Anyone do end-to-end connection auditing w/ Oracle DB + EBiz apps ?
Hi,
Connection auditing within the database is pretty simple, the sys.aud$ tables give all the info to see the end-to-end picture of:
- users pc name / ip /port etc
- users network id
- target Oracle schema
-etc
But when we add Oracle Applications into the picture, we have 2 other components: a) the application user b) the application server
It is possible to connect the database session to the application session.
But, I am having trouble with connecting the database session with the Oracle Application Server connection.
I have tried various settings in
$IAS_CONFIG_HOME/Apache/Apache/conf/security.conf
SecAuditEngine On
SecFilterDebugLevel 4
so that I could see the IP of the user pc, but for some reason the only IP info I get is for the host computer of the Application Server.
Any suggestions would be great.
Thank you !
Hi this is not possible....
What you did could only work if it was a homogeneous migration of the DB (So Oracle running on Server X moved to Server Y)
What you want is actually a hetrogenious migration and you cannot just reconnect.
See https://websmp102.sap-ag.de/installnw70 and look for:
System Copy
If you want to perform a homogeneous or heterogeneous copy of an existing SAP system based on SAP NetWeaver 7.0, use the following System Copy Procedures:
For EHP1 SR1: ABAP, ABAP + Java, or Java.
For EHP1: ABAP, ABAP + Java, or Java.
For SR3: ABAP, ABAP + Java, or Java.
For SR2: ABAP, ABAP + Java, or Java.
Cheers,
Benjamin
Similar Messages
-
Trying to connect to Oracle using Web App
Hi Guys, I'm hoping someone here can help. This question goes out to anyone who has tried to connect to an Oracle database via web application written using Java Server Pages and Servlets. There is a specific file called the context.xml that contains the connection parameters to Oracle. Please note thread of conversation derived from a Java forum I've posted to earlier.
The bottom line is that "orcl" is the SID value for the Oracle database. The connection pool apparently isn't able to create connection objects based on the SID value given. When I attempt to run the test.jsp page in the browser I get the error message noted below. I still don't know how to fix this and simply must get it working.
Any advise is welcome.
Alan
I'm putting together a test page test.jsp in Tomcat that attempts to access my Oracle database running on the same machine. The point here is just to make sure I have the connection parameters correctly set before proceeding too far into the web application.
In my context.xml file I have the following:
<Resource name="jdbc/myoracle" auth="Container"
type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@127.0.0.1:1521:orcl"
username="BASIC_USER" password="tiger" maxActive="6" maxIdle="3"
maxWait="10000"/> In my web.xml file I have the following:
<resource-ref>
<description>Oracle Datasource example</description>
<res-ref-name>jdbc/myoracle</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>My test.jsp page simply attempts to open a connection with the database and to display data from one table.
When I go into the browser to open the page I get the following SQLExceptioin error:
SQL Problem: Cannot create PoolableConnectionFactory (Listener refused the connection with the following error: ORA-12505, TNS:listener does not currently know of SID given in connect descriptor )
SQL State: null
Vendor Error: 0
It refers to the SID value in the descriptor. Well...you can see from the descriptor that I've written "orcl". That is the SID. url="jdbc:oracle:thin:@127.0.0.1:1521:orcl"
At this point I'm spinning my wheels. I don't know what else to do to make this work.
Please advise.
Alan
[Dukes Earned 111] Karanjit
Posts:459
Registered: 2/28/08
Re: Tying test jsp page in Tomcat
Jul 23, 2009 12:31 AM (reply 1 of 2) (In reply to original post )
Click to email this message
Oracle docs say:
ORA-12505:TNS:listener does not currently know of SID given in connect descriptor
Cause: The listener received a request to establish a connection to a database or other service. The connect descriptor received by the listener specified a SID for an instance (usually a database instance) that either has not yet dynamically registered with the listener or has not been statically configured for the listener. This may be a temporary condition such as after the listener has started, but before the database instance has registered with the listener.
Action:
- Wait a moment and try to connect a second time.
- Check which instances are currently known by the listener by executing: lsnrctl services <listener name>
- Check that the SID parameter in the connect descriptor specifies an instance known by the listener.
- Check for an event in the listener.log file.
