Is it possible to take control over ssl handshake process?

Similar Messages

• What would be the simplest way to view and take control over the internet?

  Hi All:
  Can some one tell me what would be the best and simplest way to connect from my laptop to another laptop through the internet?
  I have DYNdns running on the second laptop and have a host name assigned to that system for it to update the IP since the system uses different internet connections. The services that I would like to be able to have are the viewing and controlling of the system. I've read some where in this NG that if I have a copy of ARD admin. installed on that system also, it would be one way to do it... can some one verify this and please let me know if there are any specific settings I need to have on either one of the systems.
  I can connect to the second laptop while in my home network with no problem and perform all tasks. when trying to connect through the internet.. the system shows offline .
  Both systems are identical in hardware an software, Intel 2.16, 2G's RAM, OS X ver 10.5.2 all up to date and ARD 3.2
  Yes, I'm new to ARD and yes I'm searching the NG and the net. but I figure it doesn't hurt to ask since time is limited.
  All help greatly appreciated ..
  TIA
  Oscar A.

  To be able to connect to a workstation from outside it's network, the ports that ARD uses must be open on both ends of the connection. ARD uses ports 3283 and 5900 so those must be open.
  If your workstations get their addresses from an NAT device rather than being "real", the ports also need to be forwarded in the router to the workstation's internal IP address. ARD uses port 3283 for the reporting and updating function, so if your Macs are getting their IP addresses through NAT, since you can only forward a port to a single workstation, you can only get reports, push package/files to etc. for a single workstation.
  ARD uses the VNC protocol for observation and control, though, and there are a range of IP addresses for that protocol, starting with 5900. ARD uses 5900 by default, so that port would be forwarded to the first workstation. You would, I believe, need to install VNC servers on the systems (since the ARD client cannot listen on any port other than 5900 while VNC servers can be set for other ports such as 5901, 5902, etc. You would then forward 5901 to the second workstation (and on to 5902, 5903, etc.). You can then use the following information:
  Remote Desktop 2: How to specify a port number for a VNC client
  to connect.
  The only other options are: 1) to run the ARD administrator on a workstation on the network, and then take control of that system from outside, either via VNC or another copy of ARD, or 2) set up a virtual private network (VPN) so that when you connect from outside, your admin system is officially part of the local network.
  Hope this helps.

• Hacker violating my privacy even though I have security and have changed passwords several times. Who ever it is, they want me to know because they have the nerve to take control over this computer even when I am logged in. The cursor just starts moving.

  Someone is stealing my private information and logging onto my computer at the same time that I am logged into it. The cursor moves by itself and they log me out of whatever page I am working on. I have security and have reported it to my internet provider.
  I have spent so much money trying to keep them out of my system to no avail. I also attend school on line and this is a huge problem for me. This thief changes my internet picture right in front of me. 
  I have tried to report this to the police, but they are no help at all and this is not right. They need to at least try and see who it is. 
  What do you suggest, I really want to know who is doing this.
  Thanks,
  [email protected]

  Hi!
  This could be done in many ways so it's quite hard to pin point what's going on and how it's done.
  The first thing I would do is to reset the the router you have, creating a new password for loging on in case they have gained access this way, then create a new password for the wireless network if you are using it.
  Then reinstall your computer, if they/you have installed some software and gotten a Trojan, the only way to get rid of it to 100% is to reinstall. There is no meaning in trying to find it and uninstalling it since it's gotten this far allready.
  Depending on what router you have, you might be able to get the logs and see from where they are connecting and trying to pinpoint their location.
  There are probably other ways to find out more, but if this happened to me, the first thing I would do is to get rid of the problem, ignoring who they are.
  Best regars
  Andreas Molin
  Andreas Molin | Site: www.guidestomicrosoft.com | Twitter: andreas_molin

• Take control of Apple Mac over broadband ?

  Is it possible to 'take control' of another mac over broadband ?
  This would be useful so I could remotely do stuff for my folks ?
  Is it possible to do this out of the box with a mac or do I need 3rd party software ?

