Crypto map has incomplete entries message

Similar Messages

• [ERR]crypto map WARNING: This crypto map is incomplete

  i have PIX 501 ver6.3(5) when i setup VPN i get this error message
  WARNING:This crypto map is incomplete to remedy the situation add a peer and a valid access-list to this crypto map.
  although it seems fine in sh conf command
  but tunnel is not started
  when i review log i found
  sa_request,ISAKMP Phase 1 exchange started

  i could successfully establish VPN with another FW cisco 501 6.3
  but still can't fix my dilemma which i connect to Huawei Eudemon 500‎
  sh isakmp
  PIX Version 6.3(5)‎
  interface ethernet0 10full
  interface ethernet1 100full
  nameif ethernet0 outside security0‎
  nameif ethernet1 inside security100 ‎
  access-list inside_outbound_nat0_acl permit ip host internal IP host name remote internal IP1‎
  access-list inside_outbound_nat0_acl permit ip host internal IP host name remote internal IP2‎
  access-list outside_cryptomap_100 permit ip host internal IP host remote internal IP1‎
  access-list outside_cryptomap_100 permit ip host internal IP host remote internal IP2 ‎
  global (outside) 1 interface‎
  nat (inside) 0 access-list inside_outbound_nat0_acl
  sysopt connection permit-ipsec
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ‎
  crypto ipsec security-association lifetime seconds 3600‎
  crypto map outside_map 100 ipsec-isakmp
  crypto map outside_map 100 match address outside_cryptomap_100‎
  crypto map outside_map 100 set peer remote peer
  crypto map outside_map 100 set transform-set ESP-3DES-SHA
  crypto map outside_map 100 set security-association lifetime seconds 3600 kilobytes 1843200‎
  crypto map outside_map interface outside
  isakmp enable outside
  ‎ ‎
  isakmp key ******** address remote peer netmask 255.255.255.255 no-xauth no-config-mode ‎
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption 3des
  isakmp policy 20 hash sha‎
  isakmp policy 20 group 2‎
  isakmp policy 20 lifetime 86400‎
  sh crypto map
  Crypto Map: "outside_map" interfaces: { outside }‎
  Crypto Map "outside_map" 100 ipsec-isakmp
  Peer = remote peer
  access-list outside_cryptomap_100; 2 elements‎
  access-list outside_cryptomap_100 line 1 permit ip host 10.102.0.11 host remote internal IP1 ‎‎(hitcnt=14) ‎
  access-list outside_cryptomap_100 line 2 permit ip host 10.102.0.11 host remote internal IP2 ‎‎(hitcnt=6) ‎
  Current peer: remote peer
  Security association lifetime: 1843200 kilobytes/3600 seconds‎
  PFS (Y/N): N
  Transform sets={ ESP-3DES-SHA, }‎
  Crypto Map: "set" interfaces: { }‎

• WARNING: This crypto map is incomplete

                  Hi ,
    i have ASA with 4 l2l vpn configured. as now am trying to configure new VPN tunnel; while configuring of crypto map set match add its giving me
  error like ... WARNING: This crypto map is incomplete
    as i have read all the discussion from forms its not effecting ; request you to please help
  Thanks
  Gajendra

  Hi,
  This is a normal message and just tells you that you have not yet entered all the "crypto map" commands related to this new connection to make the configuration complete
  You will essentially have to make sure that you have ATLEAST the following lines configured
  crypto map match address
  crypto map set peer
  crypto map set ikev1 transform-set
  The "transform-set" part might NOT need the "ikev1" depending on your ASAs software level.
  - Jouni

