CSS11501 - Rejects incoming connections on VIP service port

Similar Messages

• Why is my Mac rejecting incoming connections?

  I'm trying to use a Mac Mini running Snow Leopard to retrieve images from my hospital's DICOM server. My C-FIND requests succeed, but my C-MOVE requests fail, and the DICOM administrator tells me it's because my Mac is refusing incoming connections on port 11112, which is the one that I set up for DICOM communication.
  Why is my Mac refusing incoming connections?  I have turned off the firewall in System Preferences.  I used to have a rather strict firewall set up with ipfw, which only allowed incoming ssh connections on port 22, but I have disabled that too.  The Mac is still acting like that firewall is enabled -- I can ssh into it, but I can't ping it.  At one point I was trying to use port 104 for DICOM, but I realized that 104 is privileged, so I switched to 11112, and yet that didn't fix the problem either, and I'm still getting the same error message.
  What's going on?  Do I need to enable one of the "sharing" options?

  Not sure it'll help, but you might want to take a look at this: http://support.apple.com/kb/HT2975?viewlocale=en_US

• Problem: Socket connection is not creating in machine, through utility program (MFC Dll), on ListDisplay service port - 3334 (on separate machine), while we are able to telnet on same ListDisplay service port - 3334 from same issue machine on same time

  Problem: Socket
  connection is not creating in machine, through utility program (MFC Dll), on ListDisplay service port - 3334 (on separate machine), while we are able to telnet on same ListDisplay service port - 3334 from same issue machine on same time
  Environment: -
  OS:
  Windows XP SP2/7
  Code:
  VC 6.0
  Dll: MFC
  Problem Description: -
  We have written a utility program which create socket (Using windows standard method [MFC]), and then make connection with another service (List Display) running
  on port 3334 in different machine and retrieve the required list data. This program was working fine in almost all the machines.
  But, we have received a severe intermittent issue on two machines. Client is facing issue in displaying the list data from port 3334.
  Attempt: -
  First we tried to debug code, and we come to know that socket is not creating in utility program. So we tried to telnet on ListDisplay service port 3334 and we were surprised that we were able to telnet, then we opened some more
  telnet window on same port 3334 around (6 to 8) window, and each cmd connected properly. But we were not able to create socket from utility program.
  Problem is severe because issue is intermittent.
  We have tried all the way, but we are not able to figure it out, that what can be the exact problem and what are the conditions, when utility program will not
  connect with ListDisplay service on port 3334.
  Kindly assist to resolve this issue. For any help, we would be really thankful.

  Hi,
  According to your description, it seems that you have created an utility program which is making connection with another service port 3334, however, two clients are facing issue in display the data list from port 3334.
  Port: 3334/TCP
  3334/TCP - Known port assignments (1 record found)
  Service
  Details
  Source
  directv-web
  Direct TV Webcasting
  IANA
  Since the port 3334 is used by directv-web service, I'd like to suggest check this service it is working well on the problematic clients.
  1. The client can be resolved in DNS well? Please run "nslookup" in the prompt command.
  2. Is there any 3rd party application interrupting? Do test in clean boot.
  2. Strongly suggest you run process monitor tool to analysis it.
  I am looking forward to your reply if you have any updated on your side.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Start a service on incoming connection

  I have a computer that serves as deluge seed box and subsonic server - between many other functions - and I was wondering if there is a way to keep a service from starting at boot, and trigger it's start upon an incoming connection.
  I.E.: When I want to connect to subsonic, I would go to 192.168.5.50:4141 - but I don't always use supersonic, so, if i connect to this port, I'd like supersonic to be started
  Is this possible somehow?
  Thanks

  Yes, systemd will handle this.
  http://0pointer.de/blog/projects/inetd.html

• Issue on Service Ports for outgoing connection

  Hi,
  My question is regarding to my desktop Mac making outgoing connection to an external IP address 184.84.124.244 using TCP protocol destination port 443 but using 40 Service Ports between 49170 through 49217.  This is an automatic outgoing connection by OS X 10.7.3 (I assumed as I did not make that connection).  Why such connection required 40 ports to be opened at the same time?  Anyone have any idea what might have caused that?  Thanks.

