List Services Information" fails during cluster validation Server 2008 R2
Server 2008 r2 ent
An error occurred while executing the test. There was an error getting information about the running services on the nodes. There was an error retrieving information about the Services from node 'XXXXX.XXXXX.COM'. Object reference not set to an instance
of an object.
Hi,
Please offer more detail information about the error content, from your current information it hardly to say why it occur, base on my experience it may cause by the different version server edition, such as the different update or different hot fix installed
on some server, please confirm the cluster nodes have the same server edition and update.
The related KB:
Understanding Requirements for Failover Clusters
http://technet.microsoft.com/en-us/library/cc771404.aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Similar Messages
-
Failing "List Services Information" Cluster validation test
Hi
I'm building a 2 node Windows 2008 SP2 Cluster. I've setup the SAN Disks, NIcs etc and am running the cluster validation tests. However this always fails on the "List Services Information" Test with the following error statement:
"An error occurred while executing the test. There was an error getting information about the running services on the nodes. There was an error retrieving information about the Services from node '<Server FQDN>'. Object reference not set to an
instance of an object.
Note: I replaced the actual server fqdn with <Server FQDN>
Any help is appreciated.
ThanksHi,
I know it is not a SQL cluster but you could still have a try with steps below as a workaround. See:
http://support.microsoft.com/kb/953748/en-us
•For an integrated failover Add-Note setup, run the following command on each node that is being added:
Setup /SkipRules=Cluster_VerifyForErrors /Action=InstallFailoverCluster
•For an advanced or enterprise installation, run the following command:
Setup /SkipRules=Cluster_VerifyForErrors /Action=CompleteFailoverCluster
•If you receive this validation failure when you add a node to an existing failover installation, run the following command on each node that is being added:
Setup /SkipRules=Cluster_VerifyForErrors /Action=AddNode
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected] -
How to Uninstall SQL instance on active-passive SQL server , which failed during Cluster Setup (Error-Failed at Validate Active Directory Configuration)
active-passive SQL server cluster setup failed due to some steps missed in initial cluster setup,
now i have unistall sql instance from nodes,
Your help will higly appriciated.
Regards,
Anish
AsandeenHello,
Please refer to the following link about remove a node of SQL Server Failover Cluster Instance:
http://msdn.microsoft.com/en-us/library/ms191545.aspx#Remove
Regards,
Fanny Liu
Fanny Liu
TechNet Community Support -
Sql server services give error the remote procedure call failed [0x800706be] in sql server 2008
sql server services give error the remote procedure call failed [0x800706be] in sql server 2008.
To resolve this issue, I executed the following mofcomp command in command prompt to re-register the *.mof files:
mofcomp.exe "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof".
but it does not work.
Plz give the exact soln to solve this error.sql server services give error the remote procedure call failed [0x800706be] in sql server 2008.
To resolve this issue, I executed the following mofcomp command in command prompt to re-register the *.mof files:
mofcomp.exe "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof".
but it does not work.
Plz give the exact soln to solve this error.
So when you tried starting SQL server service it gave the error right ? or when you click on SQL server services in SQL server configuration manager(SSCM) you get this error. Can you be more clear. As far as I read your question it has something
to do with permission. Close SSCM window and this time right click on SQL server configuration manager and select run as administrator and check if you can see SQL server services
Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it
My Technet Articles -
DFS-R folder resources Failed in Failover Cluster on Server 2008 R2
Maybe a week ago, 7 of our DFS-R Folder failover cluster resources lost their configuration data. In the resource list, they just show up as "()".
I've seen suggestions online that disabling the replicated folder will remove it from the Failover Cluster, and then re-enabling it will automatically add it back to the cluster. So, I've disabled it via the Connections tab, and that does nothing. The other
option is to disable it under the Memberships tab...but that has consequences, and I would rather not do that if it isn't necessary.
I'm also now seeing event ID 5012's popping up in the DFS Replication logs every hour or so.
The DFS Replication service failed to communicate with partner etc etc. The partner did not recognize the connection or the
replication group configuration.
Error: 9026 (The connection is invalid)
Now, "dfsrdiag pollad /verbose" or "dfsrdiag pollad /mem:<dc name>" both come back as successful. And a DFS Diagnostic Report brings back nothing apparently relevant to this issue, other than one error concerning the same event
ID 5012's.
Also, I've verified that it's not a DNS issue, pinging the home office DFS server from the site server resolves correctly, and vice versa. And the windows firewall is disabled on both servers. It's POSSIBLE that there is a network issue. Replication works
fine between the site server and the 2nd cluster server service, just not between the site server and the 1st cluster server service. However, via netstat I see active connections between the site server and the cluster server, as well as the active cluster
host (although, just a single connection to the clustered DFS server, but ~6 to the cluster host itself).
So, I'm completely at a loss here. Any recommendations?Hi,
This error usually occurs when one partner attempts to establish an RPC connection with another member, but is unable to.
You could refer to the thread below to troubleshoot the issue:
DFSR Event ID 5012 when other DFS folder working
https://social.technet.microsoft.com/Forums/en-US/9748cb08-858d-454e-93cd-233c98cb2ee8/dfsr-event-id-5012-when-other-dfs-folder-working?forum=winserverfiles
Best Regards,
Mandy
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Shared services registration failing during configuration of EPMA 11.1.1.3
Hi All, I am currently woking on essbase and no knowledge of planning so trying to upgrade my knowledge. I installed epma 11.1.1.3 on windows 2003 VMware work station as I have windows 7 laptop. installed oracle 10g created a database (epma) created user/schemas (sm,ms) trying to configure foundation services, essbase, planning and reporting and analysis. the configure database and register with shared services failed. Am I doing anything wrong. I followed some documents for configuration which are well documented with screen shots still do not know what wrong I am doing. Please advice on how to avoid these failures.
Below is the validation results of the configuration.
Thanks in advance.
Srinivas
Oracle EPM System
Diagnostic Reports
Generated on 3/3/12 11:05 PM
Validation run on srinivas
Validation tool info: 11.1.1.3.0 drop 9-0 build 3129 on 07/16/2009 01:24 PM
OS name: Windows 2003
OS version: 5.2
Test Status Service Test Description Duration
Hyperion Foundation
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
relationalStorageConfiguration: Configuration Failed
Recommended Action: Try to configure mentioned tasks 0 s
FAILED OPN: OpenLDAP Check if global roles number no less than 16
Error: $item.exception.localizedMessage
Recommended Action: 0 s
FAILED OPN: OpenLDAP Connection to OpenLDAP
Error: srinivas:28089
Recommended Action: Start open LDAP 1 s
ERP Integrator
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Essbase / Client
PASSED WR: Windows Registry Check if EQD excel addin registered for Essbase Client 0 s
Essbase / Essbase
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Recommended Action: Try to configure mentioned tasks 0 s
FAILED EAS: Essbase server Essbase Server startup check using Maxl command
Error: Result: Unable to connect Essbase Server using MAXL command. Please check that essbase server is running.
Recommended Action: Check Essbase Server is started. 0 s
FAILED SVR: Essbase Java API Launch external checker with next command: C:\Hyperion\common\validation\9.5.0.0\launchEssbaseJavaAPI.bat EssbaseJAPIConnect admin ****** srinivas http://srinivas:13080/aps/JAPI
Error: Result: -1; Error message: Cannot connect to olap service. Cannot connect to Essbase Server at srinivas. Timed out waiting to connect to the Essbase Agent/Server using TCP/IP. Check your network connections.
