Issues with subject in idm 8.1
Below are details about issue we are facing. I am using IDM 8.1 version
We have used Checkout View in the provisoning workflows.
The arguments of the Checkout view are -
<Argument name='op' value='checkoutView'/>
<Argument name='type' value='User'/>
<Argument name='id' value='$(activeSync.accountId)'/>
<Argument name='TargetResources'>
<list>
<ref>resourceNm</ref>
</list>
</Argument>
*<Argument name='subject' value='configurator'/>*
<Argument name='Form' value='Empty Form'/>
Now, we have created a user with accountId: SPMLUser and assigned the capabilitiies -
SPML Access
View Configuration
Update USer
so that using SPML 2.0, this user can login into Identity manager and launch workflows.
Request was sent successfully but when I checked the Server Tasks below error was generated.
com.waveset.util.WSAuthorizationException: Modify access denied to Subject SPMLUser on Resource: ABC.
Any help would be appreciated.
Thanks,
Sanhita
Is there any specific capability in IDM which can be assigned to SPMLUser so that this conflict of subject in provision workflows can be avoided?
I have created this SPMLUser account only to serve all the SOAP requests and trigger the provision workflows.
Please help as it is urgent!
Thanks,
Sanhita
Similar Messages
-
Issues with subject line when moving emails to another folder
Hi.
For the past few months I've been having a problem moving groups of emails from my inbox to another created folder. When I move a group of emails to another folder the subject of all the emails swap with each other. The issue seems to be with the iPhone native mail app only as when I connect via iPad or web the emails are correct.
Any help would be greatly appreciatedNot that I'm aware of.
Mail.app isn't a particularly scalable database in general, so you might want to look at your workflow.
For better or worse, email is often ill-suited as a general information-storage and transfer mechanism.
You might be able to set up a Rule to perform the move when the message arrives; if the mail messages involved are uniquely identifiable.
It's also possible to implement server-side rules, depending on what you're up to, and what your own mail server or particular your mail provider supports here.
I'm using a combination of these two approaches locally.
Or swap out for a different mail client or a mail-handling package; a package or a tool that's better suited for the scale that you're apparently working at, and the requirements you have. -
Hello IDM experts, please help me. I have Oracle Linux 5.7 64 bit installed on Oracle Virtual box 4.1.10.
I have valid IP address and Domain name and I am able to ping both.
I have successfully installed database 11GR2 (11.2.0.1.0) for 64 bit linux. All issues with OS packages have been resolved. Nothing is ignored. All parameter setting has been followed as per the installation guide by Oracle.
Installed JDK 1.7_03 version linux 64 bit ( I selected this as per the certification matrix ).
Installed WLS 10.3.6 for 64 bit linux
Ran RCU 11.1.1.6.0 and created all required schemas.
Downloaded IDM 11.1.1.6.0 for linux 64 bit.
While installing and configuring,
I have looked into all other postings related to this error and I did not find anything missing in my configuration.
Really appreciate your great help in resolving this issue. It is show stopper for me now.
While runInstaller executing ASInstance step, I get in the log : "Error creating ASInstance asinst_1 "
Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:86)
... 31 more
Caused by: java.lang.SecurityException: The jurisdiction policy files are not signed by a trusted signer!
at javax.crypto.JarVerifier.verifyPolicySigned(JarVerifier.java:289)
Error creating ASInstance asinst_1.Cause:
An internal operation has failed: java.lang.ExceptionInInitializerError
Action:
If I retry, I get error saying "Oracle instance not empty ... ...."
Greatly appreciate your valuable suggestions.
Edited by: 923360 on Mar 26, 2012 7:16 AM
Edited by: 923360 on Nov 11, 2012 6:19 AMHi Please find the steps to resolve this issue here. I resolved this completely.
http://obieelive.wordpress.com/2012/05/25/obiee-11g-installation-failed-at-configuration-step-13-of-14/
Regards,
Sandep -
Just wondering what Apple's stand is on the issue with a flickering and a dark area appearing on imac 27"screen - forums seem to indicate this is not uncommon - and happens through normal use - so should be subject to repair (Sale of Goods Act - ie 6 year warranty)
We are just users like yourself. If Apple has stated publicly about the problems you mentioned, it will be listed on their website and/or in one of their Knowledge Base Articles.
I have a 27" & do not suffer from such a problem. You should keep in mind that these are technical support forums. Generally, the only people posting here are those with problems. The thousands/millions without problems don't ever come here.
Think of these forums as a hospital emergency room. -
Issues with Approval Task IN IDM 7.1
Hi,
I have been facing issues with Approval task.
Firstly,
I have created an Approval task with 'Mskeyvalue' and 'Mxref_mx_privilege' as attributes.
I am having a problem in the Approvers workflow UI where, we see these approvals.
It not only displays the requested privilege,but also the already provisioned privileges of the enduser to the approver.
He will not be able to recognize which privilege has been requested.
Is this an already known issue which has been sorted out in recently updated patches?
If not can you suggest me a solution for this.
Secondly,
The privilege requested by the end-user is getting provisioned to the backend,even before it is Approved.
Since Provisioning tasks are mapped through repository,privileges are getting provisioned as soon as
an entry is made into the Identity Stores.
But,Ideally the requested privilege should not be proviosioned to the backend until it is approved by the Approver.
Is this an already known isuue which has been sorted out in recently updated patches?
If not can you suggest me a solution for this.
Thanks and Regards,
Joel
Edited by: Joel Sundararajan Davis on Jul 16, 2009 11:04 AMJoel,
I'm afraid the approval process is not quite this simple. You are correct, if you have provisioning setup on the repository for a privilege it will be assigned immediately. The approval task as you are using it works as an 'interrupt' to a process - nothing more.
There is an entry type called pending value that you would need to leverage in order to have privileges requested route for approval. This pending value object is created by default for role requests in 7.1, but I'm not sure how to create a pending value for a privilege.
Which brings to mind a question - is there a reason you want users to request privileges instead of roles? In general I think the security model is setup so that users are assigned roles which contain one or more privileges.
If you do choose to use a role instead of privilege, simply set the attribute MX_APPROVAL_TASK to the id of the approval task you want to use and the system will do the rest. The display you referenced in the first part of your question will always display the current values of the attributes you select for the user, so don't try to display the roles there - just display the user id, name, whatever else is helpful and when the approver clicks on the user id they will get the approval details which will include the requested role.
Also, please note that if you would like to assign a role directly anywhere (bypass approvals) you can use the switch: {direct_reference=1}
-Geoff -
Issues with WebForm performance
Hi,
We had migrated a new application from UAT to PROD and we encounter webform performance issues with the following actions..
