Error connection to VPN on Win 8.1 plug-in
Hi everyone!
We try to use CheckPoint VPN Connection on Windows 8.1 plug-in like a link below
http://31og.com/post/creating-a-checkpoint-vpn-connection-on-windows-81
After several successful connection attempts we have following error.
Can you please help me found a solution?
Hi,
Since you''re unsing a third party VPN client supplied by Check Point, then I suggst you contact support below for they're more familiar with this product
Check Point Support
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doHome
NOTE
This
response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you.
Microsoft
does not control these sites and has not tested any software or information found on these sites.
Meanwhile, have you tried to use the default built-in VPN client to build a VPN connection? What is the result?
Since the connection works fine previously, so this issue might be caused by some recent changes, revert any changes related with this issue and check the result.
Yolanda Zhu
TechNet Community Support
Similar Messages
-
Certificate error connecting to VPN, can not validate server
Used the configuration utility to configure a profile for VPN using certificate as authentication. Keep getting error, can not validate server. When I export the cert to my desktop, I see the CRL information in it. When I view the details of the cert after installing on the iPad, I don't see any CRL information. I'm guessing this may be the problem only not sure how to resolve it.
solved the problem by adding an additional attribute in the certificate request to the VPN server (cisco router) and first enable the server SubjectAltName CA
In CA server:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
certutil -setreg policy\SubjectAltName enabled
certutil -setreg policy\SubjectAltName2 enabled
net stop certsvc
net start certsvc
In certificate request for VPN server:
In the Attributes box, type the desired SAN attributes. SAN attributes take the following form:
san:dns=dns.name[&dns=dns.name]/san:ipaddress=x.x.x.x
(external dns/ip)
http://support.microsoft.com/kb/931351 -
I've got a user running:
AnyConnect 3.1.01065
on
Windows 7 64bit.
Several weeks ago she started encountering the following error:
-after logging into Windows and launching the AnyConnect client, she enters her username and password and successfully authenticates.
-the connection is not established and she's presented with the following message: "Failed to install AnyConnect VPN Profile because of file move error. A VPN connection cannot be established."
After doing some troubleshooting, inlcuding uninstalling/reinstalling the anyconnect client, it seems the culprit is the following file:
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\<filename>.xml. When the problem occurs (which is not regularly, sometimes it occurs daily, sometimes just once a week) examining that file indicates it has no security or permissions set. Quitting the AnyConnect software, modifying the file so that the user has full control of it, then relaunching AnyConnect fixes the problem (until it happens again). Uninstalling, and making sure to move C:\ProgramData\Cisco to the trash, then reinstalling did not seem to help.
The closest match in these forums is the following thread, https://supportforums.cisco.com/message/3760446 - though no clear resolution was given.
Has anyone else encountered this, and been able to fix it?
Thanks much.Just FYI, it seems at least in this case, purging all the previous system restore points seems to have resolved this issue...
-
Hello,
i am trying to connect to my corporation VPN Server " ISA 2006" using windows 8.1 client built in VPN, but its returned the following error:
Event ID 20227: dialed a connection named "VPN connection Name" which has failed. The error code returned on failure is 789.
VPN connection is working fine with windows XP and windows 7 with no issue , this error is only appear when try to connect to using windows 8 client machine.
this error is shows only on windows 8.1 client , same procedures used to enroll the certificate from internal CA " IPsec Type" is followed .
below are the ISA server specifications:
VPN Server : ISA 2006.
windows Server version 2003.
appreciate your quick help and reply .
ThanksThanks for your reply.
i would like to add another point for this case, that when we are trying to enroll a certificate from internal CA web enrollment directly using windows 8 " internet explorer 11" , its install a certificate without Digital
Signature and non-repudiation in key usage property, then when try to connect , its will give the above error 789 ..
when try to enroll a certificate into windows 7 " internet explorer 10" and then export and import this certificate into windows 8.1 machine "with the name of
windows 8.1 machine" into windows 8.1 machine, the VPN is working normally and without issue.
The properties of the Certificate are difference between windows 7 machine and windows 8 machine is key usage missing the Digital Signature and non-repudiation properties when enroll
from windows 8.1 " internet explorer 11", this is in fact because of
we don't have an option for key usage " both" when subment a certificate on web enrollment page from windows 8 machine ,, the only option available is exchange "
no signature and both option available "
i believe that there is something wrong when using windows 8.1 internet explorer 11 so its gave a certificate with wrong key usage property .
appreciate your quick help in this .
thanks -
Error on installing iTunes under Win 8
Error on installing iTunes under Win 8
I have recently upgraded to Win 8. When installing iTunes the following error shows:
"An error occurred during the installation of assembly 'Microsoft.VC80.CRT.type="win32",version"8.0.50727.4053.publicKeyToken="1fc8b3b 9a1e18e3b",processorArchitecture="amd64". Please refer to Help and Support for more information HRESULT:0x80073715.
I am running the ITunes x64 install. I have installed the V++ redistributable with no change in result.
I have subsequently downloaded and manually installed via the Apple Software update program iTunes. However this does not allow my iPad to be connected as it is not the x64 version.After spending an entire day on this issue, I figured out something that worked. After installing Windows 8 (64-bit) then Visual Studio 2012 (or 2013) then the latest 64-bit iTunes app, I got the 0x80073715 error.
What finally worked for me was:
1) Get all the Windows updates and hotfixes - especially the ones for Visual Studio.
2) Go to http://www.microsoft.com/en-us/download/details.aspx?id=14431 and download the "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update"
3) Only install vcredist_x64.exe.
After running these steps, I was able to completely install iTunes on my Windows 8 64-bit instance.
Hope this helps. -
Outlook is disconnected while connected over VPN
In our Beijing office a user's Outlook cannot connect to exchange server, however, when he connect to VPN his Outlook can normally send or receive email.
It is so funny, have you ever encountered a similar situation or maybe you can provide a useful suggestion?Hi Frank,
Which version of Exchange server are you using?
Does this issue only happen to the certain user?
Do you have Outlook Anywhere enabled?
Did you get any error message when it failed to connect?
Please provide more information about this issue so that we can fix it more efficiently.
