Decrypt errors issue

Similar Messages

• EAP_TLS not successful, getting X509 decrypt error - certificate signature failure

  Hi
  I am trying EAP-TLS authentication on ACS 5.1.
  I have placed the Root CA of the device certitifcate on ACS.
  But getting this error.
  OpenSSLErrorMessage=SSL alert
  code=0x233=563 ; source=local ; type=fatal ; message="X509 decrypt error - certificate signature failure"
  OpenSSLErrorStack=  3055889312:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2649
  Can anyone help in debugging the issue, is it problem with Device's root CA certificate or anything else
  Thanks

  Hi Smita,
  Similar post but with ISE:
  https://supportforums.cisco.com/thread/2135392
  Are we using SHA 2 certs anywhere here?
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html#wp157364
  ACS 5.2 supports SHA 256.
  Rate if useful

• Decrypt Error using 2-way SSL

  I am exposing a stateless Session bean as a webservice and have setup truststore/keystore to allow clients access using 2-way SSL. Recently one of the clients beagn to get TLS Alert 51 - Decrypt Error during the SSL handshake, right after "HANDSHAKEMESSAGE: CertificateVerify". Other clients of 2-way SSL don't appear to have any issues.
  Has anyone seen this?
  Thanks
  Peter
  some SSl debug follows:
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLTrustValidator returns: 0>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Trust status (0): NONE>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: ClientKeyExchange RSA>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <isMuxerActivated: false>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLFilter.isActivated: false>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 SSL3/TLS MAC>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <30911879 received HANDSHAKE>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: CertificateVerify>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <NEW ALERT with Severity: FATAL, Type: 51
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ServerStateReceivedClientKeyExchange.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
       at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
       at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
       at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
  >
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <write ALERT, offset = 0, length = 2>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <close(): 7828>
  ####<May 22, 2007 1:58:21 PM GMT> <Debug> <TLS> <CPNT> <weblogicPROD> <ExecuteThread: '24' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLIOContextTable.removeContext(ctx): 9723897>

  I too am struggling with SSL but I was given some help by BEA. This does not help me since It seems like the proxy jar I download from the WS Home Page wants to go directly to the JPD not the jws. This example of two way SSL should work for you. I am including the Main class but not the generated files it refers to. I don't know how to attach files to the news groups. The key thing it to make use of the adapters. The Impl and Port are part of the downloaded proxy.
  public static void main(String[] args) throws Exception {
  // set weblogic ServiceFactory
  System.setProperty("javax.xml.rpc.ServiceFactory", "weblogic.webservice.core.rpc.ServiceFactoryImpl");
  // set weblogic client protocol handler
  System.setProperty("java.protocol.handler.pkgs", "weblogic.webservice.client");
  // set the SSL adapter
  SSLAdapterFactory adapterFactory = SSLAdapterFactory.getDefaultFactory();
  WLSSLAdapter adapter = (WLSSLAdapter) adapterFactory.getSSLAdapter();
  // two-way SSL you must loadLocalIdentity to provide certs back to the server
  FileInputStream clientCredentialFile = new FileInputStream ("./client/clientcred.pem");
  String pwd = "canpass";
  adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
  adapter.setVerbose(true);
  adapter.setTrustedCertificatesFile("./config/ca1024.pem");
  adapter.setStrictChecking(false);
  adapterFactory.setDefaultAdapter(adapter);
  adapterFactory.setUseDefaultAdapter(true);
  String a = null;
  if (args.length < 1) {
  a = "Sample String";
  } else {
  a = args[0];
  ToUpper_Impl lookup = new ToUpper_Impl();
  ToUpperPort value = lookup.gettoUpperPort();
  String result = value.toUpper(a);
  System.out.println(result);
  }

• WLC 4.0.217.0 reporting Decrypt Errors

  Hi,
  My customer is using Cisco WLC 4402 running 4.0.217.0 and is reporting that Wireless clients are getting disconnected and reconnected every half hour and when I check for the trapslog I get the following error messages.
  Decrypt errors occurred for client 00:19:d2:76:2e:7e using WPA2 key on 802.11b/g interface of AP 0 0:1a:30:2e:c2:b0
  AP's Interface:1(802.11a) Operation State Down: Base Radio :00:1a:30:2e:be:90 Cause=Heartbeat
  Timeout
  I have checked for known issues but couldn't find any pertaining the issue or error message.
  Could someody help or share any info to find way out to troubleshoot as what is causing this issue.
  Thanks in advance.

