%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=1777, sequence number=161369

Similar Messages

• CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

  Center router is cisco 7300 :
  Cisco IOS Software, 7301 Software (C7301-ADVIPSERVICESK9-M), Version 15.1(4)M2
  branch router is cisco1900:
  Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
  one branch router use EZVPN to connect the Center router .
  branch router logg :
  %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
  and 10% lose packets .
  but other branch use EZVPN to connect the Center router , is OK :
  Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(24)T5, RELEASE SOFTWARE (fc3)
  What can do for this issue ?
  Should I change the cisco1900 IOS to the 12.4 as the same as cisco880 ?

  Hi Anuj
  Thanks for your reply.
  Yes , the issue happens frequently , and lost packets  .  The log happand every 3 minutes.
  As I am not in charge the router in branch , I can not change the hardware accelerator.
  I have change the windows-size to 1024 in the branch router , but the issue is as befroe .
  Here is the show crypto ipse sa and the whole error message:
  sh crypto ipsec sa
  interface: Virtual-Access1
      Crypto map tag: Virtual-Access1-head-0, local addr 
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     current_peer                port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 519, #pkts encrypt: 519, #pkts digest: 519
      #pkts decaps: 665, #pkts decrypt: 665, #pkts verify: 665
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 0, #recv errors 0
       local crypto endpt.:       , remote crypto endpt.:  
       path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
       current outbound spi: 0x550C1C42(1426857026)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
        spi: 0x38F532D7(955593431)
          transform: esp-aes esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2091, flow_id: Onboard VPN:91, sibling_flags 80000046, crypto map: Virtual-Access1-head-0
          sa timing: remaining key lifetime (k/sec): (4561181/3566)
          IV size: 16 bytes
          replay detection support: Y  replay window size: 1024
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0x550C1C42(1426857026)
          transform: esp-aes esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2092, flow_id: Onboard VPN:92, sibling_flags 80000046, crypto map: Virtual-Access1-head-0
          sa timing: remaining key lifetime (k/sec): (4561911/3566)
          IV size: 16 bytes
          replay detection support: Y  replay window size: 1024
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:
  Dec 20 01:34:32.656: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=12353
  Dec 20 01:39:06.552: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=18191
  Dec 20 01:40:38.532: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=20363
  Dec 20 01:43:05.856: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=23609

• "Crypto replay check failed" errors

  Hey folks,
  I have a site-to-site IPSEC VPN using 2 catalyst 6500's running IOS 12.2(18)SXD7b on each end.
  After reviewing the syslog files this morning, I noticed that for the last 4 days at approximately the same time each nite, my router reports this error:
  Local7.Warning: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
  The error reporting tool on cisco.com says this error is benign, but does not give much info or troubleshooting tips. I've double checked my configuration and everything looks fine. Have you guys seen this before? Any tips?
  Thanks,
  SM

  Hi Steve, check this link if it can help you:
  http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K07229553
  Regards,
  Ricardo

• %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt mac verify failed

  Hello,
  I know this question has been asked many times on the forum, I am constantly getting the below error message on my 2811 Router:
  *Aug  9 07:07:01.507: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3004 local=3.3.3.1 remote=3.3.3.2 spi=CDE6EACF seqno=00005214
  N.R-HQ#        
  *Aug  9 07:08:33.231: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=3004 local=3.3.3.1 remote=3.3.3.2 spi=CDE6EACF seqno=000056E4
  I did some research and found the IOS is in the KAV list of bug#CSCsv43145. I upgraded the IOS to 12.4(25e) which doesn't appear in the list but still same error occurs.
  -is the error just cosmetic
  -is there anyway to go around it?
  I have attached the config.
  10x,
  E.B:.