Meanwhile, you may follow this link to troubleshoot the issue:
http://hosting.intermedia.net/support/kb/?id=1183
Please Note: Since the web site is not hosted by
Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Since this issue is also related to Exchange server, I'd recommend you post a same question in the Exchange forum to see if there is any good suggestions:
https://social.technet.microsoft.com/Forums/office/en-US/home?category=exchangeserver
Regards,
Steve Fan
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs. -
Connect to VPN but can't ping past inside interface
Hello,
I've been working on this issue for a few days with no success. We're setting up a new Cisco ASA 5515 in our environment and are trying to get a simple IPSec VPN setup on it for remote access. After some initial problems, we've gotten it to where the VPN tunnel authenticates the user and connects as it should, however we cannot ping into our LAN. We are able to ping as far as the firewall's inside interface. I've tried other types of traffic too and nothing gets through. I've checked the routes listed on the VPN client while we're connected and they look correct - the client also shows both sent and received bytes when we connect using TCP port 10000, but no Received bytes when we connect using UDP 4500. We are trying to do split tunneling, and that seems to be setup correctly because I can still surf while the VPN is connected.
Below is our running config. Please excuse any messyness in the config as there are a couple of us working on it and we've been trying a whole bunch of different settings throughout the troubleshooting process. I will also note that we're using ASDM as our primary method of configuring the unit, so any suggestions that could be made with that in mind would be most helpful. Thanks!
ASA-01# sh run
: Saved
ASA Version 8.6(1)2
hostname ASA-01
domain-name domain.org
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
speed 100
duplex full
nameif inside
security-level 100
ip address 10.2.0.1 255.255.0.0
interface GigabitEthernet0/1
description Primary WAN Interface
nameif outside
security-level 0
ip address 76.232.211.169 255.255.255.192
interface GigabitEthernet0/2
shutdown
<--- More --->
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
speed 100
<--- More --->
duplex full
shutdown
nameif management
security-level 100
ip address 10.4.0.1 255.255.0.0
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.2.11.6
domain-name domain.org
dns server-group sub
name-server 10.2.11.121
name-server 10.2.11.138
domain-name sub.domain.net
same-security-traffic permit intra-interface
object network 76.232.211.132
host 76.232.211.132
object network 10.2.11.138
host 10.2.11.138
object network 10.2.11.11
host 10.2.11.11
<--- More --->
object service DB91955443
service tcp destination eq 55443
object service 113309
service tcp destination range 3309 8088
object service 11443
service tcp destination eq https
object service 1160001
service tcp destination range 60001 60008
object network LAN
subnet 10.2.0.0 255.255.0.0
object network WAN_PAT
host 76.232.211.170
object network Test
host 76.232.211.169
description test
object network NETWORK_OBJ_10.2.0.0_16
subnet 10.2.0.0 255.255.0.0
object network NETWORK_OBJ_10.2.250.0_24
subnet 10.2.250.0 255.255.255.0
object network VPN_In
subnet 10.3.0.0 255.255.0.0
description VPN User Network
object-group service 11
service-object object 113309
<--- More --->
service-object object 11443
service-object object 1160001
object-group service IPSEC_VPN udp
port-object eq 4500
port-object eq isakmp
access-list outside_access_in extended permit icmp object VPN_In 10.2.0.0 255.255.0.0 traceroute log disable
access-list outside_access_in extended permit object-group 11 object 76.232.211.132 interface outside
access-list outside_access_in extended permit object DB91955443 any interface outside
access-list outside_access_in extended permit udp any object Test object-group IPSEC_VPN inactive
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any
access-list inside_access_in extended permit ip any any log disable
access-list inside_access_in extended permit icmp any any echo-reply log disable
access-list inside_access_in extended permit ip object VPN_In 10.2.0.0 255.255.0.0 log disable
access-list domain_splitTunnelAcl standard permit 10.2.0.0 255.255.0.0
access-list domain_splitTunnelAcl standard permit 10.3.0.0 255.255.0.0
access-list vpn_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
ip local pool VPNUsers 10.3.0.1-10.3.0.254 mask 255.255.0.0
<--- More --->
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic any interface
nat (inside,outside) source dynamic any WAN_PAT inactive
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 113309 113309
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 11443 11443
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 1160001 1160001
nat (outside,outside) source static any any destination static interface 10.2.11.138 service DB91955443 DB91955443
nat (inside,outside) source static NETWORK_OBJ_10.2.0.0_16 NETWORK_OBJ_10.2.0.0_16 destination static NETWORK_OBJ_10.2.250.0_24 NETWORK_OBJ_10.2.250.0_24 no-proxy-arp route-lookup
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 76.232.211.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
<--- More --->
dynamic-access-policy-record DfltAccessPolicy
aaa-server ActiveDirectory protocol nt
aaa-server ActiveDirectory (inside) host 10.2.11.121
nt-auth-domain-controller sub.domain.net
aaa-server ActiveDirectory (inside) host 10.2.11.138
nt-auth-domain-controller sub.domain.net
user-identity default-domain LOCAL
eou allow none
http server enable
http 10.4.0.0 255.255.255.0 management
http 10.2.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
<--- More --->
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
<--- More --->
subject-name CN=ASA-01
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate a6c98751
308201f1 3082015a a0030201 020204a6 c9875130 0d06092a 864886f7 0d010105
0500303d 31153013 06035504 03130c43 5248442d 4d432d46 57303131 24302206
092a8648 86f70d01 09021615 43524844 2d4d432d 46573031 2e637268 642e6f72
67301e17 0d313330 35303730 32353232 325a170d 32333035 30353032 35323232
5a303d31 15301306 03550403 130c4352 48442d4d 432d4657 30313124 30220609
2a864886 f70d0109 02161543 5248442d 4d432d46 5730312e 63726864 2e6f7267
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c23d5f
acbf2b3f 9fe6e3c9 1866c344 07b6ee49 f6f31798 0b87a38b 890f70e2 c28cc1d5
fd1b4e80 7fa25483 09e79459 6bf92155 c55240b4 93eeb4eb af3f8aec 8906ef48
140c57bb 5ca4471f 275c1932 7e90976f f0dfe8a3 04a7861f cce7a320 7267df2e
61f9b6b8 22bb70ac d9cedb73 3cf9747b c2636892 48b35385 a94bfae5 fd020301
0001300d 06092a86 4886f70d 01010505 00038181 003c7e16 be4aff40 8fe69a31
acf31808 680e44eb 8ede9094 f9a4a147 0ae18cdc 000dc07f c1da1af4 a2d964ed
288689ee 95179ad0 90728324 9803248d b9d10641 01897453 fe7fafcd 34dee13a
92798615 4acb1f27 14fdb346 ab3eb825 04f23791 81d08fa2 b54c6a47 aedd9694
1c9fbcb4 455fd5ce 420298aa 9333737c 19f0e715 50
quit
crypto isakmp identity address
crypto isakmp nat-traversal 30
crypto ikev2 policy 1
<--- More --->
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
<--- More --->
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
<--- More --->
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
<--- More --->
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
<--- More --->
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
<--- More --->
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 10.2.11.121 10.2.11.138
dhcpd lease 36000
dhcpd ping_timeout 30
dhcpd domain sub.domain.net
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
<--- More --->
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect profiles VPN_client_profile disk0:/VPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy domain internal
group-policy domain attributes
banner value You are attempting to access secured systems at thsi facility. All activity is monitored and recorded. Disconnect now if you are not authorized to access these systems or do not possess valid logon credentials.
