R/3 to XI through Proxy

Hello All,
When I use SPROXY in R/3 all interfaces are greyed out.
Also when I do Connection Test
it gives message  "Integration Builder address not      maintained"
Pls send blogs/links for configuring the above message.
Regards

Hi,
Please refer below link for the settings reqired are whether compleetd or not.
ABAP Proxy configuration:
/people/vijaya.kumari2/blog/2006/01/26/how-do-you-activate-abap-proxies
SPROXY not working:
/people/vijaya.kumari2/blog/2006/01/26/how-do-you-activate-abap-proxies
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f83deb90-0201-0010-189c-8d3ff87572f8
Refer the below links:
/people/ravikumar.allampallam/blog/2005/03/14/abap-proxies-in-xiclient-proxy
/people/sravya.talanki2/blog/2006/07/28/smarter-approach-for-coding-abap-proxies
http://help.sap.com/saphelp_nw04/helpdata/en/2b/f49b21674e8c44940bb3beafd83d5c/frameset.htm
Thanks
Swarup

Similar Messages

  • Can't access some secure sites through proxy?

    can't access some secure sites through proxy server on osx it just keeps going local authority couldn't be contacted, i had the same problem with parental controls, but now that is off and its still doing it, is there a setting or something i need to enable?

    In my original post, not today's, I had said I was having the issues on the Mini, running OSX 10.6.8 and Safari v.5.1.5 for my bank's pill pay. I should have been more specific as to which machine and OSX Safari browser I'm having the T-Mobile problem with. My mistake.
    It is on both the MacMini and now the Air too. A moment ago, I was able to log in to my.t-mobile.com on the Air, but after putting into my Bookmarks folder, I can't do it anymore. The Log in button comes up greyed out instead of green.
    I'm also still having trouble with my bank's bill pay section on both computers too.
    I wonder if it's related to the saving of the log in info or putting in the Bookmark Folder?

  • ASA cut through proxy with RADIUS challenge response?

    Have this working for IPSEC VPN on same box (tested on 8.2.1 and 8.2.3)
    Want to do cut through proxy with challenge response - same ASA and same RADUIS server but using aaa authentication match command and this is what happens...
    It looks like the ASA sends a completely different radius authentication request than with VPN authentication request. Is there any way to specify what request is sent?
    What the RADIUS Server sees with ASA VPN auth - THIS WORKS OK (included for comparison)
    Date: 15/11/2010
    Time: 3:53:57 PM
    Type: Information
    Source: Server
    Category: RADIUS
    Code: I-006001
    Description: A RADIUS Access-Request has been received.
    AMID: 0xC8500B80B3D8F49C6CB37E5D32DA6682
    Details:
    Source Location : 10.xx.21.24
    Client Location : 10.xx.21.230:1025
    Request ID : 31
    Password Protocol : PAP
    Input Details : RADIUS Code:1, RADIUS Id:31, , User-Name:xxxx, User-Password:******, NAS-IP-Address:10.xx.21.230, NAS-Port:31, NAS-Port-Type:Virtual, vendor(9):attrib(1):0x1A2000000009011A69703A736F757263652D69703D31302E32312E352E313137, Calling-Station-Id:ip:source-ip=10.21.5.117
    Action : Process
    What the RADIUS Server sees with ASA cut thru - THIS FAILS (any help V welcome)
    Date: 17/11/2010
    Time: 2:29:31 PM
    Type: Warning
    Source: Server
    Category: RADIUS
    Code: W-006001
    Description: An invalid RADIUS packet has been received.
    AMID: 0xC19D988F83365F20151C3F6339DEC74B
    Details:
    Source Location : 10.xx.21.24:1812 (Authentication)
    Client Location : 10.xx.21.230:1025
    Reason : The sub-protocol of the received RADIUS packet cannot be determined
    Request ID : 33
    Input Details : 0x01210066055A8B6881266714BDB20380B9FE5FAC01066962333504060AC815E60506000000203D06000000051A2000000009011A69703A736F757263652D69703D31302E34302E352E3131311F1A69703A736F757263652D69703D31302E34302E352E313131
    Request Type : Access-Request
    Thanks in advance
    IB

    Hi Ian,
    sorry for the late reaction - do you still need help with this?
    The difference between the working (VPN) auth and the failing (CTP) auth seems to be that VPN is using PAP (so no challenge-response!) while the CTP is using MS-Chapv2
    So my guess is that your Radius server does not support MS-Chapv2. If that is the case then you may want to try this:
    aaa-server () host
    no mschapv2-capable
    Although this command is not really meant to be used in this scenario, so I'm not sure if it will work but I'm hoping it will make the ASA revert to PAP for all auth requests to this host.
    Note that you won't be doing challenge/response, so your passwords will be transmitted over the wire (encrypted).
    hth
    Herbert