After login, the first form you open it is
always slow. After this you can switch from one form to another without a
delay.
Then once you change any data – the next time
you access a form it gets delayed.
The point to be noted is, it doesnt have any performance issues in the UAT environment and the configuration settings,essbase cache settings are all the same. We did try to move the EPM system to a new server to see if this is a hardware issue but no luck, the performance issues still exist. The consumption of the CPU/memory has been checked and it is proved that the form opening delay has nothing to do with lack of memory.
The JVM head settings is set up at 4GB which is infact higher than that of the UAT environment(2GB).
runs on Windows server2008,11.1.2.1.600 EPM serve, has planning,reporting,foundation on one server (32GB ram) and essbase on another server (32GB ram). Any help is appreciated.
Please find attached the planning logs below and there is nothing mentioned in the hyperionplanning error logs.-----------------------------------------------------------------------------------------------------------------------------------------------------------------
<Nov 5, 2013 8:05:43 PM CET> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Nov 5, 2013 8:05:43 PM CET> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Nov 5, 2013 8:05:44 PM CET> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Oracle JRockit(R) Version R28.0.2-11-135406-1.6.0_20-20100624-2119-windows-x86_64 from Oracle Corporation>
<Nov 5, 2013 8:05:46 PM CET> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.4.0 Fri Dec 17 20:47:33 PST 2010 1384255 >
<Nov 5, 2013 8:05:48 PM CET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Nov 5, 2013 8:05:48 PM CET> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Nov 5, 2013 8:05:48 PM CET> <Notice> <Log Management> <BEA-170019> <The server log file C:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\Planning0\logs\Planning0.log is opened. All server side log events will be written to this file.>
<Nov 5, 2013 8:06:22 PM CET> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Nov 5, 2013 8:06:28 PM CET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Nov 5, 2013 8:06:28 PM CET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@327b36fb
Calling getDomainConfiguration()
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@327b36fb
Calling getRuntimeService()
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@327b36fb
return com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean
return com.bea:Name=EPMSystem,Type=Domain
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@327b36fb
Domain location is 'C:\Oracle\Middleware\user_projects\domains\EPMSystem'
Calling getRuntimeService()
return com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@327b36fb
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@327b36fb
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@327b36fb
Calling getConnection()
return weblogic.management.jmx.mbeanserver.WLSMBeanServer@327b36fb
Checking C:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\Planning0\registry_update.xml file
EPM_ORACLE_HOME: C:\Oracle\Middleware\EPMSystem11R1
Template for PLANNING#11.1.2.0: C:\Oracle\Middleware\EPMSystem11R1\common\templates\applications\epm_planning_11.1.2.1.jar
Dependencies for C:\Oracle\Middleware\EPMSystem11R1\common\templates\applications\epm_planning_11.1.2.1.jar: []
BPMUI shared webapp not referenced from PLANNING#11.1.2.0
Application name: PLANNING#11.1.2.0
Application source: HyperionPlanning.ear
Server name: Planning0
Server port: 8300
Server SSL port: 8343
Application context: HyperionPlanning
Registry product type: PLANNING_PRODUCT
Registry physical web application type: PLANNING_WEBAPP
weblogic.Name property is 'Planning0', seems to be WebLogic mode
registry.isRegistryDatabaseCreated()true
Registry was initialized sucessfully
Executing pre custom update for PLANNING#11.1.2.0
EPM_ORACLE_INSTANCE: C:\Oracle\Middleware\user_projects\epmsystem1
Physical Web App found
Web app already linked to some application server: false
The registry was not modifyed because it already containse all sturctures
Web app is already linked to the logical web app
No needs to run custom updater for PLANNING#11.1.2.0
loggingUpdatePLANNING.block file exist or the system is running in the Fusion mode, skipping logging.xml configuration
Planning locale: en_US
<Nov 5, 2013 8:06:39 PM CET> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<Nov 5, 2013 8:06:39 PM CET> <Notice> <Cluster> <BEA-000197> <Listening for announcements from cluster using unicast cluster messaging>
<Nov 5, 2013 8:06:39 PM CET> <Notice> <Cluster> <BEA-000133> <Waiting to synchronize with other running members of Planning.>
<Nov 5, 2013 8:07:09 PM CET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Nov 5, 2013 8:07:09 PM CET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Nov 5, 2013 8:07:09 PM CET> <Notice> <Cluster> <BEA-000162> <Starting "async" replication service with remote cluster address "null">
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoIdentity.jks.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoTrust.jks.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\Middleware\jrockit_160_20\jre\lib\security\cacerts.>
<Nov 5, 2013 8:07:10 PM CET> <Alert> <Security> <BEA-090152> <Demo trusted CA certificate is being used in production mode: [
Version: V3
Subject: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 512 bits
modulus: 9550192877869244258838480703390456015046425375252278279190673063544122510925482179963329236052146047356415957587628011282484772458983977898996276815440753
public exponent: 65537
Validity: [From: Thu Mar 21 21:12:27 CET 2002,
To: Tue Mar 22 21:12:27 CET 2022]
Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
SerialNumber: [ 33f10648 fcde0deb 4199921f d64537f4]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Algorithm: [MD5withRSA]
Signature:
0000: 9D 26 4C 29 C8 91 C3 A7 06 C3 24 6F AE B4 F8 82 .&L)......$o....
0010: 80 4D AA CB 7C 79 46 84 81 C4 66 95 F4 1E D8 C4 .M...yF...f.....
0020: E9 B7 D9 7C E2 23 33 A4 B7 21 E0 AA 54 2B 4A FF .....#3..!..T+J.
