Http not forwarded as https by ssl

Similar Messages

• SAP Web dispatcher not forwarding incoming HTTP portal sessions.

  Hello,
  We are using an EP6 Portal from which Abap Web dynpros are launched. The incoming http sessions were accessing our backend ECC6 SAP system through the sap server message . The http sessions were badly dispatched between the two abap servers. We have been advised by SAP to use the sap web dispatcher instead.
  The sap web dispatcher has been correctly installed and configured (on the central abap instance ).
  I have carefully read the SAP help section concerning the server selection using the sap web dispatcher :
  http://help.sap.com/saphelp_nw04s/helpdata/en/5f/7a343cd46acc68e10000000a114084/frameset.htm
  All our settings seem to be OK :
  The incoming HTTP requests are forwarded to abap servers only.
  *In transaction SICF, all the services under the tree
  sap/public/icf_info have been assigned to the same logon group .
  The capacity of the two servers included in the logon
  group " is the same :
  server40 LB=12
  server60 LB=12
  In the Web interface, capacity equal "1" for the two servers.
  wdisp/load_balancing_strategy=  weighted_round_robin
  In the SAP web interface, the prefered server is ALWAYS the same :
  Status of Server Group "LOADIS"
  Loadbalancing Information
  Number of Servers in this group 2
  Last used Server
  Preferred next Server server40_SPA_10
  But it seems that the sap web dispatcher is not used at ALL.
  The Load distribution is still based on the SMLG workload as it was the case, before, with the sap message server. The information displayed in the web interface (preferred server) is wrong.
  The Preferred next Server is ALWAYS server40_SPA_10 (shown in the web interface), but, in fact, the http sessions are distributed between the two servers server60_SPA_00 and server40_SPA_10 depending on the server quality diplayed in transaction smlg. It was exactly the same behaviour we had before, only with the sap server message .
  Any useful help would be highly appreciated.
  Best Regards.

  Hi,
  firstly, have you checked note 1094342? What variant do you want to use? Do you terminate a SSL connection on web dispatcher and create a new one between web dispatcher and application server? It looks like the web dispatcher can't verify SSL certificate used by application server. Maybe you've already tried this but you can try to turn off SSL between dispatcher and application server. If this setup works then problem is in SSL connection. You can check what host name is used in SSL certificate and what host name is used by dispatcher. You can use parameter wdisp/ssl_certhost which sets host name which will be used for certificate validation.
  Cheers

• X-Forward not supported by HTTP/S?

  We're trying to set up ACE as described in document ID 107399 with the goal to have the IP address of the connecting HTTP clients inserted as the "X-FORWARD" attribute in the HTTP header. With HTTP it works but with HTTP/S it doesn't. Is this feature effectively limited to unsecure HTTP clients?

  Hi Jan,
  It is possible to insert headers/cookies into a HTTPS connection, but, to do that, the ACE needs to be able to decrypt the traffic. It's what we call end-to-end SSL termination.
  There is an example on cisco.com that explains how to configure this. The example is inserting cookies, but, inserting the x-forwarded header would be equivalent. See the link below for more details:
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
  With this kind of configuration, the ACE will first terminate the SSL connection to decrypt the traffic, then do any kind of L7 processing (parsing the HTTP header, inserting headers or cookies, rewriting URLs...) and, once it has finished all the processing and chosen a real server to handle the connection, it will open a new SSL connection to the server and send the request encrypted again.
  Please, do not hesitate to contact me again if you still have questions after going through the example.
  Regards
  Daniel

• I have the new Air Port Extreeme model A1521 and I need to set up port forwarding for HTTP. HTTP is not on the list in the set up. Does anyone know if any of those choices work for HTTP?

  I am on a Windows 7 Ultimate PC and right now there is no Airport utility for setting up the new Apple Extreme so you have to do it on your iPad or iPhone. Does anyone know how to set up port forwarding for HTTP to get to DVR security cameras? There is nothing in the list that indicates HTTP port forwarding.

  Thanks for your reply Tesserax as I did figure this out on my own. It took a bit because all of the options are not clear what they are for like the previous Airport Extreme and Apple does not support or guarantee that port forwarding will work for you application nor did any of the Apple support persons I spoke too have any knowledge for this feature. You also have to fill in the public if you are viewing through someone else's Wi-Fi or on your cell phone carrier network. This new Airport Extreme is a bit different since you cannot use the Airport utility on a PC like the older model and if anyone else is reading this they should be aware that if you do not have an Apple computer, iPhone or iPad and I'm not sure if some of the other network enabled devices like iPod Touch that you must use that can do it, there is no Airport utility for the PC and you would be wasting your money or have to take it back and get another brand wireless router to use if you do not own any of the above mentioned Apple products.

