Comodo certs

when I run through https://testconnectivity.microsoft.com and do the Lync test for logging in we get:
Couldn't sign in. Error: Error Message: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Error Type: TlsFailureException.
We use a mix of Comodo (wildcard certificate on reverse proxy) and Terena (san certificate on edge) certificates. Can login fine etc. just concerned that these checks are failing.
The autodiscovery test passes fine etc.
Can anyone advise please?

Hi Evotel2015,
The Remote connectivity tool is a relatively old tool, the test failure by this tool doesn’t mean Lync client login will not work as expected.
And the authenticated UC certificate partners for your reference.
https://support.microsoft.com/en-us/kb/929395
Best regards,
Eric
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

Comodo Certificate

Hello,
I have Lync 2013 running on Windows Server 2012 R2.
It is fully patched and up to date.
I have one Front End Server and one Edge Server.
One of our Federated partners uses Comodo certs. He has exported them from his Edge Server, and I have imported them on mine. Both the 'trusted root' cert and the 'intermediate' cert.
I cannot ''Join a Lync Meeting" from within Outlook, and sharing apps, powerpoint, the whiteboard, etc, does not work.
Do I need to restart the Edge Server?
Anyone have any suggestions dealing with Comodo?
Thanks everyone,
Candee

Did you configure Lync federation?
You didn't need to import his certificate at your site.
Verify DNS records for federation and firewall ports for federation is open
http://technet.microsoft.com/en-us/library/jj618373.aspx
For configure Lync Federation, You can refer below link
http://technet.microsoft.com/en-us/library/jj204800.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical | Twitter:
Mai Ali

Unknown Publisher issue in Native Installer

Hi,
There is one issue I'm facing. I have a verified certificate with which I have produced a native installer for Windows. The problem is when I download this installer file from my web server, it gives me a prompt with Publisher: UNKNOWN. Can anyone please let me know where I'm wrong? Please see the attached image

Hi,
The Comodo Cert is a social web trust mechanism used as a sort of 'recommendation of trust' for users / customers of an ecommerce web presence.
The cert you would need would have to come from one of the organisations in Adobe Approved Trust List (AATL)
http://www.adobe.com/security/approved-trust-list.html
aa) If your app is going out to thousands++ of users in the public domain, who expect future releases you should investigate obtaining a cert from one of the AATL members.
bb) If your app is internal to an organisation, you could make yourself a trusted authority, have a look at http://biosocket.com/tag/trusted-certificate-authority
I can't vouch for bb) as all my development is on Mac OS X and Linux
Hope this helps
Cheers
Mark

Encrypting email?

I have S/MIME working fine for encrypted/signed email messages sent from my imac (10.8) to my iphone 5 (latest IOS).
No problem.
I have GPG Tools on my imac.
I have a free comodo email cert (now on my imac and my iphone (both keys)).
However, I can't send S/MIME encrypted/signed emails from my iphone to my imac.
Not sure why.
When I open a new email form on the iphone, it says Encrypted at the top.
As soon as I choose a To email address (even my own, the one tied to the cert), it changes to Not Encrypted.
Does anybody have any clues?
Comodo does not.
However, maybe this is relevant:
On the iphone, in the Profile area, under Settings>General, for the comodo cert for my email account, it says NOT TRUSTED.
It was installed 1/1/2014, and it is definitely comodo's cert.
Again, I have no trouble decrypting email, but cannot encrypt email on the iphone.
Thanks.
Mac

http://www.cfuze.com displays a
holding page.
Is there anywhere else that explains how to encrypt mail
(MX7)?

Comodo email cert not signed for iOS

I've installed many a email certificate from Comodo. But now I have issues. When I export from keychains the certificate (listed as [email protected] which has bot the cert and private key) then email it to my iPhone, when I open the .p12 attachment it shows not signed. So I cannot install the profile.
Has anyone else encountered this? Something different on iOS 8 I believe.

Hello, CavaHaru.
Thank you for visiting Apple Support Communities.
Here is an article that I would recommend going through when experiencing issues with Mail.
iOS: Troubleshooting Mail
http://support.apple.com/kb/ts3899
Cheers,
Jason H.

Outlook 2013 - Password change breaks S/MIME Certs "An error occurred in the underlying security system. Key not valid for us in specified state."

AD password change comes up, user changes password.
Tries to send signed or encrypted email with a Comodo S/MIME certificate, and gets the following error:
""An error occurred in the underlying security system. Key not valid for us in specified state."
I now have two reports of this error - one on Windows 7, and one on Windows 8.0 (remote user).
The one on Windows 8.0, we tried removing their S/MIME cert from Outlook/Windows and re-adding, this did NOT resolve the issue.
Plan was originally to have the 8.0 user ship their machine in, and wipe it, since nothing else could fix it and I wasn't finding anyone else with the same issue. Now that I've got a second user with the same issue, its looking like a bug/issue and
not a random glitch.
Thanks in advance for any and all help with this!

