Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages

Similar Messages

• Frequent "Internet Configuration leased" log messages

  I'm getting these log messages about every 4 minutes since upgrading to the new Extreme from the previous generation Extreme:
  Jul 18 19:26:39 5 Internet Configuration leased -- host <76.235.159.58/255.255.255.0> gateway <76.235.159.59> dns <192.168.0.1 192.168.0.1> wins lease <600> domain
  Jul 18 19:31:01 5 Internet Configuration leased -- host <76.235.159.58/255.255.255.0> gateway <76.235.159.59> dns <192.168.0.1 192.168.0.1> wins lease <600> domain
  The new Extreme connects directly to an AT&T dsl modem - previously there was a G-band router in between, and I don't recall seeing such messages. I must have missed something in the Extreme's Internet configuration to cause this. Any ideas?
  Thanks...

  I'm getting these log messages about every 4 minutes since upgrading to the new Extreme from the previous generation Extreme:
  Jul 18 19:26:39 5 Internet Configuration leased -- host <76.235.159.58/255.255.255.0> gateway <76.235.159.59> dns <192.168.0.1 192.168.0.1> wins lease <600> domain
  Jul 18 19:31:01 5 Internet Configuration leased -- host <76.235.159.58/255.255.255.0> gateway <76.235.159.59> dns <192.168.0.1 192.168.0.1> wins lease <600> domain
  The new Extreme connects directly to an AT&T dsl modem - previously there was a G-band router in between, and I don't recall seeing such messages. I must have missed something in the Extreme's Internet configuration to cause this. Any ideas?
  Thanks...

• MARS Error Log Message Thread 53300144:AnaRawmsgFileReader::

       Anyone have any idea about the below message from MARS? It is showing up frequently in the Backend Log Messages..
  Error
  ./pnesloader
  Thread 53300144:AnaRawmsgFileReader::Read: NOT found the two separators in  the end.

  It's only affected by devices that are sending "blank" syslog messages. It is worth investigating which devices sent "blank" syslog and modify the logging on the device itself, instead of changing the logging level on MARS itself.
  If it's not possible to check which devices are sending blank syslogs, then you can change the logging level on MARS to "fatal":
  Admin->System Maintenance->Set Runtime Logging level

• CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

  Center router is cisco 7300 :
  Cisco IOS Software, 7301 Software (C7301-ADVIPSERVICESK9-M), Version 15.1(4)M2
  branch router is cisco1900:
  Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
  one branch router use EZVPN to connect the Center router .
  branch router logg :
  %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
  and 10% lose packets .
  but other branch use EZVPN to connect the Center router , is OK :
  Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(24)T5, RELEASE SOFTWARE (fc3)
  What can do for this issue ?
  Should I change the cisco1900 IOS to the 12.4 as the same as cisco880 ?

  Hi Anuj
  Thanks for your reply.
  Yes , the issue happens frequently , and lost packets  .  The log happand every 3 minutes.
  As I am not in charge the router in branch , I can not change the hardware accelerator.
  I have change the windows-size to 1024 in the branch router , but the issue is as befroe .
  Here is the show crypto ipse sa and the whole error message:
  sh crypto ipsec sa
  interface: Virtual-Access1
      Crypto map tag: Virtual-Access1-head-0, local addr 
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     current_peer                port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 519, #pkts encrypt: 519, #pkts digest: 519
      #pkts decaps: 665, #pkts decrypt: 665, #pkts verify: 665
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 0, #recv errors 0
       local crypto endpt.:       , remote crypto endpt.:  
       path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
       current outbound spi: 0x550C1C42(1426857026)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
        spi: 0x38F532D7(955593431)
          transform: esp-aes esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2091, flow_id: Onboard VPN:91, sibling_flags 80000046, crypto map: Virtual-Access1-head-0
          sa timing: remaining key lifetime (k/sec): (4561181/3566)
          IV size: 16 bytes
          replay detection support: Y  replay window size: 1024
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0x550C1C42(1426857026)
          transform: esp-aes esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2092, flow_id: Onboard VPN:92, sibling_flags 80000046, crypto map: Virtual-Access1-head-0
          sa timing: remaining key lifetime (k/sec): (4561911/3566)
          IV size: 16 bytes
          replay detection support: Y  replay window size: 1024
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:
  Dec 20 01:34:32.656: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=12353
  Dec 20 01:39:06.552: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=18191
  Dec 20 01:40:38.532: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=20363
  Dec 20 01:43:05.856: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=91, sequence number=23609