• [solved] Owncloud over SSL: http works, but over https only apache

  Hello,
  I try to setup owncloud with SSL.
  Accessing over http works, but over https, I reach the default apache page instead of the owncloud page.
  (I set up SSL according to https://wiki.archlinux.org/index.php/LAMP#SSL )
  How could I make the owncloud site available over https?
  relevant files:
  owncloud.conf:
  <IfModule mod_alias.c>
  Alias /owncloud /usr/share/webapps/owncloud/
  </IfModule>
  <Directory /usr/share/webapps/owncloud/>
  Options FollowSymlinks
  Require all granted
  php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud/:/etc/webapps/owncloud/:/mt/daten/owncloud/"
  </Directory>
  <VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot /usr/share/webapps/owncloud
  ServerName http://example.com/owncloud
  </VirtualHost>
  I tried to change 80 to 443, but then, systemctl restart httpd didn't work. (apache failed)
  httpd.conf:
  # This is the main Apache HTTP server configuration file. It contains the
  # configuration directives that give the server its instructions.
  # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
  # In particular, see
  # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
  # for a discussion of each configuration directive.
  # Do NOT simply read the instructions in here without understanding
  # what they do. They're here only as hints or reminders. If you are unsure
  # consult the online docs. You have been warned.
  # Configuration and logfile names: If the filenames you specify for many
  # of the server's control files begin with "/" (or "drive:/" for Win32), the
  # server will use that explicit path. If the filenames do *not* begin
  # with "/", the value of ServerRoot is prepended -- so "logs/access_log"
  # with ServerRoot set to "/usr/local/apache2" will be interpreted by the
  # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
  # will be interpreted as '/logs/access_log'.
  # ServerRoot: The top of the directory tree under which the server's
  # configuration, error, and log files are kept.
  # Do not add a slash at the end of the directory path. If you point
  # ServerRoot at a non-local disk, be sure to specify a local disk on the
  # Mutex directive, if file-based mutexes are used. If you wish to share the
  # same ServerRoot for multiple httpd daemons, you will need to change at
  # least PidFile.
  ServerRoot "/etc/httpd"
  # Mutex: Allows you to set the mutex mechanism and mutex file directory
  # for individual mutexes, or change the global defaults
  # Uncomment and change the directory if mutexes are file-based and the default
  # mutex file directory is not on a local disk or is not appropriate for some
  # other reason.
  # Mutex default:/run/httpd
  # Listen: Allows you to bind Apache to specific IP addresses and/or
  # ports, instead of the default. See also the <VirtualHost>
  # directive.
  # Change this to Listen on specific IP addresses as shown below to
  # prevent Apache from glomming onto all bound IP addresses.
  #Listen 12.34.56.78:80
  Listen 80
  <IfModule mod_ssl.c>
  Listen 443
  </IfModule>
  # Dynamic Shared Object (DSO) Support
  # To be able to use the functionality of a module which was built as a DSO you
  # have to place corresponding `LoadModule' lines at this location so the
  # directives contained in it are actually available _before_ they are used.
  # Statically compiled modules (those listed by `httpd -l') do not need
  # to be loaded here.
  # Example:
  # LoadModule foo_module modules/mod_foo.so
  LoadModule authn_file_module modules/mod_authn_file.so
  #LoadModule authn_dbm_module modules/mod_authn_dbm.so
  #LoadModule authn_anon_module modules/mod_authn_anon.so
  #LoadModule authn_dbd_module modules/mod_authn_dbd.so
  #LoadModule authn_socache_module modules/mod_authn_socache.so
  LoadModule authn_core_module modules/mod_authn_core.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_user_module modules/mod_authz_user.so
  #LoadModule authz_dbm_module modules/mod_authz_dbm.so
  #LoadModule authz_owner_module modules/mod_authz_owner.so
  #LoadModule authz_dbd_module modules/mod_authz_dbd.so
  LoadModule authz_core_module modules/mod_authz_core.so
  #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
  LoadModule access_compat_module modules/mod_access_compat.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  #LoadModule auth_form_module modules/mod_auth_form.so
  #LoadModule auth_digest_module modules/mod_auth_digest.so
  #LoadModule allowmethods_module modules/mod_allowmethods.so
  #LoadModule file_cache_module modules/mod_file_cache.so
  #LoadModule cache_module modules/mod_cache.so
  #LoadModule cache_disk_module modules/mod_cache_disk.so
  #LoadModule cache_socache_module modules/mod_cache_socache.so
  LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
  #LoadModule socache_dbm_module modules/mod_socache_dbm.so
  #LoadModule socache_memcache_module modules/mod_socache_memcache.so
  #LoadModule watchdog_module modules/mod_watchdog.so
  #LoadModule macro_module modules/mod_macro.so
  #LoadModule dbd_module modules/mod_dbd.so
  #LoadModule dumpio_module modules/mod_dumpio.so
  #LoadModule echo_module modules/mod_echo.so
  #LoadModule buffer_module modules/mod_buffer.so
  #LoadModule data_module modules/mod_data.so
  #LoadModule ratelimit_module modules/mod_ratelimit.so
  LoadModule reqtimeout_module modules/mod_reqtimeout.so
  #LoadModule ext_filter_module modules/mod_ext_filter.so
  #LoadModule request_module modules/mod_request.so
  LoadModule include_module modules/mod_include.so
  LoadModule filter_module modules/mod_filter.so
  #LoadModule reflector_module modules/mod_reflector.so
  #LoadModule substitute_module modules/mod_substitute.so
  #LoadModule sed_module modules/mod_sed.so
  #LoadModule charset_lite_module modules/mod_charset_lite.so
  #LoadModule deflate_module modules/mod_deflate.so
  #LoadModule xml2enc_module modules/mod_xml2enc.so
  #LoadModule proxy_html_module modules/mod_proxy_html.so
  LoadModule mime_module modules/mod_mime.so
  #LoadModule ldap_module modules/mod_ldap.so
  LoadModule log_config_module modules/mod_log_config.so
  #LoadModule log_debug_module modules/mod_log_debug.so
  #LoadModule log_forensic_module modules/mod_log_forensic.so
  #LoadModule logio_module modules/mod_logio.so
  #LoadModule lua_module modules/mod_lua.so
  LoadModule env_module modules/mod_env.so
  #LoadModule mime_magic_module modules/mod_mime_magic.so
  #LoadModule cern_meta_module modules/mod_cern_meta.so
  #LoadModule expires_module modules/mod_expires.so
  LoadModule headers_module modules/mod_headers.so
  #LoadModule ident_module modules/mod_ident.so
  #LoadModule usertrack_module modules/mod_usertrack.so
