Client unable to check-in

Similar Messages

• PC Users are unable to check Outlook while my (mac) Mail is open

  Ever since I upgraded to 10.4, whenever I have my Mail application open, the PC users are unable to check their IMAP mail through Outlook. The PC Users and myself are all using different accounts, but are checking the same server.
  At first, this seemed like it was a coincidence... but then I shut my powerbook and they could check their again. I have to use a web mail client to check my email when I am on the network at work.
  Any ideas to resolve this issue? Mail is set to check every 5 minutes.

  AA8 and AA9 allow Reader Rights so the user can save the form. This is restricted by the license to 500 uses. In the long run, the only advantage of the Reader Rights is for your users, not for you. You can always import the data into the form and have the same result as they had in the form. It is not necessary to transmit the full form to you, only the data. If you were developing a web form that would likely exceed the 500 uses, you would have to negotiate a price with Adobe for Reader Rights (thousands of $$ should be expected).
  If saving is important in a company environment, not online, then you may want to read the EULA carefully as to the exceptions. You will still have to have at least AA8.
  I guess the printing problem was answered.

• "Unable to check revocation" error while checking CDP from non-domain user account

  Hi!
  I use 3-tier PKI infrastructure:
  Stand-alone offline Root CA: RootCA;
  Stand-alone offline Intermediate subordinate CA: SubCA;
  Enterprise CA: EntSubCA.
  In certificate we have three CDP point for CRL check:
  ldap:///, http:// and file://
  I have Windows 2008 R2 server joined to domain.
  I use command certutil –verify –urlfetch <filename.cer> >check.txt for revocation checking of certificate.
  When I use domain user account for revocation checking, all OK.
  I have access to any CDP and all fine.
  But when i use local server user account, I haven't access to ldap:/// and process failed although all other links is OK.
  My question is "why check fail with non-domain user accout while other CDP point succesfully verifed"?
  Here is the logfile from local user:
  Issuer:
  CN=EntSubCA
  DC=DED
  DC=ROOT
  Subject:
  CN=servername.domain_name
  Cert Serial Number: 5a896145000300006ee2
  dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
  dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
  dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_BASE
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ChainContext.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  SimpleChain.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
  Issuer: CN=EntSubCA, DC=DED, DC=ROOT
  NotBefore: 05.02.2015 20:03
  NotAfter: 05.02.2016 20:03
  Subject: CN=servername.domain_name
  Serial: 5a896145000300006ee2
  SubjectAltName: DNS Name=servername.domain_name
  Template: Machine
  70 e4 6b 16 05 a1 62 e3 6d 24 96 ff 44 74 ee a2 3e ce df 18
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ---------------- Certificate AIA ----------------
  Failed "AIA" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?cACertificate?base?objectClass=certificationAuthority
  Verified "Certificate (0)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crt
  Verified "Certificate (0)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crt
  ---------------- Certificate CDP ----------------
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?certificateRevocationList?base?objectClass=cRLDistributionPoint
  Verified "Base CRL (018d)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [1.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [1.0.2] http://webserver/crl/EntSubCA.crl
  Verified "Base CRL (018d)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [2.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [2.0.2] http://webserver/crl/EntSubCA.crl
  ---------------- Base CRL CDP ----------------
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  OK "Base CRL (018d)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [1.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [1.0.2] http://webserver/crl/EntSubCA.crl
  OK "Base CRL (018d)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [2.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [2.0.2] http://webserver/crl/EntSubCA.crl
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 018d:
  Issuer: CN=EntSubCA, DC=DED, DC=ROOT
  33 af 4d be 0e 35 45 94 bc 8b 3f d9 c1 60 e7 0c c4 83 17 b6
  Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
  CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=SubCA
  NotBefore: 13.11.2014 19:12
  NotAfter: 13.11.2017 19:22
  Subject: CN=EntSubCA, DC=DED, DC=ROOT
  Serial: 6109015b000100000008
  Template: SubCA
  9b 04 17 9f c5 fe 52 ca a5 58 49 6c c6 18 fa db 13 b3 92 9e
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Failed "AIA" Time: 0
  Error retrieving URL: The network path was not found. 0x80070035 (WIN32: 53)
  file://\\sub_ca\CertEnroll\sub_ca_SubCA(1).crt
  Verified "Certificate (0)" Time: 0
  [1.0] file://\\ca\crl\SubCA.crt
  Verified "Certificate (0)" Time: 4
  [2.0] http://webserver/crl/SubCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (32)" Time: 0
  [0.0] file://\\ca\crl\SubCA.crl
  Verified "Base CRL (32)" Time: 4
  [1.0] http://webserver/crl/SubCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 32:
  Issuer: CN=SubCA
  8d a9 9d 51 65 a3 8e 77 02 22 40 57 62 70 e8 f6 c5 2e 60 1e
  CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=RootCA
  NotBefore: 28.05.2008 12:09
  NotAfter: 28.05.2058 12:19
  Subject: CN=SubCA
  Serial: 616bd19f000100000004
  Template: SubCA
  06 d2 47 e7 dc 8f a7 97 a2 b8 c3 92 03 19 24 0c 47 45 22 14
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crt
  Verified "Certificate (0)" Time: 4
  [1.0] http://webserver/crl/RootCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (1c)" Time: 4
  [0.0] http://webserver/crl/RootCA.crl
  Verified "Base CRL (1c)" Time: 0
  [1.0] file://\\ca\crl\RootCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 1c:
  Issuer: CN=RootCA
  dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
  CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=RootCA
  NotBefore: 27.05.2008 16:10
  NotAfter: 27.05.2110 16:20
  Subject: CN=RootCA
  Serial: 258de6fbd3bbab92460530e9e9f10536
  5d e4 56 38 13 0a 52 aa 66 51 25 61 19 33 c9 d7 a2 c7 dd 38
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crt
  Verified "Certificate (0)" Time: 4
  [1.0] http://webserver/crl/RootCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (1c)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crl
  Verified "Base CRL (1c)" Time: 4
  [1.0] http://webserver/crl/RootCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 1c:
  Issuer: CN=RootCA
  dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
  Issuance[0] = 1.2.700.113556.1.4.7000.233.28688.7.167403.1102261.1593578.2302197.1
  Exclude leaf cert:
  5b 8d 96 39 f8 a3 6f af f3 89 bc 8d 78 e2 da 53 21 b8 ff aa
  Full chain:
  ca 99 30 47 9b ad ab ce 97 cc 70 80 a5 4e 11 b3 1a 83 98 78
  Verified Issuance Policies: None
  Verified Application Policies:
  1.3.6.1.5.5.7.3.2 Client Authentication
  1.3.6.1.5.5.7.3.1 Server Authentication
  ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613)
  CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
  CertUtil: -verify command completed successfully.

