Client issues from behind firewall (login delays)

Similar Messages

• Error line 68 in DBMS_DEBUG_JDWP when trying to debug from behind firewall

  Hello!
  I am using sqldeveloper on a windows client, connecting to an Oracle 10.1.0.4 database on AIX 5.3 behind our internal firewall. No sweat, I have an sql*net "hole" through the firewall to the database listener.
  But when trying to debug a PL/SQL procedure, the debugging session cannot start but gets the following errors:
  ORA-30683: failure establishing connection to debugger
  ORA-12535: The requested operation could not be completed within the time out period.
  The cause is readily seen in one of sqldeveloper's own windows, namely that the procedure call
  CALL DBMS_DEBUG_JDWP.CONNECT_TCP( '192.168.205.143', '1290' )
  fails. Our internal firewall quite rightly doesn't allow a connection from "any port" on the database server to "any port" on my PC.
  Is there any workaround for this issue, short of trying to get my security officer to open up so that "any port" on the database server can connect to "any port" on my windows client? I can change "debug preferences" in sqldeveloper to point to only one port on my windows client, but since I cannot control what port on the server the DBMS_DEBUG_JDWP.CONNECT_TCP procedure chooses when it tries to connect to my client, that is only a halfway solution as I see it.
  Cheers from snow-white Denmark,
  Hans Henrik Krohn

  Wrong install Disc, that one is machine specific, & doubtful a reinstall will help all that much.
  More RAM will likely help, but not awfully likely it'll be 50%.
  To tell, ehen it gets slow, Open Activity Monitor, Show:>All Processes, sort on CPU%, see if anything using too much CPU% when this happens, click on Memory tab, do you have many Pageouts?

• 4265 Audit Failure: NTLM Authentication Issue from constant Outlook Login Prompts

  Hello Technet!
  Last week I started running into a domain-wide issue where users could authenticate while connected to the domain, but would receive prompts to log in to our external host. The first prompt is for mail.domain.local, which works fine inside the office, and
  the second is owa.domain.com, which continually fails. 
  On the second prompt, the Exchange 2007 server (on Server 2008 R2) reports the following error:
  Log Name: Security
  Source: Microsoft-Windows-Security-Auditing
  Date: 3/19/2015 9:10:19 AM
  Event ID: 4625
  Task Category: Logon
  Level: Information
  Keywords: Audit Failure
  User: N/A
  Computer: mail.domain.local
  Description:
  An account failed to log on.
  Subject:
  Security ID: NULL SID
  Account Name: -
  Account Domain: -
  Logon ID: 0x0
  Logon Type: 3
  Account For Which Logon Failed:
  Security ID: NULL SID
  Account Name: user
  Account Domain: domain
  Failure Information:
  Failure Reason: An Error occured during Logon.
  Status: 0xc000006d
  Sub Status: 0x0
  Process Information:
  Caller Process ID: 0x0
  Caller Process Name: -
  Network Information:
  Workstation Name: DOMAIN-PC
  Source Network Address: 12.345.67.89
  Source Port: 56984
  Detailed Authentication Information:
  Logon Process: NtLmSsp
  Authentication Package: NTLM
  Transited Services: -
  Package Name (NTLM only): -
  Key Length: 0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
  - Transited services indicate which intermediate services have participated in this logon request.
  - Package name indicates which sub-protocol was used among the NTLM protocols.
  - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
  I've gone through quite a few attempted fixes already, all to no effect:
  1. I've both added BackChannelHostName to the server's registry, as well as described here: https://support.microsoft.com/en-us/kb/896861
  2. Verified SSL Cert status
  3. Internal and External OWA URI is set to owa.domain.com in EWC
  4. Set up the IIS7 authentication and SSL settings to their defaults, as described here: http://msexchangeguru.com/2010/10/05/autodiscover/
  5. I added a SRV record for autodiscover on our DC to correct an EXPR auth issue: https://acbrownit.wordpress.com/2012/12/20/internal-dns-and-exchange-autodiscover/
  Despite all these things, I haven't yet seemed to scratch whatever itch Exchange is having. All of the client Outlooks will get the prompt for owa.domain.com, even though their mail is working because they're in the office or on VPN. For whatever reason,
  the Mac Outlook 2011 users cannot authenticate to the mail server at all, so they are the ones hit the hardest by this issue.
  Any insight everyone here at TechNet can offer would be appreciated. Every fix and workaround I've looked at has either changed nothing, or pointed to something that was already configured properly. If there are details missing that I could offer to provide
  a better idea of the problem, please let me know. Thank you.
  -- Brian Q.

