Sendmail auth/ident checking issue
Hi All,
I have a problem sending mail to a host which seems to have sendmail configured to use Ident port (113) to check back on the mail sender. The host is Sol 9 and sendmail version is 8.13.8+Sun/8.12.9.
My problem is that this port is not enabled on the firewalls between sender and receiver so the ident checking and hence the mail is failing and I need to turn this checking off.
I modified sendmail.cf to include an ident timeout "O Timeout.ident=0s" which I believe is supposed to eliminate this checking yet firewall logs indicate it is still happening.
I can telnet the server on port 25 and have dialogue with the mail server and even supposedly leave a mail though when I try to check it on the host it says there is none.
Any advice on how to get the mail through - particularly any more sendmail.cf settings - would be greatly appreciated.
cheers,
Well, um, no.
tcp_auth is never the first channel a message hits. It's only switched there after authentication happens.
It sould like you're more interested in what the "from" is than if the user authenticates, right?
Your messages will be hitting tcp_local first, then possibly switching to tcp_intranet, or tcp_auth
Likely, the easiest way to do what you want is through somthing in mappings, or through a sieve filter.
Similar Messages
-
What can I do against the Identity Check from Entourage
What can I do against the Identity Check from Entourage???
Looks like you may have stumped the members. Can you explain in more detail? I've used Entourage for as long as it's been out and don't remember encountering an "Identity check" issue.
What version of Entourage? X, 2004, 2008, 2011?
Also --please modify your equipment line to correct your OS version. "iOS" is not a Mac computer operating system. It only runs of iPods, iPads and iPhones, not real computers. Do About this Mac from your Apple menu; that will show your OS version. -
Hi,
I have a slight issue I'm having some problems resolving..
The scenario is as follows;
I have an external provider which connects to me via VPN to a Juniper SSG firewall, that works fine.
I then have an external site, which does NOT reside in my MPLS cloud, so I have to deploy IPSec via Internet to reach it.
That also works fine and I have multiple SA's running on that site with no issues or problems.
The external provider has a small network device deployed on the external site which monitor cooling values in one of our warehouses.
The external site which is connect via IPSEC has a Cisco 1921 and a numerous Cisco 3550 deployed.
The VLAN for the cooling provider is vlan 150 and is setup with 10.150.4.0/24 where .1 is the def gw and .10 is the cooling monitor device.
The external provider's servers are located within 192.168.220.0/24 subnet.
As of right now, we can reach the Cisco 1921 through the whole IPsec tunnel from 192.168.220.182 with all services, ping, telnet whatnot, but we are unable to ping the cooling device from 192.168.220.0/24.
However from the Cisco 1921, we can ping both 192.168.220.0/24 and the locally connected 10.150.4.10
So basicly it seems to be the last bit when the traffic goes through the 1921 and to the switch where it fails and I can't for the life of me figure out why.
Network diagram attached.. any ideas?
This is the 1921 config:
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname bergen-vpn-gw
boot-start-marker
boot system flash flash:c1841-adventerprisek9-mz.124-25d.bin
boot-end-marker
logging buffered 50000
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
aaa session-id common
clock timezone CET 1
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
no ipv6 cef
no ip source-route
ip cef
no ip bootp server
no ip domain lookup
ip domain name xxxxx
multilink bundle-name authenticated
license udi pid CISCO1921/K9 sn FCZ1508C1P4
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
vtp mode client
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key harakiri address 1.2.3.4
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto map VPN 10 ipsec-isakmp
set peer 1.2.3.4
set transform-set 3DES-SHA
match address VPN
interface GigabitEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0/0.99
description *** Test VLAN To be removed ***
encapsulation dot1Q 99
ip address 10.90.90.1 255.255.255.0
no ip route-cache
interface GigabitEthernet0/0.112
encapsulation dot1Q 112
ip address 192.168.112.1 255.255.255.0
ip helper-address 172.30.1.223
no ip route-cache
interface GigabitEthernet0/0.150
encapsulation dot1Q 150
ip address 10.150.4.1 255.255.255.0
no ip redirects
no ip proxy-arp
no ip route-cache
interface GigabitEthernet0/0.178
encapsulation dot1Q 178
ip address 192.168.178.1 255.255.255.0
ip helper-address 172.30.1.223
no ip redirects
no ip proxy-arp
no ip route-cache
interface GigabitEthernet0/0.999
encapsulation dot1Q 999
no ip route-cache
interface GigabitEthernet0/1
ip address 1.2.3.4 255.255.255.252
no ip redirects
no ip proxy-arp
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
crypto map VPN
interface FastEthernet0/0/0
switchport access vlan 99
interface FastEthernet0/0/1
interface FastEthernet0/0/2
interface FastEthernet0/0/3
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 85.200.203.29
ip access-list extended VPN
permit ip 10.90.90.0 0.0.0.255 172.30.1.0 0.0.0.255
permit ip 10.90.90.0 0.0.0.255 172.22.0.0 0.0.255.255
permit ip 10.90.90.0 0.0.0.255 172.18.5.0 0.0.0.255
permit ip 10.90.90.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 192.168.112.0 0.0.0.255 172.30.1.0 0.0.0.255
permit ip 192.168.112.0 0.0.0.255 172.22.0.0 0.0.255.255
permit ip 192.168.112.0 0.0.0.255 172.18.5.0 0.0.0.255
permit ip 192.168.112.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 192.168.178.0 0.0.0.255 172.30.1.0 0.0.0.255
permit ip 192.168.178.0 0.0.0.255 172.22.0.0 0.0.255.255
permit ip 192.168.178.0 0.0.0.255 172.18.5.0 0.0.0.255
permit ip 192.168.178.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 192.168.112.0 0.0.0.255 172.30.240.0 0.0.0.255
permit ip 192.168.178.0 0.0.0.255 172.30.240.0 0.0.0.255
permit ip 192.168.112.0 0.0.0.255 10.70.0.0 0.0.0.255
permit ip 192.168.178.0 0.0.0.255 10.70.0.0 0.0.0.255
permit ip 10.150.4.0 0.0.0.255 192.168.220.0 0.0.0.255 log
ip sla 1
icmp-echo 172.30.1.223 source-interface GigabitEthernet0/0.178
threshold 20
frequency 120
ip sla schedule 1 start-time now
ip sla 2
icmp-echo 10.50.1.200 source-interface GigabitEthernet0/0.178
threshold 20
frequency 120
ip sla schedule 2 start-time now
ip sla 3
icmp-echo 172.18.5.121 source-interface GigabitEthernet0/0.178
threshold 20
frequency 120
ip sla schedule 3 start-time now
ip sla 4
icmp-echo 172.22.0.140 source-interface GigabitEthernet0/0.178
threshold 20
frequency 120
ip sla schedule 4 start-time now
ip sla 5
icmp-echo 172.30.240.40 source-interface GigabitEthernet0/0.178
threshold 20
frequency 120
ip sla schedule 5 start-time now
ip sla 6
icmp-echo 10.70.0.200 source-interface GigabitEthernet0/0.178
threshold 20
frequency 120
ip sla schedule 6 start-time now
cdp source-interface GigabitEthernet0/0.112
snmp-server community bamacomro RO
cdp source-interface GigabitEthernet0/0.112
snmp-server community bamacomro RO
snmp-server community bamacomrw RW
control-plane
banner motd ^CCC-----------------------------------------------------------------------------
This system is solely for the use of authorised users for official purposes.
You have no expectation of privacy in its use and to ensure that the system
is functioning properly, individuals using this computer system are subject
to having all their activities monitored and recorded by system personell.
Use of this system evidence an express consent to such monitoring and
agreement that if such monitoring reveals evidence of possible abuse or
criminal activity, system personell may provide the result of such
monitoring to appropiate officials.
