Pass-through authentication failing

The enviroment:
Server A: Windows Server 2008 R2 / IIS 7
Server B: Windows Server 2003 R2
Domain Controller: Windows Server 2003 R2
Both server A and B are part of the same domain.
The issue:
We have files stored in server B that are being shared as \\B\Files. We want to have a virtual directory/application in IIS on server A to make those files available on a web browser,
but, we want access to be controlled by NTFS permissions, and access granted to the user accessing the website by pass-through authentication (challenged for user and password by the browser).
We have set up an application pool, and have set the identity of it to a user that has
read NTFS permissions to \\B\Files. We then set up an Application and set its application pool to the one mentioned above, and have pointed it physical location to \\B\Files. In the advanced settings, we set the physical path credentials
to Application user (pass-though authentication).
In the authentication settings for the application, we disabled all but Windows Authentication, and in the providers, we have removed everything but NTLM, which is the one we want.
When we test it (https://serverb.com/Files) however, we are challenged (user/password prompt comes up) as expected, but despite what we put in, the prompt comes back, as if the user/password was wrong, or as if the user did not have enough permissions
to access the files. We checked permissions and that's not it. And we have also checked the domain controller to see if the request is getting there, and it is, which means that it is authenticating properly. We can only assume there is a communication
problem, or restriction somewhere.
We are not sure where else to look, and any ideas would be greatly appreciated.
Thank you

On Wed, 5 Feb 2014 17:48:47 +0000, ucis wrote:
We are not sure where else to look, and any ideas would be greatly appreciated.
Since this is really an IIS question you should post to the official IIS
forums:
http://forums.iis.net
Paul Adare - FIM CM MVP
It used to be said [...] that AIX looks like one space alien discovered
Unix, and described it to another different space alien who then
implemented
AIX. But their universal translators were broken and they'd had to gesture
a lot. -- Paul Tomblin

Similar Messages

  • API to verify a resource Password?  Like pass through authentication...

    Howdy folks,
    OK. I have a requirement to check the old (or current) password of a user at the time that they change there password to something new. I can do this with lighthouse accounts, but.... We don't update Lighthouse accounts. We only update our LDAP account. I know that pass through authentication checks this automatically by attempting to bind as the user with the given password. Does anyone know if I can ask IDM to do that for me? If not I'll write a java class to do it, but since it is already happening in IDM, I thought there MUST be something in place that can do this already....
    Does anyone know?

    anyone?

  • Pass through authentication (function_)

    I wrote many functions before, but NEVER a function to pass through authentication
    Here are some of the specs
    In this example, an institution will be accepting tuition and fee payments against bills that are stored in the our system. In addition to the minimum ebill authentication parameters, the institution would like to pass us a full name to display when welcoming the user, control the users primary e-mail address, and restrict the payment method on a per user basis.
    URL     url     This will be issued to you by your project manager. It should be of the form https://pleasepay.com/schoolname/payer.do
    User Id     user_id     The unique identifier for the user within the institution. This is typically a student ID. (in our database)     
    Full Name     full_name     Users full name. Example “John Smith”. (in our database)
    Email Address     email     Primary email address.     in (our database)
    Payment Method     paymentMethod     Payment methods allowed for this user.
    Allowed values:
    “none” :no payments accepted
    “ach” :ach is the only accepted
    “cc” :credit cards only accepted
    “ach_cc” :credit card and ach      16
    Key     key     The shared key that is issued to you by your project manager.
    Time Zone     tz     The time zone you are located in. Valid values are:
    “E” :Eastern time zone
    “C” :Central time zone
    “M” :Mountain time zone
    “P” :Pacific time zone     1
    function get_payment_url_test(
            url         in varchar2,
            user_id     in varchar2,
            full_name   in varchar2,
            email       in varchar2,
            pay_method  in varchar2,
            key         in varchar2,
            tz          in varchar2
        ) return varchar2. Here is my questions: I know I need to have cursor to check on the user_id, full name, email (those values are store in our DATABASE. The URL and the key are giving to me. Do I have to hard code the url in the cursor and stored in a variable so I can check that the url coming in (url in varchar2) is equal to the url in my cursor? The same with the key?

