Cipher- and TLS configurations for SSTP VPN Client

Similar Messages

• Certificate authentication for Cisco VPN client

  I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
  I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
  Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.                    

  Dear Doug ,
            What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
  With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
  1)  What is the AnyConnect Essentials License?
  The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers"  platform limit with AnyConnect.  Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device.  With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
  You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
  Licensed features for this platform:
  Maximum Physical Interfaces    : Unlimited
  Maximum VLANs                  : 150      
  Inside Hosts                   : Unlimited
  Failover                       : Active/Active
  VPN-DES                        : Enabled  
  VPN-3DES-AES                   : Enabled  
  Security Contexts              : 2        
  GTP/GPRS                       : Disabled 
  SSL VPN Peers                  : 2        
  Total VPN Peers                : 750      
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled 
  AnyConnect for Cisco VPN Phone : Disabled 
  AnyConnect Essentials          : Disabled 
  Advanced Endpoint Assessment   : Disabled 
  UC Phone Proxy Sessions        : 2        
  Total UC Proxy Sessions        : 2        
  Botnet Traffic Filter          : Disabled
  Licensed features for this platform:
  Maximum Physical Interfaces    : Unlimited
  Maximum VLANs                  : 150      
  Inside Hosts                   : Unlimited
  Failover                       : Active/Active
  VPN-DES                        : Enabled  
  VPN-3DES-AES                   : Enabled  
  Security Contexts              : 2        
  GTP/GPRS                       : Disabled 
  SSL VPN Peers                  : 2        
  Total VPN Peers                : 750      
  Shared License                 : Disabled
  AnyConnect for Mobile          : Disabled 
  AnyConnect for Cisco VPN Phone : Disabled 
  AnyConnect Essentials          :  Enabled
  Advanced Endpoint Assessment   : Disabled 
  UC Phone Proxy Sessions        : 2        
  Total UC Proxy Sessions        : 2        
  Botnet Traffic Filter          : Disabled
  Any connect VPN Configuration .
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

• VPN between ASA5505 Easy VPN Server and 881G Router as Easy VPN Client

  Hello,
  I have problem in VPN between ASA5505 Easy VPN Server and 881G Router as Easy VPN Client. ASA 5505 have 7.2.3 software and 881G router have 15.1 software.
  881G is configured as hardware client in network exstention mode, and it is placed behind NAT. ASA5505 is working as server. Same VPN Group works correctly from VPN software clients.
  When I send traffic from 881G client side, in show cryto sessin detail I see encrypted packets. But with same command I dont see decrypted packet on ASA5505 side. On both devices Phase 1 and Phase 2 are UP. 
  VPN is working when I replace ASA5505 with ASA5510  correctly with have 8.4.6 software. But problem is that i need to do this VPN between ASA5505 and 881G.
  Can you help me, how can I debug or troubleshoot this problem ?
  I am unable to update software on ASA5505 side.

  Hello,
  Hire is what my config look like:
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 40 set pfs
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 60 set pfs
  crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 80 set pfs
  crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 100 set pfs
  crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 120 set pfs
  crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 140 set pfs
  crypto dynamic-map outside_dyn_map 140 set transform-set ESP-AES-128-SHA
  crypto dynamic-map outside_dyn_map 160 set pfs
  crypto dynamic-map outside_dyn_map 160 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 180 set pfs
  crypto dynamic-map outside_dyn_map 180 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 200 set pfs
  crypto dynamic-map outside_dyn_map 200 set transform-set ESP-AES-256-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 1
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto isakmp policy 2
   authentication pre-share
   encryption 3des
   hash sha
   group 1
   lifetime 86400
  crypto isakmp policy 3
   authentication pre-share
   encryption des
   hash sha
   group 2
   lifetime 86400
  tunnel-group HW-CLIENT-GROUPR type ipsec-ra
  tunnel-group HW-CLIENT-GROUP general-attributes
   address-pool HW-CLIENT-GROUP-POOL
   default-group-policy HW-CLIENT-GROUP
  tunnel-group HW-CLIENT-GROUP ipsec-attributes
   pre-shared-key *******
  group-policy HW-CLIENT-GROUP internal
  group-policy HW-CLIENT-GROUP attributes
   password-storage enable
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value cisco_splitTunnelAcl
   nem enable

• Define Tabs and Process Configuration for Template (HAP_TA_CONF)

