CIFS with NSS

Similar Messages

• Java 8 64 bit on Windows with NSS for FIPS 140 compliance

  I have asked this question on Stackoverflow but I am beginning to think that this may be a better forum to ask.
  According to JEP 131, Java 8 should provide a PKCS#11 Crypto provider for 64 bit Windows:  https://blogs.oracle.com/mullan/entry/jep_131_pkcs_11_crypto.
  With that in mind, I downloaded and built both 32 and 64 bit versions of NSS with NSPR using these instructions:  https://developer.mozilla.org/en-US/docs/NSS_Sources_Building_Testing
  I downloaded Java 8 for Windows 64 build b118, configured the java.security file and created a nss.cfg file:
  Excerpt from java.security file:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=sun.security.rsa.SunRsaSign
  security.provider.3=sun.security.ec.SunEC
  security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS
  security.provider.5=com.sun.crypto.provider.SunJCE
  security.provider.6=sun.security.jgss.SunProvider
  security.provider.7=com.sun.security.sasl.Provider
  security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
  security.provider.9=sun.security.smartcardio.SunPCSC
  security.provider.10=sun.security.pkcs11.SunPKCS11 /devel/nss.cfg
  From my nss.cfg file:
  # Use NSS as a FIPS-140 compliant cryptographic token
  # SunPKCS11-NSS
  name = NSS
  #32 bit
  #nssLibraryDirectory = C:\devel\nss\nss-3.15.3.1\dist\WINNT6.1_DBG.OBJ\lib
  #64 bit
  nssLibraryDirectory = C:\devel\nss\nss-3.15.3.1\dist\WINNT6.1_64_DBG.OBJ\lib
  #non FIPS
  #nssDbMode = noDb
  #attributes = compatibility
  #FIPS
  nssSecmodDirectory = c:\devel\fipsdb
  nssModule = fips
  I ran the test suite that comes with NSS and it looks like all of the encryption/decryption tests passed (did have some issues with the tests that required hostname/domainname but that has to do with the Windows environment).
  So here is the problem. I run my test encryption app on Java 7 32 bit with the 32 bit version of NSS and everything works great. When I attempt to run Java 8 64 bit with 64 bit NSS I get the following error:
  java.security.ProviderException: Could not initialize NSS
  at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:212)
  at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at sun.security.jca.ProviderConfig$2.run(Unknown Source)
  at sun.security.jca.ProviderConfig$2.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.security.jca.ProviderConfig.doLoadProvider(Unknown Source)
  at sun.security.jca.ProviderConfig.getProvider(Unknown Source)
  at sun.security.jca.ProviderList.getProvider(Unknown Source)
  at sun.security.jca.ProviderList.getIndex(Unknown Source)
  at sun.security.jca.ProviderList.getProviderConfig(Unknown Source)
  at sun.security.jca.ProviderList.getProvider(Unknown Source)
  at java.security.Security.getProvider(Unknown Source)
  at sun.security.ssl.SunJSSE.<init>(Unknown Source)
  at sun.security.ssl.SunJSSE.<init>(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Provider.<init>(Unknown Source)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at sun.security.jca.ProviderConfig$2.run(Unknown Source)
  at sun.security.jca.ProviderConfig$2.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.security.jca.ProviderConfig.doLoadProvider(Unknown Source)
  at sun.security.jca.ProviderConfig.getProvider(Unknown Source)
  at sun.security.jca.ProviderList.getProvider(Unknown Source)
  at sun.security.jca.ProviderList$ServiceList.tryGet(Unknown Source)
  at sun.security.jca.ProviderList$ServiceList.access$200(Unknown Source)
  at sun.security.jca.ProviderList$ServiceList$1.hasNext(Unknown Source)
  at javax.crypto.KeyGenerator.nextSpi(KeyGenerator.java:323)
  at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:158)
  at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:208)
  at STSAESEncryption.generateKeyWithGenerator(STSAESEncryption.java:74)
  at Main.main(Main.java:24)
  Caused by: java.io.IOException: %1 is not a valid Win32 application.
  at sun.security.pkcs11.Secmod.nssLoadLibrary(Native Method)
  at sun.security.pkcs11.Secmod.initialize(Secmod.java:210)
  at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:207)
  ... 36 more
  Has JEP 131 been implemented with Windows/Java 64 bit as of b119?  If so has it been verified to work with NSS or should I submit a bug report?  I did download the code and the error is occurring in the following block of code at the line in bold (also with the arrow by it):
  public synchronized void initialize(DbMode dbMode, String configDir,
          String nssLibDir, boolean nssOptimizeSpace) throws IOException {
          if (isInitialized()) {
              throw new IOException("NSS is already initialized");
          if (dbMode == null) {
              throw new NullPointerException();
          if ((dbMode != DbMode.NO_DB) && (configDir == null)) {
              throw new NullPointerException();
          String platformLibName = System.mapLibraryName("nss3");
          String platformPath;
          if (nssLibDir == null) {
              platformPath = platformLibName;
          } else {
              File base = new File(nssLibDir);
              if (base.isDirectory() == false) {
                  throw new IOException("nssLibDir must be a directory:" + nssLibDir);
              File platformFile = new File(base, platformLibName);
              if (platformFile.isFile() == false) {
                  throw new FileNotFoundException(platformFile.getPath());
              platformPath = platformFile.getPath();
          if (configDir != null) {
              File configBase = new File(configDir);
              if (configBase.isDirectory() == false ) {
                  throw new IOException("configDir must be a directory: " + configDir);
              File secmodFile = new File(configBase, "secmod.db");
              if (secmodFile.isFile() == false) {
                  throw new FileNotFoundException(secmodFile.getPath());
          if (DEBUG) System.out.println("lib: " + platformPath);
  --->   nssHandle = nssLoadLibrary(platformPath);
          if (DEBUG) System.out.println("handle: " + nssHandle);
          fetchVersions();
          if (supported == false) {
              throw new IOException
                  ("The specified version of NSS is incompatible, "
                  + "3.7 or later required");
          if (DEBUG) System.out.println("dir: " + configDir);
          boolean initok = nssInitialize(dbMode.functionName, nssHandle,
              configDir, nssOptimizeSpace);
          if (DEBUG) System.out.println("init: " + initok);
          if (initok == false) {
              throw new IOException("NSS initialization failed");
          this.configDir = configDir;
          this.nssLibDir = nssLibDir;
  Any help or advise about filing a bug report would be appreciated.
  Thanks,

