CRL question, LDAP request goes to 255.255.255.255

I am trying to get CRL on Router 3620 with IOS=12.2(11)T6 (c3620-ik9s-mz.122-11.T6.bin) but LDAP request seems to be sent to 255.255.255.255 not the right address - 10.10.2.49 !
Configuration looks like this :
ip domain name lmt.lv
ip host tau.2k.mydom.net 10.10.2.49
ip host tau 10.10.2.49
crypto ca trustpoint LMT-PKI
enrollment mode ra
enrollment url http://tau:80/certsrv/mscep/mscep.dll
usage ike
serial-number
ip-address 10.10.90.240
crl query ldap://10.10.2.49
If I try to get CRL, it seems router is trying LDAP on broadcast address, output of "debug crypto pki transactions" :
r-c3620-vpn1(config)#crypto ca crl request LMT-PKI
r-c3620-vpn1(config)#ldap search: server=255.255.255.255, base=CN=TestCA,CN=tau,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=2k,DC=mydom,DC=net, attribute=certificateRevocationList
: scope=0, filter=objectclass=cRLDistributionPoint
May 26 16:37:58.993: CRYPTO_PKI:ldap_bind ERROR: status = 82
May 26 16:37:58.993: CRYPTO_PKI: ldap bind error: status = 82
May 26 16:37:58.993: CRYPTO_PKI: transaction GetCRL completed
I suppose it should go to the address specified with "crl query ldap://10.10.2.49" but it does not ?
I have successfully got certificates of the CA and the router itself :
r-c3620-vpn1>show crypto ca certificates
Certificate
Status: Available
Certificate Serial Number: 610D081E000000000009
Certificate Usage: General Purpose
Issuer:
CN = TestCA
OU = LMT-VPN
O = LMT-VPN
L = Riga
ST = Riga
C = LV
EA =<16> [email protected]
Subject:
Name: r-c3620-vpn1.lmt.lv
IP Address: 10.10.90.240
Serial Number: 21464125
OID.1.2.840.113549.1.9.2 = r-c3620-vpn1.lmt.lv
OID.1.2.840.113549.1.9.8 = 10.10.90.240
OID.2.5.4.5 = 21464125
CRL Distribution Point:
ldap:///CN=TestCA,CN=tau,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=2k,DC=mydom,DC=net?certificateRevocationList?base?objectclass=cRLDistributionPoint
Validity Date:
start date: 14:29:10 EEST May 15 2003
end date: 14:29:10 EEST May 14 2005
renew date: 02:00:00 EET Jan 1 1970
Associated Trustpoints: LMT-PKI
CA Certificate
Status: Available
Certificate Serial Number: 49F2340E73872AB44CCAD9CB46657697
Certificate Usage: General Purpose
Issuer:
CN = TestCA
OU = LMT-VPN
O = LMT-VPN
L = Riga
ST = Riga
C = LV
EA =<16> [email protected]
Subject:
CN = TestCA
OU = LMT-VPN
O = LMT-VPN
L = Riga
ST = Riga
C = LV
EA =<16> [email protected]
CRL Distribution Point:
ldap:///CN=TestCA,CN=tau,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=2k,DC=mydom,DC=net?certificateRevocationList?base?objectclass=cRLDistributionPoint
Validity Date:
start date: 12:25:09 EEST May 15 2003
end date: 12:30:06 EEST May 15 2005
Associated Trustpoints: LMT-PKI
Anybody can tell where is my fault ?
Many thanks !

Thanks for advice ! It helped. Actually this is quite often my favorite suggestion: try to upgrade IOS, if somebody is complaining about bugs in IOS. At this time I failed to advise myself :-)( The confusion was caused because I was looking at Feature Navigator for the feature "Easy VPN Server" with the smallest Feature Set for 3DES which was "IP Plus IPSec 3DES" and the only release Cisco offered was 12.2(11)T ! After Your advise I looked again at feature navigator and it turned out that there are 12.2(13)T but only IP/FW/IDS PLUS IPSEC 3DES. After upgrade to this release CRLS and LDAP started to work.

Similar Messages

  • How to send a multicast request to 239.255.255.253, seeking an SLP Directory Agent (DA)?

    Hi,
    How to send a multicast request to 239.255.255.253, seeking an SLP Directory Agent (DA) in C++?
    Thanks in advance.

