Configure/Access remote Message Queue (Open MQ)
Hi,
I am new to JMS and Message Queue. I have installed Sun's Open Message Queue on my system.I have created ObjectStore and Destination(Queue) and using java program to insert and fetch messages.
Following are the details:
1. Created ObjectStore MyObjectStore with following properties:-
java.naming.factory.initial=com.sun.jndi.fscontext.RefFSContextFactory
java.naming.provider.url=file:///c:/tmp
2. Created ConnectionFactory MyConnectionFactory and Destination MyQueue
3. Code to access above queue:
Hashtable env;
Context ctx = null;
env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.fscontext.RefFSContextFactory");
env.put(Context.PROVIDER_URL, "file:///c:/tmp");
ConnectionFactory cf=(javax.jms.ConnectionFactory) ctx.lookup("MyConnectionFactory");
Queue queue=(javax.jms.Queue)ctx.lookup("MyQueue");
Connection connection = cf.createConnection();
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer msgProducer = session.createProducer(queue);
MessageConsumer msgConsumer = session.createConsumer(queue);
....................My problem is that I am able to access Message Queue on local machine only. I don't know how i can configure my MQ to be accessed on network or/and how to look up for MQ from a remote machine in network.
Can anybody help me on this.
Regards
Edited by: Arpit.Purohit on Apr 8, 2009 4:49 AM
Edited by: Arpit.Purohit on Apr 8, 2009 4:49 AM
Arpit,
Yes, this is because you have chosen to use com.sun.jndi.fscontext.RefFSContextFactory as the JNDI provider in which to store your destination and connection factory objects.
The Sun Java System Message Queue 4.3 Administration Guide has a section [File-System Object Stores|http://docs.sun.com/app/docs/doc/820-6740/aeogx?a=view] about this:
+"Message Queue ... supports the use of a directory in the local file system as an object store for administered objects. While this approach is not recommended for production systems, it has the advantage of being very easy to use in development environments. Note, however, that for a directory to be used as a centralized object store for clients deployed across multiple computer nodes, all of those clients must have access to the directory. In addition, any user with access to the directory can use Message Queue administration tools to create and manage administered objects"+
So if you place your JNDI store in a shared directory visible to other machines rather than C:/tmp you will be able to access it from other machines.
The ideal solution is to use an LDAP JNDI provider. See the section [LDAP Server Object Stores|http://docs.sun.com/app/docs/doc/820-6740/aeogw?a=view] in the Administration Guide.
Note that this issue relates to the administered objects used by MQ only. The MQ broker itself will be available from anywhere on the network and the messages themselves will stored in the broker's own message store.
Nigel
Similar Messages
-
MDB read message queue too slow
For some reason only a small number of MDB in the pool are accessing the message queue. The queue is growing rather fast and I wish to know how I can increase the read rate of my MDB's. Should I create another bean type to read the same queue. This does not seem like the ideal solution.
Thank you
bea user
The JMS Performance Guide white-paper contains information
on how to configure an MDB to run more instances concurrently.
One thing to realize is that the number of instances is limited
by the size of the thread pool that the MDB is running in.
You can find a link to the white-paper here:
http://dev2dev.bea.com/technologies/jms/index.jsp
Tom
bea user wrote:
> For some reason only a small number of MDB in the pool are accessing the message queue. The queue is growing rather fast and I wish to know how I can increase the read rate of my MDB's. Should I create another bean type to read the same queue. This does not seem like the ideal solution.
>
> Thank you
> bea user
-
I am not able to open a PDF file that I just created. I get an access denied message instead.
Thanks for asking.
I was combining different types of files into a single PDF. Some of them were excel spreadsheets and I had set the print areas in each file. When I cleared the print area the problem stopped. So I am assuming that had something to do with it. Though I am not sure.
The strange thing was that I was able to open the excel source documents after creating the faulty PDF but some of the MS word source documents also had "access denied" status. I still cannot figure that part out. -
Ical server error message when accessed remotely
hello we have a 10.6.7 ical server running mostly smoothly when accessed from the LAN.
however, when accessed remotely it generates the following error message:
The server responded with “HTTP/1.1 501 Not Implemented” to operation CalDAVAccountRefreshQueueableOperation.
the message provides the following 2 responses / buttons: stay offline or go online - trouble is once you click go online, it comes up with the same message again.
unfortunately, research the error message has so far not produced any promising results, thus any ideas would be much appreciated.There are many reports here on this site about this, crossing different carriers and regions of the world. Consequently, the only deduction that can be made is that this is a system-level issue rather than a single user issue. Hence, what each affected user must do is contact their mobile service provider for formal support and possible escalation up to BlackBerry.
Good luck!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
Quite often when I access voicemail on my screen, I hit "Play" the message, Siri opens up. I try and close it down and hit play again and it keeps popping open.
I end up having to restart the entire phone. Any suggestions?
I am also noticing my voicemails are severly delayed in showing up as messages on my phone. Sometimes a few days later it will show i have a vm and when I listen to it, it was recorded 48 hours earlier. This is not consistent but intermittent.Still a problem a year later: you tap Play on the VM, raise the phone, and Siri interrupts!
This bug really needs to be fixed! As soon as you tap the VM Play button, Siri should be deactivated! It works that way when you're on a call after all: I never have Siri interrupt the start of a call.
The bug is this: Siri DOES deactivate, but there's a delay: you have to wait a little after hitting Play before it becomes "Siri-safe." How long to wait? Wait too long and you miss the start of the message, or wonder whether you might have. Wait too little and Siri pops up--including making the Siri chime when your phone is on vibrate! (Nice way to get glares in a library.) This not a guessing game we should have to play.
Disabling Siri raise-to-speak entirely is workaround, but shouldn't be needed. I'd rather not give up that feature, flawed though it may be. -
Are both "OpenMQ" and "Open Message Queue" correct names for it?
