"Crypto replay check failed" errors

Similar Messages

• CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

  Center router is cisco 7300 :
  Cisco IOS Software, 7301 Software (C7301-ADVIPSERVICESK9-M), Version 15.1(4)M2
  branch router is cisco1900:
  Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
  one branch router use EZVPN to connect the Center router .
  branch router logg :
  %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
  and 10% lose packets .
  but other branch use EZVPN to connect the Center router , is OK :
  Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(24)T5, RELEASE SOFTWARE (fc3)
  What can do for this issue ?
  Should I change the cisco1900 IOS to the 12.4 as the same as cisco880 ?

  Hi Anuj
  Thanks for your reply.
  Yes , the issue happens frequently , and lost packets  .  The log happand every 3 minutes.
  As I am not in charge the router in branch , I can not change the hardware accelerator.
  I have change the windows-size to 1024 in the branch router , but the issue is as befroe .
  Here is the show crypto ipse sa and the whole error message:
  sh crypto ipsec sa
  interface: Virtual-Access1
      Crypto map tag: Virtual-Access1-head-0, local addr 
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     current_peer                port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 519, #pkts encrypt: 519, #pkts digest: 519
      #pkts decaps: 665, #pkts decrypt: 665, #pkts verify: 665
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 0, #recv errors 0
       local crypto endpt.:       , remote crypto endpt.:  
       path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
       current outbound spi: 0x550C1C42(1426857026)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
        spi: 0x38F532D7(955593431)
          transform: esp-aes esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2091, flow_id: Onboard VPN:91, sibling_flags 80000046, crypto map: Virtual-Access1-head-0
          sa timing: remaining key lifetime (k/sec): (4561181/3566)
          IV size: 16 bytes
          replay detection support: Y  replay window size: 1024
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0x550C1C42(1426857026)
          transform: esp-aes esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2092, flow_id: Onboard VPN:92, sibling_flags 80000046, crypto map: Virtual-Access1-head-0
          sa timing: remaining key lifetime (k/sec): (4561911/3566)
          IV size: 16 bytes
          replay detection support: Y  replay window size: 1024
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:
  Dec 20 01:34:32.656: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=12353
  Dec 20 01:39:06.552: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=18191
  Dec 20 01:40:38.532: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=20363
  Dec 20 01:43:05.856: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=23609

• %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=1777, sequence number=161369

  I have a pair of 3945E routers I use as redundant VPN head-ends in our data center and numerous 2901 and one 2951 used as spoke routers.  Each of the spokes is connected to the 3945's over VTI tunnels three and four.  We regularly see replay errors occur, but this morning, we had it get disruptive enough on one of the tunnels on the 2951 where we were experienced 80 to 90 percent packet loss across that one tunnel.  This caused an outage which I was only able to rectify by shutting down the tunnel interface on each router and bringing them back up, thus resetting the SA.
  I'm needing to understand how to reduce or completely eliminate the replay errors.  I've read something about increasing the replay window size, but don't have a clue where to start.  What is the best way to fix this without disabling replay checking?  Or, since the VPN head-ends and spoke routers only have static routes established across the Internet to each other, is replay checking even necessary or desired?
  Thanks in advance!
  Paul WIshart

  Adam,
  I don't have a resolution yet, so I opened a TAC case last Saturday.  I'll keep you posted on this forum.