  #LoadModule unique_id_module modules/mod_unique_id.so
  LoadModule setenvif_module modules/mod_setenvif.so
  LoadModule version_module modules/mod_version.so
  #LoadModule remoteip_module modules/mod_remoteip.so
  LoadModule proxy_module modules/mod_proxy.so
  LoadModule proxy_connect_module modules/mod_proxy_connect.so
  LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  LoadModule proxy_http_module modules/mod_proxy_http.so
  LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
  LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
  #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
  LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
  LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  LoadModule proxy_express_module modules/mod_proxy_express.so
  #LoadModule session_module modules/mod_session.so
  #LoadModule session_cookie_module modules/mod_session_cookie.so
  #LoadModule session_crypto_module modules/mod_session_crypto.so
  #LoadModule session_dbd_module modules/mod_session_dbd.so
  LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
  #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
  LoadModule ssl_module modules/mod_ssl.so
  #LoadModule dialup_module modules/mod_dialup.so
  LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
  LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
  LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
  LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
  #LoadModule mpm_event_module modules/mod_mpm_event.so
  LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
  LoadModule unixd_module modules/mod_unixd.so
  #LoadModule heartbeat_module modules/mod_heartbeat.so
  #LoadModule heartmonitor_module modules/mod_heartmonitor.so
  #LoadModule dav_module modules/mod_dav.so
  LoadModule status_module modules/mod_status.so
  LoadModule autoindex_module modules/mod_autoindex.so
  #LoadModule asis_module modules/mod_asis.so
  #LoadModule info_module modules/mod_info.so
  #LoadModule suexec_module modules/mod_suexec.so
  #LoadModule cgid_module modules/mod_cgid.so
  #LoadModule cgi_module modules/mod_cgi.so
  #LoadModule dav_fs_module modules/mod_dav_fs.so
  #LoadModule dav_lock_module modules/mod_dav_lock.so
  #LoadModule vhost_alias_module modules/mod_vhost_alias.so
  LoadModule negotiation_module modules/mod_negotiation.so
  LoadModule dir_module modules/mod_dir.so
  #LoadModule imagemap_module modules/mod_imagemap.so
  #LoadModule actions_module modules/mod_actions.so
  #LoadModule speling_module modules/mod_speling.so
  LoadModule userdir_module modules/mod_userdir.so
  LoadModule alias_module modules/mod_alias.so
  #LoadModule rewrite_module modules/mod_rewrite.so
  #own additions:
  LoadModule php5_module modules/libphp5.so
  <IfModule unixd_module>
  # If you wish httpd to run as a different user or group, you must run
  # httpd as root initially and it will switch.
  # User/Group: The name (or #number) of the user/group to run httpd as.
  # It is usually good practice to create a dedicated user and group for
  # running httpd, as with most system services.
  User http
  Group http
  </IfModule>
  # 'Main' server configuration
  # The directives in this section set up the values used by the 'main'
  # server, which responds to any requests that aren't handled by a
  # <VirtualHost> definition. These values also provide defaults for
  # any <VirtualHost> containers you may define later in the file.
  # All of these directives may appear inside <VirtualHost> containers,
  # in which case these default settings will be overridden for the
  # virtual host being defined.
  # ServerAdmin: Your address, where problems with the server should be
  # e-mailed. This address appears on some server-generated pages, such
  # as error documents. e.g. [email protected]
  ServerAdmin [email protected]
  # ServerName gives the name and port that the server uses to identify itself.
  # This can often be determined automatically, but we recommend you specify
  # it explicitly to prevent problems during startup.
  # If your host doesn't have a registered DNS name, enter its IP address here.
  #ServerName www.example.com:80
  # Deny access to the entirety of your server's filesystem. You must
  # explicitly permit access to web content directories in other
  # <Directory> blocks below.
  <Directory />
  Options FollowSymLinks
  AllowOverride none
  Require all denied
  </Directory>
  # Note that from this point forward you must specifically allow
  # particular features to be enabled - so if something's not working as
  # you might expect, make sure that you have specifically enabled it
  # below.
  # DocumentRoot: The directory out of which you will serve your
  # documents. By default, all requests are taken from this directory, but
  # symbolic links and aliases may be used to point to other locations.
  DocumentRoot "/srv/http"
  <Directory "/srv/http">
  # Possible values for the Options directive are "None", "All",
  # or any combination of:
  # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
  # Note that "MultiViews" must be named *explicitly* --- "Options All"
  # doesn't give it to you.
  # The Options directive is both complicated and important. Please see
  # http://httpd.apache.org/docs/2.4/mod/core.html#options
  # for more information.
  Options Indexes FollowSymLinks
  # AllowOverride controls what directives may be placed in .htaccess files.
  # It can be "All", "None", or any combination of the keywords:
  # AllowOverride FileInfo AuthConfig Limit
  AllowOverride None
  # Controls who can get stuff from this server.
  Require all granted
  </Directory>
  # DirectoryIndex: sets the file that Apache will serve if a directory
  # is requested.
  <IfModule dir_module>
  DirectoryIndex index.html
  </IfModule>
  # The following lines prevent .htaccess and .htpasswd files from being
  # viewed by Web clients.
  <Files ".ht*">
  Require all denied
  </Files>
  # ErrorLog: The location of the error log file.
  # If you do not specify an ErrorLog directive within a <VirtualHost>
  # container, error messages relating to that virtual host will be
  # logged here. If you *do* define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  ErrorLog "/var/log/httpd/error_log"
  # LogLevel: Control the number of messages logged to the error_log.
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
  <IfModule log_config_module>
  # The following directives define some format nicknames for use with
  # a CustomLog directive (see below).
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  <IfModule logio_module>
  # You need to enable mod_logio.c to use %I and %O
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
  </IfModule>