-----------------------------------------------------------------------------^C
line con 0
exec-timeout 5 0
logging synchronous
line aux 0
line vty 0 4
access-class telnet in
exec-timeout 180 0
logging synchronous
transport input telnet ssh
line vty 5 15
access-class telnet in
exec-timeout 180 0
password 7 094F471A1A0A
logging synchronous
transport input telnet ssh
scheduler allocate 20000 1000
endI had that issue 1 year go
"decrypted packet failed SA identity check" means that we have decrypted a traffic that does not match the proxy ID negotiated
Juniper is violating RFC4301. there is nothing we can do against RFC violation
As mentioned in Section 4.4.1, "The Security Policy Database (SPD)",
the SPD (or associated caches) MUST be consulted during the
processing of all traffic that crosses the IPsec protection boundary,
including IPsec management traffic. If no policy is found in the SPD
that matches a packet (for either inbound or outbound traffic), the
packet MUST be discarded.
I know JNPR can do 2 vpn modes. There is one where we could use a VTI instead of a crypto map on the Cisco side. That was the solution to the problem we had.
Cheers, -
One computer at COMPANY-A is attempting to communicate with two
computers located at COMPANY-B, via an IPsec tunnel between the
two companies.
All communications are via TCP protocol.
All devices present public IP addresses to one another, although they
may have RFC 1918 addresses on other interfaces, and NAT may be in use
on the COMPANY-B side. (NAT is not being used on the COMPANY-A side.)
The players:(Note: first three octets have been changed for security reasons)
COMPANY-A computer 1.2.3.161
COMPANY-A router 1.2.3.8 (also IPsec peer)
COMPANY-A has 1.2.3.0/24 with no subnetting.
COMPANY-B router 4.5.6.228 (also IPsec peer)
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
COMPANY-B has 4.5.6.0/23 subnetted in various ways.
COMPANY-B also has 9.10.11.0/24, but it is not involved in the issue.
What works:
The COMPANY-A computer 1.2.3.161 can communicate via the single IPsec
tunnel to COMPANY-B computer #1 4.5.7.94 without problems.
The "show crypto session detail" command shows Inbound/Outbound packets
flowing in the dec'ed and enc'ed positions.
What doesn't:
When the COMPANY-A computer 1.2.3.161 attempts to communicate
via the single IPsec tunnel with the COMPANY-B computer #2 4.5.7.29,
the COMPANY-A router eventually reports five of these messages:
Oct 9 15:24:54.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:24:57.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:03.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:15.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:39.329: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:26:27.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
and the "show crypto session detail" shows inbound packets being dropped.
The COMPANY-A computer that opens the TCP connection never gets past the
SYN_SENT phase of the TCP connection whan trying to communicate with the
COMPANY-B computer #2, and the repeated error messages are the retries of
the SYN packet.
On the COMPANY-A side, this IPsec configuration has been set up on a 3745,
a 3725, and some 76xx routers were tried, all with similar behavior,
with packets from one far-end computer passing fine, and packets from
another far-end computer in the same netblock passing through the same
IPsec tunnel failing with the "failed SA identity" error.
The COMPANY-A computer directs all packets headed to COMPANY-B via the
COMPANY-A router at 1.2.3.8 with this set of route settings:
netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
4.5.7.0 1.2.3.8 255.255.255.0 UG 0 0 0 eth3
1.2.3.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.1.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3
10.0.0.0 10.1.1.1 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth3
The first route line shown is selected for access to both COMPANY-B computers.
The COMPANY-A router (IPsec tunnel endpoint, 1.2.3.8) has this
configuration:
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 4.5.6.228
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set COMPANY-B01 esp-3des esp-sha-hmac
crypto map COMPANY-BMAP1 10 ipsec-isakmp
description COMPANY-B VPN
set peer 4.5.6.228
set transform-set COMPANY-B01
set pfs group2
match address 190
interface FastEthernet0/0
ip address 1.2.3.8 255.255.255.0
no ip redirects
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map COMPANY-BMAP1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.2.3.1
ip route 10.0.0.0 255.0.0.0 10.1.1.1
ip route 1.2.3.8.0 255.255.255.0 FastEthernet0/0
access-list 190 permit ip host 1.2.3.161 4.5.7.0 0.0.0.255
access-list 190 permit ip host 1.2.3.161 9.10.11.0 0.0.0.255
bridge 1 protocol ieee
One of the routers tried had this IOS/hardware configuration:
Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(25c),
RELEASE SOFTWARE (fc2)
isco 3725 (R7000) processor (revision 0.1) with 115712K/15360K bytes of memory.
Processor board ID XXXXXXXXXXXXXXX
R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
2 FastEthernet interfaces
4 ATM interfaces
DRAM configuration is 64 bits wide with parity disabled.
55K bytes of NVRAM.
31296K bytes of ATA System CompactFlash (Read/Write)
250368K bytes of ATA Slot0 CompactFlash (Read/Write)
Configuration register is 0x2102
#show crypto sess
Crypto session current status
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:06:26:27
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 651 drop 16 life (KB/Sec) 4496182/23178
Outbound: #pkts enc'ed 574 drop 2 life (KB/Sec) 4496279/23178
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
The COMPANY-B device on their end of the IPsec VPN is a Juniper SSG1000
Version 6.1 (ScreenOS)
We only have a limited view into the Juniper device configuration.
What we were allowed to see was:
COMPANY-B-ROUTER(M)-> sh config | incl COMPANY-A
set address "Untrust" "oss-COMPANY-A-1.2.3.161" 1.2.3.161 255.255.255.255
set ike gateway "COMPANY-A-1-GW" address 1.2.3.8 Main outgoing-interface "ethernet2/1" preshare xxxxxxxxxxxxxxxxxxxxxx proposal "pre-g2-3des-sha"
set vpn "COMPANY-A-1-IKE" gateway "COMPANY-A-1-GW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha-28800"
set policy id 2539 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "9.10.11.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2500
set policy id 2500 from "Trust" to "Untrust" "9.10.11.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2539
set policy id 2541 from "Trust" to "Untrust" "4.5.7.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2540
set policy id 2540 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "4.5.7.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2541
COMPANY-B-ROUTER(M)->
I suspect that this curious issue is due to a configuration setting on the
Juniper device, but neither party has seen this error before. COMPANY-B
operates thousands of IPsec VPNs and they report that this is a new error
for them too. The behavior that allows traffic from one IP address to
work and traffic from another to end up getting this error is also unique.
As only the Cisco side emits any error message at all, this is the only
clue we have as to what is going on, even if this isn't actually an IOS
problem.
What we are looking for is a description of exactly what the Cisco
IOS error message:
IPSEC(epa_des_crypt): decrypted packet failed SA identity check
is complaining about, and if there are any known causes of the behavior
described that occur when running IPsec between Cisco IOS and a Juniper
SSG device. Google reports many other incidents of the same error
message (but not the "I like that IP address but hate this one" behavior),
and not just with a Juniper device on the COMPANY-B end, but for those cases,
not one was found where the solution was described.
It is hoped that with a better explanation of the error message
and any known issues with Juniper configuration settings causing
this error, we can have COMPANY-B make adjustments to their device.
Or, if there is a setting change needed on the COMPANY-A router,
that can also be implemented.
Thanks in advance for your time in reading this, and any ideas.Hello Harish,
It is believed that:
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
both have at least two network interfaces, one with a public IP address
(which we are supposedly conversing with) and one with a RFC 1918 type
address. COMPANY-B is reluctant to disclose details of their network or
servers setup, so this is not 100% certain.
Because of that uncertainty, it occurred to me that perhaps COMPANY-B
computer #2 might be incorrectly routing via the RFC 1918 interface.
In theory, such packets should have been blocked by the access-list on both
COMPANY-A router, and should not have even made it into the IPsec VPN
if the Juniper access settings work as it appears they should. So I turned up
debugging on COMPANY-A router so that I could see the encrypted and
decrypted packet hex dumps.
