OS X 10.6.x Clients and Kerberos Certificates

Similar Messages

• Web service client and SSL Certificate

  Hello, everyone,
  I have a problem that has really stumped me.
  I've written a web service client for a web service that has a digital certificate. This comes in the form of a .pfx file.
  When I try send a request to the web service, I get the following:
  AxisFault
  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
  faultSubcode:
  faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  faultActor:
  faultNode:
  faultDetail:
       {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
       at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
       at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
       at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
       at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
       at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
       at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
       at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
       at org.apache.axis.client.Call.invoke(Call.java:2767)
       at org.apache.axis.client.Call.invoke(Call.java:2443)
       at org.apache.axis.client.Call.invoke(Call.java:2366)
       at org.apache.axis.client.Call.invoke(Call.java:1812)
       at org.tempuri.BasicHttpBinding_IExternalServiceStub.submitAchievementBatchJob(BasicHttpBinding_IExternalServiceStub.java:531)
       at uk.gov.qcf.lrs.api.services.IExternalServiceProxy.submitAchievementBatchJob(IExternalServiceProxy.java:56)
       at uk.org.aqa.main.Main.main(Main.java:111)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
       at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
       at sun.security.validator.Validator.validate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       ... 24 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
       at java.security.cert.CertPathBuilder.build(Unknown Source)
       ... 30 more
       {http://xml.apache.org/axis/}hostname:WM8-319
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
       at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
       at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
       at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
       at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
       at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
       at org.apache.axis.client.Call.invoke(Call.java:2767)
       at org.apache.axis.client.Call.invoke(Call.java:2443)
       at org.apache.axis.client.Call.invoke(Call.java:2366)
       at org.apache.axis.client.Call.invoke(Call.java:1812)
       at org.tempuri.BasicHttpBinding_IExternalServiceStub.submitAchievementBatchJob(BasicHttpBinding_IExternalServiceStub.java:531)
       at uk.gov.qcf.lrs.api.services.IExternalServiceProxy.submitAchievementBatchJob(IExternalServiceProxy.java:56)
       at uk.org.aqa.main.Main.main(Main.java:111)
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
       at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
       at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
       at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
       ... 12 more
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
       at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
       at sun.security.validator.Validator.validate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
       ... 24 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
       at java.security.cert.CertPathBuilder.build(Unknown Source)
       ... 30 moreI've looked onliine to try to solve this issue, and it seemed that the answer was the add the certificate to the keystore. I had a lot of issues doing this, due to the certificate being a .pfx file. However, using the following, I was able to do it:
  keytool -importkeystore -srckeystore "sandpit.pfx" -destkeystore "%JAVA_HOME2%\lib\security\cacerts" -srcstoretype pkcs12 -deststoretype jks -srcstorepass password -deststorepass anotherpassword -vHowever, I am still getting the same error. This may be because this isn't the keystore used, but it is located in the area marked as being used in the build path.
  I then looked further, and found that I may need to add:
  System.setProperty("javax.net.ssl.trustStore","myKeystore");
  System.setProperty("javax.net.ssl.trustStorePassword","myPassword");altering where appropriate. But this didn't work, and I'm thinking that this would involve a lot more code than just those two lines.
  I'm just not sure what to do, and am hoping someone can help. I didn't think it would be too big an issue to ensure my program used the certificate, but it seems to be. I thought that once it was added to the keystore, that would be it, but it appears not.
  I'm sure this isn't a rare issue, but I just lack the knowledge to make any headway. Please can someone help or point me in the right direction?
  Thank you very much in advance.
  Robin

  Sorry to bother you again with my request but I would appreciate some help with my problems.
  Nobody his using some web services who requires protection ?
  Thanks a lot.

