Fail to rdp from outside
Hey guys,
I want to access one of the server (172.19.100.17) using rdp.
I already configured the pix 501 but not success to perform the rdp.
Could you all detect the problem with my config.
Below are my config
Building configuration...
: Saved
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password 3leFmTa3rJEpFu3l encrypted
passwd 3leFmTa3rJEpFu3l encrypted
hostname IST
domain-name IST.COM
clock timezone MYT 8
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
object-group service rdp tcp
port-object range 3389 3390
access-list inside_access_in permit tcp any any eq domain
access-list inside_access_in permit udp any any eq domain
access-list inside_access_in permit icmp any any
access-list outside_access_in permit tcp any host 203.x.x.30 object-group rdp
access-list inside_outbound_nat0_acl permit ip any 172.19.100.96 255.255.255.240
access-list outside_cryptomap_dyn_20 permit ip any 172.19.100.96 255.255.255.240
pager lines 24
logging on
logging timestamp
logging trap warnings
logging facility 22
logging device-id string pixfirewall
logging host inside Linux_File_Srv
icmp permit host necare outside
icmp permit host 172.19.100.101 outside
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside 203.x.x.30 255.255.255.248
ip address inside 172.19.100.20 255.0.0.0
no ip address intf2
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool klccippool 172.19.100.101-172.19.100.105
pdm logging warnings 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 203.x.x.28 Linux_File_Srv netmask 255.255.255.255 0 0
static (inside,outside) 203.x.x.29 Database_Srv netmask 255.255.255.255 0 0
static (inside,outside) 203.x.x.30 172.19.100.17 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 203.x.x.25 1
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup abc address-pool klccippool
vpngroup abc dns-server 203.x.x.25 203.x.x.24
vpngroup abc idle-time 1800
vpngroup abc password ********
ssh timeout 20
console timeout 0
username necsg password jt43jBARiBYEfoN7 encrypted privilege 15
username necare password BkPn6VQ0VwTy7MY7 encrypted privilege 15
terminal width 80
Cryptochecksum:16907b7aa99b9f619f4986a59a5bd693
: end
[OK]
Hey all,
i already managed to sort out the problem. I reconfigure the acl and now it work fine
Similar Messages
-
Single user cannot RDP from outside the network. Everyone else can.
Bag for scale.
i took the IT Superhero quiz, and it made me a girl! so i tried retaking it until i got what i wanted, and finally, i just decided to reverse engineer their logic answers! it ended up being (somewhat) simple, and yet tricky to decipher, and so i decided to share my findings here at the Water Cooler to anyone in a similar predicament as me :Di highly recommend taking the quiz FIRST to see what you get (it IS rather fun), but once that is out of the way, feel free to have fun (i know i did). and don't forget to use your avatar if you like it!so basically, you just take the address of the Superhero quiz:
http://community.spiceworks.com/careers/sysadminday/superhero-quizand add the appropriate keys after it. for example:... -
ASA 5505 Split tunneling stopped working when upgraded from 8.3(1) to 8.4(3).
When a user was connecting to the old 8.3(1) appliance they could access all of our subnets: 10.60.0.0/16, 10.89.0.0/16, 10.33.0.0/16, 10.1.0.0/16
but now they cannot and in the logs I can just see
6 Oct 31 2012 08:17:59 110003 10.60.30.111 1 10.89.30.41 0 Routing failed to locate next hop for ICMP from outside:10.60.30.111/1 to inside:10.89.30.41/0
any hints? i have tried almost everything. the running configuration is:
: Saved
ASA Version 8.4(3)
hostname asa
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.60.70.1 255.255.0.0
interface Vlan2
nameif outside
security-level 0
ip address 80.90.98.217 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns domain-lookup inside
dns domain-lookup outside
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_10.33.0.0_16
subnet 10.33.0.0 255.255.0.0
object network NETWORK_OBJ_10.60.0.0_16
subnet 10.60.0.0 255.255.0.0
object network NETWORK_OBJ_10.89.0.0_16
subnet 10.89.0.0 255.255.0.0
object network NETWORK_OBJ_10.1.0.0_16
subnet 10.1.0.0 255.255.0.0
object network tetPC
host 10.60.10.1
description test
object network NETWORK_OBJ_10.60.30.0_24
subnet 10.60.30.0 255.255.255.0
object network NETWORK_OBJ_10.60.30.64_26
subnet 10.60.30.64 255.255.255.192
object network SSH-server
host 10.60.20.6
object network SSH_public
object network ftp_public
host 80.90.98.218
object network rdp
host 10.60.10.4
object network ftp_server
host 10.60.20.2
object network ssh_public
host 80.90.98.218
object service FTP
service tcp destination eq 12
object network NETWORK_OBJ_10.60.20.3
host 10.60.20.3
object network NETWORK_OBJ_10.60.40.192_26
subnet 10.60.40.192 255.255.255.192
object network NETWORK_OBJ_10.60.10.10
host 10.60.10.10
object network NETWORK_OBJ_10.60.20.2
host 10.60.20.2
object network NETWORK_OBJ_10.60.20.21
host 10.60.20.21
object network NETWORK_OBJ_10.60.20.4
host 10.60.20.4
object network NETWORK_OBJ_10.60.20.5
host 10.60.20.5
object network NETWORK_OBJ_10.60.20.6
host 10.60.20.6
object network NETWORK_OBJ_10.60.20.7
host 10.60.20.7
object network NETWORK_OBJ_10.60.20.29
host 10.60.20.29
object service port_tomcat
service tcp source range 8080 8082
object network TBSF
subnet 172.16.252.0 255.255.255.0
object network MailServer
host 10.33.10.2
description Mail Server
object service HTTPS
service tcp source eq https
object network test
object network access_web_mail
host 10.60.50.251
object network downtown_Interface_host
host 10.60.50.1
description downtown Interface Host
object service Oracle_port
service tcp source eq sqlnet
object network NETWORK_OBJ_10.60.50.248_29
subnet 10.60.50.248 255.255.255.248
object network NETWORK_OBJ_10.60.50.1
host 10.60.50.1
object network NETWORK_OBJ_10.60.50.0_28
subnet 10.60.50.0 255.255.255.240
object network brisel
subnet 10.191.191.0 255.255.255.0
object network NETWORK_OBJ_10.191.191.0_24
subnet 10.191.191.0 255.255.255.0
object network NETWORK_OBJ_10.60.60.0_24
subnet 10.60.60.0 255.255.255.0
object-group service TCS_Service_Group
description This Group of available Services is for TCS Clients
service-object object port_tomcat
object-group service HTTPS_ACCESS tcp
port-object eq https
object-group network DM_INLINE_NETWORK_1
network-object 10.1.0.0 255.255.0.0
network-object 10.33.0.0 255.255.0.0
network-object 10.60.0.0 255.255.0.0
network-object 10.89.0.0 255.255.0.0
access-list outside_1_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.33.0.0 255.255.0.0
access-list outside_2_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0
access-list outside_3_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.1.0.0 255.255.0.0
access-list OUTSIDE_IN extended permit icmp any any time-exceeded
access-list OUTSIDE_IN extended permit icmp any any unreachable
access-list OUTSIDE_IN extended permit icmp any any echo-reply
access-list OUTSIDE_IN extended permit icmp any any source-quench
access-list OUTSIDE_IN extended permit tcp 194.2.20.0 255.255.255.0 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit tcp host 194.25.12.0 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit icmp host 80.90.98.222 host 80.90.98.217
access-list OUTSIDE_IN extended permit tcp host 162.162.4.1 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit tcp host 98.85.125.2 host 80.90.98.221 eq ssh
access-list OAKDCAcl standard permit 10.60.0.0 255.255.0.0
access-list OAKDCAcl standard permit 10.33.0.0 255.255.0.0
access-list OAKDCAcl remark backoffice
access-list OAKDCAcl standard permit 10.89.0.0 255.255.0.0
access-list OAKDCAcl remark maint
access-list OAKDCAcl standard permit 10.1.0.0 255.255.0.0
access-list osgd standard permit host 10.60.20.4
access-list osgd standard permit host 10.60.20.5
access-list osgd standard permit host 10.60.20.7
access-list testOAK_splitTunnelAcl standard permit 10.60.0.0 255.255.0.0
access-list snmp extended permit udp any eq snmptrap any
access-list snmp extended permit udp any any eq snmp
