AnyConnect 2.5 - Client-to-client connectivity: Intra-interface configuration

Similar Messages

• Anyconnect client and clientless connections hang for two users

  ASA 5525, v. 9.1(5)19
  Anyconnect client 3.1.02026
  I have two users who are unable to connect via the AC client or clientless through the web portal. Using the client, it will get stuck in a loop of "checking for updates". On the portal, the connection will proceed to the point of "Cisco Secure Desktop successfully validated... Success.. Reloading..please wait." Then it hangs there.
  The issue occurs for the user regardless of which company laptop she logs onto. A help desk tech can use her laptop and successfully connect, but she cannot connect on her own laptop or on another laptop. (Same for the other user.) So the issue doesn't seem to be related to her laptop or the AC installation. (Help desk did reimage her machine early in the troubleshooting process before they realized that the issue seemed to follow the user.)
  I've updated the hostscan file - no change in results.  Client and clientless connections seem to be working fine for all other users. We're stumped.  Suggestions, anyone?  thanks!

  The LDAP should be server folks -- Active Directory.  Chances are whoever manages the ASA's should have access to at least look in Active Directory to look that up.  If they don't they need it.
  I obviously don't know a lot about what devices you are using, but if you are using ISE, there should be some type of MNT device (Monitoring and Troubleshooting) -- which is collecting the logs and, hopefully, sending them to some type of syslog aggregate collection tool (splunk?).
  Otherwise, there should be a device called a CAM (Clean Access Manager) that is collecting logs -- which may also be propagated to a syslog aggregate tool -- although with CAM's, you can pull the reports right out of them in a comma deliminated file (.csv) and go through them that way.
  -- The thing that gets me is that it happens to two users no matter what computer they try to connect from, no matter what network they connect from, and other users can authenticate and gain network access on those same devices.
  -- That is why it is rather perplexing.  Pretty much saying it has to be something with:
  - the IP pool they are getting an IP from
  - their AD credentials
  - their username
  - something along those lines, if the information provided was fully accurate.

• ASA 5505 AnyConnect VPN Can RDP to clients but can't ping/icmp

  Hello all,
  I've been searching all day for a solution to this problem. I setup and SSL anyconnect VPN on my Cisco ASA 5505. It works well and connects with out a problem. However, I can't ping any internal clients, but I can RDP to them. It may be something simple and I would appreciate any help. Most of the time people end up posting their config so I will as well.
  MafSecASA# show run
  : Saved
  ASA Version 8.2(1)
  hostname MafSecASA
  domain-name mafsec.com
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.4.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 7.3.3.2 255.255.255.248
  interface Vlan3
  no forward interface Vlan1
  nameif dmz
  security-level 50
  ip address 172.20.1.1 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  speed 100
  duplex full
  interface Ethernet0/1
  speed 100
  duplex full
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  switchport access vlan 3
  ftp mode passive
  clock timezone EST -5
  clock summer-time EDT recurring
  dns server-group DefaultDNS
  domain-name mafsec.com
  same-security-traffic permit intra-interface
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object ip
  protocol-object tcp
  protocol-object udp
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_2
  protocol-object ip
  protocol-object udp
  protocol-object tcp
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_3
  protocol-object ip
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_4
  protocol-object ip
  protocol-object icmp
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended permit ip any any
  access-list inside_access_in remark allow remote users to internal users
  access-list inside_access_in remark allow remote users to internal users
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list outside_access_in extended permit icmp any any
  access-list inside_split_tunnel standard permit 10.4.0.0 255.255.255.0
  access-list inside_split_tunnel standard permit 10.5.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu dmz 1500
  ip local pool SSLVPNPool2 10.5.0.1-10.5.0.254 mask 255.255.255.0
  ip verify reverse-path interface outside
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound_1
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 7.3.3.6 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication enable console LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 10.4.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 5
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 10.4.0.0 255.255.255.0 inside
  ssh timeout 5
  ssh version 2
  console timeout 0
  dhcpd option 6 ip 8.8.8.8 8.8.4.4
  dhcpd address 10.4.0.15-10.4.0.245 inside
  dhcpd dns 8.8.8.8 8.8.4.4 interface inside
  dhcpd lease 86400 interface inside
  dhcpd option 3 ip 10.4.0.1 interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable outside
  svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 1
  svc image disk0:/anyconnect-macosx-i386-2.5.3055-k9.pkg 2
  svc enable
  tunnel-group-list enable
  group-policy SSLVPN internal
  group-policy SSLVPN attributes
  dns-server value 8.8.8.8 8.8.4.4
  vpn-tunnel-protocol svc
  group-lock none
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value inside_split_tunnel
  vlan none
  address-pools value SSLVPNPool2
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  username user1 password
  username user1 attributes
  service-type remote-access
  username user2 password
  tunnel-group SSLVPNGROUP type remote-access
  tunnel-group SSLVPNGROUP general-attributes
  address-pool SSLVPNPool2
  default-group-policy SSLVPN
  tunnel-group SSLVPNGROUP webvpn-attributes
  group-alias SSLVPN enable
  prompt hostname context
  Cryptochecksum:3b16cbc9bbdfa20e6987857c1916a396
  : end
  Thank in advance for any help!

  Your config actually looks good (you have the ACL that would allow the echo-reply back since you don't have inspection turned on) - are you sure this isn't a windows firewall issue on the PCs?  I'd try pinging a router or switch just to make sure.
  --Jason

