NRM over SSL (port 8009) doesn't respond

Netware 6 Sp5 box + post patches. This is an old box that I'm trying to migrate over to a VM by enabling iscsi and setting that up. I've done this with 6.5x without issue. Anyway, NRM will respond and function over http on port 8008 without issue. however, if i click the 'iSCSI Services" link at the bottom.. it throws an Unauthorized Access Denied error. After doing some digging online, someone said to try logging into NRM via SSL (port 8009) and it worked for him. Well, I'm unable to do that. When I try to access NRM over https/8009 the browser just spins and spins. I checked TCPCON and it appears that its listening on port 8009.. I telnet'd to port 8009 and it doesnt deny me.. but nothing comes up. I've done PKIDiags, httpstk /reset and re-loaded with /ssl /keyfile:"SSL CertificateIP" with no change. No errors with certificates that I can find
Kind of out of ideas. Any out there still familiar with this? :)

Originally Posted by AndersG
Try unload httpstk, then load it
http://www.novell.com/rms
Have done that at least 100 times :) with /reset , etc. actually just figured out it works with Firefox, but not ie or chrome

Similar Messages

Custom sig: Non-SSL over SSL port

I am trying to build a custom signature for detecting non-SSL traffic on a specific SSL port (let's say tcp/443). This has to do with CONNECT tunnels through an HTTP proxy. Conceptually, it's not a complicated idea. Whether or not it can technically be done effectively with the Cisco IPS I don't know.
It seems that very early in every SSL connection, there is an SSL "client hello" message(SYN,SYN/ACK,ACK,CLIENT HELLO). There are two relevant record formats, SSLv2 and SSLv2/TLS. I would like to create a signature that fires when it DOES NOT see the client hello message very early in a given TCP session. I would want the signature to only need to check the very first n packets of any given TCP session (n = max size of connection establishment + max size of client hello packet). Has anyone created such a beast or willing to help? Here are a couple packets.
SSLv3 Client Hello
0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
0010 00 8e 33 b8 40 00 3e 06 94 16 ce c3 c3 6c 40 22 ..3.@.>......l@"
0020 a2 49 58 27 01 bb b7 42 c6 92 fd 36 a3 d1 50 18 .IX'...B...6..P.
0030 44 70 08 e2 00 00 16 03 00 00 61 01 00 00 5d 03 Dp........a...].
0040 00 44 5f 9a 77 69 49 5a 85 52 a0 96 38 b3 b4 15 .D_.wiIZ.R..8...
0050 8f db f2 0f c9 0e ea 10 f5 69 39 8c 58 87 e5 33 .........i9.X..3
0060 70 20 ba 06 1e 3f d4 4e 3c d0 de a8 ea 4e a3 7f p ...?.N<....N..
0070 0f 07 fd 5f 88 07 17 ef 50 ce 6b cf 10 e3 84 99 ..._....P.k.....
0080 04 a2 00 16 00 04 00 05 00 0a 00 09 00 64 00 62 .............d.b
0090 00 03 00 06 00 13 00 12 00 63 01 00 .........c..
TLSv1 Client Hello
0000 00 0f 20 6c 99 8b 00 a0 8e 82 c4 c1 08 00 45 00 .. l..........E.
0010 00 96 a2 89 40 00 7f 06 32 b3 ce c3 c2 29 ce c3 [email protected]....)..
0020 c6 74 0d 13 01 bb 38 17 d5 89 98 0f fc 73 50 18 .t....8......sP.
0030 44 70 6c 75 00 00 16 03 01 00 69 01 00 00 65 03 Dplu......i...e.
0040 01 44 5f 9a 84 8a 94 ab f3 78 e7 b1 c9 ca 04 34 .D_......x.....4
0050 3b 95 1b 86 51 05 5f ac 9d a0 b0 69 fe 0c 27 e5 ;...Q._....i..'.
0060 9c 20 78 08 00 00 ce c3 c2 29 58 58 58 58 58 58 . x......)XXXXXX
0070 58 58 58 58 58 58 58 58 58 58 48 9a 5f 44 8c 4b XXXXXXXXXXH._D.K
0080 05 00 00 1e 00 04 00 05 00 2f 00 33 00 32 00 0a ........./.3.2..
0090 00 16 00 13 00 09 00 15 00 12 00 03 00 08 00 14 ................
00a0 00 11 01 00 ....
SSLv2 Client Hello
0000 00 00 5e 00 01 67 00 a0 8e 82 ec 5d 08 00 45 00 ..^..g.....]..E.
0010 00 82 fb a7 40 00 3e 06 cf 32 ce c3 c3 6c 9f 35 ....@.>..2...l.5
0020 40 36 58 6d 01 bb b7 78 06 1b cd e2 e2 3d 80 18 @6Xm...x.....=..
0030 44 70 47 6b 00 00 01 01 08 0a 31 fd f9 51 00 00 DpGk......1..Q..
0040 00 00 80 4c 01 03 00 00 33 00 00 00 10 00 00 04 ...L....3.......
0050 00 00 05 00 00 0a 01 00 80 07 00 c0 03 00 80 00 ................
0060 00 09 06 00 40 00 00 64 00 00 62 00 00 03 00 00 [email protected].....
0070 06 02 00 80 04 00 80 00 00 13 00 00 12 00 00 63 ...............c
0080 7b af 57 75 f8 a9 72 54 23 29 32 50 bf ef 1e a9 {.Wu..rT#)2P....

Hi mhellman:
I can see 3 difficulties with this kind of sign.
1) To determine the order of the packets.
2) To determine that happen at the very begining of the conection
3) fire when the traffic doesn't match with the signature.
The difficulty number 3, I think, is imposible to resolve because the sensor can compare the trafic with a well defined pattern and fire when it match, but not when it doen't.
The difficult number 2
You need a kind of state signature because this can be classified like a machine state (first three way handshake, then hello packet) but I can't see fields in the state engine that help in this case.
The difficult number 1 could be resolved by a Meta signature.
You will need to create an a custom atomic signature for the syn packet, another for the syn ack, another to ack, and the last one for hellow packet.
Then create a meta signature and add the fourth atomic singatures whith a strict order.
but guess what...
Meta signature doesn't permit custom signatures.
I think this kind of signature is imposible to write.
But I'd try.
Regards
Alberto Giorgi from spain.

OIM 9102 , AD Password Sync 91x, JBoss 423GA - issue over SSL port.

Followed the steps describe in "Deploying the connector"
http://download.oracle.com/docs/cd/E11223_01/doc.910/e11218/install_config.htm#insertedID0
section
Pre-Installation both SSL n non-SSL works for SPML verification.
For JBoss Application Server:
http://IP ADDRESS:8080/spmlws/services/HttpSoap11
https://IP ADDRESS:8443/spmlws/services/HttpSoap11
Post Installation - configured SSL.
On AD machine logs following error message is displayed:
MAX_RETRY LIMIT count is not updated: OIM is down
Following meta-link ID 1073889.1
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=1073889.1
explains to verify 'oimhost and oimport' - oimhost is machine ip address ( AD machine is able to ping OIM machine through ip address and machine name )
oimport is 8443
Any suggestion.
Or anyone previously successfully deployed password sync over SSL for OIM 9102 and AD Password sync 91x,
as i found a similar thread in OTN forum where user had issues over SSL.

Did anyone resolve this issue? I have the same running SSL Password Sync on OAS 10.1.3.4 and OIM 9.1.0.2 BP09a with AD 2003.
Debug [7/8/2010 6:35:45 AM] oimport is
Debug [7/8/2010 6:35:45 AM] 4443
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] oimsslclient is
Debug [7/8/2010 6:35:45 AM] nw-dc-01.nwocaland.nwoca.org
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] oimuserattr is
Debug [7/8/2010 6:35:45 AM] USR_UDF_SAM_ACCTNAME
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] oimusessl is
Debug [7/8/2010 6:35:45 AM] Y
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] oimappservertype is
Debug [7/8/2010 6:35:45 AM] 2
Debug [7/8/2010 6:35:45 AM]
Debug [7/8/2010 6:35:45 AM] End of sgsloidi::getConfigParamters
Debug [7/8/2010 6:35:45 AM] Inside sgsloidi::setParameters
Debug [7/8/2010 6:35:45 AM] The SOAP start element is
Debug [7/8/2010 6:35:45 AM] <SPMLv2Document xmlns="http://xmlns.oracle.com/OIM/provisioning">
Debug [7/8/2010 6:35:45 AM] The SOAP end element is
Debug [7/8/2010 6:35:45 AM] </SPMLv2Document>
Debug [7/8/2010 6:35:45 AM] The path is
Debug [7/8/2010 6:35:45 AM] /spmlws/HttpSoap11
Debug [7/8/2010 6:35:45 AM] End of sgsloidi::setParameters

Sievefilter over SSL (port 443)

Does anybody know how i can get sievefilter to work if i use SSL? I have installed the sievefilter function and it works fine over http but the server will not display the sievefilters when i'm using https. Why?

