous, but I just went ahead anyway lol - It's fine. Thank god there's always an edit-undo!
2) Copy and paste this into the ''filter'' at the top: '''security.ssl.allow_unrestricted_renego_everywhere'''
3) Then change ''false'' to ''true'' (I think I just clicked it, and it changed)
That's it! Refresh your bank page, and it should work!
(Spanish source: '''http://translate.google.com/translate?sl=es&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.fedora-ve.org%2F2011%2F09%2F14%2Ferror-error-code-ssl_error_renegotiation_not_allowed-en-firefox-4-x.html&act=url''') -
Secure Connection Failed
SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)
I have been receiving this error message recently when I tried to access school elearning websites and other school related websites, I have also tried on internet explorer and it shows page cannot be displayed. I have been trying the available solutions to solve it but none of them work. Is there alternative solutions available? Please advise. Thanks.It works after I disabled IPv6 in Firefox. Thank you for your help :)
-
Cfhttp connection failed on SSL
I'm running CF 9 Ent using JVM 1.6.0_14.
We had a credit card processor API that was working fine until this weekend when they updated their SSL certificate. Then we started getting the connection failed message. So I went in and got a copy of their .cer file and I imported it into the KeyStore using the keytool. I reboot the VM and the CFHTTP works for about 5 minutes then starts giving the Connection Failure message again. The URL comes up fine in a browser on the desktop of the VM. I'm at a loss as to what to do now. The places online where I see people having this issue they all claim an import of the keyfile fixes it. You would think it would work find all the time or not at all. Makes no sense why it works for a little bit after a reboot then doesn't work again all the sudden. Anybody got any suggestions?I'm running CF 9 Ent using JVM 1.6.0_14.
We had a credit card processor API that was working fine until this weekend when they updated their SSL certificate. Then we started getting the connection failed message. So I went in and got a copy of their .cer file and I imported it into the KeyStore using the keytool. I reboot the VM and the CFHTTP works for about 5 minutes then starts giving the Connection Failure message again. The URL comes up fine in a browser on the desktop of the VM. I'm at a loss as to what to do now. The places online where I see people having this issue they all claim an import of the keyfile fixes it. You would think it would work find all the time or not at all. Makes no sense why it works for a little bit after a reboot then doesn't work again all the sudden. Anybody got any suggestions? -
What exactly happens when the SSL connection rate is exceeded. Is the connection dropped, queued or what ?
Defined as the SSL TPS. In our case 1000 but upgradeable to 5000Hi,
The connection will be denied once the SSL connection rate is exceeded.
That can be identified by using the command :
show resource usage all
You will see something like this :
Resource Current Peak Min Max Denied
ssl-connections rate 995 1000 0 1000 28975
You will notice that the deny counter will start increasing once the rate is exceeded.
hope that helps.
regards,
Ajay Kumar -
ACE - SSL Termination is not working
HTTPS is not working from official IE browser but it is working from test Firefox browser. However HTTP is working with both IE and Firefox browsers. This is true for multiple implementations on the ACE service module with SSL termination.
ACE software 3.0(0)A1(4a)
IE v6 SP3 Cipher 128
Firefox v3.6.3
Sample configuration:
access-list FT ethertype permit bpdu
access-list ALL-ACCESS extended permit icmp any any
access-list ALL-ACCESS extended permit ip any any
crypto chaingroup ROOT-CERT
cert abc.PEM
cert xyz.PEM
parameter-map type ssl SSL-PARAMETER-1
cipher RSA_WITH_RC4_128_MD5
cipher RSA_WITH_RC4_128_SHA
cipher RSA_WITH_AES_128_CBC_SHA priority 2
cipher RSA_WITH_AES_256_CBC_SHA
cipher RSA_EXPORT1024_WITH_DES_CBC_SHA
parameter-map type ssl SSL-PARAMETER-2
cipher RSA_WITH_AES_128_CBC_SHA priority 2
ssl-proxy service SSL-1
key KEY-1.PEM
cert CERT-1.PEM
chaingroup ROOT-CERT
ssl advanced-options SSL-PARAMETER-1
ssl-proxy service SSL-2
key KEY-1.PEM
cert CERT-1.PEM
chaingroup ROOT-CERT
ssl advanced-options SSL-PARAMETER-2
ssl-proxy service SSL-3
key KEY-1.PEM
cert CERT-1.PEM
chaingroup ROOT-CERT
rserver host server1
ip address 10.100.15.89
inservice
rserver host server2
ip address 10.100.15.121
inservice
probe http PROBE-1
