Slow authentication on Windows
I've set up small office network - 6 Windows computers + one Mac with OS X Server 10.4.4. Everything works OK (file services, open directory....) but I have one problem - when Windows users try to authenticate on domain (OS X server runs as PDC), this process is slow - about 20 seconds until logon process starts. Where the problem could be?
There used to be a TCP delayed acknowledge problem OSX<->Windows.
The newer Tiger net.inet.tcp.delayed_ack: 3 default(?) might be worth trying changing.
You could try in Terminal:
sudo sysctl -w net.inet.tcp.delayed_ack=2 (used on Windows?)
or
sudo sysctl -w net.inet.tcp.delayed_ack=0
Which will alter this setting immediately.
Change it back to "3" if it doesn't help.
Also, workgroup/domainame is entered with UPPERCASE letters?
Similar Messages
-
Boot message: problem with hard drive detected. Slow loading of windows 7
Good Day
I am having a problem with my hard drive, everytime it boots these days it starts with a message: Warning: a problem with the hard drive has been detected, followed by an extremely slow loading of windows. then once in windows it gives me Anothet message
the messsage says hard drive failure imminent you should back up you data etc.
My specs are:
Intel core 2 duo e8400 3.0 ghz
4 gig ddr3 transcend
1 tb seagate 7200.12
giga byte nvidia 9800 gt 1 gig ddr3
Please help lots of data.Another option:
Take your hard drive out and slave it into another KNOWN WORKING PC.
Back-up your data immediately. Slow boot usually indicates that the drive is going to die. (Check your warranty!)
Then, run "chkdsk /r" from the host PC to check the failing drive. (It is good to match OSes if you can.)
MCSE: 6771498 -
IMac & Macbook running slower than a Windows computer
Hello all, I need some help with my apple products. I spend half my day messing with the internet to try and get it going instead of sitting there with a blank look on its face. They freeze up to an extent. I generally can always close out Safari, shut off the wifi, then turn wifi on and safari will work somewhat better sometimes. Here is the Etre report for both the iMac and MacBook. Also on the MacBook report, I was digging around in my system report and found something that made me think it might be bad so i have included it as well. Please help me and keep me from wasting half my day every day. Thanks. There is several extra lines after the Macbook report that came from my system report. I don't know if it is pertinent or not but I feel like it is. I wasn't sure what to leave out so I just put it all in, sorry for the long post.
Note----- I took out the logs that were from the previous address I lived at. Just included from when I moved into new house.
THIS IS FOR THE iMac
Problem description:
Ever since I moved into this new house my apple computers have slowed down to granny speed and sometimes they just sit there and stare at you. I have an iMac from 2011, a mac book pro 2014, iPhone 6, iPhone 4s, and to top it off a windows computer that is used for graphic software. I have 2 TV’s that we use as well. My internet and cable are provided by ATT and at my old house it worked great, no problems. I have had ATT out twice since install in January. They have given me a new modem, and a booster to help increase the reach of the wireless internet. My internet is supposed to be 18mbs download and for the life of me can’t think of the upload speed. When testing I usually have a 10 to 11 download and a 1.80 upload speed. I have ran verify disk, fix permissions so many times and that it is ridiculous. My iMac is used in the back room which is about 30 feet from modem, that is why they gave me the booster the 2nd time out. The macbook is used just whereever. The speed of the Mac’s is slower then the Windows computer. That ain’t right. I don’t download anything, I don’t go to crazy suspect sites. I have taken the iMac to apple store and they tested it and said it was fine. I have re-installed the O.S. (Yosimiteme 10.10.3). I just want my apples to work properly again.
EtreCheck version: 2.2 (132)
Report generated 5/3/15, 8:22 PM
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: ℹ️
iMac (21.5-inch, Mid 2010) (Technical Specifications)
iMac - model: iMac11,2
1 3.06 GHz Intel Core i3 CPU: 2-core
4 GB RAM Upgradeable
BANK 0/DIMM0
Empty
BANK 1/DIMM0
Empty
BANK 0/DIMM1
2 GB DDR3 1333 MHz ok
BANK 1/DIMM1
2 GB DDR3 1333 MHz ok
Bluetooth: Old - Handoff/Airdrop2 not supported
Wireless: en1: 802.11 a/b/g/n
Video Information: ℹ️
ATI Radeon HD 4670 - VRAM: 256 MB
iMac 1920 x 1080
G206HQL 1600 x 900 @ 60 Hz
System Software: ℹ️
OS X 10.10.3 (14D136) - Time since boot: 0:25:17
Disk Information: ℹ️
WDC WD5000AAKS-40V6A0 disk0 : (500.11 GB)
EFI (disk0s1) <not mounted> : 210 MB
Macintosh HD (disk0s2) / : 499.25 GB (392.09 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
OPTIARC DVD RW AD-5680H
USB Information: ℹ️
Apple Internal Memory Card Reader
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
Apple, Inc. Keyboard Hub
Apple, Inc Apple Keyboard
Apple Computer, Inc. IR Receiver
Apple Inc. Built-in iSight
Gatekeeper: ℹ️
Mac App Store and identified developers
Kernel Extensions: ℹ️
/System/Library/Extensions
[not loaded] com.Belcarra.iokit.USBLAN_netpart (2.0.2) [Click for support]
[not loaded] com.Belcarra.iokit.USBLAN_usbpart (2.0.2) [Click for support]
[not loaded] com.RemoteControl.USBLAN.usbpart (2.0.6) [Click for support]
[not loaded] com.leapfrog.driver.LfConnectDriver (1.8.1 - SDK 10.7) [Click for support]
/System/Library/Extensions/Belcarra.USBLAN_netpart.kext/Contents/PlugIns
[not loaded] com.belcarra.iokit.netpart.panther (1.6.1) [Click for support]
/System/Library/Extensions/Belcarra.USBLAN_usbpart.kext/Contents/PlugIns
[not loaded] com.belcarra.iokit.usbpart.panther (1.6.1) [Click for support]
/System/Library/Extensions/RemoteControl.USBLAN_usbpart.kext/Contents/PlugIns
[not loaded] com.RemoteControl.USBLAN.panther (1.6.1) [Click for support]
Startup Items: ℹ️
HP IO: Path: /Library/StartupItems/HP IO
Startup items are obsolete in OS X Yosemite
Launch Agents: ℹ️
[not loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[running] com.adobe.AdobeCreativeCloud.plist [Click for support]
[running] com.flipvideo.FlipShare.AutoRun.plist [Click for support]
[loaded] com.google.keystone.agent.plist [Click for support]
[loaded] com.hp.help.tocgenerator.plist [Click for support]
[failed] com.motive.alertDetectorHost.plist [Click for support] [Click for details]
[failed] com.motive.userAgent.plist [Click for support] [Click for details]
Launch Daemons: ℹ️
[loaded] com.adobe.fpsaud.plist [Click for support]
[running] com.flipvideo.FlipShareServer.launchd.plist [Click for support]
[loaded] com.google.keystone.daemon.plist [Click for support]
[loaded] com.leapfrog.connect.shell.plist [Click for support]
[loaded] com.microsoft.office.licensing.helper.plist [Click for support]
[failed] com.motive.systemDaemon.plist [Click for support]
User Launch Agents: ℹ️
[loaded] com.adobe.ARM.[...].plist [Click for support]
[loaded] com.adobe.ARM.[...].plist [Click for support]
[loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist [Click for support]
User Login Items: ℹ️
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
AdobeResourceSynchronizer Application (/Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app)
HP Scheduler Application (/Library/Application Support/Hewlett-Packard/Software Update/HP Scheduler.app)
Internet Plug-ins: ℹ️
o1dbrowserplugin: Version: 5.41.0.0 - SDK 10.8 [Click for support]
Default Browser: Version: 600 - SDK 10.10
npMotive: Version: 1.0.0 - SDK 10.7 [Click for support]
AdobeAAMDetect: Version: AdobeAAMDetect 2.0.0.0 - SDK 10.7 [Click for support]
FlashPlayer-10.6: Version: 17.0.0.169 - SDK 10.6 [Click for support]
AdobePDFViewerNPAPI: Version: 11.0.10 - SDK 10.6 [Click for support]