Hi,
Thank you for your question.
I am trying to involve someone familiar with this topic to further look at this issue.
Thanks,
Melon Chen
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click
here

Problem in accessing webservice over https with auth cert enabled...Urgent

Hi All,
I am stuck in accessing webservices using ssl and auth certificate.
I am using jdk 6 and it is not any issue with the problem I am facing...
This is what I do...
I have a webservice deployed which is accessible over https.
On server, I run..
- to generate keystoye
keytool -genkey -alias tomcat-sv -dname "CN=<Server Machine Id>, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore
generate server certificate
keytool -export -alias tomcat-sv -storepass changeit -file server.cer -keystore server.keystore
On client, i run..
To generate client keystore-
keytool -genkey -alias tomcat-cl -dname "CN=<Client Machine Id>, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore client.keystore
To generate client certificate -
keytool -export -alias tomcat-cl -storepass changeit -file client.cer -keystore client.keystore
Thne I import server's certificate into client keystore and Client's certificate to server's keystore by
import server's cer to client keystore -
keytool -import -v -trustcacerts -alias tomcat -file "C:\java\jdk1.6.0_10\bin\server.cer" -keystore client.keystore -keypass changeit -storepass changeit
inport client's cer to server keystore -
keytool -import -v -trustcacerts -alias tomcat -file "C:\jdk1.6.0_06\bin\client.cer" -keystore server.keystore -keypass changeit -storepass changeit
when i try to call webservices through a java client (which is called by a python script), I get error as
*"Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed"*
*"faultString: java.net.SocketException: Software caused connection abort: recv failed"*
complete log is as following
C:\apache-tomcat-6.0.10\webapps\webservice>tradereport.py
Jun 23, 2008 3:05:59 PM currenex.share.log.CxLogger log
INFO: details=before SSL change
Jun 23, 2008 3:05:59 PM currenex.share.log.CxLogger log
INFO: details=after SSL change
log4j:WARN No appenders could be found for logger (org.apache.axis.i18n.ProjectResourceBundle).
log4j:WARN Please initialize the log4j system properly.
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1214213509 bytes = { 50, 7, 252, 244, 34, 192, 54, 190, 160, 197, 162, 65, 78, 3, 120, 182, 179, 199
, 160, 208, 223, 247, 41, 216, 188, 138, 228, 70 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_1
28_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_
DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA
_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WI
TH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 7873
*** ServerHello, TLSv1
RandomCookie: GMT: 1214213504 bytes = { 98, 89, 26, 148, 19, 15, 45, 155, 163, 196, 220, 193, 150, 127, 19, 44, 130, 16
5, 78, 243, 155, 34, 214, 123, 198, 89, 102, 15 }
Session ID: {72, 95, 110, 128, 129, 101, 2, 252, 120, 147, 235, 106, 51, 210, 236, 197, 28, 197, 154, 236, 116, 85, 185
, 177, 153, 9, 235, 160, 228, 124, 191, 206}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Anuj-Shukla, OU=X, O=Y, L=Z, ST=XY, C=YZ
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 1155910927093088021038703558200517321935975136532818479526927502986487608253029863427194046282623217778572406
007584457425344367852682875007488075549568987019062497769571000978532532156228707400592262495876461712276454493567147822
56749486566093981751121311864618619780132448329770352303648687445023336431685957
public exponent: 65537
Validity: [From: Mon Jun 23 14:17:18 GMT+05:30 2008,
               To: Sun Sep 21 14:17:18 GMT+05:30 2008]
Issuer: CN=Anuj-Shukla, OU=X, O=Y, L=Z, ST=XY, C=YZ
SerialNumber: [    485f6316]
Algorithm: [SHA1withRSA]
Signature:
0000: 48 05 F9 A9 89 C6 87 83 C4 02 C4 44 F4 7C A0 54 H..........D...T
0010: F6 9A 57 69 F0 DB 37 79 FD 8F 90 E9 8F 3E C2 DB ..Wi..7y.....>..
0020: 9F D7 CC 15 28 0A 73 80 0A DC D0 7F EC 1C EE BD ....(.s.........
0030: 23 EF E7 28 79 F3 7F C7 CC 7D A6 C6 F7 59 9A 17 #..(y........Y..
0040: 73 ED 8B FF 6A 76 7F F7 4F 97 48 DF 23 A6 4C 42 s...jv..O.H.#.LB
0050: B2 B4 5C 00 D0 77 88 12 F4 97 4E 66 7C EE F0 66 ..\..w....Nf...f
0060: E6 95 8C B1 58 BF C5 E8 B5 64 A3 D5 5E EA 07 02 ....X....d..^...
0070: FE 3D 63 7F F4 0B DC 86 66 B7 4B 4F 0C 1C 69 0F .=c.....f.KO..i.
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
<[email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte
Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA>
<CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE>
<CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US>
<CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE>
<CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by
ref. (limits liab.), O=Entrust.net>
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE>
<CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certificat
ion Authority - G2, O="VeriSign, Inc.", C=US>
<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. b
y ref. (limits liab.), O=Entrust.net, C=US>
<CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE>
<[email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consu
lting cc, L=Cape Town, ST=Western Cape, C=ZA>
<CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS i
ncorp. by ref. limits liab., O=Entrust.net, C=US>
<CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only"
, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<[email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCe
rt, Inc.", L=ValiCert Validation Network>
<CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE>
<CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE>
<OU=Equifax Secure Certificate Authority, O=Equifax, C=US>
<OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US>
<CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US>
<CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only"
, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certificat
ion Authority - G2, O="VeriSign, Inc.", C=US>
<CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certificat
