Not retrieving home made trusted certificates
Hi,
The aim is to use a server ( Tomcat ) to authenticate web users thanks to their certificate.
I've imported with keytool trusted certificates made by OpenSsl when Iuse -list option I have for each certificate a 'trustedCertEntry' indication ( the CA certificate have been imported with -trustcacerts option ). It seems Ok.
So I run Tomcat with -Djavax.net.debug=all option. No certificate is
prompted. I tried the -genkey method, the key is seen at jvm starting but at handshake with the client I have a 'Could not find trusted certificate' fatal, description = certificate_unknown ( I understand that because client certificate and generated key don't match ).
I don't know where I'm wrong, maybe it's in Tomcat's configuration. I'd like to know what's prompted where everythiing runs well.
Thanks in advance,
Christophe
To add the home-made CaCertificate I used keytool without specifying the cacerts file from %JRE%\lid\security directory so keytool added it to %USER_PROFILE%\.keystore and Tomcat use this file to retrieve keys and not cacerts.
Adding explicitly the filename to cacerts it works !!!!
Christophe
Similar Messages
-
Seeburger AS2 - DECRYPTION_ERROR - Could not retrieve certificate
Hi
Can anyone suggest a reason why I am getting this error regarding failed Decryption:
Error while parsing AS2 message: DECRYPTION_ERROR # Error while loading decryption certificate: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate TRUSTED\STEVEB\XX.com.seeburger.ediint.edi.EDIMessageException: cannot decrypt message (certificate or private key missing)
I am pretty sure that the configuration is correct...
Configuration:
[View Creator Role|http://i1111.photobucket.com/albums/h469/SBentley2011/ViewCreatorRole.png]
[JCA Connection Factory |http://i1111.photobucket.com/albums/h469/SBentley2011/connectionFactory.png]
[Keystore View|http://i1111.photobucket.com/albums/h469/SBentley2011/keystore.png]
[PI7.1 Config|http://i1111.photobucket.com/albums/h469/SBentley2011/config.png]
BTW I am using PI7.1 ENH 1 and Seeburger 2.5.1
Thanks for looking.
Edited by: Andy Cliff on May 25, 2011 12:40 AMHi
Really strange, but no joy at all. Even going for the alternative 'Code Based Access' option described below, I continually get Error:
java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate
_Code Based Access to the SAP Keystore_
Creating/Inserting a New Certificate
1. Create a personalized key store view. Certificates and private key entries should be stored in this
view.
2. Using the Security tab of the key storage service web interface, assign the following list of
permissions to the codebase of the adapter in use:
4. Note that permissions that are view based only need to be set once per view and
codebase/domain combination, but entry based permissions need to be set for each entry in the
view to the codebase/domain!
5. Open the NetWeaver Administrator - Application Resources and select the JCA Connection
Factory for the respective adapter. In the lower pane, select the Configuration Properties and
adjust the adapterUser to an empty String (delete the previously entered name). This disables the
user based access and enables code based access. Do not forget to Save your changes.
The following table lists the adapters and the corresponding codebases/domains:
SEEBURGER Adapter Configuration for SAP NW Process Integration 19
In case you experience errors which read as "Reauthentication failed" or "Error
construction implementation" you might need to restart the J2EE server
u2022 VIEW_ALIASES
u2022 GET_VIEW
u2022 LIST_VIEW
u2022 IS_VIEW_EXISTS
u2022 FIND_ALIAS
u2022 LIST_ENTRY
u2022 READ_ENTRY
u2022 IS_ENTRY_A_KEY
u2022 IS_ENTRY_EXISTS
u2022 CREATE_ENTRY_AT_VIEW (for pending keystores)
4. Note that permissions that are view based only need to be set once per view and
codebase/domain combination, but entry based permissions need to be set for each entry in the
view to the codebase/domain!