Sieve filters settings work through iDA, not webmail. You have to turn ssl on for that web server, too.

How to configure Node manager on Linux on ssl port

Hi,
I have installed SOA BPM 11.1.1.3 on linux with ssl enabled. I am trying to configure Node Manager but it's not working.
Here are the steps I did to configure.
1. Created a machine
2. Added managed servers to the machine i.e. soa,bam
3. Enroll domain using nmEnroll using
cd $BEA_HOME/user_projects/domains/<domain_name>/bin/
. setDomainEnv.sh
java weblogic.WLST
wls> connect(’weblogic’,'weblogic1’, ‘t3://mymachine.mydomain:7001’)
wls> nmEnroll(’$BEA_HOME/user_projects/domains/<domain_name>’, ‘$BEA_HOME/wlserver_<version>/common/nodemanager’)
here 7001 is the admin server non-ssl port but when I try 7002 ssl port it doesn't connect. But I need to enroll it on ssl port as I have ssl enabled.
4. reset the node manager user/password same as weblogic console
5. started the node manager using $WL_HOME\server\bin\startNodeManager.sh
But when I log back into console and try to start my manage server it gives the following error
SEVERE: java.io.FileNotFoundException: /usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain/./config/jps-config.xml (No such file or directory)
<Aug 6, 2010 5:30:16 PM EDT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The dynamic loading of the OPSS java security policy provider class oracle.security.jps.internal.policystore.JavaPolicyProvider failed due to problem inside OPSS java security policy provider. Exception was thrown when loading or setting the JPSS policy provider. Enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01538: The default policy provider was not found.I did not add my Admin server to be part of the machine.
Any help if I am missing anything or doing anything wrong.
Thanks

Hi,
Do I need to add Admin Server also part of the Machine where I added bam,soa servers. I tried again following the steps but gets the below error again. Appreciate if someone can list the steps as the docs are a bit vague:
<Aug 6, 2010 6:14:01 PM> <INFO> <wcbpm_domain> <bam_server1> <Starting WebLogic server with command line: /usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain/bin/startWebLogic.sh >
Aug 6, 2010 6:14:01 PM weblogic.nodemanager.server.ServerManager log
INFO: Starting WebLogic server with command line: /usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain/bin/startWebLogic.sh
<Aug 6, 2010 6:14:01 PM> <INFO> <wcbpm_domain> <bam_server1> <Working directory is '/usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain'>
Aug 6, 2010 6:14:01 PM weblogic.nodemanager.server.ServerManager log
'/usr3/app/oracle/Middleware/user_projects/domains/wcbpm_domain/servers/bam_server1/logs/bam_server1.out'
<Aug 6, 2010 6:14:02 PM> <INFO> <wcbpm_domain> <bam_server1> <Server failed during startup so will not be restarted>
Aug 6, 2010 6:14:02 PM weblogic.nodemanager.server.ServerManager log
INFO: Server failed during startup so will not be restarted
<Aug 6, 2010 6:14:02 PM> <WARNING> <Exception while starting server 'bam_server1'>
java.io.IOException: Server failed to start up. See server output log for more details.
        at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:331)
        at weblogic.nodemanager.server.Handler.handleStart(Handler.java:567)
        at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:118)
        at weblogic.nodemanager.server.Handler.run(Handler.java:70)
        at java.lang.Thread.run(Thread.java:619)
[WARN ] Use of -Djrockit.optfile is deprecated and discouraged.
[WARN ] Use of -Djrockit.optfile is deprecated and discouraged.
Unknown option or illegal argument: -XX:+UseParallelGC.
Please check for incorrect spelling or review documentation of startup options.
Could not create the Java virtual machine.
<Aug 6, 2010 6:14:02 PM> <FINEST> <NodeManager> <Waiting for the process to die: 590>
<Aug 6, 2010 6:14:02 PM> <INFO> <NodeManager> <Server failed during startup so will not be restarted>
<Aug 6, 2010 6:14:02 PM> <FINEST> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>Don't know if I hve missed any steps in node manager configuration.
Thanks

How to set up iPhone 5 iOS 6 email with IMAP over SSL on a custom port?

Basically I have the same problem as this guy 5 years ago but the thread contained no useful answer. Maybe there are people out there who became smarter in the meantime? Please help me out how to get my iPhone read emails via IMAP over SSL on a custom port to the corporate server. The issue is that the iPhone only seems to work if you use the standard 993 port for IMAPS, not with a custom port as we have. I've installed the corporate root certificate in a profile, and it shows up as trusted and verified in the phone, so that should not be the issue. The mail app in the iPhone tries to connect, I can verify that from the server, but then does nothing, doesn't try to authenticate, doesn't log out, nothing is going on, and then drops the connection after 60 seconds. Repeats this every 5 minutes (as set to fetch e-mail every 5 minutes.)
Original thread 5 years ago: https://discussions.apple.com/message/8104869#8104869

Solved it by some (a lot) of fiddling.
Turns out it's not a bug in the iPhone, it's a feature.
Here's how to make it work.
DOVECOT
If the IMAPS port is anything other than 933 (the traditional IMAPS port) the iPhone's Mail App takes the "Use SSL" setting on the IMAP server as 'TLS', meaning it starts the communication in plain text and then issues (tries to issue) the STARTTLS command to switch the connection to encrypted. If, however, Dovecot is set up to start right away in encrypted mode, the two cannot talk to each other. For whatever reason neither the server nor the client realizes the connection is broken and only a timeout ends their misery.
More explanation about SSL/TLS in the Dovecot wiki: http://wiki2.dovecot.org/SSL
So to make this work, you have to set Dovecot the following way. (Fyi, I run Dovecot 2.0.19, versions 1.* have a somewhat different config parameters list.)
1. In the /etc/dovecot/conf.d/10-master.conf file make sure you specify the inet_listener imap and disable (set its port to 0) for imaps like this:
service imap-login {
inet_listener imap {
    port = --your port # here--
inet_listener imaps {
    port = 0
    ssl = yes
This of course enables unencrypted imap for all hackers of the universe so you quickly need to also do the things below.
2. In the /etc/dovecot/conf.d/10-ssl.conf file, make sure you set (uncomment) the following:
ssl = required
This sets Dovecot to only serve content to the client after a STARTTLS command was issued and the connection is already encrypted.
3. In /etc/dovecot/conf.d/10-auth.conf set
disable_plaintext_auth = yes
This prevents plain text password authentication before encryption (TLS) is turned on. If you have also set ssl=required as per step 2, that will prevent all other kinds of authentications too on an unencrypted connection.
When debugging this, please note that if you connect from localhost (the same machine the server runs on) disable_plaintext_auth=yes has no effect, as localhost is considered secure. You have to connect from a remote machine to make sure plain text authentication is disabled.
Don't forget service dovecot restart.
To test if your setup works as it's supposed to, issue the following (green) from a remote machine (not localhost) (I'm using Ubuntu, but telnet and openssl is available for almost all platforms) and make sure Dovecot responds with something like below (purple):
telnet your.host.name.here yourimapsportnumber
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.
Most importantly, make sure you see 'STARTTLS' and 'LOGINDISABLED'. Then issue STARTTLS and hopefully you see something like this:
a STARTTLS
a OK Begin TLS negotiation now.
(The 'a' in front of STARTTLS is not a typo, a prefix is required by the IMAP server in front of all commands.)
Close the telnet (with 'a logout' or Ctrl+C) and you can use openssl to further investigate as you would otherwise; at the end of a lot of output including the certificate chain you should see a line similar to the one below:
openssl s_client -starttls imap -connect your.domain.name.here:yourimapsportnumber
. OK Pre-login capabilities listed, post-login capabilities have more.
You can then use the capability command to look for what authentication methods are available, if you see AUTH=PLAIN, you can then issue a login command (it's already under an encrypted connection), and if it's successful ("a OK Logged in"), then most likely your iPhone will be able to connect to Dovecot as well.
a capability
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN
a login username password
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS
a OK Logged in
POSTFIX
Likewise, you have to set Postfix to wait for STARTTLS before encrypting the communication.
1. You have to delete the setting smtpd_tls_wrappermode=yes from /etc/postfix/master.cf and/or /etc/postfix/main.cf, if it was enabled. This will mean Outlook won't be able to connect any more because it requires a TSL connection without issuing STARTTLS as per Postfix documentation (haven't tested.) In my case we don't use Outlook so I didn't care. Outlook + iPhone + custom SMTPS port are simply not possible together at the same time as far as I understand. Pick one to sacrifice.
2. Require encrypted (TLS) mode for any data transfer in /etc/postfix/main.cf:
smtpd_tls_security_level = encrypt
3. Authentication should only happen while already in encrypted (TLS) mode, so set in /etc/postfix/main.cf:
smtpd_tls_auth_only = yes
Don't forget postfix reload.
To test if this works, issue the following telnet and wait for the server's greeting:
telnet your.host.name.here yoursmtpsportnumber
220 your.host.name ESMTP Postfix (Ubuntu)
Then type in the EHLO and make sure the list of options contains STARTTLS and does not include an AUTH line (that would mean unencrypted authentication is available):
ehlo your.host.name.here
250-STARTTLS
Then issue starttls and wait for the server's confirmation:
starttls
220 2.0.0 Ready to start TLS
Once again, it's time to use openssl for further testing, detailed info here http://qmail.jms1.net/test-auth.shtml
CERTIFICATES
You also need to be aware that iOS is somewhat particular when it comes to certificates. First of all, you have to make sure to set the following extensions on your root certificate (probably in the [ v3_ca ] section in your /etc/ssl/openssl.cnf, depending on your openssl setup), especially the 'critical' keyword:
basicConstraints = critical,CA:true
keyUsage = critical, cRLSign, keyCertSign
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
And then on the certificate you sign for your mail server, set the following, probably in the [ usr_cert ] section of /etc/ssl/openssl.cnf:
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
subjectAltName = DNS:your.domain.name.here
issuerAltName=issuer:copy
Please note, the above are results of extensive google-ing and trial and error, so maybe you can omit some of the stuff above and it still works. When it started working for me, I stopped experimenting because figuring this all out already took way too much time. The iPhone is horribly undocumented when it comes to details of its peculiar behaviors. If you experiment more and have more accurate information, please feel free to post here as a reply to this message.
You have to import your root certificate into your iPhone embedded in a profile via the iPhone Configuration Utility (free, but only available in Windows or a Mac; details here: http://nat.guyton.net/2012/01/20/adding-trusted-root-certificate-authorities-to- ios-ipad-iphone/ ), after having first added it to Windows' certificate store as a trusted root certificate. This way the Utility will sign your certificate for the phone and it becomes usable; if you just add it from the phone it will be there but won't be used. Using a profile has the added benefit of being able to configure mail settings in it too, and that saves a lot of time when you have to install, remove, reconfigure, install again, etc. a million times until it works.
Another undocumented constraint is that the key size is limited to a max of 4096. You can actually install a root certificate with a larger key, the iPhone Configuration Utility will do that for you without a word. The only suspicious thing is that on the confirmation screen shown on your iPhone when you install the profile you don't get the text "Root Certificate/ Installing the certificate will add it to the list of trusted certificates on your iPhone" in addition to your own custom prompt set up in the iPhone Configuration Utility. The missing additional text is your sign of trouble! - but how would know that before you saw it working once? In any case, if you force the big key certificate on the device, then when you open the Mail App, it opens up and then crashes immediately. Again, without a word. Supposedly Apple implemented this limit on the request of the US Government, read more here if you're interested: http://blogs.microsoft.co.il/blogs/kamtec1/archive/2012/10/13/limitation-of-appl e-devices-iphone-ipad-etc-on-rsa-key-size-bit.aspx .
IN CLOSING...
With all this, you can read and send email from your iPhone.
Don't forget to set all your other clients (Thunderbird, Claws, etc.) to also use STARTTLS instead of SSL, otherwise they won't be able to connect after the changes above.

