AnyConnect 2.5 - Client-to-client connectivity: Intra-interface configuration
I'm working with AnyConnect for the first time (my prior experience is with IPSec client) and I have multiple remote users who connect to a 5520 via AnyConnect client; they need to print to each others' shared printers but currently have no connectivity between each other.
Can I configure the 'intra-interface' command to enable connectivity between remote clients, or is there more that needs to be done to enable this, presuming that it can be done at all?
Thanks,
Marc
Thanks for the reply, Harry;
I've never configured intra-interface communications before; could you go into more detail about setting up intra-interface connectivity? The examples I found refer to two hosts in different networks routing to each other via VPN over the ASA; what about remote VPN hosts that share the same VPN IP pool?
Similar Messages
-
Anyconnect client and clientless connections hang for two users
ASA 5525, v. 9.1(5)19
Anyconnect client 3.1.02026
I have two users who are unable to connect via the AC client or clientless through the web portal. Using the client, it will get stuck in a loop of "checking for updates". On the portal, the connection will proceed to the point of "Cisco Secure Desktop successfully validated... Success.. Reloading..please wait." Then it hangs there.
The issue occurs for the user regardless of which company laptop she logs onto. A help desk tech can use her laptop and successfully connect, but she cannot connect on her own laptop or on another laptop. (Same for the other user.) So the issue doesn't seem to be related to her laptop or the AC installation. (Help desk did reimage her machine early in the troubleshooting process before they realized that the issue seemed to follow the user.)
I've updated the hostscan file - no change in results. Client and clientless connections seem to be working fine for all other users. We're stumped. Suggestions, anyone? thanks!The LDAP should be server folks -- Active Directory. Chances are whoever manages the ASA's should have access to at least look in Active Directory to look that up. If they don't they need it.
I obviously don't know a lot about what devices you are using, but if you are using ISE, there should be some type of MNT device (Monitoring and Troubleshooting) -- which is collecting the logs and, hopefully, sending them to some type of syslog aggregate collection tool (splunk?).
Otherwise, there should be a device called a CAM (Clean Access Manager) that is collecting logs -- which may also be propagated to a syslog aggregate tool -- although with CAM's, you can pull the reports right out of them in a comma deliminated file (.csv) and go through them that way.
-- The thing that gets me is that it happens to two users no matter what computer they try to connect from, no matter what network they connect from, and other users can authenticate and gain network access on those same devices.
-- That is why it is rather perplexing. Pretty much saying it has to be something with:
- the IP pool they are getting an IP from
- their AD credentials
- their username
- something along those lines, if the information provided was fully accurate. -
ASA 5505 AnyConnect VPN Can RDP to clients but can't ping/icmp
Hello all,
I've been searching all day for a solution to this problem. I setup and SSL anyconnect VPN on my Cisco ASA 5505. It works well and connects with out a problem. However, I can't ping any internal clients, but I can RDP to them. It may be something simple and I would appreciate any help. Most of the time people end up posting their config so I will as well.
MafSecASA# show run
: Saved
ASA Version 8.2(1)
hostname MafSecASA
domain-name mafsec.com
names
interface Vlan1
nameif inside
security-level 100
ip address 10.4.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 7.3.3.2 255.255.255.248
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
ip address 172.20.1.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
speed 100
duplex full
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 3
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name mafsec.com
same-security-traffic permit intra-interface
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object tcp
protocol-object udp
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object udp
protocol-object tcp
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object ip
protocol-object icmp
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in remark allow remote users to internal users
access-list inside_access_in remark allow remote users to internal users
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
access-list outside_access_in extended permit icmp any any
access-list inside_split_tunnel standard permit 10.4.0.0 255.255.255.0
access-list inside_split_tunnel standard permit 10.5.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool SSLVPNPool2 10.5.0.1-10.5.0.254 mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 7.3.3.6 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.4.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.4.0.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd option 6 ip 8.8.8.8 8.8.4.4
dhcpd address 10.4.0.15-10.4.0.245 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd lease 86400 interface inside
dhcpd option 3 ip 10.4.0.1 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.3055-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy SSLVPN internal
group-policy SSLVPN attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol svc
group-lock none
split-tunnel-policy tunnelspecified
split-tunnel-network-list value inside_split_tunnel
vlan none
address-pools value SSLVPNPool2
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
username user1 password
username user1 attributes
service-type remote-access
username user2 password
tunnel-group SSLVPNGROUP type remote-access
tunnel-group SSLVPNGROUP general-attributes
address-pool SSLVPNPool2
default-group-policy SSLVPN
tunnel-group SSLVPNGROUP webvpn-attributes
group-alias SSLVPN enable
prompt hostname context
Cryptochecksum:3b16cbc9bbdfa20e6987857c1916a396
: end
Thank in advance for any help!Your config actually looks good (you have the ACL that would allow the echo-reply back since you don't have inspection turned on) - are you sure this isn't a windows firewall issue on the PCs? I'd try pinging a router or switch just to make sure.
--Jason -
Cisco ASA 5505 IPsec client VPN - Cannot connect to local hosts
I have created a Cisco IPsec vpn on my ASA using the VPN creation wizard. I am able to successfully connect to the vpn and seemingly join the network, but after I connect I am unable to connect to or ping any of the hosts on the network.
Checking the ASA I can see that a VPN session is open and my client reports that it is connected. If I attempt to ping the client from the ASA all packets are dropped.
I suspect it may be an issue with my firewall, but I am not really sure where to begin.