  I am currently building a new appraisal template for my client and I have configured the process timeline in the development system via the IMG node Define Tabs and Process Configuration for Template (transaction code HAP_TAB_CONF).
  Does anyone know how to transport the tabs and process configuration through the system landscape?
  We are on SAP ECC 6.0 Enhancement Pack 4

  Hi Sushil,
  I have used the report RHMOVE30 as you recommended and it worked perfectly in one run. I did not have to create custom relationships. I simply selected all the Process Item (VH) objects for my appraisal template and ran the report.
  Many thanks for your help. It has saved me having to configure the tabs and process timeline in each client.
  Janet

• Define Tabs and Process Configuration for Template

  Hi All
  I would like to give the local HR the ability to define Tabs and Process Configuration for Template
  The only way I can find to create these definitions is using SPRO and I don't want to give HR users SPRO
  Is there a transaction which will allow the HR users to define Tabs and Process Configuration for Template?
  Thanks
  Maya

  You can try this URL:
  http://server.domain:port/sap/bc/webdynpro/sap/hap_configuration?WDCONFIGURATIONID=HAP_AC_TAB_CONF
  Just change server, domain and port to match your SAP instance.

• Appraisal- "Define Tabs and Process Configuration for template"

  Hi Experts,
     I am looking for implementation of Flexible template. However, I am unable to do so because "Define Tabs and Process Configuration for template" config node is not available even though we have activated business functions HCM_OSA_CL_1 and HCM_OSA_CL_2. We are in EHP 5 SPlevel 44.
    Please help.

  1. Check with Business Function CA_HAP_CI_1 ..first go through the documentation of the Business Function.
  2.Check with BC Sets is activated or not through tcode SCPR20PR...If it not activated then activate with Tcode SCPR20..
  BC Sets for HR
  EA-HR-MENU
  EA-HR-AKH
  EA-HR-IMG
  Mohan

• AAA static IP address for RA VPN Client

  Hi,
  my vpn group and VPN POOL  is locally created in Cisco VPN router but users are authenticated through ACS, AAA server via TACACS. Now I want to assign the static ip address to VPN Client. Everything is fine but due to the application problem I want to give them the static Ip address from the VPN Pool. I have greated one pool in AAA server and also configure the client in AAA to get the static ip address but unable to do this. Please help me out how to do this.
  My router is configured for TACACS+. I have checked the user configuration in AAA server to get the static ip address but it is not working. Please help me out how to do this. I cant change Router to Radius but this is my main router which is configured for 160 sites through ISDN and these sites also configured for TACACS+.
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2 
  crypto isakmp client configuration group Aviation-VPN
  key egntosc
  pool aviation-pool
  acl avi-tunnel
  save-password
  netmask 255.255.255.0
  crypto isakmp profile vpnclient
     match identity group Aviation-VPN
     client authentication list default
     isakmp authorization list Aviation-authorization
     client configuration address respond
  crypto ipsec transform-set aviset esp-3des esp-sha-hmac
  crypto dynamic-map avi 10
  set transform-set aviset
  set isakmp-profile vpnclient
  reverse-route

  Since you're using ACS, I believe the way to do this is to
  go into ACS, and select the username of the user that you want
  to get the static IP. Under that user's setup, there is an option to
  always assign the same IP. Just select that and enter the IP you
  want them to get. - chris

• Certificates for IPSEC vpn clients in ASA 8.0

  Hello!
  I have configured MS CA and i setup vpn client and ASA 7.0 to make tunnel with certificates.
  Same configuration does not work with ASA 8.0 I get error
  CRYPTO_PKI: Checking to see if an identical cert is
  already in the database...
  CRYPTO_PKI: looking for cert in handle=d4bb2888, digest=
  b8 e5 74 97 f3 bf 25 1c 2e e5 21 3e d1 93 d6 15 | ..t...%...!>....
  CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
  CRYPTO_PKI: Cert not found in database.
  CRYPTO_PKI: Looking for suitable trustpoints...
  CRYPTO_PKI: Found a suitable authenticated trustpoint CA1.
  CRYPTO_PKI(make trustedCerts list)CRYPTO_PKI:check_key_usage: Incorrect KeyUsage
  (40)
  CRYPTO_PKI: Certificate validation: Failed, status: 1873. Attempting to retrieve
  revocation status if necessary
  ERROR: Certificate validation failed. Peer certificate key usage is invalid, ser
  ial number: 250F3ECE0000000009AF, subject name: cn=xxxxx,ou=xxxx,o=xxxxx,c=
  xx
  CRYPTO_PKI: Certificate not validated
  Why the key usage is invalid? What certificate template must be used in MS CA in order to get a regular key usage?
  The CA enrollement is terminal.
  THANKS!

