DPS NSPR error: -5971

In some case our directory proxy (5.2_Patch_4) generate 2 gigabyte log in several minutes fulfill with this lines:
Feb 14 2008 14:53:29 bl4.lvs.sztaki.hu SunONEDPS[ 30684]: [EXCEPTION] [   560304] NSPR error: -5971 (0xffffe8ad). Native errno is: 24
Feb 14 2008 14:53:29 bl4.lvs.sztaki.hu SunONEDPS[ 30684]: [EXCEPTION] [   560304] Accept failed
Feb 14 2008 14:53:29 bl4.lvs.sztaki.hu SunONEDPS[ 30684]: [EXCEPTION] [   560304] NSPR error: -5971 (0xffffe8ad). Native errno is: 24
Feb 14 2008 14:53:29 bl4.lvs.sztaki.hu SunONEDPS[ 30684]: [EXCEPTION] [   560304] Accept failed
Anybody had any idea what does mean "NSPR error: -5971" ?
Regards:
gyufi

NSPR error -5971 = PR_PROC_DESC_TABLE_FULL_ERROR.
Said differently, The process' table for holding open file descriptors is full.
-Sylvain

Similar Messages

NSPR error

Hi Folks.
I was watching my fwd.log (Im using DPS 5.2 SP 3) and i found a cuple of errors that i cant find documentation.
Do someone have seen this errors or messages????
socket 17 network not connected
Sep 27 2005 18:54:09 server1 SunONEDPS[ 14408]: [EXCEPTION] [   301006] Unexpected error on socket 17. (Error: -5978).
Sep 27 2005 18:54:09 server1 SunONEDPS[ 14408]: [TRACE] [   190401] Input was not a BER encoding or connection closed: source( x.x.x.x, 17)
Sep 27 2005 18:54:09 server1 SunONEDPS[ 14408]: [TRACE] [   190401] NSPR error: -5978 (0xffffe8a6). Native errno is: 0
Sep 27 2005 18:54:09 server1 SunONEDPS[ 14408]: [STAT/CONN] [   170903] [client(       x.x.x.x, 17)] Connection closed by client
Where x.x.x.x is the IP of my server

Did you ever find resolution to this problem? I am getting the same errors now. I did a snoop on the IP address for ports 389 and 636. I found a lot of messages coming in from my NetBackup server. But don't know how to turn it off...

PR_Accept() failed, error -5971 (Process open FD table is full.)

I am working on a web app which uses the SunONE directory server for
some authorization. Sometimes it happens that the webserver just hangs
with no errors in the webserver log. In the slapd error logs I do see
the following exceptions :
PR_Accept() failed, error -5971 (Process open FD table is full.)
I am not sure why is this happening? What could be the problem? I am
assuming FD means the file descriptor? One bug we found in the app is
that it tries to add a new user in the LDAP even if its there. I do get
"add value to attribute type nsRoleDN in entry .....: duplicate value"
exceptions, but thought its harmless. Could this exception be causing
something?

Hi,
I had exactly the same error message. I did not find the cause of this after spending a lot of time looking around. I only know it is a file descriptor table problem. The sun one directory server access log, however, did not have the number of file descriptors count reached maximum. I am very much puzzled by this. Did you find out why yet?
u4me2

Policy web agent configuration failed: NSPR error Configuration Failed!!!!