I then hand-disassembled the decoded ACK packet IP header received just
prior to the "decrypted packet failed SA check" error being emitted and
found the expected source and destination IP addresses (4.5.7.29 and 1.2.3.161),
in the unecapsulated packet. I also found the expected port numbers of the TCP
conversation that was trying to be established in the TCP header. So, it
looks like COMPANY-B computer #2 is emitting the packets out the right
interface.
The IP packet header of the encrypted packet showed the IP addresses of the
two routers at each terminus of the IPsec VPN, but since I don't know what triggers
the "SA check" error message or what it is complaining about, I don't know what
other clues to look for in the packet dumps.
As to your second question, "can you check whether both encapsulation and
decapsulation happening in 'show crypto ipsec sa'", the enc'ed/dec'ed
counters were both going up by the correct quantities. When communicating
with the uncooperative COMPANY-B computer #2, you would also see the
received Drop increment for each packet decrypted. When communicating
with the working COMPANY-B computer #1, the Drop counters would not
increment, and the enc'ed/dec'ed would both increment.
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:54
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 5 life (KB/Sec) 4458308/28784
Outbound: #pkts enc'ed 401 drop 3 life (KB/Sec) 4458308/28784
Attempt a TCP communication to COMPANY-B computer #2...
show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:23
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 6 life (KB/Sec) 4458307/28753
Outbound: #pkts enc'ed 402 drop 3 life (KB/Sec) 4458307/28753
Note Inbound "drop" changed from 5 to 6. (I didn't let it sit for all
the retries.)
#show crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: COMPANY-BMAP1, local addr 1.2.3.8
protected vrf: (none)
local ident (addr/mask/prot/port): (1.2.3.161/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (4.5.7.0/255.255.255.0/0/0)
current_peer 4.5.6.228 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 402, #pkts encrypt: 402, #pkts digest: 402
#pkts decaps: 376, #pkts decrypt: 376, #pkts verify: 376
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 3, #recv errors 6
local crypto endpt.: 1.2.3.8, remote crypto endpt.: 4.5.6.228
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0xDF2CC59C(3744253340)
inbound esp sas:
spi: 0xD9D2EBBB(3654478779)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xDF2CC59C(3744253340)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: SW:3, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
The "send" errors appear to be related to the tunnel reverting to a
DOWN state after periods of inactivity, and you appear to get one
each time the tunnel has to be re-negotiated and returned to
an ACTIVE state. There is no relationship between Send errors
incrementing and working/non-working TCP conversations to the
two COMPANY-B servers.
Thanks for pondering this very odd behavior. -
Cross company payment through F-53, error in Check deposit & check issue tr
Hi
I have just joined the community and ready with 3 queries.
Please.......... help me to resolve.
i) While executing the cross company payment ( company code 1300 making payment for vendor in company code 0013) using transaction code F-53, I am getting error 'vendor not defined in company code 1300'.
For F-53 screen, vendor is selected from company code 0013.
I have executed APP (F110) successfully in company code 1300 for paying the same vendor in company code 0013.
ii) For check deposit transaction, error is " entry 1300 is missing in table TO43S'. (1300 is a company code)
iii) For check issue transaction, error is "no batch input data for screen SAPMF05A'
Thanks
Rekha1. Don't give vendor number in the main screen, give all remaining inouts and press enter, then it'll show the second screen
there you can give the company code and vendor account.
2. Cretae a tolerance group for GL accounts in OBA0.
Don't post more than one query in the same thread.
Rgds
Murali. N -
Open Item Management for Check Issue / Check Deposit Accounts??
Dear Members,
Can we define Check Issue and Check Deposit Accounts as Open Item Management Accounts??
Pls Suggest me.
Thank U.hi,
check issue and check deposir g/l accounts select a open item management.
because ur payment as clear or not
how will u see the payment clear ?
so , these accounts select open item management
Accounts that are managed on an open item basis include:
Clearing accounts:
Bank clearing account
Payroll clearing account
Cash discount clearing account
GR/IR clearing account
Accounts that are not managed on an open item basis:
Bank accounts
Tax accounts
Raw material accounts
Reconciliation accounts
These are managed implicitly using the subledger open item function
Use
Items posted to accounts managed on an open item basis are marked as open or cleared. The balance of these accounts is always equal to the balance of the open items.
regards,
janakiram -
Hi
Can somebody tell me how can i generate a REPORTS wherein it shows our CHECKS ISSUED TO SUPPLIERS as payments?
Also would show the Invoice Number, Invoice Amount, Payment Date and Maturity Date...
Your help is very much appreciated...
jannahi octavio
sad to say im not knowledgeable with SQLPLUS.
I am an accountant of a certain company and im only familiar with OFIN functions.
I tried to modify the parameters in Sysadmin>Concurrent>Program>Define, yet it wont result to my desired result..
I really have to see the maturity date on the reports.. In R12 we have 2 date to fill in right? .. the payment date and the maturity date..
only the payment date is visible in the report.. are there another report that will show maturity dates?
thanks...
janna -
Conflict checking issues for package XYZ on zones a, b, c
Hello.
I'm trying to install postfix from Blastwave on a Solaris 10 U4 Sparc system with two non-global zones installed. To do that, I do:
adm@winds02 ~ $ sudo pkg-get -i postfix
No existing install of CSWpostfix found. Installing...
Pre-existing local file postfix-2.2.8,REV=2006.03.13-SunOS5.8-sparc-CSW.pkg.gz matches checksum
Keeping existing file
Analysing special files...
## Verifying package <CSWpostfix> dependencies in zone <ldap-client>
## Verifying package <CSWpostfix> dependencies in zone <ldap-server>
Conflict checking issues for package <CSWpostfix> on zones
<ldap-client, ldap-server>.
Do you want to continue with the installation of <CSWpostfix> [y,n,?] How do I find out, which issues there are supposed to be?
Thanks,
AlexanderYou could also try using an admin file that should answer those questions for you
I usually use something like:
mail=
instance=unique
partial=ask
runlevel=ask
idepend=nocheck
rdepend=ask
space=ask
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default -
Conflict checking issues for package
Trying to install SMCsubv144 on a server in the global zone. I get the following:
root@xxxxxxx(pts/3):/tmp# pkgadd -d ./subversion-1.4.4-sol10-sparc-local
The following packages are available:
1 SMCsubv144 subversion
(sparc) 1.4.4
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
## Verifying package <SMCsubv144> dependencies in zone <xxxxxx1>
## Verifying package <SMCsubv144> dependencies in zone <xxxxxx2>
## Verifying package <SMCsubv144> dependencies in zone <xxxxxx3>
## Verifying package <SMCsubv144> dependencies in zone <xxxxxx4>
## Verifying package <SMCsubv144> dependencies in zone <xxxxxx5>
## Verifying package <SMCsubv144> dependencies in zone <xxxxxx6>
Conflict checking issues for package <SMCsubv144> on zones <xxxxxx1, xxxxxx2, xxxxxx3, xxxxxx4, xxxxxx5, xxxxxx6>.
Do you want to continue with the installation of <SMCsubv144> [y,n,?] n
Installation of <SMCsubv144> was terminated due to user request.
When I choose y to continue, I get into a loop of the following questions:
Do you want to continue with the installation of <SMCsubv144> [y,n,?] y
attribute change for /usr/local/bin <package> on SMCsubv144 <zone>
Do you want to continue with the installation of <SMCsubv144> [y,n,?] y
attribute change for /usr/local/doc <package> on SMCsubv144 <zone>
Do you want to continue with the installation of <SMCsubv144> [y,n,?] y
attribute change for /usr/local/include <package> on SMCsubv144
<zone>
Do you want to continue with the installation of <SMCsubv144> [y,n,?] y
attribute change for /usr/local/lib <package> on SMCsubv144 <zone>
Do you want to continue with the installation of <SMCsubv144> [y,n,?] y
attribute change for /usr/local/man <package> on SMCsubv144 <zone>
Do you want to continue with the installation of <SMCsubv144> [y,n,?] y
attribute change for /usr/local/man/man1 <package> on SMCsubv144
<zone>
Do you want to continue with the installation of <SMCsubv144> [y,n,?] y
attribute change for /usr/local/man/man5 <package> on SMCsubv144
<zone>
Do you want to continue with the installation of <SMCsubv144> [y,n,?] y
attribute change for /usr/local/man/man8 <package> on SMCsubv144
<zone>
and that goes on and on until I answer n. And never specifies which zone it's talking about...just <zone>.
