Issue WHT Certificate-reg

Similar Messages

• With holding tax error FZ379-"Error in WHT certificate numbering"-Thailand

  Hi,
  We are receiving an error "FZ379 - Error in WHT certificate numbering" while posting an outgoing payment for a vendor in Thailnd.
  Here is the business process we follwed:
  1. Posted Down payment request on vendor.
  2. Paid down payment through F110.
  3. Cleared down payment using F-54 and created a credit in vendor.
  4. Posted an invoice to vendor.
  5. Ran F110 to pay the net amount to the vendor, No errors in payment proposal but when the payment run is carried out it got cancelled with error message FBZ79.
  As  an alternative, we posted a credit memo replacing the down payment credit and then F110, To our surprise the payment run completed successfully.
  Does it make sense to anyboy? Is this issue applies to only Thailand.
  Thanks,
  Mano.

  Hello Mano,
  I would like to refer you to the following note :-
    1090637  Thailand-Withholding tax certificate numbering, RFIDYYWT
  which states :-
  ~~~~~
  Solution
  For release 470 onwards, certificate number generation at the time of
  document posting is not supported by SAP. SAP recommends generating
  certificate numbering at the time of reporting.
  ~~~~~
  Can you kindly check the following customizing in IMG (Transaction
  SPRO) :-
  -> Financial Accounting
    -> Financial Accouting Basic Settings
     -> Withholding Tax
      -> Extended Withholding Tax
       -> Calculation
        -> Withholding Tax Type
         -> Define Withholding Tax Type for Payment Posting
          -> Country Key TH
           -> Wth.t.type 11
  Inside the customizing, there is a tab 'Control Data'. Please select the
  checkbox 'No Cert. Numbering'. ie certificate number should not be
  generated during payment. It should be generated when you run RFIDYYWT.
  hope this helps
  Ray
  Edited by: Lakshmipathi on Jan 25, 2011 2:53 PM
  It is enough if you provide the OSS note number.  Dont copy paste the solution since legally it is not allowed

• I teach Continuing education classes to Real Estate agents and I need to issue them certificates at the class, whihc need to be signed by me and it needs to contain their info on the certificate. The certificate is currently saved in a word format.What i'

  I teach Continuing education classes to Real Estate agents and I need to issue them certificates at the class, whihc need to be signed by me and it needs to contain their info on the certificate. The certificate is currently saved in a word format.What i'm trying to accomplish is to do a "mail merge " ( as some classes i have as many as 150 attendees) for the document, digitally sign each one with my signature on the certificate and then e-mail it out to the respective attendees. can this be done? if so How?

  This is the step that I took after inputting my signature.
  On the right, after saving my document, I click "Get Others to Sign."  I was confused because it says that it's powered by EchoSign.  Like I stated before, my clients are able to sign this document when I send it to them, but it is returned to me with their signature (not in the signature field, but at the end of the document), and my signature is missing.  I tested this on myself - my signature is missing when they receive it. 

• Secure connection failed: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. (Error code: sec_error_cert_not_in_name_space) PLEASE HELP ME!!

  I have gone to this website almost everyday for years and I have not changed anything in my internet settings, but now I'm getting this message: secure connection failed: The Certifying Authority for this certificate is not permitted to issue a certificate with this name. (Error code: sec_error_cert_not_in_name_space) The only thing I KNOW I did differently, was I installed a CAC reader to my computer, since then, this has been happening. Is there a setting I can change?? E-mail is: [email protected] Thanks! Megan

  There were recently several users getting this error code who use AVAST 2015. If you recently got that program, please see:
  * [https://support.mozilla.org/questions/1029578 Can NOT access https://www.google.com for google voice, mail etc.]
  * [https://support.mozilla.org/questions/1028985 Avast Forum connection failed - works in Chrome etc.]
  * [https://support.mozilla.org/questions/1028190 Since last FF update I can't sign out of Yahoo and when I close FF it tells me it has crashed.]

• Issuing Printer Certificates

  Hey,
  I've rolled out port security for windows workstations and now I'm working on other devices, primarily Lexmark printers (using Certificates). Can someone explain to how I can issue a certificate to the printer with my enterprise CA? I can generate the request
  from the printer but If I request it using the web interface then:
  a) I need to pick a template
  b) Its listed as issued to "me"
  I found documentation for lexmark: http://www.lexmark.com/publications/pdfs/2007/embedded-web-server/EWS_HSP_Security_AdminGuide_Lexmark_en.pdf Pg22
  But it lacks the insight I need for the windows side of thing. Any advise or blogs of someone doing this would be great. Thanks.

