Policy issues with RMI

I developed a client app that runs correctly on my computer but when uploaded to a remote web server, it returns no answer. I believe this is caused by SocketPermission. It appears to be making a request. Can you tell me how the socket permissions can be adjusted for my application, when it resides on a web server not owned by me.

you need to read up on the java permissions settings for RMI also.

Similar Messages

  • Again: Policy issue with official certificate

    Hi
    The signer of the document in question uses an official p12 keystore issued by QuoVadis.
    The receiving user then encounters a problem with the signature in adobe reader 11:
    - The certificate chain is shown correctely
    - The signer-certificate shows the yellow warning flag saying: The selected certificate has errors: Invalid policy constraint
    This causes lot of problems in user environments now oblidged to deal with signed documents.
    Since we have absolutely no influence on all the various digital ids out in the field following questions:
    - Exactely hat policy constaints hurt adobe readers and why is this checked at all?
    - What can/must we do on the signer's side to get a document signed with an official digital id accepted in adobe reader ?
    - Is it reasonable to think a reader should accept an otherwise valid certification chains without threading the innocent receiver with "Something wrong with document credibility" ?
    Thanks for yor help
    Marcel

    A CA may issue many different signing certificates and System Administrator may restrict which signatures signed with certificates issued by this CA should be accepted as Valid on particular Reader installations.
    Policy constraints are set on individual Acrobat/Reader installations. Usually they are set by IT but can be also done manually by the users. When policy constraints are enabled Reader validates only signatures signed with DIgital IDs that meet specified policy constraints. In Reader/Acrobat policy constraints are specified per trusted root certificate. In Reader XI go to Edit->Preferences->Signatures, click on More.... in "Identities&Trusted Certificates" and select "Trusted Certificates". In the list of ttrusted certificates select the root certificate of the chain in the problem signature and click "Edit Trust" button. In the dialog that comes up select "Policy Restrictions" tab. It contains on top explanation of what policy restrictions are.
    Apparently the installations that exhibit this problem have some "Certificate policies" entered for QuoVadis trusted root. When it happens Reader will mark as Valid only signatures signed with the QuoVadis-issued Digital IDs that include matching policy constraints. There is nothing you can do about it on the signer's side, because it is controlled by the preferences on the recipients' side.

  • Issue with rmi connection when server name has underscore("_")

    Hi
    I am getting the following error when server name has underscore("_"). And jserver is not coming up. can anyone please help me with this
    ERROR 02/11 17:19:42 jserver [main] 104021
    java.net.MalformedURLException: invalid authority: rmi://TP_BMCPOC:1099/server
    at java.rmi.Naming.intParseURL(Naming.java:313)
    at java.rmi.Naming.parseURL(Naming.java:220)
    at java.rmi.Naming.rebind(Naming.java:154)
    Looks liek Naming.rebind has some issue. is there any other alternative to register??
    Thanks
    anitha

    [http://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names]

  • Policy issues with new Version

    I get the following error when an application has an assembly that asks for a Oracle.DataAccess version of 10.2.0.100 but the new server has 1.102.2.20 with the policies on it.
    I want to avoid rebuilding assemblies with the latest version since their is a lot of them in over 50+ different applications.
    Compiler Error Message: CS1705: Assembly 'SomeAssembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' uses 'Oracle.DataAccess, Version=10.2.0.100, Culture=neutral, PublicKeyToken=89b483f429c47342' which has a higher version than referenced assembly 'Oracle.DataAccess, Version=1.102.2.20, Culture=neutral, PublicKeyToken=89b483f429c47342'
    Any suggestions? Thanks!

    Thanks for the reply. I noticed that article, but didn't get any help from it. The compiler in my situation doesn't like the way the "10" was dropped off the version. I figure there is nothing I can do about that, but I guess I'm really looking for a way to tell the compiler to ignore the fact it thinks it's going to use a lower version then what the assembly is calling for.

  • Issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

    issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

    issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

  • Issue with Lockout Duration in Password Policy in OAM

    Hi,
    We are facing an issue with the lockout duration configuration in the password policies in the identity manager interface for our OAM setup.
    Oracle Access Manager 10g version 10.1.4
    User/Policy Store: ADAM Ldap [Microsoft ADAM 2003]
    After we lock out a user in our LDAP after 5 wrong attempts, the two attribute values in ADAM get updated to 5:
    oblogintrycount
    badPwdCount
    Also I see that "oblockouttime" gets updated with an unix timestamp.
    Now, we have set the "Lockout Duration" in the password policy as 1 hour. So, after 1 hour, the user should be unlocked in ADAM.
    However, after 1 hour when the user tries to login, he/she gets the error that a wrong password has been entered for the userID.
    When we check in ADAM, we see that the value of "oblogintrycount" was indeed reset. However the value of "badPwdCount" did not get reset and is still stuck at 5.
    If we reset both these attribute values to 0, the user can login again.
    Now, is OAM expected to reset both these attribute values to 0, or does it only reset the oblix attributes?
    If it is the latter, is there a way around to resolve this issue? Or are we doing something wrong here?
    Please let us know your feedback.
    Thanks!
    Abhishek.

