RBAC check fails Security Constraint Not Enforced

Similar Messages

• Security constraints not being applied after using custom login module

  I am using form based authentication and I applied the custom login module - DBProcLoginModule to work with the embedded OC4J (JDeveloper 10.1.3.2). I have specified two security contraints in web.xml. The authentication is working correctly, however the security contraints are not being applied. All users are able to access all url resources. The security constraints were working properly before applying the custom login module. Pls help.
  Leena

  Hi,
  if "All users are able to access all url resources" then this indicates that the RL isn't properly protected. If the authorization would fail then noone would have access and you would see error code 401
  Make sure the role names in web.xml are the same as added by the LoginModule. Also make sure you set the dynamic.role property and the custom security provider property in the orion-application.xml
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true"/>
       <property name="role.mapping.dynamic" value="true"/>
  </jazn>
  Note that the above is not required (because done automatically) if the custom LoginModule configuration is deployed through the orion-application.xml file
  Frank

• Getting p2pp burn boot check failed.Windows 7 not getting started Recovery restpration completion

                                        PLEASE HELP
  Hi,I am trying to do factory recovery of my HP DV6 laptop using original HP recovery disc.My laptop has Windows 7 (64Bit) OS. I am doing below steps
  By pressing F10,entering BIOS mode, changed the BOOT ORDER to take from CD ROM and saved the setting with F10 option and then forced shutdown the laptop and inserted the 1st recovery disc
  Restarted the laptop and it started to boot and it asked for all 3 recovery disc + Supplement driver disc. All were successfully copied and installed. Laptop was restared multple times as it was being displayed on screen. I could see there were Softwares being installed, Service setting,registry setting being applied to computer and after around 1 to 1.5 hours laptop gets shut down, so i beleive all installations have been [performed.
  Now when i start my  laptop, it says
  Windows was not shut down properly choose an option and when i seelct either of the 4 options like Satrt normally or Start with command prompt or Start with Networking...everytime it takes me to screen giving belwow message:
  SAVE LOGS        DETAILS      RETRY
  In Details logs, i see below as the message
  P2PP BURNBOOT Check failed
  Possible causes:
  1. Yellow-Bang occured at device manager
  2. Some silent-install failure of applications
  3. Found failed at PININST_BBV
  4. Found failed at PININST_BBV2
  5. Found memory Dump file
  Suggestion:
  1. Checking REGDEV_BB.log for drivers
  2. Checking BBApps.log for applications
  3. Checking MEMDUMP_BBV.log for memory dump file
  1. After reading forums queries, I tried to set BIOS default by pressing F9 andf then pressing F10 ,saving and exit and then tried to reinstall everything but i get the same error.
  2.I tried changing the system date from March 18th 2015  to March 18th 2012 and then do recovery , but still getting same error
  3. I pressed F2 and did all Memory and Hard disk test and it all passed.
  So Can anyone please help me whats the issue. Thanks

  Hi there @VKD1 
  Welcome to the HP Support Forums! It is a great place to find the help you need, both from other users, HP experts and other support personnel.
  I understand that your notebook is not starting after a system recovery, with a "Windows was not shutdown properly" error message.
   See if you can run the startup repair:
  How to Run a Startup Repair in Windows 7 - sevenforums.com
  Malygris1
  I work on behalf of HP
  Please click Accept as Solution if you feel my post solved your issue, it will help others find the solution.
  Click Kudos Thumbs Up on the right to say “Thanks” for helping!

• url-pattern for extension mapping in security-constraint not working

  I'm trying to use extension mapping in a <security-constraint> configuration,
  According to:
  http://download.oracle.com/otn-pub/jcp/servlet-3_1-fr-eval-spec/servlet-3_1-final.pdf?AuthParam=1429824454_de04222eab1b8…
  Section 12.2:
  A string beginning with a ‘*.’ prefix is used as an extension mapping.
  But WebLogic does not take in consideration my configuration. If I use path mapping exact mapping it work.
  My configuration is:
  <security-constraint>
      <web-resource-collection>
          <web-resource-name>Unsecured</web-resource-name>
          <url-pattern>*.wsdl</url-pattern>
          <url-pattern>*.xsd</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
          <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
  </security-constraint>
  <security-constraint>
      <web-resource-collection>
          <web-resource-name>HttpAuth</web-resource-name>
          <url-pattern>/ws/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
          <role-name>ws-user</role-name>
      </auth-constraint>
      <user-data-constraint>
          <transport-guarantee>INTEGRAL</transport-guarantee>
      </user-data-constraint>
  </security-constraint>
  <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Test1</realm-name>
  </login-config>
  <security-role>
      <role-name>ws-user</role-name>
  </security-role>
  WebLogic Server 12c (12.1.3)
  Has anybody used extension mapping with security-constraint? Is that a WebLogic issue?

  Hi nikita,
  I have delt with the same problem before. As you say, most JSF actions all get posted back to the original page, and the faces servlet internally redirects according to the navigation rules and actions. This can mean the URL seen by the browser does not always correspond to the actual JSP (wrapped by JSF) that produced the content.
  Generally adding the "<redirect/>" tag to all your navigation rules (in faces-config.xml) remedies this, so the actions are still posted back to the original page, but then the JSF servlet sends an http-redirect to the browser before invoking the new page. This way, the URL is always in sync, and the security constraints defined in your web descriptor always get invoked properly.
  regards,
  tony

