Problem with Require Client Certificate on on IPlanet 6.0 server
I installed client certificate. When I connect to the server using browser, I get following error........
You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied.
How can I run the server in Verbose mode and see exactly why this error.
Default error file does not have any information about this rejection.
Thanks
Krishna
The message is cut and paste of what client (IE) shows on the browser.
But the Server does not show any thing in it;'s log. I don't see any activity. I have Log Verbose On.
If I change the client certificate on to off it works fine.
The problem is only when the client certificate is on.
The client certificate is created using Iplanet Certificate Server as well the server certificate also generated using Iplanet Certificate Server.
In this case I am not trying to authenticate user in the client certificate just the client certificate is valid or not.
Thanks for the reply.
Regards
Krishna
Similar Messages
-
Problem with Variable Client Support
Hello,
I work with Labview 8.5 and Crio 9014.
I have a problem with Variable Client Support. When I try to compile my project I have the following error:
"The Network Variable Engine and Variable Client Support must be installed on the RT target for this application to function properly..."
I have read that we have to install the Variable Client Support in Measurement and Automation by right-clicking on the software and then choosing add/remove software but I can't install the appropriate shared variable components because I can't see neither Network Variable Engine and Variable Client Support. So what can I do?
Can somebody help me?
ThanksI have exactly the same problem. I wanted go through the "Getting Started with the LabVIEW RT module" and when I use wizard for generating new project I get same notification in my VI...
The Network Variable Engine and Variable Client Support must be installed on the RT target
for this application to function properly. If the Network Variable Engine is not supported on
the target (e.g. FP-2000 with <32MB of RAM), open the project and move the variable library
to My Computer in the project. Doing this will deploy the variables to localhost but
will still require that Variable Client Support be installed on the RT target.
Could someone help please ?
Attachments:
ni.png 95 KB -
Hello,
I experiance problems with QuickVPN client (version 1.4.1.2). I'm trying to connect to router SA520 with 1.1.65 firmware,
vpn tunell is established, but client says "The remote gateway is not responding. Do you want to wait?"
in case i click no, it drops vpn tunell
QuickVPN client log looks like this:
2010/08/18 12:13:27 [STATUS]OS Version: Windows 7
2010/08/18 12:13:27 [STATUS]Windows Firewall Domain Profile Settings: ON
2010/08/18 12:13:27 [STATUS]Windows Firewall Private Profile Settings: ON
2010/08/18 12:13:27 [STATUS]Windows Firewall Private Profile Settings: ON
2010/08/18 12:13:27 [STATUS]One network interface detected with IP address 192.168.1.100
2010/08/18 12:13:27 [STATUS]Connecting...
2010/08/18 12:13:27 [DEBUG]Input VPN Server Address = vpn.in-volv.lv
2010/08/18 12:13:28 [STATUS]Connecting to remote gateway with IP address: 78.28.223.10
2010/08/18 12:13:28 [WARNING]Server's certificate doesn't exist on your local computer.
2010/08/18 12:13:30 [STATUS]Remote gateway was reached by https ...
2010/08/18 12:13:30 [STATUS]Provisioning...
2010/08/18 12:13:39 [STATUS]Success to connect.
2010/08/18 12:13:39 [STATUS]Tunnel is configured. Ping test is about to start.
2010/08/18 12:13:39 [STATUS]Verifying Network...
2010/08/18 12:13:44 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:47 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:50 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:53 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:56 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:14:08 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2010/08/18 12:14:12 [STATUS]Disconnecting...
2010/08/18 12:14:15 [STATUS]Success to disconnect.
Server logs look like this:
2010-08-18 12:28:49: INFO: Adding IPSec configuration with identifier "arvils"
2010-08-18 12:29:02: INFO: Configuration found for 83.243.93.200[500].
2010-08-18 12:29:02: INFO: Received request for new phase 1 negotiation: 78.28.223.10[500]<=>83.243.93.200[500]
2010-08-18 12:29:02: INFO: Beginning Identity Protection mode.
2010-08-18 12:29:02: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 12:29:02: INFO: Received Vendor ID: RFC 3947
2010-08-18 12:29:02: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 12:29:02: INFO: Received unknown Vendor ID
2010-08-18 12:29:02: INFO: Received unknown Vendor ID
2010-08-18 12:29:02: INFO: Received unknown Vendor ID
2010-08-18 12:29:02: INFO: Received unknown Vendor ID
2010-08-18 12:29:02: INFO: For 83.243.93.200[500], Selected NAT-T version: RFC 3947
2010-08-18 12:29:02: INFO: NAT-D payload matches for 78.28.223.10[500]
2010-08-18 12:29:02: INFO: NAT-D payload does not match for 83.243.93.200[500]
2010-08-18 12:29:02: INFO: NAT detected: PEER
2010-08-18 12:29:02: INFO: Floating ports for NAT-T with peer 83.243.93.200[4500]
2010-08-18 12:29:02: INFO: ISAKMP-SA established for 78.28.223.10[4500]-83.243.93.200[4500] with spi:e2cd855a75fc0887:6dc3b2e025152444
2010-08-18 12:29:02: INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2010-08-18 12:29:02: INFO: Responding to new phase 2 negotiation: 78.28.223.10[0]<=>83.243.93.200[0]
2010-08-18 12:29:02: INFO: Using IPsec SA configuration: 192.168.75.0/24<->192.168.1.100/32
2010-08-18 12:29:02: INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
2010-08-18 12:29:02: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=47693803(0x2d7bfeb)
2010-08-18 12:29:02: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 78.28.223.10->83.243.93.200 with spi=1079189482(0x40531fea)
2010-08-18 12:35:57: INFO: an undead schedule has been deleted: 'pk_recvupdate'.
