Dns connection refused

Similar Messages

• TCP DNS Connection Refused

  I am testing an application which uses tcp for dns.
  My ActionTec router is set to "Medium" so it should allow all outbound connections.
  When I use a dns server on my network all is well.   When I try to use the ActionTec for dns I get connection refused with tcp requests but udp requests go through. I suspect the dns server on the ActionTec does not support tcp but I would like confirmation in case there is a setting I can change to make it work.
  $ host yahoo.com
  yahoo.com has address 98.138.253.109
  yahoo.com has address 98.139.183.24
  yahoo.com has address 72.30.38.140
  yahoo.com mail is handled by 1 mta5.am0.yahoodns.net.
  yahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
  yahoo.com mail is handled by 1 mta6.am0.yahoodns.net.
  $ host -T yahoo.com
  ;; Connection to 192.168.1.1#53(192.168.1.1) for yahoo.com failed: connection refused.
  Thanks,
  AustinPowered

  Keep in mind the ActionTecs are based around the dnsmasq lightweight DNS resolver if I remember correctly. If Verizon/ActionTec is using a version of dnsmasq older than v2.10, then it is a known limitation of dnsmasq to not support TCP queries. If someone can confirm what version the FiOS routers have, that would be great. This tool may be able to identify it:
  http://netalyzr.icsi.berkeley.edu/
  If you'd like me to analyze it, please send me a private message with the URL to your result, unless you don't mind your IP address being given out to the forums.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• Problems with SSH: Connection Refused

  Greetings fellow Arch users,
  I have hit a bit of a snag that I could really use some extra help getting around. I've tried everything I can think of (and everything that Google thought might work) and I have my back rather against a wall, so I thought I'd come here to see if anyone can offer some advice.
  To make a long story short, I am a college student and am attempting to set up an ssh server on a desktop at my house so I can access it remotely from the college. I have the computer set up and the server running, however I am having difficulty making connections to it from my laptop. I know that the server is running, because I can log into it both from the server itself (sshing into local host) and from my laptop when I use the internal IP address.
  The server is on a static IP address within the network(192.168.0.75), and my router is configured to forward TCP port 1500 to it (I'm using 1500 as the port for my ssh server). However, when I attempt to log into the ssh server using my network's external IP address, the connection is refused. I used nmap to scan my network and found that, even though the proper ports are forwarded to the proper place as far as my Router's configuration interface is concerned, port 1500 is not listed as one of the open TCP ports. I also, to test it, temporarily disabled the firewalls on both the server and the client. That didn't help. The command that I am running is:
  ssh -p 1500 douglas@[external ip address
  As I am really not sure what is causing this problem, I don't know what information to provide. So here is everything that my inexperienced mind sees as likely being important. If you need anything more, let me know and I will do my best to provide it.
  Here is the sshd_config file from my server.
  # This is the sshd server system-wide configuration file. See
  # sshd_config(5) for more information.
  # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  # The strategy used for options in the default sshd_config shipped with
  # OpenSSH is to specify options with their default value where
  # possible, but leave them commented. Uncommented options override the
  # default value.
  Port 1500
  #AddressFamily any
  #ListenAddress 0.0.0.0
  #ListenAddress ::
  # The default requires explicit activation of protocol 1
  #Protocol 2
  # HostKey for protocol version 1
  #HostKey /etc/ssh/ssh_host_key
  # HostKeys for protocol version 2
  #HostKey /etc/ssh/ssh_host_rsa_key
  #HostKey /etc/ssh/ssh_host_dsa_key
  #HostKey /etc/ssh/ssh_host_ecdsa_key
  # Lifetime and size of ephemeral version 1 server key
  #KeyRegenerationInterval 1h
  #ServerKeyBits 1024
  # Ciphers and keying
  #RekeyLimit default none
  # Logging
  # obsoletes QuietMode and FascistLogging
  #SyslogFacility AUTH
  #LogLevel INFO
  # Authentication:
  #LoginGraceTime 2m
  PermitRootLogin no
  #StrictModes yes
  #MaxAuthTries 6
  #MaxSessions 10
  #RSAAuthentication yes
  #PubkeyAuthentication yes
  # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  # but this is overridden so installations will only check .ssh/authorized_keys
  AuthorizedKeysFile .ssh/authorized_keys
  #AuthorizedPrincipalsFile none
  #AuthorizedKeysCommand none
  #AuthorizedKeysCommandUser nobody
  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  #RhostsRSAAuthentication no
  # similar for protocol version 2
  #HostbasedAuthentication no
  # Change to yes if you don't trust ~/.ssh/known_hosts for
  # RhostsRSAAuthentication and HostbasedAuthentication
  #IgnoreUserKnownHosts no
  # Don't read the user's ~/.rhosts and ~/.shosts files
  #IgnoreRhosts yes
  # To disable tunneled clear text passwords, change to no here!
  #PasswordAuthentication yes
  #PermitEmptyPasswords no
  # Change to no to disable s/key passwords
  ChallengeResponseAuthentication no
  # Kerberos options
  #KerberosAuthentication no
  #KerberosOrLocalPasswd yes
  #KerberosTicketCleanup yes
  #KerberosGetAFSToken no
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
  # be allowed through the ChallengeResponseAuthentication and
  # PasswordAuthentication. Depending on your PAM configuration,
  # PAM authentication via ChallengeResponseAuthentication may bypass
  # the setting of "PermitRootLogin without-password".
  # If you just want the PAM account and session checks to run without
  # PAM authentication, then enable this but set PasswordAuthentication
  # and ChallengeResponseAuthentication to 'no'.
  UsePAM yes
  #AllowAgentForwarding yes
  #AllowTcpForwarding yes
  #GatewayPorts no
  #X11Forwarding no
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  PrintMotd no # pam does that
  #PrintLastLog yes
  #TCPKeepAlive yes
  #UseLogin no
  UsePrivilegeSeparation sandbox # Default for new installations.
  #PermitUserEnvironment no
  #Compression delayed
  #ClientAliveInterval 0
  #ClientAliveCountMax 3
  #UseDNS yes
  #PidFile /run/sshd.pid
  #MaxStartups 10:30:100
  #PermitTunnel no
  #ChrootDirectory none
  #VersionAddendum none
  # no default banner path
  #Banner none
  # override default of no subsystems
  Subsystem sftp /usr/lib/ssh/sftp-server
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
  # X11Forwarding no
  # AllowTcpForwarding no
  # ForceCommand cvs server
  The ouptut of ip addr when run on the server:
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
  valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
  valid_lft forever preferred_lft forever
  2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
  link/ether 00:21:9b:3a:be:94 brd ff:ff:ff:ff:ff:ff
  inet 192.168.0.75/24 brd 192.168.255.0 scope global enp8s0
  valid_lft forever preferred_lft forever
  inet6 fe80::221:9bff:fe3a:be94/64 scope link
  valid_lft forever preferred_lft forever
  Here is the output from running nmap on the network:
  Starting Nmap 6.40 ( http://nmap.org ) at 2013-09-28 21:05 EDT
  Initiating Ping Scan at 21:05
  Scanning address [2 ports]
  Completed Ping Scan at 21:05, 0.01s elapsed (1 total hosts)
  Initiating Parallel DNS resolution of 1 host. at 21:05
  Completed Parallel DNS resolution of 1 host. at 21:05, 0.05s elapsed
  Initiating Connect Scan at 21:05
  Scanning pa-addresss.dhcp.embarqhsd.net (address) [1000 ports]
  Discovered open port 80/tcp on address
  Discovered open port 443/tcp on address
  Discovered open port 23/tcp on address
  Discovered open port 21/tcp on address
  Completed Connect Scan at 21:05, 4.08s elapsed (1000 total ports)
  Nmap scan report for pa-address.dhcp.embarqhsd.net (address)
  Host is up (0.036s latency).
  Not shown: 995 closed ports
  PORT STATE SERVICE
  21/tcp open ftp
  23/tcp open telnet
  80/tcp open http
  443/tcp open https
  8080/tcp filtered http-proxy
  Read data files from: /usr/bin/../share/nmap
  Nmap done: 1 IP address (1 host up) scanned in 4.19 seconds
  Here is the ssh_config client-side:
  # $OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $
  # This is the ssh client system-wide configuration file. See
  # ssh_config(5) for more information. This file provides defaults for
  # users, and the values can be changed in per-user configuration files
  # or on the command line.
  # Configuration data is parsed as follows:
  # 1. command line options
  # 2. user-specific file
  # 3. system-wide file
  # Any configuration value is only changed the first time it is set.
  # Thus, host-specific definitions should be at the beginning of the
  # configuration file, and defaults at the end.
  # Site-wide defaults for some commonly used options. For a comprehensive
  # list of available options, their meanings and defaults, please see the
  # ssh_config(5) man page.
  # Host *
  # ForwardAgent no
  # ForwardX11 no
  # RhostsRSAAuthentication no
  # RSAAuthentication yes
  # PasswordAuthentication yes
  # HostbasedAuthentication no
  # GSSAPIAuthentication no
  # GSSAPIDelegateCredentials no
  # BatchMode no
  # CheckHostIP yes
  # AddressFamily any
  # ConnectTimeout 0
  # StrictHostKeyChecking ask
  # IdentityFile ~/.ssh/identity
  # IdentityFile ~/.ssh/id_rsa
  # IdentityFile ~/.ssh/id_dsa
  # Port 22
  Protocol 2
  # Cipher 3des
  # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
  # MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
  # EscapeChar ~
  # Tunnel no
  # TunnelDevice any:any
  # PermitLocalCommand no
  # VisualHostKey no
  # ProxyCommand ssh -q -W %h:%p gateway.example.com
  # RekeyLimit 1G 1h
  Output of ssh -v during connection attempt:
  OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
  debug1: Reading configuration data /home/douglas/.ssh/config
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to address [address] port 1500.
  debug1: connect to address address port 1500: Connection refused
  ssh: connect to host address port 1500: Connection refused
  Thank you guys ahead of time. Getting this server operational is hardly critical, it is just a side project of mine, but I would really like to see it working.
  Douglas Bahr Rumbaugh
  Last edited by douglasr (2013-09-29 02:58:56)

