IPSEC error: Received a non-IPSEC packet

Hi all
Below is my network setup. Using a Wireless Lan Controller and a Lightweight AP as its end point. Between the Router and ASA is an IPSEC tunnel
WLC---Router(==VPN==)ASA---AP
From my AP segment, i am able to ping to my WLC. Apparently the AP need to pass udp traffic to register itself to the WLC. Unfortunately i got this error msg
IPSEC: Received a non-IPSec (protocol=udp) packet from 172.16.8.4(AP) to 172.16.52.2 (WLC).
I have already allowed ACL of any any udp connection & also enabled split tunneling to include AP's traffic.
What did i miss out?

This message is displayed when the received packet matched the crypto map ACL, but it is not IPSec-encapsulated. The IPSec Peer is sending unencapsulated packets. This error can occur because of a policy setup error on the peer. This error is the reason why the reverse-path authentication is getting failed.

Similar Messages

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.

Hi Everyone.
I was making some changes in routers and after I rolled back configuration a gre tunnel won't work. It's GRE Tunnel between a Cisco 7600 and Cisco 2851.
It seems like 7600 sent packets unencrypted.
On C2851 is received this message:
%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
(ip) vrf/dest_addr= /10.0.0.10, src_addr= 10.0.0.18, prot= 47
Could you check configuration attached and give any advise.
Thank you.

I went through the configuration and think all required components are in there.
I would say that we should check routing.
Error message means that packet recieved as per local policy should have been a IPSEC encrypted packet however it was a plain text packet.
going further:
* Please check if tunnel is up and share show crypto ipsec sa from either end.
* please check if the packets leaving other end are taking right exit interface and if yes are they encrypted or not. you can check this with the help of ACL (disabling CEF if this is not into production and there is no MPLS link involved).

IPSEC packet has invalid spi

I have a very simple LAN-2-LAN between two cisco routers running IOS version 12.4(15)T8 as follows:
RouterA:
crypto isakmp key test123 address 4.2.97.15 no-xauth
crypto isakmp policy 1
encr aes 256
hash sha
authentication pre-share
group 5
lifetime 86400
no crypto ipsec nat-transparency udp-encapsulation
crypto ipsec transform-set tset esp-aes 256 esp-sha-hmac
crypto map vpn 10 ipsec-isakmp
set peer 4.2.97.15
set security-association lifetime seconds 3600
set transform-set tset
set pfs group5
match address vpn
interface FastEthernet0/0
ip address 207.15.205.15 255.255.255.0
speed 100
full-duplex
crypto map vpn
ip access-list extended vpn
permit ip 129.174.15.0 0.0.0.255 129.174.16.0 0.0.0.255
RouterB:
crypto isakmp key test123 address 207.15.205.15 no-xauth
crypto isakmp policy 1
encr aes 256
hash sha
authentication pre-share
group 5
lifetime 86400
no crypto ipsec nat-transparency udp-encapsulation
crypto ipsec transform-set tset esp-aes 256 esp-sha-hmac
crypto map vpn 10 ipsec-isakmp
set peer 207.15.205.15
set security-association lifetime seconds 3600
set transform-set tset
set pfs group5
match address vpn
interface FastEthernet0/0
ip address 4.2.97.15 255.255.255.0
speed 100
full-duplex
crypto map vpn
ip access-list extended vpn
permit ip 129.174.16.0 0.0.0.255 129.174.15.0 0.0.0.255
Every now and then I am seeing this message in the log file:
Jul 27 00:25:20.603: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd
IPSEC packet has invalid spi for destaddr=207.15.205.15, prot=50,
spi=0x681E0955(1746798933), srcaddr=4.2.97.15.
Why am I seeing this message? The VPN peer between two router is very stable without any errors.
I've asked several ccie consultant folks and none of them is able to provide me with a satifactory answer regarding this message.
Anyone know why? Thanks in advance.

