Rapidwiz fails host/domain check

Similar Messages

• FAILED  nslookup host.domain

  I am performing an R12.2 Vision Installation on SLES 11 SP3 for VMWARE.
  Reference RDA - Health Check / Validation Engine Guide (Doc ID 250262.1)
  I executed the " ./rda.sh -T hcve " check to perform the Oracle E-Business Suite Release 12 (12.2.0) Preinstall (Linux x86_64).
  I receive this failure:   " A03550 DNS Lookup           FAILED  nslookup host.domain "
  Can you help direct me to why I may be receiving this error?
  more  /etc/hosts  ------My etc hosts I believe is setup correctly.
  # IP-Address   Full-Qualified-Hostname Short-Hostname#
  127.0.0.1 localhost.localdomain localhost
  192.168.0.121 Platinium2.platinumesol.com Platinium2
  Platinium2:~ # ping Platinium2     -----Ping resolves correctly to what is in /etc/hosts
  PING Platinium2.platinumesol.com (192.168.0.121) 56(84) bytes of data.----This is the correct IP
  64 bytes from Platinium2.platinumesol.com (192.168.0.121): icmp_seq=1 ttl=64 time=0.024 ms>
  When I do an nslookup of the host server that I am working on :
  Platinium2:/pwoll/rda # nslookup Platinum
  Server:         209.18.47.61
  Address:        209.18.47.61#53
  Non-authoritative answer:
  Name:   Platinum
  Address: 198.105.254.240
  Name:   Platinum
  Address: 198.105.244.240
  Platinium2:~ # nslookup -d2
  setup_system()
  create_search_list()
  ndots is 1.
  copy_server_list()
  make_server(209.18.47.61)
  make_server(209.18.47.62)
  make_server(192.168.0.1)
  >
  cat /etc/resolv.conf
  search platinumesol.com
  nameserver 209.18.47.61
  nameserver 209.18.47.62
  nameserver 192.168.0.1
  options attempts:5
  options timeout:15
  Paul

  Hi there
  You are executing this:
  Platinium2:/pwoll/rda # nslookup Platinum
  and you are trying to reach the Platinum2
  On the other hand, Just to be sure is your DNS working correctly ?
  Regards

• Getting "IPSEC(epa_des_crypt): decrypted packet failed SA identity check" messages on packets from only one of two far-end sources sharing the same tunnel, the other source works fine. What exactly does this error mean?