  # The location and format of the access logfile (Common Logfile Format).
  # If you do not define any access logfiles within a <VirtualHost>
  # container, they will be logged here. Contrariwise, if you *do*
  # define per-<VirtualHost> access logfiles, transactions will be
  # logged therein and *not* in this file.
  CustomLog "/var/log/httpd/access_log" common
  # If you prefer a logfile with access, agent, and referer information
  # (Combined Logfile Format) you can use the following directive.
  #CustomLog "/var/log/httpd/access_log" combined
  </IfModule>
  <IfModule alias_module>
  # Redirect: Allows you to tell clients about documents that used to
  # exist in your server's namespace, but do not anymore. The client
  # will make a new request for the document at its new location.
  # Example:
  # Redirect permanent /foo http://www.example.com/bar
  # Alias: Maps web paths into filesystem paths and is used to
  # access content that does not live under the DocumentRoot.
  # Example:
  # Alias /webpath /full/filesystem/path
  # If you include a trailing / on /webpath then the server will
  # require it to be present in the URL. You will also likely
  # need to provide a <Directory> section to allow access to
  # the filesystem path.
  # ScriptAlias: This controls which directories contain server scripts.
  # ScriptAliases are essentially the same as Aliases, except that
  # documents in the target directory are treated as applications and
  # run by the server when requested rather than as documents sent to the
  # client. The same rules about trailing "/" apply to ScriptAlias
  # directives as to Alias.
  ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
  </IfModule>
  <IfModule cgid_module>
  # ScriptSock: On threaded servers, designate the path to the UNIX
  # socket used to communicate with the CGI daemon of mod_cgid.
  #Scriptsock cgisock
  </IfModule>
  # "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
  # CGI directory exists, if you have that configured.
  <Directory "/srv/http/cgi-bin">
  AllowOverride None
  Options None
  Require all granted
  </Directory>
  <IfModule mime_module>
  # TypesConfig points to the file containing the list of mappings from
  # filename extension to MIME-type.
  TypesConfig conf/mime.types
  # AddType allows you to add to or override the MIME configuration
  # file specified in TypesConfig for specific file types.
  #AddType application/x-gzip .tgz
  # AddEncoding allows you to have certain browsers uncompress
  # information on the fly. Note: Not all browsers support this.
  #AddEncoding x-compress .Z
  #AddEncoding x-gzip .gz .tgz
  # If the AddEncoding directives above are commented-out, then you
  # probably should define those extensions to indicate media types:
  AddType application/x-compress .Z
  AddType application/x-gzip .gz .tgz
  # AddHandler allows you to map certain file extensions to "handlers":
  # actions unrelated to filetype. These can be either built into the server
  # or added with the Action directive (see below)
  # To use CGI scripts outside of ScriptAliased directories:
  # (You will also need to add "ExecCGI" to the "Options" directive.)
  #AddHandler cgi-script .cgi
  # For type maps (negotiated resources):
  #AddHandler type-map var
  # Filters allow you to process content before it is sent to the client.
  # To parse .shtml files for server-side includes (SSI):
  # (You will also need to add "Includes" to the "Options" directive.)
  #AddType text/html .shtml
  #AddOutputFilter INCLUDES .shtml
  </IfModule>
  # The mod_mime_magic module allows the server to use various hints from the
  # contents of the file itself to determine its type. The MIMEMagicFile
  # directive tells the module where the hint definitions are located.
  #MIMEMagicFile conf/magic
  # Customizable error responses come in three flavors:
  # 1) plain text 2) local redirects 3) external redirects
  # Some examples:
  #ErrorDocument 500 "The server made a boo boo."
  #ErrorDocument 404 /missing.html
  #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
  #ErrorDocument 402 http://www.example.com/subscription_info.html
  # MaxRanges: Maximum number of Ranges in a request before
  # returning the entire resource, or one of the special
  # values 'default', 'none' or 'unlimited'.
  # Default setting is to accept 200 Ranges.
  #MaxRanges unlimited
  # EnableMMAP and EnableSendfile: On systems that support it,
  # memory-mapping or the sendfile syscall may be used to deliver
  # files. This usually improves server performance, but must
  # be turned off when serving from networked-mounted
  # filesystems or if support for these functions is otherwise
  # broken on your system.
  # Defaults: EnableMMAP On, EnableSendfile Off
  #EnableMMAP off
  #EnableSendfile on
  # Supplemental configuration
  # The configuration files in the conf/extra/ directory can be
  # included to add extra features or to modify the default configuration of
  # the server, or you may simply copy their contents here and change as
  # necessary.
  # Server-pool management (MPM specific)
  Include conf/extra/httpd-mpm.conf
  # Multi-language error messages
  Include conf/extra/httpd-multilang-errordoc.conf
  # Fancy directory listings
  Include conf/extra/httpd-autoindex.conf
  # Language settings
  Include conf/extra/httpd-languages.conf
  # User home directories
  Include conf/extra/httpd-userdir.conf
  # Real-time info on requests and configuration
  #Include conf/extra/httpd-info.conf
  # Virtual hosts
  #Include conf/extra/httpd-vhosts.conf
  # Local access to the Apache HTTP Server Manual
  #Include conf/extra/httpd-manual.conf
  # Distributed authoring and versioning (WebDAV)
  #Include conf/extra/httpd-dav.conf
  # Various default settings
  Include conf/extra/httpd-default.conf
  # Include owncloud
  Include /etc/httpd/conf/extra/owncloud.conf
  Include conf/extra/php5_module.conf
  # Configure mod_proxy_html to understand HTML4/XHTML1
  <IfModule proxy_html_module>
  Include conf/extra/proxy-html.conf
  </IfModule>
  # Secure (SSL/TLS) connections
  Include conf/extra/httpd-ssl.conf
  # Note: The following must must be present to support
  # starting without SSL on platforms with no /dev/random equivalent
  # but a statically compiled-in mod_ssl.
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  # uncomment out the below to deal with user agents that deliberately
  # violate open standards by misusing DNT (DNT *must* be a specific
  # end-user choice)
  #<IfModule setenvif_module>
  #BrowserMatch "MSIE 10.0;" bad_DNT
  #</IfModule>
  #<IfModule headers_module>
  #RequestHeader unset DNT env=bad_DNT
  #</IfModule>
  thanks!
  Last edited by Carl Karl (2014-05-06 07:40:53)