ion Authority - G2, O="VeriSign, Inc.", C=US>
<OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US>
<CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2>
<CN=Anuj-Shukla, OU=X, O=Y, L=Z, ST=XY, C=YZ>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incor
p. by ref. (limits liab.), O=Entrust.net>
<OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
<[email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte C
onsulting, L=Cape Town, ST=Western Cape, C=ZA>
<[email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consu
lting, L=Cape Town, ST=Western Cape, C=ZA>
<CN=Client, OU=X, O=Y, L=Z, ST=XY, C=YZ>
<CN=GeoTrust Global CA, O=GeoTrust Inc., C=US>
<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=Sonera Class1 CA, O=Sonera, C=FI>
<OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US>
<CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
<CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake Cit
y, ST=UT, C=US>
<CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only"
, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=America Online Root Certification Authority 1, O=America Online Inc., C=US>
<CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by
ref. (limits liab.), O=Entrust.net>
<CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
<CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
<CN=Sonera Class2 CA, O=Sonera, C=FI>
<CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE>
*** ServerHelloDone
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 E5 87 BC 2A E8 70 60 BA DE FA BB 42 2D 1E .....*.p`....B-.
0010: 3D 21 DB 52 A7 6C FC 55 9F 77 3A 97 B5 33 F7 33 =!.R.l.U.w:..3.3
0020: 2A FD 65 5A 78 CE 1F F4 63 29 15 D1 48 4C 46 7A *.eZx...c)..HLFz
CONNECTION KEYGEN:
Client Nonce:
0000: 48 5F 6E 85 32 07 FC F4 22 C0 36 BE A0 C5 A2 41 H_n.2...".6....A
0010: 4E 03 78 B6 B3 C7 A0 D0 DF F7 29 D8 BC 8A E4 46 N.x.......)....F
Server Nonce:
0000: 48 5F 6E 80 62 59 1A 94 13 0F 2D 9B A3 C4 DC C1 H_n.bY....-.....
0010: 96 7F 13 2C 82 A5 4E F3 9B 22 D6 7B C6 59 66 0F ...,..N.."...Yf.
Master Secret:
0000: 98 D5 9E C0 97 14 DB 9F 0E 3B 15 6B 1E F8 06 2C .........;.k...,
0010: 27 99 A4 69 B8 E4 16 03 BD 89 B9 D0 CB C5 C9 DF '..i............
0020: AE 4B 16 56 56 B2 02 F8 E0 71 1D D8 04 05 11 BF .K.VV....q......
Client MAC write Secret:
0000: 6F B7 22 74 D6 1E 44 16 C5 CB CE CE 8E 0F 46 E1 o."t..D.......F.
Server MAC write Secret:
0000: F8 DA 34 1A 53 55 E0 6D 50 25 3E 7F E5 69 91 51 ..4.SU.mP%>..i.Q
Client write key:
0000: F7 05 6E 10 62 0C AE 4A BC 96 E2 25 BA BC 46 BD ..n.b..J...%..F.
Server write key:
0000: E2 7D 11 FF 4A F3 C5 4F 94 9D 5C 57 71 5A 16 D1 ....J..O..\WqZ..
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 216, 54, 180, 236, 72, 70, 181, 20, 31, 128, 165, 12 }
main, WRITE: TLSv1 Handshake, length = 32
main, waiting for close_notify or alert: state 1
main, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
Jun 23, 2008 3:06:06 PM currenex.share.log.CxLogger log
INFO: details=Exception occured while calling Login service in callLoginWebService
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.net.SocketException: Software caused connection abort: recv failed
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(Unknown Source)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at currenex.webservice.share.definitions.AuthenticationBindingStub.login(AuthenticationBindingStub.java:362)
at currenex.webservice.clients.util.WebserviceTestUtil.callLoginLogoutWebService(WebserviceTestUtil.java:132)
at currenex.webservice.clients.util.TradeCreateTester.createWebLogin(TradeCreateTester.java:64)
{http://xml.apache.org/axis/}hostname:anuj
java.net.SocketException: Software caused connection abort: recv failed
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at currenex.webservice.share.definitions.AuthenticationBindingStub.login(AuthenticationBindingStub.java:362)
at currenex.webservice.clients.util.WebserviceTestUtil.callLoginLogoutWebService(WebserviceTestUtil.java:132)
at currenex.webservice.clients.util.TradeCreateTester.createWebLogin(TradeCreateTester.java:64)
Caused by: java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(Unknown Source)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
... 12 more
Jun 23, 2008 3:06:06 PM currenex.share.log.CxLogger log
INFO: details=Login response is null, login was not successful
Login was unsuccessful
*In apache's server.xml, My webservice is deployed as*
<Connector className="org.apache.catalina.connector.http.HttpConnector"
     port="8443" minProcessors="5" maxProcessors="75" enableLookups="true"
     acceptCount="10" debug="0"
     protocol="HTTP/1.1" SSLEnabled="true" secure="true"
maxThreads="150" scheme="https"
     keystoreFile="lib/server.keystore"
keystorePass="changeit" clientAuth="true"
          >
          <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
     protocol="TLS"/>
</Connector>
Please note clientAuth="true" parameter,
when I set it to false, My test runs smoothly and no exception/issue is reported
Not to forget, my javaclient has following lines too..
//System.setProperty("javax.net.ssl.keyStore", "C:\\java\\jdk1.6.0_10\\jre\\lib\\security\\cacerts");
//System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
//System.setProperty("javax.net.ssl.trustStore", "C:\\java\\jdk1.6.0_10\\jre\\lib\\security\\cacerts");
//System.setProperty("java.protocol.handler.pkgs" , "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.trustStore","C:\\java\\jdk1.6.0_10\\bin\\client.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
//System.setProperty("com.sun.net.ssl.rsaPreMasterSecretFix" , "true");
//System.setProperty("javax.net.ssl.keyStore", "C:\\java\\jdk1.6.0_10\\bin\\server.keystore");
//System.setProperty("javax.net.ssl.keyStorePassword","changeit");
System.setProperty("javax.net.debug", "ssl");
s_log.info("after SSL change");
I tried all possible combinbations of these properties but nothing worked...
Please let me know if I am missing any required step.. here
Ask me if you want to know more details about my problem.
This is very urgent and critical.. Many thanks in advance.