0030: CB 21 20 88 81 21 DB AC 90 54 D8 7D 79 63 23 3C .! ..!...T..yc#<
] The system is vulnerable to security attacks, since it trusts certificates signed by the demo trusted CA.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[3]" is now listening on 127.0.0.1:8343 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[1]" is now listening on fe80:0:0:0:0:5efe:a53:4816:8343 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[4]" is now listening on 0:0:0:0:0:0:0:1:8343 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.83.72.22:8300 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "Default[3]" is now listening on 127.0.0.1:8300 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "Default[4]" is now listening on 0:0:0:0:0:0:0:1:8300 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "Default[2]" is now listening on fe80:0:0:0:0:ffff:ffff:fffe:8300 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on fe80:0:0:0:0:5efe:a53:4816:8300 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[2]" is now listening on fe80:0:0:0:0:ffff:ffff:fffe:8343 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 10.83.72.22:8343 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
<Nov 5, 2013 8:07:10 PM CET> <Warning> <Server> <BEA-002611> <Hostname "WIPLPRD01.svc.unicc.org", maps to multiple IP addresses: 10.83.72.22, 0:0:0:0:0:0:0:1>
<Nov 5, 2013 8:07:10 PM CET> <Notice> <WebLogicServer> <BEA-000330> <Started WebLogic Managed Server "Planning0" for domain "EPMSystem" running in Production Mode>
<Nov 5, 2013 8:07:12 PM CET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Nov 5, 2013 8:07:12 PM CET> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
using java.library.path: C:\Oracle\Middleware\EPMSystem11R1/products/Planning/lib64;C:\Oracle\Middleware\EPMSystem11R1/bin;C:\Oracle\Middleware\EPMSystem11R1/common/EssbaseRTC-64/11.1.2.0/bin;C:\Oracle\MIDDLE~1\patch_wls1034\profiles\default\native;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\Oracle\MIDDLE~1\JROCKI~1\jre\bin;C:\Oracle\MIDDLE~1\JROCKI~1\bin;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64\oci920_8
EPM_ORACLE_HOME (C:\Oracle\Middleware\EPMSystem11R1) is set from JVM property "EPM_ORACLE_HOME".
using Java property for Hyperion Home C:\Oracle\Middleware\EPMSystem11R1
EPM_ORACLE_INSTANCE (C:\Oracle\Middleware\user_projects\epmsystem1) is set from JVM property[EPM_ORACLE_INSTANCE].
Reaquired task list lease: Tue Nov 05 20:11:49 CET 2013: 1383678709156
Seeking ESAPI.properties
Found in 'org.owasp.esapi.resources' directory: C:\Oracle\Middleware\EPMSystem11R1\products\Planning\config\esapi\ESAPI.properties
Loaded 'ESAPI.properties' properties file
Seeking validation.properties
Found in 'org.owasp.esapi.resources' directory: C:\Oracle\Middleware\EPMSystem11R1\products\Planning\config\esapi\validation.properties
Loaded 'validation.properties' properties file
Seeking antisamy-esapi.xml
Found in 'org.owasp.esapi.resources' directory: C:\Oracle\Middleware\EPMSystem11R1\products\Planning\config\esapi\antisamy-esapi.xml
EnterData_Inner Processing Time:424
2013-11-05 20:14:47,454 INFO Thread-51 calcmgr.launch - Date/Time Started: 2013/11/05:20:14:47.452 CET Server/Application/Database: localhost/1415_WP/AWP Business Rule Name: WPA_Count By Planning user: wipoadmin Values entered for run-time prompts: [Variable] Wrk_Scenario:"Work_Plan_2014"[Variable] Funds:"Regular"[Variable] Units:"0001"
- Date/Time Started: 2013/11/05:20:14:47.452 CET Server/Application/Database: localhost/1415_WP/AWP Business Rule Name: WPA_Count By Planning user: wipoadmin Values entered for run-time prompts: [Variable] Wrk_Scenario:"Work_Plan_2014"[Variable] Funds:"Regular"[Variable] Units:"0001"
2013-11-05 20:14:54,066 INFO Thread-51 calcmgr.launch - Date/Time Ended: 2013/11/05:20:14:54.066 CET Server/Application/Database: localhost/1415_WP/AWP Business Rule Name: WPA_Count By Planning user: wipoadmin.
- Date/Time Ended: 2013/11/05:20:14:54.066 CET Server/Application/Database: localhost/1415_WP/AWP Business Rule Name: WPA_Count By Planning user: wipoadmin.
EnterData_Inner Processing Time:64
EnterData_Inner Processing Time:15
EnterData_Inner Processing Time:359
EnterData_Inner Processing Time:2
EnterData_Inner Processing Time:53
EnterData_Inner Processing Time:4
EnterData_Inner Processing Time:7
EPM_ORACLE_INSTANCE (C:\Oracle\Middleware\user_projects\epmsystem1) is set from JVM property[EPM_ORACLE_INSTANCE].
EPM_ORACLE_INSTANCE (C:\Oracle\Middleware\user_projects\epmsystem1) is set from JVM property[EPM_ORACLE_INSTANCE].
EPM_ORACLE_INSTANCE (C:\Oracle\Middleware\user_projects\epmsystem1) is set from JVM property[EPM_ORACLE_INSTANCE].
Setting HBR Mode to: 2
In lookupBRLWA()
Found HBR product = ESSBASE_PRODUCT
Found HBR product = ESSBASE_PRODUCT
Found HBR product = ESSBASE_PRODUCT
HBR LWA Component = Default
Default HBR = http://WIPLPRD01.svc.unicc.org:19000/eas
In getDBDetails()
Found HBR product = ESSBASE_PRODUCT
In lookupBRLWA()
Found HBR product = ESSBASE_PRODUCT
Found HBR product = ESSBASE_PRODUCT
=2013-11-05 20:35:08,234 WARN [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' com.hyperion.hbr.security.HbrSecurityAPI - Error retrieving user by identity
- Error retrieving user by identity
Embedded HBR initialized.
EnterData_Inner Processing Time:6
EnterData_Inner Processing Time:867
[Tue Nov 05 20:35:33 CET 2013] Planning successfully notified HBR repository.
EnterData_Inner Processing Time:7
2013-11-05 20:40:38,613 INFO Thread-67 calcmgr.launch - Date/Time Started: 2013/11/05:20:40:38.606 CET Server/Application/Database: localhost/1415_WP/AWP Business Rule Name: NonPersonnel_Calc By Planning user: wipoadmin Values entered for run-time prompts: [Variable] Funds:"Regular"[Variable] Units:"0001"[Variable] Wrk_Scenario:"Work_Plan_2014"
- Date/Time Started: 2013/11/05:20:40:38.606 CET Server/Application/Database: localhost/1415_WP/AWP Business Rule Name: NonPersonnel_Calc By Planning user: wipoadmin Values entered for run-time prompts: [Variable] Funds:"Regular"[Variable] Units:"0001"[Variable] Wrk_Scenario:"Work_Plan_2014"
2013-11-05 20:40:47,241 INFO Thread-67 calcmgr.launch - Date/Time Ended: 2013/11/05:20:40:47.241 CET Server/Application/Database: localhost/1415_WP/AWP Business Rule Name: NonPersonnel_Calc By Planning user: wipoadmin.
- Date/Time Ended: 2013/11/05:20:40:47.241 CET Server/Application/Database: localhost/1415_WP/AWP Business Rule Name: NonPersonnel_Calc By Planning user: wipoadmin.