Recommended Action: Make sure external checker is working. 7 s
Essbase / Essbase Administration Services
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Essbase / Provider Services
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Recommended Action: Try to configure mentioned tasks 0 s
Essbase / Smart Search
PASSED CFG: Configuration Check whether all configuration tasks have been completed 0 s
Essbase / Studio
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Financial Data Quality Management
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Foundation / Calculation Manager
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Foundation / Performance Management Architect
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Foundation / Workspace
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
PASSED HTTP: Http Is file [C:\Hyperion\common\httpServers\Apache\2.0.59\bin\installhyperionapacheservice.err] empty 0 s
PASSED HTTP: Http Check string [LoadModule jk_module modules/mod_jk] in file[C:\Hyperion\common\httpServers\Apache\2.0.59\conf\httpd.conf] 0 s
PASSED REG: Registry All links are present in registry. 0 s
Performance Scorecard
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Planning
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
applicationServerDeployment: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Profitability and Cost Management
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Strategic Finance
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Financial Management
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Reporting and Analysis
PASSED CFG: Configuration Check whether all configuration tasks have been completed 0 s
FAILED SVR: Essbase Java API Launch external checker with next command: C:\Hyperion\common\validation\9.5.0.0\launchEssbaseJavaAPI.bat EssbaseJAPIConnect admin ****** srinivas http://srinivas:13080/aps/JAPI
Error: Result: -1; Error message: Cannot connect to olap service. Cannot connect to Essbase Server at srinivas. Timed out waiting to connect to the Essbase Agent/Server using TCP/IP. Check your network connections.
Recommended Action: Make sure external checker is working. 3 s
Test start time: 11:05:18 PM
Test end time: 11:05:40 PM
Total test duration: 21 sThanks to all for your suggestions. Below is the log I have checked at the first instance of failure after that resitering with shared services failed for every product. Is this something to do withis database connection? Please advise on how to resolve it.
Mar 6, 2012 10:48:54 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-28080
Mar 6, 2012 10:48:54 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 3531 ms
Mar 6, 2012 10:48:54 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Mar 6, 2012 10:48:54 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Hyperion Embedded Java Container/1.0.0
Mar 6, 2012 10:48:55 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
log dir isC:\Hyperion\logs\SharedServices9
urlManifest jar:file:/C:/Hyperion/deployments/Tomcat5/SharedServices9/webapps/interop/WEB-INF/lib/interop-mmc.jar!/META-INF/MANIFEST.MF
Shared Services Version: 11.1.1.3.24
Shared Services Drop Number: 6
Attempting to verify the database configuration
Attempting to verify the database configuration
Database configuration test passed.
06 Mar 2012 10:50:27 - org.apache.slide.common.Domain - INFO - Auto-Initializing Domain
06 Mar 2012 10:50:27 - org.apache.slide.common.Domain - INFO - Configuration found in classpath
06 Mar 2012 10:50:27 - org.apache.slide.common.Domain - INFO - Domain configuration : {org.apache.slide.lock=true, org.apache.slide.versioncontrol=true, org.apache.slide.debug=false, org.apache.slide.search=true, org.apache.slide.security=true, org.apache.slide.urlEncoding=UTF-8, org.apache.slide.domain=C:/Hyperion/deployments/Tomcat5/SharedServices9/config/Domain.xml}
configURL: file:///C:/Hyperion/deployments/Tomcat5/SharedServices9/config/CSS.xml
Done initialize: null
06 Mar 2012 10:50:35 - org.apache.slide.common.Domain - ERROR - Unable to migrate hub groups to css
connection pool registered:dbcpPool-org.apache.commons.pool.impl.GenericObjectPool@9b2a51
connection pool registered:dbcpPool-org.apache.commons.pool.impl.GenericObjectPool@2431b9
CMSOfflineServlet Initialized
2012-03-06 10:50:42,328 [main] ERROR com.hyperion.ces.utils.db.DBRegistryManager.<init>(DBRegistryManager.java:74) - Failed to get Registry Instance! DB Connection is not existing for SharedService. Check registry for SharedService.
2012-03-06 10:50:42,328 [main] ERROR com.hyperion.workflow.engine.server.repository.WfDomainStoreRdbms.initialize(WfDomainStoreRdbms.java:167) - java.lang.Exception: Failed to get Registry Instance! DB Connection is not existing for SharedService. Check registry for SharedService.
2012-03-06 10:50:42,328 [main] ERROR com.hyperion.workflow.engine.server.repository.WfDomainStoreRdbms.initialize(WfDomainStoreRdbms.java:167) - java.lang.Exception: Failed to get Registry Instance! DB Connection is not existing for SharedService. Check registry for SharedService.
2012-03-06 10:50:42,343 [main] ERROR com.hyperion.cesdsf.server.framework.DsfServer.init(DsfServer.java:51) - com.hyperion.workflow.engine.api.base.WfException: Failed to get Registry Instance! DB Connection is not existing for SharedService. Check registry for SharedService.
2012-03-06 10:50:42,390 [main] ERROR com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.wfx(WorkflowEngineServiceLocal.java:2584) - Cannot getUsers.
java.lang.NullPointerException
at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.getUsers(WorkflowEngineServiceLocal.java:780)
at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.getUserFromCES(WorkflowEngineServiceLocal.java:536)
at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.systemSignOn(WorkflowEngineServiceLocal.java:341)
at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.signOn(WorkflowEngineServiceLocal.java:387)
at com.hyperion.workflow.engine.api.base.WorkflowEngine.signOn(WorkflowEngine.java:80)
at com.hyperion.workflow.engine.api.base.WorkflowEngine.trustedSignOn(WorkflowEngine.java:94)
at com.hyperion.workflow.engine.api.base.WorkflowEngine.trustedSignOn(WorkflowEngine.java:90)
at com.hyperion.workflow.agent.TaskReceiver.init(TaskReceiver.java:34)
at javax.servlet.GenericServlet.init(GenericServlet.java:211)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3917)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4201)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:904)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:867)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
2012-03-06 10:50:42,390 [main] ERROR com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.wfx(WorkflowEngineServiceLocal.java:2584) - Cannot signOn.
com.hyperion.workflow.engine.api.base.WfException: Cannot getUsers.null
at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.wfx(WorkflowEngineServiceLocal.java:2593)
at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.getUsers(WorkflowEngineServiceLocal.java:782)
at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.getUserFromCES(WorkflowEngineServiceLocal.java:536)
at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.systemSignOn(WorkflowEngineServiceLocal.java:341)
at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.signOn(WorkflowEngineServiceLocal.java:387)
at com.hyperion.workflow.engine.api.base.WorkflowEngine.signOn(WorkflowEngine.java:80)
at com.hyperion.workflow.engine.api.base.WorkflowEngine.trustedSignOn(WorkflowEngine.java:94)
at com.hyperion.workflow.engine.api.base.WorkflowEngine.trustedSignOn(WorkflowEngine.java:90)
at com.hyperion.workflow.agent.TaskReceiver.init(TaskReceiver.java:34)
at javax.servlet.GenericServlet.init(GenericServlet.java:211)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3917)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4201)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:904)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:867)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
2012-03-06 10:50:42,390 [main] ERROR com.hyperion.workflow.agent.TaskReceiver.init(TaskReceiver.java:39) - Error Getting the workflowEngine Cannot signOn.Cannot getUsers.null
Mar 6, 2012 10:50:42 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-28080
Mar 6, 2012 10:50:43 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:28082
Mar 6, 2012 10:50:43 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/125 config=null
Mar 6, 2012 10:50:43 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 108250 ms -
SChannel Fails Authentication on Windows Server 2008 R2 Using TLS1
I am trying to use SChannel to secure a socket connection. I modified the example at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380537(v=vs.85).aspx, converting it from Negotiate to SChannel. Following the specs for the SSPI APIs I was able the get a Client & Server connection authenticated on Windows 7.
