SCOM 2K12 Mgmt Server - Local App Health Rollup under Security
Recently, I noticed that both my 2K12 SCOM management servers were in a critical state; Security and the underlying "Windows Local Application Health Rollup" were red, although everything else underneath looked fine.
I tried overriding/disabling the local app rollup for the servers, and that fixed one server, but not the other...re-enabling brings the alert condition right back. Restarting the health service with a cache clearing also resolves the issue only temporarily.
I have seen recommendations for putting the server in maintenance mode for 5 minutes in other cases, but I know better than to put a management server into maintenance mode.
Anyone have something else for me to try?
Two things to resolve this glitch and get everything back to green:
I navigated to the Computers view in Monitoring and double-clicked on "Health Service" on the affected agent. This opened a new window showing the state of the health service on this agent. On the Actions menu, I selected "Health Service Tasks
-> Flush Health Service and Cache".
I restarted the OpsMgr Health Service.
A few minutes later I the health status in Health Explorer was reset to green.
Also check below link
http://social.technet.microsoft.com/Forums/systemcenter/en-US/ad353786-a1fe-4994-9154-3bb80e4f6d20/windows-local-application-health-rollup?forum=operationsmanagergeneral
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical | Twitter:
Mai Ali
Similar Messages
-
Open directory Server admin APP, crashes
HI all.
ON my 10.7.2 lion server for some reason my server admin app keeps crashing under the Open
directory Section...
Here are the screen shots..Also I cant make any changes under the Open Directory in server Admin...
Everything is greyed OUT... -
Health rollup to computer object from Microsoft.Windows.ApplicationComponent
Hi All.
Trying to author a Management Pack in Authoring Console 2007 R2. And can't get rollup to work as I want.
Here's the long story.
I've created:
A discovery MP witch holds:
- an abstract class inherited from Microsoft.Windows.Computer, named: "AppX.Cmp.Role"
- a (seed?) class inherited from the above, named: "AppX.Cmp.Role.Server"
- a class inherited from "AppX.Cmp.Role.Server" named "App.Cmp.Role.Server.Replicator"
- a class inherited from "Microsoft.Windows.ApplicationComponent" named: "AppX.Cmp.Role.Server.Replicator.Loginstance"
- a class of type "Microsoft.SystemCenter.InstanceGroup" named: "AppX.Group"
- a relationship (system.hosting) where source class is "AppX.Cmp.Role.Server.Replicator" and target class is "AppX.Cmp.Role.Server.Replicator.Loginstance"
- a registrydiscovery to discover "AppX.Cmp.Role.Server" targeted at "Windows.Operating.System"
- a scriptdiscovery to discover "AppX.Cmp.Role.Server.Replicator" targeted at "AppX.Cmp.Role.Server"
- a scriptdiscovery to discover "AppX.Cmp.Role.Server.Replicator.Loginstance" targeted at "AppX.Cmp.Role.Server.Replicator"
- a groupdiscovery ("Microsoft.SystemCenter.GroupPopulator") target: "AppX.Group" (Microsoft.Windows.Computer)
- a dependencymonitor targeted at "AppX.Cmp.Role.Server.Replicator" and monitor dependency set to "AppX.Cmp.Role.Server.Replicator.Loginstance", HealthRollup set to "worst state".
A monitoring MP (depending on the discovery MP) witch holds:
- a processmonitor targeted to "AppX.Cmp.Role.Server.Replicator" and "replicator.exe"
- a logfilemonitor targeted to "AppX.Cmp.Role.Server.Replicator.Loginstance"
- a stateview targeted to "AppX.Group"
When I kill the "replicator.exe" process the object goes to unhealthy all the way up to "Windows.Computer". But when the logfilemonitor triggers and turns into "unhealthy state" the object in the above view turns RED but not the
"Windows.Computer" object (looking at the default view "Windows Computers").
Is it possible to get the "Windows.Computer" object to reflect the "AppX.Cmp.Role.Server.Replicator.Loginstance" state?
How?Sorry about that - its been a long weekend.
I was quoting from the following;
"Use the Microsoft.Windows.LocalApplication as
a base class when your class type represents a local application that shares the resources of the hosting Windows computer with other applications. Unlike theMicrosoft.Windows.ComputerRole class,
the Microsoft.Windows.LocalApplication class
type does not automatically roll its health up to the hosting computer."
http://msdn.microsoft.com/en-us/library/ee533867.aspx
Would you be able to upload the results if you run the Visio MP diagram generator and possibly the health explorer views and this will help me see how it hangs togther? -
Hi There,
Need your assistance on the issue that we are facing in prod environment.
We are able to open web console from remote machine and able to view monitoring pane as well as my workplace folders from console . Able to view and access alerts and other folder in the monitoring pane. We are able to view and access My Workplace folder
and able to view the reports in Favorite Reports folder. But when I click on run Report we are getting the below error "500 Internal Server Error - There is a problem with the resource you are looking for, and it cannot be displayed."
In our environment we have 3 servers one is SQL server and two are SCOM servers. Please advise how to fix this issue. Do we have to do any thing from SQL End?
Errors: Event ID 21029: Performance data from the OpsMgr connector could not be collected since opening the shared data failed with error "5L".
Event ID 6002 : Performance data from the Health Service could not be collected since opening the shared data failed with error 5L (Access is denied.).
Regards,
Sanjeev KumarDuplicate thread:
http://social.technet.microsoft.com/Forums/en-US/7675113e-49f0-4b3a-932b-4aceb3cfa981/scom-500-internal-server-error-there-is-a-problem-with-the-resource-you-are-looking-for-and-it?forum=operationsmanagerreporting
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
How to activate: server.local/webcal ?
Hi,
I am running Mountain Lian with server.app (Version 2.1.1 (127.19)).
The iCal service is running well. I connected several iCal Clients as we as Thunderbird lightnings and iPhones.
But when is try to open the calender service on on the server website "server.local/webcal" I get a meaasge that the calender service is deakivated and should be activated with the server app. How can I do this ?
NouggiHi Mark and many thanks for your help about Webcal services..
I got annother problem. My webcal service works fine with ssl certificate but i want to share that calendar with someone else.
