Problems with HTTP Client Authentication in jdev 10.1.2.17.84.
Hi,
I've told HTTP Client Authentication doesn't work in jdev 10.1.2.17.84. I need users to be authenticated using a certificate so I'm trying several workarounds but none seems to be valid. Any help?
Thanks.
Luis Serrano.
been there done that.. ive decompiled the oc4j code, debuged down to the core... its big waste of my time... :(
my advice to you is to leave it.. if you do not plan to use oracle ldap sso or xml provider you can do nothing... your hands are tied... they hardcoded everything and if you want more than classic "username & password" custom login module you will have to change oc4j...
there is no point to make a custom loginmodule which utilize a client certificate because oracle JAZN do not suport that type of login module!
just implement a login filter and manage authentication and authorization yourself... just like steve muench did in his java store demo - he didnt use JAZN... :)
anyway current approach do not allow you to leverage JAAS in ADF model layer so why bother to have that in the view/controller layer anyway...
and if i understood correctly oracle plans big changes in this area in the next jdeveloper release, and they alredy said that custom login modules would be depreciated in the next releases...
Similar Messages
-
We are trying to use HTTPS client certificate based authentication to access a Java Applet in Firefox v21.0. We have followed the instructions as per the below two urls to enable JSS 4 -
https://developer.mozilla.org/en-US/docs/JSS/Using_JSS<br />
http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/keystores.html<br />
http://download.java.net/jdk8/docs/technotes/guides/deployment/deployment-guide/keystores.html
We are using JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM in Firefox v21 but we are getting - <br />
security: Accessing keys and certificate in Mozilla user profile: null<br />
security: JSS is not configured
followed by SSK handshake failure when trying to load the client certificate.
<pre><nowiki>javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)</nowiki></pre>
The client cert based authentication is working when using IE v8 and IE v9 with the same JRE version (JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM)
Any help to resolve this issue will be very much appreciated.Thank you for your response.
Yes we have added the client certificate file (.pfx) in the Firefox browser Certificate manager / Store. It's also showing the certificate in the View Certificate window. We could not resolve it yet. -
ISE 1.2 web authentication problem with wired clients
Hello,
i am having problems with centralized web authentication using a Catalyst 3650X with IOS 15.0.2 SE01 and ISE 1.2.
Redirecting the client works fine, but as soon the client opens a web browser and ISE websites open to authenticate the client, the switch port resets, the authentication process restarts and the session ID changes. After the client enters the credentials a session expired messages appears on the client and i get an 86017 Session Missing message in ISE.
here the output form the debug aaa coa log.
Any ideas
thanks in advanced
Alex
! CLIENT CONNECT TO SWITCHPORT
ISE-TEST-SWITCH#show authentication sessions interface gi0/3
Interface: GigabitEthernet0/3
MAC Address: 001f.297b.bd82
IP Address: 10.2.12.45
User-Name: 00-1F-29-7B-BD-82
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: N/A
ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-537cb1d6
URL Redirect ACL: ACL-WEBAUTH-REDIRECT
URL Redirect: https://nos-ch-wbn-ise1.nosergroup.lan:8443/guestportal/gateway?sessionId=AC1484640000026B28C02CDC&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC1484640000026B28C02CDC
Acct Session ID: 0x0000029C
Handle: 0x8C00026C
Runnable methods list:
Method State
dot1x Failed over
mab Authc Success
! CLIENT OPENS INTERNETEXPLORER -> REDIRECTS TO ISE
! SWITCHPORT GOES IN ADMINISTRATIVE DOWN STARTS AUTHENTICATION AGAIN
ISE-TEST-SWITCH#
191526: .Jun 24 10:42:24.340 UTC: COA: 10.0.128.38 request queued
191527: .Jun 24 10:42:24.340 UTC: RADIUS: authenticator 7F A9 85 AB F6 4A D0 F3 - B4 E6 F2 56 74 C6 2D 33
191528: .Jun 24 10:42:24.340 UTC: RADIUS: NAS-IP-Address [4] 6 172.20.132.100
191529: .Jun 24 10:42:24.340 UTC: RADIUS: Calling-Station-Id [31] 19 "00:1F:29:7B:BD:82"
191530: .Jun 24 10:42:24.340 UTC: RADIUS: Acct-Terminate-Cause[49] 6 admin-reset [6]
191531: .Jun 24 10:42:24.340 UTC: RADIUS: Event-Timestamp [55] 6 1403606529
191532: .Jun 24 10:42:24.340 UTC: RADIUS: Message-Authenticato[80] 18
191533: .Jun 24 10:42:24.340 UTC: RADIUS: E0 3C B2 8C 89 47 67 A8 69 F5 3D 08 61 FF 53 6E [ <Ggi=aSn]
191534: .Jun 24 10:42:24.340 UTC: RADIUS: Vendor, Cisco [26] 43
191535: .Jun 24 10:42:24.340 UTC: RADIUS: Cisco AVpair [1] 37 "subscriber:command=bounce-host-port"
191536: .Jun 24 10:42:24.340 UTC: COA: Message Authenticator decode passed
191537: .Jun 24 10:42:24.340 UTC: ++++++ CoA Attribute List ++++++
191538: .Jun 24 10:42:24.340 UTC: 06D96C58 0 00000001 nas-ip-address(600) 4 172.20.132.100
191539: .Jun 24 10:42:24.349 UTC: 06D9AC18 0 00000081 formatted-clid(37) 17 00:1F:29:7B:BD:82
191540: .Jun 24 10:42:24.349 UTC: 06D9AC4C 0 00000001 disc-cause(434) 4 admin-reset
191541: .Jun 24 10:42:24.349 UTC: 06D9AC80 0 00000001 Event-Timestamp(445) 4 1403606529(53A95601)
191542: .Jun 24 10:42:24.349 UTC: 06D9ACB4 0 00000081 ssg-command-code(490) 1 33
191543: .Jun 24 10:42:24.349 UTC:
191544: .Jun 24 2014 10:42:24.365 UTC: %EPM-6-IPEVENT: IP 10.2.12.45| MAC 001f.297b.bd82| AuditSessionID AC1484640000026B28C02CDC| AUTHTYPE DOT1X| EVENT IP-RELEASE