  Hi,
  Yes, it may be caused by the security updates on March 10, 2015. Please refer to the known issue in the following KB:
  http://support.microsoft.com/en-us/kb/3002657
  Please remove the security patch on the DC and restart server to have a try. Additionally, here is a similar thread for your reference:
  https://social.technet.microsoft.com/Forums/exchange/en-US/1b2a24d9-3d77-49f6-9d0f-63c71da64827/password-prompt-after-exchange-server-windows-updates?forum=exchangesvrclientslegacy
  Regards, 
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Windows media stream from behind firewall

  I'm hoping someone in the know can help me. I need to open a port on a
  firewall, to allow Windows Media Encoder on one of our LAN workstations to
  connect with a Windows Media Server on the outside of the firewall. Where
  do I configure ports with Bordermanager? Do I use brdcfg.nlm? filtcfg.nlm?
  Something else?
  Thanks in advance for your help.

  [email protected],
  > I'm hoping someone in the know can help me. I need to open a port on
  > a firewall, to allow Windows Media Encoder on one of our LAN
  > workstations to connect with a Windows Media Server on the outside of
  > the firewall. Where do I configure ports with Bordermanager? Do I use
  > brdcfg.nlm? filtcfg.nlm? Something else?
  > Thanks in advance for your help.
  Actually this forum is for questions about the Novell Client Firewall
  that ships with Border Manager 3.8 The most appropriate place for your
  question is novell.support.bordermanager.packet-filtering
  However to answer your question. If use a version prior to 3.7 you use
  filtcfg.nlm If using 3.7 or 3.8 you use iManager.
  //Niclas Ekstedt
  Niclas Ekstedt, CNE, NSC Sysop
  Iftech Network AB

• Having trouble downloading from behind firewall

  I'm trying to run the Windows executable for WebLogic Express 7.0.7.0 and cannot get my HTTP proxy settings to work - keep getting the msg "The installation archive information could not be obtained from BEA Systems. Please check your download settings." I see that other folks in the same situation have been given FTP instructions - please help! Thanks.

  Hi,
  Unfortunately, the ftp instructions provided are specific to a Workshop for WebLogic 9.2 update.
  Since your question is specific to WebLogic Server, please post the question to the weblogic.developer.interest.general newsgroup at http://newsgroups.bea.com/bea/forum.jspa?forumID=2017
  Thanks
  Raj

• Issue with Adobe flex data.xml file not reachable from bsp behind firewall

  Hi Gurus,
  I have a problem with the <mx:HTTPService> tag the following is the actual tag,
  <mx:HTTPService
  id="Srv"
  url="data.xml"
  useProxy="false"
  method="POST" result="resultHandler(event)"/>
  When accessed locally I can see the data in the flex as the data.xml can be reached. when the same is accessed from internet behind firewall, the url is entirely different and the .swf file in the BSP page cannot access the data.xml. I cannot give the absolute url in the tag as the BSP page application is accessed differently in different servers. any help on this would be greatly appreciated
  Thanks
  Akbar

  Sorry somehow I missed this question, an even easier way to do this is to allow your Flash movie to "script" ( this is the default behavior for a Flex application ) and then call some javascript to obtain exactly what the page URL is and then go from there to get your data:
  import flash.external.ExternalInterface;
  import mx.utils.URLUtil;
  var
  if(ExternalInterface.available){
       pageURL = ExternalInterface.call("window.location.href.toString");
  // Do whatever you need with the URL here.
       var serverName:String = URLUtil.getServerNameWithPort(pageURL);
  -d

• GTalk from behind the firewall using Python

  Friends,
  I'm a student accessing the net from behind the University Firewall and it does not allow us access to GTalk (some crappy policy). When I was using Windows, about a couple of months back, I used to run Python server and to tunnel thru it to access Internet and GTalk in particular.
  Now Google does not have a dedicated GTalk client, . I tried fiddeling with some settings in iChat and Adium but couldn't get it to work.
  Can anyone help in this respect.
  highly hopeful,
  Aditya
  Macbook   Mac OS X (10.4.8)   2.0Ghz Intel Core 2 Duo, 1Gb ram, 80Gb HD

  Hi,
  This forum may be of more help
  http://discussions.apple.com/forum.jspa?forumID=755
  5:11 PM Sunday; February 25, 2007

• RMI Clients behind firewall

  When the RMI client behind firewall tries to access the server the following error is thrown up:
  java.rmi.ConnectIOException: Exception creating connection to: 10.130.12.128; ne
  sted exception is:
  java.net.NoRouteToHostException: Operation timed out: no further informa
  tion
  java.net.NoRouteToHostException: Operation timed out: no further information
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(Unknown Source)
  at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
  at java.net.PlainSocketImpl.connect(Unknown Source)
  at java.net.Socket.<init>(Unknown Source)
  at java.net.Socket.<init>(Unknown Source)
  at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
  ource)
  at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
  ource)
  at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
  at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
  at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
  at sun.rmi.server.UnicastRef.invoke(Unknown Source)
  at RMIFaxServer_Stub.getResult(Unknown Source)
  at FaxTest.main(FaxTest.java:51)

  your client is behind the firewall but the server you're trying to access has an address 10.x.x.x which says that it too is behind a firewall and not on the Internet, or is the server in a DMZ. It sounds more like a networking issue than a java problem at this point. If the server is on some side of a firewall, you may need a some sort of "permit established" config setting added to the firewall. Just a thought.