    OAM only works with the ob* attributes, and not with badPwdCount attribute of the AD (ADAM). I think for some reason the password and account policies of the AD is being triggerred. Disable the AD password policy and it will be Ok.
    Hope this helps. Let us know.

  • HT204053 The SIM card that you currently have installed in this iPhone is from a carrier that is not supported under the activation policy that is currently assigned by the activation server. This is not a hardware issue with the iPhone. Please insert ano

    sir have this error so what can i do The SIM card that you currently have installed in this iPhone is from a carrier that is not supported under the activation policy that is currently assigned by the activation server. This is not a hardware issue with the iPhone. Please insert another SIM card from a supported carrier or request that this iPhone be unlocked by your carrier. Please contact Apple for more information.

    It looks like the iPhone is locked to a carrier that is not the one you are trying to use.
    You need to determine which carrier it is locked to and then contact them to see if they are willing to authorise the unlocking of your iPhone.  As ManSinha mentioned, many carriers will only authorised the unlock if requested by the customer who had the contract with them for this iPhone.
    Remember that only the carrier who owns the lock on your Iphone can authorise Apple to unlock the iPhone in their servers.  You need to contact the carrier or have the previous owner of the iPhone request the unlocking.

  • HT1937 the SIM card that you currently have installed in this iPhone is form a carrier that is not supported under the activation policy that is currently assigned by the activation server.this is not a hardware issue with the iphon. please insert another

    the SIM card that you currently have installed in this iPhone is form a carrier that is not supported under the activation policy that is currently assigned by the activation server.this is not a hardware issue with the iphon. please insert another SIM card from supported carrier or request that this iPhone be unlocked by your carrier.

    Similar issue
    here is the description
    I have similar message but for me the Verizon guys said they unlocked it and when I actually connected to iTunes using Verizon sim card and then did the restore as new iphone then everything worked well and at the end i saw the message "Congrats, your iphone is now unlocked" and then I did the set up as new iphone for my kid.
    Once new apple ID was set up, then I removed the verizon SIM and then inserted prepaid t-mobile sim card and after the phone booted up then I got the same message like  above...."not supported"
    What do i do now? I think the phone is unlocked right?
    Also do I need to insert Verizon SIM card and do restore as NEW and this time do not set up the iphone but change the SIM card and then set up or ?
    I am confused and other threads were talking that if you get congrats message then u shd be good to use other SIM cards....please help!!!

  • HT1414 The Sim card that you currently have installed in this iphone is from a carrier that is not supprotedunder the activation policy that is currently assigned by the activation server. this is not a hardware issue with the iphone. please insert anothe

    The Sim card that you currently have installed in this iphone is from a carrier that is not supprotedunder the activation policy that is currently assigned by the activation server. this is not a hardware issue with the iphone. please insert another sim card from a supported carrier or request that this iphone be unlocked by your carrier.please contact apple for more information.

    I have similar message but for me the Verizon guys said they unlocked it and when I actually connected to iTunes using Verizon sim card and then did the restore as new iphone then everything worked well and at the end i saw the message "Congrats, your iphone is now unlocked" and then I did the set up as new iphone for my kid.
    Once new apple ID was set up, then I removed the verizon SIM and then inserted prepaid t-mobile sim card and after the phone booted up then I got the same message like  above...."not supported"
    What do i do now? I think the phone is unlocked right?
    Also do I need to insert Verizon SIM card and do restore as NEW and this time do not set up the iphone but change the SIM card and then set up or ?
    I am confused and other threads were talking that if you get congrats message then u shd be good to use other SIM cards....please help!!!

  • Issue with Policy set in AIA installation

    Hi All,
    when I access EM console, and navigate to WebLogic Domain and expand it
    Right click the domain name and select Web Services and then Policies
    by default i could see all the policies got selected .
    By at run time got the error response as
    "javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security"
    If I manually go and disable the below mentioned policies , then am able to invoke the service
    Service Endpoints
    oracle/aia_wss_saml_or_username_or_http_token_service_policy_OPT_ON
    oracle/aia_wss_saml_or_username_token_service_policy_OPT_ON
    Service Clients
    oracle/aia_wss10_saml_token_client_policy_OPT_ON.
    Can anyone Please clarify the issue .