wins-server value 10.2.11.121 10.2.11.138
dns-server value 10.2.11.121 10.2.11.138
vpn-idle-timeout none
vpn-filter value vpn_access_in
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value domain_splitTunnelAcl
default-domain value sub.domain.net
split-dns value sub.domain.net
group-policy DfltGrpPolicy attributes
dns-server value 10.2.11.121 10.2.11.138
vpn-filter value outside_access_in
vpn-tunnel-protocol l2tp-ipsec
default-domain value sub.domain.net
split-dns value sub.domain.net
address-pools value VPNUsers
username **** password **** encrypted privilege 15
<--- More --->
username **** password **** encrypted privilege 15
username **** attributes
webvpn
anyconnect keep-installer installed
anyconnect dtls compression lzs
anyconnect ssl dtls enable
anyconnect profiles value VPN_client_profile type user
tunnel-group DefaultL2LGroup general-attributes
default-group-policy domain
tunnel-group DefaultRAGroup general-attributes
address-pool VPNUsers
authentication-server-group ActiveDirectory
default-group-policy domain
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev1 trust-point ASDM_TrustPoint0
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy domain
tunnel-group domain type remote-access
tunnel-group domain general-attributes
address-pool (inside) VPNUsers
address-pool VPNUsers
authentication-server-group ActiveDirectory LOCAL
authentication-server-group (inside) ActiveDirectory LOCAL
<--- More --->
default-group-policy domain
dhcp-server link-selection 10.2.11.121
tunnel-group domain ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
<--- More --->
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 21
subscribe-to-alert-group configuration periodic monthly 21
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:2578e19418cb5c61eaf15e9e2e5338a0
: endHello,
I've been working on this issue for a few days with no success. We're setting up a new Cisco ASA 5515 in our environment and are trying to get a simple IPSec VPN setup on it for remote access. After some initial problems, we've gotten it to where the VPN tunnel authenticates the user and connects as it should, however we cannot ping into our LAN. We are able to ping as far as the firewall's inside interface. I've tried other types of traffic too and nothing gets through. I've checked the routes listed on the VPN client while we're connected and they look correct - the client also shows both sent and received bytes when we connect using TCP port 10000, but no Received bytes when we connect using UDP 4500. We are trying to do split tunneling, and that seems to be setup correctly because I can still surf while the VPN is connected.
Below is our running config. Please excuse any messyness in the config as there are a couple of us working on it and we've been trying a whole bunch of different settings throughout the troubleshooting process. I will also note that we're using ASDM as our primary method of configuring the unit, so any suggestions that could be made with that in mind would be most helpful. Thanks!
ASA-01# sh run
: Saved
ASA Version 8.6(1)2
hostname ASA-01
domain-name domain.org
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
speed 100
duplex full
nameif inside
security-level 100
ip address 10.2.0.1 255.255.0.0
interface GigabitEthernet0/1
description Primary WAN Interface
nameif outside
security-level 0
ip address 76.232.211.169 255.255.255.192
interface GigabitEthernet0/2
shutdown
<--- More --->
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
speed 100
<--- More --->
duplex full
shutdown
nameif management
security-level 100
ip address 10.4.0.1 255.255.0.0
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.2.11.6
domain-name domain.org
dns server-group sub
name-server 10.2.11.121
name-server 10.2.11.138
domain-name sub.domain.net
same-security-traffic permit intra-interface
object network 76.232.211.132
host 76.232.211.132
object network 10.2.11.138
host 10.2.11.138
object network 10.2.11.11
host 10.2.11.11
<--- More --->
object service DB91955443
service tcp destination eq 55443
object service 113309
service tcp destination range 3309 8088
object service 11443
service tcp destination eq https
object service 1160001
service tcp destination range 60001 60008
object network LAN
subnet 10.2.0.0 255.255.0.0
object network WAN_PAT
host 76.232.211.170
object network Test
host 76.232.211.169
description test
object network NETWORK_OBJ_10.2.0.0_16
subnet 10.2.0.0 255.255.0.0
object network NETWORK_OBJ_10.2.250.0_24
subnet 10.2.250.0 255.255.255.0
object network VPN_In
subnet 10.3.0.0 255.255.0.0
description VPN User Network
object-group service 11
service-object object 113309
<--- More --->
service-object object 11443
service-object object 1160001
object-group service IPSEC_VPN udp
port-object eq 4500
port-object eq isakmp
access-list outside_access_in extended permit icmp object VPN_In 10.2.0.0 255.255.0.0 traceroute log disable
access-list outside_access_in extended permit object-group 11 object 76.232.211.132 interface outside
access-list outside_access_in extended permit object DB91955443 any interface outside
access-list outside_access_in extended permit udp any object Test object-group IPSEC_VPN inactive
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any
access-list inside_access_in extended permit ip any any log disable
access-list inside_access_in extended permit icmp any any echo-reply log disable
access-list inside_access_in extended permit ip object VPN_In 10.2.0.0 255.255.0.0 log disable
access-list domain_splitTunnelAcl standard permit 10.2.0.0 255.255.0.0
access-list domain_splitTunnelAcl standard permit 10.3.0.0 255.255.0.0
access-list vpn_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
ip local pool VPNUsers 10.3.0.1-10.3.0.254 mask 255.255.0.0
<--- More --->
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic any interface
nat (inside,outside) source dynamic any WAN_PAT inactive
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 113309 113309
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 11443 11443
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 1160001 1160001
nat (outside,outside) source static any any destination static interface 10.2.11.138 service DB91955443 DB91955443