  OK, solved.
  What I made wrong:
  https://localhost leads to the apache page
  https://localhost/owncloud leads to the owncloud page.
  (Just as an information if there are other apache noobs like me...)

• Web service client not working with HTTP Analyzer turned on

  So the subject explains it all.
  I have a simple JAXWS web service with @Policy(uri = "policy:Wssp1.2-2007-Https.xml") on remote secured (real SSL cert) Weblogic 10.3.5.
  A simple client is generated in JDev 11.1.2.3 and run on my machine locally.
  I'm really not sure I've tuned everything right with client certificates but the thing is when JDeveloper HTTP Analyzer is turned on client run gives bad_certificate SSLException.
  With Analyzer turned off the service call is successfull.
  javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from localhost - 127.0.0.1 --> wl1n2.miit.ru was not trusted causing SSL handshake failureCould someone explain me this issue?

  Puthanampatti,
  First of all, how am I to determine what security folder is being used for certificates when I run local client in JDev?
  My JDev folder is D:\JDeveloper-11.1.2.*3* and there's D:\JDeveloper-11.1.2.3\jdk160_24\jre\lib\security
  My JDEV_USER_DIR is set to another folder: D:\JDeveloper-11.1.2.*2* \home so I'm not sure where should I import certificates.
  To import a certificate I:
  Open our https web site in Chrome browser. Click the HTTPS mark and expoer the certificate as Base64 (does it matter what encoding to use?) .cer file.
  Then I open Windows command line and run setDomainEnv in my local weblogic folder:
  D:\JDeveloper-11.1.2.2\home\system11.1.2.3.39.62.76.1\DefaultDomain\bin\setDomainEnv.exe
  cd D:\JDeveloper-11.1.2.3\jdk160_24\jre\lib\security
  keytool -import -alias miitcert -keystore cacerts -file d:\cer\miit-base64.cerA bit confusing might be the fact that system11.1.2.*3* folder is inside JDeveloper-11.1.2.*2* folder but that is how it is.
  So that were the steps I did to import a certificate, but the problem with HTTP Analyzer is still here.
  And what is demotrust.jks? There's no such file in security folder.

• Only HTTPS requests are working for SOAP Sender and HTTP not working

  wHi Experts,
  We have enabled our HTTPS port ( SSL ) in NWA -- >> Security -- >> SSL and Key stores. So understanding is HTTPS port is now enabled on top of HTTP. So PI should be able to cater requests at both ports.
  Now, we have developed a synchronous SOAP to RFC scenario and downloaded WSDL file. This file has both links -
  a. http:<host>:<port>
  b. https:<host>:<port>
  We intend to make a PI system where both ports can work. Now questions.
  1. When we test web service exposed from PI using SOAPUI tool, only HTTPS works fine and gets the response back. If we try HTTP URL, an error is encountered - HTTTPS scheme is required.
  2. Is this whole understanding that both ports  ( HTTP, HTTPS ) should be able to operate simultaneously correct ? Or this is not at all possible ?
  3. In SOAP Sender, we tried selecting all 3 options - 1. HTTP 2. HTTPS without client authentication 3. HTTPS with client authentication.
     None of the options have any effect on testing, Each time, only HTTPS request works and HTTP doesn't.
  Can anyone please provide some hints for troubleshooting ?
  Thanks..
  regards,
  Rajagopal.

