SSL issue with BPEL

Similar Messages

• Issue with BPEL silent deinstall

  I'm using the BPEL shiphome for iAS phase 1 (linux). I have created a response file and successfully installed BPEL using the silent mode. However, when I try the silent deinstallation, I get the following error:
  Deinstall in progress (Mon Oct 17 06:59:49 PDT 2005)
  ERROR: Invalid action deinstallMiditer
  Usage: BPMInstaller installStandalone
  -oracle-home <oracleHome>
  -http-proxy-required true|false
  -http-proxy-host <proxyHost>
  -http-proxy-port <proxyPort>
  -http-no-proxy-for '<noProxyHosts>'
  I can successfully deinstall using OUI. So the issue is only with the silent mode of deinstallation. Please post your suggestions.
  Thanks,
  Karthik.

  Ronny , No where you can't install weblogic to start with uninstall again !
  just go with the option #1  if it is linux just rm directory should work otherwise delete the binaries, folders manually & environment variables
  thanks,
  Saichand

• Issue with BPEL Correlation on Invoke 11g

  The scenario is like...
  One initial receive -> Invoke to a Web Service -> Receive from JMS Q -> End of the process.
  I have applied BPEL Correlation on Invoke by creating property alias with Output Message Type.Pattern I have also used.
  Now, when I run the composite, the instance is in error but no error message.
  On the other hand, if I use the Input message type for correlation property alias, the BPEL process proceeds. But my requirement is to do the correlation on output variable of invoke which needs to be checked against receive input variable.
  Can any one suggest some resolution here?
  Thanks.

  Hi,
  Here the option what I can think of is that use some unique element that you passing in first invoke for correlation and customize the external service to ask them to have your passed value as part of their queue values, That way you can correlate the messages and once correlated based on unique value you match up the tokens.
  Suggesting this work around as, correlation will always need token, which is passed as an input to the first Invoke. so defining correlation based on output token is not possible.
  If you find something please do share.
  -Umesh

• Safari SSl Issue with Online Grading Site

  I manage a department that offers grading of exams online. Users supply their answers and have the server grade the submissions.
  We randomly have an issue where Safari users will have their exams graded incorrectly. Basically failing the student even though they have supplied the correct answers.
  When we have them resubmit the same answers in IE for Mac the server correctly grades the exam.
  This issue is not consistent. Some exams grade correctly in Safari and some do not.
  Any advice would be appreciated.

  Hmmmm....
  via MacWorld:
  Nothing in Apple’s ridiculously minimal release notes suggested that this feature existed. But this time, the company’s intransigence in telling you what it has changed in the software you use may have further consequences. How Safari could “know” about these phishing and malware sites raises all kinds of interesting questions. Now we can tell you with reasonable confidence how it all works—but because Apple has not done the same thing, we cannot say with certainty that it is completely private, or that Safari is not sending information about the pages you visit to a third party.

• Ssl issues with sgd 4.4

  Hi there,
  I cannot start my sgd server with --ssl, i get the following error in the logs...
  2012/08/13 13:04:33.169 ssl1112 ssldaemon/clientconnection/badforwardporterror
  Sun Secure Global Desktop Software (4.4) ERROR:
  The Security Daemon has received a connection to be forwarded onwards,
  but it could not get the port to forward to from the
  tarantella.config.server.proxiedhttpsurl attribute.
  Please ensure this attribute is correctly correctly by using the Security
  properties in the per-server section of the array manager. ssldaemon/clientconnection/badforwardporterror
  2012/07/30 13:04:33.169 ssl1112 ssldaemon/clientconnection/badforwardporterror
  Sun Secure Global Desktop Software (4.4) ERROR:
  The Security Daemon has received a connection to be forwarded onwards,
  but it could not get the port to forward to from the
  tarantella.config.server.proxiedhttpsurl attribute.
  Please ensure this attribute is correctly correctly by using the Security
  properties in the per-server section of the array manager. ssldaemon/clientconnection/badforwardporterror
  2012/07/30 13:04:33.170 ssl1112 ssldaemon/TTAservererror/badresponseinfo
  Sun Secure Global Desktop Software (4.4) ERROR:
  Secure Global Desktop server not responding on port 0, closing the connection.
  TSP=SERVER IP:443 Client=CLIENT IP:35987 ssldaemon/TTAservererror/badresponseinfo
  2012/07/30 13:04:33.170 ssl1112 ssldaemon/TTAservererror/badresponseinfo
  Sun Secure Global Desktop Software (4.4) ERROR:
  I cannot start array manager as its not used any more, and i cannot see any options on the gui config for this.
  Any help is appreciated.
  regards

