Command-line support for encrypted images

Hi,
Is there any support in asr for performing restores using an encrypted image directly? I can't seem to find anything. It isn't much of a burden I guess to mount the image and then use it (now that I know that, anyway), but it seems like an oversight that asr can't just be given a password directly.
Similarly for hdiutil, it has some support for encrypted images, but some things seem to be missing. At the very least you can't convert an encrypted image into an unencrypted image because convert doesn't understand that.
Are these known issues? Are there plans to add this functionality? Or is it considered unnecessary since there's other ways around it?
tom

Sorry for my ignorance, when you say you installed every driver in there are you referring to adding them to the driver database or to your bootwim. Also if you cant grab the logs you might be able to get a report based on an unknown system, look in reporting
under "History of a task sequence deployment on a computer" if there was anything recorded before it bombed out you might be able to get some info. 
Im still leaning towards a network driver though, can you snap an image of the drivers you have loaded into your preferred bootwim.

Similar Messages

  • Command Line Support Not Working in OSD

    I am trying to deploy an image to a dell optiplex 760. I have added all of the storage and nic drivers from Dell's WINPE package, and then all of the drivers from the Intel site for the nic to my boot image. I then enabled command line support on the boot
    image,  after all of this I updated the boot image on my DP. When the SCCM splash screen comes up it says loading network, and then all dialog boxes disappears and the machine reboots. During this time when i press F8 nothing happens. I get no command
    prompt window, and it doesnt pause the reboot. Any Ideas?

    Sorry for my ignorance, when you say you installed every driver in there are you referring to adding them to the driver database or to your bootwim. Also if you cant grab the logs you might be able to get a report based on an unknown system, look in reporting
    under "History of a task sequence deployment on a computer" if there was anything recorded before it bombed out you might be able to get some info. 
    Im still leaning towards a network driver though, can you snap an image of the drivers you have loaded into your preferred bootwim.

  • Command line support

    Adobe, Has CreatePDF a command line support in order to convert multiple pdf files from a specific folder?
    thanks!

    Sorry for my ignorance, when you say you installed every driver in there are you referring to adding them to the driver database or to your bootwim. Also if you cant grab the logs you might be able to get a report based on an unknown system, look in reporting
    under "History of a task sequence deployment on a computer" if there was anything recorded before it bombed out you might be able to get some info. 
    Im still leaning towards a network driver though, can you snap an image of the drivers you have loaded into your preferred bootwim.

  • WebLogic SSO receiving "KDC has no support for encryption type (14)" error

    Hello,
    I am trying to implement SSO using an Off-the-Shelf app running on WebLogic, but receiving "KDC has no support for encryption type (14)" error. I have set the AD Server to “Use DES encryption types for this account” . I have added 'allowtgtsessionkey' registry entry on the client machine as well as the Windows Server on which WebLogic is running. My klist results on the client machine still seems to indicate AD is sending RC4 encryption format (please confirm looking at the results below). I am also attaching the WebLogic error log. I am slo seeing 2 errors at the very beginning of the WebLogic log when I restart the appserver.
    % KLIST output
    C:\Program Files\Resource Kit>klist tickets
    Cached Tickets: (2)
    Server: krbtgt/[email protected]
    KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
    End Time: 8/27/2008 1:52:56
    Renew Time: 9/2/2008 15:52:56
    Server: HTTP/[email protected]
    KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
    End Time: 8/27/2008 1:52:56
    Renew Time: 9/2/2008 15:52:56
    % WebLogic Error
    <Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.realm was not defined, this could cause problems using Kerberos for negotiation>
    <Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.kdc was not defined, this could cause problems using Kerberos for negotiation>
    <Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <Default Authorization isAccessAllowed(): returning PERMIT>
    <Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <DefaultAdjudicatorImpl.adjudicate results: PERMIT >
    <Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <AuthorizationManager.isAccessAllowed returning adjudicated: true>
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
    Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null KeyTab is devmax01.http.keytab refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
    KeyTab: load() entry length: 60
    KeyTabInputStream, readName(): DEV.DENVERWATER.ORG
    KeyTabInputStream, readName(): HTTP
    KeyTabInputStream, readName(): devmax01principal's key obtained from the keytab
    principal is HTTP/[email protected]
    EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
    KrbAsReq calling createMessage
    KrbAsReq in createMessage
    KrbAsReq etypes are: 3 1 1
    KrbKdcReq send: kdc=10.143.60.1 UDP:88, timeout=30000, number of retries =3, #bytes=252
    KDCCommunication: kdc=10.143.60.1 UDP:88, timeout=30000,Attempt =1, #bytes=252
    KrbKdcReq send: #bytes read=1311
    KrbKdcReq send: #bytes read=1311
    EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
    KrbAsRep cons in KrbAsReq.getReply HTTP/devmax01Added server's keyKerberos Principal HTTP/[email protected] Version 4key EncryptionKey: keyType=3 keyBytes (hex dump)=
    0000: B3 86 A4 E5 83 0E 6D 9E
    [Krb5LoginModule] added Krb5Principal HTTP/[email protected] to Subject
    Commit Succeeded
    Found key for HTTP/[email protected]
    Entered Krb5Context.acceptSecContext with state=STATE_NEW
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> < GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - IdentityAssertionException>