  There could be lots of outgoing connections when you fire up Safari, as an example, because by default it has many favourites that are RSS feeder. You could have added some new yourself.
  How do I find out if those connections stay up indefinitely?
  By the way just curious, how did you look up the IP address as who they are?
  If you are "Terminal aware" there are some commands that can help you in this direction
  host
  host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host prints a short summary of its command line arguments and options.
  netstat
  show network status
  whois
  The whois utility looks up records in the databases maintained by several Network Information Centers (NICs).
  nslookup
  query Internet name servers interactively
  dig
  dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.
  just to name a few.
  netstat in particular let you know which connections and their relative status are going on between your computer and the rest of the world

• Incoming Connections Port Scan warning from anti-virus software

  My anti-virus gave me a warning that a port scan had occurred on my Mac, after which I blocked the address of the incoming connection. Does this mean my computer has been hacked and what should I do? Today I also noticed two worrisome outgoing connections entitled "wwwalt2.infoyouaskedfor.com" and "Gemini.leadertech.com" that repeatedly kept appearing on my anti-virus network monitor, one after the other. I entered them in the "Whois" window but it didn't give me any information. My Mac Firewall was already set to only allow incoming connections from applications with certificates, so I don't understand how this happened.

  Hi AML225;
  Try ClamXav. It is free and runs will on Macs.
  Norton even for free is terrible on a Mac. It causes more problems then it solves.
  Allan

• Why is Firefox v36.0.1, trying to establish an incoming connection on UDP port 1900 ?

  My Little Snitch has blocked the following activity:
  Why is Firefox v36.0.1, trying to establish an incoming connection on UDP port 1900 ?

  ''rsblanchard [[#question-1052309|said]]''
  <blockquote>
  My Little Snitch has blocked the following activity:
  Why is Firefox v36.0.1, trying to establish an incoming connection on UDP port 1900 ?
  </blockquote>
  Really not O.K. ! -- Incoming connections, on this low-a-port-number, is a no-no, and a possible security problem !

• What is the fix for some applications repeatedly asking permission to accept incoming connections?

  What is the fix for some applications repeatedly asking permission to accept incoming connections?
  On every restart, AutoPairs and Epson Event Manager asks me to reject or agree to allow incoming connections. It is very aggravating and time-wasting. I know other Mac users who have the identical problem with other applications on their Macs.
  Isn't there some way to make my Mac understand that "Yes" means "Yes" once and for all?
  I am presently running Yosemite, but this was a problem with prior OS X versions too.
  Respectfully,
  Nate

  This is a comment on why you might, or might not, want to use the built-in Application Firewall.
  The firewall blocks incoming network traffic, regardless of origin, on a per-application basis. By default it's off, and when turned on, it allows applications digitally signed by Apple, and only those applications, to listen on the network. It does not block outgoing traffic, nor can it distinguish between different sources of incoming traffic, nor does it filter traffic by content.
  No matter how it's configured, the firewall is not, as some imagine, a malware filter. If that's what you expect it to do, forget it. All it will do is bombard you with pointless alerts.
  Consider some scenarios in which you may expect the firewall to be useful.
  1. You enable file sharing, and you allow guest access to certain folders. That means you want people on your local network, but not outsiders, to be able to access those shared folders without having to enter a password. In the default configuration, the firewall will allow that to happen. The router prevents outsiders from accessing the shares, whether the application firewall is on or off. But if your computer is portable and you connect it to an untrusted network such as a public hotspot, the firewall will still allow access to anyone, which is not what you want. It does not protect you in this scenario.
  2. You unknowingly install a trojan that steals your data and uploads it to a remote server. The firewall, no matter how it's configured, will not block that outgoing traffic. It does nothing to protect you from that threat.
  3. A more likely scenario: The web browser or the router is compromised by an attacker. The attack redirects all web traffic to a bogus server. The firewall does not protect you from this threat.
  4. You're running a public web server. Your router forwards TCP connection requests on port 80 to your Mac, and the connections are accepted by the built-in web server, which is codesigned by Apple. The application firewall, still configured as above, allows this to happen. An attacker hacks into the system and tries to hijack port 80 and replace the built-in web server with one that he controls. The good news here is that the firewall does protect you; it blocks incoming connections to the malicious server and alerts you. But the bad news is that you've been rooted. The attacker who can do all this can just as easily turn off the firewall, in which case it doesn't protect you after all.
  5. You're running a Minecraft server on the local network. It listens on a high-numbered port. You, as administrator, have reconfigured the firewall to pass this traffic. An attacker is able to log in to a standard account on the server. He figures out how to crash Minecraft, or he just waits for you to quit it, and then he binds his own, malicious, Minecraft server to the same port. The firewall blocks his server, and because he's not an administrator, he can't do anything about it. In this scenario, the security is genuine.
  6. Here is a more realistic scenario in which you might have reason to enable the firewall. Your MacBook has sharing services enabled. You want those services to be available to others on a home or office network. When you're on those networks, the firewall should be off. When you move to an untrusted network, you can either turn off all the services, or enable the firewall with a non-default configuration to block them. Blocking is easier: one click instead of several.

