AnyConnect machine certificate validation error
Hi,
I'm trying to get certificate authentication to work for AnyConnect (3.1.02040) using already existing certificates in the machine store (Windows 7 clients).
I get the choose certificate prompt, but when I choose the correct certificate I just get a "Certificate validation failure" error.
So I tried and install a certificate from my lab CA - also in the machine store. And that worked as a charm.
When comparing the logs from DART - I see the following error message from the non-working certificate:
Date : 07/25/2014
Time : 11:39:02
Type : Error
Source : acvpnui
Description : Function: CTransportWinHttp::SendRequest
File: .\CTransportWinHttp.cpp
Line: 1146
Invoked Function: HttpSendRequest
Return Code: 12186 (0x00002F9A)
Description: WINDOWS_ERROR_CODE
After googling I found someon explaining the error code as:
"This is a WinInet/WinHttp error 12xxx will always be one of these.
what it means is you don't have the rights to access the private key for this Client certificate."
Is this correct, and in that case how do I fix the access rights for the certificate?
Thanks,
Charlie
I've started to look through the certificates again now and stumbled across the "Manage private keys.."-option.
The working certificate had a SID with read rights besides the system and administrator rights. So I tried just adding read rights for the domain users group to the old certificate, and it just started working!
Which is weird since it didn't work regardless of running AnyConnect as admin or not. Well well, at least it works. Thanks for taking the time Karthik!
Similar Messages
-
Windows built-in IKEv2 clients are not finding a valid machine certificate
Hi All,
I'm trying to connect windows built-in clients to a Cisco IOS IKEv2 headend. I want to use EAP to authenticate the clients with there AD credentials. For EAP, I need to use certificates so I will use self-signed certificates as I don't have a CA.
Once I have ceated a certificate for the headend, i import this on the clients Trusted Root Certification Authorities. But when I try to connect the client to the headend, I get an error message from the client "Error 13806: IKE failed to find valid machine certificate". It seems that Microsoft is having issue with the certificate.
Does anyone have an idea what I'm doing wrong?
Headend config:
aaa new-model
aaa group server radius AAA-AuthC-Group-RA
server-private v.v.v.v auth-port 1812 acct-port 1813 key secret
aaa authentication login AAA-AuthC-List-RA group AAA-AuthC-Group-RA
aaa authorization network AAA-AuthZ-List-RA local
crypto pki trustpoint PKI-TP-SS-RA
enrollment selfsigned
serial-number none
fqdn headend
ip-address none
subject-name cn=x.x.x.x
revocation-check none
rsakeypair PKI-TP-SS-RA-Key 2048
eku request server-auth
ip local pool IKEV2-POOL-RA 10.0.0.10 10.0.0.250
crypto ikev2 authorization policy IKEV2-AUTHORIZATION-POLICY-RA
pool IKEV2-POOL-RA
dns 10.0.0.1
netmask 255.255.255.0
crypto ikev2 proposal IKEV2-PROPOSAL-RA
encryption aes-cbc-256
integrity sha1
group 2
crypto ikev2 policy IKEV2-POLICY-RA
proposal IKEV2-PROPOSAL-RA
crypto ikev2 profile IKEV2-PROFILE-RA
match identity remote key-id mydomain.com
identity local dn
authentication remote eap query-identity
authentication local rsa-sig
pki trustpoint PKI-TP-SS-RA
dpd 60 2 on-demand
aaa authentication eap AAA-AuthC-List-RA
aaa authorization group eap list AAA-AuthZ-List-RA
virtual-template 10
no crypto ikev2 http-url cert
crypto ipsec profile IPSEC-PROFILE-AES-256
set transform-set IPSEC-AES-256
crypto ipsec profile IPSEC-PROFILE-AES256-SHA1
set transform-set IPSEC-AES256-SHA1
set ikev2-profile IKEV2-PROFILE-RA
interface Loopback10
ip address 10.0.0.1 255.255.255.0
interface Virtual-Template10 type tunnel
description FlexVPN-RA tunnel
bandwidth 20000
ip unnumbered Loopback10
ip mtu 1400
ip flow ingress
ip tcp adjust-mss 1360
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC-PROFILE-AES256-SHA1Please tell me where my Mail is getting Elementary School-isized. anyone?
Mail's Preferences do not affect what is seen at the other end, they are only for local display. To have the recipient see your desired font, you must set it individually for each message in the New Message pane (also you should make it different than what is set in the Preferences, because of a bug). Or you can use custom Stationery.
A workaround used by some is to create a signature in your desired font and begin your message in the first line of the sig.
If these options are not satisfactory, best to switch to Entourage or Thunderbird. -
Anyconnect web install getting certificate validation failure.
I have an ASA (8.4.5) configured with a connection profile that does AAA and Certificate authentication. Once I have the anyconnect 3.1 on a win Xp system, it works perfectly. When I do a web install, it goes through the normal download, log-in, re-download then says "Certificate Authentication Failure" If I change the profile to AAA only, it installs fine. I even get the error if I launch from the web after I have the client on the PC.
Any ideas why this is not working?
