SSL JDK 1.4 problem

Similar Messages

• Jdk causes strange problems

  hi,
  yesterday i upgraded my system:
  [2011-03-02 22:34] Running 'pacman -Su'
  [2011-03-02 22:34] starting full system upgrade
  [2011-03-02 22:46] removed util-linux-ng (2.18-4)
  [2011-03-02 22:46] Generating locales...
  [2011-03-02 22:46] de_AT.UTF-8... done
  [2011-03-02 22:46] de_AT.ISO-8859-1... done
  [2011-03-02 22:46] de_AT.ISO-8859-15@euro... done
  [2011-03-02 22:46] de_DE.UTF-8... done
  [2011-03-02 22:46] de_DE.ISO-8859-1... done
  [2011-03-02 22:46] de_DE.ISO-8859-15@euro... done
  [2011-03-02 22:46] en_US.UTF-8... done
  [2011-03-02 22:46] en_US.ISO-8859-1... done
  [2011-03-02 22:46] Generation complete.
  [2011-03-02 22:46] upgraded glibc (2.13-1 -> 2.13-4)
  [2011-03-02 22:46] upgraded alsa-lib (1.0.23-2 -> 1.0.24.1-1)
  [2011-03-02 22:46] upgraded alsa-utils (1.0.23-3 -> 1.0.24.2-1)
  [2011-03-02 22:46] upgraded binutils (2.21-3 -> 2.21-4)
  [2011-03-02 22:46] upgraded cherokee (1.0.20-2 -> 1.2.1-1)
  [2011-03-02 22:46] upgraded chromium (9.0.597.94-1 -> 9.0.597.107-1)
  [2011-03-02 22:46] upgraded curl (7.21.3-1 -> 7.21.4-2)
  [2011-03-02 22:46] upgraded file (5.05-1 -> 5.05-2)
  [2011-03-02 22:46] upgraded gegl (0.1.4-1 -> 0.1.6-1)
  [2011-03-02 22:46] upgraded vim-runtime (7.3.102-1 -> 7.3.125-1)
  [2011-03-02 22:46] upgraded python2 (2.7.1-5 -> 2.7.1-7)
  [2011-03-02 22:46] upgraded ruby (1.9.2_p136-2 -> 1.9.2_p180-1)
  [2011-03-02 22:46] Updating desktop and mime database...done.
  [2011-03-02 22:46] upgraded gvim (7.3.102-1 -> 7.3.125-1)
  [2011-03-02 22:46] installed util-linux (2.19-4)
  [2011-03-02 22:46] upgraded udev (165-1 -> 166-2)
  [2011-03-02 22:46] warning: /etc/inittab installed as /etc/inittab.pacnew
  [2011-03-02 22:46] warning: /etc/rc.conf installed as /etc/rc.conf.pacnew
  [2011-03-02 22:46] upgraded initscripts (2010.07-2 -> 2011.02.1-1)
  [2011-03-02 22:46] upgraded libdrm (2.4.23-1 -> 2.4.23-2)
  [2011-03-02 22:46] upgraded libgl (7.10.0.git20110206-2 -> 7.10.0.git20110215-1)
  [2011-03-02 22:46] upgraded intel-dri (7.10.0.git20110206-2 -> 7.10.0.git20110215-1)
  [2011-03-02 22:47] upgraded jre (6u23-4 -> 6u24-1)
  [2011-03-02 22:47] upgraded jdk (6u23-4 -> 6u24-1)
  [2011-03-02 22:47] upgraded mkinitcpio (0.6.8-1 -> 0.6.8-2)
  [2011-03-02 22:47] >>> Updating module dependencies. Please wait ...
  [2011-03-02 22:47] >>> MKINITCPIO SETUP
  [2011-03-02 22:47] >>> ----------------
  [2011-03-02 22:47] >>> If you use LVM2, Encrypted root or software RAID,
  [2011-03-02 22:47] >>> Ensure you enable support in /etc/mkinitcpio.conf .
  [2011-03-02 22:47] >>> More information about mkinitcpio setup can be found here:
  [2011-03-02 22:47] >>> http://wiki.archlinux.org/index.php/Mkinitcpio
  [2011-03-02 22:47]
  [2011-03-02 22:47] >>> Generating initial ramdisk, using mkinitcpio. Please wait...
  [2011-03-02 22:47] ==> Building image "default"
  [2011-03-02 22:47] ==> Running command: /sbin/mkinitcpio -k 2.6.37-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26.img
  [2011-03-02 22:47] :: Begin build
  [2011-03-02 22:47] :: Parsing hook [base]
  [2011-03-02 22:47] :: Parsing hook [udev]
  [2011-03-02 22:47] :: Parsing hook [autodetect]
  [2011-03-02 22:47] :: Parsing hook [pata]
  [2011-03-02 22:47] :: Parsing hook [scsi]
  [2011-03-02 22:47] :: Parsing hook [sata]
  [2011-03-02 22:47] :: Parsing hook [filesystems]
  [2011-03-02 22:47] :: Generating module dependencies
  [2011-03-02 22:47] :: Generating image '/boot/kernel26.img'...SUCCESS
  [2011-03-02 22:47] ==> SUCCESS
  [2011-03-02 22:47] ==> Building image "fallback"
  [2011-03-02 22:47] ==> Running command: /sbin/mkinitcpio -k 2.6.37-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26-fallback.img -S autodetect
  [2011-03-02 22:47] :: Begin build
  [2011-03-02 22:47] :: Parsing hook [base]
  [2011-03-02 22:47] :: Parsing hook [udev]
  [2011-03-02 22:47] :: Parsing hook [pata]
  [2011-03-02 22:48] :: Parsing hook [scsi]
  [2011-03-02 22:48] :: Parsing hook [sata]
  [2011-03-02 22:48] :: Parsing hook [filesystems]
  [2011-03-02 22:48] :: Generating module dependencies
  [2011-03-02 22:48] :: Generating image '/boot/kernel26-fallback.img'...SUCCESS
  [2011-03-02 22:48] ==> SUCCESS
  [2011-03-02 22:48] upgraded kernel26 (2.6.37-5 -> 2.6.37.2-1)
  [2011-03-02 22:48] upgraded libburn (1.0.0.pl00-1 -> 1.0.2.pl00-1)
  [2011-03-02 22:48] upgraded libfm (0.1.14-2 -> 0.1.14-4)
  [2011-03-02 22:48] upgraded libisofs (1.0.0-1 -> 1.0.2-1)
  [2011-03-02 22:48] upgraded libldap (2.4.23-1 -> 2.4.24-1)
  [2011-03-02 22:49] upgraded librsvg (2.32.1-1 -> 2.32.1-2)
  [2011-03-02 22:49] upgraded libwpd (0.9.0-1 -> 0.9.1-1)
  [2011-03-02 22:49] upgraded lsof (4.84-1 -> 4.84-2)
  [2011-03-02 22:49] upgraded mercurial (1.7.5-1 -> 1.8-1)
  [2011-03-02 22:49] upgraded mesa (7.10.0.git20110206-2 -> 7.10.0.git20110215-1)
  [2011-03-02 22:49] warning: /etc/ntp.conf installed as /etc/ntp.conf.pacnew
  [2011-03-02 22:49] warning: /etc/conf.d/ntp-client.conf installed as /etc/conf.d/ntp-client.conf.pacnew
  [2011-03-02 22:49] upgraded ntp (4.2.6.p2-1 -> 4.2.6.p3-1)
  [2011-03-02 22:49] upgraded pcmanfm (0.9.8-2 -> 0.9.8-5)
  [2011-03-02 22:49] upgraded phpmyadmin (3.3.9.2-1 -> 3.3.9.2-2)
  [2011-03-02 22:49] upgraded ppl (0.11-1 -> 0.11.2-1)
  [2011-03-02 22:49] upgraded ppp (2.4.5-1 -> 2.4.5-2)
  [2011-03-02 22:49] upgraded python-imaging (1.1.7-2 -> 1.1.7-3)
  [2011-03-02 22:49] upgraded python2-numpy (1.5.1-1 -> 1.5.1-2)
  [2011-03-02 22:49] upgraded qt (4.7.1-3 -> 4.7.2-1)
  [2011-03-02 22:49] upgraded v4l-utils (0.8.1-1 -> 0.8.3-1)
  [2011-03-02 22:49] upgraded vi (050325-3 -> 050325-4)
  [2011-03-02 22:49] upgraded vlc (1.1.7-2 -> 1.1.7-4)
  [2011-03-02 22:49] upgraded wget (1.12-3 -> 1.12-5)
  [2011-03-02 22:49] upgraded xf86-video-intel (2.14.0-1 -> 2.14.0-2)
  [2011-03-02 22:49] upgraded xvidcore (1.2.2-1 -> 1.3.0-1)
  i updated the four new files (*.pacnew). after a reboot i realized that mysqld failed to start and i didn't find anything in the logs. next thing was that the wicd daemon started and connected, but wicd-client failed with the error message "Bus error.". chromium also fails:
  [16297:16297:1023095321:ERROR:chrome/browser/process_singleton_linux.cc(949)] Failed to create socket directory.
  [16297:16297:1023098229:ERROR:chrome/browser/browser_main.cc(1293)] Failed to create a ProcessSingleton for your profile directory. This means that running multiple instances would start multiple browser processes rather than opening a new window in the existing process. Aborting now to avoid profile corruption.
  i found out that uninstalling jdk solves the problem, but that's no option for me. the above errors also appear when i install openjdk6 or jdk version 6u23-4. chromium doesn't even start if i install jdk after a reboot without logging in and out again (ergo java is not even in the path).
  maybe that's also interesting:
  $ uname -a
  Linux mathias-laptop 2.6.37-ARCH #1 SMP PREEMPT Fri Feb 25 09:07:57 UTC 2011 i686 Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz GenuineIntel GNU/Linux
  i couldn't find any related problems on the web...
  thank you for any help, ideas or hints!