  Okay, so I finally have the opportunity to try and log in from a remote network. And. . .  it doesn't work. Which is just my luck because I now need to wait an entire week, at least, before I can touch the server again. Anyway, running ssh with the maximum verbosity I get this output:
  douglas ~ $ ssh -vvv -p 2000 address
  OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
  debug1: Reading configuration data /home/douglas/.ssh/config
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to address [address] port 2000.
  debug1: connect to address address port 2000: Connection timed out
  ssh: connect to host address port 2000: Connection timed out
  It takes a minute or two for the command to finish with the connection timeout, as one would expect. And yes, I am reasonably sure that the address that I am using is my home network's external IP. It is dynamic, but I checked it before I left which was just over an hour ago. I guess that it may have changed. I'll know that for sure in the morning, when my server sends me an automatic email with the network's current address. In the meantime I am operating under the assumption that the address I am using is correct. What else could be the problem?

• Lion Server postfix mail not being delivered to mailboxes. "SMTP restriction `reject_invalid_helo_hostname' after `permit' is ignored" and "connect to private/policy: Connection refused" errors.

  All, Im stumped. In fact I have been on the phone with Apple Support and this has been escalated to the top engineers, as I think its got them too..
  Anyway, here is my problem..
  I'm running an Mac Mini with OS X 10.7.4 Server. I have had mail running on it for 2 months or so, without any issues. The mail was actually migrated from 10.6 in March, and It actually went smoothly. I have 3 domains which all recieve mail and they all work (or did up until 2 weeks ago)..
  So the story is this.. I can send mail from my domains, without issue.  imap and dovecot must be working.. cause all the stored mail, can be read with the mail IMAP client.. I can even transfer mail messages from one mailbox to another with Mail client. Sending mail is a breeze, it still works and the recipients still recieve their mail. But I noticed I wasnt getting any mail at all from those mailboxes... no mail, no spam, nothing.. which is unusal. I fired up Server admin and checked out the SMTP log, and this is what it showed for every email recieved: (xxxxxx is just me hiding sensitive info)
  Jul 21 14:25:20 xxxxxxxx postfix/postscreen[65857]: CONNECT from [17.158.233.225]:41909
  Jul 21 14:25:26 xxxxxxxx postfix/postscreen[65857]: PASS OLD [17.158.233.225]:41909
  Jul 21 14:25:26 xxxxxxxx postfix/smtpd[65858]: connect from nk11p03mm-asmtp994.mac.com[17.158.233.225]
  Jul 21 14:25:26 xxxxxxxx postfix/smtpd[65858]: warning: restriction `reject_invalid_helo_hostname' after `permit' is ignored
  Jul 21 14:25:27 xxxxxxxx postfix/smtpd[65858]: warning: connect to private/policy: Connection refused
  Jul 21 14:25:27 xxxxxxxx postfix/smtpd[65858]: warning: problem talking to server private/policy: Connection refused
  Jul 21 14:25:28 xxxxxxxx postfix/smtpd[65858]: warning: connect to private/policy: Connection refused
  Jul 21 14:25:28 xxxxxxxx postfix/smtpd[65858]: warning: problem talking to server private/policy: Connection refused
  Jul 21 14:25:28 xxxxxxxx postfix/smtpd[65858]: NOQUEUE: reject: RCPT from nk11p03mm-asmtp994.mac.com[17.158.233.225]: 451 4.3.5 Server configuration problem; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<nk11p99mm-asmtpout004.mac.com>
  Jul 21 14:25:28 azathoth postfix/smtpd[65858]: disconnect from nk11p03mm-asmtp994.mac.com[17.158.233.225]
  Ok, now what is odd, is these rejected messages are not even appearing in the mail queue in Server Admin. I have no idea why there are not being delivered
  Ive checked my postfix main.cf file and master.cf files they both look ok.. Ive even replaced them with the main.cf.defualt.10.7 and master.cf.default.10.7 files and to no avail... same problem..
  So in summary
  I can send mail out
  IMAP is working on the client end (thus dovecot is) exsisting stored emails can be accessed, read, moved unread etc..
  mail is coming into the sever, but its being rejected. there is NO rejection email sent back to the sender.
  mail is recieved by postfix, but cyrus isnt doing anything with it.. I have no idea where it goes...
  Could anyone shed light on this...
  my main.cf file:
  # Global Postfix configuration file. This file lists only a subset
  # of all 300+ parameters. See the postconf(5) manual page for a
  # complete list.
  # The general format of each line is: parameter = value. Lines
  # that begin with whitespace continue the previous line. A value can
  # contain references to other $names or ${name}s.
  # NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
  # POSTFIX STILL WORKS AFTER EVERY CHANGE.
  # SOFT BOUNCE
  # The soft_bounce parameter provides a limited safety net for
  # testing.  When soft_bounce is enabled, mail will remain queued that
  # would otherwise bounce. This parameter disables locally-generated
  # bounces, and prevents the SMTP server from rejecting mail permanently
  # (by changing 5xx replies into 4xx replies). However, soft_bounce
  # is no cure for address rewriting mistakes or mail routing mistakes.
  # soft_bounce = no
  # LOCAL PATHNAME INFORMATION
  # The queue_directory specifies the location of the Postfix queue.
  # This is also the root directory of Postfix daemons that run chrooted.
  # See the files in examples/chroot-setup for setting up Postfix chroot
  # environments on different UNIX systems.
  queue_directory = /private/var/spool/postfix
  # The command_directory parameter specifies the location of all
  # postXXX commands.
  command_directory = /usr/sbin
  # The daemon_directory parameter specifies the location of all Postfix
  # daemon programs (i.e. programs listed in the master.cf file). This
  # directory must be owned by root.
  daemon_directory = /usr/libexec/postfix
  # QUEUE AND PROCESS OWNERSHIP
  # The mail_owner parameter specifies the owner of the Postfix queue
  # and of most Postfix daemon processes.  Specify the name of a user
  # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
  # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
  # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
  # USER.
  mail_owner = _postfix
  # The default_privs parameter specifies the default rights used by
  # the local delivery agent for delivery to external file or command.
  # These rights are used in the absence of a recipient user context.
  # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
  #default_privs = nobody
  # INTERNET HOST AND DOMAIN NAMES
  # The myhostname parameter specifies the internet hostname of this
  # mail system. The default is to use the fully-qualified domain name
  # from gethostname(). $myhostname is used as a default value for many
  # other configuration parameters.
  #myhostname = host.domain.tld
  #myhostname = virtual.domain.tld
  # The mydomain parameter specifies the local internet domain name.
  # The default is to use $myhostname minus the first component.
  # $mydomain is used as a default value for many other configuration
  # parameters.
  #mydomain = domain.tld
  # SENDING MAIL
  # The myorigin parameter specifies the domain that locally-posted
  # mail appears to come from. The default is to append $myhostname,
  # which is fine for small sites.  If you run a domain with multiple
  # machines, you should (1) change this to $mydomain and (2) set up
  # a domain-wide alias database that aliases each user to
  # [email protected].
  # For the sake of consistency between sender and recipient addresses,
  # myorigin also specifies the default domain name that is appended
  # to recipient addresses that have no @domain part.
  #myorigin = $myhostname
  #myorigin = $mydomain