  Had a few similar short system freezes, after installing Windows 8 x64 on 13” MacBook Pro Mid-2010 with BootCamp 5.0.5033.
  There is a suggestion that DisableDynamicTick may fix the problem: https://discussions.apple.com/message/21565295#21565295. There were similar topics at Microsoft forums: 1, 2, 3. It was said “that this will likely reduce system battery life, so it should be undone when you update your Windows build or if it doesn't resolve your issue”, and that “this problem is resolved in the release versions of Windows 8”.
  Another possibility is that there is indeed a buggy driver, within BootCamp 5.0.5033, or a 3rd party, like a wireless network driver in the following case http://answers.microsoft.com/en-us/windows/forum/windows_8-performance/system-fr eeze-randomly-after-installing-windows-8/49488183-26cf-4389-af21-a85dc366c99a?pa ge=2#LastReply.
  The problem has been noticeable on my MacBook, but not annoying enough yet to spend time troubleshooting. If you find a robust solution, using the links above or other method, it would be interesting to know.
  HTH

• Error: mozilla-firefox conflicts with nss-nspr

  I get this message when I try:
  #>pacman -S gnome
  i get:
  error:  mozilla-firefox conflicts with nss-nspr
  i tried upgraded all installed packages, and still got this error.  I'm still not used to pacman, so I could have missed a step or something.  The only other packages I had installed besides the base system at this point was hwd and xorg.
  I removed hwd and still got the same message.