• Cisco ASA 5505 doesn't forware incoming connection to LAN

  Hello everybody.
  I just got a Cisco asa 5505 with the next OS and ASDM info
  ASA 5505 OS 8.4(3) ASDM 6.47
  I configured and enter all rules to allow incoming traffic to LAN but it's not working also, I have one host inside that is configured in a second IP and create the rule to allow traffic to it but it doesn't work too.
  Problem 1
  I have VNC running in port 5900 tcp and I want to connect from Internet using port 6001 and this has to forware the connection to the real VNC port. In the configuration I have a few host with the same configuration but I use different outside port to get it.
  Problem 2.
  I have a second IP with services: SMTP, HTTP, HTTPS and port 444 all TCP forwarding to a server in the LAN.
  Facts:
  SMTP.
  Every time that I do telnet to the second IP looking for the SMTP port, the firewall doesn't let the incoming connection goes through and the LOGGING screen doesn't how that connection.
  PORT 6001 (outside)
  this port is configured to work with the IP in the outside internface and it was to send the incoming connection to a host inside to the real port 5900.
  Can any one check my configuration if I'm missing anything? for sure I'm but I didn't find it. Bellow is the configuration, I masked the Public IPs just left the last number in the IP, also I left the LAN network to see better the configuration.
  I will appreciate any help.
  Thanks a lot..
  CONFIGURATION.
  : Saved
  ASA Version 8.4(3)
  hostname saturn1
  domain-name mydominio.com
  enable password SOMEPASS encrypted
  passwd SOMEPASS encrypted
  names
  name 192.168.250.11 CAPITOLA-LAN
  name 192.168.250.15 OBIi110-LAN
  name 192.168.250.21 DRP1260-LAN
  name 192.168.250.22 HPOJ8500-LAN
  name 192.168.250.30 AP-W77-NG-LAN
  name 192.168.250.97 AJ-DTOP-PC-LAN
  name 192.168.250.96 SWEETHEART-PC-LAN
  name 192.168.250.94 KIDS-PC-LAN
  name XX.YY.ZZ.250 EXTERNALIP
  name XX.YY.ZZ.251 EXTERNALIP2
  name XX.YY.ZZ.1 GTWAY
  dns-guard
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.250.2 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address EXTERNALIP 255.255.255.0
  boot system disk0:/asa843-k8.bin
  ftp mode passive
  dns server-group DefaultDNS
  domain-name mydominio.com
  object network CAPITOLA-LAN
  host 192.168.250.11
  object network EXTERNALIP
  host XX.YY.ZZ.250
  description Created during name migration
  object network CAPITOLA-PUBLIC
  host XX.YY.ZZ.251
  object network capitola-int
  host 192.168.250.11
  object network capitola-int-vnc
  host 192.168.250.11
  object network aj-dtop-int-vnc
  host 192.168.250.97
  object network sweetheart-int-vnc
  host 192.168.250.96
  object network kids-int-vnc
  host 192.168.250.94
  object network VPNNetwork
  subnet 10.10.20.0 255.255.255.0
  object network InsideNetwork
  subnet 192.168.250.0 255.255.255.0
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network capitola-int-smtp
  host 192.168.250.11
  object-group service capitola-int-smtp-service tcp
  port-object eq smtp
  object-group service capitola-int-services tcp
  port-object eq smtp
  port-object eq https
  port-object eq www
  port-object eq 444
  object-group service capitola-int-vnc-service tcp
  port-object eq 6001
  object-group service aj-dtop-int-vnc-service tcp
  port-object eq 6002
  object-group service sweetheart-int-vnc-service tcp
  port-object eq 6003
  object-group service kids-int-vnc-service tcp
  port-object eq 6004
  access-list incoming extended permit icmp any any
  access-list incoming extended permit tcp any object capitola-int object-group capitola-int-services