[Dukes Earned 0] ashiers
Posts:126
Registered: 12/26/01
Re: Tying test jsp page in Tomcat
Jul 23, 2009 7:40 AM (reply 2 of 2) (In reply to #1 )
Click to email this message Click to edit this message...
Thanks for the description for the Error message 12505. It doesn't help much. This I did find out by running this command: LSNRCTL SERVICES LISTENER
C:\>LSNRCTL SERVICES LISTENER
LSNRCTL for 32-bit Windows: Version 11.1.0.6.0 - Production on 23-JUL-2009 11:12
:00
Copyright (c) 1991, 2007, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
Services Summary...
Service "orcl" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:545 refused:0 state:ready
LOCAL SERVER
Service "orclXDB" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Handler(s):
"D000" established:64 refused:0 current:0 max:1022 state:ready
DISPATCHER <machine: DOHWS1911, pid: 804>
(ADDRESS=(PROTOCOL=tcp)(HOST=DOHWS1911)(PORT=1101))
Service "orcl_XPT" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:545 refused:0 state:ready
LOCAL SERVER
The command completed successfully
So, according to this orcl is the correct SID parameter. Please advise further.
Alansb92075 wrote:
Listener Log File c:\oracle11g\diag\tnslsnr\DOHWS1911\listener\alert\log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1521ipc)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=DOHWS1911)(PORT=1521)))
Please note HOST=DOHWS1911.
Does DOHWS1911 map to 127.0.0.1?
post results from following command
tnsping orcl
Please post last 2 - 3 dozen lines from c:\oracle11g\diag\tnslsnr\DOHWS1911\listener\alert\log.xml
take very soon after the error is reported
Yes DOHWS1911 is the host name given to my computer and probably is mapped to 127.0.0.1.
When I ran tnspring orcl I get:
C:\>tnspring orcl
'tnspring' is not recognized as an internal or external command,
operable program or batch file.
Following is the tail end of the log.xml file after attempting to connect:
<msg time='2009-07-23T16:41:02.031-03:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='DOHWS1911'
host_addr='10.1.186.192'>
<txt>23-JUL-2009 16:41:02 * service_update * orcl * 0
</txt>
</msg>
<msg time='2009-07-23T16:41:20.031-03:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='DOHWS1911'
host_addr='10.1.186.192'>
<txt>23-JUL-2009 16:41:20 * service_update * orcl * 0
</txt>
</msg>
<msg time='2009-07-23T16:41:53.031-03:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='DOHWS1911'
host_addr='10.1.186.192'>
<txt>23-JUL-2009 16:41:53 * service_update * orcl * 0
</txt>
</msg>
<msg time='2009-07-23T16:42:01.562-03:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='DOHWS1911'
host_addr='10.1.186.192'>
<txt>23-JUL-2009 16:42:01 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=SYSTEM))(COMMAND=services)(ARGUMENTS=64)(SERVICE=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DOHWS1911)(PORT=1521))))(VERSION=185599488)) * services * 0
</txt>
</msg>
<msg time='2009-07-23T16:42:02.546-03:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='DOHWS1911'
host_addr='10.1.186.192'>
<txt>23-JUL-2009 16:42:02 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=SYSTEM))(COMMAND=status)(ARGUMENTS=64)(SERVICE=(ADDRESS=(PROTOCOL=TCP)(HOST=DOHWS1911)(PORT=1521)))(VERSION=185599488)) * status * 0
</txt>
</msg>
<msg time='2009-07-23T16:43:30.984-03:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='DOHWS1911'
host_addr='10.1.186.192'>
<txt>23-JUL-2009 16:43:30 * (CONNECT_DATA=(SID=mysid)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=SHIERSAJ))) * (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1594)) * establish * mysid * 12505
</txt>
</msg>
<msg time='2009-07-23T16:43:31.000-03:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='DOHWS1911'
host_addr='10.1.186.192'>
<txt>TNS-12505: TNS:listener does not currently know of SID given in connect descriptor
</txt>
</msg>GOD! It doesn't get any more Greek than this!
What does it all mean? HELP!
Alan -
RFC Connection Error (for end-to-end Monitoring)
Hi,
I am configure End-to-End monitoring in XI 3.0 SP20, PMI does't show data in end-to-end monitoring... anyway!!! I check RFC connection PMI
RFC destination name: PMIXQA90020080827
in TEST connection I am getting an error: "Group PUBLIC not Found" where may I define that PUBLIC to solve this problem please let me know.... thanks
and what is Group PUBLIC in RFC ??? what does it do???