  Hi, Mark.
  You wrote: "1. Is it possible to 'take control' of another mac over broadband ?
  2. This would be useful so I could remotely do stuff for my folks ?
  3. Is it possible to do this out of the box with a mac or do I need 3rd party software ?"
  [Numbers added for reference]1. Yes.
  2. Yes.
  3. You want to use a Virtual Network Computing (VNC) solution, such as those listed in this VersionTracker search.
  Technically, all Macs ship with the client for Apple Remote Desktop (ARD), but you'd have to install the server version of ARD ($$$) on your Mac to control the remote Mac.
  As Kappy suggested, when looking for new applications, I recommend searching MacUpdate or Version Tracker. The user-submitted reviews accompanying the listings can be helpful in sorting the wheat from the chaff.
  Good luck!
  Dr. Smoke
  Author: Troubleshooting Mac® OS X

• MapViewer over SSL

  Hello!
  Is it possible to use MapViewer over SSL? If so, how to handle it?
  Thanks!

  So, I have resolved my problem!
  MapViewer really can render images via SSL.
  My infrastructure:
  1. Database server with Weblogic and MapViewer installed.
  2. Web server with Apache software.
  3. Users can access only to the web server and only using port 443 (HTTPS protocol).
  4. All scripts on web server uses JavaScript API (oraclemaps.js).
  And solution is:
  1. Change "save_images_at" tag in mapViewerConfig.xml file to the following
  *<save_images_at file_prefix="omsmap"*
  url="https://WEBSERVER/mapviewer/images"
  path="../../images"
  life="0"
  recycle_interval="480"
  */>*
  2. Be sure to include mod_proxy, mod_proxy_connect and mod_proxy_http libraries in httpd.conf on the web server.
  3. Add following proxy settings to the httpd.conf file
  *<IFModule mod_proxy.c>*
  ProxyRequests On
  ProxyVia On
  *<Proxy >*
  Order deny,allow
  Allow from all
  *</Proxy>*
  SSLProxyEngine On
  ProxyPass /mapviewer https://MAPVIEWERSERVER:7002/mapviewer
  ProxyPassReverse /mapviewer https://MAPVIEWERSERVER:7002/mapviewer
  *</IFModule>*
  4. Be sure your scripts uses new (proxied) MapViewer URL, e.g.
  mapview = new MVMapView ( document.getElementById ( "map" ), 'https://WEBSERVER/mapviewer');
  As a result all maps rendering requests sending by users to the web server are proxied by Apache to the MapViewer server.
  P. S. "mapviewer" folder on the web server does not even exist!

• Ssl handshake details

  Hi,
  Is it possible to show ssl handshake process step by step and how? Or is it totally hidden?

  -Djavax.net.debug=ssl,handshake

• Ssl handshake

  Hi,
  I must to write application in java which shows the whole ssl handshake process. It must be some kind of educational application:) Is there any way I can do that? I mean how to get acces to all steps of handshake process and to show that they exist? Or maybe it's impossible and handshake is hidden?:(
  Thanks for help.

  Hi
  If Client Authentication is enabled in the server, client needs to send the certificate for authentication. for this first u need to create a key using keytool.
  then add the following line at the begninng of the method that extablishes the URLConnection
  System.setProperty("javax.net.ssl.keyStore","path_to_keystore");
  System.setProperty("javax.net.ssl.keyStorePassword","password");
  But, the server needs to recognize your certificate. For that your certificate must be either certified by a CA or u have to manually export it from ur keystore and import it in the truststore of the server.
  I have not tried it on IIS. In Orion server it works..
  regards
  raees

• Apple TV uploads can take up to 30 minutes. I need control over this, because it interrupts my presentations. How can I control the time it chooses to do uploads?

  Apple TV uploads can take up to 30 minutes. I need control over this, because it interrupts my presentations. How can I control the time it chooses to do uploads?

  this is exactly the kind of response i expected, almost begged support to please not do this to me and yet there it is another meaningless, non helpful, standard template response to restart my apple tv.
  this does NOT work which is why i am contacting you. i have tried all suggestions about unplugging and restarting and nothing works.
  i live in an apartment and logon to the provided wifi wireless. so i do not have access to a router. however, management says they have talked with their provider and have been assured that the required ports are available.
  remember all the jokes about how bad windows was because the solution was always to re boot. funny huh? how is apple any different.
  i have been to the local apple care store and they are clueless, too.
  should we just end it here and you admit that i will not be getting any support from apple on this one? i got the ipad because my kids were such big fans. it is difficult for me to share their enthusiasm.
  at this point i am just curious about how you say you cannot support your own product so i can complete my file on this contact.
  thanks...sorry it was you who got this problem..

