ACS Cert Error

Hi All
I have a ACS SE, recently upgraded to 4.2. What I am seeing is a Cert error when trying to login to the admin interface using FireFox. I am can get throught after accepting a few waringins using IE but Firefox stops dead at the error <Error code: sec_error_reused_issuer_and_serial>
Now I do have two ACS server, a primary and a secondary. If I delete the Cert from Firefox for the secondary ACS I can get into the primary until I loging to secondary then after importing the secondary cert the primary stops working again.
I have already regenerated a Cert on the primary but it still seems to have the issue.
It seems to be pointing to a duplicate serial number but both servers are SE's so it isn't like I imaged both servers and they are exact copies.
Any help would be apreciated.

Hi There,
No I am not sharing the Cert and the Cert is self Signed. I am however replicating information between the two servers. Specifically the primary is sending "User and Group DB", "Distribution Table", "Interface Config", "Interface Security Setting", "Password Validation Settings" and "Network Access Profiles" to the Secondary.
I am using Firefox 3.0.5.
Thanks

Similar Messages

  • ACS 5.1 - EAP-PEAP - Imported public cert - Clients still get cert error

    We have ACS 5.1 up and running. Our company has a SuperCert purchsed with Thwarte so we requested a Certificate. Once we figured out the formatting we were able to successuflly get the certificate to bind to the CSR. For some reason our windows 7 users will be prompted the first time they connect with an option to terminate or continue. If they continue they are able to connect to the WLAN just fine. Our MAC users are always prompted with the cert error, even if they install the ceritificate. Unlike ACS 4.x and earlier I do not see where I can import the Root CA so we are thinking about purchasing another certificate from another public CA but who? Any thoughts are idea's would be greatly appreciated.

    Hi,
    Adverstisement apart, Verisign is widely used and trusted.
    However, even using your current CA, you should be able to install the Root CA and the ACS cert on the client machines under the trusted CAs and then the warning should not popup anymore.
    HTH,
    Tiago
    If this helps you and/or  answers your question please mark the question as "answered" and/or rate  it, so other users can easily find it.

  • SSL cert error on exchange 2013.

    Hi,
    Can I please have some help to avoid the following two error messages appears on opening outlook 2013 on windows 7 connected directly to the server 2012 domain.
    Godaddy SSL cert is installed on mail.domain.com and firewall forwarding is properly setup.
    There is NO error message if we connect through outlook (AnyWhere) on a system which is not part of the domain and connecting from outside.
    Error Box 1
    Security Alert
    servername.localdomain.local
    Information you exchange with this site cannot be viewed or changed...................
    The security certificate is from a trusted certifying authority.
    The security certificate date us valid
    X The name on the security certificate is invalid or does not match the name of the site....
    Error box 2
    Microsoft Outlook
    There is a problem with the proxy server's security certificate.
    The name on the security certificate is invalid or does not match the name of the target site servername.localdomain.local
    Outlook is unable to connect to the proxy server. (Error Code 10)
    Any quick help will be highly appreciated!
    Many thanks

    Hi,
    Are you using a Single domain cert by GoDaddy, if thats the case we cannot add more than one domain to your cert. I believe you have added the outlook anywhere domain name to your cert since your outlook anywhere connection is prompting any errors.
    You have two options, one is purchase a UCC Cert and add all URL's required or Please have a look on these below Virtual Directories on the exchange server and modify the the URL's so you will not get the Cert errors.
    use the shell to view the internal and external URL's,
    Get-ActiveSyncVirtualDirectory | fl internalurl,externalurl
    Get-AutoDiscoverVirtualDirectory | fl internalurl,externalurl
    Get-ECPVirtualDirectory | fl internalurl,externalurl
    Get-OabVirtualDirectory | fl internalurl,externalurl
    Get-WebServicesVirtualDirectory | fl internalurl,externalurl
    Change all your internal URL's similar to the external URL's, use the Set command as the example below.
    Get-AutodiscoverVirtualDirectory -server EXCHANGE | Set-AutodiscoverVirtualDirectory -ExternalUrl ‘https://mail.domain.com/Autodiscover/Autodiscover.xml’
    make sure all your servername.localdomain.local URL's are changed to match primary certificate name.
    Regards
    Boniface

  • Suddenly our windows 7 clients can't connect to our wireless network due to a cert error?

