Failed to authenticate user

We have installed SAP on Microsoft Windows clustered environment with Oracle on Storage.
While taking offline backup of SAP, we are getting the following error message:
BR0280I BRBACKUP time stamp: 2008-12-31 01.02.13
BR0307I Shutting down database instance PRD ...
BR0278E Command output of 'FSCMD OFFLINERESOURCE PRD.WORLD /CLUSTER=SAPCLUSTER /OFFLINE=IMMEDIATE /USER=PRDADM /DOMAIN=PARLEAGRO /PWD=*********
Failed to connect to Oracle Services for MSCS on cluster SAPCLUSTER**
FS-10211: Failed to authenticate user PRDADM.  The user must have Administrator privileges on all cluster nodes**BR0280I BRBACKUP time stamp: 2008-12-31 01.02.36
BR0279E Return code from 'FSCMD OFFLINERESOURCE PRD.WORLD /CLUSTER=SAPCLUSTER /OFFLINE=IMMEDIATE /USER=PRDADM /DOMAIN=PARLEAGRO /PWD=*********
BR0309E Shutdown of database instance PRD failed
BR0056I End of database backup: bdzpbrcw.aft 2008-12-31 01.02.36
BR0280I BRBACKUP time stamp: 2008-12-31 01.02.36
BR0054I BRBACKUP terminated with errors

Hi,
Please, check if user PRDADM is assigned to the local administrators group on both nodes of the cluster. If not, please include it to this OS group. Also ensure the relevant Oracle services are running.
Cheers

Similar Messages

  • OC4J Security fails to authenticate users on a 64 bit solarisx86 machine

    Hi,
    I am using a database login module to authenticate users. The login module I use is DBTableLoginModule. On 32 bit windows based machine, the module functions perfectly fine. When I deployed my project on a 64 bit solarisx86 machine, users are no longer able to login. On debugging the DBTableLoginModule, the authentication shows success and the commit method is return true to the OC4J security. But OC4J is redirecting to error page and I have no clue as to why it is doing so. The problem is I am not able to debug OC4J security for I have no source code for that. My question is how can i turn on debugging for OC4J Security
    so I can watch out for any errors or anything that OC4J complains about so I can have better chances to overcome this problem.
    Thanks
    Sam

    Hi,
    sounds like a OC4J bug to me (or issue at least). You may want to check
    OC4J
    Frank

  • Failed to authenticate user to ACS 5.1 with LDAP as external identity storage

    Hi ,  I have an ACS and Open-LDAP server running on my company network.
    Now, I 'm setting up a new linksys WAP-54G and choose WPA2-Enterprise option with ACS as the radius server.
    first thing first, I created new internal user on ACS, and trying to join the wireless network from my computer. I made it....
    then, I'm moving on external entity (LDAP Server). I've set up the LDAP configuration and identity sequence, also select it on access service.  but when I tried to authenticate from my computer, an error was occurred. I received : 
    the following error 22056 Subject not found in the applicable identity store (s)
    Wonder 'bout this thing, I set up a cisco 1841 router to become AAA client. and surprisingly... it works !!!
    so, is there any problem to authenticate from windows platform to ACS (pointing to LDAP) ?  
    any suggestion ?
    thanks

      This is the log when using windows 7 as authentication client (Failed) :
    Steps
    11001  Received RADIUS  Access-Request
    11017  RADIUS created a new session
    Evaluating Service Selection Policy
    15004  Matched rule
    15012  Selected Access Service - Default Network  Access
    11507  Extracted  EAP-Response/Identity
    12500  Prepared EAP-Request proposing EAP-TLS with  challenge
    11006  Returned RADIUS  Access-Challenge
    11001  Received RADIUS  Access-Request
    11018  RADIUS is re-using an existing  session
    12301  Extracted EAP-Response/NAK requesting to use  PEAP instead
    12300  Prepared EAP-Request proposing PEAP with  challenge
    11006  Returned RADIUS  Access-Challenge
    11001  Received RADIUS  Access-Request
    11018  RADIUS is re-using an existing  session
    12302  Extracted EAP-Response containing PEAP  challenge-response and accepting PEAP as negotiated
    12318  Successfully negotiated PEAP version  0
    12800  Extracted first TLS record; TLS handshake  started.
    12805  Extracted TLS ClientHello  message.
    12806  Prepared TLS ServerHello  message.
    12807  Prepared TLS Certificate  message.
    12810  Prepared TLS ServerDone  message.
    12305  Prepared EAP-Request with another PEAP  challenge
    11006  Returned RADIUS  Access-Challenge
    11001  Received RADIUS  Access-Request
    11018  RADIUS is re-using an existing  session
    12304  Extracted EAP-Response containing PEAP  challenge-response
    12318  Successfully negotiated PEAP version  0
    12812  Extracted TLS ClientKeyExchange  message.
    12804  Extracted TLS Finished  message.
    12801  Prepared TLS ChangeCipherSpec  message.
    12802  Prepared TLS Finished  message.
    12816  TLS handshake succeeded.
    12310  PEAP full handshake finished  successfully
    12305  Prepared EAP-Request with another PEAP  challenge
    11006  Returned RADIUS  Access-Challenge
    11001  Received RADIUS  Access-Request
    11018  RADIUS is re-using an existing  session
    12304  Extracted EAP-Response containing PEAP  challenge-response
    12313  PEAP inner method started
    11521  Prepared EAP-Request/Identity for inner EAP  method
    12305  Prepared EAP-Request with another PEAP  challenge
    11006  Returned RADIUS  Access-Challenge
    11001  Received RADIUS  Access-Request
    11018  RADIUS is re-using an existing  session
    12304  Extracted EAP-Response containing PEAP  challenge-response
    11522  Extracted EAP-Response/Identity for inner  EAP method
    11806  Prepared EAP-Request for inner method  proposing EAP-MSCHAP with challenge
    12305  Prepared EAP-Request with another PEAP  challenge
    11006  Returned RADIUS  Access-Challenge
    11001  Received RADIUS  Access-Request
    11018  RADIUS is re-using an existing  session
    12304  Extracted EAP-Response containing PEAP  challenge-response
    11808  Extracted EAP-Response containing EAP-MSCHAP  challenge-response for inner method and accepting EAP-MSCHAP as  negotiated
    Evaluating Identity Policy
    15006  Matched Default Rule
    15013  Selected Identity Store -
    22043  Current Identity Store does not support the  authentication method; Skipping it.
    24210  Looking up User in Internal Users IDStore -  xxxxx
    24216  The user is not found in the internal users  identity store.
    22016  Identity sequence completed iterating the  IDStores
    22056  Subject not found in the applicable identity  store(s).
    22058  The advanced option that is configured for  an unknown user is used.
    22061  The 'Reject' advanced option is configured  in case of a failed authentication request.
    11815  Inner EAP-MSCHAP authentication  failed
    11520  Prepared EAP-Failure for inner EAP  method
    22028  Authentication failed and the advanced  options are ignored.
    12305  Prepared EAP-Request with another PEAP  challenge
    11006  Returned RADIUS  Access-Challenge
    11001  Received RADIUS  Access-Request
    11018  RADIUS is re-using an existing  session
    12304  Extracted EAP-Response containing PEAP  challenge-response
    12307  PEAP authentication failed
    11504  Prepared EAP-Failure
    11003  Returned RADIUS Access-Reject
    This is the log when using 1841 router as authentication client (succeded)  :
    Steps
    11001  Received RADIUS  Access-Request
    11017  RADIUS created a new session
    11049  Settings of RADIUS default network will be  used
    Evaluating Service Selection Policy
    15004  Matched rule
    15012  Selected Access Service - Default Network  Access
    Evaluating Identity Policy
    15006  Matched Default Rule
    15013  Selected Identity Store -  LDAPyyyy
    24031  Sending request to primary LDAP  server
    24015  Authenticating user against LDAP  Server
    24022  User authentication  succeeded
    22037  Authentication Passed
    22023  Proceed to attribute  retrieval
    22038  Skipping the next IDStore for attribute  retrieval because it is the one we authenticated against
    24210  Looking up User in Internal Users IDStore -   xxxxx
    24216  The user is not found in the internal users  identity store.
    22016  Identity sequence completed iterating the  IDStores
    Evaluating Group Mapping Policy
    Evaluating Exception Authorization  Policy
    15042  No rule was matched
    Evaluating Authorization Policy
    15006  Matched Default Rule
    15016  Selected Authorization Profile - Permit  Access
    11002  Returned RADIUS Access-Accept
    I realized that Windows is using PEAP-MSCHAPv2 while Router is using PAP-ASCII as it's protocol.
    so now, why PEAP-MSCHAPv2 can't authenticate to LDAP ?
    is there anything I can do to make it work ?