• How to set up iPhone 5 iOS 6 email with IMAP over SSL on a custom port?

  Basically I have the same problem as this guy 5 years ago but the thread contained no useful answer. Maybe there are people out there who became smarter in the meantime? Please help me out how to get my iPhone read emails via IMAP over SSL on a custom port to the corporate server. The issue is that the iPhone only seems to work if you use the standard 993 port for IMAPS, not with a custom port as we have. I've installed the corporate root certificate in a profile, and it shows up as trusted and verified in the phone, so that should not be the issue. The mail app in the iPhone tries to connect, I can verify that from the server, but then does nothing, doesn't try to authenticate, doesn't log out, nothing is going on, and then drops the connection after 60 seconds. Repeats this every 5 minutes (as set to fetch e-mail every 5 minutes.)
  Original thread 5 years ago: https://discussions.apple.com/message/8104869#8104869

  Solved it by some (a lot) of fiddling.
  Turns out it's not a bug in the iPhone, it's a feature.
  Here's how to make it work.
  DOVECOT
  If the IMAPS port is anything other than 933 (the traditional IMAPS port) the iPhone's Mail App takes the "Use SSL" setting on the IMAP server as 'TLS', meaning it starts the communication in plain text and then issues (tries to issue) the STARTTLS command to switch the connection to encrypted. If, however, Dovecot is set up to start right away in encrypted mode, the two cannot talk to each other. For whatever reason neither the server nor the client realizes the connection is broken and only a timeout ends their misery.
  More explanation about SSL/TLS in the Dovecot wiki: http://wiki2.dovecot.org/SSL
  So to make this work, you have to set Dovecot the following way. (Fyi, I run Dovecot 2.0.19, versions 1.* have a somewhat different config parameters list.)
  1. In the /etc/dovecot/conf.d/10-master.conf file make sure you specify the inet_listener imap and disable (set its port to 0) for imaps like this:
  service imap-login {
    inet_listener imap {
      port = --your port # here--
    inet_listener imaps {
      port = 0
      ssl = yes
  This of course enables unencrypted imap for all hackers of the universe so you quickly need to also do the things below.
  2. In the /etc/dovecot/conf.d/10-ssl.conf file, make sure you set (uncomment) the following:
  ssl = required
  This sets Dovecot to only serve content to the client after a STARTTLS command was issued and the connection is already encrypted.
  3. In /etc/dovecot/conf.d/10-auth.conf set
  disable_plaintext_auth = yes
  This prevents plain text password authentication before encryption (TLS) is turned on. If you have also set ssl=required as per step 2, that will prevent all other kinds of authentications too on an unencrypted connection.
  When debugging this, please note that if you connect from localhost (the same machine the server runs on) disable_plaintext_auth=yes has no effect, as localhost is considered secure. You have to connect from a remote machine to make sure plain text authentication is disabled.
  Don't forget service dovecot restart.
  To test if your setup works as it's supposed to, issue the following (green) from a remote machine (not localhost) (I'm using Ubuntu, but telnet and openssl is available for almost all platforms) and make sure Dovecot responds with something like below (purple):
  telnet your.host.name.here yourimapsportnumber
  * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.
  Most importantly, make sure you see 'STARTTLS' and 'LOGINDISABLED'. Then issue STARTTLS and hopefully you see something like this:
  a STARTTLS
  a OK Begin TLS negotiation now.
  (The 'a' in front of STARTTLS is not a typo, a prefix is required by the IMAP server in front of all commands.)
  Close the telnet (with 'a logout' or Ctrl+C) and you can use openssl to further investigate as you would otherwise; at the end of a lot of output including the certificate chain you should see a line similar to the one below:
  openssl s_client -starttls imap -connect your.domain.name.here:yourimapsportnumber
  . OK Pre-login capabilities listed, post-login capabilities have more.
  You can then use the capability command to look for what authentication methods are available, if you see AUTH=PLAIN, you can then issue a login command (it's already under an encrypted connection), and if it's successful ("a OK Logged in"), then most likely your iPhone will be able to connect to Dovecot as well.
  a capability
  * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN
  a login username password
  * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS
  a OK Logged in
  POSTFIX
  Likewise, you have to set Postfix to wait for STARTTLS before encrypting the communication.