  The cert needs to have the Digital Signature key usage set.
  Not sure what templates are available on MS CA, but it should be something like "Ipsec user" I suppose.
  To make ASA 8 behave the same as ASA 7 (i.e. disable th check on the cert's key usage), configure:
  crypto ca trustpoint
  ignore-ipsec-keyusage

• SSTP VPN - client different port

  Hi everyone, 
  is it possible to use SSTP VPN on different port then 443? I now, that is is possible to change listening port on server, but i need to change port on client.
  My scenario: one public ip not only for ours company. On firewall port 443 is not available.
  Firewall receive data on port eg. TPC 5000 and translate to TCP 443 and forward to server.
  Is it possible?

  You can change the port in regedit .But it is not recommended .
  Backup first before you make any changes .

• How to configure Multiple PPTP VPN Clients on cisco 3g supported Router

  I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
  here is the config for the one that works:
  vpdn-group 1
  request-dialin
  protocol pptp
  rotary-group 0
  initiate-to ip xxx.xxx.xxx.xxx
  interface Dialer0
  mtu 1450
  ip address negotiated
  ip pim dense-mode
  ip nat outside
  ip virtual-reassembly
  zone-member security private
  encapsulation ppp
  ip igmp query-interval 125
  dialer in-band
  dialer idle-timeout 0
  dialer string 123
  dialer vpdn
  dialer-group 1
  no peer neighbor-route
  no cdp enable
  ppp pfc local request
  ppp pfc remote apply
  ppp encrypt mppe auto
  ppp authentication ms-chap-v2 ms-chap eap chap pap callin
  ppp eap refuse
  ppp chap hostname xxx@xxx
  ppp chap password 7 xxxpassword
  But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.

  I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
  here is the config for the one that works:
  vpdn-group 1
  request-dialin
  protocol pptp
  rotary-group 0
  initiate-to ip xxx.xxx.xxx.xxx
  interface Dialer0
  mtu 1450
  ip address negotiated
  ip pim dense-mode
  ip nat outside
  ip virtual-reassembly
  zone-member security private
  encapsulation ppp
  ip igmp query-interval 125
  dialer in-band
  dialer idle-timeout 0
  dialer string 123
  dialer vpdn
  dialer-group 1
  no peer neighbor-route
  no cdp enable
  ppp pfc local request
  ppp pfc remote apply
  ppp encrypt mppe auto
  ppp authentication ms-chap-v2 ms-chap eap chap pap callin
  ppp eap refuse
  ppp chap hostname xxx@xxx
  ppp chap password 7 xxxpassword
  But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.

• Transparent Tunneling and Local Lan Access via VPN Client

  Remote users using Cisco VPN 4.2 connect successfully to a Cisco Pix 515 (ver. 6.3). The client is configured to allow Transparent Tunneling and Local Lan access, but once connected to the Pix, these two options are disabled. What configuration changes are required on the Pix to enable these options? Any assistance will be greatly appreciated.
  Mike Bowyer

  Hi Mike,
  "Transparent Tunneling" and "Local Lan Access" are two different things. "Transparent Tunneling" is dealing with establishing an IPSec Tunnel even if a NAT device is between your client and the VPN-Headend-Device. "Local LAN Access" is dealing with access to devices in the LAN your VPN-Client-Device is connected to.
  What do you mean exactly with "disabled once the connection is made" ?
  You can check the local LAN Access by having a look at the Route-Table of the VPN-Client:
  Right Click the yellow VPN-lock Icon in System-Tray while the VPN-Connection is active and select "Statistics ...". Have a look at the second register page "route details".
  Are any local LAN routes displayed when your are connected ?
  And - always remember two important restrictions the Online Help of the VPN-Client is mentioning:
  1: This feature works only on one NIC card, the same NIC card as the tunnel.
  2: While connected, you cannot print or browse the local LAN by name; when disconnected, you can print and browse by name.
  Carsten
  PS: Removing Split Tunnel won't enable local LAN access as all traffic would be sent into the IPSec tunnel.

• How to configure for remote JMS client?