FTP/File Sender Adapter over SSL - 500 Illegal PORT command.

Hello Experts!
I'm trying to configure FTP Sender Adapter over SSL. This is the configuration I'm using:
Server: server01
Port: 21
Data Connection: Active
Timeout: 100
Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
I have imported ftp server certificate into TrustedCAs key store. When the sender adapter tries to connect it receives the error 500 Illegal PORT command when getting files list.
This is an excerpt of the logs of connection steps:
#Plain##ftp server returns reply '220 Restricted Access. All Actions are monitored.'#
#Plain##Detected 'AUTH TLS' command: Preparing TLS/SSL connection upgrade#
#Plain##'AUTH TLS' successful: Upgrading control channel to TLS/SSL#
#Plain##ftp server returns reply '234 Proceed with negotiation.'#
#Plain##ftp server returns reply '331 Please specify the password.'#
#Plain##ftp server returns reply '230 Login successful.'#
#Plain##ftp server returns reply '200 PBSZ set to 0.'#
#Plain##ftp server returns reply '200 PROT now Private.'#
#Plain##ftp server returns reply '215 UNIX Type: L8'#
#Plain##ftp server returns reply '200 Switching to ASCII mode.'#
#Plain##ftp server returns reply '250 Directory successfully changed.'#
#Plain##ftp server returns reply '500 Illegal PORT command.'#
Does anybody know how to solve it?
Thank you in advance!
Roger Allué i Vall

Ok! This is the maximum i could obtain:
Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "220 Restricted Access. All Actions are monitored."
Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "AUTH TLS"
Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "234 Proceed with negotiation."
Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "USER iubsint"
Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP response: Client "10.58.42.108", "331 Please specify the password."
Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP command: Client "10.58.42.108", "PASS <password>"
Fri Dec 11 15:28:12 2009 [pid 15205] [iubsint] OK LOGIN: Client "10.58.42.108"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "230 Login successful."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PBSZ 0"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PBSZ set to 0."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PROT P"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PROT now Private."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "SYST"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "215 UNIX Type: L8"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "TYPE I"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 Switching to Binary mode."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "CWD /interfaces"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "250 Directory successfully changed."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "500 Illegal PORT command."
I think we found the problem though. FTP Administrator says this is wrong:
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
it should be
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,42,108,159,112"
Something is making SAP PI to take a wrong ip address (This server has two).
I'll let you know if we solve it!!
Thank you!!!

LC + ActiveDirectory + LDAP over SSL = doesn't work

Hi,
I installed Active Directory Certificate Services. Now I want setup LDAP over SSL. Unfortunatelly it doesn't work. I pressed "Test" and always get "Invalid username or invalid password" (
German: "Ungültiger Benutzername oder ungültiges Kennwort"). I'm pretty sure username and password are fine (it worked before I installed Active Directory Certificate Services and used LDAP without SSL).
On server.log, I got this:
2011-11-12 00:51:28,202 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] Following stacktrace is generated due to the Test LDAP Server Configuration action
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
        at com.adobe.idp.um.businesslogic.synch.LdapHelper.createContext(LdapHelper.java:663)
        at com.adobe.idp.um.businesslogic.synch.LdapHelper.testServerConfig(LdapHelper.java:682)
        at com.adobe.idp.um.ui.config.ConfigDirectoryEditAction.testServerSettings_onClick(ConfigDirectoryEditAction.java:215)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at com.cc.framework.adapter.struts.ActionUtil.handleFormAction(Unknown Source)
        at com.cc.framework.adapter.struts.FWAction.handleFormAction(Unknown Source)
        at com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)
        at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
        at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
        at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:91)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.adobe.idp.um.auth.filter.CSRFFilter.doFilter(CSRFFilter.java:41)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:543)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:619)
Do you have some Idea?
cu Floh

I have not done it for Netscape yet but I have done it for Novell and JNDI.. Here is the settings for Novell
// Dynamically set JSSE as a security provider
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Dynamically set the property that JSSE uses to identify
// the keystore that holds trusted root certificates
System.setProperty("javax.net.ssl.trustStore", m_connectionData.getLocal("KeyStore").toString());
ssf = new LDAPJSSESecureSocketFactory();
// Set the socket factory as the default for all future connections
LDAPConnection.setSocketFactory(ssf);