  One computer at COMPANY-A is attempting to communicate with two
  computers located at COMPANY-B, via an IPsec tunnel between the
  two companies.
  All communications are via TCP protocol.
  All devices present public IP addresses to one another, although they
  may have RFC 1918 addresses on other interfaces, and NAT may be in use
  on the COMPANY-B side.  (NAT is not being used on the COMPANY-A side.)
  The players:(Note: first three octets have been changed for security reasons)
  COMPANY-A computer      1.2.3.161
  COMPANY-A router        1.2.3.8 (also IPsec peer)
  COMPANY-A has 1.2.3.0/24 with no subnetting.
  COMPANY-B router        4.5.6.228 (also IPsec peer)
  COMPANY-B computer #1   4.5.7.94 (this one has no issues)
  COMPANY-B computer #2   4.5.7.29 (this one fails)
  COMPANY-B has 4.5.6.0/23 subnetted in various ways.
  COMPANY-B also has 9.10.11.0/24, but it is not involved in the issue.
  What works:
  The COMPANY-A computer 1.2.3.161 can communicate via the single IPsec
  tunnel to COMPANY-B computer #1 4.5.7.94 without problems.
  The "show crypto session detail" command shows Inbound/Outbound packets
  flowing in the dec'ed and enc'ed positions.
  What doesn't:
  When the COMPANY-A computer 1.2.3.161 attempts to communicate
  via the single IPsec tunnel with the COMPANY-B computer #2 4.5.7.29,
  the COMPANY-A router eventually reports five of these messages:
  Oct  9 15:24:54.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:24:57.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:25:03.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:25:15.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:25:39.329: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  Oct  9 15:26:27.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  and the "show crypto session detail" shows inbound packets being dropped.
  The COMPANY-A computer that opens the TCP connection never gets past the
  SYN_SENT phase of the TCP connection whan trying to communicate with the
  COMPANY-B computer #2, and the repeated error messages are the retries of
  the SYN packet.
  On the COMPANY-A side, this IPsec configuration has been set up on a 3745,
  a 3725, and some 76xx routers were tried, all with similar behavior,
  with packets from one far-end computer passing fine, and packets from
  another far-end computer in the same netblock passing through the same
  IPsec tunnel failing with the "failed SA identity" error.
  The COMPANY-A computer directs all packets headed to COMPANY-B via the
  COMPANY-A router at 1.2.3.8 with this set of route settings:
  netstat -r -n
  Kernel IP routing table
  Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
  4.5.7.0         1.2.3.8         255.255.255.0   UG        0 0          0 eth3
  1.2.3.8.0       0.0.0.0         255.255.255.0   U         0 0          0 eth3
  10.1.0.0        0.0.0.0         255.255.240.0   U         0 0          0 eth0
  169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth3
  10.0.0.0        10.1.1.1        255.0.0.0       UG        0 0          0 eth0
  0.0.0.0         1.2.3.1         0.0.0.0         UG        0 0          0 eth3
  The first route line shown is selected for access to both COMPANY-B computers.
  The COMPANY-A router (IPsec tunnel endpoint, 1.2.3.8) has this
  configuration:
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  lifetime 28800
  crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 4.5.6.228
  crypto ipsec security-association lifetime seconds 86400
  crypto ipsec transform-set COMPANY-B01 esp-3des esp-sha-hmac
  crypto map COMPANY-BMAP1 10 ipsec-isakmp
  description COMPANY-B VPN
  set peer 4.5.6.228
  set transform-set COMPANY-B01
  set pfs group2
  match address 190
  interface FastEthernet0/0
  ip address 1.2.3.8 255.255.255.0
  no ip redirects
  ip virtual-reassembly
  duplex auto
  speed auto
  no cdp enable
  crypto map COMPANY-BMAP1
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 1.2.3.1
  ip route 10.0.0.0 255.0.0.0 10.1.1.1
  ip route 1.2.3.8.0 255.255.255.0 FastEthernet0/0
  access-list 190 permit ip host 1.2.3.161 4.5.7.0 0.0.0.255
  access-list 190 permit ip host 1.2.3.161 9.10.11.0 0.0.0.255
  bridge 1 protocol ieee
  One of the routers tried had this IOS/hardware configuration:
  Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(25c),
  RELEASE SOFTWARE (fc2)
  isco 3725 (R7000) processor (revision 0.1) with 115712K/15360K bytes of memory.
  Processor board ID XXXXXXXXXXXXXXX
  R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
  2 FastEthernet interfaces
  4 ATM interfaces
  DRAM configuration is 64 bits wide with parity disabled.
  55K bytes of NVRAM.
  31296K bytes of ATA System CompactFlash (Read/Write)
  250368K bytes of ATA Slot0 CompactFlash (Read/Write)
  Configuration register is 0x2102
  #show crypto sess
  Crypto session current status
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
    IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
          Active SAs: 0, origin: crypto map
  #show crypto sess det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.5.6.228
        Desc: (none)
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
            Capabilities:(none) connid:1 lifetime:06:26:27
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 651 drop 16 life (KB/Sec) 4496182/23178
          Outbound: #pkts enc'ed 574 drop 2 life (KB/Sec) 4496279/23178
    IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
          Active SAs: 0, origin: crypto map
          Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
          Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
  The COMPANY-B device on their end of the IPsec VPN is a Juniper SSG1000
  Version 6.1 (ScreenOS)
  We only have a limited view into the Juniper device configuration.
  What we were allowed to see was:
  COMPANY-B-ROUTER(M)-> sh config | incl COMPANY-A
  set address "Untrust" "oss-COMPANY-A-1.2.3.161" 1.2.3.161 255.255.255.255
  set ike gateway "COMPANY-A-1-GW" address 1.2.3.8 Main outgoing-interface "ethernet2/1" preshare xxxxxxxxxxxxxxxxxxxxxx  proposal "pre-g2-3des-sha"
  set vpn "COMPANY-A-1-IKE" gateway "COMPANY-A-1-GW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha-28800"
  set policy id 2539 from "Untrust" to "Trust"  "oss-COMPANY-A-1.2.3.161" "9.10.11.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2500
  set policy id 2500 from "Trust" to "Untrust"  "9.10.11.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2539
  set policy id 2541 from "Trust" to "Untrust"  "4.5.7.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2540
  set policy id 2540 from "Untrust" to "Trust"  "oss-COMPANY-A-1.2.3.161" "4.5.7.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2541
  COMPANY-B-ROUTER(M)->
  I suspect that this curious issue is due to a configuration setting on the
  Juniper device, but neither party has seen this error before.  COMPANY-B
  operates thousands of IPsec VPNs and they report that this is a new error
  for them too.  The behavior that allows traffic from one IP address to
  work and traffic from another to end up getting this error is also unique.
  As only the Cisco side emits any error message at all, this is the only
  clue we have as to what is going on, even if this isn't actually an IOS
  problem.
  What we are looking for is a description of exactly what the Cisco
  IOS error message:
  IPSEC(epa_des_crypt): decrypted packet failed SA identity check
  is complaining about, and if there are any known causes of the behavior
  described that occur when running IPsec between Cisco IOS and a Juniper
  SSG device.  Google reports many other incidents of the same error
  message (but not the "I like that IP address but hate this one" behavior),
  and not just with a Juniper device on the COMPANY-B end, but for those cases,
  not one was found where the solution was described.
  It is hoped that with a better explanation of the error message
  and any known issues with Juniper configuration settings causing
  this error, we can have COMPANY-B make adjustments to their device.
  Or, if there is a setting change needed on the COMPANY-A router,
  that can also be implemented.
  Thanks in advance for your time in reading this, and any ideas.