    Issue with Output Device and assiged Device type. Output device need to pass CONVERT_OTF ot Smartform FM to correctly get characters set in German as well as East European Characters

  • Deployment Issues with Custom TS variables set for client

    Good Day folks!
    I have come across an interesting issue that I have not been able to find a quick fix as such I am looking for some ideas where to trouble shoot my issue moving forwards.
    So the Issue:
    I have a TS that deploys a Windows 8.1 SOE image, this is done first by using a PXE boot PE image for an “unknown” systems to load a Custom HTA. This HTA allows me manually add the system to SCCM and add it to a required deployments collection that has the
    8.1 SOE deployed to it.
    The HTA also sets a few custom variables for the system resource things like system location, Machine Domain etc. 
    Once the HTA has run the system then has a delay to allow for the resource to show up tin the 8.1 deployment collection and then closes.
    Now all this appears to work fine, the system is added to the collection, reboots and the deployment runs from start to finish without error.
     I can also check the system resource and the variables are present.
    The problem I have found is that the custom variables for this resource are not being used by the TS after reboot.. upon further investigation I found that these variables are not even being retrieved ( ran a VB script to save all the variables from the
    TS to a txt file to check this )  Because of this the TS is bypassing some needed TS Tasks.
    A few interesting things to note:
    System appears to be added again when AD discovery is run…. So it causes a Duplicate.
    Client Dose connect to SCCM server after deployment but is not receiving deployments ( is getting some policy )
    Worked with SCCM 2012 but not 2012 R2
    So it appears that when the system reboots from the HTA PE step it has identified itself as an unknown system again…. Even though it has been manually added…
     I am interested to know if first of all if others would agree with this and second how SCCM while running a TS matches itself up to a system to retrieve the custom set variables before client install etc... Or a good place to start looking
    to dig up more information!  Or anything else!
    Thanks
    Stuart.

    Have you taken a look at this hotfix?
    http://support.microsoft.com/kb/2907591
    We had to apply it in order for our variables to be seen.
    joeblow

  • An issue with authentication and authorization on ISE 1.2

    Hi, I'm new to ISE.
    I have an issue with authentication and authorization.
    I have ISE 1.2 plus patch 6 installed on VMware.
    I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
    On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
    I created  authentication and authorization rules with Active Directory  as External Identity Source. Also I applied  authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for  authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
    I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
    I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
    What  should I do to resolve this issue?
    Switch configuration:
     testISE#sh runn
    Building configuration...
    Current configuration : 7103 bytes
    ! Last configuration change at 12:20:15Tue Apr 15 2014
    ! NVRAM config last updated at 10:35:02  Tue Apr 15 2014
    version 15.0
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname testISE
    boot-start-marker
    boot-end-marker
    no logging console
    logging monitor informational
    enable secret 5 ************
    enable password ********
    username radius-test password 0 ********
    username admin privilege 15 secret 5 ******************
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    aaa authorization auth-proxy default group radius
    aaa accounting update periodic 5
    aaa accounting dot1x default start-stop group radius
    aaa server radius dynamic-author
     client 172.16.0.90 server-key ********
    aaa session-id common
    clock timezone 4 0
    system mtu routing 1500
    authentication mac-move permit
    ip dhcp snooping vlan 1,22
    ip dhcp snooping
    ip domain-name elauloks
    ip device tracking probe use-svi
    ip device tracking
    epm logging
    crypto pki trustpoint TP-self-signed-1888913408
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-1888913408
     revocation-check none
     rsakeypair TP-self-signed-1888913408
    crypto pki certificate chain TP-self-signed-1888913408
    dot1x system-auth-control
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    ip ssh version 2
    interface FastEthernet0/5
     switchport mode access
     ip access-group ACL-ALLOW in
     authentication event fail action next-method
     authentication event server dead action reinitialize vlan 1
     authentication event server alive action reinitialize
     authentication host-mode multi-auth
     authentication open
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     authentication violation restrict
     mab
     dot1x pae authenticator
     dot1x timeout tx-period 10
     spanning-tree portfast
    interface FastEthernet0/6
     switchport mode access
     ip access-group ACL-ALLOW in
     authentication event fail action next-method
     authentication event server dead action reinitialize vlan 1
     authentication event server alive action reinitialize
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     authentication violation restrict
     mab
     dot1x pae authenticator
     dot1x timeout tx-period 10
     spanning-tree portfast
    interface FastEthernet0/7
    interface Vlan1
     ip address 172.16.0.204 255.255.240.0
     no ip route-cache
    ip default-gateway 172.16.0.1
    ip http server
    ip http secure-server
    ip access-list extended ACL-ALLOW
     deny   icmp any host 172.16.0.1
     permit ip any any
    ip radius source-interface Vlan1
    logging origin-id ip
    logging source-interface Vlan1
    logging host 172.16.0.90 transport udp port 20514
    snmp-server community public RO
    snmp-server community ciscoro RO
    snmp-server trap-source Vlan1
    snmp-server source-interface informs Vlan1
    snmp-server enable traps snmp linkdown linkup
    snmp-server enable traps mac-notification change move
    snmp-server host 172.16.0.90 ciscoro
    radius-server attribute 6 on-for-login-auth
    radius-server attribute 6 support-multiple
    radius-server attribute 8 include-in-access-req
    radius-server attribute 25 access-request include
    radius-server dead-criteria time 5 tries 3
    radius-server vsa send accounting
    radius-server vsa send authentication
    radius server ISE-Alex
     address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
     automate-tester username radius-test idle-time 15
     key ******
    ntp server 172.16.0.1
    ntp server 172.16.0.5
    end