Here is a copy of my config, any pointers or tips are aprpeciated:
hostname mcfw
enable password Pt8fQ27yMZplioYq encrypted
passwd 2qaO2Gd6IBRkrRFm encrypted
names
interface Ethernet0/0
switchport access vlan 400
interface Ethernet0/1
switchport access vlan 400
interface Ethernet0/2
switchport access vlan 420
interface Ethernet0/3
switchport access vlan 420
interface Ethernet0/4
switchport access vlan 450
interface Ethernet0/5
switchport access vlan 450
interface Ethernet0/6
switchport access vlan 500
interface Ethernet0/7
switchport access vlan 500
interface Vlan400
nameif outside
security-level 0
ip address 58.13.254.10 255.255.255.248
interface Vlan420
nameif public
security-level 20
ip address 192.168.20.1 255.255.255.0
interface Vlan450
nameif dmz
security-level 50
ip address 192.168.10.1 255.255.255.0
interface Vlan500
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
ftp mode passive
clock timezone JST 9
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network DM_INLINE_NETWORK_1
network-object host 58.13.254.11
network-object host 58.13.254.13
object-group service ssh_2220 tcp
port-object eq 2220
object-group service ssh_2251 tcp
port-object eq 2251
object-group service ssh_2229 tcp
port-object eq 2229
object-group service ssh_2210 tcp
port-object eq 2210
object-group service DM_INLINE_TCP_1 tcp
group-object ssh_2210
group-object ssh_2220
object-group service zabbix tcp
port-object range 10050 10051
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
group-object zabbix
port-object eq 9000
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service http_8029 tcp
port-object eq 8029
object-group network DM_INLINE_NETWORK_2
network-object host 192.168.20.10
network-object host 192.168.20.30
network-object host 192.168.20.60
object-group service imaps_993 tcp
description Secure IMAP
port-object eq 993
object-group service public_wifi_group
description Service allowed on the Public Wifi Group. Allows Web and Email.
service-object tcp-udp eq domain
service-object tcp-udp eq www
service-object tcp eq https
service-object tcp-udp eq 993
service-object tcp eq imap4
service-object tcp eq 587
service-object tcp eq pop3
service-object tcp eq smtp
access-list outside_access_in remark http traffic from outside
access-list outside_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 eq www
access-list outside_access_in remark ssh from outside to web1
access-list outside_access_in extended permit tcp any host 58.13.254.11 object-group ssh_2251
access-list outside_access_in remark ssh from outside to penguin
access-list outside_access_in extended permit tcp any host 58.13.254.10 object-group ssh_2229
access-list outside_access_in remark http from outside to penguin
access-list outside_access_in extended permit tcp any host 58.13.254.10 object-group http_8029
access-list outside_access_in remark ssh from outside to hub & studio
access-list outside_access_in extended permit tcp any host 58.13.254.13 object-group DM_INLINE_TCP_1
access-list outside_access_in remark dns service to hub
access-list outside_access_in extended permit object-group TCPUDP any host 58.13.254.13 eq domain
access-list dmz_access_in extended permit ip 192.168.10.0 255.255.255.0 any
access-list dmz_access_in extended permit tcp any host 192.168.10.251 object-group DM_INLINE_TCP_2
access-list public_access_in remark Web access to DMZ websites (mediastudio/civicrm)
access-list public_access_in extended permit object-group TCPUDP any object-group DM_INLINE_NETWORK_2 eq www
access-list public_access_in remark General web access. (HTTP, DNS & ICMP and Email)
access-list public_access_in extended permit object-group public_wifi_group any any
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.0.80 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 192.168.0.64 255.255.255.192
pager lines 24
logging enable
logging timestamp
logging buffered notifications
logging trap notifications
logging asdm debugging
logging from-address [email protected]
logging recipient-address [email protected] level warnings
logging host dmz 192.168.10.90 format emblem
logging permit-hostdown
mtu outside 1500
mtu public 1500
mtu dmz 1500
mtu inside 1500
ip local pool OfficePool 192.168.0.80-192.168.0.90 mask 255.255.255.0
ip local pool VPN_Pool 192.168.0.91-192.168.0.99 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 60
global (outside) 1 interface
global (dmz) 2 interface
nat (public) 1 0.0.0.0 0.0.0.0
nat (dmz) 1 0.0.0.0 0.0.0.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 2229 192.168.0.29 2229 netmask 255.255.255.255
static (inside,outside) tcp interface 8029 192.168.0.29 www netmask 255.255.255.255
static (dmz,outside) 58.13.254.13 192.168.10.10 netmask 255.255.255.255 dns
static (dmz,outside) 58.13.254.11 192.168.10.30 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.10.0 192.168.0.0 netmask 255.255.255.0 dns
static (dmz,inside) 192.168.0.251 192.168.10.251 netmask 255.255.255.255
static (dmz,public) 192.168.20.30 192.168.10.30 netmask 255.255.255.255 dns
static (dmz,public) 192.168.20.10 192.168.10.10 netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
access-group public_access_in in interface public
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 58.13.254.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.0.0 255.255.255.0 inside
http 59.159.40.188 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt noproxyarp dmz
sysopt noproxyarp inside
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map public_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map public_map interface public
crypto isakmp enable outside
crypto isakmp enable public
crypto isakmp enable inside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 59.159.40.188 255.255.255.255 outside
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 20
console timeout 0
dhcpd dns 61.122.112.97 61.122.112.1
dhcpd auto_config outside
dhcpd address 192.168.20.200-192.168.20.254 public
dhcpd enable public
dhcpd address 192.168.10.190-192.168.10.195 dmz
dhcpd enable dmz
dhcpd address 192.168.0.200-192.168.0.254 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics host number-of-rate 2
no threat-detection statistics tcp-intercept
ntp server 130.54.208.201 source public
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 61.122.112.97 61.122.112.1
vpn-tunnel-protocol l2tp-ipsec
group-policy CiscoASA internal
group-policy CiscoASA attributes
dns-server value 61.122.112.97 61.122.112.1
vpn-tunnel-protocol IPSec
username mcit password 4alT9CZ8ayD8O8Xg encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPN_Pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group ocmc type remote-access
tunnel-group ocmc general-attributes
address-pool OfficePool
tunnel-group ocmc ipsec-attributes
pre-shared-key *****
tunnel-group CiscoASA type remote-access
tunnel-group CiscoASA general-attributes
address-pool VPN_Pool
default-group-policy CiscoASA
tunnel-group CiscoASA ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 192.168.10.10
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:222d6dcb583b5f5abc51a2251026f7f2
: end
asdm location 192.168.10.10 255.255.255.255 inside
asdm location 192.168.0.29 255.255.255.255 inside
asdm location 58.13.254.10 255.255.255.255 inside
no asdm history enableHi Conor,
What is your local net ? I see only one default route for outside network. Dont you need a route inside for your local network.