  What you have discovered is the reason to *not* use LDAP URLs for CDP and AIA extensions in your PKI. To access those URLs, the account must access to the URLs. In your output, it is quite clear that the local account does not have necessary permissions
  (you also use FILE URLs for publication, which again is not recommended).
  The best practice is to use a single URL for the CDP extension. It should be an HTTP URL that is hosted on a highly available (internally and externally accessible) Web cluster.
  For the AIA extension, it should contain two URLs: one for the CA certificate - again to an internally and externally accessible, highly available Web cluster and one for the OCSP service - also
  an internally and externally accessible, highly available Web cluster.
  the other issue is that the root CA is *not* trusted when run by a non-domain account. How are you adding the trusted root CA. It is recommended to do this by running
  certutil -dspublish -f RootCA.crt.
  This will ensure that the computer account trusts the root CA. In your output, the root CA certificate is not trusted.
  Brian

• Certificate issues Active Directory Certificate Services could not process request 3699 due to an error: The revocation function was unable to check revocation because the revocation server was offline. 0x80092013

  Hi,
  We have some problems with our Root CA. I can se a lot of failed requests. with the event id 22: in the logs. The description is: Active Directory Certificate Services could not process request 3686 due to an error: The revocation function was unable to
  check revocation because the revocation server was offline. 0x80092013 (-2146885613).  The request was for CN=xxxxx.ourdomain.com.  Additional information: Error Verifying Request Signature or Signing Certificate
  A couple of months ago we decomissioned one of our old 2003 DCs and it looks like this server might have had something to do with the CA structure but I am not sure whether this was in use or not since I could find the role but I wasn't able to see any existing
  configuration.
  Let's say that this server was previously responsible for the certificates and was the server that should have revoked the old certs, what can I do know to try and correct the problem?
  Thank you for your help
  //Cris

