Fixed IP for PPTP client

Hi,
is it possible to configure static ip for pptp client somewhere in SL Server?

You will either need a radius server to assign the ip adresses or you must make a separate pool containing a single ip address for each client. his means lots of configuration and will hence only be workable if you have few clients.
Regards,
Leo

Similar Messages

Cisco 1841 as PPTP client Does not work

Dear All,
I have Cisco 1841 router running the below roles
1) SSL VPN Server
2) PPTP Server
3) Site to Site Connection with Sonicwall router
I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
I went through below
http://www.mreji.eu/content/cisco-router-pptp-client
https://supportforums.cisco.com/thread/2167562
But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
protocol pptp
rotary-group 4
Please Advise and Help
Regards
Hasan Reza
My Current Config is as below
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
exit
Gateway#show run |
Building configuration...
Current configuration : 25109 bytes
! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Gateway
boot-start-marker
boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
boot-end-marker
logging buffered 4096
no logging console
enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
no aaa new-model
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.236.5.1 10.236.5.20
ip dhcp excluded-address 10.236.5.21 10.236.5.50
ip dhcp excluded-address 172.21.51.2 172.21.51.50
ip dhcp pool ContosoPool
 network 10.236.5.0 255.255.255.0
 default-router 10.236.5.254
 dns-server 213.42.20.20 195.229.241.222
ip dhcp pool DMZ
 network 172.21.51.0 255.255.255.0
 dns-server 172.21.51.10
 default-router 172.21.51.1
 domain-name contoso.local
ip cef
ip domain name contoso.local
ip name-server 213.42.20.20
ip name-server 195.229.241.22
ip name-server 195.229.241.222
ip ddns update method dyndns
HTTP
add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
multilink bundle-name authenticated
vpdn enable
vpdn-group 2
request-dialin
protocol l2tp
initiate-to ip 173.195.0.42
vpdn-group RAS-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
crypto pki token default removal timeout 0
crypto pki trustpoint TP.StartSSL.CA
enrollment terminal pem
revocation-check none
crypto pki trustpoint TP.StartSSL-vpn
enrollment terminal pem
usage ssl-server
serial-number none
fqdn ssl.spktelecom.com
ip-address none
revocation-check crl
rsakeypair RSA.StartSSL-vpn
crypto pki trustpoint TP-self-signed-1981248591
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1981248591
revocation-check none
rsakeypair TP-self-signed-1981248591
crypto pki trustpoint VMWare
enrollment terminal
revocation-check crl
crypto pki trustpoint OWA
enrollment terminal pem
revocation-check crl
crypto pki certificate chain TP.StartSSL.CA
certificate ca 01
(removed the certificate info for clarity)
 quit
crypto pki certificate chain TP.StartSSL-vpn
certificate 0936E1
 (removed the certificate info for clarity)9
 quit
certificate ca 18
(removed the certificate info for clarity)
 quit
crypto pki certificate chain TP-self-signed-1981248591
certificate self-signed 01
 (removed the certificate info for clarity)
 quit
crypto pki certificate chain VMWare
certificate ca 008EDCE6DBCE6B
 (removed the certificate info for clarity)
 quit
crypto pki certificate chain OWA
 (removed the certificate info for clarity)
license udi pid CISCO1841 sn FCZ122191TW
archive
log config
hidekeys
username admin privilege 15 password 7 1304131F02023B7B7977
username ali password 7 06070328
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 84000
crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
crypto dynamic-map mydyn 10
set transform-set strongsha
crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
interface FastEthernet0/0
description Internal Network (Protected Interface)
ip address 10.236.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
interface Virtual-Template1
ip unnumbered Dialer1
peer default ip address dhcp-pool ContosoPool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 eap
interface Dialer1
ip ddns update hostname XXXXXXX.dyndns.org
ip ddns update dyndns
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
ppp pap sent-username vermam password 7 13044E155E0913323B
crypto map Dxb-Auh
interface Dialer2
mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 2
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin
ppp eap refuse
ppp chap hostname hasanreza
ppp chap password 7 070E2541470726544541
interface Dialer995
no ip address
ip local pool webssl 10.236.6.10 10.236.6.30
ip forward-protocol nd
ip http server
ip http secure-server
ip nat inside source list nat interface Dialer1 overload
ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.21.51.0 255.255.255.0 10.236.5.253
ip access-list extended internal
permit ip any 10.236.5.0 0.0.0.255
ip access-list extended nat
deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
deny ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any
ip access-list extended nonat
permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
ip access-list extended sslacl
ip access-list extended webvpn
permit tcp any any eq 443
logging esm config
access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway1
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint TP.StartSSL-vpn
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context webvpn
ssl authenticate verify all
url-list "Webservers"
 heading "SimpleIT Technologies NBNS Servers"
 url-text "Google" url-value "www.google.com"
 url-text "Mainframe" url-value "10.236.5.2"
 url-text "Mainframe2" url-value "https://10.236.5.2"
nbns-list "ContosoServer"
 nbns-server 10.236.5.10
 nbns-server 10.236.5.11
 nbns-server 10.236.5.12
port-forward "PortForwarding"
 local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
policy group policy1
 url-list "Webservers"
 port-forward "PortForwarding"
 nbns-list "ContosoServer"
 functions file-access
 functions file-browse
 functions file-entry
 functions svc-enabled
 svc address-pool "webssl"
 svc default-domain "Contoso.Local"
 svc keep-client-installed
 svc split include 10.236.5.0 255.255.255.0
 svc split include 10.236.6.0 255.255.255.0
 svc split include 172.31.1.0 255.255.255.0
 svc split include 172.21.51.0 255.255.255.0
 svc dns-server primary 172.21.51.10
default-group-policy policy1
gateway gateway1
inservice
end
Gateway#