  • Failed to authenticate - Shared Services 11.1.2.1

    I've installed and configured Foundation services. When I try to login to Shared Services, I get the following error:
    EPMCSS-00301: Failed to authenticate user. Invalid credentials. Enter valid credentials.
    Code: 1000
    Description: An error occurred processing the result from the server
    Version - 11.1.2.1
    Windows 2003 R2 SP2
    Can anyone help with this issue? I haven't find any solutions on the forum...
    Thanks

    John,
    Thanks for the feedback. This is a new install, so I am entering the password that I used in the EPM configurator. Here is the full log:
    <Aug 29, 2011 3:39:54 PM EDT> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
    <Aug 29, 2011 3:39:54 PM EDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
    <Aug 29, 2011 3:39:55 PM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 20.2-b06 from Sun Microsystems Inc.>
    <Aug 29, 2011 3:39:59 PM EDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.4.0 Fri Dec 17 20:47:33 PST 2010 1384255 >
    <Aug 29, 2011 3:40:02 PM EDT> <Emergency> <Management> <BEA-141151> <The admin server could not be reached at http://localhost:7001.>
    <Aug 29, 2011 3:40:02 PM EDT> <Info> <Configuration Management> <BEA-150018> <This server is being started in managed server independence mode in the absence of the admin server.>
    <Aug 29, 2011 3:40:02 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
    <Aug 29, 2011 3:40:02 PM EDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
    <Aug 29, 2011 3:40:02 PM EDT> <Notice> <LoggingService> <BEA-320400> <The log file E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\logs\FoundationServices0.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
    <Aug 29, 2011 3:40:02 PM EDT> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\logs\FoundationServices0.log00004. Log messages will continue to be logged in E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\logs\FoundationServices0.log.>
    <Aug 29, 2011 3:40:02 PM EDT> <Notice> <Log Management> <BEA-170019> <The server log file E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\logs\FoundationServices0.log is opened. All server side log events will be written to this file.>
    <Aug 29, 2011 3:40:11 PM EDT> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
    <Aug 29, 2011 3:40:14 PM EDT> <Warning> <JTA> <BEA-110503> <The migrator(the AdminServer for manual JTA migration policy, or the Singleton Master for automatic JTA migration policy) is not available. Will skip JTA TRS failback because isStrictOwnershipCheck is [false]. This may lead to potencial TLOG corruption if TRS of FoundationServices0 has been migrated to backup server and the backup server is accessing the TLOG of FoundationServices0. More safety can be achieved by setting isStrictOwnershipCheck to [true].>
    <Aug 29, 2011 3:40:16 PM EDT> <Notice> <LoggingService> <BEA-320400> <The log file E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\logs\access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
    <Aug 29, 2011 3:40:16 PM EDT> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\logs\access.log00001. Log messages will continue to be logged in E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\logs\access.log.>
    <Aug 29, 2011 3:40:25 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
    <Aug 29, 2011 3:40:25 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getDomainConfiguration()
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getRuntimeService()
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    return com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean
    return com.bea:Name=EPMSystem,Type=Domain
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Domain location is 'E:\Oracle\Middleware\user_projects\domains\EPMSystem'
    Calling getRuntimeService()
    return com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Checking E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\registry_update.xml file
    EPM_ORACLE_HOME: E:\Oracle\Middleware\EPMSystem11R1
    Template for SHAREDSERVICES#11.1.2.0: E:\Oracle\Middleware\EPMSystem11R1\common\templates\applications\epm_sharedservices_11.1.2.1.jar
    Dependencies for E:\Oracle\Middleware\EPMSystem11R1\common\templates\applications\epm_sharedservices_11.1.2.1.jar: [Oracle EPM Common, Oracle EPM HSS, Oracle EPM Misc libraries, Oracle EPM BPM UI libraries, Oracle EPM BPM UI shared webapp, Oracle EPM Struts libraries]
    BPMUI shared webapp referenced from SHAREDSERVICES#11.1.2.0
    Application name: SHAREDSERVICES#11.1.2.0
    Application source: interop.ear
    Server name: FoundationServices0
    Server port: 28080
    Server SSL port: 28443
    Application context: interop
    Registry product type: SHARED_SERVICES_PRODUCT
    Registry physical web application type: SHARED_SERVICES_WEBAPP
    weblogic.Name property is 'FoundationServices0', seems to be WebLogic mode
    registry.isRegistryDatabaseCreated()true
    Registry was initialized sucessfully
    Executing pre custom update for SHAREDSERVICES#11.1.2.0
    EPM_ORACLE_INSTANCE: E:\Oracle\Middleware\user_projects\epmsystem1
    Physical Web App found
    Web app already linked to some application server: false
    The registry was not modifyed because it already containse all sturctures
    Web app is already linked to the logical web app
    No needs to run custom updater for SHAREDSERVICES#11.1.2.0
    loggingUpdateSHAREDSERVICES.block file exist or the system is running in the Fusion mode, skipping logging.xml configuration
    <Aug 29, 2011 3:40:54 PM EDT> <Warning> <Munger> <BEA-2156203> <A version attribute was not found in element web-app in the deployment descriptor in E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\tmp\servers\FoundationServices0\tmp\_WL_user\SHAREDSERVICES_11.1.2.0\oj8n6j\interop.war/WEB-INF/web.xml. A version attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of the Weblogic Server will reject descriptors that do not specify the JEE version.>
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getDomainConfiguration()
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getRuntimeService()
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    return com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean
    return com.bea:Name=EPMSystem,Type=Domain
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Domain location is 'E:\Oracle\Middleware\user_projects\domains\EPMSystem'
    Calling getRuntimeService()
    return com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Calling getConnection()
    return weblogic.management.jmx.mbeanserver.WLSMBeanServer@2bc9e4d2
    Checking E:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\registry_update.xml file
    EPM_ORACLE_HOME: E:\Oracle\Middleware\EPMSystem11R1
    Template for WORKSPACE#11.1.2.0: E:\Oracle\Middleware\EPMSystem11R1\common\templates\applications\epm_workspace_11.1.2.1.jar
    Dependencies for E:\Oracle\Middleware\EPMSystem11R1\common\templates\applications\epm_workspace_11.1.2.1.jar: [Oracle EPM Common, Oracle EPM BPM UI libraries, Oracle EPM BPM UI shared webapp, Oracle EPM Misc libraries, Oracle EPM LCM libraries, Oracle EPM Xerces libraries]
    BPMUI shared webapp referenced from WORKSPACE#11.1.2.0
    Application name: WORKSPACE#11.1.2.0
    Application source: workspace.ear
    Server name: FoundationServices0
    Server port: 28080
    Server SSL port: 28443
    Application context: workspace
    Registry product type: WORKSPACE
    Registry physical web application type: WORKSPACE_WEBAPP
    weblogic.Name property is 'FoundationServices0', seems to be WebLogic mode
    registry.isRegistryDatabaseCreated()true
    Registry was initialized sucessfully
    Executing pre custom update for WORKSPACE#11.1.2.0
    EPM_ORACLE_INSTANCE: E:\Oracle\Middleware\user_projects\epmsystem1
    Physical Web App found
    Web app already linked to some application server: false
    The registry was not modifyed because it already containse all sturctures
    Web app is already linked to the logical web app
    No needs to run custom updater for WORKSPACE#11.1.2.0
    loggingUpdateWORKSPACE.block file exist or the system is running in the Fusion mode, skipping logging.xml configuration
    **********Getting connection from hub connection pool..Testing JNDI connection....
    <Aug 29, 2011 3:41:25 PM EDT> <Notice> <Cluster> <BEA-000197> <Listening for announcements from cluster using unicast cluster messaging>
    <Aug 29, 2011 3:41:25 PM EDT> <Notice> <Cluster> <BEA-000133> <Waiting to synchronize with other running members of FoundationServices.>
    <Aug 29, 2011 3:41:30 PM EDT> <Warning> <Log Management> <BEA-170011> <The LogBroadcaster on this server failed to broadcast log messages to the admin server. The Admin server may not be running. Message broadcasts to the admin server will be disabled.>
    <Aug 29, 2011 3:41:55 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
    <Aug 29, 2011 3:41:55 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
    <Aug 29, 2011 3:42:00 PM EDT> <Notice> <Cluster> <BEA-000162> <Starting "async" replication service with remote cluster address "null">
    <Aug 29, 2011 3:42:00 PM EDT> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file E:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoIdentity.jks.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file E:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoTrust.jks.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Program Files\Java\jdk1.6.0_27\jre\lib\security\cacerts.>
    <Aug 29, 2011 3:42:01 PM EDT> <Alert> <Security> <BEA-090152> <Demo trusted CA certificate is being used in production mode: [
    Version: V3
    Subject: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: Sun RSA public key, 512 bits
    modulus: 9550192877869244258838480703390456015046425375252278279190673063544122510925482179963329236052146047356415957587628011282484772458983977898996276815440753
    public exponent: 65537
    Validity: [From: Thu Mar 21 15:12:27 EST 2002,
                   To: Tue Mar 22 16:12:27 EDT 2022]
    Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    SerialNumber: [    33f10648 fcde0deb 4199921f d64537f4]
    Certificate Extensions: 1
    [1]: ObjectId: 2.5.29.15 Criticality=true
    KeyUsage [
    Key_CertSign
    Algorithm: [MD5withRSA]
    Signature:
    0000: 9D 26 4C 29 C8 91 C3 A7 06 C3 24 6F AE B4 F8 82 .&L)......$o....
    0010: 80 4D AA CB 7C 79 46 84 81 C4 66 95 F4 1E D8 C4 .M...yF...f.....
    0020: E9 B7 D9 7C E2 23 33 A4 B7 21 E0 AA 54 2B 4A FF .....#3..!..T+J.
    0030: CB 21 20 88 81 21 DB AC 90 54 D8 7D 79 63 23 3C .! ..!...T..yc#<
    ] The system is vulnerable to security attacks, since it trusts certificates signed by the demo trusted CA.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 172.16.2.177:28443 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 172.16.2.177:28080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:28080 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[1]" is now listening on 127.0.0.1:28443 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
    <Aug 29, 2011 3:42:01 PM EDT> <Notice> <WebLogicServer> <BEA-000358> <Started WebLogic Independent Managed Server "FoundationServices0" for domain "EPMSystem" running in Production Mode>
    <Aug 29, 2011 3:42:01 PM EDT> <Warning> <JMX> <BEA-149510> <Unable to establish JMX Connectivity with the Adminstration Server AdminServer at <JMXServiceURL:null>.>
    <Aug 29, 2011 3:42:05 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
    <Aug 29, 2011 3:42:05 PM EDT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
    Thanks!
    Brent

  • Failed to authenticate & Unable to synchronize login time

    Hi,
    My OSX clients are bound to OSX Server.
    Most clients are 10.8, some are 10.9.
    Server is 10.10, recently migrated from 10.6.8.
    Most clients can log in to the user accounts in good order.
    However I have a couple of clients that cannot log in (they both happen to be 10.9 clients).
    The login box just shakes when credentials for any network user are enetered.
    When this happens the systme.log on client shows:
    Oct 30 09:33:24 imac1252 SecurityAgent[166]: User info context values set for userxyz
    Oct 30 09:33:25 imac1252 authorizationhost[182]: Failed to authenticate user <xyz> (error: 9).
    The system.log on 10.10 server shows:
    DSUpdateLoginStatus: Unable to synchronize login time for userxyz: 77009
    I have checked the time and time zones on server and client and they are identical.
    Does anyone have any guidance, please?
    Thanks,
    b.