• Filesystem check failed, root partition not found

  Hi all,
  Since yesterday I receive the following error message when booting into Arch:
  :: Mounting root filesystem read-only [ OK ]
  :: Checking filesystems [BUSY]
  /dev/sda4: no such file or directory
  *************** FILESYSTEM CHECK FAILED *******************
  * Please repair manually and reboot ...
  The device /dev/sda4 is my root partition, which is - after entering the root
  password - mounted as /dev/root. Checking the partition with 'reiserfsck
  /dev/sda4' does not give any error or warning messages. I can also
  successfully remount and access it with 'mount -n -o remount,rw /'.
  'ls -l /dev/sda*' gives me the following:
  brw-rw---- 1 root disk 8, 0 Apr 28 16:32 /dev/sda
  brw-rw---- 1 root disk 8, 1 Apr 28 16:32 /dev/sda1
  brw-rw---- 1 root disk 8, 2 Apr 28 16:32 /dev/sda2
  brw-rw---- 1 root disk 8, 3 Apr 28 16:32 /dev/sda3
  brw-rw---- 1 root disk 8, 4 Apr 28 16:32 /dev/sda4
  So the device itself seems to be there. Rebooting doesn't help, neither does
  using older, working kernel versions.
  I also checked other topics on similar subjects, but I couldn't find any solution.

  Hmm, it doesn't work even with the UUID. But the error looks similar:
  Failed to open the device UUID=672f076e-131c-4220-81ba-b30639ef9285: No such file or directory
  But when I call rc.sysinit manually directly after entering the root password,
  everything works fine. It does work with sda as well as uuid notation.
  I manually added some code before the output of the '*** FILESYSTEM CHECK FAILED ***' message:
  ls -l /dev/sda*
  sleep 1
  ls -l /dev/sda*
  The result was:
  ls: cannot access /dev/sda*: No such file or directory
  brw-rw---- 1 root disk 8, 0 Apr 30 09:12 /dev/sda
  brw-rw---- 1 root disk 8, 1 Apr 30 09:12 /dev/sda1
  brw-rw---- 1 root disk 8, 2 Apr 30 09:12 /dev/sda2
  brw-rw---- 1 root disk 8, 3 Apr 30 09:12 /dev/sda3
  brw-rw---- 1 root disk 8, 4 Apr 30 09:12 /dev/sda4
  So it seems that the devices are really not yet created. Is it a udev problem?
  I am not aware of changing anything udev specific, maybe an updated version?

• Web.xml security-constraint order matters?

  After a long and frustrating debuggin session I've just discovered that the order in which <security-constraint>
  entries are added to the web.xml file matters to OC4J.
  That is if a more laxed rule is matched first the rest
  (even though they might be more precise or even an
  exact match won't be applied.
  Is this normal behaviour?
  EXAMPLE BELOW WORKS - INVERT ENTRIES AND IT WILL FAIL
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>Protected</web-resource-name>
        <url-pattern>/admin*.uix</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>DSMSuperUser</role-name>
      </auth-constraint>
    </security-constraint>
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>Secure</web-resource-name>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>DSMUser</role-name>
      </auth-constraint>
    </security-constraint>

  Here is an excerpt from the servlet spec stating the proper behavior:
  The container matches URL patterns defined in security constraints
  using the same algorithm described in this specification for matching client
  requests to servlets and static resources as described in SRV.11.1
  SRV.11.1 Use of URL Paths
  Upon receipt of a client request, the web container determines the web application
  to which to forward it. The web application selected must have the the longest
  context path that matches the start of the request URL. The matched part of the URL
  is the context path when mapping to servlets.
  The web container next must locate the servlet to process the request using the
  path mapping procedure described below:
  The path used for mapping to a servlet is the request URL from the request
  object minus the context path. The URL path mapping rules below are used in
  order. The first successful match is used with no further matches attempted:
  1. The container will try to find an exact match of the path of the request to the
  path of the servlet. A successful match selects the servlet.
  2. The container will recursively try to match the longest path-prefix: This is done
  by stepping down the path tree a directory at a time, using the ’/’ character as
  a path separator. The longest match determines the servlet selected.
  3. If the last segment in the URL path contains an extension (e.g. .jsp), the servlet
  container will try to match a servlet that handles requests for the extension.
  An extension is defined as the part of the last segment after the last ’.’ character.
  4. If neither of the previous three rules result in a servlet match, the container will
  attempt to serve content appropriate for the resource requested. If a "default"
  servlet is defined for the application, it will be used.
  The container must use case-sensitive string comparisons for matching.
  So this is STILL an issue w/ 10.1.2.0.2...
  EXAMPLE BELOW WORKS - INVERT ENTRIES AND IT WILL FAIL
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>oemAdmin</web-resource-name>
  <url-pattern>/admin/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>OEM_ADMIN</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>allOem</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>OEM_USER</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  If I don't find a SR for this issue I'll open one b/c this is not acceptable.

• Hi  I'm try to set up a new Epson printer SX 445 to my router/network but each time I run the set up wizard it fails to complete saying Security Key/Password Check fail.  *entered security key/password does not match the one set for for router.  I know th

  Hi
  On my macbook pro
  I'm try to set up a new Epson printer SX 445 to my router/network but each time I run the set up wizard it fails to complete saying Security Key/Password Check fail.
  *entered security key/password does not match the one set for for router.
  I know that the password is correct and have rechecked this by changing it a few times
  and I still get the same result.
  My network internet service provider is not interested and says to call Epson.
  Anybody have any clues how I can resolve this?
  Regards

  I personally suggest the new Drobo FS. Since it has an iTunes server built in and you can use any size sata hard drive in it it is better and a NAS that has to use the same size drives.

• EMC - Certificate status could not be determined because revocation check failed.