Dear All,
I have Cisco 1841 router running the below roles
1) SSL VPN Server
2) PPTP Server
3) Site to Site Connection with Sonicwall router
I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
I went through below
http://www.mreji.eu/content/cisco-router-pptp-client
https://supportforums.cisco.com/thread/2167562
But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
protocol pptp
rotary-group 4
Please Advise and Help
Regards
Hasan Reza
My Current Config is as below
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
exit
Gateway#show run |
Building configuration...
Current configuration : 25109 bytes
! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Gateway
boot-start-marker
boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
boot-end-marker
logging buffered 4096
no logging console
enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
no aaa new-model
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.236.5.1 10.236.5.20
ip dhcp excluded-address 10.236.5.21 10.236.5.50
ip dhcp excluded-address 172.21.51.2 172.21.51.50
ip dhcp pool ContosoPool
 network 10.236.5.0 255.255.255.0
 default-router 10.236.5.254
 dns-server 213.42.20.20 195.229.241.222
ip dhcp pool DMZ
 network 172.21.51.0 255.255.255.0
 dns-server 172.21.51.10
 default-router 172.21.51.1
 domain-name contoso.local
ip cef
ip domain name contoso.local
ip name-server 213.42.20.20
ip name-server 195.229.241.22
ip name-server 195.229.241.222
ip ddns update method dyndns
HTTP
add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
multilink bundle-name authenticated
vpdn enable
vpdn-group 2
request-dialin
protocol l2tp
initiate-to ip 173.195.0.42
vpdn-group RAS-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
crypto pki token default removal timeout 0
crypto pki trustpoint TP.StartSSL.CA
enrollment terminal pem
revocation-check none
crypto pki trustpoint TP.StartSSL-vpn
enrollment terminal pem
usage ssl-server
serial-number none
fqdn ssl.spktelecom.com
ip-address none
revocation-check crl
rsakeypair RSA.StartSSL-vpn
crypto pki trustpoint TP-self-signed-1981248591
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1981248591
revocation-check none
rsakeypair TP-self-signed-1981248591
crypto pki trustpoint VMWare
enrollment terminal
revocation-check crl
crypto pki trustpoint OWA
enrollment terminal pem
revocation-check crl
crypto pki certificate chain TP.StartSSL.CA
certificate ca 01
(removed the certificate info for clarity)
 quit
crypto pki certificate chain TP.StartSSL-vpn
certificate 0936E1
 (removed the certificate info for clarity)9
 quit
certificate ca 18
(removed the certificate info for clarity)
 quit
crypto pki certificate chain TP-self-signed-1981248591
certificate self-signed 01
 (removed the certificate info for clarity)
 quit
crypto pki certificate chain VMWare
certificate ca 008EDCE6DBCE6B
 (removed the certificate info for clarity)
 quit
crypto pki certificate chain OWA
 (removed the certificate info for clarity)
license udi pid CISCO1841 sn FCZ122191TW
archive
log config
hidekeys
username admin privilege 15 password 7 1304131F02023B7B7977
username ali password 7 06070328
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 84000
crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
crypto dynamic-map mydyn 10
set transform-set strongsha
crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
interface FastEthernet0/0
description Internal Network (Protected Interface)
ip address 10.236.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
interface Virtual-Template1
ip unnumbered Dialer1
peer default ip address dhcp-pool ContosoPool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 eap
interface Dialer1
ip ddns update hostname XXXXXXX.dyndns.org
ip ddns update dyndns
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
ppp pap sent-username vermam password 7 13044E155E0913323B
crypto map Dxb-Auh
interface Dialer2
mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 2
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin
ppp eap refuse
ppp chap hostname hasanreza
ppp chap password 7 070E2541470726544541
interface Dialer995
no ip address
ip local pool webssl 10.236.6.10 10.236.6.30
ip forward-protocol nd
ip http server
ip http secure-server
ip nat inside source list nat interface Dialer1 overload
ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.21.51.0 255.255.255.0 10.236.5.253
ip access-list extended internal
permit ip any 10.236.5.0 0.0.0.255
ip access-list extended nat
deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
deny ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any
ip access-list extended nonat
permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
ip access-list extended sslacl
ip access-list extended webvpn
permit tcp any any eq 443
logging esm config
access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway1
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint TP.StartSSL-vpn
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context webvpn
ssl authenticate verify all
url-list "Webservers"
 heading "SimpleIT Technologies NBNS Servers"
 url-text "Google" url-value "www.google.com"
 url-text "Mainframe" url-value "10.236.5.2"
 url-text "Mainframe2" url-value "https://10.236.5.2"
nbns-list "ContosoServer"
 nbns-server 10.236.5.10
 nbns-server 10.236.5.11
 nbns-server 10.236.5.12
port-forward "PortForwarding"
 local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
policy group policy1
 url-list "Webservers"
 port-forward "PortForwarding"
 nbns-list "ContosoServer"
 functions file-access
 functions file-browse
 functions file-entry
 functions svc-enabled
 svc address-pool "webssl"
 svc default-domain "Contoso.Local"
 svc keep-client-installed
 svc split include 10.236.5.0 255.255.255.0
 svc split include 10.236.6.0 255.255.255.0
 svc split include 172.31.1.0 255.255.255.0
 svc split include 172.21.51.0 255.255.255.0
 svc dns-server primary 172.21.51.10
default-group-policy policy1
gateway gateway1
inservice
end
Gateway#

Basis: No service for system , client in Integration Directory??

