Internet Client Not talking to DMZ MP

I am facing issues in communication of Internet Client to my MP sitting in DMZ.
Scenario:
Primary Site 2012
MP, DP role installed Site system in DMZ domain joined.
DMZ talking to DC, and site server, bidirectional.
Installed MP and DP role, with Internet only client, created FQDN, and published FQDN to public DNS
created certs following steps in http://www.systemcenterdudes.com/internet-based-client-management/.
Tried installing client manually in domain, using switches ccmsetup.exe /usePKICert /NoCRLCheck CCMHOSTNAME="MP public FQDN" DNSSUFFIX="public DNS" SMSSITECODE=XXX
When moved the client to open internet, I see below error in locations services.log
Attempting to retrieve site information from lookup MP(s) via HTTPS
LocationServices 3/18/2015 4:28:41 PM
2424 (0x0978)
Failed to send site information Location Request Message to XXXXXXX
LocationServices 3/18/2015 4:29:01 PM
2424 (0x0978)
Attempting to retrieve site information from lookup MP(s) via HTTP
LocationServices 3/18/2015 4:29:01 PM
2424 (0x0978)
Failed to refresh security settings over MP with error 0x80004005.
LocationServices 3/18/2015 4:29:01 PM
2424 (0x0978)
No security settings update detected. LocationServices
3/18/2015 4:29:01 PM 2424 (0x0978)
Using INF MP XXXXXXXXXXX as lookup MP. LocationServices
3/18/2015 4:29:01 PM 2424 (0x0978)
Attempting to retrieve site information from lookup MP(s) via HTTPS
LocationServices 3/18/2015 4:29:01 PM
2424 (0x0978)
Failed to send site information Location Request Message to XXX
LocationServices 3/18/2015 4:29:08 PM
2424 (0x0978)
Attempting to retrieve site information from lookup MP(s) via HTTP
LocationServices 3/18/2015 4:29:08 PM
2424 (0x0978)
Failed to refresh Site Signing Certificate over MP with error 0x80004005.
LocationServices 3/18/2015 4:29:08 PM
2424 (0x0978)
Refreshing Site Signing Certificate over HTTP
LocationServices 3/18/2015 4:29:08 PM
2424 (0x0978)
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
LocationServices 3/18/2015 4:29:26 PM
2424 (0x0978)
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
LocationServices 3/18/2015 4:29:26 PM
2424 (0x0978)
[CCMHTTP] : dwStatusInformationLength is 4
LocationServices
3/18/2015 4:29:26 PM 2424 (0x0978)
[CCMHTTP] : *lpvStatusInformation is 0x10
LocationServices
3/18/2015 4:29:26 PM 2424 (0x0978)
[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set
LocationServices
3/18/2015 4:29:26 PM 2424 (0x0978)
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
LocationServices 3/18/2015 4:29:26 PM
2424 (0x0978)
Raising event:
instance of CCM_CcmHttp_Status
ClientID = "GUID:8BD27970-C69F-483D-A7E5-0DC76DC7A836";
DateTime = "20150318105926.499000+000";
HostName = "XXXXXXXX";
HRESULT = "0x80072f8f";
ProcessID = 5868;
StatusCode = 16;
ThreadID = 2424;
LocationServices
3/18/2015 4:29:26 PM 2424 (0x0978)
Failed to send request to /SMS_MP/.sms_aut?SITESIGNCERT at host XXX, error 0x2f8f
LocationServices 3/18/2015 4:29:26 PM
2424 (0x0978)
[CCMHTTP] ERROR: URL=https://XXXXXXXX/SMS_MP/.sms_aut?SITESIGNCERT, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE
LocationServices 3/18/2015 4:29:26 PM
2424 (0x0978)
Successfully sent location services HTTPS failure message.
LocationServices 3/18/2015 4:29:27 PM
2424 (0x0978)
Failed to refresh Site Signing Certificate over HTTP with error 0x80072f8f.
LocationServices 3/18/2015 4:29:27 PM
2424 (0x0978)
Using INF MP XXXXXXXX as lookup MP. LocationServices
3/18/2015 4:29:27 PM 2424 (0x0978)
Attempting to retrieve default management points from lookup MP(s) via HTTPS
LocationServices 3/18/2015 4:29:27 PM
2424 (0x0978)
LSGetManagementPointsForSiteFromManagementPoint: Client is on Internet, skipping Intranet MP list request.
LocationServices 3/18/2015 4:29:27 PM
2424 (0x0978)
Unable to retrieve compatible MP(s) from AD
LocationServices 3/18/2015 4:29:27 PM
2424 (0x0978)
LSGetManagementPointsForSite: Domain joined client is in Internet - INF MP will be used to get other INF MPs.
LocationServices 3/18/2015 4:29:27 PM
2424 (0x0978)
LSUpdateInternetManagementPoints LocationServices
3/18/2015 4:29:27 PM 2424 (0x0978)
Current AD site of machine is XXXXX LocationServices
3/18/2015 4:29:27 PM 2424 (0x0978)
Failed to send management point list Location Request Message to XXXXX
LocationServices 3/18/2015 4:29:34 PM
2424 (0x0978)
LSUpdateInternetManagementPoints: Failed to retrieve internet MPs from MP XXX with error 0x87d00231, retaining previous list.
LocationServices 3/18/2015 4:29:34 PM
2424 (0x0978)
There is no AMP for site code XXXX Nulling existing entry in WMI
LocationServices 3/18/2015 4:29:34 PM
2424 (0x0978)
Assigned MP changed from XXXXXXXX to <>.
LocationServices 3/18/2015 4:29:34 PM
2424 (0x0978)
Persisted Default Management Point Locations locally
LocationServices 3/18/2015 4:29:34 PM
2424 (0x0978)
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
LocationServices 3/18/2015 4:29:37 PM
2432 (0x0980)
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
LocationServices 3/18/2015 4:29:41 PM
2432 (0x0980)
[CCMHTTP] : dwStatusInformationLength is 4
LocationServices
3/18/2015 4:29:41 PM 2432 (0x0980)
[CCMHTTP] : *lpvStatusInformation is 0x10
LocationServices
3/18/2015 4:29:41 PM 2432 (0x0980)
[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID is set
LocationServices
3/18/2015 4:29:41 PM 2432 (0x0980)
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
LocationServices 3/18/2015 4:29:41 PM
2432 (0x0980)
Raising event:
instance of CCM_CcmHttp_Status
ClientID = "GUID:8BD27970-C69F-483D-A7E5-0DC76DC7A836";
DateTime = "20150318105941.428000+000";
HostName = "XXXXXXXX";
HRESULT = "0x80072f8f";
ProcessID = 5868;
StatusCode = 16;
ThreadID = 2432;
LocationServices
3/18/2015 4:29:41 PM 2432 (0x0980)
Failed to send request to /SMS_MP/.sms_aut?MPLIST2&XXXXX at host XXXXXXX, error 0x2f8f
LocationServices 3/18/2015 4:29:41 PM
2432 (0x0980)
[CCMHTTP] ERROR: URL=https://XXXXXXXX/SMS_MP/.sms_aut?MPLIST2&XXXXX, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE
LocationServices 3/18/2015 4:29:41 PM
2432 (0x0980)
Successfully sent location services HTTPS failure message.
LocationServices 3/18/2015 4:29:41 PM
2432 (0x0980)
Failed to send web service info Location Request Message
LocationServices 3/18/2015 4:29:41 PM
2424 (0x0978)
Modassir Khan

