Getlogonusersid failed at gettokensids error, No self signed cert ect...... Clent issues could use suggestions.

I have been brought in to help with a 2012 SP1 enviornment and have issues i need some suggestions with. What propted this investigation was an application shows up in software center but not my deployed package. Its on the DP, DP looks healthy
ect......Client is getting installed through a OSD TS. When I look at the client propertys in control panel I see there is not cert its set to none. When I look at the CAS log there is only one line "getlogonusersid failed at gettokensids"
If I run the action for application deployment eval EXECMGR log raises an event for my package but nothing else happens. It shows "Instance of SOFTDISTPROGRAMOFFERRECIVEDEVENT ........"
This one has me puzzled and need some suggestions....
tconners

Hi,
How are things going? Please let us know if there is any progress.
Regards.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Similar Messages

  • Certificate error with self signed test certficiate

    When I go to my test instance via IE I get "Invalid Certificate - Certificate cannot be trusted up to a valid Certificate Authority".
    I've followed all steps I believe are necessary and there are no errors in the logs. These were my steps:
    java -cp weblogic.jar utils.CertGen maximo mycert mykey -cn mytest.local// convert CertGenCA cert to PEM format
    java utils.der2pem CertGenCA.der// on windows concatenate my test certificate and CA cert
    copy mycert.pem+CertGenCA.pem newcerts.pem// import it
    java -cp weblogic.jar utils.ImportPrivateKey mykeystore mypasswd mykey password newcerts.pem mykey.pemI have then updated the weblogic server instance to use mykeystore as the Custom Identity Keystore and Custom Trust Keystore. They import successfully and if I check what's in them I can see both the key and CA certificate.
    What am I doing wrong?
    Thanks,
    Matt

    The issue is that IE does not trust the CA that signed your SSL certificate. If you are trying to eliminate the certificate warning in IE when navigating to your site via HTTPS then you need to add your CA certificate as a trusted authority in IE so that IE can validate the chain of trust that built your self-signed cert. You can import your CA cert into the IE trusted list by simply putting the CA cert on your desktop and double clicking it. This will launch a window allowing you to install the certificate. You will need to restart IE after you have successfully installed your CA cert. Don't forget to install any intermediate certs as well (if you happened to create any)

  • How do I allow self-signed cert for SecureAMF on iOS?

    I have spent the better part of two days trying to figure out how the dickens to do this. 
    Basically, I am using BlazeDS (using AMF as the protocol) to communicate with a Java backend (using tomcat with a self-signed cert).
    This works great in the browser version of the application (you usually get a little prompt saying that the site is untrusted when you try to access the website, you install the certificate and Bob's your uncle.)
    However, adapting the code over to iOS I am discovering a couple of problems.  The primary one being that the BlazeDS communication fails miserably when we are using SecureAMF with the self-signed certs.  It appears that it is similar to this issue: http://forums.adobe.com/message/3940214#3940214
    How do I get my iOS Air app to communicate with a self-signed certificate running on tomcat?
    Here are the things I've tried:
    1) Installing the cert using iPhone Configuration Utility
    2) Browsing to the site in Safari, and installing the certificate manually
    This is for development, so buying a certificate doesn't really make sense.
    So, any suggestions?

    Has anybody had any success here?  This is a real problem for testing internal applications inside of a local network.

  • Self signed cert and AD root cert

    I have an organization running Exchange 2007, they're self signed cert expired so I created a new one, they're AD root certificate also expired so I regenerated this also. The problem is when clients log on a certificate error comes up. I then have to log onto the server and transfer both certificate to the client machines and install them manually, I have to repeat this every time a user needs to access mail. Can anyone help with a resolution
    This topic first appeared in the Spiceworks Community

    I have an organization running Exchange 2007, they're self signed cert expired so I created a new one, they're AD root certificate also expired so I regenerated this also. The problem is when clients log on a certificate error comes up. I then have to log onto the server and transfer both certificate to the client machines and install them manually, I have to repeat this every time a user needs to access mail. Can anyone help with a resolution
    This topic first appeared in the Spiceworks Community