  The error "HTTPS scheme is required" is normally returned when the HTTP Security Level on the SOAP adapter is not set to "HTTP". I can see you have mentioned you have tried all these, maybe a cache refresh has gone wrong? Could try recreating the channel with just HTTP specified as security level and this should allow HTTP or HTTPS
  I assume you are using a different port number for  your HTTP and HTTPS requests from SOAP UI. Normally the HTTPS port is the same as the HTTP port number but the final zero changed to a 1 i.e. https://<host>:50001 instead of http://<host>:50000.
  You should be able to confirm both HTTP and HTTPS work OK by loading some of the system webpages in a browser over HTTP and over HTTPS i.e. http://<host>:<port>/nwa and https://<host>:<port>/nwa
  Chris

• X-Forwarded-For HTTP header behaviour with web dispatcher

  can anybody specify the behavior of Web Dispatcher regarding the X-Forwarded-For HTTP header?
  When a client accesses SAP EP via proxy1, proxy2 and Web Dispatcher in
  this order, is it guaranteed that the format of the X-Forwarded-For
  HTTP header that I can refer at SAP EP becomes the following forms?
  X-Forwarded-For: client, proxy1, proxy2
  In other words, is it guaranteed by Web Dispatcher that the rightmost
  IP address, proxy2 in this example, is the closest downstream client?
  thanks in advance.

  Hi Jane
  I am not sure what exactly are you looking for but the following link is a general doc on administration of web dispatcher.Please see if this helps.
  http://help.sap.com/saphelp_nw70/helpdata/en/f5/51c7d170bc4a98b1b5a0339213af57/content.htm
  Regards
  Chen

• Insert https x-forwarded-for

  Hello all,
  I have an ACE 4700 and It is balancing a web aplication using tcp ports 80 (http) and 443 (https). The configuration of ACE is in One-Arm, it means that the ACE does a NAT to client IP source address.
  For requeriment legal the web aplication must to show the client IP source address in the web site, but with configurationin One-Arm only shows the IP address ACE.
  Whit the next configuration I can insert into the http packet the client IP source address
  policy-map type loadbalance first-match L7_LB_POLICY_SURA.COM.CO
    class class-default
      serverfarm sura.com.co
     insert-http X-Forwarded-For header-value "%is"
  but that don´t work with HTTPS (443)
  How do I do in HTTPS?
  If I buy this licenses, Can I do this?
  ACE-AP-SSL-05K-K9         
  ACE-AP-SSL-07K-K9         
  ACE-AP-SSL-100-K9         
  ACE-AP-SSL-UP1-K9         
  ACE-AP-SSLUP-5K-K9        
  Thanks.
  Haiver Bermon

  Hi,
  you don't need to buy any license.
  By default the ACE can do SSL Offload (1000 Transactions per Second). This means that the HTTS session is terminated at the ACE (and no longer at the server).
  Take a look at following example on how to configure ssl offload:
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3045.shtml
  HTH,
  Dario

• Service not started for HTTPS in SMICM

  I'm in the process to configure SSL for SAP Web AS. As per documentation, i set the following parameter in profile file:
  icm/server_port_1 = PROT=HTTPS,PORT=1443,TIMEOUT=900
  Now when i'm checking the Service display in SMICM tcode,  Service seem to be de-activated for HTTPS protocol.
  Pls suggest to resolve this problem.
  1  HTTP               8078                 dbcixpd.mitel.com           30  --> This is active
  2  HTTPS             1443                 dbcixpd.mitel.com           30 --> Not Active
  Regards
  Amar

  Hi
  1. You need to add the cryptographic file on your OS
  2. You need to config following parameter in RZ10
  icm/host_name_full
  ssf/name
  ssf/name                                    SAPSECULIB
  ssf/ssfapi_lib                              /usr/sap/SR1/SYS/exe/run/libsapcrypto.o
  sec/libsapsecu                              /usr/sap/SR1/SYS/exe/run/libsapcrypto.o
  icm/server_port_2                           PROT=HTTPS,PORT=3443
  icm/HTTPS/verify_client                     1
  ssl/ssl_lib                                 /usr/sap/SR1/SYS/exe/run/libsapcrypto.o
  login/accept_sso2_ticket                    1
  login/create_sso2_ticket                    2
  Restart the system
  Go to transaction STRUSTSSO2 and update the values
  i think these updates are to be done byt he BASIS guys ( SAP Admin )
  Regards
  Vijaya

• TMG Proxy not connecting internal HTTPS connection

  Dear All,
  I am working government org, and there are many internal HTTP and HTTPS sites which is going/thought to proxy tmg(2010) server.internal clients are able to connect to http sites but they are not connect to https sites and all server application are come
  to internal intranet network
  i am trying to add https access rule and some basic troubleshooting but governmant clients not able to open internal application https sites.
  my question is that is that possible?
  if possible how to make a rule or redirect https connection?
  Thanks for advanced

  Hi,
  Pelase check the article below.
  In some business scenarios, internal clients protected by Microsoft Internet Security and Acceleration (ISA) Server 2004 may require access to secure Internet Web sites. This scenario can be configured as follows:
          Configure a tunneled Secure Sockets Layer (SSL) end-to-end secure HTTP (HTTPS) connection between the internal client and the external Web site.
          Configure clients to request the external Web site using Hypertext Transfer Protocol (HTTP), and then redirect the request from the ISA Server computer to the site using HTTPS.
  Configuring Internal Client Acess to Web Sites over SSL
  https://technet.microsoft.com/en-us/library/cc302568.aspx
  Best Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• HTTP Error 405 - The HTTP verb used to access this page is not .....