  Hi,
  Thanks for your time and patience on this issue and hope this may help:
  Obtain a Certificate
  http://technet.microsoft.com/en-us/library/cc754246.aspx
  When attempting to add an IPP printer over HTTPS, you receive an error.
  http://support.microsoft.com/kb/2021626
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• How to renew the issuing CA certificate

  Hi,
  We have one root CA and two issuing CAs setup in our environment in Windows server 2003 platform. The CA certificate of one of the issuing CA has expired and the other will expire in two weeks. The root
  CA certificate is valid through 2018.  The MS PKI infrastructure is primarily used for issuing workstation certificates via GPO to client
  machines for VPN two factor authentication.
  Any help you can provide will greatly be appreciated.
  Thanks in advance,
  V

  The ship has sailed on the issuing CA that expired. You need to uninstall certificate services and reinstall ADCS (I would consider setting up a new CA (new name, newer OS)
  The second issuing CA can be renewed anytime within the next two weeks. After the certificate expires, renewal is not possible.
  There is no risk in setting up the new CA. All of the certificates are expired as well on the first issuing CA, so there will be no loss of functionality.
  That being said, this is a horribly managed PKI. A CA should be renewed when half of its lifetime has expired. To leave a CA to the point of two weeks left or worse yet, letting the CA certificate expired is terrible. Who is managing the service - they really
  need to step it up
  Brian

• Revoked Issuing CA Certificate still showing as valid

  Hi There.
  I have an Intermediate CA (Enterprise) and an Offline root CA, both running Windows CA.
  The Intermediate CA's first cert was revoked and the Root CA's CRL with the revoked cert published.
  A new cert was issued to the Intermediate CA, so now I can see both:
  I have cleared the CRL cache with the command:
  certutil -setreg chain\ChainCacheResyncFiletime @now
  on my workstation and did a check on the certificate #0. It still shows as valid.
  I have checked the serial number and made sure that the serial is in the root ca's revocation list.
  What am I missing?
  Thank you.

  Hi,
  We cannot revoke root certificates since root certificates are excluded from revocation checking.
  As far as I know, we should leave the former CA certificate there, since former CRL requires the old certificate for signing; even after the former CA certificate expire, it can be used for digital signature verification.
  Here are some similar threads below for you:
  Can you revoke a root certificate
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/3941e831-b477-4998-8145-445c56783436/can-you-revoke-a-root-certificate?forum=winserversecurity
  How to remove an expired certificate from a RootCA
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/48958ec4-330e-43df-9ecf-6d23a6c05b7b/how-to-remove-an-expired-certificate-from-a-rootca?forum=winserversecurity
  Clean up multiple Root Certificates from a CA
  https://social.technet.microsoft.com/forums/windowsserver/en-US/c5c29079-fe41-44aa-a4ff-f8ba976a8018/clean-up-multiple-root-certificates-from-a-ca
  Cleanup of Issuing CA Certificates
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/0b8eea11-3a9b-49e6-abe9-b09de203231a/cleanup-of-issuing-ca-certificates?forum=winserversecurity
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Issues with certificates with both Firefox and chromium

