Error from sample JAAS: Integrity check on decrypted field failed (31)

Similar Messages

• Jaas & Integrity check on decrypted field failed

  I'm trying to do Kerberos authentication using JAAS and the jdk 1.4.1_02 under Mandrake 9.1. The Kerberos server is installed on a Redhat 9 machine. I'm using the login module com.sun.security.auth.module.Krb5LoginModule and the TextCallbackHandler class. The login fails with the error "Exception: krb_error 31 Integrity check on decrypted field failed (31) Integrity check on decrypted field failed". I get the same error if I use the kinit utility bundled with the jdk. Conversely all seems ok when I use the kinit utility bundled with the kerberos client programs of my Mandrake 9.1 distribution.
  Anyone could help me?
  Michele

  I encountered the same problem--"Integrity check on decrypted field failed (31)" when trying to authenticate against a KDC (v5) running RedHat 8.0 (JASS and JDK 1.4.1_02)--but I was able to use Kerberized telnet and login from remote/local machines to get authenticated with this RedHat KDC. There is no problem authenticating against a KDC running Win2k AD/Kerberos with the same code. I am using the com.sun.security.auth.module.Krb5LoginModule.
  Can anyone help me to resolve this issure?

• Kerberos Authentication: "Integrity check on decrypted field failed"

  Hi,
  I have configured a portal (NW 7.0 SP13) for Kerberos Authentication. I have another portal with exactly the same configuration (same MS-ADS etc, just a different user) which is working fine. But this one is giving me the error "Integrity check on decrypted field failed" (and Kerberos Auth fails).
  Any ideas?? I get the same error whether I use the keytab from the SPNEGO wizard, or the keytab from "ktpass -princ host/%HOST%@%DOMAIN% -pass %PASSWORD% -out keytab -mapUser %USER% +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL"
  The only difference I can see between the ldifde outputs of the two users (the one that works and the one that doesn't) is the one that doesn't has an extra SPN "HTTP/" - would that cause this error??
  Has anyone else had this error & what causes it?
  Many thanks in advance.
  Regards
  Jane
  Full error text:
  JGSS_DBG_CTX Creating context, initiator = no, input cred = not null
  JGSS_DBG_CRED getCred: only one cred, returning it
  JGSS_DBG_CRED getName found name: host/[email protected], mech=1.2.840.113554.1.2.2
  JGSS_DBG_CRED Krb5 name type = 0
  JGSS_DBG_CTX Creating context, cred usage = 2
  GSS Context created
  JGSS_DBG_UNMARSH Real token len 1641
  JGSS_DBG_UNMARSH Token oid 1.2.840.113554.1.2.2
  JGSS_DBG_UNMARSH inner token len 1630
  JGSS_DBG_PROV getFactory: index = 0 found factory
  JGSS_DBG_PROV getMechs: Mechanism(s) supported by provider IBMJGSSProvider
  JGSS_DBG_PROV 1.2.840.113554.1.2.2
  JGSS_DBG_PROV getMechs: 1 unique mechanism(s) found
  JGSS_DBG_PROV [0]: 1.2.840.113554.1.2.2
  JGSS_DBG_CTX Default list of negotiable mechs:
  1.2.840.113554.1.2.2
  JGSS_DBG_CTX ticket enc type = des-cbc-md5
  com.ibm.security.krb5.internal.KrbException, status code: 31
  message: Integrity check on decrypted field failed
  at com.ibm.security.krb5.internal.crypto.n.decrypt(n.java:31)
  at com.ibm.security.krb5.internal.crypto.n.decrypt(n.java:15)
  at com.ibm.security.krb5.internal.crypto.n.decrypt(n.java:32)
  at com.ibm.security.krb5.EncryptedData.decrypt(EncryptedData.java:106)
  at com.ibm.security.jgss.mech.krb5.k.a(k.java:248)
  at com.ibm.security.jgss.mech.krb5.k.b(k.java:188)
  at com.ibm.security.jgss.mech.krb5.k.acceptSecContext(k.java:533)
  at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:155)
  at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:153)
  at com.sap.security.core.server.jaas.SPNegoLoginModule.doHandshake(SPNegoLoginModule.java:738)
  at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:362)
  at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)
  at java.security.AccessController.doPrivileged(AccessController.java:242)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
  at java.lang.reflect.Method.invoke(Method.java:391)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)
  at java.security.AccessController.doPrivileged(AccessController.java:242)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:557)
  at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:146)
  at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)
  at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
  at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
  at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:524)
  at java.security.AccessController.doPrivileged(AccessController.java:242)
  at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:407)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
  at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
  at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
  at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
  at java.security.AccessController.doPrivileged(AccessController.java:215)
  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
  com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  JGSS_DBG_CTX Error authenticating request. Reporting to client
  Major code = 11, Minor code = 31
  org.ietf.jgss.GSSException, major code: 11, minor code: 31
  major string: General failure, unspecified at GSSAPI level
  minor string: Kerberos error while decoding and verifying token: com.ibm.security.krb5.internal.KrbException, status code: 31
  message: Integrity check on decrypted field failed