• %CRYPTO-4-PKT_REPLAY_ERR:

  I have been seeing the following error message in the logs for a few days now.
  %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
          connection id=4587, sequence number=17094
  I managed to track down the connection id:4587 and I can see the peer IP with the actual recv errors. There is no issues with the VPN itself, traffic is working fine.
  I have tried to increase the actual window size under the specific crypto map for that particular peer and it makes no difference. Even cleared the sa after applying the changes.
  crypto map xxxxxxxxx 1 ipsec-isakmp
  set peer xxx.xxx.xxx.xxx
  security-association replay window-size 1024
  Have increased the replay window globally to 1024 however the errors keep appearing.
  crypto ipsec security-association replay window-size 1024
  Has anyone actually disabled the replay window checking? did it impact anything?
  crypto ipsec security-association replay disable
  no crypto ipsec security-association replay window-size 1024
  does it actually stop the replay_errors?
  or to stop these errors do you need to change the hash algorithm from sha instead of md5?

  Adam,
  I don't have a resolution yet, so I opened a TAC case last Saturday.  I'll keep you posted on this forum.

• CRYPTO-4-PKT_REPLAY_ERR syslog parsing

  Every time ios generates the "CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed" log msg I receive 3 syslog messages, like ios is not concatenating them into 1 msg string before sending.  It's really annoying because I can't filter a null string that also has a null message type on my nms. I tried changing the facility settings and get the same result.  If i use TCL to filter the syslog msg by type "CRYPTO-4-PKT_REPLAY_ERR" it will only filter the 1st syslog message since the types on the other 2 msgs are null. 
  I can't find a bug or discussion about this so I am hoping somebody out there might have a solution ... 
  DEVICE INFO:
  c3825-advipservicesk9-mz.124-25b.bin
  logging buffered 15000 debugging
  logging rate-limit all 3
  no logging console
  no logging monitor
  crypto logging session
  logging origin-id hostname
  logging facility syslog
  logging source-interface GigabitEthernet0/0
  logging 11.22.33.44
  FROM LOGGING BUFFER:
       Dec 14 08:00:37 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success       [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:00:37       CST Wed Dec 14 2011
  #1>> Dec 14 08:01:41 CST: %CRYPTO-4-PKT_REPLAY_ERR:       decrypt: replay check failed
  #2>>     connection id=70, sequence       number=43990
  #3>>
      Dec 14 08:10:36 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login       Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at       08:10:36 CST Wed Dec 14 2011
  THREE SYSLOG MSG's RECEIVED:
       #1
           MSG TYPE:   CRYPTO-4-PKT_REPLAY_ERR
           MSG STRING: 7015321: routerA: decrypt:       replay check failed
       #2
          MSG TYPE:   null
           MSG STRING: 7015322: routerA: connection id=70, sequence       number=43990
      #3
          MSG TYPE:   null
           MSG STRING: 7015323: routerA:       