  access-list incoming extended permit tcp any object capitola-int-vnc object-group capitola-int-vnc-service
  access-list incoming extended permit tcp any object aj-dtop-int-vnc object-group aj-dtop-int-vnc-service
  access-list incoming extended permit tcp any object sweetheart-int-vnc object-group sweetheart-int-vnc-service
  access-list incoming extended permit tcp any object kids-int-vnc object-group kids-int-vnc-service
  access-list incoming extended permit tcp any object capitola-int-smtp object-group capitola-int-smtp-service
  access-list split-tunnel standard permit 192.168.250.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip any object VPNNetwork
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool vpnpool 10.10.20.1-10.10.20.50 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-647.bin
  no asdm history enable
  arp timeout 14400
  nat (inside,any) source static any any destination static VPNNetwork VPNNetwork no-proxy-arp
  object network capitola-int
  nat (any,any) static XX.YY.ZZ.251
  object network capitola-int-vnc
  nat (inside,outside) static interface service tcp 5900 6001
  object network aj-dtop-int-vnc
  nat (inside,outside) static interface service tcp 5900 6002
  object network sweetheart-int-vnc
  nat (inside,outside) static interface service tcp 5900 6003
  object network kids-int-vnc
  nat (inside,outside) static interface service tcp 5900 6004
  object network obj_any
  nat (inside,outside) dynamic interface
  object network capitola-int-smtp
  nat (any,outside) static interface service tcp smtp smtp
  access-group incoming in interface outside
  route outside 0.0.0.0 0.0.0.0 GTWAY 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http server idle-timeout 2
  http server session-timeout 1
  http 192.168.1.0 255.255.255.0 inside
  http CAPITOLA-LAN 255.255.255.255 inside
  http AJ-DTOP-PC-LAN 255.255.255.255 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  telnet timeout 5
  ssh CAPITOLA-LAN 255.255.255.255 inside
  ssh AJ-DTOP-PC-LAN 255.255.255.255 inside
  ssh timeout 15
  console timeout 0
  vpn-addr-assign local reuse-delay 2
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username admin password SOMEPASS encrypted privilege 15
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect pptp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:036b82d3eb5cffc1c65a3b381246d043
  : end
  asdm image disk0:/asdm-647.bin
  no asdm history enable

  Jose, your fix to problem 1 allows all access from the outside, assuming you applied the extended list to the outside interface.  Try to be more restrictive than an '...ip any any' rule for outside_in connections.  For instance, this is what I have for incoming VOIP (access list and nat rules):
  access list rule:
  access-list outside_access_in extended permit udp any object server range 9000 9049 log errors
  nat rule:
  nat (inside,outside) source static server interface service voip-range voip-range
  - 'server' is a network object *
  - 'voip-range' is a service group range
  I'd assume you can do something similar here in combination with my earlier comment:
  access-list incoming extended permit tcp any any eq 5900
  Can you explain your forwarding methodology a little more?  I'm by no means an expert on forwarding, but the way I read what you're trying to do is that you have an inbound VNC request coming in on 5900 and you want the firewall to figure out which host the request should go to.  Or is it vice-versa, the inbound VNC request can be on port 6001-6004 ?