  Hi,
  12.4(25e) should not be affected by CSCsv43145, which is cosmetic. The issue you are seeing is likely not cosmetic, and is actually resulting in dropped packets due to mac authentication failures. To troubleshoot this type of issue, you really need to get sniffer traces on the WAN (encrypted) side from both tunnel end points and compare the packet in question (based on the spi/seq number reported in the log) and see if the packet is corrupted somehow. There is no easy way to get around this other than turning off authentication check in your ipsec transform, in which case no mac authentication will be performed on the packet, and you do need to consider the security implications when doing that.
  Hope this helps,
  Thanks,
  Wen

• %CRYPTO-4-PKT_REPLAY_ERR:

  I have been seeing the following error message in the logs for a few days now.
  %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=4587, sequence number=17094
  I managed to track down the connection id:4587 and I can see the peer IP with the actual recv errors. There is no issues with the VPN itself, traffic is working fine.
  I have tried to increase the actual window size under the specific crypto map for that particular peer and it makes no difference. Even cleared the sa after applying the changes.
  crypto map xxxxxxxxx 1 ipsec-isakmp
  set peer xxx.xxx.xxx.xxx
  security-association replay window-size 1024
  Have increased the replay window globally to 1024 however the errors keep appearing.
  crypto ipsec security-association replay window-size 1024
  Has anyone actually disabled the replay window checking? did it impact anything?
  crypto ipsec security-association replay disable
  no crypto ipsec security-association replay window-size 1024
  does it actually stop the replay_errors?
  or to stop these errors do you need to change the hash algorithm from sha instead of md5?

  Adam,
  I don't have a resolution yet, so I opened a TAC case last Saturday.  I'll keep you posted on this forum.

• CRYPTO-4-PKT_REPLAY_ERR syslog parsing

  Every time ios generates the "CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed" log msg I receive 3 syslog messages, like ios is not concatenating them into 1 msg string before sending.  It's really annoying because I can't filter a null string that also has a null message type on my nms. I tried changing the facility settings and get the same result.  If i use TCL to filter the syslog msg by type "CRYPTO-4-PKT_REPLAY_ERR" it will only filter the 1st syslog message since the types on the other 2 msgs are null. 
  I can't find a bug or discussion about this so I am hoping somebody out there might have a solution ... 
  DEVICE INFO:
  c3825-advipservicesk9-mz.124-25b.bin
  logging buffered 15000 debugging
  logging rate-limit all 3
  no logging console
  no logging monitor
  crypto logging session
  logging origin-id hostname
  logging facility syslog
  logging source-interface GigabitEthernet0/0
  logging 11.22.33.44
  FROM LOGGING BUFFER:
       Dec 14 08:00:37 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success       [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:00:37       CST Wed Dec 14 2011
  #1>> Dec 14 08:01:41 CST: %CRYPTO-4-PKT_REPLAY_ERR:       decrypt: replay check failed
  #2>>     connection id=70, sequence       number=43990
  #3>>
      Dec 14 08:10:36 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login       Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at       08:10:36 CST Wed Dec 14 2011
  THREE SYSLOG MSG's RECEIVED:
       #1
           MSG TYPE:   CRYPTO-4-PKT_REPLAY_ERR
           MSG STRING: 7015321: routerA: decrypt:       replay check failed
       #2
          MSG TYPE:   null
           MSG STRING: 7015322: routerA: connection id=70, sequence       number=43990
      #3
          MSG TYPE:   null
           MSG STRING: 7015323: routerA:       

  Every time ios generates the "CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed" log msg I receive 3 syslog messages, like ios is not concatenating them into 1 msg string before sending.  It's really annoying because I can't filter a null string that also has a null message type on my nms. I tried changing the facility settings and get the same result.  If i use TCL to filter the syslog msg by type "CRYPTO-4-PKT_REPLAY_ERR" it will only filter the 1st syslog message since the types on the other 2 msgs are null. 
  I can't find a bug or discussion about this so I am hoping somebody out there might have a solution ... 
  DEVICE INFO:
  c3825-advipservicesk9-mz.124-25b.bin
  logging buffered 15000 debugging
  logging rate-limit all 3
  no logging console
  no logging monitor
  crypto logging session
  logging origin-id hostname
  logging facility syslog
  logging source-interface GigabitEthernet0/0
  logging 11.22.33.44
  FROM LOGGING BUFFER:
       Dec 14 08:00:37 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success       [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:00:37       CST Wed Dec 14 2011
  #1>> Dec 14 08:01:41 CST: %CRYPTO-4-PKT_REPLAY_ERR:       decrypt: replay check failed
  #2>>     connection id=70, sequence       number=43990
  #3>>
      Dec 14 08:10:36 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login       Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at       08:10:36 CST Wed Dec 14 2011
  THREE SYSLOG MSG's RECEIVED:
       #1
           MSG TYPE:   CRYPTO-4-PKT_REPLAY_ERR
           MSG STRING: 7015321: routerA: decrypt:       replay check failed
       #2
          MSG TYPE:   null
           MSG STRING: 7015322: routerA: connection id=70, sequence       number=43990
      #3
          MSG TYPE:   null
           MSG STRING: 7015323: routerA:       

