Server unable to read client's certificate.

Similar Messages

• ASA: CRYPTO_PKI: Unable to read CA/RA certificates

  Hello,
  I have setup a Win2003 Server where I install a CA/RA server for SCEP enrollment of my ASA5510. I entered the following config on the ASA:
  domain-name mydomain.com
  crypto key generate rsa
  crypto ca trustpoint MYTRUSTPOINT
  crl optional
  enrollment url http://x.x.x.x/certsrv/mscep/mscep.dll
  subject-name cn=ASA5510
  Meanwhile I configured the CA Server for SCEP support by intalling the mscep executable from the Resource Kit.
  If I try to get the CA's Certificate using crypto ca authenticate MYTRUSTPOINT, i only get this error messages on my ASA console:
  Crypto CA thread wakes up!
  CRYPTO_PKI: Sending CA Certificate Request:
  GET /certsrv/mscep/mscep.dll/pkiclient.exe?operation=GetCACert&message=ITSS HTTP
  /1.0
  Host: x.x.x.x
  CRYPTO_PKI: http connection opened
  CRYPTO_PKI: Unable to read CA/RA certificates.Crypto CA thread sleeps!
  ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0
  I have tried to reinstall the CA and SCEP over and over again but I still get the same error all the time. Is there anything wrong with my config?
  Please help me with my problem. I promise to give 5-points to anybody who can help me solve my problem. Thank you in advance.
  Lorenz

  Hi,
  Yes now I see the Bug details. But the one I am actually using is a ASA5510, I have also already upgraded it to 7.2.2 (from previous 7.0.7). I have tried this same setup before using Windows2000 Server and ASA5520, and it works. But this time I am having quite a trouble making this thing work.
  Lorenz

• Lion server unable to read settings and errors in logs.

  Having bought Lion Server from the app store yesterday and followed the simple install ... the web server is working ok in that the home page appears, but cannot get wiki server to work.
  Am getting the message "error reading settings" in the right panel of the server app when i select wiki on the left.
  When i look at the logs ... there are repeated errors relating to inability to access this file: "/var/pgsql/postgresql.conf":  
  postgresql.conf": No such file or directory
  Jun 21 05:59:06 macmini com.apple.launchd[1] (org.postgresql.postgres[18601]): Exited with code: 2
  Jun 21 05:59:06 macmini com.apple.launchd[1] (org.postgresql.postgres): Throttling respawn: Will start in 10 seconds
  Jun 21 05:59:16 macmini org.postgresql.postgres[18603]: postgres_real cannot access the server configuration file "/var/pgsql/postgresql.conf": No such file or directory
  Jun 21 05:59:16 macmini com.apple.launchd[1] (org.postgresql.postgres[18603]): Exited with code: 2
  Jun 21 05:59:16 macmini com.apple.launchd[1] (org.postgresql.postgres): Throttling respawn: Will start in 10 seconds
  Jun 21 05:59:26 macmini org.postgresql.postgres[18606]: postgres_real cannot access the server configuration file "/var/pgsql/postgresql.conf": No such file or directory
  Jun 21 05:59:26 macmini com.apple.launchd[1] (org.postgresql.postgres[18606]): Exited with code: 2
  Jun 21 05:59:26 macmini com.apple.launchd[1] (org.postgresql.postgres): Throttling respawn: Will start in 10 seconds
  Jun 21 05:59:36 macmini org.postgresql.postgres[18608]: postgres_real cannot access the server configuration file "/var/pgsql/postgresql.conf": No such file or directory
  Jun 21 05:59:36 macmini com.apple.launchd[1] (org.postgresql.postgres[18608]): Exited with code: 2
  Jun 21 05:59:36 macmini com.apple.launchd[1] (org.postgresql.postgres): Throttling respawn: Will start in 10 seconds
  Any help would be much appreciated...

  This helps me:
  1st step was to initialize postgres with
  sudo -u _postgres  /usr/bin/pg_ctl initdb -D /var/pgsql
  this created all needed files and folder in /var/pgsql
  2nd step after receiving an error that the PostgreSQL.log could not be written was to chmod the folder
  sudo chown _postgres:_postgres /Library/Logs/PostgreSQL
  3rd step was to initial all databases the server
  cd /System/Library/ServerSetup/CommonExtras/PostgreSQLExtras
  sudo -s
  run all scripts found there:
  CoreCollaborationPostgreSQLExtras.sh
  SetupPodcastWikiPlugin.rb
  WebmailServerSetup.sh
  create_caldavd_db.sh
  create_devicemgr_db.sh
  I'm back and happy now

• Twonkey media server unable to read mp4 files created by new version of Leawo Blu Ray Ripper

  For the past week I have been ripping DVDs with a new version (v7.3.0.3) of Leawo Blu Ray Ripper.  The Twonkey media server (v7.2.9-1) on my WD4100DL will not read the newer files compared to movies ripped with the old version (v7.2.1.4).  My Roku media server does just fine.  Is there an upgrade of the Twonkey media server available?
  Thanks for any advice.

