SChannel Errors on Front Ends Affecting Client Connectivity Between Pools

Similar Messages

• Time out error  on front end ( 60 seconds) developed in web dynpro ABAP

  Hi all
  I am getting TIME OUT error ( ERROR :-  Connection to partner break in 60 seconds) on front end (on web) because in SAP backend there is a function module excuting and taking 3 minutes. But on front end developed in web dynpro ABAP time out is coming in 60 seconds.
  Please help me how can i increase this TIME OUT time on front end more than 60 seconds.
  Please help as soon as possible

  Hi,
  see the <a href="http://help.sap.com/saphelp_nw70/helpdata/en/7b/72092aaa1342c5a3af7ce0b9a11ff9/frameset.htm">Documentation</a> and
  <a href="http://help.sap.com/saphelp_nw70/helpdata/en/78/9852b7c06b11d4ad310000e83539c3/frameset.htm">this</a>
  Regards, Heidi

• Front end fails to connect to db

  I have put together a M$ Access 2000 frontend to an Oracle db. I don't have any tables linked. I use SQL pass-through queries for everything I need to do, and so far it is all read-only.
  It works for me, but I've sent it to someone at another location and she just gets errors. She has the information in the tnsnames.ora file, she has the ODBC Data Source set up with the same driver I have. Now here's the catch... If she manually makes a link to a table in the db (the link isn't used for anything!) it will work fine.
  Any clues to this mystery are greatly appreciated.
  Sherry

  My other pet peeve - Error "messages" that don't really tell you anything. "connection failed" - I want to know why!!!!
  Here is my method for solving connection errors:
  a) Is a ping of the database server successful? If not, then you won't be able to connect to the database. Fix this problem.
  b) Is a tnsping of the database successful? If not, then you won't be able to connect to the database. Make sure Listener is up on database server and you have the correct entry in tnsnames.ora
  c) Is a SQL*Plus connection to the database successful? (This is always the first thing I try.)
  If not, then verify that the connect string you are giving to SQL*Plus is indeed in the tnsnames.ora file. Is the tnsnames.ora file that you think you are using the one that is actually being used? Oracle will try to use a tnsnames.ora in your local directory, one in the directory pointed to by the TNS_ADMIN environment variable, or one in the ORACLE_HOME corresponding to the version of SQL*Plus you are using. If the message says "cannot find host" or something like that see a) and b) above.
  d) If a) and b) work, but c) does not, then turn on Network tracing to pinpoint the error.
  e) If you can connect via SQL*Plus but not via another application then the fault lies in the other application, not in the Oracle software. Correct the other application.
  In short - first thing to try - can your colleague connect with SQL*Plus?

• An error when using JSP to activate connection between Javabean and MySQL

  I just input two paramenters in the input.htm, then click button 'submit' to
  run output.jsp, then activate adder.getSum(); This function is to add two
  number, save the sum to the MySQL database, and return the sum. I think the
  java code and jsp file are no problem. A guess it's the problem relating to
  the servlet engine trying to talk to the Javabean. Should I set some
  envirenment or other? Please take a look. If necessary, I will attach my jsp
  and java codes later.
  The error is as below:
  Apache Tomcat/4.0.1 - HTTP Status 500 - Internal Server Error
  type Exception report
  message Internal Server Error
  description The server encountered an internal error (Internal Server Error)
  that prevented it from fulfilling this request.
  exception
  org.apache.jasper.JasperException:
  at org.apache.jasper.runtime.JspRuntimeLibrary.internalIntrospecthelper(JspRuntimeLibrary.java:273)
  root cause org.apache.jasper.JasperException:
  at org.apache.jasper.runtime.JspRuntimeLibrary.convert(JspRuntimeLibrary.java:184)
  I just selected some. Thanks,

  Yes, I'd be curious to see your code. In principle that should work.
  -chicagoJava

• Lync 2013 Front-End HA

  We are currently in a co-existence environment with both Lync 2010 and 2013 running side-by-side. 
  There are 2 FE pools with pool pairing setup for Lync 2013. We have been carrying out some testing before migrating all of our users over.
  We have an issue where when we take out one of the 2013 front end servers the client does not automatically reconnect to one of the other servers in the pool, occasionally it will but can take 10-15 mins to do this. If we simulate a similar test on the 2010
  front ends the client reconnects in seconds. 
  I am using the Lync 2013 client 