Hi All,
IDocs from SAP QA are not being sent to PI QA. I see error in SM58 in SAP QA as: No service for system , client in Integration Directory. Please dont jump to asnwers by looking at above error. I could fix that, but thats not the real problem.
Because I have checked
1) SLD home page ---> Technical Landscape --> Select Web AS ABAP --> Select the technical system --> Clients ---> Click on the client used as Business system --> Here look for the logical system is defined (No Problem here, as logical systems is defined).
2) ID---> Click on Objects --> Service Without party/Party > Double click on business system>On the tright side--> Service --> Adapter specific Identifiers ---> Check IDoc Adpater, Logical System (No Problem here as I see Logical System).
But I can't find values R/3 System ID and Client under "IDoc Adapter and RFC Adapter". I think thats problem here, when I click on "Compare with SLD" in edit mode, values are not getting populated into R/3 System ID and Client. It makes think there is communication error from ID to SLD. How I do confirm if its the real problem?
3) Checked Note 940313 - IDoc adapter: Error messages in SM58, No problem here
4) Did SLDCHECK from PI QA, works fine, no problems here
Both PI DEV and PI QA pointing to the same SLD. When I send IDocs from SAP QA to PI DEV, everything works fine. I can't send IDoc from SAP QA to PI DEV (changed RFC des to point to PI QA, it shouldn't be a problem).
How do I find out if communication between PI QA - ID is workign fine with the SLD? Is there any other issue you can think of causing the above error?
Thank You,
Indrasena Janga

*I have trobleshooted a similar issue. In my case also the tRFC failed with the error "No service for system SAP, client 400 in Integration Directory".There were 11 IDOCS associated with this tRFC and when I saw control record of first IDOC,in sender information ,the sender partner number was wrong.Instead of "SAPSID",it was found as just "SAP".Where as the remaining ten were maintained with correct sender partner number.remaining ten IDOCS were dependant on first one.
Thanks,
Varada Reddy

I cannot route to remote subnets from cisco vpn client and pptp client

Hi guys,
I've a big problem, I configured a 877 cisco router as a cisco vpn server (the customer use it to connect to his network from pc) and a pptp vpn server (he use it to connet to the network from a smartphone).
In this router I created 2 vlan, one for wired network (192.168.10.0/24) and the second one (10.0.0.0/24) for wireless clients and I use fastethernet 3 port to connect these to the router.
this is the issue, when the customer try to connect to a wireless network from both of vpn clients he cannot do this, but if he try to connect to a wired network client all working fine.
following the addresses taken from the router.
- encrypted vpn client -
ip address. 192.168.10.20
netmask 255.255.255.0
Default Gateway. none (blank)
- pptp vpn client -
ip address. 192.168.10.21
netmask. 255.255.255.255
Default Gateway. 192.168.10.21
Is possible that I cannot reach the remote subnet because the clients doesn't receive a gateway (in the first case) or receive the wrong subnet/gateway (in the second one)..?
There is anyone can help me..?
Thank you very much.
Many Kisses and Kindly Regards..
Ilaria

The default gateway on your PC is not the problem, it will always show as the same IP address (this is no different when you dial up to an ISP, your DG will again be set to your negotiated IP address).
The issue will be routing within the campus network and more importantly on the PIX itself. The campus network needs a route to the VPN pool of addresses that eventually points back to the PIX.
The issue here is that the PIX will have a default gateway pointing back out towards your laptop. When you establish a VPN and try and go to an Internet address, the PIX is going to route this packet according to its routing table and send it back out the interface it came in on. The PIX won't do this, and the packet will be dropped. Unless you can set the PIX's routing table to forward Internet packets to the campus network, there's no way around this. Of course if you do that then you'll break connectivity thru the PIX for all the internal users.
The only way to do this is to configure split tunnelling on the PIX, so that packets destined for the Internet are sent directly from your laptop in the clear just like normal, and any packet destined for the campus network is encrypted and sent over the tunnel.
Here's the format of the command:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524