nat (inside,outside) source static NETWORK_OBJ_10.2.0.0_16 NETWORK_OBJ_10.2.0.0_16 destination static NETWORK_OBJ_10.2.250.0_24 NETWORK_OBJ_10.2.250.0_24 no-proxy-arp route-lookup
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 76.232.211.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
<--- More --->
dynamic-access-policy-record DfltAccessPolicy
aaa-server ActiveDirectory protocol nt
aaa-server ActiveDirectory (inside) host 10.2.11.121
nt-auth-domain-controller sub.domain.net
aaa-server ActiveDirectory (inside) host 10.2.11.138
nt-auth-domain-controller sub.domain.net
user-identity default-domain LOCAL
eou allow none
http server enable
http 10.4.0.0 255.255.255.0 management
http 10.2.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
<--- More --->
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
<--- More --->
subject-name CN=ASA-01
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate a6c98751
308201f1 3082015a a0030201 020204a6 c9875130 0d06092a 864886f7 0d010105
0500303d 31153013 06035504 03130c43 5248442d 4d432d46 57303131 24302206
092a8648 86f70d01 09021615 43524844 2d4d432d 46573031 2e637268 642e6f72
67301e17 0d313330 35303730 32353232 325a170d 32333035 30353032 35323232
5a303d31 15301306 03550403 130c4352 48442d4d 432d4657 30313124 30220609
2a864886 f70d0109 02161543 5248442d 4d432d46 5730312e 63726864 2e6f7267
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c23d5f
acbf2b3f 9fe6e3c9 1866c344 07b6ee49 f6f31798 0b87a38b 890f70e2 c28cc1d5
fd1b4e80 7fa25483 09e79459 6bf92155 c55240b4 93eeb4eb af3f8aec 8906ef48
140c57bb 5ca4471f 275c1932 7e90976f f0dfe8a3 04a7861f cce7a320 7267df2e
61f9b6b8 22bb70ac d9cedb73 3cf9747b c2636892 48b35385 a94bfae5 fd020301
0001300d 06092a86 4886f70d 01010505 00038181 003c7e16 be4aff40 8fe69a31
acf31808 680e44eb 8ede9094 f9a4a147 0ae18cdc 000dc07f c1da1af4 a2d964ed
288689ee 95179ad0 90728324 9803248d b9d10641 01897453 fe7fafcd 34dee13a
92798615 4acb1f27 14fdb346 ab3eb825 04f23791 81d08fa2 b54c6a47 aedd9694
1c9fbcb4 455fd5ce 420298aa 9333737c 19f0e715 50
quit
crypto isakmp identity address
crypto isakmp nat-traversal 30
crypto ikev2 policy 1
<--- More --->
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
<--- More --->
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
<--- More --->
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
<--- More --->
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
<--- More --->
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
<--- More --->
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 10.2.11.121 10.2.11.138
dhcpd lease 36000
dhcpd ping_timeout 30
dhcpd domain sub.domain.net
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
<--- More --->
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect profiles VPN_client_profile disk0:/VPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy domain internal
group-policy domain attributes
banner value You are attempting to access secured systems at thsi facility. All activity is monitored and recorded. Disconnect now if you are not authorized to access these systems or do not possess valid logon credentials.
wins-server value 10.2.11.121 10.2.11.138
dns-server value 10.2.11.121 10.2.11.138
vpn-idle-timeout none
vpn-filter value vpn_access_in
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value domain_splitTunnelAcl
default-domain value sub.domain.net
split-dns value sub.domain.net
group-policy DfltGrpPolicy attributes
dns-server value 10.2.11.121 10.2.11.138
vpn-filter value outside_access_in
vpn-tunnel-protocol l2tp-ipsec
default-domain value sub.domain.net
split-dns value sub.domain.net
address-pools value VPNUsers
username **** password **** encrypted privilege 15
<--- More --->
username **** password **** encrypted privilege 15
username **** attributes
webvpn
anyconnect keep-installer installed
anyconnect dtls compression lzs
anyconnect ssl dtls enable
anyconnect profiles value VPN_client_profile type user
tunnel-group DefaultL2LGroup general-attributes
default-group-policy domain
tunnel-group DefaultRAGroup general-attributes
address-pool VPNUsers
authentication-server-group ActiveDirectory
default-group-policy domain
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev1 trust-point ASDM_TrustPoint0
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy domain
tunnel-group domain type remote-access
tunnel-group domain general-attributes
address-pool (inside) VPNUsers
address-pool VPNUsers
authentication-server-group ActiveDirectory LOCAL
authentication-server-group (inside) ActiveDirectory LOCAL
<--- More --->
default-group-policy domain
dhcp-server link-selection 10.2.11.121
tunnel-group domain ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
<--- More --->
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 21
subscribe-to-alert-group configuration periodic monthly 21
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:2578e19418cb5c61eaf15e9e2e5338a0
: end -
Financial Reports Client - 11.1.2.1 - Won't connect via VPN only?
When I try and connect via VPN only. I get: You are not authorized to use this functionality. Contact your administrator.
Here's the log from client. We have ensured the client version matches the server version exactly. Funny as when I'm directly on their network I can connect just fine. Hoping this log will point to solution.
Log:
[2012-06-01T10:31:45.196-04:00] [EPMFR] [ERROR] [] [oracle.EPMFR.core] [tid: main] [ecid: 0000JUcTOpZD4io5KVt1ie1FmD9H000000,0] [SRC_CLASS: com.hyperion.reporting.registry.FRSystem] [SRC_METHOD: lookupHsServer] [[
com.hyperion.reporting.util.HyperionReportException: Could not connect to the server.
Please make sure that the server is running as specified in the logon dialog (including port number if not default).
at com.hyperion.reporting.registry.FRSystem.lookupHsServer(Unknown Source)
at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
[2012-06-01T10:31:45.273-04:00] [EPMFR] [ERROR] [] [oracle.EPMFR.core] [tid: main] [ecid: 0000JUcTOpZD4io5KVt1ie1FmD9H000000,0] [SRC_CLASS: com.hyperion.reporting.javacom.HsServer] [SRC_METHOD: getServer] [[
java.lang.NullPointerException
at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
]]I think you have already posted this problem on another post, I said it is possible it could be a ports issue.
