Invalid certificate: No Active Certificate for Content Repository

Hello,
I am trying to store DMS documents in Documentum. We have already performed the exercise in a sandbox environment. We moved to a development system on the SAP side and we are trying to use the same repository on the Documentum side. We have performed the prerequisite ArchiveLink configuration. When we execute the program RSHTTP80, we get an error stating that the certificate is invalid. (Output from SLG1 is attached.)
We have resent the certificates and CSADMIN shows that we have an Active certificate. The problem persists.
Any suggestions are welcome.
Thanks.
JR

HI JR,
check the date/time settings in your SAP system and on the content server too. Please don't forget the correct timezone settings.
In the URL expiration time is 20140530063005
But from the test the date, time is 30 May 2014, 04:30:05
So my first thought is that the URL is expired.
Best regards,
Janos

Similar Messages

API for Content Repository Connector???

Hi,
Are public APIs provided for Content Repository Connector (for EMC Documentum)? Are there javadocs available for the same? We have installed the trial version of Livecycle ES(turnkey installation). We haven't been able to find the APIs for store and retrieve content using the content repository connector in the following link :
http://livedocs.adobe.com/livecycle/es/sdkHelp/programmer/javadoc/index.html
Can someone provide the pointers for the same?
Thanks

The APIs you use are the Repository APIs. It does not matter what the back end is - you use the same Repository APIs to write content to it.

How to get SAP to use SSL for Content repository?

I have defined a content repository in OAC0. I would like SAP and the end user to use SSL when talking to the repository. I have obtained a certificate for the repository, so that I can manually trference the repository via https... but in OAC0 when I press the Test Connection button I get "Connection Error:No SSLsupport available". Do I have to import the content repository certificate into STRUST or something?

Hi Ken,
please have a look at the SAP note [712330|https://service.sap.com/sap/support/notes/712330].
Best regards,
Klaus

Data control issue for content repository when running apps in webcenter .

Hi All ,
I have created content repository connection in my local jdeveloper and
exposed it as a data control .
from data control i am displaying some path and name based on some search criteria .
Whenever i am runnig this application i am getting following exceptions and no datas are displayed .
Since i have define connection for content server locally on my jdeveloper do i need to create some jndi
on server side .
TestContentServer is the content repository connection i have created in jdeveloper .
if yes tell me how can i do it and how it will port to my data control .
[2010-10-05T09:34:39.245-07:00] [wc_custom] [WARNING] [] [oracle.adf.controller.faces.lifecycle.Utils] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: 0000IhxFdvi4ulWpTwp2ic1CemrZ0000fT,0:1] [WEBSERVICE_PORT.name: WSRP_v2_Markup_Service] [APP: application1] [J2EE_MODULE.name: TestContentService-ViewController-context-root] [WEBSERVICE.name: WSRP_v2_Service] [J2EE_APP.name: application1] ADF: Adding the following JSF error message: TestContentServer[[
javax.naming.NameNotFoundException: TestContentServer; remaining name 'TestContentServer'
Thanks,
Arun