  hello,
  let me recap first:
  you see these errors on a ROOT CA. so it seems like the ROOT CA is also operating as an ISSUING CA. Some clients try to issue a new certificate from the ROOT CA and this fails with your error mentioned.
  do you say that you had a PREVIOUS CA which you decomissioned, and you now have a brand NEW CA, that was built as a clean install? When you decommissioned the PREVIOUS CA, that was your design decision to don't bother with the current certificates that it
  issued and which are still valid, right?
  The error says, that the REQUEST signature cannot be validated. REQUESTs are signed either by itself (self-signed) or if they are renewal requests, they would be signed with the previous certificate which the client tries to renew. The self-signed REQUESTs
  do not contain CRL paths at all.
  So this implies to me as these requests that are failing are renewal requests. Renewal requests would contain CRL paths of the previous certificates that are nearing their expiration.
  As there are many such REQUEST and failures, it probably means that the clients use AUTOENROLLMENT, which tries to renew their current, but shortly expiring, certificates during (by default) their last 6 weeks of lifetime.
  As you decommissioned your PREVIOUS CA, it does not issue CRL anymore and the current certificates cannot be checked for validity.
  Thus, if the renewal tries to renew them by using the NEW CA, your NEW CA cannot validate CRL of the PREVIOUS CA and will not issue new certificates.
  But it would not issue new certificates anyway even if it was able to verify the PREVIOUS CA's CRL, as it seems your NEW CA is completely brand new, without being restored from the PREVIOUS CA's database. Right?
  So simply don't bother :-) As long as it was your design to decommission the PREVIOUS CA without bothering with its already issued certificates.
  The current certificates which autoenrollment tries to renew cannot be checked for validity. They will also slowly expire over the next 6 weeks or so. After that, autoenrollment will ask your NEW CA to issue a brand new certificate without trying to renew.
  Just a clean self-signed REQUEST.
  That will succeed.
  You can also verify this by trying to issue a certificate on an affected machine manually from Certificates MMC.
  ondrej.

• Unable to check flight availability in DEMO 3.0

  Anybody,
  I finished configuring the demo but when I execute I get the following error:
  Unable to check flight availability.  
  Error Type:  XI system error 
  Error Details:  An error occurred when determining the business system (LD_ERROR) 
  Looking at the logs I found the following exception (actually more than one)
  Date : 12/01/2004
  Time : 18:04:35:593
  Category :
  Message ID : 00111174DBE8006000000018000010380003EA3440BF0ED4
  Severity : Error
  Location : com.sap.engine.services.rfcengine.RFCJCOServer.handleRequestInternal()
  Source Name : com.sap.engine.services.rfcengine
  Thread : Thread[JCO.ServerThread-16,10,SAPEngine_System_Thread[impl:5]_Group]
  Message : com.sap.mw.jco.JCO$AbapException: (126) SLD_CLIENT_EXCEPTION: AbapSLDRequestHandler.getObjectServer(): User credentials are invalid or user is denied access
  Datasource : 11862050:C:\usr\sap\ABC\DVEBMGS01\j2ee\cluster\server0\log\defaultTrace.trc
  Application :
  Argument Objs :
  Arguments :
  Dsr Component : ABC
  Dsr Transaction : C2AB51A566A64BC2B12F379616CF1EC6
  Dsr User : XISUPER                        
  Indent : 0
  Level : 0
  Message Code :
  Message Type : 0
  Relatives :
  Resource Bundlename :
  Session :
  Source : com.sap.engine.services.rfcengine
  ThreadObject : Thread[JCO.ServerThread-16,10,SAPEngine_System_Thread[impl:5]_Group]
  Transaction :
  User :
  It appears I don't have permission to execute load the bean and execute it.  Can anyone tell me what role or authorizations I need to assign to my XISUPER user in order to do this...
  Thanks
  Diego