Regards,
Umair -
Client unable to connect to Oracle 10g on linux
I have installed Oracle 10g on an Intel box running RedHat AS 3.0. The database installation was succesful but I am unable to connect to it from the client on my laptop running Oracle 10g client and Winfdows XP Pro. The server ip is 192.168.1.10 and I can ping it from the client:
C:\>ping attila.n3kje.net
Pinging attila.n3kje.net [192.168.1.10] with 32 bytes of data:
Reply from 192.168.1.10: bytes=32 time<1ms TTL=64
Reply from 192.168.1.10: bytes=32 time<1ms TTL=64
Reply from 192.168.1.10: bytes=32 time<1ms TTL=64
Reply from 192.168.1.10: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.1.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Here is some info about the 2 environments:
[oracle@attila bin]$ uname -a
Linux attila.n3kje.net 2.4.21-9.0.1.ELsmp #1 SMP Mon Feb 9 22:26:51 EST 2004 i686 i686 i386 GNU/Linux
Server hosts file
======================================================
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 attila.n3kje.net attila localhost.localdomain localhost
hostname output
======================================================
[root@attila root]# hostname
attila.n3kje.net
ifconfig output
=======================================================
[root@attila root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:C0:9F:1D:0C:C8
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13772171 errors:0 dropped:0 overruns:0 frame:0
TX packets:13748842 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1269613311 (1210.7 Mb) TX bytes:4065314800 (3876.9 Mb)
Interrupt:16 Base address:0xecc0 Memory:fe100000-fe120000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5513840 errors:0 dropped:0 overruns:0 frame:0
TX packets:5513840 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:865454291 (825.3 Mb) TX bytes:865454291 (825.3 Mb)
Client TNSNAMES.ORA
======================================================
# tnsnames.ora Network Configuration File: C:\Oracle\product\10.1.0\Client_1\NETWORK\ADMIN\tnsnames.ora
# Generated by Oracle configuration tools.
ORACLE10G =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.10)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = DEV10G)
PRDSRR =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.10)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = dev10g)
Client SQLNET.ORA
======================================================
# sqlnet.ora Network Configuration File: C:\Oracle\product\10.1.0\Client_1\network\admin\sqlnet.ora
# Generated by Oracle configuration tools.
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (EZCONNECT, TNSNAMES)
Server TNSNAMES.ORA
======================================================
# tnsnames.ora Network Configuration File: /u01/app/oracle/product/10.1.0/db_1/n
etwork/admin/tnsnames.ora
# Generated by Oracle configuration tools.
DEV10G =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = attila.n3kje.net)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = DEV10G)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
Server LISTENER.ORA
======================================================
# listener.ora Network Configuration File: /u01/app/oracle/product/10.1.0/db_1/n
etwork/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /u01/app/oracle/product/10.1.0/db_1)
(PROGRAM = extproc)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = attila.n3kje.net)(PORT = 1521))
Results from the TNSPING command issued at the client
=================================================================
C:\>tnsping prdsrr
TNS Ping Utility for 32-bit Windows: Version 10.1.0.2.0 - Production on 02-APR-2
004 09:26:11
Copyright (c) 1997, 2003, Oracle. All rights reserved.
Used parameter files:
C:\Oracle\product\10.1.0\Client_1\network\admin\sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)
(HOST = 192.168.1.10)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = dev10g)))
TNS-12541: TNS:no listener
C:\>tnsping oracle10g
TNS Ping Utility for 32-bit Windows: Version 10.1.0.2.0 - Production on 02-APR-2
004 09:26:38
Copyright (c) 1997, 2003, Oracle. All rights reserved.
Used parameter files:
C:\Oracle\product\10.1.0\Client_1\network\admin\sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)
(HOST = 192.168.1.10)(PORT = 1521))) (CONNECT_DATA = (SERVER = DEDICATED) (SERVI
CE_NAME = DEV10G)))
TNS-12541: TNS:no listener
C:\>
Trying to connect to the database from the server
==================================================
[oracle@attila bin]$ echo $ORACLE_SID
DEV10G
[oracle@attila bin]$ ./sqlplus system
SQL*Plus: Release 10.1.0.2.0 - Production on Fri Apr 2 12:22:29 2004
Copyright (c) 1982, 2004, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - Pr
oduction
With the Partitioning, OLAP and Data Mining options
[oracle@attila bin]$ ./sqlplus system@dev10g
SQL*Plus: Release 10.1.0.2.0 - Production on Fri Apr 2 12:23:09 2004
Copyright (c) 1982, 2004, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-12154: TNS:could not resolve the connect identifier specified
tnsping issued at the server
======================================================
[oracle@attila bin]$ tnsping dev10g
TNS Ping Utility for Linux: Version 10.1.0.2.0 - Production on 02-APR-2004 12:3
:44
Copyright (c) 1997, 2003, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/10.1.0/db_1/network/admin/sqlnet.ora
TNS-03505: Failed to resolve name
What am I doing wrong?