2010-08-18 12:35:57: INFO: Purged IPsec-SA with proto_id=ESP and spi=1079189482(0x40531fea).
2010-08-18 12:40:46: INFO: Configuration found for 83.243.93.200[500].
2010-08-18 12:40:46: INFO: Received request for new phase 1 negotiation: 78.28.223.10[500]<=>83.243.93.200[500]
2010-08-18 12:40:46: INFO: Beginning Identity Protection mode.
2010-08-18 12:40:46: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 12:40:46: INFO: Received Vendor ID: RFC 3947
2010-08-18 12:40:46: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 12:40:46: INFO: Received unknown Vendor ID
2010-08-18 12:40:46: INFO: Received unknown Vendor ID
2010-08-18 12:40:46: INFO: Received unknown Vendor ID
2010-08-18 12:40:46: INFO: For 83.243.93.200[500], Selected NAT-T version: RFC 3947
2010-08-18 12:40:46: INFO: NAT-D payload matches for 78.28.223.10[500]
2010-08-18 12:40:46: INFO: NAT-D payload does not match for 83.243.93.200[500]
2010-08-18 12:40:46: INFO: NAT detected: PEER
2010-08-18 12:40:46: INFO: Floating ports for NAT-T with peer 83.243.93.200[4500]
2010-08-18 12:40:46: INFO: ISAKMP-SA established for 78.28.223.10[4500]-83.243.93.200[4500] with spi:28447d39874689f9:a2b7da19d8d86413
2010-08-18 12:40:46: INFO: Responding to new phase 2 negotiation: 78.28.223.10[0]<=>83.243.93.200[0]
2010-08-18 12:40:46: INFO: Using IPsec SA configuration: 192.168.75.0/24<->192.168.1.100/32
2010-08-18 12:40:46: INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
2010-08-18 12:40:47: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=259246202(0xf73c87a)
2010-08-18 12:40:47: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 78.28.223.10->83.243.93.200 with spi=3642234214(0xd9181566)
2010-08-18 12:43:27: INFO: IPsec-SA expired: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=33356156(0x1fcf97c)
2010-08-18 12:45:47: INFO: an undead schedule has been deleted: 'pk_recvupdate'.
2010-08-18 12:45:47: INFO: Purged IPsec-SA with proto_id=ESP and spi=3642234214(0xd9181566).
The most interesting thing is that sometimes this message appears, sometimes not (with the same configuration).
Please help!Hi,
I have some problem. I am using Windows 7 Entreprice x64. I use SA520 Firmware 1.1.65 and QuickVPN 1.4.1.2 port 60443.
"The remote gateway is not responding. Do you want to wait"
2010-08-18 17:25:51: INFO: Adding IPSec configuration with identifier "username"
2010-08-18 17:25:51: INFO: Adding IKE configuration with identifer "username"
2010-08-18 17:26:04: INFO: Configuration found for xxx.xxx.xxx.xxx[235].
2010-08-18 17:26:04: INFO: Received request for new phase 1 negotiation: 172.22.5.10[500]<=>xxx.xxx.xxx.xxx[235]
2010-08-18 17:26:04: INFO: Beginning Identity Protection mode.
2010-08-18 17:26:04: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 17:26:04: INFO: Received Vendor ID: RFC 3947
2010-08-18 17:26:04: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 17:26:04: INFO: Received unknown Vendor ID
2010-08-18 17:26:04: INFO: Received unknown Vendor ID
2010-08-18 17:26:04: INFO: Received unknown Vendor ID
2010-08-18 17:26:04: INFO: Received unknown Vendor ID
2010-08-18 17:26:04: INFO: For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947
2010-08-18 17:26:04: INFO: NAT-D payload does not match for 172.22.5.10[500]
2010-08-18 17:26:04: INFO: NAT-D payload does not match for xxx.xxx.xxx.xxx[235]
2010-08-18 17:26:04: INFO: NAT detected: ME PEER
2010-08-18 17:26:04: INFO: Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]
2010-08-18 17:26:04: INFO: ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:ed4f291c71c1b688:7e6a8a0968f878fb
2010-08-18 17:26:04: INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2010-08-18 17:26:04: INFO: Responding to new phase 2 negotiation: 172.22.5.10[0]<=> xxx.xxx.xxx.xxx[0]
2010-08-18 17:26:04: INFO: Using IPsec SA configuration: 192.168.75.0/24<->192.168.170.224/32
2010-08-18 17:26:04: INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
2010-08-18 17:26:05: INFO: IPsec-SA established[UDP encap 48540->4500]: ESP/Tunnel xxx.xxx.xxx.xxx->172.22.5.10 with spi=239099274(0xe405d8a)
2010-08-18 17:26:05: INFO: IPsec-SA established[UDP encap 4500->48540]: ESP/Tunnel 172.22.5.10-> xxx.xxx.xxx.xxx with spi=3886848189(0xe7ac98bd)
2010-08-18 17:26:07: INFO: Configuration found for xxx.xxx.xxx.xxx[235].
2010-08-18 17:26:07: INFO: Received request for new phase 1 negotiation: 172.22.5.10[500]<=> xxx.xxx.xxx.xxx[235]
2010-08-18 17:26:07: INFO: Beginning Identity Protection mode.
