Problem with Require Client Certificate on on IPlanet 6.0 server

I installed client certificate. When I connect to the server using browser, I get following error........
You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied.
How can I run the server in Verbose mode and see exactly why this error.
Default error file does not have any information about this rejection.
Thanks
Krishna

The message is cut and paste of what client (IE) shows on the browser.
But the Server does not show any thing in it;'s log. I don't see any activity. I have Log Verbose On.
If I change the client certificate on to off it works fine.
The problem is only when the client certificate is on.
The client certificate is created using Iplanet Certificate Server as well the server certificate also generated using Iplanet Certificate Server.
In this case I am not trying to authenticate user in the client certificate just the client certificate is valid or not.
Thanks for the reply.
Regards
Krishna

Similar Messages

  • Problem with Variable Client Support

    Hello,
    I work with Labview 8.5 and Crio 9014.
    I have a problem with  Variable Client Support. When I try to compile my project I have the following error:
    "The Network Variable Engine and Variable Client Support must be installed on the RT target for this application to function properly..."
    I have read that we have to install the Variable Client Support in Measurement and Automation by right-clicking on the software and then choosing add/remove software but I can't install the appropriate shared variable components because I can't see neither Network Variable Engine and Variable Client Support. So what can I do?
    Can somebody help me?
    Thanks

    I have exactly the same problem. I wanted go through the "Getting Started with the LabVIEW RT module" and when I use wizard for generating new project I get same notification in my VI... 
    The Network Variable Engine and Variable Client Support must be installed on the RT target
    for this application to function properly. If the Network Variable Engine is not supported on
    the target (e.g. FP-2000 with <32MB of RAM), open the project and move the variable library
    to My Computer in the project. Doing this will deploy the variables to localhost but
    will still require that Variable Client Support be installed on the RT target.
    Could someone help please ? 
    Attachments:
    ni.png ‏95 KB

  • Problems with QuickVPN client

    Hello,
    I experiance problems with QuickVPN client (version 1.4.1.2). I'm trying to connect to router SA520 with 1.1.65 firmware,
    vpn tunell is established, but client says "The remote gateway is not responding. Do you want to wait?"
    in case i click no, it drops vpn tunell
    QuickVPN client log looks like this:
    2010/08/18 12:13:27 [STATUS]OS Version: Windows 7
    2010/08/18 12:13:27 [STATUS]Windows Firewall Domain Profile Settings: ON
    2010/08/18 12:13:27 [STATUS]Windows Firewall Private Profile Settings: ON
    2010/08/18 12:13:27 [STATUS]Windows Firewall Private Profile Settings: ON
    2010/08/18 12:13:27 [STATUS]One network interface detected with IP address 192.168.1.100
    2010/08/18 12:13:27 [STATUS]Connecting...
    2010/08/18 12:13:27 [DEBUG]Input VPN Server Address = vpn.in-volv.lv
    2010/08/18 12:13:28 [STATUS]Connecting to remote gateway with IP address: 78.28.223.10
    2010/08/18 12:13:28 [WARNING]Server's certificate doesn't exist on your local computer.
    2010/08/18 12:13:30 [STATUS]Remote gateway was reached by https ...
    2010/08/18 12:13:30 [STATUS]Provisioning...
    2010/08/18 12:13:39 [STATUS]Success to connect.
    2010/08/18 12:13:39 [STATUS]Tunnel is configured. Ping test is about to start.
    2010/08/18 12:13:39 [STATUS]Verifying Network...
    2010/08/18 12:13:44 [WARNING]Failed to ping remote VPN Router!
    2010/08/18 12:13:47 [WARNING]Failed to ping remote VPN Router!
    2010/08/18 12:13:50 [WARNING]Failed to ping remote VPN Router!
    2010/08/18 12:13:53 [WARNING]Failed to ping remote VPN Router!
    2010/08/18 12:13:56 [WARNING]Failed to ping remote VPN Router!
    2010/08/18 12:14:08 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
    2010/08/18 12:14:12 [STATUS]Disconnecting...
    2010/08/18 12:14:15 [STATUS]Success to disconnect.
    Server logs look like this:
    2010-08-18 12:28:49: INFO:  Adding IPSec configuration with identifier "arvils"
    2010-08-18 12:29:02: INFO:  Configuration found for 83.243.93.200[500].
    2010-08-18 12:29:02: INFO:  Received request for new phase 1 negotiation: 78.28.223.10[500]<=>83.243.93.200[500]
    2010-08-18 12:29:02: INFO:  Beginning Identity Protection mode.
    2010-08-18 12:29:02: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY
    2010-08-18 12:29:02: INFO:  Received Vendor ID: RFC 3947
    2010-08-18 12:29:02: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    2010-08-18 12:29:02: INFO:  Received unknown Vendor ID
    2010-08-18 12:29:02: INFO:  Received unknown Vendor ID
    2010-08-18 12:29:02: INFO:  Received unknown Vendor ID
    2010-08-18 12:29:02: INFO:  Received unknown Vendor ID
    2010-08-18 12:29:02: INFO:  For 83.243.93.200[500], Selected NAT-T version: RFC 3947
    2010-08-18 12:29:02: INFO:  NAT-D payload matches for 78.28.223.10[500]
    2010-08-18 12:29:02: INFO:  NAT-D payload does not match for 83.243.93.200[500]
    2010-08-18 12:29:02: INFO:  NAT detected: PEER
    2010-08-18 12:29:02: INFO:  Floating ports for NAT-T with peer 83.243.93.200[4500]
    2010-08-18 12:29:02: INFO:  ISAKMP-SA established for 78.28.223.10[4500]-83.243.93.200[4500] with spi:e2cd855a75fc0887:6dc3b2e025152444
    2010-08-18 12:29:02: INFO:  Sending Informational Exchange: notify payload[INITIAL-CONTACT]
    2010-08-18 12:29:02: INFO:  Responding to new phase 2 negotiation: 78.28.223.10[0]<=>83.243.93.200[0]
    2010-08-18 12:29:02: INFO:  Using IPsec SA configuration: 192.168.75.0/24<->192.168.1.100/32
    2010-08-18 12:29:02: INFO:  Adjusting peer's encmode 3(3)->Tunnel(1)
    2010-08-18 12:29:02: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=47693803(0x2d7bfeb)
    2010-08-18 12:29:02: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 78.28.223.10->83.243.93.200 with spi=1079189482(0x40531fea)
    2010-08-18 12:35:57: INFO:  an undead schedule has been deleted: 'pk_recvupdate'.
    2010-08-18 12:35:57: INFO:  Purged IPsec-SA with proto_id=ESP and spi=1079189482(0x40531fea).
    2010-08-18 12:40:46: INFO:  Configuration found for 83.243.93.200[500].
    2010-08-18 12:40:46: INFO:  Received request for new phase 1 negotiation: 78.28.223.10[500]<=>83.243.93.200[500]
    2010-08-18 12:40:46: INFO:  Beginning Identity Protection mode.
    2010-08-18 12:40:46: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY
    2010-08-18 12:40:46: INFO:  Received Vendor ID: RFC 3947
    2010-08-18 12:40:46: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    2010-08-18 12:40:46: INFO:  Received unknown Vendor ID
    2010-08-18 12:40:46: INFO:  Received unknown Vendor ID
    2010-08-18 12:40:46: INFO:  Received unknown Vendor ID
    2010-08-18 12:40:46: INFO:  For 83.243.93.200[500], Selected NAT-T version: RFC 3947
    2010-08-18 12:40:46: INFO:  NAT-D payload matches for 78.28.223.10[500]
    2010-08-18 12:40:46: INFO:  NAT-D payload does not match for 83.243.93.200[500]
    2010-08-18 12:40:46: INFO:  NAT detected: PEER
    2010-08-18 12:40:46: INFO:  Floating ports for NAT-T with peer 83.243.93.200[4500]
    2010-08-18 12:40:46: INFO:  ISAKMP-SA established for 78.28.223.10[4500]-83.243.93.200[4500] with spi:28447d39874689f9:a2b7da19d8d86413
    2010-08-18 12:40:46: INFO:  Responding to new phase 2 negotiation: 78.28.223.10[0]<=>83.243.93.200[0]
    2010-08-18 12:40:46: INFO:  Using IPsec SA configuration: 192.168.75.0/24<->192.168.1.100/32
    2010-08-18 12:40:46: INFO:  Adjusting peer's encmode 3(3)->Tunnel(1)
    2010-08-18 12:40:47: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=259246202(0xf73c87a)
    2010-08-18 12:40:47: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 78.28.223.10->83.243.93.200 with spi=3642234214(0xd9181566)
    2010-08-18 12:43:27: INFO:  IPsec-SA expired: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=33356156(0x1fcf97c)
    2010-08-18 12:45:47: INFO:  an undead schedule has been deleted: 'pk_recvupdate'.
    2010-08-18 12:45:47: INFO:  Purged IPsec-SA with proto_id=ESP and spi=3642234214(0xd9181566).
    The most interesting thing is that sometimes this message appears, sometimes not (with the same configuration).
    Please help!