  1. You have to delete the setting smtpd_tls_wrappermode=yes from /etc/postfix/master.cf and/or /etc/postfix/main.cf, if it was enabled. This will mean Outlook won't be able to connect any more because it requires a TSL connection without issuing STARTTLS as per Postfix documentation (haven't tested.) In my case we don't use Outlook so I didn't care. Outlook + iPhone + custom SMTPS port are simply not possible together at the same time as far as I understand. Pick one to sacrifice.
  2. Require encrypted (TLS) mode for any data transfer in /etc/postfix/main.cf:
  smtpd_tls_security_level = encrypt
  3. Authentication should only happen while already in encrypted (TLS) mode, so set in /etc/postfix/main.cf:
  smtpd_tls_auth_only = yes
  Don't forget postfix reload.
  To test if this works, issue the following telnet and wait for the server's greeting:
  telnet your.host.name.here yoursmtpsportnumber
  220 your.host.name ESMTP Postfix (Ubuntu)
  Then type in the EHLO and make sure the list of options contains STARTTLS and does not include an AUTH line (that would mean unencrypted authentication is available):
  ehlo your.host.name.here
  250-STARTTLS
  Then issue starttls and wait for the server's confirmation:
  starttls
  220 2.0.0 Ready to start TLS
  Once again, it's time to use openssl for further testing, detailed info here http://qmail.jms1.net/test-auth.shtml
  CERTIFICATES
  You also need to be aware that iOS is somewhat particular when it comes to certificates. First of all, you have to make sure to set the following extensions on your root certificate (probably in the [ v3_ca ] section in your /etc/ssl/openssl.cnf, depending on your openssl setup), especially the 'critical' keyword:
  basicConstraints = critical,CA:true
  keyUsage = critical, cRLSign, keyCertSign
  subjectKeyIdentifier=hash
  authorityKeyIdentifier=keyid:always,issuer:always
  And then on the certificate you sign for your mail server, set the following, probably in the [ usr_cert ] section of /etc/ssl/openssl.cnf:
  basicConstraints=CA:FALSE
  keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  subjectKeyIdentifier=hash
  authorityKeyIdentifier=keyid,issuer
  subjectAltName = DNS:your.domain.name.here
  issuerAltName=issuer:copy
  Please note, the above are results of extensive google-ing and trial and error, so maybe you can omit some of the stuff above and it still works. When it started working for me, I stopped experimenting because figuring this all out already took way too much time. The iPhone is horribly undocumented when it comes to details of its peculiar behaviors. If you experiment more and have more accurate information, please feel free to post here as a reply to this message.
  You have to import your root certificate into your iPhone embedded in a profile via the iPhone Configuration Utility (free, but only available in Windows or a Mac; details here: http://nat.guyton.net/2012/01/20/adding-trusted-root-certificate-authorities-to- ios-ipad-iphone/ ), after having first added it to Windows' certificate store as a trusted root certificate. This way the Utility will sign your certificate for the phone and it becomes usable; if you just add it from the phone it will be there but won't be used. Using a profile has the added benefit of being able to configure mail settings in it too, and that saves a lot of time when you have to install, remove, reconfigure, install again, etc. a million times until it works.
  Another undocumented constraint is that the key size is limited to a max of 4096. You can actually install a root certificate with a larger key, the iPhone Configuration Utility will do that for you without a word. The only suspicious thing is that on the confirmation screen shown on your iPhone when you install the profile you don't get the text "Root Certificate/ Installing the certificate will add it to the list of trusted certificates on your iPhone" in addition to your own custom prompt set up in the iPhone Configuration Utility. The missing additional text is your sign of trouble! - but how would know that before you saw it working once? In any case, if you force the big key certificate on the device, then when you open the Mail App, it opens up and then crashes immediately. Again, without a word. Supposedly Apple implemented this limit on the request of the US Government, read more here if you're interested: http://blogs.microsoft.co.il/blogs/kamtec1/archive/2012/10/13/limitation-of-appl e-devices-iphone-ipad-etc-on-rsa-key-size-bit.aspx .
  IN CLOSING...
  With all this, you can read and send email from your iPhone.
  Don't forget to set all your other clients (Thunderbird, Claws, etc.) to also use STARTTLS instead of SSL, otherwise they won't be able to connect after the changes above.