  • Re: (forte-users) HTTP request through proxy server

    Daniel -
    No, it does not. ;)
    How do you say to HTTPRequest to go through proxy?
    Thanks,
    Taras
    Daniel Nguyen wrote:
    >
    Hi,
    It works very well. I have experienced this model for a distant Forte client
    calling a Forte Server service Object for instance without any environment
    and without TCP access (passing through firewall for instance).
    It has also worked very well to make an injectot to improve Web Enterprise
    and IIS using the SendRequest from HTTPAccess.
    Hope this helps,
    Daniel Nguyen
    Freelance Forte Consultant
    http://perso.club-internet.fr/dnguyen/
    Taras Katkov a écrit:
    HTTP request through proxy server using forte HTTP library?
    Any experience?
    Thanks,
    Taras
    For the archives, go to: http://lists.xpedior.com/forte-users and use
    the login: forte and the password: archive. To unsubscribe, send in a new
    email the word: 'Unsubscribe' to: forte-users-requestlists.xpedior.com--
    For the archives, go to: http://lists.xpedior.com/forte-users and use
    the login: forte and the password: archive. To unsubscribe, send in a new
    email the word: 'Unsubscribe' to: forte-users-requestlists.xpedior.com

    You can also use the HTTP-DC project.... You don't
    need Web Enterprise for this. From what I can tell,
    this is available in L.x on....
    There is api documentation in M.2 (with scant
    examples.)
    There's a special process to put the project in your
    repository (it isn't installed in the repository in
    the standard install,) the documentation in M.2
    (probably in M.0 too, AFAIK) that tells you how to do
    this (look for HTTP-DC in the online help.)
    I haven't done much with it yet, I've just installed
    it. If anybody out there has examples, that'd be
    great. I'll try to contribute more the moment I get a
    chance to explore it....
    Christopher Fury
    BellSouth Communications Systems
    --- Daniel Nguyen <dnguyenclub-internet.fr> wrote:
    Hi,
    If you have Web Enterprise, you can user
    HttpAccess.SendRequest().
    Hope this helps,
    Daniel Nguyen
    Freelance Forte Consultant
    Amin, Kamran a &eacute;crit:
    Is there any way to make a HTTP request from TOOLto another HTTP Service?
    thanks in advance.
    For the archives, go to:
    http://lists.xpedior.com/forte-users and use
    the login: forte and the password: archive. Tounsubscribe, send in a new
    email the word: 'Unsubscribe' to:forte-users-requestlists.xpedior.com
    For the archives, go to:
    http://lists.xpedior.com/forte-users and use
    the login: forte and the password: archive. To
    unsubscribe, send in a new
    email the word: 'Unsubscribe' to:
    forte-users-requestlists.xpedior.com
    Kick off your party with Yahoo! Invites.
    http://invites.yahoo.com/

  • Getting through proxy servers

    Hello,
    Does anyone know if the URLRequest / Loader classes are able
    to connect through proxy servers? In other words, does Flash read
    the PC's proxy configuration and automatically use it?
    Also, I was wondering, if one was to create a Socket and then
    connect to a web site...
    mySocket.connect("www.mydoman.com", 80);
    but the user's PC uses a proxy server to connect to the
    Internet, would this
    connection succeed or fail?
    Thanks for your insight.
    Dan

    Check the links below out. I think it may help you out some.
    http://bugs.adobe.com/jira/browse/FP-519
    http://bugs.adobe.com/jira/browse/FP-673

  • BPC Connection Through Proxy

    Deal All,
    We could not connect BPC through proxy server. Can anybody let me know any specific setting required.
    Best Regards
    Shesh

    Sorin,
    Thank you so much for the reply. 
    I think you are saying that when I connect  that when I am connecting directly to BPCWEB it is saying knows you are authenticated to the windows domain. But when it gets it from the proxy server it is now not you anymore the BPCWEB server sees it coming from the proxy server NOT the windows domain.
    So instead of DOMAIN/userID connecting it is PROXY/userID connecting. BPC doesn't know you. This cannot be the first time this has been seen.
    Do you know a way around this?  I am currently using sapwebdispatcher as my reverse proxy here, however I do not mind trying other products.
    Would you have any recommendations on what your other clients use as a reverse proxy for BPC. 
    To simply things, we have DOMAIN users ---> Reverse proxy box ---> BPC Web .NET Server.  We want to eliminte the ability for direct access to the BPC web .NET Server
    Thanks again... any help would be great as we have been struggling for a few weeks to get this silly access issue resolved.
    Edited by: Russell Hull on Feb 20, 2010 7:24 PM

  • ASA - cut through proxy authentication for RDP?