2010-08-18 17:26:07: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 17:26:07: INFO: Received Vendor ID: RFC 3947
2010-08-18 17:26:07: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 17:26:07: INFO: Received unknown Vendor ID
2010-08-18 17:26:07: INFO: Received unknown Vendor ID
2010-08-18 17:26:07: INFO: Received unknown Vendor ID
2010-08-18 17:26:07: INFO: For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947
2010-08-18 17:26:07: INFO: NAT-D payload does not match for 172.22.5.10[500]
2010-08-18 17:26:07: INFO: NAT-D payload does not match for xxx.xxx.xxx.xxx[235]
2010-08-18 17:26:07: INFO: NAT detected: ME PEER
2010-08-18 17:26:07: INFO: Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]
2010-08-18 17:26:07: INFO: ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:699f34b434d4318c:df4adca414787d36
2010-08-18 17:27:14: INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=699f34b434d4318c:df4adca414787d36.
2010-08-18 17:27:14: INFO: Configuration found for xxx.xxx.xxx.xxx[235].
2010-08-18 17:27:14: INFO: Received request for new phase 1 negotiation: 172.22.5.10[500]<=> xxx.xxx.xxx.xxx[235]
2010-08-18 17:27:14: INFO: Beginning Identity Protection mode.
2010-08-18 17:27:14: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 17:27:14: INFO: Received Vendor ID: RFC 3947
2010-08-18 17:27:14: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 17:27:14: INFO: Received unknown Vendor ID
2010-08-18 17:27:14: INFO: Received unknown Vendor ID
2010-08-18 17:27:14: INFO: Received unknown Vendor ID
2010-08-18 17:27:14: INFO: For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947
2010-08-18 17:27:14: INFO: NAT-D payload does not match for 172.22.5.10[500]
2010-08-18 17:27:14: INFO: NAT-D payload does not match for xxx.xxx.xxx.xxx[235]
2010-08-18 17:27:14: INFO: NAT detected: ME PEER
2010-08-18 17:27:15: INFO: ISAKMP-SA deleted for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:699f34b434d4318c:df4adca414787d36
2010-08-18 17:27:15: INFO: Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]
2010-08-18 17:27:15: INFO: ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:3fe5eb0bddbf2b9a:f5c11d7f813ca74a
2010-08-18 17:27:15: INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2010-08-18 17:28:20: INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=3fe5eb0bddbf2b9a:f5c11d7f813ca74a.
2010-08-18 17:28:21: INFO: ISAKMP-SA deleted for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:3fe5eb0bddbf2b9a:f5c11d7f813ca74a
With windows XP Pro i dont have this problem.
Is there a detailed configuration guide?
10x -
Require Client Certificate to Access ASDM on the Following Interfaces
Hello
I have an ASA 5585 with an outside interface with two subnets. The mgmt interface is the secondary interface. I have a certificate linked to the outside interface's primary ip address. When I ASDM to the ASA I get a dialog box telling me the cert is self signed. Do I need to get a second cert or can I do something else on the ASA that will allow the existing cert on the ASA to work with ASDM on the ASA?
I.e. Configuration/Management Access/ASDM/HTTPS/Telent/SSH/Require Client Certificate to Access ASDM on the Following Interfaces
Thanks!
MattYou can bind the identity certificate to multiple interfaces. Whether it is self-signed or from a third party trusted root CA it will work either way.
You may get some warnings from ASA if the FQDN or IP address you are connecting to does not match the certificate but clicking through that will allow you to manage the appliance.
Client certificates are a totally separate issue. That's typically only used when you have a PKI and are using the certificates issued to a client as a form of authentication and/or authorization. -
Hi All,
After several hours and a short night of sleep I'm out of ideas and hopefully someone here can help me trying to solve this one. First of all the situation:
Exchange 2013 on a remote location with a CA-certificate.
Outlook 2010 and 2013 on different locations, locally installed and on RDS.
When I open Outlook on my laptop all is fine, no errors, good sync, no problem. But when I open Outlook on our Remote Desktop Servers with Outlook 2013 I'm getting errors like "There is a problem with the security certificate of the proxy server. The
name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (Error code 18)". Opening Outlook 2010 the message is the same, but the error code now is 38.
After this Outlook opens and is working, there's one more error though. After a while an security warning pops up with the message: "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the
site's security certificate. * The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. * The security certificate is valid. * The name on the security
certificate is invalid or does not match the name of the site."
Strangest thing is, it is the certificate of my RDS! It isn't my valid en officially bought certificate from my mailserver. What's going on? I'm out of options, what I've tried so far (in random order):
- restarting mailserver and AD;
- restarting switches;
- restarting routers;
- restarting RDS, AD and all other servers;
- bypassed proxyserver for RDS;
- created a new profile;
- checked recently installed updates;
- checked certificate on mailserver;
- checked RDS on a different location, working fine.
Nothing helped, what can I do next? Please advice.
Regards.Found a thread that solves half my problem (https://social.technet.microsoft.com/Forums/office/en-US/70d18244-889a-4d95-ac3f-e234672a82b2/there-is-a-problem-with-the-proxy-servers-security-certificate-error-when-starting-outlook?forum=exchangesvrclients).
The first message can be suppressed by adding this to the Exchange config:
set-outlookprovider -Identity EXCH -CertprincipalName msstd:webmail.domain.tld
set-outlookprovider -Identity EXPR -CertprincipalName msstd:webmail.domain.tld
Giving the command get-outlookprovider, gives me empty information regarding the certprinipalname. Filled
this and after recreating the profile or deleting the ost-file I still have the second alert with the local certificate of my RDS.