Hi ejp,
thanks for your reply. I did read your post in other thread that you pointed.
I had searched quite a lot on this issue and had idea that it might be due to firewall settings..
but sadly, I don't know the solution. Well, you have seen the entire code that I wrote and exception too, Could you suggest me a way out? or any specific firewall setting or a workaround?
Please let me know if you need any other info from my side regarding the code.
Thanks a Ton!
Anuj

SSL Cert used to sign Jars for distribution via WebStart

Hi,
I have an SSL cert (Comodo InstallSSL) for my website and wondered if I can use it to sign jars so, when distributed via webstart, the old "untrusted source" message doesn't get displayed. I've been doing a lot of reading but, to be honest, I can't really find my bearings! I have imported the cert into my keystore but get the message when I try to sign a jar:
Certificate chain not found for: myalias myalias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.I have the following files in relation to my cert:
xxx.cabundle (this can be imported into keytool easily)
cert/xxx.crt (looks like a PGP file, cannot be imported (-import) into keytool)
private/xxx.key
My questions I suppose are:
1. Can I use a cert issued for SSL to sign jars for webstart distribution?
2. If yes to 1; what steps other than importing the cert alone (which generates the message above) do I need to do to achieve this?
Any help would be appreciated!
Rich

Hi,
yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.
Sent from Cisco Technical Support Android App

Comodo InstantSSL

Hi,
I'm having a problem with my HTTPS website:
- The site is secured by Comodo InstantSSL cert, which, itself is signed by GTE
- a page contains an Applet
When Java plugin (1.5.0_04) tries to load the applet over HTTPS it says that the certificate cannot be verified and asks you to either trust the site or not...
It's working everywhere except for Java Plugin... When looking at the cert it's showing I only see two certs in the chain - my site and Comodo... GTE is missing... If I view it from Internet Explorer it shows all three and hence can find the trusted authority.
I know of one solution - import Comodo CA cert into my java key store but I cannot ask all users of our website to do so.
Why doesn't Java Plugin go all the way up the chain????
Thanks!
Artem

The applet itself must probably be signed. You could not sign applet with comodo certificates.