  hi there,
  thanks for the quick reply. please see below the output for config list...
  array-audio-quality: medium
  array-audio: 0
  array-billingservices: 0
  array-cdm-fallbackdrive: t+
  array-cdm-wins: 0
  array-cdm: 1
  array-clipboard-clientlevel: 3
  array-clipboard-enabled: 1
  array-editprofile: 1
  array-externallaservice: 0
  array-logfilter: */*/fatalerror:.../_beans/com.sco.tta.server.log.ConsoleSink,server/login/*info:login%%PID%%_moreinfo.log,audit/session/*info:login%%PID%%_moreinfo.log,cdm/*/*:cdm%%PID%%.log,cdm/*/*:cdm%%PID%%.jsl,server/deviceservice/*:cdm%%PID%%.log,server/deviceservice/*:cdm%%PID%%.jsl,server/security/*:ssl%%PID%%.log,server/printing/*:print%%PID%%.log,server/printing/*:print%%PID%%.jsl
  array-port-encrypted: 443
  array-port-peer: 5427
  array-port-unencrypted: 3144
  array-resourcesync: 1
  array-scard: 1
  array-serialport: 1
  array-unixaudio-quality: medium
  array-unixaudio: 0
  audiope-compression: never
  chpe-compression: auto
  chpe-compressionthreshold: 256
  chpe-exitafter: 60
  cpe-args: ""
  cpe-exitafter: 60
  cpe-maxsessions: 20
  cpe-maxusers: 1
  execpe-args: ""
  execpe-exitafter: 60
  execpe-maxsessions: 10
  execpe-maxusers: 1
  execpe-scriptdir: %%INSTALLDIR%%/var/serverresources/expect
  iope-compression: never
  launch-allowsmartcard: 0
  launch-alwayssmartcard-initial: checked
  launch-alwayssmartcard-state: enabled
  launch-details-initial: shown
  launch-details-showonerror: true
  launch-details-state: enabled
  launch-expiredpassword: manual
  launch-loadbalancing-algorithm: sessions
  launch-savepassword-initial: checked
  launch-savepassword-state: enabled
  launch-savettapassword: 1
  launch-showauthdialog: user
  launch-showdialogafter: 2
  launch-trycachedpassword: 1
  login-ad-base-domain: ""
  login-ad-default-domain: ""
  login-ad: 0
  login-anon: 0
  login-atla: 0
  login-autotoken: 0
  login-ens: 1
  login-ldap-pki-enabled: 0
  login-ldap-thirdparty-ens: 0
  login-ldap-thirdparty-profile: 0
  login-ldap-url: ldap://dc.domain.com
  login-ldap: 0
  login-mapped: 0
  login-nt-domain: dc.domain.com
  login-nt: 1
  login-securid: 0
  login-theme: sco/tta/standard
  login-thirdparty-ens: 0
  login-thirdparty-nonens: 1
  login-thirdparty-superusers: sgd_trusted_user
  login-thirdparty: 0
  login-unix-group: 0
  login-unix-user: 1
  login-web-ens: 0
  login-web-ldap-ens: 0
  login-web-ldap-profile: 1
  login-web-profile: 0
  login-web-tokenvalidity: 180
  ppe-compression: auto
  ppe-compressionthreshold: 4096
  ppe-exitafter: 240
  printing-mapprinters: 1
  printing-pdfdriver: ""
  printing-pdfenabled: 0
  printing-pdfisdefault: 0
  printing-pdfprinter: "Universal PDF Printer"
  printing-pdfprompt: 0
  printing-pdfviewer: "Universal PDF Viewer"
  printing-pdfviewerenabled: 0
  printing-pdfviewerisdefault: 0
  scardpe-compression: never
  security-acceptplaintext: 0
  security-applyconnections: 1
  security-connectiontypes: "std,ssl"
  security-firewallurl: ""
  security-newkeyonrestart: 0security-printmappings-timeout: 1800
  security-ssldaemon-failmode: reducesecurity
  security-xsecurity: 1
  server-dns-external: *:sgd1.domain.com
  server-location: ""
  server-logdir: /opt/tarantella/var/log
  server-login: enabled
  server-redirectionurl: ""
  sessions-aipkeepalive: 100
  sessions-loadbalancing-algorithm: .../_beans/com.sco.tta.server.loadbalancing.tier2.SessionLoadBalancingPolicy
  sessions-timeout-always: 11500
  sessions-timeout-session: 720
  tuning-jvm-initial: 120
  tuning-jvm-max: 2048
  tuning-jvm-scale: 150
  tuning-maxconnections: 1000
  tuning-maxfiledescriptors: 4096
  tuning-maxrequests: 7
  tuning-resourcesync-time: 4:00
  xpe-args: ""
  xpe-cwm-maxheight: 1280
  xpe-cwm-maxwidth: 3200
  xpe-exitafter: 60
  xpe-fontpath: "%%INSTALLDIR%%/etc/fonts/misc,%%INSTALLDIR%%/etc/fonts/TTF,%%INSTALLDIR%%/etc/fonts/Type1,%%INSTALLDIR%%/etc/fonts/CID,%%INSTALLDIR%%/etc/fonts/local,%%INSTALLDIR%%/etc/fonts/75dpi,%%INSTALLDIR%%/etc/fonts/100dpi,%%INSTALLDIR%%/etc/fonts/ibm,%%INSTALLDIR%%/etc/fonts/hp,%%INSTALLDIR%%/etc/fonts/andrew,%%INSTALLDIR%%/etc/fonts/icl,%%INSTALLDIR%%/etc/fonts/scoterm,%%INSTALLDIR%%/etc/fonts/cyrillic,%%INSTALLDIR%%/etc/fonts/hangul,%%INSTALLDIR%%/etc/fonts/oriental"
  xpe-keymap: xuk.txt
  xpe-maxsessions: 20
  xpe-maxusers: 1
  xpe-monitorresolution: 0
  xpe-rgbdatabase: %%INSTALLDIR%%/etc/data/rgb.txt
  xpe-sessionstarttimeout: 60
  xpe-tzmapfile: %%INSTALLDIR%%/etc/data/timezonemap.txt
  Edited by: 952573 on Aug 13, 2012 4:41 PM