The problem arrives when insted of getting redirection to my ical.app and get the adress for subscription y get a list in safari of all the appoinments of my calelndar called Collection Listing like i show you at the bottom:
Collection Listing
Name Size Last Modified MIME Type
009FB5C2-4783-4C20-A8B8-E2C7680A84FE.ics 1238 2012-Oct-16 23:36 text/calendar
0172E7B9-47D9-4DC5-8182-DBDD181D97B5.ics 1186 2012-Oct-16 23:36 text/calendar
02189E9C-E3BA-4C0B-8BC7-8CD7206DC0C1.ics 2657 2012-Oct-16 23:35 text/calendar
027941E6-2E59-4FE2-8381-2FBB54152ECE.ics 1156 2012-Oct-16 23:36 text/calendar
034E4B3C-BC55-484D-8A63-05E89F67156B.ics 1363 2012-Oct-16 23:36 text/calendar
03B9102B-E5D4-4EAD-801C-213BDFF5192E.ics 1420 2012-Oct-16 23:35 text/calendar
05524658-3043-4ED0-A22F-B318F4D2F729.ics 830 2012-Oct-16 23:36 text/calendar
05CD643B-2C65-47EC-B13F-254B94F55138.ics 1177 2012-Oct-16 23:35 text/calendar
07260FEB-8357-41E3-93D1-15FCCF751A21.ics 808 2012-Oct-16 23:35 text/calendar
07A56711-4250-4912-B79B-8519557C580B.ics 792 2012-Oct-16 23:36 text/calendar
07B24F80-A450-40D4-A62D-8381CDC3ABD4.ics 1325 2012-Oct-16 23:35 text/calendar
092D277C-50F5-4901-A9F0-F46A6C2938FD.ics 1215 2012-Oct-16 23:35 text/calendar
0A375A94-EEB2-4A37-B790-E5C172BD8172.ics 1512 2012-Oct-16 23:36 text/calendar
0AEC007E-C56D-455A-82C5-D3521543092A.ics 1332 2012-Oct-16 23:35 text/calendar
0C2B90A9-0A54-4C07-B87A-6CCB8B2E2732.ics 836 2012-Oct-16 23:35 text/calendar
0CB2317C-D5CB-4E99-BBC9-850950BF7864.ics 1345 2012-Oct-16 23:36 text/calendar
and so on....
Any help please ??? -
Is there a way to send info from cloud deployed app to a local app?
Hi
I have an application deployed to cloud service and through a iframe loaded in another local application.
I there a way to send info form the deployed cloud app to the local app?Thanks for the reply.
I created one webservice and deployed to cloud server. From browser am able to run the url and able to get the result.
https://...oraclecloudapps.com/CloudAppTest-ViewController-context-root/jersey/webServiceBean/text
The same url when am trying to access from a java code main
Client c = Client.create();
WebResource resource =
c.resource("https://...oraclecloudapps.com/CloudAppTest-ViewController-context-root/jersey/webServiceBean/text");
String response = resource.get(String.class);
System.out.println("response"+response);
getting Exception in thread "main" com.sun.jersey.api.client.UniformInterfaceException: GET https://...oraclecloudapps.com/CloudAppTest-ViewController-context-root/jersey/webServiceBean/text returned a response status of 302
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:607)
at com.sun.jersey.api.client.WebResource.get(WebResource.java:187)
at view.client.main(client.java:26)
Process exited with exit code 1.
Can please suggest on this.
Thanks
Jeeth -
Dear all,
i have a Windows 2008 Server (X64) with SQL 2005 SP3 and some troubels...
The SQL works since some week, this week we installed SQL SP3 and change of the local Admin password.
Yesterday we reboot the Server, now the SQL Server Agent is unable to start!
The SQL Server is up and running,
Errorlog:
2009-11-06 09:49:52.56 Server Microsoft SQL Server 2005 - 9.00.4035.00 (X64)
Nov 24 2008 16:17:31
Copyright (c) 1988-2005 Microsoft Corporation
Standard Edition (64-bit) on Windows NT 6.0 (Build 6002: Service Pack 2)
2009-11-06 09:49:52.56 Server (c) 2005 Microsoft Corporation.
2009-11-06 09:49:52.56 Server All rights reserved.
2009-11-06 09:49:52.56 Server Server process ID is 5912.
2009-11-06 09:49:52.56 Server Authentication mode is WINDOWS-ONLY.
2009-11-06 09:49:52.56 Server Logging SQL Server messages in file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'.
2009-11-06 09:49:52.56 Server This instance of SQL Server last reported using a process ID of 4424 at 11/6/2009 9:43:23 AM (local) 11/6/2009 8:43:23 AM (UTC). This is an informational message only; no user action is required.
2009-11-06 09:49:52.56 Server Registry startup parameters:
2009-11-06 09:49:52.56 Server -d C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf
2009-11-06 09:49:52.56 Server -e C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG
2009-11-06 09:49:52.56 Server -l C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf
2009-11-06 09:49:52.59 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
2009-11-06 09:49:52.59 Server Detected 4 CPUs. This is an informational message; no user action is required.
2009-11-06 09:49:52.67 Server Using dynamic lock allocation. Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node. This is an informational message only. No user action is required.
2009-11-06 09:49:52.71 Server Attempting to initialize Microsoft Distributed Transaction Coordinator (MS DTC). This is an informational message only. No user action is required.
2009-11-06 09:49:53.73 Server Attempting to recover in-doubt distributed transactions involving Microsoft Distributed Transaction Coordinator (MS DTC). This is an informational message only. No user action is required.
2009-11-06 09:49:53.73 Server Database mirroring has been enabled on this instance of SQL Server.
2009-11-06 09:49:53.73 spid4s Starting up database 'master'.
2009-11-06 09:49:53.86 spid4s Recovery is writing a checkpoint in database 'master' (1). This is an informational message only. No user action is required.
2009-11-06 09:49:53.95 spid4s SQL Trace ID 1 was started by login "sa".
2009-11-06 09:49:53.97 spid4s Starting up database 'mssqlsystemresource'.
2009-11-06 09:49:53.99 spid4s The resource database build version is 9.00.4035. This is an informational message only. No user action is required.
2009-11-06 09:49:54.16 spid9s Starting up database 'model'.
2009-11-06 09:49:54.17 spid4s Server name is 'VIE-EU-ARC-02'. This is an informational message only. No user action is required.
2009-11-06 09:49:54.19 Server The certificate was successfully loaded for encryption.
2009-11-06 09:49:54.19 Server Server is listening on [ 'any' <ipv6> 1433].
2009-11-06 09:49:54.19 Server Server is listening on [ 'any' <ipv4> 1433].
2009-11-06 09:49:54.19 Server Server local connection provider is ready to accept connection on [ \\.\pipe\SQLLocal\MSSQLSERVER ].
2009-11-06 09:49:54.19 Server Server local connection provider is ready to accept connection on [ \\.\pipe\sql\query ].
2009-11-06 09:49:54.19 Server Server is listening on [ ::1 <ipv6> 1434].
2009-11-06 09:49:54.19 Server Server is listening on [ 127.0.0.1 <ipv4> 1434].
2009-11-06 09:49:54.19 Server Dedicated admin connection support was established for listening locally on port 1434.
2009-11-06 09:49:54.31 Server SQL Server is now ready for client connections. This is an informational message; no user action is required.
2009-11-06 09:49:54.33 spid15s Starting up database 'AdventureWorks'.
2009-11-06 09:49:54.33 spid16s Starting up database 'EnterpriseVaultDirectory'.
2009-11-06 09:49:54.33 spid14s Starting up database 'Test'.
2009-11-06 09:49:54.33 spid12s Starting up database 'AdventureWorksDW'.
2009-11-06 09:49:54.33 spid17s Starting up database 'EnterpriseVaultMonitoring'.
2009-11-06 09:49:54.33 spid13s Starting up database 'msdb'.
2009-11-06 09:49:54.33 spid23s Starting up database 'EVVSExchangeVaultStore_2'.
