Error "Invalid SSL message, peer seems to be talking plain" receiver SOAP

Similar Messages

• SOAP: Invalid SSL message, peer seems to be talking plain!

  Hi All,
  we have configured an SOAP Receiver Adapter to send the message to external thrid system from PI 7.11.
  In the configuration we have imported the thrid party system certificate into NWA.
  In the receiver agreement we have sleected the adpater specific Parameters.
  after executing the scenario we are getting the following error in Runtime Workbench.
  *SOAP: call failed: iaik.security.ssl.SSLException: Invalid SSL message,
  peer seems to be talking plain!*
  please let us know if we have missed any configuration.
  thanks,
  Lalitkumar.

  Hi Rahul,
  Actually the path provided by the third party is some what like this;
  https://xyz.abc.com:443/TRSimpleAgent.Process:receive
  let me rephrase the scenario
  IDOC -> PI -> Soap.
  The data which is flowing in IDOC have to be mapped and XML file has to be posted to url which i have mentioned above.
  The data has to be posted outside the landscape of the SAP Systems.
  As if now we are able to get the file as a o/p of receiver mail adapter. now to post this file we have to ping the third party system using the soap receiver adapter. In the meanwhile we have configured the certificate which we got from them in out PI java stack.
  When we execute the scenario we are getting the following error
  Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain!
  SOAP: call failed: iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain!
  please help us in the following to resolve the issue.
  Thanks in Advance.
  Lalitkumar.

• SOAP Receiver via https - Error:  Invalid SSL message, peer seems to be tal

  Hi,
  I have a SOAP Adapter that send a message to a HTTPS WebService.
  I'm having the following error:
  Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: Invalid SSL message, peer seems to be talking plain!: iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain!
  If I check the URL via Internet Explorer it showme a confirmation dialog with a security Alert, and ask me if I want to continue, then, I can reach the WS with any problem (from de IE).
  I checked the steps of this PDF:
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  and all seems to be right.
  Any bode can help me with this problem?
  Thanks
  Martin

  Hello,
  finally you run your request from your ERP System about your ICF.
  To establish a SSL Connection to the Web Service target system about an SAP WebAS and ICF, it is necessary to create a certificate on client site about Internet explorer using target URL and importing it on STRUST. Take the junction "SSL-Client (Anonym)" to include your certificate for your system.
  Take a reboot of ICM Monitor.
  Then create a HTTP Connection to rhe external server via SM59 (Typ G).
  Don't forget to configure the following points:
  Under the menu tab Registration&Security:
  - Registration Process: No Registration
  - status of security protocols: activ and ANONYM SSL-Client (Anonym)
  In most cases, you don't need to edit your user data.
  Mostly only then one can usually connect about SAP XI or PI to some servers with SSL method.

• Error Invalid Number message when sending text

  Ever since I upgraded to an iPhone 5s I get an Error Invalid Number message when sending a text to a phone number that used to work just fine from my 4s. In fact I can receive a text from this number but when I try to reply to that text I get the error message again.
  I deleted the contact info in case there was something broken there and I'm trying it with just the raw phone number but without any luck. What can I do? It's my boss's number so it's important I fix this problem. All other contacts and texts are working just fine, it's just this one phone, a Samsung galaxy on T-mobile if that helps. 

  I am having the same exact issue with my Nokia Lumia 920 Windows phone. I was texting my son this morning when one text immediately returned a "+1 (112) 161-1611 Error Invalid Number. Please re-send u sing a vlid 10 digit mobile number" message. His contact info looked fine, but I edited it, re-saved it and tried texting again. Same result - except the number reported in the error message showed 2 "1s" in front of his mobile number. I was able to text my wife a couple of times to report this to her and then it happened with her number in exactly the same manner. I am still able to text people I work with - so this leads me to believe it has something to do with phone numbers that have been saved outside of my corporate contact list. I will be monitoring this posting to see if there is a fix.