    I saved the url the user_id and the full_name in a custom table, it is workinng, but I would like
    to pass a message like
    if user_id is null then
    raise_application_error(-20101, 'User ID is missing.');
    what is doing now if that it checks on the cursor and if any of the paramters if false
    it will return the first message in the --- return mesages that is fine the cursor is not retrieving any data, but I want to be more 'friendly' to the user, and if the user
    don't enter the id say something like null id or if is wrong wrong id, invalid id etc...
    wha
    function get_user_url(
            url         in varchar2,
            user_id     in varchar2,
            full_name   in varchar2,
            email       in varchar2,
            pay_method  in varchar2,
            key         in varchar2,
            tz          in varchar2
        ) return varchar2
        is
    Audit Trail:
    10/25/2010
    T
    Change History:
          timestamp  varchar2(20);
          v_pidm      saturn_midd.synelck.synelck_pidm%TYPE;
          v_user_id   saturn_midd.synelck.synelck_id%TYPE;
          v_full_name saturn_midd.synelck.synelck_name%TYPE;
          v_email     saturn_midd.synelck.synelck_email%TYPE;
          v_url       saturn_midd.synelck.synelck_email%TYPE;
          v_key       saturn_midd.synelck.synelck_key%TYPE;
          v_pay_method  varchar2(6);
        /* this table saturn_midd.synelck is inserted with all the students (with bills),
        the url and the key, in the way the function is going to validate the url, the id
        and the key against the values in the table*/
        CURSOR pass_the_test_cur is   
        SELECT
        synelck_pidm,
        synelck_id,
        synelck_name,
        synelck_email,
        synelck_url,
        synelck_key
        from
        saturn_midd.synelck
        where
        synelck_url = url
        and synelck_id = user_id
        and synelck_key = key 
        AND SUBSTR(synelck_name,1,120) = full_name;
         BEGIN
          IF pass_the_test_cur%ISOPEN
          THEN
              CLOSE pass_the_test_cur;
          END IF;
            OPEN pass_the_test_cur;
                 FETCH pass_the_test_cur
                       INTO v_pidm,v_user_id,v_full_name,v_email,v_url,v_key; 
            if pay_method = 'none' then v_pay_method := 'none';
              elsif
                pay_method = 'ach' then v_pay_method := 'ach' ; 
              elsif
                 pay_method = 'cc' then v_pay_method := 'cc';
              elsif           
                  pay_method = 'ach_cc' then v_pay_method := 'ach_cc' ;
           end if;      
              timestamp := get_epoch_timestamp(CURRENT_TIMESTAMP);
            If (v_url is not null and v_user_id is not null and v_key is not null
                and v_full_name is not null and v_key is not null
                and v_email is not null and v_pay_method is not null)  
            then     
                 return url || '?userId=' || escape(v_user_id, TRUE, character_set) ||
                '&' || 'fullName=' || escape(v_full_name, TRUE, character_set) ||
                '&' || 'email=' || escape(v_email, TRUE, character_set) ||
                '&' || 'paymentMethod=' || escape(v_pay_method, TRUE, character_set) ||
                '&' || 'timestamp=' || timestamp ||
                '&' || 'hash=' || get_md5_hash_value(v_user_id || v_full_name || v_email || v_pay_method || timestamp || v_key);
            end if;   
            --- return mesages     
           if v_url is null then
                raise_application_error(-20101, 'Inalid log on chek: Id .');
            end if;
            if v_user_id is null then
                raise_application_error(-20101, 'User ID is missing.');
            end if;
            if key is null then
                raise_application_error(-20101, 'Key is missing.');
            end if;
            if v_full_name is null then
                raise_application_error(-20101, 'Name is missing.');
            end if;
            if v_email is null then
                raise_application_error(-20101, 'eMail address is missing.');
            end if;
            if v_pay_method is null then
                raise_application_error(-20101, 'Payment method is missing.');
            end if;
        end l;Edited by: peace4all on Oct 26, 2010 7:13 AM

  • ERROR 53761 Connection  Bind through PTA failed (91). Retrying...

    We are using Enterprise Directory Server 7.0 (zip version) on two Linux machines A & B. Independently directory servers are working fine on both machines A & B. DSCC is running on Machine A (deployed in Sun app server 9.1)which is managing the directory server (DS1) on same machine A.
    We want to manage DS2 running on machine B using DSCC running on machine A. We can create a instance on DS2 (machine2) using DSCC running on machine A but see the operation error in DSCC console as "Unexpected Error".
    I checked the DS2 error logs, it says..
    [12/Oct/2010:10:23:13 -0700] - ERROR<53761> - Plugins - conn=-1 op=-1 msgId=-1 - Connection Bind through PTA failed (91). Retrying...
    [12/Oct/2010:10:23:13 -0700] - ERROR<53761> - Plugins - conn=-1 op=-1 msgId=-1 - Connection Bind through PTA failed (91).
    I tried to enable the access via DSCC to DS1, it enables the access as "message comes successfully enabled" but i still do see the operation error in DSCC console as "Unexpected Error" for DS2.
    This is my current pass through plugin entry in DS2
    dn: cn=Pass Through Authentication,cn=plugins,cn=config
    objectClass: top
    objectClass: nsSlapdPlugin
    objectClass: ds-signedPlugin
    objectClass: extensibleObject
    cn: Pass Through Authentication
    nsslapd-pluginPath: /opt/ldapapp/ds7/dsee7/lib/passthru-plugin.so
    nsslapd-pluginInitfunc: passthruauth_init
    nsslapd-pluginType: preoperation
    nsslapd-pluginarg0: ldap://DS1.csueastbay.edu:3998/cn=dscc
    nsslapd-pluginEnabled: on
    modifiersName: cn=dirmgr
    modifyTimestamp: 20101007221727Z
    nsslapd-pluginId: passthruauth
    nsslapd-pluginVersion: 7.0
    nsslapd-pluginVendor: Sun Microsystems, Inc.
    nsslapd-pluginDescription: pass through authentication plugin
    if I set the nsslapd-pluginarg0 parameter as ldap://*DS2*.csueastbay.edu:3998/cn=dscc (Note DS2 instead of DS1) then I get the operational status in DSCC for DS2 host as Inaccessible (*to enable access click on the server and then on "Enable Access")* .
    Now I enable the access using DSCC on host A and message comes access is enabled successfully for DS2 and but I again see the operational Status as "Unexpected Error" for DS2 host.
    Could you please shadow some light what could be wrong?
    Appreciated your quick response.
    Thanks

    Thanks for the reply. I do see the host names in /etc/hosts file on both the machines ( DSCC as well actual directory server) but no positive response yet. I think the error is lying here. Ran dsccmon on the server where Directory server 7.0 is running.
    [diruser@ds1 ~]$ dsccmon view-servers -E
    Server Status Version Entry# Suffix# Roles
    ds1.csueastbay.edu:1389 ERROR - 0 0 ---
    ds1.csueastbay.edu:1389 {
    ERROR_UNEXPECTED_FAILURE[javax.naming.NamingException: [LDAP: error code 1 - Can't connect to the LDAP server]]
    at com.sun.directory.dcc.core.ServerCacheEntryImpl.reportException(ServerCacheEntryImpl.java:195)
    at com.sun.directory.dcc.core.ServerLoader.run(TopologyLoader.java:334)
    Caused by: javax.naming.NamingException: [LDAP: error code 1 - Can't connect to the LDAP server]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3081)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
    at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2602)
    at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2576)
    at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2572)
    at javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:173)
    at com.sun.directory.common.ssl.LdapContextUtils$3.run(LdapContextUtils.java:251)
    at java.lang.Thread.run(Thread.java:619)
    Embedded exception:
    javax.naming.NamingException: [LDAP: error code 1 - Can't connect to the LDAP server]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3081)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
    at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2602)
    at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2576)
    at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2572)
    at javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:173)
    at com.sun.directory.common.ssl.LdapContextUtils$3.run(LdapContextUtils.java:251)
    at java.lang.Thread.run(Thread.java:619)
    1 server error(s) displayed

  • OIM - pass thru authentication?? Possible?