access-list downtown_splitTunnelAcl standard permit host 10.60.20.29
access-list webMailACL standard permit host 10.33.10.2
access-list HBSC standard permit host 10.60.30.107
access-list HBSC standard deny 10.33.0.0 255.255.0.0
access-list HBSC standard deny 10.89.0.0 255.255.0.0
access-list outside_4_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.191.191.0 255.255.255.0
access-list OAK-remote_splitTunnelAcl standard permit 10.1.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.33.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.60.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.89.0.0 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool OAKPRD_pool 10.60.30.110-10.60.30.150 mask 255.255.0.0
ip local pool mail_sddress_pool 10.60.50.251-10.60.50.255 mask 255.255.0.0
ip local pool test 10.60.50.1 mask 255.255.255.255
ip local pool ipad 10.60.30.90-10.60.30.99 mask 255.255.0.0
ip local pool TCS_pool 10.60.40.200-10.60.40.250 mask 255.255.255.0
ip local pool OSGD_POOL 10.60.50.2-10.60.50.10 mask 255.255.0.0
ip local pool OAK_pool 10.60.60.0-10.60.60.255 mask 255.255.0.0
ip verify reverse-path interface inside
ip verify reverse-path interface outside
ip audit name ThreatDetection attack action alarm
ip audit interface inside ThreatDetection
ip audit interface outside ThreatDetection
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo inside
icmp permit any echo outside
asdm history enable
arp timeout 14400
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.33.0.0_16 NETWORK_OBJ_10.33.0.0_16
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.89.0.0_16 NETWORK_OBJ_10.89.0.0_16
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.1.0.0_16 NETWORK_OBJ_10.1.0.0_16
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.30.0_24 NETWORK_OBJ_10.60.30.0_24
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.30.64_26 NETWORK_OBJ_10.60.30.64_26
nat (inside,outside) source static NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.20.29 destination static NETWORK_OBJ_10.60.40.192_26 NETWORK_OBJ_10.60.40.192_26 service any port_tomcat
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.50.1 NETWORK_OBJ_10.60.50.1
nat (inside,outside) source static MailServer MailServer destination static NETWORK_OBJ_10.60.50.248_29 NETWORK_OBJ_10.60.50.248_29
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.50.0_28 NETWORK_OBJ_10.60.50.0_28
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.191.191.0_24 NETWORK_OBJ_10.191.191.0_24
nat (inside,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_10.60.60.0_24 NETWORK_OBJ_10.60.60.0_24 no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 80.90.98.222 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.60.10.10 255.255.255.255 inside
http 10.33.30.33 255.255.255.255 inside
http 10.60.30.33 255.255.255.255 inside
snmp-server host inside 10.33.30.108 community ***** version 2c
snmp-server host inside 10.89.70.30 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set lux_trans_set esp-aes esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 84.51.31.173
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set peer 98.85.125.2
crypto map outside_map 2 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set peer 220.79.236.146
crypto map outside_map 3 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer 159.146.232.122
crypto map outside_map 4 set ikev1 transform-set lux_trans_set
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto ikev1 policy 50
authentication pre-share
encryption aes
hash sha
group 1
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
telnet 10.60.10.10 255.255.255.255 inside
telnet 10.60.10.1 255.255.255.255 inside
telnet 10.60.10.5 255.255.255.255 inside
telnet 10.60.30.33 255.255.255.255 inside
telnet 10.33.30.33 255.255.255.255 inside
telnet timeout 30
ssh 10.60.10.5 255.255.255.255 inside
ssh 10.60.10.10 255.255.255.255 inside
ssh 10.60.10.3 255.255.255.255 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd dns 155.2.10.20 155.2.10.50 interface inside
dhcpd auto_config outside interface inside
threat-detection basic-threat
threat-detection scanning-threat shun duration 3600
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
tftp-server inside 10.60.10.10 configs/config1
webvpn
group-policy testTG internal
group-policy testTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol l2tp-ipsec
group-policy TcsTG internal
group-policy TcsTG attributes
vpn-idle-timeout 20
vpn-session-timeout 120
vpn-tunnel-protocol ikev1
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value testOAK_splitTunnelAcl
address-pools value TCS_pool
group-policy downtown_interfaceTG internal
group-policy downtown_interfaceTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value downtown_splitTunnelAcl
group-policy HBSCTG internal
group-policy HBSCTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value HBSC
group-policy OSGD internal
group-policy OSGD attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-session-timeout none
vpn-tunnel-protocol ikev1
group-lock value OSGD
split-tunnel-policy tunnelspecified
split-tunnel-network-list value testOAK_splitTunnelAcl
group-policy OAKDC internal
group-policy OAKDC attributes
vpn-tunnel-protocol ikev1
group-lock value OAKDC
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OAKDCAcl
intercept-dhcp 255.255.0.0 disable
address-pools value OAKPRD_pool
group-policy mailTG internal
group-policy mailTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value webMailACL
group-policy OAK-remote internal
group-policy OAK-remote attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OAK-remote_splitTunnelAcl
vpn-group-policy OAKDC
service-type nas-prompt
tunnel-group DefaultRAGroup general-attributes
address-pool OAKPRD_pool
address-pool ipad
default-group-policy DefaultRAGroup_1
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 84.51.31.173 type ipsec-l2l
tunnel-group 84.51.31.173 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 98.85.125.2 type ipsec-l2l
tunnel-group 98.85.125.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 220.79.236.146 type ipsec-l2l
tunnel-group 220.79.236.146 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OAKDC type remote-access
tunnel-group OAKDC general-attributes
address-pool OAKPRD_pool
default-group-policy OAKDC
tunnel-group OAKDC ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TcsTG type remote-access
tunnel-group TcsTG general-attributes
address-pool TCS_pool
default-group-policy TcsTG
tunnel-group TcsTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group downtown_interfaceTG type remote-access
tunnel-group downtown_interfaceTG general-attributes
address-pool test
default-group-policy downtown_interfaceTG
tunnel-group downtown_interfaceTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TunnelGroup1 type remote-access
tunnel-group mailTG type remote-access
tunnel-group mailTG general-attributes
address-pool mail_sddress_pool
default-group-policy mailTG
tunnel-group mailTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group testTG type remote-access
tunnel-group testTG general-attributes
address-pool mail_sddress_pool
default-group-policy testTG
tunnel-group testTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OSGD type remote-access
tunnel-group OSGD general-attributes
address-pool OSGD_POOL
default-group-policy OSGD
tunnel-group OSGD ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group HBSCTG type remote-access
tunnel-group HBSCTG general-attributes
address-pool OSGD_POOL
default-group-policy HBSCTG
tunnel-group HBSCTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 159.146.232.122 type ipsec-l2l
tunnel-group 159.146.232.122 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OAK-remote type remote-access
tunnel-group OAK-remote general-attributes
address-pool OAK_pool
default-group-policy OAK-remote
tunnel-group OAK-remote ipsec-attributes
ikev1 pre-shared-key *****
policy-map global_policy
prompt hostname context
no call-home reporting anonymous
hpm topN enable
: end
asdm history enableDear Darko,
The problem here is the overlapp issue with the Internal network.