Hi,
Here is a blog has a similar problem that a Certificate Revocation List was not configured. You could have a look to check if you missed anything.
Certificate Revocation Lists and Your Config Manager Client
Note:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Best Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Similar Messages

SCCM design DMZ for intranet and internet clients

Hello,
I am looking for some design recommendations for my test environment that I would like to apply to one production environment (I already posted about this topic but I still have some questions).
I am working with 2 domains (2 forests) with no trust relationships.
Domain A : internal
Domain B : DMZ
From a firewall point of view, only the ports from the internal to the DMZ will be opened.
From the internet to the DMZ, only HTTPS will be opened.
Currently, I only manage the clients connected to the internal domain.
I would like to deploy a new management point in DMZ that will allow me to manage my DMZ clients (servers) and my Internet clients (laptops).
Should I use 2 management points ? Is it supported ?
- one for the DMZ clients
- one dedicated to my internet clients
If I use only one MP, should I allow Intranet and Internet clients ?
Should I allow my DMZ clients to communicate with the internal management point (port 80) and only use the MP in DMZ for my Internet clients.
The only documents I can find on Technet require too many ports to be opened in the firewall (From DMZ to Internal) and can't be applied to my environment.
Thanks.

Have a look at the following blog which explains your queries comprehensively.
http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx
-RG