• Web Composer Admin Customization:'Authorization check failed' error

  Hi,
  The purpose of Web Composer Admin Customization is to enable the administration link in the UI pages so that the administrator will be able to customize the pages.
  The steps to be followed to enable admin customization in the required pages are given in the following link under the subheading 'Web Composer Admin Customization':
  https://stbeehive.oracle.com/teamcollab/wiki/Fusion+Applications+Technical+Architecture:Enabling+Customizations
  I ensured that:
  The jazn-data.xml file has a privilege role "FND_VIEW_ADMIN_LINK_PRIV", and a grant to access the admin menu.
  A duty role "FND_ADMINISTRATION_LINK_VIEW_DUTY" had been defined, and was a member of FND_VIEW_ADMIN_LINK_PRIV.
  The FND_ADMINISTRATION_LINK_VIEW_DUTY is inherited by the administrator enterprise role.
  A new privilege role (Customize <Family> UI) had been created.
  I then granted the 'customize' and 'personalize' actions on the pages and the corresponding task flows (for which customization had to be enabled) to the new privilege role.
  Also, ensured that:
  A new app role (Customize <Family> UI) was created and was a member of the new privilege role. The app role was inherited by the administrator enterprise role.
  The testing administrator role has both the administrator enterprise role and the enterprise role that has view access to the page.
  Now, when i tried to run one of the pages (for which customize and personalize actions were granted to the new privilege role) from JDeveloper, i got the following error:
  oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'oracle.jbo.uicli.binding.JUFormDef@d94f3e' 'VIEW'.
  at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:180)
  at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:160)
  at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:114)
  at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:632)
  at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:669)
  at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:447)
  at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:46)
  at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:531)
  at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
  at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:124)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:70)
  at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:398)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:185)
  When i granted the view action on the page ( in addition to the customize and personalize actions) to the new privilege role and ran the page from JDeveloper, the page came up fine but the administration link that is supposed to appear was not seen.
  Can any of you please provide suggestions regarding the cause of the above error and how i should go about debugging it.
  Thanks,
  Rohan

  Posted it in the forum suggested by Frank.

• I get the flashing question mark on my G5/10.5 system. When I booted up on the install disc and ran first aid which failed and stated "Volume check failed Error -9972 Vol 1 could not be repaired. What to do next? Do I try the hardware diags first?

  I've never had to reload the original software and would like to avoid it unless absolutely necessary. Anyway any comments on what i should do next?

  HW Diags aren't likely to help.
  https://discussions.apple.com/docs/DOC-1687
  You must repair the HD,  if Disk Utility or fsck should fail to repair it, your best bet is DiskWarrior from Alsoft, you'll need the CD to boot from if you don't have another boot drive...
  http://www.alsoft.com/DiskWarrior/
  Your best bet is DiskWarrior, you need the CD/DVD though.
  http://www.alsoft.com/DiskWarrior/
  But others that may work…
  Drive Genius…
  http://www.prosofteng.com/products/drive_genius.php
  TechTool Pro…
  http://www.micromat.com/index.php?option=com_content&task=view&id=31&Itemid=83

• Errors when installing os x 10.4- Invalid sibling link-volume check failed

  I am trying to upgrade my PowerPC G4 from OS x 10.2.8 to 10.4. I bought the Tiger Retail DVD. The install disc boots and runs, but near the end of installation, I get " Error Installing Software- Please try installing again" I opened the disk utility on the installer and tried first aid- which failed.
  "Invalid Sibling Link"
  "Volume check failed"
  Error: The underlying task reported failure on exit
  HFS volume checked
  1 volume could not be repaired because of an error
  I tried first aid repeatedly with no luck. I tried the fsck repair suggested in one of the discussion forums "fsck -fy"
  again, "volume check failed"
  I'm looking to buy DiskWarrior as suggested, but am curious about another option I've read about. I found a macosxhints website http://www.macosxhints.com/article.php?story=20070204093925888
  that suggests running the install disk, clicking on terminal and unmounting the drive that the OS system "lives on". If I do this, will I lose the data already on my computer? The hint does not talk about how to remount the drive.
  I am NOT computer savvy. Would this be getting in over my head? It sounds simple enough, but I don't want to do any irreversible damage. Should I just buy disk warrior, or would the safest bet be to buy an external hard drive and back up everything, then perform an erase an install with Tiger?
  Any help would be MUCH appreciated!!!

  Hi confused- I just fixed my invalid sibling link error on my HD. Stop using your HD!
  It will only get radically worse. I went to http://www.alsoft.com/DiskWarrior/ to see which version of Disk Warrior I needed which was 4.1. Then I went to a retail store & bought the CD $99. On the box, it must say 4.0 with 4.1 included + CD rev 42. You must use the CD as the download won't boot up your HD. In the box is a 1-pager of simple instructions. Put disk in CD drive, follow instructions, click rebuild HD, wait 15 minutes. My HD is perfect!!!now. It fixed permissions, rebuilt my directory, fixed my CS3 Adobe applications, fixed corrupted prefs, found & restored ALL files. I lost nothing! Plus made a PDF detailed report. Best $99 i ever spent. Good luck!