  strange thing was, wicd and chromium worked when run as root. but i found the reason: no space left on my root partition =o| .

• SPA303 Provisioning over SSL with Client Verification problem

  Hello,
  We use DHCP (66) HTTPS URL for provisioning and initial configuration of SPA303 phones.
  When Client Verification is enabled - the phones fail to authenticate to the web server and provisioning fails. It works perfectly when Client Verification is disabled. Debug logs and ssl traffic sniffing revealed only that the phones fail to authenticate properly with the built-in certificates to the server.
  The server certificate passes validation (Cisco issued), however, since no full CA chain is availible from Cisco - we can't be completely sure it's valid.
  Server side is Apache, the SSL conf is as follows:
  SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:+MEDIUM
  SSLCertificateFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.cert
  SSLCertificateKeyFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.key
  SSLProtocol All -SSLv2
  SSLVerifyClient require
  SSLCACertificatePath /usr/local/apache2/conf/ssl/conf/ssl/
  SSLCACertificateFile /usr/local/apache2/conf/ssl/conf/ssl/combinedca.crt
  Could it be a problem with the server conf or certificate(s) issue?
  PS.
  We followed those to obtain the certs:
  https://supportforums.cisco.com/docs/DOC-9852
  https://supportforums.cisco.com/docs/DOC-12709
  Any ideas appriciated!