I know its been a while since this was asked but to help anyone who may still want to know here is the reason from Cisco:
It simply means IPsec Security Associations are out of sync       between the peer devices. As a result, an encrypting device will encrypt       traffic with SAs that its peer does not know about. These packets are dropped       on the peer with the above message logged to the syslog
Read more here: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080bf6100.shtml
One of the most common IPsec issues is that SAs can become out of sync       between the peer devices. As a result, an encrypting device will encrypt       traffic with SAs that its peer does not know about. These packets are dropped       on the peer with this message logged to the syslog: Sep 2 13:27:57.707: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet
   has invalid spi for destaddr=20.1.1.2, prot=50, spi=0xB761863E(3076621886),
   srcaddr=10.1.1.1

DMVPN Issues - IPsec packets

Hi All,
I am currently trying to configure DMVPN for the first time. I have been following the cisco config guide and googling a few other bits however I seem to have hit a brick wall.
The setup is in a lab environment so i can post up as much info as required but here are the important bits:
I have 3 Cisco 2821 routers running IOS 12.4(15) with a Layer 3 switch in the middle connecting the "wan" ports together. the routing is working fine, I can ping each router from each other router.
A few snippets from the hub router config:
crypto ipsec transform-set DMVPN_SET esp-3des esp-md5-hmac!crypto ipsec profile DMVPN_PRJ set transform-set DMVPN_SET!interface Tunnel0 bandwidth 10000 ip address 172.17.100.1 255.255.255.0 no ip redirects ip mtu 1500 ip nhrp authentication secretid ip nhrp map multicast dynamic ip nhrp network-id 101 ip nhrp holdtime 450 ip tcp adjust-mss 1460 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 10101 tunnel protection ipsec profile DMVPN_PRJ!interface GigabitEthernet0/0 description HQ WAN ip address 1.1.1.1 255.255.255.248 ip nat outside ip virtual-reassembly duplex auto speed auto!
and heres the config on the first spoke router:
crypto ipsec transform-set DMVPN_SET esp-3des esp-md5-hmac!crypto ipsec profile DMVPN_PRJ set transform-set DMVPN_SET!interface Tunnel0 bandwidth 3000 ip address 172.17.100.10 255.255.255.0 no ip redirects ip mtu 1500 ip nhrp authentication secretid ip nhrp map 172.17.100.1 1.1.1.1 ip nhrp map multicast 1.1.1.1 ip nhrp network-id 101 ip nhrp holdtime 450 ip nhrp nhs 172.17.100.1 ip tcp adjust-mss 1460 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 10101 tunnel protection ipsec profile DMVPN_PRJ!interface GigabitEthernet0/0 description Site 1 WAN ip address 11.11.11.1 255.255.255.248 ip nat outside ip virtual-reassembly duplex auto speed auto!
if I shut/no shut the tunnel0 interface on spoke 1, I get the following error on the hub router:
Mar 30 13:41:17.075: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.        (ip) vrf/dest_addr= /1.1.1.1, src_addr= 11.11.11.1, prot= 47
so I feel im missing some config on the spoke side to encrypt the traffic but im not sure what.
the following are outputs from the spoke router:
RTR_SITE1#sh dmvpn detailLegend: Attrb --> S - Static, D - Dynamic, I - Incompletea        N - NATed, L - Local, X - No Socket        # Ent --> Number of NHRP entries with same NBMA peer -------------- Interface Tunnel0 info: --------------Intf. is up, Line Protocol is up, Addr. is 172.17.100.10   Source addr: 11.11.11.1, Dest addr: MGRE Protocol/Transport: "multi-GRE/IP", Protect "DMVPN_PRJ",Tunnel VRF "", ip vrf forwarding ""NHRP Details: NHS:       172.17.100.1 EType:Spoke, NBMA Peers:1# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb    Target Network----- --------------- --------------- ----- -------- ----- -----------------    1         1.1.1.1    172.17.100.1   IKE    never S       172.17.100.1/32 Interface: Tunnel0Session: [0x48E31B98] Crypto Session Status: DOWN fvrf: (none),   IPSEC FLOW: permit 47 host 11.11.11.1 host 1.1.1.1        Active SAs: 0, origin: crypto map   Outbound SPI : 0x       0, transform :    Socket State: ClosedPending DMVPN Sessions:
RTR_SITE1#sh ip nhrp detail172.17.100.1/32 via 172.17.100.1, Tunnel0 created 00:33:44, never expire Type: static, Flags: used NBMA address: 1.1.1.1
RTR_SITE1#sh crypto ipsec sainterface: Tunnel0    Crypto map tag: Tunnel0-head-0, local addr 11.11.11.1   protected vrf: (none)   local ident (addr/mask/prot/port): (11.11.11.1/255.255.255.255/47/0)   remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/47/0)   current_peer 1.1.1.1 port 500     PERMIT, flags={origin_is_acl,}    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0    #pkts compressed: 0, #pkts decompressed: 0    #pkts not compressed: 0, #pkts compr. failed: 0    #pkts not decompressed: 0, #pkts decompress failed: 0    #send errors 46, #recv errors 0     local crypto endpt.: 11.11.11.1, remote crypto endpt.: 1.1.1.1     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0     current outbound spi: 0x0(0)     inbound esp sas:     inbound ah sas:     inbound pcp sas:     outbound esp sas:     outbound ah sas:     outbound pcp sas:
All of these commands show up as blank when i run them on the hub router.
Any help appreciated.
Thanks