Silverlight: Version: 5.1.10411.0 - SDK 10.6 [Click for support]
Flash Player: Version: 17.0.0.169 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.3
iPhotoPhotocast: Version: 7.0 - SDK 10.8
SharePointBrowserPlugin: Version: 14.4.9 - SDK 10.6 [Click for support]
AdobePDFViewer: Version: 11.0.10 - SDK 10.6 [Click for support]
CouponPrinter-FireFox_v2: Version: Version 1.1.6
JavaAppletPlugin: Version: Java 7 Update 45 Check version
User internet Plug-ins: ℹ️
CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 [Click for support]
WebEx64: Version: 1.0 - SDK 10.6 [Click for support]
Google Earth Web Plug-in: Version: 7.1 [Click for support]
Safari Extensions: ℹ️
jbsearch
3rd Party Preference Panes: ℹ️
Flash Player [Click for support]
GamePadCompanionPrefPanel [Click for support]
Time Machine: ℹ️
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 499.25 GB Disk used: 107.15 GB
Destinations:
Seagate Backup Plus Drive [Local]
Total size: 999.86 GB
Total number of backups: 39
Oldest backup: 2015-03-03 23:58:26 +0000
Last backup: 2015-04-22 19:27:08 +0000
Size of backup disk: Adequate
Backup size 999.86 GB > (Disk used 107.15 GB X 3)
Top Processes by CPU: ℹ️
3% WindowServer
2% com.hp.devicemonitor
1% syncdefaultsd
1% fontd
0% Creative Cloud
Top Processes by Memory: ℹ️
420 MB kernel_task
336 MB mdworker(11)
266 MB com.apple.WebKit.WebContent(2)
66 MB Safari
66 MB Finder
Virtual Memory Information: ℹ️
974 MB Free RAM
3.05 GB Used RAM
0 B Swap Used
Diagnostics Information: ℹ️
May 3, 2015, 07:55:19 PM Self test - passed
This is for the MacBook
EtreCheck version: 2.2 (132)
Report generated 5/3/15, 8:23 PM
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: ℹ️
MacBook Pro (Retina, 13-inch, Late 2013) (Technical Specifications)
MacBook Pro - model: MacBookPro11,1
1 2.4 GHz Intel Core i5 CPU: 2-core
4 GB RAM Not upgradeable
BANK 0/DIMM0
2 GB DDR3 1600 MHz ok
BANK 1/DIMM0
2 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n/ac
Battery: Health = Normal - Cycle count = 290 - SN = D863505T5JWFT5Y1L
Video Information: ℹ️
Intel Iris
Color LCD 2560 x 1600
System Software: ℹ️
OS X 10.10.3 (14D136) - Time since boot: 20:35:40
Disk Information: ℹ️
APPLE SSD SD0128F disk0 : (121.33 GB)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / : 120.14 GB (52.28 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 120.47 GB Online
USB Information: ℹ️
Apple Internal Memory Card Reader
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. Apple Internal Keyboard / Trackpad
Thunderbolt Information: ℹ️
Apple Inc. thunderbolt_bus
Gatekeeper: ℹ️
Mac App Store and identified developers
Kernel Extensions: ℹ️
/Library/Application Support/VirtualBox
[not loaded] org.virtualbox.kext.VBoxDrv (4.3.14) [Click for support]
[not loaded] org.virtualbox.kext.VBoxNetAdp (4.3.14) [Click for support]
[not loaded] org.virtualbox.kext.VBoxNetFlt (4.3.14) [Click for support]
[not loaded] org.virtualbox.kext.VBoxUSB (4.3.14) [Click for support]
/System/Library/Extensions
[loaded] com.screenrecycler.driver.ScreenRecyclerDriver (1.4.13 - SDK 10.4) [Click for support]
Launch Agents: ℹ️
[not loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[loaded] com.adobe.AdobeCreativeCloud.plist [Click for support]
[loaded] com.google.keystone.agent.plist [Click for support]
[loaded] com.oracle.java.Java-Updater.plist [Click for support]
[loaded] org.macosforge.xquartz.startx.plist [Click for support]
Launch Daemons: ℹ️
[loaded] com.adobe.fpsaud.plist [Click for support]
[loaded] com.google.keystone.daemon.plist [Click for support]
[loaded] com.microsoft.office.licensing.helper.plist [Click for support]
[loaded] com.oracle.java.Helper-Tool.plist [Click for support]
[loaded] org.macosforge.xquartz.privileged_startx.plist [Click for support]
User Launch Agents: ℹ️
[loaded] com.adobe.ARM.[...].plist [Click for support]
[loaded] com.adobe.ARM.[...].plist [Click for support]
[loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist [Click for support]
[running] com.microsoft.LaunchAgent.SyncServicesAgent.plist [Click for support]
[not loaded] org.virtualbox.vboxwebsrv.plist [Click for support]
User Login Items: ℹ️
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Internet Plug-ins: ℹ️
o1dbrowserplugin: Version: 5.41.0.0 - SDK 10.8 [Click for support]
Default Browser: Version: 600 - SDK 10.10
AdobeAAMDetect: Version: AdobeAAMDetect 2.0.0.0 - SDK 10.7 [Click for support]
FlashPlayer-10.6: Version: 17.0.0.169 - SDK 10.6 [Click for support]
AdobePDFViewerNPAPI: Version: 11.0.10 - SDK 10.6 [Click for support]
Silverlight: Version: 5.1.30514.0 - SDK 10.6 [Click for support]
Flash Player: Version: 17.0.0.169 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.3
googletalkbrowserplugin: Version: 5.41.0.0 - SDK 10.8 [Click for support]
SharePointBrowserPlugin: Version: 14.4.9 - SDK 10.6 [Click for support]
AdobePDFViewer: Version: 11.0.10 - SDK 10.6 [Click for support]
JavaAppletPlugin: Version: Java 8 Update 31 Check version
User internet Plug-ins: ℹ️
CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 [Click for support]
WebEx64: Version: 1.0 - SDK 10.6 [Click for support]
Safari Extensions: ℹ️
Buffer
3rd Party Preference Panes: ℹ️
Flash Player [Click for support]
Java [Click for support]
Time Machine: ℹ️
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 120.14 GB Disk used: 67.85 GB
Destinations:
Seagate Backup Plus Drive [Local]
Total size: 999.86 GB
Total number of backups: 32
Oldest backup: 2014-09-03 02:53:05 +0000
Last backup: 2015-04-01 02:18:11 +0000
Size of backup disk: Excellent
Backup size 999.86 GB > (Disk size 120.14 GB X 3)
Top Processes by CPU: ℹ️
5% WindowServer
2% tccd(2)
2% fontd
1% cloudd
0% taskgated
Top Processes by Memory: ℹ️
546 MB kernel_task
135 MB Safari
78 MB mdworker(5)
70 MB WindowServer
61 MB TextEdit
Virtual Memory Information: ℹ️
372 MB Free RAM
3.63 GB Used RAM
90 MB Swap Used
Diagnostics Information: ℹ️
May 2, 2015, 11:47:44 PM Self test - passed
May 2, 2015, 11:42:44 PM /Library/Logs/DiagnosticReports/Safari_2015-05-02-234244_[redacted].hang
Logs:
syncservices.log:
Description: SyncServices Log
Date Modified: 05Apr15, 01:14
Size: 229 KB
Contents: ...
2015-01-08 01:14:34:505|SyncServer|5861|0x7fa649d11b80|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-01-08 01:16:34:956|SyncServer|5861|0x7fa649d11b80|Server|Info| Cancelling all sync plans.
2015-01-08 01:16:34:970|SyncServer|5861|0x7fa649d11b80|Server|Info| Goodnight, Gracie.
2015-01-09 23:24:28:259|SyncServer|757|0x7fa891603f40|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-01-09 23:28:34:911|SyncServer|757|0x7fa891603f40|Server|Info| Cancelling all sync plans.
2015-01-09 23:28:34:919|SyncServer|757|0x7fa891603f40|Server|Info| Goodnight, Gracie.
2015-01-10 15:42:25:744|SyncServer|1157|0x7f80a0e07490|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-01-10 15:44:26:194|SyncServer|1157|0x7f80a0e07490|Server|Info| Cancelling all sync plans.
2015-01-10 15:44:26:209|SyncServer|1157|0x7f80a0e07490|Server|Info| Goodnight, Gracie.
2015-01-15 23:03:10:076|SyncServer|2015|0x7f948b507600|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-01-15 23:05:10:406|SyncServer|2015|0x7f948b507600|Server|Info| Cancelling all sync plans.
2015-01-15 23:05:10:419|SyncServer|2015|0x7f948b507600|Server|Info| Goodnight, Gracie.
2015-01-18 09:38:30:633|SyncServer|8347|0x7ff9d2c0e650|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-01-18 09:42:26:784|SyncServer|8347|0x7ff9d2c0e650|Server|Info| Cancelling all sync plans.
2015-01-18 09:42:26:795|SyncServer|8347|0x7ff9d2c0e650|Server|Info| Goodnight, Gracie.
2015-01-21 01:43:30:322|SyncServer|3621|0x7faa7a507c30|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-01-21 01:46:11:127|SyncServer|3621|0x7faa7a507c30|Server|Info| Cancelling all sync plans.
2015-01-21 01:46:11:140|SyncServer|3621|0x7faa7a507c30|Server|Info| Goodnight, Gracie.