  SOLVED!
  I solved the problem.
  The key to the solution was the ifolder39_admin.pdf - page 226.
  Best regards
  Andre

• Ssl web service call problem

  Hi,
  I have a form that calls a web service on start up in the docReady event.
  This has been working well in one of our development environments where the the web service is on a plain non secure connection.
  However, when we try and make the same web service call using ssl instead, the returned values are not populated in the form. If I run the call twice in a row, it works as usual but this is not an acceptable solution.
  The other web services calls on the form all work as expected. It is just this one being called during the docReady event.
  Has anybody else encountered this problem?
  Thanks,
  Luke

  Hi Luke,
  I had a similar problem and the reason was that the SSL certificate on the server was not valid (without any errors or warnings).
  You might want to first try to access the service from a browser and make sure you don't get any security warnings, if you get any security warnings, Adobe won't be able to call that service.
  Hope this helps.
  Thanks,
  Vikram

• SSL/DIGITAL SIGNATURE Configuration problems

  Dear All,
  We are facing problems while configuring SSL for Digital signature. We are following the stpes given in ADS Configuration document. Documents present in help.sap.com do not give a clear picture of the various steps involved in authentication using digital signature. We require help with all the steps involved. To provide brief background, we have ABAP and JAVA engines on seperate servers and we were able to configure ADS successfully using basic authentication method as described in ADS config document. Now for Digital signature. we need to configure SSL, while doing so we are facing problems. We went through a lot of blogs and sdn links and numerous documents in SDN but still the problem remains. Please help us.
  Regards
  Mohammed

  Hi,
  When we execute the standard transaction for form 16 , three pdf forms are copied to the given location, they are
  Annex , form12BA and  form16
  Only file Annex contains data, the other two files are of 0 bytes. And also the file containing the data doesn't contain digital signature.
  We have gone through all the configuration check given in the ADS configuration document and all are given the correct output.
  Also we have installed  the credential file.
  Please guide us.
  Regards
  Dheeraj

• CSS SSL and link modification problem

  Hi all
  We have a problem using our CSS to offload SSL for a site. The offload works for the first connection, but the web application seems to be rewriting relative links as absolute links.
  For example, a user hits the site at https://www.mydomain.com. The CSS is configured to terminate the SSL traffic, and then send HTTP to the internal web server on TCP/81.
  What we're seeing in the client's browser is that all links are being returned as http://www.mydomain.com:81/... instead of https://www.mydomain.com/...
  Any idea of how we can do this without messing around with the web server too much? I.e. is there a way on the CSS to do link translation?
  Thanks

  If the link are indeed hardcoded like this, there is nothing the CSS can do.
  Bad server design.
  If the server is returning a redirect to http://... the CSS can intercept it and rewrite it to https.
  Please verify if there is a redirect.
  Gilles.

• JDK MetalWorks demo problems...

  Hello,
  I have been writing a Swing based MDI application (Taking the metalworks demo as a basis) and have come across some annoying, problems which i have tried to find a solution to and have also posted before without any responses... Can anyone tell me how I may go about verifying that these are indeed jdk issues and if there are any workarounds or known fixes... here is an example of a couple :
  (I am using Jdk 1.4.0_01 on win2k)
  Using the MetalWorks Demo as an example as we all have that code shipped with the jdk :
  // 1
  Add an accelerator to the open menu item like the following :
  open.setAccelerator(KeyStroke.getKeyStroke(KeyEvent.VK_F5, 0));
  Now Create a dialog using new, close the opened dialog and press F5 which is the new accellerator... NOTHING HAPPENS.... until you open another dialog and click on it...
  I am seeing this now in my own application whereby all my accelerator mappings get 'lost' when a window is closed, so when i have an accelerator to bring back up this window its disastrous as the mapping breaks.... HELP !
  // 2
  Another problem i have is the following :
  See http://forum.java.sun.com/thread.jsp?forum=57&thread=116814 , which is causing it to maximise over the windows start bar....
  I was told jdk1.4.x solves this but it does not... try it with the MetalWorksDemo...
  // 3
  Another problem is starting the MetalWorks demo, if you open the open dialog on Windows or Solaris it gets decorated with a green (!?) color, even though the rest of the application has the default sun purple decoration....
  Any help at all on any of these topics greatly appreciated...
  =A

  strange thing was, wicd and chromium worked when run as root. but i found the reason: no space left on my root partition =o| .