Have a look at the following http://www.oracle.com/technetwork/middleware/bi-foundation/epm-component-communications-11121-354680.xls
Select FR studio as the client and it should give indication to the ports that need to be opened.
Cheers
John
http://john-goodwin.blogspot.com/ -
Socket read error: connection reset by peer
Hi.
Has anybody experienced the error message �Socket read error: connection reset by peer�
Please see below for detailed information.
Appreciate your help
Regards
RT
Enviroment specification
Server: HP/UX 11.00 64-bit, Oracle RDBMS 8.1.6.0.0 64-bit
2 firewalls between client and db.
Client:
Win 2000,
SP3,
Oracle Client 8.1.7.0.0 ,JDBC OCI (thin JDBC driver,class12.zip)
JDK 1.3
JRUN3.0
The TCP protocol is being used in the communication
Error messages
Web Users receive: Socket read error: connection reset by peer
Trace files on the sever: Read unexpected EOF ERROR on 18.
Explanation: The error in the server sqlnet trace file, suggests that a client connection has terminated abnormally, i.e. client machine powered off, a cable removed or a network connection aborted without warning. No user has complained of such a problem and there is no client trace with an error.
The problem
The users of the java web application, experiencing an exception almost once or twice a day.
The JRUN web-server reports broken connections to the db and client are receiving "connection reset by peer".
At the moment when the errors occurs the users just have to wait a while(2-10 min) and then they can use the web application again.(no action is taken)
This problem can not be reproduced. The problem happens only occasionally when the network is under heavy load and new DB connection is being created.
The application
The java web-application uses a customized connection pooling against the database. This pool is shared among all the users of the website. whenever a user process needs to fetch data from the database, a free connection from this pool is allocated. The application is testing if the connection is valid before making a transaction (select '1' from dual). When the error occurs a ORA-3113 end-of-file on communication channel is returned to the application.
The path between the client and db involves at least two firewalls. The firewalls are opened for sql*net traffic. The network group can tell that enquiries from the app.server is not getting feedback from the db. They have not however, identified if the enquiries are reaching the db-srever, or if they are stopped earlier in the network.
Around 1000 users, are using other applications which uses dedicated sqlnet connections against the db and they have not experienced any problems.
Issues considered
Connection pooling
It is a customized connection pooling, developed by Lindorff developers.
I have read through the source code for the connection pooling and it does the job as it should, and in case of bad connection, it tries to create a new connection.
The log file shows that the call to the method DriverManager.getConnection() hangs until the server goes down, which is probably because of the fact that the method DriverManager.setLoginTimeout(), does not take effect and timeout value is Zero. ( According to oracle , Oracle JDBC does not support login timeouts and calling the static DriverManager.setLoginTimeout() method will have no effect).
Firewall
One thing to consider is when the firewall may decide to shut down the socket due to long inactivity of a connection. This will cause problems to JDBC Connection Pool because the pool is not aware of this disconnection at the TCP/IP level; until someone checks out the connection from the pool and tries to use it. The user will get a Socket read error: connection reset by peer.
Jrun timeout paramter is less than the firewall�s timeout so the firewall will not close a connection before Jrun does.
Number of processes the DB can handle
Processes parameter is 1300, , they have not experienced the Oracle error msg �max # of processes reached�.
Port redirection through a firewall:
Since the firewall has a sql net proxy Port redirection through a firewall is not a problem. Problems with port redirection only appear at connect time, but in this situation the connections fail long after the connection is established.
The network group
The network people who investigaged the problem at Lindorff report that there are a significant amount of "dropped packages" between the database server and the jdbc client (web-application) 24 hrs. The reason for this is "unknown established TCP packet" which means that the firewall does not consider these packages to be part of an already established session. The network group believes this happen because one of the hosts send a RESET or FIN signal which the firewall have noticed but are not received by the other host.
It seems like the firewall are dropping packages bacause of "Unknown
established TCP packet" from both the JDBC client and the TNSLISTENER on the database server. The dropped packages are SQL*Net v2 traffic so clearly Oracle products are involvedPresumably something is working.
Thus the problem is not with your code. At least not the database part that you have control over.
That error occurs when the other side closes the socket. Presumably you are catching lost connection exceptions and trying to restore it. -
Error of "Not a Valid Win 32 application " installing 7.0 for iPod Shuffle
I have downloaded the apple Itunes 7 software and I get an error of : Not a Valid Win 32 application I have windows xp I have been trying to figure this out for a couple of hours.
All I can figure out is that it is because I have dial up and not a broadband connection (which is one of the requirements for 7.0). If this is the problem, what do I do to get around the not having broadband?
Any help would be greatly appreciated!!!! I would love my new present to work! PS. a family member already has an Ipod Nano installed, can we use the same iTunes?I have downloaded the apple Itunes 7 software and I
get an error of : Not a Valid Win 32 application I
have windows xp I have been trying to figure this out
for a couple of hours.
All I can figure out is that it is because I have
dial up and not a broadband connection (which is one
of the requirements for 7.0). If this is the
problem, what do I do to get around the not having
broadband?
Any help would be greatly appreciated!!!! I would
love my new present to work! PS. a family member
already has an Ipod Nano installed, can we use the
same iTunes?
I found that I had a bad (not complete) download. After redownloading 7.0 and installing it, it worked great. Hope this helps other with my same problem. -
This post was initially added to this discussion: 10.9.2 Mavericks update issues
I have yet another issue related to 10.9.2 update - Eclipse Perl debugger issues while connected to VPN...
One of the big changes introduced by 10.9.2 update - are VPN changes (security fixes). Unfortunately, whatever these changes are - they "broke" Eclipse (OpenSource IDE) debugger. I am not sure if *all* programming languages (Eclipse plugins) are affected by this, but I know for sure that 'Epic' (Perl plugin) debugger *stopped working* while system is connected through VPN.