However, when I try running the same programs on Windows Server 2008 R2, either the Client side or Server side fails, depending on how I select the security protocol.
Here is the modified example code, details about my results follow the code.
Client.cpp
// Client-side program to establish an SSPI socket connection
// with a server and exchange messages.
// Define macros and constants.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "SspiExample.h"
#include <string>
#include <iostream>
CredHandle g_hCred;
SecHandle g_hCtext;
#define SSPI_CLIENT "SChannelClient:" __FUNCTION__
void main(int argc, char * argv[])
SOCKET Client_Socket;
BYTE Data[BIG_BUFF];
PCHAR pMessage;
WSADATA wsaData;
SECURITY_STATUS ss;
DWORD cbRead;
ULONG cbHeader;
ULONG cbMaxMessage;
ULONG cbTrailer;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
SecPkgContext_ConnectionInfo ConnectionInfo;
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName);
char Server[512] = {0};
WCHAR CertName[512] = {0};
// Validate cmd line parameters
if ( argc != 3 )
LOGA ( ( __log_buf, SSPI_CLIENT " required parameters ServerName & CertName not entered.\n"));
LOGA( ( __log_buf, SSPI_CLIENT " Abort and start over with required parameters.\n") );
std::cin.get();
else
// argv[1] - ServerName - the name of the computer running the server sample.
// argv[2] - TargetName the common name of the certificate provided
// by the target server program.
memcpy(Server, argv[1], strlen(argv[1]));
size_t sizCN;
mbstowcs_s(&sizCN, CertName, strlen(argv[2])+1, argv[2], _TRUNCATE);
LOGA ( ( __log_buf, SSPI_CLIENT " input parameters - ServerName %s CertName %ls.\n", Server, CertName ));
// Initialize the socket and the SSP security package.
if(WSAStartup (0x0101, &wsaData))
MyHandleError( __FUNCTION__ " Could not initialize winsock ");
// Connect to a server.
SecInvalidateHandle( &g_hCtext );
if (!ConnectAuthSocket (
&Client_Socket,
&g_hCred,
&g_hCtext,
Server,
CertName))
MyHandleError( __FUNCTION__ " Authenticated server connection ");
LOGA ( ( __log_buf, SSPI_CLIENT " connection authenticated.\n"));
// An authenticated session with a server has been established.
// Receive and manage a message from the server.
// First, find and display the name of the SSP,
// the transport protocol supported by the SSP,
// and the size of the header, maximum message, and
// trailer blocks for this SSP.
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT "QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " QueryContextAttributes failed.\n");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
cbHeader = SecPkgSizes.cbHeader;
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_CLIENT " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_CONNECTION_INFO,
&ConnectionInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
switch(ConnectionInfo.dwProtocol)
case SP_PROT_TLS1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: TLS1\n"));
break;
case SP_PROT_SSL3_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL3\n"));
break;
case SP_PROT_PCT1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: PCT\n"));
break;
case SP_PROT_SSL2_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL2\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Protocol: 0x%x\n", ConnectionInfo.dwProtocol));
switch(ConnectionInfo.aiCipher)
case CALG_RC4:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC4\n");)
break;
case CALG_3DES:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Triple DES\n"));
break;
case CALG_RC2:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC2\n"));
break;
case CALG_DES:
case CALG_CYLINK_MEK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: DES\n"));
break;
case CALG_SKIPJACK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Skipjack\n"));
break;
case CALG_AES_256:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: AES 256\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Cipher: 0x%x\n", ConnectionInfo.aiCipher));
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher strength: %d\n", ConnectionInfo.dwCipherStrength));
switch(ConnectionInfo.aiHash)
case CALG_MD5:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: MD5\n"));
break;
case CALG_SHA:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: SHA\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Hash: 0x%x\n", ConnectionInfo.aiHash));
LOGA ( ( __log_buf, SSPI_CLIENT " Hash strength: %d\n", ConnectionInfo.dwHashStrength));
switch(ConnectionInfo.aiExch)
case CALG_RSA_KEYX:
case CALG_RSA_SIGN:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: RSA\n"));
break;
case CALG_KEA_KEYX:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: KEA\n"));
break;
case CALG_DH_EPHEM:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: DH Ephemeral\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Key exchange: 0x%x\n", ConnectionInfo.aiExch));
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange strength: %d\n", ConnectionInfo.dwExchStrength));
// Decrypt and display the message from the server.
if (!ReceiveBytes(
Client_Socket,
Data,
BIG_BUFF,
&cbRead))
MyHandleError( __FUNCTION__ " No response from server\n");
if (0 == cbRead)
MyHandleError(__FUNCTION__ " Zero bytes received.\n");
pMessage = (PCHAR) DecryptThis(
Data,
&cbRead,
&g_hCtext);
// Skip the header to get the decrypted message
pMessage += cbHeader;
ULONG cbMessage = cbRead-cbHeader-cbTrailer;
if ((cbMessage == strlen(TEST_MSG)) &&
!strncmp(pMessage, TEST_MSG, strlen(TEST_MSG)) )
LOGA ( ( __log_buf, SSPI_CLIENT " SUCCESS!! The message from the server is \n -> %.*s \n",
cbMessage, pMessage ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " UNEXPECTED message from the server: \n -> %.*s \n",
cbMessage, pMessage ));
LOGA ( ( __log_buf, SSPI_CLIENT " rcvd msg size %u, exp size %u\n", cbMessage, strlen(TEST_MSG) ));
// Terminate socket and security package.
DeleteSecurityContext (&g_hCtext);
FreeCredentialHandle (&g_hCred);
shutdown (Client_Socket, 2);
closesocket (Client_Socket);
if (SOCKET_ERROR == WSACleanup ())
MyHandleError( __FUNCTION__ " Problem with socket cleanup ");
exit (EXIT_SUCCESS);
} // end main
// ConnectAuthSocket establishes an authenticated socket connection
// with a server and initializes needed security package resources.
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *g_hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName)
unsigned long ulAddress;
struct hostent *pHost;
SOCKADDR_IN sin;
// Lookup the server's address.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n"));
ulAddress = inet_addr (pServer);
if (INADDR_NONE == ulAddress)
LOGA ( ( __log_buf, SSPI_CLIENT " calling gethostbyname with %s.\n", pServer ));
pHost = gethostbyname (pServer);
if (NULL == pHost)
MyHandleError(__FUNCTION__ " Unable to resolve host name ");
memcpy((char FAR *)&ulAddress, pHost->h_addr, pHost->h_length);
std::string ipAddrStr;
ipAddrStr = inet_ntoa( *(struct in_addr*)*pHost->h_addr_list);
LOGA ( ( __log_buf, __FUNCTION__ " gethostbyname - ipAddress %s, name %s.\n", ipAddrStr.c_str(), pHost->h_name ) );
// Create the socket.