  I've got the same problem with one exception - I've got no "nss-nspr" installed on my system :shock:
  [root@localhost evgeny]# pacman -S gnome
  :: group gnome:
  control-center gnome-applets gnome-backgrounds gnome-common gnome-desktop
  gnome-icon-theme gnome-media gnome-mime-data gnome-panel gnome-session
  gnome-themes gnome2-user-docs metacity nautilus vte yelp
  Install whole content? [Y/n] y
  :: gnome-common-2.8.0-9: is up to date. Upgrade anyway? [Y/n] n
  :: gnome-icon-theme-2.10.1-1: is up to date. Upgrade anyway? [Y/n] n
  :: gnome-mime-data-2.4.2-1: is up to date. Upgrade anyway? [Y/n] n
  :: vte-0.11.13-1: is up to date. Upgrade anyway? [Y/n] n
  error: mozilla-firefox conflicts with nss-nspr
  [root@localhost evgeny]# pacman -R nss-nspr
  error: could not find nss-nspr in database
  Did I missed something ?
  Thnks.

• Avahi conflicts with nss-mdns. [solved]

  I'm confused.  Went to update today, and got this message:
  :: avahi conflicts with nss-mdns. Remove nss-mdns? [Y/n]
  I thought 'Fair enough...' but I always check packages like this with -Si to know what's actually happening in my system.  Soo, I run:
  $ pacman -Si avahi
  Repository : extra
  Name : avahi
  Version : 0.6.6-2
  Groups : None
  Provides : howl mdnsresponder
  Depends On : dbus libcap libdaemon nss-mdns
  Conflicts With : howl mdnsresponder
  Replaces : None
  Size (compressed) : 557952
  Description : A multicast/unicast DNS-SD framework
  MD5 Sum : 52ec5424dde107d8099637feb3076925
  Now, this is why I'm confused.  -Si tells me avahi depends on nss-mdns.  When I try to install, it tells me they conflict.
  So.... which is right?
  -=edit=-
  Okay, I've found something else out that may be pertinent.  Currently, the packages I have for avahi and nss-mdns depend on each other.  That is:
  $pacman -Si nss-mdns avahi
  Name : nss-mdns
  Version : 0.7-3
  Depends On : avahi
  Required By : avahi kdelibs
  Name : avahi
  Version : 0.6.5-1
  Depends On : dbus libcap libdaemon nss-mdns
  Required By : nss-mdns
  However there are new packages for both avahi and nss-mdns available in the repos. (0.7-4 and 6.6-2 respectively)
  The thing is, pacman isn't picking up the new nss-mdns package with a -Syu operation, and gives me that conflicts line... I'm going to try updating nss-mdns first then see if that fixes it.
  -=edit again=-
  Geez, I hate it when I post something and moments later figure it out myself.  The newest versions of nss-mdns and avahi break the dependancy cycle I noted above; that is, nss-mdns no longer depends on avahi.  If I manually updated nss-mdns first, pacman now installs avahi with no problem.
  I'm wondering, is this worth a bug report?  I'm not surprised a cyclic dependancy like that would cause wierd behaviour...

  murkus wrote:snip
  $ pacman -Si avahi
  Repository : extra
  Name : avahi
  Version : 0.6.6-2
  Provides : howl mdnsresponder
  Depends On : dbus libcap libdaemon nss-mdns
  Conflicts With : howl mdnsresponder
  You get that error because they DO conflict.  Do you have mdnsresponder installed?
  If so, and you want avahi, then you'll have to remove mdnsresponder and install avahi.