    dins wrote:Do you think the klist output in my original posting confirms that AD is not encrypting tickets in DES format ?Yes, the current line prove it :
    KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)The fact is that Microsoft seems to use by default the RC4-HMAC-MD5 encryption type for AD.
    Try to specify only des for encryption type in both your krb5.conf
    [libdefaults]
        default_realm = ...
        default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        ...and kdc.conf
    [realms]
       REALM = {
            kadmind_port = ...
            max_life = ...
            max_renewable_life = ...
            master_key_type = ddes-cbc-md5 des-cbc-crc des3-cbc-sha1
            supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
            kdc_supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        }If it still does not work, I'm out of ammo ;-).

  • Command line tools for xcode mac os x 10.6.8

    Hi,
    Will the latest command line tool work for mac os x 10.6.8 also? If yes, I will go ahead and download them.
    If no, please help find a download location for command line tools for mac os x 10.6.8.
    Also, please let me know if that will support the development of latest ios apps.

    developing for "the latest iOS Apps" is supported by the latest X-code tools, which does NOT run under 10.6.8.
    Version 3.2.6 will run under 10.6.6 and later.
    Version 5.0.1 requires 10.8.4 or later.
    Version 6.1.1 (currently the latest) requires 10.9.4 or later.

  • Is there a command line option for VNC to automatically launch in fullscreen mode?

    I can launch a VNC window from the command line, as such:
    open vnc://username:password@hostname
    ... but I'd like it to automatically start in full screen mode. Is there a command line option for this?
    I'm using an old MacMini purely to connect to another Mac over screen sharing, but when the MacMini boots I'd like it to go straight into the fullscreen of the other desktop.
    Many thanks!

    Set the Integer pref browser.sessionstore.max_resumed_crashes to 0 on the about:config page to get the about:sessionrestore page immediately with the first restart after a crash has occurred or the Task Manager was used to close Firefox.
    * http://kb.mozillazine.org/browser.sessionstore.max_resumed_crashes
    That will allow you to deselect the tab(s) that you do not want to reopen, but will allow to reopen other tabs.
    See:
    * http://kb.mozillazine.org/Session_Restore#Restoring_a_session_after_a_crash
    * http://kb.mozillazine.org/Browser.sessionstore.max_resumed_crashes

  • Command line parameters for automator?

    I'm trying to setup a cron job to so that every morning at 8 am "New Mail.workflow" will open and run. I'm able to get it to open but I was wondering if there were command line parameters for Automator that could open AND run a workflow file? Ideally I'd like it to close after running, but I'll worry about that later. Thanks in advance.