Since the VPN pool is:
ip local pool OAKPRD_pool 10.60.30.110-10.60.30.150 mask 255.255.0.0
And the local network is:
interface Vlan1
nameif inside
security-level 100
ip address 10.60.70.1 255.255.0.0
So since you have some NAT rules telling the FW that 10.60.0.0/16 is connected to the inside, we need to change that and force it to know that 10.60.30.0/24 is actually reachable to the outside.
On the other hand, yes you could point to outside interface, but is not a good practice.
Thanks.
Portu.
In case you do not have any further questions, please mark this post as answered. -
Can't access server from Outside
Hi all,
I couldn't access my server from Outside. Seem the setting is OK as i see it but please see if I missed out anything.
From Outside, I need to access http://60.x.x.50:8080. but failed to access. Please help. Thanks.
Below I attached part of the config.
: Saved
ASA Version 8.0(4)
name 172.47.1.10 NarayaServer description Naraya Server
name 62.x.x.172 NarayaTelco1
name 62.x.x.178 NarayaTelco2
interface Ethernet0/0
nameif outside
security-level 0
ip address 60.x.x.50 255.255.255.252
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.27.17.100 255.255.0.0
access-list inside_access_in extended deny ip any Japan02 255.255.255.0
access-list inside_access_in extended deny tcp object-group PermitInternet any object-group torrent1
access-list inside_access_in extended permit ip object-group PermitInternet any
access-list inside_access_in extended permit ip host NAVNew any
access-list inside_access_in extended permit ip host NarayaServer any
access-list inside_access_in extended permit ip host IPVSSvr any
access-list inside_access_in extended permit ip host 172.17.100.30 any
access-list outside_access_in extended permit object-group NECareService object-group NECare any
access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 host NarayaServer
access-list outside_1_cryptomap extended permit ip host NarayaServer object-group Nry_Png
access-list outsidein extended permit tcp any host 60.x.x.50 eq https
access-list outsidein extended permit tcp any host 60.x.x.50 eq 8080
access-list outsidein extended permit ip object-group DM_INLINE_NETWORK_3 host IPVSSvr
access-list outsidein extended permit object-group rdp any host 60.x.x.50
access-list inside_mpc extended permit object-group TCPUDP any any eq www
access-list inside_mpc extended permit tcp any any eq www
access-list inside_nat0_outbound extended permit ip host NarayaServer any
ip local pool lot10ippool 172.27.17.240-172.27.17.245 mask 255.255.255.0
ip verify reverse-path interface outside
global (outside) 10 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 10 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 8080 NarayaServer 8080 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 NAVNew 3389 netmask 255.255.255.255
access-group outsidein in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 60.54.140.49 1
route inside 0.0.0.0 255.255.255.255 60.54.140.49 1
route inside 172.17.100.20 255.255.255.255 172.27.17.100 1
route inside NAVNew 255.255.255.255 172.27.17.100 1
route inside 172.17.100.30 255.255.255.255 172.27.17.100 1
route inside NarayaServer 255.255.255.255 172.27.17.100 1
http server enable
http 172.17.100.30 255.255.255.255 inside
http NAVNew 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outsideHello Mohd,
Here are the facts:
I honestly think you need to change that route statement as it basically says if you want to contact the NARAYASERVER send the packet via the INSIDE interface to the IP address 172.27.17.100
route inside NarayaServer 255.255.255.255 172.27.17.100
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.27.17.100 255.255.0.0
So basically send the packet to yourself (Does not make any sense.. Try to read it so you can understand what I mean.
The NAT 0 is breaking the translation.
access-list inside_nat0_outbound extended permit ip host NarayaServer any
nat (inside) 0 access-list inside_nat0_outbound
Do the following :
access-list inside_nat0_outbound permit ip host NarayaServer OTHER_site_VPN_subnet
no access-list inside_nat0_outbound extended permit ip host NarayaServer any
Then u should be able to connect,
Let me know if you will follow my instructions, otherwise I think I am not helping here
Note: As you already mark the question as answered you could provide kudos (stars) on my next answers
Cheers,
Julio Carvajal Segura -
Why i cant access asa 8.4 thruogh asdm from outside interface ???
hi all ,
plz help e why i cant access asa asdm from outside interface
my puclic ip on outisde is :
x.x.55.34
i changed portf of asdm to 65000 because i have portforward ,
i tried to connect to my ip thriuogh asdm bu :
x.x.55.34
x.x.55.34:65000
but no luck ,
it succed if i try to connect locally
here is my sh run command :
====================================================
ASA5505#
ASA5505# sh run
: Saved
ASA Version 8.4(2)
hostname ASA5505
enable password qsddsEGCCSH encrypted
passwd 2KFsdsdbNIdI.2KYOU encrypted
names
interface Ethernet0/0
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 2
interface Vlan1
nameif ins
security-level 100
ip address 10.66.12.1 255.255.255.0
interface Vlan2
nameif outside
security-level 50
ip address x.x.55.34 255.255.255.248
boot system disk0:/asa842-k8.bin
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-0.0.0.0
host 0.0.0.0
object network localsubnet
subnet 10.66.12.0 255.255.255.0
description localsubnet
object network HTTP-Host
host 10.66.12.249
description web server
object network HTTPS-HOST
host 10.66.12.249
description Https
object network RDP-Host
host 10.66.12.122
description RDP host
object network citrix-host
host 10.66.12.249
description citrix
object service rdp
service tcp destination eq 3389
object service https
service tcp destination eq https
object service citrix
service tcp destination eq 2598
object service http
service tcp destination eq www
object network RDP1
host 10.66.12.249
object network HTTPS-Host
host 10.66.12.249
object network CITRIX-Host
host 10.66.12.249
object-group network RDP-REDIRECT
object-group network HTTP-REDIRECT
object-group network HTTPS-REDIRECT
object-group network CITRIX-ICA-HDX-REDIRECTION
object-group network CITRIX-ICA-SESSION-RELIABILITY-REDIRECTION
object-group service CITRIX-ICA-HDX
object-group service CITRIX-SR
object-group service RDP
object-group network MY-insideNET
network-object 10.66.12.0 255.255.255.0
access-list outside_in extended permit tcp any host 10.66.12.249 eq www
access-list outside_in extended permit tcp any host 10.66.12.249 eq https
access-list outside_in extended permit tcp any host 10.66.12.249 eq 2598
access-list outside_in extended permit tcp any host 10.66.12.122 eq 3389
access-list outside_in extended permit tcp any host 10.66.12.249 eq citrix-ica
access-list outside_in extended permit tcp any host x.x.55.34 eq 65000
access-list outside_in extended permit tcp any host x.x.55.34 eq https
access-list outside_in extended permit ip any any
pager lines 24
mtu ins 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
object network localsubnet
nat (ins,outside) dynamic interface
object network HTTP-Host
nat (ins,outside) static interface service tcp www www
object network RDP-Host
nat (ins,outside) static interface service tcp 3389 3389
object network HTTPS-Host
nat (ins,outside) static interface service tcp https https
object network CITRIX-Host
nat (ins,outside) static interface service tcp citrix-ica citrix-ica
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 62.109.55.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable 65000
http 10.66.12.0 255.255.255.0 ins
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
telnet 0.0.0.0 0.0.0.0 outside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access outside
dhcpd address 10.66.12.160-10.66.12.180 ins
dhcpd dns 212.112.166.22 212.112.166.18 interface ins
dhcpd enable ins
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username test password P4ttSdddd3SV8TYp encrypted privilege 15
username ADMIN password 5dddd3ThngqY encrypted privilege 15
username drvirus password p03BtCddddryePSDf encrypted privilege 15
username cisco password edssdsdOAQcNEL encrypted privilege 15
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: endFor access over VPN you need:
management-access inside
and don't forget:
ssh inside
http inside
I'm guessing you forgot to grant ASDM (http/https) access to the IP addresses used by the VPN? Can you SSH? If not, that is your problem to solve first. -
Mac Pro Failed to wake from sleep
Hello All,
I've had my Mac Pro since Aug. 2007. Never had any problems of any kind until this morning.