Is there any notes I can read for related issue, please help me out this
Thanks a lot in advanced
Edited by: issue2008 issue on Aug 28, 2008 10:03 AMThanks for reply... SURE I can tell you
Connection Type: 3 R/3 connection
ScreenShot shows blow:
http://www.flickr.com/photos/25222280@N03/2806290586/sizes/o/
Thanks
Edited by: issue2008 issue on Aug 28, 2008 10:20 AM -
Could anyone provide an easy ADF tutorial to go through from end to end
Could anyone provide an easy ADF tutorial to go through from end to end retrieving a table with parameter and display result as a table on web page. would like to learn EO, VO, AM page generation with this easy example.
ThanksI've been using these
http://www.oracle.com/technology/products/jdev/11/cuecards111/index.html
I've done this one all the way through a couple times.
http://www.oracle.com/technology/obe/obe11jdev/bulldog/ria_application/developriaapplication_long.htm -
When I started to update to iOS 5, the update went but at the end it said connection has timed out. Help me?
Have you tried disabling the computer's security software during the download and update.
-
Hi experts,
where i can and how can i monitor the End to End audit trail.
Regards,Hi,
U can see the message flow in different ways
Go to the link for more detail:
http://help.sap.com/saphelp_nw04s/helpdata/en/88/21bc3ff6beeb0ce10000000a114084/frameset.htm
1) GO to SXMB_MONI u can see message payload input as well as output along with the error and trace level.
2) Go to RWB and u can End to end monitoring.
use end-to-end monitoring in the following cases:
● If you want to monitor message processing steps in a number of SAP components (to be configured).
● If you want to monitor the path of individual messages through these SAP components, from start to end.
3) Go to Message monitoring.
Use message monitoring in the following cases:
● To track the status of messages
● To find errors that have occurred and establish what caused them
Chirag -
Your End Node is Connected To the Gateway Through a Mesh Router Node
Dears,
If we Have a Network of 32 Nodes ( 1 Gateway and 4 Mesh Routers and 28 End Nodes) I need To Know if It is Possible To Know that Your End Node is Connected To the Gateway through Which Mesh Router Node Programatically and When it is Self Heiling ?, is It Possible To Know this Information ?
BR
Ahmed Abdulbaky
InnoVision SystemsHey Matt,
With regards to using more than 8 nodes per parent, this may be possible and I've seen systems where this seemed to work. However, the hardware is only tested and supported for up to 8 end nodes per parent.
With regard to 8 end nodes being stranded when using a router and gateway, this shouldn't be occurring. Depending on your network topology, there are other possible reasons for this behavior. The following article discusses the basics of the WSN topology:
Wireless Sensor Network Topologies and Mesh Networking
http://zone.ni.com/devzone/cda/tut/p/id/11211
When the node disconnects, is it the same node, a similar rotation of nodes, or random nodes that are being stranded? When the node becomes stranded, what's it signal strength? Are each of your nodes set for the same update rate in the project? These answers may provide clues as to what is causing this behavior. Hope this helps!
--Ryan S. -
Cannot get end-to-end single sign-on to work in CR XI
Post Author: yarg
CA Forum: Authentication
Hello,
I'm looking for some help please. I have used Crystal Reports XI fairly extensively over the past year (designing reports mainly), and have now been tasked with getting CR Server XI up and running so that team members can view reports pertaining to them via a web browser. I have installed CR Server XI on a Windows Server 2003 VM and have followed every single step in the admin guide on pg285 about how to implement end-to-end single sign-on using Kerberos.
However, every time I try to access InfoView I get prompted for AD credentials. Single sign-on just is not working and there are no visible error messages to indicate why. Could anyone please offer suggestions? Even telling me whether there is any sort of log file which I can check to see what's happening behind the scenes would be very helpful.
Many thanks in advance,
GraemePost Author: colin mackenzie
CA Forum: Authentication
Hello Graeme.
Have you tested it with using the user settings under the Enterprise Authentication?
Does your reports and objects work for the user when connected with the "Enterprise Authentication Type? -
Java.lang.NullPointerException in End-to-End monitoring
Hi!