  so we are now after disabling PEAP fast reconnect seeing tons of these errors. this is the trigger point that started creating these messages. prior to the disabling of the PEAP fast reconnect, we had clients who anywhere from 10-60 minutes would get kicked off associations with their AP. then within 1-3 seconds a reconnect would occur. a cisco TAC case engineer recommended that we take off PEAP fast reconnect.
  here is the snmp-trap logs from the controller and our controller is running the following:
  Software Version 4.2.112.0
  System Name XXXWLC01
  Up Time 7 days, 20 hours, 28 minutes
  System Time Tue Jul 1 12:54:54 2008
  Internal Temperature +33 C
  802.11a Network State Disabled
  802.11b/g Network State Enabled
  Default Mobility Group apples
  log output:
  Tue Jul 1 12:45:05 2008 Decrypt errors occurred for client 00:19:d2:60:a1:71 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:62:20
  1 Tue Jul 1 12:44:34 2008 Decrypt errors occurred for client 00:1d:e0:74:3c:b5 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2d:1a:00
  2 Tue Jul 1 12:44:33 2008 Decrypt errors occurred for client 00:16:6f:6b:38:23 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:60:10
  3 Tue Jul 1 12:44:13 2008 Client Association Failure: Client MAC Address:00:13:ce:c3:81:d3, AP Base Radio MAC:00:1c:f9:2d:1a:00, Slot: 0, Reason:Unspecified, ReasonCode: 1
  4 Tue Jul 1 12:43:52 2008 Decrypt errors occurred for client 00:16:6f:96:f8:98 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:62:a0
  5 Tue Jul 1 12:43:48 2008 Decrypt errors occurred for client 00:1d:e0:32:5b:cb using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:26:40
  6 Tue Jul 1 12:43:33 2008 Decrypt errors occurred for client 00:15:00:22:d8:31 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:bf:d0
  7 Tue Jul 1 12:43:28 2008 Decrypt errors occurred for client 00:15:00:43:10:5a using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:97:c0
  8 Tue Jul 1 12:43:28 2008 Decrypt errors occurred for client 00:19:d2:27:75:c0 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:5b:50
  9 Tue Jul 1 12:43:19 2008 Decrypt errors occurred for client 00:18:de:cf:68:f1 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:cb:e0
  10 Tue Jul 1 12:43:19 2008 Decrypt errors occurred for client 00:18:de:d5:39:f2 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:cb:e0
  11 Tue Jul 1 12:42:58 2008 Decrypt errors occurred for client 00:18:de:cf:85:0d using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:c3:00
  12 Tue Jul 1 12:42:51 2008 Decrypt errors occurred for client 00:1d:e0:76:79:27 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:5e:80
  13 Tue Jul 1 12:42:35 2008 Decrypt errors occurred for client 00:1b:77:0b:c0:d6 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:78:c0
  14 Tue Jul 1 12:42:33 2008 Decrypt errors occurred for client 00:1b:77:0b:d8:4f using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:60:10
  15 Tue Jul 1 12:42:31 2008 Decrypt errors occurred for client 00:16:6f:8f:52:cc using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:0c:f0

• Decrypt Errors on WLC version 7

  Hello
  I am seeing a lot of the following showing up in the WLC trap log:
  Decrypt errors occurred for client <CLIENT-MAC> using WPA2 key on 802.11b/g interface of AP 00:17:0f:81:ad:90
  I have done a fair amount of searching about and I cant seem to find a clear explanation for this message.  Could someone suggest what might be causing these issues and how to resolve them?
  For refernce we are using WLC runninn 7.0.98 and ACS 4.0
  Thanks in advance.

  Its a fair range of clients across several APs in the building.  I havent got an exact list of
  clients but I know its both old and new Lenovo/IBM laptops as well as Macbooks and Macbook Pros.
  Our APs are the 1131AGs if that helps.

• Decrypt errors occurred for client

  I am getting error messages for clients:
  11 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:13:ce:54:57:3c using WPA key on 802.11b/g interface of AP 00:16:9c:91:97:c0
  12 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:16:6f:91:d8:60 using WPA2 key on 802.11b/g interface of AP 00:16:9c:91:97:c0
  These are only occuring for clients that are disconnecting....
  They can reconnect after a WLC reboot....
  We have swapped APs.....
  I have seen this error in other forums but it says not to worry about it. There has to be a connection between this and clients getting disconnected. We have anywhere between 10-50 clients on the system at any one time.
  Is this a client issue (nic firmware, version) or is this an error in  the controller??
  AIR-WLC2106-K9
  IOS ver: 6.0.196.0
  Thanks

  This means that the client is using a different key than the one he agreed on using with the AP. There were bugs about this long time ago but nothing recent.
  I've seen this happening a lot with old/not updated clients. It rarely happens on intel adapters with latest drivers for example.
  So I'd suggest checking the client pattern (are the clients facing this all having old wireless drivers ?).
  It can also happen if you offer funny encryption combinations that client doesn't like (wpa1+aes, wpa2+tkip). Try to only enable wpa2/aes and see if it helps.
  Nicolas

• WPA2 decrypt errors on controller

  I am seeing quite a lot WPA2 decrypt errors on the WLCs. i am running 4.2 code and have 1131 APs deployed in the enterprise.