*s = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == *s)
MyHandleError(__FUNCTION__ " Unable to create socket");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Socket created.\n"));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = ulAddress;
sin.sin_port = htons (g_usPort);
// Connect to the server.
if (connect (*s, (LPSOCKADDR) &sin, sizeof (sin)))
closesocket (*s);
MyHandleError( __FUNCTION__ " Connect failed ");
LOGA ( ( __log_buf, SSPI_CLIENT " Connection established.\n"));
// Authenticate the connection.
if (!DoAuthentication (*s, pCertName))
closesocket (*s);
MyHandleError( __FUNCTION__ " Authentication ");
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n"));
return(TRUE);
} // end ConnectAuthSocket
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName)
BOOL fDone = FALSE;
DWORD cbOut = 0;
DWORD cbIn = 0;
PBYTE pInBuf;
PBYTE pOutBuf;
if(!(pInBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
if(!(pOutBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " 1st message.\n"));
if (!GenClientContext (
NULL,
0,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext
LOGA ( ( __log_buf, SSPI_CLIENT " GenClientContext failed\n"));
return(FALSE);
if (!SendMsg (s, pOutBuf, cbOut ))
MyHandleError(__FUNCTION__ " Send message failed ");
while (!fDone)
if (!ReceiveMsg (
s,
pInBuf,
MAXMESSAGE,
&cbIn))
MyHandleError( __FUNCTION__ " Receive message failed ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " Message loop.\n"));
if (!GenClientContext (
pInBuf,
cbIn,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext))
MyHandleError( __FUNCTION__ " GenClientContext failed");
if (!SendMsg (
s,
pOutBuf,
cbOut))
MyHandleError( __FUNCTION__ " Send message failed");
LOGA ( ( __log_buf, SSPI_CLIENT " fDone %s.\n", fDone ? "Yes" : "No" ));
if (NULL != pInBuf)
free(pInBuf);
pInBuf = NULL;
if (NULL != pOutBuf)
free(pOutBuf);
pOutBuf = NULL;
LOGA ( ( __log_buf, SSPI_CLIENT " exit.\n"));
return(TRUE);
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *g_hCred,
struct _SecHandle *g_hCtext)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff[2];
ULONG ContextAttributes;
static TCHAR lpPackageName[1024];
if( NULL == pIn )
wcscpy_s(lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME );
ss = AcquireCredentialsHandle (
NULL,
lpPackageName,
SECPKG_CRED_OUTBOUND,
NULL,
NULL,
NULL,
NULL,
g_hCred,
&Lifetime);
if (!(SEC_SUCCESS (ss)))
MyHandleError( __FUNCTION__ " AcquireCreds failed ");
// Prepare the buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// The input buffer is created only if a message has been received
// from the server.
if (pIn)
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with pIn supplied.\n"));
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = InSecBuff;
InSecBuff[0].cbBuffer = cbIn;
InSecBuff[0].BufferType = SECBUFFER_TOKEN;
InSecBuff[0].pvBuffer = pIn;
InSecBuff[1].pvBuffer = NULL;
InSecBuff[1].cbBuffer = 0;
InSecBuff[1].BufferType = SECBUFFER_EMPTY;
ss = InitializeSecurityContext (
g_hCred,
g_hCtext,
pCertName,
MessageAttribute,
0,
0,
&InBuffDesc,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
else
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with NULL pIn.\n"));
ss = InitializeSecurityContext (
g_hCred,
NULL,
pCertName,
MessageAttribute,
0,
0,
NULL,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext failed with error 0x%08x\n", ss));
MyHandleError ( __FUNCTION__ " InitializeSecurityContext failed " );
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext returned 0x%08x\n", ss));
// If necessary, complete the token.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (g_hCtext, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " complete failed: 0x%08x\n", ss));
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss) ||
(SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_CLIENT " Token buffer generated (%lu bytes):\n", OutSecBuff.cbBuffer));
PrintHexDump (OutSecBuff.cbBuffer, (PBYTE)OutSecBuff.pvBuffer);
return TRUE;
PBYTE DecryptThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// By agreement, the server encrypted the message and set the size
// of the trailer block to be just what it needed. DecryptMessage
// needs the size of the trailer block.
// The size of the trailer is in the first DWORD of the
// message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before decryption including trailer (%lu bytes):\n",
*pcbMessage));
PrintHexDump (*pcbMessage, (PBYTE) pBuffer);
// Prepare the buffers to be passed to the DecryptMessage function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = *pcbMessage;
SecBuff[0].BufferType = SECBUFFER_DATA;
SecBuff[0].pvBuffer = pBuffer;
SecBuff[1].cbBuffer = 0;
SecBuff[1].BufferType = SECBUFFER_EMPTY;
SecBuff[1].pvBuffer = NULL;
SecBuff[2].cbBuffer = 0;
SecBuff[2].BufferType = SECBUFFER_EMPTY;
SecBuff[2].pvBuffer = NULL;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = DecryptMessage(
hCtxt,
&BuffDesc,
0,
&ulQop);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage failed with error 0x%08x\n", ss))
else
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage success? Status: 0x%08x\n", ss));
// Return a pointer to the decrypted data. The trailer data
// is discarded.
return pBuffer;
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[2];
ULONG ulQop = 0;
PBYTE pSigBuffer;
PBYTE pDataBuffer;
// The global cbMaxSignature is the size of the signature
// in the message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before verifying (including signature):\n"));
PrintHexDump (*pcbMessage, pBuffer);
// By agreement with the server,
// the signature is at the beginning of the message received,
// and the data that was signed comes after the signature.
pSigBuffer = pBuffer;
pDataBuffer = pBuffer + cbMaxSignature;
// The size of the message is reset to the size of the data only.
*pcbMessage = *pcbMessage - (cbMaxSignature);
// Prepare the buffers to be passed to the signature verification
// function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 2;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = cbMaxSignature;
SecBuff[0].BufferType = SECBUFFER_TOKEN;
SecBuff[0].pvBuffer = pSigBuffer;
SecBuff[1].cbBuffer = *pcbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pDataBuffer;
ss = VerifySignature(
hCtxt,
&BuffDesc,
0,
&ulQop
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " VerifyMessage failed with error 0x%08x\n", ss));
else
LOGA ( ( __log_buf, SSPI_CLIENT " Message was properly signed.\n"));
return pDataBuffer;
} // end VerifyThis
void PrintHexDump(
DWORD length,
PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_CLIENT " %s\n", rgbLine));
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes\n", cbBuf ));
if (!SendBytes (s, (PBYTE)&cbBuf, sizeof (cbBuf)))
LOGA ( ( __log_buf, SSPI_CLIENT " size failed.\n" ) );
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
LOGA ( ( __log_buf, SSPI_CLIENT " body failed.\n" ) );
return(FALSE);
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return(TRUE);
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
// Receive the number of bytes in the message.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n" ));
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " failed: size of cbData %lu, bytes %lu\n", sizeof (cbData), cbRead));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
return(FALSE);
if (cbRead != cbData)
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMessage
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent;
int cbRemaining = cbBuf;
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes.\n", cbRemaining ));
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_CLIENT " send failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
pTemp += cbSent;
cbRemaining -= cbSent;
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return TRUE;
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_CLIENT " Entry: %lu bytes.\n", cbRemaining ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes remaining.\n", cbRemaining ));
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " recv failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n" ));
return TRUE;
} // end ReceiveBytes
void MyHandleError(char *s)
DWORD err = GetLastError();
if (err)
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (0x%08.8X). Exiting.\n",s, err ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (no error info). Exiting.\n",s ));
exit (EXIT_FAILURE);
Server.cpp
// This is a server-side SSPI Windows Sockets program.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "Sspiexample.h"
#include <iostream>
CredHandle g_hcred;
struct _SecHandle g_hctxt;
static PBYTE g_pInBuf = NULL;
static PBYTE g_pOutBuf = NULL;
static DWORD g_cbMaxMessage;
static TCHAR g_lpPackageName[1024];
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb );
#define SSPI_SERVER "SChannelServer:" __FUNCTION__
void main (int argc, char * argv[])
CHAR pMessage[200];
DWORD cbMessage;
PBYTE pDataToClient = NULL;
DWORD cbDataToClient = 0;
PWCHAR pUserName = NULL;
DWORD cbUserName = 0;
SOCKET Server_Socket;
WSADATA wsaData;
SECURITY_STATUS ss;
PSecPkgInfo pkgInfo;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
ULONG cbMaxMessage;
ULONG cbHeader;
ULONG cbTrailer;
std::string certThumb;
// Create a certificate if no thumbprint is supplied. Otherwise, use the provided
// thumbprint to find the certificate.
if ( (argc > 1) && (strlen( argv[1]) > 0) )
certThumb.assign(argv[1]);
else
LOGA( ( __log_buf, SSPI_SERVER " : No certificate thumbprint supplied.\n") );
LOGA( ( __log_buf, SSPI_SERVER " : Press ENTER to create a certificate, or abort and start over with a thumbprint.\n") );
std::cin.get();
certThumb.clear();
Insert code to find or create X.509 certificate.