Thanks
RenatoOk, I was able to succesfully connect to the database from the client. I made the following changes to the sqlnet.ora, tnsnames and listener. Here are the changes I made:
sqlnet.ora
==============================
# SQLNET.ORA Network Configuration File: /u01/app/oracle/product/9.2.0.1.0/netwo
rk/admin/sqlnet.ora
# Generated by Oracle configuration tools.
# NAMES.DIRECTORY_PATH= (EZCONNECT)
NAMES.DIRECTORY_PATH= (EXCONNECT, TNSNAMES, ONAMES, HOSTNAME)
listener.ora
==============================
# listener.ora Network Configuration File: /u01/app/oracle/product/10.1.0/db_1/n
etwork/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /u01/app/oracle/product/10.1.0/db_1)
(PROGRAM = extproc)
(SID_DESC =
(GLOBAL_DBNAME = DEV10G)
(ORACLE_HOME = /u01/app/oracle/product/10.1.0/db_1)
(SID_NAME = DEV10G)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.10)(PORT = 1521))
tnsnames.ora
===========================================
# tnsnames.ora Network Configuration File: /u01/app/oracle/product/10.1.0/db_1/n
etwork/admin/tnsnames.ora
# Generated by Oracle configuration tools.
DEV10G =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.10)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = DEV10G)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
Here is the new problem!
I start the dbconsole using the folowing command:
[oracle@attila bin]$ ./emctl start dbconsole
TZ set to US/Eastern
Oracle Enterprise Manager 10g Database Control Release 10.1.0.2.0
Copyright (c) 1996, 2004 Oracle Corporation. All rights reserved.
http://attila.n3kje.net:5500/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ........................
... started.
Logs are generated in directory /u01/app/oracle/product/10.1.0/db_1/attila.n3kje
.net_DEV10G/sysman/log
When I try and access it from the client I get the following error message:
"The database status is currently unavailable. It is possible that the database is in mount or nomount state. Click 'Startup' to obtain the current status and open the database. If the database cannot be opened, click 'Perform Recovery' to perform an appropriate recovery operation."
What am I doing wrong this time?
Your help would be greatly appreciated
Thanks
Renato -
SG300 ssh strange error: "A client is already connected"
Hi,
I've got a few SG300-52 switches running software version 1.3.0.62 which I configured for ssh management access with public key authentication via:
ip ssh server
ip ssh pubkey-auth auto-login
username mgmt password ... privilege 15
crypto key pubkey-chain ssh
user-key mgmt rsa
key-string ...
This is working fine if I connect interactively from my management system with:
ssh -i mgmt_id_rsa mgmt@switch
where mgmt_id_rsa is the name of a file containing the private key.
I get a privileged command prompt as intended, without being asked for a password.
However if I try to pass a command on the ssh command line like this:
ssh -i mgmt_id_rsa mgmt@switch show version
the command just hangs until I hit the Enter key a second time, and then emits the strange message:
Received disconnect from 10.11.12.13: 2:
A client is already connected
(Exactly like that, including the line break after the "2:" and the blank before "A client".)The same happens if I pipe the command I want to send into ssh like this:
echo show version | ssh -i mgmt_id_rsa mgmt@switch
except the error message appears immediately and I don't have to hit Enter a second time.
This is unfortunate as the objective of the whole exercise is to send commands to the switch from a script.
Can anyone shed some light on why this is so? What is that strange message "a client is already connected" trying to tell me? Is that another bug in Cisco's ssh implementation? Ideas for a workaround, anyone?
Thanks,
Tilman
PS: I already asked that question over in the "big business" support community before noticing there's a separate small business section, but got no answer there.
PPS: The real objective of the exercise is to make scripted backups and updates of the switches' configurations, ie. what would be naturally expressed as
scp -i mgmt_id_rsa mgmt@switch:running-config /var/backup/switch.config
and
scp -i mgmt_id_rsa /var/conf/switch.configchange mgmt@switch:running-config
except it doesn't work that way because the SG300's ssh server lacks scp support. Trying to replace that by
ssh -i mgmt_id_rsa mgmt@switch copy running-config scp://server/var/backup/switch.config
and
ssh -i mgmt_id_rsa mgmt@switch copy scp://server/var/conf/switch.configchange running-config
led me straight to the problem above. Just in case someone feels inclined to ask the standard forum question: "Why do you want that anyway?" :-)Hi all,
I've improved my expect script a bit to:
allow specifying the SSH user and keyfile on the command line
allow sending configuration mode commands
correctly handle very long commands (line wrap) and commands producing no output
Extended usage:
ciscosb-exec confuser@myswitch -i ~/.ssh/confuser_id_rsa -c "ip ssh-client username memyself"
ciscosb-exec confuser@myswitch -i ~/.ssh/confuser_id_rsa "copy scp://myserver/workdir/myswitch.configchange running-config"
The "new and improved" script:
#!/usr/bin/expect
# Script to run an IOS command on a Cisco Small Business Switch via ssh
# Prerequisites:
# - Cisco Sx300 series switch with software version 1.3 or later
# - public key authentication with auto-logon configured
# Usage:
# ciscosb-exec [] [@]
# Args:
# username on switch
# name or IP address of switch
# command string to execute
# Options:
# -c execute in configuration mode
# -i use SSH private key from
# -d activate debugging output
# Result:
# Switch response will appear on stdout
# debug switches
log_user 0
exp_internal 0
# configurable values
set sshcmd "/usr/bin/ssh -c aes192-cbc"
# end of configurable values
# below matches prompts such as "switch#", "switch>", "switch$"
set prompt "\[>#$\]\ *$"
# getopt implementation snarfed from http://www2.tcl.tk/17342
proc getopt {_argv name {_var ""} {default ""}} {
upvar 1 $_argv argv $_var var
set pos [lsearch -regexp $argv ^$name]
if {$pos>=0} {
set to $pos
if {$_var ne ""} {
set var [lindex $argv [incr to]]
set argv [lreplace $argv $pos $to]
return 1
} else {
if {[llength [info level 0]] == 5} {set var $default}
return 0
# parse command line
set configmode [getopt argv -c]
getopt argv -i idfile
if {[getopt argv -d]} {
log_user 1
exp_internal 1
if {[llength $argv] != 2} {
send_user "Usage: ciscosb-exec \[\] \[@\] \"\"\n"
send_user "Arguments:\n"
send_user " target username (default: current user)\n"
send_user " target host name or IP address\n"
send_user " command string to execute\n"
send_user "Options:\n"
send_user " -c execute in configuration mode\n"
send_user " -i use SSH private key from \n"
send_user " -d activate debugging output\n"
exit 1
set target [split [lindex $argv 0] @]
if {[llength $target] == 1} {
set device [lindex $target 0]
set userid "$env(USER)"
} elseif {[llength $target] == 2} {
set userid [lindex $target 0]
set device [lindex $target 1]
} else {
send_user "bad target: [lindex $argv 0]\n"
exit 1
set command [lindex $argv 1]
if {[info exists idfile]} {
set sshcmd "$sshcmd -i $idfile"
eval "spawn $sshcmd -l $userid $device"
match_max [expr 32 * 1024]