  I've exhausted my resources on this issue and am reaching out for some assistance. I have setup Server 2008 R2 Enterprise SP1, running Exchange 2010 SP1. In EMC I have successfully imported a GoDaddy SSL certificate. Although I am receiving the message -
  "The certificate status could not be determined because the revocation check failed."
  Here are the steps I've taken to troubleshoot this so far:
  [PS] C:\Users\Administrator\Desktop>netsh winhttp show proxy
  Current WinHTTP proxy settings:
  Direct access (no proxy server).
  As you can see, direct access. Which is true, no proxy's on this network.
  For good measure, I'll dump the urlcache.
  certutil -urlcache ocsp delete
  certutil -urlcache crl delete
  Both return 0, reboot server.
  Comes back up, same message in EMC.
  From PS, I test exactly what its getting from GoDaddy.
  [PS] C:\Users\Administrator\Desktop>certutil -f -urlfetch -verify mail.fluxlabs.net.crt
  Issuer:
  SERIALNUMBER=07969287
  CN=Go Daddy Secure Certification Authority
  OU=http://certificates.godaddy.com/repository
  O=GoDaddy.com, Inc.
  L=Scottsdale
  S=Arizona
  C=US
  Subject:
  CN=mail.fluxlabs.net
  OU=Domain Control Validated
  O=mail.fluxlabs.net
  Cert Serial Number: 27b60918638e0d
  dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
  dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
  dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_BASE
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
  Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=S
  cottsdale, S=Arizona, C=US
  NotBefore: 8/20/2011 7:49 PM
  NotAfter: 8/20/2012 7:16 PM
  Subject: CN=mail.fluxlabs.net, OU=Domain Control Validated, O=mail.fluxlabs.net
  Serial: 27b60918638e0d
  SubjectAltName: DNS Name=mail.fluxlabs.net, DNS Name=www.mail.fluxlabs.net
  33 49 57 5d 6e d8 6b aa b9 61 73 95 44 07 c9 2e 55 6e 47 10
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 4
  [0.0] http://certificates.godaddy.com/repository/gd_intermediate.crt
  ---------------- Certificate CDP ----------------
  Expired "Base CRL (05)" Time: 4
  [0.0] http://crl.godaddy.com/gds1-55.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  Expired "OCSP" Time: 4
  [0.0] http://ocsp.godaddy.com/
  CRL (null):
  Issuer: CN=Go Daddy Validation Authority, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
  e5 53 19 6c 54 87 8c 62 23 1b b9 11 e1 d8 3d 3f b2 04 77 3f
  Issuance[0] = 2.16.840.1.114413.1.7.23.1
  Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
  Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
  CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  NotBefore: 11/15/2006 8:54 PM
  NotAfter: 11/15/2026 8:54 PM
  Subject: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=
  Scottsdale, S=Arizona, C=US
  Serial: 0301
  7c 46 56 c3 06 1f 7f 4c 0d 67 b3 19 a8 55 f6 0e bc 11 fc 44
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  No URLs "None" Time: 0
  ---------------- Certificate CDP ----------------
  Verified "Base CRL" Time: 4
  [0.0] http://certificates.godaddy.com/repository/gdroot.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  Expired "OCSP" Time: 4
  [0.0] http://ocsp.godaddy.com
  CRL (null):
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  da 1e d5 63 5c 05 58 50 4e db d2 4e e8 9d 28 9d c4 36 b3 1e
  Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
  Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[2] = 1.3.6.1.5.5.7.3.4 Secure Email
  Application[3] = 1.3.6.1.5.5.7.3.3 Code Signing
  CertContext[0][2]: dwInfoStatus=109 dwErrorStatus=0
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  NotBefore: 6/29/2004 12:06 PM
  NotAfter: 6/29/2034 12:06 PM
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Serial: 00
  27 96 ba e6 3f 18 01 e2 77 26 1b a0 d7 77 70 02 8f 20 ee e4
  Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  No URLs "None" Time: 0
  ---------------- Certificate CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
  Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[2] = 1.3.6.1.5.5.7.3.4 Secure Email
  Application[3] = 1.3.6.1.5.5.7.3.3 Code Signing
  Exclude leaf cert:
  b1 04 4b 90 a1 d3 48 de 46 bd d7 50 20 e3 44 b8 3f 68 39 f7
  Full chain:
  68 36 4d 37 2e 96 bd d2 aa 77 3f d0 e8 78 a9 e6 68 bd 7d 71
  Verified Issuance Policies:
  2.16.840.1.114413.1.7.23.1
  Verified Application Policies:
  1.3.6.1.5.5.7.3.1 Server Authentication
  1.3.6.1.5.5.7.3.2 Client Authentication
  Cert is an End Entity certificate
  ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was
  offline. 0x80092013 (-2146885613)
  CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
  CertUtil: -verify command completed successfully.
  As you can see, the "revocation server is offline."
  So I run the same test from another server on the LAN.
  Verified Issuance Policies:
  2.16.840.1.114413.1.7.23.1
  Verified Application Policies:
  1.3.6.1.5.5.7.3.1 Server Authentication
  1.3.6.1.5.5.7.3.2 Client Authentication
  Cert is an End Entity certificate
  Leaf certificate revocation check passed
  CertUtil: -verify command completed successfully.
  It passes. The server's firewall has been disabled. DNS cache has been cleared. I have verified everything I can, and still failing to verify.