Hi Yanic ,
1. code for my jspx page
<?xml version='1.0' encoding='UTF-8'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
<jsp:directive.page contentType="text/html;charset=UTF-8"/>
<f:view>
<af:document id="d1">
<af:messages id="m1"/>
<af:form id="f1">
<af:inputText value="#{bindings.path.inputValue}" simple="true"
required="#{bindings.path.hints.mandatory}"
columns="#{bindings.path.hints.displayWidth}"
maximumLength="#{bindings.path.hints.precision}"
shortDesc="#{bindings.path.hints.tooltip}" id="it1">
<f:validator binding="#{bindings.path.validator}"/>
</af:inputText>
<af:inputText value="#{bindings.type.inputValue}" simple="true"
required="#{bindings.type.hints.mandatory}"
columns="#{bindings.type.hints.displayWidth}"
maximumLength="#{bindings.type.hints.precision}"
shortDesc="#{bindings.type.hints.tooltip}" id="it2">
<f:validator binding="#{bindings.type.validator}"/>
</af:inputText>
<af:commandButton actionListener="#{bindings.getItems.execute}"
text="getItems"
disabled="#{!bindings.getItems.enabled}" id="cb1"
partialSubmit="true"/>
<af:table value="#{bindings.Items.collectionModel}" var="row"
rows="#{bindings.Items.rangeSize}"
emptyText="#{bindings.Items.viewable ? 'No data to display.' : 'Access Denied.'}"
fetchSize="#{bindings.Items.rangeSize}"
rowBandingInterval="0" id="t1" partialTriggers="::cb1">
<af:column sortProperty="name" sortable="false"
headerText="#{bindings.Items.hints.name.label}" id="c2">
<af:inputText value="#{row.bindings.name.inputValue}"
label="#{bindings.Items.hints.name.label}"
required="#{bindings.Items.hints.name.mandatory}"
columns="#{bindings.Items.hints.name.displayWidth}"
maximumLength="#{bindings.Items.hints.name.precision}"
shortDesc="#{bindings.Items.hints.name.tooltip}"
id="it3">
<f:validator binding="#{row.bindings.name.validator}"/>
</af:inputText>
</af:column>
<af:column sortProperty="path" sortable="false"
headerText="#{bindings.Items.hints.path.label}" id="c3">
<af:inputText value="#{row.bindings.path.inputValue}"
label="#{bindings.Items.hints.path.label}"
required="#{bindings.Items.hints.path.mandatory}"
columns="#{bindings.Items.hints.path.displayWidth}"
maximumLength="#{bindings.Items.hints.path.precision}"
shortDesc="#{bindings.Items.hints.path.tooltip}"
id="it8">
<f:validator binding="#{row.bindings.path.validator}"/>
</af:inputText>
</af:column>
<af:column sortProperty="URI" sortable="false"
headerText="#{bindings.Items.hints.URI.label}" id="c5">
<af:inputText value="#{row.bindings.URI.inputValue}"
label="#{bindings.Items.hints.URI.label}"
required="#{bindings.Items.hints.URI.mandatory}"
columns="#{bindings.Items.hints.URI.displayWidth}"
maximumLength="#{bindings.Items.hints.URI.precision}"
shortDesc="#{bindings.Items.hints.URI.tooltip}"
id="it7">
<f:validator binding="#{row.bindings.URI.validator}"/>
</af:inputText>
</af:column>
<af:column sortProperty="primaryType" sortable="false"
headerText="#{bindings.Items.hints.primaryType.label}"
id="c7">
<af:inputText value="#{row.bindings.primaryType.inputValue}"
label="#{bindings.Items.hints.primaryType.label}"
required="#{bindings.Items.hints.primaryType.mandatory}"
columns="#{bindings.Items.hints.primaryType.displayWidth}"
maximumLength="#{bindings.Items.hints.primaryType.precision}"
shortDesc="#{bindings.Items.hints.primaryType.tooltip}"
id="it6">
<f:validator binding="#{row.bindings.primaryType.validator}"/>
</af:inputText>
</af:column>
<af:column sortProperty="title" sortable="false"
headerText="#{bindings.Items.hints.title.label}" id="c1">
<af:inputText value="#{row.bindings.title.inputValue}"
label="#{bindings.Items.hints.title.label}"
required="#{bindings.Items.hints.title.mandatory}"
columns="#{bindings.Items.hints.title.displayWidth}"
maximumLength="#{bindings.Items.hints.title.precision}"
shortDesc="#{bindings.Items.hints.title.tooltip}"
id="it9">
<f:validator binding="#{row.bindings.title.validator}"/>
</af:inputText>
</af:column>
<af:column sortProperty="docType" sortable="false"
headerText="#{bindings.Items.hints.docType.label}" id="c6">
<af:inputText value="#{row.bindings.docType.inputValue}"
label="#{bindings.Items.hints.docType.label}"
required="#{bindings.Items.hints.docType.mandatory}"
columns="#{bindings.Items.hints.docType.displayWidth}"
maximumLength="#{bindings.Items.hints.docType.precision}"
shortDesc="#{bindings.Items.hints.docType.tooltip}"
id="it5">
<f:validator binding="#{row.bindings.docType.validator}"/>
</af:inputText>
</af:column>
<af:column sortProperty="displayName" sortable="false"
headerText="#{bindings.Items.hints.displayName.label}"
id="c4">
<af:inputText value="#{row.bindings.displayName.inputValue}"
label="#{bindings.Items.hints.displayName.label}"
required="#{bindings.Items.hints.displayName.mandatory}"
columns="#{bindings.Items.hints.displayName.displayWidth}"
maximumLength="#{bindings.Items.hints.displayName.precision}"
shortDesc="#{bindings.Items.hints.displayName.tooltip}"
id="it4">
<f:validator binding="#{row.bindings.displayName.validator}"/>
</af:inputText>
</af:column>
</af:table>
</af:form>
</af:document>
</f:view>
</jsp:root>
2. code for binding .
<?xml version="1.0" encoding="UTF-8" ?>
<pageDefinition xmlns="http://xmlns.oracle.com/adfm/uimodel"
version="11.1.1.56.60" id="Test1PageDef"
Package="com.heiwip.cs.view.pageDefs">
<parameters/>
<executables>
<variableIterator id="variables">
<variable Type="java.lang.String" Name="getItems_path"
IsQueriable="false"/>
<variable Type="java.lang.String" Name="getItems_type"
IsQueriable="false"/>
</variableIterator>
<methodIterator Binds="getItems.result" DataControl="TestDC1" RangeSize="25"
BeanClass="com.heiwip.cs.view.TestDC1.getItems_return"
id="getItemsIterator"/>
</executables>
<bindings>
<methodAction id="getItems" RequiresUpdateModel="true" Action="invokeMethod"
MethodName="getItems" IsViewObjectMethod="false"
DataControl="TestDC1" InstanceName="TestDC1"
ReturnName="TestDC1.methodResults.getItems_TestDC1_getItems_result">
<NamedData NDName="path" NDType="java.lang.String"
NDValue="${bindings.getItems_path}"/>
<NamedData NDName="type" NDType="java.lang.String"
NDValue="${bindings.getItems_type}"/>
</methodAction>
<attributeValues IterBinding="variables" id="path">
<AttrNames>
<Item Value="getItems_path"/>
</AttrNames>
</attributeValues>
<attributeValues IterBinding="variables" id="type">
<AttrNames>
<Item Value="getItems_type"/>
</AttrNames>
</attributeValues>
<attributeValues IterBinding="getItemsIterator" id="displayName">
<AttrNames>
<Item Value="displayName"/>
</AttrNames>
</attributeValues>
<attributeValues IterBinding="getItemsIterator" id="name">
<AttrNames>
<Item Value="name"/>
</AttrNames>
</attributeValues>
<attributeValues IterBinding="getItemsIterator" id="path1">
<AttrNames>
<Item Value="path"/>
</AttrNames>
</attributeValues>
</bindings>
</pageDefinition>
3. Table is displayed with no data .
whenever i am trying to pass something in search criteria to get the result its
throwing connection error .
4. I am using oracle UCM (oracle content server) .
for this i am using identity propogation .
Thanks,
Arun.