ADT error with comodo code signing certificate

Hello,
I'm trying to sign an AIR app with a Comodo code signing cert.
- SHA-256 with RSA Encryption
- Java 1.8 (same problem with 1.6)
- AIR 15 (same problem with older versions)
My command :
java -jar -Xmx1024m /data/sdk/AIRSDK_Compiler15/lib/adt.jar -sign -storetype pkcs12 -storepass ******* -keystore cert/air-distrib.p12 bin-release/TestCert.airi bin-release/TestCert.air
I get the following error :
Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
    at java.util.Arrays.copyOf(Arrays.java:3181)
    at java.util.ArrayList.grow(ArrayList.java:261)
    at java.util.ArrayList.ensureExplicitCapacity(ArrayList.java:235)
    at java.util.ArrayList.ensureCapacityInternal(ArrayList.java:227)
    at java.util.ArrayList.add(ArrayList.java:458)
    at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2026)
    at java.security.KeyStore.load(KeyStore.java:1433)
    at com.adobe.ucf.UCF.processSigningOptions(UCF.java:313)
    at com.adobe.ucf.UCF.parseSigningOptions(UCF.java:298)
    at com.adobe.air.ADT.parseSign(ADT.java:1589)
    at com.adobe.air.ADT.parseArgsAndGo(ADT.java:598)
    at com.adobe.air.ADT.run(ADT.java:435)
    at com.adobe.air.ADT.main(ADT.java:485)
When i increase java memory at 8go, java uses 6go and don't stop... (nothing after 20 minutes...)
Any idea ?
ADT or cert problem ? Other ?
Thx.
Jonas

Yeah !
The certificate was generated in firefox...
Import it into IE and regenerate the certificate fixed the problem
Jonas

Serious Cert and hostname problem

Running Server 2012 with Exchange 2013 since 2012, all ok. SSL Cert ran out recently, bought new from Comodo. In the old UC Cert I had 4 names incleded: mail.domain.ch, autodiscover.domain.ch, hostname.domain.ch and the hostname alone. Comodo (and probably
other Certs) do no longer accept single hostnames in Certs so I omitted that. Now login to EMC is no longer possible and Outlook can no longer connect. EMS works but obviously with limited command set. Tried
Set-ClientAccessServer command. It is not recognized as are others. There are some commands working with "get-excommand" but not those needed to configure FQDN instead of hostname to access the Server. Any help is greatly appreciated.
Marcel