    I know how to set this up on a router (dynamic access-list - lock and key)... But, I'm having trouble understanding how to setup OUTSIDE to INSIDE cut through proxy authentication for RDP.
    OUTSIDE to INSIDE RDP is currently working.
    I have 2 servers I want RDP open for..
    [*]OUTSIDE 1.1.1.1 to INSIDE 10.10.70.100
    [*]OUTSIDE 1.1.1.2 to INSIDE 10.10.50.200
    What's required for OUTSIDE users  to authenticate on the ASA before allowing port 3389 opens? I was hoping for is a way to SSH into this ASA, login with a special user, then have the ASA add a dynamic ACE on the OUTSISE interface to open 3389 for a designated time limit. Is this possible?
    Here is my current config.
    [code]
    ASA Version 8.2(5)
    hostname ASA5505
    names
    name 10.10.0.0 LANTraffic
    name 10.10.30.0 SALES
    name 10.10.40.0 FoodServices
    name 10.10.99.0 Management
    name 10.10.20.0 Office
    name 10.10.80.0 Printshop
    name 10.10.60.0 Regional
    name 10.10.70.0 Servers
    name 10.10.50.0 ShoreTel
    name 10.10.100.0 Surveillance
    name 10.10.90.0 Wireless
    interface Ethernet0/0
    description TO INTERNET
    switchport access vlan 11
    interface Ethernet0/1
    description TO INSIDE 3560X
    switchport access vlan 10
    interface Ethernet0/2
    shutdown
    interface Ethernet0/3
    shutdown
    interface Ethernet0/4
    shutdown
    interface Ethernet0/5
    shutdown
    interface Ethernet0/6
    shutdown
    interface Ethernet0/7
    shutdown
    interface Vlan1
    no nameif
    security-level 50
    no ip address
    interface Vlan10
    description Cisco 3560x
    nameif INSIDE
    security-level 100
    ip address 10.10.1.1 255.255.255.252
    interface Vlan11
    description Internet Interface
    nameif OUTSIDE
    security-level 0
    ip address 1.1.1.1 255.255.255.224
    ftp mode passive
    clock timezone PST -8
    clock summer-time PDT recurring
    dns domain-lookup OUTSIDE
    dns server-group DefaultDNS
    name-server 8.8.8.8
    name-server 4.2.2.2
    domain-name test.local
    access-list RDP-INBOUND extended permit tcp any host 1.1.1.1 eq 3389
    access-list RDP-INBOUND extended permit tcp any host 1.1.1.2 eq 3389
    pager lines 24
    logging enable
    logging timestamp
    logging trap warnings
    logging device-id hostname
    logging host INSIDE 10.10.70.100
    mtu INSIDE 1500
    mtu OUTSIDE 1500
    ip verify reverse-path interface OUTSIDE
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-645.bin
    no asdm history enable
    arp timeout 14400
    global (OUTSIDE) 1 interface
    nat (INSIDE) 1 LANTraffic 255.255.0.0
    static (INSIDE,OUTSIDE) tcp interface 3389 10.10.70.100 3389 netmask 255.255.255.255
    static (INSIDE,OUTSIDE) tcp 1.1.1.2 3389 10.10.50.200 3389 netmask 255.255.255.255
    access-group RDP-INBOUND in interface OUTSIDE
    route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
    route INSIDE LANTraffic 255.255.0.0 10.10.1.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    aaa authentication http console LOCAL
    http server enable
    http Management 255.255.255.0 INSIDE
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh 10.10.70.100 255.255.255.255 INSIDE
    ssh Management 255.255.255.0 INSIDE
    ssh 0.0.0.0 0.0.0.0 OUTSIDE
    ssh timeout 5
    ssh version 2
    console timeout 0
    threat-detection basic-threat
    threat-detection scanning-threat shun
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    webvpn
    username scott password CNjeKgq88PLZXETE encrypted privilege 15
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect ip-options
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:1e9d278ce656f22829809f4c46b04a07
    : end
    [/code]

    You're running ASA 8.2(5). In 8.4(2) Cisco added support for what they call Identity Firewall rules. That is, you can make access-lists entries specific to users (or object groups containing users).
    There's an overview document on this posted here. It's a bit dated but I believe the only change is that Cisco is now preferring use of the more current Context Directory Agent (CDA) - a free VM they provide - vs. the deprecated AD agent (software service that runs on your DC).