  Every time ios generates the "CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed" log msg I receive 3 syslog messages, like ios is not concatenating them into 1 msg string before sending.  It's really annoying because I can't filter a null string that also has a null message type on my nms. I tried changing the facility settings and get the same result.  If i use TCL to filter the syslog msg by type "CRYPTO-4-PKT_REPLAY_ERR" it will only filter the 1st syslog message since the types on the other 2 msgs are null. 
  I can't find a bug or discussion about this so I am hoping somebody out there might have a solution ... 
  DEVICE INFO:
  c3825-advipservicesk9-mz.124-25b.bin
  logging buffered 15000 debugging
  logging rate-limit all 3
  no logging console
  no logging monitor
  crypto logging session
  logging origin-id hostname
  logging facility syslog
  logging source-interface GigabitEthernet0/0
  logging 11.22.33.44
  FROM LOGGING BUFFER:
       Dec 14 08:00:37 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success       [user: johndoe] [Source: 1.2.3.4] [localport: 22] at 08:00:37       CST Wed Dec 14 2011
  #1>> Dec 14 08:01:41 CST: %CRYPTO-4-PKT_REPLAY_ERR:       decrypt: replay check failed
  #2>>     connection id=70, sequence       number=43990
  #3>>
      Dec 14 08:10:36 CST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login       Success [user: johndoe] [Source: 1.2.3.4] [localport: 22] at       08:10:36 CST Wed Dec 14 2011
  THREE SYSLOG MSG's RECEIVED:
       #1
           MSG TYPE:   CRYPTO-4-PKT_REPLAY_ERR
           MSG STRING: 7015321: routerA: decrypt:       replay check failed
       #2
          MSG TYPE:   null
           MSG STRING: 7015322: routerA: connection id=70, sequence       number=43990
      #3
          MSG TYPE:   null
           MSG STRING: 7015323: routerA:       

• Exceeding 500 log messages per second......!

  I get the following message thousands of times in my system log, and it's really slowing my machine down -
  Sep 2 11:16:50 kelvin-wards-imac-139 sandboxd[1812]: mDNSResponder(20) deny file-read-data /private/var/db/com.apple.parentalcontrols.keychain.Ynx3Br
  Sep 2 11:16:50 kelvin-wards-imac-139 sandboxd[1812]: * process 1812 exceeded 500 log message per second limit - remaining messages this second discarded *
  Any idea how to get rid of it? I've done permissions repair and disc repair and keychain repair and am not using parental controls. It's a bit faster since I deleted Intego VirusBarrier x6 which was causing MAJOR problems on my Mac and identifying the above message as a fault.
  Kelvin
  Message was edited by: KJ W

  Hello kj:
  Did you completely remove the A/V software (uninstall)? That junk buries things all over the system.
  I would probably reinstall OS X from the software install DVD and then run software update. As you have noted, A/V software on a Mac is a waste of resources and they frequently cause significant problems.
  Barry

• T is frequently switching the redo log files within 5min approx..

  i am facing frequent switching of redo logs within 5minutes
  can you please tell how to resolve
  thanks for help

  Hi,
  I found this:
  More frequent log switches may result in decreased performance. If your redo logs switches so faster Oracle will stop processing until the checkpoint completes successfully. Generally it is recommended to size your redo log file in a way that Oracle performs a log switch every 15 to 30 minutes.
  A recommended approach is to
  Query V$LOG view to determine the current size of the redo log members.
  Record the number of log switches per hour.
  Increase the log file size so that Oracle switches at the recommended rate of one switch per 15 to 30 minutes.
  You can also check messages in the alert log in order to determine how fast Oracle is filling and switching logs. Suppose if your database redo log file size is set to 1MB. It means that Oracle switches the logs every 1 minute. So you will need to increase the size of redo log file to 30MB so that Oracle switches per 30 minutes.
  It is also recommended to ensure that your online redo log files do not switch too often during high activity time. Instead in the period of high activity it should switch less while it should switch enough times during the time of low processing workloads. Many database administrators create PL/SQL programs to ensure that the logs switch every 15 to 30 minutes during times when activity is low.
  Oracle ARCHIVE_LAG_TARGET can also be used to force a log switch after the specified amount of time elapses. The basic purpose of ARCHIVE_LAG_TARGET parameter is to control the amount of data that is lost and effectively increasing the availability of the standby database but many database administrators set ARCHIVE_LAG_TARGET parameter to make sure that the logs switch at regular intervals during lower activity time periods.
  You should also keep in mind that how the size of the online redo log files will affect the instance recovery. Remember the lesser the checkpoints are taken; the longer will be the instance recovery duration. You can decrease the instance recovery time by appropriately setting the LOG_CHECKPOINT_TIMEOUT, LOG_CHECKPOINT_INTERVAL and FAST_START_MTTR_TARGET parameters.