• [IMAP SSL] Certificate-Based Login problems

  Hi,
  I am trying to set up a Certificate-Based Login authentication for an installation of Java Messaging Server 7 Update 3 over Solaris x86 64bit platform.
  The objetive is to allow a client to establish an SSL session using a certificate that has been issued by a CA that the server has established as trusted and then grant access to the user without providing his password.
  In my installation, unfortunately password is allways required to login any user. These are the steps I have made:
  1. Add the CA-signed server certificate.
  2. Add the trusted Certificate Authority.
  3. Turn on all cipher suites including the weak ones.
  4. Enable SSL
  ./configutil -o service.imap.enablesslport -v yes
  ./configutil -o service.imap.enable -v 1
  ./configutil -o service.imap.sslport -v 993
  ./configutil -o service.imap.sslusessl -v yes
  ./configutil -o encryption.rsa.nssslpersonalityssl -v "Product-Cert" (where Product-Cert is my CA signed server certificate)
  5. Check with the netstat command to verify that the service is running.
  bash-3.00# ./configutil -o service.imap.sslport
  993
  bash-3.00# netstat -an | grep 993
  *.993 *.* 0 0 49152 0 LISTEN
  Once I have taken these steps, when I use a client to establish an SSL session with a PKCS#12 certificate installed (signed by the same CA trusted by MS and the email address in your users' certificates matches the email address in a users' directory entry) the connection is correct stablished using the port 993 but it is allways necessary to login with password to grant access.
  The imap logs seems to show that the MS is not requesting the user's certificate from the client, because allways shows "plaintext authentication" (this correspond a try to access to the user's inbox without Login).
  [10/Mar/2010:10:31:38 -0100] goody imapd[2623]: Account Notice: badlogin: [192.168.169.12:1595] plaintext llcc authentication failure
  [10/Mar/2010:10:31:41 -0100] goody imapd[2623]: Account Notice: close [192.168.169.12:1595] [unauthenticated] 2010/3/10 10:31:37 0:00:04 41 907 0
  [10/Mar/2010:10:32:21 -0100] goody imapd[2623]: Network Error: Socket error [192.168.169.12:2226] : I/O function error
  [10/Mar/2010:10:32:21 -0100] goody imapd[2623]: Account Notice: close [192.168.169.12:2226] [unauthenticated] 2010/3/10 10:31:56 0:00:25 11 511 0
  Also there are some error logs related to the Ciphers:
  [10/Mar/2010:10:30:39 -0100] goody imapd[2623]: General Error: SSL initialization error: Unable to enable SSL cipher suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SH
  A (0x0064)
  (-8186)
  Please, Can you help me to discover if there is something wrong in my configuration?
  Thanks in advance.
  Kind Regards,
  Luis

  Thanks for your reply Shane.
  Yes, I have configured the client to use port 993. I think the problem is in the Multiplexor configuration, after finished, I allways get this Log message in the ImapProxy Logs:
  [15/Mar/2010:17:25:10 -0100] goody ImapProxy[1865]: General Error: (id 455) Connection limit reached for client IP 192.168.169.108
  [15/Mar/2010:17:25:22 -0100] goody ImapProxy[1865]: General Error: (id 477) Connection limit reached for client IP 192.168.169.108
  [15/Mar/2010:17:25:37 -0100] goody ImapProxy[1865]: General Error: (id 499) Connection limit reached for client IP 192.168.169.108
  Where 192.168.169.108 is the IP of the server where MS is installed. The strange thing is that there are no connections established becacause this is a development environment, when I try to check the IMAP port (not ssl) I find a strange behaviour:
  bash-3.00# telnet localhost 143
  Trying 192.168.169.108...
  Connected to goody.
  Escape character is '^]'.
  * OK [CAPABILITY IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS CHILDREN BINARY UNSELECT SORT CATENATE URLAUTH LANGUAGE ESEARCH ESORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ENABLE QRESYNC CONTEXT=SEARCH CONTEXT=SORT WITHIN SASL-IR XSENDER X-NETSCAPE XSERVERINFO AUTH=PLAIN STARTTLS] Messaging Multiplexor (Sun Java(tm) System Messaging Server 7.3-11.01 (built Sep 1 2009))
  . login llcc LLCC_PASSWORD
  Connection to goody closed by foreign host.
  The ConnLimits parameter is set to default in the ImapProxyAService.cfg (i.e. default:ConnLimits 0.0.0.0|0.0.0.0:20).
  Also I have set this values not present in the link: http://wikis.sun.com/display/CommSuite/Configuring+Encryption+and+Certificate-Based+Authentication#ConfiguringEncryptionandCertificate-BasedAuthentication-ToSetUpCertificateBasedLogin
  configutil -o local.mmp.enable -v 1
  configutil -o local.store.enable -v 0
  configutil -o local.imta.enable -v 0
  configutil -o local.http.enable -v 0
  Any idea?
  One question more. I have read that Store Administrators have proxy authentication privileges to any service (POP, IMAP, HTTP, or SMTP), which means they can authenticate to any service using the privileges of any user. The question is: Is there any way for the Store Administrator to access to the mailbox of all the users using the IMAP protocol?
  Thanks a lot for your help,
  Best Regards,
  Luis