• What are prerequisite for Design Studio Client tool behind firewall?

  Hi Experts,
  Can you tell me what are prerequisites for Design Studio Client tool behind firewall?
  Best Regards,
  Pushkar

  Hi Pushkar,
  In which 'mode' would you like to use the Design Studio Client application. Connected to the BI platform, SAP HANA, etc?
  With kind regards,
  Martijn

• Callback cannot be done if client behind firewall. But WHY?

  I've read a lot of threads regarding callback is not achievable if client is behind firewall. But i couldn't find the DETAILED reason for that. Can anyone explain that?
  Thank,
  Jax

  In order for a server to asynchronously callback a client, it must create an inbound socket connection to the client, to send the message. This is precisely the type of thing a firewall is designed to prevent.
  To receive callbacks, the firewall would have to open a specific port for inbound connections to the client, and the server would have to be aware of this port as well.

• Why does a Login Error occur: "AFP Client wants to use Keychain Login"?

  I have three people in my house with separate logins. We are currently using two desktop G4s which are networked via 1000 Base T. When the users login to one of the Macs, they must enter their passwords twice. Once for the AppleShare login and then a second time for the KeyChain Login.
  If I attempt to unify the passwords, which are exactly the same, I will get a login error: "AFP Client wants to use Keychain Login". At this point, a dialogue box will appear looking for a password, but not accepting any kind of text at all. All I can do is reset the Mac, go into my admin login and remove the login.keychain file from the local Library folder to get back into the User account.
  In my attempts to fix this, I have removed every preference file with the word "login" in it and re-logged in without success. I have also used the Keychain Access software to administer Keychain First Aid without success. Finally, I have deleted the keychain login in Keychain Access without success. I have done all of these separately and together without success.
  This is only happening on one Mac. The Mac that has no files on it. All working files are stored on the other Mac and it does not have the same problem at all.
  This is not a huge problem, but it is annoying. I would appreciate it if anybody knows anything about this and could shine some light on the situation.

  Sorry about the delay from your last reply. I have been busy with work and studying for a licensing exam.
  Anyway I tried the AppleJack Utility you suggested. It looked like it tidied up some things. But as for my particular issue, it did absolutely nothing.
  Interestingly enough, you know when you aren't looking for something and that something just happens by accident? When I logged in the other day, I typed in the first login. The second dialogue came up immediately and I hit the cancel button instead of the OK button. When I was passed on to the Finder, the second login dialogue came up again. I typed in the password this time and checked the checkbox. When I relogged in, the problem vanished. I only waited this long to let you know to make sure the problem is gone and it is. I wish I would have thought of selecting the cancel button before. Sometimes solutions are simple like this one.
  Thanks for your help.

• ACS5.1 - IOX AAA ( behind Firewall)

  I have some issue with IOX Tacacs+ client at public domain, pointing to ACS at internal network, both ACS ia NAT by firewall.
  Please refer to attached diagram.
  When user login into the IOX device, it sucessful login but was not assgined with any usergroup. Therefore the user suppose to get let say usergroup root-system, it not assigned with any usergroup at all. So the user cannot even show run ( show run do not show any vonfig)
  This problem do not appear at Internal IOX device, where it does not go thru firewall.Only IOX client in front of firewall pointing to ACS public NATted IP.
  What can it goes wrong here ? Firewall need to open additional other application port ? So far tcp/49 is allow from public.
  Regards

  It's a good idea to check if the group assignement is done on ACS side in ACS logs.
  It's either ACS not assigning it for some reason or the remote IOX clients not receiving the correct info because of a firewall

• Problem accessing https Web service from behind proxy

  Hi all,
  I have this constant timeout issue which occurs whenever I try to access the Web service from behind a proxy.
  Find below the error logs -
  AxisFault
  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
  faultSubcode:
  faultString: java.net.ConnectException: Connection timed out: connect
  faultActor:
  faultNode:
  faultDetail:
  {http://xml.apache.org/axis/}stackTrace:java.net.ConnectException: Connection timed out: connect
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
  at java.net.Socket.connect(Socket.java:452)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at org.apache.axis.components.net.DefaultSocketFactory.create(DefaultSocketFactory.java:136)
  at org.apache.axis.components.net.DefaultSocketFactory.create(DefaultSocketFactory.java:100)
  at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:129)
  at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:389)
  at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:87)
  at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
  at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
  at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
  at org.apache.axis.client.AxisClient.invoke(AxisClient.java:144)
  at org.apache.axis.client.Call.invokeEngine(Call.java:2688)
  at org.apache.axis.client.Call.invoke(Call.java:2671)
  at org.apache.axis.client.Call.invoke(Call.java:2357)
  at org.apache.axis.client.Call.invoke(Call.java:2280)
  at org.apache.axis.client.Call.invoke(Call.java:1741)
  I am using Tomcat 5.0.19 . Could anyone suggest a possible solution to the same?
  The system works fine when I use a http endpoint.