  Thanks for your replies. 
  I have setup DNS LB for the pool name (this is working correctly) and I am using a kemp load balancer for the internal web services FQDN
  I checked the EndPointConfiguration.Cache file and it just had the name of the front end server I was connected to. I deleted it and restarted my client now the EndPointConfiguration.Cache file has the name of the pool, the front end server that I am connected
  to and the IP addresses of the servers in the pool, is that correct?
  I tested the failure of the server I was connected to by removing the network adapter in VMware. 
  It took 44 seconds for my client to sign out and 1:15 after that to sign back in. My LPE took 2:18 to sign out and 1:22 after that to sign back in. Surely this cant be right? 
  During the time the failure happens and the client signs out, it is unusable. 
  I have had a look in the snooper logs but it is difficult to see the wood for the trees. 
  Thanks for your help. 

• Problems with one of the front-end servers (service wont start)

  Hi,
  Having a pool with two front-end servers (Lync Server 2013 on Windows Server 2012) and I cannot get one of servers to work properly. 
  The Front-End service is not starting.
  Have removed both servers from the topology and installed one at the time. When adding the second server to the pool the service never starts, its in starting state and a bunch of error messages appears:
  - Server startup is being delayed because fabric pool manager is initializing.
  Cause: This is normal when Pool is bootstrapped and indicates that the Front-End is waiting for a quorum of other Front-Ends to be started.
  - Pool Manager failed to connect to Fabric Pool Manager.
  Cause: This could happen because insufficient number of Front-Ends are currently active in the Pool.
  I have tried restarted one at the time, both at the same time...
  Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery
  Reset-CsPoolRegistrarState -ResetType FullReset
  I have also had a look at the kb saying that there could be a certificate issue. So I have ran that script but no certificate is misplaced in any store.
  I have removed the front-end certificates and requested new ones from the internal CA, I have also done the same to the OAuth certificates.
  How to proceed?

  Hi there,
  if you are still receiving, the same error, please try to shutdown the first Front-End Server, and give time for the services to start, however I would like also to add that with Lync server 2013 the Enterprise pool requirements is to have 3 Front-End Servers
  in a pool instead of 2, because  of introducing the brick model  architecture.
  Regards,
  Charbel Hanna
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

• Front End Service is not starting

  Hi ,
  Any one can help me to resolve this issue.
  I have one enterprise edition front end server .if i try to start the front end service it give the following error
  Server startup is being delayed because fabric pool manager is initializing.
  Cause: This is normal when Pool is bootstrapped and indicates that the Front-End is waiting for a quorum of other Front-Ends to be started.
  Resolution:
  If this event recurs persistently, ensure that 85% of the Front-Ends configured for this Pool are up and running. For 2 or 3 machine Pools, initial cold-start of the Pool requires all machines to be started. If multiple Front-Ends have been recently decommissioned,
  run Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery to enable the Pool to recover from Quorum Loss and make progress.

  If understand the problem Correctly You one Lync enterprise edition installed is that right?
  If yes Please note For a recommended Lync Server 2013 EE pool deployment, there should be at least three Lync Server 2013 front-end servers in the EE pool.
  http://technet.microsoft.com/en-us/library/gg412996.aspx
  We recommend that all your Enterprise Edition Front End pools include at least three Front End Servers
  Also refer Why 3 server pool?
  http://social.technet.microsoft.com/Forums/lync/en-US/1e277415-01b0-4123-a5bc-260909368d5b/why-3-server-pool?forum=lyncdeploy
  If you just want one Lync server please install Lync Standard Edition
  Front End Pools with Two Front End Servers
  We do not recommend deploying a Front End pool that contains only two Front End Servers. If you do ever need to deploy such a pool, follow these guidelines:
  If one of the two Front End Servers goes down, you should try to bring the failed server back up as soon as you can. Similarly, if you need to upgrade one of the two servers, bring it back online as soon as the upgrade is finished.
  If for some reason you need to bring both servers down at the same time, do the following when the downtime for the pool is finished:
  The best practice is to restart both Front End Servers at the same time.
  If the two servers cannot be restarted at the same time, you should bring them back up in the reverse order of the order they went down.
  If you cannot bring them back up in that order, then use the following cmdlet before bringing the pool back up:.
  Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery -PoolFQDN <FQDN>
  Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer"
  Regards Edwin Anthony Joseph