Thanks for the help
I was following this guide: http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_DMVPN.html#wp1118625
I am using NAT, g0/1 on the routers in the LAN interface with a difference 10.x.x.x/24 on each router.
isakmp policy solved my issue, fixed the MTU as well.
What do i need to add to allow the 10.x.x.x networks to use the tunnels to communicate? I can now ping each end of the tunnel from both routers but not the LAN interfaces.
Thanks

%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /x.x.x.x, src_addr= x.x.x.x, prot= 47

Hi ,
I am want to crerate a GREover IPsec Tunnel between Cisco ASR 1002 and cisco 3900 i am getting the below error.
%CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /x.x.x.x, src_addr= x.x.x.x, prot= 47
I have attached the configuration file as well currently working on tunnel 117.
Site A already have some tunnels up and running but only tunnel 117 is not working which i created now on ASR 1002.
CAN ANYONE LET ME KNOW WHAT I AM FACING AN ISSUE.

The first issue that I note is that you have applied the crypto map on the tunnel interface as well as on the physical interface. While there are perhaps still some examples that show this they are based on the operation of quite old IOS versions. The code that you are now running expects the crypto map to be applied only on the physical interface. I suggest that you remove the crypto map from the tunnel interfaces. Try that and let us know if the behavior changes.
HTH
Rick

During snoop. WARNING: received signal 11 from packet

During snooping the local ip address on a V240. I saw this error:
WARNING: received signal 11 from packet 780
What does it mean? Is the hardware faulty? Is snoop faulty?
The packet 780 was going outward and has xxxx in place of some data:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 780 arrived at 15:16:38.22
ETHER: Packet size = 696 bytes
ETHER: Destination = xxxx,
ETHER: Source = xxxx,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 682 bytes
IP: Identification = 52818
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 60 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 8762
IP: Source address = xxxx, xxxx
IP: Destination address = xxxx, xxxx
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 389
TCP: Destination port = 62638
TCP: Sequence number = 2004482227
TCP: Acknowledgement number = 2710103459
TCP: Data offset = 20 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 1... = Push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 49542
TCP: Checksum = 0xe935
TCP: Urgent pointer = 0
TCP: No options

OK I expect that this explains it...
Patch Id: 112915-03
Problem Description:
4676230 Signal 11 errors(sigsegv) when snooping ldap port(389)

WLC 5508 - Ignoring Primary discovery request received on non-management interface (2) from AP

Hello,
Im receving this error on my syslog server:
capwap_ac_sm.c:1443 Ignoring Primary discovery request received on non-management interface (2) from AP
already checked the configuration and everything seems ok. They are registered and with clients associated.
What could be the cause?
Thanks in advance,
Chris

Thanks Scott for your fast response.
No, I'm not using LAG.
What do you mean with separate AP Managers?
I have one AP Manager on vlan 100 (10.100.0.25) and the Management interface on the same Vlan (10.100.0.26)
And users use vlan 150 (10.150.0.x).
The switch port where the AP is plugged is configured with:
interface GigabitEthernet2/0/20
switchport access vlan 100
switchport mode access
spanning-tree portfast
On WLC I can also check the AP history:
Last Error Occurred Reason Layer 3 discovery request not received on management interface