• Cisco ASA 5505 IPsec client VPN - Cannot connect to local hosts

  I have created a Cisco IPsec vpn on my ASA using the VPN creation wizard. I am able to successfully connect to the vpn and seemingly join the network, but after I connect I am unable to connect to or ping any of the hosts on the network.
  Checking the ASA I can see that a VPN session is open and my client reports that it is connected. If I attempt to ping the client from the ASA all packets are dropped.
  I suspect it may be an issue with my firewall, but I am not really sure where to begin.
  Here is a copy of my config, any pointers or tips are aprpeciated:
  hostname mcfw
  enable password Pt8fQ27yMZplioYq encrypted
  passwd 2qaO2Gd6IBRkrRFm encrypted
  names
  interface Ethernet0/0
  switchport access vlan 400
  interface Ethernet0/1
  switchport access vlan 400
  interface Ethernet0/2
  switchport access vlan 420
  interface Ethernet0/3
  switchport access vlan 420
  interface Ethernet0/4
  switchport access vlan 450
  interface Ethernet0/5
  switchport access vlan 450
  interface Ethernet0/6
  switchport access vlan 500
  interface Ethernet0/7
  switchport access vlan 500
  interface Vlan400
  nameif outside
  security-level 0
  ip address 58.13.254.10 255.255.255.248
  interface Vlan420
  nameif public
  security-level 20
  ip address 192.168.20.1 255.255.255.0
  interface Vlan450
  nameif dmz
  security-level 50
  ip address 192.168.10.1 255.255.255.0
  interface Vlan500
  nameif inside
  security-level 100
  ip address 192.168.0.1 255.255.255.0
  ftp mode passive
  clock timezone JST 9
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group network DM_INLINE_NETWORK_1
  network-object host 58.13.254.11
  network-object host 58.13.254.13
  object-group service ssh_2220 tcp
  port-object eq 2220
  object-group service ssh_2251 tcp
  port-object eq 2251
  object-group service ssh_2229 tcp
  port-object eq 2229
  object-group service ssh_2210 tcp
  port-object eq 2210
  object-group service DM_INLINE_TCP_1 tcp
  group-object ssh_2210
  group-object ssh_2220
  object-group service zabbix tcp
  port-object range 10050 10051
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq www
  group-object zabbix
  port-object eq 9000
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service http_8029 tcp
  port-object eq 8029
  object-group network DM_INLINE_NETWORK_2
  network-object host 192.168.20.10
  network-object host 192.168.20.30
  network-object host 192.168.20.60
  object-group service imaps_993 tcp
  description Secure IMAP
  port-object eq 993
  object-group service public_wifi_group
  description Service allowed on the Public Wifi Group. Allows Web and Email.
  service-object tcp-udp eq domain
  service-object tcp-udp eq www
  service-object tcp eq https
  service-object tcp-udp eq 993
  service-object tcp eq imap4
  service-object tcp eq 587
  service-object tcp eq pop3
  service-object tcp eq smtp
  access-list outside_access_in remark http traffic from outside
  access-list outside_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 eq www
  access-list outside_access_in remark ssh from outside to web1
  access-list outside_access_in extended permit tcp any host 58.13.254.11 object-group ssh_2251
  access-list outside_access_in remark ssh from outside to penguin
  access-list outside_access_in extended permit tcp any host 58.13.254.10 object-group ssh_2229
  access-list outside_access_in remark http from outside to penguin
  access-list outside_access_in extended permit tcp any host 58.13.254.10 object-group http_8029
  access-list outside_access_in remark ssh from outside to hub & studio
  access-list outside_access_in extended permit tcp any host 58.13.254.13 object-group DM_INLINE_TCP_1
  access-list outside_access_in remark dns service to hub
  access-list outside_access_in extended permit object-group TCPUDP any host 58.13.254.13 eq domain
  access-list dmz_access_in extended permit ip 192.168.10.0 255.255.255.0 any
  access-list dmz_access_in extended permit tcp any host 192.168.10.251 object-group DM_INLINE_TCP_2
  access-list public_access_in remark Web access to DMZ websites (mediastudio/civicrm)
  access-list public_access_in extended permit object-group TCPUDP any object-group DM_INLINE_NETWORK_2 eq www
  access-list public_access_in remark General web access. (HTTP, DNS & ICMP and  Email)
  access-list public_access_in extended permit object-group public_wifi_group any any
  access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.20.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip any 192.168.0.80 255.255.255.240
  access-list inside_nat0_outbound extended permit ip any 192.168.0.64 255.255.255.192
  pager lines 24
  logging enable
  logging timestamp
  logging buffered notifications
  logging trap notifications
  logging asdm debugging
  logging from-address [email protected]
  logging recipient-address [email protected] level warnings
  logging host dmz 192.168.10.90 format emblem
  logging permit-hostdown
  mtu outside 1500
  mtu public 1500
  mtu dmz 1500
  mtu inside 1500
  ip local pool OfficePool 192.168.0.80-192.168.0.90 mask 255.255.255.0
  ip local pool VPN_Pool 192.168.0.91-192.168.0.99 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 60
  global (outside) 1 interface
  global (dmz) 2 interface
  nat (public) 1 0.0.0.0 0.0.0.0
  nat (dmz) 1 0.0.0.0 0.0.0.0
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp interface 2229 192.168.0.29 2229 netmask 255.255.255.255
  static (inside,outside) tcp interface 8029 192.168.0.29 www netmask 255.255.255.255
  static (dmz,outside) 58.13.254.13 192.168.10.10 netmask 255.255.255.255 dns
  static (dmz,outside) 58.13.254.11 192.168.10.30 netmask 255.255.255.255 dns
  static (inside,dmz) 192.168.10.0 192.168.0.0 netmask 255.255.255.0 dns
  static (dmz,inside) 192.168.0.251 192.168.10.251 netmask 255.255.255.255
  static (dmz,public) 192.168.20.30 192.168.10.30 netmask 255.255.255.255 dns
  static (dmz,public) 192.168.20.10 192.168.10.10 netmask 255.255.255.255 dns
  access-group outside_access_in in interface outside
  access-group public_access_in in interface public
  access-group dmz_access_in in interface dmz
  route outside 0.0.0.0 0.0.0.0 58.13.254.9 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.0.0 255.255.255.0 inside
  http 59.159.40.188 255.255.255.255 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sysopt noproxyarp dmz
  sysopt noproxyarp inside
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map inside_map interface inside
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto map public_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map public_map interface public
  crypto isakmp enable outside
  crypto isakmp enable public
  crypto isakmp enable inside
  crypto isakmp policy 5
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 59.159.40.188 255.255.255.255 outside
  ssh 192.168.0.0 255.255.255.0 inside
  ssh timeout 20
  console timeout 0
  dhcpd dns 61.122.112.97 61.122.112.1
  dhcpd auto_config outside
  dhcpd address 192.168.20.200-192.168.20.254 public
  dhcpd enable public
  dhcpd address 192.168.10.190-192.168.10.195 dmz
  dhcpd enable dmz
  dhcpd address 192.168.0.200-192.168.0.254 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  threat-detection statistics host number-of-rate 2
  no threat-detection statistics tcp-intercept
  ntp server 130.54.208.201 source public
  webvpn
  group-policy DefaultRAGroup internal
  group-policy DefaultRAGroup attributes
  dns-server value 61.122.112.97 61.122.112.1
  vpn-tunnel-protocol l2tp-ipsec
  group-policy CiscoASA internal
  group-policy CiscoASA attributes
  dns-server value 61.122.112.97 61.122.112.1
  vpn-tunnel-protocol IPSec
  username mcit password 4alT9CZ8ayD8O8Xg encrypted privilege 15
  tunnel-group DefaultRAGroup general-attributes
  address-pool VPN_Pool
  default-group-policy DefaultRAGroup
  tunnel-group DefaultRAGroup ipsec-attributes
  pre-shared-key *****
  tunnel-group ocmc type remote-access
  tunnel-group ocmc general-attributes
  address-pool OfficePool
  tunnel-group ocmc ipsec-attributes
  pre-shared-key *****
  tunnel-group CiscoASA type remote-access
  tunnel-group CiscoASA general-attributes
  address-pool VPN_Pool
  default-group-policy CiscoASA
  tunnel-group CiscoASA ipsec-attributes
  pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
  service-policy global_policy global
  smtp-server 192.168.10.10
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:222d6dcb583b5f5abc51a2251026f7f2
  : end
  asdm location 192.168.10.10 255.255.255.255 inside
  asdm location 192.168.0.29 255.255.255.255 inside
  asdm location 58.13.254.10 255.255.255.255 inside
  no asdm history enable