  Hi Désirée,
  Yes the service user has "Use DES encryption" set.
  In the end, it was resolved by changing the password and running the SPNEGO wizard again to generate a new keytab with the new password.
  Regards
  Jane

• SSO using Kerberso receiving "Integrity check on decrypted field failed (31

  I am trying to implement SSO for an application that is running on a WebLogic Server. I have flagged the AD Service user for DES encryption, added spn through setspn, created the keytab file, reset the password (to the same value), moved the keytab file, updated krb5.ini and krb5Login.conf accordingly, modified WebLogic startup command accordingly. When Users try to access the application, authentication fails, and I see “Integrity check on decrypted field failed (31)” error in the WebLogic logs. Any ideas ? I am attaching the related lines from the log below.
  <Sep 29, 2008 9:46:50 AM MDT> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
  Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null KeyTab is devmax01.http.keytab2 refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  KeyTab: load() entry length: 60
  KeyTabInputStream, readName(): DEV.DENVERWATER.ORG
  KeyTabInputStream, readName(): HTTP
  KeyTabInputStream, readName(): devmax01principal's key obtained from the keytab
  principal is HTTP/[email protected]
  EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
  KrbAsReq calling createMessage
  KrbAsReq in createMessage
  KrbAsReq etypes are: 3 1
  KrbKdcReq send: kdc=dwdev01 UDP:88, timeout=30000, number of retries =3, #bytes=249
  KDCCommunication: kdc=dwdev01 UDP:88, timeout=30000,Attempt =1, #bytes=249
  KrbKdcReq send: #bytes read=1312
  KrbKdcReq send: #bytes read=1312
  EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
  KrbAsRep cons in KrbAsReq.getReply HTTP/devmax01Added server's keyKerberos Principal HTTP/[email protected] Version 8key EncryptionKey: keyType=3 keyBytes (hex dump)=
  0000: 2F 02 76 AB 7F 8C B0 6E
  [Krb5LoginModule] added Krb5Principal HTTP/[email protected] to Subject
  Commit Succeeded
  Found key for HTTP/[email protected]
  Entered Krb5Context.acceptSecContext with state=STATE_NEW
  EType: sun.security.krb5.internal.crypto.DesCbcMd5EType<Sep 29, 2008 9:46:50 AM MDT> <Debug> <SecurityDebug> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: Integrity check on decrypted field failed (31))
  GSSException: Failure unspecified at GSS-API level (Mechanism level: Integrity check on decrypted field failed (31))

  FYI The fix for this was to chang the value for -Djava.security.krb5.realm to be all upper case
  Once that change was made authentication passed
  Edited by: IDL on Jan 2, 2008 9:25 AM

• Error from sample JAAS client: Message stream modified (41)