• Change Front End Type

  hi Gurus,
  my question is i want to open pdf file in ecl viewer so that i can edit that file.
  but when i am selecting change front end type, it is giving me error.
  change front end type not possible if network is DEFAULT
  is there any other way to open pdf file in ECL viewer for editing , makups etc etc
  thanks
  Amit

  Amit,
  U need to enter EAIWeb.webviewer2D.1 %SAP-CONTROL%assign in Application (path and pragram) in define workstation application for data carrier pc in DC30 for PDF.
  Please remove %auto% from path fielf for pc.
  Plz revert back if u require further information
  Pramod
  Plz award pts if it solves ur query.

• No connection between EIS Server and EIS Console

  Hi AllWhile saving a meta model I get this error message:"There is currently no connection between the console and intgeration server. Ensure the server is running and try reconnecting"I have checked properly that EIS server is installed and also running, but don't know why throwing this errors...I am unable to save the metamodel....any suggestions ?Thanks in advance !

  Any Help on this please!!!

• ERROR 14614 on Front End when testing with Remote Connectivity Analyzer

  Hello forum
  Does the Lync Remote Connectivity Analyzer not support 128 encryption?
  Reason im asking is the following:
  When I test my Lync edge server. I get the following error on the RCA result page:  RegisterException.
  After this error on the RCA, the event 14614 is logged on my Standard Edition Front end server.
  INFO:
  User authentication with NTLM protocol failed with error SEC_E_UNSUPPORTED_FUNCTION. This indicates a potential mismatch between security policy settings on the client and server computers.
  Cause: This error can occur if the settings in "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" policy on the client computer are not the same as the settings in the "Network security: Minimum
  session security for NTLM SSP based (including secure RPC) servers" policy on this server.  By default, the "Require 128-bit encryption" setting is disabled for computers running Windows Server 2008, Windows Vista, Windows Server 2003,
  Windows 2000 Server, or Windows XP. For computers running Windows 7 or Windows Server 2008 R2, this setting enabled by default.
  Resolution:
  Ensure that the "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" policy settings on the computers from which users log on are the same as "Network security: Minimum session security for NTLM SSP based
  (including secure RPC) servers" policy settings on this server.
  All of our Lync servers are running on Windows 2012 R2. So why this error from the RCA?

  Please check your settings on the client and on the server.
  I know, this is a old blog info, but it discribed the problem.
  http://blogs.technet.com/b/rogulati/archive/2011/04/30/lync-2010-ntlm-sec-policy-mismatch-error-cannot-sign-from-xp-clients.aspx
  http://blog.ucomsgeek.com/2011/01/lync-2010-ntlm-client-authentication.html
  regards Holger Technical Specialist UC
  Thanks for the answer, but in this case the "Client" is the Remote Connectivity Analyzer. So my question was, why is it not working with that? Does the RCA not support 128 bit?

• Front End Services won't start with new cert, SChannel error about hostname

  We have an existing Lync 2013 Enterprise system set up, and many of the servers are using certs issues by our local CA. I want to move several of the certs to third-party certificates so that non-domain machines can connect. The first change I'm making is
  on our Edge pool. However, I'm having an issue. Here are the details:
  Our internal domain space is int.domain.com. Our external domain space is domain.com. Our Lync FE server is LS01.int.pool.com and our FE pool is pool01.int.domain.com. I have generated a CSR and requested a certificate from Globalsign with the following
  characteristics:
  SN: pool01.int.domain.com
  SAN: pool01.int.domain.com
  SAN: domain.com (wildcard)
  SAN: int.domain.com (wildcard)
  After applying the new cert using the topology builder, I've rebooted and the Lync Front-End Server service will no longer start. The following SChannel error is in the event logs:
  The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is ls01.int.domain.com. The SSL connection request
  has failed. The attached data contains the server certificate.
  After reverting back to the original local CA cert, the services start. The local cert has a ton of individual SANs set up but I was under the impression that the wildcard SANs were supported and would be ok for the hostnames.
  Why is it looking for my FE server name and not the pool? Is this an issue with my deployment, or is it with the cert? I'm not sure where to go from here.