2009-11-06 09:49:54.33 spid22s Starting up database 'EVVSGVIE_2_2'.
2009-11-06 09:49:54.33 spid24s Starting up database 'EVVSJournalVaultStore_3'.
2009-11-06 09:49:54.33 spid19s Starting up database 'EVVSVIEIT_1'.
2009-11-06 09:49:54.33 spid21s Starting up database 'ReportServerTempDB'.
2009-11-06 09:49:54.33 spid20s Starting up database 'ReportServer'.
2009-11-06 09:49:54.33 spid18s Starting up database 'EVVSGVIEIT_1_1'.
2009-11-06 09:49:54.56 spid9s Clearing tempdb database.
2009-11-06 09:49:54.61 spid19s CHECKDB for database 'EVVSVIEIT_1' finished without errors on 2009-10-28 18:06:14.107 (local time). This is an informational message only; no user action is required.
2009-11-06 09:49:54.65 spid23s CHECKDB for database 'EVVSExchangeVaultStore_2' finished without errors on 2009-11-04 18:05:33.960 (local time). This is an informational message only; no user action is required.
2009-11-06 09:49:54.71 spid24s CHECKDB for database 'EVVSJournalVaultStore_3' finished without errors on 2009-11-04 18:05:51.793 (local time). This is an informational message only; no user action is required.
2009-11-06 09:49:54.75 spid16s CHECKDB for database 'EnterpriseVaultDirectory' finished without errors on 2009-11-04 18:06:38.103 (local time). This is an informational message only; no user action is required.
2009-11-06 09:49:54.83 spid17s CHECKDB for database 'EnterpriseVaultMonitoring' finished without errors on 2009-11-04 18:06:18.570 (local time). This is an informational message only; no user action is required.
2009-11-06 09:49:54.99 spid4s Recovery of any in-doubt distributed transactions involving Microsoft Distributed Transaction Coordinator (MS DTC) has completed. This is an informational message only. No user action is required.
2009-11-06 09:49:55.55 spid9s Starting up database 'tempdb'.
2009-11-06 09:49:55.68 spid4s Recovery is complete. This is an informational message only. No user action is required.
2009-11-06 09:49:55.68 spid12s The Service Broker protocol transport is disabled or not configured.
2009-11-06 09:49:55.68 spid12s The Database Mirroring protocol transport is disabled or not configured.
2009-11-06 09:49:55.72 spid12s Service Broker manager has started.
Only the SQL Server Agent is unable to start,
Eventlog:
Log Name: Application
Source: SQLSERVERAGENT
Date: 06.11.2009 10:09:52
Event ID: 103
Task Category: Service Control
Level: Error
Keywords: Classic
User: N/A
Computer: vie-eu-arc-02.global.domain
Description:
SQLServerAgent could not be started (reason: Unable to connect to server '(local)'; SQLServerAgent cannot start).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SQLSERVERAGENT" />
<EventID Qualifiers="16384">103</EventID>
<Level>2</Level>
<Task>2</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T09:09:52.000Z" />
<EventRecordID>8486</EventRecordID>
<Channel>Application</Channel>
<Computer>vie-eu-arc-02.global.domain</Computer>
<Security />
</System>
<EventData>
<Data>Unable to connect to server '(local)'; SQLServerAgent cannot start</Data>
</EventData>
</Event>
SQLAgent.out Logfile:
2009-11-06 10:09:52 - ! [298] SQLServer Error: 233, Shared Memory Provider: No process is on the other end of the pipe. [SQLSTATE 08001]
2009-11-06 10:09:52 - ! [298] SQLServer Error: 233, Client unable to establish connection [SQLSTATE 08001]
2009-11-06 10:09:52 - ! [000] Unable to connect to server '(local)'; SQLServerAgent cannot start
2009-11-06 10:09:52 - ! [298] SQLServer Error: 233, Shared Memory Provider: No process is on the other end of the pipe. [SQLSTATE 08001]
2009-11-06 10:09:52 - ! [298] SQLServer Error: 233, Client unable to establish connection [SQLSTATE 08001]
2009-11-06 10:09:52 - ! [382] Logon to server '(local)' failed (DisableAgentXPs)
2009-11-06 10:09:53 - ? [098] SQLServerAgent terminated (normally)
Additional the SQL Server Management Studio is unable to logon to the Server:
TITLE: Connect to Server
Cannot connect to vie-eu-arc-02.
ADDITIONAL INFORMATION:
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.) (Microsoft SQL Server, Error: 233)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=233&LinkId=20476
The local Admin Password was reset to the "original" (after install) one.
Any ideas how to fix the problem?Dear all,
the encryption was NO on all protocols.
Because no additional ideas available, i uninstalled the SQL Server on friday.
At the Re-Install Process i got again an error:
[Microsoft][SQL Native Client]Shared Memory Provider: No process is on the
other end of the pipe .
The install process failed.
On google i found the same problem in an other thread:
http://groups.google.com/group/microsoft.public.sqlserver.connect/browse_thread/thread/dbec4a9a271f69a6/7cd22694da3a6062?lnk=st&q=%22Shared+Memory+Provider%3A+No+process+is+on+the+other+end+of+the+pipe%22&rnum=2&hl=en#7cd22694da3a6062
++++++
During the installation process of SQL Server 2005, Setup complains it cannot
connect to the database service for server configuration. The error was:
[Microsoft][SQL Native Client]Shared Memory Provider: No process is on the
other end of the pipe .
I have checked that the pipe exists (\\.\pipe\SQLLocal\MyInstance), but
everytime the installer attempts the connecting the pipe is closed by the
server and another is reopened. That's why the Client says there is no
process on the other end of the pipe.
I have re-installed 'everything', tried connections via TCP, but nothing
works.
I have made a small application to connect to the pipe and noticed that
there are 3 instances of the pipe running, one that I am connecting to, and 2
listening pipes. If I write to 'my' pipe SQL server disconnects the pipe and
reopens another too. The difference is that SQL server writes an error
message in the log file. No such luck when the Native client is doing the
same.
What more can I do?
++++++
and an answer
++++++
I finaly found the problem to be the certificate used.
I noticed that a certificate was added to the machinekeys just recently.
(in C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys)
I renamed it to another name and re-installed sql server.
I noticed that sql server ERRORLOG complained about certificate that it
couldn't load and the generation of a self-generaed certificate (see below)
"2005-12-10 21:01:02.30 Server The server could not load the
certificate it needs to initiate an SSL connection. It returned the following
error: 0x8009030d. Check certificates to make sure they are valid.
2005-12-10 21:01:02.49 Server A self-generated certificate was
successfully loaded for encryption."
Now the installation succeeded
++++++
With Windows 2008 it was really a challange to get access to this folder (!!!)
After clearing the folder the ReInstall of SQL Server works fine.
Now the SQL Server & the SQL Server Agent works again.
The problem was anything with encryption, old certs & files.
I don't think that everyone can afford reinstalling SQL server.
I finaly found the problem to be the certificate used.
I noticed that a certificate was added to the machinekeys just recently.