I've successfully installed the same pkg on a non-zoned server. Also tried SMCsubv143 and got the same error. So the pkg is ok, it appears a problem with the zones and/or /usr/local.
Thanks for any info.
mkYou could also try using an admin file that should answer those questions for you
I usually use something like:
mail=
instance=unique
partial=ask
runlevel=ask
idepend=nocheck
rdepend=ask
space=ask
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default -
Check issue account tax relevant field
Friends,
I have created a check issue account with selecting tax category * and posting without tax allowed fields in control data. while posting F-48 if i am trying to give check issue account in bank account field then system is giving error message Tax relevant accounts not defined inthis are. Then after correcting the GL master by removing the tax category and posting without tax fields as blank then system is accepting the postings.
What is the logic. and exactly for which accounts we have to select tax category and posting w/o tax fields in control data in gl master.hi,
so you've to populate tax code (/ no tax code) for every line-item. You can determine whether tax code is nedded or not with field SKB1-MWSKZ
A.
Message was edited by: Andreas Mann -
IChat is waiting on identity check
When starting IChat (i am using a jabber account) then i got a jabber list saying waiting on identity check.
I have tried a lot of changes but i don't cannot IChat ad all.
Can someone give me some advice what to do ?
As router i use CopperJet 816-2P
Thank you for answering,
Peter.Hi Ralph,
The latest IChatConnectError list show as below:
Date/Time: 2010-03-01 22:25:45.904 +0100
OS Version: 10.5.8 (Build 9L30)
Report Version: 4
iChat Connection Log:
2010-03-01 22:25:13 +0100: AVChat started with ID 646873343.
2010-03-01 22:25:13 +0100: 0x18caf5d0: State change from AVChatNoState to AVChatStateWaiting.
2010-03-01 22:25:13 +0100: pppettterrr19565: State change from AVChatNoState to AVChatStateInvited.
2010-03-01 22:25:22 +0100: 0x18caf5d0: State change from AVChatStateWaiting to AVChatStateConnecting.
2010-03-01 22:25:22 +0100: pppettterrr19565: State change from AVChatStateInvited to AVChatStateConnecting.
2010-03-01 22:25:33 +0100: 0x18caf5d0: State change from AVChatStateConnecting to AVChatStateEnded.
2010-03-01 22:25:33 +0100: 0x18caf5d0: Error -8 (Did not receive a response from 0x18caf5d0.)
2010-03-01 22:25:33 +0100: pppettterrr19565: State change from AVChatStateConnecting to AVChatStateEnded.
2010-03-01 22:25:33 +0100: pppettterrr19565: Error -8 (Did not receive a response from 0x18caf5d0.)
Video Conference Error Report:
Video Conference Support Report:
103.288940 @Video Conference/VCInitiateConference.m:1584 type=2 (00000000/0)
[Connection Data for call id: 1 returns 1
614.119576 @Video Conference/VCInitiateConference.m:1584 type=2 (00000000/0)
[Connection Data for call id: 2 returns 1
614.364100 @Video Conference/VCInitiateConference.m:1599 type=2 (00000000/0)
[Prepare Connection With Remote Data - remote VCConnectionData: 1, local VCConnectionData: 1
724.498552 @Video Conference/VCInitiateConference.m:1584 type=2 (00000000/0)
[Connection Data for call id: 3 returns 1
724.741406 @Video Conference/VCInitiateConference.m:1599 type=2 (00000000/0)
[Prepare Connection With Remote Data - remote VCConnectionData: 1, local VCConnectionData: 1
Video Conference User Report:
0.000000 @:0 type=5 (00000000/16402)
[Local SIP port]
0.317676 @Video Conference/VideoConferenceMultiController.m:1474 type=5 (00000000/0)
[IP And Port Data With Caller IP And Port Data: Obtained 120 bytes of local IP and port data (3 entries). Remote data was 0 bytes (0 entries).
Binary Images Description for "iChat":
0x1000 - 0x23cfff com.apple.iChat 4.0.8 (619) /Applications/iChat.app/Contents/MacOS/iChat
0x2b1000 - 0x326fff com.apple.Bluetooth 2.1.9 (2.1.9f10) /System/Library/Frameworks/IOBluetooth.framework/Versions/A/IOBluetooth
0x375000 - 0x4a8fff com.apple.viceroy.framework 363.57 (363.59) /System/Library/PrivateFrameworks/VideoConference.framework/Versions/A/VideoCon ference
0x519000 - 0x558fff com.apple.vmutils 4.1 (104) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
0x57a000 - 0x593fff com.apple.frameworks.preferencepanes 12.2 /System/Library/Frameworks/PreferencePanes.framework/Versions/A/PreferencePanes
0x5ad000 - 0x5dffff com.apple.remotedesktop.screensharing 1.0.3 /System/Library/PrivateFrameworks/ScreenSharing.framework/Versions/A/ScreenShar ing
0x5f2000 - 0x606fff com.apple.ScreenSaver 2.2 /System/Library/Frameworks/ScreenSaver.framework/Versions/A/ScreenSaver
0x617000 - 0x635fff libexpat.1.dylib /usr/lib/libexpat.1.dylib
0x63d000 - 0x6b0fff com.apple.iLifeMediaBrowser 2.1.5 (368) /System/Library/PrivateFrameworks/iLifeMediaBrowser.framework/Versions/A/iLifeM ediaBrowser
0x6fe000 - 0x730fff com.apple.iChatCommonGUI 4.0.8 (619) /System/Library/PrivateFrameworks/iChatCommonGUI.framework/iChatCommonGUI
0x75b000 - 0x75dfff com.apple.BezelServicesFW 1.4.9212 /System/Library/PrivateFrameworks/BezelServices.framework/Versions/A/BezelServi ces
0x7d5000 - 0x7dafff com.apple.iChat.Styles.Balloons 4.0.8 (619) /Applications/iChat.app/Contents/PlugIns/Balloons.transcriptstyle/Contents/MacO S/Balloons
0x7e1000 - 0x7e4fff com.apple.iChat.Styles.Boxes 4.0.8 (619) /Applications/iChat.app/Contents/PlugIns/Boxes.transcriptstyle/Contents/MacOS/B oxes
0x7eb000 - 0x7f1fff com.apple.iChat.Styles.Compact 4.0.8 (619) /Applications/iChat.app/Contents/PlugIns/Compact.transcriptstyle/Contents/MacOS /Compact
0x900000 - 0x902fff com.apple.iChat.Styles.Text 4.0.8 (619) /Applications/iChat.app/Contents/PlugIns/Text.transcriptstyle/Contents/MacOS/Te xt
0x145e6000 - 0x145effff com.apple.IOFWDVComponents 1.9.5 /System/Library/Components/IOFWDVComponents.component/Contents/MacOS/IOFWDVComp onents
0x14600000 - 0x14603fff com.apple.audio.AudioIPCPlugIn 1.0.6 /System/Library/Extensions/AudioIPCDriver.kext/Contents/Resources/AudioIPCPlugI n.bundle/Contents/MacOS/AudioIPCPlugIn
0x14674000 - 0x146affff com.apple.QuickTimeFireWireDV.component 7.6.4 (1327.73) /System/Library/QuickTime/QuickTimeFireWireDV.component/Contents/MacOS/QuickTim eFireWireDV
0x146bc000 - 0x146d8fff com.apple.opengl 1.5.10 /System/Library/Frameworks/OpenGL.framework/Versions/A/Resources/GLRendererFloa t.bundle/GLRendererFloat
0x148a1000 - 0x14b9afff com.apple.RawCamera.bundle 2.3.0 (505) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera
0x14c8f000 - 0x14c95fff com.apple.audio.AppleHDAHALPlugIn 1.7.1 (1.7.1a2) /System/Library/Extensions/AppleHDA.kext/Contents/PlugIns/AppleHDAHALPlugIn.bun dle/Contents/MacOS/AppleHDAHALPlugIn
0x14f3e000 - 0x14f6cfff com.apple.QuickTimeIIDCDigitizer 7.6.4 (1327.73) /System/Library/QuickTime/QuickTimeIIDCDigitizer.component/Contents/MacOS/Quick TimeIIDCDigitizer
0x14f77000 - 0x14fc5fff com.apple.QuickTimeUSBVDCDigitizer 2.3.2 /System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component/Contents/MacOS/Qui ckTimeUSBVDCDigitizer
0x162b8000 - 0x1643dfff com.apple.opengl 1.5.10 /System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine
0x1646b000 - 0x16749fff com.apple.ATIRadeonX2000GLDriver 1.5.48 (5.4.8) /System/Library/Extensions/ATIRadeonX2000GLDriver.bundle/Contents/MacOS/ATIRade onX2000GLDriver
0x17865000 - 0x17a68fff com.apple.audio.codecs.Components 1.9 /System/Library/Components/AudioCodecs.component/Contents/MacOS/AudioCodecs
0x18201000 - 0x18206fff com.apple.CoreGraphics 1.409.5 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib
0x184a1000 - 0x184a1fff com.apple.JavaPluginCocoa 12.5.0 /System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/JavaPluginCoco a.bundle/Contents/MacOS/JavaPluginCocoa