• Cant connect to TAF service

  hi,
  I got succeeded while connecting to TAF service i.e my service name is CRM for TAF and I connected to sqlplus with the command
  SQL>connect system/mypassord@CRM
  and it got connected but now when I try to connect it again as I got disconnected, i get the follwoing error:
  Error:
  ORA-12514: TNS:Listener does not currently know of service requested in connect descriptor
  plz guide me what kind of error is this and how to rectify it

  my vresion is Oracle 10gr2, and RHELS 5
  the output of lsnrctl status is:
  LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 17-MAR-2008 10:39:58
  Copyright (c) 1991, 2005, Oracle. All rights reserved.
  Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
  TNS-12541: TNS:no listener
  TNS-12560: TNS:protocol adapter error
  TNS-00511: No listener
  Linux Error: 111: Connection refused
  and the output of tnsnames.ora is as follows:
  # tnsnames.ora.rac1 Network Configuration File: /u01/app/oracle/product/10.2.0/db_1/network/admin/tnsnames.ora.rac1
  # Generated by Oracle configuration tools.
  DEVDB2 =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = devdb)
  (INSTANCE_NAME = devdb2)
  DEVDB1 =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = devdb)
  (INSTANCE_NAME = devdb1)
  CRM =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
  (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
  (LOAD_BALANCE = yes)
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = CRM)
  (FAILOVER_MODE =
  (TYPE = SELECT)
  (METHOD = BASIC)
  (RETRIES = 180)
  (DELAY = 5)
  DEVDB =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
  (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
  (LOAD_BALANCE = yes)
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = devdb)
  LISTENERS_DEVDB =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
  (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)
  )

• SmartView 11.1.2 Can't Connect to Shared Services

  I have posted this thread on the essbase forum, also...
  I have installed 11.1.2 on Windows 2008 (64bit) in stand-alone mode. I also have Excel 2007 installed on the same machine. I took all of the default ports when setting up the server instance. I installed SmartView(32bit) on the same machine with no errors. When I try to connect to "Shared Connctions" through the SmartView home window, I keep receiveing an error message: "Connection to Shared Services failed Error Message: 'Cannot connect to provider. The server name could not be resolved.' I have tried replacing the server name with it's physical IP address,; I have tried all of the typical ports; but cannot seem to resolve the problem. My URL reads as follows: "http://testsys:13080/workspace/SmartViewProviders' I have a 11.1.1.3 instance on another server works fine, but the URL is a bit different (http://server:13080/aps/SmartView). I have tested and confirmed that all of the shared services are up and running and can be accessed from either EAS console or a web browser. Any help would be appreciated.

  Have you installed and APS (Analytic Provider Server) on your system..??
  As I know, to connecting to Essbase using Smartview, we need to install the APS on our system.
  Regards,
  VieN

• Exchange 2013 - The Microsoft Exchange Transport service is rejecting message submissions because the service continues to consume more memory than the configured threshold

  Noticed at about noon that no emails had been received all day. Began to investigate and found that the MS Exchange Transport service had been set to deny email submission because it was using too much memory on the server (91%). 
  The error message makes me think that we may have been getting used by malware or something similar.“The Microsoft Exchange Transport service is rejecting message submissions because the service continues to consume more memory than the
  configured threshold.” 
  There are also several warning messages that list particular IP addresses and say that a connection from that IP was denied because there were already the maximum number of connections (20). 
  From what I can tell, all of the IP addresses are from Taiwan. 
  The time period for which some emails may be missing is from close of business yesterday ( 4/3/2014) through about 12:45 today (4/4/2014). 
  From the time I spent reading and trying to figure out the error, I think we may need to readjust our throttling policies to prevent this from happening. 
  The exchange server is currently running at 90%+ CPU and 50%+ memory usage the majority of the time, and I’m not sure how to fix it.
  Also, I cannot get into EMS I get a access denied message from the destination computer. (Exchange server) I want to get into there to change the throttling policy back to default, since we disabled it.
  The Error reads:
  The WinRM client cannot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer <Exchange> returned an 'access denied' error. Change the configuration to allow Kerberos authentication
  mechanism to be used or specify one of the authentication mechanism supported by the server. (How do I do this?) To use Kerberos, specify the local computer name as the remote destination. (I'm trying to use EMS while logged into the local Exchange server)
  Also verify that the client computer and the destination computer are joined to a domain. (Exchange is on our domain, and the computer trying to connect is the same computer) To use basic, specify the local computer name as the remote destination, specify
  Basic authentication and provide user mane and password. Possible authentication mechanisms reported by server.
  At line:1 char:1
  + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
  I assumed control of this exchange system already in place and I do not have much experience with exchange 2013 or server 2012. I do know 2008, but that doesn't help very much in this situation.
  Recent changes to the system:
  About three days ago we switch our sessions policy to allow many more connections, and I believe this caused the issue. This is what I changed it to:
  Made the registry DWORD (32-bit) "Maximum Allowed Sessions Per User" and modified the value to 1000. Location of registry change @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
  I just changed it to 10 from the 1000. I'm hoping this solves this. So far no.
  Also, I am not the best in the shell or command line interfaces. Any help would be wonderful!