# handle initial noise
set timeout 20
while { 1 } {
expect {
# command prompt
-nocase -re "$prompt" {break}
# confirmations (unknown fingerprint etc.)
-nocase -re "\\(yes/no\\)" {send "yes\r"}
# username prompt
-nocase -re "name:|^login:" {send "$userid\r"}
# password prompt
-nocase -re "word:" {send_user "Public key authentication failed\n"; exit}
# errors
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connect failed: $expect_out(buffer)\n"; exit}
# disable terminal formatting junk
send "terminal datadump\r"
expect {
-nocase -re "$prompt" {}
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connection lost: $expect_out(buffer)\n"; exit}
send "terminal width 0\r"
expect {
-nocase -re "$prompt" {}
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connection lost: $expect_out(buffer)\n"; exit}
# switch to desired mode
if {$configmode} {
send "configure terminal\r"
expect {
-nocase -re "$prompt" {}
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connection lost: $expect_out(buffer)\n"; exit}
# actual command may take a long time
set timeout 180
send "$command\r"
expect {
# skip command echo
-re "$command\[\r\n\]*" {exp_continue}
# answer confirmation request
-nocase -re " \\(Y/N\\).*\? *$" {
# send confirmation, skip echo
send "Y"
expect -re "Y\[\r\n\]*"
exp_continue
# collect response, excluding next prompt
-re "\r\n" {send_user "$expect_out(buffer)"; exp_continue}
-nocase -re "$prompt" {send "exit\r"}
timeout {send_user "Timeout waiting for command prompt\n"; exit}
eof {send_user "Connection lost: $expect_out(buffer)\n"; exit}
set timeout 20
expect {
# second exit needed for logging out from configuration mode
-nocase -re "$prompt" {send "exit\r"}
timeout {send_user "Timeout waiting for hangup\n"; exit}
eof {exit}
expect {
-nocase -re "$prompt" {puts "Failed to log out, disconnecting"; exit}
timeout {puts "Timeout waiting for hangup"; exit}
eof {exit}
HTH
Tilman -
Window 2000 & RMI client losing network connection
We have a client/server java application communicating via RMI. The application runs perfect when the network is running smoothly. However, once the client loses connectivity with the network, the client runs in offline mode (as expected). However, once the client reestablishes a connection with the network, it is unable to communicate with the Server via RMI. It seems that Windows 2000 reassigns the client's IP address when it goes offline to localhost (127.0.0.1), when the client is reconnected the IP addresses is changed back to the network address, but it is unable to send data to the server running RMI. Any suggestions? We did not experience this problem with Windows NT.
you need to specify the IP address of the server object from the JVM in which it is exported, using -Djava.rmi.server.hostname argument to the JVM (since the client and server run on one machine, you probably want to set this to 127.0.0.1, I think)
-
Unable to access LAN behind RV042 from QUICK VPN Client once it connects
Hi,
Very recently, we had implemented Site-to-Site VPN tunnel between two Linksys RV042 4-port VPN routers. Everybody in our remote site is accessing and sharing the data through this tunnel and it is working fine.
Now, we have a plan to implement the same for our mobile clients also. For this, we had followed all the basic configuration procedures and user got connected to Quick VPN tunnel. Here is a problem we had observed. The mobile client user is connected to the tunnel, but unable to access the office LAN from the PC.
What's the problem in configuration? What i have to do?
Thanks
VC GundapaneniHi There.
have a look over here.
http://www.linksysinfo.org/index.php?threads/netbios-issues-with-vpn.16170/ -
Clients unable to connect and get DHCP - LAP1142N AP and 5508 WLC
Hi,
I have 19 locations, each with 1 or more LAP1142N AP's in FlexConnect mode, AP's are primed using CAPWAP to my 5508 WLC at the datacenter. The AP's join the WLC without issue every time. I have two WLAN's, one guest and one staff, the guest network is open and obtains DHCP from a WatchGuard XTM33 firewall at each of the remote locations. The staff side is WPA2/RADIUS and DHCP is assigned from the WLC. Each AP is assigned a static IP that is not in the DHCP scope. For example: DHCP scope on the branch firewall is 192.168.1.10-250 the AP will be assigned static IP of 192.168.1.1.. The AP's are connected to a HP procurve switch that has a untagged VLAN, the firewall is using the native vlan 1 and so is the AP.
I have been running this network for over a year and it has not had a single issue until the last two weeks. Nothing on the network has changed or has been upgraded.
Now for the issue: The issue I am seeing is that clients are no longer able to connect to the AP and do not get DHCP assigned to them. I am able to get it working, if I remove the static IP from the AP, the AP will reboot, join the controller, then begin working, users can connect and DHCP is assigned from the firewall as it should. However, If the AP then reboots, the AP will join back to the controller but no clients can connect nor do they get a DHCP address. So, I then reassign a static IP to the AP again and it reboots, connects to the controller and clients then can connect and get DHCP.
Attached is a running config from one of the APs
I've found several posts on this topic, in fact the patch of unassigning or reassigning static IP is one that I found. However, I wanted to post this to see if there is any further assistance I can get on this. I am also waiting on my SmartNet to start up and will be contacting Cisco support as well.
