Problems With DES...
Hi. I posted a message previously about DES ands it output but the response didn't help my situation. I want to be able to input 8bytes into the DES and get 8 bytes out. I found another post about inputting 8bytes into the DES and getting 8bytes out, but when I did implement it, it still didn't work.
Here is what my code looks like now:
MAC.java:
===============
// Create key
KeyGenerator vgen = KeyGenerator.getInstance ("DES");
vgen.init (56);
SecretKey key = vgen.generateKey();
// Create encrypter/decrypter class
DesEncrypter encrypter = new DesEncrypter(key);
// Encrypt
String encrypted = encrypter.encrypt("aaaaaaaa");
================================================
DesEncrypter.java
===============
// Create cipher
Cipher ecipher;
// Constructor
DesEncrypter(SecretKey key) {
try {
ecipher = Cipher.getInstance("DES/OFB8/NoPadding");
// Initial Vector
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
byte bytes[] = new byte[8];
sr.nextBytes(bytes);
ecipher.init(Cipher.ENCRYPT_MODE, key, sr);
// All catch blocks have been purposly left out!
// Encrypt method
public String encrypt(String str) {
try {
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes("UTF8");
// Encrypt
byte[] enc = ecipher.doFinal(utf8);
// Encode bytes to base64 to get a string
return new sun.misc.BASE64Encoder().encode(enc);
// All catch blocks have been purposly left out!
================================================
Does anyone know why DES is still outputting 8bytes?
Hi. I posted a message previously about DES ands it
output but the response didn't help my situation. I
want to be able to input 8bytes into the DES and get 8
bytes out. I found another post about inputting 8bytes
into the DES and getting 8bytes out, but when I did
implement it, it still didn't work.
// Encode bytes to base64 to get a string
return new sun.misc.BASE64Encoder().encode(enc);Base64 encoding expands the original by 4/3rds - it's the way Base64 works. So, DES is taking in eight bytes and producing eight bytes, which is expanding to 12 bytes as a result of Base64.
There is no "fix" available - it's the way the algorithms work.
Grant
Similar Messages
-
Having problem with des encryption in jcwde
I have problem with encrypting data using des encryption.... when i debug, it is stopping at the dofinal() method....help needed.
public class wallet extends Applet {
public short balance= (short) 22;
final static byte Wallet_CLA = ( byte ) 0xB0;
public short isVerified;
// public short tryCounter;//number of tries for pin
public byte[] pin=new byte[]{ 0x10, 0x10};
public byte[] key_array=new byte[]{(byte)0x09,(byte)0x0e,(byte)0x0d,(byte)0x0c,(byte)0x0b,(byte)0x0a,(byte)0x09,(byte)0x08};
public OwnerPIN m_pin;
// public Cipher m_cipher;
public DESKey m_desKey;
public Cipher m_cipher;
final static byte ENCRYPT= (byte) 0x10;
final static byte VERIFY = ( byte ) 0x20;
final static byte CREDIT = ( byte ) 0x30;
final static byte DEBIT = ( byte ) 0x40;
final static byte GET_BALANCE = ( byte ) 0x50;
final static short SW_INVALID_DEBIT_AMOUNT = 0x6A83;
final static short SW_INVALID_CREDIT_AMOUNT = 0x6A84;
final static short SW_VERIFICATION_FAILED = 0x6A85;
final static short SW_PIN_BLOCKED = 0x6A86;
final static short SW_CIPHER_DATA_LENGTH_BAD= 0x6A87;
private wallet(byte bArray[], short bOffset, byte bLength) {
isVerified=0;
//tryCounter=3;
m_pin = new OwnerPIN((byte) 3, (byte) 4);
m_pin.update(pin, (short) 0, (byte) pin.length);
m_desKey=(DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES, false);
m_desKey.setKey(key_array, (short)0);
m_cipher =Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M2, false);
m_cipher.init(m_desKey,Cipher.MODE_ENCRYPT);
//register(bArray,(short)(bOffset+1),bArray[bOffset]);
public static void install(byte bArray[], short bOffset, byte bLength)
throws ISOException {
new wallet(bArray, bOffset, bLength).register();
public void process(APDU apdu) throws ISOException {
// TODO Auto-generated method stub
byte[] buff = apdu.getBuffer();
if(selectingApplet())
return;
//byte[] buff = apdu.getBuffer();
if(buff[ISO7816.OFFSET_CLA] == Wallet_CLA)
switch (buff[ISO7816.OFFSET_INS])
case ENCRYPT:
encrypt(apdu);
return;
case VERIFY:
verify(apdu);
return;
case CREDIT:
credit(apdu);
return;
case DEBIT:
debit(apdu);
return;
case GET_BALANCE:
getBalance(apdu);
return;
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
return;
private void getBalance(APDU apdu) {
// TODO Auto-generated method stub
if(!(m_pin.getTriesRemaining()>0))
ISOException.throwIt(SW_PIN_BLOCKED);
if(!(m_pin.isValidated()))
ISOException.throwIt(SW_VERIFICATION_FAILED);
byte[] buffer = apdu.getBuffer();
//buffer[0]=(byte) balance;
apdu.setOutgoing();//indicates apdu has outgoing data
apdu.setOutgoingLength ( ( short ) 2 ) ; //outgoing data length(le)
//storing balance in buffer array
buffer [ 0 ] = ( byte ) ( balance >> 8 ) ;
buffer [ 1 ] = ( byte ) ( balance & 0xFF ) ;
apdu.sendBytes ( ( short ) 0, ( short ) 2 ) ;
//apdu.setOutgoingLength(len)
return;
private void debit(APDU apdu) {
// TODO Auto-generated method stub
if(!(m_pin.getTriesRemaining()>0))
ISOException.throwIt(SW_PIN_BLOCKED);
if(!(m_pin.isValidated()))
ISOException.throwIt(SW_VERIFICATION_FAILED);
byte[] buffer = apdu.getBuffer();
byte numBytes=(byte) apdu.getIncomingLength();//number of bytes received
if(numBytes!=1)
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
byte byteRead= (byte)apdu.setIncomingAndReceive();
byte debitAmount=buffer[ISO7816.OFFSET_CDATA];
if(balance > (short)debitAmount)
balance=(short) (balance-(short)debitAmount);
else
ISOException.throwIt(SW_INVALID_DEBIT_AMOUNT);
private void credit(APDU apdu) {
// TODO Auto-generated method stub
if(!(m_pin.getTriesRemaining()>0))
ISOException.throwIt(SW_PIN_BLOCKED);
if(!(m_pin.isValidated()))
ISOException.throwIt(SW_VERIFICATION_FAILED);
byte[] buffer = apdu.getBuffer();
byte numBytes=(byte) apdu.getIncomingLength();
if(numBytes!=1)
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
//setting the apdu direction as incoming and getting number of bytes
byte byteRead= (byte)apdu.setIncomingAndReceive();
byte creditAmount=buffer[ISO7816.OFFSET_CDATA];
if(creditAmount<0)
ISOException.throwIt(SW_INVALID_CREDIT_AMOUNT);
balance=(short) (balance+(short)creditAmount);
private void verify(APDU apdu)
byte[] buffer = apdu.getBuffer();
byte numBytes=(byte) apdu.getIncomingLength();
byte byteRead= (byte)apdu.setIncomingAndReceive();
//byte pass=buffer[ISO7816.OFFSET_CDATA];
if(m_pin.getTriesRemaining()>0)//check whether the try limit has been crossed
//if(Util.arrayCompare(buffer, (short)ISO7816.OFFSET_CDATA, pin, (short)0, (short)2)==0)//comparing pins
if(m_pin.check(buffer, (short)ISO7816.OFFSET_CDATA,byteRead))
isVerified=1;//setting status as verified
else//wrong password
//tryCounter--;
ISOException.throwIt(SW_VERIFICATION_FAILED);
else
ISOException.throwIt(SW_PIN_BLOCKED);
// TODO Auto-generated method stub
private void encrypt(APDU apdu)
byte[] buffer=apdu.getBuffer();
short bytelen=(short)(apdu.setIncomingAndReceive());
//short byteRead=(short) (buffer[ISO7816.OFFSET_LC] & 0x00FF);
byte[] outbuff=new byte[(short)16];
if(((short)bytelen%8)!=0)ISOException.throwIt(SW_CIPHER_DATA_LENGTH_BAD);
//m_cipher.update(buffer, ISO7816.OFFSET_CDATA, (short)bytelen, outbuff, (short)0);
m_cipher.doFinal(buffer,(short) ISO7816.OFFSET_CDATA, (short)bytelen, buffer, (short)0); //"DEBUGGER STOPS AT THIS LINE"
Util.arrayCopyNonAtomic(outbuff, (short)0, buffer, (short)ISO7816.OFFSET_CDATA, (short)bytelen);
apdu.setOutgoing();
apdu.setOutgoingLength((short)bytelen);
apdu.sendBytesLong(outbuff,(short)ISO7816.OFFSET_CDATA,(short)bytelen);
//apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, (short)bytelen);
Edited by: 977213 on Dec 16, 2012 10:24 PMHi,
Check out Cipher. dofinal method,
the 4th parameter should be the destination which is outbuff.
