PPTP authentication issues

I tried to set up pptp on a MacMini to connect to a linux server at my
house running pptp. This same VPN configuration works fine on my G4
Powerbook. Every once in a long while the connection succeeds.
Here's the log of the connection when it succeeds:
Sat Feb 10 23:27:18 2007 : PPTP connecting to server 'xx.xx.xx.xx' (xx.xx.xx.xx)...
Sat Feb 10 23:27:19 2007 : PPTP connection established.
Sat Feb 10 23:27:19 2007 : using link 0
Sat Feb 10 23:27:19 2007 : Using interface ppp0
Sat Feb 10 23:27:19 2007 : Connect: ppp0 <--> socket[34:17]
Sat Feb 10 23:27:19 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x11aba650> <pcomp> <accomp>]
Sat Feb 10 23:27:19 2007 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x9adfafe1> <pcomp> <accomp>]
Sat Feb 10 23:27:19 2007 : lcp_reqci: returning CONFACK.
Sat Feb 10 23:27:19 2007 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x9adfafe1> <pcomp> <accomp>]
Sat Feb 10 23:27:19 2007 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x11aba650> <pcomp> <accomp>]
Sat Feb 10 23:27:19 2007 : sent [LCP EchoReq id=0x0 magic=0x11aba650]
Sat Feb 10 23:27:19 2007 : rcvd [CHAP Challenge id=0x73 <c88137881cb59bac516854f3154ccff5>, name = "pptpd"]
Sat Feb 10 23:27:19 2007 : sent [CHAP Response id=0x73 <4aa5ab85913ba888fd22ae16ee7c472b0000000000000000c82ccf4438df2016fd51c5a3b7e639 d2e988a463654db37300>, name = "bob"]
Sat Feb 10 23:27:19 2007 : rcvd [LCP EchoRep id=0x0 magic=0x9adfafe1]
Sat Feb 10 23:27:19 2007 : rcvd [CHAP Success id=0x73 "S=1350C89A5384FBC3F10E4818E0E78966CE7D17F0 M=Access granted"]
Sat Feb 10 23:27:19 2007 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Sat Feb 10 23:27:19 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Sat Feb 10 23:27:19 2007 : sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Sat Feb 10 23:27:19 2007 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Sat Feb 10 23:27:19 2007 : MPPE 128-bit stateless compression enabled
[etc...]
Here's the log when it fails:
Sat Feb 10 23:30:47 2007 : PPTP connecting to server 'xx.xx.xx.xx' (xx.xx.xx.xx)...
Sat Feb 10 23:30:47 2007 : PPTP connection established.
Sat Feb 10 23:30:47 2007 : using link 0
Sat Feb 10 23:30:47 2007 : Using interface ppp0
Sat Feb 10 23:30:47 2007 : Connect: ppp0 <--> socket[34:17]
Sat Feb 10 23:30:47 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x56feadec> <pcomp> <accomp>]
Sat Feb 10 23:30:47 2007 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x56feadec> <pcomp> <accomp>]
Sat Feb 10 23:30:50 2007 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4fbbd715> <pcomp> <accomp>]
Sat Feb 10 23:30:50 2007 : lcp_reqci: returning CONFACK.
Sat Feb 10 23:30:50 2007 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4fbbd715> <pcomp> <accomp>]
Sat Feb 10 23:30:50 2007 : sent [LCP EchoReq id=0x0 magic=0x56feadec]
Sat Feb 10 23:30:53 2007 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4fbbd715> <pcomp> <accomp>]
Sat Feb 10 23:30:53 2007 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4fbbd715> <pcomp> <accomp>]
Sat Feb 10 23:30:53 2007 : rcvd [CHAP Challenge id=0x7c <d3dbd510fdbb9fdc48d5c6ec2ae9b726>, name = "pptpd"]
Sat Feb 10 23:30:53 2007 : sent [CHAP Response id=0x7c <b3ddb8c252822b088253279b29a0265d000000000000000020e5b6e4417533d980b85418c48519 38f13c3691a9e7419600>, name = "bob"]
Sat Feb 10 23:30:53 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Sat Feb 10 23:30:56 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Sat Feb 10 23:30:59 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
[after this there's a bunch of LCP echo requests and things eventually times out...]
In the first exchange, the CHAP challenge is received, the response is
sent, and "success" is received. In the failing exchange, the CHAP
challenge is received, the response is sent, but the "success" packet
is not received.
So I thought this might just be a dropped packet issue (which doesn't make
sense, because the control layer for PPTP runs on TCP, right?). Anyway, I
dumped a packet trace, like so:
% sudo tcpdump proto GRE
23:54:11.605636 IP ppp-xx-xx-xx-xx.dsl.snfc21.pacbell.net > 192.168.0.10: GREv1, call 970, seq 4, ack 6, length 44: CHAP, Challenge (0x01), id 55, Value 52723489cdb36003e56b2584c9a68ae2, Name pptpd
23:54:11.606476 IP 192.168.0.10 > ppp-xx-xx-xx-xx.dsl.snfc21.pacbell.net: GREv1, call 384, seq 7, ack 4, length 81: CHAP, Response (0x02), id 55, Value a5711c08010bf9a69c9b61b3f253d889000000000000000096c4db533c3b2f58417b4323909829[ |chap]
23:54:11.663239 IP ppp-xx-xx-xx-xx.dsl.snfc21.pacbell.net > 192.168.0.10: GREv1, call 970, seq 6, length 24: unknown ctrl-proto (0x80fd), Conf-Request (0x01), id 1, length 12
23:54:11.663828 IP ppp-xx-xx-xx-xx.dsl.snfc21.pacbell.net > 192.168.0.10: GREv1, call 970, seq 5, ack 7, length 81: CHAP, Success (0x03), id 55, Msg S=F214BEAB9C39E00A3B7A5E5BE6BD0C8B277DF2[|chap]
So this means that the client machine is receiving the "Success" packet.
But somehow it's not being handled by /usr/sbin/pppd??
Note that the negotiation succeeds maybe once in ~20 tries or so.
Unfortunately, I have no solution to this issue. Some people suggest using
L2TP instead of PPTP, but I only have PPTP working on the server side.
I'd file a bug for this, but I can't seem to find anywhere to do that. Did
that change at some point? (I could have sworn I filed a bug once upon
a time.)
Thanks!
-Eric
Palo Alto, CA
Mac Mini   Mac OS X (10.4.8)  