  Hello Harish,
  It is believed that:
  COMPANY-B computer #1   4.5.7.94 (this one has no issues)
  COMPANY-B computer #2   4.5.7.29 (this one fails)
  both have at least two network interfaces, one with a public IP address
  (which we are supposedly conversing with) and one with a RFC 1918 type
  address.   COMPANY-B is reluctant to disclose details of their network or
  servers setup, so this is not 100% certain.
  Because of that uncertainty, it occurred to me that perhaps COMPANY-B
  computer #2 might be incorrectly routing via the RFC 1918 interface.
  In theory, such packets should have been blocked by the access-list on both
  COMPANY-A router, and should not have even made it into the IPsec VPN
  if the Juniper access settings work as it appears they should.  So I turned up
  debugging on COMPANY-A router so that I could see the encrypted and
  decrypted packet hex dumps.
  I then hand-disassembled the decoded ACK packet IP header received just
  prior to the "decrypted packet failed SA check" error being emitted and
  found the expected source and destination IP addresses (4.5.7.29 and 1.2.3.161),
  in the unecapsulated packet.  I also found the expected port numbers of the TCP
  conversation that was trying to be established in the TCP header.  So, it
  looks like COMPANY-B computer #2 is emitting the packets out the right
  interface.
  The IP packet header of the encrypted packet showed the IP addresses of the
  two routers at each terminus of the IPsec VPN, but since I don't know what triggers
  the "SA check" error message or what it is complaining about, I don't know what
  other clues to look for in the packet dumps.
  As to your second question, "can you check whether both encapsulation and
  decapsulation happening in 'show crypto ipsec sa'",   the enc'ed/dec'ed
  counters were both going up by the correct quantities.  When communicating
  with the uncooperative COMPANY-B computer #2, you would also see the
  received Drop increment for each packet decrypted.  When communicating
  with the working COMPANY-B computer #1, the Drop counters would not
  increment, and the enc'ed/dec'ed would both increment.
  #show crypto sess det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.5.6.228
        Desc: (none)
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
            Capabilities:(none) connid:1 lifetime:07:59:54
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 376 drop 5 life (KB/Sec) 4458308/28784
          Outbound: #pkts enc'ed 401 drop 3 life (KB/Sec) 4458308/28784
  Attempt a TCP communication to COMPANY-B computer #2...
  show crypto sess det
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection
  K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
  Interface: FastEthernet0/0
  Session status: UP-ACTIVE
  Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.5.6.228
        Desc: (none)
    IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
            Capabilities:(none) connid:1 lifetime:07:59:23
    IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 376 drop 6 life (KB/Sec) 4458307/28753
          Outbound: #pkts enc'ed 402 drop 3 life (KB/Sec) 4458307/28753
  Note Inbound "drop" changed from 5 to 6.  (I didn't let it sit for all
  the retries.)
  #show crypto ipsec sa
  interface: FastEthernet0/0
      Crypto map tag: COMPANY-BMAP1, local addr 1.2.3.8
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (1.2.3.161/255.255.255.255/0/0)
     remote ident (addr/mask/prot/port): (4.5.7.0/255.255.255.0/0/0)
     current_peer 4.5.6.228 port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 402, #pkts encrypt: 402, #pkts digest: 402
      #pkts decaps: 376, #pkts decrypt: 376, #pkts verify: 376
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 3, #recv errors 6
       local crypto endpt.: 1.2.3.8, remote crypto endpt.: 4.5.6.228
       path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
       current outbound spi: 0xDF2CC59C(3744253340)
    inbound esp sas:
        spi: 0xD9D2EBBB(3654478779)
          transform: esp-3des esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2004, flow_id: SW:4, crypto map: COMPANY-BMAP1
          sa timing: remaining key lifetime (k/sec): (4458307/28600)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0xDF2CC59C(3744253340)
          transform: esp-3des esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2003, flow_id: SW:3, crypto map: COMPANY-BMAP1
          sa timing: remaining key lifetime (k/sec): (4458307/28600)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:
  The "send" errors appear to be related to the tunnel reverting to a
  DOWN state after periods of inactivity, and you appear to get one
  each time the tunnel has to be re-negotiated and returned to
  an ACTIVE state.  There is no relationship between Send errors
  incrementing and working/non-working TCP conversations to the
  two COMPANY-B servers.
  Thanks for pondering this very odd behavior.