When trying to start End-To-End monitoring over the RWB I get a NUllPointerException from 'JNet' as the applet tries to start up:
Class com.sap.jnet.JNetApplet.class not found
java.lang.ClassNotFoundException: com.sap.jnet.JNetApplet.class at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
caused by: java.io.IOException: open HTTP connection failed.
at sun.applet.AppletClassLoader.getBytes(Unknown Source)
at sun.applet.AppletClassLoader.access$100(Unknown Source)
at sun.applet.AppletClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 10 more
I'm using Java(TM) Plug-in: Version 1.4.2_08
Can anyone help?
Thanks,
FabianHi Fabian,
Have you done the step:
Configuring End-to-End Message Monitoring
from the XI configuration guide?
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/uuid/ac6de690-0201-0010-54ac-8923089dcc97
Regards,
michal -
End to End Monitoring is not working
Hi All,
I don't see the msgs in End to End Monitoring. I have checked all connections in SM59, full host name parameters is present in profile.
I cannot select the "instance" radio button either. Anyone had these problems in SP12, XI3.0 SR1.
thanks
tonyHi All,
I have also same problem of end to end monitoring ,it does not refreshing statistics after certain interval,
currently statitical data is showing like
Errors 0
Open 0
Successfully Completed 0
Overall 0
I have set frequency of hourly in furthur settings.
But messages are not seen , it is showing only starting (when we configured end to end monitoring) days message statistics .
Expecting some clue to resolve this.
Thanks in advance
Regards,
Santosh -
Performance end to end testing and comparison between MPLS VPN and VPLS VPN
Hi,
I am student of MSc Network Security and as for my project which is " Comparison between MPLS L3 VPN and VPLS VPN, performance monitoring by end to end testing " I have heard a lot of buzz about VPLS as becoming NGN, I wanted to exppore that and produce a comparison report of which technology is better. To accomplish this I am using GNS3, with respect to the MPLS L3 VPN lab setup that is not a problem but I am stuck at the VPLS part how to setup that ? I have searched but unable to find any cost effective mean, even it is not possible in the university lab as we dont have 7600 series
I would appreciate any support, guidence, advice.
Thanks
ShahbazHi Shahbaz,
I am not completely sure I understand your request.
MPLS VPN and VPLS are 2 technologies meant to address to different needs, L3 VPN as opposed as L2 VPN. Not completely sure how you would compare them in terms of performance. Would you compare the performance of a F1 racing car with a Rally racing car?
From the ISP point of view there is little difference (if we don't want to consider the specific inherent peculiarities of each technology) , as in the very basic scenarios we can boil down to the following basic operations for both:
Ingress PE impose 2 labels (at least)
Core Ps swap top most MPLS label
Egress PE removes last label exposing underlying packet or frame.
So whether the LSRs deal with underlying L2 frames or L3 IP packets there is no real difference in terms of performance (actually the P routers don't even notice any difference).
About simulators, I am not aware of anyone able to simulate a L2 VPN (AtoM or VPLS).
Riccardo -
Issue in configuring the End to End Monitering.
Hi,
I was trying to configure the end to end monitering in RW, and it is askin for uid and password, on applying them , it is not opening , and giving a messege as
Unable to read the current configuration for the selected XI domain because the system was unable to estable a connection to the monitoring server (possibly due to incorrect logon data). Error message: Unable to log on to system isrxidev in language en with user PISUPER.
What should i do? I am a super user.I hav all authorisations!Is this my role, or a basis / administrator role, tell me the solution, i need to check full end to end status of a messge from source point to target point.
Also, how do I set up the PIPELINE configuration. Any settings required in SICF transaction to see the different stages of a messege in sxmb_moni. Mine is a file to idoc scenerio, and in sxmb_moni i can only see the
Inbound Messege
Receiver Grouping
and
Response.
I was expecting to see the status at Receiver determination and interface Determination!
Arnab MondalLogin with PIRWBUSER for end to end monitoring..
Follow these steps :
http://help.sap.com/saphelp_nw04s/helpdata/en/06/5d1741b393f26fe10000000a1550b0/frameset.htm
Still problem exists then go thru the below thread
End-to-End Monitoring
Check whether all CIF services were activated in Visual Admin -
Internal error int reply to ClientHello on ACE20 module with end-to-end SSL
Hello, world!