Dicicert test shows: Certificate does not match FQDN.
https://testconnectivity.microsoft.com/ Shows (unfortunately all in German):
Error testing Acrtive Sync
Fehler beim Testen der AutoErmittlung für Exchange ActiveSync (Error testing autodiscover for Active Sync)
Fehler beim Testen der AutoErmittlung (Error testing autodiscover) (same for the next 3 steps)
Der AutoErmittlungsdienst konnte mit keiner Methode erfolgreich kontaktiert werden (the autodiscover service could by no means be contacted)
Es wird versucht, DNS-MX-Einträge für Domäne 'snnet.ch' abzurufen.
Mindestens ein MX-Eintrag wurde erfolgreich aus DNS abgerufen.
Weitere Details
MX-Einträge Host snlemon.snnet.ch, Einstellung 10
Verstrichene Zeit: 135 ms.
Mail-Exchanger snlemon.snnet.ch wird getestet.
Dieser Mail-Exchanger wurde erfolgreich getestet.
(MX entry ok, SMTP mail exchange ok)
Es wird versucht, für die IP-Adresse 62.2.148.162 Reverse-DNS-Lookups auszuführen.
Die Microsoft-Verbindungsuntersuchung hat die IP-Adresse 62.2.148.162 erfolgreich über Reverse-DNS-Lookup aufgelöst.
Weitere Details
Die Microsoft-Verbindungsuntersuchung hat die IP-Adresse 62.2.148.162 als Host 62-2-148-162.static.cablecom.ch aufgelöst.
Verstrichene Zeit: 376 ms.
RBL-Test (Real-Time Black Hole List) wird ausgeführt
Ihre IP-Adresse wurde in keiner der ausgewählten Sperrlisten gefunden.
Weitere Details
Verstrichene Zeit: 9379 ms.
Testschritte
Sperrliste "SpamHaus Block List (SBL)" wird überprüft
Die Adresse befindet sich nicht in der Sperrliste.
Weitere Details
Die IP-Adresse 62.2.148.162 wurde nicht in RBL gefunden.
Verstrichene Zeit: 30 ms.
Sperrliste "SpamHaus Exploits Block List (XBL)" wird überprüft
Die Adresse befindet sich nicht in der Sperrliste.
Weitere Details
Die IP-Adresse 62.2.148.162 wurde nicht in RBL gefunden.
Verstrichene Zeit: 53 ms.
Sperrliste "SpamHaus Policy Block List (PBL)" wird überprüft
Die Adresse befindet sich nicht in der Sperrliste.
Weitere Details
Die IP-Adresse 62.2.148.162 wurde nicht in RBL gefunden.
Verstrichene Zeit: 186 ms.
Sperrliste "SpamCop Block List" wird überprüft
Die Adresse befindet sich nicht in der Sperrliste.
Weitere Details
Die IP-Adresse 62.2.148.162 wurde nicht in RBL gefunden.
Verstrichene Zeit: 39 ms.
Sperrliste "NJABL.ORG Block List" wird überprüft
Die Adresse befindet sich nicht in der Sperrliste.
Weitere Details
Die IP-Adresse 62.2.148.162 wurde nicht in RBL gefunden.
Verstrichene Zeit: 8717 ms.
Sperrliste "SORBS Block List" wird überprüft
Die Adresse befindet sich nicht in der Sperrliste.
Weitere Details
Die IP-Adresse 62.2.148.162 wurde nicht in RBL gefunden.
Verstrichene Zeit: 91 ms.
Sperrliste "MSRBL Combined Block List" wird überprüft
Die Adresse befindet sich nicht in der Sperrliste.
Weitere Details
Die IP-Adresse 62.2.148.162 wurde nicht in RBL gefunden.
Verstrichene Zeit: 53 ms.
Sperrliste "UCEPROTECT Level 1 Block List" wird überprüft
Die Adresse befindet sich nicht in der Sperrliste.
Weitere Details
Die IP-Adresse 62.2.148.162 wurde nicht in RBL gefunden.
Verstrichene Zeit: 206 ms.
Sender ID wird überprüft.
Fehler bei der Überprüfung der Sender ID
(error testing sender ID, other tests OK)
IMAP wird für Benutzer 'snnet\admin' auf Host 'snlemon.snnet.ch:993:SSL' getestet.
Fehler beim IMAP-Test.
Weitere Details
Verstrichene Zeit: 21023 ms.
Testschritte
Es wird versucht, den Hostnamen snlemon.snnet.ch im DNS aufzulösen.
Der Hostname wurde erfolgreich aufgelöst.
Weitere Details
Zurückgegebene IP-Adressen: 62.2.148.162, 2002:3e02:94a2::3e02:94a2
Verstrichene Zeit: 8 ms.
Es wird getestet, ob TCP-Port 993 auf Host snlemon.snnet.ch überwacht wird/geöffnet ist.
Der angegebene Port ist blockiert, wird nicht überwacht oder sendet nicht die erwartete Antwort
(error TCP port 993)
Command set-outlookprovider not recognized by EMS.
Would like to add that the old Cert, containing the hostname, is still valid and could probably be used but would need to get advice how to do it since EMC cannot be accessed. Thank you.

What is an acceptable SSL Cert vendor?

I want to make the error messages in FireFox go away when someone signs in for webmail.
Will GoDaddy certs work or should I go for Thawte or Comodo?
What I want is SSL on a mail server that has webmail enabled so it will be Web/Mail cert.
I do not plan on any e-commerce sites on this CPU (at this time anyway)
Thanks for any info & guidance.

Do you have some degree of control over the client boxes, or the cooperation of the users that are accessing your web mail? If so, and if you're willing to learn a little about the Certificate Assistant and some related pieces, you don't need to purchase a commercial certificate.
If you have "cooperating" clients, you can create your own root CA, register the root CA in the clients, and issue all the certs you need yourself.
The central value you get with a commercial certificate purchase is a root CA for that vendor that's already embedded in most browsers; a degree of trust exists in the browser. And if you can generate and register your own root CA cert and if you trust yourself...
Mac OS X Server has all the tools needed, too; start with Certificate Assistant.
I or somebody else can post up details here, if you do have cooperative clients.