  • Applet signed w/ self-signed cert - different behaviors w different servers

    Folks,
    I'd really appreciate your help with the following.
    I'd like to deploy an applet as a signed jar. Probably at least in the beginning, and maybe indefinitely, I'd like to sign it with a self-signed cert. When I've tested this under Linux, loading the applet in a browser running on my desktop, from an apache2 webserver also running on the desktop, I get the expected behavior - I get a security dialog reporting that the applet was signed by an unrecognized CA, but allowing me to accept the applet's signature. However, when I try loading the applet from my server (i.e, browser still running on my desktop, but now loading the applet from the real webserver, which is also apache2), I don't get a security dialog, and the applet fails silently.
    Is there some way of configuring the webserver so that the security dialog is presented for a self-signed applet? What explains this difference?
    Thanks much,
    Matthew Fleming
    DermVision, LLC

    Double post answer has been given and ignored:
    http://forum.java.sun.com/thread.jspa?threadID=569012&messageID=2812525#2812525

  • Applet signed w/ self-signed cert - different behavior w/ different servers

    Folks,
    I'd really appreciate your help with the following.
    I'd like to deploy an applet as a signed jar. Probably at least in the beginning, and maybe indefinitely, I'd like to sign it with a self-signed cert. When I've tested this under Linux, loading the applet in a browser running on my desktop, from an apache2 webserver also running on the desktop, I get the expected behavior - I get a security dialog reporting that the applet was signed by an unrecognized CA, but allowing me to accept the applet's signature. However, when I try loading the applet from my server (i.e, browser still running on my desktop, but now loading the applet from the real webserver, which is also apache2), I don't get a security dialog, and the applet fails silently.
    Is there some way of configuring the webserver so that the security dialog is presented for a self-signed applet? What explains this difference?
    Thanks much,
    Matthew Fleming
    DermVision, LLC

    policy files or Runtime Parameters could change the default behavior.
    The java.policy could have a line like this:
    permission java.lang.RuntimePermission "usePolicy";
    A full trace might show you what's going wrong.
    To turn the full trace on (windows) you can start the java console, to be found here:
    C:\Program Files\Java\j2re1.4...\bin\jpicpl32.exe
    In the advanced tab you can fill in something for runtime parameters fill in this:
    -Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
    if you cannot start the java console check here:
    C:\Documents and Settings\userName\Application Data\Sun\Java\Deployment\deployment.properties
    I think for linux this is somewhere in youruserdir/java (hidden directory)
    add or change the following line:
    javaplugin.jre.params=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
    for 1.5:
    deployment.javapi.jre.1.5.0.args=Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
    The trace is here:
    C:\Documents and Settings\your user\Application Data\Sun\Java\Deployment\log\plugin...log
    I think for linux this is somewhere in youruserdir/java (hidden directory)

  • Removing Lync Self-Signed Cert from Personal Store

    Short story, the Lync client self-signed cert is creating an issue with our updated PKI infrastructure.  In testing, when a user logs in with the new Infra. PKI chain the Lync client give a certificate error.  When the *usersup*.cer is deleted
    from the personal store, everything is fine.  I've turned off the issuing of the client cert on the server side and running of AD authentication is fine.  I need to automate the removal of 6K+ user's personal certs.  Below is a PS script
    that does what I need to do but the prompt has to be elevated and elevating prompts for that many users poses an issue, if anyone has experience with this and has an alternative solution, please feel free to share.
    $certs = Get-ChildItem cert:\CurrentUser\My | where { $_.Issuer –like 'CN=Communications Server' }
    foreach ($cert in $certs) {
        $store = Get-Item $cert.PSParentPath
        $store.Open('ReadWrite')
        $store.Remove($cert)
        $store.Close()

    I think you can assign appropriate permission to run the command. But I am not sure about the Powershell. I would recommend you post the thread in the following forum:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverpowershell
    Lisa Zheng
    TechNet Community Support

  • Replication Self-Signed cert issues

    I have two node clustered environment with a replica broker and a replica server for DR.  Port 80 replications are taking place accurately.  I have tried to follow the document below.  I have the .cer file of the FQDN of the servers and the
    broker on each of the servers.  Imported the .pfx with the RootCA file and root is in trusted domains.
    The primary cluster lets me add the replica broker self signed cert but the DR replica server gets the error.  The FQDN match on each and timezones match because they are on the same domain.
    Any help?