191545: .Jun 24 2014 10:42:24.382 UTC: %EPM-6-IPEVENT: IP 10.2.12.45| MAC 001f.297b.bd82| AuditSessionID AC1484640000026B28C02CDC| AUTHTYPE DOT1X| EVENT IP-WAIT
191546: .Jun 24 2014 10:42:24.382 UTC: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC 001f.297b.bd82| AuditSessionID AC1484640000026B28C02CDC| AUTHTYPE DOT1X| EVENT REMOVE
191547: .Jun 24 2014 10:42:24.390 UTC: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL-OPEN| EVENT DETACH-SUCCESS
191548: .Jun 24 2014 10:42:26.353 UTC: %LINK-5-CHANGED: Interface GigabitEthernet0/3, changed state to administratively down
191549: .Jun 24 2014 10:42:27.359 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/3, changed state to down
ISE-TEST-SWITCH#
191550: .Jun 24 2014 10:42:36.366 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet0/3, changed state to down
191551: .Jun 24 10:42:40.592 UTC: AAA/BIND(000002A7): Bind i/f
191552: .Jun 24 2014 10:42:41.129 UTC: %AUTHMGR-5-START: Starting 'dot1x' for client (001f.297b.bd82) on Interface Gi0/3 AuditSessionID AC1484640000026C28C2FA05
191553: .Jun 24 2014 10:42:42.580 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet0/3, changed state to up
191554: .Jun 24 2014 10:42:43.586 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/3, changed state to up
! SESSION ID CHANGES, USER ENTERS CREDENTIALS
! ERROR MESSAGE AT CLIENT "YOUR SESSION HAS EXPIRED"
! ERROR MESSAGE IN ISE "86017 SESSION MISSING"
ISE-TEST-SWITCH#show authentication sessions interface gi0/3
Interface: GigabitEthernet0/3
MAC Address: 001f.297b.bd82
IP Address: 10.2.12.45
Status: Running
Domain: UNKNOWN
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC1484640000026C28C2FA05
Acct Session ID: 0x0000029D
Handle: 0x2C00026D
Runnable methods list:
Method State
dot1x Running
mab Not runGuest authentication failed: 86017: Session cache entry missing
try adjusting the UTC timezone during the guest creation in the sponsor portal.
86017
Guest
Session Missing
Session ID missing. Please contact your System Administrator.
Info -
Logout from an "https client authentication (public key certificate)"
Hi ,
I am using an https client authentication (public key certificate) to login to my ADF faces website
How can I logout form the application? It seems the session.invalidate() is not working because my login information is still displayed after running the logout method (below)
Note that this logout method was working well with the Form-Based Authentication.
Thank you
Jamil
public String logout() {
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpSession session = (HttpSession)ectx.getSession(false);
session.invalidate();
String temp = request.getContextPath() + "/adfAuthentication?logout=true&end_url=/faces/logout";
try {
ectx.redirect(temp);
FacesContext.getCurrentInstance().responseComplete();
} catch (Exception ex) {
System.out.println("Exception in logout()");
return null;
}Can you try with the null chk.. as this piece of code is working fine for us
public void logout(ActionEvent evt) {> FacesContext fc = FacesContext.getCurrentInstance();
> HttpSession session =
> (HttpSession)fc.getExternalContext().getSession(false);
> HttpServletRequest request =
> (HttpServletRequest)fc.getExternalContext().getRequest();
> HttpServletResponse response =
> (HttpServletResponse)fc.getExternalContext().getResponse();
> try {
> if (session != null) {
> session.invalidate();
> }
> fc.getExternalContext().redirect(request.getContextPath() +
> "/faces/index");
> } catch (Exception exp) {
> try {
> fc.getExternalContext().redirect("/faces/Error");
> } catch (Exception ex) {
}> }
> } -
Hello,
I experiance problems with QuickVPN client (version 1.4.1.2). I'm trying to connect to router SA520 with 1.1.65 firmware,
vpn tunell is established, but client says "The remote gateway is not responding. Do you want to wait?"
in case i click no, it drops vpn tunell
QuickVPN client log looks like this:
2010/08/18 12:13:27 [STATUS]OS Version: Windows 7
2010/08/18 12:13:27 [STATUS]Windows Firewall Domain Profile Settings: ON
2010/08/18 12:13:27 [STATUS]Windows Firewall Private Profile Settings: ON
2010/08/18 12:13:27 [STATUS]Windows Firewall Private Profile Settings: ON
2010/08/18 12:13:27 [STATUS]One network interface detected with IP address 192.168.1.100
2010/08/18 12:13:27 [STATUS]Connecting...
2010/08/18 12:13:27 [DEBUG]Input VPN Server Address = vpn.in-volv.lv
2010/08/18 12:13:28 [STATUS]Connecting to remote gateway with IP address: 78.28.223.10
2010/08/18 12:13:28 [WARNING]Server's certificate doesn't exist on your local computer.
2010/08/18 12:13:30 [STATUS]Remote gateway was reached by https ...
2010/08/18 12:13:30 [STATUS]Provisioning...
2010/08/18 12:13:39 [STATUS]Success to connect.
2010/08/18 12:13:39 [STATUS]Tunnel is configured. Ping test is about to start.
2010/08/18 12:13:39 [STATUS]Verifying Network...
2010/08/18 12:13:44 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:47 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:50 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:53 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:56 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:14:08 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2010/08/18 12:14:12 [STATUS]Disconnecting...
2010/08/18 12:14:15 [STATUS]Success to disconnect.
Server logs look like this:
2010-08-18 12:28:49: INFO: Adding IPSec configuration with identifier "arvils"
2010-08-18 12:29:02: INFO: Configuration found for 83.243.93.200[500].
2010-08-18 12:29:02: INFO: Received request for new phase 1 negotiation: 78.28.223.10[500]<=>83.243.93.200[500]
2010-08-18 12:29:02: INFO: Beginning Identity Protection mode.