  [PS] C:\Users\Administrator\Desktop>Get-ExchangeCertificate |fl
  AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.Acces
  trol.CryptoKeyAccessRule}
  CertificateDomains : {mail.fluxlabs.net, www.mail.fluxlabs.net}
  HasPrivateKey : True
  IsSelfSigned : False
  Issuer : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy
  , Inc.", L=Scottsdale, S=Arizona, C=US
  NotAfter : 8/20/2012 7:16:57 PM
  NotBefore : 8/20/2011 7:49:30 PM
  PublicKeySize : 2048
  RootCAType : ThirdParty
  SerialNumber : 27B60918638E0D
  Services : IMAP, POP, IIS, SMTP
  Status : RevocationCheckFailure
  Subject : CN=mail.fluxlabs.net, OU=Domain Control Validated, O=mail.fluxlabs.net
  Thumbprint : 3349575D6ED86BAAB96173954407C92E556E4710
  [PS] C:\Users\Administrator\Desktop>Enable-ExchangeCertificate -Thumbprint 3349575D6ED86BAAB96173954407C92E556E4710 -Services POP,IMAP,SMTP,IIS
  The command has already been executed. Yes, I have seen those sites. Neither have worked. Like I said, it is directly connected; and no proxies are set.
  -- Jeremy MCSpadden Flux Labs

• Network Security Requirement : Confidential - Not Enforced

  I am having a perplexing problem with the network security requirement feature in SJSAS 8 Update 1.
  In deploytool, under my WAR, in the security tab, for my only SecurityConstraint, I set the Network Security Requirement to CONFIDENTIAL. This should cause any access to thse objects over port 80 to be redirected to https via for 443.
  The failure is that it does not redirect clients accessing over port 80 to a secure connection. The tricky part is that it fails in a completely random way. Sometimes for some WARs it will work as expected, then after X number of server restarts / redeployments, some of the same WARs will not do the redirect as expected. Through continuous redeploys and restarts during development, all WARs will or will not do the redirect in any given situation.
  Has anyone else experienced this problem and worked around it? Any help is greatly appreciated! Thanks in advance!
  mod_critical