// Set the default package to SChannel.
wcscpy_s(g_lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME);
// Initialize the socket interface and the security package.
if( WSAStartup (0x0101, &wsaData))
LOGA ( ( __log_buf, SSPI_SERVER " Could not initialize winsock: \n") );
cleanup();
ss = QuerySecurityPackageInfo (
g_lpPackageName,
&pkgInfo);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " Could not query package info for %s, error 0x%08x\n",
g_lpPackageName, ss) );
cleanup();
g_cbMaxMessage = pkgInfo->cbMaxToken;
FreeContextBuffer(pkgInfo);
g_pInBuf = (PBYTE) malloc (g_cbMaxMessage);
g_pOutBuf = (PBYTE) malloc (g_cbMaxMessage);
if (NULL == g_pInBuf || NULL == g_pOutBuf)
LOGA ( ( __log_buf, SSPI_SERVER " Memory allocation error.\n"));
cleanup();
// Start looping for clients.
while(TRUE)
LOGA ( ( __log_buf, SSPI_SERVER " Waiting for client to connect...\n"));
// Make an authenticated connection with client.
if (!AcceptAuthSocket (&Server_Socket, certThumb ))
LOGA ( ( __log_buf, SSPI_SERVER " Could not authenticate the socket.\n"));
cleanup();
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
// The following values are used for encryption and signing.
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbHeader = SecPkgSizes.cbHeader;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_SERVER " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
else
LOGA ( ( __log_buf, SSPI_SERVER " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
// Send the client an encrypted message.
strcpy_s(pMessage, sizeof(pMessage),
TEST_MSG);
cbMessage = (DWORD)strlen(pMessage);
EncryptThis (
(PBYTE) pMessage,
cbMessage,
&pDataToClient,
&cbDataToClient,
cbHeader,
cbTrailer);
// Send the encrypted data to client.
if (!SendBytes(
Server_Socket,
pDataToClient,
cbDataToClient))
LOGA ( ( __log_buf, SSPI_SERVER " send message failed. \n"));
cleanup();
LOGA ( ( __log_buf, SSPI_SERVER " %d encrypted bytes sent. \n", cbDataToClient));
if (Server_Socket)
DeleteSecurityContext (&g_hctxt);
FreeCredentialHandle (&g_hcred);
shutdown (Server_Socket, 2) ;
closesocket (Server_Socket);
Server_Socket = 0;
if (pUserName)
free (pUserName);
pUserName = NULL;
cbUserName = 0;
if(pDataToClient)
free (pDataToClient);
pDataToClient = NULL;
cbDataToClient = 0;
} // end while loop
LOGA ( ( __log_buf, SSPI_SERVER " Server ran to completion without error.\n"));
cleanup();
} // end main
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb )
SOCKET sockListen;
SOCKET sockClient;
SOCKADDR_IN sockIn;
// Create listening socket.
sockListen = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == sockListen)
LOGA ( ( __log_buf, SSPI_SERVER " Failed to create socket: %u\n", GetLastError ()));
return(FALSE);
// Bind to local port.
sockIn.sin_family = AF_INET;
sockIn.sin_addr.s_addr = 0;
sockIn.sin_port = htons(usPort);
if (SOCKET_ERROR == bind (
sockListen,
(LPSOCKADDR) &sockIn,
sizeof (sockIn)))
LOGA ( ( __log_buf, SSPI_SERVER " bind failed: %u\n", GetLastError ()));
return(FALSE);
// Listen for client.
if (SOCKET_ERROR == listen (sockListen, 1))
LOGA ( ( __log_buf, SSPI_SERVER " Listen failed: %u\n", GetLastError ()));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " Listening ! \n"));
// Accept client.
sockClient = accept (
sockListen,
NULL,
NULL);
if (INVALID_SOCKET == sockClient)
LOGA ( ( __log_buf, SSPI_SERVER " accept failed: %u\n",GetLastError() ) );
return(FALSE);
closesocket (sockListen);
*ServerSocket = sockClient;
return(DoAuthentication (sockClient, certThumb ));
} // end AcceptAuthSocket
BOOL DoAuthentication (SOCKET AuthSocket, std::string certThumb )
SECURITY_STATUS ss;
DWORD cbIn, cbOut;
BOOL done = FALSE;
TimeStamp Lifetime;
BOOL fNewConversation;
fNewConversation = TRUE;
PCCERT_CONTEXT pCertCtxt;
Insert code to retrieve pCertCtxt
// Build SCHANNEL_CRED structure to hold CERT_CONTEXT for call to AcquireCredentialsHandle
SCHANNEL_CRED credSchannel = {0};
credSchannel.dwVersion = SCHANNEL_CRED_VERSION;
credSchannel.grbitEnabledProtocols = SP_PROT_SSL2_SERVER | SP_PROT_TLS1_SERVER;
credSchannel.cCreds = 1;
credSchannel.paCred = &pCertCtxt;
ss = AcquireCredentialsHandle (
NULL, //pszPrincipal
g_lpPackageName, //pszPackage
SECPKG_CRED_INBOUND, //fCredentialuse
NULL, //pvLogonID
&credSchannel, //pAuthData - need SCHANNEL_CRED structure that indicates the protocol to use and the settings for various customizable channel features.
NULL, //pGetKeyFn
NULL, //pvGetKeyArgument
&g_hcred, //phCredential
&Lifetime); //ptsExpiry
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcquireCreds failed: 0x%08x\n", ss));
return(FALSE);
while(!done)
if (!ReceiveMsg (
AuthSocket,
g_pInBuf,
g_cbMaxMessage,
&cbIn))
return(FALSE);
cbOut = g_cbMaxMessage;
if (!GenServerContext (
g_pInBuf,
cbIn,
g_pOutBuf,
&cbOut,
&done,
fNewConversation))
LOGA ( ( __log_buf, SSPI_SERVER " GenServerContext failed.\n"));
return(FALSE);
fNewConversation = FALSE;
if (!SendMsg (
AuthSocket,
g_pOutBuf,
cbOut))
LOGA ( ( __log_buf, SSPI_SERVER " Send message failed.\n"));
return(FALSE);
return(TRUE);
} // end DoAuthentication
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewConversation)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff;
ULONG Attribs = 0;
// Prepare output buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// Prepare input buffers.
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = &InSecBuff;
InSecBuff.cbBuffer = cbIn;
InSecBuff.BufferType = SECBUFFER_TOKEN;
InSecBuff.pvBuffer = pIn;
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer received (%lu bytes):\n", InSecBuff.cbBuffer));
PrintHexDump (InSecBuff.cbBuffer, (PBYTE)InSecBuff.pvBuffer);
ss = AcceptSecurityContext (
&g_hcred,
fNewConversation ? NULL : &g_hctxt,
&InBuffDesc,
Attribs,
SECURITY_NATIVE_DREP,
&g_hctxt,
&OutBuffDesc,
&Attribs,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
// Complete token if applicable.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (&g_hctxt, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " complete failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
// fNewConversation equals FALSE.