2010-08-18 12:29:02: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 12:29:02: INFO: Received Vendor ID: RFC 3947
2010-08-18 12:29:02: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 12:29:02: INFO: Received unknown Vendor ID
2010-08-18 12:29:02: INFO: Received unknown Vendor ID
2010-08-18 12:29:02: INFO: Received unknown Vendor ID
2010-08-18 12:29:02: INFO: Received unknown Vendor ID
2010-08-18 12:29:02: INFO: For 83.243.93.200[500], Selected NAT-T version: RFC 3947
2010-08-18 12:29:02: INFO: NAT-D payload matches for 78.28.223.10[500]
2010-08-18 12:29:02: INFO: NAT-D payload does not match for 83.243.93.200[500]
2010-08-18 12:29:02: INFO: NAT detected: PEER
2010-08-18 12:29:02: INFO: Floating ports for NAT-T with peer 83.243.93.200[4500]
2010-08-18 12:29:02: INFO: ISAKMP-SA established for 78.28.223.10[4500]-83.243.93.200[4500] with spi:e2cd855a75fc0887:6dc3b2e025152444
2010-08-18 12:29:02: INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2010-08-18 12:29:02: INFO: Responding to new phase 2 negotiation: 78.28.223.10[0]<=>83.243.93.200[0]
2010-08-18 12:29:02: INFO: Using IPsec SA configuration: 192.168.75.0/24<->192.168.1.100/32
2010-08-18 12:29:02: INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
2010-08-18 12:29:02: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=47693803(0x2d7bfeb)
2010-08-18 12:29:02: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 78.28.223.10->83.243.93.200 with spi=1079189482(0x40531fea)
2010-08-18 12:35:57: INFO: an undead schedule has been deleted: 'pk_recvupdate'.
2010-08-18 12:35:57: INFO: Purged IPsec-SA with proto_id=ESP and spi=1079189482(0x40531fea).
2010-08-18 12:40:46: INFO: Configuration found for 83.243.93.200[500].
2010-08-18 12:40:46: INFO: Received request for new phase 1 negotiation: 78.28.223.10[500]<=>83.243.93.200[500]
2010-08-18 12:40:46: INFO: Beginning Identity Protection mode.
2010-08-18 12:40:46: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 12:40:46: INFO: Received Vendor ID: RFC 3947
2010-08-18 12:40:46: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 12:40:46: INFO: Received unknown Vendor ID
2010-08-18 12:40:46: INFO: Received unknown Vendor ID
2010-08-18 12:40:46: INFO: Received unknown Vendor ID
2010-08-18 12:40:46: INFO: For 83.243.93.200[500], Selected NAT-T version: RFC 3947
2010-08-18 12:40:46: INFO: NAT-D payload matches for 78.28.223.10[500]
2010-08-18 12:40:46: INFO: NAT-D payload does not match for 83.243.93.200[500]
2010-08-18 12:40:46: INFO: NAT detected: PEER
2010-08-18 12:40:46: INFO: Floating ports for NAT-T with peer 83.243.93.200[4500]
2010-08-18 12:40:46: INFO: ISAKMP-SA established for 78.28.223.10[4500]-83.243.93.200[4500] with spi:28447d39874689f9:a2b7da19d8d86413
2010-08-18 12:40:46: INFO: Responding to new phase 2 negotiation: 78.28.223.10[0]<=>83.243.93.200[0]
2010-08-18 12:40:46: INFO: Using IPsec SA configuration: 192.168.75.0/24<->192.168.1.100/32
2010-08-18 12:40:46: INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
2010-08-18 12:40:47: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=259246202(0xf73c87a)
2010-08-18 12:40:47: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 78.28.223.10->83.243.93.200 with spi=3642234214(0xd9181566)
2010-08-18 12:43:27: INFO: IPsec-SA expired: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=33356156(0x1fcf97c)
2010-08-18 12:45:47: INFO: an undead schedule has been deleted: 'pk_recvupdate'.
2010-08-18 12:45:47: INFO: Purged IPsec-SA with proto_id=ESP and spi=3642234214(0xd9181566).
The most interesting thing is that sometimes this message appears, sometimes not (with the same configuration).
Please help!Hi,
I have some problem. I am using Windows 7 Entreprice x64. I use SA520 Firmware 1.1.65 and QuickVPN 1.4.1.2 port 60443.
"The remote gateway is not responding. Do you want to wait"
2010-08-18 17:25:51: INFO: Adding IPSec configuration with identifier "username"
2010-08-18 17:25:51: INFO: Adding IKE configuration with identifer "username"
2010-08-18 17:26:04: INFO: Configuration found for xxx.xxx.xxx.xxx[235].
2010-08-18 17:26:04: INFO: Received request for new phase 1 negotiation: 172.22.5.10[500]<=>xxx.xxx.xxx.xxx[235]
2010-08-18 17:26:04: INFO: Beginning Identity Protection mode.
2010-08-18 17:26:04: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 17:26:04: INFO: Received Vendor ID: RFC 3947
2010-08-18 17:26:04: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 17:26:04: INFO: Received unknown Vendor ID
2010-08-18 17:26:04: INFO: Received unknown Vendor ID
2010-08-18 17:26:04: INFO: Received unknown Vendor ID
2010-08-18 17:26:04: INFO: Received unknown Vendor ID
2010-08-18 17:26:04: INFO: For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947
2010-08-18 17:26:04: INFO: NAT-D payload does not match for 172.22.5.10[500]
2010-08-18 17:26:04: INFO: NAT-D payload does not match for xxx.xxx.xxx.xxx[235]
2010-08-18 17:26:04: INFO: NAT detected: ME PEER
2010-08-18 17:26:04: INFO: Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]
2010-08-18 17:26:04: INFO: ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:ed4f291c71c1b688:7e6a8a0968f878fb
2010-08-18 17:26:04: INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2010-08-18 17:26:04: INFO: Responding to new phase 2 negotiation: 172.22.5.10[0]<=> xxx.xxx.xxx.xxx[0]
2010-08-18 17:26:04: INFO: Using IPsec SA configuration: 192.168.75.0/24<->192.168.170.224/32
2010-08-18 17:26:04: INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
2010-08-18 17:26:05: INFO: IPsec-SA established[UDP encap 48540->4500]: ESP/Tunnel xxx.xxx.xxx.xxx->172.22.5.10 with spi=239099274(0xe405d8a)
2010-08-18 17:26:05: INFO: IPsec-SA established[UDP encap 4500->48540]: ESP/Tunnel 172.22.5.10-> xxx.xxx.xxx.xxx with spi=3886848189(0xe7ac98bd)
2010-08-18 17:26:07: INFO: Configuration found for xxx.xxx.xxx.xxx[235].
2010-08-18 17:26:07: INFO: Received request for new phase 1 negotiation: 172.22.5.10[500]<=> xxx.xxx.xxx.xxx[235]
2010-08-18 17:26:07: INFO: Beginning Identity Protection mode.