VPN clients not able to ping Remote PCs & Servers : ASA 5520

VPN is connected successfully. But not able to ping any remote ip or fqdn from client pc. But able to ping ASA 5520 firewalls inside interface. Also some clients able to access, some clients not able to access. I new to these firewalls. I tried most of ways from internet, please any one can help asap.
Remote ip section : 192.168.1.0/24
VPN IP Pool : 192.168.5.0/24
Running Config :
ip address 192.168.1.2 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
passwd z40TgSyhcLKQc3n1 encrypted
boot system disk0:/asa722-k8.bin
ftp mode passive
clock timezone GST 4
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 213.42.20.20
domain-name default.domain.invalid
access-list outtoin extended permit tcp any host 83.111.113.114 eq 3389
access-list outtoin extended permit tcp any host 83.111.113.113 eq https
access-list outtoin extended permit tcp any host 83.111.113.114 eq smtp
access-list outtoin extended permit tcp any host 83.111.113.114 eq https
access-list outtoin extended permit tcp any host 83.111.113.114 eq www
access-list outtoin extended permit tcp any host 83.111.113.115 eq https
access-list outtoin extended permit tcp any host 94.56.148.98 eq 3389
access-list outtoin extended permit tcp any host 83.111.113.117 eq ssh
access-list fualavpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0
92.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 1
2.168.5.0 255.255.255.0
access-list inet_in extended permit icmp any any time-exceeded
access-list inet_in extended permit icmp any any unreachable
access-list inet_in extended permit icmp any any echo-reply
access-list inet_in extended permit icmp any any echo
pager lines 24
logging enable
logging asdm informational
logging from-address [email protected]
logging recipient-address [email protected] level errors
logging recipient-address [email protected] level emergencies
logging recipient-address [email protected] level errors
mtu outside 1500
mtu inside 1500
ip local pool fualapool 192.168.5.10-192.168.5.50 mask 255.255.255.0
ip local pool VPNPool 192.168.5.51-192.168.5.150 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound outside
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) 94.56.148.98 192.168.1.11 netmask 255.255.255.255
static (inside,outside) 83.111.113.114 192.168.1.111 netmask 255.255.255.255
access-group inet_in in interface outside
route outside 0.0.0.0 0.0.0.0 83.111.113.116 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 10
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have no
been met or due to some specific group policy, you do not have permission to u
e any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy fualavpn internal
group-policy fualavpn attributes
dns-server value 192.168.1.111 192.168.1.100
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value fualavpn_splitTunnelAcl
username test password I7ZgrgChfw4FV2AW encrypted privilege 0
username Mohamed password Vqmmt8cR/.Qu7LhU encrypted privilege 0
username Moghazi password GMr7xgdqmGEQ2SVR encrypted privilege 0
username Moghazi attributes
password-storage enable
username fualauaq password E6CgvoOpTKphiM2U encrypted privilege 0
username fualauaq attributes
password-storage enable
username fuala password IFtijSYb7LAOV/IW encrypted privilege 15
username Basher password Djf15nXIJXmayfjY encrypted privilege 0
username Basher attributes
password-storage enable
username fualafac password VGC/7cKXW1A6eyXS encrypted privilege 0
username fualafac attributes
password-storage enable
username fualaab password ONTH8opuP4RKgRXD encrypted privilege 0
username fualaab attributes
password-storage enable
username fualaadh2 password mNEgLxzPBeF4SyDb encrypted privilege 0
username fualaadh2 attributes
password-storage enable
username fualaain2 password LSKk6slwsVn4pxqr encrypted privilege 0
username fualaain2 attributes
password-storage enable
username fualafj2 password lE4Wu7.5s7VXwCqv encrypted privilege 0
username fualafj2 attributes
password-storage enable
username fualakf2 password 38oMUuwKyShs4Iid encrypted privilege 0
username fualakf2 attributes
password-storage enable
username fualaklb password .3AMGUZ1NWU1zzIp encrypted privilege 0
username fualaklb attributes
password-storage enable
username fualastr password RDXSdBgMaJxNLnaH encrypted privilege 0
username fualastr attributes
password-storage enable
username fualauaq2 password HnjodvZocYhDKrED encrypted privilege 0
username fualauaq2 attributes
password-storage enable
username fualastore password wWDVHfUu9pdM9jGj encrypted privilege 0
username fualastore attributes
password-storage enable
username fualadhd password GK8k1MkMlIDluqF4 encrypted privilege 0
username fualadhd attributes
password-storage enable
username fualaabi password eYL0j16kscNhhci4 encrypted privilege 0
username fualaabi attributes
password-storage enable
username fualaadh password GTs/9BVCAU0TRUQE encrypted privilege 0
username fualaadh attributes
password-storage enable
username fualajuh password b9QGJ1GHhR88reM1 encrypted privilege 0
username fualajuh attributes
password-storage enable
username fualadah password JwVlqQNIellNgxnZ encrypted privilege 0
username fualadah attributes
password-storage enable
username fualarak password UE41e9hpvcMeChqx encrypted privilege 0
username fualarak attributes
password-storage enable
username fualasnk password ZwZ7fVglexrCWFUH encrypted privilege 0
username fualasnk attributes
password-storage enable
username rais password HrvvrIw5tEuam/M8 encrypted privilege 0
username rais attributes
password-storage enable
username fualafuj password yY2jRMPqmNGS.3zb encrypted privilege 0
username fualafuj attributes
password-storage enable
username fualamaz password U1YUfQzFYrsatEzC encrypted privilege 0
username fualamaz attributes
password-storage enable
username fualashj password gN4AXk/oGBTEkelQ encrypted privilege 0
username fualashj attributes
password-storage enable
username fualabdz password tg.pB7RXJx2CWKWi encrypted privilege 0
username fualabdz attributes
password-storage enable
username fualamam password uwLjc0cV7LENI17Y encrypted privilege 0
username fualamam attributes
password-storage enable
username fualaajm password u3yLk0Pz0U1n.Q0c encrypted privilege 0
username fualaajm attributes
password-storage enable
username fualagrm password mUt3A60gLJ8N5HVr encrypted privilege 0
username fualagrm attributes
password-storage enable
username fualakfn password ceTa6jmvnzOFNSgF encrypted privilege 0
username fualakfn attributes
password-storage enable
username Fualaain password Yyhr.dlc6/J7WvF0 encrypted privilege 0
username Fualaain attributes
password-storage enable
username fualaban password RCJKLGTrh7VM2EBW encrypted privilege 0
username John password D9xGV1o/ONPM9YNW encrypted privilege 15
username John attributes
password-storage disable
username wrkshopuaq password cFKpS5e6Whp0A7TZ encrypted privilege 0
username wrkshopuaq attributes
password-storage enable
username Talha password 3VoAABwXxVonLmWi encrypted privilege 0
username Houssam password Cj/uHUqsj36xUv/R encrypted privilege 0
username Faraj password w2qYfE3DkYvS/oPq encrypted privilege 0
username Faraj attributes
password-storage enable
username gowth password HQhALLeiQXuIzptCnTv1rA== nt-encrypted privilege 15
username Hameed password 0Kr0N1VRmLuWdoDE encrypted privilege 0
username Hameed attributes
password-storage enable
username Hassan password Uy4ASuiNyEd70LCw encrypted privilege 0
username cisco password IPVBkPI1GLlHurPD encrypted privilege 15
username Karim password 5iOtm58EKMyvruZA encrypted privilege 0
username Shakir password BESX2bAvlbqbDha/ encrypted privilege 0
username Riad password iB.miiOF7qMESlCL encrypted privilege 0
username Azeem password 0zAqiCG8dmLyRQ8f encrypted privilege 15
username Azeem attributes
password-storage disable
username Osama password xu66er.7duIVaP79 encrypted privilege 0
username Osama attributes
password-storage enable
username Mahmoud password bonjr0B19aOQSpud encrypted privilege 0
username alpha password x8WO0aiHL3pVFy2E encrypted privilege 15
username Wissam password SctmeK/qKVNLh/Vv encrypted privilege 0
username Wissam attributes
password-storage enable
username Nabil password m4fMvkTgVwK/O3Ms encrypted privilege 0
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.1.4 255.255.255.255 inside
http 192.168.1.100 255.255.255.255 inside
http 192.168.1.111 255.255.255.255 inside
http 192.168.1.200 255.255.255.255 inside
http 83.111.113.117 255.255.255.255 outside
http 192.168.1.17 255.255.255.255 inside
http 192.168.1.16 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group fualavpn type ipsec-ra
tunnel-group fualavpn type ipsec-ra
tunnel-group fualavpn general-attributes
address-pool fualapool
address-pool VPNPool
default-group-policy fualavpn
tunnel-group fualavpn ipsec-attributes
pre-shared-key *
tunnel-group fualavpn ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
Cryptochecksum:38e41e83465d37f69542355df734db35
: end

Hi,
What about translating the traffic on the local ASA (Active unit) for traffic received from the VPN tunnel to the internal interface IP address? You can try something like nat (outside,inside) source dynamic obj-VpnRemoteTraffic interface destination static StandbyIP StandbyIP
Regards,

Is it possible to connect an iMac to the internet but not to the network?