  The following is the deployment descriptor for one of the WARs (this problem affects them all, on multiple different machines with different setups).
  The following is from the Security Contraint:
  <security-constraint> <display-name>SecurityConstraint</display-name> <web-resource-collection> <web-resource-name>WRCollection</web-resource-name> <url-pattern>/participant/*</url-pattern> <url-pattern>/assetmodel/*</url-pattern> <url-pattern>/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>asadmin</role-name> <role-name>cvbdataentry</role-name> <role-name>cvbadmin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
  The rest is as follows:
  <?xml version='1.0' encoding='UTF-8'?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee" version="2.4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" > <display-name>CVBadmin</display-name> <servlet> <display-name>assetmodel/OpenRecord</display-name> <servlet-name>assetmodel/OpenRecord</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.OpenRecord</servlet-class> </servlet> <servlet> <display-name>participant/personell/account/Lookup</display-name> <servlet-name>participant/personell/account/Lookup</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.personell.account.Lookup</servlet-class> </servlet> <servlet> <display-name>participant/personell/account/record</display-name> <servlet-name>participant/personell/account/record</servlet-name> <jsp-file>/participant/personell/account/record.jsp</jsp-file> </servlet> <servlet> <display-name>assetmodel/line/Remove</display-name> <servlet-name>assetmodel/line/Remove</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.line.Remove</servlet-class> </servlet> <servlet> <display-name>participant/location/record</display-name> <servlet-name>participant/location/record</servlet-name> <jsp-file>/participant/location/record.jsp</jsp-file> </servlet> <servlet> <display-name>assetmodel/Save</display-name> <servlet-name>assetmodel/Save</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.Save</servlet-class> </servlet> <servlet> <display-name>syncError</display-name> <servlet-name>syncError</servlet-name> <jsp-file>/syncError.jsp</jsp-file> </servlet> <servlet> <display-name>participant/Search</display-name> <servlet-name>participant/Search</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.Search</servlet-class> </servlet> <servlet> <display-name>participant/location/List</display-name> <servlet-name>participant/location/List</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.location.List</servlet-class> </servlet> <servlet> <display-name>participant/personell/account/Create</display-name> <servlet-name>participant/personell/account/Create</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.personell.account.Create</servlet-class> </servlet> <servlet> <display-name>participant/personell/listresults</display-name> <servlet-name>participant/personell/listresults</servlet-name> <jsp-file>/participant/personell/listresults.jsp</jsp-file> </servlet> <servlet> <display-name>participant/record</display-name> <servlet-name>participant/record</servlet-name> <jsp-file>/participant/record.jsp</jsp-file> </servlet> <servlet> <display-name>participant/personell/account/Passwd</display-name> <servlet-name>participant/personell/account/Passwd</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.personell.account.Passwd</servlet-class> </servlet> <servlet> <display-name>participant/location/Create</display-name> <servlet-name>participant/location/Create</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.location.Create</servlet-class> </servlet> <servlet> <display-name>Logout</display-name> <servlet-name>Logout</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.Logout</servlet-class> </servlet> <servlet> <display-name>participant/location/Remove</display-name> <servlet-name>participant/location/Remove</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.location.Remove</servlet-class> </servlet> <servlet> <display-name>participant/Save</display-name> <servlet-name>participant/Save</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.Save</servlet-class> </servlet> <servlet> <display-name>assetmodel/listresults</display-name> <servlet-name>assetmodel/listresults</servlet-name> <jsp-file>/assetmodel/listresults.jsp</jsp-file> </servlet> <servlet> <display-name>assetmodel/line/record</display-name> <servlet-name>assetmodel/line/record</servlet-name> <jsp-file>/assetmodel/line/record.jsp</jsp-file> </servlet> <servlet> <display-name>assetmodel/line/List</display-name> <servlet-name>assetmodel/line/List</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.line.List</servlet-class> </servlet> <servlet> <display-name>participant/personell/Save</display-name> <servlet-name>participant/personell/Save</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.personell.Save</servlet-class> </servlet> <servlet> <display-name>assetmodel/line/Create</display-name> <servlet-name>assetmodel/line/Create</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.line.Create</servlet-class> </servlet> <servlet> <display-name>participant/personell/List</display-name> <servlet-name>participant/personell/List</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.personell.List</servlet-class> </servlet> <servlet> <display-name>assetmodel/Create</display-name> <servlet-name>assetmodel/Create</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.Create</servlet-class> </servlet> <servlet> <display-name>participant/Remove</display-name> <servlet-name>participant/Remove</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.Remove</servlet-class> </servlet> <servlet> <display-name>participant/Create</display-name> <servlet-name>participant/Create</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.Create</servlet-class> </servlet> <servlet> <display-name>assetmodel/line/listresults</display-name> <servlet-name>assetmodel/line/listresults</servlet-name> <jsp-file>/assetmodel/line/listresults.jsp</jsp-file> </servlet> <servlet> <display-name>participant/personell/Remove</display-name> <servlet-name>participant/personell/Remove</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.personell.Remove</servlet-class> </servlet> <servlet> <display-name>assetmodel/List</display-name> <servlet-name>assetmodel/List</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.List</servlet-class> </servlet> <servlet> <display-name>assetmodel/record</display-name> <servlet-name>assetmodel/record</servlet-name> <jsp-file>/assetmodel/record.jsp</jsp-file> </servlet> <servlet> <display-name>participant/searchresults</display-name> <servlet-name>participant/searchresults</servlet-name> <jsp-file>/participant/searchresults.jsp</jsp-file> </servlet> <servlet> <display-name>menu</display-name> <servlet-name>menu</servlet-name> <jsp-file>/menu.jsp</jsp-file> </servlet> <servlet> <display-name>assetmodel/line/OpenRecord</display-name> <servlet-name>assetmodel/line/OpenRecord</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.line.OpenRecord</servlet-class> </servlet> <servlet> <display-name>participant/location/listresults</display-name> <servlet-name>participant/location/listresults</servlet-name> <jsp-file>/participant/location/listresults.jsp</jsp-file> </servlet> <servlet> <display-name>exception</display-name> <servlet-name>exception</servlet-name> <jsp-file>/exception.jsp</jsp-file> </servlet> <servlet> <display-name>participant/OpenRecord</display-name> <servlet-name>participant/OpenRecord</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.OpenRecord</servlet-class> </servlet> <servlet> <display-name>participant/location/Save</display-name> <servlet-name>participant/location/Save</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.location.Save</servlet-class> </servlet> <servlet> <display-name>participant/personell/OpenRecord</display-name> <servlet-name>participant/personell/OpenRecord</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.personell.OpenRecord</servlet-class> </servlet> <servlet> <display-name>participant/personell/Create</display-name> <servlet-name>participant/personell/Create</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.personell.Create</servlet-class> </servlet> <servlet> <display-name>participant/personell/account/Remove</display-name> <servlet-name>participant/personell/account/Remove</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.personell.account.Remove</servlet-class> </servlet> <servlet> <display-name>participant/personell/record</display-name> <servlet-name>participant/personell/record</servlet-name> <jsp-file>/participant/personell/record.jsp</jsp-file> </servlet> <servlet> <display-name>assetmodel/Remove</display-name> <servlet-name>assetmodel/Remove</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.Remove</servlet-class> </servlet> <servlet> <display-name>assetmodel/PreRecord</display-name> <servlet-name>assetmodel/PreRecord</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.PreRecord</servlet-class> </servlet> <servlet> <display-name>assetmodel/line/Save</display-name> <servlet-name>assetmodel/line/Save</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.assetmodel.line.Save</servlet-class> </servlet> <servlet> <display-name>participant/location/OpenRecord</display-name> <servlet-name>participant/location/OpenRecord</servlet-name> <servlet-class>com.deerteck.cvb.servlet.CVBadmin.participant.location.OpenRecord</servlet-class> </servlet> <servlet-mapping> <servlet-name>assetmodel/OpenRecord</servlet-name> <url-pattern>/assetmodel/openrecord</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/account/Lookup</servlet-name> <url-pattern>/participant/personell/account/lookup</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/account/record</servlet-name> <url-pattern>/participant/personell/account/record</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/line/Remove</servlet-name> <url-pattern>/assetmodel/line/remove</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/location/record</servlet-name> <url-pattern>/participant/location/record</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/Save</servlet-name> <url-pattern>/assetmodel/save</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>syncError</servlet-name> <url-pattern>/syncError</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/Search</servlet-name> <url-pattern>/participant/search</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/location/List</servlet-name> <url-pattern>/participant/location/list</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/account/Create</servlet-name> <url-pattern>/participant/personell/account/create</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/listresults</servlet-name> <url-pattern>/participant/personell/listresults</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/record</servlet-name> <url-pattern>/participant/record</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/account/Passwd</servlet-name> <url-pattern>/participant/personell/account/passwd</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/location/Create</servlet-name> <url-pattern>/participant/location/create</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>Logout</servlet-name> <url-pattern>/logout</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/location/Remove</servlet-name> <url-pattern>/participant/location/remove</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/Save</servlet-name> <url-pattern>/participant/save</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/listresults</servlet-name> <url-pattern>/assetmodel/listresults</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/line/record</servlet-name> <url-pattern>/assetmodel/line/record</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/line/List</servlet-name> <url-pattern>/assetmodel/line/list</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/Save</servlet-name> <url-pattern>/participant/personell/save</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/line/Create</servlet-name> <url-pattern>/assetmodel/line/create</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/List</servlet-name> <url-pattern>/participant/personell/list</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/Create</servlet-name> <url-pattern>/assetmodel/create</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/Remove</servlet-name> <url-pattern>/participant/remove</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/Create</servlet-name> <url-pattern>/participant/create</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/line/listresults</servlet-name> <url-pattern>/assetmodel/line/listresults</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/Remove</servlet-name> <url-pattern>/participant/personell/remove</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/List</servlet-name> <url-pattern>/assetmodel/list</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/record</servlet-name> <url-pattern>/assetmodel/record</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/searchresults</servlet-name> <url-pattern>/participant/searchresults</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>menu</servlet-name> <url-pattern>/menu</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/line/OpenRecord</servlet-name> <url-pattern>/assetmodel/line/openrecord</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/location/listresults</servlet-name> <url-pattern>/participant/location/listresults</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>exception</servlet-name> <url-pattern>/exception</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/OpenRecord</servlet-name> <url-pattern>/participant/openrecord</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/location/Save</servlet-name> <url-pattern>/participant/location/save</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/OpenRecord</servlet-name> <url-pattern>/participant/personell/openrecord</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/Create</servlet-name> <url-pattern>/participant/personell/create</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/account/Remove</servlet-name> <url-pattern>/participant/personell/account/remove</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/personell/record</servlet-name> <url-pattern>/participant/personell/record</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/Remove</servlet-name> <url-pattern>/assetmodel/remove</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/PreRecord</servlet-name> <url-pattern>/assetmodel/prerecord</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>assetmodel/line/Save</servlet-name> <url-pattern>/assetmodel/line/save</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>participant/location/OpenRecord</servlet-name> <url-pattern>/participant/location/openrecord</url-pattern> </servlet-mapping> <session-config> <session-timeout>60</session-timeout> </session-config> <error-page> <error-code>500</error-code> <location>/exception.jsp</location> </error-page> <security-constraint> <display-name>SecurityConstraint</display-name> <web-resource-collection> <web-resource-name>WRCollection</web-resource-name> <url-pattern>/participant/*</url-pattern> <url-pattern>/assetmodel/*</url-pattern> <url-pattern>/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>asadmin</role-name> <role-name>cvbdataentry</role-name> <role-name>cvbadmin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>ldap</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/loginFail.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>asadmin</role-name> </security-role> <security-role> <role-name>cvbdataentry</role-name> </security-role> <security-role> <role-name>cvbadmin</role-name> </security-role> <security-role> <role-name>customer</role-name> </security-role> <security-role> <role-name>accountant</role-name> </security-role> <security-role> <role-name>participant</role-name> </security-role> <ejb-local-ref> <ejb-ref-name>ejb/DataAccessBean</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <local-home>com.deerteck.cvb.ejb.session.DataAccessLocalHome</local-home> <local>com.deerteck.cvb.ejb.session.DataAccessLocalObject</local> <ejb-link>ejb-jar-ic1.jar#DataAccessBean</ejb-link> </ejb-local-ref> <ejb-local-ref> <ejb-ref-name>ejb/LDAPBean</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <local-home>com.deerteck.cvb.ejb.session.LDAPLocalHome</local-home> <local>com.deerteck.cvb.ejb.session.LDAPLocalObject</local> <ejb-link>ejb-jar-ic1.jar#LDAPBean</ejb-link> </ejb-local-ref> </web-app>