  • ASA - Cut-through proxy probleme

    I have to configure my ASA 7.2.2 for cut-through proxy but when the users use authentication prompt ,
    but only , for (http://1.1.0.2/netaccess/connstatus.html) the ASA send the following message:
    User Authentication
    User Authentication is not required.
    help me
    it is ok when one uses cut-through-proxy by ACL :
    access-list ACL_INT extended permit tcp object-group PC-UAUTH_DYN host MVINCT19 eq www
    access-list ACL_AUTH line 1 extended permit tcp host poste_auvinet host MVINCT19 eq www
    aaa-server auth_inside protocol radius
    aaa-server auth_inside host SVR-ACS-IN
    key xxx
    username admin password xxx privilege 15
    aaa authentication match ACL_AUTH inside auth_inside
    aaa authentication listener http inside port www
    on a pix 525 is OK

    Hi,
    The config looks good. Please remember that successful authentication is cached (show uauth) and till it expires user will not need to authenticate again.
    Please clear uauth and see if it helps.
    Regards,
    Vivek

  • How to create pass-through-proxy?

    How do I create some kind of pass-through proxy that can listen and receive OCI, and then forward the commands to the oracle database (sometimes where the SQL is slightly altered). What is the best way to do this?
    I failed to find any relevant help in the docs. :-(
    Thanks in advance!

    Anyone? I guess what I'm looking for is how to receive instead of just sending OCI commands, and extract the SQL from the received OCI commands/packages for possible modification/refactoring.

  • OSB 11g with  PASS-THROUGH PROXY

    hello all,
    I my designing on latest Fusion Middleware 11g Release 1 (11.1.1.5.0)
    a http soap based osb proxy service wraped around owsm saml2.0- sender- vouches-message-protection service policy
    a http soap based osb business service wrapped around owsm saml2.0- sender- vouches-message-protection client policy
    a standalone client is calling this Passive Intermediary Proxy
    In case of pass-through proxy service,
    I would like to know that is it necessary that the policy contract between client --->proxy should be similar to proxy--->backend
    I think so, because proxy is not atall touching the entire stuff starting from <soap:envelope>.........</soap:envelope>
    So client-sent tokens etc. must match with what back end service requires.
    In general, what am I buying by routing the client call through pass-through proxy service if the back-end webservice requires that entire message must by encrypted. In this case there is nothing open for the proxy to view and make any decisions based on that through its pipeline pairs etc.

    Check out the following link...
    http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b5e.html

  • FRM-92102 through proxy

    IE 6.x / Win XP
    eTrus PROXY / Win XP
    AS 10g 9.0.4 / Linux Red Hat
    We are migrating from 6i to 9i.
    With the 6i (cgi) we no have connect problems through proxy, but with 9i, after the second call the error appear.
    We could run the first form/menu, but when this form call_form another form or call an LOV the error appear.
    In the logs the conection to the AS is broken (possible from client, in this case the client is the PROXY).
    If we skip the use of PROXY (in the Browser), the application can run success, we can call_form or LOVs.
    Tx in advance for any help.
    DL

    Please take a look to the parameter networkRetries - if it is set in the formsweb.cfg or static.html.
    See Note:216639.1

  • MAK activation through Proxy activate

    dear all
    good day
    I'am using VAMT to activate all computers in my domain by using MAK activation, when I activate a windows 8.1 through "proxy activate" I found that the remaining activation count was decreased by 2 not by 1 when I apply the
    confirmation ID.
    while when iam using the same activation method to activate office pro 2010 it's work normally and decrease the activation count only by 1.
    could any one help me and explain why is this happened and how to fix this problem.
    thank you

    Hi,
    Did this happen for all computer with windows 8.1?
    If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking
    Refresh product key data online in the right-side pane.  This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved
    for MAKs.
    Regards.
    Vivian Wang