    Hi spsilos,
    "The primary cluster lets me add the replica broker self signed cert but the DR replica server gets the error. "
    Please try to export the self-signed root certs of  replica broker then import them into "Trusted Root Certification Authorities" of DR server .
    Please refer to following link:
    http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Activate SSL with OpenSSL Self-Signed Cert

    Dear Expert,
    Anyone can give me guidance on how to activate and create ssl cert in Java IM using openssl self-signed cert.
    thanks

    Here how I make it work. Some of the tips is from jay in this forum
    Instant Messaging with SSL
    Let say I have Messaging, Directory, IM server in 1 box.
    Let's create a cert
    # cd /etc/opt/SUNWiim/default/config/
    a) Sun [TM] ONE Messaging Server 6.1 and Sun [TM] ONE Directory Server 5.2 were installed from JES2 on the same box
    b) The server_root directory for Directory Server is the default: /var/opt/mps/serverroot
    c) The server_root directory for Messaging Server is also the default: /opt/SUNWmsgsr
    1. Login to the console and do a Certificate Request
    a) cd /var/opt/mps/serverroot
    b) ./startconsole &
    c) Login to the main console as "cn=Directory Manager"
    d) Select and open the "Messaging Server" console
    e) Highlight the tab called "Tasks" at the top
    f) Select "Manage Certificates"
    g) Console will ask for a password for the security database. Please enter a password twice and make sure that you remember it. This will create the following two files under "/var/opt/mps/serverroot/alias" directory:
    -rw------- 1 mailsrv other 65536 Aug 12 13:57 msg-config-cert8.db
    -rw------- 1 mailsrv other 32768 Aug 12 13:57 msg-config-key3.db
    NOTE: Please make sure that:
    - either the owner of the files is the messaging server user ( mailsrv in this case ),
    -or the permission is appropriate for the mail server user to at least read it.
    h) Once you reach the "Manage Certificate" window, please make a "Certificate Request" by filing up the appropriate questions
    i) Once you are done, you get a CSR , which looks something like this:
    -----BEGIN NEW CERTIFICATE REQUEST-----
    MIIBszCCARwCAQAwczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWE x
    DzANBgNVBAcTBm5ld2FyazEMMAoGA1UEChMDc21pMQ0wCwYDVQQLEwRhdGFjMSEw
    HwYDVQQ DExhwb3BleWUuYXRhYy5lYmF5LnN1bi5jb20wgZ8wDQYJKoZIhvcNAQEB
    BQADgY0AMIGJAoGBALF eXVTFDj/1eONPzV/dAZ0dBKdstl+u+L/DTdw1sCXXOdNG
    MzYeTUu9g/g0dXL/bniF31M0OkoW+6O 5mshySv/KXS9QcoPngSKS6wuL8kNlYKQR
    Dw97WCS1uaqubAK/kir4hDmL7X9Rf29EFHDSFOWjeOJ /M7aqFWCfR5sTeSIFAgMB
    AAGgADANBgkqhkiG9w0BAQQFAAOBgQCeYwptiL/j7Bcs0DtGYiOlMMs utezF1COC
    4+wHt/p+LtQkvQWBoXisqN6YlGfZPXOCdUyA+RwU7BxjX9IQLP+9HLHfQyLzvCKb
    boKKpjIc8Ci+tmibM5QkgTxu4L7yeCR/PiplgVPttHNT2Qr9cxHLLBvIO6N1GOE8
    VBoq0pC5SA= =
    -----END NEW CERTIFICATE REQUEST-----
    Please maintain and preserve this CSR , since you will be sending it to the Certificate Authority ( CA ) so they can issue you a Certificate
    # openssl genrsa -des3 -out ca.key 4096
    # openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
    # openssl x509 -req -days 3650 -in file.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server-cert.crt
    # cp -p /var/opt/mps/serverroot/alias/msg-config-key3.db key3.db
    # cp -p /var/opt/mps/serverroot/alias/msg-config-cert8.db cert8.db
    # cp -p /var/opt/mps/serverroot/alias/secmod.db .
    # cat sslpassword.conf
    Internal (Software) Token:password
    # cat /etc/opt/SUNWiim/default/config/iim.conf
    iim.comm.modules = "iim_server,iim_mux,iim_wd"
    iim.smtpserver = "www.esuria.com.bn"
    iim.instancedir = "/opt/SUNWiim"
    iim.instancevardir = "/var/opt/SUNWiim/default"
    iim.user = "root"
    iim.group = "root"
    iim.config.version = "1.1"
    iim_ldap.host = "www.esuria.com.bn:389"
    iim_ldap.searchbase = "o=esuria.com.bn,dc=esuria,dc=com,dc=bn"
    iim_ldap.loginfilter = "(&(objectclass=inetorgperson)(uid={0}))"
    iim_ldap.usergroupbyidsearchfilter = "(|(&(objectclass=groupofuniquenames)(dn={0
    }))(&(objectclass=inetorgperson)(uid={0})))"
    iim_ldap.usergroupbynamesearchfilter = "(|(&(objectclass=groupofuniquenames)(cn=
    {0}))(&(objectclass=inetorgperson)(cn={0})))"
    iim_ldap.allowwildcardinuid = "False"
    iim_ldap.userclass = "inetOrgPerson"
    iim_ldap.groupclass = "groupOfUniqueNames"
    iim_ldap.groupbrowsefilter = "(objectclass=groupofuniquenames)"
    iim_ldap.searchlimit = "40"
    iim_ldap.userdisplay = "cn"
    iim_ldap.groupdisplay = "cn"
    iim_ldap.useruidattr = "uid"
    iim_ldap.groupmemberattr = "uniquemember"
    iim_ldap.usermailattr = "mail"
    iim_ldap.resynctime = "720"
    iim_ldap.usergroupbinddn = "cn=Directory Manager"
    iim_ldap.usergroupbindcred = "password"
    iim_ldap.useidentityadmin = "false"
    iim.log.iim_server.severity = "INFO"
    iim.log.iim_mux.severity = "ERROR"
    iim.log.iim_wd.severity = "ERROR"
    iim_server.domainname = "esuria.com.bn"
    iim_server.useport = "True"
    iim_server.port = "5269"
    iim_server.usesslport = "False"
    iim_server.sslport = "5223"
    iim_server.enable = "True"
    iim_server.clienttimeout = "15"
    iim_server.usesso = "0"
    iim.policy.modules = "iim_ldap"
    iim.userprops.store = "file"
    iim_mux.listenport = "www.esuria.com.bn:5222"
    iim_mux.serverport = "www.esuria.com.bn:45222"
    iim_mux.enable = "true"
    iim_mux.numinstances = "2"
    iim_mux.maxthreads = "10"
    iim_mux.maxsessions = "1000"
    iim_mux.usessl = "on"
    iim_mux.secconfigdir = "/etc/opt/SUNWiim/default/config"
    iim_mux.keydbprefix =
    iim_mux.certdbprefix =
    iim_mux.secmodfile = "secmod.db"
    iim_mux.certnickname = "server-cert"
    iim_mux.keystorepasswordfile = "sslpassword.conf"
    iim_wd.enable = "true"
    iim_wd.period = "300"
    iim_wd.maxRetries = "10"
    -open http://www.esuria.com.bn/im/en/im.jnlp
    -click More Detail and enable Use SSL