2010-08-18 17:26:07: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 17:26:07: INFO: Received Vendor ID: RFC 3947
2010-08-18 17:26:07: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 17:26:07: INFO: Received unknown Vendor ID
2010-08-18 17:26:07: INFO: Received unknown Vendor ID
2010-08-18 17:26:07: INFO: Received unknown Vendor ID
2010-08-18 17:26:07: INFO: For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947
2010-08-18 17:26:07: INFO: NAT-D payload does not match for 172.22.5.10[500]
2010-08-18 17:26:07: INFO: NAT-D payload does not match for xxx.xxx.xxx.xxx[235]
2010-08-18 17:26:07: INFO: NAT detected: ME PEER
2010-08-18 17:26:07: INFO: Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]
2010-08-18 17:26:07: INFO: ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:699f34b434d4318c:df4adca414787d36
2010-08-18 17:27:14: INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=699f34b434d4318c:df4adca414787d36.
2010-08-18 17:27:14: INFO: Configuration found for xxx.xxx.xxx.xxx[235].
2010-08-18 17:27:14: INFO: Received request for new phase 1 negotiation: 172.22.5.10[500]<=> xxx.xxx.xxx.xxx[235]
2010-08-18 17:27:14: INFO: Beginning Identity Protection mode.
2010-08-18 17:27:14: INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 17:27:14: INFO: Received Vendor ID: RFC 3947
2010-08-18 17:27:14: INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2010-08-18 17:27:14: INFO: Received unknown Vendor ID
2010-08-18 17:27:14: INFO: Received unknown Vendor ID
2010-08-18 17:27:14: INFO: Received unknown Vendor ID
2010-08-18 17:27:14: INFO: For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947
2010-08-18 17:27:14: INFO: NAT-D payload does not match for 172.22.5.10[500]
2010-08-18 17:27:14: INFO: NAT-D payload does not match for xxx.xxx.xxx.xxx[235]
2010-08-18 17:27:14: INFO: NAT detected: ME PEER
2010-08-18 17:27:15: INFO: ISAKMP-SA deleted for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:699f34b434d4318c:df4adca414787d36
2010-08-18 17:27:15: INFO: Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]
2010-08-18 17:27:15: INFO: ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:3fe5eb0bddbf2b9a:f5c11d7f813ca74a
2010-08-18 17:27:15: INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2010-08-18 17:28:20: INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=3fe5eb0bddbf2b9a:f5c11d7f813ca74a.
2010-08-18 17:28:21: INFO: ISAKMP-SA deleted for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:3fe5eb0bddbf2b9a:f5c11d7f813ca74a
With windows XP Pro i dont have this problem.
Is there a detailed configuration guide?
10x -
I encountered a problem with some client machines that use Firefox version 24ESR and IE8.
Ajax requests of aspx pages from Firefox are getting the following error from the iis server (iis version 7.5):
Bad Request - Request Too Long
HTTP Error 400. The size of the request headers is too long.
From analyzing the request that was sent to the server, I saw that the request consist of only the viewstate of the aspx page.
I tried to disable the viewstate for one page and the server got the request correctly.
I do not encounter any issues on these laptops with postback requests from Firefox or when running the same application with IE8.Sometimes that means that the page address sent is loo long.
Check the link address you are using.
I can't help you further and will send for more help. -
Problem with Variable Client Support
Hello,
I work with Labview 8.5 and Crio 9014.
I have a problem with Variable Client Support. When I try to compile my project I have the following error:
"The Network Variable Engine and Variable Client Support must be installed on the RT target for this application to function properly..."
I have read that we have to install the Variable Client Support in Measurement and Automation by right-clicking on the software and then choosing add/remove software but I can't install the appropriate shared variable components because I can't see neither Network Variable Engine and Variable Client Support. So what can I do?
Can somebody help me?
ThanksI have exactly the same problem. I wanted go through the "Getting Started with the LabVIEW RT module" and when I use wizard for generating new project I get same notification in my VI...
The Network Variable Engine and Variable Client Support must be installed on the RT target
for this application to function properly. If the Network Variable Engine is not supported on
the target (e.g. FP-2000 with <32MB of RAM), open the project and move the variable library
to My Computer in the project. Doing this will deploy the variables to localhost but
will still require that Variable Client Support be installed on the RT target.
Could someone help please ?
Attachments:
ni.png 95 KB -
Problem with VPN client on Cisco 1801
Hi,
I have configured a new router for a customer.
All works fine but i have a strange issue with the VPN client.
When i start the VPN the client don't close the connection, ask for password, start to negotiate security policy the show the not connected status.
This is the log form the VPN client:
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 14:37:59.133 04/08/13 Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
2 14:38:01.321 04/08/13 Sev=Info/4 CM/0x63100002
Begin connection process
3 14:38:01.335 04/08/13 Sev=Info/4 CM/0x63100004
Establish secure connection
4 14:38:01.335 04/08/13 Sev=Info/4 CM/0x63100024
Attempt connection with server "asgardvpn.dyndns.info"
5 14:38:02.380 04/08/13 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 79.52.36.120.
