SSL Authentication failure to ASA

Similar Messages

• CUP 8.6.4 Calendar Presence integration - Authentication failure on server

  Hi,
  i have the following error from Presence Engine logs:
  14:56:03.112 |system.pe.pa.owa.backend 1243662 ERROR -->EWSCalendarInfo::initiateRecovery: [email protected] POST 3 Authentication failure on server; Could not authenticate to server: ignoring empty Negotiate continuation, rejected Basic challenge
  In Presence the Exchange SSL Connection/Certificate Verification is Ok. Where is the problem? Any suggestions?
  Regards
  Jason

  I have now checked the Exchange logs:
  From a working device which is unsing same impersonate account:
  2012-09-05 00:00:04 192.168.100.10 POST /ews/exchange.asmx - 443 DOMAIN\Impersonateuser 192.168.50.34 ExchangeServicesClient/14.00.0650.007 200 0 0 234
  And from Cisco Presence with the same impersonate account:
  2012-09-05 15:01:12 192.168.100.10 POST /ews/exchange.asmx - 443 - 192.168.90.100 - 401 1 2148074242 39
  It seems cisco cup could not use the impersonate user account, its missing. But i have tried different formats in CUPs gateway options:
  DOMAIN\Impersonateuser
  DOMAIN.LOCAL\Impersonate-user
  Impersonate-user@domain
  Impersonate-user
  Any suggestions?
  Jason

• Email authentication failure, password/server settings NOT changed

  Scenario: I've been using Thunderbird for years now to connect to Verizon and download my email.  Server settings have always been:
  POP3
  incoming.verizon.net port 110
  connection security none
  authentication method encrypted password
  SMTP
  outgoing.verizon.net port 25
  connection security none
  authentication method password, transmitted insecurely (oops)
  Suddenly when I try to get my email, it stops and tells me there's an authentication failure.  I've seen this happen before with Verizon when a server is down or messed up or whatever (pretty poor message for a service interruption, but whatev).  So I decided to wait it out, but when it didn't clear up after several hours, went to the website where I was able to log in (huh?) and decided to change my password for the hell of it.  Guess what?  New password doesn't work in the email client.  Quelle surprise. 
  Sooo, I find THIS page (https://www22.verizon.com/Support/Residential/internet/highspeed/email/setup+and+use/questionsone/86...) which tells me a lot of malarkey about server settings.  I tried changing the incoming to their recommended settings, and it looks like there's no server communications a-tall.
  Can someone tell me what's amiss, and while you're at it, tell me where in a just and well-ordered universe a service provider changes server settings without notifying users well in advance?  Extra points for creativity.

  These are the new settings and they do work in Thunderbird.
  Mail server settings
  Incoming mail server (POP3)        pop.verizon.net       
  Incoming Server Port Numbers: 995
  Outgoing mail server  (SMTP)       smtp.verizon.net
  Outgoing Server Port Numbers: 465 
  Connection security:   SSL/TLS      for POP & SMTP
  The change you are probably missing as it wasn't on that page:
  Make sure your Authentication method is set to  "Normal password"  for  POP & SMTP

• Intermittent AD Authentication failures in ISE 1.2

            Starting today I was getting intermittent authentication failures in ISE. It would say that the user was not found in the selected identity store. The account is there though. At one point I ran a authetication test from the external identity source menu and I got a failure and then the next time a pass. I have no idea why this is happening. I just updated to ISE 1.2 the other day. I'm also seeing what looks like a high level of latency on both of my PSN's. Is this normal?  Any ideas?
  Thanks
  Jef

  Interesting. I have one location that is not having this problem at all. The other is having it somewhat frequently. The PSN's for each location are tied to the local AD servers. I have not had this until we started getting 300-380 PC's connecting. We are a school so we are slowly getting started. It's real random. One user will work then another time they won't. Happens with admin and user. I have notices that with this new version of ISE it is complaining that it is getting accounting updates from the NAS too often, but I have not looked into this because I just installed 1.2 about 3-4 days ago and haven't had time to look into it.
  When you say Multicast to you AD...how did you check that? We do use multicast.

• HI, Im using Iphone 4 and i recently got my IOS updated to IOS7 and  now im getting the error message as "PDP authentication failure" Im using Aircel carrier.