• SSF error: Invalid signer, Message no. 1S005

  Hello Everyone,
  We are in the process of configuring the content server in our customer's landscape.
  Post the definition of content repository and the associated storage category,in the CSADMIN section,in the certificates tab, an error that reads SSF error: Invalid signer, Message no. 1S005 is thrown up whenever we attempt to send the certificate.Toggling values of 'Security' and ' Check Signature' fields doesn't help either.
  Could anyone shed light on this issue and possible solution?
  Note:We have not enabled/configured digital signature strategy and all the previous posts in the forum on this topic are in-conclusive.
  Regards,
  Pradeepkumar Haragoldavar

  Dear Pradeep
  The error message "Invalid signer" actually exactly means what the
  message text says: the system where the error occurred was unable
  to verify the signer of a signed document, most likely because the
  related certificate could not be found.
  Please check the following:
  - Does a PSE exist on the signing system for the intended purpose?
  (check: communication with a content server) (TA STRUST)
  - Does PSE use a subject name that consists of 7bit ASCII
  characters only?
  - Has the certificate been distributed to the receiving system ?
  Which security toolkit do you use (SAPSECULIB or SAPCRYPTOLIB)?
  Please check the version of your installed security toolkit (TA STRUST,
  menu "Environment > Display SSF Version").
  Please also check for any error messages that may occurr at the
  SSF initialization phase (ST11)
  if you are using SAPCRYPTOLIB for SSF, please see note 662340
  Regards
  Tushar Dave

• Error Invalid Number message in texts.

  I thought I fixed this problem a month ago per another discussion's suggestions.
  I had been getting the "+1(1)216116-11 Error Invalid Number Please re-send using valid 10 digit number" message even though the numbers were 10 digit.
  I deleted the contacts and texts.  Updated software to current iOS 7.1.  Powered off then back on.  Then re-entered the info.
  It worked until this morning with the same 2 random contacts.  But it is my son and best friend.  So now I am frustrated. 
  I have checked more discussions and the fixes seem to be random as well.  Does anyone have any new ideas?

  I had this same issue to a number I had been texting daily for months!  After I tried everything--I figured it out!  Even after I deleted the contact and set it all back up again, it still wouldn't work and I would get the "+1(1)216116-11 Error Invalid Number Please re-send using valid 10 digit number" error message. BY chance, as I was typing in the number for a new trial text, the number popped up from "recent history" (the list of all recent texts to that number or name). Even though I had deleted ALL texts to and from her and all contact info,  the number was still stored elsewhere. It dawned on me that her number and her contact info was stored in the memory as "recent text history". I had to delete every instance of a text that had her number in it (including group texts), then when I reentered it, it worked!  I believe the whole thing started when someone had her incomplete number in a group text, and from then on, it was getting her number from that recent text instead of mine! I found it by accident and there HAS to be an easier way, but here are the steps:
  1. Delete the name and number from your contact
  2. Start a new text by typing in the first letter or so of the person's name (or the digits of the number) and they should still pop up in a drop down box
  3. Instead of selecting it for the text recipient, select the little "i" beside it and a new menu will pop up (that is the RECENT menu)
  4. Select REMOVE from the top right corner
  5. Do this for every instance with the name and number in it
  6. Try a new text--nothing should pop up when you enter the number if everything is removed.  It should now work
  Hope this helps someone else!