  I think that Leawo has helped me to solve the problem.  The MP4 files that I made using the old version of Blu-Ray Ripper apparently defaulted to H.264 video codec for MP4 files.  Twonky is able to read those files. The new version (7.3.0.3) of Leawo Blu-Ray Ripper defaulted to MPEG4 video codec.  Twonkey cannot read those MP4 files.  I have changed the video codec to H.264 in Blu-Ray Ripper and I am in the process of ripping a DVD now.  I will post the result.

• SQL Connection Failed for SCCM 2012 R2 (Unable to load user-specified certificate)

  We've recently completed an upgrade from SCCM 2012 SP1 to 2012 R2 and have been running in the new environment for about a week. As of this morning, The consoles failed to connect to the CAS' and one of the Primary Site's database. The issue was resolved
  easily enough by addressing a certificate issue in SQL, but I'm left wondering if there's a correlation between the SP1-to-R2 upgrade that would cause the cert to fail. Anyone have experience with this?
  2014-01-21 22:10:11.81 Server      The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x8009030d. Check certificates to make sure they are valid.
  2014-01-21 22:10:11.81 Server      Error: 26014, Severity: 16, State: 1.
  2014-01-21 22:10:11.81 Server      Unable to load user-specified certificate [Cert Hash(sha1) "haaaaassssshhhh"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See
  "Configuring Certificate for Use by SSL" in Books Online.
  2014-01-21 22:10:11.81 Server      Error: 17182, Severity: 16, State: 1.
  2014-01-21 22:10:11.81 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
  2014-01-21 22:10:11.81 Server      Error: 17182, Severity: 16, State: 1.
  2014-01-21 22:10:11.81 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.
  2014-01-21 22:10:11.81 Server      Error: 17826, Severity: 18, State: 3.
  2014-01-21 22:10:11.81 Server      Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
  2014-01-21 22:10:11.81 Server      Error: 17120, Severity: 16, State: 1.
  2014-01-21 22:10:11.81 Server      SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

  We got the same certificate related error events after a fresh install of SCCM 2012 R2 on a new server. It happened during the first reboot after SCCM was installed. In the Certificates mmc, I right-clicked on the certificate used by SQL and chose Manage
  Private Keys. Giving the service account that runs the MSSQLSERVER service read rights to the private key allowed SQL to start. However, after a day or so we rebooted the server again, and SQL wouldn't start. Something had removed the service account's read
  permission. Since the SCCM configuration wasn't that far along, we uninstalled SCCM. After giving the service account read rights again, and rebooting several times over a few days, and SQL started every time. We then installed SCCM 2012 R2 again, and checked
  the certificate's permissions before rebooting. The service account still had read permissions when the install completed, but as soon as the server was rebooted, it lost the permissions again.
  The Certificates mmc was then used to request a second computer certificate and then SQL was configured to use that new certificate via SQL Server Configuration Manager. After several days and a number of reboots the SQL services have started normally every
  time so the second certificate seems to have fixed the issue. I have kept the original certificate for fear that removing it will cause whatever part of SCCM 2012 R2 that modifies the original certificate to start removing permissions from the new certificate
  as well.

• How Server can read client side SSL certificates through java code?

  My code will be running on server which will be a java class that should read any SSL certificates for the user that is logging in to the application.
  Kindly let me know how it can be achieved ? I have very rare knowldge on Security. how i can read SSL certificates of the client machine.
  Also let me know the possible solutions for above question.

  For my mud written in java, I used TCP/IP for the connections. When a client connects, he gets his own thread. Those threads are held in a vector in a manager class. each tick of the server does a quick run thru the vector and if the current thread/socket its on is null or !isAlive() its remove from the vector(which in turn removes it from getting any more game updates. This removal can be caused by two things. The clients disconnects by accident(kills his game, locks up has an internet connection hiccup, etc.) or he uses the games "quit" method. The quit method calls a method that does any player saving of data, etc then closes the socket, and sets it to null. thus the manager sees this and removes him frm the vecotr list on the next server tick. Seems to work great form a mud and worked really well in a multiplayer applet game I had up for a while.