  I have my own Java JMS test program for performance measurements.
            I am using the JNDI and JMS provider functionality of the WebLogic 9.1 app-server but my test program is just pure JMS 1.02 sender/receiver clients - ie it is NOT part of, or deployed as a J2EE application.
            SINGLE MACHINE TEST
            ===================
            In a single machine environment I was able to
            - configure a JMSServer
            - configure a JMSSystemModule
            - configure resources for ConnectionFactories and Queue and Topics
            I then made what I believe to be a 'standalone' application module copied from some mysystemmodule-jms.xml and with that I somehow worked out how to deploy it using the weblogic.Deployer tool.
            The deployment apparently set up the JNDI and my JMS client could gain access to the administered objects and do what it does.
            Everything works.
            TWO MACHINE TEST
            ================
            I now have a second machine.
            I want to put my JMS sender client on this new machine and I want the JMS server and JMS receiver client to be unchanged from the SINGLE MACHINE TEST.
            But I really don't know quite how to proceed from here...
            Do I need to install the WebLogic app-server on the sender machine or is the weblogic.jar all I need?
            What is necessary configuration for JNDI access on the sender machine?
            Can I in fact use my original SINGLE MACHINE server unchanged as I am hoping?
            I don't think I want a "thin" client because I read that performance is impacted (and these are performance tests)
            Remember this is NOT a J2EE application. There is no MDB; no client-container; no descriptors etc. Maybe that makes it more complicated - I don't know.
            Sorry for such basic questions but if somebody can just point me to an appropriate example or tutorial it could save me days...
            Thankyou.

  Hi,
            My problem is on similar lines. I have an applet based UI working on RMI/t3 protocol.
            I am using weblogic 9.2 as my app server.
            When my applet is executed on JRE 1.5x it works fine.
            But when I use JRE1.4x it gives the following exception
            java.lang.NoClassDefFoundError: javax/management/InvalidAttributeValueException
            at weblogic.rmi.internal.Stub.<clinit>(Stub.java:21)
            at java.lang.Class.forName0(Native Method)
            at java.lang.Class.forName(Class.java:141)
            at weblogic.rmi.internal.StubInfo.class$(StubInfo.java:34)
            at weblogic.rmi.internal.StubInfo.<clinit>(StubInfo.java:34)
            at java.lang.Class.forName0(Native Method)
            I have analyzed the reason for this.
            the class javax/management/InvalidAttributeValueException was included in java 1.5 and above. So JRE 1.4 does not have it.
            In previous versions of weblogic this class was a part of their 'weblogic.jar' file and in weblogic 9.2 it is not a part of weblogic.jar file so when I am using JRE1.4 and weblogic 9.2 then it obviously does not find this class hence the above exception.
            I tried to put this all together and made custom made client jar file incliding the necessary classes. I was able to get throght this exception only land up in following exception.
            java.lang.VerifyError: class weblogic.utils.classloaders.GenericClassLoader overrides final method .
                 at java.lang.ClassLoader.defineClass0(Native Method)
                 at java.lang.ClassLoader.defineClass(Unknown Source)
                 at java.security.SecureClassLoader.defineClass(Unknown Source)
                 at sun.applet.AppletClassLoader.findClass(Unknown Source)
                 at java.lang.ClassLoader.loadClass(Unknown Source)
                 at sun.applet.AppletClassLoader.loadClass(Unknown Source)
                 at java.lang.ClassLoader.loadClass(Unknown Source)
                 at java.lang.ClassLoader.loadClassInternal(Unknown Source)
                 at weblogic.jndi.WLInitialContextFactoryDelegate.<clinit>(WLInitialContextFactoryDelegate.java:204)
                 at weblogic.jndi.spi.EnvironmentManager$DefaultFactoryMaker.<clinit>(EnvironmentManager.java:26)
                 at weblogic.jndi.spi.EnvironmentManager.getInstance(EnvironmentManager.java:48)
                 at weblogic.jndi.Environment.getContext(Environment.java:307)
                 at weblogic.jndi.Environment.getContext(Environment.java:277)
                 at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
                 at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
                 at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
                 at javax.naming.InitialContext.init(Unknown Source)
                 at javax.naming.InitialContext.<init>(Unknown Source)
            I really need to support clients using Jre 1.4 and Jre 1.5
            I will really appreciate any help on this one.
            Please advise.
            Thank you all.