2015-01-28 22:53:33:756|SyncServer|18688|0x7f9270506d90|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-01-28 22:55:34:304|SyncServer|18688|0x7f9270506d90|Server|Info| Cancelling all sync plans.
2015-01-28 22:55:34:318|SyncServer|18688|0x7f9270506d90|Server|Info| Goodnight, Gracie.
2015-01-29 00:29:33:265|SyncServer|18828|0x7fefaa411b60|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-01-29 00:50:28:003|SyncServer|18828|0x7fefaa411b60|SyncServer|Warning| Refreshing watchdog because of a calendar time change alert.
2015-01-29 00:52:28:018|SyncServer|18828|0x7fefaa411b60|Server|Info| Cancelling all sync plans.
2015-01-29 00:52:28:054|SyncServer|18828|0x7fefaa411b60|Server|Info| Goodnight, Gracie.
2015-02-01 00:47:00:095|SyncServer|7426|0x7ff4bae07710|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-02-01 00:49:00:646|SyncServer|7426|0x7ff4bae07710|Server|Info| Cancelling all sync plans.
2015-02-01 00:49:00:659|SyncServer|7426|0x7ff4bae07710|Server|Info| Goodnight, Gracie.
2015-02-09 09:31:46:171|SyncServer|17932|0x7fb18860f330|Logging|Info| Logging initialized, engine version 722 : log level 3
2015-02-09 09:36:04:226|SyncServer|17932|0x7fb18860f330|Server|Info| Cancelling all sync plans.
2015-02-09 09:36:04:240|SyncServer|17932|0x7fb18860f330|Server|Info| Goodnight, Gracie.
2015-02-09 09:44:06:816|SyncServer|17954|0x7fc92160fOk, I don't know what those drivers are for?????? I don't have a clue Here is what it looks like when I do the option thing. Hopefully its ok to post that. I went into system preference and went to network and DNS server as a ip number and search domains as attlocal.net not sure thats correct, but that is what my phone had. Anyway it started working good for a while now it is just going slow again. I don't have anything set up for the tab 802.1X and my proxies is blank in the protocol to configure (nothing checked( and I a have this *.local, 169.254/16 in the bypass proxy setting plus the use passive FTP box is checked. Maybe that will help some. I will look at the extensions and get rid of them, I thought I had already done that though. Ok, thanks for the input let me know if any of this helps or what I should do. Thanks again.
-
I have been experiencing several issues with my MacBook Pro Retina mid 2012. My MBPR is scheduled to go into the depot. However, I am wondering if anyone may be able to shed light on a few issues as this is the third "official" time my MBPR is going back for service ("one depot" trip; "one authorized" dealer; several in-store visits).
My Bluetooth is stating that the Bluetooth Chipset is Unknown (0). I also have had Bluetooth Preferences mysteriously change on me. In addition, while Bluetooth is off there are two serial modems turning on. I have turned them off, but they continue to pop up.
In addition, when I log in, my MBPR is not remembering me and my login name is not appearing on the slate-gray screen. The name and password are blank and the following message appears in the lower left hand corner. "login window authentication login window Name edit text has keyboard focus." As a side note, I am the only user. The login issue is a recent occurrence as we just totally wiped it again via a Command + R, and I don't believe I have an accessibility setting set to anything that would cause this, but wanted to check.
Should I be concerned here? Has anyone else had issues like this? I don't want to worry if I don't have to. I have had so many issues over the course of nine months. 5-6 wipes. Airport card replaced and I am about to pull my hair out if my MBPR doesn't come back worldly like clock work this time. I just can't send my days trying to get a $2300 product to work for me any longer. No idea what is wrong with it, but it is driving me insane. Cross your fingers for me and any guidance you have or thoughts would be welcomed. Thank you. EMMA few more issues...
In Console, the following is greyed out:
User and Diagnostic reports
Com.apple.launchd.peruser.0
Com.apple.launchd.peruser.88
Com.apple.launchd.peruser.89
Com.apple.launchd.peruser.92
Com.apple.launchd.peruser.97
Com.apple.launchd.peruser.200
Com.apple.launchd.peruser.201
Com.apple.launchd.peruser.202
Com.apple.launchd.peruser.212
*[user logs are accessible]
Krb5kdc
Radius
My guest files are locked, but again I am the administrator of MBPR.
I am worried about a keystroke logged or at least, trying to rule it out.
Also:
Mdworker32(225) [and other mdworker numbers] are sandboxing; stating deny Mach-lookup
Com.apple.Powermanagement.control, etc. long attachment with those files with version: ??? (???).
Postinstall: removing applications/Microsoft Office 2011/Microsoft Outlook.app
WARNINGS in Console include:
[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 19.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction] instead.
There are a ton of other warnings. Before I go through this again, can someone tell me if this is normal (all of it -- above too); or if these are symptoms is a keystroke logger or hardware issues?
I ask because originally, when my computer went in for diagnostics (more than once), Apple stated the hardware was fine (other than Airport Card -- finally). However, if I've done 5-6 total wipes; created new users; do not have sharing set-up; have not played around in Terminal; and am up-to-date with versions -- and various issues KEEP COMING BACK -- I am left wondering if a keystroke logger would be possible here?!? I thought maybe a faulty logic board, but why would diagnostics be okay, then? Not trying to be hyperbole, just desperate.
Please help me rule keystroke logger out or at least, tell me so I know, so I can take appropriate action. If you think it could be the logic board with symptoms above, that would be a great too.
All I want to do is use the computer as intended, but I can't seem to get a real answer, so after nine months -- I am turning to the communities to see if anyone -- anyone at all -- can help. The last thing I can do is have the MBPR come back from the depot and the same thing occur. Any guidance or advice would be so gratefully appreciated. -
SChannel Fails Authentication on Windows Server 2008 R2 Using TLS1
I am trying to use SChannel to secure a socket connection. I modified the example at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380537(v=vs.85).aspx, converting it from Negotiate to SChannel. Following the specs for the SSPI APIs I was able the get a Client & Server connection authenticated on Windows 7.
However, when I try running the same programs on Windows Server 2008 R2, either the Client side or Server side fails, depending on how I select the security protocol.
Here is the modified example code, details about my results follow the code.
Client.cpp
// Client-side program to establish an SSPI socket connection
// with a server and exchange messages.
// Define macros and constants.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "SspiExample.h"
#include <string>
#include <iostream>
CredHandle g_hCred;
SecHandle g_hCtext;
#define SSPI_CLIENT "SChannelClient:" __FUNCTION__
void main(int argc, char * argv[])
SOCKET Client_Socket;
BYTE Data[BIG_BUFF];
PCHAR pMessage;
WSADATA wsaData;
SECURITY_STATUS ss;
DWORD cbRead;
ULONG cbHeader;
ULONG cbMaxMessage;
ULONG cbTrailer;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
SecPkgContext_ConnectionInfo ConnectionInfo;
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName);
char Server[512] = {0};
WCHAR CertName[512] = {0};
// Validate cmd line parameters
if ( argc != 3 )
LOGA ( ( __log_buf, SSPI_CLIENT " required parameters ServerName & CertName not entered.\n"));
LOGA( ( __log_buf, SSPI_CLIENT " Abort and start over with required parameters.\n") );
std::cin.get();
else
// argv[1] - ServerName - the name of the computer running the server sample.
// argv[2] - TargetName the common name of the certificate provided
// by the target server program.
memcpy(Server, argv[1], strlen(argv[1]));
size_t sizCN;
mbstowcs_s(&sizCN, CertName, strlen(argv[2])+1, argv[2], _TRUNCATE);
LOGA ( ( __log_buf, SSPI_CLIENT " input parameters - ServerName %s CertName %ls.\n", Server, CertName ));
// Initialize the socket and the SSP security package.
if(WSAStartup (0x0101, &wsaData))
MyHandleError( __FUNCTION__ " Could not initialize winsock ");
// Connect to a server.
SecInvalidateHandle( &g_hCtext );
if (!ConnectAuthSocket (
&Client_Socket,
&g_hCred,
&g_hCtext,
Server,
CertName))
MyHandleError( __FUNCTION__ " Authenticated server connection ");
LOGA ( ( __log_buf, SSPI_CLIENT " connection authenticated.\n"));
// An authenticated session with a server has been established.
// Receive and manage a message from the server.
// First, find and display the name of the SSP,
// the transport protocol supported by the SSP,
// and the size of the header, maximum message, and
// trailer blocks for this SSP.