• Unable to read SEARCH response from backend server

  Currently we have problem when searching huge amounts of users against new SunOne Directory Server v6.3
  in production and acceptance.
  [17:12:43] root@ecdiala03-2[!]# /opt/app/sun/ds6/bin/dsadm -V
  [dsadm]
  dsadm : 6.3 B2008.0311.0058 NAT
  [slapd 64-bit]
  Sun Microsystems, Inc.
  Sun-Java(tm)-System-Directory/6.3 B2008.0311.0058 64-bit
  ns-slapd : 6.3 B2008.0311.0058 NAT
  Slapd Library : 6.3 B2008.0311.0058
  Front-End Library : 6.3_MTR_5087249_1_20081209 B2008.1210.1821
  ==============================================================
  It’s not working while searching huge amounts of users against DPS.However, It’s working while searching huge amounts of users against DS.
  Below is the error from access log of DPS when the problem occurred.
  ==================================
  31/Mar/2009:14:08:17 +0200] - CONNECT - INFO - conn=4565433 client=153.88.247.15:2719 server=ecdiala03-1:389 protocol=LDAP
  [31/Mar/2009:14:08:17 +0200] - PROFILE - INFO - conn=4565433 assigned to connection handler cn=default connection handler, cn=connection handlers, cn=config
  [31/Mar/2009:14:08:17 +0200] - OPERATION - INFO - conn=4565433 op=0 BIND dn="uid=itimadm1,ou=system accounts,o=ericsson" method="SIMPLE" version=3
  [31/Mar/2009:14:08:17 +0200] - SERVER_OP - INFO - conn=4565433 op=0 BIND dn="uid=ITIMADM1,ou=system accounts,o=Ericsson" method="SIMPLE"" version=3 s_msgid=17 s_conn=ecditna03-2:72725
  [31/Mar/2009:14:08:17 +0200] - SERVER_OP - INFO - conn=4565433 op=0 BIND RESPONSE err=0 msg="" s_conn=ecditna03-2:72725
  [31/Mar/2009:14:08:17 +0200] - PROFILE - INFO - conn=4565433 assigned to connection handler cn=BindDone,cn=connection handlers,cn=config
  [31/Mar/2009:14:08:17 +0200] - OPERATION - INFO - conn=4565433 op=0 BIND RESPONSE err=0 msg="" etime=0
  [31/Mar/2009:14:08:17 +0200] - OPERATION - INFO - conn=4565433 op=1 msgid=2 SEARCH base="ou=External,o=Ericsson" scope=2 filter="(objectclass=inetorgperson)" attrs="*"
  [31/Mar/2009:14:08:17 +0200] - SERVER_OP - INFO - conn=4565433 op=1 SEARCH base="ou=external,o=ericsson" scope=2 filter="(objectclass=inetorgperson)" attrs="*" s_msgid=18 s_conn=ecditna03-2:72725
  [31/Mar/2009:14:12:25 +0200] - OPERATION - INFO - conn=4565433 op=1 SEARCH RESPONSE err=1 msg="Unable to read SEARCH response from backend server : Timeout when waiting to read from input stream" nentries=33959 etime=248309
  [31/Mar/2009:14:17:25 +0200] - DISCONNECT - INFO - conn=4565433 reason="other" msg="Exception caught while polling client connection LDAP.153.88.247.15.2719 -- java.io.IOException: Connection reset by peer"
  ================================
  >>
  > > [15:12:29] root@ecdiala03-1[!]# ./dpadm -V
  > >
  > > [dpadm]
  > >
  > > dpadm :
  > >
  6.3_PD_COMBO_CUMULATIVE_VIRTUAL_15112008_ED2.0+6774589+6780423+6778308+6782659_2
  > > B2008.1212.0459 NAT
  > >
  > >
  > >
  > > [DPS]
  > >
  > > Sun Microsystems, Inc.
  > >
  > >
  Sun-Java(tm)-System-Directory-Proxy-Server/6.3_PD_COMBO_CUMULATIVE_VIRTUAL_15112008_ED2.0+6774589+6780423+6778308+6782659_2
  > > B2008.1212.0436
  > >
  > > =================

  We have changed the value of data-source-read-timeout in DPS from 20s to 30m.As per application test, the "time out" error has gone, but we get a new error as following.
  ==========================
  [27/Apr/2009:05:28:36 +0200] - SERVER_OP - INFO - conn=209469 op=8 SEARCH base="ou=internal,o=ericsson" scope=2 filter="(objectclass=ericssonInternal)" attrs="EriCA-AttesterNL EriCA-EmploymentForm EriCA-KeyRecoveryNL-Auth EriCA-NL-Auth EriCA-NLOTP-Admin EriCA-NLOTP-User EriCA-accountExpires c cn departmentNumber description displayName eriCompanySynch eriCountry eriCountryCode eriEmployeeStatus eriExpired eriIsManager eriMasterDomain eriOpOrgUnitAbbreviation eriOpOrgUnitIdentifier eriOpOrgUnitName eriOperationalManager eriPartner eriPartnerTrigram eriPwSynchDate eriSignType eriSignum eriSignumStatus facsimileTelephoneNumber givenName isMemberOf l mail memberOf mobile objectClass ou sametimebrowseldap sametimehomeserver sametimeuser smChallResp smDisabled smXauthRADIUSServer sn telephoneNumber title uid uidNumber " s_msgid=27 s_conn=ecditna03-2:8645
  [27/Apr/2009:06:06:23 +0200] - SERVER_OP - INFO - conn=209469 op=8 SEARCH RESPONSE err=0 msg="" nentries=236367 s_conn=ecditna03-2:8645
  [27/Apr/2009:06:06:23 +0200] - OPERATION - INFO - conn=209469 op=8 SEARCH RESPONSE err=0 msg="" nentries=236367 etime=2266483
  [27/Apr/2009:06:11:27 +0200] - DISCONNECT - INFO - conn=209469 reason="other" msg="Exception caught while polling client connection LDAP.153.88.247.15.4862 -- java.io.IOException: Connection reset by peer"
  ================
  Each time while application client (153.88.247.15) connecting DPS to read, they will exit with “connection reset” error.
  Could you please kindly give us some suggestion if this error is realted to the DPS?