EnterData_Inner Processing Time:44
EnterData_Inner Processing Time:2
EnterData_Inner Processing Time:525
EnterData_Inner Processing Time:1
Reaquired task list lease: Tue Nov 05 20:41:49 CET 2013: 1383680509246I already replied there but it seems no moderator is willing to approve my reply so it never shows up.
So I'll try replying in here instead:
I never thought it could be an emulator issue, I thought I had done something wrong to begin with. So I take having performance issues with tiled layer is not a common problem I suppose?
I'm using MOTODEV SDK platform, A1200 model (motorola). -
Send Issues with Outlook for Mac (2011 / V15) and Exchange 2013 SP1
Hi all,
we have a strange issue with only with Outlook for Mac Users (version 2011 and the newest Outlook Version (V15) from Office 365) connected to our Exchange Server 2013 SP1. Some emails which we send out to the exactly same recipient are not sent through our
Exchange Server.
We have sent 8 emails with subject "test1, test2, test3...". Only test 3-6 was arriving to the recipient. The other emails are in the "sent" folder but it was not sent out through the Exchange.
What we can see with "Get-MessageTrackingLog" is, that the Recipients and MessageSubject are empty for these emails:
Timestamp Sender Recipients MessageSubject
25.02.2015 16:48:52 [email protected].. {}
25.02.2015 17:04:43 [email protected].. {}
25.02.2015 17:08:25 [email protected].. {[email protected]} test 3
25.02.2015 17:08:56 [email protected].. {[email protected]} test 4
25.02.2015 17:09:38 [email protected].. {[email protected]} test 5
25.02.2015 17:09:38 [email protected].. {[email protected]} test 6
25.02.2015 17:13:45 [email protected].. {}
25.02.2015 17:13:55 [email protected].. {}
We can still reproduce the issue on different Mac computers.
Thanks for any help in advance!
Thanks and best regards
RetoHere is the mailheader form the successfully sent email:
Date: Wed, 25 Feb 2015 17:08:25 +0100
Subject: test 3
From: sender <[email protected]>
To: "'[email protected]'" <[email protected]>
This mailheader is from an email which was not sent out:
User-Agent: Microsoft-MacOutlook/15.6.0.150113
Date: Wed, 25 Feb 2015 16:48:52 +0100
Subject: test 1
From: sender <[email protected]>
To: [email protected] <[email protected]>
Interesting: Only the not received messages contains User-Agent string and have some quotation marks missing in the To field. -
An issue with authentication and authorization on ISE 1.2
Hi, I'm new to ISE.
I have an issue with authentication and authorization.
I have ISE 1.2 plus patch 6 installed on VMware.
I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
I created authentication and authorization rules with Active Directory as External Identity Source. Also I applied authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
What should I do to resolve this issue?
Switch configuration:
testISE#sh runn
Building configuration...
Current configuration : 7103 bytes
! Last configuration change at 12:20:15Tue Apr 15 2014
! NVRAM config last updated at 10:35:02 Tue Apr 15 2014
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname testISE
boot-start-marker
boot-end-marker
no logging console
logging monitor informational
enable secret 5 ************
enable password ********
username radius-test password 0 ********
username admin privilege 15 secret 5 ******************
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
client 172.16.0.90 server-key ********
aaa session-id common
clock timezone 4 0
system mtu routing 1500
authentication mac-move permit
ip dhcp snooping vlan 1,22
ip dhcp snooping
ip domain-name elauloks
ip device tracking probe use-svi
ip device tracking
epm logging
crypto pki trustpoint TP-self-signed-1888913408
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1888913408
revocation-check none
rsakeypair TP-self-signed-1888913408
crypto pki certificate chain TP-self-signed-1888913408
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
ip ssh version 2
interface FastEthernet0/5
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/6
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/7
interface Vlan1
ip address 172.16.0.204 255.255.240.0
no ip route-cache
ip default-gateway 172.16.0.1
ip http server
ip http secure-server
ip access-list extended ACL-ALLOW
deny icmp any host 172.16.0.1
permit ip any any
ip radius source-interface Vlan1
logging origin-id ip
logging source-interface Vlan1
logging host 172.16.0.90 transport udp port 20514
snmp-server community public RO
snmp-server community ciscoro RO
snmp-server trap-source Vlan1
snmp-server source-interface informs Vlan1
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps mac-notification change move
snmp-server host 172.16.0.90 ciscoro
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
radius server ISE-Alex
address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
automate-tester username radius-test idle-time 15
key ******
ntp server 172.16.0.1
ntp server 172.16.0.5
endYes. Tried that (several times) didn't work. 5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts. Kept getting error message that username and password invalid. Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick. Think there is an issue with imap.gmail.com and IOS 6.0.1. I'm sure the 5 of us suddently experiencing this issue aren't the only ones. Apple will figure it out. Thanks.
-
Directory Caching issue with Cisco Jabber client for Windows
Hi ,
I am facing cache issue with Cisco Jabber client for Windows. If I do any change related to modification or deletion of contacts in Active Directory/ Callmanager, it does not reflect in the Jabber. Because jabber takes the contacts from the locally stored cache file in the Windows system.
Every time I have to remove the cache file to overcome this issue, practically it's not possible to do the same with all the Widows users. As, if any employee leaves the company and still I can see his contact appears in the "Cisco Jabber client". I have not seen this issue with Android/Apple iOS.
Is there any automated way to remove the cache file?
Here is the detail of CUCM,Presence and Jabber.
CUCM version: 9.1.x
Presence : 9.1.X
Jabber : 10.5 and 10.6Hello
On our environment we had to install a dedicated Microsoft Certificate Authority "just for Cisco Jabber usage" to house the
Network Device Enrollment Service.
Our certificate for the CUPS were generated on this Certification Authority too.
I discussed this certificate matter with my colleagues this afternoon and nobody seems to remember how these certificates were deployed into the
Enterprise Trust store for the users.
But I think they asked all 400 users to accept the 3 certificates by answering "yes" to the popup instead of using a script deployed by GPO...
I wish you success with that deployment and really hope you have a technical partner that *Knows* this subject.
Our partner left us alone with that unfortunately.
Florent
EDIT: If the "Certutil script method" works, please let me know. This could be useful in our own deployment. -
Issue with SSL in web service.
Hi All,
We are having synchronous web service to proxy scenario in XI. We are trying to send a binary data using the SOAP web service to SAP via XI. Initially, we were posting large binary data using HTTP connection via XI from the SOAP client. The scenario was working without any issues.