    Hi,
    I have some problem. I am using Windows 7 Entreprice x64. I use SA520 Firmware 1.1.65 and QuickVPN 1.4.1.2 port 60443.
    "The remote gateway is not responding. Do you want to wait"
    2010-08-18 17:25:51: INFO:  Adding IPSec configuration with identifier "username"
    2010-08-18 17:25:51: INFO:  Adding IKE configuration with identifer "username"
    2010-08-18 17:26:04: INFO:  Configuration found for xxx.xxx.xxx.xxx[235].
    2010-08-18 17:26:04: INFO:  Received request for new phase 1 negotiation: 172.22.5.10[500]<=>xxx.xxx.xxx.xxx[235]
    2010-08-18 17:26:04: INFO:  Beginning Identity Protection mode.
    2010-08-18 17:26:04: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY
    2010-08-18 17:26:04: INFO:  Received Vendor ID: RFC 3947
    2010-08-18 17:26:04: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    2010-08-18 17:26:04: INFO:  Received unknown Vendor ID
    2010-08-18 17:26:04: INFO:  Received unknown Vendor ID
    2010-08-18 17:26:04: INFO:  Received unknown Vendor ID
    2010-08-18 17:26:04: INFO:  Received unknown Vendor ID
    2010-08-18 17:26:04: INFO:  For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947
    2010-08-18 17:26:04: INFO:  NAT-D payload does not match for 172.22.5.10[500]
    2010-08-18 17:26:04: INFO:  NAT-D payload does not match for xxx.xxx.xxx.xxx[235]
    2010-08-18 17:26:04: INFO:  NAT detected: ME PEER
    2010-08-18 17:26:04: INFO:  Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]
    2010-08-18 17:26:04: INFO:  ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:ed4f291c71c1b688:7e6a8a0968f878fb
    2010-08-18 17:26:04: INFO:  Sending Informational Exchange: notify payload[INITIAL-CONTACT]
    2010-08-18 17:26:04: INFO:  Responding to new phase 2 negotiation: 172.22.5.10[0]<=> xxx.xxx.xxx.xxx[0]
    2010-08-18 17:26:04: INFO:  Using IPsec SA configuration: 192.168.75.0/24<->192.168.170.224/32
    2010-08-18 17:26:04: INFO:  Adjusting peer's encmode 3(3)->Tunnel(1)
    2010-08-18 17:26:05: INFO:  IPsec-SA established[UDP encap 48540->4500]: ESP/Tunnel xxx.xxx.xxx.xxx->172.22.5.10 with spi=239099274(0xe405d8a)
    2010-08-18 17:26:05: INFO:  IPsec-SA established[UDP encap 4500->48540]: ESP/Tunnel 172.22.5.10-> xxx.xxx.xxx.xxx with spi=3886848189(0xe7ac98bd)
    2010-08-18 17:26:07: INFO:  Configuration found for xxx.xxx.xxx.xxx[235].
    2010-08-18 17:26:07: INFO:  Received request for new phase 1 negotiation: 172.22.5.10[500]<=> xxx.xxx.xxx.xxx[235]
    2010-08-18 17:26:07: INFO:  Beginning Identity Protection mode.
    2010-08-18 17:26:07: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY
    2010-08-18 17:26:07: INFO:  Received Vendor ID: RFC 3947
    2010-08-18 17:26:07: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    2010-08-18 17:26:07: INFO:  Received unknown Vendor ID
    2010-08-18 17:26:07: INFO:  Received unknown Vendor ID
    2010-08-18 17:26:07: INFO:  Received unknown Vendor ID
    2010-08-18 17:26:07: INFO:  For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947
    2010-08-18 17:26:07: INFO:  NAT-D payload does not match for 172.22.5.10[500]
    2010-08-18 17:26:07: INFO:  NAT-D payload does not match for xxx.xxx.xxx.xxx[235]
    2010-08-18 17:26:07: INFO:  NAT detected: ME PEER
    2010-08-18 17:26:07: INFO:  Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]
    2010-08-18 17:26:07: INFO:  ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:699f34b434d4318c:df4adca414787d36
    2010-08-18 17:27:14: INFO:  Purged ISAKMP-SA with proto_id=ISAKMP and spi=699f34b434d4318c:df4adca414787d36.
    2010-08-18 17:27:14: INFO:  Configuration found for xxx.xxx.xxx.xxx[235].
    2010-08-18 17:27:14: INFO:  Received request for new phase 1 negotiation: 172.22.5.10[500]<=> xxx.xxx.xxx.xxx[235]
    2010-08-18 17:27:14: INFO:  Beginning Identity Protection mode.
    2010-08-18 17:27:14: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY
    2010-08-18 17:27:14: INFO:  Received Vendor ID: RFC 3947
    2010-08-18 17:27:14: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    2010-08-18 17:27:14: INFO:  Received unknown Vendor ID
    2010-08-18 17:27:14: INFO:  Received unknown Vendor ID
    2010-08-18 17:27:14: INFO:  Received unknown Vendor ID
    2010-08-18 17:27:14: INFO:  For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947
    2010-08-18 17:27:14: INFO:  NAT-D payload does not match for 172.22.5.10[500]
    2010-08-18 17:27:14: INFO:  NAT-D payload does not match for xxx.xxx.xxx.xxx[235]
    2010-08-18 17:27:14: INFO:  NAT detected: ME PEER
    2010-08-18 17:27:15: INFO:  ISAKMP-SA deleted for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:699f34b434d4318c:df4adca414787d36
    2010-08-18 17:27:15: INFO:  Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]
    2010-08-18 17:27:15: INFO:  ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:3fe5eb0bddbf2b9a:f5c11d7f813ca74a
    2010-08-18 17:27:15: INFO:  Sending Informational Exchange: notify payload[INITIAL-CONTACT]
    2010-08-18 17:28:20: INFO:  Purged ISAKMP-SA with proto_id=ISAKMP and spi=3fe5eb0bddbf2b9a:f5c11d7f813ca74a.
    2010-08-18 17:28:21: INFO:  ISAKMP-SA deleted for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:3fe5eb0bddbf2b9a:f5c11d7f813ca74a
    With windows XP Pro i dont have this problem.
    Is there a detailed configuration guide?
    10x