6 14:38:02.384 04/08/13 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
7 14:38:02.388 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 79.52.36.120
8 14:38:02.396 04/08/13 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
9 14:38:02.396 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
10 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 79.52.36.120
11 14:38:02.460 04/08/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 79.52.36.120
12 14:38:02.506 04/08/13 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
13 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
14 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports DPD
15 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
16 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
17 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
18 14:38:02.465 04/08/13 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
19 14:38:02.465 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 79.52.36.120
20 14:38:02.465 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
21 14:38:02.465 04/08/13 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xCEFD, Remote Port = 0x1194
22 14:38:02.465 04/08/13 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
23 14:38:02.465 04/08/13 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
24 14:38:02.502 04/08/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 79.52.36.120
25 14:38:02.502 04/08/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 79.52.36.120
26 14:38:02.502 04/08/13 Sev=Info/4 CM/0x63100015
Launch xAuth application
27 14:38:07.623 04/08/13 Sev=Info/4 CM/0x63100017
xAuth application returned
28 14:38:07.623 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 79.52.36.120
29 14:38:12.656 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
30 14:38:22.808 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
31 14:38:32.949 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
32 14:38:43.089 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
33 14:38:53.230 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
34 14:39:03.371 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
35 14:39:13.514 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
36 14:39:23.652 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
37 14:39:33.807 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
38 14:39:43.948 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
39 14:39:54.088 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
40 14:40:04.233 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
41 14:40:14.384 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
42 14:40:24.510 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
43 14:40:34.666 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
44 14:40:44.807 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
45 14:40:54.947 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
46 14:41:05.090 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
47 14:41:15.230 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
48 14:41:25.370 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
49 14:41:35.524 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
50 14:41:45.665 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
51 14:41:55.805 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
52 14:42:05.951 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
53 14:42:16.089 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
54 14:42:26.228 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
55 14:42:36.383 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
56 14:42:46.523 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
57 14:42:56.664 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
58 14:43:02.748 04/08/13 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
59 14:43:02.748 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 79.52.36.120
60 14:43:03.248 04/08/13 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
61 14:43:03.248 04/08/13 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "asgardvpn.dyndns.info" because of "DEL_REASON_CANNOT_AUTH"
62 14:43:03.248 04/08/13 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
63 14:43:03.262 04/08/13 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
64 14:43:03.262 04/08/13 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
65 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
66 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
67 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
68 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
And this is the conf from the 1801:
hostname xxx
boot-start-marker
boot-end-marker
enable secret 5 xxx
aaa new-model
aaa authentication login xauthlist local
aaa authorization network groupauthor local
aaa session-id common
dot11 syslog
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.1.1 10.0.1.10
ip dhcp excluded-address 10.0.1.60 10.0.1.200
ip dhcp excluded-address 10.0.1.225
ip dhcp excluded-address 10.0.1.250
ip dhcp pool LAN
network 10.0.1.0 255.255.255.0
default-router 10.0.1.10
dns-server 10.0.1.200 8.8.8.8
domain-name xxx
lease infinite
ip name-server 10.0.1.200
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall vdolive
ip inspect name Firewall udp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall http
multilink bundle-name authenticated
username xxx password 0 xxxx
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group xxx
key xxx
dns 10.0.1.200
wins 10.0.1.200
domain xxx
pool ippool
acl 101
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set xauthtransform esp-des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set myset
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
archive
log config
hidekeys
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
dsl operating-mode adsl2+
hold-queue 224 in
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
ip address 10.0.1.10 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp pap sent-username aliceadsl password 0 aliceadsl
crypto map clientmap
ip local pool ippool 10.16.20.1 10.16.20.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 10.0.1.2
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source static udp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source list 101 interface Dialer0 overload
access-list 101 remark *** ACL nonat ***
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 150 remark *** ACL split tunnel ***
access-list 150 permit ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
control-plane
line con 0
no modem enable
line aux 0
line vty 0 4
password xxx
scheduler max-task-time 5000
end
Anyone can help me ?
Sometimes the vpn can be vreated using the iPhone or iPad vpn client...I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.
3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97
regular translation creation failed for protocol 50 src inside:192.168.1.9 dst outside:xxx.xx.114.97
HELP? -
WebAccess problem with Windows Client 8
Hi,
We have a problem, with external access with windows 8 client Only, with the following error
The user "user@domain", on client computer "IP:33050", has initiated an outbound connection. This connection may not be authenticated yet.
There's Gateway and Webaccess on the same server
thanks
Rémy
http://www.blogotec.fr MCITP Server Administrator MCTS VirtualisationHi,
Have you tried to turn off Windows Firewall, then test the result again, check whether Firewall is the culprit. Seems the outbound connection is blocked in Windows Firewall, check your Connection Security Rule Properties in Windows Firewall.
Connection Security Rule Properties Page: Authentication Tab
http://technet.microsoft.com/en-us/library/dd448596(v=ws.10).aspx
Yolanda Zhu
TechNet Community Support -
Problem with Macintosh client on 10.5.6
I am having a problem with applying color lables and I was wondering if anybody else was. My server was upgraded to 10.5.6 and ever since then, when on a Macintosh client, applying a color label will not work as expected. I can label a file a color and it shows, but when I click off the file, it changes back to the previous color {or no label if it previously didn't have a label}. If I click on the file again, then the label seems to stick, but even this isn't consistent. It seems that the label does look correct when I look on the server itself. We use the labels quite a lot in my workgroup as a simple way to organize works in progress. Can anybody replicate this on their system? Also, this happens on both clients running 10.5.5 and 10.5.6 (and even 10.5.3 I think)
thanks,
sean rossYes, this appears to be a bug introduced with whatever modifications Apple made to AFP in 10.5.6. See this thread for more info, but no solution yet: http://discussions.apple.com/thread.jspa?messageID=8776293
Message was edited by: JJakucyk -
New WSUS on Server 2012 - problem with win8 clients
Hi,
Two weeks ago we created a new Server 2012 and installed the WSUS role from scratch on it. Its version number is: 6.2.9200.16384. It replaced a Server 2008 WSUS server. After some time all the win7 clients updated and reported as
they did on the old and replaced server.
However all our win8 clients refuse to update against this server. They show correctly up in WSUS server console each with 107 needed updates day after day. We have rebooted them and done numerous wuauclt /resetauthorization /detectnow and wuauclt
/detectnow /reportnow, but to no avail.
I paste in some lines from a win8 client winupdate log at the end of this message if someone can figure out what I have to do to get these clients update as they did against the old wsus server. Thanks for help on this issue.
regards Tor
2014-02-03 08:33:38:008 920 153c Agent *************
2014-02-03 08:33:38:008 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:38:008 920 153c Agent *********
2014-02-03 08:33:38:008 920 153c Agent * Online = Yes; Ignore download priority = No
2014-02-03 08:33:38:008 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:38:008 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:38:008 920 153c Agent * Search Scope = {Machine & All Users}
2014-02-03 08:33:38:008 920 153c Agent * Caller SID for Applicability: S-1-5-18
2014-02-03 08:33:38:008 920 153c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2014-02-03 08:33:38:008 920 1990 AU >>## RESUMED ## AU: Search for updates [CallId = {ABC7E77F-635F-4192-9B92-CBF9B1CB8AB0} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-02-03 08:33:38:008 920 1990 AU # 0 updates detected
2014-02-03 08:33:38:008 920 1990 AU #########
2014-02-03 08:33:38:008 920 1990 AU ## END ## AU: Search for updates [CallId = {ABC7E77F-635F-4192-9B92-CBF9B1CB8AB0} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-02-03 08:33:38:008 920 1990 AU #############
2014-02-03 08:33:38:023 920 153c Misc Microsoft signed: Yes
2014-02-03 08:33:38:023 920 153c Misc Infrastructure signed: Yes
2014-02-03 08:33:38:023 920 153c EP Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "http://fe1.ws.microsoft.com/w8/2/redir/storeauth.cab"
2014-02-03 08:33:38:023 920 153c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\117CAB2D-82B1-4B5A-A08C-4D62DBEE7782\wuredir.cab:
2014-02-03 08:33:38:039 920 153c Misc Microsoft signed: Yes
2014-02-03 08:33:38:039 920 153c Misc Infrastructure signed: Yes
2014-02-03 08:33:38:039 920 153c EP Got 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 redir Client/Server URL: "https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx"
2014-02-03 08:33:38:055 920 153c PT +++++++++++ PT: Synchronizing server updates +++++++++++
2014-02-03 08:33:38:055 920 153c PT + ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}, Server URL = https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx
2014-02-03 08:33:38:055 920 153c Agent Reading cached app categories using lifetime 604800 seconds
2014-02-03 08:33:38:055 920 153c Agent Read 0 cached app categories
2014-02-03 08:33:39:211 920 153c Agent * Added update {E7FF661C-6A03-4387-A1EE-1D723B52EF60}.3 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {A9A0E183-0667-46D6-84E4-17CEBCEE5A22}.1 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:211 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:211 920 153c Agent * Found 13 updates and 31 categories in search; evaluated appl. rules of 69 out of 94 deployed entities
2014-02-03 08:33:39:211 920 153c Agent *********
2014-02-03 08:33:39:211 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:211 920 153c Agent *************
2014-02-03 08:33:39:211 920 1a64 Report REPORT EVENT: {0786C161-F6DC-4842-85D6-9506124654AD} 2014-02-03 08:33:38:008+0100 1
147 [AGENT_DETECTION_FINISHED] 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows Update Command Line Success Software Synchronization
Windows Update Client successfully detected 0 updates.