  Hi Conor,
  What is your local net ? I see only one default route for outside network. Dont you need a route inside for your local network.
  Regards,
  Umair

• Client unable to connect to Oracle 10g on linux

  I have installed Oracle 10g on an Intel box running RedHat AS 3.0. The database installation was succesful but I am unable to connect to it from the client on my laptop running Oracle 10g client and Winfdows XP Pro. The server ip is 192.168.1.10 and I can ping it from the client:
  C:\>ping attila.n3kje.net
  Pinging attila.n3kje.net [192.168.1.10] with 32 bytes of data:
  Reply from 192.168.1.10: bytes=32 time<1ms TTL=64
  Reply from 192.168.1.10: bytes=32 time<1ms TTL=64
  Reply from 192.168.1.10: bytes=32 time<1ms TTL=64
  Reply from 192.168.1.10: bytes=32 time<1ms TTL=64
  Ping statistics for 192.168.1.10:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
  Minimum = 0ms, Maximum = 0ms, Average = 0ms
  Here is some info about the 2 environments:
  [oracle@attila bin]$ uname -a
  Linux attila.n3kje.net 2.4.21-9.0.1.ELsmp #1 SMP Mon Feb 9 22:26:51 EST 2004 i686 i686 i386 GNU/Linux
  Server hosts file
  ======================================================
  # Do not remove the following line, or various programs
  # that require network functionality will fail.
  127.0.0.1 attila.n3kje.net attila localhost.localdomain localhost
  hostname output
  ======================================================
  [root@attila root]# hostname
  attila.n3kje.net
  ifconfig output
  =======================================================
  [root@attila root]# ifconfig
  eth0 Link encap:Ethernet HWaddr 00:C0:9F:1D:0C:C8
  inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX packets:13772171 errors:0 dropped:0 overruns:0 frame:0
  TX packets:13748842 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:1269613311 (1210.7 Mb) TX bytes:4065314800 (3876.9 Mb)
  Interrupt:16 Base address:0xecc0 Memory:fe100000-fe120000
  lo Link encap:Local Loopback
  inet addr:127.0.0.1 Mask:255.0.0.0
  UP LOOPBACK RUNNING MTU:16436 Metric:1
  RX packets:5513840 errors:0 dropped:0 overruns:0 frame:0
  TX packets:5513840 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:865454291 (825.3 Mb) TX bytes:865454291 (825.3 Mb)
  Client TNSNAMES.ORA
  ======================================================
  # tnsnames.ora Network Configuration File: C:\Oracle\product\10.1.0\Client_1\NETWORK\ADMIN\tnsnames.ora
  # Generated by Oracle configuration tools.
  ORACLE10G =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.10)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = DEV10G)
  PRDSRR =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.10)(PORT = 1521))
  (CONNECT_DATA =
  (SERVICE_NAME = dev10g)
  Client SQLNET.ORA
  ======================================================
  # sqlnet.ora Network Configuration File: C:\Oracle\product\10.1.0\Client_1\network\admin\sqlnet.ora
  # Generated by Oracle configuration tools.
  SQLNET.AUTHENTICATION_SERVICES= (NTS)
  NAMES.DIRECTORY_PATH= (EZCONNECT, TNSNAMES)
  Server TNSNAMES.ORA
  ======================================================
  # tnsnames.ora Network Configuration File: /u01/app/oracle/product/10.1.0/db_1/n
  etwork/admin/tnsnames.ora
  # Generated by Oracle configuration tools.
  DEV10G =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = attila.n3kje.net)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = DEV10G)
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)
  Server LISTENER.ORA
  ======================================================
  # listener.ora Network Configuration File: /u01/app/oracle/product/10.1.0/db_1/n
  etwork/admin/listener.ora
  # Generated by Oracle configuration tools.
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = /u01/app/oracle/product/10.1.0/db_1)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = attila.n3kje.net)(PORT = 1521))
  Results from the TNSPING command issued at the client
  =================================================================
  C:\>tnsping prdsrr
  TNS Ping Utility for 32-bit Windows: Version 10.1.0.2.0 - Production on 02-APR-2
  004 09:26:11
  Copyright (c) 1997, 2003, Oracle. All rights reserved.
  Used parameter files:
  C:\Oracle\product\10.1.0\Client_1\network\admin\sqlnet.ora
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)
  (HOST = 192.168.1.10)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = dev10g)))
  TNS-12541: TNS:no listener
  C:\>tnsping oracle10g
  TNS Ping Utility for 32-bit Windows: Version 10.1.0.2.0 - Production on 02-APR-2
  004 09:26:38
  Copyright (c) 1997, 2003, Oracle. All rights reserved.
  Used parameter files:
  C:\Oracle\product\10.1.0\Client_1\network\admin\sqlnet.ora
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)
  (HOST = 192.168.1.10)(PORT = 1521))) (CONNECT_DATA = (SERVER = DEDICATED) (SERVI
  CE_NAME = DEV10G)))
  TNS-12541: TNS:no listener
  C:\>
  Trying to connect to the database from the server
  ==================================================
  [oracle@attila bin]$ echo $ORACLE_SID
  DEV10G
  [oracle@attila bin]$ ./sqlplus system
  SQL*Plus: Release 10.1.0.2.0 - Production on Fri Apr 2 12:22:29 2004
  Copyright (c) 1982, 2004, Oracle. All rights reserved.
  Enter password:
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - Production
  With the Partitioning, OLAP and Data Mining options
  SQL> exit
  Disconnected from Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - Pr
  oduction
  With the Partitioning, OLAP and Data Mining options
  [oracle@attila bin]$ ./sqlplus system@dev10g
  SQL*Plus: Release 10.1.0.2.0 - Production on Fri Apr 2 12:23:09 2004
  Copyright (c) 1982, 2004, Oracle. All rights reserved.
  Enter password:
  ERROR:
  ORA-12154: TNS:could not resolve the connect identifier specified
  tnsping issued at the server
  ======================================================
  [oracle@attila bin]$ tnsping dev10g
  TNS Ping Utility for Linux: Version 10.1.0.2.0 - Production on 02-APR-2004 12:3
  :44
  Copyright (c) 1997, 2003, Oracle. All rights reserved.
  Used parameter files:
  /u01/app/oracle/product/10.1.0/db_1/network/admin/sqlnet.ora
  TNS-03505: Failed to resolve name
  What am I doing wrong?
  Thanks
  Renato