  HI, Im using Iphone 4 and i recently got my IOS updated to IOS7 and  now im getting the error message as "PDP authentication failure" Im using Aircel carrier.
  Please let me know how to fix this issue

  update...
  I am not one to give up. So I called AT&T today. Now they are telling me they canceled my order because they were unable to fulfill my order. Basically, AT&T told me they sold out so they canceled my order so I can proceed to reorder again. It took them 4 days to realize this. I will be lucky if I get a new phone by Christmas. I am sure they will find a way to cancel my order again.
  Again, I argued, how is this my fault. I placed my order at the store around 11 a.m. Pacific time. My friend ordered his phone online sometime after me. He got his but my order was canceled. AT&T tried to explain to me that they sold over 600,000 phones, almost 500 per minute during there peak. Again, I asked, how this was my fault.
  I can understand over selling the phone. It is a great product. There is no reason to cancel my order. You adjust my order and tell me you will let me know when my phone will be in. I would have been mad that my phone was going to be late but I would have survived. At least I would be getting one.
  At this point, I have no order and AT&T or Apple website will allow me to order one. I just want to get in the QUEUE for one.
  Frustrated.

• How to solve the error message "Could not activate cellular data network: PDP authentication failure"when using 3g or gPRS on safari with an iphone 4 and latest software updates

  Please can someone help me to solve the error message "Could not activate cellular data network: PDP authentication failure"when using 3G or GPRS on safari with an iphone 4GS and latest software updates. I have tried resetting the network and phone settings. I have restored the factory settings on itunes and still the problem persists.

  All iPhones sold in Japan are sold carrier locked and cannot be officially unlocked by the carrier. If you unlocked it, it was by unauthorized means (hacked), and support cannot be given to you in this forum.
  Hacked iPhones are subject to countermeasures by Apple, particularly when updating the firmware. It is likely permanently re-locked or permanently disabled.
  Message was edited by: modular747

• The test couldn't sign in to Outlook Web App due to an authentication failure. Extest_ account.

  Hi.
  I'm using SCOM 2012 R2 and have imported the Exchange server 2010 MP.
  I have runned the TestCasConnectivityUser.ps1 script and almost everything is okay except for the OWA test login.
  The OWA rule is working for some time until (I think) SCOM is doing a automatic password reset of the extest_ account. Then I get the OWA error below. The other test connectivity are working. Any suggestions.
  One or more of the Outlook Web App connectivity tests had warnings. Detailed information:
  Target: xxx|xxx
  Error: The test couldn't sign in to Outlook Web App due to an authentication failure.
  URL: https://xxx.com/OWA/
  Mailbox: xxxx
  User: extest_xxx
  Details:
  [22:50:08.936] : The TrustAnySSLCertificate flag was specified, so any certificate will be trusted.
  [22:50:08.936] : Sending the HTTP GET logon request without credentials for authentication type verification.
  [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
  [22:50:09.154] : The sign-in page is from ISA Server, not Outlook Web App.
  [22:50:09.154] : The server reported that it supports authentication method FBA.
  [22:50:09.154] : This virtual directory URL type is External or Unknown, so the authentication type won't be checked.
  [22:50:09.154] : Trying to sign in with method 'Fba'.
  [22:50:09.154] : Sending HTTP request for logon page 'https://xxx.com/CookieAuth.dll?Logon'.
  [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
  [22:50:09.373] : The test couldn't sign in to Outlook Web App due to an authentication failure.
  URL: https://xxx.com/OWA/
  Mailbox: xxx
  User: extest_xxx
  [22:50:09.373] : Test failed for URL 'https://xxx/OWA/'.
  Authentication Method: FBA
  Mailbox Server: xxx
  Client Access Server Name: xxx
  Scenario: Logon
  Scenario Description: Sign in to Outlook Web App and verify the response page.
  User Name: extest_xxx
  Performance Counter Name: Logon Latency
  Result: Skipped
  Site: xxx
  Latency: -00:00:00.0010000
  Secure Access: True
  ConnectionType: Plaintext
  Port: 0
  Latency (ms): -1
  Virtual Directory Name: owa (Default Web Site)
  URL: https://xxx.com/OWA/
  URL Type: External
  Error:
  The test couldn't sign in to Outlook Web App due to an authentication failure.
  URL: https://xxx.com/OWA/
  Mailbox: xxx
  User: extest_xxx
  Diagnostic command: "Test-OwaConnectivity -TestType:External -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true"
  EventSourceName: MSExchange Monitoring OWAConnectivity External
  Knowledge:
  http://go.microsoft.com/fwlink/?LinkID=67336&id=CB86B85A-AF81-43FC-9B07-3C6FC00D3D42
  Computer: xxx
  Impacted Entities (3):
  OWA Service - xxx, xxx - xxx, Exchange
  Knowledge:     View additional knowledge...
  External Knowledge Sources
  For more information, see the respective topic at the Microsoft Exchange Server TechCenter
  Thanks
  MHem