0x184b0000 - 0x184b6fff com.apple.JavaVM 12.5.0 /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM
0x184c0000 - 0x184c1fff com.apple.iChat.PersonIconPlugIn 4.0.8 (619) /Applications/iChat.app/Contents/PlugIns/PersonIcon.plugin/Contents/MacOS/Perso nIcon
0x184f4000 - 0x184f6fff com.apple.AutomatorCMM 1.1 (162) /System/Library/Contextual Menu Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM
0x18661000 - 0x18662fff com.apple.BluetoothMenu 2.1.8 (2.1.8f2) /System/Library/Contextual Menu Items/BluetoothContextualMenu.plugin/Contents/MacOS/BluetoothContextualMenu
0x18667000 - 0x1866cfff com.apple.FolderActionsMenu 1.3.2 /System/Library/Contextual Menu Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu
0x1957b000 - 0x1957efff com.apple.iokit.IOQTComponents 1.6 /System/Library/Components/IOQTComponents.component/Contents/MacOS/IOQTComponen ts
0x1a10a000 - 0x1a126fff com.apple.QuartzComposer.ExtraPatches 2.1 (106.13) /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzCompose r.framework/Versions/A/Resources/ExtraPatches.plugin/Contents/MacOS/ExtraPatches
0x1a138000 - 0x1a155fff com.apple.audio.midi.CoreMIDI 1.6.1 (42) /System/Library/Frameworks/CoreMIDI.framework/Versions/A/CoreMIDI
0x1a1ed000 - 0x1a1fafff com.apple.QuartzComposer.Backdrops 1.1 /System/Library/Graphics/Quartz Composer Patches/Backdrops.plugin/Contents/MacOS/Backdrops
0x8fe00000 - 0x8fe2dfff dyld /usr/lib/dyld
0x90003000 - 0x90039fff libtidy.A.dylib /usr/lib/libtidy.A.dylib
0x9003a000 - 0x90052fff com.apple.CoreVideo 1.6.0 (20.0) /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x90053000 - 0x90058fff com.apple.DisplayServicesFW 2.0.2 /System/Library/PrivateFrameworks/DisplayServices.framework/Versions/A/DisplayS ervices
0x90059000 - 0x906f9fff com.apple.CoreGraphics 1.409.5 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/CoreGraphics
0x906fa000 - 0x90743fff com.apple.Metadata 10.5.8 (398.26) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadat a.framework/Versions/A/Metadata
0x90744000 - 0x90a4cfff com.apple.HIToolbox 1.5.6 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.fra mework/Versions/A/HIToolbox
0x90a4d000 - 0x90e0bfff com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libLAPACK.dylib
0x90e0c000 - 0x90e12fff com.apple.print.framework.Print 218.0.3 (220.2) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framewo rk/Versions/A/Print
0x90e13000 - 0x90f4bfff com.apple.imageKit 1.0.2 (1.0) /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/ImageKit.fram ework/Versions/A/ImageKit
0x90f4c000 - 0x90fc9fff com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libvMisc.dylib
0x90fca000 - 0x90fcdfff com.apple.help 1.1 (36) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framewor k/Versions/A/Help
0x90fce000 - 0x90fcffff libffi.dylib /usr/lib/libffi.dylib
0x90fd0000 - 0x90fdcfff com.apple.helpdata 1.0.1 (14.2) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData
0x90fdd000 - 0x9108ffff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib
0x912f9000 - 0x912fdfff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib
0x912fe000 - 0x9133cfff com.apple.opengl 1.5.10 /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dyl ib
0x9133d000 - 0x914ddfff com.apple.JavaScriptCore 5531.21 (5531.21.9) /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore
0x914de000 - 0x914fafff com.apple.ImageIO.framework 2.0.7 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libPng.dylib
0x915f0000 - 0x91ec1fff com.apple.WebCore 5531.21 (5531.21.8) /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.frame work/Versions/A/WebCore
0x91ec2000 - 0x91ed0fff libz.1.dylib /usr/lib/libz.1.dylib
0x91ed1000 - 0x91edbfff com.apple.audio.SoundManager 3.9.2 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.f ramework/Versions/A/CarbonSound
0x91edc000 - 0x91fc4fff com.apple.CoreData 100.2 (186.2) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x91fc5000 - 0x92181fff com.apple.QuartzComposer 2.1 (106.13) /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzCompose r.framework/Versions/A/QuartzComposer
0x92182000 - 0x9220ffff com.apple.framework.IOKit 1.5.2 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x92210000 - 0x9226cfff com.apple.htmlrendering 68 (1.1.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering .framework/Versions/A/HTMLRendering
0x9226d000 - 0x92271fff com.apple.OpenDirectory 10.5 /System/Library/PrivateFrameworks/OpenDirectory.framework/Versions/A/OpenDirect ory
0x92272000 - 0x923a5fff com.apple.CoreFoundation 6.5.7 (476.19) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x923a6000 - 0x923d7fff com.apple.quartzfilters 1.5.0 /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzFilters .framework/Versions/A/QuartzFilters
0x923d8000 - 0x925a9fff com.apple.security 5.0.6 (37592) /System/Library/Frameworks/Security.framework/Versions/A/Security
0x925aa000 - 0x925b5fff com.apple.CoreGraphics 1.409.5 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x925b6000 - 0x925b6fff com.apple.Cocoa 6.5 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x925b7000 - 0x925b7fff com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/vecLib
0x925b8000 - 0x925bafff com.apple.CrashReporterSupport 10.5.7 (161) /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/Cra shReporterSupport
0x925bb000 - 0x925dffff libxslt.1.dylib /usr/lib/libxslt.1.dylib
0x925ed000 - 0x92754fff libSystem.B.dylib /usr/lib/libSystem.B.dylib
0x92755000 - 0x9275dfff com.apple.DiskArbitration 2.2.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x9275e000 - 0x927dbfff com.apple.audio.CoreAudio 3.1.2 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x927e1000 - 0x927f0fff com.apple.DSObjCWrappers.Framework 1.3 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWra ppers
0x927f1000 - 0x92cc2fff com.apple.opengl 1.5.10 /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgramma bility.dylib
0x92cc3000 - 0x92d04fff com.apple.CoreGraphics 1.409.5 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x92d35000 - 0x92d86fff com.apple.HIServices 1.7.1 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ HIServices.framework/Versions/A/HIServices
0x92d87000 - 0x92dd5fff com.apple.datadetectorscore 1.0.2 (52.14) /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/DataDe tectorsCore
0x92dd6000 - 0x92e7dfff com.apple.QD 3.11.57 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ QD.framework/Versions/A/QD
0x92e8a000 - 0x92f90fff com.apple.PubSub 1.0.4 (65.11) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub
0x92f91000 - 0x92fa7fff com.apple.DictionaryServices 1.0.0 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/DictionaryServices
0x92fa8000 - 0x9301afff com.apple.PDFKit 2.1.2 /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framew ork/Versions/A/PDFKit
0x9301b000 - 0x930c2fff com.apple.CFNetwork 438.14 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwo rk.framework/Versions/A/CFNetwork
0x930c3000 - 0x93107fff com.apple.DirectoryService.PasswordServerFramework 3.0.4 /System/Library/PrivateFrameworks/PasswordServer.framework/Versions/A/PasswordS erver
0x93108000 - 0x93147fff com.apple.ImageIO.framework 2.0.7 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x93148000 - 0x9316cfff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib
0x9316d000 - 0x93195fff com.apple.shortcut 1.0.1 (1.0) /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut
0x93196000 - 0x931c1fff libauto.dylib /usr/lib/libauto.dylib
0x931c2000 - 0x931c9fff com.apple.CoreGraphics 1.409.5 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x931ca000 - 0x93227fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib
0x93228000 - 0x9337afff com.apple.audio.toolbox.AudioToolbox 1.5.3 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x933ee000 - 0x9340dfff com.apple.ImageIO.framework 2.0.7 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x9340e000 - 0x934a1fff com.apple.ink.framework 101.3 (86) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework /Versions/A/Ink
0x934a2000 - 0x934a7fff com.apple.CommonPanels 1.2.4 (85) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels. framework/Versions/A/CommonPanels
0x934a8000 - 0x934c0fff com.apple.openscripting 1.2.8 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting .framework/Versions/A/OpenScripting
0x934c1000 - 0x934d1fff com.apple.speech.synthesis.framework 3.7.1 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x93576000 - 0x93705fff com.apple.CoreAUC 3.08.0 /System/Library/PrivateFrameworks/CoreAUC.framework/Versions/A/CoreAUC
0x93706000 - 0x9370ffff com.apple.speech.recognition.framework 3.7.24 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecogni tion.framework/Versions/A/SpeechRecognition
0x9377e000 - 0x937b0fff com.apple.LDAPFramework 1.4.5 (110) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x937b1000 - 0x937cefff com.apple.QuickLookFramework 1.3.1 (170.9) /System/Library/Frameworks/QuickLook.framework/Versions/A/QuickLook
0x937d9000 - 0x93860fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib
0x93861000 - 0x9386dfff com.apple.opengl 1.5.10 /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x939d2000 - 0x93ab2fff libobjc.A.dylib /usr/lib/libobjc.A.dylib
0x93ab3000 - 0x93ab7fff com.apple.ImageIO.framework 2.0.7 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x93ab8000 - 0x93d34fff com.apple.Foundation 6.5.9 (677.26) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x93d35000 - 0x94145fff com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libBLAS.dylib
0x94146000 - 0x9415dfff com.apple.datadetectors 1.0.1 (66.2) /System/Library/PrivateFrameworks/DataDetectors.framework/Versions/A/DataDetect ors
0x9415e000 - 0x94484fff com.apple.QuickTime 7.6.4 (1327.73) /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime
0x94485000 - 0x944ebfff com.apple.ISSupport 1.8 (38.3) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport
0x944ec000 - 0x9456bfff com.apple.SearchKit 1.2.2 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchK it.framework/Versions/A/SearchKit
0x9456c000 - 0x946a5fff libicucore.A.dylib /usr/lib/libicucore.A.dylib
0x946a6000 - 0x946cffff com.apple.CoreMediaPrivate 15.0 /System/Library/PrivateFrameworks/CoreMediaPrivate.framework/Versions/A/CoreMed iaPrivate
0x946d0000 - 0x946d2fff com.apple.securityhi 3.0 (30817) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.fr amework/Versions/A/SecurityHI
0x946d3000 - 0x946d3fff com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallSer ver
0x946d4000 - 0x9470efff com.apple.securityfoundation 3.0.2 (36131) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoun dation
0x9470f000 - 0x9474ffff com.apple.CoreMediaIOServicesPrivate 20.0 /System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions /A/CoreMediaIOServicesPrivate
0x94750000 - 0x94760fff com.apple.LangAnalysis 1.6.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LangAnalysis.framework/Versions/A/LangAnalysis
0x94761000 - 0x9477ffff libresolv.9.dylib /usr/lib/libresolv.9.dylib
0x94780000 - 0x947fafff com.apple.print.framework.PrintCore 5.5.4 (245.6) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ PrintCore.framework/Versions/A/PrintCore
0x947fb000 - 0x94802fff com.apple.agl 3.0.9 (AGL-3.0.9) /System/Library/Frameworks/AGL.framework/Versions/A/AGL
0x94803000 - 0x94812fff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib
0x94813000 - 0x9486dfff com.apple.CoreText 2.0.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreText.framework/Versions/A/CoreText
0x9486e000 - 0x9486efff com.apple.CoreServices 32 /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x9486f000 - 0x948a6fff com.apple.SystemConfiguration 1.9.2 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfi guration
0x948a7000 - 0x94957fff edu.mit.Kerberos 6.0.13 /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
0x94958000 - 0x94985fff com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libvDSP.dylib
0x94986000 - 0x94986fff com.apple.ApplicationServices 34 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Application Services
0x94987000 - 0x94acffff com.apple.ImageIO.framework 2.0.7 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/ImageIO
0x94ad0000 - 0x94c50fff com.apple.AddressBook.framework 4.1.2 (702) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x94c51000 - 0x94c7afff libcups.2.dylib /usr/lib/libcups.2.dylib
0x94c7b000 - 0x94c7bfff com.apple.Accelerate 1.4.2 (Accelerate 1.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x94c7c000 - 0x94c81fff com.apple.backup.framework 1.0 /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup
0x94c82000 - 0x94c89fff libbsm.dylib /usr/lib/libbsm.dylib
0x94cbf000 - 0x94cbffff com.apple.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
0x94cc0000 - 0x94d77fff com.apple.QTKit 7.6.4 (1327.73) /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit
0x94d78000 - 0x94d96fff com.apple.DirectoryService.Framework 3.5.7 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryServi ce
0x94d97000 - 0x94dd1fff com.apple.coreui 1.2 (62) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI
0x94dd2000 - 0x94e5cfff com.apple.DesktopServices 1.4.8 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Desk topServicesPriv
0x94f40000 - 0x94f51fff com.apple.CFOpenDirectory 10.5 /System/Library/PrivateFrameworks/OpenDirectory.framework/Versions/A/Frameworks /CFOpenDirectory.framework/Versions/A/CFOpenDirectory
0x94f52000 - 0x94f54fff com.apple.ImageIO.framework 2.0.7 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x94f55000 - 0x95036fff libxml2.2.dylib /usr/lib/libxml2.2.dylib
0x9503a000 - 0x950cdfff com.apple.ApplicationServices.ATS 3.8 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ATS.framework/Versions/A/ATS
0x950ce000 - 0x9511ffff com.apple.framework.familycontrols 1.0.4 /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyCon trols
0x95120000 - 0x95120fff com.apple.audio.units.AudioUnit 1.5 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x95126000 - 0x951e0fff com.apple.CoreServices.OSServices 228 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServi ces.framework/Versions/A/OSServices
0x951e1000 - 0x954bbfff com.apple.CoreServices.CarbonCore 786.11 (786.14) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonC ore.framework/Versions/A/CarbonCore
0x954bc000 - 0x95598fff com.apple.WebKit 5531.21 (5531.21.8) /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit
0x95599000 - 0x95664fff com.apple.ColorSync 4.5.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ColorSync.framework/Versions/A/ColorSync
0x95665000 - 0x95672fff com.apple.opengl 1.5.10 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x9573d000 - 0x95f3bfff com.apple.AppKit 6.5.9 (949.54) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x95f3c000 - 0x95f6bfff com.apple.AE 402.3 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.fram ework/Versions/A/AE
0x95f6c000 - 0x95f6cfff com.apple.MonitorPanelFramework 1.2.0 /System/Library/PrivateFrameworks/MonitorPanel.framework/Versions/A/MonitorPane l
0x95f6d000 - 0x95f72fff com.apple.KerberosHelper 1.1 (1.0) /System/Library/PrivateFrameworks/KerberosHelper.framework/Versions/A/KerberosH elper