• Question about accessing CIFS with LUM user (permissions)

  Hi there,
  I have a question related to accessing a CIFS mount throught a user in a linux box.
  First of all, its a system based in OES11 sp2 & SLES 11 SP3. I have a cifs mount
  in /media/nss, with novell cifs, coming from a NSS Filesystem. This mount is mounted
  with a username/password with password policy, etc. I have four users LUM-enabled,
  in the Linux box, which should access the CIFS mount, but I have a permission denied.
  I have set trustees for the primary group for the 4 lum-enabled users and also I have
  addedd permissions for a group in the NSS volume, and add this group to the membership
  of the users, but doesnt works.
  I guess Im missing something or Im doing something wrong. Could anybody give me a pointer?
  Thanks!

  Antoniogutierrez,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• PKCS#11 with NSS

  Hello to ALL Saviours,
  From past 5 days i am struggling with cryptography problem. Let me explain my problem statement.
  I have to test Intel AES-NI feature on Westmere EP series processor with a JAVA Application.
  My Environment Setup:-
  Application server: Apache Tomcat 6.0.33
  Database: Derby
  Application: JPetStore
  JAVA: jdk1.6.0_23
  Network Security Services(NSS): 3.12.10
  OS: CentOS 6.0 x86-64
  Steps i have followed to make it work.
  1. Setup the application running perfectly fine on 8443 port. Created a key using "keytool -genkey -alias tomcat -keyalg RSA".
  2. Checked the property of page of my application. Output is "TLS 1.0, AES with 128 bit encryption (High); RSA with 1024 bit exchange".
  3. I have compiled the NSS and put all *.so files into the existing JDK ($JAVA_HOME/jre/lib/amd64).
  4. Update jre/lib/security/java.security AS "security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg"
  5. put nss.cfg to ($JAVA_HOME/jre/lib/security).
  #Content of nss.cfg
  name=NSS
  nssLibraryDirectory=${java.home}/lib/amd64
  nssDbMode=noDb
  attributes=compatibility
  6. Started the Application again. Application running fine without any error in CATALINA.out.
  Problem Statement:-
  I have generated a load of 20 virtual users and collected the Throughput. In both the cases (With and Without PKCS#11-NSS Implemented) i am getting same Results.
  I am not sure whether i am missing some steps or done something mis-configuration.
  Help is appreciated because i am in need of it badly.
  Please suggest your views.

  handat wrote:
  NSS doesn't use the JKS store file but instead uses either a hardware token or its own softstore (cert8.db & key3.db). You need to generate the certificate using the certutil tool and update Tomcat server.xml config and set keystoreType.
  Edited by: handat on Nov 18, 2011 1:13 PM
  Edited by: handat on Nov 18, 2011 1:24 PMI am using keytool to generate the PKCS11 keystore, but it is giving some error "keytool error: java.security.KeyStoreException: token write-protected".
  I have used nssDbMode=noDb option in nss.cfg file. so do i have to still generate the db file.
  Can you please give me snapshot of server.xml file in tomcat.
  I have configured it as:-
  <Connector port="8443"
  minSpareThreads="5"
  maxSpareThreads="75"
  enableLookups="true"
  disableUploadTimeout="true"
  acceptCount="100"
  maxThreads="200"
  scheme="https"
  secure="true"
  SSLEnabled="true"
  clientAuth="false"
  sslProtocol="TLS"
  keystoreType="PKCS11"
  ciphers="TLS_RSA_WITH_AES_128_CBC_SHA"
  />
  Appreciate for the response.

• Problems with NSS partition mirroring and pool errors.