• OS X Server VPN and OS X Client VPN Kerberos issue

  I set up OS X Server Leopard at home. I configured VPN on the server. I opened all of the recommended ports and then some.
  I've added the OS X Server to Directory Utility on my OS X client. I've configured a System Preferences > Network > VPN for the connection. I set it up for L2TP using the external address for my server at home, my username in Open Directory, and selected Kerberos for authentication. When I try to connect with the OS X VPN client it asks me to authenticate to [email protected] not [email protected]
  Does anyone have any idea where I should look to see why my OS X Client VPN Client is not trying to authenticate me using Kerberos to my home server but rather choosing my home username and my work Open Directory server? I looked on the forums but I don't see anyone describing this problem with VPN and Kerberos.
  Thanks in advance

  Brandon Macinnis wrote:
  Dnar,
  Thanks for the follow up bit about using the smbutil statshares command.  I used that and could confirm that I am also able to force it to connect with smb2.  Oddly though, in the stat share info it still says "AUTO_NEGOTIATE"
                                SMB_NEGOTIATE                 AUTO_NEGOTIATE
                                SMB_VERSION                   SMB_2.1
  But maybe that just means something else and not the fact that it did not auto negotiate to SMB.  I guess for now this will be what I have to do to use smb2.
  I think in this case the AUTO_NEGOTIATE merely means it will auto negotiate a connection between SMB1, SMB2, and (from your data) also SMB2.1 this would have nothing to do with auto negotiating between SMB2 and AFP, which from this thread appears broken.
  I also would like to thank Brandon for the tip about smbutil statshares, I had been looking for a simple way to tell what version of SMB was being used to test my NAS.
  For everyone's benefit, it would appear from the above that whilst Apple advertise Mavericks as using SMB2 they have gone as far as implementing SMB2.1 and merely list it only as SMB2 for simplicity and due to the fact there is not a huge different between SMB2 and SMB2.1
  See http://en.wikipedia.org/wiki/Server_Message_Block#SMB_2_and_3

• Connecting OS 9 Clients with kerberos

  Hi All-
  I am trying to get a couple of OS 9 boxes to connect to AFP on my 10.4.7 Server via Kerberos. I've got the kerberos app installed on the clients and i am able to obtain tickets, but niether the chooser nor the network browser uses this ticket to authenticate. I've upgraded the appleshare extension on the clients to 3.9.4... I read somewhere that it helps when connecting to an OS X server, but kerberos is still a no-go. My OS X clients work perfectly. Has anyone successfully used Kerberos on OS 9? Any help at all will be greatly appreciated.
  Here is some version information for my setup-
  The servers are: 2.3 GHZ DP Xserve
  OS X AFP Server 10.4.7
  OS X OD Master Server 10.4.7
  OS 9 Client 9.2.2
  appleshare extension 3.9.4
  Kerberos for OS 9 4.0.3
  Thanks.
  Rob Green
  [email protected]
  2.3 DP G5 Xserve   Mac OS X (10.4.7)  

  Unfortunately, what you're trying to do is not possible.
  It sounds like you have Kerberos set up correctly, but that's not the problem. The problem is that the Mac OS 9 AFP client (AppleShare client 3.8.x) does not use Kerberos as a native authentication module.
  The only native modules are clear text, scrambled, and DHX (Diffie-Hellman Exchange). Of course, DHX would be your only supported module when connecting to a Mac OS X AFP 3.x server.
  --Gerrit

• After update client and server to Lion Unable to (re)connect to OD server from updated client (Lion)

  Hi all,
  I'm a bit in the dark here.
  All day searching and reading.. but nothing much yet.
  After updating the server and a client to OSX Lion, I'm unable to connect to the open directory of the updated server.
  The previous config worked very nice for months.
  Now it's a bit iritating, cause imho it seems nothing is in place and its a bit hard to find a solution or how to setup / correct the OD Lion server .
  Of course i have downloaded the manuals, that state it's all so easy, and I have seen all the movies on the tubers and they also state its so easy.
  Well, since I am feeling a big noob now and before my "self value" degrades 2 below 0 I'm asking 4 your help guys...
  Can you give me the candle to find the way in the dark?
  There are more things that don't work, but save that for later.. ;(
  Situation is as follows:
  Started to upgrade the Server 1st.
  Then tested from the "old client" and all is working reasonably
  Then upgraded to the new Lion client also,
  and you guessed it right, no way in.
  It's a pretty strait up config...
  Hope someone can push me in the richt direction..
  (hope it's not the push service from apple, arf arf,  cause that's one of the other things that is not working yet)