  I am trying to follow the tutorial for JAAS Authentication located here:
  http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/AcnOnly.html
  I am trying to run the sample client JaasAcn.java but am getting a strange error when I try to log on to my Active Directory.
  I am using Java version: jre1.6.0_03
  I can login to Active Directory fine with the credentials I am providing, just not with this client, so I know the credentials are valid.
  Here is the error I get that I don't understand. Any suggestions would be very helpful, if you provide help for this
  The Error message is: [Krb5LoginModule] authentication failed
  Message stream modified (41)
  Here is the full output:
  C:\Progra~1\Java\jre1.6.0_03\bin\java -Dsun.security.krb5.debug=true -Djava.security.krb5.realm=PRSDev.local -Djava.security.krb5.kdc=192.168.40.72 -Djava.security.auth.login.config=jaas.conf JaasAcn
  Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f
  alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa
  lse principal is null tryFirstPass is false useFirstPass is false storePass is f
  alse clearPass is false
  Kerberos username [ILea]: sra
  Kerberos password for sra:
  [Krb5LoginModule] user entered username: sra
  Using builtin default etypes for default_tkt_enctypes
  default etypes for default_tkt_enctypes: 3 1 23 16 17.
  Acquire TGT using AS Exchange
  Using builtin default etypes for default_tkt_enctypes
  default etypes for default_tkt_enctypes: 3 1 23 16 17.
  KrbAsReq calling createMessage
  KrbAsReq in createMessage
  KrbKdcReq send: kdc=192.168.40.72 UDP:88, timeout=30000, number of retries =3, #bytes=144
  KDCCommunication: kdc=192.168.40.72 UDP:88, timeout=30000,Attempt =1, #bytes=144
  KrbKdcReq send: #bytes read=202
  KrbKdcReq send: #bytes read=202
  KDCRep: init() encoding tag is 126 req type is 11
  KRBError:sTime is Mon Dec 31 11:56:40 PST 2007 1199131000000
  suSec is 884978
  error code is 25
  error Message is Additional pre-authentication required
  realm is PRSDev.local
  sname is krbtgt/PRSDev.local
  eData provided.
  msgType is 30
  Pre-Authentication Data:PA-DATA type = 11
  PA-ETYPE-INFO etype = 23
  Pre-Authentication Data:PA-DATA type = 2
  PA-ENC-TIMESTAMP
  Pre-Authentication Data:PA-DATA type = 15
  AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
  Using builtin default etypes for default_tkt_enctypes
  default etypes for default_tkt_enctypes: 3 1 23 16 17.
  Pre-Authentication: Set preferred etype = 23
  KrbAsReq salt is PRSDev.localsraPre-Authenticaton: find key for etype = 23
  AS-REQ: Add PA_ENC_TIMESTAMP now
  EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
  KrbAsReq calling createMessage
  KrbAsReq in createMessage
  KrbKdcReq send: kdc=192.168.40.72 UDP:88, timeout=30000, number of retries =3, #bytes=210
  KDCCommunication: kdc=192.168.40.72 UDP:88, timeout=30000,Attempt =1, #bytes=210
  KrbKdcReq send: #bytes read=1182
  KrbKdcReq send: #bytes read=1182
  EType: sun.security.krb5.internal.crypto.ArcFourHmacEType[Krb5LoginModule] authentication failed
  Message stream modified (41)
  Authentication failed:
  Message stream modified (41)

  FYI I have fixed this problem (and moved on to the next error)
  I disabled the preauthentication requirement on the Active Directory account according to this article:
  http://technet2.microsoft.com/windowsserver/en/library/a0bd7520-ef2d-4de4-b487-e105a9de9e4f1033.mspx?mfr=true

• Error occured in the integration checks(read log)

  Hi,
  I try to post planning of machinery hours in KP26, tht time i got this error, and data is not saved too. " error occured in the integration checks(read log)" kindly solve this problem asap.
  Regards
  PRINCE

  Sir,
  Where to maintain Nominal rate for this question KP26 ? give me a path or transaction code.
  Regards
  Prince

• Errors occurred in the integration checks (read log)

  Hello Everyone ,
  I am working on cross companycode- cost accounting
  In the previous screen i said i am not getting cost elements box in transaction code KP06 , anyhow i am entering the itemoverview screen using one cost element which i appearing automatically and in here i am allocating funds to various activity types( here aslo its showing just one cost element as in the main screen of KP06 there was any Box asking me to enter cost element) , so i am giving all activity types with cost element plan fixed cost(entering an amount of 2000for all activity types )
  &plan variable cost (entering an amount of 1000 for all activity types)  nothing in plan fixed cons & plan variable consum.....remember this is just for practice purpose i am taking these small figures.
  Now when i am trying to save this its giving me error which is as follows:
  Errors occurred in the integration checks (read log)
  Message no. GP542
  Diagnosis
  The data entered or changed in this planning transaction should not only be updated in controlling, but also in the related applications (such as profit centers).
  These applications check the data to be posted beforehand to guarantee that the update is performed without any problems.
  However, errors or warnings occurred during this check.
  System Response
  Data is not updated.
  Procedure
  Look to see which errors occurred using the function "Error log...",. "Plan Integration...".
  Can anyone please help me with this one .
  Thanks ,
  Mohammed samiuddin

  Hi,
  I am also getting the same error message when I am trying to post activity type rates using Tcode KP26.
  Can you please let me know how you solved this issue?
  Error message :
  Errors occurred in the integration checks (read log)
  Message no. GP542
  Diagnosis
  The data entered or changed in this planning transaction should not only be updated in controlling, but also in the related applications (such as profit centers).
  These applications check the data to be posted beforehand to guarantee that the update is performed without any problems.
  However, errors or warnings occurred during this check.
  System Response
  Data is not updated.
  Procedure
  Look to see which errors occurred using the function "Error log...",. "Plan Integration...".
  Regards,
  Vicki