Hello,
I volunteered to purchase an iMac for our company. This huge company maintains a huge windows-only network environment and IT does not support any macs (nor do they want to have them on the network).
Hence, since we really need this machine to be a mac and not a PC I had to promise to set it up as a stand-alone machine and to get anti-virus protection (as users will be coming in with their jump drives etc). At least for the latter reason (regular updates of virus definitions must be possible) we'd like to have it connected to the internet.
How would I escape the dilemma that as soon as I'd hook it up via ethernet, it would of course get internet but at the same time would see all other machines on the network? (it will sure do so as I had tried it out with some other machine running on the same OS)
Is there a way to configure Snow Leopard to allow for internet but not network access?
Does it make sense at all (for security reasons that is)?
thank you very much,
HD

Is there a way to configure Snow Leopard to allow for internet but not network access?
Well, 'internet' is 'network access' so at one level your question makes no sense.
If, on the other hand, what you want to do is segregate your Mac from the other machines then that's a different issue. There are numerous ways of doing that, but most would involve some level of interaction with the network administrators. Given their ana^H^H^H attitude towards Macs that may be an issue.
The best way would be to setup a separate VLAN for the Mac. This will create a separate logical network within the company network with only this Mac and the network router in it. No PC would see the Mac, and the Mac wouldn't be scarred by seeing all those PCs. This cannot be done without buy-in from the network admins, though.
A step down from that would be to use one PC in the network as a gateway to the rest of the network. The Mac would talk to this PC, and the PC would pass the data out to the rest of the network. This would require admin rights on the PC, though, which you may or may not have (I've seen a lot of corporate networks… :: shudder ::)
The last option would be to setup an entirely separate internet connection for the Mac but there are logistical issues there, too.
My advice: Buy a dozen Krispy Kremes for the network guys and sweet talk them into building you a VLAN.

Client not being recognized on Xsan Admin

I am not able to see both my client computers on the Xsan admin page, and there are some strange things happening.
-My setup consists of two G5 computers (Clients), one Xserve G5 (Metadata Controller), a fiber channel switch, and an Xserve RAID (with 5 drives on the first controller partitioned RAID 0 for a total of 1.8 TB of storage space, and 2 drives on the second controller partitioned RAID 1 for a total of 370 GB to be the controller data).
-For the sake of testing I disabled their internal network controller (connected to a DHCP server), and have them all talking to each other with a second ethernet card. They are all on the same subnet and they can all see each other. They each have a manually assigned IP and are not on an external network
-When I access Xsan admin from the Xserve (using Remote Desktop) I can connect to the Xsan Xserve.local (IP 10.10.1.10). There, under setup, I see the Xserve (which is bold) stating that it is the controller. I also see Client 1 (client). Both have a green light next to them and are reporting no problems with the serial number (note that I am accessing the Xserve using Remote desktop on CLIENT 2). Client 2 is not seen on the computers section of the setup.
-Now when I access Xsan Admin from the Client 2 machine, I get different results. First, when I try to add a SAN, Client's 2 local address is the default. I change it to Xserve.local with the proper name and password, and I get to monitor the Xsan just like I was doing before from the Xserve machine.
-Now if I leave the default address, another Xsan will appear on the left pane (SAN Components). Here is the were it confuses me. Under this new San, I see all 3 machines on the computers list, but the one in bold is the Client 2 machine (the one from which a I am accessing Xsan admin, also the one that was missing from the previous list). If I try to setup the SAN from there, naming the san or continuing the setup it will not allow me (note that all three machines have a green light next to them). It tells me that "Some configuration is invalid; The computer you are connect to must be a controller." The catch here is that it will only let me configure if I am connected to a controller but Client 2 will only appear if I am connect to it. Needless to say that I want client 2 to be a client, not a controller.
I know this may sound a little confusing, but I can feel I am very close in getting this to work. Any help would be much appreciated.
Best,
Marcello

For anyone who has read this, thank you.
I finally managed to get all the clients to work together.
I was having a firewall issue, where my customized firewall settings were preventing communication on one of the critical ports that Xsan uses to talk to the components. All I had to do was flush the firewall and all was back to normal.

NetWeaver XI components are not talking to each other

I am an XI consultant, i dont have proper Basis support at my client, since they are fond of only ABAP stack.
They installed netweaver xi from the market place.
I am unable to import any SWCV (even SAP BASIS) from SLD to IR and IR menu is blank.
Unable to find list of adapters in Integration Directory.
RWB -component monitoring is blank .
SLD- creation of products,SWCV,Technical Sys,Buss Sys is possible.
In conclusion i can say that they all are not co-operative and not talking to each other
And also i want to know wheather xi 7.0 is compatable to databases Oracle 8.0.3 and Oracle 8.0.4

Hi Venkata,
Does the XI post Installation steps done by the team or not? It seems that there is some steps missing while doing the XI installation. Talk to to the BASIS team and tryu to find out the solution.
>>> Unable to find list of adapters in Integration Directory.
Check thisblog for it:
/people/venugopalarao.immadisetty/blog/2007/03/15/adapter-engine-cannot-be-found-in-integration-directory
>>> And also i want to know wheather xi 7.0 is compatable to databases Oracle 8.0.3 and Oracle 8.0.4
In my view, yes. XI is compatible with all the versions of Oracle Database above version 8 but never tried it.
Reward points if helpful. *
Regards,
Subhasha Ranjan

Internet Clients & Mac Enrollment

Hello,
I'm having some issues with Internet Clients and Mac Enrollment, the latter via both the Intranet and Internet. Going over all the certificate steps again, the only thing I didn't do is have two FQDN for the Web Cert since I'm using the same FQDN for
both internal and external traffic. We have the external DNS setup and ports opened on the firewall to communicate with it. External DNS resolution is working when doing a DIG or an NSLOOKUP with the trailing '.' due to the default domain suffix
search.
Are there some added steps that I need to do when using the same FQDN for internal and external?