it shoul be change to :
m_cipher.doFinal(buffer,(short) ISO7816.OFFSET_CDATA, (short)bytelen, outbuff, (short)0); when I run your code the result was all 00, that was because of this error,
maybe the debugger has the same problem,
check it and tell me the result
Regards,
Hana -
Problems with Des/CBC/PKCS5Padding
Hello, I'm working on a project for the university. It's about a Client FTP that sends crypted file content, with the server that has to do the decryption phase.
The function of decrpytion reads the content from a file, decrypt it and sends it to the server, that has the function of decrypting and storing what it receives.
I have to problems:
1) For the encryption with DES, shall I read 8-byte a time from the file? In this case I have to use update() method for encryption, until I don't have the last block that is to encrypt with doFinal(). Then for the decryption shall I do the same things for the block, right?
2) Do I have a good encrpytion if a load all the content of the file (that could be not 8-byte-multiple) into an array and then apply the doFinal()?Hi. I posted a message previously about DES ands it
output but the response didn't help my situation. I
want to be able to input 8bytes into the DES and get 8
bytes out. I found another post about inputting 8bytes
into the DES and getting 8bytes out, but when I did
implement it, it still didn't work.
// Encode bytes to base64 to get a string
return new sun.misc.BASE64Encoder().encode(enc);Base64 encoding expands the original by 4/3rds - it's the way Base64 works. So, DES is taking in eight bytes and producing eight bytes, which is expanding to 12 bytes as a result of Base64.
There is no "fix" available - it's the way the algorithms work.
Grant -
Problem with DES Decryption of String - Need Urgent Help
Hi,
I created this program to encrypt and decrypt a string using DES algorithm but somehow I keep getting an exception. The code is given below.
/* ASCryptography.java*/
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.*;
import java.io.*;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class ASCryptography
public static String[] encryptPassword(String password)
String returnvalue[] = new String[2];
try
KeyGenerator keygen = KeyGenerator.getInstance("DES");
SecretKey skey = keygen.generateKey();
byte[] bytekey = skey.getEncoded();
returnvalue[0] = new BASE64Encoder().encode(bytekey);
Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skey);
byte[] bytepassword = password.getBytes();
byte[] byteencryptedpassword = cipher.doFinal(bytepassword);
returnvalue[1] = new BASE64Encoder().encode(byteencryptedpassword);
catch(Exception err)
return (returnvalue);
public static String decryptPassword(String key, String encryptedpassword)
String password = null;
try
Cipher decipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
byte[] bytekey = new BASE64Decoder().decodeBuffer(key);
SecretKey skey = new SecretKeySpec(bytekey, "DES");
decipher.init(Cipher.DECRYPT_MODE, skey, decipher.getParameters()); /* Netbeans detected the error to be in this part*/
byte[] byteencryptedpassword = new BASE64Decoder().decodeBuffer(encryptedpassword);
byte[] bytedecryptedpassword = decipher.doFinal(byteencryptedpassword);
password = new String(bytedecryptedpassword);
catch(Exception err)
System.out.println(err);
return password;
}The methods of this class are used by another class given below.
/*Crypt.java*/
public class Crypt
public static void main(String[] args)
String password = "pic01234";
String value[] = new String[2];
value = ASCryptography.encryptPassword(password);
System.out.println(value[0]);
System.out.println(value[1]);
String returnedvalue = ASCryptography.decryptPassword(value[0], value[1]);
System.out.println(returnedvalue); //the returned value remains null
System.out.println(returnedvalue.length()); // This generates a null pointer exception coz of above.
}Now whenever I run the Crypt.java program the Netbeans IDE gives the following as output
jL+Fg2EBp9Y=
LOhqKHoJRkKWc76IkU4q/A==
java.security.InvalidAlgorithmParameterException: Parameters missing
null
Exception in thread "main" java.lang.NullPointerException
I used the Step in tool of Netbeans and came out with the following conclusion
1. The first 2 strings are the encrypted key and the password string so encryption is working fine.
2. All is fine till the decipher.init(Cipher.DECRYPT_MODE, skey, decipher.getParameters()); part is encountered at this point the java.security.InvalidAlgorithmParameterException: Parameters missing is thrown.
3.The NullPointerException is caused due to the null value stored in returnedvalue
Can anyone help me out with this one I have been trying to solve for the past 6 hours.
Thanks!Also -
1) Using an array to return a compound result is at best poor. You should really define a class as a container for your encryption result.
2) Since you generate and return a new key for each password, where are you going to store the key. If you store it in the same place (database ?) as the encrypted password then this is just the same as not encrypting the password because anyone with with access to the encrypted password will also have access to the key! -
No TV sound - Problem with Pulseaudio and Gnome
Hi Community!
Since January 2013 I got big problems with the sound of my tvcard. The card is a Sundtek Media TV Pro. But after all the problems have nothing to to with the card itself!
So far I found out, that the problem is with Pulseaudio.
- Sound works under Windows on same PC.
- Sound don't work under Arch - not with tvtime, not with vlc, etc.
- Problem occurs even on a new installed system with the Arch-2013-02-01 install medium.
cat /etc/mediasrv.log
[1033] Pulseaudio connect reported an error (6 - Connection refused)
[1033] select error() in audio processor (can be caused because of pulseaudio) (Interrupted system call)
After setting up a new Arch installation with just xorg-server, gnome, tvtime and the sundtek driver from AUR I run journalctl -b:
Feb 10 16:25:15 hightower pulseaudio[636]: [pulseaudio] pid.c:
Daemon already running.
With sudo journalctl | grep 'Feb 10 16:2' I get the following output:
Feb 10 16:25:01 hightower rtkit-daemon[489]: Successfully made thread 488 of process 488 (/usr/bin/pulseaudio) owned by '120' high priority at nice level -11.
Feb 10 16:25:14 hightower rtkit-daemon[489]: Successfully made thread 606 of process 606 (/usr/bin/pulseaudio) owned by '1000' high priority at nice level -11.
Feb 10 16:25:15 hightower rtkit-daemon[489]: Successfully made thread 636 of process 636 (/usr/bin/pulseaudio) owned by '1000' high priority at nice level -11.
Feb 10 16:25:15 hightower pulseaudio[636]: [pulseaudio] pid.c: Daemon already running.
Feb 10 16:28:55 hightower pulseaudio[1000]: [pulseaudio] module-jackdbus-detect.c: Unable to contact D-Bus session bus: org.freedesktop.DBus.Error.NotSupported: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
Feb 10 16:28:55 hightower pulseaudio[1000]: [pulseaudio] module.c: Failed to load module "module-jackdbus-detect" (argument:""): initialization failed.
Feb 10 16:28:55 hightower pulseaudio[1000]: [pulseaudio] socket-server.c: bind(): Die Adresse wird bereits verwendet
Feb 10 16:28:55 hightower pulseaudio[1000]: [pulseaudio] module.c: Failed to load module "module-esound-protocol-unix" (argument: ""): initialization failed.
Feb 10 16:28:55 hightower pulseaudio[1000]: [pulseaudio] main.c: Module load failed.
Feb 10 16:28:55 hightower pulseaudio[1000]: [pulseaudio] main.c: Module load failed.
Feb 10 16:28:55 hightower pulseaudio[1000]: [pulseaudio] main.c: Konnte Daemon nicht initialisieren.
Feb 10 16:28:55 hightower pulseaudio[997]: [pulseaudio] main.c: Start des Daemons fehlgeschlagen.
So, if I understand right, pulseaudio is alreade started by the rtkit-daemon and gnome couldn't start it again.