To wake from sleep (as I always do): depressed arrow key (10:43 AM). There was a delay - then the spinning beach ball for about 2 min. I did a hard shutdown, waited a bit, then restarted at 10:52 AM. Boot up was (as always) quick.
I logged into my (usual) non-admin account and observed:
When all start up items were loaded: Finder windows appeared approximately as follows:
1. A window showing the (not sure of proper term) "internal folders" of main boot up volume.
2. A window showing the internal folders stored on my mirrored RAID back up disk(s)
3. A window showing the internal folders of my bootable back up.
4. A window showing all 3 disk icons[ Main boot, Bootable backup and the RAID].
I closed all of these windows. [Didn't think too much about it but it's not normal to have these widows appear] SO -
Next:
Then I logged out and logged into my admin account to check the system log with console.
It showed an event from last night which I could not interpret but it did not appear to reveal serious problems (something about not being able to make network connection).
But - the second item on the System Log showed the "wake from sleep" sequence (at 10:43 AM).
I'm going to post the entire wake from sleep log below but first I'll state what was obvious to me:
Startup of CPU #1, #2 and #3 appear first - there is NO #4 CPU!
The log for the manual startup at 10:52 showed some apparent problems as I note below.
Next: Once logged in as admin - I launched Activity Monitor just to assure myself that all four CPUs were at least registering - and they were / are.
Hoping someone here can more thoroughly analyze this log report and give me an idea of the cause of the failure to waken.
Naturally, I won't want to put the Mac Pro to sleep again until I'm sure this isn't a "permanent" problem requiring further action (including service, of course).
Also noticed a statement about some app not having correct permissions (apparently at the System level) and something about removing several orphaned files. There's a warning about CarbonCopyCloner scheduled tasks as well. But there my understanding ends.
Thanks in advance:
System Log Report
Jan 30 10:43:04 Macintosh kernel[0]: System Sleep
Jan 30 10:43:04 Macintosh kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Jan 30 10:43:04 Macintosh kernel[0]: Started CPU 01
Jan 30 10:43:04 Macintosh kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Jan 30 10:43:04 Macintosh kernel[0]: Started CPU 02
Jan 30 10:43:04 Macintosh kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Jan 30 10:43:04 Macintosh kernel[0]: Started CPU 03
Jan 30 10:43:04 Macintosh kernel[0]: System Wake
Jan 30 10:43:04 Macintosh kernel[0]: USB caused wake event (EHCI)
Jan 30 10:43:06 Macintosh kernel[0]: Intel8254x -- Link Up -- 00:17:f2:07:af:71 -- called by interruptOccurred() --
Jan 30 10:43:06 Macintosh configd[43]: posting notification com.apple.system.config.network_change
Jan 30 10:43:10 Macintosh kernel[0]: -- Auto-Negotiation Advertisement Register (04d) = 0xde1
Jan 30 10:43:10 Macintosh kernel[0]: -- Auto-Negotiation Link Partner Ability Register (05d) = 0xcde1
Jan 30 10:43:10 Macintosh kernel[0]: -- Auto-Negotiation Gigabit Advertisement Register (09d) = 0xe00
Jan 30 10:43:10 Macintosh kernel[0]: -- Auto-Negotiation Gigabit Link Partner Ability Register (10d) = 0x7c00
Jan 30 10:43:10 Macintosh kernel[0]: -- PHY Specific Status Register (17d) = 0xaf08
Jan 30 10:43:10 Macintosh kernel[0]: Intel8254X -- Negotiated Speed: 1 Gb/s, Duplex: Full, Flow Control: Receive Pause Enabled, Transmit Pause Enabled
Jan 30 10:43:11 Macintosh lookupd[3328]: lookupd (version 369.8) starting - Fri Jan 30 10:43:11 2009
Jan 30 10:43:12 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to connect: BEEPError 600 (could not bind socket)
Jan 30 10:43:12 Macintosh crashdump[3329]: WindowServer crashed
Jan 30 10:43:13 Macintosh crashdump[3329]: crash report written to: /Library/Logs/CrashReporter/WindowServer.crash.log
Jan 30 10:43:13 Macintosh configd[43]: posting notification com.apple.system.config.network_change
Jan 30 10:43:13 Macintosh lookupd[3330]: lookupd (version 369.8) starting - Fri Jan 30 10:43:13 2009
Jan 30 10:43:14 Macintosh kernel[0]: AFPSleepWakeHandler: waking up
Jan 30 10:43:16 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:43:16 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 10:48:16 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:48:16 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
<== this is the manual restart at 10:52 ==>
Jan 30 10:52:01 localhost kernel[0]: hi mem tramps at 0xffe00000
Jan 30 10:52:01 localhost kernel[0]: PAE enabled
Jan 30 10:52:01 localhost kernel[0]: 64 bit mode enabled
Jan 30 10:52:01 localhost kernel[0]: standard timeslicing quantum is 10000 us
Jan 30 10:52:01 localhost kernel[0]: vmpagebootstrap: 1230515 free pages
Jan 30 10:52:01 localhost kernel[0]: migtable_maxdispl = 71
Jan 30 10:52:01 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Jan 30 10:52:01 localhost kernel[0]: 79 prelinked modules
Jan 30 10:52:01 localhost kernel[0]: ACPI CA 20060421
Jan 30 10:52:01 localhost kernel[0]: AppleIntelCPUPowerManagement: ready
Jan 30 10:52:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=0 LocalApicId=0 Enabled
Jan 30 10:52:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=1 LocalApicId=1 Enabled
Jan 30 10:52:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=2 LocalApicId=7 Enabled
Jan 30 10:52:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=3 LocalApicId=6 Enabled
Jan 30 10:52:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=4 LocalApicId=0 Disabled
Jan 30 10:52:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=5 LocalApicId=0 Disabled
Jan 30 10:52:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=6 LocalApicId=0 Disabled
Jan 30 10:52:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=7 LocalApicId=0 Disabled
Jan 30 10:52:01 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Jan 30 10:52:01 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Jan 30 10:52:01 localhost kernel[0]: using 16384 buffer headers and 4096 cluster IO buffer headers
Jan 30 10:52:01 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Jan 30 10:52:01 localhost kernel[0]: Started CPU 01
Jan 30 10:52:01 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Jan 30 10:52:01 localhost kernel[0]: Started CPU 02
Jan 30 10:52:01 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Jan 30 10:52:01 localhost kernel[0]: IOAPIC: Version 0x20 Vectors 64:87
Jan 30 10:52:01 localhost kernel[0]: Started CPU 03
Jan 30 10:52:01 localhost kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
Jan 30 10:52:01 localhost kernel[0]: Security auditing service present
Jan 30 10:52:01 localhost kernel[0]: BSM auditing present
Jan 30 10:52:01 localhost kernel[0]: disabled
Jan 30 10:52:01 localhost kernel[0]: rooting via boot-uuid from /chosen: B4C50221-5F1E-4039-A399-B8A077BADEC1
Jan 30 10:52:01 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
Jan 30 10:52:01 localhost kernel[0]: USB caused wake event (EHCI)
Jan 30 10:52:01 localhost kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/SATA@1F,2/AppleAHCI/PRT0 @0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDri ver/Hitachi HDP725050GLA360 Media/IOGUIDPartitionScheme/AppleHFS_Untitled1@2
Jan 30 10:52:01 localhost kernel[0]: BSD root: disk0s2, major 14, minor 2
Jan 30 10:52:01 localhost kernel[0]: jnl: replay_journal: from: 26849280 to: 10866176 (joffset 0xe8e000)
Jan 30 10:52:01 localhost kernel[0]: FireWire (OHCI) TI ID 8025 built-in now active, GUID 0016cbfffe7992ba; max speed s800.