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer generated (%lu bytes):\n",
OutSecBuff.cbBuffer));
PrintHexDump (
OutSecBuff.cbBuffer,
(PBYTE)OutSecBuff.pvBuffer);
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext result = 0x%08x\n", ss));
return TRUE;
} // end GenServerContext
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
ULONG * pcbOutput,
ULONG cbHeader,
ULONG cbTrailer)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// The size of the trailer (signature + padding) block is
// determined from the global cbSecurityTrailer.
LOGA ( ( __log_buf, SSPI_SERVER " Data before encryption: %s\n", pMessage));
LOGA ( ( __log_buf, SSPI_SERVER " Length of data before encryption: %d \n",cbMessage));
// Prepare buffers.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
PBYTE pHeader;
pHeader = (PBYTE) malloc (cbHeader);
SecBuff[0].cbBuffer = cbHeader;
SecBuff[0].BufferType = SECBUFFER_STREAM_HEADER;
SecBuff[0].pvBuffer = pHeader;
SecBuff[1].cbBuffer = cbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pMessage;
PBYTE pTrailer;
pTrailer = (PBYTE) malloc (cbTrailer);
SecBuff[2].cbBuffer = cbTrailer;
SecBuff[2].BufferType = SECBUFFER_STREAM_TRAILER;
SecBuff[2].pvBuffer = pTrailer;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = EncryptMessage(
&g_hctxt,
ulQop,
&BuffDesc,
0);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " EncryptMessage failed: 0x%08x\n", ss));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " The message has been encrypted. \n"));
// Allocate a buffer to hold the encrypted data constructed from the 3 buffers.
*pcbOutput = cbHeader + cbMessage + cbTrailer;
* ppOutput = (PBYTE) malloc (*pcbOutput);
memset (*ppOutput, 0, *pcbOutput);
memcpy (*ppOutput, pHeader, cbHeader);
memcpy (*ppOutput + cbHeader, pMessage, cbMessage);
memcpy (*ppOutput + cbHeader + cbMessage, pTrailer, cbTrailer);
LOGA ( ( __log_buf, SSPI_SERVER " data after encryption including trailer (%lu bytes):\n",
*pcbOutput));
PrintHexDump (*pcbOutput, *ppOutput);
return TRUE;
} // end EncryptThis
void PrintHexDump(DWORD length, PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_SERVER " %s\n", rgbLine));
} // end PrintHexDump
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
if (!SendBytes (
s,
(PBYTE)&cbBuf,
sizeof (cbBuf)))
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
return(FALSE);
return(TRUE);
} // end SendMsg
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
// Retrieve the number of bytes in the message.
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed retrieving byte count.\n", cbBuf ));
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer size (%lu) differs from reported size (%lu)\n", sizeof(cbData), cbRead ));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed.\n", cbBuf ));
return(FALSE);
if (cbRead != cbData)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer bytes (%lu) differs from reported bytes (%lu)\n", cbData, cbRead ));
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMsg
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_SERVER " send failed: %u\n", GetLastError ()));
return FALSE;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes sent\n", cbSent ));
pTemp += cbSent;
cbRemaining -= cbSent;
return TRUE;
} // end SendBytes
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " recv failed: %u\n", GetLastError () ) );
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
return TRUE;
} // end ReceivesBytes
void cleanup()
if (g_pInBuf)
free (g_pInBuf);
g_pInBuf = NULL;
if (g_pOutBuf)
free (g_pOutBuf);
g_pOutBuf = NULL;
WSACleanup ();
exit(0);
SspiExample.h
// SspiExample.h
#include <schnlsp.h>
#include <sspi.h>
#include <windows.h>
#include <string>
BOOL SendMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
BOOL SendBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
void cleanup();
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *hCred,
PSecHandle phCtext
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewCredential
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput,
ULONG cbHeader,
ULONG cbTrailer
PBYTE DecryptThis(
PBYTE achData,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt
BOOL
SignThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature
void PrintHexDump(DWORD length, PBYTE buffer);
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName
BOOL CloseAuthSocket (SOCKET s);
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName );
BOOL DoAuthentication (SOCKET s, std::string certThumb );
void MyHandleError(char *s);
#define DBG_SIZE 1024
int OutputDebug( char buff[DBG_SIZE] )
int retval;
char debugstring[DBG_SIZE+32];
retval = _snprintf_s( debugstring, DBG_SIZE+32, _TRUNCATE, " %s", buff );
OutputDebugStringA( debugstring );
return retval;
int DbgBufCopy( char *buff, const char *format, ...)
int iLen;
va_list args;
/// Call va_start to start the variable list
va_start(args, format);
/// Call _vsnprintf_s to copy debug information to the buffer
iLen = _vsnprintf_s(buff, DBG_SIZE, _TRUNCATE, format, args);
/// Call va_end to end the variable list
va_end(args);
return iLen;
#define LOGA(_format_and_args_)\
{ char __log_buf[DBG_SIZE];\
DbgBufCopy _format_and_args_;\
printf("%s", __log_buf );\
OutputDebug(__log_buf);\
#define TEST_MSG "This is your server speaking"
My initial attempt built an SCHANNEL_CRED structure following the documentation to set
grbitEnabledProtocols to 0, and let SChannel select the protocol. This worked on Windows 7, selecting TLS1. When I ran the same exe-s on 2008 R2, the Client program failed, with InitializeSecurityContext returning SEC_E_DECRYPT_FAILURE.
The failure occurred on the 2nd call, using phNewContext returned on the first call.
My next attempt set grbitEnabledProtocols to SP_PROT_TLS1_SERVER. This also worked on Win 7, but 2008R2 failed again, this time on the Server side. AcceptSecurityContext failed, returning SEC_E_ALGORITHM_MISMATCH.
TLS is a requirement for my project, but to try getting the sample to run, I next set grbitEnabledProtocols to SP_PROT_SSL2_SERVER. This did work for 2008R2, selecting SSL2, but now the Server failed on Win7 with AcceptSecurityContext returning
SEC_E_ALGORITHM_MISMATCH.
My final try was to set grbitEnabledProtocols to SP_PROT_TLS1_SERVER | SP_PROT_SSL2_SERVER, but that failed identically to the first case, with the Client on 2008R2 returning SEC_E_DECRYPT_FAILURE.
So my question is - What is required to get SChannel to select TLS regardless of the Windows version on which the programs are running?Thank you for the reference. That did provide the information I needed to get TLS working. However, the documentation is not accurate with regard to setting the registry keys and values.
The tables all show DisabledByDefault as a subkey under the protocol. They also describe a DWORD value, Enabled, as the mechanism to enable/disable a protocol.
What I found is DisabledByDefault is a DWORD value under Client/Server and it appears to be the determining factor to whether a protocol is enabled/disabled.
The only way I was able to get TLS 1.1 working is with the following path present:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
Under Client, I must have DisabledByDefault set to 0. With that, the Enabled value does not need to be present.
This held true for any level of TLS.
I also found the setting of grbitEnabledProtocols in the SCHANNEL_CRED structure to be misleading. From the description at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx, I thought my Server program could set this field to 0, and SChannel would select the protocol as directed by the registry. What I found is that the structure flag must
agree with the registry setting for TLS to work. That is with the resgistry key above for TLS 1.1, I must set grbitEnabledProtocols to SP_PROT_TLS1_1.