  • Require Client Certificate to Access ASDM on the Following Interfaces

    Hello
    I have an ASA 5585 with an outside interface with two subnets. The mgmt interface is the secondary interface. I have a certificate linked to the outside interface's primary ip address. When I ASDM to the ASA I get a dialog box telling me the cert is self signed. Do I need to get a second cert or can I do something else on the ASA that will allow the existing cert on the ASA to work with ASDM on the ASA?
    I.e. Configuration/Management Access/ASDM/HTTPS/Telent/SSH/Require Client Certificate to Access ASDM on the Following Interfaces
    Thanks!
    Matt

    You can bind the identity certificate to multiple interfaces. Whether it is self-signed or from a third party trusted root CA it will work either way.
    You may get some warnings from ASA if the FQDN or IP address you are connecting to does not match the certificate but clicking through that will allow you to manage the appliance.
    Client certificates are a totally separate issue. That's typically only used when you have a PKI and are using the certificates issued to a client as a form of authentication and/or authorization.

  • There is a problem with the security certificate of the proxy server. Error code 18 and 38.

    Hi All,
    After several hours and a short night of sleep I'm out of ideas and hopefully someone here can help me trying to solve this one. First of all the situation:
    Exchange 2013 on a remote location with a CA-certificate.
    Outlook 2010 and 2013 on different locations, locally installed and on RDS.
    When I open Outlook on my laptop all is fine, no errors, good sync, no problem. But when I open Outlook on our Remote Desktop Servers with Outlook 2013 I'm getting errors like "There is a problem with the security certificate of the proxy server. The
    name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (Error code 18)". Opening Outlook 2010 the message is the same, but the error code now is 38.
    After this Outlook opens and is working, there's one more error though. After a while an security warning pops up with the message: "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the
    site's security certificate. * The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. * The security certificate is valid. * The name on the security
    certificate is invalid or does not match the name of the site."
    Strangest thing is, it is the certificate of my RDS! It isn't my valid en officially bought certificate from my mailserver. What's going on? I'm out of options, what I've tried so far (in random order):
    - restarting mailserver and AD;
    - restarting switches;
    - restarting routers;
    - restarting RDS, AD and all other servers;
    - bypassed proxyserver for RDS;
    - created a new profile;
    - checked recently installed updates;
    - checked certificate on mailserver;
    - checked RDS on a different location, working fine.
    Nothing helped, what can I do next? Please advice.
    Regards.