    The preferred way is to save your workflow as an application and then call usr/bin/open on it. If for some reason you must have the workflow run inside of Automator (not self-contained) then you're looking at some quality time with man osascript. As it happens Apple has removed even the need for Cron for most users. A click to File -> Save As Plug-In -> for iCal handles it from start to finish.
    Edit: I forgot to mention that Automator has its own simple command line utility for running *.workflow files. Check out man automator

  • Command line parameters for al_engine.exe

    If you go to a command line window on a DS server and type al_engine.exe with no parameters it prints "Usage" information.  Some of the parameters it mentions are known to the community (like -XX, -XI, etc).  However there are some which sound pretty interesting, but I can't find any information or examples how it should be used.  Examples:
    -L<list of value> : List of Object Labels from UI (separated by , or ; or space) to filter.
    -Je<XML file> Execute the Installation scenario defined in XML file.
    -jd"datastore delta file in quotes>" : Modify datastore values using "file"
    -Jf, -Ja, -We,  and many more.
    I am particularily interested in -Je functiohnality - it sounds like it can be used to automate deployment.  I am using import/export options to do some automation, but real automation would include deletion of some objects, adding jobs to projects, etc.
    Can anybody help with the documentation/examples?

    The preferred way is to save your workflow as an application and then call usr/bin/open on it. If for some reason you must have the workflow run inside of Automator (not self-contained) then you're looking at some quality time with man osascript. As it happens Apple has removed even the need for Cron for most users. A click to File -> Save As Plug-In -> for iCal handles it from start to finish.
    Edit: I forgot to mention that Automator has its own simple command line utility for running *.workflow files. Check out man automator

  • Command Line Parameters for Run Application.vi in the LVWUtil

    I am trying to use the "Run Application.vi" located in the LVWUtil.llb.  I am sending a command line similiar to this:
    "C:\WINXP\system32\msiexec.exe" /i "C:\qc data\ZVMS Program Updates\Application Installer\install.msi"
    this command line works from the Start>Run dialog but the Run Application.vi only sees the beginning of the line "C:\WINXP\system32\msiexec.exe" so it opens the windows installler but does not go to the install.msi file and run it.  Does anyone know the correct command line formats for the Run Application.vi to run the entire command line?
    Thanks,
    BethV

    Hello BethV,
    I downloaded the LVWUtil32.zip file from the Windows API Function Utilities (32-bit) for LabVIEW example program.  In that zip file, is a library entitled Winevent.lib, which includes the Run Application.vi.  When you used this VI, I believe the string you passed in as a input had too many quotation marks.  Namely, you do not need quotes around the msiexec.exe call.  I passed the following string into the Run Application.vi and got the expected results:
    C:\WINDOWS\system32\msiexec.exe /i "C:\mymsi.msi"
    Please let me know if it helps.
    Message Edited by Wendy L on 10-21-2005 02:34 PM
    Wendy L
    LabWindows/CVI Developer Newsletter - ni.com/cvinews
    Attachments:
    RunApplication.GIF ‏2 KB

  • What are the commands for compiling c++ using the command line tools for xcode?

    Hi, I am taking a class in school for c++ and i would like ot be able to practice at home i found the command line tools for xcode and went ahead and installed it on my computer. now i need to know the commands and procedure to be able to compile and run c++.

    c++ testfile.cc

  • Using Command Line Tool for Linux

    I have to use the command lines of Linux for SCM commands(like repcmd, set workarea, checkin etc...)
    should I have to install something?
    I have documentation for using the oracle repository command line Toll for Windows and Unix, but I didn't found anything about using the oracle repository command line Toll for Linux.

    JDeveloper runs excellent on Linux and is supposed to be able to use the repository, but that's a GUI...

  • Command line tools for xcode??

    I am used to compiling code much like the java sdk works from terminal where I say javac the filename and then i get a .class file that i can run by doing the command java and then the .class file after. I am now wanting to learn c++ and I dont feel like installing xcode all i want is a compiler that can run from terminal. i found command line tools for xcode on the apple developers site and i was wondering do i need xcode for this to run and after that what the commands are and how i compile/run the code. But my biggest question is still wether or not i need xcode to let command line tools work. ive read in a couple places i dont need it but in other ive read you do can i get help?!