• Error with SSL Message

  Hello Guys,
  I am implementing solution where in I need to post http request to a secure server. I am using following mechanisam to talk to the ssl server. But when I run the program on my local machine I get following error. Can you guys please help me out since I have limited knowledge of security API and I need to get this done in very short time. Please help me understand necessary steps required to resolve this issue.
  Thanks
  Code
  SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
  tunnelHost = "<my proxy server >";
  tunnelPort = "<proxy server port>";
  tunnel = new Socket(tunnelHost, tunnelPort);
  doTunnelHandshake(tunnel, host, port ,username , password);
  socket =(SSLSocket)factory.createSocket(tunnel, host, port, true);
  socket.addHandshakeCompletedListener(
  new HandshakeCompletedListener()
       public void handshakeCompleted(
       HandshakeCompletedEvent event)
            {"\t CipherSuite:" + event.getCipherSuite());
            System.out.println(
            "\t SessionId " + event.getSession());
            System.out.println(
            "\t PeerHost "+
            event.getSession().getPeerHost());
  socket.startHandshake();
  socket.close();
  tunnel.close();
  } catch (Exception e) {
       e.printStackTrace();
  private void doTunnelHandshake(Socket tunnel, String host, int port , String username , String password)
  throws IOException
  OutputStream out = tunnel.getOutputStream();
  String AuthString = new String("NORTHAMERICA\\"+username+ ":" + password );
  byte [] AuthBytes = AuthString.getBytes();
  char []AuthChar = Base64encode(AuthBytes);
  String test = String.valueOf(AuthChar);
  String ProxyAuthorization = new String("Proxy-Authorization: Basic " + test);
  String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
  + "User-Agent: Java SSL Sample\n"
  + "Host: FSM Gateway\n"
  + "Proxy-Connection: Keep-Alive\n"
  + "Pragma: No-Cache\n"
  + ProxyAuthorization
  + "\r\n\r\n";
  byte b[];
  try {
  b = msg.getBytes("ASCII7");
  } catch (UnsupportedEncodingException ignored) {
  * If ASCII7 isn't there, something serious is wrong, but
  * Paranoia Is Good �
  b = msg.getBytes();
  out.write(b);
  out.flush();
  byte reply[] = new byte[200];
  int replyLen = 0;
  int newlinesSeen = 0;
  boolean headerDone = false; /* Done on first newline */
  InputStream in = tunnel.getInputStream();
  boolean error = false;
  while (newlinesSeen < 2) {
  int i = in.read();
  if (i < 0) {
  throw new IOException("Unexpected EOF from proxy");
  if (i == '\n') {
  headerDone = true;
  ++newlinesSeen;
  } else if (i != '\r') {
  newlinesSeen = 0;
  if (!headerDone && replyLen < reply.length) {
  reply[replyLen++] = (byte) i;
  * Converting the byte array to a string is slightly wasteful
  * in the case where the connection was successful, but it's
  * insignificant compared to the network overhead.
  String replyStr;
  try {
  replyStr = new String(reply, 0, replyLen, "ASCII7");
  } catch (UnsupportedEncodingException ignored) {
  replyStr = new String(reply, 0, replyLen);
  /* We asked for HTTP/1.0, so we should get that back */
  if (!replyStr.startsWith("HTTP/1.0 200")) {
  throw new IOException("Unable to tunnel through "
  + tunnelHost + ":" + tunnelPort
  + ". Proxy returns \"" + replyStr + "\"");
  System.out.println("tunneling Handshake was successful!");
  Exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
  at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at SSLSocketClient.doIt(SSLSocketClient.java:166)
  at SSLSocketClient.main(SSLSocketClient.java:54)
  Debug information is
  keyStore is :
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  trustStore is: C:\Program Files\Java\j2re1.4.2_06\lib\security\cacerts
  trustStore type is : jks
  init truststore
  adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000bf
  Valid from Wed May 17 09:01:00 CDT 2000 until Sat May 17 18:59:00 CDT 2025
  adding as trusted cert:
  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
  Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
  Algorithm: RSA; Serial number: 0x374ad243
  Valid from Tue May 25 11:09:40 CDT 1999 until Sat May 25 11:39:40 CDT 2019
  adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000b9
  Valid from Fri May 12 13:46:00 CDT 2000 until Mon May 12 18:59:00 CDT 2025
  adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Net
  Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Net
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
  adding as trusted cert:
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  tunneling Handshake was successful!
  Socket is 15e83f9[SSL_NULL_WITH_NULL_NULL: Socket[addr=/10.0.1.38,port=80,localport=2133]]
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1115833203 bytes = { 119, 0, 234, 70, 240, 74, 55, 9, 64, 89, 133, 251, 64, 160, 105, 25, 113, 219, 252, 65, 240, 228, 184, 117, 235,
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_
  Compression Methods:  { 0 }
  main, WRITE: TLSv1 Handshake, length = 73
  main, WRITE: SSLv2 client hello message, length = 98
  main, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  main, SEND TLSv1 ALERT: fatal, description = unexpected_message
  main, WRITE: TLSv1 Alert, length = 2
  main, called closeSocket()
  javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
  at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at SSLSocketClient.doIt(SSLSocketClient.java:166)
  at SSLSocketClient.main(SSLSocketClient.java:54)