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT "QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " QueryContextAttributes failed.\n");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
cbHeader = SecPkgSizes.cbHeader;
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_CLIENT " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_CONNECTION_INFO,
&ConnectionInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
switch(ConnectionInfo.dwProtocol)
case SP_PROT_TLS1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: TLS1\n"));
break;
case SP_PROT_SSL3_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL3\n"));
break;
case SP_PROT_PCT1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: PCT\n"));
break;
case SP_PROT_SSL2_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL2\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Protocol: 0x%x\n", ConnectionInfo.dwProtocol));
switch(ConnectionInfo.aiCipher)
case CALG_RC4:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC4\n");)
break;
case CALG_3DES:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Triple DES\n"));
break;
case CALG_RC2:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC2\n"));
break;
case CALG_DES:
case CALG_CYLINK_MEK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: DES\n"));
break;
case CALG_SKIPJACK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Skipjack\n"));
break;
case CALG_AES_256:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: AES 256\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Cipher: 0x%x\n", ConnectionInfo.aiCipher));
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher strength: %d\n", ConnectionInfo.dwCipherStrength));
switch(ConnectionInfo.aiHash)
case CALG_MD5:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: MD5\n"));
break;
case CALG_SHA:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: SHA\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Hash: 0x%x\n", ConnectionInfo.aiHash));
LOGA ( ( __log_buf, SSPI_CLIENT " Hash strength: %d\n", ConnectionInfo.dwHashStrength));
switch(ConnectionInfo.aiExch)
case CALG_RSA_KEYX:
case CALG_RSA_SIGN:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: RSA\n"));
break;
case CALG_KEA_KEYX:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: KEA\n"));
break;
case CALG_DH_EPHEM:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: DH Ephemeral\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Key exchange: 0x%x\n", ConnectionInfo.aiExch));
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange strength: %d\n", ConnectionInfo.dwExchStrength));
// Decrypt and display the message from the server.
if (!ReceiveBytes(
Client_Socket,
Data,
BIG_BUFF,
&cbRead))
MyHandleError( __FUNCTION__ " No response from server\n");
if (0 == cbRead)
MyHandleError(__FUNCTION__ " Zero bytes received.\n");
pMessage = (PCHAR) DecryptThis(
Data,
&cbRead,
&g_hCtext);
// Skip the header to get the decrypted message
pMessage += cbHeader;
ULONG cbMessage = cbRead-cbHeader-cbTrailer;
if ((cbMessage == strlen(TEST_MSG)) &&
!strncmp(pMessage, TEST_MSG, strlen(TEST_MSG)) )
LOGA ( ( __log_buf, SSPI_CLIENT " SUCCESS!! The message from the server is \n -> %.*s \n",
cbMessage, pMessage ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " UNEXPECTED message from the server: \n -> %.*s \n",
cbMessage, pMessage ));
LOGA ( ( __log_buf, SSPI_CLIENT " rcvd msg size %u, exp size %u\n", cbMessage, strlen(TEST_MSG) ));
// Terminate socket and security package.
DeleteSecurityContext (&g_hCtext);
FreeCredentialHandle (&g_hCred);
shutdown (Client_Socket, 2);
closesocket (Client_Socket);
if (SOCKET_ERROR == WSACleanup ())
MyHandleError( __FUNCTION__ " Problem with socket cleanup ");
exit (EXIT_SUCCESS);
} // end main
// ConnectAuthSocket establishes an authenticated socket connection
// with a server and initializes needed security package resources.
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *g_hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName)
unsigned long ulAddress;
struct hostent *pHost;
SOCKADDR_IN sin;
// Lookup the server's address.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n"));
ulAddress = inet_addr (pServer);
if (INADDR_NONE == ulAddress)
LOGA ( ( __log_buf, SSPI_CLIENT " calling gethostbyname with %s.\n", pServer ));
pHost = gethostbyname (pServer);
if (NULL == pHost)
MyHandleError(__FUNCTION__ " Unable to resolve host name ");
memcpy((char FAR *)&ulAddress, pHost->h_addr, pHost->h_length);
std::string ipAddrStr;
ipAddrStr = inet_ntoa( *(struct in_addr*)*pHost->h_addr_list);
LOGA ( ( __log_buf, __FUNCTION__ " gethostbyname - ipAddress %s, name %s.\n", ipAddrStr.c_str(), pHost->h_name ) );
// Create the socket.
*s = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == *s)
MyHandleError(__FUNCTION__ " Unable to create socket");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Socket created.\n"));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = ulAddress;
sin.sin_port = htons (g_usPort);
// Connect to the server.
if (connect (*s, (LPSOCKADDR) &sin, sizeof (sin)))
closesocket (*s);
MyHandleError( __FUNCTION__ " Connect failed ");
LOGA ( ( __log_buf, SSPI_CLIENT " Connection established.\n"));
// Authenticate the connection.
if (!DoAuthentication (*s, pCertName))
closesocket (*s);
MyHandleError( __FUNCTION__ " Authentication ");
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n"));
return(TRUE);
} // end ConnectAuthSocket
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName)
BOOL fDone = FALSE;
DWORD cbOut = 0;
DWORD cbIn = 0;
PBYTE pInBuf;
PBYTE pOutBuf;
if(!(pInBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
if(!(pOutBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " 1st message.\n"));
if (!GenClientContext (
NULL,
0,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext
LOGA ( ( __log_buf, SSPI_CLIENT " GenClientContext failed\n"));
return(FALSE);
if (!SendMsg (s, pOutBuf, cbOut ))
MyHandleError(__FUNCTION__ " Send message failed ");
while (!fDone)
if (!ReceiveMsg (
s,
pInBuf,
MAXMESSAGE,
&cbIn))
MyHandleError( __FUNCTION__ " Receive message failed ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " Message loop.\n"));
if (!GenClientContext (
pInBuf,
cbIn,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext))
MyHandleError( __FUNCTION__ " GenClientContext failed");
if (!SendMsg (
s,
pOutBuf,
cbOut))
MyHandleError( __FUNCTION__ " Send message failed");
LOGA ( ( __log_buf, SSPI_CLIENT " fDone %s.\n", fDone ? "Yes" : "No" ));
if (NULL != pInBuf)
free(pInBuf);
pInBuf = NULL;
if (NULL != pOutBuf)
free(pOutBuf);
pOutBuf = NULL;
LOGA ( ( __log_buf, SSPI_CLIENT " exit.\n"));
return(TRUE);
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *g_hCred,
struct _SecHandle *g_hCtext)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff[2];
ULONG ContextAttributes;
static TCHAR lpPackageName[1024];
if( NULL == pIn )
wcscpy_s(lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME );
ss = AcquireCredentialsHandle (
NULL,
lpPackageName,
SECPKG_CRED_OUTBOUND,
NULL,
NULL,
NULL,
NULL,
g_hCred,
&Lifetime);
if (!(SEC_SUCCESS (ss)))
MyHandleError( __FUNCTION__ " AcquireCreds failed ");
// Prepare the buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// The input buffer is created only if a message has been received
// from the server.
if (pIn)
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with pIn supplied.\n"));
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = InSecBuff;
InSecBuff[0].cbBuffer = cbIn;
InSecBuff[0].BufferType = SECBUFFER_TOKEN;
InSecBuff[0].pvBuffer = pIn;
InSecBuff[1].pvBuffer = NULL;
InSecBuff[1].cbBuffer = 0;
InSecBuff[1].BufferType = SECBUFFER_EMPTY;
ss = InitializeSecurityContext (
g_hCred,
g_hCtext,
pCertName,
MessageAttribute,
0,
0,
&InBuffDesc,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
else
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with NULL pIn.\n"));
ss = InitializeSecurityContext (
g_hCred,
NULL,
pCertName,
MessageAttribute,
0,
0,
NULL,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext failed with error 0x%08x\n", ss));
MyHandleError ( __FUNCTION__ " InitializeSecurityContext failed " );
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext returned 0x%08x\n", ss));
// If necessary, complete the token.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (g_hCtext, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " complete failed: 0x%08x\n", ss));
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss) ||
(SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_CLIENT " Token buffer generated (%lu bytes):\n", OutSecBuff.cbBuffer));
PrintHexDump (OutSecBuff.cbBuffer, (PBYTE)OutSecBuff.pvBuffer);
return TRUE;
PBYTE DecryptThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// By agreement, the server encrypted the message and set the size
// of the trailer block to be just what it needed. DecryptMessage
// needs the size of the trailer block.