At https://bugs.archlinux.org/task/30926 I found a hint concerning /etc/xdg/autostart/pulseaudio.desktop and /etc/xdg/autostart/pulseaudio-kde.desktop.
After removing them from /etc/xdg/autostart and running journalctl -b there are no more errors.
With sudo journalctl | grep 'pulseaudio' I get:
sudo journalctl | grep 'Feb 10 17:4' | grep 'pulse*'
Feb 10 17:41:42 hightower rtkit-daemon[485]: Successfully made thread 484 of process 484 (/usr/bin/pulseaudio) owned by '120' high priority at nice level -11.
Feb 10 17:41:55 hightower rtkit-daemon[485]: Successfully made thread 625 of process 625 (/usr/bin/pulseaudio) owned by '1000' high priority at nice level -11.
In my opinion all looks ok! I also checked the channels with the alsamixer and it looks good, too.
So I ran vlc v4l2://:dev=/dev/video0:width=720:height=576:tuner-frequency=510750:adev=/dev/null:standard=255 - but still no sound.
With cat /var/log/mediasrv.log I checked the drivers logfile:
2013-02-10 17:48:55 [343] SETTING DVB-C
2013-02-10 17:48:55 [343] switching to analog TV
2013-02-10 17:48:56 [343] SETTING PAL/SECAM
2013-02-10 17:48:58 [343] invalid audio input selected: 2
2013-02-10 17:48:58 [343] Setting frequency: 510750000
2013-02-10 17:48:58 [343] Using settings for Europe
2013-02-10 17:48:58 [343] Set Pixelformat: 0 YUV 4:2:2 (YUYV)
2013-02-10 17:48:58 [1033] Starting audio processor (PID 1033)
2013-02-10 17:48:58 [1033] initializing audio in audio processor
2013-02-10 17:48:58 [1033] loaded local pulseaudio driver
2013-02-10 17:48:58 [1033] select error() in audio processor (can be caused because of pulseaudio) (Interrupted system call)
2013-02-10 17:48:59 [1033] Pulseaudio connect reported an error (6 - Connection refused)
2013-02-10 17:48:59 [1033] select error() in audio processor (can be caused because of pulseaudio) (Interrupted system call)
2013-02-10 17:48:59 [1033] Pulseaudio connect reported an error (6 - Connection refused)
I started tvtime again. This time I ran rm -rf ~/.config/pulse/ and killall pulseaudio to kill the Pulseaudio server. I instantly got a loud noise out of my speakers.
I closed tvtime and re-opened it. And there it was: TV SOUND OUT OF MY SPEAKERS!
But now, when I run pavucontrol I get:
Connection to PulseAudio failed. Automatic retry in 5s.
In this cas this is likely because PULSE_SERVER in the Environment/X11 root Windows Properties or default-server in client.conf is misconfigured.
This situation can also arrise when PulseAudio crashed and left stale details in the X11 Root Windows.
If this is the case, then PuseAudio should autospawn again, or if this is not configured you sould run start-pulseaudio-x11 manually.
I got the information from Sundtek, that Pulseaudio should not be started as system service. Instead, every user should have an own Pulseaudio daemon and that PA was concepted this way. But they don't know how it is implemented in ArchLinux.
I also don't know it exactly. So the question to all you ArchLinu pro's:
How is PA implemented in Arch? And how can I sustainable solve my problem?
Thank you for your time and help!
DuragThere is just one more thing I found out.
After logging into Gnome and running ps aux | grep pulse I get:
rebel 727 0.7 0.2 444316 10288 ? S<l 03:02 0:00 /usr/bin/pulseaudio --start --log-target=syslog
rebel 731 0.0 0.0 71236 2652 ? S 03:02 0:00 /usr/lib/pulse/gconf-helper
rebel 843 0.0 0.0 17396 1184 pts/0 D+ 03:03 0:00 grep pulse
To get the sound to work I run:
rm -rf .config/pulse/
killall pulseaudio
killall -9 pulseaudio
I again run ps aux | grep pulse
rebel 4016 4.2 0.2 510124 11528 ? Sl 03:06 0:02 /usr/bin/pulseaudio --start --log-target=syslog
rebel 4020 0.0 0.0 71368 2700 ? S 03:06 0:00 /usr/lib/pulse/gconf-helper
rebel 4046 0.0 0.0 19456 1216 pts/0 R+ 03:07 0:00 grep pulse
I can recognize that the STATs have changed. Maybe this can help to solve the problem? -
Problem with the MenuBar and how can i delete a own component out of the storage
Hello,
I opened this thread in the category "Flex Builder 2", but
under this category my questions fit better.
I have a problem with the MenuBar and a question to delete a
component out of storage.
1. We have implemented the MenuBar, which was filled
dynamically with XML data.
Sporadically it will appear following fault, if we "mousover"
the root layer.
RangeError: Error #2006: Der angegebene Index liegt
außerhalb des zulässigen Bereichs.
at flash.display::DisplayObjectContainer/addChildAt()
at mx.managers::SystemManager/
http://www.adobe.com/2006/flex/mx/internal::rawChildren_addChildAt()
at mx.managers::SystemManager/addChild()
at mx.managers::PopUpManager$/addPopUp()
at mx.controls::Menu/show()
at mx.controls::MenuBar/::showMenu()
at mx.controls::MenuBar/::mouseOverHandler()
Here a abrid ged version of our XML to create the MenuBar:
<Menuebar>
<menu label="Artikel">
<menu label="Artikel anlegen" data="new_article" />
<menu label="Artikel bearbeiten" data="edit_article" />
<menu label="Verpackung">
<menu label="Verpackung anlegen" data="new_package" />
<menu label="Verpackung bearbeiten" data="edit_package"
/>
</menu>
<menu label="Materialgruppe">
<menu label="Materialgruppe anlegen"
data="new_materialgroup" />
<menu label="Materialgruppe bearbeiten"
data="edit_materialgroup" />
</menu>
</menu>
</Menuebar>
It is a well-formed XML.
2. Delete a component out of storage
We have some own components (basically forms), which will be
created and shown by an construct e.g.
var myComponent : T_Component = new T_Component ;
this.addChild(myComponent)
Some of our forms will be created in an popup. On every call
of the popup, we lost 5 mb or more, all childs on the windows will
be removed by formname.removeAllChild();
What cann we do, that the garbage collector will dispose this
objects.
Is there a way to show all objects with references (NOT
NULL)?
I have read in the Flex Help, that
this.removeChild(myComponent) not delete the form and/or object out
of the storage.
Rather the object must be destroyed.
It is sufficient to call delete(myComponent) about remove
this object out of the storage as the case may be that the
garbage-collector remove this object at any time?
Or how can I destroy a component correctly. What happens with
the widgets on this component e.g. input fields or datagrids?
Are they also being deleted?
Thanks for your help.
MatzeIf you mena the "photo Library" then you cannot delete it.
This is how iphone handles photos. There are not two copies. There a re simply two places from which to access the same photos. ALL photos synced to iphone can be accessed via Photo Library. Those same pics can be accessed via their individual folder. -
Problem with Java Stack- dev_w2 log mentioned.
Hi everyone, I have a problem with Java Stack, I could not connect to XI home page,
I am unable to login to j2ee engine using visual Administrator.
Please go through the log below. And help me out to resolve this issue and let me know what could be the problem.
trc file: "dev_w2", trc level: 1, release: "640"
ACTIVE TRACE LEVEL 1
ACTIVE TRACE COMPONENTS all, M
B
B create_con (con_name=R/3)
B Loading DB library 'C:\usr\sap\SXI\SYS\exe\run\dboraslib.dll' ...