5. Open the NetWeaver Administrator - Application Resources and select the JCA Connection
Factory for the respective adapter. In the lower pane, select the Configuration Properties and
adjust the adapterUser to an empty String (delete the previously entered name). This disables the
user based access and enables code based access. Do not forget to Save your changes. -
The nice man Joseph Shen helped me with my google problem on my iPhone and worked for 2 days and now not working again please help me solve this problem were I can retrieve my messages on the I phone when I am not at home on my wi Fi is the only time it works correct. Bill. [email protected] 708 752 3667
http://lifehacker.com/5852948/what-to-do-if-youve-forgotten-your-iphones-passcod e
-
Trusted Certificates do not load in WL 10.3.2
In Weblogic 10.3.1, when I started WL, it will load the trusted certificates automatically as below
<Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoTrust.jks.>
<Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\JDK160~1\jre\lib\security\cacerts.>
But in WL 10.3.2, it does not. I looked at the setDomainEnv.cmd and they are totally different for 10.3.1 and 10.3.2. I try to find where I can make it so it will load these trusted certificates automatically in 10.3.2 but no success so far.
I checked the Admin server also and all the settings are identity for both versions. All the files are there too.
Do you have any ideas?
ThanksIn my example server for 10.3.2 it prints out as the server loads:
<Feb 17, 2010 1:00:29 PM CST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file D:\Oracle\wls11g\WLSERV~1.3\server\lib\DemoIdentity.jks.>
<Feb 17, 2010 1:00:29 PM CST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file D:\Oracle\wls11g\WLSERV~1.3\server\lib\DemoTrust.jks.>
<Feb 17, 2010 1:00:29 PM CST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file D:\Oracle\wls11g\JROCKI~1.5-3\jre\lib\security\cacerts.>
In your console look at the Server -> Configuration -> Keystores tab. In my case, the drop-down for keystore is "Demo Identity and Demo Trust" -
Some trusted certificate could not be installed , oracle wallet manager
Hi there,
I am using Oracle Wallet Manager 10.2.0.1
Oracle DB 10.2
when I try to import a certificate I have exported from the browser, I have such error,
that certificate is not something globally known, but it is for local communication,
as I understood that when I specify to import trusted certificate, that does not matter , does it?
please that I have successfully imported another "known" certificate exported with the same way,
what can the reason of such an error,
thanks in advance
rgrdsThe problem was in the certificate itself.
Regards. -
IOS Packaging Error: Could not retrieve certificate chain from keystore
Hi all,
I'm currently evaluating Flash Builder 4.5, with an eye toward prototyping on iOS (since lots of folks here know Flash and ActionScript, but only a couple of us use XCode and Objective-C). I'm currently looking at the Hello World tutorial...
http://www.adobe.com/devnet/flash-builder/articles/hello-world.html
I've built and tested on desktop, and am now trying to package the app to test on iOS. However, when I run the device configuration I get a dialog with the following...
'Launching FlashTest' has encountered a problem.
Error occurred while packaging the application:
could not retrieve certificate chain from keystore
It then shows me the usage text for adt. I have no idea what the problem is.
I've imported the same certificate I use to deploy through XCode, and have created an AppID and provisioning profile specific for my test app.
Thoughts?
p.s. - How do I change my forum name?i understood why
I had the same problem
i solved in this way
before exporting the *.p12 file i chained the certificate to the key by selecting it in the key panel and importing from the file menu the certificate
in this way key and certificate are associated
at this poin i created the p12 file and it worked fine!!!! -
Safari & Citrix: How to undo "Do Not Trust" Certificate after clicking
I mistakenly clicked "Do Not Trust Certificate" in the Safari pop-up Certificate Verification window (instead of "Trust") while trying to download GoToMeeting software to join a Citrix online meeting. Now I am unable to download the GoToMeeting program. How do I change this so that Safari will accept and "Trust" the certificate?
Thank you for your quick response and for the link. I just had a quick question about exporting a certificate: Is that equivalent to deleting it so that Safari won't remember whether or not to "Trust" or "Do Not Trust" it? I am assuming this means that I would need the name of the certificate as well. What happens if I delete my certificates saved in my keychains?