  Hi,
  Based on the error, it looks like an OWA authentication failure.
  Have you tried post this to LYNC forums?
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• ISE internal user authentication failure - user not found

  Hi Forumers'
  I trying to do wireless 802.1x, where identity store using intenral user.
  But i found this error message when i trying to connect
  Authentication failed                                                                                 :
  22056 Subject not found in the applicable identity store(s)
  My authrorization rules is built like this
  identity groups = user identities group / " mygroup"
  condition = no setting
  permissions = standard / PermitAccess
  Question 1
  Any troubleshooting step to do on this?
  Question 2
  For the Authorization rules, what's the condition should set for using Internal User as Identity store?
  Thanks
  Noel

  The error is caused to an authentication failure and is not an issue with authorization
  You need to look at your authentications policy (Policy->Authentications) and see which identity store was authenticated against
  In addition can do the Live Authentications page (Monitor->Authentications) and for the failing record click on the icon under details. This will give you the full details of the requets processing and you can see which rule was matched in the identity policy (Identity Policy Matched Rule) and "Selected Identity Stores".

• [SOLVED] Authentication failure while try to login in GDM

  Hi,
  I just installed Arch Linux 64 bit on Virtualbox (I using GNOME and GDM). I have set on  rc.conf daemon arrays to start dbus and gdm and it run well.
  My problem is I can't login using root. When I try to login, it prompt Authentication failure
  I can't re-configure my rc.conf because I can't login, and I stuck in GDM screen..
  When I try to use "Ctrl+Alt+F1", it effects to my host (ubuntu), not to my guest Arch
  How to skip GDM to started for this condition and how to solve this authentication failure ?
  Last edited by alphazero (2011-11-20 11:51:19)

  Since I run on virtualbox. I can't use Ctrl-F1, so I try to edit rc.conf using LiveCD
  After I modify rc.conf and remove gdm in daemon array, I reboot and login as root.. adduser and finally it works login as user
  And I add again gdm after it worked to log as user.
  So problem solved.. Thanks to wonder for your help.
  Last edited by alphazero (2011-11-20 11:50:54)

• SSL authentication

  Hello
  I am configuring ssl authentication ( document oracle support 736510.1)
  But when doing tnsping from client side i have an tns-12560
  [oracle@testrac3 admin]$ tnsping TEST
  TNS Ping Utility for Linux: Version 11.2.0.3.0 - Production on 17-JUN-2013 10:04:14
  Copyright (c) 1997, 2011, Oracle.  All rights reserved.
  Used parameter files:
  /opt/app/oracle/product/11.2.0.3/db/network/admin/sqlnet.ora
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = testrac1.XX.XX)(PORT =2484)) (SECURITY= (SSL_SERVER_CERT_DN=CN=dbasecurityRoot,O=dbasecurity,C=US)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME= TEST.XXX.XXX)))
  TNS-12560: TNS:protocol adapter error
  Can someone give me an help
  Best regards

  Hi, djoloff,
  I already answered in this thread, may be it will help.
  https://forums.oracle.com/thread/2527585

• I have problem c connecting to cellular data network. There is massage "couldn't activate cellular data network, PDP authentication failure". What is it and how I solve this problem?

  I have problem c connecting to cellular data network. There is massage "couldn't activate cellular data network, PDP authentication failure". What is it and how I solve this problem?

  If you have a data only plan for the iPad with your carrier, if no change after powering your iPad off and on you will need to contact your carrier.