  Alessandro, I'm experiencing almost the same kind of error as described before. However, in my case trx SLDCHECK (executed from the XI server and from the SAP application system) also generates errors. The error Im getting is as follows:
  Testing SLD API
  An exception has ocurred
  Description: Exception in SLD Client: AbapaSLDRequestHandler.ping() server connection *** failed ***
  Summary: Connection to SLD does not work
  => Check SLD function and configurations
  I have to say that the SLD home page from Integration Builder works correctly and when SLDCHECK is executed the browser opens the correct url and loads the page.
  I have followed all congiguration steps (maintain SLD details with trx SLDAPICUST, maintain HTTP and TCP/IP destinations, activate XI services, etc..) mentioned in the SAP documentation, however the problem persists.
  Thanks in adavnce for any feedback!
  Thanks, Roberto
  Message was edited by: Roberto Viana

• Client unable to establish connection; 08001;

  Hello,
  My SSAS multidimensional cube processing fails with the following error:
  "OLE DB error: OLE DB or ODBC error: A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to
  allow remote connections. For more information see SQL Server Books Online.; 08001; Client unable to establish connection; 08001; Encryption not supported on the client.; 08001"
  It was running fine with no errors till yesterday. Does anyone know what may be wrong?
  Could it be because of a new firewall rule on the server that host the SQL server?
  Appreciate your help!
  Thanks!

  Hi Nihcas,
  Based on the error message, it seems that the account cannot connect to the data source of the SQL Server Analysis Services database. And you said that a new firewall rule on the server that host the SQL server, then this issue can be caused by this firewall.
  To access an instance of the SQL Server through a firewall, you must configure the firewall on the computer that is running SQL Server to allow access. The firewall is a component of Microsoft Windows. In your scenario, please try to configure the Windows
  Firewall to Allow SQL Server Access and check if the issue is persists or not.
  http://msdn.microsoft.com/en-us/library/cc646023(v=sql.105).aspx
  Regards,
  Charlie Liao
  TechNet Community Support

• Unable to Check in Business Services in JDE DEMO.

  Hi,
  We have ERP 8.97 JDE tool set installed on our local m/c. We are unable to check in the Business Services (BSSV) object (JP55HOL) in JDE DEMO. We also tried checking in the vanilla BSSV (J0000030) after we had chekced it out, but this also did not work out. We are getting the error: General Error in Method, Check-in. However we had no issues in checking in the regular JDE objects.
  Please help!!!
  -Shahid

  Demo E900 is a big mess, perhaps "Oracle Lab" packaged it this way.
  Do this:
  1- Create a project "Temp"
  2- Check out F986020 & F986030 (only specs available, no table exists in the data source) - if you try to see by UTB or databrowser
  3- Generate table & index in design (take every thing as default)
  4- Now try check-in your BSSVs.
  5 Goodluck

• Unable to Check for Update on OS 5.1

  My iPad 2 will not update its software over the air and comes up with the message Unable to Check for Update.  I have tried updating via iTunes 10.6 and it just sits there trying to contact the update server.  I have also reset the iPad and restored from backup.  Exactly the same problem!
  Its nothing to do with the network as i get exactly the same problem at work as i do at home.  My iPhone 4S updated to 5.1 without any problem.  However my iPad just does not want to know.
  Please help!

  Correction. I started the update on my iPhone and my wife's iPad. However, they never finished. Each one returned an error message stating that the "Software Update Failed. An error occurred downloading iOS 5.1." I can't even get my ipad2 to get that far. It returns an error when trying to contact the server.

• "Unable to Check Out File Error" Message

  I'm new to using Adobe products, so forgive me if this is a dumb question! My graphic designer sent me a INDD file to edit the text in and when I try to open it in both InDesign and InCopy, I receive an "Unable to Check Out this File" error message. I just downloaded InDesign CC and InCopy CC (the free trial versions). She said that all settings on her end should allow me to view it. Any help is much appreciated!
  Thank you!

  I've just experienced the same error message in CS4. I got rid of it by going to the Links panel, selecting all the links to Incopy, and Unlinking.