// The size of the trailer is in the first DWORD of the
// message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before decryption including trailer (%lu bytes):\n",
*pcbMessage));
PrintHexDump (*pcbMessage, (PBYTE) pBuffer);
// Prepare the buffers to be passed to the DecryptMessage function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = *pcbMessage;
SecBuff[0].BufferType = SECBUFFER_DATA;
SecBuff[0].pvBuffer = pBuffer;
SecBuff[1].cbBuffer = 0;
SecBuff[1].BufferType = SECBUFFER_EMPTY;
SecBuff[1].pvBuffer = NULL;
SecBuff[2].cbBuffer = 0;
SecBuff[2].BufferType = SECBUFFER_EMPTY;
SecBuff[2].pvBuffer = NULL;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = DecryptMessage(
hCtxt,
&BuffDesc,
0,
&ulQop);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage failed with error 0x%08x\n", ss))
else
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage success? Status: 0x%08x\n", ss));
// Return a pointer to the decrypted data. The trailer data
// is discarded.
return pBuffer;
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[2];
ULONG ulQop = 0;
PBYTE pSigBuffer;
PBYTE pDataBuffer;
// The global cbMaxSignature is the size of the signature
// in the message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before verifying (including signature):\n"));
PrintHexDump (*pcbMessage, pBuffer);
// By agreement with the server,
// the signature is at the beginning of the message received,
// and the data that was signed comes after the signature.
pSigBuffer = pBuffer;
pDataBuffer = pBuffer + cbMaxSignature;
// The size of the message is reset to the size of the data only.
*pcbMessage = *pcbMessage - (cbMaxSignature);
// Prepare the buffers to be passed to the signature verification
// function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 2;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = cbMaxSignature;
SecBuff[0].BufferType = SECBUFFER_TOKEN;
SecBuff[0].pvBuffer = pSigBuffer;
SecBuff[1].cbBuffer = *pcbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pDataBuffer;
ss = VerifySignature(
hCtxt,
&BuffDesc,
0,
&ulQop
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " VerifyMessage failed with error 0x%08x\n", ss));
else
LOGA ( ( __log_buf, SSPI_CLIENT " Message was properly signed.\n"));
return pDataBuffer;
} // end VerifyThis
void PrintHexDump(
DWORD length,
PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_CLIENT " %s\n", rgbLine));
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes\n", cbBuf ));
if (!SendBytes (s, (PBYTE)&cbBuf, sizeof (cbBuf)))
LOGA ( ( __log_buf, SSPI_CLIENT " size failed.\n" ) );
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
LOGA ( ( __log_buf, SSPI_CLIENT " body failed.\n" ) );
return(FALSE);
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return(TRUE);
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
// Receive the number of bytes in the message.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n" ));
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " failed: size of cbData %lu, bytes %lu\n", sizeof (cbData), cbRead));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
return(FALSE);
if (cbRead != cbData)
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMessage
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent;
int cbRemaining = cbBuf;
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes.\n", cbRemaining ));
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_CLIENT " send failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
pTemp += cbSent;
cbRemaining -= cbSent;
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return TRUE;
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_CLIENT " Entry: %lu bytes.\n", cbRemaining ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes remaining.\n", cbRemaining ));
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " recv failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n" ));
return TRUE;
} // end ReceiveBytes
void MyHandleError(char *s)
DWORD err = GetLastError();
if (err)
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (0x%08.8X). Exiting.\n",s, err ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (no error info). Exiting.\n",s ));
exit (EXIT_FAILURE);
Server.cpp
// This is a server-side SSPI Windows Sockets program.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "Sspiexample.h"
#include <iostream>
CredHandle g_hcred;
struct _SecHandle g_hctxt;
static PBYTE g_pInBuf = NULL;
static PBYTE g_pOutBuf = NULL;
static DWORD g_cbMaxMessage;
static TCHAR g_lpPackageName[1024];
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb );
#define SSPI_SERVER "SChannelServer:" __FUNCTION__
void main (int argc, char * argv[])
CHAR pMessage[200];
DWORD cbMessage;
PBYTE pDataToClient = NULL;
DWORD cbDataToClient = 0;
PWCHAR pUserName = NULL;
DWORD cbUserName = 0;
SOCKET Server_Socket;
WSADATA wsaData;
SECURITY_STATUS ss;
PSecPkgInfo pkgInfo;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
ULONG cbMaxMessage;
ULONG cbHeader;
ULONG cbTrailer;
std::string certThumb;
// Create a certificate if no thumbprint is supplied. Otherwise, use the provided
// thumbprint to find the certificate.
if ( (argc > 1) && (strlen( argv[1]) > 0) )
certThumb.assign(argv[1]);
else
LOGA( ( __log_buf, SSPI_SERVER " : No certificate thumbprint supplied.\n") );
LOGA( ( __log_buf, SSPI_SERVER " : Press ENTER to create a certificate, or abort and start over with a thumbprint.\n") );
std::cin.get();
certThumb.clear();
Insert code to find or create X.509 certificate.
// Set the default package to SChannel.
wcscpy_s(g_lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME);
// Initialize the socket interface and the security package.
if( WSAStartup (0x0101, &wsaData))
LOGA ( ( __log_buf, SSPI_SERVER " Could not initialize winsock: \n") );
cleanup();
ss = QuerySecurityPackageInfo (
g_lpPackageName,
&pkgInfo);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " Could not query package info for %s, error 0x%08x\n",
g_lpPackageName, ss) );
cleanup();
g_cbMaxMessage = pkgInfo->cbMaxToken;
FreeContextBuffer(pkgInfo);
g_pInBuf = (PBYTE) malloc (g_cbMaxMessage);
g_pOutBuf = (PBYTE) malloc (g_cbMaxMessage);
if (NULL == g_pInBuf || NULL == g_pOutBuf)
LOGA ( ( __log_buf, SSPI_SERVER " Memory allocation error.\n"));
cleanup();
// Start looping for clients.
while(TRUE)
LOGA ( ( __log_buf, SSPI_SERVER " Waiting for client to connect...\n"));
// Make an authenticated connection with client.
if (!AcceptAuthSocket (&Server_Socket, certThumb ))
LOGA ( ( __log_buf, SSPI_SERVER " Could not authenticate the socket.\n"));
cleanup();
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
// The following values are used for encryption and signing.
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbHeader = SecPkgSizes.cbHeader;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_SERVER " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
else
LOGA ( ( __log_buf, SSPI_SERVER " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
// Send the client an encrypted message.
strcpy_s(pMessage, sizeof(pMessage),
TEST_MSG);
cbMessage = (DWORD)strlen(pMessage);
EncryptThis (
(PBYTE) pMessage,
cbMessage,
&pDataToClient,
&cbDataToClient,
cbHeader,
cbTrailer);
// Send the encrypted data to client.
if (!SendBytes(
Server_Socket,
pDataToClient,
cbDataToClient))
LOGA ( ( __log_buf, SSPI_SERVER " send message failed. \n"));
cleanup();
LOGA ( ( __log_buf, SSPI_SERVER " %d encrypted bytes sent. \n", cbDataToClient));
if (Server_Socket)
DeleteSecurityContext (&g_hctxt);
FreeCredentialHandle (&g_hcred);
shutdown (Server_Socket, 2) ;
closesocket (Server_Socket);
Server_Socket = 0;
if (pUserName)
free (pUserName);
pUserName = NULL;
cbUserName = 0;
if(pDataToClient)
free (pDataToClient);
pDataToClient = NULL;
cbDataToClient = 0;
} // end while loop
LOGA ( ( __log_buf, SSPI_SERVER " Server ran to completion without error.\n"));
cleanup();
} // end main
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb )
SOCKET sockListen;
SOCKET sockClient;
SOCKADDR_IN sockIn;
// Create listening socket.
sockListen = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == sockListen)
LOGA ( ( __log_buf, SSPI_SERVER " Failed to create socket: %u\n", GetLastError ()));
return(FALSE);
// Bind to local port.
sockIn.sin_family = AF_INET;
sockIn.sin_addr.s_addr = 0;
sockIn.sin_port = htons(usPort);
if (SOCKET_ERROR == bind (
sockListen,
(LPSOCKADDR) &sockIn,
sizeof (sockIn)))
LOGA ( ( __log_buf, SSPI_SERVER " bind failed: %u\n", GetLastError ()));
return(FALSE);
// Listen for client.
if (SOCKET_ERROR == listen (sockListen, 1))
LOGA ( ( __log_buf, SSPI_SERVER " Listen failed: %u\n", GetLastError ()));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " Listening ! \n"));
// Accept client.
sockClient = accept (
sockListen,
NULL,
NULL);
if (INVALID_SOCKET == sockClient)
LOGA ( ( __log_buf, SSPI_SERVER " accept failed: %u\n",GetLastError() ) );
return(FALSE);
closesocket (sockListen);
*ServerSocket = sockClient;
return(DoAuthentication (sockClient, certThumb ));
} // end AcceptAuthSocket
BOOL DoAuthentication (SOCKET AuthSocket, std::string certThumb )
SECURITY_STATUS ss;
DWORD cbIn, cbOut;
BOOL done = FALSE;
TimeStamp Lifetime;
BOOL fNewConversation;
fNewConversation = TRUE;
PCCERT_CONTEXT pCertCtxt;
Insert code to retrieve pCertCtxt
// Build SCHANNEL_CRED structure to hold CERT_CONTEXT for call to AcquireCredentialsHandle
SCHANNEL_CRED credSchannel = {0};
credSchannel.dwVersion = SCHANNEL_CRED_VERSION;
credSchannel.grbitEnabledProtocols = SP_PROT_SSL2_SERVER | SP_PROT_TLS1_SERVER;
credSchannel.cCreds = 1;
credSchannel.paCred = &pCertCtxt;
ss = AcquireCredentialsHandle (
NULL, //pszPrincipal
g_lpPackageName, //pszPackage
SECPKG_CRED_INBOUND, //fCredentialuse
NULL, //pvLogonID
&credSchannel, //pAuthData - need SCHANNEL_CRED structure that indicates the protocol to use and the settings for various customizable channel features.