Hello,
should I use "OpenMQ" in the product name for a client library for OpenMQ (like 'MyLibraryName OpenMQ Client'), or is it recommended to use the name "Open Message Queue" for some reasons (so it would be 'MyLibraryName Open Message Queue Client"? I am not sure if OpenMQ is an "official" name for it, which I should use to refer to.
It is a Delphi library, the first public release will be ready real soon.
Best Regards,
Michael JustinMany thanks for your answer! The library is targeted at Delphi developers, so maybe I will give it a short name and a long name, "MyLibraryName OpenMQ Client" and "MyLibraryName OpenMQ Client for Open Message Queue" for announcements and other places where it should be clear what MQ stands for.
Best Regards
Michael Justin -
Guy accessed remote administration port 4567 on my router. Thanks, Verizon!
Some dude has been running botnet attacks to gain access to my Westell 9100 BHR router and this past weekend he was successful:
Oct 9 20:01:39 2010 Inbound Traffic Blocked - Default policy TCP 74.125.227.33:80->71.170.238.87:49396 on eth1
Oct 9 20:03:50 2010 Inbound Traffic Blocked - Default policy TCP 173.192.226.198:80->71.170.238.87:49487 on eth1
Oct 9 20:04:34 2010 Outbound Traffic Blocked - Default policy UDP 192.168.1.3:50018->65.55.158.118:3544 on eth1
Oct 9 20:04:36 2010 Inbound Traffic Blocked - Default policy TCP 65.60.38.194:80->71.170.238.87:49497 on eth1
Oct 9 20:04:37 2010 Outbound Traffic Blocked - Default policy UDP 192.168.1.3:50018->65.55.158.118:3544 on eth1
Oct 9 20:06:45 2010 Inbound Traffic Blocked - Default policy TCP 74.125.227.49:80->71.170.238.87:49534 on eth1
Oct 9 20:07:01 2010 Inbound Traffic Blocked - Default policy TCP 78.141.177.62:443->71.170.238.87:49540 on eth1
Oct 9 20:16:35 2010 Inbound Traffic Blocked - Packet invalid in connection TCP 77.67.87.105:80->71.170.238.87:49683 on eth1
Oct 9 20:16:37 2010 Firewall Info Rate Limit 1 messages of type [9] Packet invalid in connection suppressed in 1 second(s)
Oct 9 20:23:25 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60289->71.170.238.87:2439 on eth1
Oct 9 20:23:25 2010 Inbound Traffic Accepted Traffic - Remote administration TCP 81.200.61.23:60289->71.170.238.87:4567 on eth1
Oct 9 20:23:25 2010 Firewall Info Rate Limit 17 messages of type [15] Default policy suppressed in 1 second(s)
Oct 9 20:23:25 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60289->71.170.238.87:4964 on eth1
Oct 9 20:23:27 2010 Firewall Info Rate Limit 53 messages of type [15] Default policy suppressed in 1 second(s)
Oct 9 20:23:27 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60290->71.170.238.87:4728 on eth1
Oct 9 20:23:27 2010 Inbound Traffic Accepted Traffic - Remote administration TCP 81.200.61.23:60296->71.170.238.87:4567 on eth1
Oct 9 20:23:27 2010 Firewall Info Rate Limit 59 messages of type [15] Default policy suppressed in 1 second(s)
Oct 9 20:23:27 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60289->71.170.238.87:2000 on eth1
Oct 9 20:23:28 2010 Firewall Info Rate Limit 74 messages of type [15] Default policy suppressed in 1 second(s)
Oct 9 20:23:28 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60290->71.170.238.87:2749 on eth1
Oct 9 20:23:29 2010 Inbound Traffic Accepted Traffic - Remote administration TCP 81.200.61.23:60297->71.170.238.87:4567 on eth1
Oct 9 20:23:29 2010 Firewall Info Rate Limit 74 messages of type [15] Default policy suppressed in 1 second(s)
I went ahead and reset whatever settings he changed, but how do I close this port to prevent this guy from gaining access to my router in the future?whokebe1 wroteI'm pretty certain I didn't see that bottom entry the previous week. And if you'll notice, I can't undo it without resetting the router.
That certainly doesn't look like anything I've seen VZ add.
I have seen VZ add a UDP from from ANY address / ANY port to DVR port 63145 which effective blocks port forwarding needed for third party VOIP.
VZ recently encrypted the Actiontec config file. However the config file for Westells remains unencrypted.
If you want to block access to the CPE Management port.
Save your current configuration to a file.
Open it with a text editor.
About 3/4 of the way down the file you will see the following lines:
(cwmp
(enabled(1))
Change it to:
(cwmp
(enabled(0))
That should block remote CPU access. -
Portal failed to access remote resource due to network failures
Hi,
We have a portlet that allows users to upload files to a SQL Server database and make it available for other users to access. The portlet code is on our remote servers. Everything works fine in dev environment, but certain files fail in pre-prod and prod within the portal, but work fine when the code is executed outside the portal.
I keep getting this error:
Error - Portal failed to access remote resource due to network failures. Try again later or contact your portal administrator.
What could the problem be?
Thank you for your help.
RadIf the Studio service looks good on the remote server where Studio is installed (check that
the service is started and look in the Studio logs for any warnings or errors), you should
also verify the configuration settings in the Studio remote server object. Is it properly
configured and pointing to the correct remote server?