I did not get a chance to follow it because that day I ended up accessing the online meeting through Firefox. Saturday, I had another online Citrix www2.gotomeeting.com meeting so I tried using Safari again just to see what would happen. Safari didn't seem to recognize that I had selected "Do Not Trust" 4 days before and instead prompted me with the option to "Trust". I am just wondering how that happens because I didn't change anything in the keychain. -
How can i sync my home made videos to my ipad, All ar in Quicktime or MPG4 format (it´s not easy as with photo why) I use a PC with Win 7 and Itune.
That alone may not be enough.
http://www.apple.com/ipad/specs/
Video formats supported: H.264 video up to 1080p, 30 frames per second, High Profile level 4.1 with AAC-LC audio up to 160 Kbps, 48kHz, stereo audio in .m4v, .mp4, and .mov file formats; MPEG-4 video up to 2.5 Mbps, 640 by 480 pixels, 30 frames per second, Simple Profile with AAC-LC audio up to 160 Kbps per channel, 48kHz, stereo audio in .m4v, .mp4, and .mov file formats; Motion JPEG (M-JPEG) up to 35 Mbps, 1280 by 720 pixels, 30 frames per second, audio in ulaw, PCM stereo audio in .avi file format.
And it is as easy as with transferring photos from your computer with Include Videos selected under the Photos tab for your iPad sync preferences with iTunes, but first the video must be in an iPad compatible format. -
When I pull up the Term store in CA or any MySite collection, it works.
When I do so in any other site collection (HNSCs, incidentally), It doesn't return any term stores.
My ULS log immediately before and after the "/_vti_bin/taxonomyinternalservice.json/CheckPermission" POST on termstore .aspx triggers the WCF call:
Claims Authentication af30y Verbose Claims Windows Sign-In: Successfully signed-in the the user 'contoso\domainUser' for request url 'https://sp13-root-prd.contoso.com/_vti_bin/taxonomyinternalservice.json/CheckPermission'.
Claims Authentication af30q Verbose Updating header 'LOGON_USER' with value '0#.w|contoso\domainUser' for the request url 'https://sp13-root-prd.contoso.com/_vti_bin/taxonomyinternalservice.json/CheckPermission'.
Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|contoso\domainUser, ClaimsCount=77
Logging Correlation Data xmnv Medium Site=/
Topology e5mc Medium WcfSendRequest: RemoteAddress: 'http://CONTOSOFE3:32843/00e6d55691824965ac223f1d1cfae6d2/MetadataWebService.svc' Channel: 'Microsoft.SharePoint.Taxonomy.IMetadataWebServiceApplication' Action: 'http://schemas.microsoft.com/sharepoint/taxonomy/soap/IDataAccessReadOnly/GetChanges2' MessageId: 'urn:uuid:590e916c-c89a-4f89-9819-a82c97fabcaa'
Claims Authentication bz7l Medium SPSecurityContext: Could not retrieve a valid windows identity for username 'contoso\domainUser' with UPN '[email protected]'. UPN is required when Kerberos constrained delegation is used. Exception: System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: WTS0003: The caller is not authorized to access the service. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.UnauthorizedAccessException: WTS0003: The caller is not authorized to access the service. at Microsoft.IdentityModel.WindowsTokenService.CallerSecurity.CheckCaller(WindowsIdentity callerIdentity) at Microsoft.IdentityModel.WindowsTokenService.S4UServiceContract.PerformLogon(Func`1 logonOperation, Int32 pid) at SyncInvokeUpnLogon(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet))..
Claims Authentication g220 Unexpected No windows identity for contoso\domainUser.
The "The caller is not authorized to access the service." message seems pertinent.
Both web apps are using only NTLM auth.
The url for both web apps ends in the same contoso.com domain.
I get the same errors no matter what account I use, including the install account.