  Ok, I was able to succesfully connect to the database from the client. I made the following changes to the sqlnet.ora, tnsnames and listener. Here are the changes I made:
  sqlnet.ora
  ==============================
  # SQLNET.ORA Network Configuration File: /u01/app/oracle/product/9.2.0.1.0/netwo
  rk/admin/sqlnet.ora
  # Generated by Oracle configuration tools.
  # NAMES.DIRECTORY_PATH= (EZCONNECT)
  NAMES.DIRECTORY_PATH= (EXCONNECT, TNSNAMES, ONAMES, HOSTNAME)
  listener.ora
  ==============================
  # listener.ora Network Configuration File: /u01/app/oracle/product/10.1.0/db_1/n
  etwork/admin/listener.ora
  # Generated by Oracle configuration tools.
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = /u01/app/oracle/product/10.1.0/db_1)
  (PROGRAM = extproc)
  (SID_DESC =
  (GLOBAL_DBNAME = DEV10G)
  (ORACLE_HOME = /u01/app/oracle/product/10.1.0/db_1)
  (SID_NAME = DEV10G)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.10)(PORT = 1521))
  tnsnames.ora
  ===========================================
  # tnsnames.ora Network Configuration File: /u01/app/oracle/product/10.1.0/db_1/n
  etwork/admin/tnsnames.ora
  # Generated by Oracle configuration tools.
  DEV10G =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.10)(PORT = 1521))
  (CONNECT_DATA =
  (SERVICE_NAME = DEV10G)
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)
  Here is the new problem!
  I start the dbconsole using the folowing command:
  [oracle@attila bin]$ ./emctl start dbconsole
  TZ set to US/Eastern
  Oracle Enterprise Manager 10g Database Control Release 10.1.0.2.0
  Copyright (c) 1996, 2004 Oracle Corporation. All rights reserved.
  http://attila.n3kje.net:5500/em/console/aboutApplication
  Starting Oracle Enterprise Manager 10g Database Control ........................
  ... started.
  Logs are generated in directory /u01/app/oracle/product/10.1.0/db_1/attila.n3kje
  .net_DEV10G/sysman/log
  When I try and access it from the client I get the following error message:
  "The database status is currently unavailable. It is possible that the database is in mount or nomount state. Click 'Startup' to obtain the current status and open the database. If the database cannot be opened, click 'Perform Recovery' to perform an appropriate recovery operation."
  What am I doing wrong this time?
  Your help would be greatly appreciated
  Thanks
  Renato

• SG300 ssh strange error: "A client is already connected"

  Hi,
  I've  got a few SG300-52 switches running software version  1.3.0.62 which I configured for ssh management access with public key  authentication via:
  ip ssh server
  ip ssh pubkey-auth auto-login
  username mgmt password ... privilege 15
  crypto key pubkey-chain ssh
  user-key mgmt rsa
  key-string ...
  This is working fine if I connect interactively from my management system with:
  ssh -i mgmt_id_rsa mgmt@switch
  where mgmt_id_rsa is the name of a file containing the private key.
  I get a privileged command prompt as intended, without being asked for a password.
  However if I try to pass a command on the ssh command line like this:
  ssh -i mgmt_id_rsa mgmt@switch show version
  the command just hangs until I hit the Enter key a second time, and then emits the strange message:
  Received disconnect from 10.11.12.13: 2:
  A client is already connected
  (Exactly like that, including the line break after the "2:" and the blank before "A client".)The same happens if I pipe the command I want to send into ssh like this:
  echo show version | ssh -i mgmt_id_rsa mgmt@switch
  except the error message appears immediately and I don't have to hit Enter a second time.
  This is unfortunate as the objective of the whole exercise is to send commands to the switch from a script.
  Can anyone shed some light on why this is so? What is that strange message "a client is already connected" trying to tell me? Is that another bug in Cisco's ssh implementation? Ideas for a workaround, anyone?
  Thanks,
  Tilman
  PS: I already asked that question over in the "big business" support community before noticing there's a separate small business section, but got no answer there.
  PPS: The real objective of the exercise is to make scripted backups and updates of the switches' configurations, ie. what would be naturally expressed as
  scp -i mgmt_id_rsa mgmt@switch:running-config /var/backup/switch.config
  and
  scp -i mgmt_id_rsa /var/conf/switch.configchange mgmt@switch:running-config
  except it doesn't work that way because the SG300's ssh server lacks scp support. Trying to replace that by
  ssh -i mgmt_id_rsa mgmt@switch copy running-config scp://server/var/backup/switch.config
  and
  ssh -i mgmt_id_rsa mgmt@switch copy scp://server/var/conf/switch.configchange running-config
  led me straight to the problem above. Just in case someone feels inclined to ask the standard forum question: "Why do you want that anyway?" :-)