I am having troubles to install agent Apache 2.2!!!!!
The libamapc22.so uses libstdc++.so.5....
so i have this error:
root@ped-02 bin# service httpd start
Starting httpd: httpd: Syntax error on line 995 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /opt/web_agents/apache22_agent/Agent_006/config/dsame.conf: Cannot load n/opt/web_agents/apache22_agent/lib/libamapc22.so into server: libstdc++.so.5: cannot open shared object file: No such file or directory
In my OS is Installed the libstdc++.so.6
if I Install the libstdc++.so.5
I have this error:
[Wed Aug 20 15:50:35 2008] [notice] Digest: generating secret for digest authentication ...
[Wed Aug 20 15:50:35 2008] [notice] Digest: done
[Wed Aug 20 15:50:35 2008] [alert] Policy web agent configuration failed: NSPR error Configuration Failed
So I have installed NSPR and NSS but this error persists.
In log /opt/web_agents/apache22_agent/Agent_006/logs/debug/amAgent
===========
2008-08-20 16:16:36.152 Error 18271:b949c3d0 all: Connection::initialize() unable to initialize SSL libraries: NSS_Initialize returned -8128
2008-08-20 16:16:36.156 Error 18271:b949c3d0 all: initialization error: am_properties_load(com.sun.am.policy.agents.config.stopInInit) failed, error = NSPR error (12): exiting...
2008-08-20 16:16:36.156 Error 18271:b949c3d0 all: Process initialization failure:NSPR error
My configuration: ---- AMAgent.properties
com.sun.am.cookie.name = iPlanetDirectoryPro
com.sun.am.cookie.secure = false
com.sun.am.naming.url = http://accessmanager.coreo.network.ctbc:8080/opensso/namingservice
com.sun.am.policy.am.login.url = http://accessmanager.coreo.network.ctbc:8080/opensso/UI/Login
com.sun.am.policy.agents.config.local.log.file =/opt/web_agents/apache22_agent/Agent_006/logs/debug/amAgent
com.sun.am.policy.agents.config.local.log.rotate = false
com.sun.am.policy.agents.config.remote.log = amAuthLog.accessmanager.coreo.network.ctbc.80
com.sun.am.log.level =
com.sun.am.policy.am.username = amadmin
com.sun.am.policy.am.password = fhfeUCQselvAndSuo17Pww==
com.sun.am.sslcert.dir =
com.sun.am.certdb.prefix =
com.sun.am.trust_server_certs = true
com.sun.am.notification.enable = false
com.sun.am.notification.url=http://accessmaager.coreo.network.ctbc:80/UpdateAgentCacheServlet?shortcircuit=false
com.sun.am.policy.am.url_comparison.case_ignore = true
com.sun.am.policy.am.polling.interval=3
com.sun.am.sso.polling.period=3
com.sun.am.policy.am.userid.param=UserToken
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
com.sun.am.policy.agents.config.session.attribute.map=
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
com.sun.am.policy.agents.config.response.attribute.map=
com.sun.am.load_balancer.enable = false
com.sun.am.policy.agents.config.version=2.2
com.sun.am.policy.agents.config.audit.accesstype = LOG_DENY
com.sun.am.policy.agents.config.agenturi.prefix = http://accessmanager.coreo.network.ctbc:80/amagent
com.sun.am.policy.agents.config.locale = en_US
com.sun.am.policy.agents.config.instance.name = unused
com.sun.am.policy.agents.config.do_sso_only = false
com.sun.am.policy.agents.config.accessdenied.url =
com.sun.am.policy.agents.config.fqdn.check.enable = true
com.sun.am.policy.agents.config.fqdn.default = accessmanager.coreo.network.ctbc
com.sun.am.policy.agents.config.fqdn.map =
com.sun.am.policy.agents.config.cookie.reset.enable=false
com.sun.am.policy.agents.config.cookie.reset.list=
com.sun.am.policy.agents.config.cookie.domain.list=
com.sun.am.policy.agents.config.anonymous_user=anonymous
com.sun.am.policy.agents.config.anonymous_user.enable=false
com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
com.sun.am.policy.agents.config.notenforced_list.invert = false
com.sun.am.policy.agents.config.notenforced_client_ip_list =
com.sun.am.policy.agents.config.postdata.preserve.enable = false
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
com.sun.am.policy.agents.config.client_ip_validation.enable = false
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
com.sun.am.policy.agents.config.logout.url=
com.sun.am.policy.agents.config.logout.cookie.reset.list =
com.sun.am.policy.am.fetch_from_root_resource = true
com.sun.am.policy.agents.config.get_client_host_name = true
com.sun.am.policy.agents.config.convert_mbyte.enable = false
com.sun.am.policy.agents.config.ignore_path_info = false
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port =
com.sun.am.policy.agents.config.override_notification.url =
com.sun.am.policy.agents.config.connection_timeout =
com.sun.am.receive_timeout = 0
com.sun.am.connect_timeout = 0
com.sun.am.poll_primary_server = 5
com.sun.am.tcp_nodelay.enable = false
com.sun.am.policy.agents.config.encode_url_special_chars.enable = false
com.sun.am.policy.agents.config.iis.filter_priority = HIGH
com.sun.am.policy.agents.config.cdsso.enable=false
com.sun.am.policy.agents.config.cdcservlet.url = http://accessmanager.coreo.network.ctbc:8080/opensso/cdcservlet
Jonathan Costa Muniz.