• An issue with BPEL fault handling

  Hi,
  I need to catch an exception in my BPEL process. The exception is thrown from a partner service(in java). I am using the catch fault handler in BPEL to catch a specific fault.
  1. When I give "systemFault" as the faultName its catching the fault
  2. But when I give "Exception" as the faultName its not catching the fault
  In the second case server log gives me the following fault,
  BPCOR-6135:A fault was not handled in the process scope; Fault Name is {......
  Can you please help me to figure out the problem here.
  Please let me know if you need any more information.
  Thanks in advance,
  Jose John

  Thank you very much for your reply.
  Following is the wsdl file,
  relevant part of the WSDL file
  <message name="Exception">
  <part name="fault" element="tns:Exception"/>
  </message>
  <portType name="PostConstraintChecker">
  <operation name="check">
  <input message="tns:check"/>
  <output message="tns:checkResponse"/>
  <fault message="tns:Exception" name="Exception"/>
  </operation>
  </portType>
  <binding name="PostConstraintCheckerPortBinding" type="tns:PostConstraintChecker">
  <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
  <operation name="check">
  <soap:operation soapAction=""/>
  <input>
  <soap:body use="literal"/>
  </input>
  <output>
  <soap:body use="literal"/>
  </output>
  <fault name="Exception">
  <soap:fault name="Exception" use="literal"/>
  </fault>
  </operation>
  </binding>
  Is this correct? Do you see any problems in this? Please let me know if you need any more information which will help you in debugging the issue.
  Thanks,
  Jose John

• Issue with BPEL append operation

  Hi All,
  I have the following block in my BPEL Code:
  <assign name="Assign_5">
  <bpelx:append>
  <bpelx:from variable="FFNUMTwoOutputClone"
  part="payload"
  query="/ns8:FulfillmentOrderEBM/ns8:DataArea/ns8:FulfillmentOrder/ns8:FulfillmentOrderActions/ns8:FulfillmentAction/ns8:FulfillmentServices/ns8:FulfillmentService/ns8:ServiceParameters/ns8:AddParameters/ns8:Parameter"/>
  <bpelx:to variable="decomposedOrder_OutputVariable"
  part="payload"
  query="/ns8:FulfillmentOrderEBM/ns8:DataArea/ns8:FulfillmentOrder/ns8:FulfillmentOrderActions/ns8:FulfillmentAction/ns8:FulfillmentServices/ns8:FulfillmentService/ns8:ServiceParameters/ns8:AddParameters"/>
  </bpelx:append>
  </assign>
  as far as I know, the ns8:Parameter should get appended to ns8:AddParameters. But during the execution of the process, the following selection failure is encountered:
  <selectionFailure xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/">
  -<part name="summary">
  <summary>
  Assign Operation Misuse.
  The selection result of /ns8:FulfillmentOrderEBM/ns8:DataArea/ns8:FulfillmentOrder/ns8:FulfillmentOrderActions/ns8:FulfillmentAction/ns8:FulfillmentServices/ns8:FulfillmentService/ns8:ServiceParameters/ns8:AddParameters is not an XML element; append operation cannot be performed.Please check the BPEL source at line number "347" .
  </summary>
  </part>
  </selectionFailure>
  Please suggest the cause and workaround for this issue as this is a very critical requirement.
  Regards,
  CC