HTTP error for content repository

Dear gurus,
we defined a content repository to store images (Employee photos) in our HR instance (ECC 6). we set customizing for Sap Archive Link and "document type" (HRICOLFOTO). We followed suggestions of this link: [http://www.sd-solutions.com/documents/SDS_Employee_Photos_v4.7.html|http://www.sd-solutions.com/documents/SDS_Employee_Photos_v4.7.html]. When we try to store an image (JPG file) using OAAD transaction code we get "HTTP error: 500 Internal Server Error". Again using CSADMIN transaction code to test HTTP server assigned to content repository we get the same message. Work process trace file is attached below. Thanks for your help.
W Tue Jan 20 09:01:06 2009
W      *** ERROR => Failed to create new session, rc: 0x1 [itspxx.cpp   713]
W    *** ERROR => itsp_OpenSession failed rc = 1, send icf error page [itsplxx.c    839]
M    ***LOG W03=> [itsplxx.c    840]
W    *** ERROR => ipl_OpenSession returns 1(ITSPE_FAILURE) [itsplxx.c    842]
W    *** ERROR => Raise Last error:[13 from: itspagat.cpp:820] [itsplxx.c    1180]
W    *** ERROR => RaiseError(sapdext) ITS_P:13 [itspagat.cpp 820]
W        *** ERROR => plugin: Unknown user agent type, not supported 'SAP Web Application Server (1.0;640)' [itspagat.cpp 819]
W        *** ERROR => plugin: Browser verification failed rc: 1 [itspagat.cpp 750]
W      *** ERROR => plugin: ItspAgat_InitContext failed, rc = 1 [itspxkrn.cpp 174]
W
W Tue Jan 20 09:01:21 2009
W      *** ERROR => Failed to create new session, rc: 0x1 [itspxx.cpp   713]
W    *** ERROR => itsp_OpenSession failed rc = 1, send icf error page [itsplxx.c    839]
M    ***LOG W03=> [itsplxx.c    840]
W    *** ERROR => ipl_OpenSession returns 1(ITSPE_FAILURE) [itsplxx.c    842]
W    *** ERROR => Raise Last error:[13 from: itspagat.cpp:820] [itsplxx.c    1180]
W    *** ERROR => RaiseError(sapdext) ITS_P:13 [itspagat.cpp 820]
W        *** ERROR => plugin: Unknown user agent type, not supported 'SAP Web Application Server (1.0;640)' [itspagat.cpp 819]
W        *** ERROR => plugin: Browser verification failed rc: 1 [itspagat.cpp 750]
W      *** ERROR => plugin: ItspAgat_InitContext failed, rc = 1 [itspxkrn.cpp 174]
W      *** ERROR => Failed to create new session, rc: 0x1 [itspxx.cpp   713]
W    *** ERROR => itsp_OpenSession failed rc = 1, send icf error page [itsplxx.c    839]
M    ***LOG W03=> [itsplxx.c    840]
W    *** ERROR => ipl_OpenSession returns 1(ITSPE_FAILURE) [itsplxx.c    842]
W    *** ERROR => Raise Last error:[13 from: itspagat.cpp:820] [itsplxx.c    1180]
W    *** ERROR => RaiseError(sapdext) ITS_P:13 [itspagat.cpp 820]
W        *** ERROR => plugin: Unknown user agent type, not supported 'SAP Web Application Server (1.0;640)' [itspagat.cpp 819]
W        *** ERROR => plugin: Browser verification failed rc: 1 [itspagat.cpp 750]
W      *** ERROR => plugin: ItspAgat_InitContext failed, rc = 1 [itspxkrn.cpp 174]
W      *** ERROR => Failed to create new session, rc: 0x1 [itspxx.cpp   713]
W    *** ERROR => itsp_OpenSession failed rc = 1, send icf error page [itsplxx.c    839]
M    ***LOG W03=> [itsplxx.c    840]
W    *** ERROR => ipl_OpenSession returns 1(ITSPE_FAILURE) [itsplxx.c    842]
W    *** ERROR => Raise Last error:[13 from: itspagat.cpp:820] [itsplxx.c    1180]
W    *** ERROR => RaiseError(sapdext) ITS_P:13 [itspagat.cpp 820]
Regards.
:: Vittorio