• RD Gateway Manager - Unable to read RD Gateway Server Settings

  I'm trying to install a Remote Desktop Gateway into my domain, but I am running into a serious road-block... when I load RD Gateway Manager to configure the service, there is nothing to configure because it won't load my server into the console. When I try
  to connect to it manually, it returns the following error:
  "Unable to read RD Gateway Server Settings"
  There are no errors or warnings in Event Viewer. I can verify that C:\Windows\System32\tsgateway\rap.xml exists and is readable. I can verify that Network Policy does have a TS_CAP_01 policy and it is enabled. A valid certificate was applied during setup
  (and I've also tried choosing ask me later).
  I have already tried uninstalling and reinstalling the role service (including manually verifying that the policies are removed). I also have this working on another domain server, so I'm at a loss for what to look for... How can I resolve this so that I
  can finish configuring the service?

  Hello,
  Thanks for your post.
  From your description, I understand that you’re trying to install the RD Gateway role on a Windows Server 2008 R2-based domain computer. However, after the role
  is install, the RD Gateway Manager cannot be loaded into the RD Gateway Manager. The error prompts “Unable to read RD Gateway Server Settings”.
  Based on my experience, the issue may be caused by problematic installation or startup of the RD Gateway role. Before we troubleshoot the issue further, I recommend
  you to enable the Audit level logging in the Event Viewer and double-check the related clues in the event viewer. To do that, please use the following steps:
  1.    
  On the RD Gateway server open RD Gateway Manager. To open RD Gateway Manager, click
  Start, point to Administrative Tools, point to
  Remote Desktop Services, and then click RD Gateway Manager.
  2.    
  In the console tree, right-click the node that represents your RD Gateway server, which is named for the computer on which the RD Gateway server is running, and then
  click Properties.
  3.    
  On the
  Auditing tab, select or clear the appropriate check boxes to specify the events that you want to monitor for RD Gateway, and then click
  OK.
  When these events occur, you can monitor the corresponding events by using Windows Event Viewer. RD Gateway Manager server events are stored in Event Viewer under
  Application and Services Logs\Microsoft\Windows\Terminal Services-Gateway\.
  Let us know the result if possible. We’d like to help further based on your information replied. Thanks.
  Lionel Chen
  TechNet
  Subscriber Support in forum
  If you have any feedback on our support, please contact
  [email protected]
  This posting is provided "AS IS" with no warranties, and confers no rights.

• RD Gateway Manager fails with "Unable to read RD Gateway Server Settings"

  The question is: Why can't I connect RD Gateway Manager on the local RD Gateway server?
  A month ago, I successfully configured a RD Gateway and to work with a RD Session Host.  I set up the RDG CAP and RAP policies.  I successfully tested connectivity through the gateway.
  Today, I tried to access the RD Gateway Manager and now I'm getting the following pop-up message:
  "Unable to read RD Gateway Server Settings"
  Everything still works and I am able to confirm that NPS is running the CAP policy that I configured in RD Gateway Manager.
  The certificate is from a trusted source.  The Event Log does not show any errors.

  Hi,
  Thank you for posting in Windows Server Forum.
  Please let us know some more information.
  Did you make any change after setting up the server correctly?
  Have you make any changes in IIS?
  Please recheck your connection setting again with following link and provide us the result.
  1. How To Work with RD Gateway in Windows Server 2012
  2. Deploying Remote Desktop Gateway RDS 2012
  Also go through this thread once.
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• New install issue-unable to connect to DB server from a remote client.

  Hi experts,
  I am new to setting up oracle server so pls bear with me...
  I setup a db server (11g on top of 64bit Oracle Linux) at home (static 192.168.1.90). I verified that db, listener are up and running. However, I tried to connect to the server from a different client machine (192.168.1.108) within my home network but the server cannot be reached. I was able to ping both client and server using the IP addresses and hostnames. I followed the following steps to perform troubleshooting but was unable to move on beyond step 3, telnet-ing the server on port 1521. Can someone help me out what I should do make the port # (1521) is reachable by the client?
  1. Check with "ping" using the IP address ("ping 198.11.34.43"
  2. Check with "ping" using DNS name (e.g. "tnsping uranus")
  3. Try telnet to the IP on port 1521 (telnet 1.2.3.4 1521)
  4. Check with "tnsping" using TNS service name
  5. Invoke SQL*Plus from the OS command line "sqlplus fred@flintstone". If this fails, check to ensure that your listener is the flintstone service defined.
  6. Sign-on to SQL*Plus and connect with the TNS name ("connect fred/flintstome@service_name"
  7. Within SQL*Plus, try a select from table@remote_db_link
  thanks a lot in advance.

  user6391746 wrote:
  Hi experts,
  I am new to setting up oracle server so pls bear with me...
  I setup a db server (11g on top of 64bit Oracle Linux) at home (static 192.168.1.90). I verified that db, listener are up and running. However, I tried to connect to the server from a different client machine (192.168.1.108) within my home network but the server cannot be reached. I was able to ping both client and server using the IP addresses and hostnames. I followed the following steps to perform troubleshooting but was unable to move on beyond step 3, telnet-ing the server on port 1521. Can someone help me out what I should do make the port # (1521) is reachable by the client?
  1. Check with "ping" using the IP address ("ping 198.11.34.43"
  2. Check with "ping" using DNS name (e.g. "tnsping uranus")
  3. Try telnet to the IP on port 1521 (telnet 1.2.3.4 1521)
  4. Check with "tnsping" using TNS service name
  5. Invoke SQL*Plus from the OS command line "sqlplus fred@flintstone". If this fails, check to ensure that your listener is the flintstone service defined.
  6. Sign-on to SQL*Plus and connect with the TNS name ("connect fred/flintstome@service_name"
  7. Within SQL*Plus, try a select from table@remote_db_link
  thanks a lot in advance.solution depends upon which ERROR is thrown.
  Is COPY & PASTE broken for you?
  It is really, Really, REALLY difficult to fix a problem that can not be seen.
  use COPY & PASTE so we can see what you do & how Oracle responds.