NULL, //pGetKeyFn
NULL, //pvGetKeyArgument
&g_hcred, //phCredential
&Lifetime); //ptsExpiry
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcquireCreds failed: 0x%08x\n", ss));
return(FALSE);
while(!done)
if (!ReceiveMsg (
AuthSocket,
g_pInBuf,
g_cbMaxMessage,
&cbIn))
return(FALSE);
cbOut = g_cbMaxMessage;
if (!GenServerContext (
g_pInBuf,
cbIn,
g_pOutBuf,
&cbOut,
&done,
fNewConversation))
LOGA ( ( __log_buf, SSPI_SERVER " GenServerContext failed.\n"));
return(FALSE);
fNewConversation = FALSE;
if (!SendMsg (
AuthSocket,
g_pOutBuf,
cbOut))
LOGA ( ( __log_buf, SSPI_SERVER " Send message failed.\n"));
return(FALSE);
return(TRUE);
} // end DoAuthentication
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewConversation)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff;
ULONG Attribs = 0;
// Prepare output buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// Prepare input buffers.
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = &InSecBuff;
InSecBuff.cbBuffer = cbIn;
InSecBuff.BufferType = SECBUFFER_TOKEN;
InSecBuff.pvBuffer = pIn;
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer received (%lu bytes):\n", InSecBuff.cbBuffer));
PrintHexDump (InSecBuff.cbBuffer, (PBYTE)InSecBuff.pvBuffer);
ss = AcceptSecurityContext (
&g_hcred,
fNewConversation ? NULL : &g_hctxt,
&InBuffDesc,
Attribs,
SECURITY_NATIVE_DREP,
&g_hctxt,
&OutBuffDesc,
&Attribs,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
// Complete token if applicable.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (&g_hctxt, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " complete failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
// fNewConversation equals FALSE.
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer generated (%lu bytes):\n",
OutSecBuff.cbBuffer));
PrintHexDump (
OutSecBuff.cbBuffer,
(PBYTE)OutSecBuff.pvBuffer);
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext result = 0x%08x\n", ss));
return TRUE;
} // end GenServerContext
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
ULONG * pcbOutput,
ULONG cbHeader,
ULONG cbTrailer)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// The size of the trailer (signature + padding) block is
// determined from the global cbSecurityTrailer.
LOGA ( ( __log_buf, SSPI_SERVER " Data before encryption: %s\n", pMessage));
LOGA ( ( __log_buf, SSPI_SERVER " Length of data before encryption: %d \n",cbMessage));
// Prepare buffers.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
PBYTE pHeader;
pHeader = (PBYTE) malloc (cbHeader);
SecBuff[0].cbBuffer = cbHeader;
SecBuff[0].BufferType = SECBUFFER_STREAM_HEADER;
SecBuff[0].pvBuffer = pHeader;
SecBuff[1].cbBuffer = cbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pMessage;
PBYTE pTrailer;
pTrailer = (PBYTE) malloc (cbTrailer);
SecBuff[2].cbBuffer = cbTrailer;
SecBuff[2].BufferType = SECBUFFER_STREAM_TRAILER;
SecBuff[2].pvBuffer = pTrailer;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = EncryptMessage(
&g_hctxt,
ulQop,
&BuffDesc,
0);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " EncryptMessage failed: 0x%08x\n", ss));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " The message has been encrypted. \n"));
// Allocate a buffer to hold the encrypted data constructed from the 3 buffers.
*pcbOutput = cbHeader + cbMessage + cbTrailer;
* ppOutput = (PBYTE) malloc (*pcbOutput);
memset (*ppOutput, 0, *pcbOutput);
memcpy (*ppOutput, pHeader, cbHeader);
memcpy (*ppOutput + cbHeader, pMessage, cbMessage);
memcpy (*ppOutput + cbHeader + cbMessage, pTrailer, cbTrailer);
LOGA ( ( __log_buf, SSPI_SERVER " data after encryption including trailer (%lu bytes):\n",
*pcbOutput));
PrintHexDump (*pcbOutput, *ppOutput);
return TRUE;
} // end EncryptThis
void PrintHexDump(DWORD length, PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_SERVER " %s\n", rgbLine));
} // end PrintHexDump
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
if (!SendBytes (
s,
(PBYTE)&cbBuf,
sizeof (cbBuf)))
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
return(FALSE);
return(TRUE);
} // end SendMsg
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
// Retrieve the number of bytes in the message.
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed retrieving byte count.\n", cbBuf ));
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer size (%lu) differs from reported size (%lu)\n", sizeof(cbData), cbRead ));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed.\n", cbBuf ));
return(FALSE);
if (cbRead != cbData)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer bytes (%lu) differs from reported bytes (%lu)\n", cbData, cbRead ));
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMsg
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_SERVER " send failed: %u\n", GetLastError ()));
return FALSE;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes sent\n", cbSent ));
pTemp += cbSent;
cbRemaining -= cbSent;
return TRUE;
} // end SendBytes
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " recv failed: %u\n", GetLastError () ) );
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
return TRUE;
} // end ReceivesBytes
void cleanup()
if (g_pInBuf)
free (g_pInBuf);
g_pInBuf = NULL;
if (g_pOutBuf)
free (g_pOutBuf);
g_pOutBuf = NULL;
WSACleanup ();
exit(0);
SspiExample.h
// SspiExample.h
#include <schnlsp.h>
#include <sspi.h>
#include <windows.h>
#include <string>
BOOL SendMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
BOOL SendBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
void cleanup();
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *hCred,
PSecHandle phCtext
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewCredential
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput,
ULONG cbHeader,
ULONG cbTrailer
PBYTE DecryptThis(
PBYTE achData,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt
BOOL
SignThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature
void PrintHexDump(DWORD length, PBYTE buffer);
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName
BOOL CloseAuthSocket (SOCKET s);
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName );
BOOL DoAuthentication (SOCKET s, std::string certThumb );
void MyHandleError(char *s);
#define DBG_SIZE 1024
int OutputDebug( char buff[DBG_SIZE] )
int retval;
char debugstring[DBG_SIZE+32];
retval = _snprintf_s( debugstring, DBG_SIZE+32, _TRUNCATE, " %s", buff );
OutputDebugStringA( debugstring );
return retval;
int DbgBufCopy( char *buff, const char *format, ...)
int iLen;
va_list args;
/// Call va_start to start the variable list
va_start(args, format);
/// Call _vsnprintf_s to copy debug information to the buffer
iLen = _vsnprintf_s(buff, DBG_SIZE, _TRUNCATE, format, args);
/// Call va_end to end the variable list
va_end(args);
return iLen;
#define LOGA(_format_and_args_)\
{ char __log_buf[DBG_SIZE];\
DbgBufCopy _format_and_args_;\
printf("%s", __log_buf );\
OutputDebug(__log_buf);\
#define TEST_MSG "This is your server speaking"
My initial attempt built an SCHANNEL_CRED structure following the documentation to set
grbitEnabledProtocols to 0, and let SChannel select the protocol. This worked on Windows 7, selecting TLS1. When I ran the same exe-s on 2008 R2, the Client program failed, with InitializeSecurityContext returning SEC_E_DECRYPT_FAILURE.
The failure occurred on the 2nd call, using phNewContext returned on the first call.
My next attempt set grbitEnabledProtocols to SP_PROT_TLS1_SERVER. This also worked on Win 7, but 2008R2 failed again, this time on the Server side. AcceptSecurityContext failed, returning SEC_E_ALGORITHM_MISMATCH.
TLS is a requirement for my project, but to try getting the sample to run, I next set grbitEnabledProtocols to SP_PROT_SSL2_SERVER. This did work for 2008R2, selecting SSL2, but now the Server failed on Win7 with AcceptSecurityContext returning
SEC_E_ALGORITHM_MISMATCH.
My final try was to set grbitEnabledProtocols to SP_PROT_TLS1_SERVER | SP_PROT_SSL2_SERVER, but that failed identically to the first case, with the Client on 2008R2 returning SEC_E_DECRYPT_FAILURE.