  Goodmorning,
  I've installed BO XI R3 SP4 on a 2k3-server with IIS 6.0. I wanted to configurate the SSO. After changing the web.config file and restart of the IIS , I get the following error :
  HTTP Error 405 - The HTTP verb used to access this page is not allowed.
  Internet Information Services (IIS)
  The frame where you normally are using for authentication has this error, the frame around is normal.
  Hope someony can help, thx in advance

  I can't fin a upload button , so the file in plain text gepasted
  Hope it is readable :
  #Software: Microsoft Internet Information Services 6.0
  #Version: 1.0
  #Date: 2012-02-29 12:19:21
  #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/logon.aspx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/res/schema.blue/default.css.ashx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/js/utils.js.ashx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/js/helpSystem.js.ashx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logon.pattern 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/listing/blank.aspx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logo 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/logon/logon.aspx parameter=logonService 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 POST /PlatformServices/Shared/Logon/Logon.aspx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 405 0 1
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/logon.aspx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/res/schema.blue/default.css.ashx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/js/utils.js.ashx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/js/helpSystem.js.ashx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/listing/blank.aspx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logon.pattern 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logo 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/logon/logon.aspx parameter=logonService 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 POST /PlatformServices/Shared/Logon/Logon.aspx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 405 0 1
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 OPTIONS /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 200 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  Thx in advance for your reply

• Not able to HTTP to SUB and SSH is not allowing any command to execute

  Hi All,
  I came across an issue, where CUCM SUB is not accessible by HTTP/S and SSH is giving following output while trying to re-start or executing any command :
  admin:utils service list
  /usr/java/jdk1.6.0_24/jre/lib/rt.jar: error reading zip file
  Exception in thread "main" java.lang.NoClassDefFoundError: java/net/ConnectException
          at com.cisco.iptplatform.cli.CliClassLauncher.<init>(CliClassLauncher.java:86)
          at sdMain.main(sdMain.java:1824)
  Caused by: java.lang.ClassNotFoundException: java.net.ConnectException
          at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
          at java.security.AccessController.doPrivileged(Native Method)
          at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
          at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
          at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
          at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
          ... 2 more
  Caused by: java.util.zip.ZipException: error reading zip file
          at java.util.zip.ZipFile.read(Native Method)
          at java.util.zip.ZipFile.access$1200(ZipFile.java:31)
          at java.util.zip.ZipFile$ZipFileInputStream.read(ZipFile.java:460)
          at sun.misc.Resource.getBytes(Resource.java:108)
          at java.net.URLClassLoader.defineClass(URLClassLoader.java:257)
          at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
          at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
          ... 7 more
  Any inputs please ??  Waiting for a hard re-boot to the device bit not sure if that would resolve the issue, Also when I first logged into SUB using SSH , I got the following :
  Command Line Interface is starting up, please wait ...
  java.io.FileNotFoundException: /var/log/active/platform/log/cli.bin (Read-only f                             ile system)
          at java.io.RandomAccessFile.open(Native Method)
          at java.io.RandomAccessFile.<init>(RandomAccessFile.java:212)
          at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.restoreIndex(c                             iscoRollingFileAppender.java:100)
          at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.setFile(ciscoR                             ollingFileAppender.java:43)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.                             java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces                             sorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.apache.log4j.config.PropertySetter.setProperty(PropertySetter.jav                             a:196)
          at org.apache.log4j.config.PropertySetter.setProperty(PropertySetter.jav                             a:155)
          at org.apache.log4j.xml.DOMConfigurator.setParameter(DOMConfigurator.jav                             a:530)
          at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.ja                             va:182)
          at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurat                             or.java:140)
          at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfi                             gurator.java:153)
          at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOM                             Configurator.java:415)
          at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:3                             84)
          at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:783)
          at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java                             :666)
          at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java                             :616)
          at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java                             :584)
          at org.apache.log4j.xml.DOMConfigurator.configure(DOMConfigurator.java:6                             87)
          at sdMain.initialize(sdMain.java:479)
          at sdMain.main(sdMain.java:646)
  java.lang.NullPointerException
          at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.updateIndex(ci                             scoRollingFileAppender.java:117)
          at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.nextFileName(c                             iscoRollingFileAppender.java:92)
          at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.append(ciscoRo                             llingFileAppender.java:74)
          at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:221)
          at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders                             (AppenderAttachableImpl.java:57)
          at org.apache.log4j.Category.callAppenders(Category.java:187)
          at org.apache.log4j.Category.forcedLog(Category.java:372)
          at org.apache.log4j.Category.debug(Category.java:241)
          at com.cisco.iptplatform.cli.CliSettings.getInstance(CliSettings.java:10                             6)
          at sdMain.initialize(sdMain.java:491)
          at sdMain.main(sdMain.java:646)
  log4j:ERROR No output stream or file set for the appender named [CLI_LOG].
  /usr/java/jdk1.6.0_24/jre/lib/rt.jar: error reading zip file
  Exception in thread "Thread-9" java.lang.NoClassDefFoundError: java/net/URI$Pars                             er
          at java.net.URI.<init>(URI.java:578)
          at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:350)
          at java.net.Socket.connect(Socket.java:529)
          at java.net.Socket.connect(Socket.java:478)
          at java.net.Socket.<init>(Socket.java:375)
          at java.net.Socket.<init>(Socket.java:189)
          at com.cisco.ccm.util.ncs.NcsClient.connect(NcsClient.java:342)
          at com.cisco.ccm.util.ncs.NcsClient$ReceiveThread.run(NcsClient.java:447                             )
     Welcome to the Platform Command Line Interface
      WARNING:
          The /common file system is mounted read only.
          Please use Recovery Disk to check the file system using fsck.
  Cheers
  Anjali