• Converting crypto map to unnumbered VTI

  I'm trying to convert a crypto map VPN to a ip unnumbered VTI. The crypto map has been working for months. The VTI... no so much. Here are the applicable config entries.
  ### original config
  crypto isakmp policy 30
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key xxxxxxxx address 10.1.1.10
  crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
  crypto map CRYPTO 50 ipsec-isakmp
  set peer 10.1.1.10
  set transform-set 3DES-SHA
  set pfs group2
  match address VPN1
  ip access-list extended VPN1
  permit ip host 172.16.16.10 host 10.5.5.1
  permit ip host 172.16.16.10 host 10.5.5.4
  I only removed the crypto map and added the following.
  ### New Config
  crypto ipsec profile V1
  set security-association lifetime seconds 28800
  set transform-set 3DES-SHA
  set pfs group2
  interface Tunnel0
  ip unnumbered FastEthernet0/0
  ip nat outside
  ip virtual-reassembly
  tunnel source 172.16.8.1
  tunnel destination 10.1.1.10
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile V1
  I keep getting this ISAKMP error now.
  ISAKMP:(0:54:HW:2):deleting SA reason "Recevied fatal informational" state (I) QM_IDLE (peer 10.1.1.10)
  Any help would be greatly appreciated. Also... I have no idea what is running on the other end (it's a partner network), but I suspect it's a crypto map on IOS.
  Thank you!

  Access-lists, FW (ZBF, CBAC) and all other features work on SVTI same way they would work on a physical or other logical interfaces (with very few exceptions). 

• Crypto map entry is incomplete

  Hi
  This is my config below. The error i am recieving is crypto map entry is incomplete. Can someone please take a look and let me know.  Thank you
  ASA(config)# crypto map outside_map 1 match address outside_1_cryptomap
  WARNING: The crypto map entry is incomplete!
  ASA(config)# show run
  : Saved
  ASA Version 8.4(4)1
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.10.10.2 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address dhcp setroute
  ftp mode passive
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network net-local
  subnet 10.10.10.20 255.255.255.0
  object network net-remote
  subnet 10.10.3.0 255.255.255.0
  access-list outside_1_cryptomap extended permit ip 10.10.10.20 255.255.255.0 10.
  10.3.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat (any,any) source static net-local net-local destination static net-remote ne
  t-remote
  object network obj_any
  nat (inside,outside) dynamic interface
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs group1
  crypto map outside_map 1 set peer 96.145.68.82
  crypto map outside_map interface outside
  crypto ikev1 enable outside
  crypto ikev1 policy 10
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 10.10.10.22-10.10.10.231 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  tunnel-group 81.141.29.69 type ipsec-l2l
  tunnel-group 81.141.29.69 ipsec-attributes
  ikev1 pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:c2b7cdae5eb0961d822f634f2b36d3dc
  : end
  ASA(config)#

  Hi,
  You lack a "transform-set" configuration from the "crypto map" line.
  For example
  Create the IKEv1 Transform set
  crypto ipsec ikev1 transform-set AES esp-aes esp-sha-hmac
  and
  Use it in the VPN configuration
  crypto map outside_map 1 set ikev1 transform-set AES
  The values ofcourse depend on the your own preference
  Hope this helps
  - Jouni

• Crypto map incomplete

  I have PIX 515 and trying to add a gateway to gateway VPN tunnel with dynamic IP. I already have two other VPN tunnels configured with static IP. I enter the access-list 110 than the crypto map mymap 20 ipsec-isakmp no problem. than the crypto map mymap 20 match address 101 I get error message Crypto map incomplete. Why am I getting this error and how do I get around it. Thanks.

  Yes I have an Incomplete.
  crypto ipsec transform-set tr-set esp-des esp-md5-hmac
  crypto dynamic-map dynmap 10 set transform-set tr-set
  crypto dynamic-map dynmap 15 set transform-set tr-set
  crypto dynamic-map dynmap 15 set security-association lifetime seconds 3600 kilo
  bytes 4608000
  crypto map mymap 10 ipsec-isakmp
  crypto map mymap 10 match address 101
  crypto map mymap 10 set peer 70.106.123.11
  crypto map mymap 10 set transform-set tr-set
  crypto map mymap 15 ipsec-isakmp
  crypto map mymap 15 match address 105
  crypto map mymap 15 set peer 67.100.146.217
  crypto map mymap 15 set transform-set tr-set
  crypto map mymap 20 ipsec-isakmp
  ! Incomplete
  crypto map mymap 6335 ipsec-isakmp dynamic dynmap
  crypto map mymap interface outside