  Hi,
  By default, your application tries to connect to the Net directly : if you have to specify a proxy, use either these lines in your code :
  System.setProperty("http.proxySet", "true");
  System.setProperty("http.proxyHost", "proxy");
  System.setProperty("http.proxyPort", "8080");
  Or specify them in the command line with the "-D"option.
  Ex : java .... -Dhttp.proxySet=true .... MyApp
  Hope it helps.
  See ya

• RMI call back - How to refer to the client project from the server project?

  Hi, I am working on an RMI assignment which basically needs me to use the RMI call back for the server to notify the clients.
  I have 2 projects , one for the client and another for the server.
  In the client project, I have a client interface and the main client class implements this interface.
  In the server project, I have a server interface and a class that implements this interface.
  I can use the server interface in the client project's code by adding the server project in the path of the client project. it lets me use the server interface in the code if I put "import.." statement.
  But the issue is I can not do the same to access the client interface from within the server project's code. Since that will be a circular reference, the compiler does not let me use the client interface from within the server's code. This is putting me in a great difficulty and I am stuck here. What should I do so that I can use the client interface and the compiler won't complain?
  Thanks for any help..
  Regards.. js

  Let me explain what I tried: I manually generated stub class of the client using the Eclipse IDE as mentioned in my previous message. The StockMSClient_Stub.class got created in my client project.
  The common project has the 2 interfaces - one from the client and one from the server.
  I have added reference to the common project from the client and server projects to use the interfaces.
  With the above mentioned in place, when I run the server project, the registry binding of the server objects is very fine. But I am getting error in the applet at the line where I am passing the client object to the method provided by the server interface. The following is the code snippet in the applet where I am getting the error.
  specifically the line: String response = objs.login(userId, password, smsClient);     ====================
  public void login() {
              Registry reg = null;
              String userId = "test";
              String password = "test";
              this.smsClient = new StockMSClient();
              try {
       reg = LocateRegistry.getRegistry(rmiHost,rmiPort);
                        UserInterface obj = (UserInterface) reg.lookup(rmiStrings
                                                                                                                      [1]);
       User u = obj.find(userId);
       if (u == null) {
            System.out.println("This user is not valid");
       } else {
                       UnicastRemoteObject.exportObject(smsClient);
       reg = LocateRegistry.getRegistry(rmiHost, rmiPort);
       LoginLogoutInterface objs = (LoginLogoutInterface) reg
                                 .lookup(rmiStrings[0]);
                      //getting error at the following line.
                      String response = objs.login(userId, password, smsClient);     
                       System.out.println("response :" + response);
             } catch (AccessException ae) {
                     System.out.println(ae);
             } catch (NotBoundException nbe) {
                    System.out.println(nbe);
             } catch (RemoteException re) {
                    System.out.println(re);
  } //end login()====================
  Error is:
  java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
       java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
       java.lang.ClassNotFoundException: sms.rmi.graphics.StockMSClient_Stub (no security manager: RMI class loader disabled)================
  I don't know why this is happening..Please help.
  thanks & regards, js
  Message was edited by:
  jsitaraman

• Adding devices behind firewall

  i have just installed an AirPort Extreme and want to add my thermostat so i can access them remotely.  Do i need to add the MAC address and or IP Address of the thermostats?  How do i do this and where?

  Hi,
  TACACS+ authentication service between Network devices and AAA Server is running on TCP 49. The 2004-5000 port range is only applicable if you need to access ACS Server (for management purposes) from outside/internet. In your case, if you need to access your devices behind firewall from external network, what you need is map your internal network devices with public IP, and open ddesired service port, e.g SSH (tcp 22) on your Firewall outside interface ACL to allow incoming access.
  For your internal devices, you need to have appropriate AAA configuration that point to ACS (e.g TACACS+). In your ACS, set these devices as AAA Client, and configured appropriate IP, secret key and using TACACS+.
  Before you test ssh access from internet/external network, test your SSH access locally. It must be successful to get AAA to authenticate your SSH connection request.
  http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e996.html
  Hope this helps.
  Rgds,
  AK