    Hi all,
    While I am intending to use OIM 9.0.3 for provisioning/de-provisioning. I am thinking of some sort of pass through authentication to the existing AD, thus, my users do not have to remember another set of username/pw.
    Is that at all possible? If not, what would be your approach? Having OID running behind (that is not in the plan right now)? Does even OID have pass through type capability like Sun Java DS?

    Thanks kevinp.
    If I understand your suggestion correctly, rather than passing the authentication responsibility to AD, it is indeed staying within OIM. The only difference is that pwd sync just saves the users from remembering two sets of username/pwd. Correct?

  • ERROR 53761 Connection Bind through PTA failed (91). Plugins -1

    Hi
    I am getting the following error in the error log while trying to start the DS 6.1 on linux. It was running fine few days before. but started giving this error after I tried to add this server in the webconsole of another server.
    any idea?
    Further adding,
    I am using direct ip addresses of the servers rather than names.
    The problem comes after adding the server, when it restarts the added server (may be its happening after the adding server copies the config files to the added server.)
    I temporarily avoided the problem by clicking on the 'enable access' button of the added server. not sure if its is the way.
    Thanks
    Ashutosh
    Edited by: ashutoshdash on Sep 30, 2007 7:30 PM

    PTA means pass through authentication and is used to authenticate through the Console to the registered servers.
    This error message indicates that one of the Directory Server cannot forward the Bind request, as it is not properly configured. You may want to check the plugin configuration entry on this Directory Server and more specifically the URL pointing back to the Administration Directory Server (the private DS used by DSCC). It's very likely that the URL contains a hostname and not the IP Address.
    If that's the case, stop the Directory Server, edit the dse.ldif manually and restart the DS.
    Regards,
    Ludovic

  • Disable Pass-through

    Hi
    I imported a big update.xml with pass-through authentication configuration ... Now I can't log in web admin console as configurator. How can I disable the great pass-through?
    Big Thanks
    JXXE

    Hey JXEE,
    This is in case still you haven't solved the passthrough, configurator login problem.
    I once faced a similar situation, where when one of our administrators configured passthrough login. What he did was, while creating the "passthrough login module group", he added the "resource Login Module" to the "passthrough login module group" but removed the "Default Lighthouse Login Module" from the group. After that the users can login to IDM using the resource login password but configurator could not login at all as the "Default Lighthouse Login Module" was removed from the Login Module Group.
    After trying so many options the only thing that worked for me was, preserving the IDM repository, which in this case MySQL, to preserve already created users, roles, resources etc. and then preserving WPMessages.properties, styles.css and images folder to preserve the customization and then reinstalling Sun IDM. By making the new IDM installation to point to the preserved repository and overwriting the new WPMessages.properties, Styles.css and images folder with the preserved WPMessages.properties, Styles.css and images folder I managed to restore the IDM properly.
    Looks like you too have similar problem. Hope this procedure would work for you. One reminder though, you may want to create the problem in a test environment and try this remedy before you try it on your production.
    Hope this would help.
    Thanks,
    SunCrazy

  • Pass Through plugin

    Hi Dudes,
    When using the 'Pass Through Authentication' plugin the Directory Server bind requests are redirected to the Directory Server specified as argument(s) in the PTA configuration.
    My question is does the PTA also handles group evaluation...?
    For example in ACI:
    Does NOT function properly.
    aci: (targetattr = "*")(version 3.0; acl "Enable Read-Only access for Directory Services Managers Group"; allow (read,search,compare)(groupdn = "ldap:///cn=Administrators,cn=dscc");)
    Does function properly.
    aci: (targetattr = "*")(version 3.0; acl "Enable Read-Only access for Directory Services Managers Group"; allow (read,search,compare)(userdn = "ldap:///cn=\*,cn=Administrators,cn=dscc");)
    Can anybody provide a solide explanation of this behaviour.
    Regards,
    Bhagt Rajaram
    Edited by: gonzales on May 6, 2008 5:10 AM

    PTA doesn't deal with ACI and group evaluation.
    PTA only forward the authentication to a remote server (Bind request).
    The ACI that doesn't work because the groupdn is not a local group and the server doesn't know how to compute membership.
    Regards,
    Ludovic.

  • I'm trying to connect through the FTP client Filezilla. When I try to login with the wizard, it gives me a "503 Failure of Data Connection" reply; when I attempt to login myself, it gives me a "530 Login Authentication Failed." HELP!!!