Hi Eric,
It's been a long time since I've dealt with ppp type issues, and
I remember how difficult they can be to solve. Sometimes it's
just a matter of the order the packets are received. Good luck.
I did notice one thing, on the trace that was failing, there are
two conf req packets sent from the linux point. Your mini claims
to have answered them both, but I wonder if that's the problem.
Since the CHAP response was sent, I would guess that pptp was
waiting for something else. Although I have no idea what that
would be, the only thing I could think of was that it was waiting
to send out another conf req in response to the one it got.
Weird. Definitely sounds like a pptp bug to me. Good luck
finding out where to report this one.
-Phil
Powerbook G4, iMac (Intel), and tons of hardware sitting in the closet   Mac OS X (10.4.8)  

Similar Messages

  • Authentication issue getting "UMELoginException"

    Dear Guys,
    I am facing an authentication issue. The situation is like this,
    My NT password was about to expire (had 6 more days for expiry). I was able to login till yesterday and all of the sudden today, when I was trying to login, I was not able to (it gave me password change message). So I went back and changed my NT password and tried to login again into the portal, however I am still not able to. I am pasting the stack trace,
    #1.5#001143FDCEA7006700000008000018C40004196E4AD849E8#1153861399615#com.sap.security.core.imp#sap.com/irj#com.sap.security.core.imp.[cf=com.sap.security.core.sapmimp.logon.SAPMLogonLogic][md=doLogon][cl=20282]#Guest#192####fff21cf01c2011dba425001143fdcea7#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Java###doLogon failed
    [EXCEPTION]
    #1#com.sap.security.core.logon.imp.UMELoginException
         at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:318)
         at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:344)
         at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
         at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
         at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:312)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:368)
         at com.sap.portal.navigation.Gateway.service(Gateway.java:101)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
    Please help.
    Regards,
    Deepak

    Hi Deepak,
    it is most times that it needs to replicate through your system(s).
    Regards,
    Kai
    PS: Please reward points if that was helpful.

  • Authentication Issue, When Profile ReCreate

    Hi,
    i face authentication issue in SQL Server 2012 Evalution after i login in new account.
    Take a look situation and what i did.
    1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
    2). Every Thing i Did i by using AD User name "SP_Farm"
    3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
    Note: during the whole process i only use SP_Farm (AD Admin User)
    Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
    after that i cant access Management Studio. :(
    Please Guide if is there any other way.
    Thanks you 
    Shariq Ayaz
    [email protected]
    www.shariqdon.com
    www.shariqdon.com/itworld
    www.shariqdon.com

    Hi,
    i face authentication issue in SQL Server 2012 Evalution after i login in new account.
    Take a look situation and what i did.
    1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
    2). Every Thing i Did i by using AD User name "SP_Farm"
    3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
    Note: during the whole process i only use SP_Farm (AD Admin User)
    Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
    Creating a user with the same name is
    not the same user :-)
    A user has a unique ID and you did not create the same ID, but a new user with same name.
    after that i cant access Management Studio. :(
    Please Guide if is there any other way.
    Thanks you 
    Shariq Ayaz
    [email protected]
    www.shariqdon.com
    www.shariqdon.com/itworld
    www.shariqdon.com
    You can try to use This solution:
    http://blogs.msdn.com/b/raulga/archive/2007/07/12/disaster-recovery-what-to-do-when-the-sa-account-password-is-lost-in-sql-server-2005.aspx
    * After the SQL Server Instance starts in single-user mode, the Windows Administrator account is able to connect to SQL Server using the sqlcmd utility using Windows authentication.
    [Personal Site] [Blog] [Facebook]

  • Essbase 6.5 External Authentication Issue!! Urgent Please!!

    Hi all,
    I am great trouble over an external authentication issue in Essbase 6.5. I request you all to please give me your feedback on the same as soon as possible.
    I am in a situation where I need to get my Essbase 6.5 external Authentication converted from LDAP to Active Directory services.
    I suppose there has been necessary changes done to the .cfg file for the same. However, I think I am getting an error
    "User [vikc]'c external authentication protocol [MSEX]'s password check module is not loaded".
    Please let me know if you have come across such an issue earlier and can anybody to able to help me with the same.
    Its kinda Urgent. so any replies for the same will be appreciated.
    Thanks and Regards,
    Vikram

    Vikram,
    Yes you will have to reconfigure the CSS.xml and cfg file for external auth.
    Here is the Sample CSS
    <spi>
              <provider>
                   <msad name="full360">
                        <trusted>false</trusted>
                        <url>ldap://192.168.1.100:389/DC=full360,DC=com</url>
                        <userDN>CN=Ravinder Singh,DC=full360,DC=com</userDN>
                        <password>full@360</password>
                        <authType>simple</authType>
                        <identityAttribute>dn</identityAttribute>
                        <maxSize>1000</maxSize>
                        <user>
                             <loginAttribute>sAMAccountName</loginAttribute>
                             <nameAttribute>dn</nameAttribute>
                        </user>
                        <group>
                             <nameAttribute>cn</nameAttribute>
                             <objectclass>
                                  <entry>group?member</entry>
                             </objectclass>
                        </group>
                   </msad>
    Download this toll "http://www.ldapbrowser.com/download.htm"
    LDAP browser to get the perfact DN information.
    Let me know the status
    Ravikant

  • ACS 5.2 Authentication Issue with Local & Global ADs

    Hi I am facing authentication issue with ACS 5.2. Below is AAA flow (EAP-TLS),
    - Wireless Users >> Cisco WLC >> ADs <-- everything OK
    - Wireless Users >> Cisco WLC >> ACS 5.2 >> ADs <-- problem
    Last time I tested with ACS, it worked but didn't do migration as there'll be changes from ADs.
    Now my customer wants ACS migration by creating new Group in AD, I also update ACS config.
    For the user from the old group, authentication is ok.
    For the user from the new group, authentication fails. With subject not found error, showing the user is from the old group.
    Seems like ACS is querying from old records (own cache or database). Already restared the ACS but still the same error.
    Can anyone advice to troubleshoot the issue?
    Note: My customer can only access their local ADs (trusted by Global ADs). Local ADs & ACS are in the same network, ACS should go to local AD first.
    How can we check or make sure it?
    Thanks ahead,
    Ye

    Hello,
    There is an enhacement request open already:
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte92062
    ACS should be able to query only desired DCs
    Symptom:
    Currently on 5.0 and 5.1, the ACS queries the  DNS with the domain, in order to get a list of all the DCs in the domain  and then tries to communicate with all of them.If the connection to even one DC fails, then the ACS connection to the domain is declared as failed.A lot of customers are asking for a change on this behavior.
    It  should be possible to define which DCs to contact and/or make ACS to  interpret  DNS Resource Records Registered by the Active Directory  Domain Controller to facilitate the location of domain controllers.  Active Directory uses service locator, or SRV, records. An SRV record is  a new type of DNS record described in RFC 2782, and is used to identify  services located on a Transmission Control Protocol/Internet Protocol  (TCP/IP) network.
    Conditions:
    Domain with multiple DCs were some are not accessible from the ACS due to security/geographic constraints.
    Workaround:
    Make sure ALL DCs are UP and reachable from the ACS.
    At the moment, we cannot determine which Domain Controller on the AD the ACS will contact. The enhacement request will include a feature on which we can specify the appropriate the Domain Controllers the ACS should contact on a AD Domain.
    Hope this clarifies it.
    Regards.