    Our company uses a Ruckus setup for our wireless network.  The laptops have to have a certificate on them issued from our CA and be a member of AD group.  Yesterday we noticed that nobody could connect to the internal wireless network.  In
    the security logs for the computers there is a this error:
    A request was made to authenticate to a wireless network.
    Subject:
        Security ID:        host/xxx-xxxxxxx
        Account Name:        -
        Account Domain:        -
        Logon ID:        0x0
    Network Information:
        Name (SSID):        Forest River Internal
        Interface GUID:        {53b8a5f4-e910-4e3e-ab88-eb4f46356e1f}
        Local MAC Address:    68:94:23:00:26:1F
        Peer MAC Address:    C4:01:7C:4A:88:58
    Additional Information:
        Reason Code:        Explicit Eap failure received (0x50005)
        Error Code:        0x80420202
        EAP Reason Code:    0x80420202
        EAP Root Cause String:    The authentication failed because certificate required for this network has expired on the server computer
        EAP Error Code:        0x80420202
    this cert was is supposed to be good for another year, is there anyway that I can get the CA server to renew this cert or do I need to issue a new one and distribute it?  The other issue I'm running into is I can't seem to get my CA to issue a new computer
    cert.  All the servers are 08 R2 boxes.

    Hi,
    Do you have any progresses on this issue by now?
    Here is a related KB article below:
    Windows 7 does not connect to an IEEE 802.1X-authenticated network if an invalid certificate is installed
    http://support.microsoft.com/kb/2494172
    Best Regards,
    Amy Wang

  • DPM 2012 setup to remote SQL 2012. SSL cert error

    First of all, the category I selected, which was for SQL server reporting services was as close as I could get. There wasn't a way to select System Center DPM server from the list. As this relates to the Report Server portion of the setup, I chose this category.
    I am setting up DPM 2012 SP1 on a single use server (Windows Server 2102 R2 Standard) and remotely connecting to a new DB server (MSSQL 2012). I keep getting error ID:812 when trying to install, and the logs show that it is trying to set up report server,
    but that it cannot establish a trust relationship for SSL/TLS.
     * Exception :  => System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS
    secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
    I'm not clear on how to proceed. Invalid cert means it wants something very specific.
    I have installed a domain issued cert from the DC on the SQL reporting server and have bound that cert to SSL using report server configuration. I then imported the cert into the DPM server in the trusted and personal certs. The DPM server has our DC as
    a trusted source. That clearly doesn't work.
    Thinking I may not be able to use a self-signed cert, I then installed our wildcard cert onto both the SQL server and the DPM server. I ran through the Report Server configuration again and bound that wildcard. This is a Godaddy wildcard cert.
    Same problem no matter what I do. Clearly, this is matter of a cert issue, but I'm lost. There are zero instructions I've found on how to ensure Windows server 2012 cert requirements are met as it relates to SQL and DPM.
    Thanks for your advice.
    Kaden

    Hi Kaden,
    This thread is for reporting service and I hope i can provide some useful informaiton from reporting service side while i don't work on DPM at all. You may still need to find out the forum for the DPM and check there.
    Regardingless of DPM, Reporting Service can usually create HTTP link and HTTPS link together. For the HTTP one, a certificate is needed. HTTPS is not needed excep you have the concern with  security.
    Usually application like DPM/SCOM will connect to the web service link provided by Reporting Service and work on that.
    If the application requires a HTTPS link, then same thing has to be setup on reporting.
    You need to install a certificate and add it to trust store and then configure reporting service to listening on HTTPs 443 port from the reporting service configuration manager.
    You can find the steps here.http://technet.microsoft.com/en-us/library/ms345223(v=sql.110).aspx
    After you create the HTTPS link successful, try to open the https web service link both remotely or locally from IE. If you can open it there without any error, reporting service is working fine.
    For some applications, they would need special  certificates installed on reporting service and used. You may check with the related product on this then.
    In a summary, if you can configure a HTTPS link for reporting service can open it correctly, configuration steps on reporting service is fine.
    If there is still any error from DPM, you would need check additional resource from DPM part.
    Thanks,