• New deploy child domain certificate server didn't publish root trust certificate to the client

  Child domain certificate didn't install into child domain workstation.
  https://support.microsoft.com/en-us/kb/281271?wa=wsignin1.0
  Certification Authority configuration to publish certificates in Active Directory of trusted domain
  Any advise?
  Thanks.

  Hi,
  >>New deploy child domain certificate server didn't publish root trust certificate to the client
  Is this an enterprise root CA or standalone CA?
  If it is an enterprise root CA, it will automatically use Group Policy to propagate its certificate to the Trusted Root Certification Authorities certificate store for all users and computers in the domain. If it is an standalone CA, we can configure GPO
  to distribute the certificate.
  Regarding how to use policy to distribute certificates, the following article can be referred to for more information.
  Use Policy to Distribute Certificates
  https://technet.microsoft.com/en-us/library/cc772491.aspx
  We can run command gpupdate/force to immediately update group policy and then we can refresh the certificates in certmgr.msc to see if the certificate will come up.
  Besides, for certificate questions, we can also ask for suggestions in the following forum.
  Security
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Client's not scanning - WUAHandler error 0x80004005 Unable to read existing resultant WUA policy. Error = 0x80070002

  Hi Experts,
  A month back we faced an issue with multiple update sources in our environment. However that is now fixed. Thanks for all your suggestions!
  Most of the clients are now able to scan however, we have a handful of systems  in "Failed to install Updates  State" returning error status 11756  "error Failed to save WUAgent policy with updated WSUS Server. Error = 0x80004005"
  (WUAHandler)
  Unable to read existing resultant WUA policy. Error = 0x80070002.
  What is strange to me is that for all these clients: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"  folder itself is missing. I have tried manually creating this folder with the WUServer and port settings and re-initiated
   the scan. To my surprise the registry.pol file doesn't get created when i try to initiate the scan remotely (Client Actions Tool/ Client Centre). (I am not aware of a local security policy that would restrict an Administrator to do it)
  Apart from these I have tried repairing/reinstalling the WUAgent and even re-installed the client. But didn't have much luck. I am waiting to check what could be the impact of a scheduled scan (with the user logged in).Rebuilding these PCs cant be a viable
   solution. Any pointers would be much appreciated.

  Not sure if you are still having this issue, but this will probably fix it.
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/1c1a640f-179c-4b72-bfe3-ab5d928454bf/software-update-error-0x80004005?forum=configmgrsum

• Unable to read Password Server response - socket error on socket

  Hi,
  I'm experiencing the following at the OD replica:
  2014-06-03 12:13:06.424616 FET - 592.1446486 - Client: Python, UID: 93, EUID: 93, GID: 93, EGID: 93
  2014-06-03 12:13:06.424616 FET - 592.1446486, Node: /LDAPv3/127.0.0.1, Module: AppleODClientPWS - unable to read Password Server response - socket error on socket fd 12: Resource temporarily unavailable (5205)
  Any ideas are appreciated. Thank you in advance.

  Hi Raja- It seems to be a data quality issue.
  Check for the value @ 1447 position in the xml message that you are trying to send to web service..
  may be a date filed/decimal value which is not in expected format.

• Server was unable to read request. RuntimeFaultMessage

  Hi, I'm trying to orchestate a .Net web service that receives a String... the String that this .Net web service receives is called "xml" and it represents a xml like this "<rc><ho>hjh</ho><h><h1>hj>/h1><h2>hjh</h2></h></rc>"
  When I instantiate the call of this web service through BPEL I get this error:
  web_rc_asmx (ReporteRC) (faulted)
  [2004/09/22 12:31:04] "{http://schemas.oracle.com/bpel/extension}bindingFault" has been thrown. Less
  faultName: {{http://schemas.oracle.com/bpel/extension}bindingFault}
  messageType: {{http://schemas.oracle.com/bpel/extension}RuntimeFaultMessage}
  code: {Client}
  summary: {Server was unable to read request. --> There is an error in XML document (3, 114). --> 'Element' is an invalid node type. Line 3, position 114.}
  parts: {{}}
  The xml string that receives is good because I have tried it directry from the web service page.. or even calling it from an stub/skeleton.. Any idea what could be wrong???
  Thanks a lot,
  PAOLA LINARES