We have weird behaviour of our Cisco ACE20 module configured for end-to-end SSL (initiation+termination) - the module from time to time replies with SSLv3/TLSv1 alert "Fatal: internal error" message to the client right after client have sent 'ClientHello' SSL message. So sometimes SSL connection works and sometimes will be immediately closed due to this fatal error. The behaviour is very similar to the one described below:
CSCtc52085—After a client sends a ClientHello message, the SSL hand shake may fail with a fatal alert internal error sent by the ACE. This behavior is intermittent and may occur under the following conditions:
1. An SSL service is configured with the session-cache timeout command (session reuse).
2. SSL connections are aborted by the client after the client sends a ClientHello message to the service in condition 1 and before an internal resource state is changed. This behavior puts the internal resource in an improper state. This error is very timing sensitive.
3. The next connection that uses the internal resource in the improper state fails with a fatal alert internal error. That connection does not have to go to the service in condition 1 to experience this error because the internal resource is shared by all the SSL services.
Workaround: None.
But we have software version A2(3.1) and this bug must have been resolved in this release (at least it's listed in resolved caveats section of release notes).
Software
loader: Version 12.2[123]
system: Version A2(3.1) [build 3.0(0)A2(3.1)]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_3_1.bin
Again, we don't have session-cache timeout configured on the ACE.
On the ACE we have following stats:
ACE1/VC_UNIX# sh stats crypto server
SSL Server Statistics:
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 1
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 2
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 16
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
SSLv2 client hello received: 0
SSLv3 client hello received: 0
TLSv1 client hello received: 68
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 68
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
TLSv1 full handshakes: 33
TLSv1 resumed handshakes: 0
Cipher tlsv1_rsa_rc4_128_md5: 68
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 0
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL authentication cache hits: 0
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 0
Failed SSL server authentications: 0
Session headers extracted: 0
Session headers failed: 0
Server cert headers extracted: 0
Server cert headers failed: 0
Client cert headers extracted: 0
Client cert headers failed: 0
Headers truncated: 0
Redirects due to cert not yet valid: 0
Redirects due to cert expired: 0
Redirects due to unknown issuer cert: 0
Redirects due to cert revoked: 0
Redirects due to no client cert: 0
Redirects due to no CRL available: 0
Redirects due to expired CRL: 0
Redirects due to bad cert signature: 0
Redirects due to other cert error: 0
Internal error: 27
Handshake FlushRX operations: 0
Handshake FlushTX operations: 0
Xscale messages rcvd from ME: 1313330
Xscale messages sent to ME: 2041768
Finish msg split across ssl recs: 0
Fasttx msg ring full: 0
SSL_ME tx msg ring full: 0
N2 encrypt_record: 0
N2 decrypt_record: 144433
N2 random: 439915
N2 handshake_hash: 878094
N2 hash: 0
N2 gpop_master: 291164
N2 gpop_import_master_secret: 5
N2 gpop_pkcs1v15enc: 144430
N2 gpop_pkcs1v15enc_crt: 0
N2 gpop_finish: 291140
N2 gpop_verify: 0
N2 gpop_pkcs1v15dec: 0
N2 gpop_pkcs1v15dec_crt: 146752
N2 rsa_server_full: 15
N2 resume: 12
UXP A: 24576
UXP B: 0
The "Internal error" counter increases with failed connections.
Printscreen from wireshark attached.
Maybe someone has the problem like ours? I have no idea how to troubleshoot these "internal errors"... :-(
Thanks for your replies.Thanks for your reply.
The problem is not server-related, I have exactly the same situation if I do SSL termination only, with unencrypted connection between ACE and backend servers (another servers, with blank apache installed and listening on 443 port for non-SSL traffic) - generally speaking, it works, but often with these "internal errors" - not suitable for production.