Error receiving FD from watchdog

The below is preventing iPlanet instance from starting successfully...does anyone have any ideas?
I emptied the Version files under ClassCache & SessionData but that did not help.
Thanks, Denise
[03/Sep/2004:09:26:25] info ( 7520): successful server startup
[03/Sep/2004:09:26:25] info ( 7520): iPlanet-WebServer-Enterprise/6.0SP8 B04/20/2004 06:59
[03/Sep/2004:09:26:25] catastrophe ( 7520): Unable to create/cleanup jsp class cache
[03/Sep/2004:09:26:25] info ( 7521): Installing a new configuration
[03/Sep/2004:09:26:25] failure ( 7521): [LS ls1] [153.2.134.186:80] Error receiving FD from watchdog (Permission denied)
[03/Sep/2004:09:26:25] failure ( 7521): 1 listen sockets could not be created
[03/Sep/2004:09:26:25] failure ( 7521): The new configuration was rejected, rolling back
[03/Sep/2004:09:26:25] info ( 7521): Rolled back to the previous configuration
[03/Sep/2004:09:26:25] failure ( 7521): Failed to set configuration

The permission denied error message indicates you're not allowed to create listen sockets on port 80. On Unix, typically only root is allowed to create liste sockets on ports < 1024.
You may be logged in as a non-root user but trying to start a server that was configured to run as root. Login as root and try to start your server again.

HT5654 Trying to install the latest update for itunes...error received "service apple mobile device failed to start. verify thay you have sufficient priveleges to start system services"...? I have unistalled and tried to reinstall???

Trying to install the latest update for itunes...error received "service apple mobile device failed to start. verify thay you have sufficient priveleges to start system services"...? I have uninstalled and tried to reinstall???

Hello Kimberly0914,
It sounds like you have tried to launch iTunes after a recent update due to this error message, and you cannot install iTunes after uninstalling. I recommend the troubleshooting from the following article to help you named:
Issues installing iTunes or QuickTime for Windows
http://support.apple.com/kb/ht1926
Then download and install iTunes with this link:
http://www.apple.com/itunes/download/
Thank you for using Apple Support Communities.
Cheers,
Sterling

"iTunesSetup.exe is not a valid 32bit application" error received.

"iTunesSetup.exe is not a valid 32bit application" error received. I'm on dial up (no flames or stupid comments in reference to this please) with Toast using IE9. I've uninstalled, deleted, and restarted my computer after each attempt. I've tried with 32bit and 64bit. I've tried at the local library using their WiFi connection and at home with the dial up. I've tried running program and saving before running both download types. This has been 3 days of work since the 24th all so my son can try and use his iPod Touch. Is there no way of accessing iTunes with the iPod Touch without having it installed on the computer? I'm sick of this and so disgusted with Apple right now. I'm sorry that I'm on dial up, but out where I live, everyone is because there is no reception for phones or satelite. And even coming to town to use the quicker internet here, it still was a 6hour plus download time. And right when I click 'Run', it gives me this error message each time.
My son and my whole family and neighborhood after I've asked everyone's help with this problem has become fed up with Apple cause there is no disc they can mail me to get iTunes onto my computer and no one else we've asked can download it either. One person has the program but its iTunes 7 and they can't upgrade because of dial up. His iPod Touch will not even go to any other screen but the one that shows the plug and iTunes icon on it. I would really appreciate some kind of help from someone cause we are all sick of this, my son is not happy, and this was supposed to be a Christmas present that he could use. I can not even remotely begin to....well, I could fill this page with gripes but I would just really appreciate a knowledgeable answer that I can use to quickly fix this for my son's Christmas. Please help.

Karen, this is far off-topic in a sense. But I have a sister in the wilds of central MI. No access to cable no way. And limited 3G minutes.
She finally opted for MiFi and can get much faster online access. She is able to download to her iTouch, iPad and Mac laptop (3 y.o.) much faster than her old dialup.
It's worth checking if it might help. Hers is Verizon (http://www.verizonwireless.com/b2c/mobilebroadband/?page=products_mifi)
AT&T also has MiFi (http://www.wireless.att.com/businesscenter/devices/att-mobile-hotspot-mifi-2372. jsp).
There may be others as well.
I am spoiled w/ cable but it's been great for her. If this is out of line or you've explored it to no avail please ignore.
Best wishes and hope these bumps get smoothed out. Hope you have a good New Year and your son's iTouch problems get worked out.