All roles are on a single server. I've ensured that the DP Cert is imported into the DP.
The DP certificate is not an, or the, issue in this case, because it's only used during OS deployment. Please start looking at the client log files when the download error appears (like the CAS.log).
About the MAC issues, please keep that separated from this post, for two reason:
Troubleshooting can be done better per issue;
You've got a post already for that (http://social.technet.microsoft.com/Forums/windowsserver/en-US/f473a2bb-3eba-42fd-88c0-3a232b18a556/configmgr-r2-mac-os-enrollment-issues?forum=configmanagerdeployment).
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude
Thanks.
I combined both issues because I thought they may be related but I'll stick to the Windows Internet Clients for this one.
We have a Palo Alto Firewall and have opened up several ports and applications and watched traffic. The client still shows 'currently Internet' but the logs say the following:
LocationServices.log
LsRefreshManagementPointEx failed with 0x80004005
Failed to refresh security settings over MP with error 0x80004005.
Failed to send management point list Location Request Message to FQDN
LSUpdateInternetManagementPoints: Failed to retrieve internet MPs from MP FQDNwith error 0x87d00231, retaining previous list.
CcmMessaging.log
Post to http://FQDN/ccm_system/request failed with 0x87d00231.
Post to http://FQDN/ccm_system/request failed with 0x87d00231.
Post to http://FQDN/ccm_system_windowsauth/request failed with 0x87d00231.Post to http://FQDN/ccm_system_windowsauth/request failed with 0x87d00231.
OutgoingMessage(Queue='mp_[http]mp_locationmanager', ID={68E61B1F-05F4-4BD4-81E0-C9AF513635EE}): Will be discarded (expired).
Ports needed for Internet-based Clients have been added from this: http://technet.microsoft.com/en-us/library/hh427328.aspx#BKMK_IBCMports

How do I configure my Windows clients to talk to Mac OS X Server 10.6

We had a MacAuthority technician install the server software for us, but he did not configure the Windows clients to talk to the server. I have tried several approaches, all evidently wrong. Everything I have read says the Windows clients need "open directory" passwords, and he has set them up as "shadow passwords". Heaven only knows what else is messed up. Please someone step me through this -- I will set them up as new users and see if I can make it work that way.

What sort of a resulting configuration or environment are you seeking?
If you're looking to have your Windows clients access storage on your OS X Server and to not authenticate with your OS X Server system, then you can dispense with some of the configuration steps.
However if you're looking to have the same login everywhere (Windows and OS X), then requirements become somewhat more complex.
And which version(s) of Windows? Particularly if you have Windows 7, the options and requirements differ.
It's less common to have Windows configured to authenticate to OS X; it's more common to use Windows Server and its Activie Directory, either in isolation or in combination with an OS X Server in what's called a "magic triangle" configuration. Alternatively (if you do want to set up this direct authentication of Windows and OS X Server and Open Directory), then see Mac OS X Server: Alternatives to Windows NT 4.0 domain control (PDC) technology (HT4945); that uses pGina.
And before you proceed here with any work involving authentication, delegation or related tasks, launch Terminal.app from Applications > Utilities folder, and issue the following non-destructive command to verify your DNS is correct:
sudo changeip -checkhostname
You'll need to specify an administrative password when prompted. Proper local DNS services are central to getting any of this stuff to work, and this command will (non-destructively) indicate if DNS is correct or if there are issues or changes needed.
The OS X Server 10.6 documentation is available from Apple, and that can help provide you with some background in this topic. The 10.6 intro, 10.6 User Management, and 10.6 Open Directory would likely be worth downloading and skimming. Probably also 10.6 File Services, if that's part of your goal. (Running a server isn't quite as no-IT-required as might be hoped, unfortunately. And I don't know of a short cookbook for this stuff; the steps and configurations can vary, depending on your local requirements - apologies on pointing to the docs here.)

SCOM internet clients

We're considering a SCOM implementation not only for our internal needs, but for our client base.
We don't have a VPN to our clients and am worried the monitoring will be limited. What we want to monitor is:
- MS servers with different workloads (this doesn't seem to be an problem:
http://www.toolzz.com/?p=224). We'd also monitor hardware where possible.
- VMware infrastructure, how would we go about doing this? There are MPs, but I can't find many free ones and am unsure if this would work for internet clients as well? Any how-to's available?
- different storage systems (HP, NetApp, IBM), can these be monitored from the internet? What kind of licensing is required if at all?
- network equipment and other devices through SNMP.
Some of our clients are quite large, some only have a server or two. How would we approach this?

Hi,
Additionally, I would like to share some samples of monitoring hardware.
http://blogs.technet.com/b/schadinio/archive/2010/07/19/scom-samples-of-monitoring-hardware-with-scom.aspx
About the VMWare MP, there isn't a free management pack for SCOM.
HP Storage MP
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=System_Center
For NetApp Storage, please try ApplianceWatch 2.1.1.
IBM Storage MP
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5082204
Niki Han
TechNet Community Support