• Multiple errors from MsiInstaller with event id 1015 and text "Failed to connect to server. Error: 0x80070005"

  Hi,
  Every night I get a lot of warnings in the event log from MsiInstaller with event ID 1015 and text "Failed to connect to server. Error: 0x80070005". They are always followed by a new event 1035. Example:
  Event 1015, MsiInstaller (Warning)
  Failed to connect to server. Error: 0x80070005
  Event 1035, MsiInstaller (Information)
  Windows Installer reconfigured the product. Product Name: Microsoft Excel Mobile Viewer Components. Product Version: 14.0.4763.1000. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.
  I probably get around 50 of these each night, and the 1035 events are all related to various SharePoint components. The user in all cases is the sharepoint farm account.
  I use SharePoint 2010 enterprise in a farm install on one virtual server. I have a private domain, and the database is on a separate server.
  Does anyone have any idea why this happens? Other than the error in the event log I cannot see any issues with my installation. I have searched for this error and seen it related to user profile synchronisation, but profile sync is working fine for me. I
  installed using the Technet guide and the user profile sync guide at
  http://www.harbar.net/articles/sp2010ups.aspx
  Thanks,
  Mikael

  Hey Trevor. Thanks. I wasn't sure which method it was failing on although I understood it was the Windows Installer Service that was getting called by the job. There are three things that are still interesting to me though:
  The job succeeds anyway. How? Does it just continue to run the rest of its checks but fails on this one? If it doesn't fail on this one, why not? If it does fail here, but then continues, should we be concerned about the quality of the data in Manage Patch
  Status? 
  Or... does it somehow succeed once it uses the DCOM rights which appear to clear the 10016 errors? What I've never been able to reconcile with these warnings is that we've granted DCOM rights to launch and activate the Windows Installer Service and
  that definitely seems to make a difference to success or failure of the job - so why doesn't it clear these warnings? 
  Why does granting the file system permissions clear the FIM version of this job's warnings, but not for the Product Version Job? This is particularly vexing since granting the DCOM rights appears to resolve the 10016 errors in exactly the same manner for
  both jobs. 
  All of this has led me to believe that there were missing permissions somewhere, probably on the file system, but I just haven't had any luck pinning that down. One reason why I continued to pursue a solution to this is that the job doesn't actually try
  to install anything, it's just trying to use the Windows Installer Service to query the installed version, and the DCOM rights should be sufficient to invoke the service. But getting much further than this has proven pretty difficult since I'm not a dev and
  I've kind of pushed my limited reflection skills and understanding of the Windows Installer Service to the limit. If anyone can chip in and make some progress from this point, it'd be great to join forces! 

• Error from sample JAX-WS security from documentation: Failed to get token

  I am trying example 2-1 for the server and 2-3 for the client and i am using WLS 10.3.5:
  http://docs.oracle.com/cd/E21764_01/web.1111/e13713/message.htm#CDEBIJEJ
  i get some errors when trying to compile/generate the source listed, but i work around those.
  and i hardcode some values ( like username/password, keystore locations, etc).
  i can deploy the web service successfully and execute the client.
  I have some debugging turned on, so i see that the messages are being successfully encrypted and decrypted.
  However, i get an exception back from the server:
  [java] Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
  [java]      at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
  [java]      at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
  [java]      at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
  [java]      at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
  [java]      at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
  [java]      at $Proxy30.echo(Unknown Source)
  [java]      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  [java]      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  [java]      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  [java]      at java.lang.reflect.Method.invoke(Method.java:597)
  [java]      at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
  [java]      at $Proxy31.echo(Unknown Source)
  [java]      at wssp12.wss10.Test.main(Unknown Source)
  For the Service:
  I have used exactly the same policies from the example.
  i did have to comment out the @WLHTTPTransport clause ( the error gives me the impression it is no longer supported )
  For the client:
  The generated port no longer takes just string for the wsdl url, so i don't pass in a url at all. i let it use the URL from the client gen process. I also hard coded a username/password i created.
  any thoughts?
  These examples don't mention anything about Secure Token Server ( although, i see it mentioned later down the page after other examples ). Do these examples require an STS be configured? or is that unrelated to my exception?
  Thanks for the help!!!
  Follow up:
  i added the following ( which i think should take care of the STS part i was asking about):
  61 String sts="https://TESTUESR0:7002/UsernameTokenPlainX509SignAndEncrypt/simpleSecureService";
  62 requestContext.put(weblogic.wsee.jaxrpc.WLStub.WST_STS_ENDPOINT_ON_WSSC,sts);
  but this made no difference.
  Edited by: user733322 on Feb 17, 2012 7:38 AM