  OS: NetWare 6.5SP8 latest patches applied
  I have an NSS pool that is made up of two 2TB LUNS on my SAN array.
  I've been trying to move the pool from the LUNs on my SAN array to a pair of 2TB VMWare disks by using the partition mirror method.
  All of the LUNS reside on the same array, but the two original LUNs are attached to an HBA in passthrough mode, so the VMWare infrastructure does not see those LUNS.
  One partition mirrored without issue. The second one shows as synchronized yet remained at 99%.
  A forum search indicated that a pool rebuild was in order.
  I ran a pool verify and rebuild and tried mirroring the "problem child" partition again with the same result.
  Before running the rebuild a second time, I removed both mirrored pairs.
  I ran a pool verify and rebuild and tried mirroring the "problem child" partition again with the same result.
  Last night, I repeated that same process and finally got 100% synchronization.
  In the second and third rebuild processes, I got an error message stating that data would be lost if I continued the rebuild. Since I have backup, I continued the rebuild.
  About 6 hours after that synchronization finished, I started receiving block error messages for the pool:
  NSS-3.00-5002: Pool xxxx/DATA is being deactivated.
  An error (20012(nameTree.c[45])) at block 536784421(file block -536784421)(ZID 6) has compromised volume integrity.
  The pool deactivated itself.
  I reset the server and when it mounted that volume, I continued to receive the errors.
  I deactivated the pool, put it in maintenance mode and started another pool rebuild, this time with the /purge option.
  I did not remove the mirrored pair before the rebuild started, so I have the one partition that gave me no problems un-mirrored and the partition that did give me problems is mirrored.
  I don't know if that will have any affect on the rebuild process or not.
  My questions are:
  1) Will the fact that the pool is only half-mirrored be an issue for the rebuild?
  2) Is there any other option in the rebuild process that I should have added?
  3) Is the fact that I'm mirroring to a VMFS disk an issue? I could create a new pool/volume on those VMWare disks and use the server consolidation utility to copy the data between volumes, but my desire to avoid that was the reason to use the mirror process in the first place.

  The difference between a sledge hammer and a Q-Tip is that you do a lot less damage with a Q-Tip.
  Everything has been messed with to the point where it would be impossible for any other advice than make a new disk, make a new pool, make a new volume, and do your restore. Then, when all the data is restored without error, move the OLD DATA: volume out of the way and put in the NEW DATA: volume.
  Originally Posted by gathagan
  My questions are:
  1) Will the fact that the pool is only half-mirrored be an issue for the rebuild?
  2) Is there any other option in the rebuild process that I should have added?
  3) Is the fact that I'm mirroring to a VMFS disk an issue? I could create a new pool/volume on those VMWare disks and use the server consolidation utility to copy the data between volumes, but my desire to avoid that was the reason to use the mirror process in the first place.
  1. God only knows. It should not.
  2. No. I think its an issue of doing too much, to quickly. It is unlikely a pool rebuild would "fix" a mirroring problem. I would not have gone ahead with a pool rebuild with mirroring broken.
  3. A disk is a disk. Perhaps there is some underlying issue with the VMDK. How is it provisioned? Is it out of space? Buggy edge cases of having an extactly 2TB VMDK? Who knows.
  The mirroring happens at a layer below the pool level. So I have a hard time understanding a how a rebuild would help mirroring unless the pool is really bent to begin with.
  Again, the state of the current DATA: volume would be in question after all that fiddling, even if you can get it to work would you really trust it? I would not. I would recreate DATA: from backup on whatever new partition you want and chalk it up to experience. You can minimize the pain of that by restoring to a differently named volume and then renaming the volumes after you confirm proper operation.
  -- Bob

• Direct connect NFS/CIFS with 1.4

  I see how 1.4's appliance ports can help with direct connect multipath iSCSI. Each fabric gets a VLAN/subnet, iSCSI has multiple targets via each fabric, etc.
  But I don't see how appliance ports help with direct connect NFS/CIFS. E.g.,
  In this diagram, traffic from hosts active on fabric B must go over the northbound LAN to reach the NAS. Even if every host and appliance has its NIC failover configured to prefer fabric A and perform preemption, you'll still have failures like NAS NIC's and IOM's that will cause some/all NAS traffic to go across the northbound LAN. Thus, you've got one of two situations:
      1) The LAN can handle the NAS traffic. If so, why not plug the NAS into the LAN in the first place?
      2) The LAN cannot handle the traffic, in which case you haven't built real fault-tolerance and, worse, a UCS problem can impact the LAN.
  Am I missing something here? How are appliance ports better than using switch mode, shown below?