SCCM 2007 client not install

Dear Exprt,
Please assist me to install client, this my first setup i had followed all guide line but could not success.
in SCCM admin console client discover but client not getting install according to log error i had follow some internet provided steps however still not success, i dont know were i made mistake for server installation.
Kind request for your usual support...
In text:
<![LOG[MPs:]LOG]!><time="05:59:35.906+-180" date="02-03-2014" component="ccmsetup" context="" type="1" thread="2128" file="ccmsetup.cpp:4527">
<![LOG[ SCCMSRV.SCCM-AD.COM]LOG]!><time="05:59:35.906+-180" date="02-03-2014" component="ccmsetup" context=""
type="1" thread="2128" file="ccmsetup.cpp:4542">
<![LOG[Updated security on object C:\Windows\system32\ccmsetup\.]LOG]!><time="05:59:35.906+-180" date="02-03-2014" component="ccmsetup" context="" type="0" thread="2128" file="ccmsetup.cpp:8849">
<![LOG[Sending Fallback Status Point message, STATEID='100'.]LOG]!><time="05:59:35.906+-180" date="02-03-2014" component="ccmsetup" context="" type="1" thread="2128" file="ccmsetup.cpp:9326">
<![LOG[State message with TopicType 800 and TopicId {3F0B6515-0505-4DF2-881C-F4A358589302} has been sent to the FSP]LOG]!><time="05:59:36.183+-180" date="02-03-2014" component="FSPStateMessage" context=""
type="1" thread="2128" file="fsputillib.cpp:730">
<![LOG[Running as user "SYSTEM"]LOG]!><time="05:59:36.183+-180" date="02-03-2014" component="ccmsetup" context="" type="1" thread="4004" file="ccmsetup.cpp:2690">
<![LOG[Detected 53138 MB free disk space on system drive.]LOG]!><time="05:59:36.183+-180" date="02-03-2014" component="ccmsetup" context="" type="1" thread="4004" file="ccmsetup.cpp:463">
<![LOG[DetectWindowsEmbeddedFBWF() Detecting OS Version]LOG]!><time="05:59:36.183+-180" date="02-03-2014" component="ccmsetup" context="" type="1" thread="4004" file="ccmsetup.cpp:509">
<![LOG[Client OS Version is 6.1, Service Pack Version 0]LOG]!><time="05:59:36.183+-180" date="02-03-2014" component="ccmsetup" context="" type="1" thread="4004" file="ccmsetup.cpp:533">
<![LOG[Client OS is not a supported Windows Embedded Platform]LOG]!><time="05:59:36.183+-180" date="02-03-2014" component="ccmsetup" context="" type="1" thread="4004" file="ccmsetup.cpp:535">
<![LOG[Ccmsetup is being restarted due to an administrative action. Installation files will be reset and downloaded again.]LOG]!><time="05:59:36.183+-180" date="02-03-2014" component="ccmsetup" context=""
type="1" thread="4004" file="ccmsetup.cpp:2774">
<![LOG[Successfully ran BITS check.]LOG]!><time="05:59:36.937+-180" date="02-03-2014" component="ccmsetup" context="" type="1" thread="4004" file="ccmsetup.cpp:7105">
<![LOG[Failed to successfully complete HTTP request. (StatusCode at WinHttpQueryHeaders: 404)]LOG]!><time="05:59:36.968+-180" date="02-03-2014" component="ccmsetup" context="" type="3" thread="4004"
file="ccmsetup.cpp:5969">
<![LOG[Sending Fallback Status Point message, STATEID='308'.]LOG]!><time="05:59:36.968+-180" date="02-03-2014" component="ccmsetup" context="" type="1" thread="4004" file="ccmsetup.cpp:9326">
<![LOG[State message with TopicType 800 and TopicId {BED7FDFE-DBD7-48F5-853A-A81A87AEED84} has been sent to the FSP]LOG]!><time="05:59:36.984+-180" date="02-03-2014" component="FSPStateMessage" context=""
type="1" thread="4004" file="fsputillib.cpp:730">
[email protected]

"Failed to successfully complete HTTP request. (StatusCode at WinHttpQueryHeaders: 404)"
Is you MP healthy? Based on this message, it is not.
Jason | http://blog.configmgrftw.com

HT204053 i RECENTLY PURCHASED ANOTHER IPHONE. MY INTERNET IS NOT WORKING. I JUST CREATED AN APPLE ID. WHAT'S NEXT? I NOW HAVE TWO DIFFERENT ACCOUNTS WITH DIFFERENT USER NAMES. HOW CAN I USE ONLY ONE ACCOUNT FOR ITUNES, ICLOUD APPLE ID ETC???

I RECENTLY PURCHASED ANOTHER IPHONE. MY INTERNET IS NOT WORKING. I JUST CREATED AN APPLE ID. WHAT'S NEXT? I NOW HAVE TWO DIFFERENT ACCOUNTS WITH DIFFERENT USER NAMES. HOW CAN I USE ONLY ONE ACCOUNT FOR ITUNES, ICLOUD APPLE ID ETC???

Welcome to the Apple community.
iTunes and iCloud and different accounts, you will need to delete both accounts from your device before adding the new details in their place.
For iCloud go to settings > iCloud, scroll down and hit the delete button. You can then sign back in using your correct details. For iTunes go to settings >store, tap your account ID and then sign out, you can then sign back in using your correct Apple ID.

The wi-fi on my ipod touch is connected but the internett is not working! Help

Soo annoying, it's connected but the internett is not working. I don't know what to type in or what to do, so I need help.

Are you 100% positive you are connected? Head to Settings - Wi-Fi and tap the > next to the network you are connected to? What is listed for an IP address? If it's in the 169.x.x.x range, it means your iPod did not properly receive a valid IP address via DHCP from your modem/router. So the 169.x.x.x address is a self-assigned one.
This can usually be resolved by a reboot of your router. You can do this by unplugging it for about 30 seconds. After it powers back up, try reconnecting it. It wouldn't hurt to try a reset of your iPod as well. To do this, press and hold both the Sleep/Wake and Home buttons together long enough for the Apple logo to appear.
See here for more troubleshooting suggestions.
iOS: Troubleshooting Wi-Fi networks and connections
B-rock