Here is the output from the commands
# show np 1 me-stats -E0
SSL Server Statistics:
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 0
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 0
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 0
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
SSLv2 client hello received: 0
SSLv3 client hello received: 0
TLSv1 client hello received: 0
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 0
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
TLSv1 full handshakes: 0
TLSv1 resumed handshakes: 0
Cipher tlsv1_rsa_rc4_128_md5: 0
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 0
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL authentication cache hits: 0
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 0
Failed SSL server authentications: 0
Session headers extracted: 0
Session headers failed: 0
Server cert headers extracted: 0
Server cert headers failed: 0
Client cert headers extracted: 0
Client cert headers failed: 0
Headers truncated: 0
Redirects due to cert not yet valid: 0
Redirects due to cert expired: 0
Redirects due to unknown issuer cert: 0
Redirects due to cert revoked: 0
Redirects due to no client cert: 0
Redirects due to no CRL available: 0
Redirects due to expired CRL: 0
Redirects due to bad cert signature: 0
Redirects due to other cert error: 0
Internal error: 0
SSL Client Statistics:
SSL alert CLOSE_NOTIFY rcvd: 0
SSL alert UNEXPECTED_MSG rcvd: 0
SSL alert BAD_RECORD_MAC rcvd: 0
SSL alert DECRYPTION_FAILED rcvd: 0
SSL alert RECORD_OVERFLOW rcvd: 0
SSL alert DECOMPRESSION_FAILED rcvd: 0
SSL alert HANDSHAKE_FAILED rcvd: 0
SSL alert NO_CERTIFICATE rcvd: 0
SSL alert BAD_CERTIFICATE rcvd: 0
SSL alert UNSUPPORTED_CERTIFICATE rcvd: 0
SSL alert CERTIFICATE_REVOKED rcvd: 0
SSL alert CERTIFICATE_EXPIRED rcvd: 0
SSL alert CERTIFICATE_UNKNOWN rcvd: 0
SSL alert ILLEGAL_PARAMETER rcvd: 0
SSL alert UNKNOWN_CA rcvd: 0
SSL alert ACCESS_DENIED rcvd: 0
SSL alert DECODE_ERROR rcvd: 0
SSL alert DECRYPT_ERROR rcvd: 0
SSL alert EXPORT_RESTRICTION rcvd: 0
SSL alert PROTOCOL_VERSION rcvd: 0
SSL alert INSUFFICIENT_SECURITY rcvd: 0
SSL alert INTERNAL_ERROR rcvd: 0
SSL alert USER_CANCELED rcvd: 0
SSL alert NO_RENEGOTIATION rcvd: 0
SSL alert CLOSE_NOTIFY sent: 0
SSL alert UNEXPECTED_MSG sent: 4108
SSL alert BAD_RECORD_MAC sent: 0
SSL alert DECRYPTION_FAILED sent: 0
SSL alert RECORD_OVERFLOW sent: 0
SSL alert DECOMPRESSION_FAILED sent: 0
SSL alert HANDSHAKE_FAILED sent: 63355
SSL alert NO_CERTIFICATE sent: 0
SSL alert BAD_CERTIFICATE sent: 0
SSL alert UNSUPPORTED_CERTIFICATE sent: 0
SSL alert CERTIFICATE_REVOKED sent: 0
SSL alert CERTIFICATE_EXPIRED sent: 0
SSL alert CERTIFICATE_UNKNOWN sent: 0
SSL alert ILLEGAL_PARAMETER sent: 0
SSL alert UNKNOWN_CA sent: 0
SSL alert ACCESS_DENIED sent: 0
SSL alert DECODE_ERROR sent: 0
SSL alert DECRYPT_ERROR sent: 0
SSL alert EXPORT_RESTRICTION sent: 0
SSL alert PROTOCOL_VERSION sent: 0
SSL alert INSUFFICIENT_SECURITY sent: 0
SSL alert INTERNAL_ERROR sent: 37662
SSL alert USER_CANCELED sent: 0
SSL alert NO_RENEGOTIATION sent: 0
SSLv2 client hello received: 0
SSLv3 client hello received: 0
TLSv1 client hello received: 0
SSLv3 negotiated protocol: 0
TLSv1 negotiated protocol: 4062020
SSLv3 full handshakes: 0
SSLv3 resumed handshakes: 0
Cipher sslv3_rsa_rc4_128_md5: 0
Cipher sslv3_rsa_rc4_128_sha: 0
Cipher sslv3_rsa_des_cbc_sha: 0
Cipher sslv3_rsa_3des_ede_cbc_sha: 0
Cipher sslv3_rsa_exp_rc4_40_md5: 0
Cipher sslv3_rsa_exp_des40_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_md5: 0
Cipher sslv3_rsa_exp1024_des_cbc_sha: 0
Cipher sslv3_rsa_exp1024_rc4_56_sha: 0
Cipher sslv3_rsa_aes_128_cbc_sha: 0
Cipher sslv3_rsa_aes_256_cbc_sha: 0
TLSv1 full handshakes: 4015344
TLSv1 resumed handshakes: 0
Cipher tlsv1_rsa_rc4_128_md5: 0
Cipher tlsv1_rsa_rc4_128_sha: 0