Jan 30 10:52:01 localhost kernel[0]: hfs mount: enabling extended security on Phyllis_VII
Jan 30 10:52:01 localhost kernel[0]: HFS: Removed 7 orphaned unlinked files
Jan 30 10:52:01 localhost kernel[0]: Jettisoning kernel linker.
Jan 30 10:52:01 localhost kernel[0]: Resetting IOCatalogue.
Jan 30 10:52:01 localhost kernel[0]: PXS1: family specific matching fails
Jan 30 10:52:01 localhost kernel[0]: Matching service count = 1
Jan 30 10:52:01 localhost kernel[0]: Matching service count = 2
Jan 30 10:52:01 localhost kernel[0]: Matching service count = 2
Jan 30 10:52:01 localhost kernel[0]: Matching service count = 2
Jan 30 10:52:01 localhost kernel[0]: Matching service count = 2
Jan 30 10:52:01 localhost kernel[0]: Matching service count = 2
Jan 30 10:52:01 localhost kernel[0]: Previous Shutdown Cause: 3
Jan 30 10:52:01 localhost kernel[0]: NVDANV40HAL loaded and registered.
Jan 30 10:52:01 localhost kernel[0]: PXS1: family specific matching fails
Jan 30 10:52:01 localhost kernel[0]: IPv6 packet filtering initialized, default to accept, logging disabled
Jan 30 10:52:01 localhost memberd[46]: memberd starting up
Jan 30 10:52:01 localhost xgridcontrollerd: Warning: the file /etc/xgrid/controller/client-password has incorrect permissions or ownership (must be 0600, and root/wheel). Password not read.
Jan 30 10:52:01 localhost mDNSResponder-108.6 (Jul 19 2007 11: 41:28)[37]: starting
Jan 30 10:52:01 localhost xgridcontrollerd: Warning: the file /etc/xgrid/controller/agent-password has incorrect permissions or ownership (must be 0600, and root/wheel). Password not read.
Jan 30 10:52:01 localhost lookupd[47]: lookupd (version 369.8) starting - Fri Jan 30 10:52:01 2009
Jan 30 10:52:01 localhost DirectoryService[52]: Launched version 2.1 (v353.6)
Jan 30 10:52:02 localhost xgridcontrollerd: Warning: database file was not closed cleanly.
Jan 30 10:52:02 localhost diskarbitrationd[45]: disk4s3 hfs 3391641B-2431-3F99-A77D-397F417615F1 Boot OSX [not mounted]
Jan 30 10:52:02 localhost diskarbitrationd[45]: disk0s2 hfs C1617214-1C69-33DC-BC3F-1F7559B84120 Phyllis_VII /
Jan 30 10:52:02 localhost diskarbitrationd[45]: disk2s3 hfs 3391641B-2431-3F99-A77D-397F417615F1 Boot OSX [not mounted]
Jan 30 10:52:03 localhost kernel[0]: jnl: replay_journal: from: 1948672 to: 8487424 (joffset 0xba5000)
Jan 30 10:52:03 localhost kernel[0]: AppleIntel8254XEthernet: Ethernet address 00:17:f2:07:af:70
Jan 30 10:52:03 localhost kernel[0]: AppleIntel8254XEthernet: Ethernet address 00:17:f2:07:af:71
Jan 30 10:52:03 localhost configd[43]: No AirPort Driver found.
Jan 30 10:52:03 localhost lookupd[84]: lookupd (version 369.8) starting - Fri Jan 30 10:52:03 2009
Jan 30 10:52:03 localhost xgridcontrollerd: started.
Jan 30 10:52:03 localhost kernel[0]: jnl: replay_journal: from: 37588480 to: 30012416 (joffset 0xe8e000)
Jan 30 10:52:04 localhost xgridcontrollerd: Database load completed.
Jan 30 10:52:04 localhost diskarbitrationd[45]: disk1s2 hfs C7580D0F-35C6-3678-BC27-FFEBE31CCBAC 372 GB Bootable /Volumes/372 GB Bootable
Jan 30 10:52:05 localhost xgridagentd: Notice: agent maximum task count is 4
Jan 30 10:52:05 localhost xgridagentd: Notice: Jacks Computer started.
Jan 30 10:52:05 localhost xgridagentd: Notice: agent will bind to first available controller
Jan 30 10:52:05 localhost /usr/bin/open: kCGErrorRangeCheck : Window Server communications from outside of session allowed for root and console user only
Jan 30 10:52:05 localhost /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Jan 30 10:52:05 localhost loginwindow[95]: Login Window Started Security Agent
Jan 30 10:52:06 localhost mDNSResponder: Adding browse domain local.