Thanks for any help.Alright, so I finally figured out the issue with this. I had a Mobility Anchor set on the guest WLAN and once I removed that all started working again.
What is Mobility Anchor?
A. Mobility Anchor, also referred to as Guest tunneling or Auto Anchor Mobility, is a feature where all the client traffic that belongs to a WLAN (Specially Guest WLAN) is tunneled to a predefined WLC or set of controllers that are configured as Anchor for that specific WLAN. This feature helps to restrict clients to a specific subnet and have more control over the user traffic. Refer to the Configuring Auto-Anchor Mobility section of Cisco Wireless LAN Controller Configuration Guide, Release 7.0 for more information on this feature. -
Axis2 and wsdl- Exception thrown when client attempting server connection
Hi all,
I am trying at the moment to develop an Axis2 server, and test it with a client.
The server is to provide a soap wsdl service, returning an object request.
I have generated server code and client code using axis2's wsdl2java tool, and all seemed fine.
The server I created using this generated code seems to work, so far as i can tell, as I can connect to it through a browser.
For example, using the browser I can connect to it via:
http://localhost:8888/services/PersonInfo
and it gives me a page showing 'Deployed Services', listing the operations available.
but the funny thing is here that it seems to auto-direct me to another url: http://localhost:8888/axis2/services/ which I have not specified.
For the server I am using the axis2 supplied SimpleHTTPServer. Here is the complete code excluding the actual generated code:
public class EmbeddedAxis2Server {
public static void main(String[] args) throws Exception {
ConfigurationContext context = ConfigurationContextFactory.
createConfigurationContextFromFileSystem(null, null);
AxisService service =
AxisService.createService(caps.integration.rhos.dk.schema.astraiaservice._2008._04._15.PersonInfo.class.getName(), context.getAxisConfiguration());
context.getAxisConfiguration().addService(service);
SimpleHTTPServer server = new SimpleHTTPServer(context, 8888);
server.start();
}I can even call the published operation using the browser, via the url:
http://localhost:8888/axis2/services/PersonInfo/getPersonInfo
and pass in arguments using the usual form variables syntax.
HOWEVER!! My problem is (and maybe it is related to the url redirect strangeness I mentioned above, or maybe not), that my coded client is not able to connect.
I generated the client stubs also using wsdl2java, and call the functions... but I get this show stopping exception:
org.apache.axis2.AxisFault: The service cannot be found for the endpoint reference (EPR) 127.0.0.1/services/PersonInfo
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at caps.integration.rhos.dk.schema.astraiaservice._2008._04._15.PersonInfoStub.getPersonInfo(PersonInfoStub.java:142)
at com.astraia.axisclient.Client.getPersonInfo(Client.java:44)
at com.astraia.axisclient.Client.main(Client.java:23)Here is the client code (excluding generated stub)
public static void getPersonInfo(){
try
ConfigurationContext context = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
PersonInfoStub stub =new PersonInfoStub(context);
GetPersonInfoIn req =new GetPersonInfoIn();
req.setCivilRegistrationIdentifier("CIV123");
req.setHospitalCode("HOS123");
req.setRequestId("123");
req.setUserName("sean");
GetPersonInfoOut res = stub.getPersonInfo(req);
System.out.println(res.toString());
} catch(Exception e){ e.printStackTrace(); System.out.println("\n\n\n"); }
}If anyone has any idea of what this problem is about, I would love to hear about it!
Kind Regards,
svaens
Edited by: svaens on Apr 28, 2008 2:11 AMHi, I have an update!!!
Another aspect of my problem (which I had forgotten to mention) was a mysterious difference in the original wsdl file, and the one that was generated by my SImpleHTTPServer when my browser contact it, and requested the wsdl. That is, when I use the url in my firefox browser
[http://localhost:8888/axis2/services/PersonInfo?wsdl|http://localhost:8888/axis2/services/PersonInfo?wsdl]
the wsdl that was returned to the browser was different in several ways to the original wsdl that I generated my server side java code from using the axis2-1.3 wsdl2java.sh script.
I had noticed this, and decided to create a client using this new and strangely different wsdl, and see if this provides different results.
It worked!!! After creating my stub java code with the new wsdl file, and the wsdl2java tool, and modifying my custom java code to match the different stub generated, the client was able to connect to the server, and return me a serialized object.
Does this give you any clues as to what may be the real problem?
Differences in the wsdl include:
1. the targetNamespace attribute listed in the wsdl:definitions tag shows the namespace backwards!!
2. The new generated wsdl file has two extra element types,
GetPersonInfo, and GetPersonInfoResponse, + GetPersonInfoIn , GetPersonInfoOut
while the original only game me GetPersonInfoOut & GetPersonInfoIn.
The client code I had to change now looks like this:
try
ConfigurationContext context = ConfigurationContextFactory.
createDefaultConfigurationContext();
PersonInfoStub stub = new PersonInfoStub(context);
GetPersonInfo reqs = new GetPersonInfo();
GetPersonInfoIn req = new GetPersonInfoIn();
reqs.setGetPersonInfoIn(req);
req.setCivilRegistrationIdentifier("CIV123");
req.setHospitalCode("HOS123");
req.setRequestId("123");
req.setUserName("sean");
GetPersonInfoResponse res = stub.getPersonInfo(reqs);
GetPersonInfoOut resultObj = res.get_return();
OMFactory fac = OMAbstractFactory.getOMFactory();
OMElement xml = resultObj.getOMElement(GetPersonInfoResponse.MY_QNAME, fac);
XMLStreamWriter writer = XMLOutputFactory.newInstance().createXMLStreamWriter(System.out);
writeOMElement(xml, writer);
} catch(Exception e){
e.printStackTrace();
System.out.println("\n\n\n");
} -
Wireless Clients can't connect post WLC Upgrade to version 7.4.100.0
Upgraded WLC Flex 7500 controller to: 7.4.100.0
Previous WLC Controller version: 7.2.111.3
After the upgrade, all AP's reported back to the controller and looked like working. We have 50+ branch sites that connect back via Layer 2 to the main office. The main office SSID's were broadcasting and users could connect and get the proper IP's. Users that connected back through FlexConnect AP's couldn't obtain an IP address. The client would authenticate to the WLC and accept the SSID key, but would not get an IP address. I see with the 7.4.100.0 upgrade there are more options for DHCP for each interface, which we don't use interfaces for all sites as we did in the early days, now we make sure the flex connect tab has the vlan identifier in the tab and the traffic goes out the local firewall etc. Each remote site has a Linux based firewall and DHCP server.