Not completely where I want to be, any help regarding the second alert is greatly appreciated! -
Hi,
I have this Windows 2008 R2 on which I installed remoteapp some years ago.
Now the certificate expired and I get the message
"There is a problem with this connection's security certificate
The remote computer cannot be authenticated due to problems with its security certificate.
Security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer."
How should I renew the certificate? I already went to certification store and tried to renew certificate with same key but then it says "the request contains nor certificate template information".
Please advise.
J.
J.
Jan HoedtDoes the computer account have Enroll permission to the certificate template?
From the Server running your CA, run mmc, click File then Add/Remove Snap-in...
Add Certificate Templates and click OK.
Find the certificate template, then right click and select properties. On my CA its call ed RemoteDesktopComputers but might be called something different depending on what what template your certificate is based on.
On the security tab, click Oblect types, check Computers then OK. Enter the Computername and click OK. Then give your computer account Enroll permisssion.
HTH,
JB -
I encountered a problem with some client machines that use Firefox version 24ESR and IE8.
Ajax requests of aspx pages from Firefox are getting the following error from the iis server (iis version 7.5):
Bad Request - Request Too Long
HTTP Error 400. The size of the request headers is too long.
From analyzing the request that was sent to the server, I saw that the request consist of only the viewstate of the aspx page.
I tried to disable the viewstate for one page and the server got the request correctly.
I do not encounter any issues on these laptops with postback requests from Firefox or when running the same application with IE8.Sometimes that means that the page address sent is loo long.
Check the link address you are using.
I can't help you further and will send for more help. -
Non-Deterministic Exception When Connecting With Wrong Client Certificate
I am working on an internal application and need to determine the correct client-side SSL certificate to use when connecting to a server (the user can supply multiple client-side certificates). I had expected that if I connected to a server using the wrong client certificate the java client would throw a SSLHandshakeException and I could then try the next certificate. This seems to work some of the time, however the java client will sometimes throw a SocketException: Software caused connection abort: recv failed, in which case it is not possible to know that the wrong certificate caused the problem.
Below is the code I have been using to test as well as the intermittent SocketException stack trace. Does anyone have an idea as to how to fix this problem? Thanks in advance.
Note: the TrustAllX509TrustManager is a trust manager that trusts all servers.
protected void connectSsl() throws Exception {
final String host = "x.x.x.x";
final int portNumber = 443;
final int socketTimeout = 10*1000;
// Note: Wrong certificate (expect SSLHandshakeException).
final String certFilename = "C:\\xxx\\clientSSL.P12";
final String certPassword = "certPassword";
final BufferedInputStream bis = new BufferedInputStream(new FileInputStream(new File(certFilename)));
final char[] certificatePasswordArray = certPassword.toCharArray();
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
final KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(bis, certificatePasswordArray);
keyManagerFactory.init(keyStore, certificatePasswordArray);
final KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
final SSLContext context = SSLContext.getInstance("SSL");
context.init(keyManagers, new TrustManager[]{new TrustAllX509TrustManager()}, new SecureRandom());
final SocketFactory secureFactory = context.getSocketFactory();
final Socket socket = secureFactory.createSocket();
final InetAddress ip = InetAddress.getByName(host);
socket.connect(new InetSocketAddress(ip, portNumber), socketTimeout);
socket.setSoTimeout(socketTimeout);
// Write the request.
final OutputStream out = new BufferedOutputStream(socket.getOutputStream());
out.write("GET / HTTP/1.1\r\n".getBytes());
out.write("\r\n".getBytes());
out.flush();
InputStream inputStream = socket.getInputStream();
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
byte[] byteArray = new byte[1024];
int bytesRead = 0;
while ((bytesRead = inputStream.read(byteArray)) != -1) {
outputStream.write(byteArray, 0, bytesRead);
socket.close();
System.out.println("Response:\r\n" + outputStream.toString("UTF-8"));
}Unexpected SocketException:
main: java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1435)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:612)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:808)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:734)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:197)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)Thanks for the quick response. Here are answers to the questions:
1) No, this issue is not associated with one particular certificate. I have tried several certificates and see the same issue.
2) I agree it would be simpler to only send the required certificate, but unfortunately the project requires that the user be able to specify multiple certificates and, if a client-side certificate is required, the application try each one in turn until the correct certificate is found.
3) Yes, I realize the TrustAllX509TrustManager is insecure, but I am using this for testing purposes while trying to diagnose the client certificate problem.
In terms of testing, I am just wrapping the above code in a try/catch block and executing it in a loop. It is quite odd that the same exact code will sometimes generate a SSLHandshakeException and other times a SocketException.
One additional piece of information: if I force the client code to use "SSLv3" using the Socket.setEnabledProtocols(...) method, the problem goes away (I consistently get a SSLHandshakeException). However, I don't think this solves my problem as forcing the application to use SSLv3 would mean it could not handle TLS connections.
The code to specify the SSLv3 protocol is:
SSLSocket sslSocket = (SSLSocket) socket;
sslSocket.setEnabledProtocols(new String[] {"SSLv3"});
One other strange issue: if instead of specifying the SSLv3 protocol using setEnabledProtocols(...) I instead specify the protocol when creating the SSLContext, the SocketException problem comes back. So if I replace:
final SSLContext context = SSLContext.getInstance("SSL");
with:
final SSLContext context = SSLContext.getInstance("SSLv3");
and remove the "sslSocket.setEnabledProtocols(new String[] {"SSLv3"})" line, I see the intermittent SocketException problem.