(in C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys)
I think this is what the following blog was saying , a problem with certification
http://blogs.msdn.com/sql_protocols/archive/2006/07/26/678596.aspx
Cheers
Please mark as answer if you think this answers your questions -
Delete AppStore via iTunes Works Fine, but the footprints are still visible. In the iPad Local app Store Looping at tab 'Not on iPad'. How can these footprints are Delegat too, so they aren' synchronised any more?
Click on the app and press delete.
-
How can i create a new item in the app "health"?
how can i create a new item in the app "health"? I need a field for documentation of "Waist-to-height ratio", exactly for "circumference".
It's a matter of common knowledge, that the Waist-to-height ratio (WHtR) has more significance then the Body-Mass-Index (BMI).If you mean you want to change a color of a calendar category or create a new one, you cannot do that, what is pre-loaded is what you get and cannot be edited.
-
Practical usage / difference - local vs server (local / network) accounts
I have purchased a book on Mountain Lion Server, looked on the Apple support community and the Internet but I cannot find a clear answer, or explanation, to my query.
Instead of looking at the features in Mountain Lion (ML) Server and Open Directory (OD) I'd like to approach this in terms of the functionality I would like to achieve. I am sure that many other people have had, will have, the same sort of questions.
Some background: I have an all Apple home network — few Mac machines (iMac, MacBook), iPad, iPhone & Airport Extreme. I recently purchased a Mac mini running ML which I have setup as a server. The installation went OK and the DNS setup is fine.
This is my question / requirement / clarification needed.
As I understand it there are three types of user accounts in OS X + OS X Server with OD:
Computer (standalone) Local — basically the account you would have on a Mac if you had only the one machine. Using (as I believe) a local 'Open Directory' (?) database.
Server 'Local User' — an account on the server using a local OD database on that specific server.
Server 'Local Network User' — an account on the server using a networked OD database on the server.
Below is what do I want to do — this is the functionality I want / don't want. I am aware that some of this functionality may, or may not, be available on OS X + Server + OD. Also I am looking at this from the perspective of a systems administrator of Windows + Active Directory sites — not saying that Windows & AD is better, but that that is my experience & frame of reference.
Access to shared common services — DHCP, DNS, Files, Mail, Calendar, Contacts, Messages, Time Machine backup, VPN. That is all the goodies I expected to get with a dedicated Mac mini OS X server machine.
To have access to those services within the home LAN and, as relevant (Mail, Contacts, Calendar, Messages) via the Internet. If via the Internet then securely via use of certificates.
Each user (currently) has their own machine with their (Unix style) home folder & files on that machine (the MacBook may have more than one account on it) and is logging locally onto their specific machines.
I do NOT want to have the user's (Unix style) home folder (and all folders within) to be on the server.
Users must be able to log onto their machines (i.e. MacBook) when outside the LAN and be able to access their local machine files.
Now we come to the question of which type of OS X + OS X Server (OD) account do I use for people — keep the local machine account? Use server account? If so then which — server 'Local User' or 'Local Network User'. Of course this can be framed as which OD a user authenticates against and what are the ramifications of each method.
Also relevant is the point that I don't believe OS X Server + OD supports the same concept of Windows called 'cached credentials'. Which means that I couldn't have, for example, files on a computer (MacBook) which have an ACL referencing a server user account GUID because they could not be accessed if the user account was not able to authenticate (outside the LAN) with the OD server.
Anyway to the questions — to achieve all, most of, the five functionality points in the list should I use (and why if someone could explain rationale):
Combination of computer (standalone) Local + server 'Local User' accounts? Obviously as users will be accessing resources on the server it cannot be just Computer (standalone) Local accounts.
Combination of computer Local + server 'Local Network User' accounts?
Just server 'Local Network User' accounts
I am suspecting that it will be option 1, combination of computer (standalone) Local + server 'Local User' accounts. If this option is used would there be a problem if the two accounts have the same username?
Thanks for any help, advice, and/or instruction. Also if anyone has links to further information that would be much appreciated.Most services (calendar, contacts, vpn) require that your users authenticate via Open Directory.
Your admin account can be local, but put your users in Local-Network (in 10.8 terms) -
P13N Server and App Server on separate systems - strange ports opened
Hi -
We have a configuration using WebLogic Personalization Server 3.1.1 on one
server and WebLogic Application Server 5.1 w/Service Pack 6 on another
server. What we've seen with our firewall configuration is that it appears
there are high-number random ports opened occasionally from the App Server
to the P13N Server, which d not appear to be related to connection attempts
(ex: port 42100). The only communication that we know should be happening
between the two systems are T3-based JNDI lookups, LDAP lookup/update
requests, and SQL queries. My questions, then, are as follows:
1) In handling JNDI requests, are there any callbacks that can occur between
the two servers in this configuration on a different port?
2) When separating the P13N Server and App Server, are there any "private"
ports opened between the two systems for management? As far as I know, the
App Server should simply view the P13N Server as another client, but the
firewall log would indicate that something is going on related to this.
If anyone has a similar config and can provide some info related to
potentially unseen port connections, please let me know. Thanks in advance!
Andy
[email protected]
Haakon,
I think the BPEL forum is the better source to ask
BPEL
Frank -
Error in New Models Creation - Loadbalancing /Single Server locally
Is there any possibility of below error when Creating New Models with Single Server and but NOT Working with Load balancing Option.
The same code worked when connecting to Single Server locally but doesn't work when New models were created by selection of loadbalancing Option on Remote Server..during development on source from DTR Server(SLD)..
I get below error when New Model created with loadbalancing option
Error - com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Error connecting using JCO.Client: null
Edited by: Raghu v on Jan 26, 2008 1:27 PMHi,
In EAS, I am getting some for Planning Outline(Essbase outline is working fine), While starting the Planning service through start menu, it throwing error as
Query Failed: SQL_SYSDB_DELETE_EXPIRED_EXTERNAL_ACTIONS:[100]
java.sql.SQLException: [Hyperion][Oracle JDBC Driver][Oracle]ORA-00932: inconsistent datatypes: expected INTERVAL DAY TO SECOND got NUMBER
at hyperion.jdbc.base.BaseExceptions.createException(Unknown Source)
at hyperion.jdbc.base.BaseExceptions.getException(Unknown Source)
at hyperion.jdbc.oracle.OracleImplStatement.execute(Unknown Source)
at hyperion.jdbc.base.BaseStatement.commonExecute(Unknown Source)
at hyperion.jdbc.base.BaseStatement.executeUpdateInternal(Unknown Source)
at hyperion.jdbc.base.BasePreparedStatement.executeUpdate(Unknown Source)
at com.hyperion.planning.sql.HspSQLImpl.executeUpdate(Unknown Source)
at com.hyperion.planning.sql.HspSQLImpl.executeUpdate(Unknown Source)
at com.hyperion.planning.event.HspSysExtChangeHandler.actionPoller(Unknown Source)
at com.hyperion.planning.event.HspSysExtChangeHandler.run(Unknown Source)
Error encountered with Database connection, recreating connections.