  Hi,
  If you want to append to addparameters the query should be like this
  <assign name="Assign_5">
  <bpelx:insertAfter>
  <bpelx:from variable="FFNUMTwoOutputClone"
  part="payload"
  query="/ns8:FulfillmentOrderEBM/ns8:DataArea/ns8:FulfillmentOrder/ns8:FulfillmentOrderActions/ns8:FulfillmentAction/ns8:FulfillmentServices/ns8:FulfillmentService/ns8:ServiceParameters/ns8:AddParameters/ns8:Parameter"/>
  <bpelx:to variable="decomposedOrder_OutputVariable"
  part="payload"
  query="/ns8:FulfillmentOrderEBM/ns8:DataArea/ns8:FulfillmentOrder/ns8:FulfillmentOrderActions/ns8:FulfillmentAction/ns8:FulfillmentServices/ns8:FulfillmentService/ns8:ServiceParameters/ns8:AddParameters"/>
  </bpelx:insertAfter>
  </assign>
  Append operation actually appends as a child node to the node selected in bpelx:to part of append operation.
  or else u can use below code which gives the same result
  <assign name="Assign_5">
  <bpelx:append>
  <bpelx:from variable="FFNUMTwoOutputClone"
  part="payload"
  query="/ns8:FulfillmentOrderEBM/ns8:DataArea/ns8:FulfillmentOrder/ns8:FulfillmentOrderActions/ns8:FulfillmentAction/ns8:FulfillmentServices/ns8:FulfillmentService/ns8:ServiceParameters/ns8:AddParameters/ns8:Parameter"/>
  <bpelx:to variable="decomposedOrder_OutputVariable"
  part="payload"
  query="/ns8:FulfillmentOrderEBM/ns8:DataArea/ns8:FulfillmentOrder/ns8:FulfillmentOrderActions/ns8:FulfillmentAction/ns8:FulfillmentServices/ns8:FulfillmentService/ns8:ServiceParameters"/>
  </bpelx:append>
  </assign>

• Flex + BlazeDS SSL issue with IE7

  Hi there,
  Am facing an unique issue when accessing my application using https (SSL) protocol. Actually my app is configured for "secure amf" and when it fails then it hits the "amf" of blazeds.
  All is fine, when i try to open an IE window and hit the url for the first time. The client side is able to hit the server side thru secure amf and its receiving the response back from the server. But when i open another new IE7 tab/window then am getting a NetConnection issue....
  i.e, NetConnection.Failed:HTTP error is popping up eventhough it tries to access the https url..
  Let me know if any of you guys have a work around for this.
  This works fine for FF & Chrome.
  Thanks.

  So it's definitely due to a change in Firefox, but I was able
  to find a workaround. We put headers in our flex pages so we can
  incorporate our global navigation at the top of the page.
  You're not going to believe the workaround. Here's what the
  code looked like before I fixed it:
  <cfinclude
  template="/cfdocs/proddev/common/cf/flex_header.cfm">
  <script src="AC_OETags.js"
  language="javascript"></script>
  Now, here's the fix:
  <script src="AC_OETags.js"
  language="javascript"></script>
  <cfinclude template="common/flex_header.cfm">
  So, I either had to put the script tag in the <head>
  tag, or put it before my html declarations.
  My guess is that Firefox over SSL doesn't allow <script
  src=''> tags in the body of an html document anymore.

• AD Password Filter - SSL Issues with MSFT CA ?

  - We have completed implementing one way EXPORT profile sync between OID to AD
  - SSL configs are complete as per documentation and password synchronizing from OID to AD
  successfully
  - We now want to implement a new import profile to synchronize ONLY password from AD to OID
  - Following documentation at
  http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15995/odip_adpasswordsync.htm#CHDBIIJC
  - One of the first steps is to check if SSL is enabled at OID...when we do that using the tool(ldapbindssl.exe) we downloaded ...below
  is the error we get...
  +++++++++++++++++++++++++++++++++
  C:\>ldapbindssl.exe -h oid-host -p 636 -D cn=orcladmin -w xxxx
  Connecting server in SSL Mode
  Checking if SSL is enabled
  SSL not enabled.
  SSL being enabled...
  Binding ...
  Ldap bindERROR
  System Error Code: 1396
  LDAP Error Code: 52
  Error Message: Server Unavailable
  C:\>
  +++++++++++++++++++++++++++++++++
  - We know for sure that SSL is configured on OID . The SSL is configured as "Server Authentication
  Only" for Configset1 which is running on port 636
  when we do ldapbind from the oidhost for this port it works...
  ldapbind -U 2 -h oid-host -p 636 -W file://oracle/wallet -P xxxxx
  bind successful
  - For SSL configs we have used Micorsoft CA, hence the root certificate (CA) is also present on AD server and
  there is no need to import Oracle CA as per the documentation.
  Question:
  1) What is th specific SSL set-up that we need to do on OID server such that AD is
  able to detect SSL configuration ??? what is it that we are missing ?