Jan 30 10:52:06 Macintosh kernel[0]: Intel8254x -- Link Up -- 00:17:f2:07:af:71 -- called by interruptOccurred() --
Jan 30 10:52:06 Macintosh kernel[0]: -- Auto-Negotiation Advertisement Register (04d) = 0xde1
Jan 30 10:52:06 Macintosh configd[43]: setting hostname to "Macintosh.local"
Jan 30 10:52:06 Macintosh kernel[0]: -- Auto-Negotiation Link Partner Ability Register (05d) = 0xcde1
Jan 30 10:52:06 Macintosh kernel[0]: -- Auto-Negotiation Gigabit Advertisement Register (09d) = 0xe00
Jan 30 10:52:06 Macintosh kernel[0]: -- Auto-Negotiation Gigabit Link Partner Ability Register (10d) = 0x7c00
Jan 30 10:52:06 Macintosh kernel[0]: -- PHY Specific Status Register (17d) = 0xaf08
Jan 30 10:52:06 Macintosh kernel[0]: Intel8254X -- Negotiated Speed: 1 Gb/s, Duplex: Full, Flow Control: Receive Pause Enabled, Transmit Pause Enabled
Jan 30 10:52:09 Macintosh configd[43]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-net work
Jan 30 10:52:09 Macintosh configd[43]: posting notification com.apple.system.config.network_change
Jan 30 10:52:09 Macintosh lookupd[104]: lookupd (version 369.8) starting - Fri Jan 30 10:52:09 2009
Jan 30 10:52:06 Macintosh kernel[0]: HFS: Removed 3 orphaned unlinked files
Jan 30 10:52:06 Macintosh kernel[0]: hfs mount: enabling extended security on 465.8-1 to -2RAID Set 1
Jan 30 10:52:06 Macintosh diskarbitrationd[45]: disk3 hfs EEEA9F73-B66F-3711-8AA4-A9008B69A26A 465.8-1 to -2RAID Set 1 /Volumes/465.8-1 to -2RAID Set 1
Jan 30 10:52:08 Macintosh configd[43]: target=enable-network: disabled
Jan 30 10:52:08 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:52:08 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 10:52:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:52:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 10:52:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:52:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 10:53:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:53:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 10:54:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:54:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 10:56:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:56:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 10:57:29 Macintosh /Applications/Carbon Copy Cloner.app/Contents/Resources/ccchelper.app/Contents/MacOS/ccchelper: kCGErrorInvalidConnection : CGSGetNextEventRecord: Invalid connection
Jan 30 10:57:29 Macintosh /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Jan 30 10:57:30 Macintosh launchd: com.bombich.ccc.scheduledtask.9E385C48-1FFF-4A13-8F98-DF4033634CAE: exited abnormally: Abort trap
Jan 30 10:57:30 Macintosh launchd: com.bombich.ccc.scheduledtask.9E385C48-1FFF-4A13-8F98-DF4033634CAE: 9 more failures without living at least 60 seconds will cause job removal
Jan 30 10:57:30 Macintosh loginwindow[241]: Login Window Started Security Agent
Jan 30 10:57:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:57:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 10:58:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:58:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 10:59:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 10:59:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 11:01:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 11:01:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 11:02:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 11:02:38 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
Jan 30 11:03:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Unable to open: BEEPError 200 (Success)
Jan 30 11:03:23 Macintosh xgridagentd: Warning: error opening connection (Jacks Computer): Authentication failed
==== end====Hello Alexandre,
First - thank you very much for taking time to offer thorough and informed advice.
However - as indicated in my last post, I have performed the first (and very basic) "test" - I checked to see if Xgrid was included in my network prefs and found that it was. I unchecked it because I don't have the setup to make use of processor resources on the other Mac I have in my home network. (And that other Mac is an old G4 eMac - not much help anyway!)
More specifically: it's apparent that I was using Xgrid "inappropriately" so I think the System Log really indicates that no connection can be found -because there isn't one!
I too still wonder about the "missing CPU 4" but, overall, I see no other indications that there's a problem. Activity Monitor shows all four CPU cores and they're all showing activity. I have not seen (or noticed) this in prior System Log reports so, if I see this again - I'll renew efforts to find it's significance and take appropriate action.
I then put my Mac Pro to sleep, waited a bit, then depressed an arrow key: the machine woke from sleep normally. This "solves" the immediate problem of abnormal wakening - at least I'm satisfied that it does and will continue monitoring for any similar "misbehaviors."
Power Management: I have purposely avoided doing anything with Power Management once I had it set to my liking. That is, I set the screen to sleep in 1 hour, I set the hard drive to "never" (sleep) and only use the Sleep menu command to put the Mac Pro to sleep. My dictum is to "not fix what isn't proved to be broken." Again - if I continue to have problems or new problems crop up, I will then go ahead and start making changes such as those you mention. (Like deleting com.apple.PowerManagemetn.plist)
Next: I did already run permissions repair and may do so again anytime I see problems which could be connected to permissions. Since I have "taken Xgrid" out of the picture, I don't think this particular permissions issue is going to be a problem under my current set up.
CarbonCopyCloner: Here we have a bit of a conundrum. I need! to keep CCC "available" to run scheduled back up tasks. I was given (a very expensive) 1TB wireless backup drive for Xmas and - through long trial and error - found that CCC is the most appropriate back up application for that drive.
For now: I consider that the problem is a bug in CCC and will contact Mr. Bombich about this.
Again: I do appreciate your pointing out this and the other things. You have helped me think through what could have been a very complex process in trouble shooting.
I think that my issue turned out to be simple: I may have accidentally touched the wrong key or key combination when I moved to wake the Mac Pro from sleep. I think that Xgrid was a problem but that now seems to be eliminated. The Mac Pro is now waking normally - which was my original objective.
Oh, and just to be clear: I forgot to mention above that I did re-examine the System Log and there are now no signs of the items in the log I posted originally here. -
Windows server anywhere access not working from outside the lan
ok so heres what i have done so far i installed windows server 2012 essential on a computer followed the wizard to add a couple of users and gave them anywhere access followed the wizard and ran the anywhere access to completion setup the ports 80 and 443
on router manually to forward to my router ip 10.0.1.20
my server is still on dynamic ip
then i go to a windows 7 ultimate computer whent to the connect url downloaded the connect tool ran to completion and restarted the computer so far everything working inside my lan i can connect to the server see shared files and open the dash management
now i go outside connect to a wired or wireless network of a friend and try to connect to http://xxxxxxx.remotewebaccess.com
but am unsuccessfull then i check on my network adapter page and see that there is a new adapter that is called as my remotewebaccess.com so i click on it and try to connect but still fails........
please help what am i doing wrong?
i checked everywhere and cant find a solution.
Thank youIt is probably better to assign a static IP to your server, but OTH it may not change. But you really hate to go off on vacation and have the ip change and everything break.
Now you said you forwarded ports 80 and 443 to your router, I bet you meant your server?
Do www.whatismyip.com and from outside ping xxxx.remotewebaccess.com and make sure they are true same ip
From a PC or the server on your network go to grc.com and do shields up and make sure it reports 80 and 443 as open
Grey -
Remote Desktop in Server 2012 is inaccessible from outside of LAN
We have a server 2012 machine it was setup and accessible via Remote Desktop for months. A few days ago we wiped it and did a fresh install of Server 2012. Now we can not remote to the server from outside of the LAN, even though it is setup exactly
as it was before.
Here is a checklist of things I have checked while trying to figure out the break:
Router/firewall is forwarding port 3389 to the correct internal static IP of the server. Port forward test tools online confirm the port is open.
Windows firewall is set to allow all connections for Remote Desktop on 3389. Also tried turning off firewall completely, does not fix the issue.
Allow remote connections is enabled in System Properties, and users have been added to the list of allowed user
Additional info: The server is also a standalone Active Directory and Domain Controller.
Remote desktop connections work fine while in the office on the LAN. When remoting to the external IP, it doesn't work, even though it did only days before we re-did the server.
Thanks!What should I check in AD? I am by no means an expert with AD.
Yes, I am using the same client OS.
I am talking about RDP over the internet, like from home to the office. We have a static IP assigned to the router from ISP. A static internal IP assigned to the server on the LAN. And the router port forwards 3389 to the assigned IP.