  Steps I took upto now:
  What I did is go to the client and start the Directory Util, and then select the search config.
  Add manually the info of the server.
  Then If I type in the IP address, i got the green bulp. But it seems not to work.
  When I enter the fqdn, I get the error 2100 could not connect to the ODserver (send by the com.apple.systempreferences)
  Because it's an upgrade I deleted then the total contents of the previous settings that where initiated by the "old" setup send by the OD server prev. upgrade.
  Then I deleted the kerberos files on the client, and all other things related. connecting to the OD server.
  Then I deleted the Machine account on the OD server and back to the client.
  Then I created the machine account again from the client manually by going in the OD util on the client.
  (connected manually by adding the ip address and then clicking the lock on top of the menu and then after auth succeeded I could see all the rec's and other stuff ..which is a great new feature that you used to do by the
  WGM. Now available by the ODutil. Nice.
  Okay, after all these steps, I get the feeling it should be able to work, but still the 2100 error.
  Somehow it "seems" that the DNS is not responding, but when I get in the terminal, it responds nicely to the pings.!!! And almost everything (not because of faulty DNS) is working.!
  So now what?
  Any help be appreciated.
  (srry 4 typo's /Language. it's a bit late in Europe and not my main Language)

• Configure CRS2008 to using AD and Kerberos with Java application servers.

  Hi All,
  I have configure CRS2008 to using AD and Kerberos with Java application servers. Domain Controller is installed on W2K3 Server. In addition, CRS2008 is installed on another W2k3 Server.
  I have create service account in domain controller: CMSACC
  I have create two user account: CRuser1 and CRuser2
  I have create domain group: CRSGroup
  After I had run the setspn in domain controller,I got the message at below:
  Registered ServicePrincipalNames for CN=CMSACC, OU=TEST, DC=BD, DC=com:
      BOBJCentralMS/BDMGTSRV.BD.com
  CMC Setting:
  AD Administration Name: BD\administrator
  Default AD Domain: BD.com
  Add AD Group(Domain\Group): secWinAD:CN=CRSGroup,OU=TEST,D=BD,DC=com
  Service principal name:BOBJCentralMS/CMSACCatBD.com
  I have create a WINNT folder in root directory.Moreover and save bcsLognin.conf and Krb5.ini at here.
  bscLogin.conf:
  com.businessobjects.security.jgss.initiate {
  com.sun.security.auth.module.Krb5LoginModule required;
  krb5.ini:
  [libdefaults]
  default_realm = BD.com
  dns_lookup_kdc = true
  dns_lookup_realm = true
  [realms]
  forwardable = true
  BD.com = {
  default_domain = BD.com
  kdc = BDMGTSRV.BD.com
  I have tested the Kerberos,using kinit CMSACCatBD.com password, and got error message at below:
  Exception: krb_error 41 Message stream modified (41) Message stream modified
  KrbException: Message stream modified (41)
          at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:53)
          at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:96)
          at sun.security.krb5.KrbAsRep.getReply(KrbAsRep.java:486)
       at sun.security.krb5.KrbAsRep.getReply(KrbAsRep.java:444)
       at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:310)
       at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:259)
       at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106)
  My problem is failed to logon CMC and infoview and got error message at below:
  Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserNameatDNS_DomainName, and then try again.
  Actually, I am sucessful to logon Business View manager with CRuser1. However, I fail to logon CMC and infoview and got the above error. Have you any suggestion to solve this problem?
  Ken.