• Connecting Using SSL Authentication Without Username and Password

  Hi,
  We're on RedHat Linux 4.0 using 10.2.0.3 (server/client). We're trying to figure out a way to connect to the database using instantclient and JDBC-OCI and SSL authentication without using a username or password. According to the documentation this should be possible but no sample code is given.
  LD_LIBRARY_PATH is set /opt/app/oracle/product/10.2.0/db_1/lib:/usr/lib:/home/oracle/instantclient where the instantclient was installed from the 10.2.0.1 client software
  and we are using JDK version 1.6.0_03.
  We're also referencing the following paper:
  http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl_2007.pdf
  We've got our client and server wallets configured and the sample code we tried looks like this:
  import java.sql.*;
  import java.sql.*;
  import java.io.*;
  import java.util.*;
  import oracle.net.ns.*;
  import oracle.net.ano.*;
  import oracle.jdbc.*;
  import oracle.jdbc.pool.*;
  import java.security.*;
  import oracle.jdbc.pool.OracleDataSource;
  public static void main(String[] argv) throws Exception {
  DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
  Security.addProvider(new oracle.security.pki.OraclePKIProvider());
  System.setProperty("oracle.net.tns_admin", "/opt/app/oracle/product/10.2.0/db_1/network/admin");
  String url = "jdbc:oracle:thin:@orcl";
  java.util.Properties props = new java.util.Properties();
  props.setProperty("oracle.net.authentication_services","(TCPS)");
  props.setProperty("javax.net.ssl.trustStore",
  "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/server/cwallet.sso");
  props.setProperty("javax.net.ssl.trustStoreType","SSO");
  props.setProperty("javax.net.ssl.keyStore", "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client/cwallet.sso");
  props.setProperty("javax.net.ssl.keyStoreType","SSO");
  props.put ("oracle.net.ssl_version","3.0");
  props.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client)))");
  System.out.println("At Here...");
  OracleDataSource ods = new OracleDataSource();
  //ods.setUser("scott");
  //ods.setPassword("tiger");
  ods.setURL(url);
  ods.setConnectionProperties(props);
  System.out.println("At Here1...");
  Connection conn = ods.getConnection();
  System.out.println("At Here2...");
  Statement stmt = conn.createStatement();
  ResultSet rset = stmt.executeQuery("select 'Hello Thin driver SSL "
  + "tester ' from dual");
  while (rset.next())
  System.out.println(rset.getString(1));
  rset.close();
  stmt.close();
  conn.close();
  When this code is compiled and run, the following error is thrown:
  Exception in thread "main" java.sql.SQLException: invalid arguments in call
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
  If a username and password is supplied, the code works. So does anyone have a working of using SSL to authenticate without supplying username/password?
  Thanks
  mohammed

  Hi,
  I just solved this. I noticed from another thread that I was not using the OCI driver (see below):
  String url = "jdbc:oracle:thin:@pki14";
  Once I changed it to:
  String url = "jdbc:oracle:oci:@pki14";
  The code worked perfectly. One more setting that you'll have to do is to create the user you want to connect as externally:
  create user scott identified externally as
  'CN=acme, OU=development, O=acme, C=US';
  grant connect,create session to scott;
  Note that the DN should be the same as the SSL certificate that you created in your wallet.
  hth
  mohammed

• LMS 4.2.3 Continuous Authentication failure alarm in DFM

  Hi All,
  We are getting continuous minor alarm[Authentication Failure] for single router in the DFM.  can we check from which ip we are getting the authentication request??
  possible steps to find the cause for the authentication failure.?
  Regards,
  Channa

  Hi Vinod,
  I tried delete the DFM and DFM1.log files. but after stopping the deamon manager.unable to delete DFM1.log as this file was accessed by the smserver.exe in the backend.
  i have successful moved both RPS files and DFM.log file from the location. but the issue persists.
  I try again to delete DFM1.log file in the MW and update.
  Regards,
  Channa

• Go URL - User Authentication Failure

  Hi,
  I am trying to use a 'Go URL' in web application and I see some issue with authentication mechanism.
  I was able to login and view the dashboard whenever the username used in the 'Go URL' is from the console. But if the user who is from Active directory is used in the 'Go URL' link, then I get the login page saying 'Invalid username or password'. When I check the log file, it says ' [53012] User Authentication Failure'.
  Also the AD user can login from the login page, but not thru 'Go-URL' link.
  Can anyone let me know whether I am missing any step?
  Thanks