  • Wireless Client Authentication issues when roaming Access Points (Local)

    I have a Cisco 5508 with Software version 7.4.121.0 and Field Recovery 7.6.101.1.
    There are a handful of clients that when roaming between AP's with the same SSID that get an authentication issue and have to restart the wireless to get back on.
    From Cisco ISE
    Event
    5400 Authentication failed
    Failure Reason
    11514 Unexpectedly received empty TLS message; treating as a rejection by the client
    Resolution
    Ensure that the client's supplicant does not have any known compatibility issues and that it is properly configured. Also ensure that the ISE server certificate is trusted by the client, by configuring the supplicant with the CA certificate that signed the ISE server certificate. It is strongly recommended to not disable the server certificate validation on the client!
    Root cause
    While trying to negotiate a TLS handshake with the client, ISE expected to receive a non-empty TLS message or TLS alert message, but instead received an empty TLS message. This could be due to an inconformity in the implementation of the protocol between ISE and the supplicant. For example, it is a known issue that the XP supplicant sends an empty TLS message instead of a non-empty TLS alert message. It might also involve the supplicant not trusting the ISE server certificate for some reason. ISE treated the unexpected message as a sign that the client rejected the tunnel establishment.
    I am having a hard time figuring out what is causing this. My assumption is if there were a problem with the Controller or AP configurations then it would happen to everyone. My further assumption is if the client had a problem with their laptop (windows 7) then why does work at other times? So I have checked and the ISE certificate is trusted by client.
    Is something happening that the previous access point is holding on to the mac and the return authentication traffic is going to the old AP instead of the new one or something like that which is corrupting the data?
    I also had this from Splunk for the same client:
    Mar 5 13:44:51 usstlz-piseps01 CISE_Failed_Attempts 0014809622 1 0 2015-03-05 13:44:51.952 +00:00 0865003824 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario
     FailureReason="12929 NAS sends RADIUS accounting update messages too frequently"
    Any help on this would be appreciated. These error messages give me an idea but doesn't give me the exact answer to why the problem occurred and what needs to be done to fix it.
    Thanks

    Further detail From ISE for the failure:
    11001
    Received RADIUS Access-Request
    11017
    RADIUS created a new session
    15049
    Evaluating Policy Group
    15008
    Evaluating Service Selection Policy
    15048
    Queried PIP
    15048
    Queried PIP
    15004
    Matched rule
    15048
    Queried PIP
    15048
    Queried PIP
    15004
    Matched rule
    11507
    Extracted EAP-Response/Identity
    12500
    Prepared EAP-Request proposing EAP-TLS with challenge
    11006
    Returned RADIUS Access-Challenge
    11001
    Received RADIUS Access-Request
    11018
    RADIUS is re-using an existing session
    12301
    Extracted EAP-Response/NAK requesting to use PEAP instead
    12300
    Prepared EAP-Request proposing PEAP with challenge
    11006
    Returned RADIUS Access-Challenge
    11001
    Received RADIUS Access-Request
    11018
    RADIUS is re-using an existing session
    12302
    Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
    12318
    Successfully negotiated PEAP version 0
    12800
    Extracted first TLS record; TLS handshake started
    12805
    Extracted TLS ClientHello message
    12806
    Prepared TLS ServerHello message
    12807
    Prepared TLS Certificate message
    12810
    Prepared TLS ServerDone message
    12305
    Prepared EAP-Request with another PEAP challenge
    11006
    Returned RADIUS Access-Challenge
    11001
    Received RADIUS Access-Request
    11018
    RADIUS is re-using an existing session
    12304
    Extracted EAP-Response containing PEAP challenge-response
    12305
    Prepared EAP-Request with another PEAP challenge
    11006
    Returned RADIUS Access-Challenge
    11001
    Received RADIUS Access-Request
    11018
    RADIUS is re-using an existing session
    12304
    Extracted EAP-Response containing PEAP challenge-response
    12305
    Prepared EAP-Request with another PEAP challenge
    11006
    Returned RADIUS Access-Challenge
    11001
    Received RADIUS Access-Request
    11018
    RADIUS is re-using an existing session
    12304
    Extracted EAP-Response containing PEAP challenge-response
    12305
    Prepared EAP-Request with another PEAP challenge
    11006
    Returned RADIUS Access-Challenge
    11001
    Received RADIUS Access-Request
    11018
    RADIUS is re-using an existing session
    12304
    Extracted EAP-Response containing PEAP challenge-response
    12305
    Prepared EAP-Request with another PEAP challenge
    11006
    Returned RADIUS Access-Challenge
    11001
    Received RADIUS Access-Request
    11018
    RADIUS is re-using an existing session
    12304
    Extracted EAP-Response containing PEAP challenge-response
    12305
    Prepared EAP-Request with another PEAP challenge
    11006
    Returned RADIUS Access-Challenge
    11001
    Received RADIUS Access-Request
    11018
    RADIUS is re-using an existing session
    12304
    Extracted EAP-Response containing PEAP challenge-response
    12305
    Prepared EAP-Request with another PEAP challenge
    11006
    Returned RADIUS Access-Challenge
    11001
    Received RADIUS Access-Request
    11018
    RADIUS is re-using an existing session
    12304
    Extracted EAP-Response containing PEAP challenge-response
    11514
    Unexpectedly received empty TLS message; treating as a rejection by the client
    12512
    Treat the unexpected TLS acknowledge message as a rejection from the client
    11504
    Prepared EAP-Failure
    11003
    Returned RADIUS Access-Reject