    Found a thread that solves half my problem (https://social.technet.microsoft.com/Forums/office/en-US/70d18244-889a-4d95-ac3f-e234672a82b2/there-is-a-problem-with-the-proxy-servers-security-certificate-error-when-starting-outlook?forum=exchangesvrclients).
    The first message can be suppressed by adding this to the Exchange config:
    set-outlookprovider -Identity EXCH -CertprincipalName msstd:webmail.domain.tld
    set-outlookprovider -Identity EXPR -CertprincipalName msstd:webmail.domain.tld
    Giving the command get-outlookprovider, gives me empty information regarding the certprinipalname. Filled
    this and after recreating the profile or deleting the ost-file I still have the second alert with the local certificate of my RDS.
    Not completely where I want to be, any help regarding the second alert is greatly appreciated!

  • There is a problem with this connection's security certificate The remote computer cannot be authenticated due to problems with its security certificate. Security certificate problems might indicate an attempt to fool you or intercept any data you send

    Hi,
    I have this Windows 2008 R2 on which I installed remoteapp some years ago.
    Now the certificate expired and I get the message
    "There is a problem with this connection's security certificate
    The remote computer cannot be authenticated due to problems with its security certificate.
    Security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer."
    How should I renew the certificate? I already went to certification store and tried to renew certificate with same key but then it says "the request contains nor certificate template information".
    Please advise.
    J.
    J.
    Jan Hoedt

    Does the computer account have Enroll permission to the certificate template?
    From the Server running your CA, run mmc, click File then Add/Remove Snap-in...
    Add Certificate Templates and click OK.
    Find the certificate template, then right click and select properties.  On my CA its call ed RemoteDesktopComputers but might be called something different depending on what what template your certificate is based on.
    On the security tab, click Oblect types, check Computers then OK. Enter the Computername and click OK.  Then give your computer account Enroll permisssion.
    HTH,
    JB

  • We encountered a problem with some client machines that use Firefox version 24ESR and IE8. Ajax requests of aspx pages from Firefox are getting the following er

    I encountered a problem with some client machines that use Firefox version 24ESR and IE8.
    Ajax requests of aspx pages from Firefox are getting the following error from the iis server (iis version 7.5):
    Bad Request - Request Too Long
    HTTP Error 400. The size of the request headers is too long.
    From analyzing the request that was sent to the server, I saw that the request consist of only the viewstate of the aspx page.
    I tried to disable the viewstate for one page and the server got the request correctly.
    I do not encounter any issues on these laptops with postback requests from Firefox or when running the same application with IE8.

    Sometimes that means that the page address sent is loo long.
    Check the link address you are using.
    I can't help you further and will send for more help.

  • Non-Deterministic Exception When Connecting With Wrong Client Certificate

    I am working on an internal application and need to determine the correct client-side SSL certificate to use when connecting to a server (the user can supply multiple client-side certificates). I had expected that if I connected to a server using the wrong client certificate the java client would throw a SSLHandshakeException and I could then try the next certificate. This seems to work some of the time, however the java client will sometimes throw a “SocketException: Software caused connection abort: recv failed”, in which case it is not possible to know that the wrong certificate caused the problem.
    Below is the code I have been using to test as well as the intermittent SocketException stack trace. Does anyone have an idea as to how to fix this problem? Thanks in advance.
    Note: the TrustAllX509TrustManager is a trust manager that trusts all servers.
    protected void connectSsl() throws Exception {
          final String host = "x.x.x.x";
          final int portNumber = 443;
          final int socketTimeout = 10*1000;
          // Note: Wrong certificate (expect SSLHandshakeException).
          final String certFilename = "C:\\xxx\\clientSSL.P12";
          final String certPassword = "certPassword";
          final BufferedInputStream bis = new BufferedInputStream(new FileInputStream(new File(certFilename)));
          final char[] certificatePasswordArray = certPassword.toCharArray();
          final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
          final KeyStore keyStore = KeyStore.getInstance("PKCS12");
          keyStore.load(bis, certificatePasswordArray);
          keyManagerFactory.init(keyStore, certificatePasswordArray);
          final KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
          final SSLContext context = SSLContext.getInstance("SSL");
          context.init(keyManagers, new TrustManager[]{new TrustAllX509TrustManager()}, new SecureRandom());
          final SocketFactory secureFactory = context.getSocketFactory();
          final Socket socket = secureFactory.createSocket();
          final InetAddress ip = InetAddress.getByName(host);
          socket.connect(new InetSocketAddress(ip, portNumber), socketTimeout);
          socket.setSoTimeout(socketTimeout);
          // Write the request.
          final OutputStream out = new BufferedOutputStream(socket.getOutputStream());
          out.write("GET / HTTP/1.1\r\n".getBytes());
          out.write("\r\n".getBytes());
          out.flush();
          InputStream inputStream = socket.getInputStream();
          ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
          byte[] byteArray = new byte[1024];
          int bytesRead = 0;
          while ((bytesRead = inputStream.read(byteArray)) != -1) {
             outputStream.write(byteArray, 0, bytesRead);
          socket.close();
          System.out.println("Response:\r\n" + outputStream.toString("UTF-8"));
       }Unexpected SocketException:
    main: java.net.SocketException: Software caused connection abort: recv failed
         at java.net.SocketInputStream.socketRead0(Native Method)
         at java.net.SocketInputStream.read(SocketInputStream.java:129)
         at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
         at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1435)
         at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
         at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:612)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:808)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:734)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:197)
         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