  this is the Bpel file:
  <!-- PAOLAPRO BPEL Process [Generated by the Oracle BPEL Designer] -->
  <process name="PAOLAPRO" targetNamespace="http://oracle.com" suppressJoinFailure="yes" xmlns:tns="http://oracle.com" xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/" xmlns:bpelx="http://schemas.oracle.com/bpel/extension" xmlns:ora="http://schemas.oracle.com/xpath/extension" xmlns:ns0="http://tempuri.org/">
       <!-- ================================================================= -->
       <!-- PARTNERLINKS -->
       <!-- List of services participating in this BPEL process -->
       <!-- ================================================================= -->
       <partnerLinks>
            <!--
  The 'client' role represents the requester of this service. It is
  used for callback. The location and correlation information associated
  with the client role are automatically set using WS-Addressing.
  -->
            <partnerLink name="client" partnerLinkType="tns:PAOLAPRO" myRole="PAOLAPROProvider" partnerRole="PAOLAPRORequester"/>
            <partnerLink name="ReporteRC" partnerLinkType="ns0:WSInfRCSoapLink" partnerRole="WSInfRCSoapProvider"/>
       </partnerLinks>
       <!-- ================================================================= -->
       <!-- VARIABLES -->
       <!-- List of messages and XML documents used within this BPEL process -->
       <!-- ================================================================= -->
       <variables>
            <!-- Reference to the message passed as input during initiation -->
            <variable name="input" messageType="tns:PAOLAPRORequestMessage"/>
            <!-- Reference to the message that will be sent back to the
  requester during callback
  -->
            <variable name="output" messageType="tns:PAOLAPROResponseMessage"/>
            <variable messageType="ns0:ReporteRCSoapIn" name="IN_"/>
            <variable messageType="ns0:ReporteRCSoapOut" name="OUT_"/>
       </variables>
       <!-- ================================================================= -->
       <!-- ORCHESTRATION LOGIC -->
       <!-- Set of activities coordinating the flow of messages across the -->
       <!-- services integrated within this business process -->
       <!-- ================================================================= -->
       <sequence name="main">
            <!-- Receive input from requestor.
  Note: This maps to operation defined in PAOLAPRO.wsdl
  -->
            <receive name="receiveInput" partnerLink="client" portType="tns:PAOLAPRO" operation="initiate" variable="input" createInstance="yes"/>
            <!-- Asynchronous callback to the requester.
  Note: the callback location and correlation id is transparently handled
  using WS-addressing.
  -->
            <scope name="scope-1">
                 <sequence>
                      <assign name="assign-1">
                           <copy>
                                <from variable="input" part="payload" query="/tns:PAOLAPRORequest/tns:input">
                                </from>
                                <to variable="IN_" part="parameters" query="/ns0:ReporteRC/ns0:xml"/>
                           </copy>
                      </assign>
                      <invoke name="invoke-1" partnerLink="ReporteRC" portType="ns0:WSInfRCSoap" operation="ReporteRC" inputVariable="IN_" outputVariable="OUT_"/>
                 </sequence>
            </scope>
            <invoke name="callbackClient" partnerLink="client" portType="tns:PAOLAPROCallback" operation="onResult" inputVariable="output"/>
       </sequence>
  </process>
  WSDL file:
  <?xml version="1.0"?>
  <definitions name="PAOLAPRO"
  targetNamespace="http://oracle.com"
  xmlns:tns="http://oracle.com"
  xmlns:plnk="http://schemas.xmlsoap.org/ws/2003/05/partner-link/"
  xmlns="http://schemas.xmlsoap.org/wsdl/"
  >
  <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TYPE DEFINITION - List of services participating in this BPEL process
  The default output of the BPEL designer uses strings as input and
  output to the BPEL Process. But you can define or import any XML
  Schema type and us them as part of the message types.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
  <types>
  <schema attributeFormDefault="qualified"
  elementFormDefault="qualified"
  targetNamespace="http://oracle.com"
  xmlns="http://www.w3.org/2001/XMLSchema"
  >
  <element name="PAOLAPRORequest">
  <complexType>
  <sequence>
  <element name="input" type="string" />
  </sequence>
  </complexType>
  </element>
  <element name="PAOLAPROResponse">
  <complexType>
  <sequence>
  <element name="result" type="string"/>
  </sequence>
  </complexType>
  </element>
  </schema>
  </types>
  <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  MESSAGE TYPE DEFINITION - Definition of the message types used as
  part of the port type defintions
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
  <message name="PAOLAPRORequestMessage">
  <part name="payload" element="tns:PAOLAPRORequest"/>
  </message>
  <message name="PAOLAPROResponseMessage">
  <part name="payload" element="tns:PAOLAPROResponse"/>
  </message>
  <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  PORT TYPE DEFINITION - A port type groups a set of operations into
  a logical service unit.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
  <!-- portType implemented by the PAOLAPRO BPEL process -->
  <portType name="PAOLAPRO">
  <operation name="initiate">
  <input message="tns:PAOLAPRORequestMessage"/>
  </operation>
  </portType>
  <!-- portType implemented by the requester of PAOLAPRO BPEL process
  for asynchronous callback purposes
  -->
  <portType name="PAOLAPROCallback">
  <operation name="onResult">
  <input message="tns:PAOLAPROResponseMessage"/>
  </operation>
  </portType>
  <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  PARTNER LINK TYPE DEFINITION
  the PAOLAPRO partnerLinkType binds the provider and
  requester portType into an asynchronous conversation.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
  <plnk:partnerLinkType name="PAOLAPRO">
  <plnk:role name="PAOLAPROProvider">
  <plnk:portType name="tns:PAOLAPRO"/>