  Hi all,
  I've improved my expect script a bit to:
  allow specifying the SSH user and keyfile on the command line
  allow sending configuration mode commands
  correctly handle very long commands (line wrap) and commands producing no output
  Extended usage:
  ciscosb-exec confuser@myswitch -i ~/.ssh/confuser_id_rsa -c "ip ssh-client username memyself"
  ciscosb-exec confuser@myswitch -i ~/.ssh/confuser_id_rsa "copy scp://myserver/workdir/myswitch.configchange running-config"
  The "new and improved" script:
  #!/usr/bin/expect
  # Script to run an IOS command on a Cisco Small Business Switch via ssh
  # Prerequisites:
  # - Cisco Sx300 series switch with software version 1.3 or later
  # - public key authentication with auto-logon configured
  # Usage:
  #   ciscosb-exec [] [@]
  # Args:
  #         username on switch
  #         name or IP address of switch
  #      command string to execute
  # Options:
  #   -c          execute in configuration mode
  #   -i use SSH private key from
  #   -d          activate debugging output
  # Result:
  #   Switch response will appear on stdout
  # debug switches
  log_user 0
  exp_internal 0
  # configurable values
  set sshcmd "/usr/bin/ssh -c aes192-cbc"
  # end of configurable values
  # below matches prompts such as "switch#", "switch>", "switch$"
  set prompt "\[>#$\]\ *$"
  # getopt implementation snarfed from http://www2.tcl.tk/17342
  proc getopt {_argv name {_var ""} {default ""}} {
      upvar 1 $_argv argv $_var var
      set pos [lsearch -regexp $argv ^$name]
      if {$pos>=0} {
          set to $pos
          if {$_var ne ""} {
              set var [lindex $argv [incr to]]
          set argv [lreplace $argv $pos $to]
          return 1
      } else {
          if {[llength [info level 0]] == 5} {set var $default}
          return 0
  # parse command line
  set configmode [getopt argv -c]
  getopt argv -i idfile
  if {[getopt argv -d]} {
    log_user 1
    exp_internal 1
  if {[llength $argv] != 2} {
    send_user "Usage: ciscosb-exec \[\] \[@\] \"\"\n"
    send_user "Arguments:\n"
    send_user "        target username (default: current user)\n"
    send_user "          target host name or IP address\n"
    send_user "         command string to execute\n"
    send_user "Options:\n"
    send_user "    -c            execute in configuration mode\n"
    send_user "    -i    use SSH private key from \n"
    send_user "    -d            activate debugging output\n"
    exit 1
  set target [split [lindex $argv 0] @]
  if {[llength $target] == 1} {
    set device [lindex $target 0]
    set userid "$env(USER)"
  } elseif {[llength $target] == 2} {
    set userid [lindex $target 0]
    set device [lindex $target 1]
  } else {
    send_user "bad target: [lindex $argv 0]\n"
    exit 1
  set command [lindex $argv 1]
  if {[info exists idfile]} {
    set sshcmd "$sshcmd -i $idfile"
  eval "spawn $sshcmd -l $userid $device"
  match_max [expr 32 * 1024]
  # handle initial noise
  set timeout 20
  while { 1 } {
    expect {
      # command prompt
      -nocase -re "$prompt"     {break}
      # confirmations (unknown fingerprint etc.)
      -nocase -re "\\(yes/no\\)"  {send "yes\r"}
      # username prompt
      -nocase -re "name:|^login:" {send "$userid\r"}
      # password prompt
      -nocase -re "word:" {send_user "Public key authentication failed\n"; exit}
      # errors
      timeout     {send_user "Timeout waiting for command prompt\n"; exit}
      eof         {send_user "Connect failed: $expect_out(buffer)\n"; exit}
  # disable terminal formatting junk
  send "terminal datadump\r"
  expect {
      -nocase -re "$prompt"     {}
      timeout     {send_user "Timeout waiting for command prompt\n"; exit}
      eof         {send_user "Connection lost: $expect_out(buffer)\n"; exit}
  send "terminal width 0\r"
  expect {
      -nocase -re "$prompt"     {}
      timeout     {send_user "Timeout waiting for command prompt\n"; exit}
      eof         {send_user "Connection lost: $expect_out(buffer)\n"; exit}
  # switch to desired mode
  if {$configmode} {
    send "configure terminal\r"
    expect {
      -nocase -re "$prompt"     {}
      timeout     {send_user "Timeout waiting for command prompt\n"; exit}
      eof         {send_user "Connection lost: $expect_out(buffer)\n"; exit}
  # actual command may take a long time
  set timeout 180
  send "$command\r"
  expect {
      # skip command echo
      -re "$command\[\r\n\]*"   {exp_continue}
      # answer confirmation request
      -nocase -re " \\(Y/N\\).*\? *$" {
          # send confirmation, skip echo
          send "Y"
          expect -re "Y\[\r\n\]*"
          exp_continue
      # collect response, excluding next prompt
      -re "\r\n"                {send_user "$expect_out(buffer)"; exp_continue}
      -nocase -re "$prompt"     {send "exit\r"}
      timeout     {send_user "Timeout waiting for command prompt\n"; exit}
      eof         {send_user "Connection lost: $expect_out(buffer)\n"; exit}
  set timeout 20
  expect {
      # second exit needed for logging out from configuration mode
      -nocase -re "$prompt"     {send "exit\r"}
      timeout     {send_user "Timeout waiting for hangup\n"; exit}
      eof         {exit}
  expect {
      -nocase -re "$prompt"     {puts "Failed to log out, disconnecting"; exit}
      timeout                   {puts "Timeout waiting for hangup"; exit}
      eof                       {exit}
  HTH
  Tilman

• Window 2000 & RMI client losing network connection

  We have a client/server java application communicating via RMI. The application runs perfect when the network is running smoothly. However, once the client loses connectivity with the network, the client runs in offline mode (as expected). However, once the client reestablishes a connection with the network, it is unable to communicate with the Server via RMI. It seems that Windows 2000 reassigns the client's IP address when it goes offline to localhost (127.0.0.1), when the client is reconnected the IP addresses is changed back to the network address, but it is unable to send data to the server running RMI. Any suggestions? We did not experience this problem with Windows NT.

  you need to specify the IP address of the server object from the JVM in which it is exported, using -Djava.rmi.server.hostname argument to the JVM (since the client and server run on one machine, you probably want to set this to 127.0.0.1, I think)