• Error Message: The attempt to connect to the report server failed. Check your connection information and that the report server is a compatible version. The request failed with HTTP status 404: Not Found.

  I have a web page that contains a ReportViewer control.  I am trying to display a report, which is an .rdl file located on the SSRS server, in this ReportViewer control.  I have set the ReportPath and ReportServerUrl correctly.  I am
  getting an error message.
  Am I suppose to use an .rdlc file rather than a .rdl file?  Does the web server configuration need to use a certain account?
   I am getting the following error message:
  The attempt to connect to the report server failed. Check your connection information and that the report server is a compatible version.
  The request failed with HTTP status 404: Not Found.

  Hi bucaroov,
  The error "The request failed with HTTP status 404: Not Found." means the ReportServerURL configured in the ReportViewer control is invalid.
  Please follow these steps to solve the issue:
  Logon the Report Server machine.
  Open the Reporting Services Configuration Manager.
  Copy the Report Server URL from 'Web Services URL'.
  Logon the application server(in this case, it is the server that host the web page), check if we can use the URL we got from step 3 to access the Report Server. If so, please replace the ReportServerURL in the ReportViewer control with this URL. If it is
  not available, could you please post the error message.
  Additionaly, we don't need to provide the extension for a server report. The ReportPath should be like: /<reports folder>/<report name>
  For more information, please see:
  Walkthrough: Using the ReportViewer Control in Remote Mode:
  http://msdn.microsoft.com/en-us/library/ms251669(VS.80).aspx
  If you have any more questions, please feel free to ask.
  Thanks,
  Jin Chen
  Jin Chen - MSFT

• AIX SSH Connectivity,  existence check failed for bin/bash

  hello;
  I received error
  AIX 7 Oracle RAC 11g R2
  Oracle RAC AIX SSH Connectivity
  existence check failed for bin/bash on node2
  but the bin/bash exists
  have any idea?
  regards
  siyavus
  Edited by: sak on May 31, 2011 10:41 PM

  Does it really say "bin/bash"? It should have a slash in front of bin: "/bin/bash"
  Can you login to node 2 and do:
  echo $PATH
  ls -l /bin/bash

• TCP connectivity check failed for subnet

  hi
  im trying to add a node to my 11.2 grid infrastructure and the cluster verification is returning error
  Check: TCP connectivity of subnet "152.15.123.0"
  Source Destination Connected?
  inode2:127.0.0.1 inode2:152.15.123.4 failed
  Result: TCP connectivity check failed for subnet "152.15.123.0"
  this happens when i run cluvfy with pre nodeadd option, there is no other failure ...
  any idea what it could be ?

  Hello Buddy,
  Please note that inode2:127.0.0.1 is using loopback IP, please check your network configuration and retry the cluvfy operation.
  Cheers,
  Rodrigo Mufalani
  www.mufalani.com.br/blog

• RAC - Cluvfy - TCP connectivity check failed for subnet

  Hi ...this is Oracle RAC 10.2.0.4.0 .. has anyone witnessed this check failure or is able to comment on how I should debug the same
  ./runcluvfy.sh stage -post hwos -n all -verbose
  Check: TCP connectivity of subnet "172.30.182.0"
  Source Destination Connected?
  sekiazu0230:172.30.182.67 sekiazu0231:172.30.182.68 failed
  sekiazu0230:172.30.182.67 sekiazu0231:172.30.182.68 failed
  Result: TCP connectivity check failed for subnet "172.30.182.0"
  Interface information for node "sekiazu0230"
  Name IP Address Subnet Gateway Def. Gateway HW Address MTU
  en0 172.30.182.67 172.30.182.0 172.30.182.67 172.30.182.1 1E:40:3D:1C:96:02 1500
  en0 172.30.182.67 172.30.182.0 172.30.182.67 172.30.182.1 1E:40:3D:1C:96:02 1500 ===> Duplicated ?
  en1 172.30.190.48 172.30.190.0 172.30.190.48 172.30.182.1 1E:40:3D:1C:96:03 1500
  en2 10.252.34.9 10.252.34.0 10.252.34.9 172.30.182.1 1E:40:3D:1C:96:04 65390
  Thank you for all feedback
  Steve