• "Message number: FI311: Any commitment item has been entried in the positio

  Hello,
  when I try to post a customer invoice with fb70 tx , and I have created a derivation rule : cost center-->fund center, and also the G/L account that I am using in the posting has a commmitment item assigned , but the system shows the next error:
  "Message number: FI311: Any commitment item has been entried in the position 00001 1000(Cocd)
  6001000200(G/L account).
  But in the tx Fb01, the system  run correctly and make the derivation
  Which is the problem , some note to implement ?
  Best Regards
  Olga

  Hi,
  When you post a document, all lines have to receive FM assignment. I believe, you are receiving this message on the line of the customer. Go to FMDERIVE, activate a trace and you will see if you have rules missing to derive FM object.
  Regards,
  Eli

• HT1349 my itunes on my laptop (not a mac) has an error message that reads "the procedure entry point_objc_load_image could not be located in the dynamic link library.objc.dll"  then another window will come up telling to to uninstall the apple mobile and

  my itunes on my laptop (not a mac) has an error message that reads "the procedure entry point_objc_load_image could not be located in the dynamic link library.objc.dll"  then another window will come up telling to to uninstall the apple mobile and itunes and reinstall them?  will this delete everythin in the itunes account?  please help

  This might help https://discussions.apple.com/thread/5821701

• Rejecting IPSec tunnel: no matching crypto map entry for remote proxy

  Hi!
  I have already search for this but didn't get an exact answer I'm looking for so I try asking it again (if there is the same question).
  I'm in process of migrating some VPN tunnels with  from a Cisco router to an ASA, everything will keep the same but just the peering IP address. However, some of the tunnel was being torn down since it request for a proxy doesn't match the one configured on our side. And the remote peer said there is no such issue on the previous platform, but now they need to reset the tunnel from time to time.
  Apr 18 2013 07:29:10 asa002 : %ASA-3-713061: Group = 192.168.1.226, IP = 192.168.1.226, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 192.168.1.226/255.255.255.255/0/0 local proxy 10.10.9.81/255.255.255.255/0/0 on interface outside
  Apr 18 2013 07:29:10 asa002 : %ASA-3-713902: Group = 192.168.1.226, IP = 192.168.1.226, QM FSM error (P2 struct &0x745e9150, mess id 0x8d7ad777)!
  Apr 18 2013 07:29:10 asa002 : %ASA-3-713902: Group = 192.168.1.226, IP = 192.168.1.226, Removing peer from correlator table failed, no match!
  The remote peer said they did not change the proxy id on their side so it is possibly the old platform will just not setting up the SA without torn down the tunnel while the ASA on the new platform will torn down if there is any mismatch.
  Anyway I have requested the remote side to remove those unmatched entried to avoid the tunnel being torn down, but if there any configuration that is related to this issue? i.e. Just bring up the SA with matched addresses and ignore others, instead of torn down the tunnel.
  Thanks!!
  //Cody

  Are you trying to send traffic destined towards the internet from 172.16.0.0/20 via this ASA as well? why? are you inspecting those traffic before being sent out to the internet?
  If so, this end also needs to be configured with "any" as well --> crypto ACL needs to mirror image.
  access-list outside_1_cryptomap extended permit ip any 172.16.0.0 255.255.240.0
  Then you also need NAT on the outside interface, otherwise, traffic from 172.16.0.0/20 is not PATed to a public IP, and won't be able to reach the internet:
  nat (outside) 1 172.16.0.0 255.255.240.0

• Rejecting IPSec tunnel: no matching crypto map entry for remote proxy on interface outside.

  Hi,
  I have read a problem where the VPN between an ISP and ourselves started dropping sessions. I have rebuilt the crypto map and tried to dig deeper into my config and some basic troubleshooting while I await the ISP to respond.
  Any ideas?
  Thanks Steve
  https://supportforums.cisco.com/thread/255085
  http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution10
  5 Jun 13 15:46:25 713904 IP = 209.183.xxx.xxx, Received encrypted packet with no matching SA, dropping
  4 Jun 13 15:46:25 113019 Group = 209.183.xxx.xxx, Username = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found
  3 Jun 13 15:46:25 713902 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Removing peer from correlator table failed, no match!
  3 Jun 13 15:46:25 713902 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, QM FSM error (P2 struct &0xda90f540, mess id 0x76c09eb7)!
  3 Jun 13 15:46:25 713061 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 172.16.0.0/255.255.240.0/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface outside
  5 Jun 13 15:46:25 713119 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, PHASE 1 COMPLETED
  6 Jun 13 15:46:25 113009 AAA retrieved default group policy (DfltGrpPolicy) for user = 209.183.xxx.xxx
  6 Jun 13 15:46:25 713172 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device