Since the data is sensitive changed the web service from HTTP to HTTPS.The interface works without issues when we test it using the SOAP client for testing. When the data is sent using the Dot Net application (the end application) using the same webservice, URL (HTTPS connection) the message errors out. The connection is borken and the message fails. In this scenario, XI does not even receive the message which I can make out looking into the SOAP adapter communication channel.
The interesting fact here is the same Dot Net application is able to connect and send smaller binary data using HTTPS connection.
Could you please let us know if this could be the issue with HTTPS connection on XI side? I doubt it to be an issue on XI side because the adapter does not even receive any message when the scenario fails. But we used some HTTPS monitoring tools and found that the Dot Net Application receives some encrypted response from the server which the application is not able to decrypt and the handshake breaks.
Could you please throw some inputs into this issue.
Thanks,
Manohar.Hi Manohar
You have posted the same question with two different subject text
anyway follow these SAP notes your problem will be short out
Note 856597 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 SOAP Adapter
https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856597&_NLANG=E
Note 856599 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 Mail Adapter
https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856599&_NLANG=E
Note 870845 - XI 3.0 SOAP adapter SSL client certificate problem
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=916664&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=870845&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
check the OSS Note 554174 & see if it helps
Note 645357 - SAPHTTP: SSL error
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=645357&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1150980&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
one alternative may be Restart ICM (Internet Communication Manager) .This will solve your HTTP issue
Cheers!!!!
Regards
sandeep
if helpful kindly reward points -
Open port issues with Direct Print functionality
Hi, I have been fighting with HP call support about the Photosmart 7525 printer.
Originally I setup and had performed all the functions to enable both web support and WIFI.
Within an hour the printer would not respond to wireless communication, though it had its wireless indecator showing it was connected.
I was told by HP support that the issue will be resolved in March, as there will be a firmware update to fix the issue.
Now that I had the printer install the new firmware I still get the issue.
Though I found through some sniffing, that there are a number of ports enabled and open that are over and beyond print requirements.
Funny thing I can send my printer into instant lockup with all lights flashing with a simple UDP ping sniff. I would think I can do this with other new HP printers using Eprint functions. I will find HP web based printers that are open for public printing and test my theory that HP Eprinters are open to hacking and denyal of service attempts. My Hp print app on andriod list three in my area, and one is at my local Walmart. This would be cool to find this, as I am usually not the first to point such matters out.
I assume some are for Apple devices to print.
Here is my sniffing report:
Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 07:57 Central Daylight TimeNSE: Loaded 110 scripts for scanning.NSE: Script Pre-scanning.Initiating ARP Ping Scan at 07:57Scanning 192.168.223.1 [1 port]Completed ARP Ping Scan at 07:57, 0.23s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 07:57Completed Parallel DNS resolution of 1 host. at 07:58, 16.50s elapsedInitiating SYN Stealth Scan at 07:58Scanning 192.168.223.1 [1000 ports]Discovered open port 445/tcp on 192.168.223.1Discovered open port 139/tcp on 192.168.223.1Discovered open port 80/tcp on 192.168.223.1Discovered open port 443/tcp on 192.168.223.1Discovered open port 8080/tcp on 192.168.223.1Discovered open port 9220/tcp on 192.168.223.1Discovered open port 6839/tcp on 192.168.223.1Discovered open port 631/tcp on 192.168.223.1Discovered open port 7435/tcp on 192.168.223.1Discovered open port 8089/tcp on 192.168.223.1Discovered open port 9100/tcp on 192.168.223.1Completed SYN Stealth Scan at 07:58, 1.71s elapsed (1000 total ports)Initiating UDP Scan at 07:58Scanning 192.168.223.1 [1000 ports]Discovered open port 5353/udp on 192.168.223.1Completed UDP Scan at 07:58, 1.82s elapsed (1000 total ports)Initiating Service scan at 07:58Scanning 20 services on 192.168.223.1Discovered open port 161/udp on 192.168.223.1Discovered open|filtered port 161/udp on 192.168.223.1 is actually open
Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 07:51 Central Daylight TimeNmap scan report for 192.168.223.1Host is up (0.0025s latency).Not shown: 93 closed portsPORT STATE SERVICE VERSION80/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)139/tcp open tcpwrapped443/tcp open ssl/http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)445/tcp open netbios-ssn631/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)8080/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)9100/tcp open jetdirect?MAC Address: A03:C1:BD:C8:34 (Unknown)Device type: printer|general purposeRunning: HP embedded, Wind River VxWorksOS CPE: cpe:/h:hp:laserjet_cm1415fnw cpe:/h:hp:laserjet_cp1525nw cpe:/h:hp:laserjet_1536dnf cpe:/o:windriver:vxworksOS details: HP LaserJet CM1415fnw, CP1525nw, or 1536dnf printer, VxWorksNetwork Distance: 1 hopService Info: Device: printer; CPE: cpe:/h:hphotosmart_7520OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 34.11 secondsOK now I am able to run a full scan on TCP ports without causing a lock up of the printer.
I found that having the printer connect to a router that has been setup to use channel 5, 6 or 7 will cause port scanning issues with the printer.
It is obvious that there are 18 ports that are seen as open, whether they are used or not. Two of which are active but have no service connected to them. Some are just dead like port 25, but over half are active enough to recieve data and lock network connectivity within the printer.
As the firmware states some other laser jets may be affected depending on how the configuration can be set.
I moved my routers channel to channel 1 as it is the only other option I have in a highly congested location. It is not as good as channel 6, but the printer seems to have channel 6 locked in for direct printing.
Here is the latest full scan with UDP enabled, it is the furthest and most complete scan I am able to complete, with UDP ports enabled. The TCP port scan has a bit more and I have placed a simple list below the information given here:
Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 13:27 Central Daylight Time
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 13:27
Scanning 192.168.1.211 [1 port]
Completed ARP Ping Scan at 13:27, 0.44s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:27
Completed Parallel DNS resolution of 1 host. at 13:27, 0.03s elapsed
Initiating SYN Stealth Scan at 13:27
Scanning 192.168.1.211 [1000 ports]
Discovered open port 443/tcp on 192.168.1.211
Discovered open port 80/tcp on 192.168.1.211
Discovered open port 139/tcp on 192.168.1.211
Discovered open port 8080/tcp on 192.168.1.211
Discovered open port 445/tcp on 192.168.1.211
Discovered open port 631/tcp on 192.168.1.211
Discovered open port 9100/tcp on 192.168.1.211
Discovered open port 7435/tcp on 192.168.1.211
Discovered open port 9220/tcp on 192.168.1.211
Discovered open port 6839/tcp on 192.168.1.211
Completed SYN Stealth Scan at 13:27, 5.25s elapsed (1000 total ports)
Initiating UDP Scan at 13:27
Scanning 192.168.1.211 [1000 ports]
Discovered open port 137/udp on 192.168.1.211
Completed UDP Scan at 13:27, 4.46s elapsed (1000 total ports)
Initiating Service scan at 13:27
Scanning 16 services on 192.168.1.211
Discovered open port 161/udp on 192.168.1.211
Discovered open|filtered port 161/udp on 192.168.1.211 is actually open
Completed Service scan at 13:29, 82.51s elapsed (17 services on 1 host)
Initiating OS detection (try #1) against 192.168.1.211
NSE: Script scanning 192.168.1.211.