  • Code signing cert error using Digicert - Unable to build a valid certificate chain for the signer

    Steps to fix this error on code signing adobe air using .p12 cert from Digicert - Unable to build a valid certificate chain for the signer
    a. Open Firefox and browse to https://www.digicert.com/digicert-root-certificates.htm
    b. On the middle of the page, download -
    DigiCert Assured ID Code Signing CA-1
    Valid until: 10/Feb/2026
    Serial #: 07:F4:73:6F:AF:EF:40:8A:1F:66:40:F2:65:D1:0A:C1
    Thumbprint: B170A10819BEA936905D719E643399783E1F4567
    Download
    c. Install the cert in Firefox
    d. Once done, export again the code signing cert from digicert, through (click Firefox -> Preferences -> View Certificates -> HIghlight the digicert code signing cert -> click Backup)
    e. Done, the newly exported file should now have the valid certificate chain and that should fix the error "Unable to build a valid certificate chain for the signer"
    Even though this is from Digicert, this should also work for other Certificate Authority providers assuming you download your provider's root cert for code signing.
    Regards,
    Reigner S. Yrastorza

    Are you talking about AIR Help produced by RoboHelp or an AIR application that you are creating?
    If the latter, please see the notice at http://forums.adobe.com/community/robohelp/airhelp
    If you are using RoboHelp, which version?
    See www.grainge.org for RoboHelp and Authoring tips
    @petergrainge

  • WLC 5508- GUI Cert Error

    I tried installing chained certificate in for the https access in wlc 5508. It failed and later i came to know it will only accept unchained cert for management access. But now the problem is i could not get GUI access. It shows error like "This server security certificate is revoked "
    What should i do now..?

    Amjad,
    Do you mean this link for unchained certs ?
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • ACS SE: Error when changing IP setting

    I got this error when trying to change the IP address setting:
    Error: Failed to get NIC configuration: (null) (FFFFFFFF)
    My ACS SE is now not functioning because of this. Is there any way to recover besides using the Recovery CD ?

    Does this happen to small number of network devices or the whole set
    If the former then I found the following CDETS
    CSCtw59271    Random Network Device corruption after upgrade from ACS 5.2 to 5.3
    Which includes the following workaround
    Symptom 1: Delete and re-add the AAA client
    Symptom 2:Modify the TACACS+ shared secret of the Network Device, re-enter the same key and save the Network device.
    >>>> Use case where TACACS+ was used
    There are some important fixes related to upgrade issues in patch 5 and later for ACS 5.3. While these do not relate to NDs I do recommend installing this patch

  • ACS 1121 error 5411 EAP session timed out w/Peap Wireless logins

    I am having issues that came up in the last month where all of my wireless client devices (using 4400 WLC and AC 1121 Appliance w/Active Directory integration) using PEAP MSCHAP2 are being prompted multiple times one after another for their userid/password. 
    This is very intermitant with clients sometimes being able to authenticate on the first try and later in the day getting prompted 20 times for authentication before it works.  This affects all brands of laptops/tablets/smartphones and other devices. 
    My ACS log files show an error of 5411 EAP session timed out. 
    I have had a TAC case open for over a month but they still haven't found a solution.
    Has anyone run into this and have any thoughts?  I have already increased my timeout on the controller from the default 2 seconds to 8 seconds but the delay between prompts asking for authentication credentials on clients is less than a second.
    What do you think? 
    Jim