Sent from Cisco Technical Support iPad AppThe client PC has a machine certificate. The ASA has a copy of the certificate from the CA that signed the machine cert. I am logging in with a user account not an admin account. Note that if anyconnect is installed on the client PC, I can use it to connect just fine. It's only the web install that fails. Below is the output of the debug crypto ca 255:
asa-vpn-1/act# CERT_API: Authenticate session 0x30c0bcbf, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x30c0bcbf
CERT_API: Async locked for session 0x30c0bcbf
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
89 c7 b4 60 20 08 0c a9 6f a0 49 67 6f f5 4e 51 | ...` ...o.Igo.NQ
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 607A635F4286368E4E977C7BFE1C17E6, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x30c0bcbf asynchronously
CERT_API: Async unlocked for session 0x30c0bcbf
CERT_API: process msg cmd=1, session=0x30c0bcbf
CERT_API: Async locked for session 0x30c0bcbf
CERT_API: Async unlocked for session 0x30c0bcbf
CERT API thread sleeps!
CERT_API: Authenticate session 0x310022b5, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x310022b5
CERT_API: Async locked for session 0x310022b5
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
89 c7 b4 60 20 08 0c a9 6f a0 49 67 6f f5 4e 51 | ...` ...o.Igo.NQ
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 607A635F4286368E4E977C7BFE1C17E6, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x310022b5 asynchronously
CERT_API: Async unlocked for session 0x310022b5
CERT_API: process msg cmd=1, session=0x310022b5
CERT_API: Async locked for session 0x310022b5
CERT_API: Async unlocked for session 0x310022b5
CERT API thread sleeps!
CERT_API: Authenticate session 0x314d3205, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x314d3205
CERT_API: Async locked for session 0x314d3205
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
ea dd 93 e8 d0 84 2a b6 8c 5f 9c ba e3 db 3e 9f | ......*.._....>.
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 4398D2801DA922A24EDB059F3459001A, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x314d3205 asynchronously
CERT_API: Async unlocked for session 0x314d3205
CERT_API: process msg cmd=1, session=0x314d3205
CERT_API: Async locked for session 0x314d3205
CERT_API: Async unlocked for session 0x314d3205
CERT API thread sleeps!
CERT_API: Authenticate session 0x31ad6583, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x31ad6583
CERT_API: Async locked for session 0x31ad6583
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
ea dd 93 e8 d0 84 2a b6 8c 5f 9c ba e3 db 3e 9f | ......*.._....>.
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 4398D2801DA922A24EDB059F3459001A, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x31ad6583 asynchronously
CERT_API: Async unlocked for session 0x31ad6583
CERT_API: process msg cmd=1, session=0x31ad6583
CERT_API: Async locked for session 0x31ad6583
CERT_API: Async unlocked for session 0x31ad6583
CERT API thread sleeps!
CERT_API: Authenticate session 0x31c167bb, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x31c167bb
CERT_API: Async locked for session 0x31c167bb
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
ea dd 93 e8 d0 84 2a b6 8c 5f 9c ba e3 db 3e 9f | ......*.._....>.
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 4398D2801DA922A24EDB059F3459001A, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x31c167bb asynchronously
CERT_API: Async unlocked for session 0x31c167bb
CERT_API: process msg cmd=1, session=0x31c167bb
CERT_API: Async locked for session 0x31c167bb
CERT_API: Async unlocked for session 0x31c167bb
CERT API thread sleeps!
CERT_API: Authenticate session 0x3209b801, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x3209b801
CERT_API: Async locked for session 0x3209b801
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
cd 3d c6 c8 d4 8d ba 85 75 9b 28 9e 7a e0 97 0f | .=......u.(.z...
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 0B0D7E1CE0870FBE483AFFF974C43AD7, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x3209b801 asynchronously
CERT_API: Async unlocked for session 0x3209b801
CERT_API: process msg cmd=1, session=0x3209b801
CERT_API: Async locked for session 0x3209b801
CERT_API: Async unlocked for session 0x3209b801
CERT API thread sleeps!
CERT_API: Authenticate session 0x3266eb61, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x3266eb61
CERT_API: Async locked for session 0x3266eb61
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
cd 3d c6 c8 d4 8d ba 85 75 9b 28 9e 7a e0 97 0f | .=......u.(.z...
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 0B0D7E1CE0870FBE483AFFF974C43AD7, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x3266eb61 asynchronously
CERT_API: Async unlocked for session 0x3266eb61
CERT_API: process msg cmd=1, session=0x3266eb61
CERT_API: Async locked for session 0x3266eb61
CERT_API: Async unlocked for session 0x3266eb61
CERT API thread sleeps!
CERT_API: Authenticate session 0x328359af, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x328359af
CERT_API: Async locked for session 0x328359af
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
cd 3d c6 c8 d4 8d ba 85 75 9b 28 9e 7a e0 97 0f | .=......u.(.z...
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 0B0D7E1CE0870FBE483AFFF974C43AD7, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x328359af asynchronously
CERT_API: Async unlocked for session 0x328359af
CERT_API: process msg cmd=1, session=0x328359af
CERT_API: Async locked for session 0x328359af
CERT_API: Async unlocked for session 0x328359af
CERT API thread sleeps!
CERT_API: Authenticate session 0x32c7c677, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x32c7c677
CERT_API: Async locked for session 0x32c7c677
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
cd 3d c6 c8 d4 8d ba 85 75 9b 28 9e 7a e0 97 0f | .=......u.(.z...
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 0B0D7E1CE0870FBE483AFFF974C43AD7, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x32c7c677 asynchronously
CERT_API: Async unlocked for session 0x32c7c677
CERT_API: process msg cmd=1, session=0x32c7c677
CERT_API: Async locked for session 0x32c7c677
CERT_API: Async unlocked for session 0x32c7c677
CERT API thread sleeps!