  No it is not correct.
  The socket creation should be provided with the proper host and the port. the resource on the host is something you should ask your server (HTTP GET ... whatever).
  The https://abc.com:443 is equal to https://abc.com as the default port for https is 443. the host variable should be "abc.com" and the port "443" and the rest negotiated in application level (HTTP GET /XYZ [is not the proper syntax]).
  Further, with this description, the first url (https://server/resource:port) is not making any sense.
  You problem in first place is probably the host and port parameters (specifically the port has been set to 80 which most likely is wrong) . you need to consider the other port regarding newline and CRs buildging the proxy authentication header, but you debug logs suggest that your test proxy server takes it.

• Receiver SOAP channel error: Communication over HTTPS. Unable to create a socket

  Hi,
  I am getting following error while sending message from PI (7.1) to SalesForce system:
  'SOAP: call failed: java.io.IOException: Communication over HTTPS. Unable to create a socket'
  Scenario: Sending Customer data from SAP via Async proxy to PI which is sent further to SalesForce system via SOAP webservice call.
  When I am trying to Post data to the same webservice via SOAP UI it is working fine and data is getting updated in SalesForce system.
  XPI inspector logs for the channel suggest the following:
  client [103965] RequestImpl.initSslAttributes(): Initially sslAttributes = null
  client [103965] RequestImpl.initSslAttributes(): Cannot find SSL headers in the request.
  client [103965] RequestImpl.initSslAttributes(): No SSL attributes: not found in headers and not searched in FCA, because connection.isSecure() = false; sslAttributes = null
  I have checked the following SAP Note and requested for updation of SSL icm parameters
  891877 - Message-specific configuration of HTTP-Security
  I checked the following discussions:
  http://scn.sap.com/message/8910518#8910518
  http://scn.sap.com/message/6244674#6244674
  http://scn.sap.com/thread/2100000
  http://scn.sap.com/thread/1632114
  which are suggesting a different approach. Kindly suggest a way forward.
  Thanks,
  Vishwajeet

  This is related network issue.
  Did you do telnet in pi server with target system ip and port?
  If you use https then you need to install certificates.
  Check below threads
  http://scn.sap.com/thread/190299
  Unable to create socket error

• I keep getting an invalid SSl error message when I try yo upload medical reciepts to my flexible spending provider. never a problem before

  My flexible spending account is with ADP. I have been going to that site for 2 years to upload my receipts and now it says "invalid SSL" when I try. Its very frustrating!!! HELP!!!

  Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted and click "Technical Details to expand this section.<br>If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.

• Error:iaik.security.ssl.SSLCertificateException: Peer certificate rejected

  Hi,
  I am getting error com.sap.engine.interfaces.messaging.api.exception.MessagingException:
  iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  When i test for digital signing and encryption using soap receiver CC
  we passed all the values for soap CC
  Created key store view and in that view I have generated private certificate and generated CSR using SAP CA(test ssl for 8 weeks) for the private key and also imported public key for encryption given by reciver
  When i test i get the error message
  I check certificates validity dates
  I restarted java engine and ICM
  I added the public key in trusted CA in NWA
  I re created the view and added the certifcates
  still the same error
  how and where to check to check IAIK in NWA and how to deploy it in java engine using NWA, we are using PI7.11 (no VA)
  any suggestions?