• Unable to access LAN behind RV042 from QUICK VPN Client once it connects

  Hi,
  Very recently, we had implemented Site-to-Site VPN tunnel between two Linksys RV042 4-port VPN routers. Everybody in our remote site is accessing and sharing the data through this tunnel and it is working fine.
  Now, we have a plan to implement the same for our mobile clients also. For this, we had followed all the basic configuration procedures and user got connected to Quick VPN tunnel. Here is a problem we had observed. The mobile client user is connected to the tunnel, but unable to access the office LAN from the PC.
  What's the problem in configuration? What i have to do?
  Thanks
  VC Gundapaneni

  Hi There.
  have a look over here.
  http://www.linksysinfo.org/index.php?threads/netbios-issues-with-vpn.16170/

• Clients unable to connect and get DHCP - LAP1142N AP and 5508 WLC

  Hi,
  I have 19 locations, each with 1 or more LAP1142N AP's in FlexConnect mode, AP's are primed using CAPWAP to my 5508 WLC at the datacenter. The AP's join the WLC without issue every time. I have two WLAN's, one guest and one staff, the guest network is open and obtains DHCP from a WatchGuard XTM33 firewall at each of the remote locations. The staff side is WPA2/RADIUS and DHCP is assigned from the WLC. Each AP is assigned a static IP that is not in the DHCP scope. For example: DHCP scope on the branch firewall is 192.168.1.10-250 the AP will be assigned static IP of 192.168.1.1.. The AP's are connected to a HP procurve switch that has a untagged VLAN, the firewall is using the native vlan 1 and so is the AP.
  I have been running this network for over a year and it has not had a single issue until the last two weeks. Nothing on the network has changed or has been upgraded.
  Now for the issue: The issue I am seeing is that clients are no longer able to connect to the AP and do not get DHCP assigned to them. I am able to get it working, if I remove the static IP from the AP, the AP will reboot, join the controller, then begin working, users can connect and DHCP is assigned from the firewall as it should. However, If the AP then reboots, the AP will join back to the controller but no clients can connect nor do they get a DHCP address. So, I then reassign a static IP to the AP again and it reboots, connects to the controller and clients then can connect and get DHCP.
  Attached is a running config from one of the APs
  I've found several posts on this topic, in fact the patch of unassigning or reassigning static IP is one that I found. However, I wanted to post this to see if there is any further assistance I can get on this. I am also waiting on my SmartNet to start up and will be contacting Cisco support as well.
  Thanks for any help.

  Alright, so I finally figured out the issue with this. I had a Mobility Anchor set on the guest WLAN and once I removed that all started working again.
  What is Mobility Anchor?
  A. Mobility Anchor, also referred to as Guest tunneling or Auto Anchor Mobility, is a feature where all the client traffic that belongs to a WLAN (Specially Guest WLAN) is tunneled to a predefined WLC or set of controllers that are configured as Anchor for that specific WLAN. This feature helps to restrict clients to a specific subnet and have more control over the user traffic. Refer to the Configuring Auto-Anchor Mobility section of Cisco Wireless LAN Controller Configuration Guide, Release 7.0 for more information on this feature.

• Axis2 and wsdl- Exception thrown when client attempting server connection

  Hi all,
  I am trying at the moment to develop an Axis2 server, and test it with a client.
  The server is to provide a soap wsdl service, returning an object request.
  I have generated server code and client code using axis2's wsdl2java tool, and all seemed fine.
  The server I created using this generated code seems to work, so far as i can tell, as I can connect to it through a browser.
  For example, using the browser I can connect to it via:
  http://localhost:8888/services/PersonInfo
  and it gives me a page showing 'Deployed Services', listing the operations available.
  but the funny thing is here that it seems to auto-direct me to another url: http://localhost:8888/axis2/services/ which I have not specified.
  For the server I am using the axis2 supplied SimpleHTTPServer. Here is the complete code excluding the actual generated code:
  public class EmbeddedAxis2Server {
      public static void main(String[] args) throws Exception {
          ConfigurationContext context = ConfigurationContextFactory.
          createConfigurationContextFromFileSystem(null, null);
          AxisService service =
          AxisService.createService(caps.integration.rhos.dk.schema.astraiaservice._2008._04._15.PersonInfo.class.getName(), context.getAxisConfiguration());
          context.getAxisConfiguration().addService(service);
          SimpleHTTPServer server = new SimpleHTTPServer(context, 8888);
          server.start();
  }I can even call the published operation using the browser, via the url:
  http://localhost:8888/axis2/services/PersonInfo/getPersonInfo
  and pass in arguments using the usual form variables syntax.
  HOWEVER!! My problem is (and maybe it is related to the url redirect strangeness I mentioned above, or maybe not), that my coded client is not able to connect.
  I generated the client stubs also using wsdl2java, and call the functions... but I get this show stopping exception:
  org.apache.axis2.AxisFault: The service cannot be found for the endpoint reference (EPR) 127.0.0.1/services/PersonInfo
       at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
       at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
       at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
       at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
       at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
       at caps.integration.rhos.dk.schema.astraiaservice._2008._04._15.PersonInfoStub.getPersonInfo(PersonInfoStub.java:142)
       at com.astraia.axisclient.Client.getPersonInfo(Client.java:44)
       at com.astraia.axisclient.Client.main(Client.java:23)Here is the client code (excluding generated stub)
      public static void getPersonInfo(){
          try
               ConfigurationContext context = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
               PersonInfoStub stub =new PersonInfoStub(context);
              GetPersonInfoIn req =new GetPersonInfoIn();
              req.setCivilRegistrationIdentifier("CIV123");
              req.setHospitalCode("HOS123");
              req.setRequestId("123");
              req.setUserName("sean");
              GetPersonInfoOut res = stub.getPersonInfo(req);
              System.out.println(res.toString());
          } catch(Exception e){     e.printStackTrace();       System.out.println("\n\n\n");      }
      }If anyone has any idea of what this problem is about, I would love to hear about it!
  Kind Regards,
  svaens
  Edited by: svaens on Apr 28, 2008 2:11 AM