It was working fine before we reinstalled Server 2012. These are the steps I took when reinstalling:
1. format drive and install OS
2. rename the server
3. install SQL server
4. Install TFS and SharePoint
5. Add Active Directory role and promote to Domain Controller
6. Add domain users
7. Enable remote access on the server and add users to remote access list -
Can't RDP From Windows 7 to Server 2008 R2 SP1
Hello,
We have a server 2008 R2 SP1 with all the latest updates installed as of today (11/12/2014) that runs terminal services.
We started upgrading our office computers to windows 7 x64 and now unable to RDP into the server. They were able to RDP for a few days and now are unable.
Once you hit connect, it asks for a username & password, and then it says configuring remote connection and after about 15-30 seconds it just says can not connect to remote computer.
I am able to RDP from windows 7 into 2003 servers.
Windows XP Computers can RDP just fine.
I went through all the articles that had the updates that needed to be removed/reinstalled for RDP to work and none of them fixed the issue.
This has been going on since Monday 11/10/2014
Any advice or assistance is greatly appreciated.SP1 Is installed. as well as updated as of 11/12/2104
Here is the only thing that shows up in the logs on the server side:
Attempt to send connect message to Windows video subsystem failed. The relevant status code was 0xd0000001.
System
Provider
[ Name]
Microsoft-Windows-TerminalServices-LocalSessionManager
[ Guid]
{5D896912-022D-40AA-A3A8-4FA5515C76D7}
EventID
20
Version
0
Level
2
Task
0
Opcode
0
Keywords
0x1000000000000000
TimeCreated
[ SystemTime]
2014-11-12T23:47:45.532187000Z
EventRecordID
19249
Correlation
Execution
[ ProcessID]
644
[ ThreadID]
1624
Channel
Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Computer
LAXCA-PD-TS01.XXXXXXXXXXXXXXX.local
Security
[ UserID]
S-1-5-18
UserData
EventXML
messageName
connect
errorCode
0xd0000001 -
Can not receive mail from outside domains
We are setting up our OCS 10g mail server, and are having trouble setting up our policies.
-unsure how to allow mail to come in from outside domains
-are able to send mail to outside domains if that one is set. is there a way to allow to send to any outside domain without having to set every single one?it looks like the MX records are setup correctly now, but I am still unable to receive mail from outside domains.
from a gmail address i get the error:
Delivery to the following recipient failed permanently:
[email protected]
Technical details of permanent failure:
TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
[mydomain.com. (10): Connection timed out]
----- Original message -----
Received: by 10.70.123.6 with SMTP id v6mr2951750wxc;
Thu, 29 Jun 2006 05:22:06 -0700 (PDT)
Received: by 10.70.105.2 with HTTP; Thu, 29 Jun 2006 05:22:06 -0700 (PDT)
Message-ID: <[email protected]>
Date: Thu, 29 Jun 2006 09:22:06 -0300
From: "Chris M" <[email protected]>
To: [email protected]
Subject: test thursday 1
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_77974_24025125.1151583726769"
------=_Part_77974_24025125.1151583726769
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
test
------=_Part_77974_24025125.1151583726769
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
----- Message truncated -----
** i modified the email addressed for the post, actual email addresses were used ** -
Hi Everyone,
I have a question related to RDweb service.
I have successfully installed RD web role on windows server 2012 R2.
All went ok. I also installed a valid third party certificate.
I can connect from outside to the server and run applications using any devices: Ipad’s, mobiles and laptops.
The problem is that: Any Computer/Laptop that is joined on the domain can connect to RDWEB from outside the company BUT CAN'T RUN ANY APPLICATIONS. The RD session is taking long time it failes.
Note that from inside the network is working.
What it can be?
Thank you in advance,
CrissHi,
The internet connection from where I’m doing the tests is quite good. I think the error with the latency is not relevant because probably the computerRD gateway it doesn’t allow it and that way it fails with this error. For a computer that never been joined
on the domain is working perfect no delay at all..
We are using RD Gateway … installed everything on the same machine Windows server 2012 R2.
When I click RemoteApp I see the remote the prompt of RD gateway, I click ok, then nothing happened for 2-3 min. after this time it brings the error with the delay.. OR “couldn’t connect on the remote computer because an error occurred on the remote
computer that you want to connect to.”
Again, the connection is failing ONLY when we try to connect from outside the company and it happened ONLY with the Computers that are joined on the Domain.
EX: An user (with Office Laptop - joined on domain) can connect to RD Gateway and lunch the RemoteApp’s from inside LAN but when is leaving Home can’t run the Remote App;s. In the meantime he can connect and run RemoteApp’s with his private computer.
What it can be different between the Office and his home private computer?
For Outside users we’ve have open only port 443 on firewall. Why need to open UPD 3391?
I’ve notice that if I take a laptop that is working and join it on the domain it will have the same issue. If will dis-join it will still have the same issue after all.
Thank You -
(Failed to read from channel: -1)
Hi,
I get an error Failed to read from channel: -1 when I try and connect to my company server using the Remote Desktop MAC OS X client. It appears that I am actually communicating with my companies server as I did get asked if I recognised
the security certificate but I get this message shortly after. I can't seem to find anything on it on the Web so could do with some assistance.
If anyone wants further information or want's me to create a log (and knows how to direct me) then I will do.
Thanks,
virkaSame problem here. I can't figure out why i get this error
Log file:
[2014-Apr-16 12:07:59] RDP (0): Protocol state changed to: ProtocolActive(5)
[2014-Apr-16 12:07:59] RDP (0): Protocol state changed to: ProtocolInactive(4)
[2014-Apr-16 12:07:59] RDP (0): Server supports RAIL
[2014-Apr-16 12:08:00] RDP (0): Protocol state changed to: ProtocolActive(5)
[2014-Apr-16 12:08:42] RDP (0): Server hides cursor
[2014-Apr-16 12:08:46] RDP (0): Server shows cursor
[2014-Apr-16 12:11:09] RDP (0): Server hides cursor
[2014-Apr-16 12:11:13] RDP (0): Server shows cursor
[2014-Apr-16 12:11:53] RDP (0): Server hides cursor
[2014-Apr-16 12:11:55] RDP (0): Server shows cursor
[2014-Apr-16 12:12:09] RDP (0): Server hides cursor
[2014-Apr-16 12:15:52] RDP (0): Exception caught: Exception in file '../../librdp/rpcoverhttp.cpp' at line 353
User Message : Failed to read from channel: -1
[2014-Apr-16 12:15:52] RDP (0): Exception caught: Exception in file '../../librdp/rpcoverhttp.cpp' at line 353
User Message : Failed to read from channel: -1
[2014-Apr-16 12:15:52] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-Apr-16 12:15:52] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Apr-16 12:15:52] RDP (0): ------ END ACTIVE CONNECTION ------
[2014-Apr-16 12:41:29] RDP (0): Final rdp configuration used: gatewayhostname:s: confidencial
screen mode id:i:2
use multimon:i:1
session bpp:i:24
full address:s:confidencial
audiomode:i:0
username:s: confidencial
disable wallpaper:i:0
disable full window drag:i:0
disable menu anims:i:0
disable themes:i:0
alternate shell:s:
shell working directory:s:
authentication level:i:2
connect to console:i:0
gatewayusagemethod:i:1
disable cursor setting:i:0
allow font smoothing:i:1
allow desktop com"font-family:Helvetica;line-height:normal;" />bookmarktype:i:3
use redirection server name:i:0 -
ALV Grid editable - How to raise the data_changed event from outside object
Hi,
i'd like to like to raise the data_changed event from outside the ALV-Grid object in order to display errors to the user.