Initiating NSE at 13:29
Completed NSE at 13:30, 82.29s elapsed
Nmap scan report for 192.168.1.211
Host is up (0.023s latency).
Not shown: 1983 closed ports
PORT STATE SERVICE VERSION
80/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
|_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
139/tcp open tcpwrapped
443/tcp open ssl/http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
|_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=HPPS7525/organizationName=HP/stateOrProvinceName=Washington/countryName=US
| Issuer: commonName=HPPS7525/organizationName=HP/stateOrProvinceName=Washington/countryName=US
| Public Key type: rsa
| Public Key bits: 1024
| Not valid before: 2014-02-25T10:12:24+00:00
| Not valid after: 2034-02-20T10:12:24+00:00
| MD5: 9144 ca3b 557e 09cc aba0 8387 2732 2375
|_SHA-1: a6b2 95c0 b72a 7201 578c 32de 662a e6fe b082 48ca
|_ssl-date: 2014-03-21T13:30:09+00:00; -4h59m12s from local time.
445/tcp open netbios-ssn
631/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
6839/tcp open tcpwrapped
7435/tcp open tcpwrapped
8080/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
|_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
9100/tcp open jetdirect?
9220/tcp open hp-gsg HP Generic Scan Gateway 1.0
137/udp open netbios-ns Samba nmbd (workgroup: HPPS7525)
138/udp open|filtered netbios-dgm
161/udp open snmp SNMPv1 server (public)
| snmp-hh3c-logins:
|_ baseoid: 1.3.6.1.4.1.25506.2.12.1.1.1
| snmp-interfaces:
| Wifi0
| IP address: 192.168.1.211 Netmask: 255.255.255.0
| MAC address: a0:d3:c1:bd:c8:32 (Unknown)
| Type: ethernetCsmacd Speed: 10 Mbps
| Status: up
|_ Traffic stats: 6.16 Mb sent, 3.43 Mb received
| snmp-netstat:
| TCP 0.0.0.0:7435 0.0.0.0:0
| TCP 192.168.1.211:56076 15.201.145.52:5222
| UDP 0.0.0.0:3702 *:*
| UDP 127.0.0.1:666 *:*
|_ UDP 192.168.223.1:67 *:*
| snmp-sysdescr: HP ETHERNET MULTI-ENVIRONMENT
|_ System uptime: 0 days, 3:34:23.28 (1286328 timeticks)
| snmp-win32-shares:
|_ baseoid: 1.3.6.1.4.1.77.1.2.27
1022/udp open|filtered exp2
1023/udp open|filtered unknown
3702/udp open|filtered ws-discovery
5355/udp open|filtered llmnr
MAC Address: A03:C1:BD:C8:32 (Unknown)
Device type: general purpose
Running: Wind River VxWorks
OS CPE: cpe:/o:windriver:vxworks
OS details: VxWorks
Uptime guess: 0.150 days (since Fri Mar 21 09:55:04 2014)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: Busy server or unknown class
Service Info: Hosts: HPA0D3C1BDC832, HPPS7525; Device: printer; CPE: cpe:/h:hphotosmart_7520
Host script results:
| nbstat:
| NetBIOS name: HPA0D3C1BDC832, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| HPA0D3C1BDC832<00> Flags: <unique><active><permanent>
| MSHOME<00> Flags: <group><active><permanent>
| HPA0D3C1BDC832<20> Flags: <unique><active><permanent>
| HPPS7525<00> Flags: <unique><active><permanent>
|_ HPPS7525<20> Flags: <unique><active><permanent>
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
TRACEROUTE
HOP RTT ADDRESS
1 23.26 ms 192.168.1.211
NSE: Script Post-scanning.
Read data files from: F:\Progs\Nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 180.90 seconds
Raw packets sent: 2030 (74.829KB) | Rcvd: 2921 (149.377KB)
+++++++++++++++++++++++++++++++++++++++++++++++++++++===
Full TCP port scan without UDP scanning of all ports, showing up as open... * designates open and active.
192.168.223.1Discovered open port 25/tcp on
*192.168.223.1Discovered open port 80/tcp on
*192.168.223.1Discovered open port 110/tcp on
*192.168.223.1Discovered open port 119/tcp on
*192.168.223.1Discovered open port 139/tcp on
192.168.223.1Discovered open port 143/tcp on
*192.168.223.1Discovered open port 443/tcp on
*192.168.223.1Discovered open port 445/tcp on
192.168.223.1Discovered open port 465/tcp on
192.168.223.1Discovered open port 563/tcp on
192.168.223.1Discovered open port 587/tcp on
*192.168.223.1Discovered open port 631/tcp on
192.168.223.1Discovered open port 993/tcp on
192.168.223.1Discovered open port 995/tcp on
*192.168.223.1Discovered open port 7435/tcp on
*192.168.223.1Discovered open port 6839/tcp on
*192.168.223.1Discovered open port 8080/tcp on
192.168.223.1Discovered open port 8089/tcp on
*192.168.223.1Discovered open port 9100/tcp on
*192.168.223.1Discovered open port 9220/tcp on -
[SOLVED]Issue with Postfix sending to external mail addresses
I'm having a very silly issue with Postfix. I followed the wiki article at [link]https://wiki.archlinux.org/index.php/Postfix[/link], and everything seems to work properly, however I cannot send to emails outside of my domain.
I get the error:
550 5.1.1 <[email protected]>: Recipient address rejected: Local delivery only!