  if you can logon with client tools then that should be an indication that the service account running the CMS IS working! Good news.
  So the problem is likely with the java portion (krb5/bsclogin or java options)
  If the files are in c:\winnt\ (if not copy them there) and perform c:\program files\business objects\javasdk\bin\kinit username
  then enter and password/enter again
  Probably get the same message. To note in your krb5.ini all domain info must be in CAPS (the .com appears to be in lower case)
  kinit works with just the krb5.ini, java SDK and AD (removing BO config and the service account from the picture). Once that works if your java options are specified properly you should be able to login to CMC/infoview.
  also 1 last point. Add udp_preference_limit = 1 to the krb5 lib defaults section
  libdefaults
  default_realm = BD.com
  dns_lookup_kdc = true
  dns_lookup_realm = true
  udp_preference_limit = 1
  Regards,
  Tim

• Services servers with CNAME and kerberos

  Hello.
  My problem:
  I have an OD master xserver1.mydomain.com and an other server xserver3.mydomain.com.
  My DNS is OK direct and reverse, authentication works fine.
  My problem is that I want use CNAME for my services offered by xserver3.mydomain.com. (imap, pop, smtp and others).
  So I have some CNAME entries in my DNS as imap.mydomain.com, pop.mydomain.com, smtp.mydomain.com which all point to  xserver3.mydomain.com therefore:
  host imap.mydomain.com gives 10.1.0.10 and host 10.1.0.10 gives xserver3.mydomain.com (all is regular).
  When I connect my mail client, if I set the "incoming mail server" to xserver3.mydomain.com, kerberos authentication is OK (TGT and SGT are brought) and mail works fine.
  If I connect my mail client with "incoming mail server" set to imap.mydomain.com (the CNAME), kerberos authentication is not  OK (TGT is brought but not SGT) and mail does not work.
  If I connect my mail client with "incoming mail server" set to imap (CNAME without domain name), kerberos authentication is nearly  OK (TGT and SGT are brought)) but mail is very slow and some mail folder sync does not seem to work!
  I have tried to remove imap service principals on my mail server imap/[email protected] and create new imap service principals with CNAME as : imap/[email protected] but it doesn't work.
  Any idea to do?

  Thanks for reply.
  Ok for RFCs but my mail server work very fine for long years with client set with server CNAME. Even certificates are OK if the common name is this one given as CNAME.
  Th only problem I have kerberos as explained.
  I search for the way to have friendly services name for my mail clients and in the same time keep all functionalities (SSL and kerberos).
  Maybe with multiples ip for the same network interface on my mail server and an A entry for each?

• Adobe Creative Cloud - How To Share Files With Clients and Colleagues | Creative Suite Podcast: Designers | Adobe TV

  In this episode of the Adobe Creative Suite Podcast, Terry White shows how to share Photoshop, Illustrator and InDesign Files with clients and colleagues and all they'll need is a browser to comment and see your Photoshop Layers.
  http://adobe.ly/10ZjpE4

  Terry,
  I guess I miss something. How can I share a folder of photos? When I return from a shoot, I select 20 of the pictures and need to share them with my client to pick up the favorites. Am I supposed to copy and past an URL for each image separately?
  Sometimes I also work with a colleague, I need to share my favorites with him. Same issue.
  We have tried Adobe Cloud, and then went for Dropbox. There we can share a folder and he can put even his pictures in it as well. That's what I call collaboration. And it is free (unlike Adobe Cloud). If you have some word in Adobe, please tell them to either drop it and make a deal with services like Dropbox, or make it properly.
  Thanks.
  Vaclav

• Connection between SDM client and server is broken

  Dear All,
  First of all this is what I have
  -NW04 SPS 17
  -NWDS Version: 7.0.09 Build id: 200608262203
  -using VPN connection
  -telnet on port 57018 is succesfull
  I can login to SDM server (from NWDS and from SDM GUI) I can see the state of SDM(green light), restart it, can navigate through tabs in GUI, but every time I am trying to deploy an ear i have this error:
  Deployment exception : Filetransfer failed: Error received from server: Connection between SDM client and server is broken
  Inner exception was :
  Filetransfer failed: Error received from server: Connection between SDM client and server is broken
  I have already read a lot of topics,blogs,notes but didn't find the solution.
  Can anybody help me?
  Best Regards