Hi joncmuniz,
Are you managed to resolve this problem? I have the same.
In logs i have such information:
2008-10-08 16:48:02.471   Debug 23153:84d5368 all: Connection::initialize() calling NSS_Initialize() with directory = "" and prefix = ""
2008-10-08 16:48:02.471   Debug 23153:84d5368 all: Connection::initialize() Connection timeout wen receiving data = 0 milliseconds
2008-10-08 16:48:02.472   Error 23153:84d5368 all: Connection::initialize() unable to initialize SSL libraries: NSS_Initialize returned -8128
2008-10-08 16:48:02.475   Error 23153:84d5368 all: initialization error: am_properties_load(com.sun.am.policy.agents.config.stopInInit) failed, error = NSPRerror (12): exiting...
2008-10-08 16:48:02.475   Error 23153:84d5368 all: Process initialization failure:NSPR errorI think the problem is with certificates, but i can't point where.
Can you help?

Problem with DS5.1 patch1( PR_Accept() failed, error -5971 (Process open FD

Hi all,
I install iplanet Directory Server5.1p1 on Solaris 8. These errors fill full in my error log files
"PR_Accept() failed, error -5971 (Process open FD table is full.)"
I use idsktune tool and detect i face the problem file descripton. I have increase to 4096 ( in /etc/system file and ulimit -n 4096), but these errors still exist in my error logs.
Who know this prolem, pls give us a solution to fix this errors
Thank alot
Best Regards

I suggest you try the Directory Server forum.

PR_Accept() failed, error -5971

We have a iPlanet 5.1 sp3 directory server.
There are very few active users. However it recently failed with the error: "PR_Accept() failed, error -5971"
What causes this?
How does the DS protect itself from misbehaving clients.. I am mystified how the table of 4096 FDs the UNIX system has gets filled up. Surely the DS is freeing them up!

Hello,
Did anyone reply to you about this? I have almost the same problem:
PR_Accept() failed, error -5974 (Insufficient system resources.)
Thanks, Firdaus

DPS Builder Error: The fulfillment server encountered a proplem with authentification

Hi,
I have to make an update to an app. The DPS Builder actually shows me the following error message on generating the app "DPS Builder Error: The fulfillment server encountered a proplem with authentification".
I use the DPS App Builder App 2.7.0.5.83975.
Thanks,
Yves

Creating a new app is only a temporary solution. I will try it for this app. But I have to organize the assets again. Saving the assets on your servers is/was a great idea, but if you have to create a new app after every update, this feature is completelly useless.