All very weird. Any thoughts? -
New WSUS on Server 2012 - problem with win8 clients
Hi,
Two weeks ago we created a new Server 2012 and installed the WSUS role from scratch on it. Its version number is: 6.2.9200.16384. It replaced a Server 2008 WSUS server. After some time all the win7 clients updated and reported as
they did on the old and replaced server.
However all our win8 clients refuse to update against this server. They show correctly up in WSUS server console each with 107 needed updates day after day. We have rebooted them and done numerous wuauclt /resetauthorization /detectnow and wuauclt
/detectnow /reportnow, but to no avail.
I paste in some lines from a win8 client winupdate log at the end of this message if someone can figure out what I have to do to get these clients update as they did against the old wsus server. Thanks for help on this issue.
regards Tor
2014-02-03 08:33:38:008 920 153c Agent *************
2014-02-03 08:33:38:008 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:38:008 920 153c Agent *********
2014-02-03 08:33:38:008 920 153c Agent * Online = Yes; Ignore download priority = No
2014-02-03 08:33:38:008 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:38:008 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:38:008 920 153c Agent * Search Scope = {Machine & All Users}
2014-02-03 08:33:38:008 920 153c Agent * Caller SID for Applicability: S-1-5-18
2014-02-03 08:33:38:008 920 153c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2014-02-03 08:33:38:008 920 1990 AU >>## RESUMED ## AU: Search for updates [CallId = {ABC7E77F-635F-4192-9B92-CBF9B1CB8AB0} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-02-03 08:33:38:008 920 1990 AU # 0 updates detected
2014-02-03 08:33:38:008 920 1990 AU #########
2014-02-03 08:33:38:008 920 1990 AU ## END ## AU: Search for updates [CallId = {ABC7E77F-635F-4192-9B92-CBF9B1CB8AB0} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-02-03 08:33:38:008 920 1990 AU #############
2014-02-03 08:33:38:023 920 153c Misc Microsoft signed: Yes
2014-02-03 08:33:38:023 920 153c Misc Infrastructure signed: Yes
2014-02-03 08:33:38:023 920 153c EP Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "http://fe1.ws.microsoft.com/w8/2/redir/storeauth.cab"
2014-02-03 08:33:38:023 920 153c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\117CAB2D-82B1-4B5A-A08C-4D62DBEE7782\wuredir.cab:
2014-02-03 08:33:38:039 920 153c Misc Microsoft signed: Yes
2014-02-03 08:33:38:039 920 153c Misc Infrastructure signed: Yes
2014-02-03 08:33:38:039 920 153c EP Got 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 redir Client/Server URL: "https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx"
2014-02-03 08:33:38:055 920 153c PT +++++++++++ PT: Synchronizing server updates +++++++++++
2014-02-03 08:33:38:055 920 153c PT + ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}, Server URL = https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx
2014-02-03 08:33:38:055 920 153c Agent Reading cached app categories using lifetime 604800 seconds
2014-02-03 08:33:38:055 920 153c Agent Read 0 cached app categories
2014-02-03 08:33:39:211 920 153c Agent * Added update {E7FF661C-6A03-4387-A1EE-1D723B52EF60}.3 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {A9A0E183-0667-46D6-84E4-17CEBCEE5A22}.1 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:211 920 153c Agent * Found 13 updates and 31 categories in search; evaluated appl. rules of 69 out of 94 deployed entities
2014-02-03 08:33:39:211 920 153c Agent *********
2014-02-03 08:33:39:211 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:211 920 153c Agent *************
2014-02-03 08:33:39:211 920 1a64 Report REPORT EVENT: {0786C161-F6DC-4842-85D6-9506124654AD} 2014-02-03 08:33:38:008+0100 1
147 [AGENT_DETECTION_FINISHED] 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows Update Command Line Success Software Synchronization
Windows Update Client successfully detected 0 updates.
2014-02-03 08:33:39:211 920 1a64 Report REPORT EVENT: {1E5D9728-220F-44A3-8BCC-ADE69687531D} 2014-02-03 08:33:38:008+0100 1
156 [AGENT_STATUS_30] 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows Update Command Line Success Pre-Deployment Check
Reporting client status.
2014-02-03 08:33:39:211 920 1a64 Report REPORT EVENT: {57BAB7D0-685B-4D73-BDF7-82AFCE8675B0} 2014-02-03 08:33:39:211+0100 1
147 [AGENT_DETECTION_FINISHED] 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows Update Command Line Success Software Synchronization
Windows Update Client successfully detected 13 updates.