    Yes. Tried that (several times) didn't work.  5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts.  Kept getting error message that username and password invalid.  Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick.  Think there is an issue with imap.gmail.com and IOS 6.0.1.  I'm sure the 5 of us suddently experiencing this issue aren't the only ones.  Apple will figure it out.  Thanks.

  • Routing Issue with 3550 Switch

    I am having an issue with routing with one of my Cisco 3550 switches.  I know the 3550s are EoL but some of us have to work with what we have.
    I am using a 3550 on either side of a Layer 2 link.  The Layer 2 link is 2 Extreme Summit X-440 switches with Microwave between the switches.  I have a VLAN configured on both switches and tagged on the ports connected to the Microwave.  The 3550 switch on each end is configured for IP routing but I cannot pass traffic between the switches.  If I unplug the switch on the local end and plug in a laptop, I can ping the switch on the remote end and access devices at the remote end. 
    I know this should work because I am doing the same thing over another Microwave link and Layer 2 link using another 3550 and a HP ProCurve at the remote end.
    Here are the configs for each 3550:
    Local end;  Port Fa0/23 goes to the Remote Side.  Port Fa0/24 goes to the rest of the network
    Current configuration : 5417 bytes
    ! No configuration change since last restart
    version 12.2
    no service pad
    service timestamps debug datetime localtime show-timezone
    service timestamps log datetime localtime show-timezone
    no service password-encryption
    service sequence-numbers
    hostname Brindley3550
    enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
    no aaa new-model
    clock timezone UTC -6
    clock summer-time UTC recurring 1 Sun Apr 2:00 1 Sun Nov 2:00
    mls qos map cos-dscp 0 8 16 26 32 46 48 56
    mls qos min-reserve 5 170
    mls qos min-reserve 6 10
    mls qos min-reserve 7 65
    mls qos min-reserve 8 26
    mls qos
    ip subnet-zero
    ip routing
    ip domain-name morgan911.net
    ip name-server 1.2.150.11
    ip name-server 1.2.150.5
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    interface FastEthernet0/1
     switchport access vlan 18
     switchport mode dynamic desirable
     spanning-tree portfast
    {Removed for Brevity}
    |
    interface FastEthernet0/7
     switchport access vlan 13
     switchport mode dynamic desirable
     spanning-tree portfast
    interface FastEthernet0/8
     switchport access vlan 13
     switchport mode dynamic desirable
     spanning-tree portfast
    {Removed for Brevity}
    interface FastEthernet0/23
     description To Gum Springs via Extreme P10
     no switchport
     ip address 1.2.147.1 255.255.255.252
     speed 100
     duplex full
    interface FastEthernet0/24
     description To Flint via Ceragon Eth 2
     switchport trunk encapsulation dot1q
     switchport mode trunk
     speed 100
     duplex full
     mls qos trust cos
     auto qos voip trust
     wrr-queue bandwidth 20 1 80 1
     wrr-queue min-reserve 1 5
     wrr-queue min-reserve 2 6
     wrr-queue min-reserve 3 7
     wrr-queue min-reserve 4 8
     wrr-queue cos-map 1 0 1 2 4
     wrr-queue cos-map 3 3 6 7
     wrr-queue cos-map 4 5
     priority-queue out
     spanning-tree link-type point-to-point
    interface GigabitEthernet0/1
     switchport trunk encapsulation dot1q
     switchport mode trunk
    interface GigabitEthernet0/2
     switchport access vlan 10
     switchport trunk native vlan 50
     switchport mode dynamic desirable
     spanning-tree portfast trunk
    interface Vlan1
     ip address 1.2.145.2 255.255.255.0
    ip default-gateway 1.2.145.1
    ip classless
    ip route 0.0.0.0 0.0.0.0 1.2.145.1