Pls Help. DS5.1p1 errors PR_Accept() failed, error -5971 (Process open FD t

Hi all,
I install iplanet Directory Server5.1p1 on Solaris 8. These errors fill full in my error log files
"PR_Accept() failed, error -5971 (Process open FD table is full.)"
I use idsktune tool and detect i face the problem file descripton. I have increase to 4096 ( in /etc/system file and ulimit -n 4096), but these errors still exist in my error logs.
Who know this prolem, pls give us a solution to fix this errors
Thank alot
Best Regards

Hi!
To increase the FDs available for DS, edit the Configuration --> Performance Settings and increase the no. of FDs available for DS. please check if you havent done this.
I faced the similar problem. Increased the system limit(/etc/system) and DS setting, but was still recieving the error message time to time, which disappears automatically, when FDs get freed. The server is quite a busy LDAP server.
Can someone comment how can i see the actual Fd utilisation on a Solaris 8 system.
I have been checking like:
ls -l /procs/fd | wc -l
and by:
ls -l /procs/pid-of-slapd/fd | wc -l
But always find the Fds in use to be quite lesser than the limit specified 4096.
Thanks for sharing.
Cheers!
VIvek

InDesign CS5.5, DPS: Preview error

I watched an AIGA webinar on "Reinventing the Magazine for the Digital Era", which contained an introduction by Colin Fleming to the DPS offerings, based in InDesign 5.5. I tried to follow along with his examples to begin learning... I downloaded the latest patch so that my extensions were updated - I could play with the Overlay Creator's Image Sequence and Slideshow, and Object States. Colin's next step was to "Preview" what he created.
I opened the Preview window, but didn't get very far. When I hit Play, I received this error: Invalid URL for Web Content Overlay
No url was mentioned in the webinar, so I might not have something set up properly... although I can't seem to find a place for this anyways.
Anyone have some tips?
Thanks!

I'm not sure what's in the folio you uploaded, so it's difficult to say what's wrong with your web content URL. You may want to go through the tutorials to get up to speed. Here's a link to getting started content:
http://help.adobe.com/en_US/digitalpubsuite/using/WS67cb9e293e2f1f60174dc2eb12f2ca67c28-80 00.html

CS5.5, DPS Preview error

I watched an AIGA webinar on "Reinventing the Magazine for the Digital Era", which contained an introduction by Colin Fleming to the DPS. I tried to follow along with his examples to begin learning... I downloaded the latest patch so that my extensions were updated - I could play with the Overlay Creator's Image Sequence and Slideshow, and Object States. Colin's next step was to "Preview" what he created.
I opened the Preview window, but didn't get very far. When I hit Play, I received this error: Invalid URL for Web Content Overlay
No url was mentioned in the webinar, so I might not have something set up properly... although I can't seem to find a place for this anyways.
Anyone have some tips?
Thanks!

Wrong forum. Please post in the DPS forum.
Bob

Fail and fix, DPS updater error U44M2I218

Many thanks to responses from Uwe Laubender, which brought understanding.
Here's the full thread with fix: http://forums.adobe.com/thread/1046154?tstart=0
Should be some info and flavor for DPS developers. I leave the response as it is, so you know it, but with understanding also.
Regards,
Clive

It will now play audio cds and dvds. The computer asks me what to do with them first. The problem is still the cd i use for study. Its is an interactive cd - it is its own application - clicking on images and animations to teach vowel sounds, sentences etc.
The disc works on my other laptop, which is running in windows 7. All discs are recognised by my windows 7 and 8.1 dvd/cd player/writer, but when the title page for the interactive cd pops up on windows 8.1, the director error message pops up and the homepage shuts down with the message.
I feel like Im sure there is a package or a patch I can download to fix this issue, I just need to know what. Please help.

DPS App Error, Sign In Failed - When Downloading Developer App in DPS?

I am getting the following error message when I try to download the developer.ipa version of my app for testing on my device:
"DPS App Builder Error
Sign in failed, please try again"
I have been having this problem since yesterday evening and have tried again several times, and have uninstalled and reinstalled the DPS application but this has not helped.
Is anyone else having a similar problem or have any ideas as to what I might be doing wrong?

There may be two issues :
1. http://helpx.adobe.com/digital-publishing-suite/kb/download-sign-failed.html
2. Certificate/P12 password error

DPS BUILDER ERROR.