Apache configuration for proxying requests to Weblogic SSL port

Hello Everyone,
I want to proxy requests from Apache to Weblogic server on its SSL Port 7002. I am using the default SSL demo version provided by Oracle/BEA.
Both my Apache and Weblogic instances are running on same machine.
This is the procedure I followed. I enabled SSL port on Weblogic. Added below configuration to Apache conf file. I am passing trusted.crt file inside WL_HOME/server/lib as parameter to TrustedCAFile .
<Location "/">
SetHandler weblogic-handler
</Location>
<IfModule mod_weblogic.c>
SetHandler weblogic-handler
WebLogicHost ServerHostMame
WebLogicPort WLInstanceSSLPort
SecureProxy ON
TrustedCAFile "C:/trusted.crt"
RequireSSLHostMatch false
Debug ALL
WLLogFile "C:/wl_proxy.log"
</IfModule>
When I start the Apache instance and try to access the webpage I see below exception in proxy log.
Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.149.181.55]
Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[Proxy-Client-IP]=[10.149.181.55]
Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[X-Forwarded-For]=[10.149.181.55]
Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[X-WebLogic-KeepAliveSecs]=[30]
Thu Apr 09 10:38:05 2009 <735212392878852> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Thu Apr 09 10:38:05 2009 <735212392878761> INFO: No session match found
Thu Apr 09 10:38:05 2009 <735212392878852> INFO: SSL certificate chain validation failed: 3015
Thu Apr 09 10:38:05 2009 <735212392878852> trusted certs = 0
Thu Apr 09 10:38:05 2009 <735212392878852> dumping cert chain
Thu Apr 09 10:38:05 2009 <735212392878852> commonName is testmachine-us
Thu Apr 09 10:38:05 2009 <735212392878761> INFO: DeleteSessionCallback
Thu Apr 09 10:38:05 2009 <735212392878852> ERROR: SSLWrite failed
Thu Apr 09 10:38:05 2009 <735212392878852> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
Thu Apr 09 10:38:05 2009 <735212392878852> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
Thu Apr 09 10:38:05 2009 <735212392878852> Marking 10.149.181.55:40011 as bad
Thu Apr 09 10:38:05 2009 <735212392878852> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 2994
Thu Apr 09 10:38:05 2009 <735212392878852> INFO: Closing SSL context
Thu Apr 09 10:38:05 2009 <735212392878852> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Apr 09 10:38:05 2009 <735212392878852> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Thu Apr 09 10:38:05 2009 <735212392878852> attempt #1 out of a max of 5
Thu Apr 09 10:38:05 2009 <735212392878852> general list: trying connect to '10.149.181.55'/40011/40011 at line 2619 for '/'
Thu Apr 09 10:38:05 2009 <735212392878852> New SSL URL: match = 0 oid = 22
Thu Apr 09 10:38:05 2009 <735212392878852> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Apr 09 10:38:05 2009 <735212392878852> EINPROGRESS in connect() - selecting
Thu Apr 09 10:38:05 2009 <735212392878852> Setting peerID for new SSL connection
Please advice if I am missing anything here?
- - Tarun

I'm using WL9 and Apache2.2
I had exact same issue as above (which I solved with these directions) in additiion to another issue, that only showed once I enabled full logging, since it shows as warning/info, not as error
First to enable full logging, add this
Debug ALL
WLLogFile "C:/wl_proxy.log"
Then after a failure (even after fixing the above), look at the log, and if you see this INFO/WARN:
Thu Apr 23 00:48:27 2009 <235612404369072> INFO: Host (comp1) doesn't match (192.168.0.229), validation failed
Thu Apr 23 00:48:27 2009 <235612404368911> WARN: DeleteSessionCallback: No match found!!
Thu Apr 23 00:48:27 2009 <235612404369072> ERROR: SSLWrite failed
Thu Apr 23 00:48:27 2009 <235612404369072> SEND failed (ret=-1) at 795 of file ../nsapi/URL.cpp
Thu Apr 23 00:48:27 2009 <235612404369072> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 796 of ../nsapi/URL.cpp
Thu Apr 23 00:48:27 2009 <235612404369072> Marking 192.168.0.229:7002 as bad
that means you have same problem as I do. The WeblogicHost inside the Location descriptor should match the actual host name for the machine. I believe it's easer because the certificate created by weblogic during its installation will encapsulate the machine host name, or because the SSL validation mechanism expects the machine host name, nothing else.
Here's how the config would like (my hostname is comp1)
<IfModule mod_weblogic.c>
SecureProxy on
TrustedCAFile "C:/tools/bea9/weblogic92/server/lib/CertGenCA.pem"
Debug ALL
WLLogFile "C:/wl_proxy.log"
EnforceBasicConstraints off
</IfModule>
<Location /EnterpriseCMP>
SetHandler     weblogic-handler
WebLogicHost      comp1
WebLogicPort     7002
ConnectTimeoutSecs     1000
ConnectRetrySecs     1000
</Location>
I believe the

C4585 doesn't respond - PC trying wrong IP address

When I attempt to enable network printing on my C4585, the computer attempts to communicate with it at IP 192.168.1.71, but the printer (according to its own setup sheet, and the router) is on IP 192.168.1.78. The computer does seem to realise this partway through the setup, but still reports that the printer is not responding on 192.168.1.71.
Here's the sequence of messages during the installation:
Connecting to printer…Checking settings for network adapter Edimax nLite Wireless USB Adapter ...
Starting networking services ...
Searching for CN8BCFB17H057K ...
Searching for Hardware Address (MAC) of 00237dace55d ...
Sending PING request to 192.168.1.71 ...
Checking network topology ...
Starting networking services ...
Sending SLP request to 192.168.1.71 ...
Checking wireless radio ...
Checking gateway 192.168.1.254 ...
Checking subnet mask 255.255.255.0 ...
Checking IP address 192.168.1.78 ...
Checking IP address 192.168.1.78 ...
After this it fails, and a new dialog box pops up to tell me that it couldn't communicate with the printer on 192.168.1.71.
I've tried manually adding a new TCP/IP printer port using the Windows printer properties, pointing to IP 192.168.1.78, but the printer doesn't respond on that address.
Other notes:
- I'm on Windows XP (the computer is several years old)
- when I install the printer software (downloaded from the HP website last year), it throws up an error near the end of the installation, telling me that it's looking for a feature which is only available on a CD
- printing works fine over USB
Any suggestions? I'd like to either clear the printer's current IP setting so that it can get the same one that the computer wants to contact it on, or else tell the computer to use the printer's IP address.
I'll try redownloading the printer driver now and reinstalling, in case that helps. Any other suggestions would be appreciated.

Hi leighcaldwell,
First, uninstall the HP software using the scrubber method.
1. Type %temp% in the run field
2. Look for, and open the folder starting with 7z (Example: 7zS2356)
3. Open folder Util
4. Open folder CCC
5. Run the L3uninstall.bat if you have an HP computer, otherwise L4uninstall.bat
6. When the uninstall has completed restart the computer
7. Run Disk cleanup from Accessories\ System Tools
8. Restart the computer but do not reinstall yet.
Then reset the wireless on the printer:
To restore network defaults
1. Press the Wireless button on the product.
2. Press the button next to the down arrow on the display until Restore Network
Defaults is highlighted, and then press OK.
3. Confirm that you want to restore the network defaults.
Reinstall the software for a wireless connection type.
I was an HP employee.
Please mark the post that solves your problem as "Accepted Solution"

I am experiencing the problem "your computer restarted because of a problem" from the past 3 months and its mostly everyday, also I click on the report it to apple button and it says report submitted but apple doesn't respond. HELP!