If so, check the portal servers access to the Studio server via the port specified in the remote
server (default is 11935). You can test this by doing a telnet test on the portal server. In a cmd
prompt (Windows) or on the CLI (Unix), type 'telnet [studioserver] 11935', where "<servername> is
the name of your Studio remote server. The screen should just go blank, meaning that there is
something accepting connections on that port on the given server. (We would hope it's the Studio
app and not another service occupying that port.) If you get "Could not open connection to the host"
or some such similar result, check that the network between the portal and the Studio remote server
is open (ie, make sure there isn't any port blocking or a firewall in place that would hinder the
communication between the two servers). -
VPN Clients cannot access remote site
Hey there,
I am pretty new in configuring Cisco devices and now I need some help.
I have 2 site here:
site A
Cisco 891
external IP: 195.xxx.yyy.zzz
VPN Gateway for Remote users
local IP: VLAN10 10.133.10.0 /23
site B
Cisco 891
external IP: 62.xxx.yyy.zzz
local IP VLAN10 10.133.34.0 /23
Those two sites are linked together with a Site-to-Site VPN. Accessing files or ressources from one site to the other is working fine while connected to the local LAN.
I configured VPN connection with Radius auth. VPN clients can connect to Site A, get an IP adress from VPN Pool (172.16.100.2-100) and can access files and servers on site A. But for some reason they cannot access ressources on site B. I already added the site B network to the ACL and when connecting with VPN it shows secured routes to 10.133.10.0 and 10.133.34.0 in the statistics. Same thing for other VPN Tunnels to ERP system.
What is missing here to make it possible to reach remote sites when connected through VPN? I had a look at the logs but could not find anything important.
Here is the config of site A
Building configuration...
Current configuration : 24257 bytes
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Englerstrasse
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
aaa new-model
aaa group server radius Radius-AD
server 10.133.10.5 auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_2 group Radius-AD local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
clock timezone Berlin 1 0
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
crypto pki trustpoint TP-self-signed-27361994
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-27361994
revocation-check none
rsakeypair TP-self-signed-27361994
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain TP-self-signed-27361994
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373336 31393934 301E170D 31323038 32373038 30343238
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323733 36313939
3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B709
64CE1874 BF812A9F 0B761522 892373B9 10F0BB52 6263DCDB F9877AA3 7BD34E53
BCFDA45C 2A991777 4DDC7E6B 1FCEE36C B6E35679 C4A18771 9C0F871F 38310234
2D89A4FF 37B616D8 362B3103 A8A319F2 10A72DC7 490A04AC 7955DF68 32EF9615
9E1A3B31 2A1AB243 B3ED3E35 F4AAD029 CDB1F941 5E794300 5C5EF8AE 5C890203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 14D0F5E7 D3A9311D 1675AA8F 38F064FC 4D04465E F5301D06 03551D0E
04160414 D0F5E7D3 A9311D16 75AA8F38 F064FC4D 04465EF5 300D0609 2A864886
F70D0101 05050003 818100AB 2CD4363A E5ADBFB0 943A38CB AC820801 117B52CC
20216093 79D1F777 2B3C0062 4301CF73 094B9CA5 805F585E 04CF3301 9B839DEB
14A334A2 F5A5316F C65EEF21 0B0DF3B5 F4322440 F28B984B E769876D 6EF94895
C3D5048A A4E2A180 12DF6652 176942F8 58187D7B D37B1F1A 4DDD7AE9 5189F9AF
AF3EF676 26AD3F31 D368F5
quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip inspect log drop-pkt
ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
ip inspect name CCP_MEDIUM ftp
ip inspect name CCP_MEDIUM h323
ip inspect name CCP_MEDIUM sip
ip inspect name CCP_MEDIUM https
ip inspect name CCP_MEDIUM icmp
ip inspect name CCP_MEDIUM netshow
ip inspect name CCP_MEDIUM rcmd
ip inspect name CCP_MEDIUM realaudio
ip inspect name CCP_MEDIUM rtsp
ip inspect name CCP_MEDIUM sqlnet
ip inspect name CCP_MEDIUM streamworks
ip inspect name CCP_MEDIUM tftp
ip inspect name CCP_MEDIUM udp
ip inspect name CCP_MEDIUM vdolive
ip inspect name CCP_MEDIUM imap reset
ip inspect name CCP_MEDIUM smtp
ip cef
no ipv6 cef
appfw policy-name CCP_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
parameter-map type inspect global
log dropped-packets enable
multilink bundle-name authenticated
redundancy
ip tcp synwait-time 10
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Voice-1
match dscp ef
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any CCP-Management-1
match dscp cs2
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
policy-map sdm-qos-test-123
class class-default
policy-map sdmappfwp2p_CCP_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
policy-map CCP-QoS-Policy-1
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
class CCP-Voice-1
priority percent 33
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
crypto ctcp port 10000
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key REMOVED address 62.20.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 83.140.xxx.yyy
crypto isakmp client configuration group VPN_local
key REMOVED
dns 10.133.10.5 10.133.10.7
wins 10.133.10.7
domain domain.de
pool SDM_POOL_2
acl 115
crypto isakmp profile ciscocp-ike-profile-1
match identity group VPN_local
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA11 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA1 esp-des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA11
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to62.20.xxx.xxx
set peer 62.20.xxx.xxx
set transform-set ESP-3DES-SHA
match address 105
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to195.243.xxx.xxx
set peer 195.243.xxx.xxx
set transform-set ESP-3DES-SHA4
match address 107
crypto map SDM_CMAP_1 3 ipsec-isakmp
description Tunnel to83.140.xxx.xxx
set peer 83.140.xxx.xxx
set transform-set ESP-DES-SHA1
match address 118
interface Loopback2
ip address 192.168.10.1 255.255.254.0
interface Null0
no ip unreachables
interface FastEthernet0
switchport mode trunk
no ip address