Here is what the logs say:
May 08 16:05:12 my.dns.stuff.org postfix/smtpd[31464]: connect from localhost.localdomain[127.0.0.1]
May 08 16:05:12 my.dns.stuff.org postfix/smtpd[31464]: 091E011E3C: client=localhost.localdomain[127.0.0.1]
May 08 16:05:12 my.dns.stuff.org postfix/smtpd[31464]: 091E011E3C: reject: RCPT from localhost.localdomain[127.0.0.1]: 550 5.1.1 <[email protected]>: Recipient address rejected: Local delivery only!; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<sendingdomain.com>
May 08 16:05:12 my.dns.stuff.org postfix/smtpd[31464]: lost connection after RCPT from localhost.localdomain[127.0.0.1]
May 08 16:05:12 my.dns.stuff.org postfix/smtpd[31464]: disconnect from localhost.localdomain[127.0.0.1]
May 08 16:05:14 my.dns.stuff.org sudo[31476]: me : TTY=pts/0 ; PWD=/etc/postfix ; USER=root ; COMMAND=/usr/bin/journalctl
main.cf
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# SOFT BOUNCE
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
command_directory = /usr/bin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
daemon_directory = /usr/lib/postfix
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#myhostname = host.domain.tld
myhostname = mail.sendingdomain.com
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
mydomain = www.sendingdomain.com
# SENDING MAIL
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# [email protected].
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#myorigin = $myhostname
myorigin = $mydomain
append_dot_mydomain = no
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
# Note: you need to stop/start Postfix when this parameter changes.
inet_interfaces = all
#inet_interfaces = loopback-only
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = localhost
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
# - You redefine the local delivery agent in master.cf.
# - You redefine the "local_transport" setting in main.cf.
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
# Details are described in the LOCAL_RECIPIENT_README file.
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a [email protected] address.
#local_recipient_maps = unix:passwd.byname $alias_maps
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#mynetworks_style = class
#mynetworks_style = subnet
mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
# If you're connected via UUCP, see also the default_transport parameter.
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
default_transport = error: Local delivery only!
# REJECTING UNKNOWN RELAY USERS
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a [email protected] address.
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
# Specify 0 to disable the feature. Valid delays are 0..10.
#in_flow_delay = 1s
# ADDRESS REWRITING
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
alias_maps = hash:/etc/postfix/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
alias_database = $alias_maps
# ADDRESS EXTENSIONS (e.g., user+foo)
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#recipient_delimiter = +
# DELIVERY TO MAILBOX
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#home_mailbox = Mailbox
home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
# luser_relay works only for the default Postfix local delivery agent.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#luser_relay = [email protected]
#luser_relay = [email protected]
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
# For details, see "man header_checks".
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen sesssion, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
# The following parameters are used when installing a new Postfix version.
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
sendmail_path = /usr/bin/sendmail
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
newaliases_path = /usr/bin/newaliases
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
mailq_path = /usr/bin/mailq
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
html_directory = no
# manpage_directory: The location of the Postfix on-line manual pages.
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
sample_directory = /etc/postfix/sample
# readme_directory: The location of the Postfix README files.
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
#virtual_mailbox_domains = sendingdomain.com
virtual_alias_maps = hash:/etc/postfix/virtual_alias, mysql:/etc/postfix/mysql_virtual_forwards.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailboxes.cf
virtual_mailbox_base = /home/vmailer
virtual_uid_maps = static:5003
virtual_gid_maps = static:5003
virtual_minimum_uid = 5003
virtual_mailbox_limit = 51200000
Any help would be appreciated. Thank you.
Last edited by nadman10 (2014-05-14 14:36:10)Your main.cf seems redundant.
For example:
if you specify:
virtual_alias_maps = hash:/etc/postfix/virtual_alias, mysql:/etc/postfix/mysql_virtual_forwards.cf
you don't need this:
alias_maps = hash:/etc/postfix/aliases
and i think you have a lot of more options you don't need.
This is my main.cf on my vps and everything works great (sending and receiving emails from/to most common mail server: gmail, hotmail etc etc)
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
message_size_limit = 4194304
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
it is very simple (no dkim, no forced tls, no mailbox limits and so on) and it can be improved but it works..
as I suggested you just try spending some hour wiping postfix installation and giving a look to this guide -
I have installed the agent 10 or 15 times and one installation has failed, no error appeared during the installation but I am having inconsistent issues with my ethernet card not working here and there. We rebooted and can log into Novell client but the login prompt did not appear for ESM client or the icon was not in the systray. Everything seems to work, besides at times (a couple times today) it terminates his ethernet card/connection. I would re-image his computer but he has several applications and it would take several hours, so I am hoping someone has an idea to fix this issue. So I was trying to figure out why he did not get the prompt to login and why it's not in the systray and it appears to not have completed the install? I checked the add/remove programs, its not listed within their, I also checked the registry and found nothing for endpoint within their, but the files are within c:\program files\novell\zenworks endpoint security.
I have also tried uninstalling it but that fails due to it "not being installed", and it will not reinstall over itself either.
I did notice that stuninstdrv.exe is running in task manager. Any help would be great...
Windows xp sp3
ESM 3.5.154
Thanks,
AndyIf you are searching the registry, check for the "Senforce" string. It should be at HKLM\Software\Senforce
Try running the install program for the ZSC with the following command line:
setup.exe /V"STUNINSTALL=1"
If you've specified an uninstall password, try this one instead:
setup.exe /V"STUNINSTALL=1 STUIP=password"" (please note the double quote at the end)
Let me know if that helped you.
Daniel
>>>
From: Andy_DeWees<[email protected] du>
To:novell.support.zenworks.endpoint-security-management
Date: 2/5/2009 12:52 PM
Subject: I have installed the agent 10 or 15 times and one installation hasfailed, no error appeared during the installation but I am havinginconsistent issues with my ethernet card not working here and there. Werebooted and can log into Novell client but the login prompt did not appearfor ESM client or the icon was not in the systray. Everything seems towork, besides at times (a couple times today) it terminates his ethernetcard/connection. I would re-image his computer but he has severalapplications and
I have installed the agent 10 or 15 times and one installation has failed, no error appeared during the installation but I am having inconsistent issues with my ethernet card not working here and there. We rebooted and can log into Novell client but the login prompt did not appear for ESM client or the icon was not in the systray. Everything seems to work, besides at times (a couple times today) it terminates his ethernet card/connection. I would re-image his computer but he has several applications and it would take several hours, so I am hoping someone has an idea to fix this issue. So I was trying to figure out why he did not get the prompt to login and why it's not in the systray and it appears to not have completed the install? I checked the add/remove programs, its not listed within their, I also checked the registry and found nothing for endpoint within their, but the files are within c:\program files\novell\zenworks endpoint security.
I have also tried uninstalling it but that fails due to it "not being installed", and it will not reinstall over itself either.
I did notice that stuninstdrv.exe is running in task manager. Any help would be great...