  • Authentication issues

    We've had authentication issues with Infinity since the install just over a week ago (BT Business package)
    The router will drop the connection and then we have a problem reconnecting (won't). Out of sheer frustration I've discovered a workaround that sometimes works that is to change the user name to the BT test account, connect, and then change the router user name setting back to our own. The BT test account always works, so despite a BT engineer being sent to trace the problem onsite yesterday the issue remains. We've also been sent a new router, and the BT engineer arrived with yet another new one yesterday
    The problem seems to be purely authentication. The Technical Helpdesk have changed our password (twice) but we still get the problem. Yesterday I was told that some other users in our area have also had an authentication issue and that over the weekend 'patches' were going to be applied at our local exchange.
    When the service works we get quite good speeds (37 down, 8 up) but we're frustrated with the lack of knowledge from the help-desk and have doubts that the 'patches' will resolve the issue
    Such is the problem that BT will downgrade us back to ADSL2 (which was rock solid in comparison) next week if we're still unhappy
    I did ask if our user name could be changed but told no. I'm curious to know as to what the switch to fibre could cause authentication problems?

    hi this is a BT Residential forum as a Business user you may get more help from the BT business forum
    http://business.forums.bt.com/t5/Broadband-and-internet/bd-p/Broadband
    If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

  • Safari 5.1 HTML5 HTTP basic access authentication issue video does not load

    I have a .m4v video referenced in a page with the HTML5 video tag in a folder which is in a password protected folder housed on iPage.
    Safari 5.0.5 plays the video fine.  Safari 5.1 fails to load/play the video in the protected folder.  If I move the video to a not protected folder, Safari 5.1 plays it fine.
    This is on iPage.  Back on MobileMe all is fine with 5.1.
    I think this is a HTTP basic access authentication issue with 5.1.
    Anyone have similar issue? Work around?

    Yes, I can also confirm this behaviour. This is in Safari 5.1.1, but I also see the exact same thing in WebKit nightlies.

  • General authentication issues

    I have a general issue with authenticating usernames and passwords. starting with remote desktop connection to my win 8 laptop 6 days a go i was able to connect to it from the internet with no problems, now for some reason i can't connect to it i can see the window asking for a log in info so it can see the computer but it doesn't accept my log in info, i also have win 2008 server computer on the same LAN and i can connect to it from the outside.
    same thing with my FTP service i can connect to my FTP from the internet using IE but when it asks for username and password it doesn't accept them.
    SAME PROBLEM WITH VPN i used to e able to connect to my LAN from the outside internet and now while it's verifying username and password for VPN it doesn't accept them.
    Iam basically looking at an authentication issue not a connection because i see that i can connect to these services until authentication level then authentication doesn't work.
    Any Ideas?
    Thanks

    Normally I would use FLAC for quality but since Itunes doesn't support it I use mp3. Good albums I do both. Is there a plugin so I don't need 2 copies of my music?
    You can try the Xiph plugins to play your FLAC files. Some people have reported success while others have had problems, but it would be worth trying.
    When I drag the music in to the play list Itunes takes between 5-10 minutes to add the songs and do its gap less playback check, etc.. Itunes is hung the entire time and does not respond. Is this normal?
    How many tracks do you have in your library? If it's really large (many thousands of tracks), the delay may be normal.
    it says it's getting the artwork but it only gets the art work may be 1 out 20 albums I import. Is there a way to select the art work manually?
    If you search the web for "iTunes album art" you'll find a lot of methods for getting album artwork into iTunes.
    Regards.

  • Airport-Router authentication issue

    Hi - I have a really annoying authentication issue between my MBP (late '06) and my DIR-655 D-Link router (f/w 1.22 b05).
    I am getting "disconnection" issues on my MacBook Pro only. We are not seeing any issues on my fiance's Vaio laptop. So I'm thinking maybe the router isn't to blame...?
    I put "disonnection" in quotes because airport always shows that there is a connection to the router/network, but there clearly is not. Sometimes I have to disconnect/reconnect airport, but often the connection just comes back after 30 seconds or so. It usually looks like a DNS issue...holding at the "looking up" stage, but I really don't think it is. I've tried various domain name servers.
    I thought I had worked around this by allowing the router to accept G in addition to 802.11n connections, but the problem, while not as prevalent, seems to have increased lately even while using 802.11g.
    I see that the router's log is replete with messages like this:
    *Wireless system with MAC address 0017F2HR7BC6 disconnected for reason: Authentication Failed*
    That MAC address is indeed my MBP
    I'm also seeing a lot of messages along these lines:
    *Blocked incoming TCP connection request from 119.154.75.13:1420 to 173.78.73.92:445*
    But I assume these messages are unrelated.
    So I turned off WPA-Personal security and, of course, no further authentication errors. Those blocked TCP requests continue.
    Of course, I don't want to keep WPA turned off.
    Any ideas as to why authentication would be failing on and off with airport? I didn't even realize there was more than a single authentication (i.e. after you first connect), but I still have a LOT to learn about routers!
    Any ideas appreciated!

    FWIW
    119.154.75.13 = an address in Pakistan
    173.78.73.92 = an address in Tampa, Florida on the Verizon Network
    Have you been using BitTorrent or some other p2p software lately ?
    Re your router issue, have you considered using MAC Address Security (not WAP/WEP) ?

  • Adobe Flash NTLM Authentication Issue

    This problem is having a major impact for many users in my account.
    The users are testing streaming course ware delivery over the Internet and also hitting the proxy re-login prompt.
    The problem with them is that after re-logging in the course restarts at the beginning.
    So it is not a fit for purpose environment for this application currently.
    The same problem occurs for companies webcast through Internet.
    Recent test with the users have confirm the issue occurs using the following version of flash:
    Adobe Flash Player ActiveX 11.1.102.55
    Adobe Flash Player ActiveX 11.1.102.62
    The Shockwave Flash NTLM authentication issue is characterised by the following packet sequence: WS sends Request to Server. Server closes the TCP connection without a response to the request. The WS establishes a new TCP connection and resend the request with previous NTLM Authentication details (ie does not go through the correct NTLM handshake for proxy authentication failure and the browser to pop for user credentials.
    When the above occurs,
    NTLM authentication screen popup up, entering credential again didn’t resume video. I had to reload the page to resume video from the beginning.
    No popup, but the video resumes from the beginning when there was a prolonged delay.
    The problem occurs on Windows XP SP3 with IE7 or IE8 with Flash Player 11.1.102.62
    Is the problem a known issue with Adobe Flash Player ?