  Hi, I have an update!!!
  Another aspect of my problem (which I had forgotten to mention) was a mysterious difference in the original wsdl file, and the one that was generated by my SImpleHTTPServer when my browser contact it, and requested the wsdl. That is, when I use the url in my firefox browser
  [http://localhost:8888/axis2/services/PersonInfo?wsdl|http://localhost:8888/axis2/services/PersonInfo?wsdl]
  the wsdl that was returned to the browser was different in several ways to the original wsdl that I generated my server side java code from using the axis2-1.3 wsdl2java.sh script.
  I had noticed this, and decided to create a client using this new and strangely different wsdl, and see if this provides different results.
  It worked!!! After creating my stub java code with the new wsdl file, and the wsdl2java tool, and modifying my custom java code to match the different stub generated, the client was able to connect to the server, and return me a serialized object.
  Does this give you any clues as to what may be the real problem?
  Differences in the wsdl include:
  1. the targetNamespace attribute listed in the wsdl:definitions tag shows the namespace backwards!!
  2. The new generated wsdl file has two extra element types,
  GetPersonInfo, and GetPersonInfoResponse, + GetPersonInfoIn , GetPersonInfoOut
  while the original only game me GetPersonInfoOut & GetPersonInfoIn.
  The client code I had to change now looks like this:
  try
              ConfigurationContext context = ConfigurationContextFactory.
              createDefaultConfigurationContext();
          PersonInfoStub stub =  new PersonInfoStub(context);
              GetPersonInfo reqs =   new GetPersonInfo();
              GetPersonInfoIn req = new GetPersonInfoIn();
              reqs.setGetPersonInfoIn(req);
              req.setCivilRegistrationIdentifier("CIV123");
              req.setHospitalCode("HOS123");
              req.setRequestId("123");
              req.setUserName("sean");
              GetPersonInfoResponse res = stub.getPersonInfo(reqs);
              GetPersonInfoOut resultObj = res.get_return();
                          OMFactory fac = OMAbstractFactory.getOMFactory();
                          OMElement xml = resultObj.getOMElement(GetPersonInfoResponse.MY_QNAME, fac);
                          XMLStreamWriter writer = XMLOutputFactory.newInstance().createXMLStreamWriter(System.out);
                          writeOMElement(xml, writer);
          } catch(Exception e){
              e.printStackTrace();
              System.out.println("\n\n\n");
          }

• Wireless Clients can't connect post WLC Upgrade to version 7.4.100.0

  Upgraded WLC Flex 7500 controller to: 7.4.100.0
  Previous WLC Controller version: 7.2.111.3
  After the upgrade, all AP's reported back to the controller and looked like working. We have 50+ branch sites that connect back via Layer 2 to the main office. The main office SSID's were broadcasting and users could connect and get the proper IP's. Users that connected back through FlexConnect AP's couldn't obtain an IP address. The client would authenticate to the WLC and accept the SSID key, but would not get an IP address. I see with the 7.4.100.0 upgrade there are more options for DHCP for each interface, which we don't use interfaces for all sites as we did in the early days, now we make sure the flex connect tab has the vlan identifier in the tab and the traffic goes out the local firewall etc. Each remote site has a Linux based firewall and DHCP server.
  Looking for any insight with the 7.4.100.0 upgrade that may cause clients to not connect and obtain an IP address.
  We have since back dated our WLC Software to: 7.2.111.3 to allow things to work pre upgrade which everything worked fine.
  Any suggestions would be great, we had to upgrade version 7.4.100.0 to support our AP 1602.
  Thanks in advance.
  Matt

  Verify that you have an upgraded FUS image. Second, make sure your WLAN to vlan mapping on the FlexConnect AP's have the correct vlan mapping. I have seen these change to the default vlan mapping.
  Sent from Cisco Technical Support iPhone App

• Which ports does Webi Rich CLient use to connect to Universe etc..

  Hello together,
  we have the problem that we cannot run Rich Client from computers outside our network - so which ports does webi Rich Client use to connect to BO Serverl?.
  It will always say universe not found. Login to rich client and everything else is possible.
  It's not an authorisations problem, inside the network people can run the programs fine.
  Thank you

  Hi,
  i assume you have enable CMS port on the firewall, apart from this you need to enable IFRS and Connection Server port also.
  Regards,
  Ramu.
  Edited by: Gowda Timma Ramu on Oct 14, 2010 4:06 PM

• Mac10.x client can't connect to File Server on Windows2008 Failover Cluster

  Installation of a cluster was made according to the document "Failover Cluster Step-by-Step Guide: Configuring a Two-Node File Server Failover Cluster " http://technet.microsoft.com/en-us/library/cc731844.aspx.
  My Mac OS X 10.5.2 and Mac OS X 10.4.11 clients be able to connect to a non-cluster file server on a Windows 2008 (the File Services role) and also to old file cluster on a Windows 2003.
  Why Mac clients can't connect to Windows 2008 Failover Cluster?

  Are you running a firewall on the Macs. If yes does it work with out the firewall? If it works with out the firewall that means you will have to create a custom ipf rule which includes the both the physical an virtual IP addresses of your cluster.

• Some clients can't connect after 10.6.6 update - the see an error -43

  Hi There,
  I'm a designer so am not all that technical but have managed to setup and maintain OS X servers since 10.5.
  I've just updated the server to 10.6.6 and now some of our clients can't connect - they get the following error:
  "There was an error connecting to the server. Check the server name or IP address and try again.
  If you are unable to resolve the problem contact your system administrator."
  If I click OK to the error above on the client, I see another error which reads:
  "The operation cannot be completed because one or more required items cannot be found.
  (Error code -43)"
  I've restarted the server and the clients but no luck.
  The server is running the following services:
  - AFP
  - DNS
  - Firewall
  - NFS (although I don't remember setting this up - is this started with AFP?)
  - Open Directory
  I can ping the server and login via ARD so not sure why we see the first IP address error as mentioned above.
  Any help or suggestions would be most welcome.
  Regards
  Ben

  One question, is this when you hit "Connect to Server" or is this after you've established a connection and try to open/edit/save files?
  Here is some general advice:
  1) I assume your whole network is behind a router and that we are talking a small office environment (5-10 people) and not some large enterprise. If so the Firewall service can probably be disabled. As a matter of fact if your issue is that clients can't connect at all the firewall may actually be causing your problem.
  2) NFS can almost certainly be disabled. Its generally only used for two reasons 1) The netboot service needs it. 2) You support unix/bsd clients. I can see from your list of services that netboot isn't something you're doing and I doubt that as a designer you would have much use for unix/bsd systems.