CLI0615E Error receiving from socket, server is not responding.

We recently changed a web application using DB2 5.2 tables from ODBC to JDBC. We are using the COM.ibm.db2.jdbc.net.driver. We are using a
connection pool and running on iPlanet.
We are getting intermittant "CLI0615E Error receiving from socket, server is not responding errors". We have looked in the JDBC forum and DB2 support and cannot find a reasonable answer to this problem. It is NOT always on sql statements that take a long time to execute, so I don't think it is a timeout issue.
I read something about "stale connections". Does anyone know how to check to see if this is a problem?
When we first converted the app, we had a lot of problems also with "invalid handle or statement is closed" which we have determined was being caused by the user submitting the page again before it had time to finish the first time. We have put in javascript code to prevent multiple submits. Could this server not responding problem be caused by double submits that we have not located yet?
The error is NOT occuring on any one page, and the same page will run correctly once and the next time throw this error.
Any suggestions would be greatly appreciated.
Thanks.
[29/Apr/2003:11:00:20] info (42196): COM.ibm.db2.jdbc.net.DB2Exception: [IBM][JDBC Driver] CLI0615E Error receiving from socket, server is not responding. SQLSTATE=08S01
     at COM.ibm.db2.jdbc.net.SQLExceptionGenerator.throwReceiveError(SQLExceptionGenerator.java(Compiled Code))
     at COM.ibm.db2.jdbc.net.DB2Request.receive(DB2Request.java(Compiled Code))
     at COM.ibm.db2.jdbc.net.DB2Request.sendAndRecv(DB2Request.java(Compiled Code))
     at COM.ibm.db2.jdbc.net.DB2RowObject.next(DB2RowObject.java(Compiled Code))
     at COM.ibm.db2.jdbc.net.DB2ResultSet.next(DB2ResultSet.java(Compiled Code))
     at bom.Bom.getDefs(Bom.java(Compiled Code))
     at jsps.bbapps._eng._ENGJGLT0_jsp._jspService(_ENGJGLT0_jsp.java(Compiled Code))
     at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.java:897)
     at com.iplanet.server.http.servlet.NSServletRunner.Service(NSServletRunner.java:464)

hi,
lemme try to tell u what i thinkk..i dont think its' a solution
Usually this error code means that there was some problem while the driver tried establishsing a socket connection to the remote server. You could very well avoid this by tracking out what is preventing the socket connection.. it may be network congestion or some other onfiguration problems with the network, or with the DB2 server...
But if the same application could work perfectly with jdbc-odbc driver in same environment,then it needs some attention.either the ibm driver isn't throwing the error as expected by the iplanet or iplanet isn't acting as needed when such an error is thrown.
contact them and they may provide and explanation..
wishes,
Jer

Error "Package in non-original system only modifiabl with Organizer Tools"

Assign Customer Objcet PROG to Package "Z001"(created by myself),it pop-up error "Package in non-original system only modifiabl with Organizer Tools"
how can i deal with this error?
could any warm-hearted fellow give me some tips ?
tks a lot !

Hi sophie,
i think you transported this package from another system to a new system and you are trying to modify the package.
just have a look at below link hop it will help ,otherwise let us know
http://help.sap.com/saphelp_nw04/helpdata/en/57/38de9b4eb711d182bf0000e829fbfe/content.htm
cheers
shibu