    We are running 5.2.0.26.11 on the ACS engine and 7.0.240.0 on the WLC's.  The certificate on the ACS was expired, but for over a year without issues prior to about a month ago (our clients do have the verify certificate box unchecked).  I did renew the certificate on the ACS (self signed, just told it to renew) but that didn't help. 
    The only thing the clients get are multiple prompts for authentication usually a second or 2 apart even though my timeout on the WLC is set to 8 seconds.  A debug on the WLC shows the following.  Any ideas on what could be the issue? 
    (Cisco Controller) >*dot1xMsgTask: Jun 18 11:07:16.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 8)
    *osapiBsnTimer: Jun 18 11:07:17.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:17.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:17.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 9)
    *osapiBsnTimer: Jun 18 11:07:18.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:18.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:18.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 10)
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy AP LOCP - mode:0 slotId:1, apMac 0x0:1c:b1:6:ee:a0
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy WLAN LOCP EssIndex:2 aid:1 ssid:NPT-SECURE
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x0 protocol2:0x1 statuscode 0, reasoncode 99, status 3
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy CCX LOCP 4
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy e2e LOCP 0x1
    *apfLbsTask: Jun 18 11:07:18.319: 00:27:10:c9:91:2c Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jun 18 11:07:19.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:19.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:19.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 11)
    *osapiBsnTimer: Jun 18 11:07:20.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:20.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:20.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 12)
    *osapiBsnTimer: Jun 18 11:07:21.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:21.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:21.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 13)
    *osapiBsnTimer: Jun 18 11:07:22.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:22.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:22.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 14)
    *osapiBsnTimer: Jun 18 11:07:23.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:23.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:23.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 15)
    *osapiBsnTimer: Jun 18 11:07:24.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:24.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:24.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 16)
    *osapiBsnTimer: Jun 18 11:07:25.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:25.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:25.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 17)
    *osapiBsnTimer: Jun 18 11:07:26.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:26.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:26.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 18)
    *osapiBsnTimer: Jun 18 11:07:27.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:27.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:27.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 19)
    *osapiBsnTimer: Jun 18 11:07:28.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:28.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:28.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 20)
    *osapiBsnTimer: Jun 18 11:07:29.317: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:29.318: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:29.318: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 21)
    *dot1xMsgTask: Jun 18 11:07:29.318: 00:27:10:c9:91:2c Reached Max EAP-Identity Request retries (21) for STA 00:27:10:c9:91:2c
    *dot1xMsgTask: Jun 18 11:07:29.318: 00:27:10:c9:91:2c Sent Deauthenticate to mobile on BSSID 00:1c:b1:06:ee:a0 slot 1(caller 1x_auth_pae.c:3121)
    *dot1xMsgTask: Jun 18 11:07:29.319: 00:27:10:c9:91:2c Scheduling deletion of Mobile Station:  (callerId: 6) in 10 seconds
    *dot1xMsgTask: Jun 18 11:07:29.319: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Disconnected state
    *dot1xMsgTask: Jun 18 11:07:29.319: 00:27:10:c9:91:2c Not sending EAP-Failure for STA 00:27:10:c9:91:2c
    *spamReceiveTask: Jun 18 11:07:29.979: 00:27:10:c9:91:2c Received Idle-Timeout from AP 00:1d:71:0a:de:70, slot 1 for STA 00:27:10:c9:91:2c
    *spamReceiveTask: Jun 18 11:07:29.979: 00:27:10:c9:91:2c Warning, ignore the DELETE_MOBILE_PAYLOAD from AP: 00:1d:71:0a:de:70, slot 1. STA connecting AP: 00:1c:b1:06:ee:a0, slot 1