    You don't need Xcode to compile your apps with; just the compiler/linker.
    Xcode is Apple's IDE.  One could write the same code in TextEdit but that wouldn't be easy nor fun.
    (Missed it by THAT much!) 

  • KDC has no support for encryption type (14)

    I have come across a posting on "KDC has no support for encryption type (14)" - " http://www.webservertalk.com/message1277232.html"
    and believe that I am hitting the same problem. However, there is no solution. Can anybody help?
    I have done all the necessary steps suggested, including changing the registry and removing the unwanted SPN, but the error still there. The only different is probably I combined WebLogic and AD in one machine. But, does that make any difference?
    Client
    ====
    Name: ssoclient.ssow2k.com
    OS: Win XP SP2
    Server
    =====
    Name: ssow2kserver.ssow2k.com
    OS: Windows 2000 Advanced Server SP4
    WLS: BEA WebLogic 8.1.4
    <<Registry>>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
    Value Name: allowtgtsessionkey
    Value Type: REG_DWORD
    Value: 0x01
    The following is the WebLogic myserver log for your reference:
    ========================================================================================
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=console, contextPath=/console, uri=/*>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Admin>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Operator>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Deployer>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Monitor>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(Admin,Operator,Deployer,Monitor)}>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(Admin,Operator,Deployer,Monitor)} successfully deployed for resource type=<url>, application=console, contextPath=/console, uri=/*>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
    ####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> < PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
    ####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Found Negotiate with SPNEGO token>
    ####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext (GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity (SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm (CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Exception weblogic.security.providers.utils.NegotiateTokenException: GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    weblogic.security.providers.utils.NegotiateTokenException : GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:419)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity (PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java :199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute (ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ========================================================================================
    The following are some krb5 packets captured. I suspected it is due to the encryption type used - RC4-HMAC:
    ========================================================================================
    KRB5 (AS-REQ)
    ============
    No. Time Source Destination Protocol Info
    125 10.301166 10.122.1.2 10.122.1.200 KRB5 AS-REQ
    Frame 125 (345 bytes on wire, 345 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.848903000
    Time delta from previous packet: 0.008330000 seconds
    Time since reference or first frame: 10.301166000 seconds
    Frame Number: 125
    Packet Length: 345 bytes
    Capture Length: 345 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Source: 10.122.1.2 (00:0c:29:17:9a:be)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 331
    Identification: 0x0158 (344)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x208d [correct]
    Source: 10.122.1.2 (10.122.1.2 )
    Destination: 10.122.1.200 (10.122.1.200)
    User Datagram Protocol, Src Port: 1075 (1075), Dst Port: kerberos (88)
    Source port: 1075 (1075)
    Destination port: kerberos (88)
    Length: 311
    Checksum: 0x1133 [correct]
    Kerberos AS-REQ
    Pvno: 5
    MSG Type: AS-REQ (10)
    padata: PA-ENC-TIMESTAMP PA-PAC-REQUEST
    Type: PA-ENC-TIMESTAMP (2)
    Type: PA-PAC-REQUEST (128)
    KDC_REQ_BODY
    Padding: 0
    KDCOptions: 40810010 (Forwardable, Renewable, Canonicalize, Renewable OK)
    Client Name (Principal): ssouser
    Realm: SSOW2K.COM
    Server Name (Service and Instance): krbtgt/SSOW2K.COM
    till: 2037-09-13 02:48:05 (Z)
    rtime: 2037-09-13 02:48:05 (Z)
    Nonce: 1870983219
    Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
    Encryption type: rc4-hmac (23)
    Encryption type: rc4-hmac-old (-133)
    Encryption type: rc4-md4 (-128)
    Encryption type: des-cbc-md5 (3)
    Encryption type: des-cbc-crc (1)
    Encryption type: rc4-hmac-exp (24)
    Encryption type: rc4-hmac-old-exp (-135)
    HostAddresses: SSOCLIENT<20>
    KRB5 (AS-REP)
    ============
    No. Time Source Destination Protocol Info
    126 10.303156 10.122.1.200 10.122.1.2 KRB5 AS-REP
    Frame 126 (1324 bytes on wire, 1324 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.850893000
    Time delta from previous packet: 0.001990000 seconds
    Time since reference or first frame: 10.303156000 seconds
    Frame Number: 126
    Packet Length: 1324 bytes
    Capture Length: 1324 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
    Destination: 10.122.1.2 (00:0c:29:17:9a:be)
    Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1310
    Identification: 0x0a0f (2575)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1403 [correct]
    Source: 10.122.1.200 (10.122.1.200)
    Destination: 10.122.1.2 (10.122.1.2)
    User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1075 (1075)
    Source port: kerberos (88)
    Destination port: 1075 (1075)
    Length: 1290
    Checksum: 0xb637 [correct]
    Kerberos AS-REP
    Pvno: 5
    MSG Type: AS-REP (11)
    Client Realm: SSOW2K.COM
    Client Name (Principal): ssouser
    Ticket
    enc-part rc4-hmac
    Encryption type: rc4-hmac (23)
    Kvno: 1
    enc-part: E3610239EACDD0E6D4E89AA7D81A355F6C93B95D95B13B56...
    KRB5 (TGS-REQ)
    ============
    No. Time Source Destination Protocol Info
    127 10.309350 10.122.1.2 10.122.1.200 KRB5 TGS-REQ
    Frame 127 (1307 bytes on wire, 1307 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.857087000
    Time delta from previous packet: 0.006194000 seconds
    Time since reference or first frame: 10.309350000 seconds
    Frame Number: 127
    Packet Length: 1307 bytes
    Capture Length: 1307 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Source: 10.122.1.2 (00:0c:29:17:9a:be)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1293
    Identification: 0x0159 (345)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1cca [correct]
    Source: 10.122.1.2 (10.122.1.2)
    Destination: 10.122.1.200 ( 10.122.1.200)
    User Datagram Protocol, Src Port: 1076 (1076), Dst Port: kerberos (88)
    Source port: 1076 (1076)
    Destination port: kerberos (88)
    Length: 1273
    Checksum: 0xd085 [correct]
    Kerberos TGS-REQ
    Pvno: 5
    MSG Type: TGS-REQ (12)
    padata: PA-TGS-REQ
    Type: PA-TGS-REQ (1)
    KDC_REQ_BODY
    Padding: 0
    KDCOptions: 40800000 (Forwardable, Renewable)
    Realm: SSOW2K.COM
    Server Name (Service and Instance): HTTP/ssow2kserver.ssow2k.com
    till: 2037-09-13 02:48:05 (Z)
    Nonce: 1871140380
    Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
    Encryption type: rc4-hmac (23)
    Encryption type: rc4-hmac-old (-133)
    Encryption type: rc4-md4 (-128)
    Encryption type: des-cbc-md5 (3)
    Encryption type: des-cbc-crc (1)
    Encryption type: rc4-hmac-exp (24)
    Encryption type: rc4-hmac-old-exp (-135)
    KRB5 (TGS-REP)
    ============
    No. Time Source Destination Protocol Info
    128 10.310791 10.122.1.200 10.122.1.2 KRB5 TGS-REP
    Frame 128 (1290 bytes on wire, 1290 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.858528000
    Time delta from previous packet: 0.001441000 seconds
    Time since reference or first frame: 10.310791000 seconds
    Frame Number: 128
    Packet Length: 1290 bytes
    Capture Length: 1290 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
    Destination: 10.122.1.2 (00:0c:29:17:9a:be)
    Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1276
    Identification: 0x0a10 (2576)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1424 [correct]
    Source: 10.122.1.200 (10.122.1.200)
    Destination: 10.122.1.2 (10.122.1.2)
    User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1076 (1076)
    Source port: kerberos (88)
    Destination port: 1076 (1076)
    Length: 1256
    Checksum: 0x1318 [correct]
    Kerberos TGS-REP
    Pvno: 5
    MSG Type: TGS-REP (13)
    Client Realm: SSOW2K.COM
    Client Name (Principal): ssouser
    Ticket
    enc-part rc4-hmac
    Encryption type: rc4-hmac (23)
    Kvno: 1
    enc-part: 4D2A9E8590CC716EA6571B093B6FAF89537B0B89F832C073...
    ========================================================================================
    Can anybody enlighten me on how you solve this problem? Thanks.