    Thanks for the quick response. Here are answers to the questions:
    1) No, this issue is not associated with one particular certificate. I have tried several certificates and see the same issue.
    2) I agree it would be simpler to only send the required certificate, but unfortunately the project requires that the user be able to specify multiple certificates and, if a client-side certificate is required, the application try each one in turn until the correct certificate is found.
    3) Yes, I realize the TrustAllX509TrustManager is insecure, but I am using this for testing purposes while trying to diagnose the client certificate problem.
    In terms of testing, I am just wrapping the above code in a try/catch block and executing it in a loop. It is quite odd that the same exact code will sometimes generate a SSLHandshakeException and other times a SocketException.
    One additional piece of information: if I force the client code to use "SSLv3" using the Socket.setEnabledProtocols(...) method, the problem goes away (I consistently get a SSLHandshakeException). However, I don't think this solves my problem as forcing the application to use SSLv3 would mean it could not handle TLS connections.
    The code to specify the SSLv3 protocol is:
    SSLSocket sslSocket = (SSLSocket) socket;
    sslSocket.setEnabledProtocols(new String[] {"SSLv3"});
    One other strange issue: if instead of specifying the SSLv3 protocol using setEnabledProtocols(...) I instead specify the protocol when creating the SSLContext, the SocketException problem comes back. So if I replace:
    final SSLContext context = SSLContext.getInstance("SSL");
    with:
    final SSLContext context = SSLContext.getInstance("SSLv3");
    and remove the "sslSocket.setEnabledProtocols(new String[] {"SSLv3"})" line, I see the intermittent SocketException problem.
    All very weird. Any thoughts?