2014-02-03 08:33:39:211 920 1a64 Report CWERReporter finishing event handling. (00000000)
2014-02-03 08:33:39:227 920 153c Agent *************
2014-02-03 08:33:39:227 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:227 920 153c Agent *********
2014-02-03 08:33:39:227 920 153c Agent * Online = No; Ignore download priority = No
2014-02-03 08:33:39:227 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:39:227 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:39:227 920 153c Agent * Search Scope = {Current User}
2014-02-03 08:33:39:227 920 153c Agent * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1155
2014-02-03 08:33:39:258 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {A9A0E183-0667-46D6-84E4-17CEBCEE5A22}.1 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:258 920 153c Agent * Found 11 updates and 29 categories in search; evaluated appl. rules of 58 out of 94 deployed entities
2014-02-03 08:33:39:258 920 153c Agent *********
2014-02-03 08:33:39:258 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:258 920 153c Agent *************
2014-02-03 08:33:39:258 920 153c Agent *************
2014-02-03 08:33:39:258 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:258 920 153c Agent *********
2014-02-03 08:33:39:258 920 153c Agent * Online = No; Ignore download priority = No
2014-02-03 08:33:39:258 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:39:258 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:39:258 920 153c Agent * Search Scope = {Current User}
2014-02-03 08:33:39:258 920 153c Agent * Caller SID for Applicability: S-1-5-21-2212025170-3189117132-1219651784-500
2014-02-03 08:33:39:305 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:305 920 153c Agent * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
2014-02-03 08:33:39:305 920 153c Agent *********
2014-02-03 08:33:39:305 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:305 920 153c Agent *************
2014-02-03 08:33:39:305 920 153c Agent *************
2014-02-03 08:33:39:305 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:305 920 153c Agent *********
2014-02-03 08:33:39:305 920 153c Agent * Online = No; Ignore download priority = No
2014-02-03 08:33:39:305 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:39:305 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:39:305 920 153c Agent * Search Scope = {Current User}
2014-02-03 08:33:39:305 920 153c Agent * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1323
2014-02-03 08:33:39:352 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:352 920 153c Agent * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
2014-02-03 08:33:39:352 920 153c Agent *********
2014-02-03 08:33:39:352 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:352 920 153c Agent *************
2014-02-03 08:33:39:352 920 153c Agent *************
2014-02-03 08:33:39:352 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:352 920 153c Agent *********
2014-02-03 08:33:39:352 920 153c Agent * Online = No; Ignore download priority = No
2014-02-03 08:33:39:352 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:39:352 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:39:352 920 153c Agent * Search Scope = {Current User}
2014-02-03 08:33:39:352 920 153c Agent * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1282
2014-02-03 08:33:39:383 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:383 920 153c Agent * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
2014-02-03 08:33:39:383 920 153c Agent *********
2014-02-03 08:33:39:383 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:383 920 153c Agent *************
2014-02-03 08:33:39:383 920 1990 AU >>## RESUMED ## AU: Search for updates [CallId = {66AF0139-896D-4607-8660-B66D2B58EA26} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-02-03 08:33:39:383 920 1990 AU # 12 updates detected
2014-02-03 08:33:39:383 920 1990 AU #########
2014-02-03 08:33:39:383 920 1990 AU ## END ## AU: Search for updates [CallId = {66AF0139-896D-4607-8660-B66D2B58EA26} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-02-03 08:33:39:383 920 1990 AU #############
2014-02-03 08:33:39:383 920 1990 AU All AU searches complete.
2014-02-03 08:33:39:383 920 1990 AU AU setting next detection timeout to 2014-02-03 10:18:51
2014-02-03 08:33:44:211 920 1a64 Report CWERReporter finishing event handling. (00000000)
2014-02-03 08:41:39:472 920 1a64 EP Got WSUS Client/Server URL: "http://elias:8530/ClientWebService/client.asmx"
2014-02-03 08:41:39:472 920 1a64 PT WARNING: Cached cookie has expired or new PID is available
2014-02-03 08:41:39:472 920 1a64 EP Got WSUS SimpleTargeting URL: "http://elias:8530"
2014-02-03 08:41:39:472 920 1a64 PT Initializing simple targeting cookie, clientId = c5e26849-287b-4b96-ba5d-1489d6fad2f2, target group = , DNS name = dt-ikt-tor.framnes.lan
2014-02-03 08:41:39:472 920 1a64 PT Server URL = http://elias:8530/SimpleAuthWebService/SimpleAuth.asmx
2014-02-03 08:41:39:519 920 1a64 EP Got WSUS Reporting URL: "http://elias:8530/ReportingWebService/ReportingWebService.asmx"
2014-02-03 08:41:39:519 920 1a64 Report Uploading 2 events using cached cookie, reporting URL = http://elias:8530/ReportingWebService/ReportingWebService.asmx
2014-02-03 08:41:39:566 920 1a64 Report Reporter successfully uploaded 2 events.
2014-02-03 08:42:13:212 920 178c Report WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
2014-02-03 08:43:40:450 920 178c AU ########### AU: Uninitializing Automatic Updates ###########
2014-02-03 08:43:40:450 920 178c WuTask Uninit WU Task Manager
2014-02-03 08:43:40:513 920 178c Service *********
2014-02-03 08:43:40:513 920 178c Service ** END ** Service: Service exit [Exit code = 0x240001]
2014-02-03 08:43:40:513 920 178c Service *************Today I opened Control Panel / Windows Updates and first did a check for new updates (from the WSUS server). Nothing was found and it reported Windows is Updated. Then I clicked the link Check for updates from Microsoft via internet, and
it found around 24 updates.
This is confirmation of the point that I made in the previous post. The updates are *NEEDED* by this system, but the updates were not *AVAILABLE* from the assigned WSUS Server. You were able to get them from Windows Update, but that does not fix your continuing
issue with the WSUS Server.
but it still reported the original 108 Needed updates.
Exactly. As previously noted, the client is functioning perfectly. The problem is NOT with the client; the problem is with the WSUS Server. The updates that this client needed were not AVAILABLE to be downloaded from the WSUS server.
Why this is the case requires further investigation on your part, but is either because the updates are not properly approved, or the update FILES are not yet downloaded from Microsoft to the WSUS server.
It appears that the wsus server doesn't get any information back from the client despite that it displays new Last contact and Last Status report timestamps.
This conclusion is incorrect. The WSUS Server got every bit of information available from the client -- you've confirmed this by the number of updates reported as "Needed" by the Windows Update Agent to the WSUS Server.