CERT_API: Authenticate session 0x3305560d, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x3305560d
CERT_API: Async locked for session 0x3305560d
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
cd 3d c6 c8 d4 8d ba 85 75 9b 28 9e 7a e0 97 0f | .=......u.(.z...
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 0B0D7E1CE0870FBE483AFFF974C43AD7, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x3305560d asynchronously
CERT_API: Async unlocked for session 0x3305560d
CERT_API: process msg cmd=1, session=0x3305560d
CERT_API: Async locked for session 0x3305560d
CERT_API: Async unlocked for session 0x3305560d
CERT API thread sleeps!
CERT_API: Authenticate session 0x3378de7d, non-blocking cb=0x08eb6950
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=0x3378de7d
CERT_API: Async locked for session 0x3378de7d
CRYPTO_PKI: Checking to see if an identical cert is
already in the database...
CRYPTO_PKI: looking for cert in handle=0x722e0784, digest=
cd 3d c6 c8 d4 8d ba 85 75 9b 28 9e 7a e0 97 0f | .=......u.(.z...
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: crypto_pki_get_cert_record_by_subject()
CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 0B0D7E1CE0870FBE483AFFF974C43AD7, subject name: cn=CiscoSecureDesktop, issuer name: cn=CiscoSecureDesktop .
CERT_API: calling user callback=0x08eb6950 with status=1
CERT_API: Close session 0x3378de7d asynchronously
CERT_API: Async unlocked for session 0x3378de7d
CERT_API: process msg cmd=1, session=0x3378de7d
CERT_API: Async locked for session 0x3378de7d
CERT_API: Async unlocked for session 0x3378de7d
CERT API thread sleeps! -
Getting error while exporting certificate to OIF Certificate Validation
Hi All,
Currently I am working with Oracle identity federation 10.1.4.0.1. I am facing one problem while exporting certificate to Certificate Validation, the error I am getting after importing certificate at console is:
ERROR - oracle.security.crypto.asn1.ASN1FormatException: Got tag 0 instead of 16.
Write failed: Broken pipe
But It doesn't displaying any error in webapge after exporting certificate.
Any help in this regard really appreciated.
Thanks,
Iceman
Edited by:OIF version includedIf the certificate is in text PEM format, please ensure that the actual certificate content is enclosed within:
-----BEGIN CERTIFICATE-----
MII................
-----END CERTIFICATE-----
Thats all. It should also not have the certificate in text. Just the content within those lines.
Hope this helps. -
Dear all,
I have two questions on my SP2013 standard (on premise). They are very usual and I can find lots of work around and resolutino on web. But I cannot fix my environment and I am looking for more detail explaination if possible.
At the beginning, I found there are lots of Critical error log in my SP App server every 1-2 minutes:
A certificate validation operation took X milliseconds and has exceeded the execution time threshold. If this continues to occur, it may represent a configuration issue.
My system doesn't have Internet access. After some research it happened to be SharePoint certificate CRL checking issue:
http://support.microsoft.com/kb/2625048/en-us
I applied BOTH resolustion but the error still throw.
After more research, it seems Sharepoint will keep looking for
http://crl.microsoft.com. Some discussion suggested to add a HOSTS line "127.0.0.1 crl.microsoft.com". I have added the line and now I see a new warning log:
Alternate access mappings have not been configured. Users or services are accessing the site
http://domain.com with the URL
http://127.0.0.1. This may cause incorrect links to be stored or returned to users. If this is expected, add the URL http://127.0.0.1 as an AAM response URL.
I guess Sharepoint is trying to contact http://crl.microsoft.com to retrieve the crl. How can I resolve both error? Why Microsoft have this design knowing that many Sharepoint site are sit within Intranet?
Thanks a lot.
MarkAnything in the CAPI log? It shouldn't be going to the internet anymore.
Do you have loopback disabled?
http://blogs.technet.com/b/sharepoint_foxhole/archive/2010/06/21/disableloopbackcheck-lets-do-it-the-right-way.aspx -
Time Machine slow backup with Date Validation error?
Console is spitting out this garbage and I don't know what it means
Dec 24 01:17:46 Macbook-Pro mdworker[7772]: Date validation error: EXDATE = '20080626T150000,20080807T150000,20080814T150000'
Dec 24 01:17:48 Macbook-Pro mdworker[7772]: Date validation error: EXDATE = '20071022T150000,20081027T150000'
Dec 24 01:17:48 Macbook-Pro mdworker[7772]: Date validation error: EXDATE = '20080527T130000,20081028T130000'
It creeps along and eventually finishes but if I have a lot of data to backup it takes hours for a few hundred MB. Any ideas?
I've tried starting from scratch and have repaired permissions on my MBP with no luck.
Message was edited by: jgoettelmdworker relates to Spotlight. Check this thread to see if it helps:
http://discussions.apple.com/thread.jspa?messageID=8372393� -
SSL VPN with machine certificate authentication
Hi All,
I've configured a VPN profile for an Anyconnect VPN connection on my test environment. I've enabled AAA (RSA) and certificate authentication, configured the RSA servers correctly and uploaded the root and issuing certificates. I managed to get this working with machine certificates using a Microsoft PKI. With crypto debugging enabled I can see the CERT API thread wake up and correctly authenticate the certificate. So far so good....
Now I configured the same on our production environment and can't get it to work!! The anyconnect client shows an error: "certificate validation failure"
The strange thing is that the crypto debugging doesn't give me one single line of output. It looks like the certificate doesn't even reach the ASA. My question is, what is stopping the "CERT API thread" I mentioned before from waking up and validating the certificate?? Does someone have an explenation for that?
btw. We have other VPN configurations on the same production/live ASA's with certificate authentication the are working and show up in the debugging.