Also I am using a mid 2012 macbok air.
Here is the stuff it showed me:
Interval Since Last Panic Report: 116543 sec
Panics Since Last Report:          1
Anonymous UUID:                    6230F21B-9B4A-4F55-C557-9B70A3D3FBD4
Thu Jun 13 12:46:57 2013
panic(cpu 1 caller 0xffffff800d8b8709): "Double fault at 0xffffff800d828034, registers:\n" "CR0: 0x000000008001003b, CR2: 0xffffff8132e1ff98, CR3: 0x000000000fc28000, CR4: 0x00000000001606e0\n" "RAX: 0xffffff8132e200b0, RBX: 0xffffff7f8df368db, RCX: 0xffffff8132e200b0, RDX: 0xffffff800db74970\n" "RSP: 0xffffff8132e1ffa0, RBP: 0xffffff8132e200a0, RSI: 0xffffff8132e20108, RDI: 0xffffff7f8df368db\n" "R8: 0x000000000000000a, R9: 0x0000000000000010, R10: 0x0000000000000000, R11: 0x0000000000000000\n" "R12: 0x00000000e00002c2, R13: 0xffffff8020fdbf00, R14: 0xffffff7f8df39ee0, R15: 0xffffff8020ea1000\n" "RFL: 0x0000000000010286, RIP: 0xffffff800d828034, CS: 0x0000000000000008, SS: 0x0000000000000010\n" "Error code: 0x0000000000000000\n"@/SourceCache/xnu/xnu-2050.22.13/osfmk/i386/trap_native.c: 280
Backtrace (CPU 1), Frame : Return Address
0xffffff80f5ac5ec0 : 0xffffff800d81d626
0xffffff80f5ac5f30 : 0xffffff800d8b8709
0xffffff80f5ac60a0 : 0xffffff800d8cddcf
0xffffff8132e200a0 : 0xffffff800db74a62
0xffffff8132e200c0 : 0xffffff7f8df31d8d
0xffffff8132e20130 : 0xffffff7f8df2d283
0xffffff8132e201a0 : 0xffffff7f8df2f5a0
0xffffff8132e20260 : 0xffffff800dc4729a
0xffffff8132e202c0 : 0xffffff7f8dda3f3e
0xffffff8132e20330 : 0xffffff7f8e219fed
0xffffff8132e20360 : 0xffffff7f8e219d05
0xffffff8132e20390 : 0xffffff7f8dd9841c
0xffffff8132e20480 : 0xffffff7f8df2fad4
0xffffff8132e204f0 : 0xffffff7f8dd97fae
0xffffff8132e20580 : 0xffffff7f8dd9939e
0xffffff8132e20660 : 0xffffff800dc4729a
0xffffff8132e206c0 : 0xffffff7f8dd9e8fe
0xffffff8132e20790 : 0xffffff7f8ddc25ce
0xffffff8132e20810 : 0xffffff7f8dda431b
0xffffff8132e20880 : 0xffffff7f8dda42a1
0xffffff8132e208d0 : 0xffffff7f8e21a5c1
0xffffff8132e20910 : 0xffffff7f8e214662
0xffffff8132e20940 : 0xffffff7f8dd9841c
0xffffff8132e20a30 : 0xffffff7f8df2fad4
0xffffff8132e20aa0 : 0xffffff7f8dd97fae
0xffffff8132e20b30 : 0xffffff7f8dd9939e
0xffffff8132e20c10 : 0xffffff800dc4729a
0xffffff8132e20c70 : 0xffffff7f8dd9e8fe
0xffffff8132e20d40 : 0xffffff7f8ddc25ce
0xffffff8132e20dc0 : 0xffffff7f8dda431b
0xffffff8132e20e30 : 0xffffff7f8dda42a1
0xffffff8132e20e80 : 0xffffff7f8e21a5c1
0xffffff8132e20ec0 : 0xffffff7f8e214662
0xffffff8132e20ef0 : 0xffffff7f8dd9841c
0xffffff8132e20fe0 : 0xffffff7f8df2fad4
0xffffff8132e21050 : 0xffffff7f8dd97fae
0xffffff8132e210e0 : 0xffffff7f8dd9939e
0xffffff8132e211c0 : 0xffffff800dc4729a
0xffffff8132e21220 : 0xffffff7f8dd9e8fe
0xffffff8132e212f0 : 0xffffff7f8ddc25ce
0xffffff8132e21370 : 0xffffff7f8dda431b
0xffffff8132e213e0 : 0xffffff7f8dda42a1
0xffffff8132e21430 : 0xffffff7f8e21a5c1
0xffffff8132e21470 : 0xffffff7f8e214662
0xffffff8132e214a0 : 0xffffff7f8dd9841c
0xffffff8132e21590 : 0xffffff7f8df2fad4
0xffffff8132e21600 : 0xffffff7f8dd97fae
0xffffff8132e21690 : 0xffffff7f8dd9939e
0xffffff8132e21770 : 0xffffff800dc4729a
0xffffff8132e217d0 : 0xffffff7f8dd9e8fe
0xffffff8132e218a0 : 0xffffff7f8ddc25ce
0xffffff8132e21920 : 0xffffff7f8dda431b
0xffffff8132e21990 : 0xffffff7f8dda42a1
0xffffff8132e219e0 : 0xffffff7f8e21a5c1
0xffffff8132e21a20 : 0xffffff7f8e214662
0xffffff8132e21a50 : 0xffffff7f8dd9841c
0xffffff8132e21b40 : 0xffffff7f8df2d37e
0xffffff8132e21bb0 : 0xffffff7f8df2f5a0
0xffffff8132e21c70 : 0xffffff800dc4729a
0xffffff8132e21cd0 : 0xffffff7f8dda3f3e
0xffffff8132e21d40 : 0xffffff7f8e219fed
0xffffff8132e21d70 : 0xffffff7f8e219d05
0xffffff8132e21da0 : 0xffffff7f8dd9841c
0xffffff8132e21e90 : 0xffffff7f8df2fad4
0xffffff8132e21f00 : 0xffffff7f8dd97fae
0xffffff8132e21f90 : 0xffffff7f8dd9939e
0xffffff8132e22070 : 0xffffff800dc4729a
0xffffff8132e220d0 : 0xffffff7f8dd9e8fe
0xffffff8132e221a0 : 0xffffff7f8ddc25ce
0xffffff8132e22220 : 0xffffff7f8dda431b
0xffffff8132e22290 : 0xffffff7f8dda42a1
0xffffff8132e222e0 : 0xffffff7f8e21a5c1
0xffffff8132e22320 : 0xffffff7f8e214662
0xffffff8132e22350 : 0xffffff7f8dd9841c
0xffffff8132e22440 : 0xffffff7f8df2d37e
0xffffff8132e224b0 : 0xffffff7f8df2f5a0
0xffffff8132e22570 : 0xffffff800dc4729a
0xffffff8132e225d0 : 0xffffff7f8dda3f3e
0xffffff8132e22640 : 0xffffff7f8e219fed
0xffffff8132e22670 : 0xffffff7f8e219d05
          Backtrace continues...
      Kernel Extensions in backtrace:
         com.apple.iokit.IOUSBFamily(5.5.5)[A276B40E-978D-3623-93D3-8621B3CEECFC]@0xffff ff7f8dd95000->0xffffff7f8ddf0fff
            dependency: com.apple.iokit.IOPCIFamily(2.7.3)[1D668879-BEF8-3C58-ABFE-FAC6B3E9A292]@0xffff ff7f8dd6c000
         com.apple.driver.AppleUSBHub(5.5.5)[54546EC2-8891-334B-9626-1EF6A02450DE]@0xfff fff7f8e213000->0xffffff7f8e227fff
            dependency: com.apple.iokit.IOUSBFamily(5.5.5)[A276B40E-978D-3623-93D3-8621B3CEECFC]@0xffff ff7f8dd95000
         dl.uds.netusb.controller(1.0d1)[8A6F03A2-5A6B-7137-C413-815E20000EB4]@0xffffff7 f8df25000->0xffffff7f8df41fff
            dependency: com.apple.iokit.IOUSBFamily(5.5.5)[A276B40E-978D-3623-93D3-8621B3CEECFC]@0xffff ff7f8dd95000
BSD process name corresponding to current thread: kernel_task
Mac OS version:
12D78
Kernel version:
Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64
Kernel UUID: 3EB7D8A7-C2D3-32EC-80F4-AB37D61492C6
Kernel slide:     0x000000000d600000
Kernel text base: 0xffffff800d800000
System model name: MacBookAir5,2 (Mac-2E6FAB96566FE58C)
System uptime in nanoseconds: 117875499067298
last loaded kext at 105449581298871: com.apple.driver.AppleUSBTCKeyEventDriver          237.1 (addr 0xffffff7f8f551000, size 12288)
last unloaded kext at 105568296897670: com.apple.driver.AppleUSBCDC          4.1.23 (addr 0xffffff7f8f545000, size 12288)
loaded kexts:
foo.tap          1.0
foo.tun          1.0
dl.uds.netusb.controller          1.0.0d1
com.rim.driver.BlackBerryUSBDriverInt          0.0.74
com.apple.driver.AudioAUUC          1.60
com.apple.filesystems.autofs          3.0