  Having same issue. Nothing helped so far... Using NWDS 7.0 SP18.
  I have turned SDM tracing on and this is what I see on client side after sending first data package:
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0280/17 Client: finished sending string part"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0280/0 Client: receive String part from Server"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl.receiveFromServer(NetComm ..): Entering method
  com.sap.bc.cts.tp.net.NetComm.receive(): Entering method
  com.sap.bc.cts.tp.net.NetComm: debug "Method "receive(char[])" could not read all requested bytes. There are still 12 bytes to read"
  com.sap.bc.cts.tp.net.NetComm: debug "Caught IOException during read of header bytes (-1,          43):Connection reset"
  com.sap.bc.cts.tp.net.NetComm: debug "  throwing IOException(net.id_000001)"
  com.sap.bc.cts.tp.net.NetComm.receive(): Exiting method
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: Exiting method
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0281/1 Client: connection was broken"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: Exiting method
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: debug "20120224140253 0281/0 Client: finshed sendAndReceive"
  com.sap.sdm.is.cs.cmd.client.impl.CmdClientImpl: Exiting method
  My connection on server is still active so I have to restart SDM server to reset and try it again.
  Anyone have idea whats happening?
  Edited by: skyrma on Feb 24, 2012 2:46 PM
  Edited by: skyrma on Feb 24, 2012 2:47 PM
  Edited by: skyrma on Feb 24, 2012 2:47 PM

• Async tcp client and server. How can I determine that the client or the server is no longer available?

  Hello. I would like to write async tcp client and server. I wrote this code but a have a problem, when I call the disconnect method on client or stop method on server. I can't identify that the client or the server is no longer connected.
  I thought I will get an exception if the client or the server is not available but this is not happening.
  private async void Process()
  try
  while (true)
  var data = await this.Receive();
  this.NewMessage.SafeInvoke(Encoding.ASCII.GetString(data));
  catch (Exception exception)
  How can I determine that the client or the server is no longer available?
  Server
  public class Server
  private readonly Dictionary<IPEndPoint, TcpClient> clients = new Dictionary<IPEndPoint, TcpClient>();
  private readonly List<CancellationTokenSource> cancellationTokens = new List<CancellationTokenSource>();
  private TcpListener tcpListener;
  private bool isStarted;
  public event Action<string> NewMessage;
  public async Task Start(int port)
  this.tcpListener = TcpListener.Create(port);
  this.tcpListener.Start();
  this.isStarted = true;
  while (this.isStarted)