spanning-tree portfast
interface FastEthernet1
no ip address
spanning-tree portfast
interface FastEthernet2
no ip address
spanning-tree portfast
interface FastEthernet3
no ip address
spanning-tree portfast
interface FastEthernet4
description Internal LAN
switchport access vlan 10
switchport trunk native vlan 10
no ip address
spanning-tree portfast
interface FastEthernet5
no ip address
spanning-tree portfast
interface FastEthernet6
no ip address
spanning-tree portfast
interface FastEthernet7
no ip address
spanning-tree portfast
interface FastEthernet8
description $FW_OUTSIDE$$ETH-WAN$
ip address 62.153.xxx.xxx 255.255.255.248
ip access-group 113 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect CCP_MEDIUM out
no ip virtual-reassembly in
ip verify unicast reverse-path
duplex auto
speed auto
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_CCP_MEDIUM
service-policy output CCP-QoS-Policy-1
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet8
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
interface Vlan1
no ip address
interface Vlan10
description $FW_INSIDE$
ip address 10.133.10.1 255.255.254.0
ip access-group 112 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
ip local pool SDM_POOL_1 192.168.10.101 192.168.10.200
ip local pool VPN_Pool 192.168.20.2 192.168.20.100
ip local pool SDM_POOL_2 172.16.100.2 172.16.100.100
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip forward-protocol nd
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 62.153.xxx.xxx
ip access-list extended VPN1
remark VPN_Haberstrasse
remark CCP_ACL Category=4
permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
ip radius source-interface Vlan10
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 195.243.xxx.xxx
access-list 23 permit 10.133.10.0 0.0.1.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.133.10.0 0.0.1.255 any
access-list 101 remark CCP_ACL Category=16
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
access-list 102 remark auto generated by CCP firewall configuration
access-list 102 remark CCP_ACL Category=1
access-list 102 deny ip 10.10.10.0 0.0.0.7 any
access-list 102 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 102 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 102 permit icmp any host 62.153.xxx.xxx unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark auto generated by CCP firewall configuration
access-list 103 remark CCP_ACL Category=1
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp any host 62.153.xxx.xxx
access-list 103 permit ahp any host 62.153.xxx.xxx
access-list 103 permit udp host 194.25.0.60 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 103 deny ip 10.10.10.0 0.0.0.7 any
access-list 103 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 103 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 103 permit icmp any host 62.153.xxx.xxx unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
access-list 104 remark CCP_ACL Category=4
access-list 104 permit ip 10.133.10.0 0.0.1.255 any
access-list 105 remark CCP_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 permit ip 10.10.10.0 0.0.0.7 any
access-list 106 permit ip 10.133.10.0 0.0.1.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 108 remark Auto generated by SDM Management Access feature
access-list 108 remark CCP_ACL Category=1
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq telnet
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 22
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq www
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 443
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq cmd
access-list 108 deny tcp any host 10.133.10.1 eq telnet
access-list 108 deny tcp any host 10.133.10.1 eq 22
access-list 108 deny tcp any host 10.133.10.1 eq www
access-list 108 deny tcp any host 10.133.10.1 eq 443
access-list 108 deny tcp any host 10.133.10.1 eq cmd
access-list 108 deny udp any host 10.133.10.1 eq snmp
access-list 108 permit ip any any
access-list 109 remark CCP_ACL Category=1
access-list 109 permit ip 10.133.10.0 0.0.1.255 any
access-list 109 permit ip 10.10.10.0 0.0.0.7 any
access-list 109 permit ip 192.168.10.0 0.0.1.255 any
access-list 110 remark CCP_ACL Category=1
access-list 110 permit ip host 195.243.xxx.xxx any
access-list 110 permit ip host 84.44.xxx.xxx any
access-list 110 permit ip 10.133.10.0 0.0.1.255 any
access-list 110 permit ip 10.10.10.0 0.0.0.7 any
access-list 110 permit ip 192.168.10.0 0.0.1.255 any
access-list 111 remark CCP_ACL Category=4
access-list 111 permit ip 10.133.10.0 0.0.1.255 any
access-list 112 remark CCP_ACL Category=1
access-list 112 permit udp host 10.133.10.5 eq 1812 any
access-list 112 permit udp host 10.133.10.5 eq 1813 any
access-list 112 permit udp any host 10.133.10.1 eq non500-isakmp
access-list 112 permit udp any host 10.133.10.1 eq isakmp
access-list 112 permit esp any host 10.133.10.1
access-list 112 permit ahp any host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1645 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1646 host 10.133.10.1
access-list 112 remark auto generated by CCP firewall configuration
access-list 112 permit udp host 10.133.10.5 eq 1812 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1813 host 10.133.10.1
access-list 112 permit udp host 10.133.10.7 eq domain any
access-list 112 permit udp host 10.133.10.5 eq domain any
access-list 112 deny ip 62.153.xxx.xxx 0.0.0.7 any
access-list 112 deny ip 10.10.10.0 0.0.0.7 any
access-list 112 deny ip host 255.255.255.255 any
access-list 112 deny ip 127.0.0.0 0.255.255.255 any
access-list 112 permit ip any any
access-list 113 remark CCP_ACL Category=1
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ahp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ip host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit ip host 84.44.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark auto generated by CCP firewall configuration
access-list 113 permit udp host 194.25.0.60 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 113 permit udp host 194.25.0.60 eq domain host 62.153.xxx.xxx
access-list 113 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp any host 62.153.xxx.xxx
access-list 113 permit ahp any host 62.153.xxx.xxx