Nested Exception: java.sql.SQLException: [Hyperion][Oracle JDBC Driver][Oracle]ORA-00932: inconsistent datatypes: expected INTERVAL DAY TO SECOND got NUMBER
Thanks,
CP -
Cisco 871w, radius server local, and leap or eap-fast will not authenticate
Hello, i trying to setup eap-fast or leap on my 871w. i belive i have it confiured correctly but i can not get any device to authenticate to router. Below is the confiureation that i being used. any help would be welcome!
! Last configuration change at 15:51:30 AZT Wed Jan 4 2012 by testtest
! NVRAM config last updated at 15:59:37 AZT Wed Jan 4 2012 by testtest
version 12.4
configuration mode exclusive auto
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service pt-vty-logging
service sequence-numbers
hostname router871
boot-start-marker
boot-end-marker
logging count
logging message-counter syslog
logging buffered 4096
logging rate-limit 512 except critical
logging console critical
enable secret 5 <omitted>
aaa new-model
aaa group server radius rad-test3
server 192.168.16.49 auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login eap-methods group rad-test3
aaa authorization exec default local
aaa session-id common
clock timezone AZT -7
clock save interval 8
dot11 syslog
dot11 ssid test2
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 <omitted>
dot11 ssid test1
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 <omitted>
dot11 ssid test3
vlan 3
authentication open eap eap-methods
authentication network-eap eap-methods
no ip source-route
no ip gratuitous-arps
ip options drop
ip dhcp bootp ignore
ip dhcp excluded-address 192.162.16.49 192.162.16.51
ip dhcp excluded-address 192.168.16.33
ip dhcp excluded-address 192.168.16.1 192.168.16.4
ip dhcp pool vlan1pool
import all
network 192.168.16.0 255.255.255.224
default-router 192.168.16.1
domain-name test1.local.home
lease 4
ip dhcp pool vlan2pool
import all
network 192.168.16.32 255.255.255.240
default-router 192.168.16.33
domain-name test2.local.home
lease 0 6
ip dhcp pool vlan3pool
import all
network 192.168.16.48 255.255.255.240
default-router 192.168.16.49
domain-name test3.local.home
lease 2
ip cef
ip inspect alert-off
ip inspect max-incomplete low 25
ip inspect max-incomplete high 50
ip inspect one-minute low 25
ip inspect one-minute high 50
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 30
ip inspect tcp synwait-time 60
ip inspect tcp block-non-session
ip inspect tcp max-incomplete host 25 block-time 2
ip inspect name firewall tcp router-traffic
ip inspect name firewall ntp
ip inspect name firewall ftp
ip inspect name firewall udp router-traffic
ip inspect name firewall pop3
ip inspect name firewall pop3s
ip inspect name firewall imap
ip inspect name firewall imap3
ip inspect name firewall imaps
ip inspect name firewall smtp
ip inspect name firewall ssh
ip inspect name firewall icmp router-traffic timeout 10
ip inspect name firewall dns
ip inspect name firewall h323
ip inspect name firewall hsrp
ip inspect name firewall telnet
ip inspect name firewall tftp
no ip bootp server
no ip domain lookup
ip domain name local.home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip accounting-threshold 100
ip accounting-list 192.168.16.0 0.0.0.31
ip accounting-list 192.168.16.32 0.0.0.15
ip accounting-list 192.168.16.48 0.0.0.15
ip accounting-transits 25
login block-for 120 attempts 5 within 60
login delay 5
login on-failure log
memory free low-watermark processor 65536
memory free low-watermark IO 16384
username testtest password 7 <omitted>
archive
log config
logging enable
logging size 255
notify syslog contenttype plaintext
hidekeys
path tftp://<omitted>/archive-config
write-memory
ip tcp synwait-time 10
ip ssh time-out 20
ip ssh authentication-retries 2
ip ssh logging events
ip ssh version 2
bridge irb
interface Loopback0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
interface Null0
no ip unreachables
interface FastEthernet0
switchport mode trunk
shutdown
interface FastEthernet1
switchport mode trunk
shutdown
interface FastEthernet2
shutdown
spanning-tree portfast
interface FastEthernet3
spanning-tree portfast
interface FastEthernet4
description Cox Internet Connection
ip address dhcp
ip access-group ingress-filter in
ip access-group egress-filter out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip flow egress
ip inspect firewall out
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
load-interval 30
duplex auto
speed auto
no cdp enable
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 2 mode ciphers aes-ccm
encryption key 1 size 128bit 7 <omitted> transmit-key
encryption mode wep mandatory
broadcast-key vlan 1 change <omitted> membership-termination
broadcast-key vlan 3 change <omitted> membership-termination
broadcast-key vlan 2 change <omitted> membership-termination
ssid test2
ssid test1
ssid test3
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
rts threshold 2312
no cdp enable
interface Dot11Radio0.1
description <omitted>
encapsulation dot1Q 1 native
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
description <omitted>
encapsulation dot1Q 2
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio0.3
description <omitted>
encapsulation dot1Q 3
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
interface Vlan1
description <omitted>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan2
description <omitted>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 2
bridge-group 2 spanning-disabled
interface Vlan3
description <omitted>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 3
bridge-group 3 spanning-disabled
interface BVI1
description <omitted>
ip address 192.168.16.1 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
interface BVI2
description <omitted>
ip address 192.168.16.33 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
interface BVI3
description <omitted>
ip address 192.168.16.49 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha rc4-128-sha
ip http timeout-policy idle 5 life 43200 requests 5
ip flow-top-talkers
top 10
sort-by bytes
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.16.50 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.16.50 53 interface FastEthernet4 53
ip nat inside source static tcp 192.168.16.50 3074 interface FastEthernet4 3074
ip nat inside source static udp 192.168.16.50 3074 interface FastEthernet4 3074
ip nat inside source static udp 192.168.16.50 88 interface FastEthernet4 88
ip nat inside source static udp 192.168.16.50 53 interface FastEthernet4 53
ip access-list extended egress-filter
deny ip any host <omitted>
deny ip any host <omitted>
deny ip host <omitted> any
deny ip host <omitted> any
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.10.9.255 any
deny ip 10.0.0.0 0.10.13.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.15.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
permit ip <omitted> 0.0.0.3 any
deny ip any any log
ip access-list extended ingress-filter
remark ----- To get IP form COX -----
permit udp any eq bootps any eq bootpc
deny icmp any any log
deny udp any any eq echo
deny udp any eq echo any
deny tcp any any fragments
deny udp any any fragments
deny ip any any fragments
deny ip any any option any-options
deny ip any any ttl lt 4
deny ip any host <omitted>
deny ip any host <omitted>
deny udp any any range 33400 34400
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
deny ip 10.10.10.0 0.0.0.255 any
deny ip 10.10.11.0 0.0.0.255 any
deny ip 10.10.12.0 0.0.0.255 any
deny ip any any log
access-list 1 permit 192.168.16.0 0.0.0.63
access-list 20 permit 127.127.1.1
access-list 20 permit 204.235.61.9
access-list 20 permit 173.201.38.85
access-list 20 permit 216.229.4.69
access-list 20 permit 152.2.21.1
access-list 20 permit 130.126.24.24
access-list 21 permit 192.168.16.0 0.0.0.63
radius-server local
no authentication mac
eapfast authority id <omitted>
eapfast authority info <omitted>
eapfast server-key primary 7 <omitted>
nas 192.168.16.49 key 7 <omitted>
group rad-test3
vlan 3
ssid test3
user test nthash 7 <omitted> group rad-test3
user testtest nthash 7 <omitted> group rad-test3
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.16.49 auth-port 1812 acct-port 1813 key 7 <omitted>
radius-server vsa send accounting
control-plane host
control-plane transit
control-plane cef-exception
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
line con 0
password 7 <omitted>
logging synchronous
no modem enable
transport output telnet
line aux 0
password 7 <omitted>
logging synchronous
transport output telnet
line vty 0 4
password 7 <omitted>
logging synchronous
transport preferred ssh
transport input ssh
transport output ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
process cpu threshold type total rising 80 interval 10 falling 40 interval 10
ntp authentication-key 1 md5 <omitted> 7
ntp authenticate
ntp trusted-key 1
ntp source FastEthernet4
ntp access-group peer 20
ntp access-group serve-only 21
ntp master 1
ntp server 152.2.21.1 maxpoll 4
ntp server 204.235.61.9 maxpoll 4
ntp server 130.126.24.24 maxpoll 4
ntp server 216.229.4.69 maxpoll 4
ntp server 173.201.38.85 maxpoll 4
endso this what i am getting now for debug? any thoughs?