  DTC was running on remote computer. The problem was it was no longer accepting transactions from remote servers. This was in SSIS so I had to turn to "Transaction Supported" for all Data Flow Transactions.
  Greg Hanson

• CORBA Error from sample

  I am new to CORBA programming, I downloaded the code from
  http://java.sun.com/j2se/1.3/docs/guide/idl/GShome.html
  First start Name Service:
  start tnameserv -ORBInitialPort 1050
  then when I run the server:
  start java HelloServer _ORBInitialPort 1050
  I got error:
  ERROR: org.omg.CORBA.COMM_FAILURE: minor code: 1398079490 completed: No
  org.omg.CORBA.COMM_FAILURE: minor code: 1398079490 completed: No
  at com.sun.corba.se.internal.iiop.IIOPConnection.writeLock(Unknown Sourc
  e)
  at com.sun.corba.se.internal.iiop.IIOPConnection.send(Unknown Source)
  at com.sun.corba.se.internal.iiop.IIOPOutputStream.invoke(Unknown Source
  at com.sun.corba.se.internal.iiop.ClientRequestImpl.invoke(Unknown Sourc
  e)
  at com.sun.corba.se.internal.corba.ClientDelegate.invoke(Unknown Source)
  at com.sun.corba.se.internal.corba.InitialNamingClient.resolve(Unknown S
  ource)
  at com.sun.corba.se.internal.corba.InitialNamingClient.cachedInitialRefe
  rences(Unknown Source)
  at com.sun.corba.se.internal.corba.InitialNamingClient.resolve_initial_r
  eferences(Unknown Source)
  at com.sun.corba.se.internal.corba.ORB.resolve_initial_references(Unknow
  n Source)
  at HelloServer.main(HelloServer.java:30)
  What's wrong with it?
  Thank you very much for your time.

  Incase you still havent found out the answer you need to use the -ORBInitialPort 1050 instead of _OrbInitialPort 1050                                                                                                                                                                                                                                            

• Z61t - Integrity check for code area failed system halted

  Saw the post for the T series which recommended to downgrade bios to 2.23.
  Having this issue with the Z61ts since January 4, 2010.
  -Docked and undocked
  -With and without the network cable plugged in
  -With and without peripherals plugged in
  -Bios 2.26 and 2.27,
  -SafeGuard Easy 4.3 and 4.5.2. 
  In some cases restoring the SafeguardEasy Kernel fixes the issue.  In some cases the error reappears and either the kernel needs to be restored again, or the PC can just be rebooted. One case had 2 kernel restores, a reimage and a kernel restore.

  ^ Same problem here.
  How long it takes to create new fixed Bios-software.?
  Moderator edit: Thinly disguised profanity removed. Please stick to the Community Rules.

• Repeated error from Intel integrated Graphics card in my brand-new B320

  Hi
  I am getting repeated errors from the Intel Integrated Graphics card (on the Intel i3 chip as I understand it) in my brand-new B320.
  I checked via a tool from Intel that my drivers were up-to-date (version 15.22.1.2361).
  I checked via Device Manager Update Drivers that my driver was up-to-date.
  I attempted to uninstall and re-install my driver BUT the uninstall reverted me to a VGA Adapter (so my screen was then running in a low res 800x600 mode!) and I could not even then see the Intel Integrated Graphics card in Device Manager to be able to re-install the driver against (even if I ran scan for new hardware): I had to restore to a System Restore Point - so the problem has of course come back.
  I have even had one error where the screen then went completely blank and nothing would bring it back: I had to power off the PC (Ouch!)
  PLEASE advise how I rectify this incredibly frustrating problem step-by-step. 

  hey johnestlea,
  i was going through the download list of the B320 here : http://consumersupport.lenovo.com/us/en/DriversDownloads/drivers_list.aspx?CategoryID=156819
  And could not find any driver with the version 15.22.1.2361 for the Intel Integrated Graphic Card. Where did you get that version ?
  WW Social Media
  Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
  Follow @LenovoForums on Twitter!
  Have you checked out the Community Knowledgebase yet?!
  How to send a private message? --> Check out this article.

• Getting "IPSEC(epa_des_crypt): decrypted packet failed SA identity check" messages on packets from only one of two far-end sources sharing the same tunnel, the other source works fine. What exactly does this error mean?