B Library 'C:\usr\sap\SXI\SYS\exe\run\dboraslib.dll' loaded
B Version of 'C:\usr\sap\SXI\SYS\exe\run\dboraslib.dll' is "640.00", patchlevel (0.39)
B New connection 0 created
M systemid 560 (PC with Windows NT)
M relno 6400
M patchlevel 0
M patchno 43
M intno 20020600
M make: multithreaded, Unicode
M pid 4140
M
M ***LOG Q0Q=> tskh_init, WPStart (Workproc 2 4140) [dpxxdisp.c 1160]
I MtxInit: -2 0 0
M DpSysAdmExtCreate: ABAP is active
M DpSysAdmExtCreate: JAVA is not active
M DpShMCreate: sizeof(wp_adm) 13160 (1316)
M DpShMCreate: sizeof(tm_adm) 2780232 (13832)
M DpShMCreate: sizeof(wp_ca_adm) 24000 (80)
M DpShMCreate: sizeof(appc_ca_adm) 8000 (80)
M DpShMCreate: sizeof(comm_adm) 290000 (580)
M DpShMCreate: sizeof(vmc_adm) 0 (372)
M DpShMCreate: sizeof(wall_adm) (38456/34360/64/184)
M DpShMCreate: SHM_DP_ADM_KEY (addr: 060A0040, size: 3195320)
M DpShMCreate: allocated sys_adm at 060A0040
M DpShMCreate: allocated wp_adm at 060A1B58
M DpShMCreate: allocated tm_adm_list at 060A4EC0
M DpShMCreate: allocated tm_adm at 060A4EE8
M DpShMCreate: allocated wp_ca_adm at 0634BB30
M DpShMCreate: allocated appc_ca_adm at 063518F0
M DpShMCreate: allocated comm_adm_list at 06353830
M DpShMCreate: allocated comm_adm at 06353848
M DpShMCreate: allocated vmc_adm_list at 0639A518
M DpShMCreate: system runs without vmc_adm
M DpShMCreate: allocated ca_info at 0639A540
M DpShMCreate: allocated wall_adm at 0639A548
X EmInit: MmSetImplementation( 2 ).
X <ES> client 2 initializing ....
X <ES> InitFreeList
X Using implementation flat
M <EsNT> Memory Reset disabled as NT default
X ES initialized.
M
M calling db_connect ...
C Got ORACLE_HOME=c:\oracle\ora92 from environment
C Client NLS settings: AMERICAN_AMERICA.UTF8
C Logon as OPS$-user to get SAPSXI's password
C Connecting as /@SXI on connection 0 ...
C Attaching to DB Server SXI (con_hdl=0,svchp=04494404,svrhp=04495074)
C
C Starting user session (con_hdl=0,svchp=04494404,srvhp=04495074,usrhp=0449D8AC)
C
C Now I'm connected to ORACLE
C Got SAPSXI's password from OPS$-user
C Disconnecting from connection 0 ...
C Closing user session (con_hdl=0,svchp=04494404,usrhp=0449D8AC)
C Now I'm disconnected from ORACLE
C Connecting as SAPSXI/<pwd>@SXI on connection 0 ...
C Starting user session (con_hdl=0,svchp=04494404,srvhp=04495074,usrhp=0449D8AC)
C Now I'm connected to ORACLE
C Database NLS settings: AMERICAN_AMERICA.UTF8
C Database instance sxi is running on STARXI with ORACLE version 9.2.0.5.0 since 20081020
B Connection 0 opened
B Wp Hdl ConName ConId ConState TX PRM RCT TIM MAX OPT Date Time DBHost
B 000 000 R/3 000000000 ACTIVE NO YES NO 000 255 255 20081020 123752 STARXI
M db_connect o.k.
I MtxInit: 2 0 0
M SHM_PRES_BUF (addr: 08230040, size: 4400128)
M SHM_ROLL_AREA (addr: 62E40040, size: 77594624)
M SHM_PAGING_AREA (addr: 08670040, size: 39845888)
M SHM_ROLL_ADM (addr: 0AC80040, size: 775412)
M SHM_PAGING_ADM (addr: 0AD40040, size: 525344)
M ThCreateNoBuffer allocated 540152 bytes for 1000 entries at 0ADD0040
M ThCreateNoBuffer index size: 3000 elems
M ThCreateVBAdm allocated 12160 bytes (50 server) at 0AE60040
X EmInit: MmSetImplementation( 2 ).
X <ES> client 2 initializing ....
X Using implementation flat
X ES initialized.
B
B db_con_shm_ini: WP_ID = 2, WP_CNT = 10
B dbtbxbuf: Buffer TABL (addr: 103D00C8, size: 30000128, end: 1206C4C8)
B dbtbxbuf: Profile: max_objects = 5000, displace = 1, reorg = 1
B dbtbxbuf: request_unit = 2000, sync_reload = 5, inval_reload = 5
B dbtbxbuf: protect_shm = 0, force_checks = 0
B dbtbxbuf: tsize_retry = 14302848
B ***LOG BB0=> buffer TABL started with length 30000128 bytes [dbtbxbuf#7 @ 15714] [dbtbxbuf1571 4]
B dbtbxbuf: Buffer TABLP (addr: 0E4000C8, size: 10240000, end: 0EDC40C8)
B dbtbxbuf: Profile: max_objects = 500, displace = 1, reorg = 1
B dbtbxbuf: request_unit = 2000, sync_reload = 5, inval_reload = 5
B dbtbxbuf: protect_shm = 0, force_checks = 0
B dbtbxbuf: tsize_retry = 5046656
B ***LOG BB0=> buffer TABLP started with length 10240000 bytes [dbtbxbuf#7 @ 15714] [dbtbxbuf1571 4]
B dbtbxbuf: Reading TBX statistics:
B dbtbxbuf: 41 object entries precreated
B Layout of EIBUF buffer shared memory:
B 0: 1 * 4 = 4
B 1: 1 * 344 = 344
B 2: 10 * 20 = 200
B 3: 4001 * 48 = 192048
B 4: 2000 * 232 = 464000
B 5: 4001 * 4 = 16004
B 6: 1 * 200 = 200
B 7: 65 * 4 = 260
B 8: 13754 * 256 = 3521024
B Tracing = 0, Shm Protection = 0, Force checks = 0
B dbexpbuf: Buffer EIBUF (addr: 0EDE00D0, size: 4194304, end: 0F1E00D0)
B ***LOG BB0=> buffer EIBUF started with length 4096k bytes [dbexpbuf#5 @ 2322] [dbexpbuf2322 ]
B Layout of ESM buffer shared memory:
B 0: 1 * 4 = 4
B 1: 1 * 344 = 344
B 2: 10 * 20 = 200
B 3: 4001 * 48 = 192048
B 4: 2000 * 232 = 464000
B 5: 4001 * 4 = 16004
B 6: 1 * 200 = 200
B 7: 65 * 4 = 260
B 8: 13754 * 256 = 3521024
B Tracing = 0, Shm Protection = 0, Force checks = 0
B dbexpbuf: Buffer ESM (addr: 0F1F00D0, size: 4194304, end: 0F5F00D0)
B ***LOG BB0=> buffer ESM started with length 4096k bytes [dbexpbuf#5 @ 2322] [dbexpbuf2322 ]
B Layout of CUA buffer shared memory:
B 0: 1 * 4 = 4
B 1: 1 * 344 = 344
B 2: 10 * 20 = 200
B 3: 3001 * 48 = 144048
B 4: 1500 * 232 = 348000
B 5: 3001 * 4 = 12004
B 6: 1 * 200 = 200
B 7: 193 * 4 = 772
B 8: 5012 * 512 = 2566144
B Tracing = 0, Shm Protection = 0, Force checks = 0
B dbexpbuf: Buffer CUA (addr: 0F6000D0, size: 3072000, end: 0F8EE0D0)
B ***LOG BB0=> buffer CUA started with length 3000k bytes [dbexpbuf#5 @ 2322] [dbexpbuf2322 ]
B Layout of OTR buffer shared memory:
B 0: 1 * 4 = 4
B 1: 1 * 344 = 344
B 2: 10 * 20 = 200
B 3: 4001 * 48 = 192048
B 4: 2000 * 232 = 464000
B 5: 4001 * 4 = 16004
B 6: 1 * 200 = 200
B 7: 81 * 4 = 324
B 8: 13754 * 256 = 3521024
B Tracing = 0, Shm Protection = 0, Force checks = 0
B dbexpbuf: Buffer OTR (addr: 0F8F00D0, size: 4194304, end: 0FCF00D0)
B ***LOG BB0=> buffer OTR started with length 4096k bytes [dbexpbuf#5 @ 2322] [dbexpbuf2322 ]
B ***LOG BB0=> buffer CALE started with length 500000 bytes [dbcalbuf#1 @ 2206] [dbcalbuf2206 ]
B dbtran INFO (init_connection '<DEFAULT>' [ORACLE:640.00]):
B max_blocking_factor = 15, max_in_blocking_factor = 5,
B min_blocking_factor = 10, min_in_blocking_factor = 5,
B prefer_union_all = 0, prefer_union_for_select_all = 0,
B prefer_fix_blocking = 0, prefer_in_itab_opt = 1,
B convert AVG = 0, alias table FUPD = 0,
B escape_as_literal = 1, opt GE LE to BETWEEN = 0,
B select * =0x0f, character encoding = STD / <none>:-,
B use_hints = abap->1, dbif->0x1, upto->2147483647, rule_in->0,
B rule_fae->0, concat_fae->0, concat_fae_or->0
M
M PfHIndInitialize: memory=<0AEEC488>, header=<0AEEC488>, records=<0AEEC4D0>
M SecAudit(init_sel_info): init of SCSA completed: 02 slots used
M ***LOG AV6=> 02& [rsauwr1.c 1619]
M SsfSapSecin: automatic application server initialization for SAPSECULIB
N SsfSapSecin: Looking for PSE in database
N SsfPseLoad: started...(path=C:\usr\sap\SXI\DVEBMGS00\sec, AS=starxi, instanceid=00)
N
N SsfPseLoad: Downloading file C:\usr\sap\SXI\DVEBMGS00\sec\SAPSYS.pse (client: , key: SYSPSE, len: 1078)
N SsfPseLoad: ended (1 of 1 sucessfully loaded, 1 checked...