Theres a button beside CSADMIN that looks like a balance. You can use that to check... but as it is a R/3 Database repository it might not be there.
Now, you said
When we try to store an image (JPG file) using OAAD transaction code we get "HTTP error: 500 Internal Server Error". Again using CSADMIN transaction code to test HTTP server assigned to content repository
How can you be calling a HTTP repository when you are actually storing the data in the R/3 Database? That doesn't make sense to me.
Can you explain your full landscape?
regards
Juan

Repository for Content Management

How do I know that whether TREX or CRM Database is used for Content repository?
I am able to import & link documents under 'Document Search' in IC Web .
I would like to know what is configured as a repository for document management.
I know where to configure content repository,TREX RFC connection,but where can I tell the system which one system should use for storing documents?
Thanks,
Thirumala.

HI
Can you check tx OAC0 ? This might give you some hint.

Content repository access restriction?

hi All,
i want to make a check for content repository access when check in file, i found a similar thread in the forum but it said using one of the DMS BADIs like DOCUMENT_STORAGE01 with methods BEFORE_PHYSICAL_CHECKIN or BEFORE_CHECKIN coufd be useful to implement an individual check.
i can not find any authorization object to do this .
anyone got a good idea?
George.

i can not find any authorization object to do this
There is no standard authorization object available to cater to this requirement.
However,another solution you may want to look at is Entitlement Manager from Nextlabs for SAP which extends the native SAP authorization model to provide easy to manage policy-based authorization to specific product data across geographies.
Regards,
Pradeepkumar Haragoldavar

50.28.68.31:2087 uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for a id="cert_

50.28.68.31:2087 uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for <a id="cert_domain_link" title="new.thelifeincomegroup.com">new.thelifeincomegroup.com</a>
(Error code: sec_error_untrusted_issuer)

See https://support.mozilla.org/kb/Secure+Connection+Failed

Certificate issues Active Directory Certificate Services could not process request 3699 due to an error: The revocation function was unable to check revocation because the revocation server was offline. 0x80092013