  # RECEIVING MAIL
  # The inet_interfaces parameter specifies the network interface
  # addresses that this mail system receives mail on.  By default,
  azathoth:postfix root#
  azathoth:postfix root# less main.cf
  azathoth:postfix root# more main.cf
  # Global Postfix configuration file. This file lists only a subset
  # of all 300+ parameters. See the postconf(5) manual page for a
  # complete list.
  # The general format of each line is: parameter = value. Lines
  # that begin with whitespace continue the previous line. A value can
  # contain references to other $names or ${name}s.
  # NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
  # POSTFIX STILL WORKS AFTER EVERY CHANGE.
  # SOFT BOUNCE
  # The soft_bounce parameter provides a limited safety net for
  # testing.  When soft_bounce is enabled, mail will remain queued that
  # would otherwise bounce. This parameter disables locally-generated
  # bounces, and prevents the SMTP server from rejecting mail permanently
  # (by changing 5xx replies into 4xx replies). However, soft_bounce
  # is no cure for address rewriting mistakes or mail routing mistakes.
  # soft_bounce = no
  # LOCAL PATHNAME INFORMATION
  # The queue_directory specifies the location of the Postfix queue.
  # This is also the root directory of Postfix daemons that run chrooted.
  # See the files in examples/chroot-setup for setting up Postfix chroot
  # environments on different UNIX systems.
  queue_directory = /private/var/spool/postfix
  # The command_directory parameter specifies the location of all
  # postXXX commands.
  command_directory = /usr/sbin
  # The daemon_directory parameter specifies the location of all Postfix
  # daemon programs (i.e. programs listed in the master.cf file). This
  # directory must be owned by root.
  daemon_directory = /usr/libexec/postfix
  # QUEUE AND PROCESS OWNERSHIP
  # The mail_owner parameter specifies the owner of the Postfix queue
  # and of most Postfix daemon processes.  Specify the name of a user
  # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
  # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
  # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
  # USER.
  mail_owner = _postfix
  # The default_privs parameter specifies the default rights used by
  # the local delivery agent for delivery to external file or command.
  # These rights are used in the absence of a recipient user context.
  # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
  #default_privs = nobody
  # INTERNET HOST AND DOMAIN NAMES
  # The myhostname parameter specifies the internet hostname of this
  # mail system. The default is to use the fully-qualified domain name
  # from gethostname(). $myhostname is used as a default value for many
  # other configuration parameters.
  #myhostname = host.domain.tld
  #myhostname = virtual.domain.tld
  # The mydomain parameter specifies the local internet domain name.
  # The default is to use $myhostname minus the first component.
  # $mydomain is used as a default value for many other configuration
  # parameters.
  #mydomain = domain.tld
  # SENDING MAIL
  # The myorigin parameter specifies the domain that locally-posted
  # mail appears to come from. The default is to append $myhostname,
  # which is fine for small sites.  If you run a domain with multiple
  # machines, you should (1) change this to $mydomain and (2) set up
  # a domain-wide alias database that aliases each user to
  # [email protected].
  # For the sake of consistency between sender and recipient addresses,
  # myorigin also specifies the default domain name that is appended
  # to recipient addresses that have no @domain part.
  #myorigin = $myhostname
  #myorigin = $mydomain
  # RECEIVING MAIL
  # The inet_interfaces parameter specifies the network interface
  # addresses that this mail system receives mail on.  By default,
  # the software claims all active interfaces on the machine. The
  # parameter also controls delivery of mail to user@[ip.address].
  # See also the proxy_interfaces parameter, for network addresses that
  # are forwarded to us via a proxy or network address translator.
  # Note: you need to stop/start Postfix when this parameter changes.
  #inet_interfaces = all
  #inet_interfaces = $myhostname
  #inet_interfaces = $myhostname, localhost
  # The proxy_interfaces parameter specifies the network interface
  # addresses that this mail system receives mail on by way of a
  # proxy or network address translation unit. This setting extends
  # the address list specified with the inet_interfaces parameter.
  # You must specify your proxy/NAT addresses when your system is a
  # backup MX host for other domains, otherwise mail delivery loops
  # will happen when the primary MX host is down.
  #proxy_interfaces =
  #proxy_interfaces = 1.2.3.4
  # The mydestination parameter specifies the list of domains that this
  # machine considers itself the final destination for.
  # These domains are routed to the delivery agent specified with the
  # local_transport parameter setting. By default, that is the UNIX
  # compatible delivery agent that lookups all recipients in /etc/passwd
  # and /etc/aliases or their equivalent.
  # The default is $myhostname + localhost.$mydomain.  On a mail domain
  # gateway, you should also include $mydomain.
  # Do not specify the names of virtual domains - those domains are
  # specified elsewhere (see VIRTUAL_README).
  # Do not specify the names of domains that this machine is backup MX
  # host for. Specify those names via the relay_domains settings for
  # the SMTP server, or use permit_mx_backup if you are lazy (see
  # STANDARD_CONFIGURATION_README).
  # The local machine is always the final destination for mail addressed
  # to user@[the.net.work.address] of an interface that the mail system
  # receives mail on (see the inet_interfaces parameter).
  # Specify a list of host or domain names, /file/name or type:table
  # patterns, separated by commas and/or whitespace. A /file/name
  # pattern is replaced by its contents; a type:table is matched when
  # a name matches a lookup key (the right-hand side is ignored).
  # Continue long lines by starting the next line with whitespace.
  # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
  #mydestination = $myhostname, localhost.$mydomain, localhost
  #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
  #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
  #       mail.$mydomain, www.$mydomain, ftp.$mydomain
  # REJECTING MAIL FOR UNKNOWN LOCAL USERS
  # The local_recipient_maps parameter specifies optional lookup tables
  # with all names or addresses of users that are local with respect
  # to $mydestination, $inet_interfaces or $proxy_interfaces.
  # If this parameter is defined, then the SMTP server will reject
  # mail for unknown local users. This parameter is defined by default.
  # To turn off local recipient checking in the SMTP server, specify
  # local_recipient_maps = (i.e. empty).
  # The default setting assumes that you use the default Postfix local
  # delivery agent for local delivery. You need to update the
  # local_recipient_maps setting if:
  # - You define $mydestination domain recipients in files other than
  #   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
  #   For example, you define $mydestination domain recipients in   
  #   the $virtual_mailbox_maps files.
  # - You redefine the local delivery agent in master.cf.
  # - You redefine the "local_transport" setting in main.cf.
  # - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
  #   feature of the Postfix local delivery agent (see local(8)).
  # Details are described in the LOCAL_RECIPIENT_README file.
  # Beware: if the Postfix SMTP server runs chrooted, you probably have
  # to access the passwd file via the proxymap service, in order to
  # overcome chroot restrictions. The alternative, having a copy of
  # the system passwd file in the chroot jail is just not practical.
  # The right-hand side of the lookup tables is conveniently ignored.
  # In the left-hand side, specify a bare username, an @domain.tld
  # wild-card, or specify a [email protected] address.
  #local_recipient_maps = unix:passwd.byname $alias_maps