Looking for any insight with the 7.4.100.0 upgrade that may cause clients to not connect and obtain an IP address.
We have since back dated our WLC Software to: 7.2.111.3 to allow things to work pre upgrade which everything worked fine.
Any suggestions would be great, we had to upgrade version 7.4.100.0 to support our AP 1602.
Thanks in advance.
MattVerify that you have an upgraded FUS image. Second, make sure your WLAN to vlan mapping on the FlexConnect AP's have the correct vlan mapping. I have seen these change to the default vlan mapping.
Sent from Cisco Technical Support iPhone App -
Which ports does Webi Rich CLient use to connect to Universe etc..
Hello together,
we have the problem that we cannot run Rich Client from computers outside our network - so which ports does webi Rich Client use to connect to BO Serverl?.
It will always say universe not found. Login to rich client and everything else is possible.
It's not an authorisations problem, inside the network people can run the programs fine.
Thank youHi,
i assume you have enable CMS port on the firewall, apart from this you need to enable IFRS and Connection Server port also.
Regards,
Ramu.
Edited by: Gowda Timma Ramu on Oct 14, 2010 4:06 PM -
Mac10.x client can't connect to File Server on Windows2008 Failover Cluster
Installation of a cluster was made according to the document "Failover Cluster Step-by-Step Guide: Configuring a Two-Node File Server Failover Cluster " http://technet.microsoft.com/en-us/library/cc731844.aspx.
My Mac OS X 10.5.2 and Mac OS X 10.4.11 clients be able to connect to a non-cluster file server on a Windows 2008 (the File Services role) and also to old file cluster on a Windows 2003.
Why Mac clients can't connect to Windows 2008 Failover Cluster?Are you running a firewall on the Macs. If yes does it work with out the firewall? If it works with out the firewall that means you will have to create a custom ipf rule which includes the both the physical an virtual IP addresses of your cluster.
-
Some clients can't connect after 10.6.6 update - the see an error -43
Hi There,
I'm a designer so am not all that technical but have managed to setup and maintain OS X servers since 10.5.
I've just updated the server to 10.6.6 and now some of our clients can't connect - they get the following error:
"There was an error connecting to the server. Check the server name or IP address and try again.
If you are unable to resolve the problem contact your system administrator."
If I click OK to the error above on the client, I see another error which reads:
"The operation cannot be completed because one or more required items cannot be found.
(Error code -43)"
I've restarted the server and the clients but no luck.
The server is running the following services:
- AFP
- DNS
- Firewall
- NFS (although I don't remember setting this up - is this started with AFP?)
- Open Directory
I can ping the server and login via ARD so not sure why we see the first IP address error as mentioned above.
Any help or suggestions would be most welcome.
Regards
BenOne question, is this when you hit "Connect to Server" or is this after you've established a connection and try to open/edit/save files?
Here is some general advice:
1) I assume your whole network is behind a router and that we are talking a small office environment (5-10 people) and not some large enterprise. If so the Firewall service can probably be disabled. As a matter of fact if your issue is that clients can't connect at all the firewall may actually be causing your problem.
2) NFS can almost certainly be disabled. Its generally only used for two reasons 1) The netboot service needs it. 2) You support unix/bsd clients. I can see from your list of services that netboot isn't something you're doing and I doubt that as a designer you would have much use for unix/bsd systems. -
ActiveMQ-CPP client hangs when connect ActiveMQ-CPP client & OpenMQ broker
I am trying to connect an ActiveMQ-CPP client with an Oracle OpenMQ broker via STOMP. Both manufacturers claim this will work, and I have been able to get an ActiveMQ-CPP client to connect to an ActiveMQ broker via STOMP, an OpenMQ client with an OpenMQ broker via STOMP, and an OpenMQ client with an ActiveMQ broker via STOMP without problems, but the only one missing is what I need- ActiveMQ-CPP client to connect with OpenMQ broker.
I am using Fedora Linux and am using the provided "example" script for ActiveMQ-CPP, changing the brokerURL to be "tcp://localhost:61613?wireFormat=stomp" instead, where the OpenMQ STOMP bridge is located at localhost:61613.
On the OpenMQ end, I receive the request to connect by the client and I start a connection:
INFO: Create JMS connection for user admin with client id ID:csa-nexus-57767-1281630228652-1:0
Aug 12, 2010 8:23:48 AM
INFO: Started JMS connection 8950669406784000768[ID:csa-nexus-57767-1281630228652-1:0] for user admin
This is where the ActiveMQ-CPP client hangs at "connection->start", or if this is removed, "connection->createSession".
Any help would be appreciated. Thanks!I need to use ActiveMQ-CPP because I need a C++ messaging client which supports failover, which OpenMQ's C client does not. I thought it was unlikely that it wouldn't be able to connect as well. I can't find a good way to debug the ActiveMQ-CPP client enough to know whether the problem is on the ActiveMQ-CPP client's end or the OpenMQ broker's end.
Here is the source code for installing ActiveMQ-CPP, that is how you install it: http://activemq.apache.org/cms/activemq-cpp-322-release.html.