I assumed that the log would display if the updates were downloaded or not.
It will log when the updates are actually downloaded. If there's no log entries for updates being downloaded, then they're not being downloaded. If the logfile says "Found 0 updates", then that means exactly what it says: It couldn't find any approved/available
updates to download.
In your case it "Found 11 updates", but now it will be impossible to diagnose that fault, because you went and got them from Windows Update.
All Win8 versions are checked in the WSUS server's Product list so the updates should at least have been downloaded to the server.
This is why understanding the infrastructure is so critical. Your conclusion is invalid based on the premise given, and you may be using improper terminology which only confuses the rest of us as well.
First, selecting updates for synchronization only gets the update metadata (i.e. the detection logic) downloaded to the WSUS database.
The Second Step in this process is to Approve those updates for one or more WSUS Target Groups that contain the appropriate client systems. Following the approval of an update, the WSUS Server downloads the INSTALLATION FILE for that update.
Once the WUAgent sees an approved update and the installation file is available, then the WUAgent will download the file and schedule the update for installation.
Most of the post I read about my problem is about upgrading a 2008 WSUS server to support Win8 / Server 12 clients. When I try to run this update on my Server 12 WSUS it refuses to run (probably because it is for Server 2008).
Yeah.. totally different issue in those posts than what you're describing here.
What should I do to try to track down the problem?
Well.... now that it's 11 days since the logfile was posted, and you've already updated that system, we'll first need to find another system exhibiting the same issue.
Then I'll need to ask a number of questions to properly understand the environment, as well as what you have or have not done.
Then, from there, we can attempt to figure out why your Windows 8 client apparently sees some updates as approved/available but is still not downloading them. We do not yet have sufficient information to even speculate on a possible cause -- there are several.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds. -
Problem with multiple client numbers from a view
Hi Gurus,
I have a problem with a view
Creates a view with a UNION ALL stmt
=====================================
Create view vw_benifits
as
SELECT
Client_num, -- can have multiple values like 200,201,250
PERNR,
OBJPS,
ENDDA,
BEGDA,
AEDTM,
UNAME,
COB_MNTH_AMT
FROM
STG_SAP_PA9211_TB
UNION ALL
SELECT
null, -- no client number for legacy data
PERNR,
OBJPS,
ENDDA,
BEGDA,
AEDTM,
UNAME,
COB_MNTH_AMT
from
LEG_STG_SAP_PA9211_TB;
==============================
The second table contains legacy data (LEG_STG_SAP_PA9211_TB). The first table now contains multiple client data (ie the client_num can be 201,202,250 like that.
Now if the users qery the view they will only get that clients data.
eg selet * from vw_benifits where client_num=250 results only client 250 data. But I want to add the legacy data also with that.
I don't want to propose
selet * from vw_benifits where client_num in (250,NULL) since the users will be confused.
Is there any other way to do this . my requirement is like
If they query
select * from vw_benifits where client_num=250, the data should include all the records satisfying client=250 + the records from the legacy data. The view need to be created like that.
Appreciate your help
DeepakHi Thanks for the suggestion.
But I am not sure this may work for me. Here my users may not be able to use that since they don't know Oracle.
I want to hide that details from them
They may just issue a statement like this
select * from vw_benifits where client_num =250
Or
select * from vw_benifits where client_num =400 . But both times I need to show them the data from the legacy table.
Deepak -
Problem using multiple Client Certificates
Hi folks, I had (mistakenly) posted an earlier version of this question to the crypto forum.
My problem is that I have multiple client certs in my keystore, but only one is being used as the selected certificate for client authentication for all connection�s. So, one connection works fine, the rest fail because the server doesn�t like the client cert being presented.
I have been trying to get the JSSE to select the proper client certificate by making use of the chooseClientAlias method. (init the SSL context with a custom key manager that extends X509ExtendedKeyManager and implements the inherited abstract method X509KeyManager.chooseClientAlias(String[], Principal[], Socket))
But, still no luck.. the JSSE is not calling in to the my version of chooseClientAlias, and it just keeps presenting the same client certificate.
No clue why, any thoughts on how to get the JSSE to call my version of chooseClientAlias?
Thanks!
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(createCustomKeyManagers(Keystore, KeystorePassword),
createCustomTrustManagers(Keystore, KeystorePassword),null);
SSLSocketFactory factory = sslContext.getSocketFactory();
URL url = new URL(urlString);
URLConnection conn = url.openConnection();
urlConn = (HttpsURLConnection) conn;
urlConn.setSSLSocketFactory(factory);
BufferedReader rd = new BufferedReader(new InputStreamReader(urlConn.getInputStream()));
String line;
while ((line = rd.readLine()) != null) {
System.out.println(line); }
public class CustomKeyManager extends X509ExtendedKeyManager
private X509ExtendedKeyManager defaultKeyManager;
private Properties serverMap;
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
SocketAddress socketAddress = socket.getRemoteSocketAddress();
String hostName = ((InetSocketAddress)socketAddress).getHostName().toUpperCase();
String alias = null;
if(serverMap.containsKey(hostName)){
alias = serverMap.getProperty(hostName.toUpperCase());
if(alias != null && alias.length() ==0){
alias = null; }
else {
alias = defaultKeyManager.chooseClientAlias(keyType, issuers, socket);
return alias;
.Topic was correctly answered by ejp in the crypto forum..
namely: javax.net.ssl.X509KeyManager.chooseClientAlias() is called if there was an incoming CertificateRequest, according to the JSSE source code. If there's an SSLEngine it calls javax.net.ssl.X509ExtendedKeyManager.chooseEngineClientAlias() instead.*
You can create your own SSLContext with your own X509KeyManager, get its socketFactory, and set that as the socket factory for HttpsURLConnection.*
Edited by: wick123 on Mar 5, 2008 10:26 AM -
Open hhtps with a client certificate
Hi:
How do I open a https connection with a specific client certificate? I mean; If I have a X509Certificate, how do I open a connection with a ssl server by code? Client certificate can be different, It deppends of user.