• SSL VPN Group-Lock problem

  Hi,
  I am trying to lock groups to a specific tunnel group but unfortunitly no matter what I do the group-lock feature doesnt seem to work. Basically here is what I want to do:
  1-Users detail is pulled from AD through LDAP
  2-AD group is mapped to the appropriate group on the ASA using attribute mapping
  3-user should only use the tunnel that he/she is locked to
  4-this all should be done without the user needing to select a group the vpn portal
  5-we will be using Any connect and VPN portal for communication
  All works fine except the group-lock feature. If enabled and set to "group-lock value NET_ADMIN_G" I get the following error on debug webvpn and the user is not allowed in.
  webvpn_auth.c:http_webvpn_post_authentication[1503]
  WebVPN: user: (test) authenticated.
  webvpn_auth.c:http_webvpn_auth_accept[2905]
  User came in on group he wasn't supposed to come in on!
  when removed no matter what I do the user is mapped to DefaultWEBVPNGroup tunnel group,
  SSLVPN(config-group-policy)# sho vpn-sessiondb webvpn
  Session Type: WebVPN
  Username     : test      Index        : 132
  Public IP    : 10.1.1.1
  Protocol     : Clientless
  License      : AnyConnect Premium
  Encryption   : Clientless: (1)AES256  Hashing      : Clientless: (1)SHA1
  Bytes Tx     : 252897                 Bytes Rx     : 48894
  Group Policy : NET_ADMIN              Tunnel Group : DefaultWEBVPNGroup
  Login Time   : 11:18:13 EDT Fri Mar 22 2013
  Duration     : 0h:01m:12s
  Inactivity   : 0h:00m:00s
  NAC Result   : Unknown
  VLAN Mapping : N/A                    VLAN         : none
  Asa is on 9.11.4.
  group policy:
  group-policy NET_ADMIN internal
  group-policy NET_ADMIN attributes
  wins-server none
  dns-server value 2.2.2.2
  vpn-access-hours none
  vpn-simultaneous-logins 3
  vpn-idle-timeout 30
  vpn-session-timeout none
  vpn-session-timeout alert-interval 25
  vpn-filter value VPN_SPLIT_TUNNEL
  vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
  password-storage disable
  ip-comp enable
  re-xauth disable
  pfs disable
  ipsec-udp disable
  ipsec-udp-port 10000
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN_SPLIT_TUNNEL
  default-domain value brightstarcorp.com
  split-dns value brightstarcorp.com
  secure-unit-authentication disable
  user-authentication disable
  user-authentication-idle-timeout none
  ip-phone-bypass disable
  client-bypass-protocol disable
  gateway-fqdn value svgmelb.au.brightstarcorp.com
  leap-bypass disable
  nem disable
  backup-servers clear-client-config
  msie-proxy method no-modify
  vlan none
  nac-settings none
  address-pools value SSL_POOL
  ipv6-address-pools none
  scep-forwarding-url none
  client-firewall none
  client-access-rule none
  webvpn
    url-list value NETADMIN_BOOKMARK
    filter value INTERNAL_WEBACL
    homepage use-smart-tunnel
    anyconnect ssl dtls enable
    anyconnect mtu 1406
    anyconnect keep-installer installed
    anyconnect ssl keepalive 20
    anyconnect ssl rekey time none
    anyconnect ssl rekey method none
    anyconnect dpd-interval client 30
    anyconnect dpd-interval gateway 30
    anyconnect ssl compression lzs
    anyconnect dtls compression lzs
    anyconnect modules value posture
    anyconnect profiles value net_admin_p type user
    anyconnect ask none default webvpn
    customization value NETADMIN_PORTAL
    hidden-shares visible
    activex-relay enable
    file-entry enable
    file-browsing enable
    url-entry enable
    deny-message value Login was successful, but because certain criteria have not been met, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
    anyconnect ssl df-bit-ignore disable
    always-on-vpn profile-setting
    auto-signon allow uri * auth-type all
  Tunnel Group:
  tunnel-group NET_ADMIN_G type remote-access
  tunnel-group NET_ADMIN_G general-attributes
  address-pool SSL_POOL
  authentication-server-group LDAP
  authorization-server-group LDAP
  accounting-server-group RGROUPADMIN
  default-group-policy NET_ADMIN
  authorization-required
  tunnel-group NET_ADMIN_G webvpn-attributes
  customization NETADMIN_PORTAL
  group-alias infra_network enable
  group-url https://x.x.x.x/network enable
  dns-group DNSGROUP
  Any ideas?
  Thanks in advance