    I ran into this error and caught the error code to remind me to edit the registry.
    if (sError.contains("KDC has no support for encryption type (14)")){
                        JOptionPane.showMessageDialog(null,"Error " + ThisErrorCode.myErrorCode() + '\n' +
                        " http://support.microsoft.com/default.aspx?scid=kb;en-us;308339" + '\n' + '\n' +
                        "There is a known issue involving Windows clients running Windows 2000 SP4, XP SP2." + '\n' +
                        "To avoid the error, administrators need to update the Windows registry." + '\n' +
                        "The registry key, allowtgtsessionkey, should be added, and its value set correctly" + '\n' +
                        "to allow session keys to be sent in the Kerberos Ticket-Granting Ticket." + '\n' + '\n' +
                        "Windows XP SP2, add the registry entry:" + '\n' +
                        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\" + '\n' +
                        "Value Name: allowtgtsessionkey" + '\n' +
                        "Value Type: REG_DWORD" + '\n' +
                        "Value: 0x01" ,null, JOptionPane.ERROR_MESSAGE);
                        System.exit(-1);

  • Problem: KDC has no support for encryption type (14)

    hi, I have dealing the problem for long time and no response in bea forum.
    I feel very exhausted when checking mit's kerberos mailist and sun forum. Any try every method they provide but not success.
    first I generate the keytab using w2k's ktpass
    ktpass -princ HTTP/[email protected] -mapuser weblogic -pass weblogic -out dlsvr_keytab -crypto des-cbc-crc
    and it turn out to be successful.
    My W2KSP4 KDC Config is:
    c:\winnt\krb5.ini-----------------------------
    [libdefaults]
    default_realm = DLSVR.COM
    default_tkt_enctypes = des-cbc-crc
    default_tgs_enctypes = des-cbc-crc
    ticket_lifetime = 600
    [realms]
    DLSVR.COM = {
    kdc = 192.168.2.231
    admin_server = dlserver
    default_domain = DLSVR.COM
    [domain_realm]
    .dlsvr.com= DLSVR.COM
    [appdefaults]
    autologin = true
    forward = true
    forwardable = true
    encrypt = true
    i also set des type in AD Accout and also reset password after that
    i create my keytab using des-cbc-crc as you can see in the log below :
    <2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
    KeyTab: load() entry length: 50
    KeyTabInputStream, readName(): DLSVR.COM
    KeyTabInputStream, readName(): host
    KeyTabInputStream, readName(): weblogic
    KeyTab: load() entry length: 44
    KeyTabInputStream, readName(): dlsvr.com
    KeyTabInputStream, readName(): weblogic
    EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
    crc32: e9889c7a
    crc32: 11101001100010001001110001111010
    KrbAsReq calling createMessage
    KrbAsReq in createMessage
    KrbAsReq etypes are: 1
    KrbKdcReq send: kdc=192.168.2.231 UDP:88, timeout=30000, number of retries =3, #bytes=216
    KDCCommunication: kdc=192.168.2.231 UDP:88, timeout=30000,Attempt =1, #bytes=216
    KrbKdcReq send: #bytes read=1217
    KrbKdcReq send: #bytes read=1217
    EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
    crc32: 54c176ae
    crc32: 1010100110000010111011010101110
    KrbAsRep cons in KrbAsReq.getReply host/weblogicFound key for host/[email protected]
    Entered Krb5Context.acceptSecContext with state=STATE_NEW
    <2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no
    support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProvider
    Impl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    So i don't know why win2k's KDC not support the des-cbc-crc,
    Any Help or Clue woud be highly appreciated!
    david

    Exception was: javax.naming.AuthenticationException: KDC has no support for encryption type (14) [Root exception is KrbException: KDC has no support for encryption type (14)]
    at com.sco.tta.server.security.java14.KerberosAuth.login(KerberosAuth.java:286)
    at com.sco.tta.server.login.ADLoginAuthority.authenticate(ADLoginAuthority.java:39 0)
    Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2.
    Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.
    On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
    Value Name: allowtgtsessionkey
    Value Type: REG_DWORD
    Value: 0x01 ( default is 0 )
    By default, the value is 0; setting it to "0x01" allows a session key to be included in the TGT.