  • New WSUS on Server 2012 - problem with win8 clients

    Hi,
    Two weeks ago we created a new Server 2012 and installed the WSUS role from scratch on it.  Its version number is:  6.2.9200.16384.  It replaced a Server 2008 WSUS server.  After some time all the win7 clients updated and reported as
    they did on the old and replaced server.
    However all our win8 clients refuse to update against this server.  They show correctly up in WSUS server console each with 107 needed updates day after day.  We have rebooted them and done numerous wuauclt /resetauthorization /detectnow and wuauclt
    /detectnow /reportnow, but to no avail.
    I paste in some lines from a win8 client winupdate log at the end of this message if someone can figure out what I have to do to get these clients update as they did against the old wsus server.  Thanks for help on this issue.
    regards Tor
    2014-02-03    08:33:38:008     920    153c    Agent    *************
    2014-02-03    08:33:38:008     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:38:008     920    153c    Agent    *********
    2014-02-03    08:33:38:008     920    153c    Agent      * Online = Yes; Ignore download priority = No
    2014-02-03    08:33:38:008     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:38:008     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:38:008     920    153c    Agent      * Search Scope = {Machine & All Users}
    2014-02-03    08:33:38:008     920    153c    Agent      * Caller SID for Applicability: S-1-5-18
    2014-02-03    08:33:38:008     920    153c    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
    2014-02-03    08:33:38:008     920    1990    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {ABC7E77F-635F-4192-9B92-CBF9B1CB8AB0} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
    2014-02-03    08:33:38:008     920    1990    AU      # 0 updates detected
    2014-02-03    08:33:38:008     920    1990    AU    #########
    2014-02-03    08:33:38:008     920    1990    AU    ##  END  ##  AU: Search for updates  [CallId = {ABC7E77F-635F-4192-9B92-CBF9B1CB8AB0} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
    2014-02-03    08:33:38:008     920    1990    AU    #############
    2014-02-03    08:33:38:023     920    153c    Misc     Microsoft signed: Yes
    2014-02-03    08:33:38:023     920    153c    Misc     Infrastructure signed: Yes
    2014-02-03    08:33:38:023     920    153c    EP    Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "http://fe1.ws.microsoft.com/w8/2/redir/storeauth.cab"
    2014-02-03    08:33:38:023     920    153c    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\117CAB2D-82B1-4B5A-A08C-4D62DBEE7782\wuredir.cab:
    2014-02-03    08:33:38:039     920    153c    Misc     Microsoft signed: Yes
    2014-02-03    08:33:38:039     920    153c    Misc     Infrastructure signed: Yes
    2014-02-03    08:33:38:039     920    153c    EP    Got 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 redir Client/Server URL: "https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx"
    2014-02-03    08:33:38:055     920    153c    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
    2014-02-03    08:33:38:055     920    153c    PT      + ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}, Server URL = https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx
    2014-02-03    08:33:38:055     920    153c    Agent    Reading cached app categories using lifetime 604800 seconds
    2014-02-03    08:33:38:055     920    153c    Agent    Read 0 cached app categories
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {E7FF661C-6A03-4387-A1EE-1D723B52EF60}.3 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {A9A0E183-0667-46D6-84E4-17CEBCEE5A22}.1 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Found 13 updates and 31 categories in search; evaluated appl. rules of 69 out of 94 deployed entities
    2014-02-03    08:33:39:211     920    153c    Agent    *********
    2014-02-03    08:33:39:211     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:211     920    153c    Agent    *************
    2014-02-03    08:33:39:211     920    1a64    Report    REPORT EVENT: {0786C161-F6DC-4842-85D6-9506124654AD}    2014-02-03 08:33:38:008+0100    1  
     147 [AGENT_DETECTION_FINISHED]    101    {00000000-0000-0000-0000-000000000000}    0    0    Windows Update Command Line    Success    Software Synchronization  
     Windows Update Client successfully detected 0 updates.
    2014-02-03    08:33:39:211     920    1a64    Report    REPORT EVENT: {1E5D9728-220F-44A3-8BCC-ADE69687531D}    2014-02-03 08:33:38:008+0100    1  
     156 [AGENT_STATUS_30]    101    {00000000-0000-0000-0000-000000000000}    0    0    Windows Update Command Line    Success    Pre-Deployment Check  
     Reporting client status.
    2014-02-03    08:33:39:211     920    1a64    Report    REPORT EVENT: {57BAB7D0-685B-4D73-BDF7-82AFCE8675B0}    2014-02-03 08:33:39:211+0100    1  
     147 [AGENT_DETECTION_FINISHED]    101    {00000000-0000-0000-0000-000000000000}    0    0    Windows Update Command Line    Success    Software Synchronization  
     Windows Update Client successfully detected 13 updates.
    2014-02-03    08:33:39:211     920    1a64    Report    CWERReporter finishing event handling. (00000000)
    2014-02-03    08:33:39:227     920    153c    Agent    *************
    2014-02-03    08:33:39:227     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:227     920    153c    Agent    *********
    2014-02-03    08:33:39:227     920    153c    Agent      * Online = No; Ignore download priority = No
    2014-02-03    08:33:39:227     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:39:227     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:39:227     920    153c    Agent      * Search Scope = {Current User}
    2014-02-03    08:33:39:227     920    153c    Agent      * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1155
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {A9A0E183-0667-46D6-84E4-17CEBCEE5A22}.1 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Found 11 updates and 29 categories in search; evaluated appl. rules of 58 out of 94 deployed entities
    2014-02-03    08:33:39:258     920    153c    Agent    *********
    2014-02-03    08:33:39:258     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:258     920    153c    Agent    *************
    2014-02-03    08:33:39:258     920    153c    Agent    *************
    2014-02-03    08:33:39:258     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:258     920    153c    Agent    *********
    2014-02-03    08:33:39:258     920    153c    Agent      * Online = No; Ignore download priority = No
    2014-02-03    08:33:39:258     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:39:258     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:39:258     920    153c    Agent      * Search Scope = {Current User}
    2014-02-03    08:33:39:258     920    153c    Agent      * Caller SID for Applicability: S-1-5-21-2212025170-3189117132-1219651784-500
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
    2014-02-03    08:33:39:305     920    153c    Agent    *********
    2014-02-03    08:33:39:305     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:305     920    153c    Agent    *************
    2014-02-03    08:33:39:305     920    153c    Agent    *************
    2014-02-03    08:33:39:305     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:305     920    153c    Agent    *********
    2014-02-03    08:33:39:305     920    153c    Agent      * Online = No; Ignore download priority = No
    2014-02-03    08:33:39:305     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:39:305     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:39:305     920    153c    Agent      * Search Scope = {Current User}
    2014-02-03    08:33:39:305     920    153c    Agent      * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1323
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
    2014-02-03    08:33:39:352     920    153c    Agent    *********
    2014-02-03    08:33:39:352     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:352     920    153c    Agent    *************
    2014-02-03    08:33:39:352     920    153c    Agent    *************
    2014-02-03    08:33:39:352     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:352     920    153c    Agent    *********
    2014-02-03    08:33:39:352     920    153c    Agent      * Online = No; Ignore download priority = No
    2014-02-03    08:33:39:352     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:39:352     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:39:352     920    153c    Agent      * Search Scope = {Current User}
    2014-02-03    08:33:39:352     920    153c    Agent      * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1282
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
    2014-02-03    08:33:39:383     920    153c    Agent    *********
    2014-02-03    08:33:39:383     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:383     920    153c    Agent    *************
    2014-02-03    08:33:39:383     920    1990    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {66AF0139-896D-4607-8660-B66D2B58EA26} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
    2014-02-03    08:33:39:383     920    1990    AU      # 12 updates detected
    2014-02-03    08:33:39:383     920    1990    AU    #########
    2014-02-03    08:33:39:383     920    1990    AU    ##  END  ##  AU: Search for updates  [CallId = {66AF0139-896D-4607-8660-B66D2B58EA26} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
    2014-02-03    08:33:39:383     920    1990    AU    #############
    2014-02-03    08:33:39:383     920    1990    AU    All AU searches complete.
    2014-02-03    08:33:39:383     920    1990    AU    AU setting next detection timeout to 2014-02-03 10:18:51
    2014-02-03    08:33:44:211     920    1a64    Report    CWERReporter finishing event handling. (00000000)
    2014-02-03    08:41:39:472     920    1a64    EP    Got WSUS Client/Server URL: "http://elias:8530/ClientWebService/client.asmx"
    2014-02-03    08:41:39:472     920    1a64    PT    WARNING: Cached cookie has expired or new PID is available
    2014-02-03    08:41:39:472     920    1a64    EP    Got WSUS SimpleTargeting URL: "http://elias:8530"
    2014-02-03    08:41:39:472     920    1a64    PT    Initializing simple targeting cookie, clientId = c5e26849-287b-4b96-ba5d-1489d6fad2f2, target group = , DNS name = dt-ikt-tor.framnes.lan
    2014-02-03    08:41:39:472     920    1a64    PT      Server URL = http://elias:8530/SimpleAuthWebService/SimpleAuth.asmx
    2014-02-03    08:41:39:519     920    1a64    EP    Got WSUS Reporting URL: "http://elias:8530/ReportingWebService/ReportingWebService.asmx"
    2014-02-03    08:41:39:519     920    1a64    Report    Uploading 2 events using cached cookie, reporting URL = http://elias:8530/ReportingWebService/ReportingWebService.asmx
    2014-02-03    08:41:39:566     920    1a64    Report    Reporter successfully uploaded 2 events.
    2014-02-03    08:42:13:212     920    178c    Report    WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
    2014-02-03    08:43:40:450     920    178c    AU    ###########  AU: Uninitializing Automatic Updates  ###########
    2014-02-03    08:43:40:450     920    178c    WuTask    Uninit WU Task Manager
    2014-02-03    08:43:40:513     920    178c    Service    *********
    2014-02-03    08:43:40:513     920    178c    Service    **  END  **  Service: Service exit [Exit code = 0x240001]
    2014-02-03    08:43:40:513     920    178c    Service    *************