• Hyper-V Guest Cannot Find Host Domain Controller 2012 R2

  Poweredge T320 server as a Domain Controller,  file server and an EXCHANGE 2010 server. There are no other servers at the site. 
  DHCP is from the firewall.   The DC and the file server will be on the host. 
  The 2010 EXCHANGE server will be on the guest.  The Hyper-V 
  2012 R2 server cannot see the Domain Controller on the host 2012 R2 server. 
  The Active Directory is requesting to be promoted to a Domain Controller.  
  I have a logical or physical error in the installation. 
  It is asking to promote the  Hyper-V guest 2012 R2 to a Domain Controller. 
  I believe I should have only one  Domain Controller in this application.  
  After the Hyper-V guest can see the host domain controller I will install EXCHANGE 2010.
  This is a test environment, offsite.
  NIC1 – Host IP:192.168.1.130, 255.255.255.0, Gateway:192.168.1.1, DNS:127.0.0.1
  NIC2- Only Hyper-V switch checked
  Virtual Switch: 192.168.1.140, 255.255.255.0, Gateway: Blank, DNS: Was 127.0.0.1 didn’t work so I pointed it to the host, 192.168.1.130, but that didn’t work either.
  Host adapter: IP:192.168.1.150, 255.255.255.0, 192.168.1.1, DNS Pointing to HOST:162.168.1.130
  Active Directory and DNS installed on the guest.
  Removed IPv6 from both NICs without any change.
  IPAM is not installed on the host or the guest.
  Several articles in Internet search didn’t help.
  Thanks for your help.

  Hi Steve,
  I suggest referring to the following links:
  REMOTEFX, WINDOWS SERVER & HYPER-V SERVER
  http://blogs.technet.com/b/puneetvig/archive/2011/04/21/remotefx-windows-server-amp-hyper-v-server.aspx
  RemoteFX (with Hyper-V) is a serious business tool. For games.
  http://blogs.technet.com/b/tristank/archive/2012/02/17/remotefx-with-hyper-v-is-a-serious-business-tool-for-games.aspx
  Best Regards,
  Vincent Wu
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Error (2931) VMM is unable to complete the request. The connection to the VMM agent on the virtualization server (host.domain.local) was lost.

  Experts,
  kindly advice for this error when create vm from a templates, while i'm not having this issue when create the vm to another host from the same templates,
  firewall is disabled and no antivirus on the host.
  The network and the ping is very stable, and the WS-Management service is running on the host,
  Host  : windows server 2012 R2
  VMM : 2012 R2 3.2.7895.0
  VMM updated from RU2 to RU5
  Error (2931)
  VMM is unable to complete the request. The connection to the VMM agent on the virtualization server (host.domain.local) was lost.
  Unknown error (0x80338029)
  Recommended Action
  Ensure that the Windows Remote Management (WS-Management) service and the VMM agent are installed and running and that a firewall is not blocking HTTPS traffic.
  This can also happen due to DNS issues. Try and see if the server (ms-lab-01.eccsolutions.local) is reachable over the network and can be looked up in DNS. You can ping the virtualization server from VMM management server and make sure that the
  IP address returned matches the IP address locally obtained from the virtualization server.
  If the error still persists, restart the virtualization server, and then try the operation again.
  Ahmad Samir | MCSE 2003, MCSE 2012 Private Cloud | MCTS: SCOM 2007, Lync 2010, Exchange 2010.

  Ok  I will try another template,
  and the drop happen in the customization after deploying the VHDX file as my first image.
  I had this answer from partner forum. but i didn't try it yet
  Backup your VMM database and then check the
  tbl_VMM_Lock table in the
  VMM database to see if it has any locks listed, do this after stopping the System Center Virtual Machine Manager Service.
  If there are locks listed in the tbl_VMM_Lock
  table you can clear them by executing the prc_VMM_ReleaseAllLocks
  stored procedure.
  Ahmad Samir | MCSE 2003, MCSE 2012 Private Cloud | MCTS: SCOM 2007, Lync 2010, Exchange 2010, Server Virtualization.

• Background job failing with license check error

  Hi Experts
  In our ERP 6.0 system ,all the background jobs are failing with license check error.
  Have checked the license in SLICENSE and the license is fine.
  There is no warning while users are loggign in ,but when any background job is runing its failing with error
  Job started
  Logon not possible (error in license check)
  Job cancelled after system exception ERROR_MESSAGE
  Also performed the license test which is failing
  F:\usr\sap\XX1\SYS\exe\uc\NTAMD64>saplicense -test pf=F:\usr\sap\XX1\SYS\profile
  \XX1_DVEBMGS00_host_xx
  Protocol saplicense test:
  Read sapsytem name
         ok, sapsytem name = XX1
  Read message server host
         ok, host = hostname
  Read message server service port
         ok, service port = sapmsXX1
  Connect to message server
         ok, connect done
  Read hardware key from message server
         ok, got hardware key
  Detach from message server
         ok, detached
  Check hardware key
         ok, hardware key = T0343073854
  Connect to database
         ok, connected
  Check license
         ok, check done
  Disconnect database
         ok, database disconnected
  test result: license test failed
  LICENSE system: XX1 hardware key: T0343073854 expiration_date:
          installation no:  key:
          userlimit: 0 productid: R3_BASIS
          system-nr:
  license expired ***
  Please suggest how to troubleshoot.
  Regards
  Ajay