  Yes - you have a valid point on the traffic pattern depending on what fails etc.
  Just to back up for a moment..
  Version 1.3 and below has 2 types of Ethernet ports - Uplink and Server port.
  Version 1.4 has 4 types of Ethernet ports - Uplink, Server, Appliance, Monitoring port
  In 1.3, to directly connecting a NAS to the FI's meant that you move to switch mode on the FI's and then set the port connecting to the NAS as an uplink port. What that did is that the port connecting to the NAS was a a trunk port at the FI end allowing all VLANs (i.e no VLAN filtering), no QoS settings etc.
  So if you wanted to stay in End Host mode AND not liking the above caveats, you connected the NAS to an upstream switch and not UCS and that option remains wit you today.
  What the appliance port gives you now is that the VLAN(s) the NAS belongs to can be filtered, QoS settings possible and most importantly, it works in End Host Mode (most deployments are based on it).
  The above is the rationale for the Appliance port and the port type was neeeded even if it works today in switch mode.
  Now the question comes, appliance port in EHM or Switch mode (which is what the question is).
  In EHM you are right, east-west traffic between NAS-blades could utilize the upstream network.
  You can design efficiently by specifying the fabric id (A or B as primary) or set fabric affinity if using a soft switch but  guaranteed total localization (not using upstream network) cannot be made as you correctly said depending on "what" fails.
  If all the uplinks on A fail, yes the whole thing should fail over but if a link between the IOM and the FI fails, then the servers pinned to that link will start using the external network.
  So yes, the network needs to be designed keeping the flows and what if scenarios in mind. East-west traffic not hitting upstream at all cannot be assumed.
  The long term solution is to have data links between the FI's in EHM or they are vPC peers and hence both links to the NAS from the FI's will be active/active.
  Appliance port in switch mode can be used but that also depends on which links are STP blocked etc to guarantee that.
  The topology you mentioned does that ..but then you also need to keep in mind on failurea what happens etc i.e the ISL between the FI's should always be forwarding for that VLAN.
  Thanks
  --Manish

• CIFS with WEB Portal

  I have a problem when I'm connected via WebVpn Portal on my ASA 8.0(2) to access to my shared folder.
  If i use with my cisco vpn client install on my computer i can access to my shared folder.
  Have you ever meet this problem?

  I think your wrong.
  I've already configured CIFS shared access on ASA 8.0(1) (without Anyconnect) like a resource on Webportal and it's working !
  And it was working with SSO on an active directory. The authentication used for the webportal was used for the CIFS share.
  The only problem I encountered was a bug (CIFS doesn't work after a certain time) which is fixed in 8.0(3) or 8.0(4).

• Backup Exec with NSS 300 series

  We've just got hold of a NSS 324 with two disks
  installed, and need to back it up via Backup Exec 12.5 has
  anyone outhere actually done this ?
  I can map a drive to the share on the NSS box but Backup Exec can't see it
  Server OS Windows Server 2003
  NSS Firmware 1.0.0

  I haven't used backup exc with the NSS324, but I did see the firmware you are currently running on is the initial release and they have been 3 updated releases since then with a updated Samba client included so I would recommend upgrading to the latest firmware.
  Thanks,
  Jason Bryant
  Cisco Network Engineer.