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Association received from mobile on AP 00:1d:71:0a:de:70
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1633)
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Applying site-specific IPv6 override for station 00:27:10:c9:91:2c - vapId 2, site 'none', interface 'management'
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Applying IPv6 Interface Policy for station 00:27:10:c9:91:2c - vlan 0, interface id 0, interface 'management'
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Processing RSN IE type 48, length 22 for mobile 00:27:10:c9:91:2c
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Received RSN IE with 0 PMKIDs from mobile 00:27:10:c9:91:2c
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [00:1c:b1:06:ee:a0]
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Updated location for station old AP 00:1c:b1:06:ee:a0-1, new AP 00:1d:71:0a:de:70-1
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 00:1d:71:0a:de:70 vapId 2 apVapId 2for this client
    *apfMsConnTask_0: Jun 18 11:07:30.834: 00:27:10:c9:91:2c Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:1d:71:0a:de:70 vapId 2 apVapId 2
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:27:10:c9:91:2c on AP 00:1d:71:0a:de:70 from Associated to Associated
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c Stopping deletion of Mobile Station: (callerId: 48)
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c Sending Assoc Response to station on BSSID 00:1d:71:0a:de:70 (status 0) ApVapId 2 Slot 1
    *apfMsConnTask_0: Jun 18 11:07:30.835: 00:27:10:c9:91:2c apfProcessAssocReq (apf_80211.c:5276) Changing state for mobile 00:27:10:c9:91:2c on AP 00:1d:71:0a:de:70 from Associated to Associated
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c Disable re-auth, use PMK lifetime.
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c Station 00:27:10:c9:91:2c setting dot1x reauth timeout = 0
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c Stopping reauth timeout for 00:27:10:c9:91:2c
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:30.838: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 1)
    *osapiBsnTimer: Jun 18 11:07:31.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:31.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:31.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 2)
    *osapiBsnTimer: Jun 18 11:07:32.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:32.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:32.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 3)
    *osapiBsnTimer: Jun 18 11:07:33.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:33.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:33.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 4)
    *apfLbsTask: Jun 18 11:07:34.318: 00:27:10:c9:91:2c Copy AP LOCP - mode:0 slotId:1, apMac 0x0:1d:71:a:de:70
    *apfLbsTask: Jun 18 11:07:34.319: 00:27:10:c9:91:2c Copy WLAN LOCP EssIndex:2 aid:1 ssid:NPT-SECURE
    *apfLbsTask: Jun 18 11:07:34.319: 00:27:10:c9:91:2c Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jun 18 11:07:34.319: 00:27:10:c9:91:2c Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x0 protocol2:0x1 statuscode 0, reasoncode 99, status 3
    *apfLbsTask: Jun 18 11:07:34.320: 00:27:10:c9:91:2c Copy CCX LOCP 4
    *apfLbsTask: Jun 18 11:07:34.320: 00:27:10:c9:91:2c Copy e2e LOCP 0x1
    *apfLbsTask: Jun 18 11:07:34.320: 00:27:10:c9:91:2c Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jun 18 11:07:34.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:34.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:34.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 5)
    *osapiBsnTimer: Jun 18 11:07:35.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:35.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:35.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 6)
    *osapiBsnTimer: Jun 18 11:07:36.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:36.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:36.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 7)
    *osapiBsnTimer: Jun 18 11:07:37.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:37.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:37.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 8)
    *osapiBsnTimer: Jun 18 11:07:38.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:38.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state
    *dot1xMsgTask: Jun 18 11:07:38.718: 00:27:10:c9:91:2c Sending EAP-Request/Identity to mobile 00:27:10:c9:91:2c (EAP Id 9)
    *osapiBsnTimer: Jun 18 11:07:39.717: 00:27:10:c9:91:2c 802.1x 'txWhen' Timer expired for station 00:27:10:c9:91:2c and for message = M0
    *dot1xMsgTask: Jun 18 11:07:39.718: 00:27:10:c9:91:2c dot1x - moving mobile 00:27:10:c9:91:2c into Connecting state