    ip route 1.2.165.0 255.255.255.240 1.2.147.2
    ip route 1.2.166.0 255.255.255.240 1.2.147.2
    ip http server
    snmp-server community public RO
    snmp-server community public/RO RO
    snmp-server location Brindlee Mountain Tower Site
    snmp-server contact Jamey Wright
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps cluster
    snmp-server enable traps entity
    snmp-server enable traps envmon fan shutdown supply temperature
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps flash insertion removal
    snmp-server enable traps port-security
    snmp-server enable traps config
    snmp-server enable traps syslog
    snmp-server enable traps mac-notification
    snmp-server enable traps vlan-membership
    snmp-server host 1.2.150.100 public  tty envmon syslog snmp
    control-plane
    ntp clock-period 17180143
    ntp server 1.2.150.21
    end
    And this is the config for the remote end.  Port Fa0/24 is the port for the link back to the local end.
    Current configuration : 5058 bytes
    version 12.2
    no service pad
    service timestamps debug datetime localtime show-timezone
    service timestamps log datetime localtime show-timezone
    no service password-encryption
    service sequence-numbers
    hostname GS3550
    enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
    no aaa new-model
    clock timezone UTC -6
    clock summer-time UTC recurring
    mls qos map cos-dscp 0 8 16 24 32 46 46 56
    udld aggressive
    ip subnet-zero
    ip routing
    ip domain-name morgan911.net
    ip name-server 1.2.150.11
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    interface FastEthernet0/1
     switchport access vlan 21
     switchport mode dynamic desirable
     spanning-tree portfast
    interface FastEthernet0/2
     switchport access vlan 21
     switchport mode dynamic desirable
     power inline delay shutdown 20 initial 300
     spanning-tree portfast
    {Removed for Brevity}
    interface FastEthernet0/23
     switchport access vlan 22
     switchport trunk encapsulation dot1q
     switchport mode trunk
     speed 100
     duplex full
     spanning-tree portfast
    interface FastEthernet0/24
     description To Brindlee via Extreme P10
     switchport mode dynamic desirable
    (Is a member of VLAN 1)
     speed 100
     spanning-tree portfast
    interface GigabitEthernet0/1
     switchport trunk encapsulation dot1q
     switchport mode trunk
    interface GigabitEthernet0/2
     switchport mode dynamic desirable
     spanning-tree portfast
    interface Vlan1
     ip address 1.2.147.2 255.255.255.252
    interface Vlan21
     ip address 1.2.165.1 255.255.255.240
     ip helper-address 1.2.150.11
     ip helper-address 1.2.150.5
    interface Vlan22
     ip address 1.2.166.1 255.255.255.240
     ip helper-address 1.2.150.5
     ip helper-address 1.2.150.11
    ip default-gateway 1.2.147.1
    ip classless
    ip route 0.0.0.0 0.0.0.0 1.2.147.1 10
    ip http server
    snmp-server community public RO
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps cluster
    snmp-server enable traps entity
    snmp-server enable traps envmon fan shutdown supply temperature
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps flash insertion removal
    snmp-server enable traps port-security
    snmp-server enable traps config
    snmp-server enable traps hsrp
    snmp-server enable traps bridge newroot topologychange
    snmp-server enable traps syslog
    snmp-server enable traps mac-notification
    snmp-server enable traps vlan-membership
    snmp-server host 1.2.150.100 public  envmon syslog snmp
    control-plane
    ntp clock-period 17180192
    ntp server 1.2.150.21 key 0 prefer
    Ideas?  Anything stand out as grossly wrong?  I have worked on this for 2 days and am at a loss.
    Thanks
    Jamey