  var tcpClient = await this.tcpListener.AcceptTcpClientAsync();
  var cts = new CancellationTokenSource();
  this.cancellationTokens.Add(cts);
  await Task.Factory.StartNew(() => this.Process(cts.Token, tcpClient), cts.Token, TaskCreationOptions.LongRunning, TaskScheduler.Default);
  public void Stop()
  this.isStarted = false;
  foreach (var cancellationTokenSource in this.cancellationTokens)
  cancellationTokenSource.Cancel();
  foreach (var tcpClient in this.clients.Values)
  tcpClient.GetStream().Close();
  tcpClient.Close();
  this.clients.Clear();
  public async Task SendMessage(string message, IPEndPoint endPoint)
  try
  var tcpClient = this.clients[endPoint];
  await this.Send(tcpClient.GetStream(), Encoding.ASCII.GetBytes(message));
  catch (Exception exception)
  private async Task Process(CancellationToken cancellationToken, TcpClient tcpClient)
  try
  var stream = tcpClient.GetStream();
  this.clients.Add((IPEndPoint)tcpClient.Client.RemoteEndPoint, tcpClient);
  while (!cancellationToken.IsCancellationRequested)
  var data = await this.Receive(stream);
  this.NewMessage.SafeInvoke(Encoding.ASCII.GetString(data));
  catch (Exception exception)
  private async Task Send(NetworkStream stream, byte[] buf)
  await stream.WriteAsync(BitConverter.GetBytes(buf.Length), 0, 4);
  await stream.WriteAsync(buf, 0, buf.Length);
  private async Task<byte[]> Receive(NetworkStream stream)
  var lengthBytes = new byte[4];
  await stream.ReadAsync(lengthBytes, 0, 4);
  var length = BitConverter.ToInt32(lengthBytes, 0);
  var buf = new byte[length];
  await stream.ReadAsync(buf, 0, buf.Length);
  return buf;
  Client
  public class Client
  private TcpClient tcpClient;
  private NetworkStream stream;
  public event Action<string> NewMessage;
  public async void Connect(string host, int port)
  try
  this.tcpClient = new TcpClient();
  await this.tcpClient.ConnectAsync(host, port);
  this.stream = this.tcpClient.GetStream();
  this.Process();
  catch (Exception exception)
  public void Disconnect()
  try
  this.stream.Close();
  this.tcpClient.Close();
  catch (Exception exception)
  public async void SendMessage(string message)
  try
  await this.Send(Encoding.ASCII.GetBytes(message));
  catch (Exception exception)
  private async void Process()
  try
  while (true)
  var data = await this.Receive();
  this.NewMessage.SafeInvoke(Encoding.ASCII.GetString(data));
  catch (Exception exception)
  private async Task Send(byte[] buf)
  await this.stream.WriteAsync(BitConverter.GetBytes(buf.Length), 0, 4);
  await this.stream.WriteAsync(buf, 0, buf.Length);
  private async Task<byte[]> Receive()
  var lengthBytes = new byte[4];
  await this.stream.ReadAsync(lengthBytes, 0, 4);
  var length = BitConverter.ToInt32(lengthBytes, 0);
  var buf = new byte[length];
  await this.stream.ReadAsync(buf, 0, buf.Length);
  return buf;