• ActiveMQ-CPP client hangs when connect ActiveMQ-CPP client & OpenMQ broker

  I am trying to connect an ActiveMQ-CPP client with an Oracle OpenMQ broker via STOMP. Both manufacturers claim this will work, and I have been able to get an ActiveMQ-CPP client to connect to an ActiveMQ broker via STOMP, an OpenMQ client with an OpenMQ broker via STOMP, and an OpenMQ client with an ActiveMQ broker via STOMP without problems, but the only one missing is what I need- ActiveMQ-CPP client to connect with OpenMQ broker.
  I am using Fedora Linux and am using the provided "example" script for ActiveMQ-CPP, changing the brokerURL to be "tcp://localhost:61613?wireFormat=stomp" instead, where the OpenMQ STOMP bridge is located at localhost:61613.
  On the OpenMQ end, I receive the request to connect by the client and I start a connection:
  INFO: Create JMS connection for user admin with client id ID:csa-nexus-57767-1281630228652-1:0
  Aug 12, 2010 8:23:48 AM
  INFO: Started JMS connection 8950669406784000768[ID:csa-nexus-57767-1281630228652-1:0] for user admin
  This is where the ActiveMQ-CPP client hangs at "connection->start", or if this is removed, "connection->createSession".
  Any help would be appreciated. Thanks!

  I need to use ActiveMQ-CPP because I need a C++ messaging client which supports failover, which OpenMQ's C client does not. I thought it was unlikely that it wouldn't be able to connect as well. I can't find a good way to debug the ActiveMQ-CPP client enough to know whether the problem is on the ActiveMQ-CPP client's end or the OpenMQ broker's end.
  Here is the source code for installing ActiveMQ-CPP, that is how you install it: http://activemq.apache.org/cms/activemq-cpp-322-release.html.
  The example comes bundled with ActiveMQ-CPP installation, but I'll show you parts of the main.cpp file that does all of the work:
  class HelloWorldConsumer : public ExceptionListener,
  public MessageListener,
  public Runnable {
  private:
  this->brokerURI = brokerURI;
  virtual ~HelloWorldConsumer(){
  cleanup();
  void close() {
  this->cleanup();
  void waitUntilReady() {
  latch.await();
  virtual void run() {
  try {
  auto_ptr<ConnectionFactory> connectionFactory( ConnectionFactory::createCMSConnectionFactory( brokerURI ) );
  // Create a Connection
  connection = connectionFactory->createConnection("admin", "admin");
  connection->start();
  connection->setExceptionListener(this);
  // Create a Session
  if( this->sessionTransacted == true ) {
  session = connection->createSession( Session::SESSION_TRANSACTED );
  } else {
  session = connection->createSession( Session::AUTO_ACKNOWLEDGE );
  // Create the destination (Topic or Queue)
  if( useTopic ) {
  destination = session->createTopic( "TEST.FOO" );
  } else {
  destination = session->createQueue( "TEST.FOO" );
  // Create a MessageConsumer from the Session to the Topic or Queue
  consumer = session->createConsumer( destination );
  consumer->setMessageListener( this );
  std::cout.flush();
  std::cerr.flush();
  // Indicate we are ready for messages.
  latch.countDown();
  // Wait while asynchronous messages come in.
  doneLatch.await( waitMillis );
  } catch( CMSException& e ) {
  // Indicate we are ready for messages.
  latch.countDown();
  e.printStackTrace();
  // Called from the consumer since this class is a registered MessageListener.
  virtual void onMessage( const Message* message ){
  static int count = 0;
  try
  count++;
  const TextMessage* textMessage =
  dynamic_cast< const TextMessage* >( message );
  string text = "";
  if( textMessage != NULL ) {
  text = textMessage->getText();
  } else {
  text = "NOT A TEXTMESSAGE!";
  printf( "Message #%d Received: %s\n", count, text.c_str() );
  } catch (CMSException& e) {
  e.printStackTrace();
  // Commit all messages.
  if( this->sessionTransacted ) {
  session->commit();
  // No matter what, tag the count down latch until done.
  doneLatch.countDown();
  // If something bad happens you see it here as this class is also been
  // registered as an ExceptionListener with the connection.
  virtual void onException( const CMSException& ex AMQCPP_UNUSED) {
  printf("CMS Exception occurred. Shutting down client.\n");
  ex.printStackTrace();
  exit(1);
  int main(int argc AMQCPP_UNUSED, char* argv[] AMQCPP_UNUSED) {
  activemq::library::ActiveMQCPP::initializeLibrary();
  std::cout << "=====================================================\n";
  std::cout << "Starting the example:" << std::endl;
  std::cout << "-----------------------------------------------------\n";
  std::string brokerURI =
  "tcp://localhost:61613"
  "?wireFormat=stomp"
  // "&soConnectTimeout=5"
  // "&connection.sendTimeout=5"
  // "&connection.useAsyncSend=true"
  // "&transport.useInactivityMonitor=false"
  // "&connection.alwaysSyncSend=true"
  // "&connection.useAsyncSend=true"
  // "&transport.commandTracingEnabled=true"
  // "&transport.tcpTracingEnabled=true"
  // "&wireFormat.tightEncodingEnabled=true"
  //============================================================
  // set to true to use topics instead of queues
  // Note in the code above that this causes createTopic or
  // createQueue to be used in both consumer an producer.
  //============================================================
  bool useTopics = true;
  bool sessionTransacted = false;
  int numMessages = 2000;
  long long startTime = System::currentTimeMillis();
  HelloWorldProducer producer( brokerURI, numMessages, useTopics );
  HelloWorldConsumer consumer( brokerURI, numMessages, useTopics, sessionTransacted );
  // Start the consumer thread.
  Thread consumerThread( &consumer );
  consumerThread.start();
  // Wait for the consumer to indicate that its ready to go.
  consumer.waitUntilReady();
  // Start the producer thread.
  Thread producerThread( &producer );
  producerThread.start();
  // Wait for the threads to complete.
  producerThread.join();
  consumerThread.join();
  long long endTime = System::currentTimeMillis();
  double totalTime = (double)(endTime - startTime) / 1000.0;
  consumer.close();
  producer.close();
  std::cout << "Time to completion = " << totalTime << " seconds." << std::endl;
  std::cout << "-----------------------------------------------------\n";
  std::cout << "Finished with the example." << std::endl;
  std::cout << "=====================================================\n";
  activemq::library::ActiveMQCPP::shutdownLibrary();
  // END SNIPPET: demo The places where the code will hang upon connection are "connection->start() and connection->createSession()". Again, this happens with any ActiveMQ client, no matter the language, and via Stomp, both should be supported. But using an OpenMQ client with ActiveMQ broker works perfectly. And using this code with its own ActiveMQ broker still via Stomp works perfectly as well.
  Thanks!