  Hi Portu,
  Heres debug Ldap:
  SLVPN#
  [553] Session Start
  [553] New request Session, context 0x00007fff33beb228, reqType = Authentication
  [553] Fiber started
  [553] Creating LDAP context with uri=ldap://1.1.1.13:389
  [553] Connect to LDAP server: ldap://1.1.1.13:389, status = Successful
  [553] supportedLDAPVersion: value = 3
  [553] supportedLDAPVersion: value = 2
  [553] Binding as bind
  [553] Performing Simple authentication for test to 1.1.1.13
  [553] LDAP Search:
  Base DN = [OU=xx ENTERPRISE,DC=xxx,DC=com]
  Filter  = [sAMAccountName=test]
  Scope   = [SUBTREE]
  [553] User DN = [CN=test,OU=Users,OU=xx,OU=Australia,OU=APAC,OU=ENTERPRISE,DC=xxx,DC=com]
  [553] Talking to Active Directory server 1.1.1.13
  [553] Reading password policy for test, dn:CN=test,OU=Users,OU=xxx,OU=Australia,OU=APAC,OU=ENTERPRISE,DC=xxx,DC=com
  [553] Read bad password count 0
  [553] Binding as test
  [553] Performing Simple authentication for test to 1.1.1.13
  [553] Processing LDAP response for user test
  [553] Message (test):
  [553] Authentication successful for test to 1.1.1.13
  [553] Retrieved User Attributes:
  [553] objectClass: value = top
  [553] objectClass: value = person
  [553] objectClass: value = organizationalPerson
  [553] objectClass: value = user
  [553] cn: value = test
  [553] sn: value =
  [553] c: value = AU
  [553] l: value = xxx
  [553] st: value = xxx
  [553] title: value = test user  / IT
  [553] description: value = Network
  [553] postalCode: value = xxx
  [553] physicalDeliveryOfficeName: value = xxx
  [553] telephoneNumber: value = xxx
  [553] givenName: value = test
  [553] distinguishedName: value = CN=test,OU=Users,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=br
  [553] instanceType: value = 4
  [553] whenCreated: value = 20110327224420.0Z
  [553] whenChanged: value = 20130319223953.0Z
  [553] displayName: value = test
  [553] uSNCreated: value = 84454809
  [553] memberOf: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=
  [553] mapped to IETF-Radius-Class: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=xxx,DC=com
  [553] mapped to LDAP-Class: value = CN=APAC.Cisco.Tel.Users,OU=Security Groups,OU=xxx,OU=Australia,OU=APAC,OU=BS ENTERPRISE,DC=xxx,DC=com
  [553] memberOf: value = CN=Networks,OU=Distribution Groups,OU=xxx,OU=Australia,OU=APAC,OU=
  [553] mapped to IETF-Radius-Class: value = NET_ADMIN
  [553] mapped to LDAP-Class: value = NET_ADMIN
  [553] memberOf: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate
  [553] mapped to IETF-Radius-Class: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate,OU=US & Canada,OU=BS ENTERPRISE,DC=xxx,DC=com
  [553] mapped to LDAP-Class: value = CN=Email Notify SG10,OU=Distribution Groups,OU=Corporate,OU=US & Canada,OU=BS ENTERPRISE,DC=xxx,DC=com
  aaa common debug:
  AAA API: In aaa_open
  AAA session opened: handle = 3
  AAA API: In aaa_process_async
  aaa_process_async: sending AAA_MSG_PROCESS
  AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 0
  AAA FSM: In AAA_StartAAATransaction
  AAA FSM: In AAA_InitTransaction
  Initiating authentication to primary server (Svr Grp: LDAP)
  AAA FSM: In AAA_BindServer
  AAA_BindServer: Using server: 1.1.1.13
  AAA FSM: In AAA_SendMsg
  User: test
  Resp:
  callback_aaa_task: status = 1, msg =
  AAA FSM: In aaa_backend_callback
  aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
  AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
  AAA FSM: In AAA_ProcSvrResp
  Back End response:
  Authentication Status: 1 (ACCEPT)
  AAA FSM: In AAA_NextFunction
  AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = ACCEPT
  AAA_NextFunction: authen svr = BSTAR_LDAP, author svr = LDAP, user pol = NET_ADMIN, tunn pol = DfltGrpPolicy
  AAA_NextFunction: New i_fsm_state = IFSM_USER_GRP_POLICY,
  AAA FSM: In AAA_InitTransaction
  aaai_policy_name_to_server_id(NET_ADMIN)
  Got server ID 0 for group policy DB
  Initiating user group policy lookup (Svr Grp: GROUP_POLICY_DB)
  AAA FSM: In AAA_BindServer
  AAA_BindServer: Using server:
  AAA FSM: In AAA_SendMsg
  User: NET_ADMIN
  Resp:
  grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
  grp_policy_ioctl: Looking up NET_ADMIN
  callback_aaa_task: status = 1, msg =
  AAA FSM: In aaa_backend_callback
  aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
  AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
  AAA FSM: In AAA_ProcSvrResp
  Back End response:
  User Group Policy Status: 1 (ACCEPT)
  AAA FSM: In AAA_NextFunction
  AAA_NextFunction: i_fsm_state = IFSM_USER_GRP_POLICY, auth_status = ACCEPT
  AAA_NextFunction: New i_fsm_state = IFSM_AUTHORIZE,
  AAA FSM: In AAA_InitTransaction
  Initiating authorization query (Svr Grp: LDAP)
  AAA FSM: In AAA_BindServer
  AAA_BindServer: Using server: 1.1.1.13
  AAA FSM: In AAA_SendMsg
  User: test
  Resp:
  callback_aaa_task: status = 1, msg =
  AAA FSM: In aaa_backend_callback
  aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
  AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
  AAA FSM: In AAA_ProcSvrResp
  Back End response:
  Authorization Status: 1 (ACCEPT)
  AAA FSM: In AAA_NextFunction
  AAA_NextFunction: i_fsm_state = IFSM_AUTHORIZE, auth_status = ACCEPT
  AAA_NextFunction: author svr = BSTAR_LDAP, user pol = NET_ADMIN, tunn pol = DfltGrpPolicy
  AAA_NextFunction: New i_fsm_state = IFSM_AUTH_GRP_POLICY,