  Hi,
  Have you debug these two applications? Does it go into the catch exception block when you close the client or the server?
  According to my test, it will throw an exception when the client or the server is closed, just log the exception message in the catch block and then you'll get it:
  private async void Process()
  try
  while (true)
  var data = await this.Receive();
  this.NewMessage.Invoke(Encoding.ASCII.GetString(data));
  catch (Exception exception)
  Console.WriteLine(exception.Message);
  Unable to read data from the transport connection: An existing   connection was forcibly closed by the remote host.
  By the way, I don't know what the SafeInvoke method is, it may be an extension method, right? I used Invoke instead to test it.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Sequencing multiple versions of the VMWare vSphere client (and reducing the size of the final sequence)

  Application Name:  vSphere client
  Application Version:  4.1, 5.0, and 5.5 (all in one package)
  Company Name:  VMWare
  Sequencer Version:  5.0 SP1 or SP2
  App-V Client Version Tested On:  5.0, 5.0 SP1, 5.0 SP2
  Operating System Sequenced On:  Windows 7 (64bit)
  Pre-requisites:  Orca
  Client Operating Systems Successfully Deployed To:  Windows 7 (64bit), Windows Server 2008 (64bit)
  *Posted by non-Microsoft Employee:  Cody Lambert (a Fortune 100 company)
  If Posted by Microsoft Employee, the Corresponding KB Article Reference: 
  N/A
  Steps to Prepare and Sequence the Application:
  Phase 1:  Prepare vSphere install to be used in your sequence (to be performed prior to sequencing)
  Clear %TEMP% directory on machine you are using to prepare the install
  Create a folder that will be referred to as "vSphereInstDir"
  that install files are copied to
  Download the vSphere 5.5 client from your vSphere management server
  Run the installer for the vSphere Client
  Once at the Language Selection portion of the installer,
  using windows explorer browse to the %temp% directory and copy the files that were just created when the vSphere installer extracted to a directory (name it vSphereInstDir)
  Kill the installer
  Find VMware-viclient.exe in the files you just copied
  and run it
  Once at the "Welcome to the installation
  wizard" stage of the installer, using windows explorer browse to the %temp% directory and copy the files that were just created into the vSphereInstDir
  Kill the installer
  Find the VMware vSphere Client 5.5.msi in the vSphereInstDir,
  in the second set of files you copied over
  Using Orca, open the VMware vSphere Client 5.5.msi
  Drop the following rows from the msi (some of the rows may have additional text at the end of the names) (InstallExecuteSequence/VM_InstallHcmon,
  InstallExecuteSequence/VM_InstallHcmon_SetData,
  InstallExecuteSequence/VM_InstallUSB,
  InstallExecuteSequence/VM_InstallUSB_SetData,
  InstallExecuteSequence/VM_InstallUSBArbritrator,
  InstallExecuteSequence/VM_InstallUSBArbritratorSetData,
  InstallExecuteSequence/VM_StartUSBArbSvc) 
  Save the VMware vSphere 5.5.msi in place
  Copy the vSphereInstDir to a network location that
  can be used during sequencing on your Sequencer
  Phase 2:  Sequence the vSphere Client
  Pre-requisites:  All of the latest available VC++ redist (x64 and x86) are installed on the Sequencer VM
  Copy vSphereInstDir to your temporary install directory on your Sequencer (mine is C:\temp)
  Start up the Sequencer
  Click Create a New Virtual Application Package
  Click Next with Create Package (default) selected
  Click Next on the Prepare Computer screen, taking
  note of any findings
  Click Next with Standard Application (default) selected
  Choose Perform a custom installation, then click Next
  Input the Virtual Application name (vSphere Client
  5.5 for example)
  Enter the Primary Virtual Application Directory (C:\vSphere55
  for example) and click Next
  Using Windows Explorer find the Visual J# install (vjredist64.exe) in the vSphereInstDir you copied over.  Install using defaults
  Using Windows Explorer, find and install the vSphere client using the VMware vSphere Client 5.0.msi located in the vSphereInstDir you copied over. 
  Change the installation directory to use the Primary Virtual Application Directory you configured above (C:\vSphere55 for example).  Install using
  defaults
  While the sequencer is still monitoring changes connect to the 4.1 environment to get the files needed.  To do this, launch the vSphere client and connect
  to your 4.1 environment.  When prompted, choose RUN to install the files needed for the 4.1 environment.
  While the sequencer is still monitoring changes connect to the 5.0 environment to get the files needed.  To do this, launch the vSphere client and
  connect to your 5.0 environment.  When prompted, choose RUN to install the files needed for the 5.0 environment.
  With the sequencer still monitoring changes, after the additional environments have been installed, delete all of the language folders from the install locations
  that are not required.  You will find that there are language folders in each of the different modules that are installed.  Make sure look in every folder.  This will free up approximately 300mb from the package.
  When done, check the box to finish the sequence and continue cleaning up the sequenced application.
  Known Issues/Limitations: 
  Functions that require the USB Arbritration Service will not work
  Approximate Sequencing Time: 
  20 minutes
  Descriptive Tags: 
  App-V, 5.0, VMWare, vSphere, Recipe, Guidance
  Credit Due:  Thanks to Rorymon and Aaron Parker for accurate information that allowed for me to put together this recipe.