• Maintenance Optimizer - ABAP queue check failed

  Hi guys.
  When running Maintenance Optimizer for a SAP ERP 6.0 EHP4 which has SAP HR 604 installed, the following message is displayed
  ABAP queue check failed
  Error       The Installation/Upgrade Package for Add-on SAP_HR rel. 600 is not available.
  The goal is update toEHP7 SP2.
  Not sure why is stating SAP_HR rel. 600 package is not available when the system has 604 release.
  During packages selection, Human Capital Management is checked and on the source system is listed SAP_HR 604 SP12
  The Solution Manager version is 7.1 SPS8, CR Content is updated to 9.9.
  Also have applied SAP Note 1277035 Recommendations, releted to EHP4 Missing, but still no luck
  This seems to be similar when SUM perform an EHP Inclusion, and cannot find the packages on the EPS Directory, but this is happening on the Maintenance Optimizer.
  Is this a problem with SAP Backbone, or should i do some manual corrections on the system or Solution Manager to make it aware SAP_HR is at al level 604 SP 12?
  Thanks!

  Hello,
  That type of error you describe is mostly always related to an issue in the SMSY/LMDB definition.
  It is likely that the issue is a wrong product instance was assigned to the system.
  In LMDB it is easy to check , even without verification checks (which sometimes may be the root cause, a bad verification check happens sometimes). If you go to the product system, then open the node technical systems -> AS ABAP -> Software, and go to the product instance tab (in SP10, product instance - details), when you select a given product instance , you see whether the software components that are part of it are installed or not (there is a frame in the lower part of the screen that shows the software components with flag 'installed' ticked or not). Chances are, one or more of the instances have few or no software components installed.
  Mind you, you must keep at least one SAP ERP 6.0 product instance assigned, this would be the exception to the rule, but if you have an EHP4 for SAP ERP 6.0 system, it should be only one.
  Best regards,
  Miguel Ariño

• 'volume check failed', and disk utility can't fix it

  I was planning to create a new bootable backup today and ran 'repair disk' from an install disk before cloning.
  Unfortunately I grabbed a Panther disk by mistake, and only discovered it was the wrong disk as I took it out. By then, DU had run through the 'repair' - changing quite a few things - until it showed 'volume cannot be repaired'.
  I've tried to correct them using DU from the Tiger install disk, but without any luck. DU shows:
  +Invalid catalogue record type+
  +Volume check failed+
  +Error: the underlying task reported failure on exit+
  +1 Volume could not be repaired because of an error+
  My iBook still appears to be running perfectly, but obviously I need to repair the disk before I can clone it. Disk Utility can't do it - could DiskWarrior?
  I'd really appreciate some advice on the options open to me, and the best way to do it.

  Success!
  I powered down and ran DiskWarrior a 2nd time to rebuild the directory. This time I skipped the recommended Preview stage and went straight to confirming Rebuild. Everything now seems to be fine again. DU finds no faults with the disk, and the iBook feels significantly quicker and snappier.
  Two things I learnt that might be helpful - the first is, it's easy to be careless for just a moment and end up in a time-consuming mess. It's the first time I've done it, and I won't be doing it again.
  Second thing is, when people say DiskWarrior is slow to boot, they mean it - it took at least 10 minutes to show up on screen, which is unsettling. And the Preview stage, for me, was equally unnerving.
  Still, it worked - superbly - all my data is intact, the iBook is overhauled and working faster than ever.

• [SOLVED] Disk check failed at boot.

  Hello,
  I've got a problem with arch booting. It looks like my cpu doesn't like being left alone fat night. I powered it on today and what I get iss disk check failed error and reboot message. I've tried fsck-ing all partitions and everything seems to be allright. What's more I can mount everything when press ctrl+z when arch tries to reboot and system loading goes on. Any tips? What should I post?
  Last edited by muchzill4 (2010-02-05 10:02:48)

  You have some messed up file systems. As if you didn't know.=O)
  Have you changed fstab? Switched disks around? Try using uuid in fstab instead of '/dev/sdxx'.
  Check this thread http://bbs.archlinux.org/viewtopic.php?id=89857
  and use
  ls -l /dev/disk/by-uuid