  @Michael
  In SLICENSe the Hardware key field is not BLUE or BLACK and its showing the exact hardware key which i can see at OS level with saplicense -get command.
  @Jagadish
  Note is good refrence, i reiinstalled the Digitally signed license with saplikey command and it was successful.
  But still the license test is failing at OS Level..below is the command prompt output.
  ===================================================================
  F:\usr\sap\XX1\SYS\exe\uc\NTAMD64>saplikey -install C:\license_script_XX.txt pf
  =F:\usr\sap\XX\SYS\profile\XX_DVEBMGS00_mngsez148079
  SAP License Key Administration  -  Copyright (C) 2003 SAP AG
  2 SAP license key(s) successfully installed.
  F:\usr\sap\XX\SYS\exe\uc\NTAMD64>saplicense -test pf=F:\usr\sap\XX1\SYS\profile
  \MD1_DVEBMGS00_mngsez148079
  Protocol saplicense test:
  Read sapsytem name
         ok, sapsytem name = XX1
  Read message server host
         ok, host = host
  Read message server service port
         ok, service port = sapmsXX1
  Connect to message server
         ok, connect done
  Read hardware key from message server
         ok, got hardware key
  Detach from message server
         ok, detached
  Check hardware key
         ok, hardware key = T0343073854
  Connect to database
         ok, connected
  Check license
         ok, check done
  Disconnect database
         ok, database disconnected
  test result: license test failed
  LICENSE system: XX1 hardware key: T0343073854 expiration_date:
          installation no:  key:
          userlimit: 0 productid: R3_BASIS
          system-nr:
  license expired ***
  ============================================================
  @Juan
  The hardware key was changed and we requested a new license with new hardware key,system was runing fine for couple of weeks with all background jiobs for SPAM./SAINT Ok .We performed EHP4 on this system.
  But now this issue is here,so i guess we should troubleshoot.
  Please let me know any other pointers.
  Regards
  Ajay
  PS In SLICENSE new installed license is fine and all users can login.

• Illegal host/domain name found

  Hi, i hit some error when reply mail to a mail account which is valid:
  16-Mar-2006 16:11:26.98 tcp_local R 104 [email protected] rfc822;[email protected] [email protected] Illegal host/domain name found (TCP active open: Failed gethostbyname() on misty.sgx.com.my, resolver errno = 1)
  from nslookup:
  santomas.com.myServer: ns1.jaring.my
  Address: 161.142.201.17
  Non-authoritative answer:
  Name: santomas.com.my
  Address: 202.189.48.236
  I'm not an expert on DNS, what cause this error? This domain with the account is valid.
  Will "nomx" keyword put in under tcp_local in imta.cnf will solve ?

  also:
  set type=mx
  santomas.com.myServer: ns1.jaring.my
  Address: 161.142.201.17
  santomas.com.my preference = 20, mail exchanger = meia.sgx.com.my
  santomas.com.my preference = 30, mail exchanger = misty.sgx.com.my
  santomas.com.my nameserver = ns1.nameserversecure.com
  santomas.com.my nameserver = ns2.nameserversecure.com
  ns1.nameserversecure.com internet address = 202.189.48.238
  ns2.nameserversecure.com internet address = 202.189.48.239
  there is not "nomx" keyword under tcp_local or default.....
  Messaging Server 6.2

• Site2Site Tunnel issue PSEC(epa_des_crypt): decrypted packet failed SA identity check