  Are you trying to send traffic destined towards the internet from 172.16.0.0/20 via this ASA as well? why? are you inspecting those traffic before being sent out to the internet?
  If so, this end also needs to be configured with "any" as well --> crypto ACL needs to mirror image.
  access-list outside_1_cryptomap extended permit ip any 172.16.0.0 255.255.240.0
  Then you also need NAT on the outside interface, otherwise, traffic from 172.16.0.0/20 is not PATed to a public IP, and won't be able to reach the internet:
  nat (outside) 1 172.16.0.0 255.255.240.0

• Multiple Crypto Maps on Single Outside Interface

  Hi, I had the following crypto map configured on my ASA5505 to allow Cisco IPSec VPN clients to connect from the outside:
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  I'm trying now to set up an additional crypto map - a static configuration to establish a tunnel with Windows Azure services. The configuration they gave me is:
  crypto map azure-crypto-map 10 match address azure-vpn-acl
  crypto map azure-crypto-map 10 set peer XXX.XXX.XXX.XXX (obfuscated)
  crypto map azure-crypto-map 10 set transform-set azure-ipsec-proposal-set
  crypto map azure-crypto-map interface outside
  However, when I apply that configuration, my Cisco IPSec clients can no longer connect. I believe my problem is that last line:
  crypto map azure-crypto-map interface outside
  which blows away my original line:
  crypto map outside_map interface outside
  It seems I'm stuck with picking just one of the maps to apply to the outside interface. Is there a way to apply both of these maps to the outside interface to allow both IPSec tunnels to be created? We're running ASA version 8.4(7)3.

  Hi,
  You can use the same "crypto map"
  Just add
  crypto map outside_map 10 match address azure-vpn-acl
  crypto map outside_map 10 set peer XXX.XXX.XXX.XXX (obfuscated)
  crypto map outside_map 10 set transform-set azure-ipsec-proposal-set
  Your dynamic VPN Clients will continue to work just fine as their "crypto map" statements are with the lowest priority/order in the "crypto map" configurations (65535) and the L2L VPN is higher (10)
  And what I mean with the above is that when a L2L VPN connections is formed from the remote end it will naturally match the L2L VPN configurations you have with "crypto map" configurations using the number "10". Then when a VPN Client connects it will naturally not match the number "10" specific configurations and will move to the next entry and will match it (65535)
  If you would happen to configure a new L2L VPN connection then you could give it the number "11" for example and everything would still be fine.
  Hope this helps
  - Jouni

• An error has occurred. Message on launch of FB4.5

  I own a license for FB 4 Standard and I own CS5 Production Premium. I did an upgrade to Web Premium 5.5 to get FB 4.5 Premium. I'm on a Mac Intel i7 with 10.6.7.
  I'm able to install all the software, but when I launch FB 4.5 I get "An error has occurred." message. The message says to "See the log file ... path to log" but I'm not sure what I'm looking for or how to fix it. The last section of output in the .log file says:
  !ENTRY org.eclipse.osgi 4 0 2011-05-29 08:36:20.840
  !MESSAGE Application error
  !STACK 1
  org.osgi.service.application.ApplicationException: No application id has been found.
  at org.eclipse.equinox.internal.app.EclipseAppContainer.startDefaultApp(EclipseAppContainer. java:262)
  at org.eclipse.equinox.internal.app.MainApplicationLauncher.run(MainApplicationLauncher.java :29)
  at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLau ncher.java:110)
  at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.jav a:79)
  at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:369)
  at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:619)
  at org.eclipse.equinox.launcher.Main.basicRun(Main.java:574)
  at org.eclipse.equinox.launcher.Main.run(Main.java:1407)
  I tried uninstalling the FB 4.5 that I did with the CS5.5 Installer and reinstalling it, but the same thing happens. My next plan was to download the FB 4.5 trial and try entering my serial number.
  Any advice or guidance would be appreciated. Thanks!
  Dave