• Invalid Key Length - Volume Check Failed

  This is an iMac/INTEL 2.16  w/10.4.11 and 1 GIG RAM
  Full error msg while trying to repair disk with boot up DVD:
  Invalid Key Length - Volume Check Failed
  Error: The underlying task reported failure on exit
  1 volume could not be repaired because of an error
  Is this repairable or are we due for a new computer for 90/91 year old heavy users? 
  If I buy DW, do I use it the same as the boot disk -- start from it and run the repair or do I have to install something?
  I do have the Tech Tool disk from the AppleCare... never looked inside it.
  I used to use Tech Tool a lot with my older Macs, but have never done so with X or X/INTEL
  THANKS!

  I suppose I will be backing up the files on a DVD or CD anyway, so I might as well try to reinstall first.
  Then if that fails, new computer.
  This computer was practically rebuilt after it underwent the recall for the burning problem. Now the screen is faded making it hard for 90 year old eyes to see.
  It had bad ram too, and this is a new HD.
  <sigh>
  It's from 2007 right? Isn't that when 10.4 came out? I have set up so many since then I lost track... I'd say if it's more than 4 it needs to be replaced.

• Volume check failed

  I had to boot from the install disc today, and in trying to verify the disk I get this message:
  Invalid node structure, Volume check failed, Error: Filesystem verify or repair failed.  What should I do?
  The reason I'm trying to boot from the disc is because my computer stopped booting up a few days ago -- it gets to the apple logo and a loading bar, then shuts off.

  Where is your install package that shipped with your Mac when new?
  Always better to run Disk First Aid repair via Disk Utility when booted from your install disc with using fsck as an alternate only when your install package is not available.
  If there is a directory issue with your boot volume that Disk First Aid repair or fsck cannot successfully repair after running it several times, the problem is substantial and your options at that point are using a more substantial disk repair utility such as DiskWarrior (with no guarantee but DW has been known to work miracles) or backup all data and reformat the hard drive with the install package that shipped with your Mac and then re-install OS X and all applications.
  Hopefully you maintain a regular backup and updated your backup recently and if not, now is a good time to start for this very important reason and for other good reasons.
  You can can also check the S.M.A.R.T. status of the drive via Disk Utility when booted from your Tiger install disc.
  http://www.thexlab.com/faqs/repairprocess.html
  http://www.thexlab.com/faqs/durepairfns.html

• Filesystem check failed after running upgrades [Solved]

  I have a new arch installation with /home, /tmp, /var, and /usr mounted on an LVM partition. After running the updates I get a "Filesystem Check Failed" error message. It then dumps me into the terminal in read-only mode, giving me the option for read/write... which doesn't matter, because without access to vi (which is on /usr o the LVM partition) I can't access anything anyway. / and /boot test clean, but it's not recognizing the LVM. Any help would be appreciated.
  Last edited by 2handband (2011-01-22 19:21:17)

  Figured it out... the miserable thing couldn't make up it's mind which drive to label sda.

• Oes11sp2 yast online updates - validation check failed

  Did all online updates September 29th for my sles11sp3 oes11sp2 servers and restarted servers. Went to check today and I'm getting a validation check failed error.
  Validation check failed
  File repomd.xml from repository sles11-sp3-updates.... is signed but the integrity check failed.

  I'm getting the same thing on multiple servers, will try again later!

• Legal Control check failed

  I am trying to create a PR thru Network activity (SAP PS- CJ20N) for short text item without material master with account assignment N, the system is triggering Legal Control check failed error. Any lights on this.
  I am successful in creating PR for material master item for the same Project Network.
  - TGB

  Closed.

• Filesystem Check Fails

  I deleted my old Arch Linux installation and installed Arch again but when I try to boot, I get the filesystem check fails error. But it boots when I change the zeros with ones which in the "pass" column in /etc/fstab. I guess, it can't check my "/boot" drive which I created with Arch Linux's auto partition tool. By the way, my old installation was working perfectly.

  Sorry guys. It isn't my /boot device. It is my swap.
  Mr.Elendig wrote:Boot the install cd and fsck the partions that failed.
  When I try fsck I get this error:
  fsck.swap not found
  Error 2 while executing fsck.swap for /dev/sda2
  Last edited by Codemaster (2009-05-01 13:14:59)