I get wireless connection but my internet does not work on my ipad 2

I get wireless connection but my internet does not work on my ipad 2

Some things to try first:
1. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
2. Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
3. Change the channel on your wireless router (Auto or Channel 6 is best). Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
4. Go into your router security settings and change from WEP to WPA with AES.
5. Renew IP Address: (especially if you are droping internet connection)
    •    Launch Settings app
    •    Tap on Wi-Fi
    •    Tap on the blue arrow of the Wi-Fi network that you connect to from the list
    •    In the window that opens, tap on the Renew Lease button
~~~~~~~~~~~~~~~~~~~~~~~~~
iOS 6 Wifi Problems/Fixes
Fix For iOS 6 WiFi Problems?
http://tabletcrunch.com/2012/09/27/fix-ios-6-wifi-problems/
Did iOS 6 Screw Your Wi-Fi? Here’s How to Fix It
http://gizmodo.com/5944761/does-ios-6-have-a-wi+fi-bug
How To Fix Wi-Fi Connectivity Issue After Upgrading To iOS 6
http://www.iphonehacks.com/2012/09/fix-wi-fi-connectivity-issue-after-upgrading- to-ios-6.html
iOS 6 iPad 3 wi-fi "connection fix" for netgear router
http://www.youtube.com/watch?v=XsWS4ha-dn0
Apple's iOS 6 Wi-Fi problems
http://www.zdnet.com/apples-ios-6-wi-fi-problems-linger-on-7000004799/
~~~~~~~~~~~~~~~~~~~~~~~
Look at iOS Troubleshooting Wi-Fi networks and connections http://support.apple.com/kb/TS1398
iPad: Issues connecting to Wi-Fi networks http://support.apple.com/kb/ts3304
WiFi Connecting/Troubleshooting http://www.apple.com/support/ipad/wifi/
How to Fix: My iPad Won't Connect to WiFi
http://ipad.about.com/od/iPad_Troubleshooting/ss/How-To-Fix-My-Ipad-Wont-Connect -To-Wi-Fi.htm
iOS: Connecting to the Internet http://support.apple.com/kb/HT1695
iOS: Recommended settings for Wi-Fi routers and access points http://support.apple.com/kb/HT4199
How to Quickly Fix iPad 3 Wi-Fi Reception Problems
http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
iPad Wi-Fi Problems: Comprehensive List of Fixes
http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
Fix iPad Wifi Connection and Signal Issues http://www.youtube.com/watch?v=uwWtIG5jUxE
Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
How To Fix iPhone, iPad, iPod Touch Wi-Fi Connectivity Issue http://tinyurl.com/7nvxbmz
Unable to Connect After iOS Update - saw this solution on another post.
https://discussions.apple.com/thread/4010130
Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
~~~~~~~~~~~~~~~
If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
 Cheers, Tom

In my mobile 2g internet is not working properly

in my mobile 2g internet is not working properly

Hi seenupooni,
If your mobile Internet was working before but isn't now, see if the steps in this article help.
iPhone: Troubleshooting a cellular data connection
http://support.apple.com/kb/ts3780
As it states, test as you go through the steps.
Thank you for using Apple Support Communities.
Nubz

ORA-16191: Primary log shipping client not logged on standby.

Hi,
Please help me in the following scenario. I have two nodes ASM1 & ASM2 with RHEL4 U5 OS. On node ASM1 there is database ORCL using ASM diskgroups DATA & RECOVER and archive location is on '+RECOVER/orcl/'. On ASM2 node, I have to configure STDBYORCL (standby) database using ASM. I have taken the copy of database ORCL via RMAN, as per maximum availability architecture.
Then I have ftp'd all to ASM2 and put them on FS /u01/oradata. Have made all necessary changes in primary and standby database pfile and then perform the duplicate database for standby using RMAN in order to put the db files in desired diskgroups. I have mounted the standby database but unfortunately, log transport service is not working and archives are not getting shipped to standby host.
Here are all configuration details.
Primary database ORCL pfile:
[oracle@asm dbs]$ more initorcl.ora
stdbyorcl.__db_cache_size=251658240
orcl.__db_cache_size=226492416
stdbyorcl.__java_pool_size=4194304
orcl.__java_pool_size=4194304
stdbyorcl.__large_pool_size=4194304
orcl.__large_pool_size=4194304
stdbyorcl.__shared_pool_size=100663296
orcl.__shared_pool_size=125829120
stdbyorcl.__streams_pool_size=0
orcl.__streams_pool_size=0
*.audit_file_dest='/opt/oracle/admin/orcl/adump'
*.background_dump_dest='/opt/oracle/admin/orcl/bdump'
*.compatible='10.2.0.1.0'
*.control_files='+DATA/orcl/controlfile/current.270.665007729','+RECOVER/orcl/controlfile/current.262.665007731'
*.core_dump_dest='/opt/oracle/admin/orcl/cdump'
*.db_block_size=8192
*.db_create_file_dest='+DATA'
*.db_domain=''
*.db_file_multiblock_read_count=16
*.db_name='orcl'
*.db_recovery_file_dest='+RECOVER'
*.db_recovery_file_dest_size=3163553792
*.db_unique_name=orcl
*.fal_client=orcl
*.fal_server=stdbyorcl
*.instance_name='orcl'
*.job_queue_processes=10
*.log_archive_config='dg_config=(orcl,stdbyorcl)'
*.log_archive_dest_1='LOCATION=USE_DB_RECOVERY_FILE_DEST'
*.log_archive_dest_2='SERVICE=stdbyorcl'
*.log_archive_dest_state_1='ENABLE'
*.log_archive_dest_state_2='ENABLE'
*.log_archive_format='%t_%s_%r.dbf'
*.open_cursors=300
*.pga_aggregate_target=121634816
*.processes=150
*.remote_login_passwordfile='EXCLUSIVE'
*.sga_target=364904448
*.standby_file_management='AUTO'
*.undo_management='AUTO'
*.undo_tablespace='UNDOTBS'
*.user_dump_dest='/opt/oracle/admin/orcl/udump'
Standby database STDBYORCL pfile:
[oracle@asm2 dbs]$ more initstdbyorcl.ora
stdbyorcl.__db_cache_size=251658240
stdbyorcl.__java_pool_size=4194304
stdbyorcl.__large_pool_size=4194304
stdbyorcl.__shared_pool_size=100663296
stdbyorcl.__streams_pool_size=0