    Sorry for the delay in replying.  Other items at the office took priority over this project.  I tried that and no change.  I pulled the switch from the remote site and took it back to the local end and connected the switches with a crossover cable and everything works fine.  I have pretty much determined that it is an issue with the config in one of the Extreme switches.  The config in those look pretty normal but there are a few things I am unsure of.  Guess I'll see if there is a similar site for Extreme gear.
    Thanks
    Jamey

  • Issue with LPCOR on CME 10.5

    Dear All,
    I am facing issues with LPCOR configuration on CME 10.5. For International calls the Authentication Prompts triggers some times and some times doen not.
    Also when a local call is dialed the Authentication Prompt is triggered some times.Below is the config and debug logs. Need your help to resolve this.
    voice lpcor enable
    voice lpcor custom
     group 10 endusers
     group 11 pstn
    voice lpcor policy endusers
     service fac
     accept endusers fac
     accept pstn fac
    voice lpcor policy pstn
     service fac
     accept endusers fac
     accept pstn fac
    application
     package auth
      param passwd-prompt flash:enter_pin.au
      param max-retries 0
      param abort-digit *
      param term-digit #
      param user-prompt flash:enter_account.au
      param passwd 12345
      param max-digits 32
    interface GigabitEthernet0/1.1
     encapsulation dot1Q 1 native
     ip address 10.25.76.1 255.255.255.0
    interface GigabitEthernet0/1.201
     encapsulation dot1Q 201
     ip address 10.25.77.1 255.255.255.0
    voice-port 0/0/0
     lpcor outgoing pstn
     trunk-group ALL_FXO 1
     supervisory disconnect dualtone mid-call
     supervisory custom-cptone 2n-gsm
     no battery-reversal
     input gain -6
     output attenuation -3
     cptone SA
     timeouts call-disconnect 1
     timeouts wait-release 1
     timing sup-disconnect 50
     connection plar 5040
     caller-id enable
     cable-detect
    dial-peer cor custom
     name local
     name longdistance
     name 911
     name Internal
     name fac-int
     name user-fac
    dial-peer cor list local
     member local
    dial-peer cor list call-local
     member local
    dial-peer cor list call-longdistance
     member longdistance
    dial-peer cor list user1
     member local
     member 911
    dial-peer cor list user2
     member local
     member longdistance
     member 911
     member user-fac
    dial-peer cor list user3
     member 911
    dial-peer cor list call-911
     member 911
    dial-peer cor list call-internal
     member Internal
    dial-peer cor list fac-int
     member local
     member 911
     member fac-int
    dial-peer cor list user-fac
     member user-fac
    dial-peer voice 96 pots
     trunkgroup ALL_FXO
     corlist outgoing call-911
     destination-pattern 9[2-6]......
     forward-digits 7
    dial-peer voice 901 pots
     trunkgroup ALL_FXO
     corlist outgoing call-911
     destination-pattern 901[2-4,6-8].......
     forward-digits 10
    dial-peer voice 800 pots
     trunkgroup ALL_FXO
     destination-pattern 9800T
     prefix 800
    dial-peer voice 900 pots
     destination-pattern 9T
     port 0/0/3
     prefix 9
    dial-peer voice 11 pots
     destination-pattern 901........
     port 0/0/3
     forward-digits 10
    dial-peer voice 9051 pots
     trunkgroup ALL_FXO
     corlist outgoing call-local
     destination-pattern 905........
     forward-digits 10
    dial-peer voice 19 pots
     trunkgroup ALL_FXO
     corlist outgoing fac-int
     destination-pattern 900T
     translate-outgoing called 1
     forward-digits all
    dial-peer voice 20 voip
     description International calling
     service clid_authen_collect
     destination-pattern 900T
     lpcor outgoing pstn
     session target ipv4:10.25.76.1
     incoming called-number 9T
     dtmf-relay h245-alphanumeric
     codec g711ulaw
     no vad
    ephone-dn  1
     number 4121
     name John
     corlist incoming fac-int
    ephone  1
     lpcor type local
     lpcor incoming endusers
     mac-address E0D1.730A.21DE
     ephone-template 2
     type 7942
     button  1:1
    voice register dn  33
     number 4163
     call-forward b2bua busy 5000 
     call-forward b2bua noan 5000 timeout 20
     call-forward b2bua unregistered 5000 
     allow watch
     name Joseph
     mwi
    voice register pool  33
     busy-trigger-per-button 4
     id mac BC67.1C31.C8AA
     type 7821
     number 1 dn 33
     cor incoming fac-int 1 4163
     dtmf-relay rtp-nte
     codec g711ulaw
     transfer max-length 4
    Debug Logs
    DAMAC-CME-ANOUD#DEBUg VOIce lpcor all
    voip lpcor all debugging is on