Hi,
We have some problems with our Root CA. I can se a lot of failed requests. with the event id 22: in the logs. The description is: Active Directory Certificate Services could not process request 3686 due to an error: The revocation function was unable to
check revocation because the revocation server was offline. 0x80092013 (-2146885613). The request was for CN=xxxxx.ourdomain.com. Additional information: Error Verifying Request Signature or Signing Certificate
A couple of months ago we decomissioned one of our old 2003 DCs and it looks like this server might have had something to do with the CA structure but I am not sure whether this was in use or not since I could find the role but I wasn't able to see any existing
configuration.
Let's say that this server was previously responsible for the certificates and was the server that should have revoked the old certs, what can I do know to try and correct the problem?
Thank you for your help
//Cris

hello,
let me recap first:
you see these errors on a ROOT CA. so it seems like the ROOT CA is also operating as an ISSUING CA. Some clients try to issue a new certificate from the ROOT CA and this fails with your error mentioned.
do you say that you had a PREVIOUS CA which you decomissioned, and you now have a brand NEW CA, that was built as a clean install? When you decommissioned the PREVIOUS CA, that was your design decision to don't bother with the current certificates that it
issued and which are still valid, right?
The error says, that the REQUEST signature cannot be validated. REQUESTs are signed either by itself (self-signed) or if they are renewal requests, they would be signed with the previous certificate which the client tries to renew. The self-signed REQUESTs
do not contain CRL paths at all.
So this implies to me as these requests that are failing are renewal requests. Renewal requests would contain CRL paths of the previous certificates that are nearing their expiration.
As there are many such REQUEST and failures, it probably means that the clients use AUTOENROLLMENT, which tries to renew their current, but shortly expiring, certificates during (by default) their last 6 weeks of lifetime.
As you decommissioned your PREVIOUS CA, it does not issue CRL anymore and the current certificates cannot be checked for validity.
Thus, if the renewal tries to renew them by using the NEW CA, your NEW CA cannot validate CRL of the PREVIOUS CA and will not issue new certificates.
But it would not issue new certificates anyway even if it was able to verify the PREVIOUS CA's CRL, as it seems your NEW CA is completely brand new, without being restored from the PREVIOUS CA's database. Right?
So simply don't bother :-) As long as it was your design to decommission the PREVIOUS CA without bothering with its already issued certificates.
The current certificates which autoenrollment tries to renew cannot be checked for validity. They will also slowly expire over the next 6 weeks or so. After that, autoenrollment will ask your NEW CA to issue a brand new certificate without trying to renew.
Just a clean self-signed REQUEST.
That will succeed.
You can also verify this by trying to issue a certificate on an affected machine manually from Certificates MMC.
ondrej.

What Certificate store is used for machine certificates

I have a requirement to have windows 7/8 users connect to the company network using VPN & IKEv2.
I have a RH Linux 7 firewall/authentication server that the windows clients will connect to via a vpn.
I have generated a self-signed Certificate Authority, and a client certificate. (using NSS & certutil)
I have configured a VPN/IKEv2 connection on my windows 7 client system.
I have selected "use machine certificates" on the security tab.
However when I attempt to connect to the Linux 7 server. Windows returns a 13806 error. The windows process
for locating the certificate cannot find the certificate. (I used mmc to install both the CA certificate & the client certificate)
So I wondering since I specified the use of machine certificates, perhaps I've installed the certificates in the wrong "store".
Is there a special "store" for machine certificates?