  Hello Buddy,
  Please note that inode2:127.0.0.1 is using loopback IP, please check your network configuration and retry the cluvfy operation.
  Cheers,
  Rodrigo Mufalani
  www.mufalani.com.br/blog

• I get a message IOS 6.1.2 failed verification because you are no longer connected to the internet .  i checked my connection to internet and its fine for mail and all other internet use only keep getting nowhere fast.

  i get a message IOS 6.1.2 failed verification because you are no longer connected to the internet .  i checked my connection to internet and its fine for mail and all other internet use only keep getting nowhere fast

  Just Power off your Iphone wait for 10 seconds and then power on again and got to settings and software update it will download the update once again and it will work fine.

• Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages

  Hi All,
  I get following log message on my spoke 881 router from time to time.
  For instance today I got 80 messages like this.
  Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages
  This is dual hub DMVPN connectivity and both tunnels are stable during the day and EIGRP never dropped.
  User behind this router also never complained. They run mainly voip traffic and I have QoS both on HUB and Spokes defined under tunnel as qos-preclassify and policy-map is applied on the physical interface.
  I have also increased replay window size up to 1024, but it did not help.
  Wondering what else can be done here.
  IOS ver both on spokes and hub is 15.2.3(T3)

  Don't know where they came from, but you could turn on debugging ipsec and isakmp to see if there is a relation with other events like rekeying.
  Michael
  Please rate all helpful posts

• Signer restraint check failed exception using JCE with JDev 10.1.2

  I am developing an app which receives an string which is encrypted on another server and passed back in an HTTP header.
  When trying to decrypt the string, I receive the following exception:
  java.lang.ExceptionInInitializerError
       at javax.crypto.SecretKeyFactory.getInstance(DashoA6275)
       at common.encryption.EncryptionUtil.decrypt(EncryptionUtil.java:170)
       at login.jspService(_login.java:222)
       [SRC:/login.jsp:157]
       at com.orionserver[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
       at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:350)
       at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:509)
       at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:413)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:285)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:126)
       at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
       at java.lang.Thread.run(Thread.java:534)
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs: java.lang.SecurityException: Signer restraint check failed!
       at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
       ... 15 moreSun's documents state that: The two crypto policy files and jce framework jar files should be signed by the same entity. This restraint is now enforced. If this is not the case, a SecurityException will be thrown stating that "Signer restraint check failed".
  I am deploying and running from to a standalone OC4J implementing SSL.
  I am using the versions that come with JDK 1.4.2.11
  Does anyone have any idea what is going on here?
  Thanks.

  I'm experiencing the exact same issue and I can't find the solution either. Keep me posted if you find anything out