Things I've tried:
Deleting and building a new HNSC root web app and site. Error happens in all sites in all web apps except the PBSC hosting MySites.
Giving the root site app pool identity full control of the metadata service app (even though the MySite identitiy doesn't have it)
Giving the root site app pool identity full permissions on the metadata service app.
Comparing database and web app config permissions between dev (where everything works perfectly) and prod (where it does not).
Made sure IIS auth settings on both sites are identical
Both sites are using the same SSL certificate (though the call to the web service appears to be http)
Reprovisioned the metadata service app with a new database and new app pool identity.
Made sure C2WT is running. Tried it with the service stopped as well.
Web.configs are identical between working and non-working apps.
I'm stumped but still Googling. I'm hoping to avoid having to call Micrososft. Any help would be appreciated!
UPDATE:
Interestingly, when I restored the web application from backup (via CA), I ended up with 3 identical "Windows Authentication" authentication providers assigned to the problem web app. Since there was more than one, I was directed to the provider-chooser
page when visiting the site. Upon choosing 1 of the 3, I was authenticated, and *poof*, no more authentication errors and the term store loaded term sets as expected.
Of course, 3 providers was not an ideal state, so I grabbed the one that worked (#1) via get-spauthenticationprovider, and assigned it to the web app via set-spwebapplication, and my problem returned.
I am currently updating the farm to SP1 from June 2013 CU. Fingers crossed.
Update:
The update to SP1 went smoothly, but did not resolve the issue. Also related (I believe) are the random authentication errors when trying to upload images to some libraries, and 401-errors on the accessdenied.aspx page itself.
Update:
The problem is resolved, seemingly after making 4 changes. I'm trying to narrow down which change was the cure, if any:
I installed SP1 on all 6 servers, rebooted and upgraded. This appeared to have no effect.
Removed an old login from SQL that no longer existed in AD because of this ULS error:
System.Runtime.InteropServices.COMException: The user or group contoso\svc_xxxxxxxxx' is unknown., StackTrace: at Microsoft.SharePoint.Utilities.SPUtility.GetFullNameFromLoginEx(String loginName, Boolean&
bIsDL)
This login was the identity of the application pool that used to run the web app in question.
This login was the schema owner of a schema named after itself on every SharePoint database so I changed the schema owner to dbo but left the schema attached.
The problem may have surfaced initially when the app pool identity was changed in CA, but went unnoticed?
Note that the web app had been deleted and recreated many times with a new identity and pool to no avail, but the URL remained the same throughout each attempted fix. Relevant?
Grasping at straws, I changed the app pool identity for this web app to the same one that runs the MySite web app pool as per this only slightly related problem: http://www.planetsharepoint.org/m/preview.php?id=372&rid=34764&author=Vlad+Catrinescu
I changed the authentication method from NTLM to Negotiate.
I am rolling back #3 and #4 to see if the issue resurfaces.
Update:
It doesn't appear to have been the NTLM/Negotiate setting. Web app is currently set to NTLM and all is well. No strange accessdenies, and term Store is still manageable from all sites.
Update: Sorry for the delay. I am administering 6 farms these days. Will update as soon as the final phase of rollbacks happens.
I think I can. I think I can.maybe that web app was accidentally created with classic auth?
here's an example of how to create claims based, with classic, and then "doing 2013" claims
#Create the example web application, as mentioned above, either with gui, and pick later, or
New-SPWebApplication-ApplicationPool$applicationPool-ApplicationPoolAccount$serviceAcct-Name$WebApp-Port
5050
-databaseName$contentDB-securesocketslayer
#If doing for 2013
New-SPWebApplication-ApplicationPool$applicationPool-ApplicationPoolAccount$serviceAcct-Name$WebApp-Port
5050
-AuthenticationProvider(new-spauthenticationprovider)
-databaseName$contentDB-secureSocketsLayer -
Using trusted certificates to avoid
I have a certain presumption I wish to confirm.