  • GSSException"KDC has no support for encryption type (14)" on token exchange

    I'm stumped. Just started working with an MIT KDC v5 1.3.1 running on Linux and trying to get the IBM sample apps (GSSClient and GSSServer) working. The apps are here: http://www-106.ibm.com/developerworks/java/library/j-gss-sso/
    I have two principals set up using defaults: one for the client and one for the server. The GSSClient, GSSServer and KDC are all running on the same machine in the same Realm.
    I start the server just fine and it waits with:
    GSSServer starts... Waiting for incoming connectionWhen I run the client the client authentictes and the context is successsfully created. However, the GSSServer throws an Exception:
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
    at com.ourcorp.caa.security.GSSServer.run(GSSServer.java:138)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Unknown Source)
    at com.ourcorp.caa.security.GSSServer.startServer(GSSServer.java:98)
    at com.ourcorp.caa.security.GSSServer.main(GSSServer.java:71)
    The client also throws an Exception:
    GSSClient... Getting client credentials
    GSSClient... GSSManager creating security context
    GSSClient...Sending token to server over secure context
    GSSClient...Secure context initialized
    GSSClient...Written 511 bytes
    GSSClient...Exception nulljava.io.EOFException
    at java.io.DataInputStream.readInt(DataInputStream.java:448)
    at com.ourcorp.caa.security.GSSClient.run(GSSClient.java:184)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:320)
    at com.ourcorp.caa.security.GSSClient.login(GSSClient.java:117)
    at com.ourcorp.caa.security.GSSClient.main(GSSClient.java:63)
    Client authentication denied...
    This happens consistently and I cannot get passed this point! The weird thing is, is that the same thing happens using the Windows 2003 Server KDC! Same Exception.
    Can anyone help me understand what is causing this? The Exception mentions "KDC has no support for encryption type (14)" but we're not specifying any encryption type other than the defaults. The principals are the same as far as I know.
    Thanks.

    Interesting I managed to get this example to work but I had to create two principals (one for the client one for the server) with encryption types of "des-cbc-crc:normal" only . It seems that a with principal with "des-cbc-crc:normal" and "des3-hmac-sha1:normal" encryption types causes the Exception. So, the question I have is: does the GSS API support TripleDES or what? The KDC is obviosuly trying to use it for the user-user exchange but fails.
    Anyone got any ideas? Thanks.

Maybe you are looking for

  • When using a website's pulldown menu (i.e. Facebook), the text is not visible. I have already reset Firefox/

    I go to facebook and click on one of the toolbar options like messages. The drop down window opens but no text is visible. If I click on a region of the open window, sometimes it will take me to a message. This also happens on yahoo.

  • Facebook inbox notifications are no longer showing with new OS 4.5

    Hi all: I have a Curve 8310 with ATT. Just downloaded the new os 4.5 and got the facebook reinstalled so that I can see the icon. However, now when I get messages through my facebook inbox, notifications no longer appear on the home screen. On fact,

  • ADF/BC4J EO and VO cache question

    I created an EO off a simple table and a corresponding VO. I created a Struts/JSP app to display, add, and update the records. When I add or update records through the Struts/JSP app, I see my add and updates on the display page --- this is expected.

  • Office 2004 and "not responding" message

    My office 2004 student/teachers worked fine even on leopard - until recently. My latest updates were works and life 2009 and Abiword. Now when i reinstall using all methods suggested, - the install works but on clicking on any of the office icons suc

  • ITunes fails to update app

    Hello I'm running the latest version of iTunes, when I go into apps and click update all apps download ok, all seem to update but every time "Angry Birds Rio" fails to update, it always says there is any update, Any tips on how to update it Paul