Thanks in advance for your help
Hardware is ASA5540, software version 8.2(5).
Some pieces of the configuration below:
group-policy VPN4TEST-Policy internal
group-policy VPN4TEST-Policy attributes
wins-server value xx.xx.xx.xx
dns-server value xx.xx.xx.xx
vpn-simultaneous-logins 1
vpn-idle-timeout 60
vpn-filter value VPN4TEST_allow_access
vpn-tunnel-protocol IPSec svc webvpn
group-lock none
ipsec-udp enable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
default-domain value cs.ad.klmcorp.net
vlan 44
nac-settings none
address-pools value VPN4TEST-xxx
webvpn
svc modules value vpngina
svc profiles value KLM-SSL-VPN-VPN4TEST
tunnel-group VPN4TEST-VPN type remote-access
tunnel-group VPN4TEST-VPN general-attributes
address-pool VPN4TEST-xxx
authentication-server-group RSA-7-Authent
default-group-policy VPN4TEST-Policy
tunnel-group VPN4TEST-VPN webvpn-attributes
authentication aaa certificate
group-alias VPN4TEST-ANYCONNECT enableForgot to mention, I'm using the same laptop in both situations (test and production). Tested with anyconnect versions 3.1.02.040 and 3.0.0.629.
-
Validation Errors with new Install of W7 x64 Ent Debug Checker On New Equipment
I am receiving multiple Errors. I am trying to use the Windows 7 x64 Enterprise which happens to be the Debug Checker version OS as the host machine. I have only built the machine, and tried to load the Drivers.
I say this due to the starting issue that upon the loading of the entire driver set, (for the MB, Seagate Harddrive, and Vid Card), I would get the BSOD. I identified that the Bluetooth driver was the issue. I then did not load the Bluetooth
drivers for the MB on the 5<sup>th</sup> or so install of the 7 Ent os. (Tried Server 2k8 r2. Which is not compatible with the MB Drivers.)
I have not received a single Update either. The Auto update feature claims that I am up to date. I do not believe this due to the fact that any fresh Install of any OS has about several decades of updates and reboots to go through.
Upon trying the suggestions on the forum about turning off the IE Addons, the errors remain. Also the results of the sfc /scannow are copied below.
My Questions
I am seeking assistance on solving the Errors that have refused to leave me alone , to put it humorously and am asking for your insight and wisdom. Will you take a look??
Do I need to go to Win 7 Ent or Ult x64 that is not a Debug Checker version.
Are there other Microsoft download Registery file checkers besides the MGA Diag tool that are freeware that I can use to check, for corrupted registry files.
Or do I just need to take it to the stores (Fry’s and Microcenter) that recommended the equipment and have them just reload the software and allow them the headache of solving the error issue, by paying them to install the drivers and have ALL of the
drivers work. (including the blue tooth)
The Goal is to turn it into a Active Directory Server using Virtual Box with Server 2k8 R2 running in the virtual box environment.
Errors and Results.
There are also a number of logs that show various Crit, Error, and Warning logs. I will include those if need be.
This is the majority of the error messages, and I have missed the opportunity to capture others.
Internet explorer encountered Validation errors:
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : mshtml.dll
iii.
Assert offset: 0000000000B221DB
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : comctl32.dl
iii.
Assert offset: 00133A2A
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : mshtml.dll
iii.
Assert offset: 008BE823
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : mshtml.dll
iii.
Assert offset: 0040F9E8
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : iertutil.dll
iii.
Assert offset: 001DEC51
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : KERNELBASE.dll
iii.
Assert offset: 00014159
Validation Error
i.
Process Name: iexplorer.exe
ii.
Module Name : mshtml.dll
iii.
Assert offset: 0000000000B221DB
Microsoft Management Console Encountered a Validation Error
Validation Error
i.
Process Name: mmc.exe
ii.
Module Name : ieframe.dll
iii.
Assert offset: 00000000006C9283
Scripted Diagnostics Native Hot encountered a Validation Error
Validation Error
i.
Process Name: sdiagnhost.exe
ii.
Module Name : urlmon.dll
iii.
Assert offset: 00000000001A0A73
Validation Error
i.
Process Name: sdiagnhost.exe
ii.
Module Name : KERNELBASE.dll
iii.
Assert offset: 0000000000017f32
Windows System Assessment Tool encountered a validation error
Validation Error
i.
Process Name: winsat.exe
ii.
Module Name : KERNELBASE.dll
iii.
Assert offset: 0000000000017F32
Windows Explorer Encountered a validation Error
Validation Error
i.
Process Name: Explored.exe
ii.
Module Name : thumbcache.dll
iii.
Assert offset: 00000000000300BE
AI Suite 2 encountered a validation error
Validation Error
i.
Process Name: AI Suite 2.exe
ii.
Module Name : ntdll.dll
iii.
Assert offset: 000686BD
the number “2” is the substitutedfor the roman numeral 2
I believe that this is part of the MB Suite.