  Hi,
  I have a slight issue I'm having some problems resolving..
  The scenario is as follows;
  I have an external provider which connects to me via VPN to a Juniper SSG firewall, that works fine.
  I then have an external site, which does NOT reside in my MPLS cloud, so I have to deploy IPSec via Internet to reach it.
  That also works fine and I have multiple SA's running on that site with no issues or problems.
  The external provider has a small network device deployed on the external site which monitor cooling values in one of our warehouses.
  The external site which is connect via IPSEC has a Cisco 1921 and a numerous Cisco 3550 deployed.
  The VLAN for the cooling provider is vlan 150 and is setup with 10.150.4.0/24 where .1 is the def gw and .10 is the cooling monitor device.
  The external provider's servers are located within 192.168.220.0/24 subnet.
  As of right now, we can reach the Cisco 1921 through the whole IPsec tunnel from 192.168.220.182 with all services, ping, telnet whatnot, but we are unable to ping the cooling device from 192.168.220.0/24.
  However from the Cisco 1921, we can ping both 192.168.220.0/24 and the locally connected 10.150.4.10
  So basicly it seems to be the last bit when the traffic goes through the 1921 and to the switch where it fails and I can't for the life of me figure out why.
  Network diagram attached.. any ideas?
  This is the 1921 config:
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime
  service timestamps log datetime msec localtime
  service password-encryption
  hostname bergen-vpn-gw
  boot-start-marker
  boot system flash flash:c1841-adventerprisek9-mz.124-25d.bin
  boot-end-marker
  logging buffered 50000
  aaa new-model
  aaa authentication login default local
  aaa authentication enable default enable
  aaa session-id common
  clock timezone CET 1
  clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
  no ipv6 cef
  no ip source-route
  ip cef
  no ip bootp server
  no ip domain lookup
  ip domain name xxxxx
  multilink bundle-name authenticated
  license udi pid CISCO1921/K9 sn FCZ1508C1P4
  license boot module c1900 technology-package securityk9
  license boot module c1900 technology-package datak9
  vtp mode client
  redundancy
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key harakiri address 1.2.3.4
  crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
  crypto map VPN 10 ipsec-isakmp
  set peer 1.2.3.4
  set transform-set 3DES-SHA
  match address VPN
  interface GigabitEthernet0/0
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  no ip route-cache cef
  no ip route-cache
  duplex auto
  speed auto
  interface GigabitEthernet0/0.99
  description *** Test VLAN To be removed ***
  encapsulation dot1Q 99
  ip address 10.90.90.1 255.255.255.0
  no ip route-cache
  interface GigabitEthernet0/0.112
  encapsulation dot1Q 112
  ip address 192.168.112.1 255.255.255.0
  ip helper-address 172.30.1.223
  no ip route-cache
  interface GigabitEthernet0/0.150
  encapsulation dot1Q 150
  ip address 10.150.4.1 255.255.255.0
  no ip redirects
  no ip proxy-arp
  no ip route-cache
  interface GigabitEthernet0/0.178
  encapsulation dot1Q 178
  ip address 192.168.178.1 255.255.255.0
  ip helper-address 172.30.1.223
  no ip redirects
  no ip proxy-arp
  no ip route-cache
  interface GigabitEthernet0/0.999
  encapsulation dot1Q 999
  no ip route-cache
  interface GigabitEthernet0/1
  ip address 1.2.3.4 255.255.255.252
  no ip redirects
  no ip proxy-arp
  no ip route-cache cef
  no ip route-cache
  duplex auto
  speed auto
  crypto map VPN
  interface FastEthernet0/0/0
  switchport access vlan 99
  interface FastEthernet0/0/1
  interface FastEthernet0/0/2
  interface FastEthernet0/0/3
  interface Vlan1
  no ip address
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip route 0.0.0.0 0.0.0.0 85.200.203.29
  ip access-list extended VPN
  permit ip 10.90.90.0 0.0.0.255 172.30.1.0 0.0.0.255
  permit ip 10.90.90.0 0.0.0.255 172.22.0.0 0.0.255.255
  permit ip 10.90.90.0 0.0.0.255 172.18.5.0 0.0.0.255
  permit ip 10.90.90.0 0.0.0.255 10.50.0.0 0.0.255.255
  permit ip 192.168.112.0 0.0.0.255 172.30.1.0 0.0.0.255
  permit ip 192.168.112.0 0.0.0.255 172.22.0.0 0.0.255.255
  permit ip 192.168.112.0 0.0.0.255 172.18.5.0 0.0.0.255
  permit ip 192.168.112.0 0.0.0.255 10.50.0.0 0.0.255.255
  permit ip 192.168.178.0 0.0.0.255 172.30.1.0 0.0.0.255
  permit ip 192.168.178.0 0.0.0.255 172.22.0.0 0.0.255.255
  permit ip 192.168.178.0 0.0.0.255 172.18.5.0 0.0.0.255
  permit ip 192.168.178.0 0.0.0.255 10.50.0.0 0.0.255.255
  permit ip 192.168.112.0 0.0.0.255 172.30.240.0 0.0.0.255
  permit ip 192.168.178.0 0.0.0.255 172.30.240.0 0.0.0.255
  permit ip 192.168.112.0 0.0.0.255 10.70.0.0 0.0.0.255
  permit ip 192.168.178.0 0.0.0.255 10.70.0.0 0.0.0.255
  permit ip 10.150.4.0 0.0.0.255 192.168.220.0 0.0.0.255 log
  ip sla 1
  icmp-echo 172.30.1.223 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 1 start-time now
  ip sla 2
  icmp-echo 10.50.1.200 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 2 start-time now
  ip sla 3
  icmp-echo 172.18.5.121 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 3 start-time now
  ip sla 4
  icmp-echo 172.22.0.140 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 4 start-time now
  ip sla 5
  icmp-echo 172.30.240.40 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 5 start-time now
  ip sla 6
  icmp-echo 10.70.0.200 source-interface GigabitEthernet0/0.178
  threshold 20
  frequency 120
  ip sla schedule 6 start-time now
  cdp source-interface GigabitEthernet0/0.112
  snmp-server community bamacomro RO
  cdp source-interface GigabitEthernet0/0.112
  snmp-server community bamacomro RO
  snmp-server community bamacomrw RW
  control-plane
  banner motd ^CCC-----------------------------------------------------------------------------
  This system is solely for the use of authorised users for official purposes.
  You have no expectation of privacy in its use and to ensure that the system
  is functioning properly, individuals using this computer system are subject
  to having all their activities monitored and recorded by system personell.
  Use of this system evidence an express consent to such monitoring and
  agreement that if such monitoring reveals evidence of possible abuse or
  criminal activity, system personell may provide the result of such
  monitoring to appropiate officials.
  -----------------------------------------------------------------------------^C
  line con 0
  exec-timeout 5 0
  logging synchronous
  line aux 0
  line vty 0 4
  access-class telnet in
  exec-timeout 180 0
  logging synchronous
  transport input telnet ssh
  line vty 5 15
  access-class telnet in
  exec-timeout 180 0
  password 7 094F471A1A0A
  logging synchronous
  transport input telnet ssh
  scheduler allocate 20000 1000
  end