  So I tried the trial version but my serial number didn't work I guess because it's for a CS5.5 Web Premium product. I also tried uninstalling my current version of FB4 Standard, uninstalling CS5.5 and starting from scratch without any copies of FlashBuilder in my Applications folder and that didn't work, same error log message. I ended up reinstalling my original copy of FB4 Standard so I could continue working.
  The odd thing is when I went to my MacBook Pro and uninstalled the copy of FB4 Standard I have on there and installed the CS5.5 FlashBuilder 4.5 Premium it works and started up fine. So I'm guessing there's something specific about my iMac setup that's preventing launch.
  I was looking at my FB installation details, don't know if this matters but I'm running the standalone version:
  Adobe Flash Builder Localized Standalone Feature 4.0.1.277662 com.adobe.flexbuilder.feature.standalone.nl1.feature.group
  eclipse.application=com.adobe.flexbuilder.standalone.FlexBuilderApplication
  Unfortunately it's the weekend (holiday in US too). I like the weekend for trying to get these things setup but I'm on my own and feel I'm out of luck until the work week starts.
  If anyone from Adobe is reading this with a beer in one hand and hotdog in the other (or burger or veggie burger or bbq chicken leg) on a hot memorial day and have an idea on how to fix this I'd really appreciate your advice. Thanks!

• Multiple mapping steps in the message monitor

  All,
  I have an interface that has several different mapping steps for the one interface (first one is a java mapping, and then the second an XSLT) and XI only shows one mapping step in the message monitor (which encompasses all of the mapping steps).  The payload before is the payload before any of the mapping steps, and the payload after is the payload after all the mapping steps. 
  I would like to be able to see the payload at each separate mapping stage.  This would make it a lot easier when debugging problems in the later stages of the mappings.  Does anyone know if this is possible?
  Regards,
  Jason

  Hi Jason,
  Even I have tried to see the results of multiple mappings in SXMB_MONI. But I couldnt find a way till now.
  I believe there is no way to see the results of multiple mappings. The only possible way is to test your mapping locally in IR.
  Regards,
  Divija.