Presumption: When an SSL client attempts to make a connection to a remote host, once that connection is made, the client says (i.e, behaves as if he says), "I know what site I want to connect to. I have attempted a connect to that URL. I am now connected to some site but I will not allow this connection to proceed unless the remote host presents evidence he is who I think he is." whereupon the remote host presents all the certificates he has available (from jssecacerts file, I think). The client host compares each presented certificate in turn to the list of trusted certificates he has in his keystore (cacerts). When he finds one that is a match the client says, "Okay, I will allow this connection to proceed." and moves on. If the client does not find a match he aborts the connection and throws the exception which reports "unable to find a valid path to the requested target."
Now, my presumption is that the remote host may have purchased a certificate from one of the "trusted authorities" such as verisign, thawte, geotrust, etc. and have imported that certificate into his jssecacerts file. Therefore presenting that certificate, among others, when asked by the enquiring client. The client compares that certificate to his cacerts file and finds there a base certificate (by following the "trust chain") from, say, verisign from which his presented certificate has been derived. Therefore the client is able to follow the "trust chain" up from the remote server's certificate to the trusted base certificate already existing in the client's cacerts keystore and, therby, be able to accept the connection to the remote host.
Is that the way it works? So I can avoid either causing the client visiting my server site to throw the "unable to find ... to requested target" exception and to prevent the client which may be connectiong via a browser from having to ask the user to say, "Yes. I am willing to accept this unknown site as a trusted site."
Correct?
Thanks.Is that the way it works?Yes.
So I can avoid either
causing the client visiting my server site to throw
the "unable to find ... to requested target"
exception and to prevent the client which may be
connectiong via a browser from having to ask the user
to say, "Yes. I am willing to accept this unknown
site as a trusted site."Yes.
However note that what SSL is doing here is authentication, i.e. proving that the site is who it says it is. Whether that's the site you want, i.e. whether you want to authorize communications with that host, is ineradicably up to the application. And that's what handshake completion listeners and HostnameVerifiers are for.
Too many people in these forums try to achieve authorization via the SSL truststore. That's not what it's for. -
RMI over SSL under Web Start can't find trusted certificate
I have implemented RMI over SSL to get a Java EJB Client application talking to a JRun server over SSL. It works fine from the command line, but when I try to run it as a Web Start application, I get
java.security.cert.CertificateException: Couldn't find trusted certificate
(More complete stack trace below)
I am using a test certificate, not one from a bona fide CA.
I have tried putting the key store file in one of the jars used by the application, and adding:
<argument>-Djavax.net.ssl.trustStore=jssecacerts</argument>
and
<argument>-Djavax.net.ssl.trustStore=jar:http://ip/app/xxx/lib/JarWithCacs.jar!/jssecacerts</argument>
to no avail.
If I copy the jssecacerts to Web Start's jre/lib/security directory, it works fine.
I have seen other postings that say to use keytool to update the JRE used by Web Start, but that kind of defeats the purpose of Web Start: zero admin client. I can't touch each user's machine.
I have seen other posts saying to implement a more relaxed trust manager, but that doesn't seem right either.
I am using JDK 1.4.1_02b6 on Win2k. This should be irrelevant: JRun 4 sp1a.
Is there a way to specify the jssecacerts file in the jnlp file so Web Start will recognize it?
Thanks for any help,
JohnI think I have an answer:
1) Package the truststore file in the client JAR file
2) Add code to the client to copy the truststore from the JAR file to the client hard drive
3) Add code to the client to set the truststore properties to refer to the file on the client hard drive
<<code>>
private void setupTrustStore() {
try {
// save truststore file to local disk
File homeDir = new File(System.getProperty("user.home"));
File trustStoreFile = new File(homeDir, "mytruststore");
URL url =
this.getClass().getClassLoader().getResource("mytruststore");
BufferedInputStream in =
new BufferedInputStream(url.openStream());
BufferedOutputStream out =
new BufferedOutputStream(new FileOutputStream(trustStoreFile));
while(true) {
int data = in.read();
if(data < 0) break;
out.write(data);
in.close();
out.flush();
out.close();
// set truststore properties
System.setProperty("javax.net.ssl.trustStore",
trustStoreFile.getPath());
System.setProperty("javax.net.ssl.trustStorePassword", "mypasswd");
} catch(Exception e) {
e.printStackTrace();
} -
Can send but not retrieve emails using Thunderbird and Windows 8.1
Hi, I am not able to get Thunderbird to retrieve emails on a new laptop.