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#term
    DAMAC-CME-ANOUD#terminal i
    DAMAC-CME-ANOUD#terminal i
    Apr 12 16:22:39.825: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId F692C420E06611E4BB0CE7FDC5486EA5, SetupTime 16:22:35.615 UTC Sun Apr 12 2015, PeerAddress 4130, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 16:22:39.825 UTC Sun Apr 12 2015, DisconnectTime 16:22:39.825 UTC Sun Apr 12 2015, CallOrigin 2, ChargedUnits 0, InfoType 2, TransmitPackets 0, TransmitBytes 0, ReceivePackets 0, ReceiveBytes 0
    Apr 12 16:22:39.825: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:04/12/2015 16:22:35.609,cgn:4130,cdn:,frs:0,fid:2599,fcid:F692C420E06611E4BB0CE7FDC5486EA5,legID:284C,bguid:F692C420E06611E4BB0CE7FDC5486EA5mon
    DAMAC-CME-ANOUD#terminal imon
                              ^
    % Invalid input detected at '^' marker.
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    Apr 12 16:22:44.089: //-1/xxxxxxxxxxxx/LPCOR/lpcor_get_index_by_name:
       lpcor endusers
    Apr 12 16:22:44.089: //-1/xxxxxxxxxxxx/LPCOR/lpcor_get_index_by_name:
       lpcor endusers index 10
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#show debug
    VOIP LPCOR:
      debug voip lpcor error call is ON (filter is OFF)
      debug voip lpcor error call informational is ON (filter is OFF)
      debug voip lpcor error software is ON
      debug voip lpcor error software informational is ON
      debug voip lpcor detail is ON (filter is OFF)
      debug voip lpcor function is ON (filter is OFF)
      debug voip lpcor inout is ON (filter is OFF)
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    Apr 12 16:23:22.889: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId FBA1532AE06611E4BB10E7FDC5486EA5, SetupTime 16:22:44.089 UTC Sun Apr 12 2015, PeerAddress 4130, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 16:23:02.009 UTC Sun Apr 12 2015, DisconnectTime 16:23:22.889 UTC Sun Apr 12 2015, CallOrigin 2, ChargedUnits 0, InfoType 2, TransmitPackets 0, TransmitBytes 0, ReceivePackets 1038, ReceiveBytes 166080
    Apr 12 16:23:22.889: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:04/12/2015 16:22:44.093,cgn:4130,cdn:,frs:0,fid:2600,fcid:FBA1532AE06611E4BB10E7FDC5486EA5,legID:284D,bguid:FBA1532AE06611E4BB10E7FDC5486EA5
    Apr 12 16:23:22.905: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId FBA1532AE06611E4BB10E7FDC5486EA5, SetupTime 16:22:57.795 UTC Sun Apr 12 2015, PeerAddress 0097150107659, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 16:23:02.015 UTC Sun Apr 12 2015, DisconnectTime 16:23:22.905 UTC Sun Apr 12 2015, CallOrigin 1, ChargedUnits 0, InfoType 2, TransmitPackets 1038, TransmitBytes 174384, ReceivePackets 1043, ReceiveBytes 166880
    Apr 12 16:23:22.905: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:04/12/2015 16:22:57.785,cgn:4130,cdn:0097150107659,frs:0,fid:2601,fcid:FBA1532AE06611E4BB10E7FDC5486EA5,legID:284E,bguid:FBA1532AE06611E4BB10E7FDC5486EA5
    Apr 12 16:23:25.317: //-1/xxxxxxxxxxxx/LPCOR/lpcor_get_index_by_name:
       lpcor endusers
    Apr 12 16:23:25.317: //-1/xxxxxxxxxxxx/LPCOR/lpcor_get_index_by_name:
       lpcor endusers index 10
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#un all
    All possible debugging has been turned off
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#
    DAMAC-CME-ANOUD#!ok just send me these logs
    DAMAC-CME-ANOUD#!i have to move from here
    Apr 12 16:24:02.153: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId 14343755E06711E4BB16E7FDC5486EA5, SetupTime 16:23:25.323 UTC Sun Apr 12 2015, PeerAddress 4130, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 16:23:43.393 UTC Sun Apr 12 2015, DisconnectTime 16:24:02.153 UTC Sun Apr 12 2015, CallOrigin 2, ChargedUnits 0, InfoType 2, TransmitPackets 0, TransmitBytes 0, ReceivePackets 930, ReceiveBytes 148800
    Apr 12 16:24:02.153: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:Tnow
    DAMAC-CME-ANOUD#\WC,ft:04/12/2015 16:23:25.321,cgn:4130,cdn:,frs:0,fid:2602,fcid:14343755E06711E4BB16E7FDC5486EA5,legID:2850,bguid:14343755E06711E4BB16E7FDC5486EA5
    Apr 12 16:24:02.169: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId 14343755E06711E4BB16E7FDC5486EA5, SetupTime 16:23:39.169 UTC Sun Apr 12 2015, PeerAddress 0097150107659, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 16:23:43.389 UTC Sun Apr 12 2015, DisconnectTime 16:24:02.169 UTC Sun Apr 12 2015, CallOrigin 1, ChargedUnits 0, InfoType 2, TransmitPackets 930, TransmitBytes 156240, ReceivePackets 937, ReceiveBytes 149920
    Apr 12 16:24:02.169: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:04/12/2015 16:23:39.169,cgn:4130,cdn:0097150107659,frs:0,fid:2603,fcid:14343755E06711E4BB16E7FDC5486EA5,legID:2851,bguid:14343755E06711E4BB16E7FDC5486EA5