0x95f73000 - 0x95f73fff com.apple.Carbon 136 /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x95f74000 - 0x95fcdfff com.apple.opengl 1.5.10 /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x95fce000 - 0x96010fff com.apple.NavigationServices 3.5.2 (163) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationSer vices.framework/Versions/A/NavigationServices
0x96011000 - 0x963aefff com.apple.QuartzCore 1.5.8 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x963af000 - 0x963affff com.apple.quartzframework 1.5 /System/Library/Frameworks/Quartz.framework/Versions/A/Quartz
0x96420000 - 0x96435fff com.apple.ImageCapture 5.0.2 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture. framework/Versions/A/ImageCapture
0x96436000 - 0x96481fff com.apple.securityinterface 3.0.4 (37213) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInter face
0x96482000 - 0x96489fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib
0x9648a000 - 0x964a6fff com.apple.IMFramework 4.0.8 (584) /System/Library/Frameworks/InstantMessage.framework/Versions/A/InstantMessage
0x964a7000 - 0x96534fff com.apple.LaunchServices 292 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchS ervices.framework/Versions/A/LaunchServices
0x96535000 - 0x96584fff com.apple.QuickLookUIFramework 1.3.1 (170.9) /System/Library/PrivateFrameworks/QuickLookUI.framework/Versions/A/QuickLookUI
0x96585000 - 0x974d5fff com.apple.QuickTimeComponents.component 7.6.4 (1327.73) /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTim eComponents
0x974d6000 - 0x9759dfff com.apple.vImage 3.0 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.fr amework/Versions/A/vImage
0x9759e000 - 0x975b1fff com.apple.IMUtils 4.0.8 (584) /System/Library/Frameworks/InstantMessage.framework/Frameworks/IMUtils.framewor k/Versions/A/IMUtils
===
Error -8 --> something with ports i believe ? Local or Remote site ?
How can i check which port or ports cause the problem ?
Thanks for answering, regards,
Peter. -
[Q] Identity Sequence issue causes MAB to auth against AD ??
We have a strange issue whereby some users have suddenly failed to correctly authenticate against ACS 5.1 - we cant work out why, as nothing has changed and would greatly appreciate your help.
We have dot1x configured on our network with MAB fallback. We havent yet rolled out dot1x to the clients even though the network is set up for this. In the meantime, we are using Mac Authentication Bypass. We do use 802.1x for wireless though.
I have set up the folowing Identity Sequence:
AD1 (this is set up as our AD servers for 802.1X user and machine auth)
SecurID Server (we dont use this yet either)
Internal Users (this is just used to authenticate ciscoworks)
Internal Hosts (this contains the list of allowed MAC addresses)
Typically what we have seen today is a user initially authenticates successfully by matching the Internal Hosts identity store, but then an hour later, re-authentication fails as the MAC address matches the AD1 id store and subsequently fails due to the MAC address not being present within AD.
Here is the successful connection entry (all MAC addresses substituted form the originals)...
Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
11027 Detected Host Lookup UseCase (Service-Type = Call Check (10))
Evaluating Service Selection Policy
15004 Matched rule
15012 Selected Access Service - Network Access
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - Internal Hosts
24432 Looking up user in Active Directory - 00-1B-78-00-33-00
24412 User not found in Active Directory
24559 Searching for user in the RSA identity store.
24556 User record was not found in the cache.
24210 Looking up User in Internal Users IDStore - 00-1B-78-00-33-00
24216 The user is not found in the internal users identity store.
24209 Looking up Host in Internal Hosts IDStore - 00-1B-78-00-33-00
24211 Found Host in Internal Hosts IDStore
22037 Authentication Passed
22023 Proceed to attribute retrieval
24432 Looking up user in Active Directory - 00-1B-78-00-33-00
24412 User not found in Active Directory
22016 Identity sequence completed iterating the IDStores
Evaluating Group Mapping Policy
24423 ACS has not been able to confirm previous successful machine authentication for user in Active Directory
Evaluating Exception Authorization Policy
15042 No rule was matched
Evaluating Authorization Policy
15004 Matched rule
15016 Selected Authorization Profile - MAB-PC
11022 Added the dACL specified in the Authorization Profile
11002 Returned RADIUS Access-Accept
Here is the failed connection entry....
Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
11027 Detected Host Lookup UseCase (Service-Type = Call Check (10))
Evaluating Service Selection Policy
15004 Matched rule
15012 Selected Access Service - Network Access
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - AD1
24432 Looking up user in Active Directory - 00-1B-78-00-33-00
24416 User's Groups retrieval from Active Directory succeeded
22037 Authentication Passed
22023 Proceed to attribute retrieval
22038 Skipping the next IDStore for attribute retrieval because it is the one we authenticated against
22016 Identity sequence completed iterating the IDStores
Evaluating Group Mapping Policy
24423 ACS has not been able to confirm previous successful machine authentication for user in Active Directory
Evaluating Exception Authorization Policy
15042 No rule was matched
Evaluating Authorization Policy
15006 Matched Default Rule
15016 Selected Authorization Profile - DenyAccess
15039 Selected Authorization Profile is DenyAccess
11003 Returned RADIUS Access-Reject
Any help greatly appreciated!Hello Paul,
If a switch is configured for dot1x with MAB fallback as ours is, does the switch still send the MAC address for a dot1x-enabled client as well as the user and host AD credentials even though the MAC address is not required for auth in this case?
A switchport configured for 802.1x with MAB fallback will first send an EAPOL Start message. An 802.1x enabled client would be able to provide the appropriate User and Host information and get authenticated via 802.1x. No MAC address will be send at this point.
For the same switch and a client with dot1x DISABLED, does the switch forward just the MAC address to ACS?
Yes, the switch will send the EAPOL Start messages to the 802.1x Disabled client. It will not be able to respond to the switchport request. After the retries the switchport will fallback to MAB and expect the client to send the MAC Address to get authenticated.
If the switch invokes MAB and passes just the MAC address to ACS, does ACS still run the MAC address through the full identity store sequence which starts with AD1, even though dot1x is not running (and therefore AD matching is not relevant)?
Yes, the ACS will still run the authentication against all the Database specified on the Identity Store Sequest from top to bottom
Ultimately, I am trying to decide if
a) ACS is passing non-dot1x credentials (namely the MAC address) to AD erroneously ---> Do not think this might be the case as it will always pass the credentials to the every database on the specified order
b) if AD is responding (correctly or incorrectly) with a match ---> We know this one is happening.
c) if AD is rejecting the MAC address but that the rejection message isnt triggering the next iteration in the identity store sequence. ----> Do not think AD is rejecting the MAC Address based on:
24432 Looking up user in Active Directory - 00-1B-78-00-33-00
24416 User's Groups retrieval from Active Directory succeeded
At this point I have no suggestions on how to determine if the MAC Address is being properly authenticated on the AD Side -
Sharepoint 2013 comes with prerequisitesinstaller.exe to install the software required for the actual Sharepoint installation.