Last week I purchased a new laptop due to an imminent hard disk failure on my old laptop. I will call them "Old" and "New" laptops. (Old laptop is still working for the moment...)
The Old laptop is nearly 3 years old, and I have been using Thunderbird on it since new without any problems.
I have downloaded and installed Thunderbird on the New laptop, and can not get it to retrieve emails.
As the Old laptop is still working (at the moment), I am able to directly visually compare and check settings on both computers.
THE PROBLEM
Using Thunderbird on the New laptop, I am able to send emails, I can see all my old emails restored from the Old laptop using Mozbackup, but clicking Get Mail on the New laptop does not retrieve new
emails.
When I click Get Mail, the status message in the bottom left corner says "connected to .....<ISP>..." but does not actually get the emails. However, the Old laptop is still able to get emails as it always has.
My ISP is a large Australian telco that I have used for many years and I have not changed anything with my account. The ISP is POP3.
WHAT HAVE I TRIED
I deleted the email account created by restoring from Mozbackup, and attempted using the Thunderbird new account wizard, however Thunderbird did not recognise my ISP and would not create the account - even though it is working perfectly at the same time on the Old laptop.
All Firewalls I can find have been configured to allow Thunderbird, with the same configuration settings on both machines.
How do I know I can send but not Get emails from Thunderbird on the New laptop?
I have sent test emails to myself from the New laptop. Thunderbird sends successfully, I am able to preview the test emails via Mailwasher on the New laptop, and can read, reply, etc, to the emails if I log into my ISP webmail service. However I can NOT get Thunderbird to retrieve and download these emails on the New laptop. If I go to the Old laptop, Thunderbird works perfectly, retrieves and downloads all new emails, including these test emails.
I am now at the point where I do not know what else to try and would appreciate any suggestions.....
I have spent many hours over the last 3 days surfing the net, forums, Mozilla Support, etc, and tried everything suggested, without success. The only thing I have NOT tried is starting windows in Safe mode (as per some suggestions), as it is not a viable long term solution.
OTHER INFO
Computer Details;-
"Old" laptop;-
Windows 7 Home Premium - continuously updated with all Critical and Important updates. 64 bit version.
Antivirus = Bitdefender Total Security (subscription and licensed). Up to date.
MailwasherPro 2012 (subscription and licensed). Up to date.
Thunderbird 24.5.0 working perfectly. Up to date.
"New" laptop;-
Windows 8.1 - up to date with all Critical and Important updates. 64 bit version.
Antivirus = Bitdefender Total Security (subscription and licensed) - downloaded and installed. Up to date.
MailwasherPro 2012 (subscription and licensed) - downloaded and installed. Up to date.
Thunderbird 24.5.0 - downloaded and installed.
Note: I 'downloaded and installed' the Windows 8.1 version of these programs to avoid any potential compatibility problems restoring or copying from a Windows 7 backup version of the programs.
1) New laptop came with pre-installed with McAfee - which has been Uninstalled due to running Bitdefender (Windows searches for 'McAfee' return nothing found suggesting the Uninstall was successful).
2) Thunderbird has been added to both Bitdefender and Windows 8.1 firewalls on the New laptop.
3) Bitdefender and Windows security settings are identical on both laptops - as near as I can determine, I may be missing something - but have checked all settings 3 times by doing a side-by-side visual comparison.
4) Thunderbird settings are also identical and I am using the same email address and ISP that I have been using for many years.