    I spent some hours with Apple Support on this.
    Apple Support logged into my server, had me do some testing from different clients with them watching, detroyed & rebuilt OD database, tested with a brand new fresh OD database, uploaded some files for analysis, etc.
    The problem is...
    Looking back 8 years or so, my mobile user accunts were created on server 10.6 (or maybe even 10.4 can't remember that far back )
    OSX server (back then) did not require or even have have a certiftcate for these accounts.
    Jumping forward to today...
    Server 4 on 10.10 requires a certificate for 10.9 clients (and above). But my my OD database (created years ago) does not have a certificate for the accounts to use, and they would not know anything about it even if I created one.
    So, support tell me the only option to get things working again is to destroy and rebuild the OD database. I can keep Users, Groups etc, by exporting, but I will need to recreate all passwords.
    I will do that in due course.
    In the meantime my workaround is to have 10.9 users disconnect from network at the time they enter their login password. They can reconnect as soon as they hit 'return'.
    b.

  • Not able to start Managed server using nohup command and failed to authenticate weblogic user

    Hi,
    I stopped weblogic Admin server, managed server and opmnctl. and restarted Admin server successfully but I'm able to start managed start without nohup command. if I use nohup command then it's not able to get authenticate and faild to start managed server. I created boot.property file with weblogic user name and password still not working. is there anyother way to suppy login credentials for managed server?
    how can I supply login credentials in below command?
    nohup ./startManagedWebLogic.sh bi_server1 t3://machine:7001 > bis1_startup.log &
    Appreciate you for your help
    Thanks
    Jay.

    /app/obiee_11g/Oracle_BI1/jdk/bin/java -server -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:-UseSSE42Intrinsics -Dweblogic.Name=bi_server1 -Djava.security.policy=/app/obiee_11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.security.SSL.trustedCAKeyStore=/app/obiee_11g/wlserver_10.3/server/lib/cacerts -da -Dplatform.home=/app/obiee_11g/wlserver_10.3 -Dwls.home=/app/obiee_11g/wlserver_10.3/server -Dweblogic.home=/app/obiee_11g/wlserver_10.3/server -Dcommon.components.home=/app/obiee_11g/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/app/obiee_11g/user_projects/domains/bifoundation_domain -Djrockit.optfile=/app/obiee_11g/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/app/obiee_11g/user_projects/domains/bifoundation_domain/config/fmwconfig/servers/bi_server1 -Doracle.domain.config.dir=/app/obiee_11g/user_projects/domains/bifoundation_domain/config/fmwconfig -Digf.arisidbeans.carmlloc=/app/obiee_11g/user_projects/domains/bifoundation_domain/config/fmwconfig/carml -Digf.arisidstack.home=/app/obiee_11g/user_projects/domains/bifoundation_domain/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/app/obiee_11g/user_projects/domains/bifoundation_domain/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/app/obiee_11g/user_projects/domains/bifoundation_domain/servers/bi_server1/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/app/obiee_11g/oracle_common/modules/oracle.ossoiap_11.1.1,/app/obiee_11g/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dbi.oracle.home=/app/obiee_11g/Oracle_BI1 -DEPM_ORACLE_HOME=/app/obiee_11g/Oracle_BI1 -Dweblogic.MaxMessageSize=50000000 -DEPM_ORACLE_HOME=/app/obiee_11g/Oracle_BI1 -DHYPERION_HOME=/app/obiee_11g/Oracle_BI1 -DEPM_ORACLE_INSTANCE=novalue -Dhyperion.home=/app/obiee_11g/Oracle_BI1 -DEPM_REG_PROPERTIES_PATH=/app/obiee_11g/user_projects/domains/bifoundation_domain/config/fmwconfig -Depm.useApplicationContextId=false -Doracle.biee.search.bisearchproperties=/app/obiee_11g/Oracle_BI1/bifoundation/jee/BISearchConfig.properties -Dweblogic.management.clearTextCredentialAccessEnabled=true -Doracle.notification.filewatching.interval=2000 -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.enableJSSE=true -Dfile.encoding=utf-8 -Doracle.ecsf.security.service=oracle.biee.search.security.BISearchSecurityService -Doracle.ecsf.configuration.class=oracle.biee.search.services.BISearchServiceConfiguration -Dxdo.server.config.dir=/app/obiee_11g/user_projects/domains/bifoundation_domain/config/bipublisher -DXDO_FONT_DIR=/app/obiee_11g/Oracle_BI1/common/fonts -Drtd.instanceName=RTD_bi_server1 -Dem.oracle.home=/app/obiee_11g/oracle_common -Djava.awt.headless=true -Dweblogic.management.discover=false -Dweblogic.management.server=01scqabi01.natusmed.natus.com:7001 -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/app/obiee_11g/patch_wls1035/profiles/default/sysext_manifest_classpath weblogic.Server
    <Nov 17, 2013 12:24:00 AM PST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
    <Nov 17, 2013 12:24:00 AM PST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
    <Nov 17, 2013 12:24:01 AM PST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 20.10-b01 from Sun Microsystems Inc.>
    <Nov 17, 2013 12:24:07 AM PST> <Info> <Security> <BEA-090065> <Getting boot identity from user.>
    Enter username to boot WebLogic server:Error: Failed to get value from Standard Input
    Enter password to boot WebLogic server:
    <Nov 17, 2013 12:24:07 AM PST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
    <Nov 17, 2013 12:24:09 AM PST> <Error> <Configuration Management> <BEA-150021> <The admin server failed to authenticate the identity of the user starting the managed server. The reason for the error is .>
    <Nov 17, 2013 12:24:09 AM PST> <Emergency> <Management> <BEA-141151> <The admin server could not be reached at http://01scqabi01.natusmed.natus.com:7001.>
    <Nov 17, 2013 12:24:09 AM PST> <Info> <Configuration Management> <BEA-150018> <This server is being started in managed server independence mode in the absence of the admin server.>
    <Nov 17, 2013 12:24:09 AM PST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
    <Nov 17, 2013 12:24:09 AM PST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
    <Nov 17, 2013 12:24:09 AM PST> <Notice> <Log Management> <BEA-170019> <The server log file /app/obiee_11g/user_projects/domains/bifoundation_domain/servers/bi_server1/logs/bi_server1.log is opened. All server side log events will be written to this file.>
    <Nov 17, 2013 12:24:19 AM PST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
    <Nov 17, 2013 12:24:20 AM PST> <Critical> <Security> <BEA-090403> <Authentication for user denied>
    <Nov 17, 2013 12:24:20 AM PST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied
    weblogic.security.SecurityInitializationException: Authentication for user denied
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
    at weblogic.security.SecurityService.start(SecurityService.java:141)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    Truncated. see log file for complete stacktrace
    Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    Truncated. see log file for complete stacktrace
    >
    <Nov 17, 2013 12:24:20 AM PST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
    <Nov 17, 2013 12:24:20 AM PST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
    <Nov 17, 2013 12:24:20 AM PST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