  Hey Matt,
  As mentioned above wildcards are only supported for Lync web services such as lyncdiscover, dialin and meeting URL's. It is OK to have wildcards in the certificates SAN, but you must also specifically include the following:
  SN: pool01.int.domain.com (SN must be pool)
  SAN: pool01.int.domain.com (pool must also be included in SAN)
  SAN: lync-fe-001.int.domain.com (the machine name of your front end server)
  This should solve the issue for you.
  Andrew Morpeth
  Lync Server Specialist - Auckland, NZ
  Check out my blog

• Lync Mobile client signs out - Error- IIS reset on Front End - WAS Errors

  I have a very limited understanding of Lync dependency's & how to trace the issue I'm now seeing. Would appreciate any direction or information to assist.
  We have Primary & Secondary Pools - both pools seem to be effected at different times. The Mobile Clients will error & not sign in until iisreset
  is done on the effected Front End.
  This issue has started a few weeks ago. Before that this has happened maybe twice in a year.
  A few weeks ago we did move the FileStore location of the Primary Front End only (off a Siffs Application store to the local drive of the Primary Front End)– AV scan
  exclusion was set for FileStore location.
  Also some Windows 2008R2 patches were applied.
  The Deployment Wizard has been rerun incase something was broken by MS updates.
  The Window Event log is clean apart from:
  WAS events: (1 to 4 are grouped)
  5013 - A process serving application pool 'LyncUcwa' suffered a fatal communication error with the Windows Process Activation Service. The process id was '24076'. The data field
  contains the error number.
  5011- The Windows Process Activation Service failed to generate an application pool config file for application pool 'LyncExtFeature'. The error type is '7'.
  5189 - A process serving application pool 'LyncIntFeature' suffered a fatal communication error with the Windows Process Activation Service. The process id was '17216'. The data
  field contains the error number.
  5011 - A process serving application pool 'LyncUcwa' exceeded time limits during shut down. The process id was '12520'.
  The Windows Process Activation Service failed to generate an application pool config file for application pool 'LyncIntReach'. The error type is '7'. To resolve this issue, please
  ensure that the applicationhost.config file is correct and recommit the last configuration changes made. The data field contains the error number.
    Schannel: Same Error event happens twice within a few seconds
  ID 36888 -
  The following fatal alert was generated: 10. The internal error state is 1203.
  ID 36888 -
  The following fatal alert was generated: 10. The internal error state is 1203.
  From What I’ve read SChannel doesn’t seem to be an issue.
  Another set of WAS events:
  5011 - A process serving application pool 'LyncUcwa' suffered a fatal communication error with the Windows Process Activation Service. The process id was '19132'.
  5011 - A process serving application pool 'LyncIntFeature' suffered a fatal communication error with the Windows Process Activation Service. The process id was
  '23876'.
  5011 - A process serving application pool 'LyncIntReach' suffered a fatal communication error with the Windows Process Activation Service. The process id was
  '9876'.
  5011 - A process serving application pool 'LyncExtFeature' suffered a fatal communication error with the Windows Process Activation Service. The process id was
  '21804'.
  5138 -
  A worker process '6620' serving application pool 'LyncUcwa' failed to stop a listener channel for protocol 'http' in the allotted time.
  5013 - A process serving application pool 'LyncUcwa' exceeded time limits during shut down.
  Our Exchange UM started to generate errors recently but not sure if that’s a result of the iisreset for WWW Pub – but these events don’t match any timing of Front End events:
  Windows Process Activation Service
  11/13/2014 04:06:37 PM
  LogName=System
  SourceName=Microsoft-Windows-Service Control Manager
  EventCode=7031
  EventType=2
  Type=Error
  ComputerName=Pxxx.xxx.com.au
  TaskCategory=The operation completed successfully.
  OpCode=The operation completed successfully.
  RecordNumber=62445
  Keywords=Classic
  Message=The Windows Process Activation Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.
  World Wide Web Publishing Service
  11/13/2014 04:06:37 PM
  LogName=System
  SourceName=Microsoft-Windows-Service Control Manager
  EventCode=7034
  EventType=2
  Type=Error
  ComputerName= Pxxx.xxx.com.au
  TaskCategory=The operation completed successfully.
  OpCode=The operation completed successfully.
  RecordNumber=62444
  Keywords=Classic
  Message=The World Wide Web Publishing Service service terminated unexpectedly.  It has done this 2 time(s).
  I’m not sure where to go with this now. Any direction would be appreciated.
  Thank you
   