  </plnk:role>
  <plnk:role name="PAOLAPRORequester">
  <plnk:portType name="tns:PAOLAPROCallback"/>
  </plnk:role>
  </plnk:partnerLinkType>
  </definitions>
  WSINFRCWrapper.wsdl:
  <?xml version="1.0" encoding="utf-8"?>
  <definitions
       targetNamespace="http://tempuri.org/"
       xmlns:tns="http://tempuri.org/"
       xmlns="http://schemas.xmlsoap.org/wsdl/"
       xmlns:plnk="http://schemas.xmlsoap.org/ws/2003/05/partner-link/"
       >
       <import location="http://boinfrcs/wsdcrc/wsinfrc.asmx?WSDL"/>
       <plnk:partnerLinkType name="WSInfRCSoapLink">
            <plnk:role name="WSInfRCSoapProvider">
                 <plnk:portType name="tns:WSInfRCSoap" />
            </plnk:role>
       </plnk:partnerLinkType>     
  </definitions>
  This is the XML String:
  <RC><registro_control><tipo_llamado asin="false"/><usuario><id_usuario>xxx</id_usuario><clave>yyy</clave></usuario><documento tipo_documento="3988"><id_documento>1234</id_documento><NombreRegistro>solicitud_informacion</NombreRegistro></documento><cliente><nit>860001942-8</nit></cliente><solicitud><id_solicitud>5425</id_solicitud><url_respuesta>http://sevidor:puerto/RaizVirtual/ModuloTransmision/recibirEnvio.asp</url_respuesta><id_usuario_remoto>idUsuario</id_usuario_remoto><clave_usuario_remoto>claveUsuario</clave_usuario_remoto></solicitud></registro_control><Informacion><Dolar>2700</Dolar><Bolivar>1.38</Bolivar></Informacion><Cliente><Id>8913379</Id><TipoId>3</TipoId></Cliente></RC>
  and this is the Error:
  04/09/28 10:15:34 AxisFault
  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
  faultString: Server was unable to read request. --> There is an error in XML do
  cument (3, 114). --> 'Element' is an invalid node type. Line 3, position 114.
  faultActor: null
  faultDetail:
  04/09/28 10:15:34 Server was unable to read request. --> There is an error in XM
  L document (3, 114). --> 'Element' is an invalid node type. Line 3, position 114
  04/09/28 10:15:34 at org.apache.axis.message.SOAPFaultBuilder.endElement(S
  OAPFaultBuilder.java:135)
  04/09/28 10:15:34 at org.apache.axis.encoding.DeserializationContextImpl.e
  ndElement(DeserializationContextImpl.java:942)
  04/09/28 10:15:34 at org.apache.xerces.parsers.AbstractSAXParser.endElemen
  t(Unknown Source)
  04/09/28 10:15:34 at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanE
  ndElement(Unknown Source)
  04/09/28 10:15:34 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl
  $FragmentContentDispatcher.dispatch(Unknown Source)
  04/09/28 10:15:34 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl
  .scanDocument(Unknown Source)
  04/09/28 10:15:34 at org.apache.xerces.parsers.XML11Configuration.parse(Un
  known Source)
  04/09/28 10:15:34 at org.apache.xerces.parsers.XML11Configuration.parse(Un
  known Source)
  04/09/28 10:15:34 at org.apache.xerces.parsers.XMLParser.parse(Unknown Sou
  rce)
  04/09/28 10:15:34 at org.apache.xerces.parsers.AbstractSAXParser.parse(Unk
  nown Source)
  04/09/28 10:15:34 at javax.xml.parsers.SAXParser.parse(Unknown Source)
  04/09/28 10:15:34 at org.apache.axis.encoding.DeserializationContextImpl.p
  arse(DeserializationContextImpl.java:232)
  04/09/28 10:15:34 at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.j
  ava:547)
  04/09/28 10:15:34 at org.apache.axis.Message.getSOAPEnvelope(Message.java:
  377)
  04/09/28 10:15:34 at org.apache.axis.client.Call.invokeEngine(Call.java:21
  72)
  04/09/28 10:15:34 at org.apache.axis.client.Call.invoke(Call.java:2138)
  04/09/28 10:15:34 at org.apache.axis.client.Call.invoke(Call.java:1308)
  04/09/28 10:15:34 at org.apache.wsif.providers.collaxa.axis.WSIFOperation_
  ApacheAxis.invokeAXISMessaging(WSIFOperation_ApacheAxis.java:1892)
  04/09/28 10:15:34 at org.apache.wsif.providers.collaxa.axis.WSIFOperation_
  ApacheAxis.invokeRequestResponseOperation(WSIFOperation_ApacheAxis.java:1451)
  04/09/28 10:15:34 at org.apache.wsif.providers.collaxa.axis.WSIFOperation_
  ApacheAxis.executeRequestResponseOperation(WSIFOperation_ApacheAxis.java:1022)
  04/09/28 10:15:34 at com.collaxa.cube.ws.WSIFInvocationHandler.invoke(WSIF
  InvocationHandler.java:306)
  04/09/28 10:15:34 at com.collaxa.cube.ws.WSInvocationManager.invoke(WSInvo
  cationManager.java:250)
  04/09/28 10:15:34 at com.collaxa.cube.ws.WSInvocationManager.invoke(WSInvo
  cationManager.java:133)
  04/09/28 10:15:34 at com.collaxa.cube.engine.ext.wmp.BPELInvokeWMP.__invok
  e(BPELInvokeWMP.java:518)
  04/09/28 10:15:34 at com.collaxa.cube.engine.ext.wmp.BPELInvokeWMP.__execu
  teStatements(BPELInvokeWMP.java:276)
  04/09/28 10:15:34 at com.collaxa.cube.engine.ext.wmp.BPELActivityWMP.perfo
  rm(BPELActivityWMP.java:175)
  04/09/28 10:15:34 at com.collaxa.cube.engine.CubeEngine.performActivity(Cu
  beEngine.java:3244)
  04/09/28 10:15:34 at com.collaxa.cube.engine.CubeEngine.handleWorkItem(Cub
  eEngine.java:1664)
  04/09/28 10:15:34 at com.collaxa.cube.engine.dispatch.message.instance.Per
  formMessageHandler.handleLocal(PerformMessageHandler.java:75)
  04/09/28 10:15:34 at com.collaxa.cube.engine.dispatch.DispatchHelper.handl
  eLocalMessage(DispatchHelper.java:84)
  04/09/28 10:15:34 at com.collaxa.cube.engine.dispatch.DispatchHelper.sendM
  emory(DispatchHelper.java:137)
  04/09/28 10:15:34 at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEng
  ine.java:5318)
  04/09/28 10:15:34 at com.collaxa.cube.engine.CubeEngine.createAndInvoke(Cu
  beEngine.java:1192)
  04/09/28 10:15:34 at com.collaxa.cube.engine.delivery.DeliveryService.hand
  leInvoke(DeliveryService.java:480)
  04/09/28 10:15:34 at com.collaxa.cube.engine.bean.DeliveryBean.handleInvok
  e(DeliveryBean.java:307)
  04/09/28 10:15:34 at IDeliveryLocalBean_StatelessSessionBeanWrapper16.hand
  leInvoke(IDeliveryLocalBean_StatelessSessionBeanWrapper16.java:1764)
  04/09/28 10:15:34 at com.collaxa.cube.engine.dispatch.message.invoke.Invok
  eInstanceMessageHandler.handle(InvokeInstanceMessageHandler.java:36)
  04/09/28 10:15:34 at com.collaxa.cube.engine.dispatch.DispatchHelper.handl
  eMessage(DispatchHelper.java:62)
  04/09/28 10:15:34 at com.collaxa.cube.engine.dispatch.BaseScheduledWorker.
  process(BaseScheduledWorker.java:72)