Windows xp sp3
ESM 3.5.154
Thanks,
Andy -
3850 PoE issues with AP3600 and AP3700
The switch is more than capable of providing 30 watts of power to the 3600AP yet it negotiates 15.4 watts and then I get errors in prime. Can someone explain how to fix this issue or what is causing the problem? Both radios are enabled so I would expect it to draw about 20 watts. We are seeing the same issues with 3700 series APs on the 3850 series switches. The APs tie back to a controller and not the 3850 switch
Error Message from Prime
Virtual Domain: ROOT-DOMAIN
PI has detected one or more alarms of category AP and severity Critical in Virtual Domain ROOT-DOMAIN for the following items:
1. Message: Access point 'CAZBM-LAPA02' associated with controller 'BRO-5500' draws low power from Ethernet. Failure reason: 'The AP draws 15.4 watts from Ethernet'.
(6 times)
E-mail will be suppressed up to 30 minutes for these alarms.
Switch Info:
Show Version
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.02.SE RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Fri 14-Jun-13 19:24 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 1.2, RELEASE SOFTWARE (P)
BRO-Zone-A-Stack uptime is 18 weeks, 2 days, 23 hours, 56 minutes
Uptime for this control processor is 18 weeks, 2 days, 23 hours, 59 minutes
System returned to ROM by reload
System restarted at 09:42:37 EST Sat Nov 15 2014
System image file is "flash:packages.conf"
Last reload reason: Reload command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Lanbase
License Type: Permanent
Next reload license Level: Lanbase
cisco WS-C3850-48P (MIPS) processor with 4194304K bytes of physical memory.
Motherboard Assembly Number : 73-14442-08
Model Revision Number : L0
Motherboard Revision Number : C0
Model Number : WS-C3850-48P
Switch Ports Model SW Version SW Image Mode
1 56 WS-C3850-48P 03.02.02.SE cat3k_caa-universalk9 INSTALL
Show power inline
Module Available Used Remaining
(Watts) (Watts) (Watts)
1 450.0 15.4 434.6
2 450.0 0.0 450.0
3 450.0 0.0 450.0
4 450.0 120.0 330.0
Interface Admin Oper Power Device Class Max
(Watts)
Gi1/0/1 auto off 0.0 n/a n/a 30.0
Gi1/0/2 auto off 0.0 n/a n/a 30.0
Gi1/0/3 auto off 0.0 n/a n/a 30.0
Gi1/0/4 auto off 0.0 n/a n/a 30.0
Gi1/0/5 auto off 0.0 n/a n/a 30.0
Gi1/0/6 auto off 0.0 n/a n/a 30.0
Gi1/0/7 auto off 0.0 n/a n/a 30.0
Gi1/0/8 auto off 0.0 n/a n/a 30.0
Gi1/0/9 auto off 0.0 n/a n/a 30.0
Gi1/0/10 off off 0.0 n/a n/a 30.0
Gi1/0/11 off off 0.0 n/a n/a 30.0
Gi1/0/12 off off 0.0 n/a n/a 30.0
Gi1/0/13 auto off 0.0 n/a n/a 30.0
Gi1/0/14 auto on 15.4 AIR-CAP3602I-A-K9 0 30.0
Gi1/0/15 auto off 0.0 n/a n/a 30.0Duplicate post.
Go HERE. -
Issue with one of the Managed server while enabling SSL.__ Issue Resovled
Weblogic version:wls 8.1sp6
SSL: internal
Environment:
1 AdminServer and 2 Managed servers. Admin and M1 are on same host. M2 is on different host. We have enabled SSL on M1 & M2 only. Configuration of M1 & M2 are identical. After restarting the servers M1 has no issue with SSL but M2 throws javax.net.ssl.SSLKeyException as shown below,
<Aug 4, 2008 12:29:01 PM BST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<Aug 4, 2008 12:29:02 PM BST> <Info> <WebLogicServer> <BEA-000213> <Adding address: 10.96.201.249 to licensed client list>
<Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090171> <Loading the identity certificate stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
<Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090170> <Loading the private key stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Error> <Cluster> <BEA-000141> <TCP/IP socket failure occurred while fetching statedump over HTTP from -6401422690190304510S:lonlxwebhost99:[16544,16544,16042,16042,16544,16042,-1,0,0]:etg:lonwpyq_16543_1.
javax.net.ssl.SSLKeyException: [Security:090773]The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
at weblogic.cluster.HTTPExecuteRequest.connect(HTTPExecuteRequest.java:73)
at weblogic.cluster.HTTPExecuteRequest.execute(HTTPExecuteRequest.java:121)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)>
Please let me know where I am going wrong. Thnx in advance
Message was edited by:
Shashi_srSolution given by BEA Engineer:
<Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
The reason for this was
The CA Certificate was missing a required bit (according to RFC 3280).
keyEncipherment bit is not in the KeyUsage and KeyUsage is marked as critical.
As per RFC:
The keyEncipherment bit is asserted when the subject public key is
used for key transport. For example, when an RSA key is to be
used for key management, then this bit is set.
According to RFC3280, when the key will be used to encrypt other keys that are send over the wire ("key transport") the keyEncipherment bit of the KeyUsage extension must be set. If the KeyUsage extension is critical, the SSL certificate validation will check that the key can be used in the key agreement. That is, that the key can be used to encrypt the symmetric public key.
Your KeyUsage only contains the following bits:
[4]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
Since it is marked Critical, it MUST have the keyEncipherment bit.
Otherwise, it should not be marked as Critical.
So the three solutions that should work are
1) Remove keyUsage
2) Don't mark keyUsage as critical
3) If keyUsage is critical, make sure keyEncipherment bit is set.
Maybe you are looking for
-
Plans for Window 8 RT support ?
Any plans to release a Jabber application for Windows 8 RT ?
-
Photoshop Elements 9 and cannot open Raw files from my Canon EOS 1000D camera.
I am using Photoshop Elements 9 on a Windows 7 based PC and would like to know why I cannot open Raw files produced by my Canon EOS 1000D camera. I have checked the version of the plug in as 6.5 for raw files which is supposed to open .cr2 files and
-
Quicktime Restarts Computer, Has NO Audio
Quicktime Restarts Computer, Has NO Audio Quicktime 7.7.2 Restarts Computer. Summary: 1. Change the setting so the Computer does NOT Restart on Error. 2. Update the Video Driver. See article on how to change the setting so the computer will
-
Very strange thing after 10.7.3 update?
Very strange thing after 10.7.3 update? Everything seems to be working normal except the desk top BBC iPlayer which plays fine in a small window but when you go to full screen still plays the sound but the screen just goes black, no video? I thought
-
Hi all, I have a problem with my BDC, I am using a CALL transaction to update few fields. When I do a Call transaction using 'A'(all screen mode) the values which I am passing are getting updated.But when I do the same thing using 'N'(No screen mode)