  • JBO-33021: Failed authenticate user null

    I am trying to set security on the application module Using jDeveloper 10.1.2 and oracle db 9.2.
    Currently testing from the embedded oc4j and a standalone oc4j.
    Created an application module to a db table and named it AppModule.
    The application module successfully tested using the projects default Business Component Name.
    The application module also tested successfully using the Business Component Name "AppModuleLocal".
    I then set the jbo.security.enforce application module property to "Auth".
    The application module is re-tested using the Business Component Name "AppModuleLocal".
    A dialog window prompts for user and password.
    Then login using the default admin/welcomr and the below error is generated:
    JBO-30003: The application pool (Cuma.model.cumaStateModuleLocal) failed to checkout an application module due to the following exception:oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.jbo.JboException, msg=JBO-33021: Failed authenticate user null
    what does mean?
    help!!

    repost

  • JBO-33021: Failed authenticate user null HELP!!

    I am trying to set security on the application module Using jDeveloper 10.1.2 and oracle db 9.2.
    Currently testing from the embedded oc4j and a standalone oc4j.
    Created an application module to a db table and named it AppModule.
    The application module successfully tested using the projects default Business Component Name.
    The application module also tested successfully using the Business Component Name "AppModuleLocal".
    I then set the jbo.security.enforce application module property to "Auth".
    The application module is re-tested using the Business Component Name "AppModuleLocal".
    A dialog window prompts for user and password.
    Then login using the default admin/welcomr and the below error is generated:
    JBO-30003: The application pool (Cuma.model.cumaStateModuleLocal) failed to checkout an application module due to the following exception:oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.jbo.JboException, msg=JBO-33021: Failed authenticate user null
    what does mean?

    repost

  • Java API Failed to authenticate the user session with LDAP

    I have created a Java class that uses the MDM Java Api's it works fine on our Development environment where the MDM server uses its own built in authentication, but when I moved it to our QA environment where MDM use LDAP for authentication its failed with a  'Failed to authenticate the user session'.  Has anyone seen this before?

    hi Dan,
    The java class which u have created that suppose to works fine on MDM server because to execute that program there are no requirement of such protocols, the problem u will face while exporting those program to an client machine
    LDAP(Lightweight Directory Access protocol) connector communicates with the SAP system using RFC and with the directory server using these standard communication protocol.
    so try to select the protocol such that it should help in making connection between the server,direcotryserver and the client machine through which u can execute u r java class using java Api's.
    i hope this will give u an idea to through ur problem.
    regards,
    swapnil

  • Can you authenticate users from 2 different AAA-servers for one specific tunnel-group?

    I need to authenticate users from two separate AD LDAP databases on the same tunnel-group. I would like them to use the same tunnel-group and thereby using the  same group-alias. I tried creating a new aaa-server group and putting both LDAP servers into group but apparently the ASA does not roll through the separate servers in the aaa-server group and will stop if the first server states that the authentication failed.
    I also tried assigning multiple aaa-server groups into the tunnel-group authentication-server-group but that also did not work. I finally tried to create a separate tunnel-group and assigning it the same group-alias but the ASA will not allow me to assign the same group-alias to different tunnel-group. What is the best way to accomplish this without having to create a new group-alias that will show up and possible confuse the dumb users requiring this access? Please help.

    If you don't want ANY drop down I believe you can do it in a kludgy sort of way.
    Eliminate all the group aliases (which are used to populate the dropdown) and make a local database of the users for the sole purpose of assigning / restricting them to a non-default tunnel-group which authenticates to the secondary LDAP server. 
    You can also send out a non-published URL that points to a second tunnel-group not in the dropdown.
    Of course, we can accomplish this if the AAA server is ISE. ISE 1.3 can authenticate users to multiple AD domains (with or without trust relationships) or a single domain with multiple join points in the Forest.
    The ISE answer makes me wonder - could you establish trust between the domains and authenticate users that way?

  • Cisco WLC 2504 and ways to authenticate users

    Hi All,
         What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
         and any one can give me case study for this issue
    System consist of Cisco 2504 and Cisco LAP 1140
    Thanks

    To implement radius based authentication is the best practice for the small & enterprise environment.
    Information About RADIUS
    Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
    •Authentication—The process of verifying users when they attempt to log into the controller.
    Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
    •Accounting—The process of recording user actions and changes.
    Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
    RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
    You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on. 
    For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947

  • DAC server start-up error and Can't authenticate user

    HI,
         we have installed DAC server in Linux machine and client on windows. By using DAC client we restored the backup of DAC repository, DAC client was working fine still restoration and after restoring it’s not logging in. It throws error like "Can't authenticate user"
    while starting DAC services in Unix server it throws an error like
    ANOMALY INFO An exception occurred. Shutting down server...
    MESSAGE:::/u01/DAC/jdk/jre/lib/i386/xawt/libmawt.so: libXext.so.6: cannot open shared object file: No such file or directory
    EXCEPTION CLASS::: java.lang.UnsatisfiedLinkError
    Note: since DAC client is not separately available for windows we have installed dac server also and while installing and after installing we never configured to connect to the dac server which is in Linux, we have configured only DB.
    we have successfully installed OBIEE, Informatica, and DAC version is 10.1.3.4.1.
    How to start the DAC services?
    How to configure dac client to connect to DAC server and how to solve this "Can't authenticate user" issue?
    Pls help in this regard.
    Thanks in advance.