I 've installed Windows server 2012 in the R2 edition as well as Standard edition, but installing the prerequisites ends with an issue for the Microsoft Identity Extensions (MIE) on both versions (screenshot).
The 2012 R2 server has been updated with all latest files by executing Windows update.
In case of the Server 2012 R2, MIE is already installed , but somehow the Sharepoint installation is missing something.
I al;so tried removing default install to let prerequisiteinstaller.exe to install it's own version, but that did not help.
When I skip the prerequisites remaining items, the Sharepoint installation stops directly , requesting the missing items.
I've tried several Sharepoint server installation files, including the 180 days free version.
Screenshots will be uploaded after my account has been checked......Hi Jay,
Installing SharePoint Server 2013 on a computer that is running Windows Server 2012 R2 could lead to unexpected behavior, therefore, Microsoft does not support SharePoint Server 2013 in Windows Server 2012 R2.
SharePoint Server 2013 with Service Pack 1 and SharePoint Foundation 2013 with Service Pack 1 will offer support for Windows Server 2012 R2.
Refer to:
SharePoint 2013 Support for Windows Server 2012 R2
In addition, as Dave suggested, for the sharepoint server issue, please post in the dedicated forum for a better response.
Best Regards,
Anna Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Credit check issue in third party order
Dear all,
We are facing some issues related to credit management data for one of our customer. I need your valuable inputs for below mentioned queries-
1. As a genaral question- When we releases a SO through VKM* How the system calculated the " Released Credit Value of the document".
2- For one of the customers, the FD33 shows a Sales value X USD. As i see the split of this sales value , this X USD amounts to OPEN DELIVERIES. Both Open So and Open billing are zero. We tried to check with no. of tcodes to find out the open values but no such Open delv document is appeared.
In VC/2, it only shows Open SO, no open deliveries are there.
So i tried with simulation program RVKRED88, and found 5 third party Sales documents , against which some value is coming under the Open delivery value and it sums up to the value as coming in FD33.
I have a few questions on this-
> All the SO in output are Third party SO, against which PO has been created, ( Third party So> PR> PO> MIRO--> billing) and all are in status OPEN, so how come they are showing value in OPEN DELIVERY ?
--> The value appearing against these third party SO is Not equal to items value/net value, it is a complete different value than appearing in SO. But in SO changes history , the same value is coming AS RELEASED CREDIT VALUE. How is it being calculated?
For eg- for one of the Third party SO , the value coming in RVKRED88 is 29573.53 USD,
net value in So= 24,120.00 USD, Qty = 6000 PC , Credit price= 4.02 USD
Credit value of So in VBAk= 29573.53 USD
SO created , released on 08.July.2011, confirmed schedule line =08.Oct.2011
Credit settings- Static check + Credit active Item cat and SO , Open So and open delv are ticked in credit settings.
Kindly help in the analysis.
many thanks in advance for the inputs.Hi Dharmendra,
1. When we release a sales order using VKM* transaction S066 information structure and OEIKW field is updated which increases open order value.
2. If there is mismatch in the values of credit related fields run RVKRED77 (Re-organisation of credit in case of update errors) this will update all the credit data for a Payer customer in real time. RVKRED88 is simulation mode.
3. Updating of values related to credit is controlled by the update group assigned to credit control area. If system is not able to update using the assigned update group it will automatically try updating using the next update group. Below is the text of SAP Help.
If a document cannot be processed with the update group you specify, the system determines the next possible update it can carry out. For example, you select Update group 000012 which, at delivery, reduces the open order value and increases the open delivery value. Assume that one item in the order is not relevant for delivery. In this case, the system automatically determines Update group 000018 for this item. Update group 000018 increases the open delivery value for the order item. The system uses the confirmed quantity of delivery-relevant schedule lines to update the order value
As you know in OVA8 transaction credit control area, Risk category, credit group and currency are assigned to update group. -
Availability check issue in SD
Hello everyone
I am currently having some issues during the ATP in Sales Order in SD.
We are using Check Group 02 - A (Sales Order) with the following settings:
Stock Overview --- *all are unchecked*
Relenishment Lead Time -- *"Check without RLT" is checked*
Storage Location Inspection -- unchecked
In/Outward Movement --- the following are checked
Inc. Purchase Orders
Include Reservations
Include Sales Order req.
Include Deliveries
Rest all is unchecked
Now on a high level, what this does is that hard allocates the required Order Qty to the Sales Order if stock is available.
e.g. Material XYZ has 100 EA unrestricted stock
Order for 10 EA ... is allocated 10EA
Now if a second order comes in for 100EA .. it will allocate only 90EA
Now I was able to test this successfully with a newly created material in our development system.
Later I rejected all the Orders that I had created for this material in ECC.
Thus now MD04 for that material displayed no requirement.
Now again when I tried placing an order for this material ... it wouldn't confirm.
When I check the Availability Overview from the Sales Order, it shows the following details
Material -- XYZ
Plant - WXYZ
Total Display
Receipts - 100
Issues -- 300 Confirmed Issues - 100
ATP Situation
Date, MRP elm., MRP element Data, Rec./reqd qty , Confirmed , ***. ATP
02/23/2011 , Stock , BLANK , 100, BLANK , BLANK
02/23/2011 , SimReq , Simulated Requirement , (10-) , BLANK , 0
02/24/2011 , CusOrd , Totals record , (300 -) , 100 , 0
02/23/2011 , SLocSt , LOC1 , 0 , BLANK , 0
02/23/2011 , SLocSt , LOC2 , 100 , BLANK , 100
Note:
I have put the dashes to allign them correctly. Also (10-) means negative 10
Plant WXYZ has 2 locations viz. LOC1 & LOC2
Currrently the stock of 100 EA is in LOC2.
ALso LOC1 is responsible to issue the stock to deliveries.
Question:
Why would the ATP confirm 0 qty inspite of the Orders placed for it have been rejected.
Note this material was never ever used before in Sales Orders.
Any thoughts
Thanks
Vin
Edited by: vinit parkar on Feb 23, 2011 8:38 PM
Edited by: vinit parkar on Feb 23, 2011 8:44 PMHey Shiva
That did not fix the problem.
I ran the program with Data Transfer checked .. but still the same issue
Any other thoughts ?
Maybe you are looking for
-
System monitoring work center and CEN system
Hi everybody. I'm setting up the central monitoring, using SSM as monitoring system. I'm also having a look at the work center for system monitoring; but I don't find how to link the central monitoring capabilities with this dashboard. I mean, it loo
-
Installing sap netweaver 7.0 ehp1
dear all im working in omnix international llc Jordan company i need to install netweaver 7.0 ehp1 i recently received the DVD which its 30dvd with the ERP 6.0 and oracle database and with blue-ray 25 giga that contain solution manager i think that t
-
File, Place only works with PDF files...why?
I create documents in Mac Pages that I want to then create an interactive PDF (mainly navigation). I am using the demo copy of Indesign to see if it fits the bill. The mac pages doocument is a fully formated and ready for export to a static PDF. As
-
SRM 7 - How to convert Bidder to Supplier.
Hi, In SRM 7 I have created a bidder with Create Bidder option within Business Partner. Now I would like to convert this bidder to Supplier. Any idea how can I do it? The supplier list does not list the bidders, and the edit bidder option does not al
-
I can't delete the Pages trial version.
Hello, I have a problem. A time ago I downloaded the iWork trial version pack (for 30 days free), I decided to buy Pages quicker then in those 30 days. So now I have the real pages version and the trial version on my computer. The problem is now, tha