  • Push cert error with creating App

    The push cert should be expired on Jun 23, 2014
    But the App Builder give be this error, do anyone knows what's happening?
    I've tried to remove the cert in keychain and download them from Apple again. But got the same error message(the time did not change).

    This is a known issue with App Builder in release 26 where newly-created certificates aren't considered valid until several hours after the actual creation time. If you wait until the time listed in the dialog they will work. Some customers have had success setting their system clock forward to after that time and then building.
    We have a fix for this in release 27, due mid-July.
    Neil

  • Import of gmail cert errors out - [ERROR]   - Failed import certificate: gmail

    I am trying to use javamail to read mail from gmail. When I try to import the ssl cert from the comman line it errorsout
    java -jar lib/javacloud.jar add-ssl-certificates -user user -serviceinstance serviceinstance -identitydomain identitydomain -path /Users/user/gmailssl/ssl.cer -datacenter us2 -alias gmail
    [ERROR]   - Failed import certificate: gmail, content: -----BEGIN CERTIFICATE-----
                LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVkakNDQTE2Z0F3SUJBZ0lJ
                R2NNRjdqZVZNb0F3RFFZSktvWklodmNOQVFFRkJRQXdTVEVMTUFrR0ExVUUKQmhN
                Q1ZWTXhFekFSQmdOVkJBb1RDa2R2YjJkc1pTQkpibU14SlRBakJnTlZCQU1USEVk
                dmIyZHNaU0JKYm5SbApjbTVsZENCQmRYUm9iM0pwZEhrZ1J6SXdIaGNOTVRRd056
                RTFNRGcwTURNNFdoY05NVFV3TkRBME1UVXhOVFUxCldqQm9NUXN3Q1FZRFZRUUdF
                d0pWVXpFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d04K
                VFc5MWJuUmhhVzRnVm1sbGR6RVRNQkVHQTFVRUNnd0tSMjl2WjJ4bElFbHVZekVY
                TUJVR0ExVUVBd3dPYzIxMApjQzVuYldGcGJDNWpiMjB3Z2dFaU1BMEdDU3FHU0li
                M0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3U0dk9yCkxneU5zSGljeEJPUmdP
                Mk9PZlhLeEVLYjgzME56TnU2ZWx1YmJmMVQ0NUdpbEIzZkhnRFFKRUxSeWRUUlpp
                bG8KRWZ2NzVBZzd1UlFNL00xdGsrMWgxOHdEcEpaZW0rekZtSmNzMzBjY0JOMjFD
                bkN2cXNJRVlKTXlZM2tjVjR2RAp4NDRieDZWdkVBbUo5L2tpRko3eFJVbENjaHU1
                WVZPRm9Wa01hRWF4M1VXYjVGdGk5cGU4VmdZZGFzdWs1M2FlCjhadUlyNHBGZXc5
                ZnJheE9lLzZMWEVhUE1TdzYyMktTV3B5Sy9HVWJhQXAwN2hWMTFjK0xWZ2psVURU
                Z0ErMmsKbkRpZ1dyZGIreUxMOUh2M1dOTFdqRUFIRldoRWNlNVF3VjNTTjhKTGdh
                M1JidzJOM2xxOWFma1F0T25rSmdkTQpVRzR4a1VIR3FzY2dnTURKQWdNQkFBR2pn
                Z0ZCTUlJQlBUQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJCkt3WUJCUVVI
                QXdJd0dRWURWUjBSQkJJd0VJSU9jMjEwY0M1bmJXRnBiQzVqYjIwd2FBWUlLd1lC
                QlFVSEFRRUUKWERCYU1Dc0dDQ3NHQVFVRkJ6QUNoaDlvZEhSd09pOHZjR3RwTG1k
                dmIyZHNaUzVqYjIwdlIwbEJSekl1WTNKMApNQ3NHQ0NzR0FRVUZCekFCaGg5b2RI
                UndPaTh2WTJ4cFpXNTBjekV1WjI5dloyeGxMbU52YlM5dlkzTndNQjBHCkExVWRE
                Z1FXQkJTYW5aQnZZK1JuajBIcXVKbWFlOUFKdndpQ3pUQU1CZ05WSFJNQkFmOEVB
                akFBTUI4R0ExVWQKSXdRWU1CYUFGRXJkQmhZYnZQWm90WGIxZ2JhN1locTZXb0V2
                TUJjR0ExVWRJQVFRTUE0d0RBWUtLd1lCQkFIVwplUUlGQVRBd0JnTlZIUjhFS1RB
                bk1DV2dJNkFoaGg5b2RIUndPaTh2Y0d0cExtZHZiMmRzWlM1amIyMHZSMGxCClJ6
                SXVZM0pzTUEwR0NTcUdTSWIzRFFFQkJRVUFBNElCQVFDVm9HQU9LWm9pbDRzTkFZ
                dmxiOXV4Tm1XcVFxeWgKcWwwRDFiZXdiTHhzM0RTVldTZTJEaFBqamhkTUhNVGNN
                cEIralF6QWJHeFZZaXVOTGRxTGwxWGNkZTdFVW1vMQpLSlVHelRPMDQ2aysxMUxZ
                Vk94RVhMQmU1czNGRituaUZKYnk3WEZnbUkzeU10NGJsSE41dEhtLzdKaWpMMUlw
                CnZrY3N5bk9uT3dBRUhlaEkxVTEyTjBKRXBrY29ldE02TUE4Y0d0bjc0RVBUYXM0
                TnBhK21UTm8zc2VIOGlZNDMKNEw0aG5zdWJYTWhjUVE5SVFNUHRLdVpZTlVYa2xO
                L05TMGY2OUJlKzNIUVJUT2xqdEN4ZHBtL3YvZW1IUGp3ZwovQ3d1KzU4ZlpLK2Zs
                UTFQUWNZMjRDZ3Q3RUYwUit1cW81SWwzQ0d1Q2dyZDRKeEpOTXVHY3NHUwotLS0t
                LUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
                -----END CERTIFICATE-----
    I noticed that the content within the CERT is different. Not sure if that is relevant.