    EddyLau wrote:
    Hi,
    I encounter the "Can't authenticate user" error in DAC first setup after installation when it prompt up to ask for setting up administrator id and password.
    here's my sql statement to create database schema for dac in oracle database.
    grant dba, connect, resource, create view, create session to SSE_ROLE;
    create user DEV_DAC identified by "password";
    grant DEV_DAC to SSE_ROLE;
    grant dba, connect, resource, create view, create session, grant any role to DEV_DAC;
    I tried dropping the data schema and create it again but still fail to authenticate.
    did I grant enough privileges to the database schema?
    Please help.
    Thanks,
    EddyLogin to DEV_DAC using the credentials from SQL Developer or sql
    Then do select * from W_ETL_USER -- here you will see 2 Administrator id's listed
    now run the command Delete From W_ETL_USER
    Now login to dac client with Administrator and pwd which you have set earlier.
    Mark as helpful or correct if it helps
    Thanks,
    RM

  • Wireless Clients failing to authenticate via the RADIUS

    Hi friends
    I am trying to use Radius server (NPS) to authenticate my wireless users using 1941W router.
    For some reason it cannot authenticate successfully. I checked the radius server is reachable but still I dont see any luck.
    the config is like this:
    ***************Config snap shot*********************
    aaa new-model
    aaa group server radius group1
    server 10.32.0.154 auth-port 1812 acct-port 1813
    aaa authentication login EAP group group1
    aaa session-id common
    dot11 syslog
    dot11 ssid CORP
       vlan 320
       authentication open eap EAP
       mbssid guest-mode
    interface Loopback1
    ip address 10.51.240.1 255.255.255.255
    no ip route-cache
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 320 mode ciphers aes-ccm
    ssid CORP
    antenna gain 0
    mbssid
    station-role root
    interface Dot11Radio0.1
    encapsulation dot1Q 320 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0
    description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
    no ip address
    no ip route-cache
    interface GigabitEthernet0.1
    encapsulation dot1Q 320 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 10.51.246.2 255.255.255.0
    no ip route-cache
    ip default-gateway 10.51.246.1
    ip radius source-interface Loopback1
    radius-server host 10.32.0.154 auth-port 1812 acct-port 1646 key V3rv3@mc0m
    bridge 1 route ip
    *********************End of config snap shot*********************
    When i run the debug i see the following messages which I am still trying to understand thought it would be worthwhile mentioning here:
    *******************Debug**********************
    AP1#
    *Mar  1 01:04:41.951: AAA/BIND(0000001E): Bind i/f
    *Mar  1 01:04:41.951: dot11_auth_add_client_entry: Create new client 2477.037e.22d4 for application 0x1
    *Mar  1 01:04:41.951: dot11_auth_initialize_client: 2477.037e.22d4 is added to the client list for application 0x1
    *Mar  1 01:04:41.951: dot11_auth_add_client_entry: req->auth_type 0
    *Mar  1 01:04:41.951: dot11_auth_add_client_entry: auth_methods_inprocess: 2
    *Mar  1 01:04:41.951: dot11_auth_add_client_entry: eap list name: EAP
    *Mar  1 01:04:41.951: dot11_run_auth_methods: Start auth method EAP or LEAP
    *Mar  1 01:04:41.951: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  1 01:04:41.951: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 2477.037e.22d4
    *Mar  1 01:04:41.951: EAPOL pak dump tx
    *Mar  1 01:04:41.951: EAPOL Version: 0x1  type: 0x0  length: 0x002F
    *Mar  1 01:04:41.951: EAP code: 0x1  id: 0x1  length: 0x002F type: 0x1
    030017B0: 0100002F 0101002F 01006E65 74776F72  .../.../..networ
    030017C0: 6B69643D 56434F52 502C6E61 7369643D  kid=VCORP,nasid=
    030017D0: 4B414C2D 30322D41 50312C70 6F727469  KAL-02-AP1,porti
    030017E0: 643D30                               d=0
    *Mar  1 01:04:41.955: dot11_auth_send_msg:  sending data to requestor status 1
    *Mar  1 01:04:41.955: dot11_auth_send_msg: Sending EAPOL to requestor
    *Mar  1 01:04:41.955: dot11_auth_dot1x_send_id_req_to_client: Client 2477.037e.22d4 timer started for 30 seconds
    *Mar  1 01:04:41.955: dot11_auth_parse_client_pak: Received EAPOL packet from 2477.037e.22d4
    *Mar  1 01:04:41.955: EAPOL pak dump rx
    *Mar  1 01:04:41.955: EAPOL Version: 0x1  type: 0x1  length: 0x0000
    033E86E0:          01010000                        ....
    *Mar  1 01:04:41.955: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,EAP_START) for 2477.037e.22d4
    *Mar  1 01:04:41.955: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 2477.037e.22d4
    *Mar  1 01:04:41.959: EAPOL pak dump tx
    *Mar  1 01:04:41.959: EAPOL Version: 0x1  type: 0x0  length: 0x002F
    *Mar  1 01:04:41.959: EAP code: 0x1  id: 0x2  length: 0x002F type: 0x1
    03001A20: 0100002F 0102002F 01006E65 74776F72  .../.../..networ
    03001A30: 6B69643D 56434F52 502C6E61 7369643D  kid=VCORP,nasid=
    03001A40: 4B414C2D 30322D41 50312C70 6F727469  KAL-02-AP1,porti
    03001A50: 643D30                               d=0
    *Mar  1 01:04:41.959: dot11_auth_send_msg:  sending data to requestor status 1
    *Mar  1 01:04:41.959: dot11_auth_send_msg: Sending EAPOL to requestor
    *Mar  1 01:04:41.959: dot11_auth_dot1x_send_id_req_to_client: Client 2477.037e.22d4 timer started for 30 seconds
    *Mar  1 01:04:41.963: dot11_auth_parse_client_pak: Received EAPOL packet from 2477.037e.22d4
    *Mar  1 01:04:41.963: EAPOL pak dump rx
    *Mar  1 01:04:41.963: EAPOL Version: 0x1  type: 0x0  length: 0x0012
    *Mar  1 01:04:41.963: EAP code: 0x2  id: 0x1  length: 0x0012 type: 0x1
    033603C0:                            01000012              ....
    033603D0: 02010012 01564552 56455C47 30373532  .....VERVE\G0752
    033603E0: 3736                                 76
    *Mar  1 01:04:41.963: dot11_auth_parse_client_pak: id is not matching req-id:1resp-id:2, waiting for response
    *Mar  1 01:04:41.963: dot11_auth_parse_client_pak: Received EAPOL packet from 2477.037e.22d4
    *Mar  1 01:04:41.963: EAPOL pak dump rx
    *Mar  1 01:04:41.963: EAPOL Version: 0x1  type: 0x0  length: 0x0012
    *Mar  1 01:04:41.963: EAP code: 0x2  id: 0x2  length: 0x0012 type: 0x1
    033AEE90:                   01000012 02020012          ........
    033AEEA0: 01564552 56455C47 30373532 3736      .VERVE\G075276
    *Mar  1 01:04:41.963: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 2477.037e.22d4
    *Mar  1 01:04:41.963: dot11_auth_dot1x_send_response_to_server: Sending client 2477.037e.22d4 data to server
    *Mar  1 01:04:41.963: AAA/AUTHEN/PPP (0000001E): Pick method list 'EAP'
    *Mar  1 01:04:41.963: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
    *Mar  1 01:04:41.963: %AAA-3-BADSERVERTYPEERROR: Cannot process authentication server type *invalid_group_handle*
    *Mar  1 01:04:41.963: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
    *Mar  1 01:04:41.963: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
    *Mar  1 01:04:41.963: Client 2477.037e.22d4 failed: EAP reason 2
    *Mar  1 01:04:41.963: dot11_auth_dot1x_parse_aaa_resp: Failed client 2477.037e.22d4 with aaa_req_status_detail 2
    *Mar  1 01:04:41.963: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 2477.037e.22d4
    *Mar  1 01:04:41.963: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 2477.037e.22d4
    *Mar  1 01:04:41.963: EAPOL pak dump tx
    *Mar  1 01:04:41.963: EAPOL Version: 0x1  type: 0x0  length: 0x0004
    *Mar  1 01:04:41.963: EAP code: 0x4  id: 0x2  length: 0x0004
    03001DC0:                   01000004 04020004          ........
    03001DD0:
    *Mar  1 01:04:41.963: dot11_auth_send_msg:  sending data to requestor status 1
    *Mar  1 01:04:41.967: dot11_auth_send_msg: Sending EAPOL to requestor
    *Mar  1 01:04:41.967: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
    *Mar  1 01:04:41.967: dot11_auth_dot1x_send_client_fail: Authentication failed for 2477.037e.22d4
    *Mar  1 01:04:41.967: dot11_auth_send_msg:  sending data to requestor status 0
    *Mar  1 01:04:41.967: dot11_auth_send_msg: client FAILED to authenticate 2477.037e.22d4, node_type 64 for application 0x1
    *Mar  1 01:04:41.967: dot11_auth_delete_client_entry: 2477.037e.22d4 is deleted for application 0x1
    *Mar  1 01:04:41.967: %DOT11-7-AUTH_FAILED: Station 2477.037e.22d4 Authentication failed
    *Mar  1 01:04:41.967: dot11_auth_client_abort: Received abort request for client 2477.037e.22d4
    *Mar  1 01:04:41.967: dot11_auth_client_abort: No client entry to abort: 2477.037e.22d4 for application 0x1
    Any Idea where the problem could be?
    Regards,
    Mohit