  We have the same problem.
  We use Microsoft's WZC with WPA2/AES with mostly Intel 2915 NIC's. They are updated with the latest driver we can find on Intel and/or Lenovo's site --- 9.0.4.39.
  We have patched the client with all MS patches we can find
  KB893357 - WPA2 patch for SP2 XP clients
  KB885453 - PEAP patch (supposed to fix this issue)
  KB917021 - enhanced support for WPA2 clients esp. for Group Policy options.
  finally my question.... :)
  What Aironet extensions are you referring to?
  The Aironet IE enable radio button within the WLAN settings?
  If so, we already have that disabled and still have the problem.
  Don't know what else to try?

• IPM server Repository error issue..

  Hi All,
  We are using Invoice gateway for one opf our projects.
  I could able to scan the hard copy and cretae a bacth.
  OFR is creting the pdf, xml and txt file out of the scanned copy and keep it in a folder, so that IPM process them from then on.
  Once IPM processes it and invoke BPEL for further action.
  But IPM is throwig me the below error:
  [2012-05-09T15:32:49.785+05:30] [IPM_server1] [ERROR] [TCM-00162] [oracle.imaging.agents] [tid: [ACTIVE].ExecuteThread: '2' f
  or queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000JSkzo^l5Ifs6wjZf6G1FeZj900000E,0] [APP: i
  maging] [dcid: f05c270b0bae50db:-392a3bea:13730f9cd54:-7ff2-0000000000000d86] Failed to load Batch for new filing.
  [2012-05-09T15:32:49.793+05:30] [IPM_server1] [ERROR] [TCM-00157] [oracle.imaging.agents] [tid: [ACTIVE].ExecuteThread: '2' f
  or queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000JSkzo^l5Ifs6wjZf6G1FeZj900000E,0] [APP: i
  maging] [dcid: f05c270b0bae50db:-392a3bea:13730f9cd54:-7ff2-0000000000000d86] [arg: /u03/oracle/Middleware/user_projects/doma
  ins/BBECM_DOMAIN/IPM/InputAgent/Input/Stage/TestCase_Invoice_316_204_09052012.txt] An error occurred filing file /u03/oracle/
  Middleware/user_projects/domains/BBECM_DOMAIN/IPM/InputAgent/Input/Stage/TestCase_Invoice_316_204_09052012.txt.[[
  oracle.imaging.ImagingException: TCM-00787: A repository error occurred.
  faultType: SYSTEM
  faultDetails:
  ErrorCode = oracle.stellent.ridc.protocol.ServiceException, ErrorMessage = Unable to execute service IPM_LIST_IMAGI
  NG_AGENTS and function QuserSecurityAttributeByType.
  The error was caused by an internally generated issue. The error has been logged.
  at oracle.imaging.repository.ucm.UcmErrors.convertRepositoryError(UcmErrors.java:128)
  at oracle.imaging.repository.ucm.UcmAgentUserManager.getAgents(UcmAgentUserManager.java:77)
  at oracle.imaging.repository.ucm.UcmAgentUserManager.ensureAgentUserPermissions(UcmAgentUserManager.java:29)
  at oracle.imaging.repository.ucm.UcmRepositoryManager.connect(UcmRepositoryManager.java:411)
  at oracle.imaging.repository.RepositoryManagerFactory.getInstance(RepositoryManagerFactory.java:172)
  at oracle.imaging.repository.RepositoryManagerFactory.getInstance(RepositoryManagerFactory.java:57)
  at oracle.imaging.repository.RepositoryManagerFactory.getInstance(RepositoryManagerFactory.java:91)
  at oracle.imaging.application.ApplicationServiceImpl.getSingleApplication(ApplicationServiceImpl.java:516)
  at oracle.imaging.application.ApplicationServiceImpl.getSingleApplication(ApplicationServiceImpl.java:467)
  at oracle.imaging.application.ApplicationServiceImpl.getApplication(ApplicationServiceImpl.java:348)
  at oracle.imaging.batch.BatchServiceImpl.loadApplication(BatchServiceImpl.java:348)
  at oracle.imaging.batch.BatchServiceImpl.createBatch(BatchServiceImpl.java:70)
  at oracle.imaging.inputagent.InputFilingMDB.loadBatch(InputFilingMDB.java:404)
  at oracle.imaging.inputagent.InputFilingMDB.initializeFiling(InputFilingMDB.java:371)
  at oracle.imaging.inputagent.InputFilingMDB.onMessage(InputFilingMDB.java:166)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  nvocation.java:182)
  n.java:149)
  tionInterceptor.java:131)
  nInterceptor.java:119)
  n.java:171)
  ptor.java:89)
  n.java:171)
  tionInterceptor.java:131)
  nInterceptor.java:119)
  n.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy242.onMessage(Unknown Source)
  at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
  at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
  at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
  at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
  at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
  at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
  at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
  at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
  at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  erSecurityAttributeByType.
  The error was caused by an internally generated issue. The error has been logged.
  at oracle.stellent.ridc.protocol.ServiceResponse.getResponseAsBinder(ServiceResponse.java:125)
  at oracle.stellent.ridc.protocol.ServiceResponse.getResponseAsBinder(ServiceResponse.java:101)
  at oracle.imaging.repository.ucm.UcmResponse.<init>(UcmResponse.java:66)
  at oracle.imaging.repository.ucm.UcmRequest.makeOneServiceCall(UcmRequest.java:397)
  at oracle.imaging.repository.ucm.UcmRequest.makeServiceCall(UcmRequest.java:219)
  at oracle.imaging.repository.ucm.UcmAgentUserManager.getAgents(UcmAgentUserManager.java:65)
  ... 41 more
  Can anyone please let me know the solution for the this repository error issue.
  I bounsed the IPM server, but it didnt resolve the problem.
  Thanks in advance
  Chandru