2014-02-03 08:33:39:211 920 1a64 Report REPORT EVENT: {1E5D9728-220F-44A3-8BCC-ADE69687531D} 2014-02-03 08:33:38:008+0100 1
156 [AGENT_STATUS_30] 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows Update Command Line Success Pre-Deployment Check
Reporting client status.
2014-02-03 08:33:39:211 920 1a64 Report REPORT EVENT: {57BAB7D0-685B-4D73-BDF7-82AFCE8675B0} 2014-02-03 08:33:39:211+0100 1
147 [AGENT_DETECTION_FINISHED] 101 {00000000-0000-0000-0000-000000000000} 0 0 Windows Update Command Line Success Software Synchronization
Windows Update Client successfully detected 13 updates.
2014-02-03 08:33:39:211 920 1a64 Report CWERReporter finishing event handling. (00000000)
2014-02-03 08:33:39:227 920 153c Agent *************
2014-02-03 08:33:39:227 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:227 920 153c Agent *********
2014-02-03 08:33:39:227 920 153c Agent * Online = No; Ignore download priority = No
2014-02-03 08:33:39:227 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:39:227 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:39:227 920 153c Agent * Search Scope = {Current User}
2014-02-03 08:33:39:227 920 153c Agent * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1155
2014-02-03 08:33:39:258 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {A9A0E183-0667-46D6-84E4-17CEBCEE5A22}.1 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:258 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:258 920 153c Agent * Found 11 updates and 29 categories in search; evaluated appl. rules of 58 out of 94 deployed entities
2014-02-03 08:33:39:258 920 153c Agent *********
2014-02-03 08:33:39:258 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:258 920 153c Agent *************
2014-02-03 08:33:39:258 920 153c Agent *************
2014-02-03 08:33:39:258 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:258 920 153c Agent *********
2014-02-03 08:33:39:258 920 153c Agent * Online = No; Ignore download priority = No
2014-02-03 08:33:39:258 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:39:258 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:39:258 920 153c Agent * Search Scope = {Current User}
2014-02-03 08:33:39:258 920 153c Agent * Caller SID for Applicability: S-1-5-21-2212025170-3189117132-1219651784-500
2014-02-03 08:33:39:305 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:305 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:305 920 153c Agent * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
2014-02-03 08:33:39:305 920 153c Agent *********
2014-02-03 08:33:39:305 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:305 920 153c Agent *************
2014-02-03 08:33:39:305 920 153c Agent *************
2014-02-03 08:33:39:305 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:305 920 153c Agent *********
2014-02-03 08:33:39:305 920 153c Agent * Online = No; Ignore download priority = No
2014-02-03 08:33:39:305 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:39:305 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:39:305 920 153c Agent * Search Scope = {Current User}
2014-02-03 08:33:39:305 920 153c Agent * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1323
2014-02-03 08:33:39:352 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:352 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:352 920 153c Agent * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
2014-02-03 08:33:39:352 920 153c Agent *********
2014-02-03 08:33:39:352 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:352 920 153c Agent *************
2014-02-03 08:33:39:352 920 153c Agent *************
2014-02-03 08:33:39:352 920 153c Agent ** START ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:352 920 153c Agent *********
2014-02-03 08:33:39:352 920 153c Agent * Online = No; Ignore download priority = No
2014-02-03 08:33:39:352 920 153c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-02-03 08:33:39:352 920 153c Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-02-03 08:33:39:352 920 153c Agent * Search Scope = {Current User}
2014-02-03 08:33:39:352 920 153c Agent * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1282
2014-02-03 08:33:39:383 920 153c Agent * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
2014-02-03 08:33:39:383 920 153c Agent * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
2014-02-03 08:33:39:383 920 153c Agent * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
2014-02-03 08:33:39:383 920 153c Agent *********
2014-02-03 08:33:39:383 920 153c Agent ** END ** Agent: Finding updates [CallerId = Windows Update Command Line]
2014-02-03 08:33:39:383 920 153c Agent *************
2014-02-03 08:33:39:383 920 1990 AU >>## RESUMED ## AU: Search for updates [CallId = {66AF0139-896D-4607-8660-B66D2B58EA26} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-02-03 08:33:39:383 920 1990 AU # 12 updates detected
2014-02-03 08:33:39:383 920 1990 AU #########
2014-02-03 08:33:39:383 920 1990 AU ## END ## AU: Search for updates [CallId = {66AF0139-896D-4607-8660-B66D2B58EA26} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-02-03 08:33:39:383 920 1990 AU #############
2014-02-03 08:33:39:383 920 1990 AU All AU searches complete.