  • Lync Sign in issue through Proxy

    Hi All,
    Not to be confused when said Lync Sign in issue through Proxy as it is unlikely that this is an issue with the proxy settings. Find it out yourself from the behavior below.
    It is in fact a weird issue that I have come across.
    Overall there are almost 30 Lync Users accounts.
    And they are trying to authenticate to external Lync Server.
    28/30 works fine through the proxy. Except for 2 user accounts.
    The proxy settings are same for all the users and no individual configurations set.
    Now, here is the interesting part. Go out of the network and authenticate this 2 user account to any of the workstation which is not going through Proxy, it works. Come back to the workstation which is going through the proxy and try again, it will work
    now.
    Now, I am interested in finding how exactly does Microsoft authenticates their Lync users. And what are the step by step procedure of User Authentication for Lync service. And why is this happening?
    Just to add some more point here, these happens only with 2 specific accounts.
    And if you try using these 2 accounts on any of the 28 working workstations, which is going through the proxy, the first time, it would still fail to get authenticated.
    Can someone put a highlight on these behaviors? is there any user specific settings on the lync server?
    Thanks for your inputs.

    You can check the following blogs about Lync authentication process:
    http://blog.schertz.name/2012/12/lync-2013-client-autodiscover/
    http://blogs.technet.com/b/nexthop/archive/2012/11/28/lync-2010-client-authentication.aspx
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or
    suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
    You can enable Lync client logging to collect the log file to check the sign in process for these two users can’t sign in externally.
    Lisa Zheng
    TechNet Community Support

  • Pix cut-through proxy

    a quick question since I do not have access to a pix I can not confirm it
    say, I want to do pix cut-through proxy and authenticate access via tacacs on per user basis.
    I want the user to access smtp user inside the pix will go through tacacs authentication.
    my question is "do I need a statement for http on the access-list ?"
    thank you.
    here is the config
    PIX-525# wr t
    PIX Version 6.3(1)
    access-list 100 permit tcp any host 155.1.1.4 eq http
    access-list 100 permit tcp any host 155.1.1.4 eq smtp
    access-list 150 permit tcp any host 155.1.1.4 eq http
    access-list 150 permit tcp any host 155.1.1.4 eq smtp
    access-group 100 in interface outside
    static (inside,outside) 155.1.1.4 192.168.1.4 netmask 255.255.255.255 0 0
    aaa-server AUTHEN protocol tacacs
    aaa authentication match 150 outside AUTHEN

    Cut-through proxy is a feature unique to PIX Firewall that allows user-based authentication of inbound or outbound connections. A proxy server analyzes every packet at layer seven of the OSI model, which is a time- and processing-intensive function. By contrast, the PIX Firewall uses cut-through proxy to authenticate a connection and then allow traffic to flow quickly and directly.
    http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172790.html

  • ASA Cut through proxy configuration

    Hi guys,
    I would like to configure limited internet access to olnly a select group of Windows AD users.
    I beleive cut-through proxy will allow me to do this, just not sure how to configure it on a Cisco ASA-5510
    thanks

    The link given will definitely work however you would not be able to select access based on the AD group, if that is what you need to achieve and you have ASA version 8.0 you can work Cut-Through-Proxy together with DAP.
    Using Cut-Trough-Proxy with a standard authentication server will only allow or reject depending on the authentication result, but any user within your AD schema will be able to get internet access. If you need to restrict this based o Windows Groups as well your best shot is Cut-Through-Proxy with DAP and LDAP:
    http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

  • Hasn't anyone out here worked with cut-through proxy

    hasn't enyone out here worked with cut-through proxy with acs. is there no one out here to help me out with cut-through proxy.
    sebastan

    Hi Sebastan,
    For your case, what's the scenario looks like?
    Rgds,
    AK

Maybe you are looking for

  • IPhone 4 mail App not working properly

    My IPhone 4 mail app just continues to spin and check email without getting email or sending. Had the same problem in October after iOS 6 update took in phone and got a new one under 1 yr warranty.( apple and Verizon techs could not figure) Again the

  • Payment days configuration

    Hi, We have a scenerio, that customer payment term need to configure based on Material. ( for eg: if the item A sold then the paymen day is 30 days, in the same order if the Item B sold for that the Term is 45 days). can you please help us where need

  • Exposing Business Objects to Java

    Hi I need to use SAP BO in my Java application. Could anyone please suggest what is the best way to do this? Do I need to expose it as a web service only or are there any other better approaches? Thanks

  • Testing a Datasource from CEP

    hi , I have configured a database connection in CEP. its giving the error like the schema is not valid or data source not found. How to test the connection whether its successful or not ? is there any way? Thanks in advance.

  • Updating from iMovie '11 to '13

    I am making a movie in iMovie '11. I want to update from '11 to '13 to get better features but I have one doubt in mind- will that movie get deleted? There is no option of saving it and I am new at using iMovie. Please help!!