    Hi,
    How about your issue now? Is it fixed?
    I think you will get progessional support from other network related forum. Because VC++ forum aims to discuss and ask questions about the Visual C++ IDE, libraries, samples, tools, setup, and Windows programming using MFC and ATL.
    Hope you can understand.
    May
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • How to enable request going and coming with same isp

    hi guys,
    suppose i am hving a url kaveriowa.kaveri.com reistered with ip 215.22.22.24 . now my internal user type this url in web browser having proxy in 172.26.7.45 natted with 215.22.22.26 . the request goes outside and resolve by dns but does not get routed back to same ISP pool of 215.22.22.0/27
    it may be our end firewall is blocking request or routing issue from isp end.
    regards
    rajat

    yeah I guess DNS rewriting will fix your issue, if you still want to use an external DNS server. Strictly speaking however your traffic will not leave the outside interface, just your DNS requests for
    kaveriowa.kaveri.com do.
    It might probably be easier to do hairpining :
    static (inside,inside) 215.22.22.24    netmask 255.255.255.255
    please rate if usefull

  • How to type comma "," and question "?" without going to "123" sub menu?

    How to type comma "," and question "?" without going to "123" sub menu?

    I use Comma and question mark frequently at text messaging, email.....using my iPhone 4.
    Apparently, there's no short cut for this and I request Apple Support to create a shortcut for "," and "?' so there the Apple device can be more user friendly.
    Jackson

  • A client made a DirSync LDAP request for a directory partition. Access was denied due to the following error

    We started getting this error when we installed Lync Server. I already verified that the "RTCHSUniversalServices" group has “Replicating Directory Changes" permission.
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    A client made a DirSync LDAP request for a directory partition. Access was denied due to the following error.
    Directory partition:
    DC=<domain>,DC=com
    Error value:
    8453 Replication access was denied.
    User Action
    The client may not have access for this request. If the client requires it, they should be assigned the control access right "Replicating Directory Changes" on the directory partition in question.
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    Domain Controllers and Lync server are running on Windows 2008 SP2. Any other things that I could check?

    A client made a DirSync LDAP request for a directory partition. Access was denied due to the following error.
    Directory partition:
    DC=<domain>,DC=com
    Error value:
    8453 Replication access was denied.
    User Action
    The client may not have access for this request. If the client requires it, they should be assigned the control access right "Replicating Directory Changes" on the directory partition in question.
    oas4ever

  • Error inserted into my LDAP request by Weblogic

    I have been unsuccesful trying to get LDAP working with my installation
    (wl8.1 sp2, w2k). I finally loaded a sniffer and captured packets going to
    the LDAP server to see what was being sent and I think I have found my
    problem. There is some filter entry that it; WL, does not like and it
    generates an error message BUT, WL doesn't error out it just inserts the
    error message as the filter string in the LDAP request packet; which of
    course doesn't work. How can I find out what filter it doesn't like? This is
    on the LDAP request packet NOT the reply packet so I know its coming from
    the WL server...

    If you can, the best way would be to to change the column name from SUBTYPE to something that isn't a SQL reserved key word.
    You might get around this particular problem by adding @Column(name = "\"SUBTYPE\"") on your attribute. This will force eclipselink to add quotation marks in the generated SLQ, but I think it will cause problems when it comes to some more complicated queries.
    In my opinion, the only safe way here is to not use column names that are in conflict with SLQ reserved key words.
    Pedja

  • Somebody has created an apple id using my gmail id. So I gave forgot password option and reset the password of the id. But for resetting the security questions, link is going to some other email id which is created by the other guy.How can I resolve this?

    When I tried to create and apple id using my gmail account i found that somebody has already created an apple id using my gmail id. So I gave forgot password option and reset the password of the id. But for resetting the security questions, link is going to some other email id which is created by the other guy. Now the problem is that the other guy also can reset my password and access my account.
    I contacted apple customer care and they are not ready to help me saying that I need to give information about the last device I logged in using this id. How can I give it when I did not create it?:) Also they are saying this account has been verified and that could happen only if someone has hacked my gmail account and verified the id using the link sent by apple.
    Later I did some experiments and found that this is a security flaw from apple. Somebody has created the id and never used it(I tried to loggin to icloud and it was saying this account was not used it any apple device). The account became verified when I reset the password.(This is a bug, account should be verified only when we click on the verification link sent by apple).
    The other mistake apple did is that they allotted my gmail account to someone before it's verified eventhough it cannot be used unless verified. Actually apple should allot the account id only after verifying the email address.
    Apple customer care is not ready to help and I am tired of fighting with them. Can any of you guys suggest any means of getting back my gmail id to use it as apple id?