    Today I opened Control Panel / Windows Updates and first did a check for new updates (from the WSUS server).  Nothing was found and it reported Windows is Updated.   Then I clicked the link Check for updates from Microsoft via internet, and
    it found around 24 updates.
    This is confirmation of the point that I made in the previous post. The updates are *NEEDED* by this system, but the updates were not *AVAILABLE* from the assigned WSUS Server. You were able to get them from Windows Update, but that does not fix your continuing
    issue with the WSUS Server.
    but it still reported the original 108 Needed updates.
    Exactly. As previously noted, the client is functioning perfectly. The problem is NOT with the client; the problem is with the WSUS Server. The updates that this client needed were not AVAILABLE to be downloaded from the WSUS server.
    Why this is the case requires further investigation on your part, but is either because the updates are not properly approved, or the update FILES are not yet downloaded from Microsoft to the WSUS server.
    It appears that the wsus server doesn't get any information back from the client despite that it displays new Last contact and Last Status report timestamps.
    This conclusion is incorrect. The WSUS Server got every bit of information available from the client -- you've confirmed this by the number of updates reported as "Needed" by the Windows Update Agent to the WSUS Server.
    I assumed that the log would display if the updates were downloaded or not.
    It will log when the updates are actually downloaded. If there's no log entries for updates being downloaded, then they're not being downloaded. If the logfile says "Found 0 updates", then that means exactly what it says: It couldn't find any approved/available
    updates to download.
    In your case it "Found 11 updates", but now it will be impossible to diagnose that fault, because you went and got them from Windows Update.
    All Win8 versions are checked in the WSUS server's Product list so the updates should at least have been downloaded to the server.
    This is why understanding the infrastructure is so critical. Your conclusion is invalid based on the premise given, and you may be using improper terminology which only confuses the rest of us as well.
    First, selecting updates for synchronization only gets the update metadata (i.e. the detection logic) downloaded to the WSUS database.
    The Second Step in this process is to Approve those updates for one or more WSUS Target Groups that contain the appropriate client systems. Following the approval of an update, the WSUS Server downloads the INSTALLATION FILE for that update.
    Once the WUAgent sees an approved update and the installation file is available, then the WUAgent will download the file and schedule the update for installation.
    Most of the post I read about my problem is about upgrading a 2008 WSUS server to support Win8 / Server 12 clients.  When I try to run this update on my Server 12 WSUS it refuses to run (probably because it is for Server 2008).
    Yeah.. totally different issue in those posts than what you're describing here.
    What should I do to try to track down the problem?
    Well.... now that it's 11 days since the logfile was posted, and you've already updated that system, we'll first need to find another system exhibiting the same issue.
    Then I'll need to ask a number of questions to properly understand the environment, as well as what you have or have not done.
    Then, from there, we can attempt to figure out why your Windows 8 client apparently sees some updates as approved/available but is still not downloading them. We do not yet have sufficient information to even speculate on a possible cause -- there are several.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Problem with multiple client numbers from a view

    Hi Gurus,
    I have a problem with a view
    Creates a view with a UNION ALL stmt
    =====================================
    Create view vw_benifits
    as
    SELECT
         Client_num, -- can have multiple values like 200,201,250
         PERNR,     
         OBJPS,     
         ENDDA,     
         BEGDA,
         AEDTM,     
         UNAME,
         COB_MNTH_AMT
    FROM
         STG_SAP_PA9211_TB
    UNION ALL
    SELECT
         null, -- no client number for legacy data
         PERNR,     
         OBJPS,     
         ENDDA,     
         BEGDA,
         AEDTM,     
         UNAME,
    COB_MNTH_AMT
    from
         LEG_STG_SAP_PA9211_TB;
    ==============================
    The second table contains legacy data (LEG_STG_SAP_PA9211_TB). The first table now contains multiple client data (ie the client_num can be 201,202,250 like that.
    Now if the users qery the view they will only get that clients data.
    eg selet * from vw_benifits where client_num=250 results only client 250 data. But I want to add the legacy data also with that.
    I don't want to propose
    selet * from vw_benifits where client_num in (250,NULL) since the users will be confused.
    Is there any other way to do this . my requirement is like
    If they query
    select * from vw_benifits where client_num=250, the data should include all the records satisfying client=250 + the records from the legacy data. The view need to be created like that.
    Appreciate your help
    Deepak

    Hi Thanks for the suggestion.
    But I am not sure this may work for me. Here my users may not be able to use that since they don't know Oracle.
    I want to hide that details from them
    They may just issue a statement like this
    select * from vw_benifits where client_num =250
    Or
    select * from vw_benifits where client_num =400 . But both times I need to show them the data from the legacy table.
    Deepak

  • Problem using multiple Client Certificates

    Hi folks, I had (mistakenly) posted an earlier version of this question to the crypto forum.
    My problem is that I have multiple client certs in my keystore, but only one is being used as the selected certificate for client authentication for all connection�s. So, one connection works fine, the rest fail because the server doesn�t like the client cert being presented.
    I have been trying to get the JSSE to select the proper client certificate by making use of the chooseClientAlias method. (init the SSL context with a custom key manager that extends X509ExtendedKeyManager and implements the inherited abstract method X509KeyManager.chooseClientAlias(String[], Principal[], Socket))
    But, still no luck.. the JSSE is not calling in to the my version of chooseClientAlias, and it just keeps presenting the same client certificate.
    No clue why, any thoughts on how to get the JSSE to call my version of chooseClientAlias?
    Thanks!
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(createCustomKeyManagers(Keystore, KeystorePassword),
                createCustomTrustManagers(Keystore, KeystorePassword),null);
    SSLSocketFactory factory = sslContext.getSocketFactory();
    URL url = new URL(urlString);
    URLConnection conn = url.openConnection();
    urlConn = (HttpsURLConnection) conn;
    urlConn.setSSLSocketFactory(factory);
    BufferedReader rd = new BufferedReader(new InputStreamReader(urlConn.getInputStream()));
    String line;
    while ((line = rd.readLine()) != null) {
         System.out.println(line);  }
    public class CustomKeyManager extends X509ExtendedKeyManager
        private X509ExtendedKeyManager defaultKeyManager;
        private Properties serverMap;
        public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
            SocketAddress socketAddress = socket.getRemoteSocketAddress();
            String hostName = ((InetSocketAddress)socketAddress).getHostName().toUpperCase();
            String alias = null;
            if(serverMap.containsKey(hostName)){
                alias = serverMap.getProperty(hostName.toUpperCase());
                if(alias != null && alias.length() ==0){
                    alias = null; }
            else {
                alias = defaultKeyManager.chooseClientAlias(keyType, issuers, socket);
            return alias;
    .