5) I migrated Thunderbird settings, accounts and emails from the Old laptop to the New laptop using Mozbackup, then visually checked and compared all settings in Thunderbird between the two machines.
6) For info, I have used Mailwasher for many years as a simple way to preview and wash mail before running email programs such as Thunderbird - might be overkill, but I have also never had a virus or malware problem, so will keep doing this.
7) I have Uninstalled and re-installed Thunderbird on the New laptop twice, and done the same with Bitdefender once.
8) Any config changes I try on the New laptop, I either restart Thunderbird and / or restart the New laptop, or both.
9) I have not created a Windows 8.1 account and am not using SkyDrive.
10) Only other software I have installed on the New laptop is Google Chrome, Office Home 2013 and iTunes - all are working.
Thanks in advance....Well there is not much left. If telnet works then the path is clear and there is no hardware firewall blocking ports.
All that is left is software, so try windows safe mode with networking. A very handy way to eliminate software. it also actually disables most anti virus resident features and is preferred here because anti virus/security programs do not always disable or turn off when they say they have.
You might also try the McAfee removal tool. https://community.mcafee.com/thread/52788 I notice the rep said yes to both, they did not say not required.
Finally you could try creating a new profile, and see if it works just to exclude corruption of your existing profile. ( I doubt it but I am at the anything goes point)
Just as an aside, I have never had an email borne nasty and I for many years never even had an email virus scanner. So yes I think your a bit over cautious with mailwasher, if that is what your using it for. Thunderbird does not support scripting languages or flash, or most plugins in the email sandbox. The result is getting a virus from a mail in Thunderbird is really only possible, for all practical purposes, if you open that password protected zip from the young Russian woman and that is what the anti virus should be blocking anyway when the temp file is written. -
How does iMatch treat my own home-made recordings with high emotional value?
The question speaks for itself. I am cautious of using iMatch, because I am not sure what it will do with my precious home-made recordings (with performances of some of my deceased family members) of which there is no 'match'. Is it smart to make a back-up of these files first before sending them away in the cloud? Will it back up these files and make them available for all of my devices for my family when they log in under my name?
Hi,
Match will not change your files. If they meet match requirement regarding file type, size and bit rate they will be uploaded as is. If they are aiif, WAV or lossless they will be transcoded to 256 Kbps.
You should maintain a separate back up of all your music - do not rely on match.
The music will be available to stream or download on other devices and computers whilst signed into your Apple ID but be wary of the authorization rules. http://www.apple.com/uk/support/itunes/authorization/
Jim -
Remote Desktop Connection ok on work wireless but not from home
I've succesfully logged into the Win 2003 SBS (Terminal Services) from within the wireless connection at work using Mircrosoft's "Remote Desktop Connection". However when I try to do this from home I get the following error message "Either remote connections are not enabled, the computer is too busy to accept new connections, or network problems are preventing your connection. Try connecting again later or contact your administrator."
I've got the firewall on the mac on.
Now what I can't work out is why it works when at work and not from home. I have been searching for ages and can't work this out - annoying as I am sure it is very simple!
One thing I can think of is that the first time others connect via PCs they have to download the connection manager from the company web site which installs a security certificate. However this is an .exe file so cannae work on the Mac.
Do all I need to do is ask the IT administrator to email me the certificate and drop it into the keychain?
Thanks in advance."Now what I can't work out is why it works when at work and not from home."
Probably because, if your work is smart, they have a firewall in place, blocking external access to the ports needed for use with RDC. -
Can connect but not retrieve file list (VSFTPD) from within network
Hi!
I've got a D-Link DIR-100 wired router to which an Airport Express and an MSI Wind (Arch Linux server) is connected. I can connect to the Wind from outside the LAN, which includes SSH, HTTP and FTP. However, FTP won't work if I'm inside the LAN. The Wind has the IP 192.168.0.101 in the network, and I forwarded the port 22 for SSH, 80 and 443 for HTTP and 20-21 for FTP. I'm using OpenSSH, Apache, and VSFTPD.