Here is the error that gets “popped-up” in the Eclipse:
Timed out while waiting for Perl debugger connection
… and here is exact exception stack that gets printed:
Unable to connect to remote host: 130.10.210.74:5000
Compilation failed in require.
at /Users/valeriy/workspace/ROBO-PROD-RA-685/src/lib/test/Val_test.pm line 0.
main::BEGIN() called at /Users/valeriy/workspace/.metadata/.plugins/org.epic.debug/perl5db.pl line 0
eval {...} called at /Users/valeriy/workspace/.metadata/.plugins/org.epic.debug/perl5db.pl line 0
BEGIN failed--compilation aborted.
at /Users/valeriy/workspace/ROBO-PROD-RA-685/src/lib/test/Val_test.pm line 0.
Can't use an undefined value as a symbol reference at /Users/valeriy/workspace/.metadata/.plugins/org.epic.debug/perl5db.pl line 7596.
END failed--call queue aborted.
at /Users/valeriy/workspace/ROBO-PROD-RA-685/src/lib/test/Val_test.pm line 0.
(of course IP address changes dynamically for each VPN connection session)…
I was able to prove that this issue is related to 10.9.2 update:
Issue *does not* exist under 10.9.1 (I had to revert back to 10.9.1 to get it working again)
No updates were performed around the same time 10.9.2 update occurred (I verified that using Software Update log)
No configuration changes were introduced around the same time
Reverting back to 10.9.1 using Time Machine (thanks god I had backup !!!) fixed the issue
Steps to reproduce this issue:
In Eclipse, try to use 'Epic' (Perl plugin) to debug any perl script while *not* connected through VPNEpic debugger works
Connect to VPN
Start Epic debugger to debug same script
Debugger *does not* start, and "Timed out while waiting for Perl debugger connection" error pop-up comes up after some time. At the same time, exception stack (listed above) is printed in Eclipse's console
I am programmer/software developer, I work remotely (telecommute) and thus have to rely on use of VPN to connect to company's intranet. Perl - is primary language used by my team, and we use Eclipse IDE with Epic plugin - heavily. Use of Epic's debugger - is a *very large* aspect of my work, I cannot work without it. So in essense, 10.9.2 has *entirely* disrupted my ability to work! It took me almost a week to get back to normal work environment, and I cannot afford to let it happen again... I need Apple's development team resolve this VPN related issue, as soon as possible! Because of this issue, I am *stuck* with 10.9.1 and can not upgrade my laptop to any other versions. In fact, I had to disable system updates - just so I do not run into this issue again... I contacted Apple's Tech Support on 02/28 with this issue (Ref: 582428110), asking to raise trouble ticket. Since then, I tried to follow-up on that issue, but do not get any information. Please advise on the status:
is there a trouble ticket to track this issue?
is there any progress?
what's the ETA for an update that fixes this problem?
- Val
Message was edited by: vpogrebiAm I the only one experiencing this issue ???
-
Nokia Internet Radio Error: Connection Timed Out. ...
Hi,
I'm having an issue with the Nokia Internet Radio application on the Nokia N95. The app launches ok but if I try and browse the station directory or perform a search I get the error 'Connection Timed Out. Try Again' This happens almost instantly i.e. it doesn't look like it's even trying to connect. If I go to the shoutcast site and click on the 'Tune In' button next to a station the Internet radio app launches and I get an error saying 'General: System Error' and the application closes then goes back to the browser and a message saying 'Web: No Gateway Reply' The application worked fine up until recently. I upgraded to FW V 21.0.016 and hasn't worked since so it may be that this has caused the problem. I've removed and re-downloaded \ re-installed the software but still get the same issue. Web browsing works fine, so I know my internet settings are fine, and the old open-source version of the radio player even works so it's just an issue with this app. Any advice on how to fix it would be much appreciated. Thanks.I had the same problem and I fixed it. For me, it was because I am on the Rogers network in Canada. Regardless of where you are many cellular neworks use firewalls and something called NAT (Network Address Translation). Nokia should really make people aware of this because probably 50% of people around the world have this problem. The solution for me was to use Rogers VPN or Public IP to access the internet. Rogers blocks access to this internet connection so you have to add the service to your account for $10 per month but I have heard that other carriers like FIDO have not blocked access to it.
On the Nokia n79 this requires creating a new access point under TOOLS>SETTINGS>CONNECTIONS>DESTINATIONS. Add a new access point with the following settings:
Connection Name: Rogers VPN (or whatever you want to call it)
Data Bearer: Packet Data
Access Point Name: vpn.com
User Name: wapuser1
Prompt Password: No
Password: wapuser
Authenticaiton: Normal
Homepage: None
Use Access Point: After Confirmation (or change if you want something else)
That's it. When you load the internet radio Application and it lists your options select "Rogers VPN". If you don't see it in the list, press the soft button for Options then "Select Access Point" and you will see the full list. If you want the VPN to be the first thing you see you can change the priority under destination settings. Just select the VPN and press "Organize" then "Change priority". -
ERROR = CONNECT failed with sql error '12518'
Hi All,
OS Win 2003 - 32 Bit, Database - Oracle 10.2.0.2 , I am facing this from yesterday, suddenly SAP was done and when i am checking the logs it is not able to connect to the database.
I have checked the services for oracle - service was down, i have started the oracleService<SID> and also i have restarted the listener.. after this when i am trying to start the SAP through MMC again the problem is face.. and also the oracle service is stopped. when i tried starting the database from OS level it was giving me error like
ORA-24324: service handle not initialized
ORA-24323: value not allowed
ORA-03113: end-of-file on communication channel
again the Oracle service is stopped i am not getting why the oracle service is stopping..
dev_w*.log
Thu Apr 09 10:33:50 2009
M calling db_connect ...
C Prepending D:\usr\sap\SID\DVEBMGS01\exe to Path.