• Web service client behind a proxy server connecting to web service over SSL

  Hi Friends,
  A web service is exposed by an external system over SSL. We are behind a proxy server and are trying to get connected to web service over SSL. <p>
  We are getting the following error on the test browser of workshop<p><p>
  External Service Failure: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.<p><p>
  the whole trace is <p>
  <p>JDIProxy attached
  <Sep 24, 2005 9:27:25 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl:salesExpertServiceControl; Method=creditcheckcontr
  ol.SalesExpertServiceControl.doCreditVerification(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
  Code:javax.net.ssl.SSLHandshakeException
  String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
  Detail:
  END SERVICE FAULT>
  <Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl; Method=creditcheckcontrol.CreditCheck.testCreditC
  heck(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
  Code:javax.net.ssl.SSLHandshakeException
  String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
  Detail:
  END SERVICE FAULT [ServiceException]>
  <Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=top-level; Method=processes.CreditCheck_wf.$__clientRequest(); Fai
  lure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled process exception [ServiceException]>
  <Sep 24, 2005 9:27:26 AM EDT> <Error> <WLW> <000000> <Failure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled pr
  ocess exception [ServiceException]><p>
  I am not able to make out what could be possibly wrong. Please let me know if you guys have any ideas about how to resolve it.
  Thanks
  Sridhar

  did you resolve this problem. I am looking at the same issue. If you did I would really appreciate your response.
  Thanks.

• Acrobat 9: Control over font in text box

  Versions: OS X 10.8.5 with Acrobat Pro 9, latest patch.
  I am experimentally preparing a four day training course by adding my instructor information to a PDF of the slide show.  There are only 850 slides, so it makes sense to experiment with this small document.
  All is going well.  I have created some custom stamps.  Acrobat has only crashed twice, losing not more than two hours work as a result.  I am optimistic I will be good to go in 10 more days.
  I have just copied some test into a text box and it copied as black and blue text with a larger font than the standard red font that I have been seeing until now.
  It occurs to me that this implies there may be some control over the text.  I realize that Acrobat is not meant to be a document preparation tool, so I hunted around somewhat for a way to change the text box text to not-red, gave up and I have been putting up with it until now.
  However, there are implications (but no clearly stated solutions) that there is a way to change the font, size and colour of text in text boxes.
  Do you know how?  I cannot work it out, nor can I find a solutoin.  I can see that the Commenting preference pane offers Small Medium and Large text.  There does not seem to be any other control other than the style (italic, bold, superscript, subscript) that is offered in the context menu.
  Hints?  Thoughts? 

  Pryanja.
  Thanks again.  If offers a dropdown for Colour, a box for style (plain, bold italic etc) and a button marked more, but they seem to do nothing at all.  They don't change what I type, and they don't affect selected text.  Looks to me tha they just take up some toolbar space.
  Is it possible that it does not work on Mac?

• FTP/File Sender Adapter over SSL - 500 Illegal PORT command.

  Hello Experts!
  I'm trying to configure FTP Sender Adapter over SSL. This is the configuration I'm using:
  Server: server01
  Port: 21
  Data Connection: Active
  Timeout: 100
  Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
  Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
  I have imported ftp server certificate into TrustedCAs key store. When the sender adapter tries to connect it receives the error 500 Illegal PORT command when getting files list.
  This is an excerpt of the logs of connection steps:
  #Plain##ftp server returns reply '220 Restricted Access. All Actions are monitored.'#
  #Plain##Detected 'AUTH TLS' command: Preparing TLS/SSL connection upgrade#
  #Plain##'AUTH TLS' successful: Upgrading control channel to TLS/SSL#
  #Plain##ftp server returns reply '234 Proceed with negotiation.'#
  #Plain##ftp server returns reply '331 Please specify the password.'#
  #Plain##ftp server returns reply '230 Login successful.'#
  #Plain##ftp server returns reply '200 PBSZ set to 0.'#
  #Plain##ftp server returns reply '200 PROT now Private.'#
  #Plain##ftp server returns reply '215 UNIX Type: L8'#
  #Plain##ftp server returns reply '200 Switching to ASCII mode.'#
  #Plain##ftp server returns reply '250 Directory successfully changed.'#
  #Plain##ftp server returns reply '500 Illegal PORT command.'#
  Does anybody know how to solve it?
  Thank you in advance!
  Roger Allué i Vall