The example comes bundled with ActiveMQ-CPP installation, but I'll show you parts of the main.cpp file that does all of the work:
class HelloWorldConsumer : public ExceptionListener,
public MessageListener,
public Runnable {
private:
this->brokerURI = brokerURI;
virtual ~HelloWorldConsumer(){
cleanup();
void close() {
this->cleanup();
void waitUntilReady() {
latch.await();
virtual void run() {
try {
auto_ptr<ConnectionFactory> connectionFactory( ConnectionFactory::createCMSConnectionFactory( brokerURI ) );
// Create a Connection
connection = connectionFactory->createConnection("admin", "admin");
connection->start();
connection->setExceptionListener(this);
// Create a Session
if( this->sessionTransacted == true ) {
session = connection->createSession( Session::SESSION_TRANSACTED );
} else {
session = connection->createSession( Session::AUTO_ACKNOWLEDGE );
// Create the destination (Topic or Queue)
if( useTopic ) {
destination = session->createTopic( "TEST.FOO" );
} else {
destination = session->createQueue( "TEST.FOO" );
// Create a MessageConsumer from the Session to the Topic or Queue
consumer = session->createConsumer( destination );
consumer->setMessageListener( this );
std::cout.flush();
std::cerr.flush();
// Indicate we are ready for messages.
latch.countDown();
// Wait while asynchronous messages come in.
doneLatch.await( waitMillis );
} catch( CMSException& e ) {
// Indicate we are ready for messages.
latch.countDown();
e.printStackTrace();
// Called from the consumer since this class is a registered MessageListener.
virtual void onMessage( const Message* message ){
static int count = 0;
try
count++;
const TextMessage* textMessage =
dynamic_cast< const TextMessage* >( message );
string text = "";
if( textMessage != NULL ) {
text = textMessage->getText();
} else {
text = "NOT A TEXTMESSAGE!";
printf( "Message #%d Received: %s\n", count, text.c_str() );
} catch (CMSException& e) {
e.printStackTrace();
// Commit all messages.
if( this->sessionTransacted ) {
session->commit();
// No matter what, tag the count down latch until done.
doneLatch.countDown();
// If something bad happens you see it here as this class is also been
// registered as an ExceptionListener with the connection.
virtual void onException( const CMSException& ex AMQCPP_UNUSED) {
printf("CMS Exception occurred. Shutting down client.\n");
ex.printStackTrace();
exit(1);
int main(int argc AMQCPP_UNUSED, char* argv[] AMQCPP_UNUSED) {
activemq::library::ActiveMQCPP::initializeLibrary();
std::cout << "=====================================================\n";
std::cout << "Starting the example:" << std::endl;
std::cout << "-----------------------------------------------------\n";
std::string brokerURI =
"tcp://localhost:61613"
"?wireFormat=stomp"
// "&soConnectTimeout=5"
// "&connection.sendTimeout=5"
// "&connection.useAsyncSend=true"
// "&transport.useInactivityMonitor=false"
// "&connection.alwaysSyncSend=true"
// "&connection.useAsyncSend=true"
// "&transport.commandTracingEnabled=true"
// "&transport.tcpTracingEnabled=true"
// "&wireFormat.tightEncodingEnabled=true"
//============================================================
// set to true to use topics instead of queues
// Note in the code above that this causes createTopic or
// createQueue to be used in both consumer an producer.
//============================================================
bool useTopics = true;
bool sessionTransacted = false;
int numMessages = 2000;
long long startTime = System::currentTimeMillis();
HelloWorldProducer producer( brokerURI, numMessages, useTopics );
HelloWorldConsumer consumer( brokerURI, numMessages, useTopics, sessionTransacted );
// Start the consumer thread.
Thread consumerThread( &consumer );
consumerThread.start();
// Wait for the consumer to indicate that its ready to go.
consumer.waitUntilReady();
// Start the producer thread.
Thread producerThread( &producer );
producerThread.start();
// Wait for the threads to complete.
producerThread.join();
consumerThread.join();
long long endTime = System::currentTimeMillis();
double totalTime = (double)(endTime - startTime) / 1000.0;
consumer.close();
producer.close();
std::cout << "Time to completion = " << totalTime << " seconds." << std::endl;
std::cout << "-----------------------------------------------------\n";
std::cout << "Finished with the example." << std::endl;
std::cout << "=====================================================\n";
activemq::library::ActiveMQCPP::shutdownLibrary();
// END SNIPPET: demo The places where the code will hang upon connection are "connection->start() and connection->createSession()". Again, this happens with any ActiveMQ client, no matter the language, and via Stomp, both should be supported. But using an OpenMQ client with ActiveMQ broker works perfectly. And using this code with its own ActiveMQ broker still via Stomp works perfectly as well.
Thanks!
Maybe you are looking for
-
I can not work out how to set Firefox to automatically load the latest version of a web site. I have web sites in my bookmarks and it does not look on the internet for the latest version and furthermore using F5 does not work . I need to be able to f
-
Hi I installed forms builder 10 Forms [32 Bit] Version 10.1.2.0.2 (Production) Oracle Toolkit Version 10.1.2.0.2 (Production) PL/SQL Version 10.1.0.4.2 (Production) Oracle Procedure Builder V10.1.2.0.2 - Production PL/SQL Editor (c) WinMain Software
-
Slideshow and Music integration
I have edited together a group of songs (with fades, normalizing, etc.) and it is approx. 36 minutes long. It is for a wedding presentation. I have made a slideshow that I want to add to iDVD and I cannot seem to get the slideshow to loop (with a dur
-
Painfully slow broadband in the evenings
Hi could someone please let me know why it would appear that my unlimited broadband connection is being throttled by BT in the evenings? I was told that I would have up to a 6mbps connection when I moved house and took out a new contract with BT a co
-
Hello, i have a 5508 HA cluster with different software. Primary AIR-CT5500-K9-7-6-110-0.aes Secondary AIR-CT5500-LDPE-K9-7-6-110-0.aes and a 6.x FUS is it possible to change the secondary to AIR-CT5500-K9-7-6-110-0.aes and FUS 1.9.0.0 ?