    Just to add here, i ran another command on the AP/Router which indicates to me that there was no response from the Radius server.
    KAL-02-AP1#sh radius statistics
                                      Auth.      Acct.       Both
             Maximum inQ length:         NA         NA          1
           Maximum waitQ length:         NA         NA          2
           Maximum doneQ length:         NA         NA          1
           Total responses seen:          0          0          0
         Packets with responses:          0          0          0
      Packets without responses:         12          0         12
      Access Rejects           :          0
    Average response delay(ms):          0          0          0
    Maximum response delay(ms):          0          0          0
      Number of Radius timeouts:         48          0         48
           Duplicate ID detects:          0          0          0
    Buffer Allocation Failures:          0          0          0
    Maximum Buffer Size (bytes):        186          0        186
    Source Port Range: (2 ports only)
    1645 - 1646
    Last used Source Port/Identifier:
    1645/12
    1646/0
      Elapsed time since counters last cleared: 1h52m

  • ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

    Im trying to connect to my azure subscription via powershell on my machine but keep getting the following error when i run a command:
    ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated  with this subscription.
    The steps i have taken so far are:
    1. get settings file
    Get-AzurePublishSettingsFile
    2. Import settings file
    Import-AzurePublishSettingsFile -PublishSettingsFile "C:\Users\me\Downloads\credentials.publishsettings"
    3. I then run Get-Azuresubscription with the following output:
    SubscriptionId : 699385c3-b83a-44af-a651-bxxxxxxxxx
    SubscriptionName : Windows Azure MSDN - Visual Studio Premium
    Environment : AzureCloud
    SupportedModes : AzureServiceManagement
    DefaultAccount : 3B68902B5170D5EC91BFCBE4CC27E2A8838F61C4
    Accounts : {3B68902B5170D5EC91BFCBE4CC27E2A8838F61C4, 26B118D7F3C598FB8FE9CDC49AB5DE5E450C967C,
    03E1E1F0B8C7717F11FB58A14138C35524AB3F8D, 9A2E1FD267ECCC0E9B8C151BD931FC4824E89184...}
    IsDefault : True
    IsCurrent : True
    CurrentStorageAccountName :
    TenantId :
    I run Get-AzureAccount and get the following:
    Id Type Subscriptions Tenants
    3B68902B5170D5EC91BFCBE4CC27E2 Certificate 699385c3-b83a-44af-a651-xxxxxxxxx
    A8838F61C4
    26B118D7F3C598FB8FE9CDC49AB5DE Certificate 699385c3-b83a-44af-a651-xxxxxxxxx
    5E450C967C
    03E1E1F0B8C7717F11FB58A14138C3 Certificate 699385c3-b83a-44af-a651-xxxxxxxxx
    5524AB3F8D
    9A2E1FD267ECCC0E9B8C151BD931FC Certificate 699385c3-b83a-44af-a651-xxxxxxxxx
    4824E89184
    85AD02CB8EB8AB20CF2C44FD9D19F2 Certificate 699385c3-b83a-44af-a651-xxxxxxxxx
    9B6BB2FCD2
    Finally, when i try to run Get-AzureSQLDatabaseServer, to list my databases, i get this error:
    WARNING: Client Session Id: '5911f288-7b02-4c94-bb9d-37b9ea5fc187-2015-01-13 11:47:54Z'
    WARNING: Client Request Id: '3e5f7ea9-092a-46fd-a6a6-6916b9161b77-2015-01-13 15:25:41Z'
    Get-AzureSqlDatabaseServer : ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated
    with this subscription.
    At line:2 char:1
    + Get-AzureSqlDatabaseServer
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Get-AzureSqlDatabaseServer], CloudException
    + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.SqlDatabase.Server.Cmdlet.GetAzureSqlDatabaseServer
    I would appreciate any help in figuring out what i am doing wrong here.
    Thanks,

    OK. That won't work in Azure Automation though, as mentioned above. OrgID (recommended) or cert-based auth will need to be used. PublishSettings file won't work.
    Correct, but the original question was:
    <Quote>
    Im trying to connect to my azure subscription
    via powershell on my machine 
    </Quote>
    I wanted to test automation script's core functionality without having to wait for the very very long time taken for an automation runbook
    to spin up, actually run and provide output (can often take 2+ minutes for a trivial script). Although i cant run Workbooks on my pc, i can run the core modules (view virtual machines, databases etc) to ensure my logic is sound.