  I tried everything ... I reinstalled both of them.
  I canceled the profile and made new ones.
  I check with all my other computer if they have issues with certificates: no problem at all.
  Checked the date, is ok.
  Finally I checked what is installed on the system related to the problem ..
  # pacman -Q|egrep '(openssl|curl|ca-cert)'
  ca-certificates 20140325-1
  ca-certificates-java 20140324-3
  curl 7.37.1-1
  lib32-curl 7.37.1-1
  lib32-openssl 1.0.1.i-1
  openssl 1.0.1.i-1
  python2-pyopenssl 0.14-3
  or if there is an issued with a library ..
  # ldd `which curl`
  linux-vdso.so.1 (0x00007fffd2a48000)
  libcurl.so.4 => /usr/lib/libcurl.so.4 (0x00007f8a1c4d9000)
  libz.so.1 => /usr/lib/libz.so.1 (0x00007f8a1c2c3000)
  libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f8a1c0a5000)
  libc.so.6 => /usr/lib/libc.so.6 (0x00007f8a1bcf7000)
  libssh2.so.1 => /usr/lib/libssh2.so.1 (0x00007f8a1bace000)
  libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f8a1b860000)
  libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007f8a1b44e000)
  libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00007f8a1b203000)
  libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00007f8a1af22000)
  libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00007f8a1acf0000)
  libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x00007f8a1aaec000)
  /lib64/ld-linux-x86-64.so.2 (0x00007f8a1c747000)
  libdl.so.2 => /usr/lib/libdl.so.2 (0x00007f8a1a8e8000)
  libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00007f8a1a6db000)
  libkeyutils.so.1 => /usr/lib/libkeyutils.so.1 (0x00007f8a1a4d7000)
  libresolv.so.2 => /usr/lib/libresolv.so.2 (0x00007f8a1a2c0000)
  I try to use a virtual machine on the same machine with ubuntu installed: no problem.
  Any idea?
  Last edited by saronno (2014-08-15 12:37:44)

  # curl -v https://areaclienti187.telecomitalia.it
  * Rebuilt URL to: https://areaclienti187.telecomitalia.it/
  * Hostname was NOT found in DNS cache
  * Trying 62.77.57.164...
  * Connected to areaclienti187.telecomitalia.it (62.77.57.164) port 443 (#0)
  * successfully set certificate verify locations:
  * CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
  * SSLv3, TLS handshake, Client hello (1):
  * SSLv3, TLS handshake, Server hello (2):
  * SSLv3, TLS handshake, CERT (11):
  * SSLv3, TLS handshake, Server finished (14):
  * SSLv3, TLS handshake, Client key exchange (16):
  * SSLv3, TLS change cipher, Client hello (1):
  * SSLv3, TLS handshake, Finished (20):
  * SSLv3, TLS change cipher, Client hello (1):
  * SSLv3, TLS handshake, Finished (20):
  * SSL connection using TLSv1.0 / AES128-SHA
  * Server certificate:
  * subject: C=IT; ST=Italy; L=Pomezia; O=Telecomitalia; OU=ADM.AP.PM.WO; CN=areaclienti187.telecomitalia.it; emailAddress=[email protected]
  * start date: 2013-10-08 10:06:37 GMT
  * expire date: 2014-10-08 10:06:37 GMT
  * common name: areaclienti187.telecomitalia.it (matched)
  * issuer: C=IT; O=I.T. Telecom; OU=Servizi di certificazione; CN=I.T. Telecom Global CA
  * SSL certificate verify ok.
  With curl no problem at all.
  Last edited by saronno (2014-08-15 19:10:09)

• Microsoft Is Rushing to Fix Improperly Issued SSL Certificate

  Microsoft Security Advisory 3046310
  Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
  To help protect customers from potentially fraudulent use of this digital certificate, it has been revoked by the issuing CA and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue.
  For more information see:
  https://technet.microsoft.com/en-us/library/security/3046310
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  You appear to be complaining about how Mail executes security. Turns out there is no one standard about how security is handled by Mail. 802.11x has nothing to do with that. 802.11x is simply a wireless router protocol. If you want a feature added to any Mac OS X software go to the feedback page:
  http://www.apple.com/feedback/
  or sign for a free Apple Developer account, and file a bug report here:
  http://bugreporter.apple.com/
  This is a user to user forum, and no one here can guess as to why Apple has incorporated certain features into Mail while others are not included. Please read the Terms of Use on the right more carefully. We'd have to guess Apple's programming policy to answer your questions.

• Remove unwanted issues Root certificates

  Do some typos in my AIA and CDP ldap paths I had to re-issue a new certificate from my offline root three times.  So within the trusted root certificate authority on all my clients their are three root certificates which have been downloaded from
  the domain.  Two of the certificates have been superseded by the newest issued root certificate and is not needed. 
  Is there anyway to clean up these old root certificates? I want it so that newly joined domain machines only download the newest root certificate into the machine's root certificate authority.
  Thanks for everyone's help.
  Joel