  One computer at COMPANY-A is attempting to communicate with two
  computers located at COMPANY-B, via an IPsec tunnel between the
  two companies.
  All communications are via TCP protocol.
  All devices present public IP addresses to one another, although they
  may have RFC 1918 addresses on other interfaces, and NAT may be in use
  on the COMPANY-B side.  (NAT is not being used on the COMPANY-A side.)
  The players:(Note: first three octets have been changed for security reasons)
  COMPANY-A computer      1.2.3.161
  COMPANY-A router        1.2.3.8 (also IPsec peer)
  COMPANY-A has 1.2.3.0/24 with no subnetting.
  COMPANY-B router        4.5.6.228 (also IPsec peer)
  COMPANY-B computer #1   4.5.7.94 (this one has no issues)
  COMPANY-B computer #2   4.5.7.29 (this one fails)
  COMPANY-B has 4.5.6.0/23 subnetted in various ways.
  COMPANY-B also has 9.10.11.0/24, but it is not involved in the issue.
  What works:
  The COMPANY-A computer 1.2.3.161 can communicate via the single IPsec
  tunnel to COMPANY-B computer #1 4.5.7.94 without problems.
  The "show crypto session detail" command shows Inbound/Outbound packets
  flowing in the dec'ed and enc'ed positions.
  What doesn't:
  When the COMPANY-A computer 1.2.3.161 attempts to communicate
  via the single IPsec tunnel with the COMPANY-B computer #2 4.5.7.29,
  the COMPANY-A router eventually reports five of these messages:
  Oct  9 15:24:54.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:24:57.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:25:03.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:25:15.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:25:39.329: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:26:27.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  and the "show crypto session detail" shows inbound packets being dropped.
  The COMPANY-A computer that opens the TCP connection never gets past the
  SYN_SENT phase of the TCP connection whan trying to communicate with the
  COMPANY-B computer #2, and the repeated error messages are the retries of
  the SYN packet.
  On the COMPANY-A side, this IPsec configuration has been set up on a 3745,
  a 3725, and some 76xx routers were tried, all with similar behavior,
  with packets from one far-end computer passing fine, and packets from
  another far-end computer in the same netblock passing through the same
  IPsec tunnel failing with the "failed SA identity" error.
  The COMPANY-A computer directs all packets headed to COMPANY-B via the
  COMPANY-A router at 1.2.3.8 with this set of route settings:
  netstat -r -n
  Kernel IP routing table
  Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
  4.5.7.0         1.2.3.8         255.255.255.0   UG        0 0          0 eth3
  1.2.3.8.0       0.0.0.0         255.255.255.0   U         0 0          0 eth3
  10.1.0.0        0.0.0.0         255.255.240.0   U         0 0          0 eth0
  169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth3
  10.0.0.0        10.1.1.1        255.0.0.0       UG        0 0          0 eth0
  0.0.0.0         1.2.3.1         0.0.0.0         UG        0 0          0 eth3
  The first route line shown is selected for access to both COMPANY-B computers.
  The COMPANY-A router (IPsec tunnel endpoint, 1.2.3.8) has this
  configuration:
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  lifetime 28800
  crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 4.5.6.228
  crypto ipsec security-association lifetime seconds 86400
  crypto ipsec transform-set COMPANY-B01 esp-3des esp-sha-hmac
  crypto map COMPANY-BMAP1 10 ipsec-isakmp
  description COMPANY-B VPN
  set peer 4.5.6.228
  set transform-set COMPANY-B01
  set pfs group2
  match address 190
  interface FastEthernet0/0
  ip address 1.2.3.8 255.255.255.0
  no ip redirects
  ip virtual-reassembly
  duplex auto
  speed auto
  no cdp enable
  crypto map COMPANY-BMAP1
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 1.2.3.1
  ip route 10.0.0.0 255.0.0.0 10.1.1.1
  ip route 1.2.3.8.0 255.255.255.0 FastEthernet0/0
  access-list 190 permit ip host 1.2.3.161 4.5.7.0 0.0.0.255
  access-list 190 permit ip host 1.2.3.161 9.10.11.0 0.0.0.255
  bridge 1 protocol ieee
  One of the routers tried had this IOS/hardware configuration:
  Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(25c),
  RELEASE SOFTWARE (fc2)
  isco 3725 (R7000) processor (revision 0.1) with 115712K/15360K bytes of memory.
  Processor board ID XXXXXXXXXXXXXXX
  R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
  2 FastEthernet interfaces
  4 ATM interfaces
  DRAM configuration is 64 bits wide with parity disabled.
  55K bytes of NVRAM.
  31296K bytes of ATA System CompactFlash (Read/Write)
  250368K bytes of ATA Slot0 CompactFlash (Read/Write)
  Configuration register is 0x2102
  #show crypto sess
  Crypto session current status
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
    IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
          Active SAs: 0, origin: crypto map
  #show crypto sess det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.5.6.228
        Desc: (none)
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
            Capabilities:(none) connid:1 lifetime:06:26:27
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 651 drop 16 life (KB/Sec) 4496182/23178
          Outbound: #pkts enc'ed 574 drop 2 life (KB/Sec) 4496279/23178
    IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
          Active SAs: 0, origin: crypto map
          Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
          Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
  The COMPANY-B device on their end of the IPsec VPN is a Juniper SSG1000
  Version 6.1 (ScreenOS)
  We only have a limited view into the Juniper device configuration.
  What we were allowed to see was:
  COMPANY-B-ROUTER(M)-> sh config | incl COMPANY-A
  set address "Untrust" "oss-COMPANY-A-1.2.3.161" 1.2.3.161 255.255.255.255
  set ike gateway "COMPANY-A-1-GW" address 1.2.3.8 Main outgoing-interface "ethernet2/1" preshare xxxxxxxxxxxxxxxxxxxxxx  proposal "pre-g2-3des-sha"
  set vpn "COMPANY-A-1-IKE" gateway "COMPANY-A-1-GW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha-28800"
  set policy id 2539 from "Untrust" to "Trust"  "oss-COMPANY-A-1.2.3.161" "9.10.11.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2500
  set policy id 2500 from "Trust" to "Untrust"  "9.10.11.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2539
  set policy id 2541 from "Trust" to "Untrust"  "4.5.7.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2540
  set policy id 2540 from "Untrust" to "Trust"  "oss-COMPANY-A-1.2.3.161" "4.5.7.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2541
  COMPANY-B-ROUTER(M)->
  I suspect that this curious issue is due to a configuration setting on the
  Juniper device, but neither party has seen this error before.  COMPANY-B
  operates thousands of IPsec VPNs and they report that this is a new error
  for them too.  The behavior that allows traffic from one IP address to
  work and traffic from another to end up getting this error is also unique.
  As only the Cisco side emits any error message at all, this is the only
  clue we have as to what is going on, even if this isn't actually an IOS
  problem.
  What we are looking for is a description of exactly what the Cisco
  IOS error message:
  IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  is complaining about, and if there are any known causes of the behavior
  described that occur when running IPsec between Cisco IOS and a Juniper
  SSG device.  Google reports many other incidents of the same error
  message (but not the "I like that IP address but hate this one" behavior),
  and not just with a Juniper device on the COMPANY-B end, but for those cases,
  not one was found where the solution was described.
  It is hoped that with a better explanation of the error message
  and any known issues with Juniper configuration settings causing
  this error, we can have COMPANY-B make adjustments to their device.
  Or, if there is a setting change needed on the COMPANY-A router,
  that can also be implemented.
  Thanks in advance for your time in reading this, and any ideas.