  AAA FSM: In AAA_InitTransaction
  aaai_policy_name_to_server_id(NET_ADMIN)
  Got server ID 0 for group policy DB
  Initiating authorization group policy lookup (Svr Grp: GROUP_POLICY_DB)
  AAA FSM: In AAA_BindServer
  AAA_BindServer: Using server:
  AAA FSM: In AAA_SendMsg
  User: NET_ADMIN
  Resp:
  grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
  grp_policy_ioctl: Looking up NET_ADMIN
  callback_aaa_task: status = 1, msg =
  AAA FSM: In aaa_backend_callback
  aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
  AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
  AAA FSM: In AAA_ProcSvrResp
  Back End response:
  Authorization Group Policy Status: 1 (ACCEPT)
  AAA FSM: In AAA_NextFunction
  AAA_NextFunction: i_fsm_state = IFSM_AUTH_GRP_POLICY, auth_status = ACCEPT
  AAA_NextFunction: New i_fsm_state = IFSM_TUNN_GRP_POLICY,
  AAA FSM: In AAA_InitTransaction
  aaai_policy_name_to_server_id(DfltGrpPolicy)
  Got server ID 0 for group policy DB
  Initiating tunnel group policy lookup (Svr Grp: GROUP_POLICY_DB)
  AAA FSM: In AAA_BindServer
  AAA_BindServer: Using server:
  AAA FSM: In AAA_SendMsg
  User: DfltGrpPolicy
  Resp:
  grp_policy_ioctl(0x00000000047eb0e0, 114698, 0x00007fff28d31c90)
  grp_policy_ioctl: Looking up DfltGrpPolicy
  callback_aaa_task: status = 1, msg =
  AAA FSM: In aaa_backend_callback
  aaa_backend_callback: Handle = 3, pAcb = 0x00007fff3401b550
  AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 1
  AAA FSM: In AAA_ProcSvrResp
  Back End response:
  Tunnel Group Policy Status: 1 (ACCEPT)
  AAA FSM: In AAA_NextFunction
  AAA_NextFunction: i_fsm_state = IFSM_TUNN_GRP_POLICY, auth_status = ACCEPT
  Class attribute created from LDAP-Class attribute
  AAA_NextFunction: New i_fsm_state = IFSM_DONE,
  AAA FSM: In AAA_ProcessFinal
  Checking simultaneous login restriction (max allowance=3) for user test
  AAA FSM: In AAA_Callback
  user attributes:
    1     User-Name(1)      6    "test"
    2     User-Password(2)     10    (hidden)
    3     Group-Policy(4121)      9    "NET_ADMIN"
    4     AAA-AVP-Table(4243)    11268    "[04],[00][00]t[00][00][00][F8][03][00][00][0F][04][00]"
    5     LDAP-Class(20520)     10    "NET_ADMIN[00]"
    6     LDAP-Class(20520)     11    "USERS[00]"
  user policy attributes:
    1     Filter-Id(11)      8    "VPN_SPLIT_TUNNEL"
    2     Session-Timeout(27)      4    0
    3     Idle-Timeout(28)      4    30
    4     Access-Hours(4097)      0    0x00007fff35d685e0   ** Unresolved Attribute **
    5     Simultaneous-Logins(4098)      4    3
    6     Primary-DNS(4101)      4    IP: 1.1.1.13
    7     Secondary-DNS(4102)      4    IP: 1.1.1.30
    8     Primary-WINS(4103)      4    IP: 0.0.0.0
    9     Secondary-WINS(4104)      4    IP: 0.0.0.0
  10     Tunnelling-Protocol(4107)      4    52
  11     Banner(4111)    446    "This is a PRIVATE computer system, which may be acces"
  12     Store-PW(4112)      4    0
  13     Split-Tunnel-Inclusion-List(4123)      8    "VPN_SPLIT_TUNNEL"
  14     Default-Domain-Name(4124)     18    "xxxxcorp.com"
  15     Secondary-Domain-Name-List(4125)     18    "xxxxcorp.com"
  16     Nat-Enabled-IPSec(4130)      4    0
  17     IPSec-UDP-Port(4131)      4    10000
  18     IPComp(4135)      4    1
  19     Authentication-On-Rekey(4138)      4    0
  20     Required-Firewall-Vendor-Code(4141)      0    0x0000000002e006b0   ** Unresolved Attribute **
  21     Required-Firewall-Product-Code(4142)      0    0x0000000002e006b0   ** Unresolved Attribute **
  22     Required-Firewall-Description(4143)      0    0x00007fff35d687fa   ** Unresolved Attribute **
  23     Secure-unit-config(4144)      4    0
  24     Individual-user-auth-config(4145)      4    0
  25     User-auth-idle-timeout(4146)      4    0
  26     Cisco-IP-telephony-config(4147)      4    0
  27     Split-Tunneling-Policy(4151)      4    1
  28     Required-Firewall-Capability(4152)      0    0x0000000002e006b0   ** Unresolved Attribute **
  29     Client Firewall Optional(4154)      0    0x0000000002e006b0   ** Unresolved Attribute **
  30     Backup-Ip-Sec-Peers-Enabled(4155)      4    2
  31     Network-Extension-Mode-Allowed(4160)      4    0
  32     URL list name(4167)     17    "NETADMIN_BOOKMARK"
  33     ACL-like filters(4169)      8    "INTERNAL_WEBACL"
  34     Cisco-LEAP-Passthrough-config(4171)      4    0
  35     IKE Client Type and Version Limiting policy rules(4173)      0    0x00007fff35d68835   ** Unresolved Attribute **
  36     IE-Proxy-Server-Method(4177)      4    1
  37     The tunnel group that tunnel must be associated with(4181)     11    "NET_ADMIN_G"
  38     User ACL for inbound traffic(4182)      8    ""
  39     User ACL for outbound traffic(4183)      8    ""
  40     Indicates whether or not PFS is required for IPSec(4184)      4    0
  41     WebVPN URL Entry enable(4189)      4    1
  42     WebVPN File Server Entry enable(4191)      4    1
  43     WebVPN File Server Browsing enable(4192)      4    1
  44     WebVPN SVC Keep enable(4201)      4    1
  45     WebVPN SVC Keepalive interval(4203)      4    20
  46     WebVPN SVC Client DPD period(4204)      4    30
  47     WebVPN SVC Gateway DPD period(4205)      4    30
  48     WebVPN SVC Rekey period(4206)      4    0
  49     WebVPN SVC Rekey method(4207)      4    0