  I had that issue 1 year go
  "decrypted packet failed SA identity check" means that we have decrypted a traffic that does not match the proxy ID negotiated
  Juniper is violating RFC4301. there is nothing we can do against RFC violation
  As mentioned in Section 4.4.1, "The Security Policy Database (SPD)",
  the SPD (or associated caches) MUST be consulted during the
  processing of all traffic that crosses the IPsec protection boundary,
  including IPsec management traffic.  If no policy is found in the SPD
  that matches a packet (for either inbound or outbound traffic), the
  packet MUST be discarded.
  I know JNPR can do 2 vpn modes. There is one where we could use a VTI instead of a crypto map on the Cisco side. That was the solution to the problem we had.
  Cheers,

• OBIEE 11.1.1.7.0 installation failed- Create domain error

  we are facing this issue while installing OBIEE 11.1.1.1.7.0 on CentOS 7 64 BIT.
  Configuataion Action Creating Domain has failed. Please check logs for details.
  checking the logs under oraInventory, the logs says-
  Oracle.as.provisioning.execption.ASProvWorkFlowException: Error Executing workflow.
  The server was running fine but we been facing this issue for couple of days now.
  I hope someone can help us with this issue.
  thank,
  parik

  Problem : Oracle Database 11g is not certified on the current OSWhat's your problem? Message seems to be clear. Windows 2008 Release 2 (important here is Release 2) requires 11gR2,not yet released for any Windows platform.
  http://www.oracle.com/technology/tech/windows/index.html
  Werner

• Installation error Install Failed: Error Domain=PKInstallErrorDomain Code=112

  Trying to install an application or "whatever", from a mounted dmg image installer gives this error:
  Install Failed: Error Domain=PKInstallErrorDomain Code=112.
  A developer I contacted suggested a workaround by disabling/enabling checkmark of "Ignore ownership on this volume".
  Is there anyone knowing the reason for this issue and final solution?
  PS I already have verified/repaired permissions on boot disk.

  Steps to do
  1) /etc/hosts now reads:
  127.0.0.1     localhost
  192.168.56.101 demo.us.oracle.com oracle-pc
  2) updated java in path /usr/java from 1.5 to the latest version (1.6.0_27) by rpm-deinstalling the old version first and
  then rpm-installing the new version.
  3) Don't do a simple install.
  Instead u installed WebLogic Server 10.3.5 first, than do the Repository creation with RCU, followed by the BI Server software only install
  and finally the BI Server configuration.
  Marks as correct if helpful or let me know the updates?

• Nodemanager fails hostname verification check

  does anyone know how i might resolve this issue?
  [[NodeManager:300033]Could not execute command ping on the node manager. Reason: weblogic.nodemanager.NodeManagerException: [CommandInvoker: Failed to send command: 'ping to server 'null' to NodeManager at host: '10.32.33.2:5555' with exception [Security:090504]Certificate chain received from 10.32.33.2 - 10.32.33.2 failed hostname verification check. Certificate contained qa153 but check expected 10.32.33.2. Please ensure that the NodeManager is active on the target machine].]

  Matthew Sacks <> wrote:
  does anyone know how i might resolve this issue?
  [[NodeManager:300033]Could not execute command ping on the node manager.
  [[Reason: weblogic.nodemanager.NodeManagerException: [CommandInvoker:
  [[Failed to send command: 'ping to server 'null' to NodeManager at host:
  [['10.32.33.2:5555' with exception [Security:090504]Certificate chain
  [[received from 10.32.33.2 - 10.32.33.2 failed hostname verification
  [[check. Certificate contained qa153 but check expected 10.32.33.2.
  [[Please ensure that the NodeManager is active on the target machine].]Hi,
  - If you are using scripts:
  you can use the following options in your
  scripts: -Dweblogic.security.SSL.ignoreHostnameVerification=true
  - If you want to use it from the adminserver:
  Go to the adminserver in the console
  Go to 'SSL'
  Select 'Advanced'
  Set 'Hostname Verification' to 'none'
  And restart the adminserver.
  cheers,
  Bart
  Schelstraete Bart
  [email protected]
  http://www.schelstraete.org