2014-02-03 08:33:39:383 920 1990 AU AU setting next detection timeout to 2014-02-03 10:18:51
2014-02-03 08:33:44:211 920 1a64 Report CWERReporter finishing event handling. (00000000)
2014-02-03 08:41:39:472 920 1a64 EP Got WSUS Client/Server URL: "http://elias:8530/ClientWebService/client.asmx"
2014-02-03 08:41:39:472 920 1a64 PT WARNING: Cached cookie has expired or new PID is available
2014-02-03 08:41:39:472 920 1a64 EP Got WSUS SimpleTargeting URL: "http://elias:8530"
2014-02-03 08:41:39:472 920 1a64 PT Initializing simple targeting cookie, clientId = c5e26849-287b-4b96-ba5d-1489d6fad2f2, target group = , DNS name = dt-ikt-tor.framnes.lan
2014-02-03 08:41:39:472 920 1a64 PT Server URL = http://elias:8530/SimpleAuthWebService/SimpleAuth.asmx
2014-02-03 08:41:39:519 920 1a64 EP Got WSUS Reporting URL: "http://elias:8530/ReportingWebService/ReportingWebService.asmx"
2014-02-03 08:41:39:519 920 1a64 Report Uploading 2 events using cached cookie, reporting URL = http://elias:8530/ReportingWebService/ReportingWebService.asmx
2014-02-03 08:41:39:566 920 1a64 Report Reporter successfully uploaded 2 events.
2014-02-03 08:42:13:212 920 178c Report WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
2014-02-03 08:43:40:450 920 178c AU ########### AU: Uninitializing Automatic Updates ###########
2014-02-03 08:43:40:450 920 178c WuTask Uninit WU Task Manager
2014-02-03 08:43:40:513 920 178c Service *********
2014-02-03 08:43:40:513 920 178c Service ** END ** Service: Service exit [Exit code = 0x240001]
2014-02-03 08:43:40:513 920 178c Service *************Today I opened Control Panel / Windows Updates and first did a check for new updates (from the WSUS server). Nothing was found and it reported Windows is Updated. Then I clicked the link Check for updates from Microsoft via internet, and
it found around 24 updates.
This is confirmation of the point that I made in the previous post. The updates are *NEEDED* by this system, but the updates were not *AVAILABLE* from the assigned WSUS Server. You were able to get them from Windows Update, but that does not fix your continuing
issue with the WSUS Server.
but it still reported the original 108 Needed updates.
Exactly. As previously noted, the client is functioning perfectly. The problem is NOT with the client; the problem is with the WSUS Server. The updates that this client needed were not AVAILABLE to be downloaded from the WSUS server.
Why this is the case requires further investigation on your part, but is either because the updates are not properly approved, or the update FILES are not yet downloaded from Microsoft to the WSUS server.
It appears that the wsus server doesn't get any information back from the client despite that it displays new Last contact and Last Status report timestamps.
This conclusion is incorrect. The WSUS Server got every bit of information available from the client -- you've confirmed this by the number of updates reported as "Needed" by the Windows Update Agent to the WSUS Server.
I assumed that the log would display if the updates were downloaded or not.
It will log when the updates are actually downloaded. If there's no log entries for updates being downloaded, then they're not being downloaded. If the logfile says "Found 0 updates", then that means exactly what it says: It couldn't find any approved/available
updates to download.
In your case it "Found 11 updates", but now it will be impossible to diagnose that fault, because you went and got them from Windows Update.
All Win8 versions are checked in the WSUS server's Product list so the updates should at least have been downloaded to the server.
This is why understanding the infrastructure is so critical. Your conclusion is invalid based on the premise given, and you may be using improper terminology which only confuses the rest of us as well.
First, selecting updates for synchronization only gets the update metadata (i.e. the detection logic) downloaded to the WSUS database.
The Second Step in this process is to Approve those updates for one or more WSUS Target Groups that contain the appropriate client systems. Following the approval of an update, the WSUS Server downloads the INSTALLATION FILE for that update.
Once the WUAgent sees an approved update and the installation file is available, then the WUAgent will download the file and schedule the update for installation.
Most of the post I read about my problem is about upgrading a 2008 WSUS server to support Win8 / Server 12 clients. When I try to run this update on my Server 12 WSUS it refuses to run (probably because it is for Server 2008).
Yeah.. totally different issue in those posts than what you're describing here.
What should I do to try to track down the problem?
Well.... now that it's 11 days since the logfile was posted, and you've already updated that system, we'll first need to find another system exhibiting the same issue.
Then I'll need to ask a number of questions to properly understand the environment, as well as what you have or have not done.
Then, from there, we can attempt to figure out why your Windows 8 client apparently sees some updates as approved/available but is still not downloading them. We do not yet have sufficient information to even speculate on a possible cause -- there are several.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds. -
Error during Https client Authentication
Hi ,
I have configured the SOAP adapter for HTTPS with client authentication.The certificates are also in place. Even then i am getting the below error.
Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: response message contains an error XIServer/UNKNOWN/ADAPTER.JAVA_EXCEPTION - java.security.AccessControlException: client certificate required at com.sap.aii.adapter.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:927) at sun.reflect.GeneratedMethodAccessor370.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sap.engine.services.ejb3.runtime.impl.RequestInvocationContext.proceedFinal(RequestInvocationContext.java:43) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:166) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_StatesTransition.invoke(Interceptors_StatesTransition.java:19) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Resource.invoke(Interceptors_Resource.java:71) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Transaction.doWorkWithAttribute(Interceptors_Transaction.java:38) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Transaction.invoke(Interceptors_Transaction.java:22) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:189) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_StatelessInstanceGetter.invoke(Interceptors_StatelessInstanceGetter.java:16) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_SecurityCheck.invoke(Interceptors_SecurityCheck.java:21) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_ExceptionTracer.invoke(Interceptors_ExceptionTracer.java:16) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.DefaultInvocationChainsManager.startChain(DefaultInvocationChainsManager.java:133) at com.sap.engine.services.ejb3.runtime.impl.DefaultEJBProxyInvocationHandler.invoke(DefaultEJBProxyInvocationHandler.java:164) at $Proxy2683.process(Unknown Source) at com.sap.aii.af.app.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:275) at sun.reflect.GeneratedMethodAccessor368.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sap.engine.services.ejb3.runtime.impl.RequestInvocationContext.proceedFinal(RequestInvocationContext.java:43) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:166) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_StatesTransition.invoke(Interceptors_StatesTransition.java:19) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Resource.invoke(Interceptors_Resource.java:71) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Transaction.doWorkWithAttribute(Interceptors_Transaction.java:38) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Transaction.invoke(Interceptors_Transaction.java:22) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:189) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_StatelessInstanceGetter.invoke(Interceptors_StatelessInstanceGetter.java:16) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_SecurityCheck.invoke(Interceptors_SecurityCheck.java:21) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_ExceptionTracer.invoke(Interceptors_ExceptionTracer.java:16) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.DefaultInvocationChainsManager.startChain(DefaultInvocationChainsManager.java:133) at com.sap.engine.services.ejb3.runtime.impl.DefaultEJBProxyInvocationHandler.invoke(DefaultEJBProxyInvocationHandler.java:164) at $Proxy230.process(Unknown Source) at com.sap.aii.adapter.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:175) at com.sap.aii.adapter.soap.web.MessageServlet.doPost(MessageServlet.java:470) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:163) at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:82) at com.sap.engine.services.servlets_jsp.server.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:124) at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:74) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:425) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:289) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:376) at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:85) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71) at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:160) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71) at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:67) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71) at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71) at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71) at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71) at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:309) at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.run(Processor.java:222) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37) at java.security.AccessController.doPrivileged(Native Method) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:152) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:247)Hi
The error "client certificate required" reported by you has a clear cause - at least at the first sight: You do not deliver a client certificate with your SOAP request or it is not vaild/corrupted.