    I don't think you're going to be able to. I would guess the other person used your address by accident, and when he found he couldn't access the account (because you'd changed the password) he abandoned it. Your GMail address is now locked to that account and even if it was changed you can't use it to create another.
    You already have an Apple ID, which you use to log in here; you can use that to create an iCloud account if that's what you are trying to do. If you want to create a different Apple ID just get another free address such as a Yahoo one.

  • LDAP Performance Tuning In Large Deployments - LDAP request time

    Tuning the LDAP request time <br>
    (tr_recv_timeout and tr_recv_timeout parameters)
    <p>
    The default is 60 seconds, and since the time will vary at each site
    for the length of time it will take an LDAP request to complete it
    wouldn't hurt to increase this time to a large number as long as you
    will have enough unidas connections available and since the calendar
    user can always cancel their request. An example of how to change this
    to 15 minutes, is to edit the /users/unison/log/unison.ini file and add the
    following time-out parameters to the sections noted:
    <p>
    [ALL,unieng,ALL]<br>
    tr_recv_timeout = 900
    <p>
    [hostname,unidas]<br>
    tr_recv_timeout = 900
    <p>
    NOTE: The calendar server needs to be restarted after making changes
    to the /users/unison/log/unison.ini file, before those changes will
    take effect.

    Tuning the LDAP request time <br>
    (tr_recv_timeout and tr_recv_timeout parameters)
    <p>
    The default is 60 seconds, and since the time will vary at each site
    for the length of time it will take an LDAP request to complete it
    wouldn't hurt to increase this time to a large number as long as you
    will have enough unidas connections available and since the calendar
    user can always cancel their request. An example of how to change this
    to 15 minutes, is to edit the /users/unison/log/unison.ini file and add the
    following time-out parameters to the sections noted:
    <p>
    [ALL,unieng,ALL]<br>
    tr_recv_timeout = 900
    <p>
    [hostname,unidas]<br>
    tr_recv_timeout = 900
    <p>
    NOTE: The calendar server needs to be restarted after making changes
    to the /users/unison/log/unison.ini file, before those changes will
    take effect.

  • Ldapclient multiple LDAP requests

    Hi,
    I have setup an Directory Server for LDAP Authentication. Everything is working as expected, but some clients perform multiple LDAP requests. and decrease the performance of the Directory.
    One of such client is an Solaris 8 client
    # uname -a
    SunOS Jetgold 5.8 Generic_117350-29 sun4u sparc SUNW,UltraAX-i2
    Here is the logs in the directory. you can see multiple LDAP open requests for Directory server at the same time from same client. Here the /etc/hosts
    # cat /etc/hosts
    127.0.0.1 localhost
    10.196.59.222 host host.domain.com loghost
    10.196.57.1 ldap1 ldap1.domain.com
    # tail -f access |grep 10.196.59.222
    [27/Nov/2007:17:24:19 -0800] conn=53324 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53325 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53326 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53327 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53328 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53329 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53330 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53331 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53332 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53333 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53334 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53335 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53336 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53337 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53338 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53339 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53340 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53341 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53342 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53343 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53344 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:19 -0800] conn=53345 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53346 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53347 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53348 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53349 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53350 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53351 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53352 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53353 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53354 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53355 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53356 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53357 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53358 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53359 op=-1 msgId=-1 - fd=120 slot=120 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53360 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53361 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53362 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53363 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53364 op=-1 msgId=-1 - fd=120 slot=120 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53365 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53366 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53367 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53368 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53369 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53370 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53371 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53372 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53373 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53374 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53375 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53376 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53377 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53378 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53379 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53380 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53381 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53382 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53383 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53384 op=-1 msgId=-1 - fd=120 slot=120 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53385 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53386 op=-1 msgId=-1 - fd=120 slot=120 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53387 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53388 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53389 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53390 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53391 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53392 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    [27/Nov/2007:17:24:20 -0800] conn=53393 op=-1 msgId=-1 - fd=104 slot=104 LDAP connection from 10.196.59.222 to 10.196.57.1
    Is there any configuration I am missing?
    Thanks in advance for your response
    Srikanth

    Hi,
    You can refer to the following weblinks for the same
    HELP.SAP.COM
    http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e1959b90-0201-0010-849c-d2b1d574768b
    FORUMS
    LDAP Server settings for Configuring Multiple LDAP in Portal UME.
    LDAP Configuration - Multiple domains
    EP7 - Multiple LDAP sample file
    SAP Note
    736471 UME Configuration of multiple LDAP data sources
    Please let me know incase you have any issues.
    Regards
    Bir

  • Oracle AS Web Cache - How to check whether the request goes throught it ?