Can you confirm the relationship between the SCHANNEL_CRED contents and registry state? -
SQL Server Service won't start on SQL Server 2008
Hi everyone,
I'm having trouble starting SQL Server service after stopping and starting the service. Before this happened, I created a Stored Procedure for marking all tables at once along with a maintenance plan for differential backup on all my databases based on the
recommendation from this link, http://msdn.microsoft.com/en-us/library/ms253070.aspx.
When I realized that the differential backup failed with some databases displaying (Restoring...) post-fix to the database name, I decided to stop SQL Server service and start it up. That is when I won't be able to start the service again.
Is there a fix for starting the SQL Server service? Any help is very much appreciated.
Additional information:
- With administrator permission granted.
- Service Pack 1 for SQL Server 2008 installed.
- Using default database instance.
- Tried C:\Program Files\Microsoft SQL Server\MSSQL.....\Binn>net start MSSQLSERVER /T3608 ( return msg: System error 5 has occurred. Access is denied.
- When I start SQL Server service, I keep getting this dialog msg:
"Windowns could not start the SQL Server (MSSQLSERVER) on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 1814."
The event log does not explain or provide any hint on how to fix the problem.
- Log msg:
2010-07-22 10:30:25.09 Server (c) 2005 Microsoft Corporation.
2010-07-22 10:30:25.09 Server All rights reserved.
2010-07-22 10:30:25.09 Server Server process ID is 6076.
2010-07-22 10:30:25.10 Server Authentication mode is MIXED.
2010-07-22 10:30:25.10 Server Logging SQL Server messages in file 'C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log\ERRORLOG'.
2010-07-22 10:30:25.11 Server This instance of SQL Server last reported using a process ID of 5708 at 7/21/2010 3:27:01 PM (local) 7/21/2010 10:27:01 PM (UTC). This is an informational message only; no user action is required.
2010-07-22 10:30:25.11 Server Registry startup parameters:
-d C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\master.mdf
-e C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log\ERRORLOG
-l C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\mastlog.ldf
2010-07-22 10:30:25.14 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
2010-07-22 10:30:25.14 Server Detected 4 CPUs. This is an informational message; no user action is required.
2010-07-22 10:30:25.23 Server Using locked pages for buffer pool.
2010-07-22 10:30:25.43 Server Using dynamic lock allocation. Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node. This is an informational message only. No user action is required.
2010-07-22 10:30:25.73 Server Node configuration: node 0: CPU mask: 0x000000000000000f Active CPU mask: 0x000000000000000f. This message provides a description of the NUMA configuration for this computer. This is an informational
message only. No user action is required.
2010-07-22 10:30:25.81 spid7s Starting up database 'master'.
2010-07-22 10:30:26.14 spid7s CHECKDB for database 'master' finished without errors on 2010-07-19 21:15:02.823 (local time). This is an informational message only; no user action is required.
2010-07-22 10:30:26.18 spid7s Resource governor reconfiguration succeeded.
2010-07-22 10:30:26.18 spid7s SQL Server Audit is starting the audits. This is an informational message. No user action is required.
2010-07-22 10:30:26.18 spid7s SQL Server Audit has started the audits. This is an informational message. No user action is required.
2010-07-22 10:30:26.19 spid7s FILESTREAM: effective level = 0, configured level = 0, file system access share name = 'MSSQLSERVER'.
2010-07-22 10:30:26.28 spid7s SQL Trace ID 1 was started by login "sa".
2010-07-22 10:30:26.29 spid7s Starting up database 'mssqlsystemresource'.
2010-07-22 10:30:26.31 spid7s The resource database build version is 10.00.2531. This is an informational message only. No user action is required.
2010-07-22 10:30:26.43 spid10s Starting up database 'model'.
2010-07-22 10:30:26.43 spid7s Server name is 'XXXXXXXXXXXXXX'. This is an informational message only. No user action is required.
2010-07-22 10:30:26.47 spid10s The database 'model' is marked RESTORING and is in a state that does not allow recovery to be run.
2010-07-22 10:30:26.47 spid10s Error: 927, Severity: 14, State: 2.
2010-07-22 10:30:26.47 spid10s Database 'model' cannot be opened. It is in the middle of a restore.
2010-07-22 10:30:26.59 spid10s Could not create tempdb. You may not have enough disk space available. Free additional disk space by deleting other files on the tempdb drive and then restart SQL Server. Check for additional errors in
the event log that may indicate why the tempdb files could not be initialized.
2010-07-22 10:30:26.59 spid10s SQL Trace was stopped due to server shutdown. Trace ID = '1'. This is an informational message only; no user action is required.Hello,
Could you please copy the model.mdf and modellog.ldf from
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\Templates
To
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA
Rebuilding the system databases you will lose lose logins, jobs, SSIS packages. You may have to restore or attach user databases.
Hope this helps.
Regards,
Alberto Morillo
SQLCoffee.com -
The unattended installation failed while installing SQL Server 2008 R2 ????
Hi gurus,
I got an error while installing SQL Server 2008 R2 in Windows 2008 R2 standard 64 bit operating system.
LOG file*
Customized installation of SQL Server 2008R2 for SAP *
Detailed results:
Feature: Database Engine Services
Status: Failed: see logs for details
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SqlBrowser_Cpu32_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_common_core_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SqlWriter_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_tools_Cpu64_1.log
MSI error description:
Configuration status: Passed
Feature: Full-Text Search
Status: Failed: see logs for details
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SqlBrowser_Cpu32_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_common_core_Cpu64_1.log
MSI error description:
Configuration status: Passed
Feature: Client Tools Connectivity
Status: Failed: see logs for details
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_common_core_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_tools_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SqlBrowser_Cpu32_1.log
MSI error description:
Configuration status: Passed
Feature: Management Tools - Complete
Status: Failed: see logs for details
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_common_core_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_tools_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SqlBrowser_Cpu32_1.log
MSI error description:
Configuration status: Passed
Feature: Management Tools - Basic
Status: Failed: see logs for details
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_common_core_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SqlBrowser_Cpu32_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_tools_Cpu64_1.log
MSI error description:
Configuration status: Passed
Feature: Client Tools SDK
Status: Failed: see logs for details
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_tools_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SqlBrowser_Cpu32_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_common_core_Cpu64_1.log
MSI error description:
Configuration status: Passed
Feature: Client Tools Backwards Compatibility
Status: Failed: see logs for details
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_common_core_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_tools_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SqlBrowser_Cpu32_1.log
MSI error description:
Configuration status: Passed
Feature: Business Intelligence Development Studio
Status: Failed: see logs for details
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_common_core_Cpu64_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SqlBrowser_Cpu32_1.log
MSI error description:
MSI status: Failed: see details below
MSI error code: 0x1639
MSI log file location: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\sql_tools_Cpu64_1.log
MSI error description:
Configuration status: Passed
Rules with failures:
Global rules:
Scenario specific rules:
Rules report file: C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120116_221104\SystemConfigurationCheck_Report.htm
1/16/2012 10:13:34 PM
Message Box "Installation failed"
The unattended installation failed.
Installation Step: The unattended installation failed.
Return Code: -2068052377
Log File: C:\Windows\SQL4SAP.log
Check the log file above.
See SAP note 1144459 for known issues.
Result: vbOK
Registry settings (2/2):
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{3d06c673-5e8a-41c0-b47f-3c3ca0a22e67}
WRITE(REG_DWORD): 4
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{2b9034f3-b661-4d36-a5ef-60ab5a711ace}
WRITE(REG_DWORD): 4
1/16/2012 10:37:32 PM
Quit script with return code 1
Please help me out with this issue.