  Hi,
  Yes, could be hardware performance issue. Try recycle the Transport process and see if the issue persists.
  Thanks,
  Simon Wu
  TechNet Community Support

• Running "Flex test drive" - Got error while attempting to connect to data service

  Hi,
  I'm a Flex / Flash builder beginner. I downloaded the 60 days evaluation, and started to run the "Flex test drive" :
  http://www.adobe.com/devnet/flex/testdrive.html
  My configuration :
  XP SP3 PRO french edition
  Tomcat 6.0
  My local Eclipse :eclipse-jee-helios-SR2-win32 (but also got the issue on the Flash Builder Eclipse, which version is 3.4.0 (Generation ID M20090211-1700)
  Flash Builder 4 with Eclipse plug-in
  All on same PC
  The Test Drive proposes examples in three technologies : Cold Fusion, PHP and Java. I'm doing the Java examples.
  Installation of Flash Builder, as well as step 1 of the Test Drive (Build the user interface) went fine. I could run the project, which at the end of step 1 correctly displayed the UI in my browser.
  Only one problem, I don't know if it is relevant for the rest of this post : I first got an error, saying that ports 8080, 8005 and 8009, requested by Tomcat, where used. After a short Google search, I fixed it by changing these ports to 8081, 8006, and 8010, in the Tomcat 6.0\conf\server.xml file.
  The Test drive second step is "Connect to data". I found some discrepancies between the Test Drive doc, and what is displayed in Flash Builder. The Test Drive says :
  "Use the Data menu and the Service Wizard to create a service for your application server. For ColdFusion and Java, specify the service file you put on your application server earlier (see Figure 9 for a PHP example). For Java, select the No password required check box, select the employeeService destination, and change the service package to services.employeeservice."
  --> But there is no "No password required check box".
  Also, when running the "Connect to data/service..." wizard, it was not at first completely clear what to choose. The proposed choices were :
  BlazeDS
  ColdFusion
  HTTP
  LCDS
  PHP
  Web Service
  XML
  Since all others choices, when tried, declared to be unconsistent with my project's server type, I finally selected "Web Service".
  In the next wizard's form, according to the Test Drive indications, I specified the URI of my EmployeeService class : C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\testdrive\WEB-INF\classes\services\EmployeeService.class
  That defined correctly the other fields.
  But when pressing the "Next >" button, Flash Builder issued the following error message :
  English translation : Unable to extract operations and entities from specified WSDL. Reason : an error occured while instrospecting the service.
  And the full error text is :
  An error occured while instrospecting the service. WSDLException: faultCode=PARSER_ERROR: Problem parsing 'file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%206.0/webapps/testdrive/W EB-INF/classes/services/EmployeeService.class'.: com.sun.org.apache.xerces.internal.impl.io.MalformedByteSequenceException: Invalid byte 2 of 2-byte UTF-8 sequence.
  It is usually relatively easy to find fixes through Google searches, but this time, it didn't work. So here I am, expecting a bunch of wise answers from all the nice Flex / FB gurus that I'm sure haunt this forum .
  Thanks and best regards.
  Marc.