  For an offline CA these certificates have been distributed either:
  by downloading them from Active Directory's config. container - if you have published them before with
  certutil -dspublish -f [Your Root CA].crt RootCA
  or via Group Policies - in this cases you have added them to a computer GPO before.
  In either case you could remove the CA certificates from clients by deleting them from the respective "central AD store" before:
  from AD config. container: Use pkiview.msc, right-click the top node,
  Manage AD Containers, Certification Authorities. View all three certificates and delete the two older ones. You need Enterprise Admins rights for this unless permissions have been delegated.
  from the GPO:
  Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities
  Having deleted the CA certificates run gpupdate /force at the clients or wait (also in case of 1. the download is triggered by GPO refresh).
  Edit: But one thing that strikes me odd: A Root CA certificate should not contain any AIA or CDP URLs - so does your question really refer to the Root CA certificate itself or to a subordinate CA certificate signed by the Root CA?
  In case you mean three subordinate CA certificates distributed to the Intermediate CA store you could delete them from the AD AIA store with pkiview.msc as well.
  Elke

• I have a server runnng on Mac OS 9.2.2 with a secure certificate from Verisign. Apparently some Firefox users get a message warning that the issuer is unknown to them. Verisign is perhaps the best-known issuer of certificates

  Note: I am in the process of moving the site to our central server so all pages, with the exception of the secure ones and the homepage, are redirected. See https://www.homelink-usa.com/secure/subscribe/subscribe.lasso which is secure and, in my browser Firefox 3.6.13, the location window is blue just like your site that I am typing on. The certificate expires on March 20, 2011.
  I do not get the error message on any of my machines or browsers.
  Karl
  This Connection is Untrusted
  You have asked Firefox to connect securely to *www.homelink-usa.com*,
  but we can't confirm that your connection is secure.
  Normally, when you try to connect securely, sites will present trusted
  identification to prove that you are going to the right place. However,
  this site's identity can't be verified.
  What Should I Do?
  If you usually connect to this site without problems, this error could
  mean that someone is trying to impersonate the site, and you shouldn't
  continue.
  Technical Details
  www.homelink-usa.com uses an invalid security certificate. The
  certificate is not trusted because the issuer certificate is unknown.
  (Error code: sec_error_unknown_issuer)
  I Understand the Risks
  If you understand what's going on, you can tell Firefox to start
  trusting this site's identification. *Even if you trust the site, this
  error could mean that someone is tampering with your connection.*
  Don't add an exception unless you know there's a good reason why this
  site doesn't use trusted identification.

  Might have a hardware issue that was caused by the minor liquid spill.
  Take it to Apple to have them look at it.  I think they do a free diagnostics.  That way you can find out what's wrong with your MB.
  Good luck....Hope you get it sorted out.

• ISE Provisioning Issues - Public Certificate & EAP-TLS

  Anyone run into the issues similar to the below?:
  Public Certificate bound for HTTPS
  Internal AD Certificate Bound for EAP
  Issue is SPW or Native Supplicant will be provisioned with Root CA of Public Cert then SCEP enrolls EAP-TLS with Internal CA however as client device (ipad/iphone/android) doesnt get the Internal Root CA provisioned they will fail EAP-TLS communication
  Running ISE 1.1.2 patch2, 2 node-cluster
  Guest Portal being used for Provisioning if AD credentials passed
  Works a treat if i bind both https & eap on the Internal identity ceritficate (only issue then is Guests/BYOD devices get Certificate Warnings on the portal)
  Cheers
  Kam

  the process doesnt fail as such for the onboarding/provisioning on the iphone, however the when entering domain credentials to the guest portal which intiates the onboarding/provisioning process, i notice the root CA certificate is prompted to be installed on the iphone is that of the public certificate instead of the internal root CA, the rest of the user certificate and scep process properly completes however as the root CA for the internal CA wasnt installed i get warnings when connect to our dot1x eap-tls SSID.
  On other devices this process fails which i can only assume is down to the lack of internal root CA cert
  so as per the above im pretty much following this (differentiated access via certificates) :
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod_certificates.pdf
  however my setup is slighlty different as the EAP & HTTPS indentity certificate is not the internal, i have installed a public cert for HTTPS to remove certificate warnings on guest portal (as BYOD devices and guests will only have non-domain machines thus a public cert removes the certificate warnings)
  does that clarify anymore?
  Cheers
  Kam