• Purchase Requisitions stuck in CIf with message 181

  Hi All,
  We have purchase requisitions created in APO on transportation lanes based on external procurement relationships. We have noticed that the requisitions are created in ECC but get stuck on their way back to APO. They appear in /sapapo/ccr with message 181.
  Any ideas where we could be going wrong?
  Regards,
  Zeeshan.

  you need to push this Orders in APO through CCR .
  some times schedule line are not created/updated in APO so we need to push it through CCR report.
  On CCR report screen select all the PO and click on arrow button  send to APO .
  Than click on iteration icon .
  this will push all PO to APO and will not appear in next CCR run.
  If it didn't help please check OSS note :
  Note 1152934 - DELTAREPORT:confirmation-error 181 for after return delivery
  Note 1131469 - DELTAREPORT: unjustified error 181/183 for confirmation

• 7310 - Problem with CIFS and Roaming Profiles since upgrade to 2010.Q1.0.2

  We have developed a strange problem with our environment which I'm pretty sure is down to the upgrade to 2010.Q1.0.2 from 2009.Q3.4.1 on our 7310 (all the previous 2009 releases had been fine) since nothing else has changed in our environment. I suspect some changes to the underlying CIFS server causing this?
  We have virtual Windows servers hosted on a VMWare VSphere cluster which are stored on the 7310 via iSCSI LUNs and also CIFS shares on the 7310 for home directories and separate CIFS shares for roaming profiles - all paths are correct in AD for each user - we also use folder redirection for XP Pro clients to force things like "Application Data", "My Documents" etc. onto the Homedir share.
  What we've been seeing recently (which only started happening after the upgrade) is a lot of failed logons to the domain for users. It looks like the usual corrupted profile problem that has plagued Windows forever ...the usual messages that it cannot log the user on with a copy of their roaming profile, and that it will use a temporary one. Some folder redirections (that are initiated via Group Policy) also don't get applied. Users don't see errors when logging off from a "good" profile, and NTUSER.DAT etc. seemingly gets written correctly - the next time they log on, around half the time the users will get these errors as described below:
  Event viewer logs show "cannot find the file specified" errors for NTUSER.DAT, along with "directory name is invalid" errors for some of the folder redirections.
  More worrying (and what I think might be the real reason for these failures) are the "offline caching is enabled on the roaming profile share" errors. I think that the client-side caching might not be working - possibly the profiles aren't getting flushed and written correctly upon logout?
  Now, unfortunately the MMC snap-in for managing shares doesn't seem to support changing the behaviour for client-side caching on the CIFS shares (as confirmed in the latest 7000-series Admin Guide on page 198).
  I've been thinking about unchecking the "Enable Oplocks" box which from the CIFS side would completely stop all client-side caching I presume?
  Is this likely to be the culprit here, or is there any other known behaviour that could be causing these errors? Is it also worth disabling "Cache device usage" altogether for the Profiles share itself?
  Can anyone help? It's a bit of a strange problem, and something I don't want to raise with Sun on our support contract just yet, since at first glance it looks like a Windows problem, but I suspect the storage could well be to blame...

  Unfortunately, this is still not working correctly...
  So, it looks like it's not related to the offline caching seeing as it all works on the Q2009 despite the warnings...
  Some more errors coming out of userenv.log on the affected Windows machines:
  USERENV(280.284) 10:07:33:230 ReconcileFile: GetFileAttributes on the source failed with error = 2
  USERENV(280.284) 10:07:33:230 CopyProfileDirectoryEx: ReconcileFile failed with error = 2
  and later:
  USERENV(280.284) 10:07:33:245 GetShareName: WNetGetConnection initially returned error 2250
  USERENV(280.284) 10:07:33:245 CopyProfileDirectoryEx: Leaving with a return value of 0
  USERENV(280.284) 10:07:33:245 RestoreUserProfile: CopyProfileDirectory failed. Issuing default profile
  ...which then forces the TEMP profiles.
  All other errors linked to this look like "file not found", "invalid path" etc. when the files are present and the paths are correct.
  Manually mapping drives using CIFS with UNC paths sporadically fails too now. We have a bunch of GPOs that map shares to users depending on their group memberships - these too are sporadically failing.
  It certainly looks to me like it could be a CIFS problem introduced in the Q2010 release.
  I'm going to raise a ticket with Sun...