  Hi,
  The main causes for this kind of problem are:
  1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in the URL below:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
  0a1550b0/frameset.htm
  2. The server certificate chain contains expired certificate. Check for it and if it's the case renew it or extend the validation.
  3. The certificate chain was not in correct order. Basically the server certificate chain should be in order
  Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again.
  4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period.
  (This certificate is the one which is sent to Server for Client authentication)
  As a resource, you may need to create a new SSL Server key.
  The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site.  I mean if I request URL X then the CN must be CN=X.
  In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
  Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
  In any other case the SSL communication will not work.
  Regards,
  Caio Cagnani

• RSA1 going to shortdump, ERROR: Invalid GUI input data: Message no. 00123

  dear experts,
  while executing RSA1 going to short dump, ERROR: Invalid GUI input data: Message no. 00123 in sap-bi 7.0
  plz need help,
  regards.

  John,
  Those are the specs of the Software Components, the backend... As we mentioned before, download the latest SAPGUI version and install it in your PC...
  The latest SAPGUI can be downloaded from https://websmp204.sap-ag.de/support, go to Downloads, then "Browse the Navigation Area", on the left click "A-Z Index", then click on "G" and you'll see the "SAP GUI FOR WINDOWS" option, click on it...
  You can download it from here... Please notice your OSS user needs authorization to do so... Probably need to check with your Basis guys for this...
  Hope this helps.
  Luis

• Keep getting an error message when trying to send some texts to valid numbers, "Error Invalid Number. Please re-send using a valid 10 digit mobile number or valid short code.

  Does anyone know why I keep getting an error  message, "Error invalid number. Please re-send using a valid 10 digit mobile number or valid short code.  The numbers I'm texting to, are valid numbers.

  Did you ever get resolution to this problem?
  My coworker has the identical issue, including the number (+1 (1)(216)116-11) in the error reply.

• HT204204 Error invalid number when trying to send a TXT message

  While trying to send someone a TXT on craigslist, I inadvertently sent a TXT to a 7 digit number. I received back the following message (Where <XXXXXXX> is the 7 digit number I tried to TXT).
  I'm using an iPhone 6 (brand new) with the latest iOS. Handoff and TXT message forwarding is set up.
  From +1 (1) (216) 116-11:
  <XXXXXXX> Error Invalid Number. Please re-send using a valid 10 digit mobile number or valid short code. (The message I sent went her).
  After that I attempted to send to the correct 10 digit number but every subsequent attempt to message the correct number has failed. I have tried the following:
  Hard reset of the device.
  Deleting the conversation
  Creating a contact with the correct number
  Using Messages to create a new conversation
  Replying to messages received from the number.
  However nothing I've been able to do resulted in a message getting sent.

  I think your region settings are interfering the format of the US number. What country are your region settings set to?
  This is how they should look: +1 (216) 116-1122
  The +1 is optional when inside the USA/Canada

• My itunes won't install the new itunes.  I keep getting error messages that seem to be linked to MobileMe service which I don't even know what it is.

  my itunes won't install the new itunes.  I keep getting error messages that seem to be linked to MobileMe service which I don't even know what it is.

  Read this:
  iTunes 11.1.4 for Windows - Unable to install or open - MSVCR80 issue

• Had Lion 10.7.3 and spctl enabled, after upgrading to 10.7.4 i got this error message: 'error: invalid API object reference'

  I had Lion 10.7.3 with spctl enabled, few days ago i had thru Software Updates > Upgrade to 10.7.4; i upgraded but this time when im trying to install an program i have the message that producer is not signed or software was from AppleStore so i tried to disable on Terminal, but i got this message:
  'error: invalid API object reference'
  i guess now i cant install anything because either i want to enable or disable the result is the same.

  I have this same trouble with an IMac, was also 10.7.3 with spctl enabled, and after upgraded to 10.7.4, i cant install anything.