  Hello Harish,
  It is believed that:
  COMPANY-B computer #1   4.5.7.94 (this one has no issues)
  COMPANY-B computer #2   4.5.7.29 (this one fails)
  both have at least two network interfaces, one with a public IP address
  (which we are supposedly conversing with) and one with a RFC 1918 type
  address.   COMPANY-B is reluctant to disclose details of their network or
  servers setup, so this is not 100% certain.
  Because of that uncertainty, it occurred to me that perhaps COMPANY-B
  computer #2 might be incorrectly routing via the RFC 1918 interface.
  In theory, such packets should have been blocked by the access-list on both
  COMPANY-A router, and should not have even made it into the IPsec VPN
  if the Juniper access settings work as it appears they should.  So I turned up
  debugging on COMPANY-A router so that I could see the encrypted and
  decrypted packet hex dumps.
  I then hand-disassembled the decoded ACK packet IP header received just
  prior to the "decrypted packet failed SA check" error being emitted and
  found the expected source and destination IP addresses (4.5.7.29 and 1.2.3.161),
  in the unecapsulated packet.  I also found the expected port numbers of the TCP
  conversation that was trying to be established in the TCP header.  So, it
  looks like COMPANY-B computer #2 is emitting the packets out the right
  interface.
  The IP packet header of the encrypted packet showed the IP addresses of the
  two routers at each terminus of the IPsec VPN, but since I don't know what triggers
  the "SA check" error message or what it is complaining about, I don't know what
  other clues to look for in the packet dumps.
  As to your second question, "can you check whether both encapsulation and
  decapsulation happening in 'show crypto ipsec sa'",   the enc'ed/dec'ed
  counters were both going up by the correct quantities.  When communicating
  with the uncooperative COMPANY-B computer #2, you would also see the
  received Drop increment for each packet decrypted.  When communicating
  with the working COMPANY-B computer #1, the Drop counters would not
  increment, and the enc'ed/dec'ed would both increment.
  #show crypto sess det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.5.6.228
        Desc: (none)
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
            Capabilities:(none) connid:1 lifetime:07:59:54
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 376 drop 5 life (KB/Sec) 4458308/28784
          Outbound: #pkts enc'ed 401 drop 3 life (KB/Sec) 4458308/28784
  Attempt a TCP communication to COMPANY-B computer #2...
  show crypto sess det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.5.6.228
        Desc: (none)
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
            Capabilities:(none) connid:1 lifetime:07:59:23
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 376 drop 6 life (KB/Sec) 4458307/28753
          Outbound: #pkts enc'ed 402 drop 3 life (KB/Sec) 4458307/28753
  Note Inbound "drop" changed from 5 to 6.  (I didn't let it sit for all
  the retries.)
  #show crypto ipsec sa
  interface: FastEthernet0/0
      Crypto map tag: COMPANY-BMAP1, local addr 1.2.3.8
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (1.2.3.161/255.255.255.255/0/0)
     remote ident (addr/mask/prot/port): (4.5.7.0/255.255.255.0/0/0)
     current_peer 4.5.6.228 port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 402, #pkts encrypt: 402, #pkts digest: 402
      #pkts decaps: 376, #pkts decrypt: 376, #pkts verify: 376
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 3, #recv errors 6
       local crypto endpt.: 1.2.3.8, remote crypto endpt.: 4.5.6.228
       path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
       current outbound spi: 0xDF2CC59C(3744253340)
    inbound esp sas:
        spi: 0xD9D2EBBB(3654478779)
          transform: esp-3des esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2004, flow_id: SW:4, crypto map: COMPANY-BMAP1
          sa timing: remaining key lifetime (k/sec): (4458307/28600)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0xDF2CC59C(3744253340)
          transform: esp-3des esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2003, flow_id: SW:3, crypto map: COMPANY-BMAP1
          sa timing: remaining key lifetime (k/sec): (4458307/28600)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:
  The "send" errors appear to be related to the tunnel reverting to a
  DOWN state after periods of inactivity, and you appear to get one
  each time the tunnel has to be re-negotiated and returned to
  an ACTIVE state.  There is no relationship between Send errors
  incrementing and working/non-working TCP conversations to the
  two COMPANY-B servers.
  Thanks for pondering this very odd behavior.