Untrusted server cert chain - while connecting with ldap

Hi All,
I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
javax.naming.CommunicationException: hostname:636 [Root exception is ja
vax.net.ssl.SSLException: untrusted server cert chain]
javax.naming.CommunicationException: hostname:636. Root exception is j
avax.net.ssl.SSLException: untrusted server cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
275)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
at java.io.OutputStream.write(Unknown Source)
at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at Test2.getProxyDirContext(Test2.java:66)
at Test2.main(Test2.java:40)
Any help would be appreciated
Thanks in Advance
Somu

This got resolved when in the code the following
System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
in X509 format

DAP LUA match ipad device unique id to cert

Hi,
I am trying to configure a DAP policy using LUA to perform a check that a cert has not been moved. I cert has been configured to store the ipads device unique id in the subject cn field, which i have verified on the device. I have configured the following LUA statement but i am not getting a match:
EVAL(endpoint.anyconnect.deviceuniqueid, "NE", endpoint.certificate.user[“0”].subject_cn, "caseless")
Is this check posssible with ipads?
Thank you.

So in the end I had the same problem with this script. Never really fixed it but did workaround with that script by making local match_valueX for X number of certs you think folks will have in the their store. So most people won't have 64....but really you could cut and paste to any number you like.
assert(function()
local match_pattern = endpoint.device.hostname..".domain.com"
local match_value0 = endpoint.certificate.user["0"].subject_cn
local match_value1 = endpoint.certificate.user["1"].subject_cn
local match_value2 = endpoint.certificate.user["2"].subject_cn
if match_pattern==match_value0 then
return true
elseif match_pattern==match_value1 then
return true
elseif match_pattern==match_value2 then
return true
else
return false
end
end ) ()
Another option is to do a username to mapping from certificate script that simply
returns cert.subject.cn "/" cert.subject.ou (where the UDID was populated)
And the use a DAP to parse to verify anyconnect deviceuniqueid and aaa.cisco.username match (ie the UDID from anyconnect and what is in the cert)
assert function ()
local match_pattern = endpoint.anyconnect.deviceuniqueid
local match_value = aaa.cisco.username
if (type(match_value) == "string") then
if (string.find(match_value, match_pattern) ~= nil) then
return false
end
elseif (type(match_value) == "table") then
local k,v
for k,v in pairs(match_value) do
if (string.find(v, match_pattern) ~= nil) then
return false
end
end
end
return true
end) ()

Problems with Comodo Kill Switch, Windows Services & Bitlocker Encryption on Asus N56VZ