Using JSSE : "Invalid Netscape CertType extension for SSL client" Error

Hi all,
Im using the sample code given sun site for JSSE with Client Authentication. The sample as such it worked with the testkeys provided in that. But it didn't workout when I tried using other certificates.
Both client and server certificates I generated from our internal Netscape Certificate Manager.
Function of the server :
The server will read a private key from the given keystore and starts listening on a port. This server will server only GET request.
Function of the client :
The Client sends a GET request to the server and gets the response back.
I simply changed the key store name alone in the working sample code.
It is not working.
The Exception thrown on client side :
D:\users\Jp\java\jssesamples\sockets\client\class>java SSLSocketClientWithClientAuth1 localhost 1089 /urls
localhost
1089
/urls
java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at com.sun.net.ssl.internal.ssl.OutputRecord.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at SSLSocketClientWithClientAuth1.main(SSLSocketClientWithClientAuth1.java:119)
Exception thrown on server side :
D:\users\Jp\java\jssesamples\sockets\server\class>java ClassFileServer 1089 . TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
at java.lang.Thread.run(Thread.java:536)
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
error writing response: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExce
ption: Invalid Netscape CertType extension for SSL client
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.Certificate
Exception: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.e(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.DataOutputStream.writeBytes(DataOutputStream.java:256)
at ClassServer.run(ClassServer.java:128)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension
for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
... 1 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
The Client code :
* @(#)SSLSocketClientWithClientAuth.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
import java.security.KeyStore;
* This example shows how to set up a key manager to do client
* authentication if required by server.
* This program assumes that the client is not inside a firewall.
* The application can be modified to connect to a server outside
* the firewall by following SSLSocketClientWithTunneling.java.
public class SSLSocketClientWithClientAuth1 {
public static void main(String[] args) throws Exception {
 String host = null;
 int port = -1;
 String path = null;
 for (int i = 0; i < args.length; i++)
 System.out.println(args);
 if (args.length < 3) {
 System.out.println(
 "USAGE: java SSLSocketClientWithClientAuth " +
 "host port requestedfilepath");
 System.exit(-1);
 try {
 host = args[0];
 port = Integer.parseInt(args[1]);
 path = args[2];
 } catch (IllegalArgumentException e) {
 System.out.println("USAGE: java SSLSocketClientWithClientAuth " +
 "host port requestedfilepath");
 System.exit(-1);
 try {
 * Set up a key manager for client authentication
 * if asked by the server. Use the implementation's
 * default TrustStore and secureRandom routines.
 SSLSocketFactory factory = null;
 try {
 SSLContext ctx;
 KeyManagerFactory kmf;
 KeyStore ks;
 char[] passphrase = "passphrase".toCharArray();
 ctx = SSLContext.getInstance("TLS");
 kmf = KeyManagerFactory.getInstance("SunX509");
 ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
 ks.load(new FileInputStream("clientkey"), passphrase);
 kmf.init(ks, passphrase);
 ctx.init(kmf.getKeyManagers(), null, null);
 factory = ctx.getSocketFactory();
 } catch (Exception e) {
 throw new IOException(e.getMessage());
 SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
 * send http request
 * See SSLSocketClient.java for more information about why
 * there is a forced handshake here when using PrintWriters.
 socket.startHandshake();
 PrintWriter out = new PrintWriter(
 new BufferedWriter(
 new OutputStreamWriter(
 socket.getOutputStream())));
 out.println("GET " + path + " HTTP/1.1");
 /* Some internet sites throw bad request error for HTTP/1.1 req if hostname is not specified so the foll line */
 out.println("Host: " + host);
 out.println();
 out.flush();
 * Make sure there were no surprises
 if (out.checkError())
 System.out.println(
 "SSLSocketClient: java.io.PrintWriter error");
 /* read response */
 BufferedReader in = new BufferedReader(
 new InputStreamReader(
 socket.getInputStream()));
 String inputLine;
 while ((inputLine = in.readLine()) != null)
 System.out.println(inputLine);
 in.close();
 out.close();
 socket.close();
 } catch (Exception e) {
 e.printStackTrace();
The Server code :
* @(#)ClassFileServer.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.io.*;
import java.net.*;
import java.security.KeyStore;
import javax.net.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
/* ClassFileServer.java -- a simple file server that can server
* Http get request in both clear and secure channel
* The ClassFileServer implements a ClassServer that
* reads files from the file system. See the
* doc for the "Main" method for how to run this
* server.
public class ClassFileServer extends ClassServer {
private String docroot;
private static int DefaultServerPort = 2001;
* Constructs a ClassFileServer.
* @param path the path where the server locates files
public ClassFileServer(ServerSocket ss, String docroot) throws IOException
 super(ss);
 this.docroot = docroot;
* Returns an array of bytes containing the bytes for
* the file represented by the argument path.
* @return the bytes for the file
* @exception FileNotFoundException if the file corresponding
* to path could not be loaded.
public byte[] getBytes(String path)
 throws IOException
 System.out.println("reading: " + path);
 File f = new File(docroot + File.separator + path);
 int length = (int)(f.length());
 if (length == 0) {
 throw new IOException("File length is zero: " + path);
 } else {
 FileInputStream fin = new FileInputStream(f);
 DataInputStream in = new DataInputStream(fin);
 byte[] bytecodes = new byte[length];
 in.readFully(bytecodes);
 return bytecodes;
* Main method to create the class server that reads
* files. This takes two command line arguments, the
* port on which the server accepts requests and the
* root of the path. To start up the server: 
* <code> java ClassFileServer <port> <path>
* </code> 
* <code> new ClassFileServer(port, docroot);
* </code>
public static void main(String args[])
 System.out.println(
 "USAGE: java ClassFileServer port docroot [TLS [true]]");
 System.out.println("");
 System.out.println(
 "If the third argument is TLS, it will start as\n" +
 "a TLS/SSL file server, otherwise, it will be\n" +
 "an ordinary file server. \n" +
 "If the fourth argument is true,it will require\n" +
 "client authentication as well.");
 int port = DefaultServerPort;
 String docroot = "";
 if (args.length >= 1) {
 port = Integer.parseInt(args[0]);
 if (args.length >= 2) {
 docroot = args[1];
 String type = "PlainSocket";
 if (args.length >= 3) {
 type = args[2];
 try {
 ServerSocketFactory ssf =
 ClassFileServer.getServerSocketFactory(type);
 ServerSocket ss = ssf.createServerSocket(port);
 if (args.length >= 4 && args[3].equals("true")) {
 ((SSLServerSocket)ss).setNeedClientAuth(true);
 new ClassFileServer(ss, docroot);
 } catch (IOException e) {
 System.out.println("Unable to start ClassServer: " +
 e.getMessage());
 e.printStackTrace();
private static ServerSocketFactory getServerSocketFactory(String type) {
 if (type.equals("TLS")) {
 SSLServerSocketFactory ssf = null;
 try {
 // set up key manager to do server authentication
 SSLContext ctx;
 KeyManagerFactory kmf;
 KeyStore ks;
 char[] passphrase = "passphrase".toCharArray();
 ctx = SSLContext.getInstance("TLS");
 kmf = KeyManagerFactory.getInstance("SunX509");
 ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
 ks.load(new FileInputStream("serverkey"), passphrase);
 kmf.init(ks, passphrase);
 ctx.init(kmf.getKeyManagers(), null, null);
 ssf = ctx.getServerSocketFactory();
 return ssf;
 } catch (Exception e) {
 e.printStackTrace();
 } else {
 return ServerSocketFactory.getDefault();
 return null;
Could anyone help ?
thanks in advance
Jayaprakash