Hola estoy llevando adelante todos los puntos que publican para el error pero no logro exportar mis apps, estoy muy complicado con un cliente.
Existe un telefono o un chat donde pueda recibir ayuda en el momento?
Gracias

Can you please post the error message you are seeing? / ¿Puede por favor enviar el mensaje de error que estás viendo?
Neil

Error: mozilla-firefox conflicts with nss-nspr

I get this message when I try:
#>pacman -S gnome
i get:
error: mozilla-firefox conflicts with nss-nspr
i tried upgraded all installed packages, and still got this error. I'm still not used to pacman, so I could have missed a step or something. The only other packages I had installed besides the base system at this point was hwd and xorg.
I removed hwd and still got the same message.

I've got the same problem with one exception - I've got no "nss-nspr" installed on my system :shock:
[root@localhost evgeny]# pacman -S gnome
:: group gnome:
control-center gnome-applets gnome-backgrounds gnome-common gnome-desktop
gnome-icon-theme gnome-media gnome-mime-data gnome-panel gnome-session
gnome-themes gnome2-user-docs metacity nautilus vte yelp
Install whole content? [Y/n] y
:: gnome-common-2.8.0-9: is up to date. Upgrade anyway? [Y/n] n
:: gnome-icon-theme-2.10.1-1: is up to date. Upgrade anyway? [Y/n] n
:: gnome-mime-data-2.4.2-1: is up to date. Upgrade anyway? [Y/n] n
:: vte-0.11.13-1: is up to date. Upgrade anyway? [Y/n] n
error: mozilla-firefox conflicts with nss-nspr
[root@localhost evgeny]# pacman -R nss-nspr
error: could not find nss-nspr in database
Did I missed something ?
Thnks.