• My iphone 5S will send texts as imessage but frequently switches to regular (green) messages even for people that I know use imessage - since we have exchanged (blue) messages previously. Is there something I can do to fix this or is it a unit problem?

  my iphone 5S will send texts as imessage but frequently switches to regular (green) messages even for people that I know use imessage - since we have exchanged (blue) messages previously. Is there something I can do to fix this or is it a unit problem?
  Please help.

  You can try to log out of iMessage and then sign back in.  However, even under optimal conditions, iMessage will not always work.  That's why the option of 'Send as SMS' is so important.  There might be temporary outages in the related iMessage servers.

• Populating our log message along with standard sap log in ck11n.

  Hi all,
  I have developed a user exit which is used in costing of material using ck11n.
  Here i have to show our custom log message along with the standard log shown by standard sap system after costing run is complete.
  I got one FM-- CM_F_MESSAGE  which is used by SAP. But i want the message along with SAP messages and not separately.
  Can u help me out for this. its very urgent.
  Thanks in advance.

  Hi
  I'm not sure because I don't know that trx, but I seem the function group of that function manages a log, so you can try.
  This is an extract of abap code of SAPLCKDI where that fm is used:
  CALL FUNCTION 'CM_F_MESSAGE'
     EXPORTING
       ARBGB = Y_CMF-CK
       MSGNR = '327'
       MSGTY = Y_CMF-W
       MSGV1 = SICHT
       MSGV2 = KLVAR.
  So I suppose you should call it by this way:
  CALL FUNCTION 'CM_F_MESSAGE'
     EXPORTING
       ARBGB = <your message class>
       MSGNR = <message number>
       MSGTY = <message type>
       MSGV1 = <text 1>
       MSGV2 = <text 2>
       MSGV3 = <text 3>
  I think MSGV* is optional parameter.
  Max

• Log messages for 'auditing' are different in 'general'  and'application log

  Hi,
  From UI, When I audit a file using a profile which comprises of user-defined 'rules/categories/analyzers', I will get log messages at ''File-name(Application) log window' and 'Messages' log window, which are located at bottom of Jdev UI page. One common message in both the log windows is
  " <n1> violations, <n2> exceptions, <n3> documents, <n4> seconds>.
  But here the 'n1,n2,...' numbers are dfferent in two windows though the log output is for a same file. In this the 'file-name' log shows the correct
  Example:-
  In 'file-name' log window ,it shows as:
  3 documents, 8 violations, no exceptions
  In messages window, it shows as
  "Audit starting on EFC.jpr (Default)
  Audit completed: no violations, no exceptions, 3 documents, 1 second"
  If I use the 'pre-existed'(Jdev's) rules profile, I will get similar output in both log windows.
  From this I concluded that there is something missing to register for a new 'rule/category/analyzer'.
  Could you suggest me in this case. Do I forgot anything to do in any files of '<rule-implementation.java>', 'audit.properties', <add-in launcher>.java, extension.xml.
  Actually, I want to use 'ojaudit' executable from command line to my project files. Here I observed that the output of the 'ojaudit' is similar to the above explained 'Message' log window in JDeveloper UI. But where the 'Message' log window output is not correct for user-defined rules.
  Regards
  Madhu

  Romano,
  In the upcoming production release (planned to be released next week), we added caching of authorized roles and permissions in JhsAuthorizationProxy class.
  I suggest you wait for this relase, if the problem persists, it is most likely an ADF issue (as is the logging)
  Steven Davelaar,
  JHeadstart team.