  Check this Bug: CSCti52867 - https://supportforums.cisco.com/docs/DOC-12955
  I have a customer with this same problem, we use to use the Callmanager Recovery DVD, as Amine said, to recover the HD. But some times reseting the server resolved the problem.
  Mártin

• Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests

  Hi,
  We are using SCCM 2012 sp1 cu5 with one primary in the datacenter and a number of local DP's which are presently servicing 200 users, but will rise to 12,000. The Application Catalogue is installed on the primary server.
  Once a day we get the above error and the message id is 8101, and sometimes a user will have to click on install twice, with the first one failing (the ones that fail are normally with dependencies which are quite large in size around 250MB)
  I'm just wondering if this is something I should be concerned about, especially since we will be ramping up user numbers in the next few weeks, and if it could be down to volume of traffic, although the apps are downloaded to the users local DP.
  Also, does this design look suitable to service this amount of users, or should I have local application catalogues? The WAN bandwith between the datacenter and the user sites has recently been upgraded and is pretty fast.
  Thanks
  Jaz

  Hi Torsten,
  Message ID is in the SMS_AWEBSVC_CONTROL_MANAGER status log and equates to "Application Web Service Manager detected AWEBSVC is not responding to HTTP requests. The http error is 12002.
  Then, about 1 hr later in the same monitoring log I get Message ID 8102 "Application Web Service Control Manger detected AWEBSVC is responding to HTTP requests.
  At the moment it isn't doing this very often, just once a day at different times normally, but it has also logged this a couple of times as well. I guess it may correspond to multiple users accessing the web portal at multiple times, but wondered if
  anyone else has seen this behaviour and how it was fixed.
  Thanks
  Jaz

• Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests. The http status code and text is 400, Bad Request.

  Hi All,
  I am seeing the following error for SMS_AWEBSVC_CONTROL_MANAGER component with Message ID: 8100
  Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests.  The http status code and text is 400, Bad Request.
  awebsctl.log file has below errors:
  Call to HttpSendRequestSync failed for port 80 with status code 400, text: Bad Request
  SMS_AWEBSVC_CONTROL_MANAGER 12/22/2014 3:37:55 PM
  13920 (0x3660)
  AWEBSVCs http check returned hr=0, bFailed=1
  SMS_AWEBSVC_CONTROL_MANAGER 12/22/2014 3:37:55 PM
  13920 (0x3660)
  AWEBSVC's previous status was 1 (0 = Online, 1 = Failed, 4 = Undefined)
  SMS_AWEBSVC_CONTROL_MANAGER 12/22/2014 3:37:55 PM
  13920 (0x3660)
  Health check request failed, status code is 400, 'Bad Request'.
  SMS_AWEBSVC_CONTROL_MANAGER 12/22/2014 3:37:55 PM
  13920 (0x3660)
  Management point and Application Catalog Website Point are installed on the same Server where I am seeing the error for Application Catalog Web Service Point role. Management Point and Application Catalog Website Point are functioning properly. Application
  Catalog Website is working.
  Thanks & Regards, Kedar

  Hi Jason,
  Application Catalog Web Service Point and Application Catalog Website Point; both are installed as per below configuration on same Server:
  IIS Website: Default Web Site
  Port Number: 80
  with default value for Web Application Name configured.
  For SMS_AWEBSVC_CONTROL_MANAGER component, I am getting below error in Component Status:
  Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests.  The http status code and text is 400, Bad Request.
  Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which AWEBSVC is configured to communicate. 
  Solution: Verify that the designated Web Site is configured to use the same ports which AWEBSVC is configured to use.
  Possible cause: The designated Web Site is disabled in IIS. 
  Solution: Verify that the designated Web Site is enabled, and functioning properly.
  For more information, refer to Microsoft Knowledge Base.
  And awebsctl.log has the below error lines:
  Call to HttpSendRequestSync failed for port 80 with status code 400, text: Bad Request
  SMS_AWEBSVC_CONTROL_MANAGER
  12/23/2014 11:04:36 AM 16388 (0x4004)
  AWEBSVCs http check returned hr=0, bFailed=1
  SMS_AWEBSVC_CONTROL_MANAGER
  12/23/2014 11:04:36 AM 16388 (0x4004)
  AWEBSVC's previous status was 1 (0 = Online, 1 = Failed, 4 = Undefined)
  SMS_AWEBSVC_CONTROL_MANAGER
  12/23/2014 11:04:36 AM 16388 (0x4004)
  Health check request failed, status code is 400, 'Bad Request'.
  SMS_AWEBSVC_CONTROL_MANAGER
  12/23/2014 11:04:36 AM 16388 (0x4004)
  STATMSG: ID=8100
  What should I check from IIS side?
  Application Catalog Website is functioning properly.
  Thanks & regards,
  Kedar
  Thanks & Regards, Kedar