  #local_recipient_maps = proxy:unix:passwd.byname $alias_maps
  #local_recipient_maps =
  # The unknown_local_recipient_reject_code specifies the SMTP server
  # response code when a recipient domain matches $mydestination or
  # ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
  # and the recipient address or address local-part is not found.
  # The default setting is 550 (reject mail) but it is safer to start
  # with 450 (try again later) until you are certain that your
  # local_recipient_maps settings are OK.
  unknown_local_recipient_reject_code = 550
  # TRUST AND RELAY CONTROL
  # The mynetworks parameter specifies the list of "trusted" SMTP
  # clients that have more privileges than "strangers".
  # In particular, "trusted" SMTP clients are allowed to relay mail
  # through Postfix.  See the smtpd_recipient_restrictions parameter
  # in postconf(5).
  # You can specify the list of "trusted" network addresses by hand
  # or you can let Postfix do it for you (which is the default).
  # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
  # clients in the same IP subnetworks as the local machine.
  # On Linux, this does works correctly only with interfaces specified
  # with the "ifconfig" command.
  # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
  # clients in the same IP class A/B/C networks as the local machine.
  # Don't do this with a dialup site - it would cause Postfix to "trust"
  # your entire provider's network.  Instead, specify an explicit
  # mynetworks list by hand, as described below.
  # Specify "mynetworks_style = host" when Postfix should "trust"
  # only the local machine.
  #mynetworks_style = class
  #mynetworks_style = subnet
  #mynetworks_style = host
  # Alternatively, you can specify the mynetworks list by hand, in
  # which case Postfix ignores the mynetworks_style setting.
  # Specify an explicit list of network/netmask patterns, where the
  # mask specifies the number of bits in the network part of a host
  # address.
  # You can also specify the absolute pathname of a pattern file instead
  # of listing the patterns here. Specify type:table for table-based lookups
  # (the value on the table right-hand side is not used).
  #mynetworks = 168.100.189.0/28, 127.0.0.0/8
  #mynetworks = $config_directory/mynetworks
  #mynetworks = hash:/etc/postfix/network_table
  # The relay_domains parameter restricts what destinations this system will
  # relay mail to.  See the smtpd_recipient_restrictions description in
  # postconf(5) for detailed information.
  # By default, Postfix relays mail
  # - from "trusted" clients (IP address matches $mynetworks) to any destination,
  # - from "untrusted" clients to destinations that match $relay_domains or
  #   subdomains thereof, except addresses with sender-specified routing.
  # The default relay_domains value is $mydestination.
  # In addition to the above, the Postfix SMTP server by default accepts mail
  # that Postfix is final destination for:
  # - destinations that match $inet_interfaces or $proxy_interfaces,
  # - destinations that match $mydestination
  # - destinations that match $virtual_alias_domains,
  # - destinations that match $virtual_mailbox_domains.
  # These destinations do not need to be listed in $relay_domains.
  # Specify a list of hosts or domains, /file/name patterns or type:name
  # lookup tables, separated by commas and/or whitespace.  Continue
  # long lines by starting the next line with whitespace. A file name
  # is replaced by its contents; a type:name table is matched when a
  # (parent) domain appears as lookup key.
  # NOTE: Postfix will not automatically forward mail for domains that
  # list this system as their primary or backup MX host. See the
  # permit_mx_backup restriction description in postconf(5).
  #relay_domains = $mydestination
  # INTERNET OR INTRANET
  # The relayhost parameter specifies the default host to send mail to
  # when no entry is matched in the optional transport(5) table. When
  # no relayhost is given, mail is routed directly to the destination.
  # On an intranet, specify the organizational domain name. If your
  # internal DNS uses no MX records, specify the name of the intranet
  # gateway host instead.
  # In the case of SMTP, specify a domain, host, host:port, [host]:port,
  # [address] or [address]:port; the form [host] turns off MX lookups.
  # If you're connected via UUCP, see also the default_transport parameter.
  #relayhost = $mydomain
  #relayhost = [gateway.my.domain]
  #relayhost = [mailserver.isp.tld]
  #relayhost = uucphost
  #relayhost = [an.ip.add.ress]
  # REJECTING UNKNOWN RELAY USERS
  # The relay_recipient_maps parameter specifies optional lookup tables
  # with all addresses in the domains that match $relay_domains.
  # If this parameter is defined, then the SMTP server will reject
  # mail for unknown relay users. This feature is off by default.
  # The right-hand side of the lookup tables is conveniently ignored.
  # In the left-hand side, specify an @domain.tld wild-card, or specify
  # a [email protected] address.
  #relay_recipient_maps = hash:/etc/postfix/relay_recipients
  # INPUT RATE CONTROL
  # The in_flow_delay configuration parameter implements mail input
  # flow control. This feature is turned on by default, although it
  # still needs further development (it's disabled on SCO UNIX due
  # to an SCO bug).
  # A Postfix process will pause for $in_flow_delay seconds before
  # accepting a new message, when the message arrival rate exceeds the
  # message delivery rate. With the default 100 SMTP server process
  # limit, this limits the mail inflow to 100 messages a second more
  # than the number of messages delivered per second.
  # Specify 0 to disable the feature. Valid delays are 0..10.
  #in_flow_delay = 1s
  # ADDRESS REWRITING
  # The ADDRESS_REWRITING_README document gives information about
  # address masquerading or other forms of address rewriting including
  # username->Firstname.Lastname mapping.
  # ADDRESS REDIRECTION (VIRTUAL DOMAIN)
  # The VIRTUAL_README document gives information about the many forms
  # of domain hosting that Postfix supports.
  # "USER HAS MOVED" BOUNCE MESSAGES
  # See the discussion in the ADDRESS_REWRITING_README document.
  # TRANSPORT MAP
  # See the discussion in the ADDRESS_REWRITING_README document.
  # ALIAS DATABASE
  # The alias_maps parameter specifies the list of alias databases used
  # by the local delivery agent. The default list is system dependent.
  # On systems with NIS, the default is to search the local alias
  # database, then the NIS alias database. See aliases(5) for syntax
  # details.
  # If you change the alias database, run "postalias /etc/aliases" (or
  # wherever your system stores the mail alias file), or simply run
  # "newaliases" to build the necessary DBM or DB file.
  # It will take a minute or so before changes become visible.  Use
  # "postfix reload" to eliminate the delay.
  #alias_maps = dbm:/etc/aliases
  #alias_maps = hash:/etc/aliases
  #alias_maps = hash:/etc/aliases, nis:mail.aliases
  #alias_maps = netinfo:/aliases
  # The alias_database parameter specifies the alias database(s) that
  # are built with "newaliases" or "sendmail -bi".  This is a separate
  # configuration parameter, because alias_maps (see above) may specify
  # tables that are not necessarily all under control by Postfix.
  #alias_database = dbm:/etc/aliases
  #alias_database = dbm:/etc/mail/aliases
  #alias_database = hash:/etc/aliases
  #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
  # ADDRESS EXTENSIONS (e.g., user+foo)
  # The recipient_delimiter parameter specifies the separator between
  # user names and address extensions (user+foo). See canonical(5),
  # local(8), relocated(5) and virtual(5