My the environment is a new equipment, and Downloaded student software. Windows 7 Enterprise SPK 1 Debug Checker, Valid Key with the software download. Activated on 8-12-2012
Motherboard: Asus p9x79 Deluxe, Part number: 90-mibh50-g0aay0kz
Chip Set: bx80619i73930k
2x Memory: cmx16gx3m2a1600c11 Corsair
Video Card: Diamond R7870 2GB DD OC 2xDVI/HDMI/2xDisplayport memory Clock 1250 MHz
Hard Drive: 9jb1n3-574 (leave the last two didgets off when searching in the browser) This is a Seagate 2TB
Generic optic drive: SH-222bb/bebe Samsung
Here is the Microsoft Fix It error code
Assertion Failed!
Program:…
File: d:\w7rtm\ds\security\cryptoapi\pki\...\newstor.cpp
Line: 2131
Expression: pStore->dwState = = STORE_STATE_OPEN || pStore->dwState = = STORE_STATE_OPENING || pStore->dwState = = STORE_STATE_DEFER_CLOSING || pStore->dwState = = STORE_STATE_NULL
For information on how your program can cause an assertion failure, see the Visual C++ documentation on asserts
(Press Retry to debug the application – JIT must be enabled)
Abort Retry Ignore
Abort
Closes the program
Retry
Repeats the error
Verbatim
Ignore
Closes the program
Nothing happens
Here is the Microsoft Genuine Advantage Diagnostic Report
Diagnostic Report (1.9.0027.0):
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-*****-*****-8C7YB
Windows Product Key Hash: cezvXJ2/mUhIEFxJfWkZ3IN8EQQ=
Windows Product ID: 55041-146-2397786-86942
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.004
ID: {EBD85729-DBBB-479F-AB15-EBC0DDE0CC28}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: c:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EBD85729-DBBB-479F-AB15-EBC0DDE0CC28}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-146-2397786-86942</PID><PIDType>6</PIDType><SID>S-1-5-21-4234423899-2489109333-1931045272</SID><SYSTEM><Manufacturer>System
manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1103</Version><SMBIOSVersion major="2" minor="7"/><Date>20120409000000.000000+000</Date></BIOS><HWID>CFBA3607018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific
Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Enterprise edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-146-239778-03-1033-7601.0000-2252012
Installation ID: 000792957432055771547065313840421702569731971164600080
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 8C7YB
License Status: Licensed
Remaining Windows rearm count: 5
Trusted time: 8/12/2012 5:47:25 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: OAAAAAEAAgABAAEAAgACAAAABAABAAEAHKJu3XDSdMRkx4ieoGkwung0ipvkrmTRDIsORc6qNCE=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA
A M I
FACP ALASKA
A M I
HPET ALASKA
A M I
MCFG ALASKA
OEMMCFG.
SSDT AMICPU
PROC
Scan Now Results
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
C:\Windows\system32>Thank you for your valuable time.
I have performed the Chkdsk and the memory Diagnostic tool as per the suggestions.
The Memory Tool did not find anything amiss.
As per another thread I am going to try flashing the bios as well with the updates.
Following are the Chkdsk results.
Are there any other suggestions?
Chkdsk Results
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
89600 file records processed.
File verification completed.
221 large file records processed.
0 bad file records processed.
1596 EA records processed.
44 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
131874 index entries processed.
Index verification completed.
0 unindexed files scanned. 0
unindexed files recovered. CHKDSK
is verifying security descriptors (stage 3 of 5)...
89600 file SDs/SIDs processed.
Cleaning up 36 unused index entries from index $SII of file 0x9.
Cleaning up 36 unused index entries from index $SDH of file 0x9.
Cleaning up 36 unused security descriptors.
Security descriptor verification completed.
21138 data files processed.
CHKDSK is verifying Usn Journal...
36120296 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
89584 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
476262075 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
1953410047 KB total disk space.
48065140 KB in 61610 files.
43468 KB in 21139 indexes.
0 KB in bad sectors.
253139 KB in use by the system.
65536 KB occupied by the log file.
1905048300 KB available on disk.
4096 bytes in each allocation unit.
488352511 total allocation units on disk.
476262075 allocation units available on disk.
Internal Info:
00 5e 01 00 ef 42 01 00 ef 95 02 00 00 00 00 00 .^...B..........
e3 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
6d 00 75 00 69 00 00 00 00 00 00 00 00 00 00 00 m.u.i...........
Windows has finished checking your disk.
Please wait while your computer restarts. -
Certificate Related Error Message/Please Help
Today I received an "Unable to verify SSL server pop.gmail.com" message on my Mail server. I transfer mail from gmail to Mail.
"Mail was unable to verify the identity of this server, which has a certificate issued to "pop.gmail.com". The error was:
The certificate for this server has expired.
You might be connecting to a computer that is pretending to be "pop.gmail.com", and putting your confidential information at risk. Would you like to continue anyway?"
In the lower box, it lists the Version, Serial Number, Issuer Name (which is from Zaire, Western Cape, and lists the organization as Thawte Consulting cc and other info, Subject name is Google Inc, common name is pop.gmail.com, then gives a Signature Algorithm, Parameters, etc.
It won't let me Copy and Paste so I have not hit the Continue button for concern of losing that info for reference.
I went to Help which instructed me to do the following:
I'm getting a certificate-related error message
If you get an error message with the word "certificate" in it, make a copy of the message and contact your Internet service provider (ISP) or network administrator. The error message may help them diagnose your problem.
If your mail server uses a self-signed Secure Sockets Layer (SSL) certificate, each time you open Mail you'll see an error message stating that the certificate is not valid. You can continue, but you'll see the same message every time you open Mail. To stop seeing this message, you can permanently accept the certificate.
To permanently accept a self-signed SSL certificate:
Click the Show Certificate button in the error message.