• Windows Server 2012 - Backup failing with Exchange - The application will not be available for recovery from this backup. the consistency check failed

  Hi
  We have a Windows 2012 server with Exchange 2013, all is working fine except now i am getting issues with the backup.
  'Exchange - The application will not be available for recovery from this backup. the consistency check failed for the component Microsoft Exchange Server'
  I have checked the database all is fine, i have created a new db and move all mailbox;s over and then removed the old db, i have enabled circular logging and then disabled it, it seems no matter what i do i cannot get a full backup!
  i did have to restore the server once and the backups still worked for about 4 days after that and then stopped, i have also tried to remove and re add the backup role!
  i am stumped, any advice would be great!

  Hi
  Ok, i created a test db and tried to back it up right away, it failed, i did not add any mailbox's to it either. i got quite a few events in the windows logs, as well as the same event above i got the following:
  Log Name:      Application
  Source:        MSExchangeRepl
  Date:          21/01/2013 10:16:30
  Event ID:      2038
  Task Category: Exchange VSS Writer
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      NERDS-DC01.nerds.local
  Description:
  Microsoft Exchange VSS Writer backup failed. No log files were truncated. Instance 75754d0d-8dfe-4909-8beb-5a4f824254a9. Database 4843b37c-7b3c-42b2-8b57-1393615c2c15.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSExchangeRepl" />
      <EventID Qualifiers="32772">2038</EventID>
      <Level>3</Level>
      <Task>2</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-01-21T10:16:30.000000000Z" />
      <EventRecordID>261645</EventRecordID>
      <Channel>Application</Channel>
      <Computer>NERDS-DC01.nerds.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data>75754d0d-8dfe-4909-8beb-5a4f824254a9</Data>
      <Data>4843b37c-7b3c-42b2-8b57-1393615c2c15</Data>
    </EventData>
  </Event>
  AND
  Log Name:      Application
  Source:        MSExchangeRepl
  Date:          21/01/2013 10:16:30
  Event ID:      2038
  Task Category: Exchange VSS Writer
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      NERDS-DC01.nerds.local
  Description:
  Microsoft Exchange VSS Writer backup failed. No log files were truncated. Instance 75754d0d-8dfe-4909-8beb-5a4f824254a9. Database db5826f3-1029-4219-ad80-441a0e94537a.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSExchangeRepl" />
      <EventID Qualifiers="32772">2038</EventID>
      <Level>3</Level>
      <Task>2</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-01-21T10:16:30.000000000Z" />
      <EventRecordID>261646</EventRecordID>
      <Channel>Application</Channel>
      <Computer>NERDS-DC01.nerds.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data>75754d0d-8dfe-4909-8beb-5a4f824254a9</Data>
      <Data>db5826f3-1029-4219-ad80-441a0e94537a</Data>
    </EventData>
  </Event>
  and
  Log Name:      Application
  Source:        MSExchangeRepl
  Date:          21/01/2013 10:16:30
  Event ID:      2034
  Task Category: Exchange VSS Writer
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      NERDS-DC01.nerds.local
  Description:
  The Microsoft Exchange Replication service VSS Writer (Instance 75754d0d-8dfe-4909-8beb-5a4f824254a9) failed with error FFFFFFFC when processing the backup completion event.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSExchangeRepl" />
      <EventID Qualifiers="49156">2034</EventID>
      <Level>2</Level>
      <Task>2</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-01-21T10:16:30.000000000Z" />
      <EventRecordID>261649</EventRecordID>
      <Channel>Application</Channel>
      <Computer>NERDS-DC01.nerds.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data>75754d0d-8dfe-4909-8beb-5a4f824254a9</Data>
      <Data>FFFFFFFC</Data>
    </EventData>
  </Event>
  and
  Log Name:      Application
  Source:        SPP
  Date:          21/01/2013 10:16:30
  Event ID:      16389
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      NERDS-DC01.nerds.local
  Description:
  Writer Microsoft Exchange Writer experienced retryable error during shadow copy creation. Retrying...  More info: .
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="SPP" />
      <EventID Qualifiers="0">16389</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-01-21T10:16:30.000000000Z" />
      <EventRecordID>261650</EventRecordID>
      <Channel>Application</Channel>
      <Computer>NERDS-DC01.nerds.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data>Microsoft Exchange Writer</Data>
      <Data>
      </Data>
      <Data>The writer experienced a transient error.  If the backup process is retried, the error may not reoccur. (0x800423F3)</Data>
      <Data>
      </Data>
      <Binary>00000000A5120000981200000000000042BEB7C511CAC619E59C92030000000000000000</Binary>
    </EventData>
  </Event>

• T60 not getting past "Checking embedded security chip

  Of course my warenty ran out two months ago but this started last week.  It started as Firefox crashing and Act!2005 not starting the SQLSERVER service.  I ran all kinds of anti-virus and malware finders to no avail.
  Now, during boot up process, it gets stuck and will not proceed past "Checking embedded security chip" during bootup.
  I have researched the issue and tried several things like deactivating the chip and fingerrpint in BIOS but nothing seems to work.  At one point I was able to get to a WINDOWS login where you have to hit CTL-ALT-DELETE and it came up with my user name.  I entered the password I use during a normal login but it failed. I tried my user name@LENOVO-<my computer number> and that did not work either.
  I am at the point of backing up through resue/recovery then burning a factory install disk and starting over but I REALLY(!!!) don't want to have to do that.
  Any ideas are very much appreciated!
  My machine is a T60 type 8744 purchased in January 2007.
  Many thanks!

  Hello T60user12, welcome to Lenovo forums.
  I have merged yours threads cause it´s a similar problem.
  Seems as you have messed up you system.
  Which antivirus and firewall do you use?
  Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
  Please insert your type, model (not S/N) number and used OS in your posts.
  I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
  TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
   English Community       Deutsche Community       Comunidad en Español

• REP-56071: Security check failed with error message

  Hi!
  We have an Oracle 9iAS R2 v9.0.2.2 installation on Linux (Red Hat Advanced Server 2.1). We have installed PatchSet 2703110, 2581587 and 2842923.
  Oracle9i Reports version is: 9.0.2.2.0
  iAS and Infrastructure are on separate hosts.
  Trying to run Reports demo test.jsp or test.rdf we get the following message:
  javax.servlet.jsp.JspException: REP-56071: Security check failed with error message: Error code30001 - Cannot access the server:rep_dkipcias
  In package:wwv_rw_usr function:security_check
  Command line is: server=rep_dkipcias report=/repdemo/examples/Tools/test.jsp rundate="29-MAY-03 09:05:01"
  Found on Metalink the following Note: 216847.1
  This recommends to comment out the security and destination tags in ORACLE_MIDDLETIER_HOME/report/conf/<repserver>.conf file
  After commenting them out reports works fine.
  BUT
  at the end of the note there is a note which states that "Commenting out the security tag removes the integration of the reports server and portal."
  We need reports integration with Portal. We need SSO as well.
  Could you give any workaround for this problem?
  PS.: I have red Note:213171.1, Note:216118.1, http://otn.oracle.com/products/reports/htdocs/getstart/whitepapers/securing9i.pdf and BUG:2645629
  None of them gave any solution for the problem
  Thanks in advance,
  Andras Weintrauth

  Hi Jeff,
  Q(1): Yes.
  (Report Name and Servers tab)
  Report Server: REP_DKIPCIAS
  Oracle Reports File Name: test.jsp
  Execute: as JSP
  (Other tabs)
  Default values. Unchanged.
  Q(2): (Acces Tab of Report Component)
  Publish to Portal = checked
  Inherit Privileges from Portal DB Provider = checked
  (Acces Tab of Report Server Component)
  Inherit Privileges from Portal DB Provider = checked
  (SSO User)
  The user I try to run the report with has the following group assignments:
  Privilege Group
  PORTAL_ADMINISTRATORS
  PORTAL_DEVELOPERS
  DBA
  PORTLET_PUBLISHERS
  Additional Info:
  To be more specific: The mentioned security check failure exists outside of Portal as well. Eg. when we try to run the default portal test examples (test.jsp, test.rdf) from the iAS home page Demonstartions tab.
  Thank You in advance,
  Andras

• Exchange 2010 - The certificate status could not be determined because the revocation check failed.