Secure LDAP with Multiple DPS's on Single Physical Server

I am having an issue connecting to the directory server over SSL via the directory proxy server. I have enabled SSL and tested successfully in some situations, however this situation is unique.
DPS 5.2 patch 4
Directory Server patch 4
I have applied the neccessary hotfixes from sun to resolve the SSL issues.
There are 3 physical servers. 2 of those servers each have 2 instances of directory proxy server running. The 3rd server has 2 separate Directory Server instances running (1 for enterprise authentication, 1 for Access Manager). Each physical proxy server has 1 instance running for each Directory server instance (1 enterprise LDAP, 1 AM LDAP). All 4 proxy instances can connect successfully to the Directory Masters over the unsecure ports (389 for enterprise LDAP, 55389 for AM LDAP). On the proxy servers, only the initial proxy instance can connect to the secure port successfully. For instance, on server 1 first the DPS for enterprise LDAP was installed then a DPS for AM LDAP was added. Only the enterprise proxy instance can connect successfully over SSL. On server 2 initially the AM LDAP instance was installed and then an enterprise LDAP instance was added. In this case only the AM LDAP instance can connect successfully.
For both instances of the proxy the appropriate certificates have been installed and verified. I can use the dps-instance-cert8.db for the working and non working DPS instances and successfully connect to the Directory Master using ldapsearch from the directory proxy server.
When I do ldapsearch I receive the following error on the second instances:
ldap_simple_bind: Can't contact LDAP server
SSL error -12271 (SSL peer cannot verify your certificate.)
Certificates:
bash-2.05$ /jes/ds52/shared/bin/certutil -L -d /jes/ds52/alias -P dps-instance1-
LDAP Development Pu,u,u
CMS SUN CERTIFICATE AUTH 2023 CT,,
bash-2.05$ /jes/ds52/shared/bin/certutil -L -d /jes/ds52/alias -P dps-instance2-
LDAP Development Pu,u,u
CMS SUN CERTIFICATE AUTH 2023 CT,,
Each use the same server cert, the host is �*.test.com�, using the asterisk so the hostname shouldn�t matter.
DPS INSTANCE 1 � Success
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385609] TCP_NODELAY was set on socket 3
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   310200] Success with enabling socket 16 for blocking
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   323705] ( xxx.xx.xxx.xx+ 636) syncConnection success.
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385609] TCP_NODELAY was set on socket 16
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [TRACE] [   520503] Connection established to condo101.cms.hhs.gov
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300771] Promoting socket 16 via socket 1.
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300751] Socket 16, success with SSL_HANDSHAKE_AS_CLIENT
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385701] Success with sessionPromote to SSL for socket 16.
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385704] Success with setting SSL_AuthCertificateHook callback
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385705] Success with setting SSL_BadCertHook callback
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385706] Success with setting SSL_HandshakeCallBack
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   302019] Success with SSL_SetPKCS11PinArg (socket 16)
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385748] SSL_SetURL skipped on socket 16 (null url)
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385803] Success with SSL_ResetHandshake as client (socket 16)
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385739] Certificate possesses valid times on socket 16
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385745] For socket 16, pinArg does possess a value.
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   302024] Success with CERT_VerifyCertNow (checking signature, usage: "certUsageSSLServer").
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385725] Certificate accepted on socket 16
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300754] Success with handshake on socket 16
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385746] SSL_ForceHandshake success on socket 16
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [TRACE] [   171210] [client(       xxx.xxx.xxx.xxx,   3)] [server( xxx.xx.xxx.xx+ 636, 16)] Connection via SSL session
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [STAT/CONN] [   171211] [client(       xxx.xxx.xxx.xxx,   3)] Accepting connection via network-group-1
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   310200] Success with enabling socket 3 for blocking
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300771] Promoting socket 3 via socket 0.
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300750] Socket 3, success with SSL_HANDSHAKE_AS_SERVER
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385701] Success with sessionPromote to SSL for socket 3.
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385704] Success with setting SSL_AuthCertificateHook callback
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385705] Success with setting SSL_BadCertHook callback
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385706] Success with setting SSL_HandshakeCallBack
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300801] Success with setting SSL_REQUEST_CERTIFICATE (1)
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300802] Success with setting SSL_REQUIRE_CERTIFICATE (0)
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300405] Success with SSL configuration on socket 3
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385803] Success with SSL_ResetHandshake as server (socket 3)
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300406] Success with SSL promotion on socket 3
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [TRACE] [   390307] [client(       xxx.xxx.xxx.xxx,   3)] [server( xxx.xx.xxx.xx+ 636, 16)] Success with OnSSLEstablished rule... continuing
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   300754] Success with handshake on socket 3
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385713] Read on socket 3. Received 42 byte(s)
May 10 2007 09:44:18 server123 SunONEDPS[ 24710]: [DETAIL_TRACE] [   385716] ber_get_next (socket 3) returned complete PDU
DPS INSTANCE 2 � FAILING
ldapsearch -h server123 -p 55636 -P /<serverroot>/alias/dps-server123-cert8.db -D "cn=directory manager" -s base -w adminjes -b dc=cms,dc=hhs,dc=gov objectclass=*