interval 30
faildetect 2
request method get url /keepalive.htm
expect status 200 200
serverfarm host SERVERFARM-1
probe PROBE-1
rserver server1 80
inservice
rserver server2 80
inservice
sticky ip-netmask 255.255.255.255 address both STICKY-1
timeout 30
replicate sticky
serverfarm SERVERFARM-1
class-map type management match-any REMOTE-ACCESS
match protocol icmp any
match protocol snmp any
match protocol ssh any
match protocol https any
class-map match-all VIP-1
match virtual-address 10.100.15.140 tcp eq https
class-map match-all VIP-2
match virtual-address 10.100.15.140 tcp eq www
policy-map type management first-match REMOTE-ACCESS
class REMOTE-ACCESS
permit
policy-map type loadbalance first-match POLICY-1
class class-default
sticky-serverfarm STICKY-1
policy-map multi-match LB-1
class VIP-1
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy POLICY-1
ssl-proxy server SSL-1
(i have tried with ssl-proxy server SSL-2 and ssl-proxy server SSL-3 but did not helP)
policy-map multi-match LB-2
class VIP-2
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy POLICY-1
interface vlan 15
description client vlan
bridge-group 15
mac-sticky enable
access-group input FT
access-group input ALL-ACCESS
access-group output ALL-ACCESS
service-policy input REMOTE-ACCESS
service-policy input LB-1
service-policy input LB-2
no shutdown
interface vlan 2015
description server vlan
bridge-group 15
mac-sticky enable
access-group input FT
access-group input ALL-ACCESS
access-group output ALL-ACCESS
service-policy input REMOTE-ACCESS
no shutdown
interface bvi 15
description bridge group
ip address 10.100.15.5 255.255.255.0
peer ip address 10.100.15.6 255.255.255.0
alias 10.100.15.4 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.100.15.1
note: Subnet, Server Name, Certificate Name and Key Name are modified for security reason.Hello,
We will not be able to determine why your SSL terminated connections fail with only your config. You may want to take a look at a similar thread where someone else was having problems with IE and SSL termination, but Firefox worked fine. It also includes a solid action plan you can use to gather data needed to diagnose root cause. That thread can be viewed at the following link:
https://supportforums.cisco.com/thread/2025417?tstart=0
Also, the ACE software you are running is extremely old now and very buggy. I would strongly urge you to upgrade to A2(2.4) as soon as possible. It will help you avoid some headaches as you move forward.
Hope this helps,
Sean -
SSL Connection Configuration between Apache and Weblogic 8,1
I'm currently using Apache web server as a front end server for Weblogic server 8.1 and now i' facing some configuration problem to setting up the SSL connection between this 2 server. When i open my web application page, it shows
Failure of Server Apache bridge
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
and my proxy.log shows:
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
Thu Nov 03 09:36:41 2011 <182413202842013> attempt #0 out of a max of 5
Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 3078
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~1) Is the managed server up?
2) from apache server are you able to bind the managed server port?
3) can you pls send the weblogic ssl configuration?
Maybe you are looking for
-
Since upgrading to Lion, my macbook pro has been experiencing connectivity issues with my apple bluetooth devices (trackpad, wireless keyboard) when I transfer from one workstation to another. I plugin to an external monitor at home with an apple wir
-
Hi, I need to change the shape of button from rectangular to a 'C' groove/style in the edges/ends in forms 9i (similar to apps). Please let me know what property needs to be set. Thanks
-
Hi, We have created various OWB MAPS. WHile we are trying to see the MAP run details in OWBSYS.ALL_RT_AUDIT_MAP_RUNS then no record has been updated there. Please let us know if it is the right view to see the MAP run details? If not then please let
-
Moving windows doesn't re-draw screen properly sometimes
This is the best way I can derscribe what's happening. It started recently, and I've had this Mac Pro (10.6) for several years. Sometimes, when I move a window, it doesn't redraw the screen *under* it properly, leaving my screen completely messed up
-
How do i stop my ipad from automatically deleting my hotmail inbox and putting it into pop trash?
how do i stop my ipad from automatically deleting my hotmail inbox and putting it into pop trash? It has only started doing it since i synced with my MacBook Air