Cipher tlsv1_rsa_des_cbc_sha: 0
Cipher tlsv1_rsa_3des_ede_cbc_sha: 0
Cipher tlsv1_rsa_exp_rc4_40_md5: 0
Cipher tlsv1_rsa_exp_des40_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_md5: 0
Cipher tlsv1_rsa_exp1024_des_cbc_sha: 0
Cipher tlsv1_rsa_exp1024_rc4_56_sha: 0
Cipher tlsv1_rsa_aes_128_cbc_sha: 4062020
Cipher tlsv1_rsa_aes_256_cbc_sha: 0
Total SSL client authentications: 0
Failed SSL client authentications: 0
SSL authentication cache hits: 4059147
SSL static CRL lookups: 0
SSL best effort CRL lookups: 0
SSL CRL lookup cache hits: 0
SSL revoked certificates: 0
Total SSL server authentications: 4059888
Failed SSL server authentications: 0
Session headers extracted: 0
Session headers failed: 0
Server cert headers extracted: 0
Server cert headers failed: 0
Client cert headers extracted: 0
Client cert headers failed: 0
Headers truncated: 0
Redirects due to cert not yet valid: 0
Redirects due to cert expired: 0
Redirects due to unknown issuer cert: 0
Redirects due to cert revoked: 0
Redirects due to no client cert: 0
Redirects due to no CRL available: 0
Redirects due to expired CRL: 0
Redirects due to bad cert signature: 0
Redirects due to other cert error: 0
Internal error: 20380
Handshake FlushRX operations: 0
Handshake FlushTX operations: 0
Xscale messages rcvd from ME: 12092768
Xscale messages sent to ME: 0x0176adac
Finish msg split across ssl recs: 0
Fasttx msg ring full: 0
SSL_ME tx msg ring full: 0
N2 encrypt_record: 0
N2 decrypt_record: 4015344
N2 random: 8148797
N2 handshake_hash: 4322635
N2 hash: 0
N2 gpop_master: 4041700
N2 gpop_import_master_secret: 0
N2 gpop_pkcs1v15enc: 4041700
N2 gpop_pkcs1v15enc_crt: 0
N2 gpop_finish: 4031710
N2 gpop_verify: 0
N2 gpop_pkcs1v15dec: 0
N2 gpop_pkcs1v15dec_crt: 0
N2 rsa_server_full: 0
N2 resume: 0
UXP A: 24576
UXP B: 0
# show np 1 me-stats "-shttp -v"
HTTP Statistics (Current)
Unknown msgs received: 0 0
Data rx msgs received: 288293958 4
TCP proxy rx msgs received: 9816884 1
Ack trigger rx msgs received: 0 0
TCP event rx msgs received: 52961189 2
Dest decision tx msgs received: 55155089 1
LB dest decision tx msgs received: 0 0
Close tx msgs received: 83942817 0
Inspect allow tx msgs received: 0 0
Inspect drop tx msgs received: 0 0
DRAM blocks read: 577612022 16
Buffers dropped: 2702255 0
Regex states read: 38438408 25
Unproxy cancellations: 0 0
Redundant closes: 2990271 0
Internal errors: 0 0
Conn mismatch errors: 2748628 0
Exception with close: 6 0
Dest errors: 1 0
Total Packet count (Tx & Rx): 490169937 8
Stop regex: 12 0
(Context 5 Statistics)
Parse result LB msgs sent: 121180 0
Drop: LB queue full: 0 0
Parse result Inspect msgs sent: 0 0
Drop: Inspect queue full: 0 0
TCP data msgs sent: 96215 0
TCP queue full: 0 0
SSL data msgs sent: 516306 0
SSL queue full: 0 0
TCP fin msgs sent: 939 0
TCP rst msgs sent: 147 0
SSL fin msgs sent: 102907 0
SSL rst msgs sent: 38548 0
Bounced fin msgs sent: 1481 0
Bounced rst msgs sent: 2 0
Unproxy msgs sent: 25333 0
Drain msgs sent: 113966 0
Reuse msgs sent: 2304 0
Particles read: 1448314 0
HTTP requests: 121688 0
Reproxied requests: 17680 0
Headers inserted: 3825 0
Headers removed: 51 0
Headers rewritten: 0 0
HTTP redirects: 0 0
HTTP chunks: 42154 0
Unproxy conns: 25325 0
Pipelined requests: 0 0
Pipeline flushes: 0 0
Whitespace appends: 0 0
Response entries recycled: 24493 0
Second pass parsing: 0 0
Vserver mismatch errors: 5 0
Analysis errors: 0 0
Static parse errors: 20 0
Max parselen errors: 0 0
Resource errors: 75 0
Invalid path errors: 0 0
Bad HTTP version errors: 0 0
Header insert errors: 75 0
Header rewrite errors: 0 0
Invalid policy errors: 0 0
Invalid rserver errors: 0 0
Recycled requests: 0 0
SSL header insert success: 0 0
SSL header insert errors: 0 0
SSL spoof header deleted: 0 0
Drop: RST pipelined request: 0 0
There's nothing in ACE logs.