C Oracle Client Version: '10.2.0.1.0'
C Client NLS settings: AMERICAN_AMERICA.UTF8
C Logon as OPS$-user to get SAPSR3's password
C Connecting as /@SID on connection 0 (nls_hdl 0) ... (dbsl 700 110706)
C Nls CharacterSet NationalCharSet C EnvHp ErrHp ErrHpBatch
C 0 UTF8 1 05C84528 05C89AC4 05C8934C
C Attaching to DB Server SID (con_hdl=0,svchp=05C89298,svrhp=05C9AB64)
C
C Thu Apr 09 10:33:51 2009
C *** ERROR => OCI-call 'OCIServerAttach' failed: rc = 12518
[dboci.c 4172]
C *** ERROR => CONNECT failed with sql error '12518'
[dbsloci.c 10933]
C Try to connect with default password
C Connecting as SAPSR3/<pwd>@SM3 on connection 0 (nls_hdl 0) ... (dbsl 700 110706)
C Nls CharacterSet NationalCharSet C EnvHp ErrHp ErrHpBatch
C 0 UTF8 1 05C84528 05C89AC4 05C8934C
C Detaching from DB Server (con_hdl=0,svchp=05C89298,srvhp=05C9AB64)
C Attaching to DB Server SID (con_hdl=0,svchp=05C89298,svrhp=05C9AB64)
C *** ERROR => OCI-call 'OCIServerAttach' failed: rc = 12518
[dboci.c 4172]
C *** ERROR => CONNECT failed with sql error '12518'
[dbsloci.c 10933]
B ***LOG BY2=> sql error 12518 performing CON [dbsh#2 @ 1204] [dbsh 1204 ]
B ***LOG BY0=> ORA-12518: TNS:listener could not hand off client connection [dbsh#2 @ 1204] [dbsh 1204 ]
B ***LOG BY2=> sql error 12518 performing CON [dblink#3 @ 431] [dblink 0431 ]
B ***LOG BY0=> ORA-12518: TNS:listener could not hand off client connection [dblink#3 @ 431] [dblink 0431 ]
M ***LOG R19=> ThInit, db_connect ( DB-Connect 000256) [thxxhead.c 1411]
M in_ThErrHandle: 1
M *** ERROR => ThInit: db_connect (step 1, th_errno 13, action 3, level 1) [thxxhead.c 10156]
M
M Info for wp 16
M
M stat = 4
M reqtype = 6
M act_reqtype = -1
M rq_info = 0
M tid = -1
M mode = 255
M len = -1
M rq_id = 65535
M rq_source = 255
M last_tid = 0
M last_mode = 0
M semaphore = 0
M act_cs_count = 0
M control_flag = 0
M int_checked_resource(RFC) = 0
M ext_checked_resource(RFC) = 0
M int_checked_resource(HTTP) = 0
M ext_checked_resource(HTTP) = 0
M report = > <
M action = 0
M tab_name = > <
M vm = V-1
M
M *****************************************************************************
M *
M * LOCATION SAP-Server hostname_SM3_01 on host tcs042619 (wp 16)
M * ERROR ThInit: db_connect
M *
M * TIME Thu Apr 09 10:33:51 2009
M * RELEASE 700
M * COMPONENT Taskhandler
M * VERSION 1
M * RC 13
M * MODULE thxxhead.c
M * LINE 10354
M * COUNTER 1
M *
M *****************************************************************************
M
M PfStatDisconnect: disconnect statistics
M Entering TH_CALLHOOKS
M ThCallHooks: call hook >ThrSaveSPAFields< for event BEFORE_DUMP
M *** ERROR => ThrSaveSPAFields: no valid thr_wpadm [thxxrun1.c 720]
M *** ERROR => ThCallHooks: event handler ThrSaveSPAFields for event BEFORE_DUMP failed [thxxtool3.c 260]
M Entering ThSetStatError
M ThIErrHandle: do not call ThrCoreInfo (no_core_info=0, in_dynp_env=0)
M Entering ThReadDetachMode
M call ThrShutDown (1)...
M ***LOG Q02=> wp_halt, WPStop (Workproc16 7988) [dpnttool.c 327]
Any suggestions pls
MaheshHi Rohit,
when i check in the sqlnet.log
Fatal NI connect error 12560, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oracleSID)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))(CONNECT_DATA=(SID=SID)(CID=(PROGRAM=E:\oracle\SM2\102\bin\sqlplus.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 04-SEP-2007 15:09:30
Tracing not turned on.
Tns error struct:
ns main err code: 12560
TNS-12560: Message 12560 not found; No message file for product=NETWORK, facility=TNS
ns secondary err code: 0
nt main err code: 530
TNS-00530: Message 530 not found; No message file for product=NETWORK, facility=TNS
nt secondary err code: 2
nt OS err code: 0
Fatal NI connect error 12560, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oracleSID)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))(CONNECT_DATA=(SID=SID)(CID=(PROGRAM=E:\oracle\SID\102\bin\sqlplus.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 08-APR-2009 19:16:32
Tracing not turned on.
Tns error struct:
ns main err code: 12560
TNS-12560: TNS:protocol adapter error
ns secondary err code: 0
nt main err code: 530
TNS-00530: Protocol adapter error
nt secondary err code: 2
nt OS err code: 0
Fatal NI connect error 12560, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oracleSID)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))(CONNECT_DATA=(SID=SID)(CID=(PROGRAM=E:\oracle\SID\102\bin\sqlplus.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 08-APR-2009 19:16:46
Tracing not turned on.
Tns error struct:
ns main err code: 12560
TNS-12560: TNS:protocol adapter error
ns secondary err code: 0
nt main err code: 530
TNS-00530: Protocol adapter error
nt secondary err code: 2
nt OS err code: 0
Fatal NI connect error 12560, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oracleSID)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))(CONNECT_DATA=(SID=SID)(CID=(PROGRAM=E:\oracle\SID\102\bin\sqlplus.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 08-APR-2009 19:19:27
Tracing not turned on.
Tns error struct:
ns main err code: 12560
TNS-12560: TNS:protocol adapter error
ns secondary err code: 0
nt main err code: 530
TNS-00530: Protocol adapter error
nt secondary err code: 2
nt OS err code: 0
Fatal NI connect error 12560, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oracleSID)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))(CONNECT_DATA=(SID=SID)(CID=(PROGRAM=E:\oracle\SID\102\bin\sqlplus.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 08-APR-2009 19:19:28
Tracing not turned on.
Tns error struct:
ns main err code: 12560
TNS-12560: TNS:protocol adapter error
ns secondary err code: 0
nt main err code: 530
TNS-00530: Protocol adapter error
nt secondary err code: 2
nt OS err code: 0
Fatal NI connect error 12560, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oracleSID)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))(CONNECT_DATA=(SID=SID)(CID=(PROGRAM=E:\oracle\SID\102\bin\sqlplus.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 08-APR-2009 19:19:29
Tracing not turned on.