    I am not sure what the "store.connect()" does, based on the exceptions seems to be trying to make non-https connection which based on the documentation is not supported:
    Unsupported Features
    Alternative
    Remote invocations with a transport protocol other than HTTPS (including plain text HTTP).
    Not applicable.
    Jani Rautiainen
    Fusion Applications Developer Relations
    https://blogs.oracle.com/fadevrel/

  • APNS cert errors

    I've had a repeat of this error from a few days ago. Does any one know the correct way to name the push notification certs?
    I got them accepted the other day, but I had to recreate them, then when I named them the same as before...error again
    I named production: Production_push_notification.p12 this was accepted before, now it 's rejected!   Ah the joys!....I'm sure it's me as ever!!

    I solved the problem, there seems to be a different way that DPS accepts the Certificates,
    The certs I was using were created a year ago, and up till now, when in Keychain access I would click on the cert to get the drop down.
    I would then click on the drop down cert, and export that one as a .p12 - that has worked for me for the last 12 months.
    Now that I've renewed the certs, this process didnt work, and I was getting the error message shown in the attachment.
    For some reason I decided to export the p12 cert from just clicking on the main cert in keychain, ie not click on the drop down version.
    this works!
    Dont know if DPS has changed, or keychain, or what. It would be interesting to hear anyones thoughts.
    Hope all this makes sense :-)

  • Azure remote Cert error

    Hi all
    I have been trying to change my azure dns setting so I can specify a static DNS .
    followed the guide here http://blogs.technet.com/b/cbernier/archive/2014/11/14/azure-dns-and-static-ips.aspx
    then was getting an error connecting as I do not have a trusted third party cert installed.
    then followed the guide here https://gallery.technet.microsoft.com/scriptcenter/Configures-Secure-Remote-b137f2fe to run the ps script to install it I get the error
    VERBOSE: 10:04:11 a.m. - Completed Operation: Get Deployment
    Get-AzureCertificate : Cannot validate argument on parameter 'Thumbprint'. The argument is null or empty. Provide an
    argument that is not null or empty, and then try the command again.
    At C:\InstallWinRMCertAzureVM.ps1:54 char:83
    + ... me -Thumbprint $WinRMCert -ThumbprintAlgorithm sha1
    +                    ~~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Get-AzureCertificate], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.WindowsAzure.Commands.ServiceManagement.Certi
       ficates.GetAzureCertificate
    New-Object : Exception calling ".ctor" with "1" argument(s): "Cannot find the requested object.
    At C:\InstallWinRMCertAzureVM.ps1:60 char:18
    +     $CertToImport = New-Object System.Security.Cryptography.X509Certificates.X509Ce ...
    +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
        + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
    Exception calling "Add" with "1" argument(s): "Value cannot be null.
    Parameter name: certificate"
    At C:\InstallWinRMCertAzureVM.ps1:64 char:2
    +     $store.Add($CertToImport)
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : ArgumentNullException
    I then followed this up with trying to manually export and install the cert on my PC but get
    PS C:\> Enter-PSSession -ComputerName ***.cloudapp.net -Port **** -Credential [email protected] -UseSSL
    Enter-PSSession : Connecting to remote server ubtbes.cloudapp.net failed with the following error message : The server
    certificate on the destination computer (****.cloudapp.net:****) has the following errors:
    The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the
    about_Remote_Troubleshooting Help topic.
    At line:1 char:1
    + Enter-PSSession -ComputerName ****.cloudapp.net -Port **** -Credential troy@fi ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (ubtbes.cloudapp.net:String) [Enter-PSSession], PSRemotingTransportExce
       ption
        + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
    Would really appreciate any advice on either fixing this cert problem so I can connect or how I can connect not using ssl?
    Kind regards
    Troy