So my question is - What is required to get SChannel to select TLS regardless of the Windows version on which the programs are running?Thank you for the reference. That did provide the information I needed to get TLS working. However, the documentation is not accurate with regard to setting the registry keys and values.
The tables all show DisabledByDefault as a subkey under the protocol. They also describe a DWORD value, Enabled, as the mechanism to enable/disable a protocol.
What I found is DisabledByDefault is a DWORD value under Client/Server and it appears to be the determining factor to whether a protocol is enabled/disabled.
The only way I was able to get TLS 1.1 working is with the following path present:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
Under Client, I must have DisabledByDefault set to 0. With that, the Enabled value does not need to be present.
This held true for any level of TLS.
I also found the setting of grbitEnabledProtocols in the SCHANNEL_CRED structure to be misleading. From the description at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx, I thought my Server program could set this field to 0, and SChannel would select the protocol as directed by the registry. What I found is that the structure flag must
agree with the registry setting for TLS to work. That is with the resgistry key above for TLS 1.1, I must set grbitEnabledProtocols to SP_PROT_TLS1_1.
Can you confirm the relationship between the SCHANNEL_CRED contents and registry state? -
Usage Tracking - Access problem when Authentication Mode = Windows
Hi Everyone,
I´m working on UPK Usage Tracking configuration, in order to provide the finished training material.
1) In Server01 (on Window Server 2003) the UPK Usage Tracking is installed
2) In Server02 (also on Windows Server 2003) the Usage Tracking database is installed
3) By accessing the configuration file (http://Server01/ODSTrack/configuration/setup.aspx) on Server01,I setup the Authentication Mode = Forms
Note: The rest of the configurations were done.
4) Once the configuration from step 3 is done, I execute the traning material (on Server01) from another node of the windows network
and as a result I´m able to perform it.
5) I access the Statistc data on Server01 by accessing the file (http://Server01/ODSTrack/admin/default.aspx)and I´m also able to see the results.
6) When I execute the step 3 but with Authentication Mode = Windows, and including the GROUP name (windows group specially created for this goal where my user is included),
- I still have access to the training material (step 4)
- I have NO aceess to the statistics data any more (step 5) and the following message is display
"You do not have permission to access this page. Please contact your Usage Tracking Server Administrator to update your permissions. "
I don´t know what else I can do, and I wonder if some other configurations need to be done at windows network and/or explorer lever or any other.
Any help would be appreciated.
Best Regards//
Rubén ZamudioHi All,
This problem was solved by reconfiguring Usage Tracking in the authentication method (was anonymous and the solution was Windows integrated).
It is important to count on people from your organization working on Networks with some knowledge in IIS.
Best Regards
Ruben -
IWeb 08 - my site works on my laptop, but is MEGA slow on a Windows machine
My iWeb constructed site - published to a folder, then uploaded to my domain using Transmit (which is fully functional!) works on my laptop(s) but is MEGA slow on a Windows machine....and considering there's a lot of 'sheep' using Windows out there...AND the website involved is a business (a shop) www.ukdk.dk then I'm losing some business.
What could be the problem?
It works on BOTH my 2 Mac laptops (a G5 & a G4) , I've checked with the web-host/provider and all is fine there. When I used my old G4 to construct a website there was no problem of this manner. It's since iWeb 08 has been used.
I've got the latest updates, have slimmed down the website to 'try' and make it faster (which takes away it's groovey look, which detracts the charm of the site so that's a bloomin' nuisance) and have done everything within my power/knowledge to sort this. To no avail.
HELP!The business is a shop. A small one. Even before (note: BEFORE) I let anyone at all know about the site's existence I checked it out on both a Mac - my own 2 - and a dreaded Windows machine. Worked fine with Mac, but not with Windows. This isnt with any traffic other than MYSELF visiting the site! I'd love to hear of other iWeb '08 users and their sites so I can check them out to see if they have the same problem. It's strange that I didn't get this when using my iBook G4's iWeb software.
Maybe I'll try transfering the domain file from laptop (New MacBook with iWeb '08) to laptop (Old iBook G4 with older version of iWeb) and seeing if that helps. A thorough pain in the backside if so, but at least the site will be working!
"Technical support!!!" Lol.
Just as an aside....what are the settings I should use at my host/web-hotel for optimum performance? I have them set already, but I want to double & triple check 'em. Better safe than sorry etc.
Thanks in advance!!! :)) -
Machine authentication with Windows 7
Version: ISE 1.2p12
Hello,
I'm doing user and machine authentication with ISE.
I use a first authorization rule to authenticate the machine against the AD. If it's part computers of the domain.
Then I use an authorization rule to check if the user's group in AD with the credential he used to open the session + "Network Access:WasMachineAuthenticated = True"
Things seems to be working and I see my switch port is "Authz Success" but shortly after the Windows 7 machine is behaving like 802.1X authentication fails. The little computer on the bottom right has a cross on it.
If I disable and enable again the network card of that windows machine it works.
Does any one of you have an idea about this problem ? something to tweak on Windows 7 like timers...
Thank youHi Mika. My comments below:
a) You told me that MAR ("Network Access:WasMachineAuthenticated = True") has some drawbacks. When hibernation is used it can cause problems since the MAC address could have been removed from the cache when the user un-hibernate its computer. Then why not increasing the MAR cache to a value of 7 days then ? Regarding the roaming between wire and wireless it's a problem indeed.
NS: I don't believe that the MAR cache would be affected by a machine hibernating or going to sleep. There are some dot1x related bug fixes that Massimo outlined in his first pos that you should look into. But yes, you can increase the MAR timer to a value that fits your environent
b) You suggest to use one authorization rule for the device which should be part of the AD and one authorization rule for the user with the extra result "IdentityAccessRestricted = False". By the was, are we really talking about authorization rules here ? I will try this but it's difficult for me to imagine how it would really work.
NS: Perhaps there is some confusion here but let me try to explain this again. The "IdentityAccessRestricted" is a check that can be done against a machine or a user account in AD. It is an optional attribute and you don't have to have it. I use it so I can prevent terminated users from gaining access to the network by simply disabling their AD account. Again, that account can be either for a "user" or for a "machine"
z) One question I was asking myself for a long time. All of us want to do machine+user authentication but Windows write Machine OR User Authentication. This "OR" is very confusing.
NS: At the moment, the only way you can accomplish a true machine+user authentication is to use the Cisco AnyConnect supplicant. The process is also known as "EAP-Chaining" and/or "EAP-TEAP." In fact there is an official RFC (RFC 7170 - See link below). Now the question is when and if Microsoft, Apple, Linux, etc will start supporting it:
https://tools.ietf.org/html/rfc7170
Thank you for rating helpful posts! -
ACS user authenticating through Windows Database
Hello,
Please, i need a document/ guideline on how to configure ACS 4.2 user authenticating through Windows Database and the ACS server is running on an appliance.
Please, help.
Regards,
EthelbertHi,
If you delete the user in AD, then it would not authenticate the user even if the dynamic mapped user exists in the ACS database, as the password would not be verified from the AD for the user.
The dynamically mapped user entry would still exist in ACS and would not get deleted if the user is deleted from AD.
tnx
somishra -
Lync 2013 Authenticating with Windows Account Every Minute
Seeing a strange issue with Lync 2013 client logging into my Windows Account about every 1-2 minutes. We are using Lync Server 2013 (on-premise) so it makes no sense that it is logging into and authenticating against Windows Account. This was causing major
issues as my Windows Account password was different than my company domain login. This was causing Lync to use the "wrong" password to login into Windows Account. I changed the passwords to match and now still seeing Lync logging in constantly
into Windows Account.
This is adding up to a LOT of data traffic. Lync should NOT be authenticating every 1-2 minutes into my Windows (Live) Account. Help please!Hi,
Did the issue happen only for you or for multiple users?
Please exist Lync client, delete user profile on local computer with the following path, then restart Lync client:
%UserProfile%\AppData\Local\Microsoft\Office\15.0\Lync
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Support NTLM authentication against Windows 2012 RD Gateway on iOS/Android
iOS/Android clients use only Basic authentication against Windows 2012 RD Gateway (HTTP transport), while it provides more secure options like NTLM. Both Windows and Mac clients use NTLM in that case.
Hi,
For this you can specify the policy setting for “RD Gateway authentication mode” under below path.
User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\RD Gateway
In addition you can refer beneath article if find helpful in your case.
Remote Desktop Gateway client fails authentication with “Your user account is not authorized to access the RD Gateway”
http://blogs.technet.com/b/networking/archive/2010/01/14/remote-desktop-gateway-client-fails-authentication-with-your-user-account-is-not-authorized-to-access-the-rd-gateway.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
ACS Server MAC Authentication with Windows Database
Has anyone setup an ACS Server 3.2 for MAC authentication using Windows as the authentication. The documentation I found shows how to set it up using the CiscoSecure database. Any help would be appreciated.