    My current softward is: Mac OS X Lion 10.7.5 (11G63)
    When I attempt to use the Filezilla connection wizard I get the following message:
    Connecting to probe.filezilla-project.org
    Response: 220 FZ router and firewall tester ready
    USER FileZilla
    Response: 331 Give any password.
    PASS 3.7.1.1
    Response: 230 logged on.
    Checking for correct external IP address
    Retrieving external IP address from http://ip.filezilla-project.org/ip.php
    Checking for correct external IP address
    IP 27.0.19.56 ch-a-bj-fg
    Response: 200 OK
    PREP 52470
    Response: 200 Using port 52470, data token 1871898076
    PORT 27,0,19,56,204,246
    Response: 200 PORT command successful
    LIST
    Response: 150 opening data connection
    Response: 503 Failure of data connection.
    Server sent unexpected reply.
    Connection closed
    When I attempt to login Host/Username/Password myself I get the following message:
    Status:          Resolving address of amyhoney.com
    Status:          Connecting to 184.168.54.1:21...
    Status:          Connection established, waiting for welcome message...
    Response:          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:          220-You are user number 12 of 500 allowed.
    Response:          220-Local time is now 04:05. Server port: 21.
    Response:          220-This is a private system - No anonymous login
    Response:          220 You will be disconnected after 3 minutes of inactivity.
    Command:          USER 5475****
    Response:          331 User 5475**** OK. Password required
    Command:          PASS ********************
    Response:          530 Login authentication failed
    Error:          Critical error
    Error:          Could not connect to server
    Now before anyone points out the obvious: my username and password are correct. I've already gone through changing them so I know they are.
    Additionally, I've pretty much tried EVERYTHING I've read online, from messing with "terminal" (and subsequently the FTP and STFP options) to changing the sharing options and turning on file sharing/remote management as well as just turning off my Firewall completely.
    Now I've used Filezilla before when I first published my site and everything worked fine. My site is published through Wordpress so most of my editing was done through simply logging into my "wp-login." I recently changed the theme and in order to change the header image in that theme I have to do it through my "wp-content" folder, which means I need to use Filezilla. I feel like a complete moron right now considering I've had my site for about a year and can't even doing something this simple.
    I've read that the newer version of Lion/Mountain Lion don't support automatice FTP anymore, which (as I mentioned prior) I attempted to fix through Terminal. However, nothing I do seem to do works.
    Can someone walk me through fixing this? And I do mean 'walk me through'. I'm not a tech-savvy nerd who knows all the lingo, I just know the basics so sorry if my ignorance offends you.
    HELP!!

    First be sure login and password are OK. Sometimes the address starts wit "http://..." and sometime starts with "ftp://...". Try both normal FTP access and Scure FTP access (SFTP). At the end, contact the site's provider.

  • AD Authentication - pass through?

    Evening ladies and gents, really stuck and need some help with implementation of our new Apple network.
    the story so far.....
    We have Windows  Server 2008 R2 AD running over a HSRP VLANed network.  We've purchased 30 Apples and we want to be able to authenticate users against AD as well as map their Windows home areas.
    Firstly I know nothing about the Apple OS and concerned direct integration into the AD network may pose security risks. As' I understand it' OD ignores NTFS permissions, the backbone of AD security.
    I envisaged being able to use a multi-honed OSX Server as a 'pass through' / 'proxy' for AD kebros authentication and home area mapping. So firstly is this possible?
    What is generally recognized as best practice in this kind of setup?
    Many thanks

    Hello Colin,
    The response you get back indicates that the setspn tool detected an error in the attributes.
    When the command is succesfull, you will get a message saying that registering the SPN is succesfull.
    When using the setspn.exe tool, make sure you are logged on with Domain admin rights. I always run the tool on the domain controller itself.
    Try including the domain name when you enter the service account, the command should read like this:
    setspn -a HTTP/portal.customer.de DOMAIN\j2ee-SID
    Replace portal.customer.de with the DNS name for your server, repeat the command with the different DNS names if you have more then one DNS name.
    Replace DOMAIN with the name of your windows domain.
    Replace j2ee-SID with the User Logon Name of your service account.
    Make sure there are no spaces or special signs in the User Logon Name !
    On Windows servers, the usage of SPNs is not case sensitive, but when calling the service from non-window systems, it is !
    For more info on the setspn tool, look here:
    [http://technet.microsoft.com/en-us/library/cc773257(WS.10).aspx]
    I hope this helps.
    Dagwin

  • AAA Authentication for Traffic Passing through ASA

    I am setting up AAA authentication for traffic that will pass through my ASA. I am having difficulty enabling 'aaa authentication secure-http-client'. Without secure communications enabled access functions as expected. When I enable access, I get prompted for a username/password. The username/password is entered. Authentication passes (show uauth). The requested page (http://www.cisco.com) switches to https://x.x.x.x (a resolved IP address for the site). Eventually (5 seconds), I am asked to accept or deny a certificated. Interestingly, the certificate is for the ASA and not the requested site (http://www.cisco.com).
    Am I missing something?
    firewall# show run aaa
    aaa authentication http console TACACS+ LOCAL
    aaa authentication telnet console TACACS+ LOCAL
    aaa authentication serial console TACACS+ LOCAL
    aaa authentication ssh console TACACS+ LOCAL
    aaa authentication enable console TACACS+ LOCAL
    aaa authentication match guestnetwork_access guestnetwork RADIUS
    aaa authentication secure-http-client
    firewall# show access-li guestnetwork_access
    access-list guestnetwork_access; 2 elements
    access-list guestnetwork_access line 1 extended deny udp 10.255.255.0 255.255.255.0 any eq domain (hitcnt=33)
    access-list guestnetwork_access line 2 extended permit ip 10.255.255.0 255.255.255.0 any (hitcnt=412)
    firewall# show run aaa-s
    aaa-server RADIUS protocol radius
    aaa-server RADIUS (inside) host 192.168.250.14
    key xxxxx
    firewall# show run http
    http server enable

    your definition for the aaa-server is different to the aaa authentication server-group
    try
    aaa authentication http console RADIUS LOCAL
    aaa authentication telnet console RADIUS LOCAL

  • "Returned mail: Message failed to pass through virus scanner"