  You do have to import the certificate (the OID Server certificate, that is), or the SSL setup will reject the connection as "not from the intended host".
  Apart from that - there's a bug, requiring the OID server certificate SUBJECT attribute matches the OID server hostname. (Note 430907.1/bug 5846519 ). I seem to hit that one :(

• SSL Issue with Dovecot Mac OS X Server 10.6.8

  I run IMAP mail on SL Server using SSL. It's been running beautifully for a year or so till my (self signed) certificate expired. I created a new cert and configured SMTP & IMAP to use the new cert. SMTP is fine but IMAP refuses to use the cert. The message i get in the log is :mail dovecot [32551] can't use etc/ssl/certs/dovecot.pem no such file or directory. Invalid configuration, keeping old one. SSL simply doesn't start.
  I've been right through the dovecot.conf file and checked and nowhere in the file is that location referred to. All the times SSL is mentioned in the conf file the correct location is referred to. I've looked and the certs are where they are supposed to be.
  So what other configuration file can dovecot possibly be referring to when it attempts to load the new configuration after I've made changes using server admin?
  I've even loaded a default conf file and started fresh and the same thing happens.
  Appreciate any ideas
  Mac OS X Server 10.6.8
  Rob

  Never Mind, I figured it out.

• SSL Issue with reverse proxy module

  Hi there,
  I'm hoping someone can help me. I am using Sun ONE Web Server 6.1SP7 Reverse Proxy Plugin to connect to a backend server over SSL.
  However the backend server is reporting errors on the SSL handshake: SSL_ERROR_NO_CYPHER_OVERLAP
  I have installed ssldump and can see the following set of cipher suites are offered by the client (in this case, the reverse proxy module:
  New TCP connection #6: dptettsw02(62951) <-> dptdevss01(31006)
  6 1 0.0105 (0.0105) C>S SSLv2 compatible client hello
  Version 3.1
  cipher suites
  SSL2_CK_RC4
  SSL2_CK_RC2
  SSL2_CK_3DES
  SSL2_CK_DES
  SSL2_CK_RC4_EXPORT40
  SSL2_CK_RC2_EXPORT40
  TLS_RSA_WITH_RC4_128_MD5
  Unknown value 0xfeff
  TLS_RSA_WITH_3DES_EDE_CBC_SHA
  Unknown value 0xfefe
  TLS_RSA_WITH_DES_CBC_SHA
  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  TLS_RSA_EXPORT_WITH_RC4_40_MD5
  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  How do I configure the reverse proxy module to use a different cipher suite?
  Any help would be greatly appreciated and please let me know if anything is unclear
  Thanks!
  Kev

  Hi there.
  The server.xml file is below:
  <?xml version="1.0" encoding="UTF-8"?>
  <!--
  Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
  Use is subject to license terms.
  -->
  <!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///opt/SUNWwbsvr/servers/bin/https/dtds/sun-web-server_6_1.dtd">
  <SERVER qosactive="no" qosmetricsinterval="30" qosrecomputeinterval="100">
  <PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
  <PROPERTY name="user" value=""/>
  <PROPERTY name="group" value=""/>
  <PROPERTY name="chroot" value=""/>
  <PROPERTY name="nice" value=""/>
  <PROPERTY name="dir" value=""/>
  <PROPERTY name="accesslog" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/accessSSL"/>
  <LS id="group1" ip="0.0.0.0" port="2080" acceptorthreads="1" blocking="no" security="off" defaultvs="https-ETT03WEB02" servername="dptettsw02"/>
  <LS id="ls2_default" ip="0.0.0.0" port="20443" acceptorthreads="1" blocking="no" security="on" defaultvs="https-ETT03WEB02" servername="ptpcam-ptpett-drs.dwpptp.londondc.com">
  <SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="&#43;rc4,&#43;rc4export,&#43;rc2,&#43;rc2export,&#43;desede3,&#43;des" ssl3="on" ssl3tlsciphers="-rsa_rc4_128_sha,-rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,-rsa_3des_sha,-rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,&#43;rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,&#43;fortezza_null,-fips_3des_sha,-fips_des_sha" tls="on" tlsrollback="off" clientauth="off"/>
  </LS>
  <MIME id="mime1" file="mime.types"/>
  <ACLFILE id="acl1" file="/opt/SUNWwbsvr/servers/httpacl/generated.https-ETT03WEB02.acl"/>
  <VSCLASS id="defaultclass" objectfile="obj.conf" rootobject="default" acceptlanguage="off">
  <PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
  <PROPERTY name="user" value=""/>
  <PROPERTY name="group" value=""/>
  <PROPERTY name="chroot" value=""/>
  <PROPERTY name="nice" value=""/>
  <PROPERTY name="dir" value=""/>
  <VS id="https-ETT03WEB02" connections="group1" urlhosts="dptettsw02" mime="mime1" aclids="acl1" state="on">
  <USERDB id="default" database="default"/>
  </VS>
  <VS id="ETT03WEB02_SSL" connections="ls2_default" urlhosts="ptpcam-ptpett-web.dwpptp.londondc.com" mime="mime1" aclids="acl1" state="on">
  <USERDB id="default" database="default"/>
  </VS>
  </VSCLASS>
  <JAVA javahome="/opt/SUNWwbsvr/servers/bin/https/jdk" serverclasspath="/opt/SUNWwbsvr/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-ext.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-jstl.jar:/opt/SUNWwbsvr/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" debug="false" debugoptions="" dynamicreloadinterval="2">
  <JVMOPTIONS>-Dorg.xml.sax.parser=org.xml.sax.helpers.XMLReaderAdapter</JVMOPTIONS>
  <JVMOPTIONS>-Dorg.xml.sax.driver=org.apache.crimson.parser.XMLReaderImpl</JVMOPTIONS>
  <JVMOPTIONS>-Djava.security.policy=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/server.policy</JVMOPTIONS>
  <JVMOPTIONS>-Djava.security.auth.login.config=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/login.conf</JVMOPTIONS>
  <JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
  <JVMOPTIONS>-Xmx256m</JVMOPTIONS>
  <JVMOPTIONS>-Xrs</JVMOPTIONS>
  <SECURITY defaultrealm="file" anonymousrole="ANYONE" audit="false">
  <AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
  <PROPERTY name="file" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/keyfile"/>
  <PROPERTY name="jaas-context" value="fileRealm"/>
  </AUTHREALM>
  <AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
  <PROPERTY name="directory" value="ldap://localhost:389"/>
  <PROPERTY name="base-dn" value="o=isp"/>
  <PROPERTY name="jaas-context" value="ldapRealm"/>
  </AUTHREALM>
  <AUTHREALM name="certificate" classname="com.iplanet.ias.security.auth.realm.certificate.CertificateRealm"/>
  </SECURITY>
  <RESOURCES/>
  </JAVA>
  <LOG file="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/errors" loglevel="finest" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
  </SERVER>