Hi All,
So recently I found myself stuck in a different scenario than before, and after many hours researching and efforts to fix this I still find myself stuck yet with a few options still to fix.
What is the problem?
So as a security cautious user when i first got to Windows 8.1 Pro 64Bit I encrypted both the C and D drive (Split the main disk) to protect myself and my family. Unfortunately that has not been very helpful with the way in which booting and running from
either external USB devices or CD/DVD works, not allowing myself to at all.
My usual security suit I use is Comodo Internet Security, which additionally comes with Comodo Kill Switch. Whilst using the application instead of stopping one of the TCP connections I was meant to I accidently stopped an Windows Explorer connection.
For some reason since then Windows Explorer, nor most windows apps or services themselves will run. For example msconfig will run but sfc /scannow or mmc will not, whether in safe mode or normal mode.
What Caused the Problem?
Cannot 100% say
What I Think Caused the Problem?
Myself running Comodo Kill Switch stopping a vital server connection with Windows Explorer that messed up alot. Or a potential Virus unknown how cannot fully scan system as wont boot externally or run many apps.
Additional Info
Asus Webcam is Disabled on Purpose
Laptop was fully customized to run latest games full graphics minus Anti Aliasing, works with Evolve + CoD Advanced Warfare
Laptop does not boot if USB Keyboard plugged in, works with everything else normal (had this on other systems no problem for me)
Ask me for more info if required to add here, braindead again
Specifications of my system
Intel® Core™ i7 3610QM Processor
Windows 8.1 Pro 64Bit
Intel® HM76 Chipset
DDR3 1600 MHz SDRAM, 2 x SO-DIMM 8GB
15.6" HD (1366x768)/Full HD (1920x1080)/Wide View Angle LED Backlight
NVIDIA® GeForce® GT 650M with 2GB DDR3 VRAM
1TB 5400RPM OR 750GB 5400/7200RPM (Cannot remember off top of head, braindead)
Super-Multi DVD
Kensington lock (Security Feature)
LoJack (Security Feature)
BIOS Booting User Password Protection (Security Feature)
HDD User Password Protection and Security (Security Feature)
Pre-OS Authentication by programmable key code (Security Feature)
What Can Run and Won't Run?
ON BOOT:
Bitlocker Encryption Password & Advanced Settings are accessible
Bios (password protected) is accessible
Windows Recovery Mode is accessible (Think it is F9 or F10)
Windows Logon Password Screen is accessible
ON NORMAL/SAFE-MODE START UP:
After Log-In Windows Explorer will not run
Task Manager will run, also allows me to browse the files when trying to start new task
Can run Command prompt
Cannot run any control panel items
Cannot run services.msc
Cannot run mmc
Cannot run sfc
Every time it metions windows drive is locked
Start Error's when running certain applications (Will post codes soon)
Rufus USB Tool does run
Cannot boot Kali Linux off USB
Cannot boot Windows 8.1 off USB
Cannot boot Windows 8.1 off DVDRW
Fixwin2 will not run
Apps either work or don't whether in safe mode or normal
Cannot use Windows Installer
What Fixes I Have Tried So Far
Ok so like any normal user I don't want to lose my files. So here are what I have tried so far:
Repair MBR (Repair Completed, No Luck)
SFC /SCANNOW (Returns Error 'Windows Resource Protection could not start the repair service')
Tried sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows (Could not access drive)
Fixwin2 (Will not run in either normal or safe mode)
Booting using Windows 8.1 via USB (Cannot boot from extermal devices due to Bitlocker Encryption)
Booting using Kali Linux Via DVD & USB (Cannot boot from external devices due to Bitlocker Encrytption)
How do I know it is because of Bitlocker, because last time I disabled it, I could run from external devices
Tried to run bitlocker to change settings (Will not run)
Have used both password and recovery keys to unlock driver, they work but when applications are running on windows the drive is still locked?
Tried windows Automatic Diagnostic and Repair (Could not repair anything, did make a log I am still to extract from the syste)
There are No System Restore Points
I'm sure there is much more information I could post however I will leave it on an ask to know basis, apart from the log files and further information to gather. Below is my list of trial and error fixes to try for today (need more ideas and help please!):
Hiren's 15.2 Boot CD via DVD (NOT ABLE TO BOOT)
Hiren's 15.2 Boot CD via USB (NOT ABLE TO BOOT)
Research into the Bios and Possible Update in-case of implementation of Virus, can access flash utility (STILL NOT TESTED)
Try and get a portable version or a working version of windows installer to try and re-install Comodo Internet Security (STILL NOT TESTED)
Another way to disable Bitlocker
Anti-Malware / Anti-Virus Scan If Possible to Run One
Bitlocker Repair Tool, will try this also
I have posted this as have not found much info online, usually find it and crack on but this time things are a little more tricky, my priority task I really need to do is remove the Bitlocker Encryption, but if the application will not run... what do I do
then?
Thanks for your time reading all, Sorry for any poor formatting or spelling.
Update 1: MMC.exe Error Code
Ok so now have the computer in safe mode, still same as before, no explorer.exe, no services etc... Just went into the Task Manager > Services (Tab) > Open Services (Option at bottom)
This is the error I get:
'The Instruction at 0x785a746c referenced memory at 0x000000a8. The memory could not be read.
Any Ideas on what this error is and why?
Update 2: CHKDSK Works with no Fix
Update 3: Hiren's 15.2 Boot CD - USB Boot still no luck booting around Bitlocker Encryption
Just to explain again, I already have unlocked the drive with correct bitlocker password or recovery key yet the drive remains locked not allowing windows refresh of files of complete install from the windows recovery menu as keeps saying drive is locked

Ok so attempt number two to write this update via bloody phone! (Just refreshed page whilst writing!)
Update 4:
Problem - cannot run from bootable devices (DVD/USB)
Cause - bitlocker fully encrypted drive stops this working
Repair - Boot up holding F9 to enter windows recovery Input Bitlocker recovery keys to unlock drives
Navigate to Command Prompt in advanced settings Execute following code:
Repair-bde c: d: -rp 000111-222333-444555-etc...
(Code found from https://technet.microsoft.com/en-us/library/ee523219%28v=ws.10%29.aspx)
Note for those using this: It is common while unlocking certain drives to get errors such as: Quote from http://www.benjaminathawes.com/2013/03/17/resolving-partial-encryption-problems-with-bitlocker/
"LOG INFO: 0x0000002aValid metadata at offset 8832512000 found at scan level
1.LOG INFO: 0x0000002b Successfully created repair context.
LOG ERROR: 0xc0000037 Failed to read sector at offset 9211592704.
(0×00000017) LOG ERROR: 0xc0000037 Failed to read sector at offset 9211593216.
(0×00000017) …followed by around 20 similar entries that differed only by the offset value"
Repair Status for Update 4: COMPLETED - However over wrote D drive data so now need to recover that
Problem 2 - windows services corrupted along with windows files
Cause - Unknown
Repair - wait until system is fully decrypted Once fully decrypted ensure boot from USB/DVD
Re-do fixes that would not work before if this has fixed boot issue Confirm fix / update post Hope anything I put here helps others also

Comodo certs

Similar Messages

Maybe you are looking for