When trying to connect with Transmit (OS X) I get this error message:
[b]Could not retrieve file listing.[/b]
Server said:
Illegal PORT command.
Error -162: PORT failed
The Transmit log looks like this:
Transmit 3.6.7 Session Transcript
LibNcFTP 3.2.1 (August 13, 2007) compiled for UNIX
Uname: Darwin|asynja.local|8.11.1|Darwin Kernel Version 8.11.1: Wed Oct 10 18:23:28 PDT 2007; root:xnu-792.25.20~1/RELEASE_I386|i386
220: (vsFTPd 2.1.0)
Connected to www.mydomain.se.
Cmd: USER myusername
331: Please specify the password.
Cmd: PASS xxxxxxxxxx
230: Login successful.
Cmd: TYPE A
200: Switching to ASCII mode.
Logged in to www.mydomain.se as myusername
Cmd: SYST
215: UNIX Type: L8
Cmd: PWD
257: "/home/myusername"
Cmd: PASV
227: Entering Passive Mode (192,168,0,101,227,13).
Fixing bogus PASV data address from 192.168.0.101:58125 to XX.XXX.XX.XX:58125.
Data connection timed out.
Falling back to PORT instead of PASV mode.
Cmd: PORT 192,168,0,102,204,170
500: Illegal PORT command.
Cmd: NOOP
200: NOOP ok.
Cmd: PORT 192,168,0,102,204,171
500: Illegal PORT command.
(I edited out the IP and login credentials.)
If I try to connect to 192.168.0.101 though it works like a charm. How come I can't use the same adress? I can visit the external IP/HTTP in a browser, I can connect to it through FTP, but I can't view the files?Interestingly, the errors above seem to be a little bit of a
red herring. If I turn off "enable file check in and check out" in
Dreamweaver then files can be downloaded, edited and uploaded
perfectly. I can also create new files. As soon as I turn checkouts
back on, it stops working. The errors above show up in the Apache
server log even when this box is unchecked and yet everything works
correctly. Because Contribute offers no option for editing without
writing extra info files to the server it still won't work.
The Dreamweaver log shows the following when I attempt to
check out a file:
Started: 12/19/08 6:25 PM
Operation timed out. Cancelling...
Operation timed out. Cancelling...
/webdav/robots.txt - error occurred - An HTTP error occurred
- cannot get robots.txt. Dreamweaver could not connect because the
server is down or not accepting connections.
File activity incomplete. 1 file(s) or folder(s) were not
completed.
Files with errors: 1
/webdav/robots.txt
Finished: 12/19/08 6:27 PM
As I mentioned, when I turn off checkouts this whole process
works correctly, and I can edit and create new files.
Maybe you are looking for
-
What adaptor should I buy for AC power cord to convert 110v to 220v service
Travelling with my MacBook Pro from USA where AC is 110v. How can I recharge battery in countries with 220v AC service>?
-
Mac 10.5.8 won't restart after updates. just shows rainbow circle.
I can't tell if the updates (e.g. Quicktime, etc) are not updating, or if it's just the computer that will not "restart" but I can't figure this out. I've searched for a solution, but can't find one. Help?
-
Coherence console throws a NotSerializableException when you try to backup
Hi, When you try to use the Coherence console application to backup the contents of a cache, e.g. Map (test): backup c:/temp/orders.dat Failed to backup: java.io.NotSerializableException: unsupported type: com.oracle .coherence.demo.Order You get an
-
Installing Windows XP-SP2 with boot camp
I created a Windows XP slipstream CD with SP2 and then started the windows setup with boot camp. After i pressed "enter" the first time to setup windows it said that it couldn't read the disk or find a previous windows installed on my computer. Then
-
I really hope someone can suggest a solution. I updated my iPhone 3G to IOS 4.1 earlier today and since the I have lost all sound - no keyboard clicks, music or alerts. Has anyone else experienced this and could you offer a suggestion? Many thanks