Client-Auth reports: HTTP4031: Unexpected error receiving data: -5938

I am trying to deploy the clientcert sample applcation that comes with the platform edition of SunOne V7.
I have used openssl as a CA and have created client and server certs.
I get the following problem.
     Sun ONE Application Server - HTTP Status 403 Error
     Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
     Type: Status Report
     Message: Access to the requested resource has been denied.
As can be seen from the server.log below, some form of authentication succeeds:
     [12/Aug/2004:08:56:11] FINE ( 2392): X.500 name login succeeded for : CN=tweekes, O=tester, C=ie
Note, common name is that of my client cert.
However there is a severe error:
     [12/Aug/2004:08:56:09] SEVERE ( 2392): for host 169.254.111.12 trying to GET /cert, Client-Auth reports: HTTP4031: Unexpected error receiving data: -5938
Also, HTTPS works with server side authentication and I signed both client and server certs with same private "CA" certification.
Question: Do I need any special extentions in the certs for use with SSL?
Thanks in advance.
server.log fragment:
[12/Aug/2004:08:56:09] FINE ( 2392): for host 169.254.111.12 trying to GET /cert, ntrans-j2ee reports: directory listing for context "/cert"
[12/Aug/2004:08:56:09] FINE ( 2392): Attaching to JVM thread service-j2ee-4
[12/Aug/2004:08:56:09] FINE ( 2392): context = StandardEngine[null].StandardHost[server1].StandardContext[cert]
[12/Aug/2004:08:56:09] FINE ( 2392): contextPath = /cert
[12/Aug/2004:08:56:09] FINE ( 2392): wrapper = null
[12/Aug/2004:08:56:09] FINE ( 2392): servletPath = null
[12/Aug/2004:08:56:09] FINE ( 2392): pathInfo = null
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: Process request for '/cert'
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: Checking for SSO cookie
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: SSO cookie is not present
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Security checking request GET /cert
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Checking constraint 'SecurityConstraint[clientcert security test]' against GET --> true
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Subject to constraint SecurityConstraint[clientcert security test]
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Calling checkUserData()
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: User data constraint has no restrictions
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Calling authenticate()
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Looking up certificates
[12/Aug/2004:08:56:09] FINEST ( 2392): Requesting client certificate from core.
[12/Aug/2004:08:56:09] SEVERE ( 2392): for host 169.254.111.12 trying to GET /cert, Client-Auth reports: HTTP4031: Unexpected error receiving data: -5938
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: No certificates included with this request
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Failed authenticate() test
[12/Aug/2004:08:56:09] FINE ( 2392): for host 169.254.111.12 trying to GET /cert, ntrans-j2ee reports: directory listing for context "/cert"
[12/Aug/2004:08:56:09] FINE ( 2392): Attaching to JVM thread service-j2ee-5
[12/Aug/2004:08:56:09] FINE ( 2392): context = StandardEngine[null].StandardHost[server1].StandardContext[cert]
[12/Aug/2004:08:56:09] FINE ( 2392): contextPath = /cert
[12/Aug/2004:08:56:09] FINE ( 2392): wrapper = null
[12/Aug/2004:08:56:09] FINE ( 2392): servletPath = null
[12/Aug/2004:08:56:09] FINE ( 2392): pathInfo = null
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: Process request for '/cert'
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: Checking for SSO cookie
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: SSO cookie is not present
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Security checking request GET /cert
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Checking constraint 'SecurityConstraint[clientcert security test]' against GET --> true
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Subject to constraint SecurityConstraint[clientcert security test]
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Calling checkUserData()
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: User data constraint has no restrictions
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Calling authenticate()
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Looking up certificates
[12/Aug/2004:08:56:09] FINEST ( 2392): Requesting client certificate from core.
[12/Aug/2004:08:56:11] FINEST ( 2392): Processing login with credentials of type: class sun.security.x509.X500Name
[12/Aug/2004:08:56:11] FINE ( 2392): Processing X.500 name login.
[12/Aug/2004:08:56:11] FINEST ( 2392): Certificate realm setting up security context for: CN=tweekes, O=tester, C=ie
[12/Aug/2004:08:56:11] FINE ( 2392): X.500 name login succeeded for : CN=tweekes, O=tester, C=ie
[12/Aug/2004:08:56:11] FINE ( 2392): Authenticator[cert]: Authenticated 'CN=tweekes, O=tester, C=ie' with type 'CLIENT-CERT'
[12/Aug/2004:08:56:11] FINE ( 2392): SingleSignOn[server1]: Registering sso id '6264FF86CB3151E572951CB77D0C515F' for user 'CN=tweekes, O=tester, C=ie' with auth type 'CLIENT-CERT'
[12/Aug/2004:08:56:11] FINE ( 2392): Authenticator[cert]: Calling accessControl()
[12/Aug/2004:08:56:11] FINEST ( 2392): PRINCIPAL : CN=tweekes, O=tester, C=ie hasRole?: staffmember
[12/Aug/2004:08:56:11] FINEST ( 2392): PRINCIPAL TABLE: {staff=[staffmember], C=ie, O=tester, CN=tweekes=[staffmember]}