    Hello,
    The bug report states can not reproduce. I understand the problem and am happy to help Adobe understand if they want to email me and organise a webex.
    The problem is associated with the way IE handles NTLM on a new connection. When performing a POST request, it will make two requests: the first contains a type1 NTLM token and no body, and the second will contain the type 3 token and the body. It does this because it expects to perform NTLM authentication as NTLM is connection not session based, and hence for efficiency, it doesn't send the POST body on the first request (knowing a second request will be required).
    The POST request initiated by the Flash application is only made once, so it presents a POST request and no body with the type 1 token to the web server (ie IIS, or some Java implementation such as SSO Plugin), and does not make a second request with a type 3 token and the body. It gives up and automatically prompts the user for a username/password, which is the wrong behaviour when the browser is in the Local Intranet zone and the web server responded with a type 2 token.
    I can reproduce this easily and it is a serious bug: it means that any Flash application that is accessed via Integrated Windows Authentication and IE will fail when trying to make a POST request, such as uploading a file from the user.
    John
    SSO Plugin for BMC, HP and more.
    http://www.javasystemsolutions.com/jss/ssoplugin

  • Tiger VPN (PPTP) connection issues

    Hello everyone.
    I'm having major issues trying to connect to office VPN from home; hoping someone can point me in the right direction. (And my profound apologies in advance for the long post -- just trying make sure to include enough detail to debug whatever might be happening)
    At the office we have a 3Com OfficeConnect VPN Firewall sitting in front of a Microsoft 2003 Exchange server. (3Com product page for this VPN box is http://www.3com.com/products/en_US/detail.jsp?tab=features&sku=3CR870-95&pathtyp e=purchase). Home connection is a Linksys WRT54GL wireless router in front of a broadband cable modem. PPTP pass-through is enabled in the router config.
    At home I have a WinXP-SP2 laptop and my G4 Powerbook (OS 10.4.7) sitting side-by-side. From the XP laptop, I can get into the VPN using XP's built-in client without any problems. The DNS lookup and authentication steps take about 2-3 seconds combined. Once the connection is established, both external sites (cnn.com) and internal sites (intranet.companyname.local) load in a browser window without any appreciable delay. I can also access Windows shared drives on the internal network without problems, including large (10's of MB or more) file copies to/from the XP laptop's HD.
    On the Powerbook, using Tiger's built-in VPN client, I can connect OK (though the authentication step takes a bit longer, about 4-5 seconds), but after that, almost nothing works. I can ping the internal DNS server, but after a few pings with reasonable delays (~15 millisecond range), the round-trip times suddenly jump to handfuls of seconds. In the browser, trying to load an internal webpage (http://intranet.companyname.local) times out before anything shows up on screen. In Finder, using Go>Connect to Server... very slowly establishes the connection (~10-15 seconds or longer), and sometimes opens a Finder window... but then invariably times out. I have never once had the connection remain stable enough to transfer so much as a single file from the shared volume onto the Powerbook's Desktop before it times out and disconnects.
    On the XP machine, relevant(?) VPN config settings are:
    require secured password
    require data encryption (disconnect if none)
    PPTP VPN
    LCP extensions enabled
    software compression enabled
    multi-link negotiation for single link connections DISABLED
    server type = PPP
    transports = TCP/IP
    authentication = MS CHAP
    encryption = MPPE 128
    compression = none
    PPP multilink framing = off
    and, once the VPN connection is established, parameters are (from "ipcofig /all"):
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : (companyname)-hj2
    Primary Dns Suffix . . . . . . . : (companyname).local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : (companyname).local
    Ethernet adapter Wireless Network Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2915ABG Network Connection
    Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.1.104
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.1
    PPP adapter (ConnectionName):
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 172.16.0.70
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . : 172.16.0.70
    DNS Servers . . . . . . . . . . . : 172.16.0.11
    finally, results of "ping -n 10 (InternalServer)":
    Pinging (InternalServer).(companyname).local [172.16.0.5] with 32 bytes of data:
    Reply from 172.16.0.5: bytes=32 time=4ms TTL=128
    Reply from 172.16.0.5: bytes=32 time=10ms TTL=128
    Reply from 172.16.0.5: bytes=32 time=10ms TTL=128
    Ping statistics for 172.16.0.5:
    Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 10ms, Average = 9ms
    On the Powerbook, I have a VPN (PPTP) connection set up with "Send all traffic over VPN connection" unchecked. In the Network panel of System Preferences, I have tried manually adding (and removing) "local, (companyname).local" in the Search Domains line, and manually adding (and removing) the IPs of our internal DNS servers (172.16.0.5, 172.16.0.11) under the TCP/IP tab. Proxies are turned off in all cases.
    With those settings, the relevant(?) parts of running "ifconfig" from a Terminal window after starting the VPN are as follows:
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    inet 127.0.0.1 netmask 0xff000000
    en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    inet6 fe80::XXX:XXXX:XXXX:XXXX%en1 prefixlen 64 scopeid 0x5
    inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
    ether XX:XX:XX:XX:XX:XX
    media: autoselect status: active
    supported media: autoselect
    fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
    lladdr XX:XX:XX:XX:XX:XX:XX:XX
    media: autoselect <full-duplex> status: inactive
    supported media: autoselect <full-duplex>
    ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444
    inet 172.16.0.69 --> 172.16.0.11 netmask 0xffff0000
    The associated connection log from Internet Connect is:
    Tue Jul 18 08:50:57 2006 : PPTP connecting to server 'vpn.(companyname).com' (XXX.XXX.XXX.XXX)...
    Tue Jul 18 08:50:57 2006 : PPTP connection established.
    Tue Jul 18 08:50:58 2006 : using link 0
    Tue Jul 18 08:50:58 2006 : Using interface ppp0
    Tue Jul 18 08:50:58 2006 : Connect: ppp0 <--> socket[34:17]
    Tue Jul 18 08:50:58 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xb851f701> <pcomp> <accomp>]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ConfReq id=0x1 <mru 1492> <auth chap MS> <magic 0x80697000>]
    Tue Jul 18 08:50:58 2006 : lcp_reqci: returning CONFACK.
    Tue Jul 18 08:50:58 2006 : sent [LCP ConfAck id=0x1 <mru 1492> <auth chap MS> <magic 0x80697000>]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
    Tue Jul 18 08:50:58 2006 : sent [LCP ConfReq id=0x2 <magic 0xb851f701>]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ConfAck id=0x2 <magic 0xb851f701>]
    Tue Jul 18 08:50:58 2006 : sent [LCP EchoReq id=0x0 magic=0xb851f701]
    Tue Jul 18 08:50:58 2006 : rcvd [CHAP Challenge id=0x1 <4f0656add65818c2>, name = "Guest"]
    Tue Jul 18 08:50:58 2006 : sent [CHAP Response id=0x1 <0000000000000000000000000000000000000000000000004c86e5ccf08b95431034ef14706021 d358dc21b96a59157301>, name = "(UserName)"]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP EchoRep id=0x0 magic=0x80697000]
    Tue Jul 18 08:50:58 2006 : rcvd [CHAP Success id=0x1 "Authentication succeeded, welcome!"]
    Tue Jul 18 08:50:58 2006 : CHAP authentication succeeded: Authentication succeeded, welcome!
    Tue Jul 18 08:50:58 2006 : Disabling 40-bit MPPE; MS-CHAP LM not supported
    Tue Jul 18 08:50:58 2006 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfReq id=0x1 <addr 172.16.0.11> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
    Tue Jul 18 08:50:58 2006 : sent [IPCP TermAck id=0x1]
    Tue Jul 18 08:50:58 2006 : rcvd [CCP ConfReq id=0x1 <mppe +H +M +S +L -D -C>]
    Tue Jul 18 08:50:58 2006 : sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : sent [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
    Tue Jul 18 08:50:58 2006 : MPPE 128-bit stateless compression enabled
    Tue Jul 18 08:50:58 2006 : sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
    Tue Jul 18 08:50:58 2006 : sent [IPV6CP ConfReq id=0x1 <addr fe80::020a:95ff:fea5:564c>]
    Tue Jul 18 08:50:58 2006 : sent [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ProtRej id=0x1 80 57 01 01 00 0e 01 0a 02 0a 95 ff fe a5 56 4c]
    Tue Jul 18 08:50:58 2006 : rcvd [LCP ProtRej id=0x2 82 35 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01]
    Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfRej id=0x1 <ms-dns3 0.0.0.0>]
    Tue Jul 18 08:50:58 2006 : sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0>]
    Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfNak id=0x2 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:50:58 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:50:58 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:01 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:01 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:04 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:04 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:07 2006 : sent [IPCP ConfReq id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:07 2006 : rcvd [IPCP ConfAck id=0x3 <addr 172.16.0.69> <ms-dns1 172.16.0.11>]
    Tue Jul 18 08:51:08 2006 : rcvd [IPCP ConfReq id=0x1 <addr 172.16.0.11> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
    Tue Jul 18 08:51:08 2006 : ipcp: returning Configure-REJ
    Tue Jul 18 08:51:08 2006 : sent [IPCP ConfRej id=0x1 <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
    Tue Jul 18 08:51:08 2006 : rcvd [IPCP ConfReq id=0x2 <addr 172.16.0.11>]
    Tue Jul 18 08:51:08 2006 : ipcp: returning Configure-ACK
    Tue Jul 18 08:51:08 2006 : sent [IPCP ConfAck id=0x2 <addr 172.16.0.11>]
    Tue Jul 18 08:51:08 2006 : ipcp: up
    Tue Jul 18 08:51:08 2006 : local IP address 172.16.0.69
    Tue Jul 18 08:51:08 2006 : remote IP address 172.16.0.11
    Tue Jul 18 08:51:08 2006 : primary DNS address 172.16.0.11
    The problem is that despite this apparently successful negotiation, the VPN connection doesn't really work. If I type "intranet" into the browser URL bar, it doesn't pick it up as "intranet.companyname.local" and instead treats this as a search query, which it passes to google... which times out. If I type "intranet.companyname.local" into the URL bar instead, it appears to do the DNS lookup correctly... but then times out again.
    Ping times look like this at first:
    PING (InternalServer).(companyname).local (172.16.0.5): 56 data bytes
    64 bytes from 172.16.0.5: icmp_seq=0 ttl=128 time=16.605 ms
    64 bytes from 172.16.0.5: icmp_seq=1 ttl=128 time=15.920 ms
    64 bytes from 172.16.0.5: icmp_seq=2 ttl=128 time=16.154 ms
    ^C
    --- (InternalServer).(companyname).local ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 15.920/16.226/16.605/0.284 ms
    ... but then if I try it again two seconds later:
    PING (InternalServer).(companyname).local (172.16.0.5): 56 data bytes
    64 bytes from 172.16.0.5: icmp_seq=0 ttl=128 time=727.144 ms
    64 bytes from 172.16.0.5: icmp_seq=1 ttl=128 time=1727.030 ms
    64 bytes from 172.16.0.5: icmp_seq=2 ttl=128 time=2727.260 ms
    64 bytes from 172.16.0.5: icmp_seq=3 ttl=128 time=3726.747 ms
    64 bytes from 172.16.0.5: icmp_seq=4 ttl=128 time=5723.986 ms
    64 bytes from 172.16.0.5: icmp_seq=5 ttl=128 time=5719.810 ms
    64 bytes from 172.16.0.5: icmp_seq=6 ttl=128 time=6720.334 ms
    64 bytes from 172.16.0.5: icmp_seq=7 ttl=128 time=6719.848 ms
    ^C
    --- (InternalServer).(companyname).local ping statistics ---
    15 packets transmitted, 8 packets received, 46% packet loss
    round-trip min/avg/max/stddev = 727.144/4224.020/6720.334/2176.543 ms
    OK, enough for now. Can anyone spot what I might be doing wrong, and/or suggest something to try to remedy this? If there is any additional logging/debug info that would be useful, please ask and I will track it down.
    Thanks very much in advance!!! /HJ