  I have tried everything I have found online to get my DigiCert to work.
  I have exported the cert and imported it into my child domains and they look perfect.
  It is just my parent domain having issues.
  netsh winhttp show proxy
  does show my correct proxy server for http and https and port 8080
  I have tried name, FQDN and IP address.
  In the Bypass-list I have tried none, *.domain.com, and a list of all domains and child domains in my forest.
  I have flushed the cache
  certutil -urlcache crl delete
  certutil -urlcache ocsp delete
  and rebooted the Exchange 2010 (Windows 2008 R2) server
  No matter what, I still see in my Server Configuration for the parent domain's DigiCert cert the message
  The certificate status could not be determined because the revocation check failed.
  with a red X on the left hand icon.  Again, Child domains all say "The certificate is valid for Exchange Server usage."
  Note: In spite of having the red X, I was able to assign via EMS the services.
  Webmail works fine.  Outlook Anywhere fails... I suspect it is due to my red X problem.
  Suggestions?
  Thanks in Advance
  Jim.
  Jim.

  I have contacted DigiCert and they said the cert is working per their utility, hence the problem is outside the scope of their support.
  I have followed, several times, http://support.microsoft.com/kb/979694
  http://www.digicert.com/help/  reports all is well.
  The DigiCertUtil.exe reports all is well and happy.
  I have run
  netsh winhttp set proxy proxy-server="http=myproxy:8080;https=myproxy:8080" bypass-list="*.mydomain.com"
  Current WinHTTP proxy settings:
      Proxy Server(s) :  http=myproxy:8080;https=myproxy:8080
      Bypass List     :  *.mydomain.com
  I have flushed the cache using the commands
  certutil -urlcache crl delete
  certutil -urlcache ocsp delete
   I still see in my Server Configuration for the parent domain's DigiCert cert the message
  "The certificate status could not be determined because the revocation check failed."
  with a red X on the left hand certificate icon. 
  To verify the cert via command line:
  certutil -verify -urlfetch c:\mail_domain_com.cer
  LoadCert(Cert) returned ASN1 bad tag value met. 0x8009310b (ASN: 267)
  CertUtil: -verify command FAILED: 0x8009310b (ASN: 267)
  CertUtil: ASN1 bad tag value met.
  I suspect this is why I cannot get Outlook Anywhere to connect.
  Child domains show a happy certificate icon. Parent domain does not.
  Still scratching my head.
  Thanks all!
  Jim.

• Using security-constraint in web.xml; not recognizing url-pattern tag

  I am creating a very simple jsp application within JDeveloper 10.1.3.1. I have 2 jsp files...a readData.jsp and a maintainData.jsp. I would like to deploy this application to Oracle Application Server 10.1.2.2. I would like to use Oracle Internet Directory with Single Sign on enabled. The deployment to OAS works fine. For the security, I would like an administrator user to get to both pages...and a user to only be able to see the readData.jsp. I used the security constraints on the properties of the web.xml file within JDeveloper. Here is my web.xml file:
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
  <web-app>
  <description>Empty web.xml file for Web Application</description>
  <session-config>
  <session-timeout>35</session-timeout>
  </session-config>
  <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html</mime-type>
  </mime-mapping>
  <mime-mapping>
  <extension>txt</extension>
  <mime-type>text/plain</mime-type>
  </mime-mapping>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adm_full_access</web-resource-name>
  <url-pattern>*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>adm_all</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>usr_access</web-resource-name>
  <url-pattern>readData.jsp</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>usr_all</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
  <role-name>usr_all</role-name>
  </security-role>
  <security-role>
  <role-name>adm_all</role-name>
  </security-role>
  </web-app>
  When I deploy to OAS I added an OID account to the adm_all role...this works fine I can log on as that user and get to both jsps. But, when I add my user to the usr_all role within OAS I try to log on to the app...I then enter my SSO username and password and I get Access Denied errors from my browser when trying to access either page. I am confused about the <url-pattern> tag...is that relative to a directory within my deployment? Most of the examples I have seen use servlets...so I was wondering if I can even use the <url-pattern> tag to restrict/allow access to individual jsps? If someone could point me to some documentation on this set-up I would appreciate it!
  Thank you.

  I was able to get this to work. By doing the following:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adm_full_access</web-resource-name>
  <url-pattern>*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>adm_all</role-name>
  </auth-constraint>
  </security-constraint>
  I was restricting access to all other groups by uisng <url-pattern>*</url-pattern>. Any other security-constraints set-up after that will not work. So saying * requires usr_all will restrict ALL webpages to ONLY adm_all, regardless of what future constraints say. So, my first security-constraints lists all directories or pages that every user can access. My next security-constraint then list resources that only my admins (adm_all) can acess. Any other security constraints then are set-up for each user role that I have...if adm_all should have access to these then the <role-name>adm_all</role-name> is added to each security constraint.

• [svn] 1720: Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints .

  Revision: 1720
  Author: [email protected]
  Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
  Log Message:
  Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
  QA: Yes
  Doc: No
  Details:
  Update to the TomcatLoginCommand to work correctly with NIO endpoints.
  Ticket Links:
  http://bugs.adobe.com/jira/browse/LCDS-304
  Modified Paths:
  blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java

  Revision: 1720
  Author: [email protected]
  Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
  Log Message:
  Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
  QA: Yes
  Doc: No
  Details:
  Update to the TomcatLoginCommand to work correctly with NIO endpoints.
  Ticket Links:
  http://bugs.adobe.com/jira/browse/LCDS-304
  Modified Paths:
  blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java