  • Self signed cert in safari 4 and windows xp

    Hello there,
    in our company wi have an self signed certificate for testing purposes. over an automatic testing cenario will be tested an application with various browsers. safari under windows brings now an problem and does not accept the self signed cert. the running steps terminating at this point. importing in windows cert store is not helpful.
    has any one an solution to make this cert working with safari and windows? or exist an solution to disable the cert check in safari it self.
    thanks
    greetings
    vito21

    Hello Mick,
    sorry to be late, but may help someone other :)
    Setting:
    NumberFormat currencyFormat = NumberFormat.getCurrencyInstance();and:
    String value = currencyFormat.format(valToDisplay);you can now use value in any component and its view is correct.
    For some objects like files you also need to set the right charset (i.e. the one support the symbol you need).
    For the euro symbol try "windows-1250" as charset.
    Bye

  • Can't access IBM mainframe 3270 session via SSL self-signed cert.

    Can't access IBM mainframe 3270 session via SSL self-signed cert since sometime last week. Using Mochasoft tn3270 lite on android works fine but iPad ios7 says "IBM mainframe has closed the session".  Any clues would be appreciated.

    I'm thinking the problem may be the IBM cert is 1024 bit. Investigating choices to implement 2048 bit cert into IBM.

  • Old clients won't switch from Self-Signed Certs to PKI.