010724: Jan 5 16:26:04.527 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/2
010725: Jan 5 16:26:08.976 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/2
010726: Jan 5 16:26:08.976 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL
010727: Jan 5 16:26:08.976 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
010728: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
010729: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
010730: Jan 5 16:26:08.976 AZT: Client d8b3.7759.0488 failed: EAP reason 1
010731: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1
010732: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488
010733: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488
010734: Jan 5 16:26:08.976 AZT: EAPOL pak dump tx
010735: Jan 5 16:26:08.976 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0004
010736: Jan 5 16:26:08.976 AZT: EAP code: 0x4 id: 0x1 length: 0x0004
0AD05650: 01000004 04010004 ........
0AD05660:
010737: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: sending data to requestor status 1
010738: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010739: Jan 5 16:26:08.980 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
010740: Jan 5 16:26:08.980 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488
010741: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: sending data to requestor status 0
010742: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1
010743: Jan 5 16:26:08.980 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
010744: Jan 5 16:26:08.984 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed
010745: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010746: Jan 5 16:26:09.624 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010747: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: req->auth_type 0
010748: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010749: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010750: Jan 5 16:26:09.624 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010751: Jan 5 16:26:09.624 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010752: Jan 5 16:26:09.624 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010753: Jan 5 16:26:09.624 AZT: EAPOL pak dump tx
010754: Jan 5 16:26:09.624 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010755: Jan 5 16:26:09.624 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0AD05B50: 01000031 01010031 ...1...1
0AD05B60: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0AD05B80: 72383731 2C706F72 7469643D 30 r871,portid=0
010756: Jan 5 16:26:09.644 AZT: dot11_auth_send_msg: sending data to requestor status 1
010757: Jan 5 16:26:09.648 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010758: Jan 5 16:26:09.648 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010759: Jan 5 16:26:09.656 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
010760: Jan 5 16:26:09.656 AZT: EAPOL pak dump rx
010761: Jan 5 16:26:09.656 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0009
010762: Jan 5 16:26:09.656 AZT: EAP code: 0x2 id: 0x1 length: 0x0009 type: 0x1
0B060D50: 01000009 02010009 ........
0B060D60: 01746573 74 .test
010763: Jan 5 16:26:09.660 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488
010764: Jan 5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server
010765: Jan 5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
010766: Jan 5 16:26:09.664 AZT: RADIUS/ENCODE(00000198):Orig. component type = DOT11
010767: Jan 5 16:26:09.664 AZT: RADIUS: AAA Unsupported Attr: ssid [282] 8
010768: Jan 5 16:26:09.664 AZT: RADIUS: 74 6F 79 73 6F 6E [toyson]
010769: Jan 5 16:26:09.664 AZT: RADIUS: AAA Unsupported Attr: interface [175] 3
010770: Jan 5 16:26:09.664 AZT: RADIUS: 36 [6]
010771: Jan 5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49
010772: Jan 5 16:26:09.664 AZT: RADIUS/ENCODE(00000198): acct_session_id: 408
010773: Jan 5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49
010774: Jan 5 16:26:09.664 AZT: RADIUS(00000198): sending
010775: Jan 5 16:26:09.664 AZT: RADIUS(00000198): Send Access-Request to 162.168.16.49:1645 id 1645/3, len 133
010776: Jan 5 16:26:09.664 AZT: RADIUS: authenticator BF 69 DD DF 89 1F C6 FB - EF EC 12 EB C5 3F 3A CD
010777: Jan 5 16:26:09.664 AZT: RADIUS: User-Name [1] 6 "test"
010778: Jan 5 16:26:09.664 AZT: RADIUS: Framed-MTU [12] 6 1400
010779: Jan 5 16:26:09.664 AZT: RADIUS: Called-Station-Id [30] 16 "0019.3075.e660"
010780: Jan 5 16:26:09.664 AZT: RADIUS: Calling-Station-Id [31] 16 "d8b3.7759.0488"
010781: Jan 5 16:26:09.668 AZT: RADIUS: Service-Type [6] 6 Login [1]
010782: Jan 5 16:26:09.668 AZT: RADIUS: Message-Authenticato[80] 18
010783: Jan 5 16:26:09.668 AZT: RADIUS: 5B FA 47 07 0E E3 4B 71 7F 60 6E 4E 91 37 84 A6 [[?G???Kq?`nN?7??]
010784: Jan 5 16:26:09.668 AZT: RADIUS: EAP-Message [79] 11
010785: Jan 5 16:26:09.668 AZT: RADIUS: 02 01 00 09 01 74 65 73 74 [?????test]
010786: Jan 5 16:26:09.668 AZT: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
010787: Jan 5 16:26:09.668 AZT: RADIUS: NAS-Port [5] 6 661
010788: Jan 5 16:26:09.668 AZT: RADIUS: NAS-Port-Id [87] 5 "661"
010789: Jan 5 16:26:09.668 AZT: RADIUS: NAS-IP-Address [4] 6 192.168.16.49
010790: Jan 5 16:26:09.668 AZT: RADIUS: Nas-Identifier [32] 11 "router871"
010791: Jan 5 16:26:14.501 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
router871#
010792: Jan 5 16:26:19.018 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
router871#
010793: Jan 5 16:26:23.739 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
router871#
010794: Jan 5 16:26:28.700 AZT: RADIUS: Fail-over to (162.168.16.49:1812,1813) for id 1645/3
router871#
010795: Jan 5 16:26:33.629 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
router871#
010796: Jan 5 16:26:38.494 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
router871#
010797: Jan 5 16:26:39.794 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
010798: Jan 5 16:26:39.794 AZT: EAPOL pak dump rx
010799: Jan 5 16:26:39.794 AZT: EAPOL Version: 0x1 type: 0x1 length: 0x0000
0AD053D0: 01010000 ....