The same thing.
I have found the place where the exception throws.
It is com.sun.net.ssl.internal.ssl.AVA class.
It has a constructor AVA(StringReader)
There is a check in this constructor of different certificate extensions
(if-else). If it sees no familiar extension it throws exception and handshake fails.
It is not difficult to fix this problem: just ignore unknown extension.
Everything works fine with this "improved" class (under VA 3.5).
But the problem is - the using of this class in applets.
How can I say the browser to use my "improved" class and not the one it downloaded with java plug-in?

Cumulative Hot Fix 2 for ColdFusion 8.0.1?

We've been feeling a little leery about Adobe's stance with
CF8 for a while now due to the lack of patches and updates compared
to what we've been used to expecting from Macromedia. We've been
checking the patch and security pages a couple times a week looking
to see if there have been any changes. I noticed a change date on
the CF8 patch page the other day but no new patches showed up.
http://www.adobe.com/support/coldfusion/downloads_updates.html
Then today I noticed the date changed again at the bottom and
now there was a new patch at the top replacing the 2 that were
there before. Cumulative Hot Fix 2 for ColdFusion 8.0.1
The patch says it's from 10/20/2008 and if you decompress the
file it gives a date of 10/17/2008 on the file. This patch was new
to the public as of this week though. The reason I'm posting is to
try to understand why this patch has been sitting unreleased for
nearly 5 months now? There clearly have not been any changes to the
file in that time frame so that was either the best written patch
with the most exhaustive testing ever or someones been neglecting
posting the patches that have been completed.

@brentil, ah, ok. I understand now. Yep, that is curious. I
can confirm that it wasn't there on Mar 17, per the Google cache
page:
http://74.125.93.104/search?rlz=1C1GGLS_en-USUS291US306&sourceid=chrome&ie=UTF-8&q=cache:h ttp://kb.adobe.com/selfservice/viewContent.do%3FexternalId%3Dkb402604%26sliceId%3D1
Of course, by the time someone reads this in the future, it's
possible that the cached page will be different again. One would
want to note the date offered by Google at the top of the page it
shows.
So the real question is why the CHF link was note posted here
until now. I'm with you that some resources are not always updated.
I blogged about it:
http://www.carehart.org/blog/client/index.cfm/2008/7/16/beware_technotes_may_not_be_listed _elsewhere
Perhaps more dismaying is that the CHF2 technote lists many
more HFs included than appear in the main hotfix page (the URL you
pointed to). So one might ask why we should have had to wait for a
CHF to get those hotfixes.
Also, I notice that the main cf8 downloads page (which you
pointed to originally) does not, in fact, refer to the 8.0.1 CHF
(though it does list 8.0 CHFs). That should be address.
I agree that we should expect the hotfixes page to list any
hotfixes or CHFs as soon as they're available. Sorry I missed your
main point.
Sadly, I don't know that we can expect too much to come of
this discussion here. There's just no guarantee that anyone
responsible would see it. But here's good news. A couple of blog
entries have raised the concern:
http://www.creative-restraint.co.uk/blog/post.cfm/coldfusion-8-0-1-cumulative-hotfix-2
http://blog.pengoworks.com/index.cfm/2009/3/18/ColdFusion-v801-Hot-Fix-2-released-in-Oct-2 008
And Ben Forta is a party to the second one, where I've just
added a comment asking to find who we can press about this.
Finally, just an FYI: that URL you offered is indeed the same
page that I'd offered. The URL I gave (
http://www.adobe.com/go/kb402604)
comes from the "permanent link" offered at the bottom of all Adobe
technotes, which is just a nice shorter URL.