    Greetings.
    I am wondering if anyone can give me advise on problem I am having with some of my sccm clients.
    When I originally deployed SCCM i used self signed certs on clients.
    We needed to add MAC and Linux support and MAC clients won't work without PKI, so I following this http://technet.microsoft.com/en-us/library/gg682023.aspx to configure Certificate Authority.
    It all seemed work well, I can now join MAC client with auto-enroll and all machines are requesting client certificates and I had couple of machine with new push on windows site installed with PKI.
    So right now I have about 250 windows clients, only 22 of them use PKI and the rest keeps using self-signed certs.
    I foolishly switched main site settings, MP settings and DP point settings to use https only.
    As a result I lost all self-signed clients and have full log for mpcontrol saying that it's rejecting clients cause they certificate cannot be validated.
    I logged in to couple of those machines and MMC i can see that it did enroll machine with valid Client Cert but Configuration Manager client itself still saying that it's using self signed one.
    Am I missing a step that I need to do to make sure that all those clients switch to PKI?

    It is. but how can i redeploy them?
    I was under impression auto push won't reinstall them. If i do deployment - that seem to reuse existing configuration and still use self signed on old machines.
    How can i verify that it does push clients to machine that already have it correctly and start using new config and not reuse old one.
    I even tried removing clients from couple of machines and see if it gets pushed again on them with proper config and those machines don't seem to get client but used to get it fine before. I keep getting new machines being added to domain and they get client
    pushed to them, but anything that had client with self signed doesn't seem to be happy.

  • SCCM 2012 Default self signed Cert expired...

    SCCM 2012 Default self signed Cert expired - how do I renew it?

    The default selfsigned cert that gets generated with the installation - can be found in administration - security - Certificates  (This is Sccm 2012 RTM)
    Yes, I know this is an old post, but I’m trying to clean them up. Did you solve this problem, if so what was the solution?
    I will bring this back to Kent point, which one of the Certs are you talking about. You can see form the screenshot that I have 6 certs, 3 DP and 3 Boot cert. You can also see that the 3 DP server have a 100 year life and the 3 Boot certs only have 1 year.
    If you are talking about the boot certs then just create the boot image.
    Garth Jones | My blogs: Enhansoft and
    Old Blog site | Twitter:
    @GarthMJ

  • Two Solution Engines Sharing a single, common Self Signed Cert

    Does anyone know if it possible to have 2 solution Engines sharing a single, common self signed certificate generated by one of the Solution Engines? I have a certificate, actually two, that are about to expire. I am trying simplify the distribution and management by having just one certificate.

    This is the process to share SSL certs:
    http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&topicID=.ee6e1fe&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc0c933
    But why do you want to do this anyway? They are self-signed certs anyway, you can generate them for as long as you like. Are you using it for some sort of end-user security like Wireless Encryption, NAC etc.?
    Regards
    Farrukh

  • Activate https webmail using openssl self-signed cert

    Dear expert,
    Anyone can give me guidance on how to create and activate https webmail, pops using openssl self-signed cert
    thanks

    Thanks jay for your rocket respond
    I make it work after following your guide and follow this link:
    http://swforum.sun.com/jive/thread.jspa?forumID=16&threadID=52981
    Basically the csr created in mail startconsole, I self signed using openssl.
    One more question, can I use the same cert to enable ssl in ldap encryption tab in ldap console.
    thanks

Maybe you are looking for

  • [SOLVED]Can't open shared files in Thunar

    While waiting for Gnome 3 I decided to give Openbox a spin in a separate Arch install, using Thunar as the filemanager. Everyting is working fine except opening files from samba shares. My permissions are fine, because I can delete and write files an

  • Only edit objects from package in local requests

    Hello Experts, could  you help me please a user has tried to transport a local request, I modified it by putting the target system, but when the user wants to release it, he gets the error massage "Only edit objects from package in local requests " T

  • Server Execution ID from SQL Job

    Hi, I have parent and child package architecture where in i m using ServerexecutionID to find status of each packages and if any child package/s fails , i am stopping all packages for further execution. Problem here is , when i run the packages from

  • ColdFusion8 Installation

    Hi All, I downloaded and installed CF8 and I haven't been able to connest my access database. I saw another post whereby the same problem occured and someone stated that there was a problem with the installer. Has this been correct? I also lost the c

  • Audio won't play on 2nd click

    Guys, I have a problem with my audio...I dont if its really a problem or maybe im doing it wrong. here are the details I have 4 images  lets call this group1 1. cover 2. page 1 3. page 2 4. page 3 and 4 flipped images similar with the 4 images above.