• Errors with SharePoint Security Token Service: "The revocation function was unable to check revocation for the certificate"

  I'm getting these errors in the eventlog and ULS, "An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root
  Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS CERTIFICATE THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate."
  The errors point to the SharePoint Security Token Service as the issue ("The revocation function was unable to check revocation for the certificate") reported back by the Topology service.  This is apparent when executing a search, accessing
  the managed metadata service, issuing SPSite commands in Powershell, or anything that needs to run through the "SharePoint Web Services" site.  I've looked at the certificate assigned to that site and everything appears to be in order. 
  It would seem to me to be either an incorrect endpoint configuration (internally cached perhaps?) or related to security access for the configuration database (in order to validate the certificate root).
  What I’ve tried so far:
  I’ve been all over the certificate settings, both in the server store, and within SharePoint Token Service config.  Both appear to be configured correctly such that the root CAs can be validated.
  Re-entered the passwords for the application pool domain accounts to eliminate these as a potential cause.  I’ve also verified the service accounts reporting the error, do have access to the configuration database.
  Re-provisioned the STS service to see if that might clear out any cached issues and validated everything else according to this
  MS Tech note.
  So far nothing has worked.  Is there anything else I could be looking at that I've missed? (Full eventlog detail below)
  Log Name:      Application
  Source:        Microsoft-SharePoint Products-SharePoint Foundation
  Date:          2/20/2015 11:19:41 AM
  Event ID:      8311
  Task Category: Topology
  Level:         Error
  Keywords:      
  User:          <SP SERVICE ACCOUNT>
  Computer:      <SHAREPOINTSERVER>
  Description:
  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS
  CERT THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
      <EventID>8311</EventID>
      <Version>14</Version>
      <Level>2</Level>
      <Task>13</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-20T17:19:41.213852500Z" />
      <EventRecordID>1611121</EventRecordID>
      <Correlation />
      <Execution ProcessID="10212" ThreadID="10328" />
      <Channel>Application</Channel>
      <Computer><SHAREPOINTSERVER></Computer>
      <Security UserID="<SP SERVICE ACCOUNT>" />
    </System>
    <EventData>
      <Data Name="string0">CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string1">CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string2"><STS CERT THUMBPRINT></Data>
      <Data Name="string3">RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  </Data>
    </EventData>
  </Event>

  Hi Darren,
  This problem seems to occur when an administrator deletes the local trust relationship of the farm from the Security section of the Central Administration website
  In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands
  $rootCert = (Get-SPCertificateAuthority).RootCertificate
  New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
  After running the above commands, perform an IISReset on all servers in the farm.
  More information:
  http://support.microsoft.com/kb/2545744
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• Unable to check mark whole playlists to play since last update.  ONly allows me to check one at a time.  How do I fix?

  While in MY MUSIC on itunes, all my music is unchecked.  I can not check whole playlists by using the top checkmark to select all.  I went to all my playlists, same thing.  I can only press them ONE at a time, which will take about a day to check all of them. 
  any ideas?  anyone have same problem?  This just happened since last update.

  I exactly have the same problem as this "Unable to check mark whole playlists to play since last update.  ONly allows me to check one at a time.  How do I fix?" I have a windows7. Please help.

• "Unable to check for available downloads" since upgrade to 8.1

  It appears a number of people are having this problem but are all under different headings...
  I can purchases new music/items and have them download right away, but it appears anything that was waiting for me to download prior to the upgrade to 8.1 is stuck somewhere. When checking for Downloads (no matter which way you do it) I get an error that says "Unable to check for available downloads. The iTunes store is temporarily unavailable."
  Troubleshooting guides suggest ensuring your firewall is allowing all permissions appropriately... I even turned them to "ask for permission" so that I would know it was trying. No luck.
  When is Apple going to recognize there's a problem? If I can purchase new items and get them to download right away, clearly there is no issue with ISP or Firewall.

  Having the same issue. I even downloaded a rental last night to have it disappear this morning and it says I have purchased the rental but never downloaded it. I have played with all network settings include as open as possible and no luck.