ldap_simple_bind: Can't contact LDAP server
SSL error -12271 (SSL peer cannot verify your certificate.)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   300901] Successful match of xxx.xxx.xxx.xxx+36383 against ALL
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   110999] In permit_connection_from_ip(), The counter for IP:xxx.xxx.xxx.xxx is now 2 and the limit is 0
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385609] TCP_NODELAY was set on socket 15
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   310200] Success with enabling socket 16 for blocking
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   323705] ( xxx.xx.xxx.xx+55636) syncConnection success.
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385609] TCP_NODELAY was set on socket 16
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   520503] Connection established to condo101.cms.hhs.gov
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300771] Promoting socket 16 via socket 1.
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300751] Socket 16, success with SSL_HANDSHAKE_AS_CLIENT
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385701] Success with sessionPromote to SSL for socket 16.
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385704] Success with setting SSL_AuthCertificateHook callback
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385705] Success with setting SSL_BadCertHook callback
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385706] Success with setting SSL_HandshakeCallBack
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   302019] Success with SSL_SetPKCS11PinArg (socket 16)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385748] SSL_SetURL skipped on socket 16 (null url)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385803] Success with SSL_ResetHandshake as client (socket 16)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385739] Certificate possesses valid times on socket 16
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385745] For socket 16, pinArg does possess a value.
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   302024] Success with CERT_VerifyCertNow (checking signature, usage: "certUsageSSLServer").
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385725] Certificate accepted on socket 16
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300754] Success with handshake on socket 16
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385746] SSL_ForceHandshake success on socket 16
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   171210] [client(       xxx.xxx.xxx.xxx, 15)] [server( xxx.xx.xxx.xx+55636, 16)] Connection via SSL session
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   310200] Success with enabling socket 15 for blocking
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300771] Promoting socket 15 via socket 0.
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300750] Socket 15, success with SSL_HANDSHAKE_AS_SERVER
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385701] Success with sessionPromote to SSL for socket 15.
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385704] Success with setting SSL_AuthCertificateHook callback
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385705] Success with setting SSL_BadCertHook callback
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385706] Success with setting SSL_HandshakeCallBack
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300801] Success with setting SSL_REQUEST_CERTIFICATE (1)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300802] Success with setting SSL_REQUIRE_CERTIFICATE (1)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300405] Success with SSL configuration on socket 15
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385803] Success with SSL_ResetHandshake as server (socket 15)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   300406] Success with SSL promotion on socket 15
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   390307] [client(       xxx.xxx.xxx.xxx, 15)] [server( xxx.xx.xxx.xx+55636, 16)] Success with OnSSLEstablished rule... continuing
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [NOTICE] [   385721] Read on socket 15 failed.
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [NOTICE] [   385721] SSL_ERROR_BASE + 3, NSPR error: -12285 (0xffffd003). Native errno is: 11
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385714] ber_get_next (socket 15) returned LBER_DEFAULT
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   385714] SSL_ERROR_BASE + 3, NSPR error: -12285 (0xffffd003). Native errno is: 11
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [EXCEPTION] [   301006] Unexpected error on socket 15. (Error: -12285).
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   190401] [server( xxx.xx.xxx.xx+55636, 16)] Input was not a BER encoding or connection closed: source( xxx.xxx.xxx.xxx, 15)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   190401] [server( xxx.xx.xxx.xx+55636, 16)] SSL_ERROR_BASE + 3, NSPR error: -12285 (0xffffd003). Native errno is: 11
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   171505] [server( xxx.xx.xxx.xx+55636, 16)] Entering recycle_inner_connection
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   301201] Closing connection to: xxx.xx.xxx.xx+55636 (socket 16)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [DETAIL_TRACE] [   301201] Closing connection to: xxx.xxx.xxx.xxx (socket 15)
May 10 2007 10:05:17 server123 SunONEDPS[ 26275]: [TRACE] [   110998] In done_connection_from_ip(), The counter for IP:xxx.xxx.xxx.xxx is now 1 and the limit is 0

In these situations it's important to separate SSL level issues from LDAP issues. I've had good results using "openssl s_client" to investigate and debug SSL/TLS level issues. I point it at the LDAP server and it sets up a connection handling the SSL layers and giving lots of diagnostics about SSL and the X.509 certificates in use.
Try looking for things like whether the SubjectAltName and/or Issuer's CN contain the same hostname you are using to connect.
After giving you the diagnostics it will be waiting with your stdin/stdout connected to the application via SSL (which could make you think it's hanging). Since you're probably not going to be typing the LDAP protocol by hand you want to abort s_client at this point (or type something that Directory Server will reject as a LDAP protocol error).
You can get openssl from the usual places: blastwave.org & sunfreeware.com.
Hopefuly this will help,
-Scott-

DPS NSPR error: -5971

Similar Messages

Maybe you are looking for