Looking for a WebLogic Admin for a client in the Miami, FL area


We are currently looking for a WebLogic Admin for a client in the Miami, FL area (Permanent position)
This right candidate must have experience with the following technical skill sets:
· Extensive experience with WebLogic and SQL Server
· Solid expertise as WebLogic Administrator | Web Administrator | Java Developer
· Strong experience in Web hosting infrastructure
· Experience in WebLogic installation, configuration, and tuning;
· Performed application deployments and diagnosing performance related issues with WebLogic;
· Worked with BEA/Oracle WebLogic Technical Support in resolving the critical issues by analyzing the logs and config files and follow up on the open incidents;
· Extensive experience in WebLogic Administration, monitoring and troubleshooting;
· Ability to analyze the results of monitoring systems to identify problem areas;
· Experience in writing WLST scripts for deployment, start and stop servers;
· Solid experience using Java, doing systems maintenance or new functionality development
· Worked closely with development and testing teams to implement fixes in Production under strict time constraints;
· Involved in troubleshooting for production issues and escalating as per the requirement;
· Experience in writing scripts to handle complex automation / administration;
Some Preferred Experience:

· Past experience in the financial sector would be preferred


If you are interested, know anyone or have any questions please feel free to call or email me at (561) 745-6945 or [email protected]


Thanks in advance,
Bob Kelly


FYI. Forums abuse has been reported.
:Rob:

SCREEN LOCKED error "Searching for your client device. Please wait..."

This error is locking my routers configuration screen. "Searching for your client device. Please wait... If you haven't clicked on the Wi-Fi Protected Setup button on your client device, please do so now."
Is there a fix for this issue without restoring to the factory defaults?.
Your work around is not an option because restoring the factory defaults and reconfiguring the router manually is would be too time consuming in our small office and can afford the downtime. Is there a fix for this issue without restoring to the factory defaults? This problem has been crippling many of the Linksys routers for some time now; just search the error on goggle.
Solved!
Go to Solution.

Power cycle the router. Unplug the power cord for 30 seconds and power it back on. If it still won't work, then you will have to reset and reconfigure the router. Please check the links below on how to reset the router and set it up for either cable or DSL:
Title: Resetting the router to factory defaults and changing the router’s password
Article ID: 19584
http://kb.linksys.com/Linksys/GetArticle.aspx?docid=1e97db4854604b0fb5cc8c0d74491e35_19584.xml&pid=8...
Title: Setting up a Linksys router for DSL Internet connection
Article ID: 3687
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=20ee1457387f40178cd5f41d4b585db4_3687.xml&pid=80&r...
Title: Setting up a Linksys router with Cable Internet service
Article ID: 3686
http://kb.linksys.com/Linksys/ukp.aspx?pid=80&vw=1&articleid=3686

Installing pptp client

Hi Gurus,
I downloaded pptp client from sourceforge.net i am trying to install it on Solaris 10 x86 laptop but i get the following errors, can you please help a lost friend here:
bash-3.00# /usr/local/bin/make
gcc -o pptp pptp.o pptp_gre.o ppp_fcs.o pptp_ctrl.o dirutil.o vector.o inststr.o util.o version.o test.o pptp_quirks.o orckit_quirks.o pqueue.o pptp_callmgr.o routing.o pptp_compat.o -lutil
ld: fatal: library -lutil: not found
ld: fatal: File processing errors. No output written to pptp
collect2: ld returned 1 exit status
make: *** [pptp] Error 1
thanks in advance

Hi, thanks for reply, i tried that but now i get this error:
bash-3.00# /usr/local/bin/make
gcc -o pptp pptp.o pptp_gre.o ppp_fcs.o pptp_ctrl.o dirutil.o vector.o inststr.o util.o version.o test.o pptp_quirks.o orckit_quirks.o pqueue.o pptp_callmgr.o routing.o pptp_compat.o
Undefined first referenced
symbol in file
bind pptp_gre.o
accept pptp_callmgr.o
listen pptp_callmgr.o
gethostbyname pptp.o
socket pptp.o
getsockopt pptp_gre.o
connect pptp.o
inet_aton pptp_callmgr.o
inet_pton pptp.o
inet_ntoa pptp.o
h_errno pptp.o
ld: fatal: Symbol referencing errors. No output written to pptp
collect2: ld returned 1 exit status
make: *** [pptp] Error 1
please help!

Where is the download link for SCEP Client Offline installer for x86 & x64 altest greatest version (4.6.305 as of today)

Where is the download link for SCEP Client Offline installer for x86 & x64 latest greatest version (4.6.305 as of today)?
The answer IS NOT IT AND NEVER WILL BE "DOES NOT EXIST"!!!!!! MUST NEVER NEED TO RUN UPDATES TO GET IT!!!!!!!!! THE ONLY ACCEPTABLE ANSWER IS THE LINK!!!!! DUH GET YOUR ACT IN GEAR MS!!!!!!!!!!
Ralph