*.audit_file_dest='/opt/oracle/admin/stdbyorcl/adump'
*.background_dump_dest='/opt/oracle/admin/stdbyorcl/bdump'
*.compatible='10.2.0.1.0'
*.control_files='u01/oradata/stdbyorcl_control01.ctl'#Restore Controlfile
*.core_dump_dest='/opt/oracle/admin/stdbyorcl/cdump'
*.db_block_size=8192
*.db_create_file_dest='/u01/oradata'
*.db_domain=''
*.db_file_multiblock_read_count=16
*.db_name='orcl'
*.db_recovery_file_dest='+RECOVER'
*.db_recovery_file_dest_size=3163553792
*.db_unique_name=stdbyorcl
*.fal_client=stdbyorcl
*.fal_server=orcl
*.instance_name='stdbyorcl'
*.job_queue_processes=10
*.log_archive_config='dg_config=(orcl,stdbyorcl)'
*.log_archive_dest_1='LOCATION=USE_DB_RECOVERY_FILE_DEST'
*.log_archive_dest_2='SERVICE=orcl'
*.log_archive_dest_state_1='ENABLE'
*.log_archive_dest_state_2='ENABLE'
*.log_archive_format='%t_%s_%r.dbf'
*.log_archive_start=TRUE
*.open_cursors=300
*.pga_aggregate_target=121634816
*.processes=150
*.remote_login_passwordfile='EXCLUSIVE'
*.sga_target=364904448
*.standby_archive_dest='LOCATION=USE_DB_RECOVERY_FILE_DEST'
*.standby_file_management='AUTO'
*.undo_management='AUTO'
*.undo_tablespace='UNDOTBS'
*.user_dump_dest='/opt/oracle/admin/stdbyorcl/udump'
db_file_name_convert=('+DATA/ORCL/DATAFILE','/u01/oradata','+RECOVER/ORCL/DATAFILE','/u01/oradata')
log_file_name_convert=('+DATA/ORCL/ONLINELOG','/u01/oradata','+RECOVER/ORCL/ONLINELOG','/u01/oradata')
Have configured the tns service on both the hosts and its working absolutely fine.

ASM1
=====
[oracle@asm dbs]$ tnsping stdbyorcl


TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 19-SEP-2008 18:49:00


Copyright (c) 1997, 2005, Oracle. All rights reserved.


Used parameter files:


Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.20)(PORT = 1521))) (CONNECT_DATA = (SID = stdbyorcl) (SERVER = DEDICATED)))
OK (30 msec)
ASM2
=====


[oracle@asm2 archive]$ tnsping orcl


TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 19-SEP-2008 18:48:39


Copyright (c) 1997, 2005, Oracle. All rights reserved.


Used parameter files:


Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.10)(PORT = 1521))) (CONNECT_DATA = (SID = orcl) (SERVER = DEDICATED)))
OK (30 msec)
Please guide where I am missing. Thanking you in anticipation.
Regards,
Ravish Garg

Following are the errors I am receiving as per alert log.
ORCL alert log:
Thu Sep 25 17:49:14 2008
ARCH: Possible network disconnect with primary database
Thu Sep 25 17:49:14 2008
Error 1031 received logging on to the standby
Thu Sep 25 17:49:14 2008
Errors in file /opt/oracle/admin/orcl/bdump/orcl_arc1_4825.trc:
ORA-01031: insufficient privileges
FAL[server, ARC1]: Error 1031 creating remote archivelog file 'STDBYORCL'
FAL[server, ARC1]: FAL archive failed, see trace file.
Thu Sep 25 17:49:14 2008
Errors in file /opt/oracle/admin/orcl/bdump/orcl_arc1_4825.trc:
ORA-16055: FAL request rejected
ARCH: FAL archive failed. Archiver continuing
Thu Sep 25 17:49:14 2008
ORACLE Instance orcl - Archival Error. Archiver continuing.
Thu Sep 25 17:49:44 2008
FAL[server]: Fail to queue the whole FAL gap
GAP - thread 1 sequence 40-40
DBID 1192788465 branch 665007733
Thu Sep 25 17:49:46 2008
Thread 1 advanced to log sequence 48
Current log# 2 seq# 48 mem# 0: +DATA/orcl/onlinelog/group_2.272.665007735
Current log# 2 seq# 48 mem# 1: +RECOVER/orcl/onlinelog/group_2.264.665007737
Thu Sep 25 17:55:43 2008
Shutting down archive processes
Thu Sep 25 17:55:48 2008
ARCH shutting down
ARC2: Archival stopped
STDBYORCL alert log:
==============
Thu Sep 25 17:49:27 2008
Errors in file /opt/oracle/admin/stdbyorcl/bdump/stdbyorcl_arc0_4813.trc:
ORA-01017: invalid username/password; logon denied
Thu Sep 25 17:49:27 2008
Error 1017 received logging on to the standby
Check that the primary and standby are using a password file
and remote_login_passwordfile is set to SHARED or EXCLUSIVE,
and that the SYS password is same in the password files.
returning error ORA-16191
It may be necessary to define the DB_ALLOWED_LOGON_VERSION
initialization parameter to the value "10". Check the
manual for information on this initialization parameter.
Thu Sep 25 17:49:27 2008
Errors in file /opt/oracle/admin/stdbyorcl/bdump/stdbyorcl_arc0_4813.trc:
ORA-16191: Primary log shipping client not logged on standby
PING[ARC0]: Heartbeat failed to connect to standby 'orcl'. Error is 16191.
Thu Sep 25 17:51:38 2008
FAL[client]: Failed to request gap sequence
GAP - thread 1 sequence 40-40
DBID 1192788465 branch 665007733
FAL[client]: All defined FAL servers have been attempted.
Check that the CONTROL_FILE_RECORD_KEEP_TIME initialization
parameter is defined to a value that is sufficiently large
enough to maintain adequate log switch information to resolve
archivelog gaps.
Thu Sep 25 17:55:16 2008
Errors in file /opt/oracle/admin/stdbyorcl/bdump/stdbyorcl_arc0_4813.trc:
ORA-01017: invalid username/password; logon denied
Thu Sep 25 17:55:16 2008
Error 1017 received logging on to the standby
Check that the primary and standby are using a password file
and remote_login_passwordfile is set to SHARED or EXCLUSIVE,
and that the SYS password is same in the password files.
returning error ORA-16191
It may be necessary to define the DB_ALLOWED_LOGON_VERSION
initialization parameter to the value "10". Check the
manual for information on this initialization parameter.
Thu Sep 25 17:55:16 2008
Errors in file /opt/oracle/admin/stdbyorcl/bdump/stdbyorcl_arc0_4813.trc:
ORA-16191: Primary log shipping client not logged on standby
PING[ARC0]: Heartbeat failed to connect to standby 'orcl'. Error is 16191.
Please suggest where I am missing.
Regards,
Ravish Garg

Internet Client Not talking to DMZ MP

Similar Messages

Maybe you are looking for