    We have a large number of this mail (see below) on our OCS1 cause by virus like MyDoom:
    From: "Mail Delivery Subsystem" <[email protected]>
    To: [email protected]
    Mime-Version: 1.0
    Content-Type: multipart/report;
         report-type=delivery-status; BOUNDARY="----ORCL_ES6_BOUNCE_1095724----"
    Date: Fri, 22 Oct 2004 09:52:32 +0200
    Subject: Returned mail: Message failed to pass through virus scanner
    ------ORCL_ES6_BOUNCE_1095724----
    Content-Type: text/plain
    The original message was received at Fri, 22 Oct 2004 09:51:21 +0200
    from <[email protected]>
    ----- The following addresses had delivery problems -----
    <[email protected]> (unrecoverable error)
    ----- Transcript of session follows -----
    Message failed to pass through virus scanner
    ------ORCL_ES6_BOUNCE_1095724----
    content-type: message/delivery-status
    Reporting-MTA: dns; maildb.italtbs.com
    Final-Recipient: rfc822;[email protected]
    Action: failed
    Status: 5.7.7
    Diagnostic-Code: smtp; Message failed to pass through virus scanner
    ------ORCL_ES6_BOUNCE_1095724----
    Content-Type: message/rfc822
    Return-Path: <[email protected]>
    Received: from mailas.italtbs.com by maildb.italtbs.com
         with ESMTP id 10957241098431481; Fri, 22 Oct 2004 09:51:21 +0200
    Received: from italtbs.com
         by mailas.italtbs.com with SMTP id i9M7pJJ06571
         for <[email protected]>; Fri, 22 Oct 2004 09:51:19 +0200
    Message-Id: <[email protected]>
    From: [email protected]
    To: [email protected]
    Subject: Found
    Date: Fri, 22 Oct 2004 09:50:40 +0200
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
         boundary="----=_NextPart_000_0007_0000355F.0000439E"
    X-Priority: 3
    X-MSMail-Priority: Normal
    ------ORCL_ES6_BOUNCE_1095724------
    On MAILAS.italtbs.com are installed infrastructure, sendmail and Symantec Scan Engine.
    On MAILDB.italtbs.com are installed storage database and midtier.
    Can I stop this useless messagges?
    Thanks and regard
    Matteo

    Are you still unable to send email?  What client are you using?  Do you see your job represented on ePrintCenter?
    Although I am an HP employee, I am speaking for myself and not for HP

  • Cisco ASA 5505 L2TP Pass through

    I am having trouble with L2TP pass through on an ASA 5505 device.
    L2TP server: OSX 10.6
    I can connect with any OSX system and it works fine straight away.
    When connecting with a windows computer I get a 789 error.  "Error 789: The L2TP connection attempt failed because the security layer encountere a processing error during the initial negotiations with the remote computer."
    I did not setup or configure the device to start with and apart from this issue its working fine so I am hessitant at trying to just mess around too much to try and find the problem.
    I am using the ASDM 6.4 to manage the device.
    Ports look to be forwarded correctly; 1701, 4500 & 500 UDP.
    Im just looking for other common issues?
    Rob