• B2B-51924:  Message failed the security check

  Hi,
  I am trying to configure security in B2B.
  I did manage to supply a key store for my Host, which I presume is used for signing an outbound message.
  Is this correct?
  My trading partner is sending a signed message on which I get a "B2B-51924: Message failed the security check"
  Where am I supposed to configure the credentials of my trading partner?
  On the profile tab of my trading partner there is a section Key Store, but there are no fields to be filled...is that right?
  I am using SOA Suite 11.1.1.4.0
  Groeten,
  HJH

  Hi,
  You have to define keystore in host profile page , like below :
  http://download.oracle.com/docs/cd/E17904_01/integration.1111/e10229/b2b_tps.htm#BABJDCAE
  then you can get the alias in security tab and You can enable the "Message Signed" and select the alias and algorithm in "Digital Signature"
  please refer to below for more information:
  http://download.oracle.com/docs/cd/E17904_01/integration.1111/e10229/b2b_tps.htm#BABGHAIG
  http://blogs.oracle.com/oracleb2bgurus/2009/08/certificate_management_in_11g.html

• Problem POP with SSL for hosted domain !

  Hi Sun!
  With default domain, i can use POP with SSL but for hosted domain, I can't use POP with SSL and received a message +-ERR [AUTH] Authentication failed!+
  In file PopProxyAService.cfg on MMP server, I uncomment line default:HostedDomains yes but it's not work
  Please help me solve this problem!
  ./imsimta version
  Sun Java(tm) System Messaging Server 7u2-7.02 64bit (built Apr 16 2009)
  libimta.so 7u2-7.02 64bit (built 02:28:03, Apr 16 2009)
  Using /opt/sun/comms/messaging64/config/imta.cnf (compiled)
  SunOS SMSG 5.10 Generic_138889-08 i86pc i386 i86pc
  Thanks!

  I have found problem!
  Hosted domain that can not be used IMAPs and POPs because I have moved from other mail systems
  When I created another account on this hosted domain, this user can use POPs and IMAPs normal. But old users can't use POPs IMAPs
  I don't know why old users can't use POPs and IMAPs ?
  Error log in front-end MMP:
  [07/Apr/2010:08:37:15 +0700] SMSG PopProxy[8284]: General Notice: (id 1943) User [email protected] user access denied
  [07/Apr/2010:08:37:15 +0700] SMSG PopProxy[8284]: General Notice: (id 1943) badguy xx.xx.xx.xx now has 3 badness
  [07/Apr/2010:08:37:18 +0700] SMSG PopProxy[8284]: General Error: (id 1943) client socket IO error: Error 0 (0)

• Trouble sending to google apps hosted domains

  We recently migrated to a new AD domain with a new Exchange 2013 box.  Prior to that we were on Exchange 2007 in a different domain.  We use postini for our spam/virus filtering. 
  Since we've moved to the Exchange 2013 solution, we have started having issues with some (not all) Google apps hosted domains.  The firewall and IP of the server stayed the same regardless of the change.  I looked into routing all of our outbound
  mail (or just specific domains) through Postini to help with this issue, but their instructions work for 2007 and 2010 - not 2013.  I tried setting it up with their directions, but modifying it for 2013, but that was a big failure.  We are seeing
  message delayed codes returned.
  Remote Server returned '400 4.4.7 Message delayed'
  I did some research through Google Apps, but the only thing I found is a server reboot, which does nothing.
  I have it working right now by routing everything for these Google Apps hosted domains by creating a separate send connector that routes through smtp.google.com as a smart host (using a gmail ID and password) but that's only going to work for so many messages
  before it bombs, and we won't even get a notification.
  Any suggestions?

  Hi,
  According to your description, my understanding is that you cannot send message to google apps hosted domains after upgrading to exchange 2013. correct?
  I recommend you post the header of the returned mail, it will help us to troubleshoot the issue.
  In addition, I recommend use "Nslookup" to resolve these host domains in your server, and check the result.
  If any misunderstanding, please feel free let me know.
  Thanks.
  Allen Li
  TechNet Community Support

• Gmail, Hosted Domain, emails disappear

  I use Gmail to Host a Domain, we use POP. I only expect mail to go to the pre when my computer is not on. However, the email goes to the pre, shows up in the alert then disappears. I have checked all the settings and they are correct. Is ther something special that needs to be done for hosted domains on Gmail. It appears that the Pre is attempting to sync like Imap, and that removes the messages....Help any one.
  Post relates to: Pre p100eww (Sprint)

  Read this thread, DrSuSe goes into why this might be happening (checking your email from another source):
  http://forums.palm.com/palm/board/message?board.id=Synergy&thread.id=1814