Hi MeipoXu, many thanks for working with me on this issue.
Thru some trial & error testing I determined the Local Computer store "combo" that DOES NOT generate
a 13806 error (cert not found) is to import the client cert to the "Personal" store under "Local Computer"
and import the CA into the Trusted Root Certificates store, also under the "Local Computer"
However I still get the 13819 error Invalid Certificate Type. When I attempt to make a connection over vpn.
Here are the trace entries:
Frame: Number = 4, Captured Frame Length = 234, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: IPsec: Receive ISAKMP Packet
- WfpUnifiedTracing_IKE_PACKET_RECV IKE_PACKET_RECV: IPsec: Receive ISAKMP Packet
     AsciiString ICookie: 76991f2483ab8271
     AsciiString RCookie: be81c4728325eb7f
     AsciiString ExchangeType: IKEv2 SA Init Mode
     UINT32 Length: 284 (0x11C)
     AsciiString NextPayload: SA
     UINT8 Flags: 32 (0x20)
     UINT32 MessageID: 0 (0x0)
     UnicodeString LocalAddress: 192.168.10.4
     UINT32 LocalPort: 500 (0x1F4)
     UINT32 LocalProtocol: 0 (0x0)
     UnicodeString RemoteAddress: 69.54.99.132
     UINT32 RemotePort: 500 (0x1F4)
     UINT32 RemoteProtocol: 0 (0x0)
     UINT64 InterfaceLuid: 1688849960927232 (0x6000006000000)
     UINT32 ProfileId: 2 (0x2)
Frame: Number = 5, Captured Frame Length = 121, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
     AsciiString Function: IkeFindLocalCertChainHelper
   - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_NO_CERT
      UINT32 WinErrorValue: 0x000035EE - ERROR_IPSEC_IKE_NO_CERT - The IKE failed to find a valid machine certificate. Contact your network security administrator about installing a valid certificate in the appropriate certificate store.
Frame: Number = 6, Captured Frame Length = 121, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
     AsciiString Function: IkeFindLocalCertChainHelper
   - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_NO_CERT
      UINT32 WinErrorValue: 0x000035EE - ERROR_IPSEC_IKE_NO_CERT - The IKE failed to find a valid machine certificate. Contact your network security administrator about installing a valid certificate in the appropriate certificate store.
Frame: Number = 7, Captured Frame Length = 117, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
     AsciiString Function: IkeEncodeCertChainIkeV2
   - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
      UINT32 WinErrorValue: 0x000035FB - ERROR_IPSEC_IKE_INVALID_CERT_TYPE - Invalid certificate type.
Frame: Number = 8, Captured Frame Length = 117, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
     AsciiString Function: IkeEncodeCertChainIkeV2
   - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
    - HRESULT ErrorValue: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
     - LEHResult:
        UINT32 Code:      (................0011010111111011) 0x000035FB - ERROR_IPSEC_IKE_INVALID_CERT_TYPE - Invalid certificate type.
        UINT32 Facility: (.....00000000111................) WIN32
        UINT32 X:         (....0...........................) Reserved
        UINT32 N:         (...0............................) Not NTSTATUS
        UINT32 C:         (..0.............................) Microsoft-defined
        UINT32 R:         (.0..............................) Reserved
        UINT32 S:         (1...............................) Failure
$$$$$$$ N O T E :   Frame Numbers 9 thru 13 are exact same error message as Frame numbers 8 (the first) and Frame 14 (the last) $$$$$$$$ Then I close the connection
and stop the trace.
Frame: Number = 14, Captured Frame Length = 123, MediaType = NetEvent
+ NetEvent:
- MicrosoftWindowsWFP: User Mode Error
- WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
     AsciiString Function: IkeConstructAndSendMMResponse
   - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
    - HRESULT ErrorValue: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
     - LEHResult:
        UINT32 Code:      (................0011010111111011) 0x000035FB - ERROR_IPSEC_IKE_INVALID_CERT_TYPE - Invalid certificate type.
        UINT32 Facility: (.....00000000111................) WIN32
        UINT32 X:         (....0...........................) Reserved
        UINT32 N:         (...0............................) Not NTSTATUS
        UINT32 C:         (..0.............................) Microsoft-defined
        UINT32 R:         (.0..............................) Reserved
        UINT32 S:         (1...............................) Failure
So after a response is received from the Server (to complete the SA Initiation)
Windows then "looks" for a cert to send to the server.
It appears initially it can't find one because 13806 errors are reported (Frames 5 & 6)
However the session does not issue an 13806.
It goes on to Frame 7: Note the function IkeEncodeCertChainIkeV2 detects the invalid cert type
Frames 8 thru 14 are just a repeat of the same error.
Could this be a flaw in the windows VPN logic ?
Guy

Changing content repository for external archiving:

Recently my company is in the process of transitioning from one document archiving server to another. We configured a new content repository in our system, and then I used transaction OACT to change the content repository for the category of documents that I am working with.
This appeared to work well on development, old documents on the server A were still accessible, newly created documents were archiving succesfully to server B.
The problem arose when I attempted to transport my change to the QA server. It seems that when a change to a content repository field is made in transaction OACT the transports do not contain a change to that field, so I cannot change it in QA.
The following entries are created in my transport:
IMG Activity Define Content Categories
     View Maintenance: Data
         V_SDOKSTCA
             SDOKSTCAE
             SDOKSTCAT
             SDOKSTCDSP
I can change the Document Area, but the content repository field is not included in the transport. Has anyone else run into this when migrating between archving servers?

It seems that it isn't a good idea to change the content repository for this type of object once a system has gone live. I'm planning to have all of the documents previously archived migrated to the new server and once that occurs I'll edit this field directly in production...
If anyone has a better suggestion please let me know.