    Hi,
    My application runs on Oracle 10g App Server,
    The OracleAS Web Cache is also running
    the command opmnctl status shows...
    WebCache - Alive
    WebCacheAdmin - Alive
    Is there any way to check whether the request form the client goes through the Web Cache ?
    B'coz when i checked OracleAS Web Cache Administrator UI
    The information like Total Requests Served, Cahce Hit , Cache Misses etc are 0 and it does'nt changes...
    I have the directive keepAlive as[b] off in httpd.conf, will this have an impact over Web Cache ???
    Plz suggest me a way to check whether the request goes through Web Cache or directly to Oracle HTTP Server ??
    Deepak.C

    Keepalive has no impact on webcache, but it does have a huge impact on performance. So far I found no proper reason to put it off in any production system.
    Anyway, logging from webcache and/or apache (ias) should show how requests are going from the client to the AS.

  • HT201363 My mail for (how to reset your security questions) is not going through

    The mail for ( how to reset your Apple ID security questions) is not going through

    You need to contact Apple to get the questions reset. Click here, phone them, and ask for the Account Security team, or fill out and submit this form.
    (94341)

  • Workbench request goes to aother

    When I am creating New request . It is going to new Workbench Earlier It was going Local Change Request but Now It is doing to PRD Production system.
    Now I am unable to release Request that are in Local Change Request.
    Workbench            Workbench request
        Local Change Requests
            Modifiable
        -> PRD Production System
            Modifiable
    Customizing          Customizing request
    How I activate Local Change Request

    Hi,
    Your Workbench request in DEV is getting into PRD as customizing request, this was next to impossible.
    Workbench: client independent request(usually these technical changes)
    Customizing: these are client dependent(these are usually changes developed by functional ppl)
    You cannot release local change request, since these request are local to tht system/client and non-transportable. Probably you can try to re-save them and system will ask new request number while saving and you can save it in transportable change request.
    You can still create a new request from se01 and then add the objects of your local change request into the newly created request and save and release the request to transport.
    But still certain changes are non-transportable and they will be saved as local change request and even if you transport them  nothing is going to affect in target system.
    For this reason we openup the client to make manual changes.
    Please frame your question properly so that we can clarify your doubt.
    Regards,
    Raju.
    Edited by: Sita Rr Uppalapati on Mar 10, 2009 11:41 AM

  • Question of Request-CSCertificate command

    I have to generate a SAN certificate for my two 2013 FE servers. I want to use the Request-CSCertificate command. The question I have is on the switch "Computerfqdn". I am not sure what to specify for this value.
    The Microsoft documentation says the fqdn of the server you are requesting the certificate for but I want this certificate to be on both FE servers. I plan to get a certificate with a couple of SAN's from our public CA and install it on both FE servers by
    exporting it out. If I am going to do it that way, should I use the pool name for the Computerfqdn? The pool name points to both FE servers by way of a VIP and a load balancer. Seems to me if I specify the name of one of the FE servers in the command string,
    that I might have some issues when I export it and install it on the other FE server.
    If you need the actual command I am using, I can post it. It's a standard Request-CSCertificate command with the required switches.

    Hi,
    You should use the computer name instead of poo name when requesting a certificate. The Request-CsCertificate cmdlet will automatically add the pool name to the SAN list of certificate obtained using this cmdlet.
    Actually you can add all required SANs including two FEs using Lync deployment Certificate wizard directly.
    Kent Huang
    TechNet Community Support

  • Question regarding Request Notification Template - OIM 9.1.0.2

    Hi All,
    I have a question regarding notification generated when a request is raised. Currently, the body of the notification is referring the requestor who raise the request (the body of email has attributes like <%Requester Info.First Name%>, <%Requester Info.Last Name%>). Its fine if the requestor is raising the request for him/her self. However, if the requestor is raising the request on behalf of another user, then this notification is causing confusions, since its referring the requestor only in its body and not the beneficiary.
    Is there a way to include the end beneficiary's details in the body of the notification?
    Please help in this regard
    Regards
    Vinay

    Hi Gurus,
    Any idea on this?
    Regards
    Vinay

  • Unanswered Questions a request and a suggestion

    I, like others, have an inaccessible unanswered question. It has been deleted but still shows up as unanswered and there is no way for me to mark it as answered. I would appreciate it if the mods would mark it answered.
    I would like to suggest that when a question is deleted it should always disappear from the asker's unanswered list.

    Hi Hardy,
    You should have no unresolved questions now.
    We try to mark it as answered when we lock or remove but some slip by. I have been going back to some older ones and marking them when I can.
    Regards,
    Kady

Maybe you are looking for