Thanks to all for the information. I work in higher ed. We have SCCM latest version, fully licensed. Unfortunately the individual who manages the SC does not have a clue as to where to find the SCEP installer. I sent him links from MS that shows him where
it is supposed to be. The version he say's is on our SC Management server is 4.3. I, in the past, was able to get 4.5 independent of him and it has been working well for me but it is time to use the latest greatest version instead. I should just as easily
be able to get 4.6. As far as licensing goes, if the product was correctly designed it should just work itself out just like it does for the 4.5 version I was able to easily find and download.
As for the link given by KevinMJohnston, thanks by the way, its the closest I have come to getting what I need but all I get is a spinning wheel in Firefox, the only browser one should ever need. In IE I get prompted for an email address, which it should
NEVER EVER DO!!!!!!!!!! I did give them my address, but alas, after waiting over 30 mins. I still don't have a link to the update or the CU4 Config MGR update mentioned. (Another reason I am not very nice to MS, along with, see below...) Please send me the
link that they are suppose to send me in the email.
As for the intensity of the request it comes from not being able to find the update on my own. (Amongst a million other complaints as MS makes my job harder and harder, just think of all the lost productivity and extra repair efforts needed because MS stopped
allowing you to do upgrade/repair installs from the install discs. You have to have a working OS to do it, or you will lose your settings etc and will have to re-install all of your software etc. How STUPID IS THAT! Can't use it to fix a blown driver or BSOD
problem like you could in XP. There is no excuse for that, I know better. So you can see why I have nothing good to say about MS etc etc.) There is no excuse for that! If the MS updater has it available then IT MUST BE MADE AVAILABLE FOR STANDALONE DOWNLOAD
PERIOD. That goes for ALL updates PERIOD. I use these updates and many others etc so that once I seal an image for a PC it has the latest greatest version of everything. It is quicker to get it stand alone in advance and installing than waiting for MS
updates to do so. Also I prefer to config my images so that the Av installs after first boot. These are cloned PCs. Many of these PC are used in labs and are frozen. Here, the settings for the SCEP AV being pushed from above can cause major problems for the
users i.e. the scheduled scan feature. If it is on when students are taking tests and they take more than 5 or 10 mins on question MS is stupid enough to start scanning causing the system to become unresponsive. This has caused students to breakdown in tears
thinking the system is hosed and they just lost their tests. I have to do some creative reg hack, setting owner as "Guest", a disabled account, etc. to keep these settings from being changed. (Our SC managers push policies that work for the faculty
but break the lab systems which are frozen, so I have to out hack them, should not be, but it is, we are trying to get that fixed, but bureaucracy and people afraid to share power etc makes it hard.) These settings unfortunately will prevent the AV from
installing so I need to be able to manually do it after I have set the reg to allow it. And I could go on. Who knows when or why someone may need to do a manual update of something. I just had 3 systems fail 12 updates, yet when I manually downloaded
them and installed them they ALL installed without failure. I did NOTHING in between the auto update and the manual, yet it was the manual way that worked. Maybe if MS could fix those kind of issues then no one would need to get stand alone update files.)
That is not for MS to worry about. It is, however, their responsibility to make it so that I can choose what will work best for my environment, which only I could know. DUH. I have had issues in the past with MS AV and other brands being installed before "sealing"
the images. etc. etc. etc.
As you can see, there is not enough space on the world wide web to list all thousands of legitimate reasons to give Microsoft a hard time so I will do so on a case by case bases knowing I am probably spitting in to the wind, but hey somebody has to have
the guts to do it. MS MUST NEVER BE ALLOWED TO SIMPLY GET AWAY WITH IT! They Must be called to the proverbial carpet.
Maybe if people who are MVPs would not be afraid to join the choruses they would be embarrassed, (though it should be done out of moral obligation not embarrassment), enough to fix these obviously fixable problems etc. etc. etc. I have over 30 years in the
IT business, the IBM XT did not exist until my senior year in college. You are not going to be able to convince me that there is a legitimate reason, copy protection IS NOT IT, to prevent me from fixing blown OS via re-install using install disc when OS will
not boot. Nor are you going to be able to find legitimate reason for the SCEP 4.6.305 update to be so hard to get.
Thanks again for the help, still waiting for email from MS, NOT COOL MS! NO EXCUSE!!!!!
Ralph

Cannot install KMS key in VAMT for KMS clients

Dear Sir / Madam,
I have some technical problems about setup the KMS host and KMS clients.
OS of the KMS host: Windows Server 2012 Standard
OS of the KMS client: Windows 7 Professional (32bit)
Question 1:
I want to use KMS host server to handle KMS keys and activations for KMS clients. Which type of KMS key need to install in KMS host ?
Would I need to install Windows 7 Professional KMS key or
Windows Server 2012 Standard KMS key in the Volume Activation Management Tool (VAMT) ?
Question 2:
I found that I cannot installed the Windows 7 Professional KMS key in the Volume Activation Management Tool (VAMT), it pop-up an error message said that the KMS key invalid. How can I fix the problem?
Thanks for your help!

Hi Siu Wai,
You can also follow these steps:
1. Select a computer that you want to be your KMS host:
2. Install Windows Server.
3. At cmd prompt type the following:
Slmgr.vbs /ipk <your KMS KEY from MVLS>
The /ipk installs your MVLS key. Note if you need to change your key. For example change from a KMS_B to KMS_C key you must restart the Software Licensing service.
4. At cmd prompt type the following:
Slmgr.vbs /ato
The /ato activates the KMS host with Microsoft. You must activate the KMS host.
5. Restart the Software Licensing service.
6. Install the KMS client computers by using volume license media. You should not be prompted for cdkey during installation
7. By default these KMS client computers will query DNS and locate your KMS host and activate
KMS Client Setup Keys
To reset computers to be KMS clients type the following at elevated command prompt:
Slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Where xxxxx-xxxxx-xxxxx-xxxxx-xxxxx is the generic VL key from the following link.
http://technet.microsoft.com/en-us/library/ee355153.aspx#EFAA
Refer to:
Is it possibile to host multiple KMS Keys
on a single KMS server?
If there is anything else regarding this issue, please feel free to post back.
Best Regards,
Anna Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Constantly getting "Reopen for Clustered Client Failover registered application has failed for FileObject " error in CCFilter eventlog.