The certificate appears with a certificate icon in the upper-left corner.
Hold down the Option key and drag the certificate icon to the desktop.
Double-click the certificate icon on the desktop, and choose X.509 Anchors from the pop-up menu. Click Add.
The certificate is permanently accepted.
You must have permission to administer the computer for this procedure to work.
For information about encryption, click "Tell me more."
Instead of asking for the "580 Anchors" , it asked simply "Do you want to add the certificates from pop.gmail.com.cer to a keychain?"
I clicked "Add"
The pop.gmail.com certificate AND Thawte Freemail Member AND Thawte Personal Freemail certificates is now entered in my Keychain.
There are no dates listed under "Created" or "Modified" for those certs under Keychain.
IS THIS OK OR DO I HAVE A PROBLEM SINCE THESE THAWTE CERTS ARE LOCATED IN ZAIRE???
IF IT IS A PROBLEM, HOW DO I FIX/CHANGE/OK/DELETE/MODIFY, ETC. IT? PLEASE BE CLEAR.
CAN I/SHOULD I JUST DELETE ALL THREE/SOME OF THE CERTS NOW IN KEYCHAIN?
WILL I STILL BE ABLE TO GET MAIL AS BEFORE THIS MESSAGE IF DELETE THE CERTS?
I believe this is the first time I have received a message concerning certificates so I am naive concerning this.
THANK YOU.I had similar gmail/cert problem yesterday - not for the first time!
I deleted the prefs (user/library/preferences), deleted the gmail account (mail prefernces), ran applejack ( http://applejack.sourceforge.net/ ) & added the account from scratch.
Annoying I know, and my inbox was 200+ emails but nobody seems to know what or why this happens (my previous post) http://discussions.apple.com/thread.jspa?threadID=243186&tstart=0
Perhaps this is related to certain emails (an email scam), i run 3 macs & the mail account on the affected machine receives my business email & this is the only machine the gmail/cert problem occurs. -
Windows 7 Genuine Validation Error Code 0x8004fe21
Windows appears to be activated. The button to change the license key does not appear. Please advise how to solve this issue. I receive the error message below:
Below is the diagnostic report.
Diagnostic Report (1.9.0027.0):
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-XXXXX-XXXXX-XXXXX
Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=
Windows Product ID: 00371-OEM-8992671-00008
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {139C114B-F907-4C8A-BFB0-5ADAC1666327}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_ldr.130707-1535
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{139C114B-F907-4C8A-BFB0-5ADAC1666327}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-920686674-82526402-3460005700</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP
EliteBook 8460p</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68SCF Ver. F.08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110826000000.000000+000</Date></BIOS><HWID>50643707018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern
Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700008-02-1033-7600.0000-1422012
Installation ID: 009345334236140841192620903534347110985265171254181132
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 6P6GT
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/9/2013 4:17:21 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:9:2013 16:02
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: OgAAAAEAAgABAAMAAAACAAAABQABAAEAeqgwqIaqKK3m4LY44PJ4hNqSYj34Z978ZjJqwrZGpFkucw==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value
OEMTableID Value
APIC HPQOEM
161E
FACP HPQOEM
161E
HPET HPQOEM
161E
MCFG HPQOEM
161E
TCPA HPQOEM
161E
SSDT HPQOEM
SataAhci
SSDT HPQOEM
SataAhci
SLIC HPQOEM
SLIC-MPC
SSDT HPQOEM
SataAhci
SSDT HPQOEM
SataAhci
ASF! HPQOEM
161EHi,
I am just writing to check the status of this thread. Was the information provided in previous
reply helpful to you? Do you have any further questions or concerns? Please feel free to let us know.
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support -
What Certificate store is used for machine certificates
I have a requirement to have windows 7/8 users connect to the company network using VPN & IKEv2.
I have a RH Linux 7 firewall/authentication server that the windows clients will connect to via a vpn.
I have generated a self-signed Certificate Authority, and a client certificate. (using NSS & certutil)
I have configured a VPN/IKEv2 connection on my windows 7 client system.
I have selected "use machine certificates" on the security tab.
However when I attempt to connect to the Linux 7 server. Windows returns a 13806 error. The windows process
for locating the certificate cannot find the certificate. (I used mmc to install both the CA certificate & the client certificate)
So I wondering since I specified the use of machine certificates, perhaps I've installed the certificates in the wrong "store".
Is there a special "store" for machine certificates?Hi MeipoXu, many thanks for working with me on this issue.
Thru some trial & error testing I determined the Local Computer store "combo" that DOES NOT generate
a 13806 error (cert not found) is to import the client cert to the "Personal" store under "Local Computer"
and import the CA into the Trusted Root Certificates store, also under the "Local Computer"
However I still get the 13819 error Invalid Certificate Type. When I attempt to make a connection over vpn.