Here is the link for setting up MAC authentication using CisoSecure database. There may not be a solution for my setup, but maybe I'll keep hacking away at it and find a resolution.
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09186a00800b3d27.shtml -
Slowness Issues with Windows Authentication in SharePoint Foundation 2010 sites
All,
We are having a strange issue with SharePoint Foundation 2010 sites where sites are very slowly loading when accessed via windows based authentication where as the extended sites in forms authentication are loading normally.
There were no error logs or even SharePoint logs also except the images load time is showing with different load times.
Attached are the patches that were updated to the server that may be issue but not sure. Can some one please share your thoughts.
SQL connectivity b/w the server is good.there are no n/w issues except that the users are using the sites with a different domain other than the domain in which the servers were hosted.
There is a trust b/w the two domains.This was never changed and there were no issues in the last 2 years.
Thanks keshav,Share point Developerwe do have trusted domains
Inder : It would be better if you run that command again now.
Inder: How many AD server do you have
Inder: Do you notice the login request go to nearest AD server.
and https sites. Please share your thoughts.
Inder: All the certificate have intermedite certificates. You need to logon to each SP server, and install
these certificates on trusted root authority
If this helped you resolve your issue, please mark it Answered -
In a high school enviroment...
The server...
Xserve Dual 2.3 / 2GB Ram / 3 - 250GB HD / Link Aggragate 2GB uplink
Providing AFP/DHCP/LDAP/WINDOWS on 10.4.8 Server
The clients...
Mixture of 125 managed Intel / G4 iMac units on 10.4.8 connected to 100MB managed switch untis. Additonal 125 Windows XP clients with roaming profiles.
The issue...
When all my clients are authenticating and attempting to open applications at about the same time, the managed AFP clients drop speed dramtically. A normal 20 second login goes to two minutes and application launch speed drops to an additional four minutes. I have only two AFP automounts per user and some managed client settings coming from the server. The Home folder location is one of the automounts and sits by itself on one of the 250GB drives. My switch units show very little utilization or network traffic. I was wondering is my bottleneck is max TCP connections? or Poor performance on my SATA drive?
The school is very frustrated as it takes over 10 minutes to get a class logged in and functional in any MAC lab or PC lab during this time. Any ideas appreciated!
PowerBook 1.67ghz Mac OS X (10.4.8)Thanks for some ideas...
I have tried Network Home Relocator but it completely slowed down my login times from 4 mins to 15 mins! I had no success in my attempts to make it work and speed up the login or the application launch.
The windows PC's login a little faster but they are not pulling as much data off the server so I expected that to be the case. If a MAC unit takes 4 mins to login the PC takes 2. Normally the login speed for MAC is 15 seconds and the PC about one minute even though the MAC is pulling more data from the server, but that is why I suspect this to be an AFP issue.
My thoughts were to goto some type of RAID setup but alas I have no money for testing gear and as this is a production server I can't just take it down, backup data, reconfigure to RAID and re-load. I have an engineer sending me some test equipment in the next few weeks and I will try to move my HOMES to RAID array.
The network switch units are all CISCO 3750 units.
The funny part is, in Period two classes everything is slowwww... But anyother time of the day, same load on the server and network, everything is OK. I can find nothing that would clog the network or slow the server down. Very frustrating... -
SAP Crystal Report using SQL Server Authentication and Windows Authenticati
I'm a SAP Crystal Report, version for Visual Studio 2010 Beginner
my ingredients are
1.windows 7 ultimate service pack1
2.sql server 2008 standard edition
3.visual studio 2010 pro
4.SAP Crystal Report, version for visual studio.net
I was created a report named customersByCity.rpt using OLE DB (ADO) -> Microsoft OLE DB Provider for SQL Server -> I'm supply Server, User ID, Password and Database. I assume me using SQL Server Authentication for my report
Then, my ASP.NET files as following
//ASP.NET
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="viewCustomersByCity.aspx.cs" Inherits="viewCustomersByCity" %>
<%@ Register Assembly="CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"
Namespace="CrystalDecisions.Web" TagPrefix="CR" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div><asp:Label ID="lblMsg" runat="server" BackColor="Yellow" ForeColor="Black"></asp:Label>
<CR:CrystalReportViewer ID="CrystalReportViewer1" runat="server" AutoDataBind="true"></CR:CrystalReportViewer>
</div>
</form>
</body>
</html>
//code-behind
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Collections;
using CrystalDecisions.CrystalReports.Engine;
using CrystalDecisions.Shared;
public partial class viewCustomersByCity : System.Web.UI.Page
private const string PARAMETER_FIELD_NAME = "city";
private ReportDocument customersByCityReport;
private void ConfigureCrystalReports()
ConnectionInfo connectionInfo = new ConnectionInfo();
connectionInfo.ServerName = @"WKM1925-PCWKM1925";
connectionInfo.DatabaseName = "Northwind";
connectionInfo.UserID = "sa";
connectionInfo.Password = "sysadmin25";
SetDBLogonForReport(connectionInfo);
private void SetDBLogonForReport(ConnectionInfo connectionInfo)
TableLogOnInfos tableLogOnInfos = CrystalReportViewer1.LogOnInfo;
foreach (TableLogOnInfo tableLogOnInfo in tableLogOnInfos)
tableLogOnInfo.ConnectionInfo = connectionInfo;
private void SetCurrentValuesForParameterField(ReportDocument reportDocument, ArrayList arrayList)
ParameterValues currentParameterValues = new ParameterValues();
foreach (object submittedValue in arrayList)
ParameterDiscreteValue parameterDiscreteValue = new ParameterDiscreteValue();
parameterDiscreteValue.Value = submittedValue.ToString();
currentParameterValues.Add(parameterDiscreteValue);
ParameterFieldDefinitions parameterFieldDefinitions = reportDocument.DataDefinition.ParameterFields;
ParameterFieldDefinition parameterFieldDefinition = parameterFieldDefinitions[PARAMETER_FIELD_NAME];
parameterFieldDefinition.ApplyCurrentValues(currentParameterValues);
protected void Page_Load(object sender, EventArgs e)
customersByCityReport = new ReportDocument();
string reportPath = Server.MapPath("customersByCity.rpt");
customersByCityReport.Load(reportPath);
ConfigureCrystalReports();
ArrayList arrayList = new ArrayList();
arrayList.Add("paris");
arrayList.Add("Madrid");
arrayList.Add("Marseille");
arrayList.Add("Buenos Aires");
arrayList.Add("Sao Paulo");
ParameterFields parameterFields = CrystalReportViewer1.ParameterFieldInfo;
SetCurrentValuesForParameterField(customersByCityReport, arrayList);
CrystalReportViewer1.ReportSource = customersByCityReport;
1st scenario
When in a runtime, it's keep appear a dialog box. This dialog box ask me to suppy Server, User ID, Password and Database. Once all information is supplied, my report display the data as expected
2nd scenario
I change my report using OLE DB (ADO) -> Microsoft OLE DB Provider for SQL Server -> checked on Integrated Security. I just choose Server, and Database. I assume me using Windows Authentication
When in a runtime, there's no dialog box as above. My report display the data as expected. really cool
Look's like, when report using SQL Server Authentication there's some problem. but, when report using Windows Authentication, it's fine.
I'm looking for comment. Please help meHello,
MS SQL Server 2008 requires you to install the MS Client Tools for 2008.
Once install then update all of your reports to use the SQL Native 10 as the OLE DB driver.
The try again, if it still fails search, lots of sample log on code in this forum.
Don
Maybe you are looking for
-
Captivate 4 audio editor not functioning
I've noticed lots of audio issues for Captivate 4 on the user forums (many of which I've also had), but here's one I haven't seen yet. I've managed to get the audio import and text-to-speech features functioning correctly on my Vista 64-bit machine,
-
Service Registry Clarification
Hi Experts, I'm completely new to CE (using 7.2) and I need some insight on the use of Service Registry. I'm building my CE applications using Web Services from an ABAP backend. At the moment I'm importing the WS through Remote Location in NWDS using
-
Material Ledger Closing Entry Missing
Dear Experts, WE have implemented material ledger for Actual Costing. During the material ledger activities (CKMLCP)for the month of March, system showed an error message that "Clsoging entries are not posted for Previous Month" and proces of march
-
Can i have 2 essbase server for one EAS??????
Hi all, Currently I'm working on version 11.1.2.I need some help. Actually my question is can i have 2 essbase server(Dev and Prod) under one administrative server i.e., Localhost1(Dev) and prod as its own box i.e.,Localhost2.Here my username and pas
-
Ipod 5th generation speakers sound muffled, ipod 5th generation speakers sound muffled
Anyone know if there is a fix for muffled speakers?