  Ok! This is the maximum i could obtain:
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "220 Restricted Access. All Actions are monitored."
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "AUTH TLS"
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "234 Proceed with negotiation."
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "USER iubsint"
  Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP response: Client "10.58.42.108", "331 Please specify the password."
  Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP command: Client "10.58.42.108", "PASS <password>"
  Fri Dec 11 15:28:12 2009 [pid 15205] [iubsint] OK LOGIN: Client "10.58.42.108"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "230 Login successful."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PBSZ 0"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PBSZ set to 0."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PROT P"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PROT now Private."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "SYST"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "215 UNIX Type: L8"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "TYPE I"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 Switching to Binary mode."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "CWD /interfaces"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "250 Directory successfully changed."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "500 Illegal PORT command."
  I think we found the problem though. FTP Administrator says this is wrong:
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
  it should be
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,42,108,159,112"
  Something is making SAP PI to take a wrong ip address (This server has two).
  I'll let you know if we solve it!!
  Thank you!!!

• FTP over SSL connectivity in File Adapter

  Hi All,
    I request your suggestion on my problem.  I have a scenario idoc to file where I am connecting to my vendor server throught SFTP (Ftp over SSL).  In this my vendor specifically told that to obtain secure FTP connectivity to their server they require a pre-approved Secure FTP client be used to access the service.
  So as per this requirement first our XI server need to coneect to the pre-approved client and the connectivity will happen to the vender server.  He list the pre-approved client as below
  *Cleo Lexicom 2.1
  *TrailBlazer ZMOD FTP Client V3R1 PTF Level PFT3100034
  *QualEDI for Windows, 32-bit version
  *Ascential DataStage TX, Release 7.5
  *Future 3 - Advanced Communication Module Plus (ACM Plus)
  *eBridge FTPS Communicator for GXS version 5.3
  *Ipswitch Inc's WS_FTP Professional version 8.02.
  ·Robo-FTP version 3.2
  Please let me know will this be possible from our file adapter.  Currently as per this requirement we open up the port of XI server for SFTP connecvity but through this we can have host to host connection over SFTP and not sure whether we can connect to client software and from their to vendor sever.
  Kindly needful your suggestion/solution on this.
  Regards,
  Dhill

  Hi,
    Thank you,  Yes I have used FTPS only please find the below details given in the communication channel.
  <b>FTP Connection Parameters</b>
  Server: ServerName
  Port : 6366 (specified by vendor)
  Data connection : Passive
  Timeout(secs) : 65
  Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
  Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
  Keystore: service_ssl
  X-509 Certificate and Private Key: ssl-credentials
  User Name : Vendor user name
  Password: Vendor given password
  Connect Mode: Permanantly
  Transfer Mode: Text
  Maximum Concurrency: 1
  and also as per he list given by vendeor we can use *Ipswitch Inc's WS_FTP Professional version 8.02.
  <b>Note:</b> We have Deploying the SAP Java Cryptographic Toolkit and also CA certificate used to sign the server certificate added to the TrustedCAs keystore view.
  So If possible i request you to kindly provide the details how we need to specify the client software between our XI server and Vender server as you mentioned in your solution.
  Please let me know your mail id, i will forward the screenshot of my communication channel.
  Kindly appreciate your help on this.
  Regards,
  Dhill.

• Having issues with my MacBook. Even when the internet is disconnected, apps are still closing and opening on their own. I sometimes do not have control over my cursor.....any suggestions?

  Having issues with my MacBook. Even when the internet is disconnected, apps are still closing and opening on their own. I sometimes do not have control over my cursor.....any suggestions?