  969211 wrote:
  I was able to login and view the dashboard whenever the username used in the 'Go URL' is from the console. But if the user who is from Active directory is used in the 'Go URL' link, then I get the login page saying 'Invalid username or password'. When I check the log file, it says ' [53012] User Authentication Failure'.
  Also the AD user can login from the login page, but not thru 'Go-URL' link.
  Can anyone let me know whether I am missing any step?Check the usage of Go URL first : http://docs.oracle.com/cd/E21043_01/bi.1111/e16364/apiwebintegrate.htm
  If you dont user NQUser and NQPassword then they will be prompted for a password. you need to http://<hostname.domain>:9704/analytics/saw.dll?Dashboard&PortalPath=<your GO URLpath>*&NQuser=USERNAME&NQPassword=PASSWORD*
  You should not access if URL without logging in.
  Also on different note:
  Rupesh Shelar wrote:
  Make sure your BISYSTEM password
  Go to weblogic console, http://IP address:7001/console
  Home >Summary of Security Realms > myrealm > Users and Groups > BISystemUser
  And then go to your EM (http://IP address:7001/em)
  expand weblogic domain > bifoundation_domain > Security > Credentials > oracle.bi.system ? system.user
  Just retype a new password then Restart BI All Services then test it.How is BISystemUser even related to Go URL .or this issue .?
  Hope this helps.
  Let me know the updates. Mark if it answers!
  Thanks,
  SVS

• Authentication Failure (Password Mismatch)

  Hi there.
  I am having a nightmare trying to get my web server working under Snow Leopard. To cut a long story short the server died and I had to restore it using a disk image before I migrate it to a new mavericks server. For obvious reasons I'd like to get everything working before I migrate.
  Whenever a users tries to access a secure page (mainly for svn access) they get rejected. If I try to access the page via safari/chrome I get a pop up window asking for a username and password. If the user enters their correct name and password it is constantly rejected (the name and password work elsewhere for email etc).
  In the logs on the server I get:
  [Wed Feb 05 16:34:33 2014] [error] [client 192.168.0.56] mod_auth_apple: User XXX authentication failure for "/xxx/xxxxxx": Password mismatch according to checkpw
  [Wed Feb 05 16:34:33 2014] [notice] [client 192.168.0.56] mod_auth_apple: Authenticating using lookupd or checkpw failed, and no configured htaccess file (AuthUserFile)
  If in Versions I try to refresh the svn repository I get:
  OPTIONS of 'https://[email protected]/svn/project'://[email protected]/svn/project': authorization failed: Could not authenticate to server: rejected Basic challenge (https://server.name.com)
  I am also having issues with iCal Server and AFP which makes me think there is some authorisation service which is corrupt/broken?
  Any help MOST appreciated as I am tearing my hair out here!
  Yours,
  Nic

  Ok something I have worked out by a bit of trial and error.
  NEVER run a server with two HDDs both with clones/installs of Mac OS.
  My server had the internal (faulty HDD) with the original server install called Macintosh HD. The clone was on a USB drive called SnowLeopardServer_Backup.
  Now for the most part the server worked (because most stuff uses Unix and proper paths). However it looks like all of apples stuff (Web services, iCal server and AFP) use the full path or at least components of them do. So because the server was originally set up on an HDD called Macintosh HD I can only suspect that it was freaking out by 1) now being on an HDD called something else and 2) that there was another HDD there called Macintosh HD.
  I have now renamed my old HDD to something else and renamed all the OS folders in it to something different too. I also renamed the clone drive to Macintosh HD.
  So far I turned on Web services and AFP and they work perfectly I have not turned on iCal yet as I want to ensure each service is working before turning on another.
  Also finally got the holy grail of Kerberos and Open Directory triangle working. I though that the iCal/Web/AFP not working with accounts was Open Directory related so I backed it up (and WGM), change to standalone and then tried to go back to a Master. It complained about the DNS not being set up and I finally found a post saying that you need to have your DNS set to point at 127.0.0.1 in the System Preferences > Network settings. I changed that and boom no more complaints about bad DNS
  Nic.