• Server needs to trust *client* code without a certificate

  Here's a sticky security question
  I want my server to trust that a client has performed the operation it says it has on some data held by the client (the client performs the operation to reduce server load). The server can supply code to perform the operation to the client, via a serialized object or RMI.
  However, I don't want every client to have to register with the server (eg if each client had its own certificate this would be necessary)
  Presumably something must happen as the client performs the operation to show that the correct (server generated) code was used.
  If the object whic h knows how to perform the operation is sent using RMI with a public sign method and the server lends its own private key for the signing, in a private field of this object, can a malicious client discern the private key of the server simply by deserializing the object ? Encryption of the serialized object doesn't seem to help as a normal client needs to decrypt, so the malicious one can too.
  What about if a private/public key pair is generated at the server and given to the client for signing? again the malicious client could sign using the key then perform a completely different operation.
  What should actually be signed at the client end - the object sent which performs the operation ? the server needs to know that this signature proves that the code it sent was used.
  would be interested in any ideas (this is for a university project)
  thanks to all
  John

  Hi John,
  First, secure your coms : SSLv2 for example (1), so the further discussions between the "server" and the "client" will be sure (for a moment ;-).
  Next, supply the "server code" from the server (only via the secured channel) to the "client" (2).
  This code must be in two parts : "crypted data" and a "decryption module".
  The "decryption module" must contains a "server's public key certificate" to use to decrypt the "crypted data" (3) that contains the "real code" and a "serial ID generated by the server".
  Then the "decryption module" must start the newly decrypted "real code", to do the "server operation" on the "client data".
  At the end, the "real code" sends back the "client result" and the "serial ID" encrypted with the "server's public key" (4).
  (1) SSL v2 creates a secure channel betwwen a server and a client (typically a browser), but at the intiative of the server and with no active part of the client, except to accept the chosen algorithm (I simplify here but it's schematically the point).
  (2) So with this channel (at the initiative of the identified server) the "client" is sure that the "modules" came from the "server".
  (3) This encryption has been made with the "server's private key", so only its "public key" can undo it : so the "client" and the "decryption module" are sure that the "real code" has not been alterated.
  (4) Same thing, but opposite side : only the "server's private key" can undo an encryption with its "public key" : the "client" is sure that only the "server" will be able to do something with its "result".
  With this proposition, the "server" is sure that the "client" has done its "server code" on some data and has given back a "result". But it has no guarantees on the identification of the "client", only that it is the same from the beginning.
  By the way, never "lend" a private key to another one, it is lethal to your security, since PKI is only a matter of trust on the public/private keys pair and its link with an identity (that's why Certificate Authorities are made).
  Pleased if I have been of some help, Wild.