    Problem not entirely solved, but mostly working now. It turns out the issue was with the 3Com OfficeConnect VPN box. It was causing all sorts of headaches and had to be manually power cycled at least once a week, so we ditched it and got a Linux-based Firewall/VPN appliance (http://www.ingate.com/ingate_vpn.php).
    Now I can connect and mount Windows drives via SMB (both the command line and the Finder's "Connect to Server" approach seem to work). Performance still exhibits annoying lags at random times, and occasionally the VPN connection disconnects for no good reason, but at least I can get at my files from home. The other issues -- such as being able to resolve "xxx.yyy.local" addresses in the browser by making sure I hit the internal DNS server before any external ones -- all seem to be network configuration issues on my end.
    In short, my guess is that the 3Com box was causing issues with some low-level timing parameters or other related settings in how the VPN connection was being established. I was just starting to teach myself about ARP tables, NTLMv2 authentication, and the like when we replaced it with the new firewall.
    Hope this helps.
    /Heywood

  • Crystal Server 2008 authentication issue

    I have installed Crystal Server 2008 v1 on Windows Server 2008 64 bit, IIS 7 using AD authentication (not SSO).
    IIS has been configured to accept anonymous connections. If I run .net Infoview on the server it is fine, but as soon as I connect from a client I can authenticate and log onto Infoview, but within Infoview I am continually prompted by Windows to authenticate to the server and I cannot run any reports - nothing I put in there works.
    I have been running BOE XI on Server 2003 32 bit without any such issues at all.
    Could comeone pls point me in the right direction
    Thanks
    Garth

    solved issue by activating anonymous authentication on default web site and propogating down to all the web sites under the default site...