access-list 113 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 remark Pop3
access-list 113 permit tcp host 82.127.xxx.xxx eq 8080 host 62.153.xxx.xxx
access-list 113 remark Pop3
access-list 113 permit tcp any eq pop3 host 62.153.xxx.xxx
access-list 113 remark SMTP
access-list 113 permit tcp any eq 465 host 62.153.xxx.xxx
access-list 113 remark IMAP
access-list 113 permit tcp any eq 587 host 62.153.xxx.xxx
access-list 113 deny ip 10.133.10.0 0.0.1.255 any
access-list 113 deny ip 10.10.10.0 0.0.0.7 any
access-list 113 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 113 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 113 permit icmp any host 62.153.xxx.xxx unreachable
access-list 113 deny ip 10.0.0.0 0.255.255.255 any
access-list 113 deny ip 172.16.0.0 0.15.255.255 any
access-list 113 deny ip 192.168.0.0 0.0.255.255 any
access-list 113 deny ip 127.0.0.0 0.255.255.255 any
access-list 113 deny ip host 255.255.255.255 any
access-list 113 deny ip host 0.0.0.0 any
access-list 113 deny ip any any log
access-list 114 remark auto generated by CCP firewall configuration
access-list 114 remark CCP_ACL Category=1
access-list 114 deny ip 10.133.10.0 0.0.1.255 any
access-list 114 deny ip 10.10.10.0 0.0.0.7 any
access-list 114 permit icmp any any echo-reply
access-list 114 permit icmp any any time-exceeded
access-list 114 permit icmp any any unreachable
access-list 114 deny ip 10.0.0.0 0.255.255.255 any
access-list 114 deny ip 172.16.0.0 0.15.255.255 any
access-list 114 deny ip 192.168.0.0 0.0.255.255 any
access-list 114 deny ip 127.0.0.0 0.255.255.255 any
access-list 114 deny ip host 255.255.255.255 any
access-list 114 deny ip host 0.0.0.0 any
access-list 114 deny ip any any log
access-list 115 remark VPN_Sub
access-list 115 remark CCP_ACL Category=5
access-list 115 permit ip 10.133.10.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.34.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.20.0 0.0.0.255 any
access-list 116 remark CCP_ACL Category=4
access-list 116 remark IPSec Rule
access-list 116 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 117 remark CCP_ACL Category=4
access-list 117 remark IPSec Rule
access-list 117 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark CCP_ACL Category=4
access-list 118 remark IPSec Rule
access-list 118 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 106
control-plane
mgcp profile default
line con 0
transport output telnet
line 1
modem InOut
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
session-timeout 45
access-class 110 in
transport input telnet ssh
line vty 5 15
access-class 109 in
transport input telnet ssh
scheduler interval 500
endThe crypto ACL for the site to site vpn should also include the vpn client pool, otherwise, traffic from the vpn client does not match the interesting traffic for the site to site vpn.
On Site A:
should include "access-list 107 permit ip 172.16.100.0 0.0.0.255 10.133.34.0 0.0.1.255"
You should also remove the following line as the pool is incorrect:
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
On Site B:
should include: permit ip 10.133.34.0 0.0.1.255 172.16.100.0 0.0.0.255"
NAT exemption on site B should also be configured with deny on the above ACL. -
Message Queue Blocking / MSGMNI Setting
Hi All,
Firstly, many thanks to all that can assists. I am currently getting Message Queue
Blocking messages in my ULOG files in my Tuxedo Application. (Tux ver 7.1 in Unix).
I am not sure what is causing this, but started to look into the Tux Config (UBB.MP)
and System message queue setting. Detailed as follows:
1)
Listed below is the system message queue setting:
set msgsys:msginfo_msgmni=2000
set msgsys:msginfo_msgmax=128000
set msgsys:msginfo_msgmnb=100000
set msgsys:msginfo_msgssz=256
set msgsys:msginfo_msgseg=25088
set msgsys:msginfo_msgtql=1550
set msgsys:msginfo_msgmap=1000
According to the BEA site, the MSGMNI is determined by this formula:
MSGMNI = MAXACCESSERS + 7 + (no. of servers with REPLYQ) + (no. MSSQ sets) - (no.
of servers with MSSQ sets)
The following is my current Tux. Config (UBB.MP) is set as :
- MAXACCESSERS = 2300
- Each servers (4 types in total) has its own REPLYQ and RQADDR.
- The same type of servers are set the same across 4 application servers.
Hence, my MSGMNI should be a minimum 2339 (ie. MSGMNI = 2300 + 16 + 16 - 0 = 2339).
But my current MSGMNI is 2000.
Would this contribute to my Message Queue Blocking?
Is my understanding correct and is this something I should change to avoid Message
Queue Blocking? Any helps and advice is much appreciated.Malcolm,
Your information and explanations behind these error messages are very useful.
It allow me to further understand Tuxedo internal processing and at the same time
give me a chance to start analysing these fields.
I am reluctant to ask further questions at the mean time. I will use your suggestions
as a starting point.
I will certainly keep you posted of the outcome when I have made the changes in
my UBB config and machine parameters.
Many thanks with your help/explanations Malcolm. It helps alot!
Cheers.
David.
"Malcolm Freeman" <[email protected]> wrote:
>
Hi David,
The MSGTQL reference you give (Solution S-00488) refers to the BEA MessageQ
product
and is not relevant to Tuxedo.
The error messages indicate that the queue buildup is probably due to
a restartable
server failing. What happens is this:
When a restartable server fails its IPC queue remains in place and continues
to
receive messages (which will be processed when the server restarts).
Depending
on the time taken to restart, the queue could become full and unable
to receive
any more messages, and this is probably why you got the message CMDTUX_CAT:1380
indicating that the BRIDGE process was unable to put a message on the
server's
queue.
A server is only restarted when the BBL does a SANITYSCAN check. If,
for example,
your SANITYSCAN interval is 300 seconds and your server fails immediately
after
the previous scan, then there will be a delay of almost 5 minutes before
the failure
is detected and the server restarted - plenty of time for the queue to
fill up.
There are a few things you could do:
The key thing would be to find out why the server is failing, and fix
the problem.