Tns error struct:
ns main err code: 12560
TNS-12560: TNS:protocol adapter error
ns secondary err code: 0
nt main err code: 530
TNS-00530: Protocol adapter error
nt secondary err code: 2
nt OS err code: 0
Fatal NI connect error 12560, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oracleSID)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))(CONNECT_DATA=(SID=SID)(CID=(PROGRAM=E:\oracle\SID\102\bin\sqlplus.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 08-APR-2009 19:26:38
Tracing not turned on.
Tns error struct:
ns main err code: 12560
TNS-12560: TNS:protocol adapter error
ns secondary err code: 0
nt main err code: 530
TNS-00530: Protocol adapter error
nt secondary err code: 2
nt OS err code: 0
Fatal NI connect error 12518, connecting to:
(DESCRIPTION=(ADDRESS=(COMMUNITY=SAP.WORLD)(PROTOCOL=TCP)(HOST=hostname)(PORT=1527))(CONNECT_DATA=(SID=SID)(GLOBAL_NAME=SID.WORLD)(CID=(PROGRAM=D:\usr\sap\SID\SYS\exe\uc\NTI386\R3trans.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Windows NT TCP/IP NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 08-APR-2009 20:35:23
Tracing not turned on.
Tns error struct:
ns main err code: 12564
TNS-12564: TNS:connection refused
ns secondary err code: 0
nt main err code: 0
nt secondary err code: 0
nt OS err code: 0
Fatal NI connect error 12518, connecting to:
(DESCRIPTION=(ADDRESS=(COMMUNITY=SAP.WORLD)(PROTOCOL=TCP)(HOST=hostname)(PORT=1527))(CONNECT_DATA=(SID=SID)(GLOBAL_NAME=SID.WORLD)(CID=(PROGRAM=D:\usr\sap\SID\SYS\exe\uc\NTI386\R3trans.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Windows NT TCP/IP NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 08-APR-2009 20:35:23
Tracing not turned on.
Tns error struct:
ns main err code: 12564
TNS-12564: TNS:connection refused
ns secondary err code: 0
nt main err code: 0
nt secondary err code: 0
nt OS err code: 0
Fatal NI connect error 12560, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oracleSID)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))(CONNECT_DATA=(SID=SID)(CID=(PROGRAM=E:\oracle\SID\102\bin\sqlplus.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 09-APR-2009 09:15:43
Tracing not turned on.
Tns error struct:
ns main err code: 12560
TNS-12560: TNS:protocol adapter error
ns secondary err code: 0
nt main err code: 530
TNS-00530: Protocol adapter error
nt secondary err code: 2
nt OS err code: 0
Fatal NI connect error 12560, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oracleSID)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))(CONNECT_DATA=(SID=SID)(CID=(PROGRAM=E:\oracle\SID\102\bin\sqlplus.exe)(HOST=hostname)(USER=SIDadm))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for 32-bit Windows: Version 10.2.0.1.0 - Production
Time: 09-APR-2009 09:17:28
Tracing not turned on.
Tns error struct:
ns main err code: 12560
TNS-12560: TNS:protocol adapter error
ns secondary err code: 0
nt main err code: 530
TNS-00530: Protocol adapter error
nt secondary err code: 2
nt OS err code: 0
This error occured when the oracle service was not started..
Mahesh.. -
i am having trouble with exchange account connection .the vpn connects fine but the exchange account is still showing the yellow light .can anyone help?
I had a similar problem. Here is how I resolved the issue.
1. Remove Network Connect
2. Run Terminal and remove /usr/local/juniper and everything within the juniper directory.
3. Reboot the machine and reinstall Network Connect
4. Test if you can now connect.
During removal, you may encounter permission denied error, you will need to change the permission to 777. For example "sudo chmod 777 nc". -
Can't connect to VPN after 10.4.10 Upgrade
Please help me!
Before I upgrade to 10.4.10 I could connect to VPN.
But after the upgrade, it just "timed out". In the Console it shows:
Sep 28 12:22:57 vivivold pppd744: PPTP error when sending echo_reply : Network is unreachable\n
Sep 28 12:22:57 vivivold pppd744: MPPE disabled
And I just can't find the solution?!?!?!?!?! Anyone help? (and yes I have written the correct pass and username... )Anyone??? please??
I try to connect to vpn (it is the correct ip and all that)
And after 59sek (1 min) it stops and says "the connection were lost because the reciever did't respond, try again"
And the console writes:
Oct 12 08:25:30 vivivold pppd[3968]: PPTP error when sending echo_reply : Network is unreachable\n
Oct 12 08:25:30 vivivold pppd[3968]: MPPE disabled
2007-10-12 08:25:30.641 SystemUIServer[131] Exception raised during posting of notification. Ignored. exception: * -[NSPlaceholderString initWithString:]: nil argument
Anybody... anything any idea at all??? PLEASE HELP ME!
Maybe you are looking for
-
SAP BI 7.0 and BO XI 3.1 Integration Problems
Hi everyone, After following through every step of: Re: Checklist for SAP BI 7.0 and BO XI 3.1 integration - Challenges I still get the following problems: 1. Unable to find SAP in CMC Authentication 2. At the login page of InfoView, I can select SAP
-
Mount time machine, how to open and recover .inprogress file
so this is how i fixed and mounted a time machine capsule ( it was extended journaled Case-sensitive) to MacBook Pro ( non-case sensitive) and recovered files from .inprogress file. for me it worked like a charm and lets see if this can help you too.
-
N70 ... Sorry but I give up !
I'm afraid it is time to admit defeat on this one. I had my N70 2 months ago, and in that time I have experienced random resetting, call dropping, phone switching off mid-call and worst of all the awful creaking noise. I know the creaking should be t
-
Document I was reading in Adobe reader closes when I restart app
Hi there, There is is a bug in your iPad app. The scenario goes like this... I open a document in Adobe reader and start reading I press home to do something else I double click home button and see that adobe reader still shows my open document and I
-
A very disturbing Safari 6 problem when downloading files
After downloading a file from Hubspot.com, this is what I see when clicking on the Show Downloads button on Safari 6. This is actually the third time it's happened. I did a clean install of OS X 10.8 to see if the problem would go away. Sadly, it did