  Hi Davej006,
  Web sites and Web applications depend on the availability of Internet Information Services (IIS) application pools. IIS application pools in turn depend on the Windows Process Activation Service (WAS). If WAS is not running or errors occur
  during the startup or shutdown of an application pool, Web sites and Web applications may not be available.
  And based on my understanding, if some program works sometime and does not in other times, RAM is the problem.
  You could refer to the following article to troubleshoot your problem.
  http://technet.microsoft.com/en-us/library/cc735271(v=ws.10).aspx
  Hope it can be helpful.
  Best regards,
  Eric

• Named Pipes provider, error:40 could not open a connection to sql server. Only happens on one of the front end SRS servers

  when testing a datasource connection I get the following error.
  Named Pipes provider, error:40 could not open a connection to sql server.
  I've read all the posts on this and nothing works.  This is a scale out deployment and the connection
  works from the other server I have setup with SRS that is connected to the same backend SRS databases.  It just doesn't work from one of the SRS front ends.  I'm at a loss..  please help

  Enable both named pipe and TCP communications.
  Make sure client is using the same (named) pipe name as server for connection.
  Kalman Toth Database & OLAP Architect
  Free T-SQL Scripts
  New Book / Kindle: Exam 70-461 Bootcamp: Querying Microsoft SQL Server 2012

• Connect String for the front end app to access Lite Database in the Client

  Hi,
  I have been using an app developed in VB.net for accessing the Oracle Lite Database from the client machine. Can anyone please help me out how to set the Connect String in the config file of my front end app to access the Oracle Lite Database from my client machine. Do anyone have the syntax of the connect string to access the lite database in client machine.
  Thanks a lot in advance.

  Hi...
  -->Select example
  create or replace procedure get_emp(rc out sys_refcursor)
  is
  begin
  open rc for select * from emp;
  end;
  -->DML example
  create or replace procedure do_dml_emp(pempid in number,
  pempname varchar2,
  result out number)
  is
  begin
  insert into emp(empid,empname) values(pempid,pempname) returning empid into result;
  exception
  when others then
  result:=-1;
  end;
  -->DDL example
  create or replace procedure ddl_emp(colname varchar2,
  coltype varchar2,
  result out number)
  is
  begin
  result:=-1;
  execute immediate 'alter table emp add column ' || colname || ' ' || coltype ;
  result:=1;
  end;

• Error when updating Client Access Front End Service to Exchange 2013 Update 6

  When updating to Exchange 2013 Update 6 we received the following error at the Step 11 of 13: Client Access role: Client Access Front End service step: 
  Error:
  The following error was generated when "$error.Clear();
  $fe = get-ActiveSyncVirtualDirectory -server $RoleFqdnOrName -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
  if ($fe -eq $null)
  new-ActiveSyncVirtualDirectory -DomainController $RoleDomainController -Role ClientAccess;
  else
  update-ActiveSyncVirtualDirectory $fe -DomainController $RoleDomainController -InstallIsapiFilter $true
  " was run: "System.Management.Automation.ParameterBindingException: Cannot convert 'System.Object[]' to the type 'Microsoft.Exchange.Configuration.Tasks.VirtualDirectoryIdParameter' required by parameter 'Identity'. Specified method is not supported. ---> System.NotSupportedException: Specified method is not supported.
  at System.Management.Automation.ParameterBinderBase.CoerceTypeAsNeeded(CommandParameterInternal argument, String parameterName, Type toType, ParameterCollectionTypeInformation collectionTypeInfo, Object currentValue)
  --- End of inner exception stack trace ---
  at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)
  at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][] commandRedirections, FunctionContext funcContext)
  at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame)
  at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)".
  Problem was that if you have more than one ActiveSyncVirtualDirectory, the installer for Update 6 fails because it's not expecting an array of virtual directories to be returned. Solution is to remove the "extra" virtual directory, perform the
  installation, and then re-add the virtual directory. 
  None of the other types of virtual directories are susceptible to this, only ActiveSync. 

  Hi,
  Please try to reset registrar state:
  http://tsoorad.blogspot.in/2013/04/lync-2013-ee-pool-wont-start.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Kent Huang
  TechNet Community Support