    Hi Troy,
    Had the Azure VM been added into the a virtual network? If yes, you just need to add the IP address of a DNS server into the Virtual network in Azure management portal and then restart the VM to update the changes.
    http://msdn.microsoft.com/en-us/library/azure/dn275925.aspx
    Best regards,
    Susie
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • ACS repository error

    Hello,
    We are are running ACS 5.0 and trying to backup ACS log files but the backup fails and we have the following error :
    TNAACSCS01A5/admin# show repository repacs
    *** glibc detected *** free(): invalid pointer: 0xbffdddf8 ***
    ¸Þý¿hˈﷀ
    ¸ï·hËÊ
    % Internal error during command execution
    TNAACSCS01A5/admin#
    The repository has been created with the followinf commands :
    repository repacs
    url sftp://172.16.5.12/acs 
    user UserForSec password plain xxxxxxxx
    We reloaded the appliance but the error is the same. We removed and then recreated the repository but same problem. Any idea how to fix this ?
    We cannot even upgrade the ACS because we are not able to backup the config...
    Thank you in advance for your help.

    Hi,
    It looks like you have a corruption there.
    I would advise to open a case with TAC to see if it is possible to correct it...
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • After upgrade to 10.10, can't send email (SMTP cert. error).  On previous version running on another machine, can still send find.  This new version is missing the "Usual Ports" checkbox option.  Can someone please help?

    I just upgraded to 10.10.  On the mail program, one of my accounts is having an issue sending email.  I am getting the following error message:
    The certificate for this server is invalid.
    Select a different outgoing mail server from the list below or click Try Later to leave the message in your Outbox until it can be sent.
    But on another machine running Mavericks, I can still continue to send email.  The same is try from my iPhone 5S.
    On that machine running Mavericks the SMTP is configured as SSL and for "Usual Ports" (25, 465, 587) but THIS OPTION IS MISSING ON THE NEW VERSION.  On the new version I have tried configuring the port to 25 and then 465 and 587 with no success.  I have used the Network Utility to see if my provider is blocking me -- it is not.  I have no third-party software on this machine (anti virus).  I can receive email fine.  On the new Yosemitie Mail there are new checkbox options of Automatically check my settings and Allow unsecure connections.  I tried to uncheck SSL for SMTP but then it says it cannot send securely my passowrd and i need to check the option "Allow to send unsecurely".  I did that but the same error message keeps appearing.  So I have tried nearly everything I have been able to, all to no avail.  Please can somebody help?

    Thanks for your reply.  Yes, it is a POP account.  Incoming mail is fine.  My port for incoming is also 110.  But the outgoing port should be 587 (or 24, 465 and 587 as on Mavericks' "Usual Ports" option).  I am using the same configuration across three different devices and only the machine running Yosemite is having issues.  I notice in the new version of Mail there is no longer the "Usual Ports" option.  I am not sure this is the culprit or not.  But the fact is no matter how I configure it, it will not send mail for these particular servers.  I have multiple clients and only one is affected, meaning I can send email from other email addresses (different hosting contracts) on Yosemite but on this one particular one I cannot. 

Maybe you are looking for

  • How I resolved the #-34506 error

    Hi everybody, I've often fallen on the -34506 error during encoding, but only with projects during around one hour. Though I've found the suggestions on these pages useful (Check the chapter markers. Have lots of free space on the startup drive. Clea

  • Brand New DUAL 23inch monitors HELLLLP!!!

    Hello All, I have a dual quad core mac pro with 8 gigs of ram and two 23inch monitors..my primary monitor seems fine but my secondary one is sometimes flickering in certain secitions and color will not match no matter what i do...if i open somethin t

  • Multiple Columns in MiniTOC

    In RoboHelp 9, I know the MiniTOC is pretty much locked down tight so that it's manipulation is quite limited, but is there a way to create a minitoc that displays the items in columns? Some topics have many headings that are included in the MiniTOC

  • I need a fix for adobe reader download error

    The same error message has been popping up when I try to download the adobe pdf reader. Here is the image: I have tried every single fix that I have found in the discussions and forums. None have worked for me. Can someone please tell me if there is

  • What is the FCPX equivalent to sequences?

    I have a large project, in which I want to work with each sequence on its own. In FCP 7 I would create sequences and work inside those, collecting them in a master sequence. But in FCPX there doesn't seem to be any equivalent, so what do people do?