If this is not possible immediately, consider some of the other ideas
below.
Have several servers form an MSSQ to service this queue; then if one
fails the
others will continue processing the messages while the failed server
restarts
(this assumes, of course, that your application does not require the
messages
to be processed in strict order through the server).
Reduce the SANITYSCAN interval (but don't make it too small). This would
reduce
the average time taken to restart the server.
Increase the size of the IPC queue (MSGMNB) so that it can hold more
messages.
I'm not sure why you got a LIBTUX_CAT:1485 message, but this could be
due to a
BRIDGE failure as a result of the congestion.
The NETLOAD parameter would reduce the number of messages going to the
remote
machine, but only if the local machine offers the same service. If the
remote
machine is the only source of the service then NETLOAD will have no effect.
I
recommend you do a search of this newsgroup for postings on "load balancing"
there's some good stuff which will explain how load balancing works.
Depending how things go, it might not be a bad idea to open a case with
BEA Support
and ask for guidance (remember to submit your ubbconfig (or preferably
do a tmunloadcf)
together with the complete ULOGs from both the master and the slave machine).
Hope this helps some.
Regards,
Malcolm.
"Dave" <[email protected]> wrote:
Hi Malcolm,
Thank you for your reply. Interesting point you have made about theMSGTQL
value.
Based on your suggestion I went hunting around the BEA site and found
the following
snipplet:
"- The MSGTQL parameter must be set to a value greater than or
equal to the MSGMNI setting."
(http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_solution&answerpage=solution&page=msq/S-00488.htm)
If the above point is valid, then my MSGTQL is definitely way too low.
IF this
be the case, would you know of a method to work out what my MSGTQL bytes
value
should be?
Additionally, I have looked at other parameters which I could tune,and
would
adding a NETLOAD parameter in the *MACHINES section will reduce remote
servers
call? Which potentially, maybe reduce message queue blocking?
FYI:
The error messages I am seeing in my ULOG file are:
"LIBTUX_CAT: 1477 : ERROR .SysServerDied
LIBTUX_CAT: 1476 : ERROR: .SysServerRestarting"
Which then leads to message queue blocking
"CMDTUX_CAT: 1380 : ERROR: Message queue blocking prevented delivery,
Qaddr=..."
and potentially "LIBTUX_CAT: 1485 .SysNetworkDropped."
Many Thanks. Hope to hear from you (Malcolm) or other parties out there
that can
assists.
Thanks.
David -
How to re-configure the actual Hotspot configuration/access information?
Hi,
how c/an I re-configure the acual HOTSPOT configuration/access information? [MBP Retina - late 2012 | OSx 10.8.2]
THX in advance,
NNIEAs you are using verzion DSL connection ….Try this setting on router:
1) Open router set up page using http://192.168.1.1 …..You will see username & password …leave username blank & in password use admin.
2) Under set up look for “mac address clone” sub-tab….. Enable the service & click clone ….click save settings.
3) Click on “status” tab….. if it shows any valid public Ip address try going online…..if it shows Internet Ip as 192.168.1.X. with gateway 192.168.1.1…then
a) Click set up again ….change the Local Ip address from 192.168.1.1 to 192.168.2.1….click save settings.
b) Power down the router then the modem for few seconds …..Power on the modem first …then the router & see you are online or not.
4) If the internet Ip address is 0.0.0.0…click on set up again …change internet connection type to PPPOE…use your DSL username & password …click save settings.
5) Click status & click connect…if shows connected try going online….if not let mw know the error message you are getting on the status screen.
Follow above steps & let me know if it helps or not. -
Hello everyone,
I developed a Web Service prototype accessing remote EJB using the EJB
control with special syntax in the jndi-name attribute: @jws:ejb
home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
Everything works fine, but I get an error when I restrict access to my web
service with a declarative security model by implementing steps provided in
help doc:
- Define the web resource you wish to protect
- Define which security role is required to access the web resource
- Define which users are granted the required security role
- Configure WebLogic Server security for my web service(Compatibility
Security/Users)
I launch the service by entering the address in a web browser. When prompted
to accept the digital certificate, click Yes, when prompted for network
authentication information, enter username and password, navigate to the
Test Form tab of Test View, invoke the method by clicking the button and I
get the following exception:
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed
for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
</detail>
</error>
I have a simple Hello method as well in my WebService (which is also
restricted) and it works fine, but remote EJB access doesn't. I tested my
prototype on Weblogic 7.2 and 8.1 platforms - same result.
Is that a bug or I am missing some additional configuration in order to get
that working. Has anyone seen similar behavior? Is there a known resolution?
Or a suggested way to work around the problem?
Thank you.
AndreAndre,
It would be best if this issue is handled as an Eval Support case. Please
BEA Customer Support at http://support.beasys.com along with the required
files, and request that an Eval support case be created for this issue.
Thanks
Raj Alagumalai
WebLogic Workshop Support
"Andre Shergin" <[email protected]> wrote in message
news:[email protected]...
Anurag,
I removed "t3", still get an error but a different one (Unable to create
InitialContext:null):
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
create InitialContext:null]</faultstring>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
lookup from
jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
create InitialContext:null] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetVisaHistoryTransactions.getVisaHistoryTxn(GetVisaHistoryTransactions
.jws:67) </jwErrorDetail>
</detail>
</error>
Note: inter-domain communication is configured properly. The Web Service to
remote EJB works fine without a declarative security.
Any other ideas?
Thank you for your help.
Andre
"Anurag" <[email protected]> wrote in message
news:[email protected]...
Andre,
It seems you are using the URL
jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB
whereas you should not be specifying the "t3:" protocol.
The URL should be like
jndi://secuser1:[email protected]:7131/AccountDelegatorEJB
Please do let me know if you see any issues with this.