N MskiCreateLogonTicketCache: Logon Ticket cache created in shared memory.
N MskiCreateLogonTicketCache: Logon Ticket cache pointer registered in shared memory.
M rdisp/reinitialize_code_page -> 0
M icm/accept_remote_trace_level -> 0
M rdisp/no_hooks_for_sqlbreak -> 0
S
S *** init spool environment
S initialize debug system
T Stack direction is downwards.
T debug control: prepare exclude for printer trace
T new memory block 121963B0
S spool kernel/ddic check: Ok
S using table TSP02FX for frontend printing
S 1 spool work process(es) found
S frontend print via spool service enabled
S printer list size is 150
S printer type list size is 50
S queue size (profile) = 300
S hostspool list size = 3000
S option list size is 30
S intervals: query=50, rescan=1800, global=300 info=120
S processing queue enabled
S creating spool memory service RSPO-RCLOCKS at 0FEB00A8
S doing lock recovery
S setting server cache root
S using server cache size 100 (prof=100)
S creating spool memory service RSPO-SERVERCACHE at 0FEB0370
S using messages for server info
S size of spec char cache entry: 297028 bytes (timeout 100 sec)
S size of open spool request entry: 2132 bytes
S immediate print option for implicitely closed spool requests is disabled
A
A
A -PXA--
A PXA INITIALIZATION
A PXA: Fragment Size too small: 73 MB, reducing # of fragments
A System page size: 4kb, admin_size: 5032kb.
A PXA allocated (address 67850040, size 150000K)
A System name
A ORACLE...........................SXI........20081004121019.....................................
A is used for RFC security.
A Sharedbuffer token: 41534050...33 (len: 111)====== 2b61c190857e36a8681ef39a...
A abap/pxa = shared protect gen_remote
A PXA INITIALIZATION FINISHED
A -PXA--
A
A ABAP ShmAdm initialized (addr=579F4000 leng=20955136 end=58DF0000)
A >> Shm MMADM area (addr=57E69DF0 leng=126176 end=57E88AD0)
A >> Shm MMDAT area (addr=57E89000 leng=16150528 end=58DF0000)
A RFC rfc/signon_error_log = -1
A RFC rfc/dump_connection_info = 0
A RFC rfc/dump_client_info = 0
A RFC rfc/cp_convert/ignore_error = 1
A RFC rfc/cp_convert/conversion_char = 23
A RFC rfc/wan_compress/threshold = 251
A RFC rfc/recorder_pcs not set, use defaule value: 2
A RFC rfc/delta_trc_level not set, use default value: 0
A RFC rfc/no_uuid_check not set, use default value: 0
A RFC Method> initialize RemObjDriver for ABAP Objects
A Hotpackage version: 9
M ThrCreateShObjects allocated 10568 bytes at 0FFD0040
M ThVBStartUp: restart pending update requests
M
M ThVBAutoStart: update-auto-delete
N SsfSapSecin: putenv(SECUDIR=C:\usr\sap\SXI\DVEBMGS00\sec): ok
N SsfSapSecin: PSE C:\usr\sap\SXI\DVEBMGS00\sec\SAPSYS.pse found!
N
N =================================================
N === SSF INITIALIZATION:
N ===...SSF Security Toolkit name SAPSECULIB .
N ===...SSF trace level is 0 .
N ===...SSF library is C:\usr\sap\SXI\SYS\exe\run\sapsecu.dll .
N ===...SSF hash algorithm is SHA1 .
N ===...SSF symmetric encryption algorithm is DES-CBC .
N ===...sucessfully completed.
N =================================================
N MskiInitLogonTicketCacheHandle: Logon Ticket cache pointer retrieved from shared memory.
N MskiInitLogonTicketCacheHandle: Workprocess runs with Logon Ticket cache.
W =================================================
W === ipl_Init() called
W ITS Plugin: Path dw_gui
W ITS Plugin: Description ITS Plugin - ITS rendering DLL
W ITS Plugin: sizeof(SAP_UC) 2
W ITS Plugin: Release: 640, [6400.0.43.20020600]
W ITS Plugin: Int.version, [31]
W ITS Plugin: Feature set: [3]
W ===... Calling itsp_Init in external dll ===>
W === ipl_Init() returns 0, ITSPE_OK: OK
W =================================================
M MBUF info for hooks: MS component UP
M ThSetEnqName: set enqname by profile
M ThISetEnqname: enq name = >starxi_SXI_00 <
E
E *************** EnqId_EN_ActionAtMsUpHook ***************
E Hook on upcoming Ms (with EnqSrv), get auth EnqId and check it locally
E Enqueue Info: enque/disable_replication = 2
E Enqueue Info: replication disabled
E
E
E *************** ObjShMem_CheckAuthoritativeEnqId ***************
E Checking authoritative EnqId from EnqSrv into ObjShMem
E ObjShMem_CheckAuthoritativeEnqId: ObjShMem ...
E EnqId.EnqTabCreaTime = -999
E EnqId.RandomNumber = -999
E ReqOrd.TimeInSecs = -999
E ReqOrd.ReqNumberThisSec = -999
E ObjShMem_CheckAuthoritativeEnqId: ObjShMem ...
E EnqId.EnqTabCreaTime = -999
E EnqId.RandomNumber = -999
E ReqOrd.TimeInSecs = -999
E ReqOrd.ReqNumberThisSec = -999
E ObjShMem_CheckAuthoritativeEnqId: EnqId is initial in ShMem
E ObjShMem_CheckAuthoritativeEnqId: Overwrite incoming auth EnqId, continue
E EnqId inscribed into initial ObjShMem: (ObjShMem_CheckAuthoritativeEnqId)
E -SHMEM--
E EnqId: EnqTabCreaTime/RandomNumber = 20.10.2008 12:38:10 1224486490 / 4140
E ReqOrd at Srv: TimeInSecs/ReqNumberThisSec = 20.10.2008 12:38:11 1224486491 / 1
E ReqOrd at Cli: TimeInSecs/ReqNumberThisSec = 20.10.2008 12:38:11 1224486491 / 1
E Status: STATUS_OK
E -
M ThActivateServer: state = STARTING
L Begin of BtcSysStartRaise
L Raise event SAP_SYSTEM_START with parameter <starxi_SXI_00 >
L End of BtcSysStartRaise
I
I MPI<c>9#3 Peak buffer usage: 5 (@ 64 KB)
M
M *** WARNING => ThCheckReqInfo: req_info & DP_CANT_HANDLE_REQ
M return number range rc 12
M *** WARNING => ThNoGet: get from object (cli/obj/subobj/range = 000/ALAUTOUID / /01) returned rc 12
S
S server @>SSRV:starxi_SXI_00@< appears or changes (state 1)
B table logging switched off for all clients
S
S server @>SSRV:starxi_SXI_00@< appears or changes (state 1)
M
M hostaddrlist return 0
M
M hostaddrlist return 0
M
M hostaddrlist return 0
M hostaddrlist return 0
M hostaddrlist return 0
Regards,
Varun.You probably made the same mistake as I did and added the tables manually to the "sample" database instead of the "sun-appserv-samples" database.
marc -
Still having problems with VPN access
Hello!