• Error while installing Adobe Reader "Did not pass integrity check"

  When the download manager gets to about 80% this error pops up every time, I have tried clearing the temporary files, restarting my computer donwloading an older version but nothing works.
  The entire message says:
  "Adobe Reader":
  "Adobe Reader":
  The Download did not pass the integrity check (16291.304.428)
  I have windows 7, 32 bit. Help please!

  Don't use the download manager; download the installer directly from http://ardownload.adobe.com/pub/adobe/reader/win/10.x/10.0.0/en_US/AdbeRdr1000_en_US.exe (English version 10.0 for Windows).
  Use this link if you need another version http://get.adobe.com/reader/enterprise/

• [TECHNOTE ANNOUNCE]  Error installing Flash Player "The download did not pass the integrity check (16236.304.443)

  All,
  I've published a new technote for folks who are having trouble with the Adobe Download Manager and Flash Player.
  Error installing Flash Player "The download did not pass the integrity check (16236.304.443)
  http://kb2.adobe.com/cps/512/cpsid_51258.html
  Essentially this technote links to the Windows troubleshooting technote here:
  http://www.adobe.com/go/tn_19166
  However, before today the Windows troubleshooting technote only had an EXE install for the ActiveX version of Flash Player 10.  I have now added a link to download the EXE version of the Flash Player Plugin installer as well.
  Please point other users with integrity check errors to the first technote.

  Thank you for the update & Tech Note Announcement. I do have a couple of questions, if you could please respond.
  After uninstalling and ready to download; reading from the link you provided on 9/4/09, Should we follow the normal download instructions
  per #2. "Flash  Player download Center" and if a successful installation is not accomplished, THEN, go to "download and unzip install_Flash_Player_10_Plugin (all other windows browsers) ? Or should the latter step be done in lieu of #2 mentioned. I am assuming the download from F.P. D.L. Center would be done first and then troubleshoot by running the EXE. version of the F.P. Plugin installer.
  Experience has taught me not to assume much, and if you don't know, ask!
  Thanks for your hard work, but you have to admit, for the technically deprived, it is frustrating and confusing.