The below one is the correct configurations
<If $uri =~ "/my(/passo.*)">
NameTrans fn="restart" from="$uri" uri="/my/jsp$1"
</If>
<Object ppath="/my/jsp/passo/*">
PathCheck fn="get-client-cert" dorequest="1"
</Object>

ORA-27509:IPC error receiving a message in 10.1.0.4 RAC database

Hi Gurus
Please suggest me Instance crashed with the below error,
ORA-27509:IPC error receiving a message .
Regards,
Khan

27509, 00000, "IPC error receiving a message"
// *Cause: This is an operating system/cluster interconnect error.
// *Action: Check the value of errno and contact Oracle Support Services.

ORA-19511: Error received from media manager layer, error text:

Dear Concern,
When I am restoring the oracle 9i database by brtools for SAP ECC 5.0 the following error message appeared. Mention that, this is second time restoration. First time restoration was successfull. After that one of us change some permission in differerent folders and files in the hp-ux server. Now we facing the following problem. Please help me...
BR0449I Restore mode: ALL
BR0419I Files will be restored from backup: bechtawc.fnr 2010-01-08 20.00.06
BR0416I 100 files found to restore, total size 520901.781 MB
BR0424I Files will not be decompressed
BR0421I Restore device type: rman_util
BR0280I BRRESTORE time stamp: 2010-01-19 16.19.21
BR0256I Enter 'c[ont]' to continue, 's[top]' to cancel BRRESTORE:
BR0280I BRRESTORE time stamp: 2010-01-19 16.19.23
BR0257I Your reply: 'c'
BR0259I Program execution will be continued...
BR0280I BRRESTORE time stamp: 2010-01-19 16.19.23
BR0554I Starting restore from full database backup using RMAN...
BR0278E Command output of 'SHELL=/bin/sh /oracle/PRD/920_64/bin/rman nocatalog':
Recovery Manager: Release 9.2.0.1.0 - 64bit Production
Copyright (c) 1995, 2002, Oracle Corporation. All rights reserved.
RMAN>
RMAN> connect target /;
connected to target database: PRD (DBID=1654880374)
using target database controlfile instead of recovery catalog
RMAN> *end-of-file*
RMAN>
host command complete
RMAN> 2> 3> 4> 5> 6> 7> 8>
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03009: failure of allocate command on sbt_1 channel at 01/19/2010 16:19:24
ORA-19554: error allocating device, device type: SBT_TAPE, device name:
ORA-27000: skgfqsbi: failed to initialize storage subsystem (SBT) layer
HP-UX Error: 8324: Unknown system error
Additional information: 7110
ORA-19511: Error received from media manager layer, error text:
SBT error = 7110, errno = 8324, sbtinit: internal error - invalid argument(s)
RMAN>
Recovery Manager complete.
BR0280I BRRESTORE time stamp: 2010-01-19 16.19.24
BR0279E Return code from 'SHELL=/bin/sh /oracle/PRD/920_64/bin/rman nocatalog': 1
BR0536E RMAN call for database instance PRD failed
BR0280I BRRESTORE time stamp: 2010-01-19 16.19.24
BR0556E Restore from full database backup using RMAN failed
Best Regards
Wahid

Hi,
It is mentioned that I already have done a restoration and recovery first time. But when I tried to do the same job I mean restoration in second time for a specific requiremnt I am getting the above error.
Our syestem info is:
DB: Oracle 9i
OS: HP-UX
Storage: EMC storage
Backup tools: Data protector 5.5
Please help me.
Regards
Wahid

IPSEC error: Received a non-IPSEC packet

Similar Messages

Maybe you are looking for