I am having problems with my VPN clients getting access to the networks over a MPLS infrastruture. I can reach these resources form my Core network (172.17.1.0/24) and my Wifi (172.17.100.0/24) but not from my VPN network (172.17.200.0/24). From the VPN I can reach the Wifi network (which is behind a router) and the rule that allows that also allows access to the other networks but for some reason it is not working.
When I ping inside the core network from VPN I can connect and get responses. When I ping to the Wifi network, I can get responses and connect to resources there. A tracert to the wifi network shows it hitting the core switch (a 3750 stack) @ 172.17.1.1, then the Wifi router (172.17.1.3) and then the host. A tracert to a resource on the MPLS network from the VPN shows a single entry (the destination host) and then 29 time outs but will not ping that resource nor connect.
I've posted all the info I can think of below. Any help appreciated.
*** Here is a tracert from a core network machine to the resource we need on the MPLS:
C:\Windows\system32>tracert 10.2.0.125
Tracing route to **************** [10.2.0.125]
over a maximum of 30 hops:
1 1 ms <1 ms <1 ms 172.17.1.1
2 1 ms <1 ms <1 ms 172.17.1.10
3 5 ms 5 ms 5 ms 192.168.0.13
4 31 ms 30 ms 31 ms 192.168.0.5
5 29 ms 30 ms 29 ms 192.168.0.6
6 29 ms 29 ms 29 ms 192.168.20.4
7 29 ms 29 ms 29 ms RV-TPA-CRMPROD [10.2.0.125]
Trace complete.
172.17.1.10 is the mpls router.
**** Here is the routing table (sh ip route) from the 3750 @ 172.17.1.1
Gateway of last resort is 172.17.1.2 to network 0.0.0.0
S 192.168.30.0/24 [1/0] via 172.17.1.10
172.17.0.0/24 is subnetted, 3 subnets
S 172.17.200.0 [1/0] via 172.17.1.2
C 172.17.1.0 is directly connected, Vlan20
S 172.17.100.0 [1/0] via 172.17.1.3
172.18.0.0/24 is subnetted, 1 subnets
S 172.18.1.0 [1/0] via 172.17.1.10
S 192.168.11.0/24 [1/0] via 172.17.1.10
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
S 10.2.0.0/24 [1/0] via 172.17.1.10
S 10.10.10.0/24 [1/0] via 172.17.1.10
S 10.20.0.0/24 [1/0] via 172.17.1.10
S 10.3.0.128/25 [1/0] via 172.17.1.10
S 192.168.1.0/24 [1/0] via 172.17.1.10
S* 0.0.0.0/0 [1/0] via 172.17.1.2
*** Here is the firewall config (5510):
ASA Version 8.4(1)
hostname RVGW
domain-name ************
enable password b5aqRk/6.KRmypWW encrypted
passwd 1ems91jznlfZHhfU encrypted
names
interface Ethernet0/0
nameif Outside
security-level 10
ip address 5.29.79.10 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 172.17.1.2 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 172.19.1.1 255.255.255.0
management-only
banner login RedV GW
ftp mode passive
dns server-group DefaultDNS
domain-name RedVector.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network WiFi
subnet 172.17.100.0 255.255.255.0
description WiFi
object network inside-net
subnet 172.17.1.0 255.255.255.0
object network NOSPAM
host 172.17.1.60
object network BH2
host 172.17.1.60
object network EX2
host 172.17.1.61
description Internal Exchange / Outbound SMTP
object network Mail2
host 5.29.79.11
description Ext EX2
object network NETWORK_OBJ_172.17.1.240_28
subnet 172.17.1.240 255.255.255.240
object network NETWORK_OBJ_172.17.200.0_24
subnet 172.17.200.0 255.255.255.0
object network VPN-CLIENT
subnet 172.17.200.0 255.255.255.0
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_1
network-object object BH2
network-object object NOSPAM
object-group network VPN-CLIENT-PAT-SOURCE
description VPN-CLIENT-PAT-SOURCE
network-object object VPN-CLIENT
object-group network LAN-NETWORKS
network-object 10.10.10.0 255.255.255.0
network-object 10.2.0.0 255.255.255.0
network-object 10.3.0.0 255.255.255.0
network-object 172.17.100.0 255.255.255.0
network-object 172.18.1.0 255.255.255.0
network-object 192.168.1.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 192.168.30.0 255.255.255.0
object-group network VPN-POOL
network-object 172.17.200.0 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
access-list Outside_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 eq smtp
access-list Outside_access_in extended permit tcp any object BH2 object-group DM_INLINE_TCP_1
access-list global_mpc extended permit ip any any
access-list Inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
pager lines 24
logging enable
logging asdm informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination Inside 172.17.1.52 9996
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool VPN 172.17.1.240-172.17.1.250 mask 255.255.255.0
ip local pool VPN2 172.17.200.100-172.17.200.200 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (Inside,Outside) source static EX2 Mail2
nat (Inside,Outside) source static any any destination static NETWORK_OBJ_172.17.1.240_28 NETWORK_OBJ_172.17.1.240_28
nat (Inside,Outside) source static any any destination static NETWORK_OBJ_172.17.200.0_24 NETWORK_OBJ_172.17.200.0_24
nat (Inside,Outside) source static inside-net inside-net destination static NETWORK_OBJ_172.17.1.240_28 NETWORK_OBJ_172.17.1.240_28
nat (Inside,Outside) source static LAN-NETWORKS LAN-NETWORKS destination static VPN-POOL VPN-POOL
object network inside-net
nat (Inside,Outside) dynamic interface
object network NOSPAM
nat (Inside,Outside) static 5.29.79.12
nat (Outside,Outside) after-auto source dynamic VPN-CLIENT-PAT-SOURCE interface
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
route Outside 0.0.0.0 0.0.0.0 5.29.79.9 1
route Inside 10.2.0.0 255.255.255.0 172.17.1.1 1
route Inside 10.3.0.0 255.255.255.128 172.17.1.1 1
route Inside 10.10.10.0 255.255.255.0 172.17.1.1 1
route Inside 172.17.100.0 255.255.255.0 172.17.1.3 1
route Inside 172.18.1.0 255.255.255.0 172.17.1.1 1
route Inside 192.168.1.0 255.255.255.0 172.17.1.1 1
route Inside 192.168.11.0 255.255.255.0 172.17.1.1 1
route Inside 192.168.30.0 255.255.255.0 172.17.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RedVec protocol ldap
aaa-server RedVec (Inside) host 172.17.1.41
ldap-base-dn DC=adrs1,DC=net
ldap-group-base-dn DC=adrs,DC=net
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=Hanna\, Roger,OU=Humans,OU=WPLAdministrator,DC=adrs1,DC=net
server-type microsoft
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.17.1.0 255.255.255.0 Inside
http 24.32.208.223 255.255.255.255 Outside
snmp-server host Inside 172.17.1.52 community *****
snmp-server location Server Room 3010
snmp-server contact Roger Hanna
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto ikev1 enable Outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
telnet 172.17.1.0 255.255.255.0 Inside
telnet timeout 5
ssh 172.17.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
dhcpd address 172.17.1.100-172.17.1.200 Inside
dhcpd dns 172.17.1.41 172.17.1.42 interface Inside
dhcpd lease 100000 interface Inside
dhcpd domain adrs1.net interface Inside
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy RedV internal
group-policy RedV attributes
wins-server value 172.17.1.41
dns-server value 172.17.1.41 172.17.1.42
vpn-tunnel-protocol ikev1
default-domain value ADRS1.NET
group-policy RedV_1 internal
group-policy RedV_1 attributes
wins-server value 172.17.1.41
dns-server value 172.17.1.41 172.17.1.42
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
default-domain value adrs1.net
username rparker password FnbvAdOZxk4r40E5 encrypted privilege 15
username rparker attributes
vpn-group-policy RedV
username mhale password 2reWKpsLC5em3o1P encrypted privilege 0
username mhale attributes
vpn-group-policy RedV
username dcoletto password g53yRiEqpcYkSyYS encrypted privilege 0
username dcoletto attributes
vpn-group-policy RedV
username rhanna password Pd3E3vqnGmV84Ds2 encrypted privilege 15
username rhanna attributes
vpn-group-policy RedV
tunnel-group RedV type remote-access
tunnel-group RedV general-attributes
address-pool VPN2
authentication-server-group RedVec
default-group-policy RedV
tunnel-group RedV ipsec-attributes
ikev1 pre-shared-key *****
class-map global-class
match access-list global_mpc
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class global-class
flow-export event-type all destination 172.17.1.52
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:202ad58ba009fb24cbd119ed6d7237a9Hi Roger,
I bet you already checked it, but does the MPLS end router has route to VPN client subnet 172.17.200.x (or default) pointing to core rtr)?