  Ok 1st one. The warning restriction message relates to this line in main.cf:
  smtpd_helo_restrictions = permit_sasl_authenticated  permit_mynetworks  check_helo_access hash:/etc/postfix/helo_access  reject_non_fqdn_hostname  reject_invalid_hostname  permit reject_invalid_helo_hostname
  The last reject occurs after the single word "permit" and is ignored.
  However, that's not the problem.
  I'm not exactly sure what's happening, but this might be a clue.
  It would appear that either postfix is not being able to create the socket for private/policy or it's somehow created with the wrong permissions.  You might need to ramp up the debug level to get a better idea.
  You could check if it's being created by "netstat -a | grep private/policy" in terminal.
  My guess is that it's not being created because there is no setup statement in your master.cf file, but I don't understand why postfix would be looking for it if it isn't set up.  Private/policy I think relates to grey listing.  Maybe gives you a hint.

• Telnet connection refused in non global zone

  I have recently installed a new zone and I am trying to log into the new zone via telnet and I get the following error;
  telnet: Unable to connect to remote host: Connection refused
  when i check the services on the zone they are as follows;
  # svcs -a
  STATE STIME FMRI
  legacy_run 12:25:02 lrc:/etc/rcS_d/S51installupdates
  disabled 12:25:01 svc:/network/rpc/keyserv:default
  disabled 12:25:01 svc:/network/rpc/nisplus:default
  disabled 12:25:01 svc:/network/nis/server:default
  disabled 12:25:01 svc:/network/nis/client:default
  disabled 12:25:01 svc:/network/dns/client:default
  disabled 12:25:01 svc:/network/ldap/client:default
  disabled 12:25:01 svc:/network/nfs/cbd:default
  disabled 12:25:01 svc:/network/nfs/mapid:default
  disabled 12:25:01 svc:/network/inetd-upgrade:default
  disabled 12:25:01 svc:/system/auditd:default
  disabled 12:25:01 svc:/application/print/server:default
  disabled 12:25:01 svc:/network/ntp:default
  disabled 12:25:01 svc:/system/rcap:default
  disabled 12:25:01 svc:/network/dhcp-server:default
  disabled 12:25:01 svc:/network/nfs/server:default
  disabled 12:25:01 svc:/network/rarp:default
  disabled 12:25:01 svc:/network/rpc/bootparams:default
  disabled 12:25:01 svc:/application/gdm2-login:default
  disabled 12:25:01 svc:/application/management/webmin:default
  disabled 12:25:02 svc:/network/dns/server:default
  disabled 12:25:02 svc:/network/http:apache2
  disabled 12:25:02 svc:/network/nis/passwd:default
  disabled 12:25:02 svc:/network/nis/update:default
  disabled 12:25:02 svc:/network/nis/xfr:default
  disabled 12:25:02 svc:/network/security/kadmin:default
  disabled 12:25:02 svc:/network/security/krb5kdc:default
  disabled 12:25:02 svc:/network/slp:default
  disabled 12:25:02 svc:/system/consadm:default
  disabled 12:25:02 svc:/system/filesystem/volfs:default
  disabled 12:25:02 svc:/system/sar:default
  online 12:25:00 svc:/system/svc/restarter:default
  online 12:25:01 svc:/network/physical:default
  online 12:25:01 svc:/network/loopback:default
  online 12:25:01 svc:/milestone/name-services:default
  online 12:25:01 svc:/system/filesystem/root:default
  online 12:25:01 svc:/milestone/network:default
  online 12:25:01 svc:/system/identity:node
  online 12:25:01 svc:/system/boot-archive:default
  online 12:25:01 svc:/system/filesystem/usr:default
  online 12:25:01 svc:/system/device/local:default
  online 12:25:02 svc:/system/keymap:default
  online 12:25:02 svc:/milestone/devices:default
  online 12:25:02 svc:/system/filesystem/minimal:default
  online 12:25:02 svc:/system/rmtmpfiles:default
  online 12:25:02 svc:/system/cryptosvc:default
  online 12:25:02 svc:/application/print/cleanup:default
  online 12:25:02 svc:/system/name-service-cache:default
  online 12:25:02 svc:/system/identity:domain
  online 12:25:02 svc:/network/initial:default
  online 12:25:02 svc:/network/service:default
  online 12:25:02 svc:/system/manifest-import:default
  online 12:25:02 svc:/milestone/single-user:default
  online 12:25:02 svc:/system/filesystem/local:default
  online 12:25:02 svc:/system/cron:default
  online 12:25:02 svc:/application/font/fc-cache:default
  online 12:25:02 svc:/system/coreadm:default
  online 12:25:02 svc:/system/sysidtool:net
  online 12:25:02 svc:/network/rpc/bind:default
  online 12:25:03 svc:/network/nfs/status:default
  online 12:25:03 svc:/network/nfs/nlockmgr:default
  offline 12:25:01 svc:/system/utmp:default
  offline 12:25:01 svc:/milestone/sysconfig:default
  offline 12:25:01 svc:/network/inetd:default
  offline 12:25:01 svc:/system/filesystem/autofs:default
  offline 12:25:01 svc:/system/system-log:default
  offline 12:25:01 svc:/system/console-login:default
  offline 12:25:01 svc:/network/nfs/client:default
  offline 12:25:01 svc:/network/smtp:sendmail
  offline 12:25:01 svc:/milestone/multi-user:default
  offline 12:25:01 svc:/network/ssh:default
  offline 12:25:01 svc:/milestone/multi-user-server:default
  offline 12:25:01 svc:/application/print/ipp-listener:default
  offline 12:25:02 svc:/system/sac:default
  offline* 12:25:02 svc:/system/sysidtool:system
  uninitialized 12:25:01 svc:/network/rpc/gss:default
  uninitialized 12:25:01 svc:/application/font/stfsloader:default
  uninitialized 12:25:01 svc:/application/print/rfc1179:default
  uninitialized 12:25:01 svc:/application/x11/xfs:default
  uninitialized 12:25:01 svc:/network/apocd/udp:default
  uninitialized 12:25:01 svc:/network/chargen:dgram
  uninitialized 12:25:01 svc:/network/chargen:stream
  uninitialized 12:25:02 svc:/network/comsat:default
  uninitialized 12:25:02 svc:/network/daytime:dgram
  uninitialized 12:25:02 svc:/network/daytime:stream
  uninitialized 12:25:02 svc:/network/discard:dgram
  uninitialized 12:25:02 svc:/network/discard:stream
  uninitialized 12:25:02 svc:/network/echo:dgram
  uninitialized 12:25:02 svc:/network/echo:stream
  uninitialized 12:25:02 svc:/network/finger:default
  uninitialized 12:25:02 svc:/network/ftp:default
  uninitialized 12:25:02 svc:/network/login:eklogin
  uninitialized 12:25:02 svc:/network/login:klogin
  uninitialized 12:25:02 svc:/network/login:rlogin
  uninitialized 12:25:02 svc:/network/nfs/rquota:default
  uninitialized 12:25:02 svc:/network/rexec:default
  uninitialized 12:25:02 svc:/network/rpc/ocfserv:default
  uninitialized 12:25:02 svc:/network/rpc/rex:default
  uninitialized 12:25:02 svc:/network/rpc/rstat:default
  uninitialized 12:25:02 svc:/network/rpc/rusers:default
  uninitialized 12:25:02 svc:/network/rpc/smserver:default
  uninitialized 12:25:02 svc:/network/rpc/spray:default
  uninitialized 12:25:02 svc:/network/rpc/wall:default
  uninitialized 12:25:02 svc:/network/security/krb5_prop:default
  uninitialized 12:25:02 svc:/network/security/ktkt_warn:default
  uninitialized 12:25:02 svc:/network/shell:default
  uninitialized 12:25:02 svc:/network/shell:kshell
  uninitialized 12:25:02 svc:/network/talk:default
  uninitialized 12:25:02 svc:/network/telnet:default
  uninitialized 12:25:02 svc:/network/time:dgram
  uninitialized 12:25:02 svc:/network/time:stream
  uninitialized 12:25:02 svc:/network/tname:default
  uninitialized 12:25:02 svc:/network/uucp:default
  uninitialized 12:25:02 svc:/network/rpc-100235_1/rpc_ticotsord:default
  uninitialized 12:25:02 svc:/network/rpc-100083_1/rpc_tcp:default
  uninitialized 12:25:02 svc:/network/rpc-100068_2-5/rpc_udp:default
  any suggestions? Thanks in advance.

  After taking your suggestions, i found that there was no loghost defined in /etc/host. I defined one and now all of my services came up. I still don't have any ssh, it says
  Could not load host key: /etc/ssh/ssh_host_rsa_key
  Could not load host key: /etc/ssh/ssh_host_dsa_key
  Disabling protocol version 2. Could not load hostkey or GSS-API mechanisms
  sshd: no hostkeys available -- exiting.
  Any suggestions? Thanks for yur help, i will make sure to give you a star.
  Harvey

• Java.rmi.ConnectException: Connection refuse

  Hi all,
  I have built a simple RMI client server application.I can run client & server fine locally.
  However if I test this appplication over the internet, I get this exception on the client:
  java.rmi.ConnectException: Connection refused to host: 169.254.157.53; nested exception is:
  java.net.ConnectException: Connection timed out: connectConnection refused to host:169.254.157.53
  The RMI server is running on my PC and the client on a friend's remote PC.Both PCs are connected to Internet.
  I don't have any firewall running on my PC (including windows XP firewall). The server RMI lookup on the client happens correctly,
  the exception is raised when the client tries to call the remote method on the server.
  Here is an extract of my RMI server code (it works locally):
  public static void main(String[] args) throws Exception {
            try {
            // args[0] contains the database server name given as command line argument, arg[1] contains binary path that contains weather jpeg files     
            CPrimaryWeatherServer test = new CPrimaryWeatherServer(args[0], args[1]);
            Naming.rebind("rmi://localhost:1099/WeatherPrimaryService", test);
            System.out.println("Serveur m�t�o principal d�marr�");
            } catch (Exception e){ System.out.println(e.getMessage());}
  Here is an extract of my RMI client code (it works locally):
  try{
                      rec=1;
                      leftClik=1;
                      System.out.println("Before RMI lookup");
                      IPrimaryWeatherServerService serveur =(IPrimaryWeatherServerService)Naming.lookup("rmi://"+primWS+":1099/WeatherPrimaryService");
                      System.out.println("After RMI lookup");
                      System.out.println("Before server method call");
                      z=serveur.getFullWeatherData(); --> exception is raised here
                      System.out.println("After RMI server method call");
  I am directly connected to Internet using an ethernet card connected to an ADSL modem.169.254.157.53 is the automatic IP of my network card different from the IP given by my ISP. By the way, the client tries to contact me using my DNS name that resolves correctly to my ISP IP adress.
  Thanks a lot for help,

  because I am guessing that a local IP address is being embedded into the stub so the clien't can't find the remote server. I am guessing because you didn't provide the exception or its text. Anyway the suggestion will cause the correct public IP address/hostname to be embedded into the stub.