• Does TLS 1.2 work with SunPKCS11-NSS provider in FIPS mode?

  The following exception occurs while processing serverHelloDone during an attempt at TLS1.2 with NSS in FIPS mode (via modutil) .
       java.security.NoSuchAlgorithmException: no such algorithm: SunTls12RsaPremasterSecret for provider SunPKCS11-NSS
  Both the client and the server are running from a unit test using:
  JDK 1.8.0_31-b13
  nss-3.16.2.3-3
  The same test runs fine in FIPS mode using TLS1.1 or TLS1.0.  The same test also runs with TLS1.2 when the keystore is not in FIPS mode.
  I am thinking that it is not supported.  SunPKCS11-NSS provider needs to be updated with the SunTLS12* algorithms before this will work.  The JSSE's ClientKeyExchange expects to be able to obtain a KeyGenerator specific to TLS1.2.  When in FIPS mode, the crypto provider is SunPKCS11-NSS and it does not have the requested algorithm.
  Can anyone confirm or deny this?  Any ideas as to when it will be supported?
  I've been all over the map trying to figure this one out.  I am pretty sure at this point that it is not a problem with the NSS library.

  Startup Items are in System Preferences>Accounts>youraccount>Startup Items. To delete them just highlight one and click the minus sign. To test it without deleting any just create a new administrator account. Call it test and set the password as test also (easy to remember). Make sure there are no Startup Items. Log out of your account (Apple Menu>Log Out) and log into the new one or if you're running in safe mode, restart and log into the test account. See if it runs OK. If it does, you know it's something in your account causing the problem.
  John

• MMC with Computer Management Utility & Sun Storage 7110 in CIFS ?

  Is it possible and supported to manage the filer SUN Storage 7110 configured in CIFS with the "Computer Management utility (MMC)" from Windows?
  I've tried without success :-(...
  Thanks in advance for the support.
  Regards,
  Joaquim Neves

  I believe your source for users/groups should ideally come from LDAP or Active Directory. The "Users" interface is primarily for assigning administration capabilities for the 7110 itself.

• CIFS Issues following May 2014 Maintenance Patch

  Hi All,
  Just wondering if anyone else has noticed issues with novell-cifs on OES 11 SP1 or SP2 following the May 2014 Updates?
  We installed the most recent patches via YAST and noticed issues saving to our File Servers via CIFS from Autodesk Inventor. Inventor could see the mapped drives and open files however when saving a new file, it would give an error 'Failed to Create Folder, "H:".'
  The offending RPM versions are:
  OES11 SP2: novell-cifs-1.3.2-0.90.9
  OES11 SP1: novell-cifs-1.3.1-35.52.73.19
  Rolling back to the following versions resolved the issue:
  OES11 SP2: novell-cifs-1.3.2-0.88.2
  OES11 SP1: novell-cifs-1.3.1-35.52.69.1
  I'm interested in knowing if anyone has experienced the same or similar issues. Most of our File Server traffic comes from Mac OS X or Citrix XenDesktop connections using CIFS. Unfortunately this means our reasons to continue running OES11 file servers with NSS are diminishing as we can't make full use of the features via CIFS. :(
  Thanks,
  John

  Hi Wilfried,
  Originally Posted by gerstner
  Hi Jens & John
  all Volumes of our OES11 Server are mounted with long namespace.
  Meanwile we switched back from the buggy version to rpm novell-cifs-1.3.2-0.86.1 and every thing works fine again.
  To open a SR at Novell (this would be the best way) ist just a question of time. Our OES Servers are just a view among hundreds of others. From the past i know it consumes a lot of time (tons of logs etc.).
  To switch back to a previous version, is a workarround we could live with.
  if you let me know the SR number (via private message), I'll try to help streamline things. When you open the SR, it ought to be sufficient to upload the supportconfig file, quote the descriptions from this thread and add a reference to this thread - so not *that much* time involved...
  Regards,
  Jens