• Overflow Map has received an inexplicable event from the front map

  Hello, I am posting this to ask if someone can shed additional light on this error. Is it due to incorrect usage of the SafeNamedCache or an internal error?
  2006-12-07 20:33:59.190 Tangosol Coherence 3.1/339 <Warning> (thread=RMI TCP Connection(3)-127.0.0.2, member=1): Overflow Map has received an inexplicable event from the front map; such an event should not have been possible to occur. The Overflow Map will arbitrarily interpret the event in order to maintain its own internal consistency. The likely origin of the event is direct modification of the front and/or back maps managed by the Overflow Map, a MapListener making re-entrant modifications to its source map, or an ObservableMap implementation that reacts to the Map API in a manner inconsistent with the specification (e.g. actively modifying its contents in a manner that differs from the sequence of API calls made against it). This Overflow Map instance will not repeat this warning, and will attempt to silently compensate for subsequent similar event irregularities.
  Event: MapEvent{ObservableHashMap added: key=CalypsoCache|22845412, value=Lease: CalypsoCache|22845412 (Cache=TangosolLock._locks, Size=Unknown, Version=0/0, IssuerId=0, HolderId=0, Status=LEASE_UNISSUED, Last locked at Wed Dec 31 16:00:00 PST 1969)}
  Stack trace follows:
  at com.tangosol.net.cache.OverflowMap.warnUnfathomable(OverflowMap.java:2947)
  at com.tangosol.net.cache.OverflowMap.putInternal(OverflowMap.java:1001)
  at com.tangosol.net.cache.OverflowMap.put(OverflowMap.java:360)
  at com.tangosol.coherence.component.util.CacheHandler.ensureLease(CacheHandler.CDB:15)
  at com.tangosol.coherence.component.util.daemon.queueProcessor.service.ReplicatedCache.lockResource(ReplicatedCache.CDB:29)
  at com.tangosol.coherence.component.util.CacheHandler.lock(CacheHandler.CDB:3)
  at com.tangosol.coherence.component.util.SafeNamedCache.lock(SafeNamedCache.CDB:1)
  at com.calypso.tk.lock.TangosolLock.acquire(TangosolLock.java:24)
  at com.calypso.tk.lock.DistributedReentrantLock.acquire(DistributedReentrantLock.java:50)
  at com.calypso.tk.util.cache.CalypsoCache.lock(CalypsoCache.java:1772)
  at com.calypso.tk.util.cache.CalypsoCache.getImpl(CalypsoCache.java:1325)
  at com.calypso.tk.util.cache.CalypsoCache.peekImpl(CalypsoCache.java:1320)
  at com.calypso.tk.util.cache.CalypsoCache.peek(CalypsoCache.java:244)
  at com.calypso.tk.util.cache.CalypsoCache.put(CalypsoCache.java:314)
  at com.calypso.tk.core.sql.BookSQL.putInCache(BookSQL.java:314)
  at com.calypso.tk.core.sql.BookSQL.loadAll(BookSQL.java:1494)
  at com.calypso.tk.core.sql.BookSQL.loadAll(BookSQL.java:1158)
  at com.calypso.tk.core.sql.BookSQL.load(BookSQL.java:1186)
  at com.calypso.tk.core.sql.BookSQL.getBook(BookSQL.java:545)
  at com.calypso.tk.core.sql.BookSQL.get(BookSQL.java:237)
  at com.calypso.tk.refdata.sql.UserDefaultsSQL$UserDefaultsLoader.buildObjectFromResultSet(UserDefaultsSQL.java:307)
  at com.calypso.tk.core.sql.SQLObjectPersistor.executeSQL(SQLObjectPersistor.java:399)

  It is quite strange, of course, to have confusion with which config is being used, which is why there is now a log message telling you which config was loaded. I think that the log message was introduced in version 3.1 or 3.2.
  The other thing that I do (at least when testing something) is specify the config on the command line, e.g.
  java -server -Xms128m -Xmx128m -Dtangosol.coherence.cacheconfig=C:\java\dev\test-cache-config.xml -cp coherence.jar;tangosol.jar;...
  BTW, I have downloaded 3.2.1 and will be using that for my tests. So presumably the warning/error will no longer occur? That is our expectation, since it would be a bug (unless you were doing one of the weird things mentioned in the message).
  Keep in mind that even with the message, the Overflow Map keeps going; it is just a warning (albeit a complicated sounding one) that indicates that some internal state (or event stream or lack thereof) is not what was expected as the result of one or more actions.
  I apologize for the inconvenience, and thank you for taking your time to clarify it. We do work hard to avoid this type of issue (or any related confusion), and we have continued to increase our unit and regression test coverage with each release, including with respect to this issue. With that in mind, please do not hesitate to contact us (on this forum if you would like) with suggestions and other feedback; we do want to be aware of the things that our customers are looking for and would like to see improved.
  Peace,
  Cameron Purdy
  Tangosol Coherence: The Java Data Grid

• Lower limit can only be changed during initial entry, Message no. NR651

  Hi Experts,
  As per the number ranges limit values defined in the system for the planned orders, there is a need to increase the number ranges.
  System is not allowing us to change the limit values of the Planned orders in MD91 and showing the Message no. NR651.
  We have also searched for the available threads in SCN and other sites, but didn't find the root cuase link for this error.
  System message:
  Lower limit can only be changed during initial entry
  Message no. NR651
  Diagnosis
  You have tried to change the lower limit of an interval which has a non-initial number status.
  System Response
  The change was not executed.
  Please guide us how can we increase the number ranges for planned orders.
  Thanks in advance.

  Hi,
  You can create a new number range or change in transaction OMi2 or in MD91.
  Assign the 02  by clicking number range in OMi2
  or in transaction OPPQ  click on number range & select the 02.
  Do the changes as described and analyse the results. Ensure that while testing no body is creating the planned orders.
  Regards,
  Narresh