• TCP active open: Failed connect()    Error: Connection timed out SMTP

  Hi,
  Messaging server version is,
  ./imsimta version
  Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr 3 2006)
  libimta.so 6.2-6.01 (built 11:20:35, Apr 3 2006)
  SunOS bglbbmr1-a-fixed 5.9 Generic_118558-28 sun4u sparc SUNW,Sun-Fire-V440
  17-Dec-2008 10:47:40.08 1730.8e.741
  tcp_local Q 4 [email protected] rfc822;[email protected] [email protected] /mta/queue/queue/tcp_local/013/ZUg0i1t9I0ZG~.00 <[email protected]>; TCP active open: Failed connect() Error: Connection timed out SMTP/xyz.my-domain.in
  I have been getting this above error on my mail server from last
  4-5 days. I am getting complaints from end users that the users can't
  send any mails using Outlook but I did check with my test user I can
  send mail by using webmail.
  The Failed MX lookup Errors also getting in my logs the error detail given bellow.
  17-Dec-2008 10:47:39.65 1730.91.737
  tcp_local - Y TCP|0.0.0.0||209.85.143.114|25 SMTP/airtelmail.in/aspmx.l.google.com
  17-Dec-2008 10:47:39.92 1754.41.255
  tcp_notify - Y SMTP/infomedia18.in/infomedia18.in
  17-Dec-2008 10:47:39.92 1754.41.256
  tcp_notify Q 7 rfc822;[email protected] [email protected] /mta/queue/queue/tcp_notify/017/ZXg0i1t3U_ZoD.00 <[email protected]>; Failed MX lookup; try again later
  17-Dec-2008 10:47:39.94 1754.41.257
  tcp_notify Q 6 rfc822;[email protected] [email protected] /mta/queue/queue/tcp_notify/010/ZXg0i1t3U_ZoF.00 <0KBZ003MRGU7MQ30@my-domain> Failed MX lookup; try again later
  I tried stopping and starting msg service using stop-msg and start-msg to sort out this above problem but no result. :(
  When I do check the tcp_local queue it has been growing every day as well the tcp_notification queue also.
  /opt/SUNWmsgsr/sbin/imsimta qm su
  Messages
  Channel Queued Size (Kb) Oldest
  tcp_notify 10741 1080610.61 16 Dec, 00:59:24
  tcp_local 8334 733849.31 15 Dec, 00:19:00
  tcp_lmtpcn 0 0.00
  tcp_be 0 0.00
  reprocess 0 0.00
  process 0 0.00
  conversion 0 0.00
  Totals 19075 1814459.92
  This queues are increasing day by day.
  One more thing is that I cant see a service/channel called CONVERSION running on my server when i do use this command.
  ps -aef | grep conversion
  root 6144 6000 0 11:14:28 pts/1 0:00 grep conversion
  When i try to start it using imsimta qm utility, output shows as
  qm.maint>; start conversion
  QM-I-STARTED, channel was not stopped
  qm.maint>;
  Later I stopped and started conversion channel
  qm.maint>; stop conversion
  QM-I-STOPPED, channel stopped
  qm.maint>; start conversion
  QM-I-STARTED, channel started
  qm.maint>;
  I can see that on other servers the conversion channel is running and few msges are in queue. I do have other servers which running the same messaging server. But I am not getting why don't on this server. Where both servers having the same configuration.
  Please, help me to sort out this issue.
  Thanks in advance....
  BSK

  Thanks Mr. Shane,
  The server which is running conversion channel.
  ps -eaf|grep conversion
  mailserv 16824 8472 3 17:08:11 ? 0:48 /opt/SUNWmsgsr/lib/conversion
  mailserv 28728 8472 0 17:17:30 ? 0:00 /opt/SUNWmsgsr/lib/conversion
  root 1057 26387 0 17:18:12 pts/1 0:00 grep conversion
  more /opt/SUNWmsgsr/config/conversions
  in-channel=*; in-type=application; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  in-channel=*; in-type=x-zip-compressed; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  in-channel=*; in-type=image; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  in-channel=*; in-type=audio; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  in-channel=*; in-type=video; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  Following entry from /opt/SUNWmsgsr/lib/config-templates/imta_tailor
  IMTA_CONVERSION_FILE=<msg.RootPathUNIX>/config/conversions
  The server which doesnt show running conversion channel
  #more /opt/SUNWmsgsr/config/conversions
  !in-channel=*; in-type=*; in-subtype=*; in-disposition=*;
  ! parameter-symbol-0=NAME; parameter-copy-0=*;
  ! dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  ! message-header-file=2; original-header-file=1;
  ! override-header-file=1; override-option-file=1;
  ! command="/opt/SUNWmsgsr/private/virusscan.sh"
  in-channel=*; in-type=application; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  in-channel=*; in-type=x-zip-compressed; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  in-channel=*; in-type=image; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  in-channel=*; in-type=audio; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  in-channel=*; in-type=video; in-subtype=*; in-disposition=*;
  parameter-symbol-0=NAME; parameter-copy-0=*;
  dparameter-symbol-0=FILENAME; dparameter-copy-0=*;
  message-header-file=2; original-header-file=1;
  override-header-file=1; override-option-file=1;
  command="/opt/SUNWmsgsr/private/virusscan.sh"
  Following entry from /opt/SUNWmsgsr/lib/config-templates/imta_tailor
  IMTA_CONVERSION_FILE=<msg.RootPathUNIX>/config/conversions
  Is this above information u r asking?
  As u wrote erlier, the conversion channel works some times and some times doesn't work.
  Thanks lot...
  BSKADAM