  There are several possible causes for this issue. Please take each of the following steps that you haven't already tried until it's resolved. Some may not be apply in your case.
  1. Follow the instructions in this support article, and also this one, if applicable. A damaged or defective AC adapter could be the cause, even if it's the right kind.
  2. Open the Bluetooth preference pane in System Preferences and delete all pointing devices other than the trackpad, if applicable. Disconnect any USB pointing devices. By a "pointing device," I mean a peripheral that moves the cursor, such as a trackpad, mouse, trackball, or graphics tablet. A plain keyboard is not a pointing device.
  3. Start up in safe mode and test, preferably without launching any third-party applications. If you don't have the problem in safe mode, but it comes back when you restart as usual, stop here and post your results. Do the same if you can't start in safe mode. If there was no difference in safe mode, go on to the next step.
  4. Reset the System Management Controller.
  5. If you're using a Bluetooth trackpad, investigate potential sources of interference, including USB 3 devices.
  6. A swollen battery in a portable computer can impinge on the trackpad from below and cause erratic behavior. If you have trouble clicking the trackpad, this is likely the reason. The battery must be replaced without delay.
  7. Press down all four corners of the trackpad at once and release. If there's any effect, it's likely to be temporary, and the unit needs to be serviced or replaced.
  8. There's a report that a (possibly defective) Thunderbolt Ethernet adapter can cause the built-in trackpad of a MacBook to  behave erratically. If you're using such an adapter, disconnect it and test.
  9. There's also a report of erratic cursor movements caused by an external display that was connected but not turned on.
  10. If none of the above applies, or if you have another reason to think that your computer is being remotely controlled, remove it from the network by turning off Wi-Fi (or your Wi-Fi access point), disconnecting from a Bluetooth network link, and unplugging the Ethernet cable or USB modem, whichever is applicable. If the cursor movements stop at once, you should suspect an intrusion.
  11. Make a "Genius" appointment at an Apple Store to have the machine and/or external trackpad tested.

• Web Service over SSL exception

  Hi,
  Using NetBeans 6.5 (updated), I have created a web service like this:
  package test.webservice;
  import javax.jws.WebMethod;
  import javax.jws.WebParam;
  import javax.jws.WebService;
  import javax.ejb.Stateless;
  @WebService()
  @Stateless()
  public class TestWebService {
      @WebMethod(operationName = "testOperation")
      public String testOperation(@WebParam(name = "firstParameter") String firstParameter) {
          //TODO write your implementation code here:
          return "This method has executed " + (firstParameter == null ? "no strings attached." : firstParameter);
  }I've deployed and tested it on a local Glassfish server. Some additional information:
  - Sun GlassFish Enterprise Server v2.1 (9.1.1) (build b60e-fcs)
  - jdk1.6.0_13
  It worked fine when accessing it through 'http://localhost:8080/TestWebServiceService/TestWebService?Tester', however, when accessing it through the SSL port (using this link: 'https://localhost:8181/TestWebServiceService/TestWebService?Tester'), it has produced an exception with the following stack trace:
  Exceptions details : null
  java.lang.NullPointerException at java.io.File.(File.java:222) at com.sun.enterprise.webservice.monitoring.WebServiceTesterServlet.initializePort(WebServiceTesterServlet.java:524) at com.sun.enterprise.webservice.monitoring.WebServiceTesterServlet.doGet(WebServiceTesterServlet.java:184) at com.sun.enterprise.webservice.monitoring.WebServiceTesterServlet.invoke(WebServiceTesterServlet.java:119) at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:142) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:114) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:87) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:288) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:647) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:579) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:831) at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341) at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:440) at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:228) at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265) at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
  Question 1: Why isn't the tester working when using the SSL port? A reason or a bug (possibly fixed in later releases)?
  Question 2: Will the Web Service itself also not work when invoked through the SSL port? Is it possible to invoke a simple web service over the simple SSL port?
  Question 3: When accessing the WSDL description through the SSL port it produces a blank (empty) response - a blank page. Why so?
  Thank you very much in advance!
  Best regards
  Matej

  Hello,
  I used this example, when I made my experiments with SSL and Glassfish (GF):
  http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1
  If you have problems with GF I suggest to post a message here:
  http://forums.java.net/jive/forum.jspa?forumID=56
  e.g. here is one thread:
  http://forums.java.net/jive/thread.jspa?threadID=59993&tstart=0
  Miro.