Note that this will only allow you to access remote EJBs in the same WLS
domain. For accessing EJBs on another domain, you need to configure
inter-domain communication by
following a few simple steps as mentioned at
http://e-docs.bea.com/wls/docs81/ConsoleHelp/jta.html#1106135. This link has
been provided in the EJB Control Workshop documentation.
Regards,
Anurag
"Andre Shergin" <[email protected]> wrote in message
news:[email protected]...
Raj,
I tried that before, it didn't help. I got similar error message:
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
failed for
name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB]</faultstr
ing>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
lookup from
jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
failed for
name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
</detail>
</error>
Anything else should I try?
P.S. AccountDelegatorEJB, the remote EJB my Web Service calls is NOTaccess
restricted.
I hope there is a solution.
Thanks,
Andre
"Raj Alagumalai" <[email protected]> wrote in message
news:[email protected]...
Andre,
Can you try using the following url with username and password
jndi://username:password@host:7001/my.resource.jndi.object ?
once you add webapp level security, the authenticated is the user who
invokes the EJB.
http://e-docs.bea.com/workshop/docs81/doc/en/workshop/guide/controls/ejb/con
CreatingANewEJBControl.html?skipReload=true
has more info on using remote EJB's.
Hope this helps.
Thanks
Raj Alagumalai
WebLogic Workshop Support
"Alla Resnik" <[email protected]> wrote in message
news:[email protected]...
Hello everyone,
I developed a Web Service prototype accessing remote EJB using the EJB
control with special syntax in the jndi-name attribute: @jws:ejb
home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
Everything works fine, but I get an error when I restrict access to my
web
service with a declarative security model by implementing steps
provided
in
help doc:
- Define the web resource you wish to protect
- Define which security role is required to access the web resource
- Define which users are granted the required security role
- Configure WebLogic Server security for my web service(Compatibility
Security/Users)
I launch the service by entering the address in a web browser. Whenprompted
to accept the digital certificate, click Yes, when prompted for
network
authentication information, enter username and password, navigate tothe
Test Form tab of Test View, invoke the method by clicking the buttonand
I
get the following exception:
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during
JNDI
lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookupfailed
for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260)at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64)</jwErrorDetail>
</detail>
</error>
I have a simple Hello method as well in my WebService (which is also
restricted) and it works fine, but remote EJB access doesn't. I testedmy
prototype on Weblogic 7.2 and 8.1 platforms - same result.
Is that a bug or I am missing some additional configuration in order
to
get
that working. Has anyone seen similar behavior? Is there a knownresolution?
Or a suggested way to work around the problem?
Thank you.
Andre -
How to access the JMS queues in the XI J2EE Engine?
Hi Gurus,
Can anybody know how to access the jms dead message queues in the WAS J2EE Engine?
I have read in the SAP documentation that we can use some JMS commands from the telnet. I don't know how to use those commands.
Can anybody provide a step-by-step process to access these queues?
Thanks
Kalyan1) Open a command prompt
2) type
telnet localhost 50008
where the port is the same as your http, but with 8 as last digit.
3) Login
4) Issue the following set of commands
jump 0
add jms
jms list deadmsgs
Check by man jms other possible options.
HTH
Peter -
We have our monitoring software setup to query and chart the "Actual" number of messages (as reported by "imqcmd query bkr" and recently noticed that this number is remaining at a higher minimum value. Meaning, it never drops to 0 as though there is a pile of messages that cannot be processed and they are sitting in the queue
Our setup is a cluster of two brokers (not HA) and the cluster.properties file looks like this:
cluster.properties
imq.cluster.brokerlist=hobgoblin,smithwicks
imq.cluster.masterbroker=hobgoblinWe have 10 queue destinations varying in volume from dozens to hundreds of thousands of messages a day. Three of these queues (all relatively high volume) exhibit this issue. I will use a particular queue named "networkActivity" in the following commands.
When I run imqcmd query dst -t q -n networkActivity on hobgoblin (the master broker) the relevant piece of output is:
Current Number of Messages
Actual 75
Remote 75
Held in Transaction 0When I run the same on smithwicks it is:
Current Number of Messages
Actual 284
Remote 284
Held in Transaction 0The "Actual" number will occasionally increase when we are under heavy load but as we catch up on the load that number will only decrease to match the "Remote" number.
The other 7 queues do not have this issue and some of those do equally heavy volume. New messages continue to be processed fast on all queues.
What does this Remote number mean? I have struggled to find information in the documentation or online.
We recently switched to OpenMQ and it has been utterly stable and performant compared to our previous provider (where queue lockups and shutdown due to slow consumers was commonplace). Very happy with it in general. We are planning to move to an HA setup in the near future - would this issue still occur when using HA?
These "Remote" message counts are relatively small but they do seem to drift upward a small amount each day visually establishing a new baseline in our monitoring charts.
Any help is greatly appreciate. I can easily provide any other information that would be helpful - logs, imqcmd output, server information, etc.I am surprised I found something not obvious in the docs because frankly the OpenMQ documentation is some of the best I have ever run into.
Fortunately/Unfortunately we don't have this issue any longer so I cannot collect more information. The remote counts dropped to zero when I bounced OpenMQ one day. If that means we lost these particular messages it isn't a big deal for us.
Our previous provider (ActiveMQ) had literally millions of backed up messages when we migrated to OpenMQ. A colleague here wrote a tool that pulled the messages off the AMQ queues and fed them to OpenMQ (OpenMQ proceeded to shred through those things) all at once and the remote number happened after that huge crush of old messages. I do not know if that is related at all but I am willing to chalk it up to a possibility as some of those AMQ messages were really old. There could have even been messages so old that our consumer logic didn't know how to handle them anymore.
Have had no issues since and we switched to an HA configuration this morning and everything is running perfectly. -
Access Denied message when running WU_TEST_106 form!!!