Here are the trace entries:
Frame: Number = 4, Captured Frame Length = 234, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: IPsec: Receive ISAKMP Packet
- WfpUnifiedTracing_IKE_PACKET_RECV IKE_PACKET_RECV: IPsec: Receive ISAKMP Packet
AsciiString ICookie: 76991f2483ab8271
AsciiString RCookie: be81c4728325eb7f
AsciiString ExchangeType: IKEv2 SA Init Mode
UINT32 Length: 284 (0x11C)
AsciiString NextPayload: SA
UINT8 Flags: 32 (0x20)
UINT32 MessageID: 0 (0x0)
UnicodeString LocalAddress: 192.168.10.4
UINT32 LocalPort: 500 (0x1F4)
UINT32 LocalProtocol: 0 (0x0)
UnicodeString RemoteAddress: 69.54.99.132
UINT32 RemotePort: 500 (0x1F4)
UINT32 RemoteProtocol: 0 (0x0)
UINT64 InterfaceLuid: 1688849960927232 (0x6000006000000)
UINT32 ProfileId: 2 (0x2)
Frame: Number = 5, Captured Frame Length = 121, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
AsciiString Function: IkeFindLocalCertChainHelper
- WinErrorCode ErrorCode: ERROR_IPSEC_IKE_NO_CERT
UINT32 WinErrorValue: 0x000035EE - ERROR_IPSEC_IKE_NO_CERT - The IKE failed to find a valid machine certificate. Contact your network security administrator about installing a valid certificate in the appropriate certificate store.
Frame: Number = 6, Captured Frame Length = 121, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
AsciiString Function: IkeFindLocalCertChainHelper
- WinErrorCode ErrorCode: ERROR_IPSEC_IKE_NO_CERT
UINT32 WinErrorValue: 0x000035EE - ERROR_IPSEC_IKE_NO_CERT - The IKE failed to find a valid machine certificate. Contact your network security administrator about installing a valid certificate in the appropriate certificate store.
Frame: Number = 7, Captured Frame Length = 117, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
AsciiString Function: IkeEncodeCertChainIkeV2
- WinErrorCode ErrorCode: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
UINT32 WinErrorValue: 0x000035FB - ERROR_IPSEC_IKE_INVALID_CERT_TYPE - Invalid certificate type.
Frame: Number = 8, Captured Frame Length = 117, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
AsciiString Function: IkeEncodeCertChainIkeV2
- WinErrorCode ErrorCode: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
- HRESULT ErrorValue: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
- LEHResult:
UINT32 Code: (................0011010111111011) 0x000035FB - ERROR_IPSEC_IKE_INVALID_CERT_TYPE - Invalid certificate type.
UINT32 Facility: (.....00000000111................) WIN32
UINT32 X: (....0...........................) Reserved
UINT32 N: (...0............................) Not NTSTATUS
UINT32 C: (..0.............................) Microsoft-defined
UINT32 R: (.0..............................) Reserved
UINT32 S: (1...............................) Failure
$$$$$$$ N O T E : Frame Numbers 9 thru 13 are exact same error message as Frame numbers 8 (the first) and Frame 14 (the last) $$$$$$$$ Then I close the connection
and stop the trace.
Frame: Number = 14, Captured Frame Length = 123, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
AsciiString Function: IkeConstructAndSendMMResponse
- WinErrorCode ErrorCode: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
- HRESULT ErrorValue: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
- LEHResult:
UINT32 Code: (................0011010111111011) 0x000035FB - ERROR_IPSEC_IKE_INVALID_CERT_TYPE - Invalid certificate type.
UINT32 Facility: (.....00000000111................) WIN32
UINT32 X: (....0...........................) Reserved
UINT32 N: (...0............................) Not NTSTATUS
UINT32 C: (..0.............................) Microsoft-defined
UINT32 R: (.0..............................) Reserved
UINT32 S: (1...............................) Failure
So after a response is received from the Server (to complete the SA Initiation)
Windows then "looks" for a cert to send to the server.
It appears initially it can't find one because 13806 errors are reported (Frames 5 & 6)
However the session does not issue an 13806.
It goes on to Frame 7: Note the function IkeEncodeCertChainIkeV2 detects the invalid cert type
Frames 8 thru 14 are just a repeat of the same error.
Could this be a flaw in the windows VPN logic ?
Guy -
NAC 4.7.2 (OOB VGW)) MAC certificate validation slow
We have been seeing some odd behavior with certificate validation with MAC OSx device running the installed agent.
When a user enters their userid and password they sometimes will get a SSL cert error. If the user clicks on login multiple times they will eventually certify and join the trusted network.
I did a packet capture of a machine that was experiencing the problem.
The packet capture showed the MAC making a DNS query for the Verisign server's IP address and the DNS server returns the correct answer. The expected connection to the Verisign server never occurs. (The ssl cert error on the MAC shows up about now.)
If login is clicked (several times) and you go through the cycle again eventually the connection to the Verisign server is established the certificate is validated and user is placed into the trusted vlan.
Has anybody else experienced this? Any ideas?Faisal,
I reviewed my work including where I performed my captures. The capture I did initially was between the CAS and the outside world - our routing core.
I decided to span a port a MAC was connected to and performed another capture.
Lo and behold the MAC was actually trying to connect to the Verisign server based on IP address of the forward DNS lookup send originally from the MAC.
I thought about the process and I believe that NAC has to do a reverse lookup on the IP address so that it can compare the server name against host filter I built to allow the traffic.
The filter was based on the forward lookup so it was something like "ends with crl.verisign.com"
When I did a reverse lookup I discovered most of the servers returned something like "crl.indv10.verisign.com" which of course did not match the filter I had created. Traffic blocked.
I changed the filter to just "ends with verisign.com" and it worked 95% of the time.
Why only 95%?
One of the servers had an IP address that was outside the 199.x.x.172 pattern most of them use and it did not return a name when the reverse lookup occurred. I finally ended up adding that as IP address as a filter.
No problems now.
Later!