Re: Quality Certificate requirement At MIGO for raw material

Dear all,
I have a requirement where I want the system ask for Quality certificate while doing the goods receipt. The system should not allow me to process the transaction-MIGO if certificate is not recieved.
Please advice
Regards,
Vivek Sharma

Hi Vivek,
You need to perform following settings.
Configuration
Follow the path
Run trx QCC0->QM in Logistics->QM in Procurement-->Define Control Keys.
Here create your own control key
Where you can set the rest data as per your requirement but for to check the check box for "Cert Required" is must be activated to meet the requirement relevant to this thread.
Save
Say you have configured your Control Key ZZ01
Now just below this one small configuration is mandatory is Run trx QCC0->QM in Logistics->QM in Procurement-->Define Keys for Certificate Processing
Maintain Description
Execute it and go to "Define Certificate Types"
Here either for your relevant certification type or for new type (if you wish to create new), maintain the data as below
"Certificate Required for Each Purchase Order Item" ==== Active
"Certif. per GR Item" ==== Active
"Certif. check required" ==== Active
"Control W/O Certif." Set any error message, I would suggest to select "Without lot error message, with lot error message"
"Enhanced cert. processing" ==== Don't Activate
"No certif. confirmation at GR" ==== Don't Activate
The rest settings are not important to maintain so leave them blank.
At Master Level
In QM view of MM for the material maintain "QM Control Key" that just created "ZZ01"
and the certificate type that is just created or amended. under the procurement data.
Maintain Q-Info record for Material - Vendor - Plant combination (QI01)
Now as per your requirement system will ask for the confirmation for certificate receipt as Yes/No. under the Purchase Order data in MIGO at item level data.
If you select "NO" to it it will not allow to post the GR.
I hope this is what you were looking for.
Regards,
Shyamal

Certificates no longer work for signing when moving to Acrobat XI

Hello,
At my organization we have vendor-supplied certificates (x.509 v3) that we use to sign PDFs. These certificates function correctly with Acrobat 7, 9, and X (mix of XP and Win7). When attempting to sign a PDF in Acrobat XI (Win7), an error is reported by the Windows CSP: "The requested operation is not supported. Error Code: 2148073513".
I also have some certificates generated in-house that do not result in this error, and sign correctly with Acrobat 7, 9, X, and XI.
My guess is that some property of the vendor-supplied certificates is not playing well, and that it must be some difference between the two. The vendor certs have about 10 extensions, mine has 2. I've pasted a dump of the additional extensions below; all other details appear to be shared. Key size is 2048 for the vendor, 1024 for in-house.
Thank you!
Certificate Extensions: 10
    2.5.29.15: Flags = 0, Length = 4
    Key Usage
        Digital Signature (80)
    2.5.29.32: Flags = 0, Length = 13
    Certificate Policies
        [1]Certificate Policy:
             Policy Identifier=2.16.840.1.114027.200.3.10.2.1
    2.5.29.17: Flags = 0, Length = 1a
    Subject Alternative Name
        RFC822 [email protected]
    2.5.29.9: Flags = 0, Length = 15
    Subject Directory Attributes
        Entrust User Role=161
    2.5.29.31: Flags = 0, Length = 16d
    CRL Distribution Points
        [1]CRL Distribution Point
             Distribution Point Name:
                  Full Name:
                       Directory Address:
                            CN=CRL281
                            OU=Commercial Private Sub CA1
                            OU=Certification Authorities
                            O=Entrust
                            C=US
        [2]CRL Distribution Point
             Distribution Point Name:
                  Full Name:
                       URL=http://comprivweb1.managed.entrust.com/CRLs/EMSComPrivCA1.crl
                       URL=ldap://comprivshad1.managed.entrust.com/ou=Commercial%20Private%20Sub%20CA1,ou=Certif ication%20Authorities,o=Entrust,c=US?certificateRevocationList;binary
    2.5.29.16: Flags = 0, Length = 24
    Private Key Usage Period
        Not before=Thursday, September 27, 2012 2:07:29 PM
        Not after=Monday, November 03, 2014 1:37:29 AM
    2.5.29.35: Flags = 0, Length = 18
    Authority Key Identifier
        KeyID=d6 57 4d cb f4 e9 cd 6a cb 67 b4 ba 1d cf 10 d3 8b d6 2c 99
    1.2.840.113533.7.65.0: Flags = 0, Length = c
    Entrust Version Info
        Entrust Authority Security Manager Version=V8.0
        Key Update Allowed=Yes
        Certificate Category=Enterprise

The issue is that Adobe cannot access the path of the CRL since they don't support LDAP path. To resolve the issue you need to uncheck the option to embedded the CRL status in the signature information. To change it go to Edit > Preferences >Security > Advanced Preferences > Creation tab > de-select Include signature's revocation status when signing
I've add screenshots from Adobe X & XI:
Edit > Preferences >Signatures > Creation & Appearance > More > de-select Include signature's revocation status when signing

Linking DMS to a Content Repository for Recipe Management

How do I link a document type to a content repository?
This is for Recipe Management. When I look in DC10 I can see that there is a document type of RMS for Recipe Management.
I assume this means Recipe Management is connected toDMS
I have created a content repository ZRM using OAC0.
How do I make the link between the document type RMS in DMS and the content repository ZRM?