Hi all,
I am trying to use WebUtil components to use Oracle 9.0.3 Form to write from an Oracle Form to a MS Word document. To learn more about WebUtil, I downloaded a sample form named WU_TEST_106.fmb and compiled and have been trying to run it. When this form gets loaded, I click on the 'OLE' tab and then type a message in the 'Enter text to Transfer to Word' box and then pick a file named Sample.doc on my C:\ directory and then click on 'Write to Word' button. This causes the following 'access denied' message and the 'Sample.doc' file never gets updated.
We are using JInitiator 1.3.1.17, IE 6.0, Java 1.4.2_03 and Oracle 10g database.
Below is the contenet of the trace file:
Oracle JInitiator: Version 1.3.1.17
Using JRE version 1.3.1.17-internal Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\seyedg
Proxy Configuration: no proxy
JAR cache enabled
Location: C:\Documents and Settings\seyedg\Oracle Jar Cache
Maximum size: 50 MB
Compression level: 0
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
q: hide console
s: dump system properties
t: dump thread list
x: clear classloader cache
0-5: set trace level to <n>
Loading <SERVER NAME>/forms90/java/f90all_jinit.jar from JAR cache
Loading <SERVER NAME>/forms90/java/frmwebutil.jar from JAR cache
Loading <SERVER NAME>/forms90/java/jacob.jar from JAR cache
proxyHost=null
proxyPort=0
connectMode=HTTP, native.
Forms Applet version is : 9.0.4.0
Exception occurred during event dispatching:
java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.lang.RuntimePermission loadLibrary.jacob)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkLink(Unknown Source)
at java.lang.Runtime.loadLibrary0(Unknown Source)
at java.lang.System.loadLibrary(Unknown Source)
at com.jacob.com.Dispatch.<clinit>(Dispatch.java:537)
at oracle.forms.webutil.ole.OleFunctions.create_obj(OleFunctions.java:398)
at oracle.forms.webutil.ole.OleFunctions.getProperty(OleFunctions.java:189)
at oracle.forms.handler.UICommon.onGet(Unknown Source)
at oracle.forms.engine.Runform.onGetHandler(Unknown Source)
at oracle.forms.engine.Runform.processMessage(Unknown Source)
at oracle.forms.engine.Runform.processSet(Unknown Source)
at oracle.forms.engine.Runform.onMessageReal(Unknown Source)
at oracle.forms.engine.Runform.onMessage(Unknown Source)
at oracle.forms.engine.Runform.processEventEnd(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Thanks in advance for your help,
SeyedHi all,
Please disregard this posting. I resolved this issue by re-signing both the jacob.jar and frmwebutil.jar. See below:
Signed the Jacob.jar file once again on 06/02/2008;
C:\DevSuiteHome\forms90\webutil\webutil>sign_webutil c:\devsuitehome\forms90\jav
a\jacob.jar
Generating a self signing certificate for key=webutil2...
keytool error: java.lang.Exception: Key pair not generated, alias <webutil2> alr
eady exists
There were warnings or errors while generating a self signing certificate. Pleas
e review them.
Backing up c:\devsuitehome\forms90\java\jacob.jar as c:\devsuitehome\forms90\jav
a\jacob.jar.old...
1 file(s) copied.
Signing c:\devsuitehome\forms90\java\jacob.jar using key=webutil2...
...successfully done.
C:\DevSuiteHome\forms90\webutil\webutil>
I also re-signed frmwebutil.jar on 06/02/2008 at 9:55 AM:
C:\DevSuiteHome\forms90\webutil\webutil>sign_webutil c:\devsuitehome\forms90\web
util\frmwebutil.jar
The given jar file c:\devsuitehome\forms90\webutil\frmwebutil.jar does not exist
C:\DevSuiteHome\forms90\webutil\webutil>sign_webutil c:\devsuitehome\forms90\webutil\java\frmwebutil.jar
Generating a self signing certificate for key=webutil2...
keytool error: java.lang.Exception: Key pair not generated, alias <webutil2> alr
eady exists
There were warnings or errors while generating a self signing certificate. Pleas
e review them.
Backing up c:\devsuitehome\forms90\webutil\java\frmwebutil.jar as c:\devsuitehom
e\forms90\webutil\java\frmwebutil.jar.old...
1 file(s) copied.
Signing c:\devsuitehome\forms90\webutil\java\frmwebutil.jar using key=webutil2..
...successfully done.
I can now run the WU_TEST_106.fmb form and successfully write to a MS Word file.
Thanks for your attention:
Seyed
Maybe you are looking for
-
I have created two related Blurb books in Lightroom 5 (Volumes 1 and 2) but my balance of page numbers is off. So I'd like to take some pages out of one book (complete with images) and paste them into the other. Is this possible?
-
Every time I create a new controller/indicator from the block diagram windows, it keeps placing the newly created controller/indicator from block diagram windows as "view as icon". How do I disable this view so that it always default to false? I do
-
How do I fix this-iPad "sync session failed to start"
I'm trying to sync my iPad. I have tried via cable and over wifi. I have done it before. Now it says "sync session failed to start". Can anyone help? Also, iBooks on my iPad won't open books anymore. It says "the requested resource is missing".
-
Outbound delivery document cancelation
Hi, we have delivery documents for GIs at 3PL plants. After the delivery is created - IDOCs are sent to the 3PLs. After they do the GI, they send the GI-IDOCs to us. But although the GI has been made and 3PL s have sent the GI doc via IDOC - the deli
-
Spry Horizontal Menu is Vertical
I installed a Spry Horizontal Menu Bar on one of my clients web pages and everything was going fine. But then all of a sudden the horizontal menu switched to vertical and I can't figure out how to undo this. At this point even when I ask DW to insert