    Below is the commands you wanted.
    Where you see: IPNOTWHATIWASEXPECTING
    This is an IP I dont know. possible and old IP address.
    and
    default-domain value domain-notcorrect.local
    This is an old domain from years ago.
    Result of the command: "show run crypto"
    crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac
    crypto ipsec transform-set aes-192-sha esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set aes-256-sha esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set transform-amzn esp-aes esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map map-dynamic 1 set pfs group5
    crypto dynamic-map map-dynamic 1 set transform-set aes-256-sha aes-192-sha aes-sha 3des-sha
    crypto dynamic-map map-dynamic 2 set pfs
    crypto dynamic-map map-dynamic 2 set transform-set aes-256-sha aes-192-sha aes-sha 3des-sha
    crypto dynamic-map map-dynamic 3 set pfs
    crypto dynamic-map map-dynamic 3 set transform-set aes-256-sha aes-192-sha aes-sha 3des-sha
    crypto dynamic-map map-dynamic 4 set transform-set aes-256-sha aes-192-sha aes-sha 3des-sha
    crypto map outside_map 1 match address outside_1_cryptomap
    crypto map outside_map 1 set peer IPNOTWHATIWASEXPECTING3
    crypto map outside_map 1 set transform-set ESP-DES-SHA
    crypto map outside_map 2 match address acl-amzn
    crypto map outside_map 2 set pfs
    crypto map outside_map 2 set peer IPNOTWHATIWASEXPECTING IPNOTWHATIWASEXPECTING
    crypto map outside_map 2 set transform-set transform-amzn
    crypto map outside_map 255 ipsec-isakmp dynamic map-dynamic
    crypto map outside_map interface outside
    crypto isakmp identity address
    crypto isakmp enable outside
    crypto isakmp policy 1
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 86400
    crypto isakmp policy 2
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 3
    authentication pre-share
    encryption aes-256
    hash sha
    group 1
    lifetime 86400
    crypto isakmp policy 11
    authentication pre-share
    encryption aes-192
    hash sha
    group 5
    lifetime 86400
    crypto isakmp policy 12
    authentication pre-share
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 13
    authentication pre-share
    encryption aes-192
    hash sha
    group 1
    lifetime 86400
    crypto isakmp policy 21
    authentication pre-share
    encryption aes
    hash sha
    group 5
    lifetime 86400
    crypto isakmp policy 22
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 23
    authentication pre-share
    encryption aes
    hash sha
    group 1
    lifetime 86400
    crypto isakmp policy 31
    authentication pre-share
    encryption 3des
    hash sha
    group 5
    lifetime 86400
    crypto isakmp policy 32
    authentication rsa-sig
    encryption des
    hash sha
    group 1
    lifetime 86400
    crypto isakmp policy 33
    authentication pre-share
    encryption 3des
    hash sha
    group 1
    lifetime 86400
    crypto isakmp policy 34
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    Result of the command: "show run group-policy"
    group-policy evertest internal
    group-policy evertest attributes
    dns-server value 10.100.25.252
    vpn-idle-timeout 720
    vpn-tunnel-protocol IPSec l2tp-ipsec
    pfs enable
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpnsplittunnel
    default-domain value domain-notcorrect.local
    group-policy petero internal
    group-policy petero attributes
    dns-server value 10.100.25.252
    vpn-idle-timeout 720
    pfs enable
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpnsplittunnel
    default-domain value domain-notcorrect.local
    group-policy awsfilter internal
    group-policy awsfilter attributes
    vpn-filter value amzn-filter
    group-policy vpnpptp internal
    group-policy vpnpptp attributes
    dns-server value 10.100.25.252
    vpn-tunnel-protocol l2tp-ipsec
    group-policy vanheelm internal
    group-policy vanheelm attributes
    dns-server value 10.100.25.252
    vpn-idle-timeout 720
    vpn-tunnel-protocol IPSec l2tp-ipsec
    pfs enable
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpnsplittunnel
    default-domain value domain-notcorrect.local
    group-policy ciscoVPNuser internal
    group-policy ciscoVPNuser attributes
    dns-server value 10.100.25.10
    vpn-idle-timeout 720
    pfs enable
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpnsplittunnel
    default-domain value domain-notcorrect.local
    group-policy chauhanv2 internal
    group-policy chauhanv2 attributes
    dns-server value 10.100.25.252
    vpn-idle-timeout 720
    pfs enable
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpnsplittunnel
    default-domain value domain-notcorrect.local
    group-policy oterop internal
    group-policy oterop attributes
    dns-server value 10.100.25.252
    vpn-idle-timeout 720
    vpn-tunnel-protocol IPSec l2tp-ipsec
    pfs enable
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpnsplittunnel
    default-domain value domain-notcorrect.local
    group-policy Oterop internal
    group-policy Oterop attributes
    dns-server value 10.100.25.252
    vpn-idle-timeout 30
    group-policy chauhanv internal
    group-policy chauhanv attributes
    dns-server value 10.100.25.252
    vpn-idle-timeout 30
    vpn-tunnel-protocol IPSec l2tp-ipsec
    group-policy bnixon2 internal
    group-policy bnixon2 attributes
    dns-server value 10.100.25.252
    vpn-idle-timeout 720
    vpn-tunnel-protocol IPSec l2tp-ipsec
    pfs enable
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpnsplittunnel
    default-domain value domain-notcorrect.local
    Result of the command: "show run tunnel-group"
    tunnel-group ciscoVPNuser type remote-access
    tunnel-group ciscoVPNuser general-attributes
    address-pool vpnippool
    default-group-policy ciscoVPNuser
    tunnel-group ciscoVPNuser ipsec-attributes
    pre-shared-key *****
    tunnel-group petero type remote-access
    tunnel-group petero general-attributes
    address-pool vpnippool
    default-group-policy petero
    tunnel-group petero ipsec-attributes
    pre-shared-key *****
    tunnel-group oterop type remote-access
    tunnel-group oterop general-attributes
    address-pool vpnippool
    default-group-policy oterop
    tunnel-group oterop ipsec-attributes
    pre-shared-key *****
    tunnel-group vanheelm type remote-access
    tunnel-group vanheelm general-attributes
    address-pool vpnippool
    default-group-policy vanheelm
    tunnel-group vanheelm ipsec-attributes
    pre-shared-key *****
    tunnel-group chauhanv type remote-access
    tunnel-group chauhanv general-attributes
    default-group-policy chauhanv
    tunnel-group Oterop type remote-access
    tunnel-group Oterop general-attributes
    default-group-policy Oterop
    tunnel-group chauhanv2 type remote-access
    tunnel-group chauhanv2 general-attributes
    address-pool vpnippool
    default-group-policy chauhanv2
    tunnel-group chauhanv2 ipsec-attributes
    pre-shared-key *****
    tunnel-group bnixon2 type remote-access
    tunnel-group bnixon2 general-attributes
    address-pool vpnippool
    default-group-policy bnixon2
    tunnel-group bnixon2 ipsec-attributes
    pre-shared-key *****
    tunnel-group vpnpptp type remote-access
    tunnel-group vpnpptp general-attributes
    address-pool vpnippool
    default-group-policy vpnpptp
    tunnel-group IPNOTWHATIWASEXPECTING4 type ipsec-l2l
    tunnel-group IPNOTWHATIWASEXPECTING4 ipsec-attributes
    pre-shared-key *****
    tunnel-group evertest type remote-access
    tunnel-group evertest general-attributes
    address-pool vpnippool
    default-group-policy evertest
    tunnel-group evertest ipsec-attributes
    pre-shared-key *****
    tunnel-group evertest ppp-attributes
    authentication ms-chap-v2
    tunnel-group IPNOTWHATIWASEXPECTING3 type ipsec-l2l
    tunnel-group IPNOTWHATIWASEXPECTING3 ipsec-attributes
    pre-shared-key *****
    tunnel-group IPNOTWHATIWASEXPECTING2 type ipsec-l2l
    tunnel-group IPNOTWHATIWASEXPECTING2 general-attributes
    default-group-policy awsfilter
    tunnel-group IPNOTWHATIWASEXPECTING2 ipsec-attributes
    pre-shared-key *****
    isakmp keepalive threshold 10 retry 3
    tunnel-group IPNOTWHATIWASEXPECTING type ipsec-l2l
    tunnel-group IPNOTWHATIWASEXPECTING general-attributes
    default-group-policy awsfilter
    tunnel-group IPNOTWHATIWASEXPECTING ipsec-attributes
    pre-shared-key *****
    isakmp keepalive threshold 10 retry 3
    Result of the command: "show vpn-sessiondb detail remote filter protocol L2TPOverIPsec"
    INFO: There are presently no active sessions of the type specified
    Result of the command: "show vpn-sessiondb detail remote filter protocol L2TPOverIPsecOverNAT"
    INFO: There are presently no active sessions of the type specified