• 127.0.0.1 Connection refused

  For some reason, I am unable to send or receive messages. The senders and receivers get no error messages, but the messages get stuck in the mail queue with the error "delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused"
  It has worked perfectly in the past. I recently began using DNS service (I wasn't previously), but now it won't work with the DNS on or off.
  Correction: When I turn DNS off, I get this error: The error that the other server returned was: 550 550 #5.1.0 Address rejected [email protected] (state 14).
  Message was edited by: vidgpersonrsw

  The 'delivery temporarily suspended' message is coming from postfix trying to pass the message through some kind of filter process that isn't running.
  For example, the anti-virus scanner runs in this manner - messages come into the server, postfix passes the message to the scanner via a custom port on 127.0.0.1 and the scanner passes it back to postfix.
  You should check that all your mail components are working correctly.

• SSL connection refused: errno=61

  I'm trying to follow this guide to import OD servers SSL certificate for my client server: http://support.apple.com/kb/ht4183
  my os version is 10.6, so the guide states that I need to import the certificate manually.
  But when I try to run the command, that the guide states:
  openssl s_client -connect myServerName:636
  I get:
  connect: Connection refused
  connect:errno=61
  Any ideas of what might cause this, and how to fix it?

  That error implies that Open Directory either isn't configured or isn't running or isn't set for secure access, or possibly that DNS isn't set up or isn't resolving the target of the openssl command correctly.
  From the errno.h file:
  #define ECONNREFUSED 61 /* Connection refused */
  Check the settings and maybe then the logs on the Open Directory server. 
  I get that exact error when the Open Directory server isn't enabled for SSL with a certificate selected, too.

• SSL connection refused

  Hi
  I am trying to connect from sap portal through web dynpro to PI but I get the following exception:
  "Cannot find resource for bundle Java.Util.PropertyResourceBundle key could not create SSL socket... Connection refused."
  Any idea how this could be fixed?
  regards
  Yuval

  That error implies that Open Directory either isn't configured or isn't running or isn't set for secure access, or possibly that DNS isn't set up or isn't resolving the target of the openssl command correctly.
  From the errno.h file:
  #define ECONNREFUSED 61 /* Connection refused */
  Check the settings and maybe then the logs on the Open Directory server. 
  I get that exact error when the Open Directory server isn't enabled for SSL with a certificate selected, too.

• TNS-12564: TNS:connection refused

  Hi,
  I have some PHP applications which connect to Oracle database.
  I sometime receive the following error message.
  Fatal NI connect error 12516, connecting to:
  (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=)(CID=(PROGRAM=httpd)(HOST=r33188.ovh.net)(USER=nobody)))(ADDRESS=(PROTOCOL=TCP)(HOST=178.32.113.43)(PORT=1521)))
  VERSION INFORMATION:
       TNS for Linux: Version 10.2.0.1.0 - Production
       TCP/IP NT Protocol Adapter for Linux: Version 10.2.0.1.0 - Production
  Time: 29-JUL-2010 18:01:45
  Tracing not turned on.
  Tns error struct:
  ns main err code: 12564
  TNS-12564: TNS:connection refused
  ns secondary err code: 0
  nt main err code: 0
  nt secondary err code: 0
  nt OS err code: 0
  I already had that error message in the past. At that time, I looked at the V$RESOURCE_LIMIT view and I saw session and process parameters were too small so I increased its.
  Now, I checked again to these parameters and values never went nearly the max values.
  RESOURCE_NAME     CURRENT_UTILIZATION     MAX_UTILIZATION     INITIAL_ALLOCATION     LIMIT_VALUE
  processes     21     183     400     400
  sessions     29     191     445     445
  enqueue_locks     13     23     5470     5470
  enqueue_resources     13     44     2176     UNLIMITED
  ges_procs     0     0     0     0
  ges_ress     0     0     0     UNLIMITED
  ges_locks     0     0     0     UNLIMITED
  ges_cache_ress     0     0     0     UNLIMITED
  ges_reg_msgs     0     0     0     UNLIMITED
  ges_big_msgs     0     0     0     UNLIMITED
  ges_rsv_msgs     0     0     0     0
  gcs_resources     0     0     0     0
  gcs_shadows     0     0     0     0
  dml_locks     0     73     1956     UNLIMITED
  temporary_table_locks     0     3     UNLIMITED     UNLIMITED
  transactions     1     6     489     UNLIMITED
  branches     0     0     489     UNLIMITED
  cmtcallbk     0     1     489     UNLIMITED
  sort_segment_locks     5     8     UNLIMITED     UNLIMITED
  max_rollback_segments     11     11     489     65535
  max_shared_servers     4     7     UNLIMITED     UNLIMITED
  parallel_max_servers     0     0     0     3600
  Is it possible it can from another thing ? What is the best way to never have this error message again ? What is max value for sessions and processes that Oracle can support ?
  Thanks in advance,
  Best regards.

  Why do I am having (HOST=178.32.113.43)(PORT=1521) in the error message? I am using only the DNS name.
  my tnsnames.ora file:
  NV =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = dns_name)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = NV)
  and in my php connection function I also use the DNS name as the host and username/password like:
  $connect = ocilogon($username, $password, 'dns_name');
  Should I connect in another way ? like:
  $ora_host='(DESCRIPTION =(ADDRESS =(PROTOCOL = TCP)(HOST = dns_name)(PORT = 1521))(CONNECT_DATA =(SID = NV)))';
  $connect = ocilogon($username, $password, $ora_host);

• Add User/ Communication Exception: Connection refused!