010800: Jan 5 16:26:39.798 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for d8b3.7759.0488
010801: Jan 5 16:26:39.798 AZT: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
router871#
010802: Jan 5 16:26:43.007 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
router871#
010803: Jan 5 16:26:47.336 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/3
010804: Jan 5 16:26:47.336 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL
010805: Jan 5 16:26:47.336 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
010806: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
010807: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
010808: Jan 5 16:26:47.336 AZT: Client d8b3.7759.0488 failed: EAP reason 1
010809: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1
010810: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488
010811: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488
010812: Jan 5 16:26:47.336 AZT: EAPOL pak dump tx
010813: Jan 5 16:26:47.336 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0004
010814: Jan 5 16:26:47.336 AZT: EAP code: 0x4 id: 0x1 length: 0x0004
0B060710: 01000004 04010004 ........
0B060720:
010815: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: sending data to requestor status 1
010816: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010817: Jan 5 16:26:47.340 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
010818: Jan 5 16:26:47.340 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488
010819: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: sending data to requestor status 0
010820: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1
router871#
010821: Jan 5 16:26:47.340 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
010822: Jan 5 16:26:47.344 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed
010823: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010824: Jan 5 16:26:47.972 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010825: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: req->auth_type 0
010826: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010827: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010828: Jan 5 16:26:47.976 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010829: Jan 5 16:26:47.976 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010830: Jan 5 16:26:47.976 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010831: Jan 5 16:26:47.976 AZT: EAPOL pak dump tx
010832: Jan 5 16:26:47.976 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010833: Jan 5 16:26:47.976 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0AD05B50: 01000031 01010031 ...1...1
0AD05B60: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0AD05B80: 72383731 2C706F72 7469643D 30 r871,portid=0
010834: Jan 5 16:26:47.996 AZT: dot11_auth_send_msg: sending data to requestor status 1
010835: Jan 5 16:26:47.996 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010836: Jan 5 16:26:47.996 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010837: Jan 5 16:26:47.996 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488
010838: Jan 5 16:26:47.996 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1
router871#
010839: Jan 5 16:26:47.996 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
router871#
010840: Jan 5 16:26:58.634 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010841: Jan 5 16:26:58.634 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010842: Jan 5 16:26:58.638 AZT: dot11_auth_add_client_entry: req->auth_type 0
010843: Jan 5 16:26:58.638 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010844: Jan 5 16:26:58.638 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010845: Jan 5 16:26:58.638 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010846: Jan 5 16:26:58.638 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010847: Jan 5 16:26:58.638 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010848: Jan 5 16:26:58.638 AZT: EAPOL pak dump tx
010849: Jan 5 16:26:58.638 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010850: Jan 5 16:26:58.638 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0B060710: 01000031 01010031 ...1...1
0B060720: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0B060730: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0B060740: 72383731 2C706F72 7469643D 30 r871,portid=0
010851: Jan 5 16:26:58.658 AZT: dot11_auth_send_msg: sending data to requestor status 1
010852: Jan 5 16:26:58.658 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010853: Jan 5 16:26:58.658 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010854: Jan 5 16:27:01.603 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488
010855: Jan 5 16:27:01.603 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1
010856: Jan 5 16:27:01.603 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
010857: Jan 5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list ingress-filter denied tcp 32.42.41.254(57443) -> 72.201.117.84(59652), 1 packet
010858: Jan 5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list egress-filter denied tcp 22.3.184.118(0) -> 74.125.53.188(0), 4 packets
010859: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010860: Jan 5 16:27:12.261 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010861: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: req->auth_type 0
010862: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010863: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010864: Jan 5 16:27:12.261 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010865: Jan 5 16:27:12.261 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010866: Jan 5 16:27:12.261 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010867: Jan 5 16:27:12.261 AZT: EAPOL pak dump tx
010868: Jan 5 16:27:12.261 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010869: Jan 5 16:27:12.261 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0B060FD0: 01000031 01010031 ...1...1
0B060FE0: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0B060FF0: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0B061000: 72383731 2C706F72 7469643D 30 r871,portid=0
010870: Jan 5 16:27:12.285 AZT: dot11_auth_send_msg: sending data to requestor status 1
010871: Jan 5 16:27:12.285 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010872: Jan 5 16:27:12.285 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010873: Jan 5 16:27:12.293 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
010874: Jan 5 16:27:12.293 AZT: EAPOL pak dump rx
010875: Jan 5 16:27:12.293 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0009
010876: Jan 5 16:27:12.293 AZT: EAP code: 0x2 id: 0x1 length: 0x0009 type: 0x1
0AD05290: 01000009 02010009 ........
0AD052A0: 01746573 74 .test
010877: Jan 5 16:27:12.301 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488
010878: Jan 5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server
010879: Jan 5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
010880: Jan 5 16:27:12.301 AZT: RADIUS/ENCODE(0000019B):Orig. component type = DOT11
010881: Jan 5 16:27:12.305 AZT: RADIUS: AAA Unsupported Attr: ssid [282] 8
010882: Jan 5 16:27:12.305 AZT: RADIUS: 74 6F 79 73 6F 6E [toyson]
010883: Jan 5 16:27:12.305 AZT: RADIUS: AAA Unsupported Attr: interface [175] 3
010884: Jan 5 16:27:12.305 AZT: RADIUS: 36 [6]
010885: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49
010886: Jan 5 16:27:12.305 AZT: RADIUS/ENCODE(0000019B): acct_session_id: 411
010887: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49
010888: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): sending
010889: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): Send Access-Request to 162.168.16.49:1645 id 1645/4, len 133
010890: Jan 5 16:27:12.305 AZT: RADIUS: authenticator 6F 6C 63 31 88 DE 30 A2 - C2 06 12 EB 50 A3 53 36
010891: Jan 5 16:27:12.305 AZT: RADIUS: User-Name [1] 6 "test"
010892: Jan 5 16:27:12.305 AZT: RADIUS: Framed-MTU [12] 6 1400
010893: Jan 5 16:27:12.305 AZT: RADIUS: Called-Station-Id [30] 16 "0019.3075.e660"
010894: Jan 5 16:27:12.305 AZT: RADIUS: Calling-Station-Id [31] 16 "d8b3.7759.0488"
010895: Jan 5 16:27:12.305 AZT: RADIUS: Service-Type [6] 6 Login [1]
010896: Jan 5 16:27:12.305 AZT: RADIUS: Message-Authenticato[80] 18
010897: Jan 5 16:27:12.305 AZT: RADIUS: 9D D5 62 1A 38 13 94 30 3A 43 D7 A4 AE A4 43 64 [??b?8??0:C????Cd]
010898: Jan 5 16:27:12.305 AZT: RADIUS: EAP-Message [79] 11
010899: Jan 5 16:27:12.305 AZT: RADIUS: 02 01 00 09 01 74 65 73 74 [?????test]
010900: Jan 5 16:27:12.305 AZT: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
010901: Jan 5 16:27:12.305 AZT: RADIUS: NAS-Port [5] 6 664
010902: Jan 5 16:27:12.309 AZT: RADIUS: NAS-Port-Id [87] 5 "664"
010903: Jan 5 16:27:12.309 AZT: RADIUS: NAS-IP-Address [4] 6 192.168.16.49
010904: Jan 5 16:27:12.309 AZT: RADIUS: Nas-Identifier [32] 11 "router871"
010905: Jan 5 16:27:16.642 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/4 -
Client/server RMI app using Command pattern: return values and exceptions
I'm developing a client/server java app via RMI. Actually I'm using the cajo framework overtop RMI (any cajo devs/users here?). Anyways, there is a lot of functionality the server needs to expose, all of which is split and encapsulated in manager-type classes that the server has access to. I get the feeling though that bad things will happen to me in my sleep if I just expose instances of the managers, and I really don't like the idea of writing 24682763845 methods that the server needs to individually expose, so instead I'm using the Command pattern (writing 24682763845 individual MyCommand classes is only slightly better). I haven't used the command pattern since school, so maybe I'm missing something, but I'm finding it to be messy. Here's the setup: I've got a public abstract Command which holds information about which user is attempting to execute the command, and when, and lots of public MyCommands extending Command, each with a mandatory execute() method which does the actual dirty work of talking to the model-functionality managers. The server has a command invoker executeCommand(Command cmd) which checks the authenticity of the user prior to executing the command.