com.apple.iokit.IOBluetoothSerialManager          4.1.3f3
com.apple.driver.ApplePlatformEnabler          2.0.6d1
com.apple.driver.AGPM          100.12.87
com.apple.driver.X86PlatformShim          1.0.0
com.apple.iokit.IOUserEthernet          1.0.0d1
com.apple.driver.AppleUpstreamUserClient          3.5.10
com.apple.driver.AppleBacklight          170.2.5
com.apple.driver.AppleMCCSControl          1.1.11
com.apple.driver.AppleIntelHD4000Graphics          8.1.0
com.apple.driver.AppleMikeyHIDDriver          122
com.apple.driver.AppleHDA          2.3.7fc4
com.apple.iokit.BroadcomBluetoothHCIControllerUSBTransport          4.1.3f3
com.apple.driver.AppleMikeyDriver          2.3.7fc4
com.apple.driver.AppleIntelFramebufferCapri          8.1.0
com.apple.driver.AppleSMCPDRC          1.0.0
com.apple.Dont_Steal_Mac_OS_X          7.0.0
com.apple.driver.ApplePolicyControl          3.3.0
com.apple.driver.AppleSMCLMU          2.0.3d0
com.apple.driver.AppleLPC          1.6.0
com.apple.driver.AppleUSBTCButtons          237.1
com.apple.driver.AppleUSBCardReader          3.1.7
com.apple.driver.AppleUSBTCKeyboard          237.1
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless          1.0.0d1
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib          1.0.0d1
com.apple.BootCache          34
com.apple.driver.XsanFilter          404
com.apple.iokit.IOAHCIBlockStorage          2.3.1
com.apple.driver.AppleUSBHub          5.5.5
com.apple.driver.AppleUSBXHCI          5.5.5
com.apple.driver.AirPort.Brcm4331          614.20.16
com.apple.driver.AppleAHCIPort          2.5.1
com.apple.driver.AppleUSBEHCI          5.5.0
com.apple.driver.AppleSmartBatteryManager          161.0.0
com.apple.driver.AppleEFINVRAM          1.7
com.apple.driver.AppleRTC          1.5
com.apple.driver.AppleACPIButtons          1.7
com.apple.driver.AppleHPET          1.8
com.apple.driver.AppleSMBIOS          1.9
com.apple.driver.AppleACPIEC          1.7
com.apple.driver.AppleAPIC          1.6
com.apple.driver.AppleIntelCPUPowerManagementClient          196.0.0
com.apple.nke.applicationfirewall          4.0.39
com.apple.security.quarantine          2
com.apple.driver.AppleIntelCPUPowerManagement          196.0.0
com.apple.kext.triggers          1.0
com.apple.iokit.IOSerialFamily          10.0.6
com.apple.iokit.IOSurface          86.0.4
com.apple.driver.AppleBacklightExpert          1.0.4
com.apple.iokit.IOAcceleratorFamily          30.14
com.apple.driver.DspFuncLib          2.3.7fc4
com.apple.iokit.IOAudioFamily          1.8.9fc11
com.apple.kext.OSvKernDSPLib          1.6
com.apple.iokit.AppleBluetoothHCIControllerUSBTransport          4.1.3f3
com.apple.driver.AppleSMBusController          1.0.11d0
com.apple.driver.AppleHDAController          2.3.7fc4
com.apple.iokit.IOHDAFamily          2.3.7fc4
com.apple.driver.AppleSMBusPCI          1.0.11d0
com.apple.driver.X86PlatformPlugin          1.0.0
com.apple.iokit.IOBluetoothFamily          4.1.3f3
com.apple.driver.AppleGraphicsControl          3.3.0
com.apple.iokit.IONDRVSupport          2.3.7
com.apple.driver.AppleSMC          3.1.4d2
com.apple.iokit.IOGraphicsFamily          2.3.7
com.apple.driver.IOPlatformPluginFamily          5.3.0d51
com.apple.driver.AppleUSBMultitouch          237.3
com.apple.iokit.IOUSBHIDDriver          5.2.5
com.apple.driver.AppleThunderboltDPInAdapter          1.8.9
com.apple.driver.AppleThunderboltDPAdapterFamily          1.8.9
com.apple.driver.AppleThunderboltPCIDownAdapter          1.2.6
com.apple.driver.AppleUSBMergeNub          5.5.5
com.apple.driver.AppleThunderboltNHI          1.6.3
com.apple.iokit.IOThunderboltFamily          2.2.6
com.apple.iokit.IOUSBUserClient          5.5.5
com.apple.iokit.IO80211Family          522.4
com.apple.iokit.IONetworkingFamily          3.0
com.apple.iokit.IOAHCIFamily          2.3.1
com.apple.driver.AppleEFIRuntime          1.7
com.apple.iokit.IOHIDFamily          1.8.1
com.apple.iokit.IOSMBusFamily          1.1
com.apple.security.sandbox          220.2
com.apple.kext.AppleMatch          1.0.0d1
com.apple.security.TMSafetyNet          7
com.apple.driver.DiskImages          345
com.apple.driver.AppleKeyStore          28.21
com.apple.iokit.IOUSBMassStorageClass          3.5.1
com.apple.driver.AppleUSBComposite          5.2.5
com.apple.iokit.IOSCSIBlockCommandsDevice          3.5.5
com.apple.iokit.IOStorageFamily          1.8
com.apple.iokit.IOSCSIArchitectureModelFamily          3.5.5
com.apple.iokit.IOUSBFamily          5.5.5
com.apple.driver.AppleACPIPlatform          1.7
com.apple.iokit.IOPCIFamily          2.7.3
com.apple.iokit.IOACPIFamily          1.4
com.apple.kec.corecrypto          1.0
Model: MacBookAir5,2, BootROM MBA51.00EF.B02, 2 processors, Intel Core i7, 2 GHz, 8 GB, SMC 2.5f7
Graphics: Intel HD Graphics 4000, Intel HD Graphics 4000, Built-In, 512 MB
Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1600 MHz, 0x80AD, 0x484D5434353153364D465238412D50422020
Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1600 MHz, 0x80AD, 0x484D5434353153364D465238412D50422020
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0xE9), Broadcom BCM43xx 1.0 (5.106.98.100.16)
Bluetooth: Version 4.1.3f3 11349, 2 service, 11 devices, 1 incoming serial ports
Network Service: Wi-Fi, AirPort, en0
Serial ATA Device: APPLE SSD SM256E, 251 GB
USB Device: hub_device, 0x8087 (Intel Corporation), 0x0024, 0x1d100000 / 2
USB Device: hub_device, 0x0424 (SMSC), 0x2513, 0x1d180000 / 3
USB Device: BRCM20702 Hub, 0x0a5c (Broadcom Corp.), 0x4500, 0x1d181000 / 6
USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x821f, 0x1d181300 / 7
USB Device: Internal Memory Card Reader, apple_vendor_id, 0x8404, 0x1d183000 / 5
USB Device: Apple Internal Keyboard / Trackpad, apple_vendor_id, 0x024c, 0x1d182000 / 4
USB Device: hub_device, 0x8087 (Intel Corporation), 0x0024, 0x1a100000 / 2
USB Device: FaceTime HD Camera (Built-in), apple_vendor_id, 0x8510, 0x1a110000 / 3