• Issues with certificates with multiple CNs

  Hi,
  I manage my own internal Windows Certificate Authority which I use to sign certificate requests for internal web servers. I have an odd issue.
  If I create a CSR from a server that has multiple CNs (e.g. 10.1.1.25, *.mydomain.local, www.mydomain.local) FF 9 and FF 10 both complain about the certificate "The connection is not trusted". It would appear FF is only using one of the CNs to validate the site in question. i.e. if I visit the site via 10.1.1.25 I get the warning. If I use www.mydomain.local I do not receive the warning.
  Further, I do not have this issue with IE9. Is there something broken with FF and sites that use multiple CNs in their SSL cert? Or perhaps am I doing something wrong when generating the CSR (not that I see how, as it's a standard template I use, and it works flawlessly with IE9 browsers)?

  # curl -v https://areaclienti187.telecomitalia.it
  * Rebuilt URL to: https://areaclienti187.telecomitalia.it/
  * Hostname was NOT found in DNS cache
  * Trying 62.77.57.164...
  * Connected to areaclienti187.telecomitalia.it (62.77.57.164) port 443 (#0)
  * successfully set certificate verify locations:
  * CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
  * SSLv3, TLS handshake, Client hello (1):
  * SSLv3, TLS handshake, Server hello (2):
  * SSLv3, TLS handshake, CERT (11):
  * SSLv3, TLS handshake, Server finished (14):
  * SSLv3, TLS handshake, Client key exchange (16):
  * SSLv3, TLS change cipher, Client hello (1):
  * SSLv3, TLS handshake, Finished (20):
  * SSLv3, TLS change cipher, Client hello (1):
  * SSLv3, TLS handshake, Finished (20):
  * SSL connection using TLSv1.0 / AES128-SHA
  * Server certificate:
  * subject: C=IT; ST=Italy; L=Pomezia; O=Telecomitalia; OU=ADM.AP.PM.WO; CN=areaclienti187.telecomitalia.it; emailAddress=[email protected]
  * start date: 2013-10-08 10:06:37 GMT
  * expire date: 2014-10-08 10:06:37 GMT
  * common name: areaclienti187.telecomitalia.it (matched)
  * issuer: C=IT; O=I.T. Telecom; OU=Servizi di certificazione; CN=I.T. Telecom Global CA
  * SSL certificate verify ok.
  With curl no problem at all.
  Last edited by saronno (2014-08-15 19:10:09)