Hi everybody.
Hope somebody will be able to help me with the following issue.
I have the following environment configuration:
1. WFC cluster (cluster1) contains 3 nodes - sql1,sql2,sql3
2. sql1 and sql2 can run single shared instance SQL server
3. Node sql3 is a standalone SQL server.
4. AlwaysON is turned on shared instance and standalone SQL servers and availability group have been configured for multiple DBs. So sql3 is a replica of shared instance.
5. All this runs on Vmware as a virtual machine.
I'm constantly getting following error in Microsoft-Windows-CCFFilter/Operational logfile when I execute SQL DB/Transaction log backup maintenance plan on my shared instance SQL server (sql1 or sql2):
Log Name:      Microsoft-Windows-CCFFilter/Operational
Source:        Microsoft-Windows-CCFFilter
Date:          10/24/2014 6:00:12 AM
Event ID:      2000
Task Category: None
Level:         Error
Keywords:
User:          DOMAIN\wfcsqlsvc
Computer:      SQL1
Description:
Reopen for Clustered Client Failover registered application has failed for FileObject 0xfffffa801cbb08a0 to \SQL3\Backups\Logs\DB1\DB1_backup_2014_10_24_060003_3960528.trn with status 0xC0000034
Getting multiple mentioned errors for every single DB I'm running my backup maintenance plan against. The maintenance plan gets executed on SQL1 which is shared instance machine.
Any ideas of what can cause this and how to fix it.
Thanks in advance.

Yes. I'm doing backup on primary replica in the AlwaysOn Availability Group. And this primary replica itself is a WFC shared SQL instance.
I've double checked Maintenance Plan's History and Agent's logs. No Error, no warning, nothing. And by the way DB full and transaction log backups gets created as they should. By that I mean that 'For availability databases, ignore Replica Priority for Backup
and Backup on Primary Settings' property is turned on and this allows me to do backups from primary replica.
As you've written I've clear the maintenance plan setting ''For availability databases, ignore Replica Priority for Backup and Backup on Primary Settings.', and configure the availability group's AUTOMATED_BACKUP_PREFERENCE setting to allow backup from any
replica for certain availability group. But still nothing. Getting the same error.
This is how AVG1 are configured regarding Backup preferences:
For example this subplan from Maintenance plan cause mentioned errors:

I designed a website for my client and he had already purchased a hosting package with a company, Mu

I designed a website for my client and he had already purchased a hosting package with a company, Muse is asking for the Business Catalyst in order to use the contact us form. What can I do in order to fix this and avoid having to purchase the Catalyst service. Please advise can the code be alter?

Yesterday Adobe announced updates to all the creative cloud products, including Muse. One of the new features for Muse is Forms that work on most hosting providers(not just BC).
The new version of Muse will be publicly available in June. Prerelease builds are available now for users who have joined the prerelease program (http://www.adobekb.com/participating_in_muse_beta.html)
http://www.adobe.com/products/muse.html
http://adobe.ly/17IojFs
http://youtu.be/RrXHhiY4-a0

DpRGetLogin: Data for alien client

Hi,
We have ABAP+JAVA system. when we start system , ABAP engine comes up but J2EE engine is not.
SDM process is up.
Dispatcher and server process are in starting stage from long time with no error.
But in disp_disp file we get following
DpRGetLogin: Data for alien client [dpxxdisp.c 12194]
Connect request from wrong client at address (j2ee host)
Please let me know how to fix this .
Best Regards,
Tushar

I suggest you check the Java bootstrap logs
dev_bootstrap
std_server0.out
dev_jcontrol
for possible issues.
Markus

Looking for a client appointment app

I'm looking for an application for a friend who is a personal trainer. And if such an application doesn't exist, I'm considering writing one (I'm a software engineer)
The application would maintain a database of clients, and a schedule of appointments with them.
For each client, the following data needs to be maintained: contact information, current statistics (weight, body fat percentage, strength) as well as a history of statistics. Clients pay for a package of sessions in advance, and the app would keep track of how many prepaid sessions remain, updating that number with each scheduled appointment and each payment. Every client has recurring appointments, several per week, but rescheduling is common, and needs to be easy. And the app should be able to print out a year report for taxes.
I was thinking that it should interface with Address Book for contact information, and Calendar for appointments.
The main app should run on Snow Leopard, but mobile access through an iOS 4 sister app would be great. (Although if it works with Address Book and Calendar, their synchronization through MobileMe might be sufficient)
Is there any such thing? There must be other trainers, and other professionals with similar needs.
-Ron.

Hi Ron,
was there a template for bento that met all of the requirements that you detailed? My wife is a personal trainer and we've been looking for similar functionality in an app. Currently she's using the calendar app and contact book, but as you say, rescheduling is frequent and tracking remaining sessions would be very helpful. Let me know,
Paul

Fixed IP for PPTP client

Similar Messages

Maybe you are looking for