  Hello,
  I've searched the entire forum , for sample code for adding a user to the Active directory.However, the code that I use , refuses to budge past this line, and gives a
  *Problem creating object: javax.naming.CommunicationException: mydc.antipodes.com:389 [Root exception is java.net.UnknownHostException: mydc.antipodes.com]*
  // Create the initial directory context
  LdapContext ctx = new InitialLdapContext(env,null);
  When i change the ldap url to 'ldap://localhost:389', it gives me this exception
  *Problem creating object: javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused: connect]*
  I also could not follow , how the LDAP url is formed, and those CN=,DC= attributes.I also typed in the LDAP url in the browser, and an External Protocol request popped up , that had a search for people names and email.
  Can someone please enlighten me , on where i was going wrong.I'm working on a windows XP machine with JDK1.6 with Netbeans.
  The same functionality is also done , in .NET using the activeds.tlb file and it is working fine.Is there a way in Java, where i can added a reference/COM component , in the same way as above , and add users?
  import java.util.Hashtable;
  import javax.naming.ldap.*;*
  *import javax.naming.directory.*;
  import javax.naming.*;*
  *import javax.net.ssl.*;
  import java.io.*;
  public class NewUser
       public static void main (String--] args)--
  --          Hashtable env = new Hashtable();--
  --          String adminName = "CN=Administrator,CN=jomy,CN=Users,DC=antipodes,DC=com";--
  --          String adminPassword = "jj2007";--
  --          String userName = "CN=Albert Einstein,CN=jomy,OU=Research,DC=antipodes,DC=com";--
  --          String groupName = "CN=All Research,CN=Administrators,OU=Research,DC=antipodes,DC=com";--
  --          env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");--
  --          //set security credentials, note using simple cleartext authentication--
  --          env.put(Context.SECURITY_AUTHENTICATION,"simple");--
  --          env.put(Context.SECURITY_PRINCIPAL,adminName);--
  --          env.put(Context.SECURITY_CREDENTIALS,adminPassword);--
  --          //connect to my domain controller--
  --          env.put(Context.PROVIDER_URL, "ldap://mydc.antipodes.com:389");--
  --                //env.put(Context.PROVIDER_URL, "winnt://localhost");--
  --          try {--
  --               // Create the initial directory context--
  --               LdapContext ctx = new InitialLdapContext(env,null);--
  --               // Create attributes to be associated with the new user--
  --                   Attributes attrs = new BasicAttributes(true);--
  --               //These are the mandatory attributes for a user object--
  --               //Note that Win2K3 will automagically create a random--
  --               //samAccountName if it is not present. (Win2K does not)--
  --               attrs.put("objectClass","user");--
  --                   attrs.put("samAccountName","AlbertE");--
  --               attrs.put("cn","Albert Einstein");--
  --               //These are some optional (but useful) attributes--
  --               attrs.put("giveName","Albert");--
  --               attrs.put("sn","Einstein");--
  --               attrs.put("displayName","Albert Einstein");--
  --               attrs.put("description","Research Scientist");--
  --                   attrs.put("userPrincipalName","[email protected]");--
  --                   attrs.put("mail","[email protected]");--
  --               attrs.put("telephoneNumber","999 123 4567");--
  --               //some useful constants from lmaccess.h--
  --               int UF_ACCOUNTDISABLE = 0x0002;--
  --               int UF_PASSWD_NOTREQD = 0x0020;--
  --               int UF_PASSWD_CANT_CHANGE = 0x0040;--
  --               int UF_NORMAL_ACCOUNT = 0x0200;--
  --               int UF_DONT_EXPIRE_PASSWD = 0x10000;--
  --               int UF_PASSWORD_EXPIRED = 0x800000;--
  --               //Note that you need to create the user object before you can--
  --               //set the password. Therefore as the user is created with no--
  --               //password, user AccountControl must be set to the following--
  --               //otherwise the Win2K3 password filter will return error 53--
  --               //unwilling to perform.--
  --                   attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));--
  --               // Create the context--
  --               Context result = ctx.createSubcontext(userName, attrs);--
  --               System.out.println("Created disabled account for: " + userName);--
  --               //now that we've created the user object, we can set the--
  --               //password and change the userAccountControl--
  --               //and because password can only be set using SSL/TLS--
  --               //lets use StartTLS--
  --               StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());--
  --               tls.negotiate();--
  --               //set password is a ldap modfy operation--
  --               //and we'll update the userAccountControl--
  --               //enabling the acount and force the user to update ther password--
  --               //the first time they login--
  --               ModificationItem[-- mods = new ModificationItem[2];
                 //Replace the "unicdodePwd" attribute with a new value
                 //Password must be both Unicode and a quoted string
                 String newQuotedPassword = "\"Password2000\"";
                 byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
                 mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
                 mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
                 // Perform the update
                 ctx.modifyAttributes(userName, mods);
                 System.out.println("Set password & updated userccountControl");
                 //now add the user to a group.
                      try     {
                           ModificationItem member[] = new ModificationItem[1];
                           member[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName));
                           ctx.modifyAttributes(groupName,member);
                           System.out.println("Added user to group: " + groupName);
                      catch (NamingException e) {
                            System.err.println("Problem adding user to group: " + e);
                 //Could have put tls.close()  prior to the group modification
                 //but it seems to screw up the connection  or context ?
                 tls.close();
                 ctx.close();
                 System.out.println("Successfully created User: " + userName);
            catch (NamingException e) {
                 System.err.println("Problem creating object: " + e);
            catch (IOException e) {
                 System.err.println("Problem creating object: " + e);               }
  }

  Sometimes there are posts that are so funny, that I really do fall off my chair and writhe on the floor laughing hysterically.
  mydc.antipodes.com is my domain controller, it's most certainly not yours !
  If you are running Active Directory (although I somehow seem to think that you are not), the LDAP URL will contain the fully qualified DNS name of your domain controller and the distingushed name of your Active Directory domain (or part thereof).
  Because you are most certainly do not have access to my domain, nor would my domain controller be registered with your DNS server or listed in your hosts file, that explains why you receive the Unknown Host Exception.
  Now the reason why I think you aren't runnning Active Directory is that you say you are running on Windows XP and when you use ADSI (winnt://localhost) it all works.
  The ADSI provider WINNT, uses the Windows NT/LM API's which are used to access either the local Windows account store which is sometimes referred to as Security Accounts Manager (SAM), or a Windows NT 4 domain. (Actually it could be used to access Active Directory, albeit using the NT/LM API's rather than LDAP). The JNDI LDAP provider supports the LDAP protocol, it does not support NT/LM.
  If on the other hand I'm wrong, and you do have Active Directory present in your network, either ask the admin for the DNS name of the domain controller,and the distinguished name of your domain, look up the LDAP Resource Records (RR's) in your DNS, or use the Windows LDP.EXE tool, leave everything blank, hit the connect button and look at the Root DSE for the naming contexts and dns host name values.

• Can't connect to console - connection refused

  I have a relatively recent install of ovm - everything was working fine for about a month. Now, when I try to launch the console on oracle VM manager I a few windows pop up (including vnc viewer) and then they go away. I turned on java debugging and found that I'm getting a connection refused error. Any idea how this could happen or how to resolve it? I don't understand enough about what its trying to do to know where to begin my troubleshooting.
  Thanks!!
  Jan 7, 2013 5:48:06 PM com.oracle.ovm.ras.proxy.RasProxyApplet main
  Jan 7, 2013 5:48:06 PM com.oracle.ovm.ras.proxy.RasProxyApplet main
  INFO: service id : 003600010004fb00000600002a495e91a1e6d87b
  Jan 7, 2013 5:48:06 PM com.oracle.ovm.ras.proxy.RasProxyApplet main
  INFO: SessionID : b4833a02-586f-406a-a548-33dba66452cc
  Jan 7, 2013 5:48:06 PM com.oracle.ovm.ras.proxy.RasProxyApplet startListening
  INFO: RAS proxy listening on /127.0.0.1:49931
  Jan 7, 2013 5:48:06 PM com.oracle.ovm.ras.proxy.RasProxyApplet main
  INFO: ServiceType : VNC
  Jan 7, 2013 5:48:06 PM com.oracle.ovm.ras.proxy.external.ViewerLauncherFactory getViewerLauncher
  INFO: Os is : windows 7
  Jan 7, 2013 5:48:10 PM com.oracle.ovm.ras.proxy.ProxyThread$1 run
  SEVERE: Unable to connect to RAS server
  java.net.ConnectException: Connection refused: connect
       at java.net.PlainSocketImpl.socketConnect(Native Method)
       at java.net.PlainSocketImpl.doConnect(Unknown Source)
       at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
       at java.net.PlainSocketImpl.connect(Unknown Source)
       at java.net.SocksSocketImpl.connect(Unknown Source)
       at java.net.Socket.connect(Unknown Source)
       at java.net.Socket.connect(Unknown Source)
       at com.oracle.ovm.ras.proxy.ProxyThread$1.run(ProxyThread.java:148)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.oracle.ovm.ras.proxy.ProxyThread.run(ProxyThread.java:141)
  Jan 7, 2013 5:48:10 PM com.oracle.ovm.ras.proxy.ProxyThread run
  SEVERE: Error while creating SSL tunnel
  java.net.SocketException: Underlying socket is not connected
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Unknown Source)
       at com.oracle.ovm.ras.proxy.ProxyThread.setupSSL(ProxyThread.java:386)
       at com.oracle.ovm.ras.proxy.ProxyThread.run(ProxyThread.java:169)
  Jan 7, 2013 5:48:11 PM com.oracle.ovm.ras.proxy.RasProxyApplet main
  INFO: Vncviewer stopped, closing proxy

  Problem was local dns. By logging into ovm manager by ip address rather than friendly name, I was able to connect to the console.

• Hardware - ipw2200 giving me connection refused, usb wifi works fine?

  Hi
  Im having a funny problem with the network at work, connecting with the ipw2200 module and card doesnt seem to work.
  netcfg says done, i can ping the ap and the dns server. Aswell as sniff the network. Her`s the kicker, wget tells me connection refused.
  When i get something like that I automaticly tought i was a firewall or a wrong config on my part, but that cant be.
  If i connect with a usb wifidongle, zd1211, give that the same device name as the ipw2200 have when thats loaded everything works great. Note that this only happens at work with the ipw2200 wifi card. How can this be?  I find this very strange.
  Thanks for any help, chers

  tigrmesh wrote:Can you ping www.google.com?
  At work ping gives me 100% loss, regardless of which device I use to connect with.
  Thats why i started using wget for testing of the connection

• When I try to log in from desktop I get "Connection Refused" message. How do I fix this?