REGARDS,
RajHello Raj,
MS SQL DB installation specific steps for SAP system is clearly documented in SAP Installation guide. Please download from SMP, read it carefully and install as mentioned in the guide.
Hope it helps.
Thanks,
Siva Kumar -
Software Updates failed to installed on Server 2008 R2
Hello All,
I have performed deployment of around 89 software updates on Windows Server 2008 Citrix Terminal Server. However, out of them only 1 of them got installed . 8 updates got downloaded in ccmcache.
The updates were installing manually if we try to install them.
I do not understand why this happened.
I have checked the "States 3 - States for a deployment and computer" and appears that Software updates are not required. Also, i of list of few updates which listed
as "is installed", but actually does not appears to be installed.
Please share your valuable inputs.software updates were targetting using single deployment & is there any deadline configured for the same?
someone might have uninstalled previously installed updates, please run software update scan cycle to see latest results. also check event viewer logs & updatestore.log & windowupdate.log for more information.
Prashant Patil -
Intel HD3000 graphics and sound drivers fail to load on Server 2008
I managed to install Windows Server 2008 x64 on a separate partition without Boot Camp, but I'm having issues with my drivers. Windows 7 drivers are compatible with Server 2008 in most cases. Since Boot Camp doesn't support Server editions I attempted to install the drivers myself, but I keep getting error 39 on my HD3000 graphics drivers. Went through multiple reboots, rollbacks, and driver reinstalls using both the official drivers and the Boot Camp drivers.
Is there a way to modify the Boot Camp driver install package to bypass the Windows 7 requirement? I tried to manually install the drivers from the Boot Camp folders (tried several variations of them as well) but I'm still not getting proper sound, graphics, or wifi. All my services are properly configured to enable them, and the device manager shows driver failed to load errors.
If people are able to get Windows 7 drivers installed that means there needs to be a way to do this with Server 2008 (not R2).
I need this to run natively, not virtualized.
Seems to me the easiest way to fix this would be to bypass the desktop-only limitations of Boot Camp, but I'm guessing there's no easy work around.
. Why the restrictions?
I'm running a MacBook Pro 8.1 (late 2011 release).
I tried using test mode but that failed to fix what I thought might be a driver signing issue.IIRC, Apple doesn't expose the Intel embedded GPU to WIndows, only the discreet GPU. If my memory is correct, that would explain why you can't install the drivers for hardware that WIndows doesn't see.
-
Error Starting Service Manager 2007B patch 10 Windows Server 2008 64 bit
Hi All,
I am trying to do a new installation of SAP Business One 2007B patch level 10 with a operating system of Windows Server 2008 64 bit and SQL Server 2008. Installation of Server, Server Tools and Client sucessfully happened without any errors but when I am trying to open the service Manager its giving me an error as ServiceManager.exe has stopped Working and when I click on view problem details the follwoing is the error details :
Problem signature:
Problem Event Name: APPCRASH
Application Name: ServerManager.exe
Application Version: 0.0.0.0
Application Timestamp: 49af579d
Fault Module Name: B1iEventSender.dll
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 49af5783
Exception Code: c0000005
Exception Offset: 00033482
OS Version: 6.0.6002.2.2.0.274.10
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160
Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
I tried to reinstall the Server Tools but still the problem remains the same.
Can you please advise whaty might be the mistake or problem from my end.
Regards,
VenkatHi,
Modify license server from add/remove program but do not check the B1i event sender in the select feature.
Probably, the B1i event ender is not installed correctly.
Rgds,
JimM -
Integration Manager in Services causes 100% CPU Utilization in Server 2008
Hi,
We have a number of custom integrations running on a Windows Server 2008 machine and one which continuely keeps crashing the Server.
We just recently upgraded our Server to this Windows Server 2008 and we did not have this issue on our old server.
This intergration is run through IntegrationManager under Services and runs every 5 mins. The service is on continuously and never stopped.
We sometime have to reboot the server 2 to 3 times a day because this is crashing.
Would anyone have any ideas on why this might be happening?
ThanksIs it a homemade program/service ? I would check to be sure it's 2008's ready. (for memory leak, etc..)
Regards, Philippe
Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
Answer an interesting question ? Create a
wiki article about it! -
Hi There,
I'm trying to migrate one of my physical Windows Server 2008 R2 to Virtual Environment (Hyper-V on WinSvr2012).
(The original physical machine had multiple partitions on the windows HDD and 2 other boot able OSs where installed on 2 of those partitions ...) So anyhow, After heaps of trouble shooting and fixing the boot records, it finally started booting the
Windows but when it got to loading C:\windows\System32\Drivers\Classpnp.sys
and it crashed, a blue screen poped up saying "A Problem has been detected and windows has shut down to prevent damage to your computer ... ) and then system got rebooted automatically.
I have tried chkdsk, also tried copying a new classpnp.sys to replace the old one but no hope. I don't think is not a damage file issue. Not sure, but it is probably related to changing the HDD devices or SCSI/IDE controllers?
Any idea?1. You have placed your problem in wrong forum. Address your problem to Server forum instead.
2. I do not think it is liable configuration. I have not heard about migration of multiboot HDD. Try to split it. Pay attention to better preparation. I would expect separate target VM.
Regards
Milos -
Applying Service Pack on multiple instance SQL Server 2008 R2 Cluster and Standalone.
Friends,
Its my first time I am applying Service pack to both Standalone and Clustered SQL 2008 R2 servers. I have multiple instances running on both stand alone and Clustered environment. I don't know how to apply pack with multiple instances. Do I need to apply
the service pack each instance one by one or I can just run the pack to each node of cluster and each box of stand alone server? Will I get any multi instance selection option during the installation process so that I can select multiple instances at once??When installing service pack for multiple instances in a standalone machine, you just run the installer and it lists all the instances eligible for the update. You could do it one by one or do it at the same time. Doing it at the same time saves time and
energy. If you selected multiple instances then you dont have to do anything else.
In case of cluster, if you have multiple instances then you need to be little careful.
Eg: Assume you have a 2 node cluster Node 1 and Node 2. Two instances Instance 1 active on Node 1 and Instance 2 active on Node 2. What I would do in this case is to first failover any one instance to the passive node. Assume I failed over Instance 2 to
Node 1. Now Node 1 is active node for both instance 1 and instance 2 and Node 2 is passive for both instances. At this point I run the service pack on Node 2. Once patching is done, I reboot the node and then failover the instaces one by one to Node
2. At this point both instances 1 and 2 would get upgraded and will be active in Node2. Now Node 1 is passive and so run the update there. Once the service pack is installed, reboot and then fail back Instance 1 back to Node 1. Note: I would also failover
Instance 2 to Node 1 just to confirm that failover works completely after service pack update.
Regards, Ashwin Menon My Blog - http:\\sqllearnings.com
Maybe you are looking for
-
what it says above
-
Office Jet Pro 8600/Mavericks/ unable to install
When downloading the most current software and driver from the HP site and trying to install ,I encounter an error 90% of the way throught the install. The HP installer closes without notice and prompts me to start again . The following error screen
-
Invisible withholding tax amounts in FBL1N
Hello, When I display vendor open items through FBL1N t-code I cannot see some of the withholding tax amounts although they really have been posted, as I can see them when I display the document number through FB03. Can anybody give me any explanatio
-
Where is CS5 preference to use new window and not tabs?
Hi, I prefer a new window rather than lose screen space to tabs. Is there a preference somewhere to open new document in new window and not as a tab? Thanks, Garrett
-
How do I edit my current rc.conf after installation? I'm new to arch and don't know a lot of console commands yet, and I recently found out I need to edit the modules array in rc.conf but I have no idea how. Last edited by dm29 (2009-01-13 00:23:54)