  • Failed to authenticate with the device at ip.ip.ip.ip using TELNET

    Hi!
    I can no longer use CCA :-)
    I tried everything, but when I enter user and password after waiting a few tens of seconds I get the following error window: "Failed to authenticate with the device at ip.ip.ip.ip using TELNET. TELNET access is required for access to voice configuration. Cannot continue. Exiting CCA."
    Given that I do not understand the need to use the 'telnet', I verified that UC500 was reachable from the PC via telnet. But CCA 2.2.5 don't work and I find no reason, even logging on to see go console error messages or anything else that turn me to the solution. Before removing CCA and back to 2.2.4, I see if I could solve the problem somehow.
    I tried to see what was going on the network with wireshark:
    Time          Source          Destination     Protocol     Info
    722.508214     pc.pc.pc.128     uc.uc.uc.1     TELNET     Telnet Data ... (the password in clear text!!!!)
    722.713551     uc.uc.uc.1     pc.pc.pc.128     TCP     telnet > xs-openstorage [ACK] Seq=80 Ack=37 Win=4092 Len=0
    722.713606     pc.pc.pc.128     uc.uc.uc.1     TELNET     Telnet Data ... (a '/r/n' after send user pwd on previus pkt)
    722.911528     uc.uc.uc.1     pc.pc.pc.128     TCP     telnet > xs-openstorage [ACK] Seq=80 Ack=39 Win=4090 Len=0
    724.608892     pc.pc.pc.128     uc.uc.uc.1     TCP     xs-openstorage > telnet [FIN, ACK] Seq=39 Ack=80 Win=65456 Len=0
    724.611192     uc.uc.uc.1     pc.pc.pc.128     TCP     telnet > xs-openstorage [ACK] Seq=80 Ack=40 Win=4090 Len=0
    724.721538     uc.uc.uc.1     pc.pc.pc.128     TELNET     Telnet Data ... (a '/r/n')
    724.721589     pc.pc.pc.128     uc.uc.uc.1     TCP     xs-openstorage > telnet [RST, ACK] Seq=40 Ack=82 Win=0 Len=0
    ...but do not understand why the PC ends the connection!
    NB: Obviously the username and password are correct and the UC does not report login errors.
    Can anyone give me a hint? 1k thanks
    73,
    Arturo

    Most files are 0 bytes long, only Application_Log report some output:
    ++: DEBUG:  : User Preference Settings App Version=2.2 (5)
    ++: DEBUG:  : Current App Version=2.2 (5)
    ++: DEBUG:  : *** Site name: DIM - Lab
    ++: DEBUG:  : *** Remove site from history list: DIM - Lab
    ++: DEBUG:  : Last used connection string: http://DIM+-+Lab:80/
    ++: DEBUG:  : Filtered connection string: DIM+-+Lab
    ++: DEBUG:  : SiteName : DIM+-+Lab DecodedName: DIM - Lab
    ++: DEBUG:  : DIM - Lab is customer site name: true
    ++: DEBUG:  : Set connection string to: ---.---.---.---
    ++: DEBUG:  : Filtered connection string: DIM+-+Lab
    ++: DEBUG:  : Duration for [upd Mirror<--Device() @ com.cisco.cpnm.features.defn.connect.ConnectDialogTask] = [1265] msec.
    ++: DEBUG:  : *** Site name: DIM - Lab
    ++: DEBUG:  : *** Remove site from history list: DIM - Lab
    ++: DEBUG:  : Last used connection string: http://DIM+-+Lab:80/
    ++: DEBUG:  : Filtered connection string: DIM+-+Lab
    ++: DEBUG:  : SiteName : DIM+-+Lab DecodedName: DIM - Lab
    ++: DEBUG:  : DIM - Lab is customer site name: true
    ++: DEBUG:  : Set connection string to: ---.---.---.---
    ++: DEBUG:  : Filtered connection string: DIM+-+Lab
    ++: DEBUG:  : Filtered connection string: DIM+-+Lab
    ++: DEBUG:  : Filtered connection string: DIM+-+Lab
    ++: DEBUG:  : WDTask::setHierarchy .TroubleshootingLogsTask
    ++: DEBUG:  : Duration for [create() @ com.cisco.cpnm.features.defn.logs.TroubleshootingLogsTask] = [78] msec.
    NB: I understand that the program tries to connect using something invented name of the site?
    I create another site with a valid DNS name and I try to connect... Last log lines are:
    ++: DEBUG:  : conn string: HTTP://valid.name.tld:80/
    ++: DEBUG:  : ConnectionMediator:connect() : http://valid.name.tld:80/
    ++: DEBUG:  : URL After Decoding :http://valid.name.tld:80/
    ++: DEBUG:  : ConnectionMediator:isFederation() : http://valid.name.tld:80/
    ++: DEBUG:  : initAppMode():http://valid.name.tld:80/
    ++: DEBUG:  : ConnectionMediator:isFederation() : http://valid.name.tld:80/
    ++: DEBUG:  : initAppWithConnection():http://valid.name.tld:80/
    ++: DEBUG:  : Found Module For device type : UC540W-BRI-K9
    ++: DEBUG:  : *** RouterInfo.ShVer.Fields=[UC540W-BRI-K9, cme, 1 day  23 hours  49 minutes, flash:uc500-advipservicesk9-mz.150-1.XA2, , 15.0(1)XA2, N, N, , UC500-ADVIPSERVICESK9-M, , 1 ]
    ++: DEBUG:  : AuthGrp@1978622: getAuthCreds() called for: telnet://uc.uc.uc.1:23; realm: null
    ++: DEBUG:  : AuthGrp@1978622: getAuthCreds() called for: telnet://uc.uc.uc.1:23; realm: null
    ++: DEBUG:  : AuthGrp@1978622: getAuthCreds() called for: telnet://uc.uc.uc.1:23; realm: null
    73

Maybe you are looking for

  • Receiver Mail Adapter with Attachment and Mailpackage

    I have set up a scenario filesystem: filexxx.xml filexxx.pdf xml= mailpackage format to get the receiver mailaddress pdf=the file i want to send as a attchment. I am using the RenemAttachment module i found on SDN. in SXMB_MONI it looks ok,  the atta

  • How do you build an image gallery in Flash CS3 actionscript3?

    I am building my entire website in flash cs3, actionscript3 but I really need help building an image gallery. What I need is a horizontal scroll bar that contains thumbs within it and then loads the full size image right above the scroll bar. Anyone

  • Leading

    Why is it that sometimes the leading just doesn't work in InDesign and Illustrator? Has anyone else had this problem?

  • Error in configuring Oracle Management server

    Hi. Trying to create management server using the configuration wizard, but after supplying SYS and SYSTEM passwords, the following exceptions have (twice) arisen: (this occurrs after creating the database, but while trying to create Repository User:

  • Spry Repeat Ticker

    I want the ticker to automatically flip through <title> in time-based intervals. When a user clicks on the <title> that is being displayed it takes them to a specific URL. I've searched through the forums for quite a while but can't seem to find any