Thanks
Edited by: MrViSiOn on Oct 30, 2008 8:44 AMWe have been able to resolve the problem. The setup we did was correct, but there was a problem with the java keystore. The keystore should not only contain the private key and the certificate used for authentication, but also the full certificate chain up to the root CA for it to work.
You should see a message like this in the log:
####<Mar 2, 2011 1:25:17 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b6c0032292e8f22:-558fda9e:12e7663d32b:-7ff3-00000000000001ea> <1299068717879> <BEA-000000> <Returning chain of 2 certificates.>
If you get this message:
####<Mar 1, 2011 8:01:43 PM CET> <Debug> <SecuritySSL> <XX> <XX> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>
<1299006103215> <BEA-000000> <No suitable identity certificate chain has been found.>
It indicates that weblogic can not find the chain in the store and that you need to check the JKS file.
@atheek1, thanks for the replies!
Cheers,
Hugo -
DHCP problem with wireless clients
I've just set up this eqipment
Router/Firewall ASA 5505
Cisco WLC 2125 - Wlan controller
Switch Catalyst 2960
16 Ap's AIR-LAP1131AG-E-K9
Everything was working fine, but after a while there was a problem, spesially with cell phones with wlan and with some laptops. It seems a part of the users that has been connected, then loggout out and try to log in again. It seems that they then dont get dhcp. Can this be a problem with dhcp on the asa 5505? Or does anyone know of any settings that create problems of this type.
TrondOne layman's question:
For DHCP to work, you already permit 0.0.0.0 to ask 255.255.255.255 for its IP adress (i.e port 67 in one end, and 68 in the other).
When a client re-attaches ("logs in again") it will try to use its old adress (the one assigned by dhcp) and ask 255.255.255.255 to renew its adress.
Does your ACLs permit the IP range assigned via DHCP to access 255.255.255.255?
//Svein -
Problem with VPN Client passthrough on ASA 5505
I am having a problem with passing through a VPN client connection on an ASA 5505. The ASA is running version 8 and terminates an anyconnect VPN. The ASA is using PAT. When the inside user connects with the VPN client, it connects but no traffic passes through the tunnel. I see the error
305006 regular translation creation failed for protocol 50 src INSIDE:y.y.y.y dst OUTSIDE:x.x.x.x
UDP 500,4500 and ESP are allowed into the ASA. Ipsec inspection has also been setup on a global policy, but the user still cannot pass traffice to the remote VPN he is connected through.
At the Main Office we have an ASA 5510 that terminates a site to site VPN, allows remote connections with PAT and allows passthrough no problems. Any ideas?I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.
3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97
regular translation creation failed for protocol 50 src inside:192.168.1.9 dst outside:xxx.xx.114.97
HELP? -
Problem with Macintosh client on 10.5.6
I am having a problem with applying color lables and I was wondering if anybody else was. My server was upgraded to 10.5.6 and ever since then, when on a Macintosh client, applying a color label will not work as expected. I can label a file a color and it shows, but when I click off the file, it changes back to the previous color {or no label if it previously didn't have a label}. If I click on the file again, then the label seems to stick, but even this isn't consistent. It seems that the label does look correct when I look on the server itself. We use the labels quite a lot in my workgroup as a simple way to organize works in progress. Can anybody replicate this on their system? Also, this happens on both clients running 10.5.5 and 10.5.6 (and even 10.5.3 I think)
thanks,
sean rossYes, this appears to be a bug introduced with whatever modifications Apple made to AFP in 10.5.6. See this thread for more info, but no solution yet: http://discussions.apple.com/thread.jspa?messageID=8776293
Message was edited by: JJakucyk
Maybe you are looking for
-
Unable to use Hp Recovery Disk (Shipped Direct from HP) Copy File Error for Windows 8
I have a Windows 8 HP Envy Dv6-7210US Laptop, I had to order recovery disk from HP to reinstall on the same size hard drive (Hard drive was wiped clean) but in doing so the disc work till got to Disc 2 and then it popped up an Error message (See link
-
Function module to calculate date in future
Hi, I am looking for a function module in SAP CRM 2007 that calculates and returns date 'n' days in future of the entered date. This is like the DATE_IN_FUTURE function modules present in SAP. Please let me know if any one has come across such FM. Re
-
When I want to sort an union query by using substr I get the error ora-01785. I have tried to solve the problem but still I can't solve it. pls help... select count(*), dealer.locid ,locname from dealer,loc where dealer.locid=loc.locid group by deale
-
Selection screen problem in module pool
Hi friends, I am working on module pool programming, I need to put select screen on the screen of the module pool porgramming. I used Input/Output field to do that and activated. But I am getting message invalid field format (screen error) can any on
-
How do I reduce the size of a photo after I copy (merge) it another?
Sorry for such a basic question, but when I was using Elements 5.0 I could open two photos, drag one photo into the other, then resize the photo by selecting it and using the handles. I can't find a way to do this in Photoshop CS3. Is this possible