  For those who would have the same problem, here is how I could eventually fix it.
  Since the Flex Test Drive is sometimes out of sync with flash builder 4, I recreated a project using other help pages on Adobe site :
  Entry point :
  http://help.adobe.com/en_US/Flex/4.0/AccessingData/WSbde04e3d3e6474c4-668f02f4120d422cf08- 7ffd.html
  As suggested, I used the New Project wizard to create a new project, with :
  Application server type : J2EE
  Check the radio button "Use remote object access service : BlazeDS"
  Then, as indicated in following pages (section "Accessing BlazeDS")... :
  file:///C:/Mes%20documents%20C/Commun/Developpement/Documentation/HT-Tracks/AccessingData/ help.adobe.com/en_US/Flex/4.0/AccessingData/WSbde04e3d3e6474c4-668f02f4120d422cf08-7ffe.ht ml#WSbde04e3d3e6474c4-19a3f0e0122be55e1b7-8000
  ...I selected the "Data / Connect to Data/Services..." menu option, which started the Data/service connection wizard.
  There, I selected a BlazeDS (and not Web Services) service type, and everything went fine.
  Suggestion to adobe staff : maybe it would be useful to update the Flex Test Drive to reflect Flash Builder 4 ?
  Very nice product anyway, so far, congratulations...
  Rgds
  Marc.

• Laserjet Color MFP M276nw Cannot connect to Web Services, tried every suggestion on forum

  I've tried every suggestion possible on the forum. I opened up all ports suggested by HP support on my Belkin wireless N600 router. Changed DMZ to IP address on printer. We even directly wired ethernet to printer, still cannot connect to Web Services. Now I have to wait till April 4 for a engineer to call me back. Everything else is working fine. I can print wirelessly from my laptop & smartphone. Just cannot access Web Services, oh & firmware is up to date on printer & router. We changed DNS settings to 8.8.8.8 & 8.8.4.4.
  This question was solved.
  View Solution.

  It sounds like you have done everything to connect the web services.  Web services will not connect if you are on a guest network but if you are connected via ethernet it should be on the right band.  What is the printer's IP address? Sometimes it can be too high. Is this for a company that has a proxy on the network?  How far away is the printer from the router?  Are there any metal shelves, wireless devices or anything else near the printer or between the printer and the router?  Check that the router is on Channel 11. 
  --Printer Does Not Connect To Web Services--
  Have you heard back from the engineer?  I am anxious to know how it went.  I am happy to help if they don't, otherwise keep me posted on what happens.  I possibly have one more step for you. 
  Don't forgot to say thanks by giving "Kudos" if I helped solve your problem.
  When a solution is found please mark the post that solves your issue.
  Every problem has a solution!

• Static nat and service port groups

  I need some help with opening ports on my ASA using firmware 9.1.2.
  I read earlier today that I can create service groups and tie ports to those.  But how do I use those instead of using 'object network obj-ExchangeSever-smtp' ? 
  I have the ACL -
  access-list incoming extended permit tcp any object-group Permit-1.1.1.1 interface outside
  Can this statement
  object network obj-ExchangeSever-smtp
  nat (inside,outside) static interface service tcp smtp smtp
  reference the service port groups instead? 
  Thanks,
  Andrew

  Hi,
  Are you looking a way to group all the ports/services you need to allow from the external network to a specific server/servers?
  Well you can for example configure this kind of "object-group"
  object-group service SERVER-PORTS
  service-object tcp destination eq www
  service-object tcp destination eq ftp
  service-object tcp destination eq https
  service-object icmp echo
  access-list OUTSIDE-IN permit object-group SERVER-PORTS any object
  The above would essentially let you use a single ACL rule to allow multiple ports to a server or a group of servers. (Depending if you use an "object" or "object-group" to tell the destination address/addresses)
  I am not sure how you have configured your NAT. Are they all Static PAT (Port Forward) configurations like the one you have posted above or perhaps Static NAT configurations?
  You can use the "object network " created for the NAT configuration in the above ACL rule destination field to specify the host to which traffic will be allowed to. Using the "object" in the ACL doesnt tell the ASA the ports however. That needs to be configured in the above way or in your typical way.
  Hope this helps
  - Jouni