Forgot to mention - we are running ACE in one-arm mode, but I don't believe it makes a difference. -
GUID FormatExceptionError in End to End Scenario at runtime, but no error in Message Mapping test
Hi Friends
My scenario is Idoc to RFC and , my mapping is working fine and executing successfully in the message map tab but , it is failing in the End to End case at runtime with GUIDFormatException error, can anyone please help on this , I have searched the forum and no proper or concrete answers are available , creating a separate or new channel is not an option.Hi,
Check in which step you are receiving this error
1st check in SXMB_MONI/trace
2nd If the above is successful then check in rwb/comm channel monitoring/receiver rfc channel.
Regards
Venkat -
End-to-end layer-2 link with CPE administration
Dears
I am working on a scenario to monitor a CPE in a layer-2 setup. The CPE is connected with the local PE across a last mile with a single vlan from the provider. The customer has purchased layer-2 end-to-end connection from local CPE to remote CPE. Within MPLS core, I have configured x-connect between local PE and remote PE to setup layer-2 link. Within the CPEs, I am bridging both the interfaces of the the router to handover end-to-end layer-2 link to customer. I also need to manage and monitor the CPE. What I am thinking of doing is that I have two PE routers within the local POP. On primary PE router, i will extend lastmile vlan from the switch and configure x-connect to remote PE. On the backup PE router, i will extend the same lastmile vlan from the switch and configure IP address on the PE vrf enabled interface to be imported in management network. On the CPE, the interface with lastmile connection is concurrently configured with bridge and IP configuration.
I need to know if is this a standard setup of management for this type of solution and what could be the possible technical limitations/complications within this overall solution keeping in mind that it is a layer-2 end-to-end connection and what impact it can have on my core network.
RegardsHi All,
Can someone help me in this.
Regards
Maybe you are looking for
-
Lenovo Thinkpad Compact USB Keyboard with Trackpoint: Middle mouse button and scrolling
I got this keyboard (KU-1255). Unfortunately, it generates bogus mouse button events if I click the middle mouse button and use the trackpoint: With "thinkpad scrolling mode" disabled, the middle mouse button is released as soon as I move the trackpo
-
Mail and iPhoto ... Photos always get sent small
Emailing from iPhoto using Mail ... I have a problem in that when I want to email or share photos ... despite choosing to send actual sized photos ... eg 1.8Mb for 3 photos ... when I go to compose and then send, they only get sent as small 30k image
-
Classic tween saturation property not animating like in total training video
John Ulliman uses actionScript3 with Flash CS3 and I have Flash CS5 which is the main difference. It appears he uses a classic tween (from CS4 and CS5's perspective). I have a thumbnail which is created as a movie symbol and when I double click on th
-
Averaging pmt signal and strange signal shift problem with recording
Hello I'm a researcher at UCL and am quite new to Labview. I have a PMT and i've successfully created a program to read/show and write the data. From the signal I need the average pk to pk value and the average mean value. Is there any way I tell lab
-
How to include in the toolbar Delicious add-ons?
Delicious add-ons are not compatible with Firefox4. I went back to Firefox 3.6. waiting for compatible Delicious add-ons which I use very much