Apple doesn't respond to crash or panic reports. They're for internal use only.
Any or all of the following third-party system modifications may be contributing to your problem:
OpenVPN client
Driver for unknown USB network device
BlackBerry Desktop Manager
If the panic is recurrent, I suggest you uninstall them, one at a time, according to the developers' instructions, to see whether you can determine which is at fault. A conflict between modifications may be involved. Reboot and test after each uninstallation.
Back up all data before making any changes.

IPlanet authentication over SSL

I've written a when_compare_replace plugin for out 9.0.2.0 OID server to perform user authentication against our iPlanet LDAP server for portal users. Authentication works great as is shown in the plugin souce below but it is being done in the clear, with no encryption on any of the data.
I've been looking and looking for ways to do the DBMS_LDAP.simple_bind_s over a secure connection and have come up with nothing. Our LDAP server has a SSL port running and performes authentication for other C and Java applications over an encrypted connection.
I've been trying to get the DBMS_LDAP.open_ssl command to work but I'm lost when it comes to the wallets. Why does the client need a wallet with a certificate to establish a secure connection? If we have to use a wallet with a certificate, what certificate do we use? Do we need to get a cert for the OID server so we can perform encrypted authentication?
Below is the full PL/SQL source of my OID plugin. It works as is for clear text authentication but this is not acceptable for a production system.
PACKAGE BODY PLUGIN_WHEN_COMPARE_REPLACE AS
--Writen by Eric Dalquist, [email protected] - 07/01/2003 for use by Michigan
--Technological University. This code may be freely used and modified as
--long as the original author's name, email address and creation date are
--included.
PROCEDURE WHEN_COMPARE_REPLACE
ldapplugincontext IN ODS.plugincontext,
result OUT INTEGER,
dn IN VARCHAR2,
attrname IN VARCHAR2,
attrval IN VARCHAR2,
rc OUT INTEGER,
errormsg OUT VARCHAR2
IS
local_session    DBMS_LDAP.session;
local_bind_return   PLS_INTEGER;
local_ldap_host    VARCHAR(256);
local_ldap_port    PLS_INTEGER;
remote_session DBMS_LDAP.session;
remote_bind_return PLS_INTEGER;
remote_ldap_host VARCHAR(256);
remote_ldap_port PLS_INTEGER;
remote_ssl_results PLS_INTEGER;
search_attributes   DBMS_LDAP.STRING_COLLECTION;
search_return    PLS_INTEGER;
search_result    DBMS_LDAP.MESSAGE;
search_entry DBMS_LDAP.MESSAGE;
search_entries PLS_INTEGER;
MTU_userid VARCHAR(16);
MTU_dn VARCHAR(256);
retval PLS_INTEGER;
--DEBUGING VARIABLES
auth_location   VARCHAR(16);
auth_server    VARCHAR(256);
auth_port    PLS_INTEGER;
context_data VARCHAR(2048);
BEGIN
remote_ldap_host := 'test1.mtu.edu';
remote_ldap_port := 389;
--Exceptions make fall-through authentication much more difficult
--Turn them off.
DBMS_LDAP.USE_EXCEPTION := FALSE;
--Move this into the local auth section later
--Cut down on proccessing time to save CPU
FOR l_counter IN 1..ldapplugincontext.COUNT LOOP
IF l_counter = 1 THEN
local_ldap_host := ldapplugincontext(l_counter);
ELSIF l_counter = 2 THEN
local_ldap_port := ldapplugincontext(l_counter);
END IF;
--Debuging purposes only
IF l_counter = ldapplugincontext.COUNT THEN
context_data := context_data || ldapplugincontext(l_counter);
ELSE
context_data := context_data || ldapplugincontext(l_counter) || ', ';
END IF;
END LOOP;
IF attrname = 'userpassword' THEN
remote_session := DBMS_LDAP.init(remote_ldap_host, remote_ldap_port);
--Instead of putting it in a STRING_COLLECTION first just extract
--the first element (MTU userid) right away
MTU_userid := DBMS_LDAP.explode_dn(dn, 1)(0);
--Find the users MTU dn based on their user id
search_attributes(1) := 'michigantechuniqueidentifier';
search_return := DBMS_LDAP.search_s
remote_session,
'ou=people,dc=mtu,dc=edu',
DBMS_LDAP.SCOPE_SUBTREE,
'(&(uid=' || MTU_userid || ')(objectclass=posixaccount))',
search_attributes,
0,
search_result
rc := search_return;
--Get the number of entries found for the user id
search_entries := DBMS_LDAP.count_entries(remote_session, search_result);
IF search_return = DBMS_LDAP.SUCCESS AND search_entries = 1 THEN
--for debuging
auth_location := 'remote';
auth_server := remote_ldap_host;
auth_port := remote_ldap_port;
--Retrieve the MTU dn from the search results
search_entry := DBMS_LDAP.first_entry(remote_session, search_result);
MTU_dn := DBMS_LDAP.get_dn(remote_session, search_entry);
--Perform a simple bind against the remote LDAP server with the MTU dn and
--password passed to us.
remote_bind_return := DBMS_LDAP.simple_bind_s(remote_session, MTU_dn, attrval);
rc := remote_bind_return;
--If the bind was successful unbind from the server.
IF remote_bind_return = DBMS_LDAP.SUCCESS THEN
retval := DBMS_LDAP.unbind_s(remote_session);
END IF;
ELSIF search_entries < 1 THEN
--for debuging
auth_location := 'local';
auth_server := local_ldap_host;
auth_port := local_ldap_port;
--If the user does not exist on the remote LDAP server
--attempt to authenticate it with the local LDAP server
local_session := DBMS_LDAP.init(local_ldap_host, local_ldap_port);
local_bind_return := DBMS_LDAP.simple_bind_s(local_session, dn, attrval);
rc := local_bind_return;
IF local_bind_return = DBMS_LDAP.success THEN
retval := DBMS_LDAP.unbind_s(local_session);
END IF;
ELSE
--for debuging
auth_location := 'none';
--Too many results returned
rc := DBMS_LDAP.RESULTS_TOO_LARGE;
END IF;
--the value of 'result' determines if the user is authenticated or not
IF rc = DBMS_LDAP.SUCCESS THEN
result := DBMS_LDAP.COMPARE_TRUE;
ELSE
result := DBMS_LDAP.COMPARE_FALSE;
END IF;
errormsg := DBMS_LDAP.err2string(rc);
ELSE
-- Do what WHEN_COMPARE_REPLACE would have done????
rc := DBMS_LDAP.SUCCESS;
-- Return false if unsure that the user should be authenticated
result := DBMS_LDAP.COMPARE_FALSE;
errormsg := 'Not sure what I should have done here :-)';
--Correct behavior is probably to do a search based on the DN for
--the specified attribute and then compare the passed value to the
--found value but until logs show this procedure is used for
--anything other than password authentication the functionality is
--going to be left out.
END IF;
INSERT INTO WHEN_COMPARE_REPLACE_LOG VALUES
to_char(sysdate, 'Month DD, YYYY HH24:MI:SS'),
dn,
attrname,
attrval,
MTU_userid,
MTU_dn,
result,
rc,
errormsg,
'No Exception - Auth From: ' || auth_location,
auth_server,
auth_port,
context_data
COMMIT;
EXCEPTION
WHEN OTHERS THEN
--An exception was raised
rc := SQLCODE;
errormsg := SUBSTR(SQLERRM, 1, 255);
--Return false so authentication can't happen
result := DBMS_LDAP.COMPARE_FALSE;
INSERT INTO WHEN_COMPARE_REPLACE_LOG VALUES
to_char(sysdate, 'Month DD, YYYY HH24:MI:SS'),
dn,
attrname,
attrval,
MTU_userid,
MTU_dn,
result,
rc,
errormsg,
'Exception - Auth From: ' || auth_location,
auth_server,
auth_port,
context_data
COMMIT;
END;
END PLUGIN_WHEN_COMPARE_REPLACE;