    Topic was correctly answered by ejp in the crypto forum..
    namely: javax.net.ssl.X509KeyManager.chooseClientAlias() is called if there was an incoming CertificateRequest, according to the JSSE source code. If there's an SSLEngine it calls javax.net.ssl.X509ExtendedKeyManager.chooseEngineClientAlias() instead.*
    You can create your own SSLContext with your own X509KeyManager, get its socketFactory, and set that as the socket factory for HttpsURLConnection.*
    Edited by: wick123 on Mar 5, 2008 10:26 AM

  • Open hhtps with a client certificate

    Hi:
    How do I open a https connection with a specific client certificate? I mean; If I have a X509Certificate, how do I open a connection with a ssl server by code? Client certificate can be different, It deppends of user.
    Thanks
    Edited by: MrViSiOn on Oct 30, 2008 8:44 AM

    We have been able to resolve the problem. The setup we did was correct, but there was a problem with the java keystore. The keystore should not only contain the private key and the certificate used for authentication, but also the full certificate chain up to the root CA for it to work.
    You should see a message like this in the log:
    ####<Mar 2, 2011 1:25:17 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b6c0032292e8f22:-558fda9e:12e7663d32b:-7ff3-00000000000001ea> <1299068717879> <BEA-000000> <Returning chain of 2 certificates.>
    If you get this message:
    ####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
    <1299006103215> <BEA-000000> <No suitable identity certificate chain has been found.>
    It indicates that weblogic can not find the chain in the store and that you need to check the JKS file.
    @atheek1, thanks for the replies!
    Cheers,
    Hugo

  • DHCP problem with wireless clients

    I've just set up this eqipment
    Router/Firewall ASA 5505
    Cisco WLC 2125 - Wlan controller
    Switch Catalyst 2960
    16 Ap's  AIR-LAP1131AG-E-K9
    Everything was working fine, but after a while there was a problem, spesially with cell phones with wlan and with some laptops. It seems a part of the users that has been connected, then loggout out and try to log in again. It seems that they then dont get dhcp. Can this be a problem with dhcp on the asa 5505? Or does anyone know of any settings that create problems of this type.
    Trond

    One layman's question:
    For DHCP to work, you already permit 0.0.0.0 to ask 255.255.255.255 for its IP adress (i.e port 67 in one end, and 68 in the other).
    When a client re-attaches ("logs in again") it will try to use its old adress (the one assigned by dhcp) and ask 255.255.255.255 to renew its adress.
    Does your ACLs permit the IP range assigned via DHCP to access 255.255.255.255?
    //Svein

  • Problem with VPN Client passthrough on ASA 5505

    I am having a problem with passing through a VPN client connection on an ASA 5505. The ASA is running version 8 and terminates an anyconnect VPN. The ASA is using PAT. When the inside user connects with the VPN client, it connects but no traffic passes through the tunnel. I see the error
    305006 regular translation creation failed for protocol 50 src INSIDE:y.y.y.y dst OUTSIDE:x.x.x.x
    UDP 500,4500 and ESP are allowed into the ASA. Ipsec inspection has also been setup on a global policy, but the user still cannot pass traffice to the remote VPN he is connected through.
    At the Main Office we have an ASA 5510 that terminates a site to site VPN, allows remote connections with PAT and allows passthrough no problems. Any ideas?

    I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.
    3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97
    regular translation creation failed for protocol 50 src inside:192.168.1.9 dst outside:xxx.xx.114.97
    HELP?

  • Problem with Macintosh client on 10.5.6

    I am having a problem with applying color lables and I was wondering if anybody else was. My server was upgraded to 10.5.6 and ever since then, when on a Macintosh client, applying a color label will not work as expected. I can label a file a color and it shows, but when I click off the file, it changes back to the previous color {or no label if it previously didn't have a label}. If I click on the file again, then the label seems to stick, but even this isn't consistent. It seems that the label does look correct when I look on the server itself. We use the labels quite a lot in my workgroup as a simple way to organize works in progress. Can anybody replicate this on their system? Also, this happens on both clients running 10.5.5 and 10.5.6 (and even 10.5.3 I think)
    thanks,
    sean ross

    Yes, this appears to be a bug introduced with whatever modifications Apple made to AFP in 10.5.6. See this thread for more info, but no solution yet: http://discussions.apple.com/thread.jspa?messageID=8776293
    Message was edited by: JJakucyk

Maybe you are looking for

  • Unable to use Hp Recovery Disk (Shipped Direct from HP) Copy File Error for Windows 8

    I have a Windows 8 HP Envy Dv6-7210US Laptop, I had to order recovery disk from HP to reinstall on the same size hard drive (Hard drive was wiped clean) but in doing so the disc work till got to Disc 2 and then it popped up an Error message (See link

  • Function module to calculate date in future

    Hi, I am looking for a function module in SAP CRM 2007 that calculates and returns date 'n' days in future of the entered date. This is like the DATE_IN_FUTURE function modules present in SAP. Please let me know if any one has come across such FM. Re

  • Order by error in union

    When I want to sort an union query by using substr I get the error ora-01785. I have tried to solve the problem but still I can't solve it. pls help... select count(*), dealer.locid ,locname from dealer,loc where dealer.locid=loc.locid group by deale

  • Selection screen problem in module pool

    Hi friends, I am working on module pool programming, I need to put select screen on the screen of the module pool porgramming. I used Input/Output field to do that and activated. But I am getting message invalid field format (screen error) can any on

  • How do I reduce the size of a photo after I copy (merge) it another?

    Sorry for such a basic question, but when I was using Elements 5.0 I could open two photos, drag one photo into the other, then resize the photo by selecting it and using the handles.  I can't find a way to do this in Photoshop CS3.  Is this possible