Also, if the MPLS link has any /30 subnet assigned, you may need to include that as well in Object group LAN-NETWORKS.
Thx
MS -
Weblogic 10.0 Problems with stripes/struts
When trying to deploy the sample application for the stripes framework on weblogic 10.0 I get the following error when deploying.
<Dec 3, 2009 12:16:51 PM CET> <Error> <HTTP> <BEA-101165>
<Could not load user defined filter in web.xml:
net.sourceforge.stripes.controller.StripesFilter.net.sourceforge.stripes.exception.StripesRuntimeException:
Problem instantiating default configuration objects.I actually had to switch to using the Sun JDK to get this error. JRockit does not report it, and just fails when I try to use the application. The problem appear to be weblogic 10.0 specific. No problems with jetty or tomcat, and I've heard reports that it is resolved in weblogic 10.3. Have ayone come accross similar problems when using stripes/struts on weblogic 10.0, and found a solution to this? Is there a patch available for 10.0 than fix this?
Regards
Morten
PS: I have ommited the complete stack trace, since it is monstrously huge.Guess I was wrong in thinking that this was an isolated weblogic 10.0 problem. I just downloaded weblogic 10.3 and tried to deploy the same application there, and the same error happened.
<03.des.2009 kl 15.12 CET> <Error> <HTTP> <BEA-101165>
<Could not load user defined filter in web.xml:
net.sourceforge.stripes.controller.StripesFilter.net.sourceforge.stripes.exception.StripesRuntimeException:
Problem instantiating default configuration objects.
at net.sourceforge.stripes.config.DefaultConfiguration.init(DefaultConfiguration.java:220)
at net.sourceforge.stripes.config.RuntimeConfiguration.init(RuntimeConfiguration.java:272)
at net.sourceforge.stripes.controller.StripesFilter.init(StripesFilter.java:125)
at weblogic.servlet.internal.FilterManager$FilterInitAction.run(FilterManager.java:329)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
Truncated. see log file for complete stacktrace
java.lang.NullPointerException
at java.io.FilterInputStream.read(FilterInputStream.java:116)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
Truncated. see log file for complete stacktraceSo is there anyone out there with experience with struts/stripes, that can tell why this does not work? If you need to try this yourself, you can download the stripes sample application here:
http://sourceforge.net/projects/stripes/files/stripes/Stripes%201.5.2/stripes-1.5.2.zip/download
There is an example WAR called "stripes-examples.war" in the zip that is ready to be deployed.
Regards
Morten
PS: you still need to start weblogic with Sun JDK rather than JRockit to get the error. With JRockit the application simply fails when used. -
RD Gateway 2012 R2 (DMZ) - Problem with authentification (NULL SID)
Hello,
I have a problem with a RD Gateway 2012 R2, that domain users can't log on over the RD Gateway to the RD Sessionhost. I get an error message in the eventlog on the RD Gateway.
Protokollname: Security
Quelle: Microsoft-Windows-Security-Auditing
Datum: 09.12.2014 16:45:24
Ereignis-ID: 4625
Aufgabenkategorie:Anmelden
Ebene: Informationen
Schlüsselwörter:Überwachung gescheitert
Benutzer: Nicht zutreffend
Computer: DMZ2.bptest.local
Beschreibung:
Fehler beim Anmelden eines Kontos.
Antragsteller:
Sicherheits-ID: NULL SID
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0
Anmeldetyp: 3
Konto, für das die Anmeldung fehlgeschlagen ist:
Sicherheits-ID: NULL SID
Kontoname: [email protected]
Kontodomäne:
Fehlerinformationen:
Fehlerursache: Bei der Anmeldung ist ein Fehler aufgetreten.
Status: 0xC000005E
Unterstatus:: 0x0
Prozessinformationen:
Aufrufprozess-ID: 0x0
Aufrufprozessname: -
Netzwerkinformationen:
Arbeitsstationsname: SCHULUNG
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: NtLmSsp
Authentifizierungspaket: NTLM
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die Prozessinformationen geben den Prozess und das Konto an, für die die Anmeldung angefordert wurde.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. Der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
The domain administrator can log on successfully over the RD Gateway. When i log on a domain user on the RD Gateway server console first and then log on over the RD Gateway, the authentication works fine.
The RD Gateway 2012 R2 has been installed as well as the instructions (http://technet.microsoft.com/en-us/library/cc754191.aspx). I have tried a lots of things, but without a result.
e.g.
register NPS in the AD
all ports in the Firewall between LAN and DMZ are opened
set the "Network security: LAN Manager authentication level" to "Send NTLMv2 response only"
re-install of the RD Gateway 2012 R2
Environment:
All machines have Windows Server 2012 R2 or Windows 8/8.1 with the latest updates. All servers are virtualized with Hyper-V.
Domaincontroller (LAN)
RD Sessionhost (LAN)
RD Gateway (DMZ)
Clients (DMZ/WAN)
Hardware-Firewall (3-zone)
Does anyone have an idea, what might be the problem?
Best regards,
BpDkHi,
From your description seems there is user permission issue and that’s the reason you can’t logon to the remote desktop. For this you can I would like to check whether you have done the following steps for troubleshooting.
Need to create RD CAP and RD RAP policies and also add the user under RD CAP properties for proper access. RD CAPs allow you to specify who can connect to an RD Gateway server. You can specify a user group that exists on the local RD Gateway server or in Active
Directory Domain Services. You can also specify other conditions that users must meet to access an RD Gateway server. You can list specific conditions in each RD CAP. For example, you might require a group of users to use a smart card to connect through RD
Gateway.
When there is no AD DS in the perimeter network, ideally the servers in the perimeter network should be in a workgroup, but the RD Gateway server has to be domain-joined because it has to authenticate and authorize corporate domain users and resources.
Please check below article for more troubleshooting and provide access & authenticate user.
RD Gateway deployment in a perimeter network & Firewall rules
http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Problems with office after upgrade to ERP 6.0
After upgrade from R3 46c to ERP 6.0 , we installed sap gui 710 with patch 14 and in many frontends a new version of Microsoft Office 2003 SP3.
In many PCs now we have a problem with macros and templates from PA20 transacction with Documents Management.
We try to execute a Wor for a personnel number with infotype 910 and I have the nex messages when Windows open the Word 2003.
"Al abrir este domento, se ejecutará el comando SQL siguiente:
SELECT * FROM C:/DOCUMEN1andreaCONFIG1TempDatasource_tab.SAP
Los datos de la base de datos se colocarán en el documento. ¿Desea continuar?"
If you select "Si", appear another message ~SAP(BA6580C1-BE84.... es un documento principal de combinación. Word no puede encontrar el origen de datos"
When, word document is dsplayed, we only see name of variable and they are not reeplaced by its value.Sorry, but the note is in Spain (I guess), can you please translate?
We have the same issue on our productive HR system - but not on the development system, what makes it curious.
When we try to start contracts in word we get the same message
"Opening this will run the following SQL command
SELECT * FROM C:\.....Datasource_tab.SAP
How can we avoid this message?
Thanks in advance! -
Problems with a Vaio andthe Adin of Connect Pro
Dear all:
I have a custoemr using a Vaio laptop and it has problems with the Ad in of Connect.
Each time she tries to get the proof of connection (eventhough she has the last version ogb the Adin) automatically Connect said that there´s a problem with the Ad in and take her out.
If she´s in a meeting se cannot share anythin (she can charge documents) and also she cannot connect a web camera.
Any idea?
Thanls in advance,
DesiréeDear Derek:
I have reported this issue to Connect Tech Support.
It happens the same with Connect 7.
I will let you know if there´s any solution
Have you tried to use an older version of the Connect Ad in?
Regards,
Desirée -
Problems with reading XML files with ISO-8859-1 encoding
Hi!
I try to read a RSS file. The script below works with XML files with UTF-8 encoding but not ISO-8859-1. How to fix so it work with booth?