I've written a when_compare_replace plugin for out 9.0.2.0 OID server to perform user authentication against our iPlanet LDAP server for portal users. Authentication works great as is shown in the plugin souce below but it is being done in the clear, with no encryption on any of the data.
I've been looking and looking for ways to do the DBMS_LDAP.simple_bind_s over a secure connection and have come up with nothing. Our LDAP server has a SSL port running and performes authentication for other C and Java applications over an encrypted connection.
I've been trying to get the DBMS_LDAP.open_ssl command to work but I'm lost when it comes to the wallets. Why does the client need a wallet with a certificate to establish a secure connection? If we have to use a wallet with a certificate, what certificate do we use? Do we need to get a cert for the OID server so we can perform encrypted authentication?
Below is the full PL/SQL source of my OID plugin. It works as is for clear text authentication but this is not acceptable for a production system.
PACKAGE BODY PLUGIN_WHEN_COMPARE_REPLACE AS
--Writen by Eric Dalquist, [email protected] - 07/01/2003 for use by Michigan
--Technological University. This code may be freely used and modified as
--long as the original author's name, email address and creation date are
--included.
PROCEDURE WHEN_COMPARE_REPLACE
ldapplugincontext IN ODS.plugincontext,
result OUT INTEGER,
dn IN VARCHAR2,
attrname IN VARCHAR2,
attrval IN VARCHAR2,
rc OUT INTEGER,
errormsg OUT VARCHAR2
IS
local_session    DBMS_LDAP.session;
local_bind_return   PLS_INTEGER;
local_ldap_host    VARCHAR(256);
local_ldap_port    PLS_INTEGER;
remote_session DBMS_LDAP.session;
remote_bind_return PLS_INTEGER;
remote_ldap_host VARCHAR(256);
remote_ldap_port PLS_INTEGER;
remote_ssl_results PLS_INTEGER;
search_attributes   DBMS_LDAP.STRING_COLLECTION;
search_return    PLS_INTEGER;
search_result    DBMS_LDAP.MESSAGE;
search_entry DBMS_LDAP.MESSAGE;
search_entries PLS_INTEGER;
MTU_userid VARCHAR(16);
MTU_dn VARCHAR(256);
retval PLS_INTEGER;
--DEBUGING VARIABLES
auth_location   VARCHAR(16);
auth_server    VARCHAR(256);
auth_port    PLS_INTEGER;
context_data VARCHAR(2048);
BEGIN
remote_ldap_host := 'test1.mtu.edu';
remote_ldap_port := 389;
--Exceptions make fall-through authentication much more difficult
--Turn them off.
DBMS_LDAP.USE_EXCEPTION := FALSE;
--Move this into the local auth section later
--Cut down on proccessing time to save CPU
FOR l_counter IN 1..ldapplugincontext.COUNT LOOP
IF l_counter = 1 THEN
local_ldap_host := ldapplugincontext(l_counter);
ELSIF l_counter = 2 THEN
local_ldap_port := ldapplugincontext(l_counter);
END IF;
--Debuging purposes only
IF l_counter = ldapplugincontext.COUNT THEN
context_data := context_data || ldapplugincontext(l_counter);
ELSE
context_data := context_data || ldapplugincontext(l_counter) || ', ';
END IF;
END LOOP;
IF attrname = 'userpassword' THEN
remote_session := DBMS_LDAP.init(remote_ldap_host, remote_ldap_port);
--Instead of putting it in a STRING_COLLECTION first just extract
--the first element (MTU userid) right away
MTU_userid := DBMS_LDAP.explode_dn(dn, 1)(0);
--Find the users MTU dn based on their user id
search_attributes(1) := 'michigantechuniqueidentifier';
search_return := DBMS_LDAP.search_s
remote_session,
'ou=people,dc=mtu,dc=edu',
DBMS_LDAP.SCOPE_SUBTREE,
'(&(uid=' || MTU_userid || ')(objectclass=posixaccount))',
search_attributes,
0,
search_result
rc := search_return;
--Get the number of entries found for the user id
search_entries := DBMS_LDAP.count_entries(remote_session, search_result);
IF search_return = DBMS_LDAP.SUCCESS AND search_entries = 1 THEN
--for debuging
auth_location := 'remote';
auth_server := remote_ldap_host;
auth_port := remote_ldap_port;
--Retrieve the MTU dn from the search results
search_entry := DBMS_LDAP.first_entry(remote_session, search_result);
MTU_dn := DBMS_LDAP.get_dn(remote_session, search_entry);
--Perform a simple bind against the remote LDAP server with the MTU dn and
--password passed to us.
remote_bind_return := DBMS_LDAP.simple_bind_s(remote_session, MTU_dn, attrval);
rc := remote_bind_return;
--If the bind was successful unbind from the server.
IF remote_bind_return = DBMS_LDAP.SUCCESS THEN
retval := DBMS_LDAP.unbind_s(remote_session);
END IF;
ELSIF search_entries < 1 THEN
--for debuging
auth_location := 'local';
auth_server := local_ldap_host;
auth_port := local_ldap_port;
--If the user does not exist on the remote LDAP server
--attempt to authenticate it with the local LDAP server
local_session := DBMS_LDAP.init(local_ldap_host, local_ldap_port);
local_bind_return := DBMS_LDAP.simple_bind_s(local_session, dn, attrval);
rc := local_bind_return;
IF local_bind_return = DBMS_LDAP.success THEN
retval := DBMS_LDAP.unbind_s(local_session);
END IF;
ELSE
--for debuging
auth_location := 'none';
--Too many results returned
rc := DBMS_LDAP.RESULTS_TOO_LARGE;
END IF;
--the value of 'result' determines if the user is authenticated or not
IF rc = DBMS_LDAP.SUCCESS THEN
result := DBMS_LDAP.COMPARE_TRUE;
ELSE
result := DBMS_LDAP.COMPARE_FALSE;
END IF;
errormsg := DBMS_LDAP.err2string(rc);
ELSE
-- Do what WHEN_COMPARE_REPLACE would have done????
rc := DBMS_LDAP.SUCCESS;
-- Return false if unsure that the user should be authenticated
result := DBMS_LDAP.COMPARE_FALSE;
errormsg := 'Not sure what I should have done here :-)';
--Correct behavior is probably to do a search based on the DN for
--the specified attribute and then compare the passed value to the
--found value but until logs show this procedure is used for
--anything other than password authentication the functionality is
--going to be left out.
END IF;
INSERT INTO WHEN_COMPARE_REPLACE_LOG VALUES
to_char(sysdate, 'Month DD, YYYY HH24:MI:SS'),
dn,
attrname,
attrval,
MTU_userid,
MTU_dn,
result,
rc,
errormsg,
'No Exception - Auth From: ' || auth_location,
auth_server,
auth_port,
context_data
COMMIT;
EXCEPTION
WHEN OTHERS THEN
--An exception was raised
rc := SQLCODE;
errormsg := SUBSTR(SQLERRM, 1, 255);
--Return false so authentication can't happen
result := DBMS_LDAP.COMPARE_FALSE;
INSERT INTO WHEN_COMPARE_REPLACE_LOG VALUES
to_char(sysdate, 'Month DD, YYYY HH24:MI:SS'),
dn,
attrname,
attrval,
MTU_userid,
MTU_dn,
result,
rc,
errormsg,
'Exception - Auth From: ' || auth_location,
auth_server,
auth_port,
context_data
COMMIT;
END;
END PLUGIN_WHEN_COMPARE_REPLACE;

Screen ipad doesn't respond during video viewing home sharing with multiple iOS devices simultaneously

A have a problem with the videos app and iTunes home sharing on multiple iOS devices.
This is my setup. On my iMac 2006 with Snow Leopard I have:
- 100+ dvd's ripped in my iTunes movie section
- 600+ episodes ripped in iTunes TV-section in 35 TV-shows
- 1 apple tv, 1 iPad 2, 1 iPad mini
On an average evening my family is watching different tv-shows simultaneously on the apple tv, the ipad, an iphone, and an ipad mini.
This is done through home sharing on the one iTunes library.
All updated apps, software etc..
What happens on the ipads, after viewing for more than 10 minutes, the user interface doesn't show up when tapping the screen. The touchscreen doesn't respond, only the home button works. Clicking the home button closes the app, but the sound of the video keeps on playing. Opening up the videos app again gives a black screen with sound still playing and still no button or UI.
The only workaround which currently works is killing the videos app. Power off the ipad and power on again, reconnect to the shared library, wait until it has found all the content (1+ minutes) and startup the tv show again.
All in all, a nasty way to pause your viewing or switching to another movie of tv episode, or even wanting to finish viewing.
The problem has haunted me for a year now, patiently waiting and hoping software-updates would fix it. They didn't.
A fix would obviously hugely improve my user experience, getting it on par with Apples usual quality of service.
Anyone familiar with this problem? Apple: is it possible to fix it in an update?

Same here for over a year now.
You cant imagine how happy i am that im not the only one with this problem.
many of frinds have the same setup as me (ipad 2, 27"imac, express, apple tv 2)
No problem
I had the problem on Snow Leopard, lion and now on mountain lion.
I'am also starting to get a new problem - sometimes when waching a movie on iPad or ATV it just quits the movie and you have to start it again
on the iPad most of the time it also shows the wrong cover art. I tried all the hints here, and i works for a day or two then its wrong again
I store my itunes library on an external drive - you ???

Lumia 900 doesn't respond while charging

Hi, so basically my AT&T Lumia 900 doesn't respond to my touch during charging. If I unplug the phone it responds fine, but when it's plugged in it can't pick up any of my touch commands. Even if I draw across the screen very slowly I get nothing. I live in New Zealand and we have 240v/50mA power sockets over here but the charger says that's within the range it's supposed to handle. Is this a hardware problem with my phone and how can I fix it?
The phone is running windows phone 7.5 (ver. 7.10.8779.8). Any help would be appreciated, thanks.

I've only received the phone on Thursday and this is the second time charging it (I read somewhere that I should drain the battery completely the first few times to condition the battery, but after finding that some phones bricked themselves when the battery was completely empty I avoided it). In both cases the same thing seems to be happening however the first time was not as severe I feel and I attributed it to the screen protector thing (the "Talking and Driving it can wait" thing from AT&T already attached out of the box). When the phone is at 100% though I have no lag.

BAD_CERTIFICATE error calling a web service over SSL in ALSB 2.6

We have a business service on an ALSB 2.6 server (running on WL 9.2.1) that connects to a web service over SSL. When we try to run it, we get the following exception:
<Sep 17, 2009 7:49:17 AM PDT> <Error> <ALSB Kernel> <BEA-380001> <Exception on TransportManagerImpl.sendMessageToService, com.bea.
wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
com.bea.wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.bea.wli.sb.transports.TransportException.newInstance(TransportException.java:146)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOu
tboundMessageContext.java:310)
at com.bea.wli.sb.transports.http.HttpsTransportProvider.sendMessageAsync(HttpsTransportProvider.java:435)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
Truncated. see log file for complete stacktrace
This exception only occurs when hitting the web service through the bus. I have written a standalone Java application that posts to the web service and it works fine. I ran the application on the server where the ALSB is running using the same jdk (1.5.0_06 - the version that ships with 9.2.1) and the same cacerts file so I know it's not a problem with the certificate not being trusted. I have tried updating the cacerts file to the latest one distributed with JRE 1.6 and it still doesn't work.
After 8 hours of troubleshooting, I'm out of ideas. Does anyone have any suggestiosn?
Thanks.
Matt
Edited by: user6946981 on Sep 17, 2009 7:58 AM

Are you sure that your standalone application is using the same keystore (eg. cacert)? Default WebLogic configuration uses different keystore (demo).
I saw BAD_CERTIFICATE error only once and the cause was in keytool that somehow corrupted certificate during import. Deleting and importing certificate again helped me, but I doubt you have the same problem as your standalone application works.
Another idea ... Is hostname varification used? I know that the error message would look different if this was the cause, but try to add this parameter to your weblogic startup script: -Dweblogic.security.SSL.ignoreHostnameVerification=true
Last but not least, there is difference between your standalone application and ALSB runtime as WebLogic uses Certicom SSL provider. If you don't find the reason, contact Oracle support. Maybe they can help you to tweak Certicom provider in some way.

NRM over SSL (port 8009) doesn't respond

Similar Messages

Maybe you are looking for