• Client unable to connect AP with MAC filtering

  I need some help from you, I found problem that some clients cannot connect to AP( but some client can connect as normal). As I checked from logs, I see a lot of messages as below:
  Nov 18 01:13:55.760: %DOT11-4-MAXRETRIES: Packet to client 0023.68be.1c88 reached max retries, removing the client
  Nov 18 01:13:55.760: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0023.68be.1c88 Reason: Previous authentication no longer valid
  Nov 18 01:13:55.763: %DOT11-4-MAXRETRIES: Packet to client 0023.68be.1c88 reached max retries, removing the client
  After that I tried to reload AP and then it can connect as normal but I found the log that it roaming to another AP in the same SSID as log below:
  Nov 21 08:52:12.147: %DOT11-6-ROAMED: Station 0023.68be.1c88 Roamed to 003a.99e6.6860
  Nov 21 08:54:33.855: %DOT11-6-ROAMED: Station 0023.68be.1c88 Roamed to 003a.99e6.6860
  Nov 21 09:04:34.495: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  0023.68be.1c88 Reassociated KEY_MGMT[NONE]
  Nov 21 09:04:39.097: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0023.68be.1c88 Reason: Sending station has left the BSS
  Nov 21 09:04:39.103: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  0023.68be.1c88 Reassociated KEY_MGMT[NONE]
  Nov 21 09:04:42.309: %DOT11-4-MAXRETRIES: Packet to client 0023.68be.1c88 reached max retries, removing the client
  Nov 21 09:04:42.309: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0023.68be.1c88 Reason: Previous authentication no longer valid
  Nov 21 09:04:42.315: %DOT11-4-MAXRETRIES: Packet to client 0023.68be.1c88 reached max retries, removing the client
  I've check from CISCO document, this problem may be from Radio Interference, so please help to investigate and find out the root cause that why some clients cannot connect to AP at that time and how to prevent this problem occurred again.
  Thank you in advance.

  Hi @Krish1840 , and thanks for the reply!
  Do the pages come out blank when making a copy as well?
  I would suggest deleting the printer from your print system, using this document: Uninstalling the Printer Software.
  Once you have deleted it, I would suggest verifying and repairing the disk permissions: About Disk Utility's Repair Disk Permissions feature.
  I would also suggest running your Apple updates:  OS X: Updating OS X and Mac App Store apps
  After the updates, I would recommend readding the printer via OS X v10.9 Mavericks: Installing and Using the Printer on a Mac
  Good luck and please let me know how it goes!
  Please click “Accept as Solution " if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos, Thumbs Up" on the right to say “Thanks" for helping!
  Jamieson
  I work on behalf of HP
  "Remember, I'm pulling for you, we're all in this together!" - Red Green.

• I need help! "Unable to check for purchases" for over a month!!!

  I have been getting the same error message for over a month! Every time I try to check for purchases from the iTunes Store, I get a message saying: "Unable to check for purchases. The network connection timed out." I have 269 items waiting to be downloaded. I am SUPER frustrated, I contacted iTunes customer service twice now, the first time with no response and the second time the response I received didn't help any, I followed up to their answer, again with no response!! I really would like to download these items (most of which I paid for; some were free downloads...). I think this may have happened to me before when my computer crashed and I need to redownload everything from iTunes. I think there is just too many items to download all at once, but they won't even come up in my iTunes, so that I can download them a smaller number at a time! I also had a hard drive failure on my laptop about a week and a half ago (after this problem had already been occuring), and I'm pretty sure any of the items pending downloading that had already begun downloading and was stopped suddenly (a few; maybe a third of what is awaiting downloading...), those items' temporary files were deleted. Could this be causing a problem as well? I've read maybe trying to check for purchases at a less busy time of the day, really early in the morning, or really late at night...Will this work?? I've tried nearly 100 times repeatedly from 8-close to midnight since this has been occuring. I just want the items I paid for. I have been waiting for far too long. I've tried everything suggested and I don't know what else to do!!

  First off, make sure Norton isn't blocking iTS access
  Here are Norton directions
  http://service1.symantec.com/SUPPORT/nip.nsf/0/7fb6e478e2a1abf78825708b00558625? OpenDocument&seg=hm&lg=en&ct=us
  Secondly, you're the third or 4th person to post here that having hundreds of downloads cuases problems.
  Contact iTS again, using the email they already sent. Don't start a new ticket.
  Give them the URL of this topic, and ask them to reduce the number of items in your download queue. The magic number mentioned in the other thread was 69 downloads didn't cause a problem. (Apparently, 70 does)
  Message was edited by: Katrina S.

• Unable to check/uncheck older podcast episodes in iPod sync to iTunes 11.0

  Hi,
  I have a few podcasts in my iTunes where I have saved a large number of episodes. Now I have upgraded to the new version of iTunes I unable to check/uncheck older podcast episodes from iPod syncing - the finder window won't scroll to the bottom of the list, and just 'bounces' after scrolling past a certain number!
  Not sure if this is a bug, or I'm overlooking something.
  Thanks

  I have the same problem.  Scrolling does not work in the iPod podcast list panel, but it works in every other panel or window in iTunes...