Here's the code:
import java.io.File;
import javax.xml.parsers.*;
import org.w3c.dom.*;
import java.net.*;
* @author gustav
public class RSSDocument {
/** Creates a new instance of RSSDocument */
public RSSDocument(String inurl) {
String url = new String(inurl);
try{
DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
Document doc = builder.parse(url);
NodeList nodes = doc.getElementsByTagName("item");
for (int i = 0; i < nodes.getLength(); i++) {
Element element = (Element) nodes.item(i);
NodeList title = element.getElementsByTagName("title");
Element line = (Element) title.item(0);
System.out.println("Title: " + getCharacterDataFromElement(line));
NodeList des = element.getElementsByTagName("description");
line = (Element) des.item(0);
System.out.println("Des: " + getCharacterDataFromElement(line));
} catch (Exception e) {
e.printStackTrace();
public String getCharacterDataFromElement(Element e) {
Node child = e.getFirstChild();
if (child instanceof CharacterData) {
CharacterData cd = (CharacterData) child;
return cd.getData();
return "?";
}And here's the error message:
org.xml.sax.SAXParseException: Teckenkonverteringsfel: "Malformed UTF-8 char -- is an XML encoding declaration missing?" (radnumret kan vara f�r l�gt).
at org.apache.crimson.parser.InputEntity.fatal(InputEntity.java:1100)
at org.apache.crimson.parser.InputEntity.fillbuf(InputEntity.java:1072)
at org.apache.crimson.parser.InputEntity.isXmlDeclOrTextDeclPrefix(InputEntity.java:914)
at org.apache.crimson.parser.Parser2.maybeXmlDecl(Parser2.java:1183)
at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:653)
at org.apache.crimson.parser.Parser2.parse(Parser2.java:337)
at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:448)
at org.apache.crimson.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:185)
at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:124)
at getrss.RSSDocument.<init>(RSSDocument.java:25)
at getrss.Main.main(Main.java:25)I read files from the web, but there is a XML tag
with the encoding attribute in the RSS file.If you are quite sure that you have an encoding attribute set to ISO-8859-1 then I expect that your RSS file has non-ISO-8859-1 character though I thought all bytes -128 to 127 were valid ISO-8859-1 characters!
Many years ago I had a problem with an XML file with invalid characters. I wrote a simple filter (using FilterInputStream) that made sure that all the byes it processed were ASCII. My problem turned out to be characters with value zero which the Microsoft XML parser failed to process. It put the parser in an infinite loop!
In the filter, as each byte is read you could write out the Hex value. That way you should be able to find the offending character(s). -
Language problem with streets in Brussels
Dear,
I have a problem with the Maps application on my Nokia 3710.
Street names in Brussels (Belgium) are only available in Dutch. The equivalent name in French is between brackets, but it is impossible to search the street using the French version. This is very frustrating, because you don't always know the Dutch equivalent name of a street everyone - including the expats - calls by its French version (Brussels is 90% French-speaking.)
How can I fix this?
Many thanks in advancehi there,
I just tried "boucher bruxelles" and got "beenhouwerstraat (rue des bouchers) brussel (bruxelles)",
so it seems to work perfect with search. Shouldn't be a problem that dutch comes first in the resulting bilingual result. -
Problem with switch-statement & ä, ö, ü
Hi all,
I am doing this Java online tutorial right now and have a problem with one of the exercises. Hopefully you can help me:
I have to write a program that determines the number of consonants, vowels, punctuation characters, and spaces in an input line. I found a solution, but have two questions about it:
Im unable to calculate the amount of umlauts (ä, ö, ü). Somehow the program doesnt recognize those characters. Why?
In general Im not very happy with this huge list of cases. How would you solve a problem like this? Is there a more convenient/elegant way?
Thanks in advance!
Write a program that determines the number of consonants, vowels, punctuation characters, and spaces in an input line.
Read in the line into a String (in the usual way). Now use the charAt() method in a loop to access the characters one by one.
Use a switch statement to increment the appropriate variables based on the current character. After processing the line, print out
the results.
import java.util.Scanner;
class Kap43A1
public static void main ( String[] args )
String line;
char letter;
int total, countV=0, countC=0, countS=0, countU=0, countP=0;
Scanner scan = new Scanner(System.in);
System.out.println( "Please write a sentence " );
line = scan.nextLine();
total=line.length(); //Gesamtanzahl an Zeichen des Satzes
for (int counter=0; counter<total; counter++)
letter = line.charAt(counter); //ermitteln des Buchstabens an einer bestimmten Position des Satzes
switch (letter)
case 'A': case 'a':
case 'E': case 'e':
case 'I': case 'i':
case 'O': case 'o':
case 'U': case 'u':
countV++;
break;
case 'B': case 'b': case 'C': case 'c': case 'D': case 'd': case 'F': case 'f': case 'G': case 'g': case 'H': case 'h':
case 'J': case 'j': case 'K': case 'k': case 'L': case 'l': case 'M': case 'm': case 'N': case 'n': case 'P': case 'p':
case 'Q': case 'q': case 'R': case 'r': case 'S': case 's': case 'T': case 't': case 'V': case 'v': case 'W': case 'w':
case 'X': case 'x': case 'Y': case 'y': case 'Z': case 'z':
countC++;
break;
case ' ':
countS++;
break;
case ',': case '.': case ':': case '!': case '?':
countP++;
break;
case 'Ä': case 'ä': case 'Ö': case 'ö': case 'Ü': case 'ü':
countU++;
break;
System.out.println( "Total amount of characters:\t" + total );
System.out.println( "Number of consonants:\t\t" + countC );
System.out.println( "Number of vocals:\t\t" + countV );
System.out.println( "Number of umlauts:\t\t" + countU );
System.out.println( "Number of spaces:\t\t" + countS );
System.out.println( "Number of punctuation chars:\t" + countP );
}WRE wrote:
In general Im not very happy with this huge list of cases. How would you solve a problem like this? Is there a more convenient/elegant way?I've been doing this a lot lately myself evaluating documents with 20 or so million words. Few tips:
1. Regular expressions can vastly reduce the list of cases. For example you can capture all letters from a to z or A to Z as follows [a-zA-Z]. To match a single character in a String you can then make use of the Pattern and Matcher classes, and incorporate the regular expression. e.g.
//Un-compiled code, may contain errors.
private Pattern letterPattern = Pattern.compile("[a-zA-Z]");
public int countNumberOfLettersInString(final String string) {
int count = 0;
Matcher letterMatcher = letterPattern.matcher(string);
while(letterMatcher.find()) {
count++;
return count;
}2. As mentioned above, Sets are an excellent choice. Simply declare a static variable and instantiate it using a static initializer block. Then loop over the String to determine if the character is in the given set. e.g.
//Un-compiled code, may contain errors.
private static Set<Character> macrons = new HashSet<Character>();
static {
macrons.add('ä');
macrons.add('ö');
macrons.add('ü');
public int countNumberOfMacronsInString(final String string) {
int count = 0;
for(char c : string.toCharArray()) {
if(macrons.contains(c) {
count++;
return count;
}Mel
Maybe you are looking for
-
Problem in extraction crm data sorce 0BP_ROLES_ATTR
Hi , during extracting the data source 0BP_ROLES_ATTR i sucessfully upladed data in to psi but when i tried to extract the data to ODS i am getting the error as The value '99991231235959 ' from field VALID_TO is not convertible into the DDIC dat
-
Event booking email identifier
My Client has booking event calendar where their clients can register for training seminars. The industry that this was developed for has 70% of the offices use a single email address.. ie. [email protected] When a person fills out the form using the
-
Hi, I have Xserver error during booting. eeror as per below: Fatal server error: Couldn't open X pointer device! Is one attached? ^[gXIO: fatal IO error 232 (Connection reset by peer) on X server "hp83k-3:0.0" ^M after 0 requests (0 known pro
-
New Conky Weather Program with Weather Alerts - conkywx
Here is a new weather program written in Bash script Please provide feedback - For users of other distros - kindly visit my Blog for latest releases and leave comments and feedback there - thanks Screenshots Program is now on the AUR Support for :
-
hi there have a win vista 32 bit home premium... recently acquires a creative muvo with fm. There is no such drivers for this on vista. Even dl the driver under a xp system causes probs. I cannot even find the device in the control panel device manag