  • Authentication Failed Exception

    Hello every one,
    this is my second post to this problem, my problem is not solved yet. i tried lots of ways but not worked, please help me.
    i m trying to send a mail, it connects to the mail server but can't authenticate it, i cant uderstand where i m wrong.
    my code is
    try
    Properties props = new Properties();
    props.put("mail.smtp.host",smtpHost);
    props.put("mail.smtp.port",smtpPort);
    props.put("mail.smtp.auth","true");
    SMTPAuthenticator auth = new SMTPAuthenticator(user,pass);
    Session session = Session.getInstance(props,auth);
    session.setDebug(true);
    Message msg = new MimeMessage(session);
    msg.setSentDate(new Date());
    msg.setFrom(new InternetAddress(from));
    InternetAddress[] addTo = new InternetAddress[to.length];
    for(int i=0; i<to.length; i++)
    addTo[i] = new InternetAddress(to);
    msg.setRecipients(Message.RecipientType.TO, addTo);
    msg.setSubject(subject);
    msg.setHeader("Email Notification",from);
    MimeBodyPart messageBodyPart = new MimeBodyPart();
    messageBodyPart.setContent(content,"text/plain");
    Multipart multipart = new MimeMultipart();
    multipart.addBodyPart(messageBodyPart);
    if(attach != null && attach[0] != null)
    for(int i=0; i<attach.length; i++)
    messageBodyPart = new MimeBodyPart();
    DataSource source=null;
    source = new FileDataSource(attach[i]);
    messageBodyPart.setDataHandler(new DataHandler(source));
    messageBodyPart.setFileName(source.getName());
    multipart.addBodyPart(messageBodyPart);
    msg.setContent(multipart);
    Transport.send(msg);
    String host = "202.41.70.1";
    String port = "25";
    String usr = "sachin";
    String pwd = "xxxxx";
    String frm = "sachin";
    String[] to={"[email protected]","[email protected]","[email protected]"};
    String sub = "Email Notificatio through JavaMail";
    String con = "This is a test mail send through the Java Mail API";
    try
    send s = new send(host,port,usr,pwd,frm,to,sub,con,null);
    catch(Exception e)
    e.printStackTrace();
    }It is simple java program and it gives following trace
    DEBUG: setDebug: JavaMail version 1.4ea
    DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.s
    mtp.SMTPTransport,Sun Microsystems, Inc]
    DEBUG SMTP: useEhlo true, useAuth true
    DEBUG SMTP: useEhlo true, useAuth true
    DEBUG SMTP: trying to connect to host "202.41.70.1", port 25, isSSL false
    220 bioinfo.ernet.in ESMTP Sendmail 8.13.1/8.13.1; Thu, 9 Nov 2006 17:18:41 +053
    0
    DEBUG SMTP: connected to host "202.41.70.1", port: 25
    EHLO pc-56
    250-bioinfo.ernet.in Hello mm-pc56.bioinfo.ernet.in [202.41.70.56], pleased to m
    eet you
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-8BITMIME
    250-SIZE
    250-DSN
    250-AUTH DIGEST-MD5 CRAM-MD5
    250-DELIVERBY
    250 HELP
    DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
    DEBUG SMTP: Found extension "PIPELINING", arg ""
    DEBUG SMTP: Found extension "8BITMIME", arg ""
    DEBUG SMTP: Found extension "SIZE", arg ""
    DEBUG SMTP: Found extension "DSN", arg ""
    DEBUG SMTP: Found extension "AUTH", arg "DIGEST-MD5 CRAM-MD5"
    DEBUG SMTP: Found extension "DELIVERBY", arg ""
    DEBUG SMTP: Found extension "HELP", arg ""
    DEBUG SMTP: Attempt to authenticate
    DEBUG DIGEST-MD5: Loaded
    AUTH DIGEST-MD5
    334 bm9uY2U9IllMM2RRRzc0Q3YraWI5MkJ5QXdEOCt0QjI5elIvdFNzNmUweG9la1lqTGc9IixyZWFs
    bT0iYmlvaW5mby5lcm5ldC5pbiIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJy
    YzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTgxOTIsY2hhcnNldD11dGYtOCxhbGdvcml0
    aG09bWQ1LXNlc3M=
    DEBUG DIGEST-MD5: Begin authentication ...
    DEBUG DIGEST-MD5: Received => nonce='YL3dQG74Cv+ib92ByAwD8+tB29zR/tSs6e0xoekYjLg
    ='
    DEBUG DIGEST-MD5: Received => realm='bioinfo.ernet.in'
    DEBUG DIGEST-MD5: Received => qop='auth,auth-int,auth-conf'
    DEBUG DIGEST-MD5: Received => cipher='rc4-40,rc4-56,rc4,des,3des'
    DEBUG DIGEST-MD5: Received => maxbuf='8192'
    DEBUG DIGEST-MD5: Received => charset='utf-8'
    DEBUG DIGEST-MD5: Received => algorithm='md5-sess'
    DEBUG DIGEST-MD5: Response => username="sachin",realm="bioinfo.ernet.in",qop=aut
    h,nc=00000001,nonce="YL3dQG74Cv+ib92ByAwD8+tB29zR/tSs6e0xoekYjLg=",cnonce="9Ko++
    L4WPLiz9bb56ZKJDsZz+QBR+ByvZTsFMJPAThU=",digest-uri="smtp/202.41.70.1",response=
    fcc111db97f183ca954743c9f6dfef70
    dXNlcm5hbWU9InNhY2hpbiIscmVhbG09ImJpb2luZm8uZXJuZXQuaW4iLHFvcD1hdXRoLG5jPTAwMDAw
    MDAxLG5vbmNlPSJZTDNkUUc3NEN2K2liOTJCeUF3RDgrdEIyOXpSL3RTczZlMHhvZWtZakxnPSIsY25v
    bmNlPSI5S28rK0w0V1BMaXo5YmI1NlpLSkRzWnorUUJSK0J5dlpUc0ZNSlBBVGhVPSIsZGlnZXN0LXVy
    aT0ic210cC8yMDIuNDEuNzAuMSIscmVzcG9uc2U9ZmNjMTExZGI5N2YxODNjYTk1NDc0M2M5ZjZkZmVm
    NzA=
    535 5.7.0 authentication failed
    javax.mail.AuthenticationFailedException
    at javax.mail.Service.connect(Service.java:306)
    at javax.mail.Service.connect(Service.java:156)
    at javax.mail.Service.connect(Service.java:105)
    at javax.mail.Transport.send0(Transport.java:168)
    at javax.mail.Transport.send(Transport.java:98)
    at send.<init>(send.java:67)
    at send.main(send.java:87)
    Hope any one will solve my problem, i am waiting for reply here tonight