What I'm interested in is return values and exceptions. I'm not sure if these things really fit in with a true command pattern in general, but it sure would be nice to have return values and exceptions, even if only for the sake of error detection.
First, return values. I'd like each Command to return a result, even if it's just boolean true if nothing went wrong, so in my Command class I have a private Object result with a protected setter, public getter. The idea is, in the execute() method, after doing what needs to be done, setResult(someResult) is called. The invoker on the server, after running acommand.execute() eventually returns acommand.getResult(), which of course is casted by the client into whatever it should be. I don't see a way to do this using generics though, because I don't see a way to have the invoker's return value as anything other than Object. Suggestions? All this means is, if the client were sending a GetUserCommand cmd I'd have to cast like User user = (User)server.executeCommand(cmd), or sending an AssignWidgetToGroup cmd I'd have to cast like Boolean result = (Boolean)server.executeCommand(cmd). I guess that's not too bad, but can this be done better?
Second, exceptions. I can have the Command's execute() method throw Exception, and the server's invoker method can in turn throw that Exception. Problem is, with a try/catch on the client side, using RMI (or is this just a product of cajo?) ensures that any exception thrown by a remote method will come back as a java.lang.reflect.InvocationTargetException. So for example, if in MyCommand.execute() I throw new MySpecialException, the server's command invoker method will in turn throw the same exception, however the try/catch on the client side will catch InvocationTargetException e. If I do e.getCause().printStackTrace(), THERE be my precious MySpecialException. But how do I catch it? Can it be caught? Nested try/catch won't work, because I can't re-throw the cause of the original exception. For now, instead of throwing exceptions the server is simply returning null if things don't go as planned, meaning on the client side I would do something like if ((result = server.executeCommand(cmd)) == null) { /* deal with it */ } else { /* process result, continue normally */ }.
So using the command pattern, although doing neat things for me like centralizing access to the server via one command-invoking method which avoids exposing a billion others, and making it easy to log who's running what and when, causes me null-checks, casting, and no obvious way of error-catching. I'd be grateful if anyone can share their thoughts/experiences on what I'm trying to do. I'll post some of my code tomorrow to give things more tangible perspective.First of all, thanks for taking the time to read, I know it's long.
Secondly, pardon me, but I don't see how you've understood that I wasn't going to or didn't want to use exceptions, considering half my post is regarding how I can use exceptions in my situation. My love for exception handling transcends time and space, I assure you, that's why I made this thread.
Also, you've essentially told me "use exceptions", "use exceptions", and "you can't really use exceptions". Having a nested try/catch anytime I want to catch the real exception does indeed sound terribly weak. Just so I'm on the same page though, how can I catch an exception, and throw the cause?
try {
catch (Exception e) {
Throwable t = e.getCause();
// now what?
}Actually, nested try/catches everywhere is not happening, which means I'm probably going to ditch cajo unless there's some way to really throw the proper exception. I must say however that cajo has done everything I've needed up until now.
Anyways, what I'd like to know is...what's really The Right Way (tm) of putting together this kind of client/server app? I've been thinking that perhaps RMI is not the way to go, and I'm wondering if I should be looking into more of a cross-language RPC solution. I definitely do want to neatly decouple the client from server, and the command pattern did seem to do that, but maybe it's not the best solution.
Thanks again for your response, ejp, and as always any comments and/or suggestions would be greatly appreciated. -
OutOfMemory*Error with serv/cli app
Hi, I'm new to this forum, and I'd like to submiot my dilemnas:
I wrote a server- client app, using TCP/IP and ObjectOuput/InputStream.
The sequence diagram is the following: The server send a message, and immediatly after the client answers, ant this while(true).
This app is to run 24/7. It works well until 800.000 messages are sent/received. Then I get a OutOf MemoryErroor, whileas I create only one message to be send & one to receive data, at the begenning. Then in the infinite loop, I receive one message, I sent my message.
And the other dilemna is that when I run the server & the client on the same machine, the consuption of memory is in constant increase, and 99-100% of the CPU is needed, but when it runs on separate machines, it takes <2-3
% CPU and <1 Mo of memory, constant.
Can you help me?Thanks for replying Dave. Sorry its taken me a while to reply, I've had internet problems for a couple of weeks now.
I'm not making any socket connections at present, actually.
I have run the midlet on a Sony Ericsson K750i and it works fine, displaying non of the problems above.
Am still trying to get to the bottom of it...
Maybe you are looking for
-
Create a new document in Sharepoint Document Library/OneDrive on iPad/Safari
Hi, My users are having trouble creating a new document from OneDrive in Safari on their iPads. The screen goes grey like its going to show the popup to select the new file type, but the popup never comes up. If they clear their cache, it works for e
-
How to add an embedded report to custom UI?
Dear colleagues: Since now I am doing investigation on this:How to add an embedded report to custom UI , so do you have some guideline doc for this? Requirement is: Customer want to add a custom report to a custom FS page. And it has some standard fi
-
HT5559 This article's information is incomplete.
It allows one to remove Java 7 but does not allow for the reinstallation of Java 6. I updated my OS from Snow Leopared to Mt Lion and now I can no longer play Yahoo games. Historically, this issue recurrs. You'd think that the makers of Java would be
-
Identifying the Admin users in an applicaiton
Hi I am trying to identify admin users from other users so that they have priviledge to access certain areas and where other common users are not allowed... How do I implement this in JSP? Can this be done also in Tomcat? Please Help.
-
Dreamweaver CS4 Auto-Indent Ruined
Auto-indenting in CS3 was great. When you hit the enter/return key in dreamweaver, the type cursor was taken to the next line, tabbed into the same depth as the previous line. In Dreamweaver CS4 however, Adobe has tried to make it more intelligent (w