Bob -
Windows 7 validation errors on almost every software
Hello,
I recently, downloaded Windows 7 professional from MSDN, I have a valid key. After I installed windows 7 I repeatedly get validation error on the following softwares:
Internet explorer
windows explorer
skype
Izarc
Eclipse
the error is like:
NAMEOFSOFTWAER.exe encountered a validation error
process name: NAMEOFSOFTWAER.exe
Module name: KERNELBASE.dll
Assert offset:00013F62
I searched on line, but most of the discussions on validation errors of windows 7 were around internet explorer, but I have this error on other softwares as well.
I am sure that the version of my windows and my key are both valid and legal. I checked if I have bad sector on my disk and I did`nt, I also did a full scan for virus and I did not have any virus.
Would you please check in to this problem and guide me to resovle it,
Thanks,
LalehHere is my laptops diagnostic report help me with the same problem can anyone this
Diagnostic Report (1.9.0027.0):
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV
Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4=
Windows Product ID: 00426-292-0000007-85018
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {D399A91C-B387-4641-A736-48728E861C65}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: c:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D399A91C-B387-4641-A736-48728E861C65}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85018</PID><PIDType>5</PIDType><SID>S-1-5-21-1478810692-3102226739-2564158196</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP
Pavilion g6 Notebook PC </Model></SYSTEM><BIOS><Manufacturer>Insyde</Manufacturer><Version>F.66</Version><SMBIOSVersion major="2" minor="7"/><Date>20130124000000.000000+000</Date></BIOS><HWID>65BB3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central
Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-292-000000-00-1033-7601.0000-2602014
Installation ID: 008632457883203582056830527371316282992446715113503060
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3MBMV
License Status: Initial grace period
Time remaining: 42300 minute(s) (29 day(s))
Remaining Windows rearm count: 5
Trusted time: 9/17/2014 6:55:58 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: LgAAAAEAAgABAAIAAAABAAAAAQABAAEA6GGy+IaqNnkorUhEzH46MdA0VKcucw==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HP 1670
FACP HPQOEM SLIC-MPC
HPET HP 1670
BOOT HP 1670
MCFG HP 1670
ASF! HP 1670
SLIC HPQOEM SLIC-MPC
SSDT HP 1670
ASPT HP 1670
SSDT HP 1670
SSDT HP 1670
SSDT HP 1670 -
Hi,
I'm facing with an error while Anyconnect is trying to connect, showing a message about certificate validity (As is attached to this post), but it connects successfully.
I guess something is wrong with the cert I'm using (Its essential cert).
Cert Info :
Type : General
Usage : general purpose
Valid To: 30 Dec 2014
best Regards
AliPlease review the following document:
AnyConnect Certificate Based Authentication
Your error is due to lack of proper USER certificate - not server (ASA) certificate. You need to either issue and install a proper user certificate on your client PC or setup the Connection Profile to not use certificate authentication (see step 6 in the linked document). -
Weblogic app server wsdl web service call with SSL Validation error = 16
Weblogic app server wsdl web service call with SSL Validation error = 16
I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
Cannot complete the certificate chain: No trusted cert found
Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
Validation error = 16
From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
Here is how I load trustStore and keyStore in my java program:
System.setProperty("javax.net.ssl.trustStore",”cacerts”);
System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
System.setProperty("javax.net.ssl.trustStoreType","JKS");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.keyStore", keyStoreName);
System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd); System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
Here is how I create cacerts using verisign hierarchy certs (in this order)
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
Because my program is a weblogic app server, when I start the program, I have java command line options set as:
-Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.enforceConstraints=strong
That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
1. Do I create “cacerts” the correct order with right keeltool options?
2. Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
3. Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
4. Do I need to put the “cacerts” to some specific weblogic directory?
---------------------------------wsdl file
<wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp:Policy wsu:Id="TokenServices_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="true"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
<xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ITokenServices_GetUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
</wsdl:message>
<wsdl:portType name="ITokenServices">
<wsdl:operation name="GetUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="TokenServices" type="tns:ITokenServices">
<wsp:PolicyReference URI="#TokenServices_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="GetUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="TokenServices">
<wsdl:port name="TokenServices" binding="tns:TokenServices">
<soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
<wsa10:EndpointReference>
<wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
----------------------------------application log
adding as trusted cert:
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>I received a workaround by an internal message.
The how to guide is :
-Download the wsdl file (with bindings, not the one from ESR)
-Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
-Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
-Create a new logicial destination that point to the wsdl file modified
-Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
Then the received data is check by the metadata logical destination but the data is retrieved from the correct server.
Maybe you are looking for
-
[SOLVED] Problem with Kate and his dependencies
hi, I just read the post which explains how to install kate from other packages of kde. http://bbs.archlinux.org/viewtopic.php?id=51748 I've done what we said last answer, but my problem is that when I try to install kdesdmod with its dependencies, t
-
How do i turn off apps running in the background with the new upgrade?
how do i turn off apps running in the background with the new upgrade?
-
[SOLVED] Intel Fortran Compiler v11.1.072 installation failed
hi everyone! i have some problems with the intel fortran installation. i try to install both ia32 and intel64 version, but without success. i launch from the shell the file "install.sh" and i follow the instructions on the screen, it says that i have
-
LMS 4.2.3 Continuous Authentication failure alarm in DFM
Hi All, We are getting continuous minor alarm[Authentication Failure] for single router in the DFM. can we check from which ip we are getting the authentication request?? possible steps to find the cause for the authentication failure.? Regards, Cha
-
Can I transfer a book I have downloaded onto my Mac in error? I purchased a book meant for ipad only. Silly me. Could I for example transfer it to my wifes ipad - if so - where would I find it on my Mac.