• Problems Oracle 9iDB and ASO Configuration  for Cybersafe

  Oracle 9iDB installation on Solaris with ASO option
  Objective
  My objective is to configure Oracle 9iDB, Release 9.0.1 ASO on Solaris for external authentication using Cybersafe ActiveTRUST, which is a Kerberos, based authentication product.
  Question
  Getting ORA-12641: Authentication Service failed to initialize when trying to connect to Oracle 9iDB using sqlplus from a Oracle 9i Client machine, when ASO is configured for Cybersafe authentication on both Oracle 9iDB and Oracle 9i client
  Can anyone help me setup Oracle 9iDB and Oracle 9i client for ASO using Cybersafe Authentication?
  Environment
  1. I have a Solaris box as my Oracle 9iDB server
  2. I have an NT Server as my Authentication server and Oracle 9i Client.
  Installation Procedure
  I installed as per the steps given in the doc, Oracle Advanced Security Administrators Guide, Release 9.0.1
  Authentication Server / Oracle Client setup (NT Server)
  I installed on the NT Server the following
  1. CyberSafe ActiveTRUST 4.0 Security Server on the NT Server, which acts as an Authentication server.
  2. CyberSafe ActiveTRUST 4.0 Security Client
  3. Cybersafe Application Security Toolkit (GSS runtime libraries) as needed by Oracle ASO setup procedures.
  4. Oracle 9i Client, custom installations with ASO option.
  Oracle 9iDB Server Setup (Solaris Server)
  I installed on the Solaris Server the following
  1. CyberSafe ActiveTRUST 4.0 Security Client
  2. Cybersafe Application Security Toolkit (GSS runtime libraries)
  3. Oracle 9iDB server, custom installation, with ASO option selected.
  Installation of all the above components is successful.
  Note: Installation of Oracle 9iDB server with ASO option never prompted me to choose a Authentication mechanism like Cybersafe, or Kerberos or Radius etc..,
  Note: Oracle 8.1.7 DB installation on NT actually prompted for Authentication mechanism selection.
  ASO Configuration:
  I configured ASO on the Oracle server and client side as mentioned in chapter 5 of Oracle Advanced Security Administrators Guide, Release 9.0.1
  I created an external user in Oracle, [email protected] as mentioned in http://download-uk.oracle.com/otndoc/oracle9i/901_doc/network.901/a90150/1004747
  I configured the NT server, Oracle 9i client for ASO using Net8 Assistant and I have the sqlnet.ora file.
  ASO Problems:
  Once I have configured both Oracle 9i client and 9iDB server for ASO, I am not able to log in to the database using sqlplus /@cybr.
  It returns with an error ORA-12641, saying Authentication Services Failed to Initialize.
  I could not get much help from questions posted on metalink on ORA-12641.
  It looks like Solaris 9iDB could not recognize cybersafe even though, Cybersafe is listed as one of the installed adapters, when I ran # $ORACLE_HOME/bin/adapters. From this, it looks like Cybersafe adapter is linked to ASO.
  Oracle Server is not able to initialize authentication services and call the authentication server at all.
  Can anyone help me setup Oracle 9iDB and Oracle 9i client for ASO using Cybersafe Authentication?

  The problem has been resolved after providing cn=orcladmin instead of orcladmin for the OID user admin user. Now the overall sso solution is working fine with ADF applications.
  Regards,
  S R Prasad

• I updated to iso 8 now I cant log into my apple id and its asking for a vpn password that I have never had either

  I updated my ipad air to iso 8 and now its asking for a vpn password I have never had one before, and even with my wifi shut off. It also will not let me sign in to my apple id, saying it is the wrong password, but I used it on my computer with no problem. to get to this blog.Tried restarting it, nothing, tried to shut off wifi nothing it will not let me do anything.

  User guides
  http://manuals.info.apple.com/MANUALS/1000/MA1595/en_US/ipad_user_guide.pdf

• Foriegn Trade and CIN configuration for SD

  Hi all,
    Can anybody please send me step by step procedures regarding
  1. Foriegn trade configuration in SD Module wrt India.
  2. CIN configuration in SD Module.
  Regards,
  Khan

  You require to do thenecessay configuration for Foreign Trade Data:
  IMG --> Sales and Distribution --> Foreign Trade/Customs --> Basic Data for Foreign Trade --> (Do the necessary configuration here)
  In most probability, it will not default, but it is required to be maintained in Invoice (based on configuration)
  Regards,
  Rajesh Banka
  Reward points if helpful.