• Decoding a fire wall log message

  I need help decoding the following firewall log message:
  Stealth Mode connection attempt to TCP 192.168.1.97:50459 from 70.42.185.114:80
  Neither of these IP numbers belong to me (but mine is similar to the first).
  Why is my firewall showing a connection attempt to a different computer?

  Do not panic. That may be a more-or-less innocuous probe by, for example, a "web crawler" that's cataloging everything it can find on the internet. Think Google.
  In your Applications/Utilities folder is the +Network Utility+ app. Among many other things, you can look up IP addresses and, often, find out where it's located and/or registered to.

• Log Messages from Transaction Event Logger

  I have 4 instances of MII v12.1 and within a transaction I want to add a message to the log when the transaction runs so I can view it through the message logger. All 4 MII instances were installed by the same consultant a few years ago so there "should" be no differences in the log configs. On 3 of the instances this is working fine - I have created a very simple transaction with one Event Logger action configured with a message "Test Message" and when I execute the transaction I see the correct entry in the log viewer. On the fourth however, although the transaction executes without error I am not seeing anything in the viewer for this event. I am using the standard "last 24 hours" log viewer with no filters and no specific log locations selected, and no customisations. I am seeing other system generated messages. I found some documentation about logging and the viewer and I found the Netweaver log config but as far as I can see it looks consistent between the instance which is working and the one which is not working. Is there some other config which needs to be done to enable Event Logging from transactions? My user has the same access across all instances. Any guidance would be appreciated. I attach a screen shot of what I am expecting to see (taken from one of the instances which is working).

  Hi Partha
  Many thanks for your reply. I have tried this and unfortunately it makes no difference. I also checked on the other instances and found they have their tracing levels all set to error, not Info. I have also noticed that on the instance which is working, in the System Configuration section at the bottom of the Log Config page - for Applications and all sub categories I see the entry .\log\applications_00.log in the Pattern column. On the instance which is not working I see that entry for the Applications root but not for any of the sub categories (even after selecting Copy to subtree). I cannot see where I can set this value (there is no modify function available, even under Administrator login).
  Also, when I look at the log messages which have generated when setting the Event Type to Error on the instance which is not working, it shows one entry and the Category and Location columns show <com.sap.xmii.bls.executables.action.logging.LoggingActions>. When I generate an event with type Error on the instance which is working I get 2 log messages, one with the Category and Location <com.sap.xmii.bls.executables.action.logging.LoggingActions> and the other with Category /Applications/XMII/Xacute/Event and Location <com.sap.xmii.bls.executables.action.logging.LoggingActions>.
  I guess that the .\log\applications_00.log should be showing for all subtree items under Applications and because it is not then the messages are not going into any application log. Not sure how to fix this however.
  I have also reset to the default configuration and it does not change the above.
  Best Rgds
  Richard

• How to add log messages in the sever/webui objects?

  Hi,
  I am new to the OA Framework.
  Can any one share any information in how to add log messages in the sever/webui objects?
  What are the beans I need to use to show in the diagnostic page?
  Can I get sample code for this log staments?
  Thanks in advance,
  Padma

  Hello. This forum is for reporting problems with the published Oracle documentation. You have a better change of getting a reply if you post your question on the Database - General forum.
  Regards,
  Diana

• How to Write Log Message in a XML Data Source Report

  Hi Friends,
  Can anyone help me out what is the process of writing a log file in the XML Data Source Report. for eg: in Plsql we use FND_LOG.PUT_LINE to print the Log message in the Concurrent Request Output. in the similar manner, when we develop a report using XML, where we write Coding in XQuery of XML, what is the process need to follow to print the logs for the XQuery.
  Any inputs/Suggestion on this Highly appreciable.
  Thanks in advance.

  Create an RMI application (for example) that writes the log, and let all logging calls call that remote application.
  Something like that is the only feasible way that doesn't require you to have a drive on the remote machine mapped to the local one (which causes its own problems as you could have multiple simultaneous write attempts...).