  This seems to be an error due to mapping from IPM. It can be more clear if the text file and screen shot of work flow mapping is uploaded.
  Regards,
  Vikrant Korde

• HT4864 I am using Entourage and followed all the instructions above and still getting IMAP Server error.  Error msg:Security failure.  Data decryption error.

  I am using Entourage and followed all the instructions above and still getting IMAP Server error.  Error msg:Security failure.  Data decryption error.

• InternalError: DES Decryption error

  **PLEASE HELP** I recenty did an extension update from MCE 1.2.1 to 1.2.2 for both the 1.2.2 framework and provider. It resolved my previous ExceptionInInitializerError of 'Cannot set up certs for trusted CAs.' I'm now getting an InternalError or "DES Decryption error
  at com.marconi.soc.util.Des3.decrypt (Des3.java:114)
  at com.marconi.soc.util.Crypt3.decrypt (Crypt3:java:51)
  and so on.
  This occurs after starting Openview's NNM which is integrated with Marconi's NMS app, ServiceOn Data (ver2.2).
  I'm not a software or java person so I desperately need some expert help from this forum.
  I believe we're using jre 1.2 thru 1.4 ( each NMS app uses a different jre version, I think). It all worked fine before the JCE expired.

  Hi,
  MDN (Message Disposition Notifications) is nothing but an Exchange Level acknowledgement. MDN ensures the sender of the document that the recipient has successfully received the document. The sender specifies how the MDN is to be sent back (either synchronously or asynchronously, and signed or unsigned). MDN provides the "Non-repudiation" element of AS2
  In case, recipient is able to read the received message successfully a success MDN is sent back otherwise a failed MDN is sent back. Not getting any MDN back also indicates a failure.
  Ask your tp to check the information he/she received in MDN.
  Regards,
  Anuj

• Packet Encryption/Decryption error

  This error message is from a site-to-site VPN router. The whole error message is like:
  Aug 11 00:37:22.725 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
  Aug 11 00:39:05.192 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
  Aug 11 00:39:53.961 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
  Aug 11 00:40:55.447 Japan: %HW_VPN-1-HPRXERR: Virtual Private Network (VPN) Module0/13: Packet Encryption/Decryption error, status=4610
  Does anybody see/handle this type of error before ? The explaination in the CCO for this error message does not help much. What is the 'status=4610' ? I also see the status number can be 4612 and 4613.
  I also noticed the "ah_auth_failure:" in "sh cry eng accelerator statistic " increase by one each time I got this error in the syslog
  Thanks in advance

  Xuam,
  what was the fix to your problem. I am getting exact same problem.
  Alphonse

• 'Data Decryption Error'

  I'm trying to set up an internet pay and go account with BTyahoo. However, once I've connected, my ibook won't go to the registration page... it just says "Security Failure. Data Decryption Error" BTYahoo say it must be a mac problem but I've no idea what to do about it.
  Perhaps I need to change some security setting on my iBook?
  Any help would be very appreciated!
  Thanks.
  OS X   Mac OS X (10.4.2)   It might be an OS X 10.3 or 10.4. Can't remember.

  seenfromabove, Welcome to the discussion area!
  What browser are you using? Try a different one. For example if you are using Safari, try Firefox or Netscape.

• SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error

  Hello everybody,
  I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".
  Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.
  Below is the SSL debug log
  ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...
  ssl_debug(15): Received v3 server_hello handshake message.
  ssl_debug(15): Server selected SSL version 3.1.
  ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...
  ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
  ssl_debug(15): CompressionMethod selected by server: NULL
  ssl_debug(15): Server does not supports secure renegotiation.
  ssl_debug(15): Received certificate handshake message with server certificate.
  ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.
  ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.
  ssl_debug(15): Received certificate_request handshake message.
  ssl_debug(15): Accepted certificate types: RSA, DSA
  ssl_debug(15): Accepted certificate authorities:
  ssl_debug(15):   CN=XXXXXXXXXXXXXXXXXXXXXXXX
  ssl_debug(15):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(15):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
  ssl_debug(15): Received server_hello_done handshake message.
  ssl_debug(15): Sending certificate handshake message with RSA client certificate...
  ssl_debug(15): Sending client_key_exchange handshake...
  ssl_debug(15): Sending certificate_verify handshake message...
  ssl_debug(15): Sending change_cipher_spec message...
  ssl_debug(15): Sending finished message...
  ssl_debug(15): Received alert message: Alert Fatal: decrypt error
  ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
  ssl_debug(15): Shutting down SSL layer...
  My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).
  Does somebody have an idea what could cause this SSL handshake failure?
  Best regards,
  Maxim

  The XPI inspector gave more understanding of the situation. It shows which certificates the remote server is sending, which client certificate is used for authentication and many other topics. Interesting enough the XPI inspector shows that PI trusts the server key whereas the NWA log at the very same time tells that it doesn't. I have posted an OSS message asking to explain why there is this discrepancy.

• WEP Key decrypt error + Symbol 9060

  I have a WLC 4400 running ver 3.2.150.6. The LAP is a 1242AG-A-K9. I am getting this error message on the wireless controller log when I try and use my Symbol 9060 RF units the message is:
  WEP Key decrypt error. Station MAC Address is 00:a0:f8:ba:b5:36, Base Radio MAC is 00:19:a9:0f:d7:90 and Slot ID is 0.
  My setup is WPA using 802.1x and the units do authenicate but then after a random period the users lose their sessions. Actually doesnt seem to matter whether I am using WPA or WEP, i still drop. I havent had this problem with the fat APs. Any ideas?

  Cisco is saying the WEP error is a known bug and its a fake message, so that is probably not what is causing the drops. When the clients first started dropping I also noticed another error message but it hasnt show back up till today when i put more client guns back in use. the error is:
  WPA MIC Error counter measure activated on Radio with MAC 00:19:a9:0f:bd:80 and Slot ID 0. Station MAC Address is 00:a0:f8:d2:34:98 and WLAN ID is 1.
  Any thoughts?

• WEP Key decrypt error

  We have WPA2 clients and WLC4402, why is the controller reporting this error message. Does anyone know ? It doesn't seem to effect the connection but I'm just concerning.
  Tue May 9 12:47:20 2006 WEP Key decrypt error. Station MAC Address is xx:xx:xx:xx:xx:xx, Base Radio MAC is xx:xx:xx:xx:xx:xx and Slot ID is 1.

  Hi
  We are using 802.1x and 104 bit WEP to authenticate against a ACS Server
  (LEAP)
  Sporadically we are also getting the same errormessage muliple times:
  Wed Nov 1 12:09:01 2006--WEP Key decrypt error. Station MAC Address is 00:40:96:b1:d1:01, Base Radio MAC is 00:0b:85:71:21:01 and Slot ID is 1.
  Wed Nov 1 12:05:01 2006--WEP Key decrypt error. Station MAC Address is 00:40:96:b1:d1:01, Base Radio MAC is 00:0b:85:71:21:01 and Slot ID is 1.
  It seesms that this error-essage are dieplayed in different configuration cenarios.
  Does anyone know what exactly the reason is for this error message is.
  (Execpt for the Cisco docu statement "Notification sent when the controller detects a WEP decrypting error.")
  Best Regards
  Jarle