  Can you double check the that the following were removed from the MSI:
  InstallExecuteSequence/VM_InstallHcmon
  InstallExecuteSequence/VM_InstallHcmon_SetData
  InstallExecuteSequence/VM_InstallUSB
  InstallExecuteSequence/VM_InstallUSB_SetData
  InstallExecuteSequence/VM_InstallUSBArbritrator
  InstallExecuteSequence/VM_InstallUSBArbritratorSetData
  InstallExecuteSequence/VM_StartUSBArbSvc

• I cannot route to remote subnets from cisco vpn client and pptp client

  Hi guys,
  I've a big problem, I configured a 877 cisco router as a cisco vpn server (the customer use it to connect to his network from pc) and a pptp vpn server (he use it to connet to the network from a smartphone).
  In this router I created 2 vlan, one for wired network (192.168.10.0/24) and the second one (10.0.0.0/24) for wireless clients and I use fastethernet 3 port to connect these to the router.
  this is the issue, when the customer try to connect to a wireless network from both of vpn clients he cannot do this, but if he try to connect to a wired network client all working fine.
  following the addresses taken from the router.
  - encrypted vpn client -
  ip address. 192.168.10.20
  netmask 255.255.255.0
  Default Gateway. none (blank)
  - pptp vpn client -
  ip address. 192.168.10.21
  netmask. 255.255.255.255
  Default Gateway. 192.168.10.21
  Is possible that I cannot reach the remote subnet because the clients doesn't receive a gateway (in the first case) or receive the wrong subnet/gateway (in the second one)..?
  There is anyone can help me..?
  Thank you very much.
  Many Kisses and Kindly Regards..
  Ilaria

  The default gateway on your PC is not the problem, it will always show as the same IP address (this is no different when you dial up to an ISP, your DG will again be set to your negotiated IP address).
  The issue will be routing within the campus network and more importantly on the PIX itself. The campus network needs a route to the VPN pool of addresses that eventually points back to the PIX.
  The issue here is that the PIX will have a default gateway pointing back out towards your laptop. When you establish a VPN and try and go to an Internet address, the PIX is going to route this packet according to its routing table and send it back out the interface it came in on. The PIX won't do this, and the packet will be dropped. Unless you can set the PIX's routing table to forward Internet packets to the campus network, there's no way around this. Of course if you do that then you'll break connectivity thru the PIX for all the internal users.
  The only way to do this is to configure split tunnelling on the PIX, so that packets destined for the Internet are sent directly from your laptop in the clear just like normal, and any packet destined for the campus network is encrypted and sent over the tunnel.
  Here's the format of the command:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524

• How to configure full tunnel with VPN client and router?

  I know the concept of split tunnel....Is it possibe to configure vpn client and router full tunnel or instead of router ASA? I know filter options in concentrators is teher options in ISR routers or ASA?

  I think it is possible. Following links may help you
  http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a0080819289.shtml

• Mavericks VPN dropouts with native VPN client and Cisco IPSec

  Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
  I am connecting via a WIFI router to a remote VPN server
  The conenction is good for a while but eventually it drops out.
  I had Zero issues in mountain lion and only have issues since the update to 10.9
  I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
  My thoughts are:
  1 -issue with mavericks  ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
  2- Issue with  cisco router compaitibility or timing with Cisco IPSEC
  3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
  Any thousuggestions?

  Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
  I am connecting via a WIFI router to a remote VPN server
  The conenction is good for a while but eventually it drops out.
  I had Zero issues in mountain lion and only have issues since the update to 10.9
  I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
  My thoughts are:
  1 -issue with mavericks  ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
  2- Issue with  cisco router compaitibility or timing with Cisco IPSEC
  3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
  Any thousuggestions?

• Cisco ASA 5505, Cisco VPN Client and Novell Netware

  Hi,
  Our ISP have installed Cisco ASA 5505 firewall. We are trying to connect to our Novell 5.1 server using VPN client.
  I installed VPN client on a laptop that is using wireless connection. I connect using wireless signal from near by hotel and I am able to connect to my firewall usinging vpn client and also able to login in using Novell client for XP.
  When I use same vpn client and Novell client at home that is not using wireless connection, but DSL connection amd not able to login or find the tree.
  The only difference in two machine is laptop using wireless connection and my home machine is using wired connection using DSL.

  If your remote end of the services in question support IPsec IKEv1 as the VPN type then, yes - the 5505 can be a client for that service. At that point it looks like a regular LAN-LAN VPN which is documented in many Cisco and 3rd party how-to documents.