  • WLC, ISE certificate authentication issue

    Hi Folks,
    This is the setup:
    Redundant pair of WLC 5508 (version 7.5.102.0)
    Redundant Pair of ISE (Version 1.2.0.899)
         The ISE servers are connected to the corporate Active Directory (the AD servers are configured as external identity sources)
         There is a rule based authentication profile which queries the AD identity source when it receives wireless 802.1x authentication requests.
    A corporate WLAN is configured on the WLC:
    L2 security WPA+WPA2 (AES Encryption), ISE server 1 and 2 configured as the AAA Authentication servers.
    This is all working correctly - I associate to the Corp WLAN (Authentication WPA2 enterprise, encryption AES CCMP, 802.1x auth MS-CHAPv2 using AD credentials) ... I can see the authentication request being processed correctly by the ISE, and I get access to the network.
    The client I am working for wants to restrict access to the WLAN to users who have been allocated a certificate from the corporate CA, and this is where I am having issues.
    I took a test laptop, and requested a new certificate (mmc, add snapin, certificates, current user, personal, request new cert).   
    The cert that was issued was signed only by a Corporate AD server with CA services (there is nothing in the certification path above the cert I was issued, apart from the issuing server itself).   I changed the security settings of my connection to the corp wlan (using TLS instead of mschapv2, and pointing to the certificate I requested)
    Initally authentication failed because the ISE did not trust the CA that provided my certificate (the ISE radius authentication troubleshooting tool had this entry: '12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain').
    I exported the issuing CA's root certificate (followed this process http://support.microsoft.com/kb/555252), and imported the cert into ISE (administration, system, certificates, certificate store, import) - status of the cert is enabled, and it is trusted for client auth.
    After I did this, I could no longer associate to the Corp WLAN.  
    My laptop's wireless management software logs were filled with messages saying that the authentication server did not respond.   
    The ISE troubleshooting tool reported no new failed or successful authentication attempts.   
    Strangely though, the WLC log had a lot of entries like this: 'AAA Authentication Failure for UserName:host/laptop_asset_tag.corp.com User Type: WLAN USER'.
    It looks like the WLC is trying to locally authenticate my session when I use TLS, rather than hand off the authentication request to the ISE.    Other users who authenticate using their AD credentials only (as I described above) can still authenticate ok.
    Anyone able to shed some light on where I have gone wrong or what additional troubleshooting I can do?
    Thanks in advance,
    Darragh

    Hi,
    I had the same issue with microsoft CA and running ISE 1.1.4. The CA file was "corrupted", but you didn't see it at first glance. You can verify if the client CA matches the root CA via openssl.
    Try to export the root CA and the issuing CA in a different format (Base64), import both root and issuing into ise and check if that works. Also check if "Trust for client authentication or Secure Syslog services" in the Certificate Store -> CA -> Edit, is set.
    If this does not work, try to import the CA into another system and export it, then import into ISE.
    Regards,

  • SharePoint 2013 - random authentication issue where users are suddenly anonymous