For example a new row was inserted within the program. The user has only to complete the missing informations. Before saving the transactions the program has to execute some semantic checks. The errors of this check process should be shown to the user by creating an instance of the cl_alv_changed_data_portocol object.
Thanks.
RegardsYou don't need to raise the data_changed event to perform the edits or to issue messages using cl_alv_changed_data_protocol.
The following assumes you have an ALV grid object g_alv based on the CL_GUI_ALV_GRID class.
You can mark the inserted records upon insertion as selected using the set_selected_rows method, and then retrieve these rows later using get_selected_rows and perform necessary edits.
Save the row number of each inserted row into a table of the appropriate type (see the method definition for this):
DATA: t_index_rows TYPE lvc_t_row.
DATA: s_row_no TYPE lvc_s_roid.
DATA: t_row_no TYPE lvc_t_roid.
Load entries into t_row_no after each insert. Capture the row number and save in the table t_row_no.
e.g.
PERFORM insert_row USING s_row_no-row_id.
APPEND s_row_no TO t_row_no.
FORM insert_row would have whatever code you are using to insert the row. Save the row id into s_row_no-row_id (which is an INT4).
When done with all inserts do the following
IF t_row_no[] IS NOT INITIAL.
CALL METHOD g_alv->set_selected_rows
EXPORTING
it_index_rows = t_index_rows
it_row_no = t_row_no
is_keep_other_selections = 'X'.
ENDIF.
Then, if SAVE is pressed without the data_changed event having been raised (such as if the user just pressed SAVE without changing anything), use method get_selected_rows to retrieve the rows that were inserted and perform the necessary edits.
DATA: l_t_rows TYPE lvc_t_row. " ALV control: Table rows
CALL METHOD g_alv->get_selected_rows
IMPORTING
et_index_rows = l_t_rows.
Loop through l_t_rows and use the row as an index into the grid, perform the necessary edits, just as you would if the data_changed event had been raised.
If any edits fail, then send messages to the user, abort the save, and re-display the grid.
Remember to refresh the t_row_no and t_index_rows tables if you load a new data set.
You can also use a similar technique with the data_changed event to mark each changed row as selected by saving the row ids, and then you only have to update the changed rows on SAVE, which can minimize database I/O.
Good luck.
Brian -
No rtmp connection (from outside)
Hi guys,
Just a little/hopefully simple Problem. I want to access a shared Object on my server (my Desktop PC). The connection looks like this:
This all works:
main_nc.connect("rtmp:/flashapp");
main_nc.connect("rtmp://localhost/flashapp");
main_nc.connect("rtmp://my_Internal_IP/flashapp");
But this is working only from the mashine the server is running on. No access from other computers in the same network seems to be possible.
I configured my firewall (Router) to forward port 80,1935 to my IP address. The Apache server which comes with FMS is accessible from the network but not from outside (Internet) --> I guess thats just a Problem of a Apache config file?! But as I've read before the FMS is running without the Apache as well!?
So, does anyone have an idea how I have to configure the FMS to access it from the Internet?
Thanks in advanceI'm having the same issue. It seems to be an issue with passive connections (vs. active connections). We've found active connections work fine, but passive connections fail.
-
Any way to link to a specific message from outside Mail?
Hi,
I am putting together a fairly basic customer enquiry database using Mac OS X Mail and an external database. The system will keep in the database a list of specific email messages associated with a particular customer, and should allow these messages to be brought up within Mail by clicking on a link in the database client.
However, Mail doesn't seem to offer any way of linking to a specific message within its database from outside Mail.
I imagined I would be able to do this instead by using the Message-Id: headers from incoming emails, and then getting Mail to do a search on these headers. However, putting a Message-Id into Mail's search field also fails.. it appears Mail doesn't index this header.
Can anyone help or offer a different solution to linking to a message inside Mail from an external app?I'm not entirely sure I understand what you want to do, but if you are trying to link received emails to an external database, you can do so with Applescript, assuming your database app supports it.
AppleScript support in Mail offers the following message properties (copied from the "Message" suite in Mail's Applescript dictionary):
id (integer, r/o) : The unique identifier of the message.
all headers (string, r/o) : All the headers of the message
background color (blue/gray/green/none/orange/other/purple/red/yellow) : The background color of the message
mailbox (mailbox) : The mailbox in which this message is filed
content (string) : Contents of an email message
date received (date, r/o) : The date a message was received
date sent (date, r/o) : The date a message was sent
deleted status (boolean) : Indicates whether the message is deleted or not
flagged status (boolean) : Indicates whether the message is flagged or not
junk mail status (boolean) : Indicates whether the message has been marked junk or evaluated to be junk by the junk mail filter.
read status (boolean) : Indicates whether the message is read or not
message id (string, r/o) : The unique message ID string
source (string, r/o) : Raw source of the message
reply to (string) : The address that replies should be sent to
message size (integer) : The size (in bytes) of a message
sender (string) : The sender of the message
subject (string) : The subject of the message
was forwarded (boolean) : Indicates whether the message was forwarded or not
was redirected (boolean) : Indicates whether the message was redirected or not
was replied to (boolean) : Indicates whether the message was replied to or not
As you can see, this gives you access to just about any message property you could need for the database. You wouldn't need to tell Mail to search for the message; you could refer to it directly by its ID (or message id string) in its mailbox.
I have done something similar using an older version of Filemaker Pro (v6). I store 'calculated' scripts in the database along the lines of this pseudo-code:
Tell app "Mail" to open message {ID field} of mailbox {mailbox field} of account {related:account field}
... and have Filemaker execute them via a button when I need to open the record's message in Mail. This works very well for my purposes, which may be different from yours. (Note that the pseudo-code won't work as written; it is meant only to convey the idea involved.)
Maybe you are looking for
-
Purchase Order Smartform as attachment in step mail through workflow
Whenever user create a PO, mail should trigger in Microsoft Outlook, with the purchase order form as attachment. I am able to send mail to Microsoft Outlook whenever PO is created. But kindly advice how to attach PO smartform in th mail. Regards, Rah
-
Use of static keyword appropriate in this context?
Hello all, I have an application that has a class that I would like all other classes to be able to access. What i'm unsure of is how to implement this correctly or should this even be done. For example consider the following: Main Class public class
-
[URGENT] Business Account Closing Issue
I am the owner of a company which uses PAID skype accounts for business purpose. I recebtly received an e-mail from skype that tells me these accpunt are going to be closed (deleted) in 24 hours. Please contact me urgently. Personally identifiable in
-
Can someone explain the universal dock to me
I saw this product http://store.apple.com/us/product/MB125G/A?fnode=home/shopipod/ipod_accessories/cablesdocks&mco=MzIzNzY5 and was wondering what it did exactly. I was looking for a device that had external speakers, so I could use my iPod Touch lik
-
Visual webpart refactoring - ascx not getting updated
Hello, I have created a visual webpart in one sharepoint 2013 project and then moved the webpart to another sharepoint 2013 project. It is getting deployed without any problem. The problem is the changes to my .ascx files are not reflecting when depl