• Java ME 8 Permission check failed when opening a serial port

  I have a larger Jave ME8.1 application that was going well until I tried to add one last piece, reading and writing data from a serial port. This was left to last because it is trivial, at least in most programming languages. The is IDE NetBeans 8.0.2 running on a Windows 7 PC. The platform is a Raspberry Pi B or B+ (I have tried both) with the most current Raspbian (12/24/2014 I believe). To simplify the process I created a new app with just the open and close code and this generates the same error I am experiencing in the larger application. The program is as follows:
  package javamecomapp;
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.OutputStream;
  import java.util.logging.Level;
  import java.util.logging.Logger;
  import javax.microedition.io.CommConnection;
  import javax.microedition.io.Connector;
  import javax.microedition.midlet.MIDlet;
  * @author ****
  public class JavaMEcomApp extends MIDlet {
      static int BAUD_RATE = 38400;
      static String SERIAL_DEVICE = "ttyAMA0";
      static CommConnection commConnection = null;
      static OutputStream os = null;
      static InputStream is = null;
      static String connectorString;
      private int rtnValue = -1;
      @Override
      public void startApp() {
          java.lang.System.out.println("Opening comm port.");
          try {
              rtnValue = JavaMEcomApp.openComm();
          } catch (IOException ex) {
              Logger.getLogger(JavaMEcomApp.class.getName()).log(Level.SEVERE, null, ex);
      @Override
      public void destroyApp(boolean unconditional) {
          java.lang.System.out.println("Closing comm port.");
          try {
              rtnValue = JavaMEcomApp.closeComm();
          } catch (IOException ex) {
              Logger.getLogger(JavaMEcomApp.class.getName()).log(Level.SEVERE, null, ex);
          private static int openComm()throws IOException {
              java.lang.System.out.println("Opening comm port.");
              connectorString = "comm:" + SERIAL_DEVICE + ";baudrate=" + BAUD_RATE;
              commConnection = (CommConnection)Connector.open(connectorString);
              is  = commConnection.openInputStream();
              os = commConnection.openOutputStream();
          return 0;
      private static int closeComm()throws IOException {
          java.lang.System.out.println("Closing comm port.");
              is.close();
              os.close();
              commConnection.close();
          return 0;
  If I comment out the JavaMEcomApp.openComm and closeComm lines it runs fine. When they are included, the following error is dumped to the Raspberry Pi terminal:
  Opening comm port.
  Opening comm port.
  [CRITICAL] [SECURITY] iso=2:Permission check failed: javax.microedition.io.CommProtocolPermission "comm:ttyAMA0;baudrate=38400" ""
  TRACE: <at java.security.AccessControlException: >, startApp threw an Exception
  java.security.AccessControlException:
  - com/oracle/meep/security/AccessControllerInternal.checkPermission(), bci=118
  - java/security/AccessController.checkPermission(), bci=1
  - com/sun/midp/io/j2me/comm/Protocol.checkForPermission(), bci=16
  - com/sun/midp/io/j2me/comm/Protocol.openPrim(), bci=31
  - javax/microedition/io/Connector.open(), bci=77
  - javax/microedition/io/Connector.open(), bci=6
  - javax/microedition/io/Connector.open(), bci=3
  - javamecomapp/JavaMEcomApp.openComm(), bci=46
  - javamecomapp/JavaMEcomApp.startApp(), bci=9
  - javax/microedition/midlet/MIDletTunnelImpl.callStartApp(), bci=1
  - com/sun/midp/midlet/MIDletPeer.startApp(), bci=5
  - com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=246
  - com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
  - com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
  - com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
  - com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
  java.security.AccessControlException:
  - com/oracle/meep/security/AccessControllerInternal.checkPermission(), bci=118