    Hi,
    I've banged my head for too long now on this issue, so I'm hoping anyone here can shed some light on it. We're running on April 2013 CU but the problem has existed since RTM.
    The issue is that some users (all of this random) can't access the site ("An error has occurred") and get an error page. The Web App is configured with Claims (NTLM and FBA Membership/Role Provider). No custom login page and configuration
    for the web.configs is verified. It works 99% of the times, but occasionally a user gets an error and I have to restart the Distributed Cache to fix it.
    1 WFE & 1 APP with SP2013 April 2013 CU with a few web apps. There's also a WAC server connected, but that shouldn't make a difference. The Distributed Cache runs only on the WFE:
    PS C:\> Use-CacheCluster
    PS C:\> Get-CacheHost
    HostName : CachePort Service Name Service Status Version Info
    WFE.domain.local:22233 AppFabricCachingService UP 3 [3,3][1,3]
    There's sufficient RAM to avoid the Distributed Cache to force purge data.
    The logs seem to indicate that the user is seen as anonymous:
    06/10/2013 12:47:48.11 w3wp.exe (0x1B64) 0x2EE4 SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Request (GET:http://mywebapp:80/)). Parent No
    06/10/2013 12:47:48.11 w3wp.exe (0x1B64) 0x2EE4 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://mywebapp:80/) fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.11 w3wp.exe (0x1B64) 0x2EE4 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.11 w3wp.exe (0x1B64) 0x2B58 SharePoint Foundation General af71 Medium HTTP Request method: GET fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.11 w3wp.exe (0x1B64) 0x2B58 SharePoint Foundation General af75 Medium Overridden HTTP request method: GET fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.11 w3wp.exe (0x1B64) 0x2B58 SharePoint Foundation General af74 Medium HTTP request URL: / fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.13 w3wp.exe (0x1B64) 0x2B58 SharePoint Foundation Files aise3 Medium Failure when fetching document. 0x80070005 fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.13 w3wp.exe (0x1B64) 0x28AC SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.13 w3wp.exe (0x1B64) 0x28AC SharePoint Foundation General 8e2s Medium Unknown SPRequest error occurred. More information: 0x80070005 fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.15 w3wp.exe (0x1B64) 0x28AC SharePoint Foundation General aix9j High SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://mywebapp/ fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.15 w3wp.exe (0x1B64) 0x28AC SharePoint Foundation General ai1wu Medium System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace: at Microsoft.SharePoint.SPWeb.InitWeb() at Microsoft.SharePoint.SPWeb.get_EnableMinimalDownload() at Microsoft.SharePoint.Utilities.SPUtility.Redirect(String url, SPRedirectFlags flags, HttpContext context, String queryString) at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(HttpContext context) at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreSendRequestHeaders(Object oSender, EventArgs ea) at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.EndRequestHandler(Object oSender, EventArgs ea) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.... fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.15* w3wp.exe (0x1B64) 0x28AC SharePoint Foundation General ai1wu Medium ...HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificati... fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.15* w3wp.exe (0x1B64) 0x28AC SharePoint Foundation General ai1wu Medium ...onStatus& notificationStatus) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.15 w3wp.exe (0x1B64) 0x28AC SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope (PreSendRequestHeaders). Execution Time=11,6273 fcfd239c-7f49-f04b-4187-c6fa1add3f5a
    06/10/2013 12:47:48.19 w3wp.exe (0x1B64) 0x07E4 SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Request (GET:http://mywebapp:80/_layouts/15/Authenticate.aspx?Source=%2F)). Parent No
    06/10/2013 12:47:48.19 w3wp.exe (0x1B64) 0x07E4 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://mywebapp:80/_layouts/15/Authenticate.aspx?Source=%2F) fcfd239c-5f4e-f04b-4187-c4e9f3c4dff3
    06/10/2013 12:47:48.19 w3wp.exe (0x1B64) 0x07E4 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 fcfd239c-5f4e-f04b-4187-c4e9f3c4dff3
    06/10/2013 12:47:48.19 w3wp.exe (0x1B64) 0x07E4 SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ fcfd239c-5f4e-f04b-4187-c4e9f3c4dff3
    06/10/2013 12:47:48.19 w3wp.exe (0x1B64) 0x07E4 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://mywebapp:80/_layouts/15/Authenticate.aspx?Source=%2F)). Execution Time=8,0499 fcfd239c-5f4e-f04b-4187-c4e9f3c4dff3
    06/10/2013 12:47:48.32 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Request (GET:http://mywebapp:80/_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F)). Parent No
    06/10/2013 12:47:48.32 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://mywebapp:80/_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F) fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.32 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.32 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General 8e2s Medium Unknown SPRequest error occurred. More information: 0x80070005 fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General aix9j High SPRequest.GetPageListId: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://mywebapp/_login/default.aspx?ReturnUrl=/_layouts/15/Authenticate.aspx?Source=%252F&Source=/ fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace: at Microsoft.SharePoint.SPContext.get_ListId() at Microsoft.SharePoint.SPContext.get_List() at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast, Boolean ignoreFileNotFound) at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag) at Micros... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...oft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer) at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer) at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, ... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast, Boolean ignoreFileNotFound) at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable) at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Co... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...ntrol.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) at System.Web.HttpRuntime.Proc... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...essRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr modul... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...eData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General 8e2s Medium Unknown SPRequest error occurred. More information: 0x80070005 fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General aix9j High SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://mywebapp/_login/default.aspx?ReturnUrl=/_layouts/15/Authenticate.aspx?Source=%252F&Source=/ fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace: at Microsoft.SharePoint.SPWeb.InitWeb() at Microsoft.SharePoint.SPWeb.get_WebTemplateConfiguration() at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast, Boolean ignoreFileNotFound) at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag) ... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer) at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer) at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, Stri... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...ng name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast, Boolean ignoreFileNotFound) at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag) at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable) at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) at System.Web.HttpRun... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...time.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, Int... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...Ptr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General 8e2s Medium Unknown SPRequest error occurred. More information: 0x80070005 fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General aix9j High SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://mywebapp/_login/default.aspx?ReturnUrl=/_layouts/15/Authenticate.aspx?Source=%252F&Source=/ fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace: at Microsoft.SharePoint.SPWeb.InitWeb() at Microsoft.SharePoint.SPWeb.get_EnableMinimalDownload() at Microsoft.SharePoint.WebControls.DeltaPage.RenderToBase(HtmlTextWriter writer) at Microsoft.SharePoint.WebControls.DeltaPage.Render(HtmlTextWriter writer) at Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase.Render(HtmlTextWriter writer) at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean inclu... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...deStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ... at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General 8e2s Medium Unknown SPRequest error occurred. More information: 0x80070005 fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General aix9j High SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://mywebapp/_login/default.aspx?ReturnUrl=/_layouts/15/Authenticate.aspx?Source=%252F&Source=/ fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace: at Microsoft.SharePoint.SPWeb.InitWeb() at Microsoft.SharePoint.SPWeb.get_EnableMinimalDownload() at Microsoft.SharePoint.WebControls.DeltaPage.RenderToBase(HtmlTextWriter writer) at Microsoft.SharePoint.WebControls.DeltaPage.Render(HtmlTextWriter writer) at Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase.Render(HtmlTextWriter writer) at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean inclu... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ...deStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)... fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33* w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation General ai1wu Medium ... at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.33 w3wp.exe (0x1B64) 0x25E4 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://mywebapp:80/_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F)). Execution Time=17,7845 fcfd239c-2f56-f04b-4187-cca1c6a273e0
    06/10/2013 12:47:48.55 w3wp.exe (0x1B64) 0x043C SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0
    I'm figuring the Distributed Cache gets confused about the authentication tokens and starts handing out the wrong token to some users ? If I leave the Distributed Cache disabled it seems to permanently fix the issue, but that's not an ideal scenario.
    All help is appreciated!

    please read about logon token cache section in
    http://blogs.msdn.com/b/besidethepoint/archive/2013/03/27/appfabric-caching-and-sharepoint-1.aspx ;
    And when anonymous authentication is enabled for a web application zone that use windows integrated authentication, SharePoint use WSS_Keepsessionauthenticated cookie to prevent reverting to anonymous. Also check the browser handling of this session cookie.
    also, analyze the error logs in WSS_Logging database if the logging is turned on:
    http://social.technet.microsoft.com/Forums/sharepoint/en-US/8ba7b6e9-0b5d-4c4b-bd66-d2c72bb538b3/web-analytics-for-specific-pages-somehow-with-2010-unique-visitors#06b4fdd9-1d24-445c-bddc-db9cac1135e0 . The data volume can be large, so, don't do this in
    a production environment, you can backup the WSS_logging database and analyze it elsewhere. 

Maybe you are looking for

  • Avoid Save As dialog when Signing a document in Acrobat?

    I'm working on a web application that allows users to download a PDF, sign it, and then upload it back to the server. I'm trying to minimize the number of steps required of the user, so I would like to by-pass the Save As dialog that is presented whe

  • Excise rate and value is not getting defaulted from the purchase order

    Hi all, While capturing excise invoice , the excise rate and value is not getting defaulted from the purchase order and in Excise Item Tab BED,AED,ECS is Zero at both header as well as item level for only one material in STO process and if we are doi

  • Photo gallery on mobile devices (Android)

    Hello, I have done 2 projects with adobe edge, the first works well both on PC and on smartphone (Android) while the second project only works well on a PC, because in smarthone not part of the animation. Then I tried to remove a lot of pictures from

  • Create a tree from XML

    hi. I have created a simple XML file which contains a hierarchical structure of strings. Also, I have created a SAXParser to read from the xml. But I don't know how to put this structure in a JTree.I don't want to show the tree on screen. I want to b

  • Scenario - ( EC6 - XI - SRM-MDM Catalog )

    Hi, I am working on Scenario"Transfer Info records and contracts from ERP, Auto Import of contract and info Records from ERP". Scenario: <b> Sender Side:</b> =>Run Tcode: MECCM in ERP system and send Purchasing info records to Catalog system via XI.