    Hi .
    I tried your code , and I got the same exeption ..
    But when I changed a little bit in it , it worked ... :
    Properties props = new Properties();
    props.put("mail.smtp.host","host");
    props.put("mail.smtp.port","25");
    props.put("mail.smtp.auth","true");
    Session session = Session.getInstance(props,null);
    session.setDebug(true);
    Message msg = new MimeMessage(session);
    msg.setSentDate(new Date());
    msg.setFrom(new InternetAddress("[email protected]"));
    InternetAddress[] addTo = new InternetAddress[1];
    for(int i=0; i<addTo.length; i++)
    addTo[i] = new InternetAddress("[email protected]");
    msg.setRecipients(Message.RecipientType.TO, addTo);
    msg.setSubject("HIIIIIIIIIIIII");
    msg.setText("HIIIIIIIIIIII");
    Transport tr = session.getTransport("smtp");
    tr.connect("[email protected]","xxxx");
    tr.sendMessage(msg,msg.getAllRecipients());
    Actually I used : tr.sendMessage(msg,msg.getAllRecipients());
    instead of : tr.send(msg) and it worked for me ..
    Plase try it and let me know ..
    Omar Dawod .

  • Authentication failed to....

    I have a strange problem with which I'm hoping someone can assist me.
    I have 8 clients running Leopard. These clients are all at different locations behind routers that use NAT to forward incoming traffic on the public static IP address to the private static IP of the client. Remote administration of these clients works flawlessly.
    I also have 2 clients at my location, both running Tiger. These are both on the local subnet, and again, the router's NAT feature forwards incoming traffic to their private static IP's. Both clients are configured with the same local admin account name and password.
    Inside the local subnet, I can Remote Manage both local clients with no problems. However, I have a user in another state that needs to Remote Manage these clients, and for some reason, only one of the two works. When she tries to Remote Manage the client in question, she gets "Authentication failed to "adsl-99-*-***-**.dsl.sfldmi.sbcglobal.net" (I put in the *'s).
    She has deleted the offending client from her Master List and re-entered it twice. When she enters the IP, username and password, ARD verifies before adding to the list, which it does without error. But when she tries to Observe or Control, she gets the Authentication error. She is running ARD 2 on Tiger. She is able to Remote Manage all 8 of the clients at our various locations and 1 of the 2 clients at my location, but not the one in question.
    I'm stumped! Any thoughts?

    Dave Sawyer wrote:
    You've confirmed that the ports are open and pass through the router correctly?
    If so, are the versions of ARD client the same on both systems at your location? Is she able to do other functions on the problem system; get reports, etc.?
    According to the router documentation, any and all traffic directed at the public IP passes through, regardless of port numbers. I am assuming this is true, as I have not set up any specific port forwarding, and one of the two clients does work properly. We also have other systems here that use specific ports for data transfer, and I've not had to open those ports in the router for those systems either.
    Also, the problem system has worked well for the last 4 or 5 years before our IP addresses changed, with the same router. And yes, she is using the new IP
    Both clients are running ARD client 2.2. The problem system is running Panther 10.3.9, not Tiger as previously stated. That seems to be the only difference. The admin computer is running ARD admin 2.2 and Tiger 10.4.11.
    I had her try a Copy Items... and she was told the task would fail: "This task will fail. This task is not supported on "adsl-99-*-***-**.dsl.sfldmi.sbcglobal.net"
    Also had her try to send a Restart... again, this task will fail.
    Thanks a bunch for taking the time to help me out with this. Hopefully I'm providing good info for you.

Maybe you are looking for

  • ITunes doesn't connect to remote speakers on my Airport Express?!?

    Can you help me solve this technical issue? I have a Linksys wireless router with another device as a wireless repeater (to extend my wireless network). On the other end of this wireless network is my AirPort Express with the AirTunes enabled. I can

  • How to select record in mulitple rows based on another field's values?

    Hi, sorry about the bad title, really not sure how to explain this Have the following data: Cost_center       Activity_type 1005009401     CLBR0 1005009401     CLBR1 1005009401     TLBR0 1005009401     TLBR1 1005009401     VEH00 1005009402     CLBR3

  • When I open my macbook, why is a different program in the foreground than when I closed it?

    Hi all. I was curious as to why whenever I open my macbook pro, a different program is running in the foreground than whatever was there when I closed it. Not a major issue, just really confusing. It's always a progam I had open, but always a differe

  • Why can't I find Ox S Lion on my mac?

    When i go into the app store is it displayed as installed but i canot find the app anywhere. I really want to complete my icloud for music and I cant do it without it. Help please?

  • APEX 4.0 Installation Error

    Hello, When installing APEX 4.0 on an AIX box, 64 bit processor, I receive an error on the package wwv_flow_gen_api2. The result being that a get a package spec but no body for wwv_flow_gen_api2. I have searched the forums and tried a couple of sugge