• Issues enrolling certificates CM2012R2 CRP - NDES with Intune

  Hi, the certificate enrollment works just fine. But there seems to be issues with iDevices and re-enroll certificates. So basically I have got my certs for two diffrent accounts towards my iPad. But when I try to remove the intune account and then re-enroll
  the device to intune. It doesnt generate any certificate.
  When looking in the logfiles it seems good.
  When an allready enrolled before device with an allready enrolled user re-enrolls the device (after selective wipe or removal inside intune app) the crp.log files says.
  VerifyRequest Started. CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  Reading Template Permission Check from registry. CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  Validation Phase 1 started. CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  Validation Phase 1 finised with status True. CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  Validation Phase 2 started for device and user . CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  Validation Phase 2 finished. CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  Validation Phase 3 started for device 9830942a-60e8-432f-bbee-2e68019d9734 and user 8990afa9-9690-4830-9438-fcba63e87691. CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  Get Challenge Parameters from DB using query: Execute CRP_VerifyRequestParameters @vchCertificateRequestID = 'ModelName=ScopeId_96A5566A-0E75-4EFB-8670-3B4266DDD18C/ConfigurationPolicy_8e3a6dfd-ab68-4eb5-8bb6-79af10623f1e;Version=5;Hash=-850744603', @vchDeviceID
  = '9830942a-60e8-432f-bbee-2e68019d9734', @vchUserID = '8990afa9-9690-4830-9438-fcba63e87691', @DeviceType = 9 CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  Validation Phase 3 finished with status True. CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  VerifyRequest Finished with status True CertificateRegistrationPoint 10/4/2014 11:19:45 AM 28 (0x001C)
  When the crp is able to generate the certificate the logfile looks like this
  VerifyRequest Started. CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  Reading Template Permission Check from registry. CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  Validation Phase 1 started. CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  Validation Phase 1 finised with status True. CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  Validation Phase 2 started for device and user . CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  Validation Phase 2 finished. CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  Validation Phase 3 started for device 9830942a-60e8-432f-bbee-2e68019d9734 and user 8990afa9-9690-4830-9438-fcba63e87691. CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  Get Challenge Parameters from DB using query: Execute CRP_VerifyRequestParameters @vchCertificateRequestID = 'ModelName=ScopeId_96A5566A-0E75-4EFB-8670-3B4266DDD18C/ConfigurationPolicy_8e3a6dfd-ab68-4eb5-8bb6-79af10623f1e;Version=5;Hash=-850744603', @vchDeviceID
  = '9830942a-60e8-432f-bbee-2e68019d9734', @vchUserID = '8990afa9-9690-4830-9438-fcba63e87691', @DeviceType = 9 CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  Validation Phase 3 finished with status True. CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  VerifyRequest Finished with status True CertificateRegistrationPoint 10/4/2014 11:29:49 AM 28 (0x001C)
  Notify Started. CertificateRegistrationPoint 10/4/2014 11:30:33 AM 28 (0x001C)
  Creating state message CertificateRegistrationPoint 10/4/2014 11:30:33 AM 28 (0x001C)
  Retrieveing the CRP certificate CertificateRegistrationPoint 10/4/2014 11:30:33 AM 28 (0x001C)
  Retrieving the GWP or MP certificate. CertificateRegistrationPoint 10/4/2014 11:30:33 AM 28 (0x001C)
  Success state message CertificateRegistrationPoint 10/4/2014 11:30:33 AM 28 (0x001C)
  StateMessage D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\eld033fqrfb.SMX is dropped. CertificateRegistrationPoint 10/4/2014 11:30:33 AM 28 (0x001C)
  Successfully sent state message CertificateRegistrationPoint 10/4/2014 11:30:33 AM 28 (0x001C)
  Notify Finished. CertificateRegistrationPoint 10/4/2014 11:30:33 AM 28 (0x001C)
  On the NDES server I seem to get these kind of logs when it doesnt manage to enroll certificates.
  - System
  - Provider
  [ Name] Microsoft-Windows-NetworkDeviceEnrollmentService
  ErrorCode 0x80010108
  ErrorMessage The object invoked has disconnected from its clients.
  And before this happens I get the schannel 36887 as stated in this KB
  http://support2.microsoft.com/kb/2801679/en-us
  The servers are all 2012 R2. ndes is in Windows Azure, the CRP is in my LAN and I have a lan2lan vpn tunnel with allow all all 10.0.0.0/24 <-> 192.168.1.0/24
  I would be glad if you can shed some light over this issue.
  BR.
  Björn

  After a reboot of the NDES server it actually delivers a certificate to my device. 

• Two typical issues in PM -reg

  Hi,
  1. While creating an equippment , in the location tab , cost center field  shoudl be automatically populated taking the cost center
      assigned to the asset which is entered the field above to this cost center field .
      Requirement is when i enter asset number in the field  asset , if possible system should populate the cost center field with the
     value assigned to the asset
     is it possible ? are tehre any user exits for this ?
    how to make these fields mandetory if required
  2. Major issue is when we create PM order through IW31 , pm order type PM01 , assign the component in the component view , reservation is created with movement type 261. But in that reservation cost center  field is not filled up . its blank .
  for the equippment cost center is assigned and in the order craeting view ....additional data tab...responsible cost center field is also picked the cost center .  But when teh craeted reservation is seen through MB23 , cost center field is not filled up and also when it is serviced through MB1A, document is posted for 261 movement  with out referring to the cost center , its getting accounted against the fund center only .
  we need the MB1A posting should refer the cost center  .
  this may be because at the time of reservation creation by system automatically during IW31 order creation itself cost center is not filled in the reservation
  please help
  regards,
  madhu kiran
  Also checked in the PM01 order type parameters and there settlement 40 -maintenance measure is maintained

  hi,
  thanks for your thoughts and inputs
  we shalle xplore this and revert
  further small clarification sought from you is
  for an equippment ..i create maintenance order through IW31...get a SR for the spares and close that SR by materila issue
  now if i want to track for a period given , for an equippment ....what and all spares are used during maintenance
  any report available in standard ? or to customize which table and fields will help
  requirement is
  input is equippment
  out put
  for that equiipment maintenance ........which are all orders closed ....which are all spares consumed ?
  pl help
  regards,
  madhu kiran