• Issue with CatchAll

  I am using SOA 10.1.3.1.0 Developer installation
  CatchAll isnot catching most of the exceptions.
  I have two scope Main and custom, I have two catchall blocks.
  neither of the catchall block is catching the exceptions.
  Can anybody tell me how to catch all the exceptions.
  I believe it is major bug.
  I just want to know how stable the oralce SOA 10.1.3.0 is? ( there are lots of bugs i came across i had posted around 20 threads but i am not getting any useful information)
  Regards
  V Kumar

  Hi,
  I was using the 10.1.3.1 developer and the catchAll activity was OK.
  It catched all exceptions which occur.
  Sometimes I've got issue with bpel process which was in cache. I had to explicitly undeploy them, delete them in the domain tmp directory and then redeploy it to have the new design.
  Hope this can help.
  Raphaël.
  http://bpelsoa.blogspot.com

• SSL VPN (WebVPN) issues with IOS 15.0(1)M1

  Hello everyone... I need your help!
  I am having some weird issues with webvpn/anyconnect, please find the relevant information below;
  Symptoms:
  - AnyConnect Client prompts users with the following error:
  "The secure gateway has rejected the agent's VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists."
  Debug:
  Mar  5 13:09:45:
  Mar  5 13:09:45: WV-TUNL: Tunnel CSTP Version recv  use 1
  Mar  5 13:09:45: WV-TUNL: Allocating tunl_info
  Mar  5 13:09:45: WV-TUNL: Allocating stc_config
  Mar  5 13:09:45: Inserting static route: 172.25.130.126 255.255.255.255 SSLVPN-VIF36 to routing table
  Mar  5 13:09:45: WV-TUNL: Use frame IP addr (172.25.130.126) netmask (255.255.255.255)
  Mar  5 13:09:45: WV-TUNL: Tunnel entry create failed:IP= 172.25.130.126 vrf=77 session=0x67234340
  Mar  5 13:09:45: HTTP/1.1 401 Unauthorized
  Mar  5 13:09:45:
  Mar  5 13:09:45:
  Mar  5 13:09:45:
  Mar  5 13:09:45: Deleting static route: 172.25.130.126 255.255.255.255 SSLVPN-VIF36 from routing table
  Mar  5 13:09:45: WV-TUNL: Failed to install (addr 172.25.130.126, table_id 77) to TCP
  Mar  5 13:09:45: WV-TUNL*: Received server IP packet 0x6692EB08:
  Mar  5 13:09:45: WV-TUNL: CSTP Message frame received from user usr-test (172.25.130.126)
  WV-TUNL:      Severity ERROR Type USER_LOGOUT
  WV-TUNL:      Text: HTTP response contained an HTTP error code.
  Mar  5 13:09:45: WV-TUNL: Call user logout function
  Mar  5 13:09:45: WV-TUNL: Clean-up tunnel session (usr-test)
  When the error occurs, the "SVCIP install TCP failed" counter increments:
  VPN-Router1#  show webvpn stats detail context CUSTOMER-VPN
  [snip]
  Tunnel Statistics:
      Active connections       : 1       
      Peak connections         : 3          Peak time                : 19:09:04
      Connect succeed          : 9          Connect failed           : 5       
      Reconnect succeed        : 0          Reconnect failed         : 0       
      SVCIP install IOS succeed: 14         SVCIP install IOS failed : 0       
      SVCIP clear IOS succeed  : 18         SVCIP clear IOS failed   : 0       
      SVCIP install TCP succeed: 9          SVCIP install TCP failed : 5       
      DPD timeout              : 0        
  [snip]
  IOS Version Details:
  Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
  System image file is "disk2:c7200-advipservicesk9-mz.150-1.M1.bin"
  The router also runs IPSEC remote access VPN in addition to the webvpn/anyconnect scheme.
  Config:
  webvpn context CUSTOMER-VPN
  title "SSL VPN for Customer"
  ssl authenticate verify all
  login-message "Enter username and passcode"
  policy group CUSTOMER-VPN
     functions svc-required
     svc keep-client-installed
     svc split include 10.1.16.0 255.255.240.0
     svc split include 10.1.2.0 255.255.254.0
  vrf-name CUSTOMER-VPN
  default-group-policy CUSTOMER-VPN
  aaa authentication list AAA-LIST
  aaa authentication auto
  aaa accounting list AAA-LIST
  gateway vpn virtual-host customer.xx.com
  logging enable
  inservice
  The error happens sporadically, at least once a week, and on different contexts. Does anyone have any clue on what can cause this issue? Any help is appreciated!

  Have you seen my post https://supportforums.cisco.com/message/2016069#2016069 ?
  At that point in time we were running with local pool definition.
  As the http 401 rc happens very sporadically we still gathering incident reports internally.
  Will open a case if you did not yet.
  cheers, Andy

• Issue with SSL in web service.

  Hi All,
  We are having synchronous web service to proxy scenario in XI. We are trying to send a binary data using the SOAP web service to SAP via XI. Initially, we were posting large binary data using HTTP connection via XI from the SOAP client. The scenario was working without any issues.
  Since the data is sensitive changed the web service from HTTP to HTTPS.The interface works without issues when we test it using the SOAP client for testing. When the data is sent using the Dot Net application (the end application) using the same webservice, URL (HTTPS connection) the message errors out. The connection is borken and the message fails. In this scenario, XI does not even receive the message which I can make out looking into the SOAP adapter communication channel.
  The interesting fact here is the same  Dot Net application is able to connect and send smaller binary data using HTTPS connection.
  Could you please let us know if this could be the issue with HTTPS connection on XI side? I doubt it to be an issue on XI side because the adapter does not even receive any message when the scenario fails. But we used some HTTPS monitoring tools and found that the Dot Net Application receives some encrypted response from the server which the application is not able to decrypt and the handshake breaks.
  Could you please throw some inputs into this issue.
  Thanks,
  Manohar.

  Hi Manohar
  You have posted the same question with two different subject text
  anyway follow these SAP notes your problem will be short out
  Note 856597 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 SOAP Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856597&_NLANG=E
  Note 856599 - FAQ: XI 3.0 / PI 7.0 / PI 7.1 Mail Adapter
  https://websmp102.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=856599&_NLANG=E
  Note 870845 - XI 3.0 SOAP adapter SSL client certificate problem
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=916664&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=870845&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  check the OSS Note 554174 & see if it helps
  Note 645357 - SAPHTTP: SSL error
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=645357&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1150980&nlang=EN&smpsrv=https%3a%2f%2fwebsmp102%2esap-ag%2ede
  one alternative may be Restart ICM (Internet Communication Manager) .This will solve your HTTP issue
  Cheers!!!!
  Regards
  sandeep
  if helpful kindly reward points

• Newly Occuring CSS SSL Issue in Chrome, FF10, IE9 with L5 rules; 3 second delay, loss of L5 stickyness