    We have come across this issue today in 10.9.5 (so affects 10.9.4 as well) but it was occurring in Sydney as well with a client and for me in Melbourne.

  • SSL VPN (WebVPN) issues with IOS 15.0(1)M1

    Hello everyone... I need your help!
    I am having some weird issues with webvpn/anyconnect, please find the relevant information below;
    Symptoms:
    - AnyConnect Client prompts users with the following error:
    "The secure gateway has rejected the agent's VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists."
    Debug:
    Mar  5 13:09:45:
    Mar  5 13:09:45: WV-TUNL: Tunnel CSTP Version recv  use 1
    Mar  5 13:09:45: WV-TUNL: Allocating tunl_info
    Mar  5 13:09:45: WV-TUNL: Allocating stc_config
    Mar  5 13:09:45: Inserting static route: 172.25.130.126 255.255.255.255 SSLVPN-VIF36 to routing table
    Mar  5 13:09:45: WV-TUNL: Use frame IP addr (172.25.130.126) netmask (255.255.255.255)
    Mar  5 13:09:45: WV-TUNL: Tunnel entry create failed:IP= 172.25.130.126 vrf=77 session=0x67234340
    Mar  5 13:09:45: HTTP/1.1 401 Unauthorized
    Mar  5 13:09:45:
    Mar  5 13:09:45:
    Mar  5 13:09:45:
    Mar  5 13:09:45: Deleting static route: 172.25.130.126 255.255.255.255 SSLVPN-VIF36 from routing table
    Mar  5 13:09:45: WV-TUNL: Failed to install (addr 172.25.130.126, table_id 77) to TCP
    Mar  5 13:09:45: WV-TUNL*: Received server IP packet 0x6692EB08:
    Mar  5 13:09:45: WV-TUNL: CSTP Message frame received from user usr-test (172.25.130.126)
    WV-TUNL:      Severity ERROR Type USER_LOGOUT
    WV-TUNL:      Text: HTTP response contained an HTTP error code.
    Mar  5 13:09:45: WV-TUNL: Call user logout function
    Mar  5 13:09:45: WV-TUNL: Clean-up tunnel session (usr-test)
    When the error occurs, the "SVCIP install TCP failed" counter increments:
    VPN-Router1#  show webvpn stats detail context CUSTOMER-VPN
    [snip]
    Tunnel Statistics:
        Active connections       : 1       
        Peak connections         : 3          Peak time                : 19:09:04
        Connect succeed          : 9          Connect failed           : 5       
        Reconnect succeed        : 0          Reconnect failed         : 0       
        SVCIP install IOS succeed: 14         SVCIP install IOS failed : 0       
        SVCIP clear IOS succeed  : 18         SVCIP clear IOS failed   : 0       
        SVCIP install TCP succeed: 9          SVCIP install TCP failed : 5       
        DPD timeout              : 0        
    [snip]
    IOS Version Details:
    Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
    System image file is "disk2:c7200-advipservicesk9-mz.150-1.M1.bin"
    The router also runs IPSEC remote access VPN in addition to the webvpn/anyconnect scheme.
    Config:
    webvpn context CUSTOMER-VPN
    title "SSL VPN for Customer"
    ssl authenticate verify all
    login-message "Enter username and passcode"
    policy group CUSTOMER-VPN
       functions svc-required
       svc keep-client-installed
       svc split include 10.1.16.0 255.255.240.0
       svc split include 10.1.2.0 255.255.254.0
    vrf-name CUSTOMER-VPN
    default-group-policy CUSTOMER-VPN
    aaa authentication list AAA-LIST
    aaa authentication auto
    aaa accounting list AAA-LIST
    gateway vpn virtual-host customer.xx.com
    logging enable
    inservice
    The error happens sporadically, at least once a week, and on different contexts. Does anyone have any clue on what can cause this issue? Any help is appreciated!

    Have you seen my post https://supportforums.cisco.com/message/2016069#2016069 ?
    At that point in time we were running with local pool definition.
    As the http 401 rc happens very sporadically we still gathering incident reports internally.
    Will open a case if you did not yet.
    cheers, Andy

Maybe you are looking for

  • IPod Nano would not connect to Windows or Format. *SOLVED*

    Ok, first post and I am just posting to thank those who have posted some different things to try, thanks to you guys, I have a working iPod Nano. Here is what I tried... The Problem iTunes would not see my nano and could not format the nano during in

  • Nokia Lumia 1520 and Narrator

    Hi all, I have not got this phone as of yet, but I just want to check a few things first. I read that the Narrator component (that speaks the text on the screen makes it possible for visually impaired people to use the phone) is only available in US.

  • Reader X plugin integration with Windows Explorer 8 and Protected Mode

    Hello I am viewing pdfs with Reader 10.1.3 within ie8 on XP I have a Reader plug-in (WordFinder.api) that works ok with Protected Mode disabled. Unfortunately I have customers that require Protected Mode enabled and this stops the plugin working. Wit

  • Page scaling at different resolutions

    Hi everyone. I made a web page using Adobe Flash and Dreamweaver, but I have a problem, the web page fits perfect on my monitor (of course) but if the web browser is not maximized or the screen resolution is less than mine it looks ugly.How can i mak

  • Running my first ASP page

    HI I have my Web server (Sun One Web server 6.1) running and my First ASP Page ready, where do i store my .asp pages and how do i run the first ASP Page?