Thanks for the reply but it isn't really what I was after.
I am only the basis guy so I am not sure of the application but my expectation is that users will save a document with a document type of RMS. This document should be saved to a Content Repository
What you have described is how to save a type of document such as MS Word to a particular repository. I was hoping that Recipe Management documents (possibly MS Word, possibly not) would go to a Recipe Management Repository.
There still might be the possibility that documents (possibly MS Word) for other projects e.g. packaging could be written to a different repository.
What I am hoping for is a link from the document type RMS in DC10 to the Content Repository defined in OAC0.
I have a suspicion this is via the category defined by OACT.
The link from SAP DMS to Content Repository seems fundamental to me. I am surprised no one has the answer
...or perhaps I have completely missed the point?
Tony

Content repository - Multiple unrestricted ordering issue for a property

Hi there,
I have a problem in terms of getting the correct ordering for a property that I have defined in the BEA Content Repository. Does anyone know what can be done?
Below is a description of what I am doing. I hope someone can help me order the vector returned or advise me on a better way on doing this. Thanks for your help in advance!
Andrew
Description
In the BE Content Repository, I have set up a type with properties set to "Multiple Unrestricted" and of Data Type "String". Basically the entries for this property will be used to fill in a table on my HTML page.
e.g.
column_1 Multiple Unrestricted String
column_2 Multiple Unrestricted String
column_3 Multiple Unrestricted String
column_4 Multiple Unrestricted String
What I am planning to do is fill this in for say the weather. Column 1 will be the city name, column 2 will be the temperature, column 3 will be another city name and column 4 will be the temperature.
e.g.
Column 1 | Column 2 | Column 3 | Column 4
=========================================
City 1 | 12-20C | City 2 | 14-19C
City 3 | 20-25C | City 4 | 25-30C
City 5 | 5-10C | City 6 | -10-5C
and so on...
So for the defined content item I have entered in the following:
column_1 >> "City 1", "City 3", "City 5"
column_2 >> "12-20C", "20-25C", "25-30C"
column_3 >> "City 2", "City 4", "City 6"
column_4 >> "14-19C", "25-30C", "-10-5C"
However when I reference the content item in my HTML page, the ordering in the returned vector is totally different to the way in which i entered the data into the content repository...
I access the information this way:
<cm:getProperty resultId="vect_col_1" node="<%= content_node%>" name= "<%= RepositoryProps.COLUMN_1%>" isMultiple="true" resultType="String" />
Thanks for your help!

Hi there,
I have a problem in terms of getting the correct ordering for a property that I have defined in the BEA Content Repository. Does anyone know what can be done?
Below is a description of what I am doing. I hope someone can help me order the vector returned or advise me on a better way on doing this. Thanks for your help in advance!
Andrew
Description
In the BE Content Repository, I have set up a type with properties set to "Multiple Unrestricted" and of Data Type "String". Basically the entries for this property will be used to fill in a table on my HTML page.
e.g.
column_1 Multiple Unrestricted String
column_2 Multiple Unrestricted String
column_3 Multiple Unrestricted String
column_4 Multiple Unrestricted String
What I am planning to do is fill this in for say the weather. Column 1 will be the city name, column 2 will be the temperature, column 3 will be another city name and column 4 will be the temperature.
e.g.
Column 1 | Column 2 | Column 3 | Column 4
=========================================
City 1 | 12-20C | City 2 | 14-19C
City 3 | 20-25C | City 4 | 25-30C
City 5 | 5-10C | City 6 | -10-5C
and so on...
So for the defined content item I have entered in the following:
column_1 >> "City 1", "City 3", "City 5"
column_2 >> "12-20C", "20-25C", "25-30C"
column_3 >> "City 2", "City 4", "City 6"
column_4 >> "14-19C", "25-30C", "-10-5C"
However when I reference the content item in my HTML page, the ordering in the returned vector is totally different to the way in which i entered the data into the content repository...
I access the information this way:
<cm:getProperty resultId="vect_col_1" node="<%= content_node%>" name= "<%= RepositoryProps.COLUMN_1%>" isMultiple="true" resultType="String" />
Thanks for your help!

Invalid certificate: No Active Certificate for Content Repository

Similar Messages

Maybe you are looking for