  We recently started suffering an issue with our CSS11501S-K9 units not performing URL stickiness on our SSL wrapped L5 rules.  I've spent dozens of manhours working on the problem, and have quite a bit of information to report, including a solution.  There is a high probability that anybody who uses SSL to an L5 rule on a CSS unit will become affected by this problem over the next few weeks/months as users update their browsers with new SSL patches.  
  We hadn't made any changes to our config in months, and eliminated hardware problems by testing a second unit. 
  Here are the exact symptoms we saw:
    Browsers affected: Firefox 10, Chrome, IE9, others (and some earlier versions of IE depending on patch levels)
    Browsers not affected: FireFox 3.5, w3m 0.5.2, curl7.19.7
    Impact 1: For SSL Rules backed by L5 rules, the initial response to the first request would be 3 seconds.  Further requests on the same TCP connection would not be delayed
    Impact 2: L5 rules being accessed via SSL would nolonger perform any URL based stickiness.  Accessing the same rule skipping SSL, would work fine
  I focused on the 3 second delay, since that was a new issue and was easier to debug than monitoring multiple servers to see if stickiness was broken.  This is what I found when a client tries to connect to an SSL rule that ultimately is routed to a L5 HTTP rule:
  1. Client/CSS perform initial TLS handshake, crypto cyphers determined (nearly instantly)
  2. Client sends HTTP 1.1 request for resource (nearly instantly)
  3. 3 seconds of no traffic in our out of the CSS related to this request
  4. CSS opens an HTTP connection to backend webserver, backend webserver responds (nearly instantly)
  5. The CSS seems to route to the backend server using the balance method (round-robin) instead of the advanced-balance method (url)
  6. Response is sent to the client with the resource (nearly instantly)
  7. Future requests sent from the browser on the same TCP connection have no delay, but the advanced-balance continues to be ignored
  The 3 seconds is quite an exact figure (within a few milliseconds) and appears to be entirely happening inside of the CSS unit itself, since it does not connect to the backend server until after the 3 seconds elapse.  3 seconds smelled like some sort of internal timeout set in the CSS unit after it gives up waiting for something.
  Looking at the packets from affected browsers I discovered that the GET /foobar HTTP/1.1 request was being broken into two separate TLSv1 application messages, the first was 24 bytes and the second was 400 bytes.  Decrypting these messages I found the first message was a
  G
  and the second message was:
  ET /foobar HTTP/1.1
  This essentially splits the initial request the client is sending into two pieces.  This confuses wireshark so much, it doesn't decode this as a HTTP request, and just decodes it as "continuation or non-HTTP traffic".
  On the working browsers I saw only one TLSv1 application message, decrypting it I saw:
  GET /foobar HTTP/1.1
  (obviously I'm simplifying the contents of the request, there were lots of headers and stuff)
  I am aware that the CSS can't handle L5 rules appropriately if they get fragmented, so I suspected this was the problem.  I pulled a packet trace from a few years ago, and at that time confirmed we never saw a double TLSv1 application messages before. 
  A number of openssl vulnerabilities were recently fixed: http://www.ubuntu.com/usn/usn-1357-1
  and browsers may have been recently updated to fix some of these issues, changing the way they encode their traffic. 
  Solution:
  Our ssl config looked something like this:
  ssl-proxy-list SSL_ACCEL
    ssl-server 10 vip address XX.XX.XX.XX
    ssl-server 10 rsakey XXXX
    ssl-server 10 cipher rsa-with-3des-ede-cbc-sha XX.XX.XX.XX 80
    ssl-server 10 cipher rsa-with-rc4-128-sha XX.XX.XX.XX 80
    ssl-server 10 cipher rsa-with-rc4-128-md5 XX.XX.XX.XX 80
    ssl-server 10 unclean-shutdown
    ssl-server 10 rsacert XXXXXX
  Removing:
    ssl-server 10 cipher rsa-with-3des-ede-cbc-sha XX.XX.XX.XX 80
  Solves the problem.  After that's removed, the browsers will nolonger fragment the first character of their request into a separate TLSv1 message.  The 3 second delay goes away, and L5 stickiness is fixed.  The "CBC" in the cyper refers to Cypher-Block-Chaining (a great article here:
  http://en.wikipedia.org/wiki/Cipher-block_chaining), and breaking the payload into multiple packages may have been an attempt to initialize the IV for encryption -- although I'm really just guessing, I stopped researching once I verified this solution was acceptable.
  This issue became serious enough for us to notice first on Monday Feb 13th 2012. We believe a number of our large customers distributed workstation updates over the weekend.  The customers affected were using IE7, although my personal IE7 test workstation did not appear to be affected.  It's quite possible our customers were going through an SSL proxy.  I suspect as more people upgrade their browsers, this will become a more serious issue for CSS users, and I hope this saves somebody a huge headache and problems with their production environment.
  -Joe

  Hi Joe,
  That's a very good analysis you did.
  As you already suspected, the issue comes from the TLS record fragmentation feature that was introduced in the latest browser versions to overcome a SSL vulnerability (http://www.kb.cert.org/vuls/id/864643). Unfortunately, similar issues are happening with multiple products.
  For CSS, the bug tracking this issue is CSCtx68270. The development team is actively working on a fix for it, which should be available (in an interim software release, so to get it you wil have to go through TAC) in the next couple of weeks
  In the meantime, as workaround, you can configure the CSS to use only RC4 cyphers (which is what you were suggesting also). These are not affected by the vulnerability, so, browsers don't apply the record fragmentation when they are in use. This workaround has been tested by several customers already, and the results seem to be very positive.
  Regards
  Daniel