Regards,
Volker -
Cisco Prime 2.1 problem with API/Client
Hi,
im having a problem with the API output i get from Cisco Prime Infrastructure. The URL im trying to GET info from is:
https://<URL>/webacs/api/v1/data/Clients
The output shows that im missing data from a specific ID. Example:
{"@url":"https:\/\/prime.lmv.lm.se\/webacs\/api\/v1\/data\/Clients\/1280389614","@type":"Clients","$":"1280389614"}
Then i try to GET the info regarding this ID: https://<URL>/webacs/api/v1/data/Clients/1280389614
{"errorDocument":{"httpResponseCode":500,"httpMethod":"GET","message":"No such entity as Clients \/ 1280389614.-PRS-101","id":"presentation.PRS-101","uriPath":"data\/Clients\/1280389614","queryParams":"{}"}}
So something is wrong here, so when i add ".full=true" parameter i get the following error as it cannot show the client data:
https://<URL>/webacs/api/v1/data/Clients.json?.full=true&.firstResult=1000&.maxResults=1000
{"errorDocument":{"httpResponseCode":500,"httpMethod":"GET","message":"Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'; nested exception is org.hibernate.HibernateException: Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'","exception":"org.springframework.orm.hibernate3.HibernateSystemException: Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'; nested exception is org.hibernate.HibernateException: Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'","uriPath":"data\/Clients","queryParams":"{.full=[true], .firstResult=[1000], .maxResults=[1000]}"}}
Any idea how to solve this issue, how can i find the client that is causing this problem? In my script im reading all the clients in the network to a third party application. But right now its hard to get this output in a smart way. It might be resolved in 2.2, but it feels like the data i corrupt in some way so i doubt that this error is related to the version?
Best Regards // Mattias AnderssonHi,
I have also run into this problem on two different Prime 2.1-systems when trying to get all Client-data available. I haven't figured out a way to fix it more than making small calls (.maxResults=100) then trying to pin-point and skip the ID giving the error. I've been using 2.2 for a while now but haven't tested the Client-API that much yet. I'll experiment some more on it and see if I can recreate the problem to see if it's related to the version. -
Problem with HTTP load balancing
Hello Experts
I have a problem when i do loadbalancing for links like http://1.1.1.1/site/home where 1.1.1.1 is the VIP address (i got http not found), while it is working fine when the link is http://1.1.1.1,
the link is working fine on the real servers for example when i try http://2.2.2.2/site/home it works
by the way, im not doing URL loadbalancing,
any ideas
Thank you in advanceIt is generally good idea for this type of cases to get a sniffer trace (in ACE module span 10G backplane interface from supervisor or if ACE appliance take parallel span session of client and server vlan).
This case was investigated in TAC SR and this is a small summary of the traces that may help other users hitting this issue (usually it is good idea to filter by http and client IP) :
This is what we have seen for the non-working scenario.
Packet 1: Client sends HTTP GET to ACE VIP
Packet 2: ACE forwards HTTP GET to RSERVER
Packet 3: RSERVER answers ACE with HTTP 404
Packet 4: ACE forwards the real server response (HTTP 404) to the client
ACE was not changing anything in the packets that were being loadbalanced. And the HTTP 404 error sent from the server that ACE was forwarding indicates that the Web server thinks that the HTTP data stream sent by the client was correct, but simply can not provide the access to the resource specifief by URL.
Bottom line it was found that in this case the server behaves in a different way based on the hostname used to connect to the application, and this should be addressed on the application/server side. An easy way to check this is by using the server name pointing to the vip in local client hostfile. -
i'm posting the data using HttpsURLConnection to IIS 5.0 web server. The code is working fine for server authentication. Now i want to enable the client authentication option in IIS. How do i send the client certificate from the Java program to the IIS web server
There are 2 things you need to do:
1. Turn on "Require client certificate" on IIS.
2. Either use HttpsURLConnection or if you're using SSLSocket, you have to send at least 2 lines
GET / HTTP/1.1
Host: iis-server
The Host HTTP header line is key.
Without that line, IIS won't send CertificateRequest during SSL handshake.
With that line, IIS force the client to connect again, on the second handshake, IIS send the CertificateRequest command correctly!
Maybe you are looking for
-
How can I talk to a live agent
HOw. Can I talk to a live agent. Need to cancel orders placed by mistake
-
Printing window contents in webdynpro ABAP
Dear fellow SDNers, The first reply that may come to your mind for this post is that "This has been discussed numerous times in this forum". But the fact is that I am not able to make out how it is possible to print the contents of a webdynpro window
-
Event ID 7002 after re-install WSUS
I'm running Windows 2012 with SCCM 2012 R2, SQL 2012 and WSUS on same server. I was getting event id 7002 so I uninstalled the WSUS feature, rebooted and re-added it, but I'm still getting this event. The WSUS is installed on it's own SQL instance. O
-
Adobe Photoshop 9 only gives me FAX print as an option - how can I fix this?
I bought a new printer - all of my other software is doing just fine with it. Adobe Photoshop 10 seems to think I am trying to fax. I have tried uninstalling and reinstalling and still everytime I try to print a picture only fax options come up. M
-
ARD 3.1 doesn't show 10.4.10 in list windows
The three trial machines I've installed the 10.4.10 update on have all performed flawlessly. What's odd is that these three machines, all after restarts, will still show 10.4.9 in ARD Admin's main list windows. Even more strange is that they correctl