  I tried to activate Mozilla Firefox today using the normal & routine method, clicking on the Firefox Icon.
  Each time I tried I got the same message "Connection Refused".
  I went to the Firefox site and read the message regarding disabling Java, so I opened ADD ONS and Plug Ins and disabled Java.
  Still no change, so I shut down and restarted my computer.
  I keep getting the same Connection Refused message.
  What needs to be done to restore Firefox?

  Another user also reported a problem with the AT&T Yahoo home page in the past few minutes. When you have a problem with one particular site, a good "first thing to try" is clearing your Firefox cache and deleting your saved cookies for the site.
  (1) Bypass Firefox's Cache
  Use Ctrl+Shift+r to reload the page fresh from the server.
  Alternately, you also can clear Firefox's cache completely using:
  orange Firefox button (or Tools menu) > Options > Advanced
  On the Network mini-tab > Cached Web Content : "Clear Now"
  If you have a large hard drive, this might take a few minutes.
  (2) Remove the site's cookies (save any pending work first). While viewing a page on the site:
  * right-click and choose View Page Info > Security > "View Cookies"
  * Alt+t (open the classic Tools menu) > Page Info > Security > "View Cookies"
  Then try reloading the page. Does that help?

• Connection refused when trying to getOutputStream from https connection

  Hi all !
  I want to make an https connection with a server to send/get the request/response
  What can be the cause of the following error in the following code testHttps.java?
  java.net.ConnectException: Connection refused: connect
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(Unknown Source)
  at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
  at java.net.PlainSocketImpl.connect(Unknown Source)
  at java.net.SocksSocketImpl.connect(Unknown Source)
  at java.net.Socket.connect(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
  at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.connect(Unknown Source)
  at sun.net.NetworkClient.doConnect(Unknown Source)
  at sun.net.www.http.HttpClient.openServer(Unknown Source)
  at sun.net.www.http.HttpClient.openServer(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
  at Test.testHttps.main(testHttps.java:46)
  Exception in thread "main" java.net.ConnectException: Connection refused: connect
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(Unknown Source)
  at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
  at java.net.PlainSocketImpl.connect(Unknown Source)
  at java.net.SocksSocketImpl.connect(Unknown Source)
  at java.net.Socket.connect(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
  at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.connect(Unknown Source)
  at sun.net.NetworkClient.doConnect(Unknown Source)
  at sun.net.www.http.HttpClient.openServer(Unknown Source)
  at sun.net.www.http.HttpClient.openServer(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
  at Test.testHttps.main(testHttps.java:51)
  testHttps.java
  package Test;
  import java.io.;
  import java.net.;
  import javax.net.ssl.*;
  public class testHttps {
  public static void main(String args[]) throws Exception {
  //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
  // Create a trust manager that does not validate certificate chains
  TrustManager[] trustAllCerts = new TrustManager[]{
  new X509TrustManager() {
  public java.security.cert.X509Certificate[] getAcceptedIssuers() {
  return null;
  public void checkClientTrusted(
  java.security.cert.X509Certificate[] certs, String authType) {
  public void checkServerTrusted(
  java.security.cert.X509Certificate[] certs, String authType) {
  // Install the all-trusting trust manager
  try {
  SSLContext sc = SSLContext.getInstance("SSL");
  sc.init(null, trustAllCerts, new java.security.SecureRandom());
  HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  } catch (Exception e) {
  System.out.println("Error" e);
  // Now you can access an https URL without having the certificate in the truststore
  try {
  URL url = new URL("https://..............");-->//address of the server given here
  URLConnection conn = url.openConnection();
  HttpsURLConnection urlConn = (HttpsURLConnection) conn;
  urlConn.setDoOutput(true);
  OutputStreamWriter wr = null;
  try{
  wr = new OutputStreamWriter(conn.getOutputStream());
  catch(Exception e){
  e.printStackTrace();
  BufferedReader in = new BufferedReader(new InputStreamReader(urlConn.getInputStream()));
  String str;
  while( (str=in.readLine()) != null) {
  System.out.println(str);
  } catch (MalformedURLException e) {
  System.out.println("Error in SLL Connetion" +e);
  HostnameVerifier hv = new HostnameVerifier()
  public boolean verify(String urlHostName, SSLSession session)
  System.out.println("Warning: URL Host: " urlHostName " vs. "
  session.getPeerHost());
  return true;
  want to ignore certificate validation.
  plese help me..
  hi brucechapman, as you suggested me, i posted in Core API- networking forum, now please gimme a solution
  Thanks in advance.

  hi brucechapman,
  ran the NetTest program, got the following exception:
  trigger seeding of SecureRandom
  done seeding SecureRandom
  Exception in thread "main" java.net.ConnectException: Connection refused: connect
       at java.net.PlainSocketImpl.socketConnect(Native Method)
       at java.net.PlainSocketImpl.doConnect(Unknown Source)
       at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
       at java.net.PlainSocketImpl.connect(Unknown Source)
       at java.net.SocksSocketImpl.connect(Unknown Source)
       at java.net.Socket.connect(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
       at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.connect(Unknown Source)
       at sun.net.NetworkClient.doConnect(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.http.HttpClient.openServer(Unknown Source)
       at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
       at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
       at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
       at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
       at java.net.URL.openStream(Unknown Source)
       at Test.NetTest.main(NetTest.java:40)
  NetTest.java:40 -- InputStream is = url.openStream(); at this ling throwing exception.
  For the following program, i have added the argument -Djavax.net.ssl.trustStore=cacerts
  i have exported the certificate from IE and added to the keystore.
  import java.io.BufferedReader;
  import java.io.IOException;
  import java.io.InputStreamReader;
  import java.io.OutputStreamWriter;
  import java.security.Security;
  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLSocketFactory;
  public class Communicator {
  public static void main(String[] args) {
  try {
  int port = 34443;
       String strReq = "xml content ";
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
  SSLSocket socket = (SSLSocket) factory.createSocket("jyoti-win2k8-32", port);
  //Writer out = new OutputStreamWriter(socket.getOutputStream());
  //out.write("GET http://" + "hostname" + "/ HTTP 1.1\r\n");
  // out.write("\r\n");
  //out.write(strReq);
  //out.flush();
  OutputStreamWriter wr = null;
  try{
       wr = new OutputStreamWriter(socket.getOutputStream());
       catch(Exception e){
            e.printStackTrace();
       System.out.println("got output stream");
       try{
       wr.write(strReq);
       //System.out.println("response code : "+conn.getResponseCode());
       System.out.println("written");
       wr.flush();
       catch(IOException e){
            e.printStackTrace();
  InputStreamReader is = new InputStreamReader(socket.getInputStream(),"UTF8") ;
       BufferedReader rd = new BufferedReader(is);
       String line;int count=0;
       System.out.println("rd "+rd);
       while ((line = rd.readLine()) != null) {
            System.out.println("line "+line );
            System.out.println(count++);
            // Process line...
       System.out.println(count);
  rd.close();
  BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
  int c;
  while ((c = in.read()) != -1) {
  System.out.write(c);
  //out.close();
  in.close();
  socket.close();
  } catch(IOException ex) {
  ex.printStackTrace();
  Exception :
  javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
       at sun.nio.cs.StreamEncoder.writeBytes(Unknown Source)
       at sun.nio.cs.StreamEncoder.implFlushBuffer(Unknown Source)
       at sun.nio.cs.StreamEncoder.implFlush(Unknown Source)
       at sun.nio.cs.StreamEncoder.flush(Unknown Source)
       at java.io.OutputStreamWriter.flush(Unknown Source)
       at Test.Communicator.main(Communicator.java:55)
  Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
       at sun.security.validator.PKIXValidator.<init>(Unknown Source)
       at sun.security.validator.Validator.getInstance(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
       ... 7 more
  Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
       at java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source)
       at java.security.cert.PKIXParameters.<init>(Unknown Source)
       at java.security.cert.PKIXBuilderParameters.<init>(Unknown Source)
       ... 19 more
  java.net.SocketException: Socket is closed
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getInputStream(Unknown Source)
       at Test.Communicator.main(Communicator.java:66)
  please help me and provide me suggestion/solution. how to get rid off this trustanchor paramater exception
  what is it actualy?
  Thanks in advance.