  - java/security/AccessController.checkPermission(), bci=1
  - com/sun/midp/io/j2me/comm/Protocol.checkForPermission(), bci=16
  - com/sun/midp/io/j2me/comm/Protocol.openPrim(), bci=31
  - javax/microedition/io/Connector.open(), bci=77
  - javax/microedition/io/Connector.open(), bci=6
  - javax/microedition/io/Connector.open(), bci=3
  - javamecomapp/JavaMEcomApp.openComm(), bci=46
  - javamecomapp/JavaMEcomApp.startApp(), bci=9
  - javax/microedition/midlet/MIDletTunnelImpl.callStartApp(), bci=1
  - com/sun/midp/midlet/MIDletPeer.startApp(), bci=5
  - com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=246
  - com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
  - com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
  - com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
  - com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
  Closing comm port.
  Closing comm port.
  TRACE: <at java.lang.NullPointerException>, destroyApp threw an Exception
  java.lang.NullPointerException
  - javamecomapp/JavaMEcomApp.closeComm(), bci=11
  - javamecomapp/JavaMEcomApp.destroyApp(), bci=9
  - javax/microedition/midlet/MIDletTunnelImpl.callDestroyApp(), bci=2
  - com/sun/midp/midlet/MIDletPeer.destroyApp(), bci=6
  - com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=376
  - com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
  - com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
  - com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
  - com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
  java.lang.NullPointerException
  - javamecomapp/JavaMEcomApp.closeComm(), bci=11
  - javamecomapp/JavaMEcomApp.destroyApp(), bci=9
  - javax/microedition/midlet/MIDletTunnelImpl.callDestroyApp(), bci=2
  - com/sun/midp/midlet/MIDletPeer.destroyApp(), bci=6
  - com/sun/midp/midlet/MIDletStateHandler.startSuite(), bci=376
  - com/sun/midp/main/AbstractMIDletSuiteLoader.startSuite(), bci=38
  - com/sun/midp/main/CldcMIDletSuiteLoader.startSuite(), bci=5
  - com/sun/midp/main/AbstractMIDletSuiteLoader.runMIDletSuite(), bci=130
  com/sun/midp/main/AppIsolateMIDletSuiteLoader.main(), bci=26
  I have tried this with three different serial ports, /dev/ttyAMA0 (yes I did disable the OS from using it), an arduino board /dev/ttyACM0, and a USB to RS485 adaptor /dev/ttyUSB0. All of these ports could be connected and use normally with both a C program and terminal program in the Pi. The API Permissions were set in the project properties / Application Descriptor / API Permissions to jdk.dio.DeviceMgmtPermission "/dev/ttyAMA0". This of course was changed as I tested different devices.
  I found a reference suggesting adding the line "authentication.provider = com.oracle.meep.security.NullAuthenticationProvider" to the end of the jwc_properties.ini file. This had no effect. I found references that during development in eclipse and NetBeans, the app is already elevated to the top level so this should not be an issue until deployment. This does not appear to be the case.
  I am out of time and need a solution quickly. Any suggestions are welcome.

  Terrence,
     Thank you for responding and confirming the issues I'm having with static addressing.  As far as the example above, I do have the standard LEDs working correctly, however, the example I'm referring to above is from the JavaME samples using the GPIO Port for the LEDS, according to the Device I/O Preconfigured List you referenced:
  GPIO Ports
  The following GPIO ports are preconfigured.
  Devicel ID
  Device Name
  Mapped
  Configuration
  8
  LEDS
  PTB22
  PTE26
  PTB21
  direction = 1 (Output only)
  initValue = 0
  GPIOPins:
  controllerNumber = 1
  pinNumber = 22
  mode = 4 (Push-pull mode)
  controllerNumber = 4
  pinNumber = 26
  mode = 4 (Push-pull mode)
  controllerNumber = 1
  pinNumber = 21
  mode = 4 (Push-pull mode)
  So is the assumption that using GPIOPort for accessing the GPIO port for Device ID 8 as listed in the Device I/O Preconfigured list not supported?