  50     WebVPN SVC Compression(4208)      4    2
  51     WebVPN Customization(4209)     15    "NETADMIN_PORTAL"
  52     WebVPN Deny message(4212)    180    "Login was successful, but because certain criteria ha"
  53     WebVPN SVC DTLS Compression(4213)      4    2
  54     Extended Authentication-On-Rekey(4218)      4    0
  55     WebVPN SVC DTLS enable(4219)      4    1
  56     WebVPN SVC MTU(4221)      4    1406
  57     CIFS hidden shares(4222)      4    1
  58     CVC-Modules(4223)      7    "posture"
  59     CVC-Profile(4224)     17    "net_admin_p#user,"
  60     CVC-Ask(4227)      4    4
  61     CVC-Ask-Timeout(4228)      4    0
  62     WebVPN ActiveX Relay(4233)      4    1
  63     VLAN ID(4236)      4    0
  64     NAC Settings(4237)      0    0x00007fff35d68985   ** Unresolved Attribute **
  65     WebVPN Session timeout alert interval(4245)      4    25
  66     List of address pools to assign addresses from(4313)     13    "SSL_POOL"
  67     List of IPv6 address pools to assign addresses from(4314)      0    0x00007fff35d68998   ** Unresolved Attribute **
  68     Smart tunnel on home page enable(4324)      4    1
  69     Disable Always-On VPN(4325)      4    0
  70     SVC ignore DF bit(4326)      4    0
  71     Client Bypass Protocol(4331)      4    0
  72     Gateway FQDN(4333)     29    "xxx.xxxxcorp.com"
  73     CA URL for SCEP enrollment(20530)      0    0x00007fff35d689c7   ** Unresolved Attribute **
  tunnel policy attributes:
    1     Filter-Id(11)      8    "VPN_SPLIT_TUNNEL"
    2     Session-Timeout(27)      4    0
    3     Idle-Timeout(28)      4    30
    4     Access-Hours(4097)      0    0x00007fff351cddd0   ** Unresolved Attribute **
    5     Simultaneous-Logins(4098)      4    0
    6     Primary-DNS(4101)      4    IP: 10.125.3.7
    7     Secondary-DNS(4102)      4    IP: 10.125.3.5
    8     Primary-WINS(4103)      4    IP: 0.0.0.0
    9     Secondary-WINS(4104)      4    IP: 0.0.0.0
  10     Tunnelling-Protocol(4107)      4    124
  11     Banner(4111)    446    "This is a PRIVATE computer system, which may be acces"
  12     Store-PW(4112)      4    0
  13     Group-Policy(4121)     13    "DfltGrpPolicy"
  14     Split-Tunnel-Inclusion-List(4123)      8    "VPN_SPLIT_TUNNEL"
  15     Default-Domain-Name(4124)     18    "xxxxcorp.com"
  16     Secondary-Domain-Name-List(4125)      0    0x00007fff351cdfc7   ** Unresolved Attribute **
  17     Nat-Enabled-IPSec(4130)      4    0
  18     IPSec-UDP-Port(4131)      4    10000
  19     IPComp(4135)      4    0
  20     Authentication-On-Rekey(4138)      4    0
  21     Secure-unit-config(4144)      4    0
  22     Individual-user-auth-config(4145)      4    0
  23     User-auth-idle-timeout(4146)      4    30
  24     Cisco-IP-telephony-config(4147)      4    0
  25     Split-Tunneling-Policy(4151)      4    1
  26     Client Firewall Optional(4154)      0    0x00007fff351cdfec   ** Unresolved Attribute **
  27     Backup-Ip-Sec-Peers-Enabled(4155)      4    1
  28     Group-giaddr(4157)      4    IP: 0.0.0.0
  29     Intercept-DHCP-Configure-Msg(4158)      4    0
  30     Client-Subnet-Mask(4159)      4    IP: 255.255.255.255
  31     Network-Extension-Mode-Allowed(4160)      4    0
  32     WebVPN Content Filter Parameters(4165)      4    0
  33     WebVPN Parameters configuration(4166)      4    1
  34     URL list name(4167)      0    0x00007fff351ce008   ** Unresolved Attribute **
  35     Forwarded ports(4168)      0    0x00007fff351ce009   ** Unresolved Attribute **
  36     ACL-like filters(4169)      8    "INTERNAL_WEBACL"
  37     Cisco-LEAP-Passthrough-config(4171)      4    0
  38     Default WebVPN homepage(4172)      0    0x00007fff351ce016   ** Unresolved Attribute **
  39     IKE Client Type and Version Limiting policy rules(4173)      0    0x00007fff351ce017   ** Unresolved Attribute **
  40     Application Access Name(4175)     18    "Application Access"
  41     IE-Proxy-Server(4176)      0    0x00007fff351ce02b   ** Unresolved Attribute **
  42     IE-Proxy-Server-Method(4177)      4    1
  43     IE-Proxy-Server-Exceptions(4178)      0    0x00007fff351ce030   ** Unresolved Attribute **
  44     IE-Proxy-Server-Bypass-Local(4179)      4    0
  45     The tunnel group that tunnel must be associated with(4181)      0    0x00007fff351ce035   ** Unresolved Attribute **
  46     Indicates whether or not PFS is required for IPSec(4184)      4    0
  47     NAC Enable/Disable(4185)      4    0
  48     NAC Status Query Timer(4186)      4    300
  49     NAC Revalidation Timer(4187)      4    36000
  50     NAC Default ACL(4188)      8    ""
  51     WebVPN URL Entry enable(4189)      4    0
  52     WebVPN File Server Entry enable(4191)      4    0
  53     WebVPN File Server Browsing enable(4192)      4    0
  54     WebVPN Port Forwarding enable(4193)      4    0
  55     WebVPN Port Forwarding Exchange Proxy enable(4194)      4    0
  56     WebVPN Port Forwarding HTTP Proxy enable(4195)      4    0
  57     WebVPN SVC enable(4199)      4    0
  58     WebVPN SVC Required enable(4200)      4    0
  59     WebVPN SVC Keep enable(4201)      4    0
  60     WebVPN SVC Keepalive interval(4203)      4    20
  61     WebVPN SVC Client DPD period(4204)      4    30
  62     WebVPN SVC Gateway DPD period(4205)      4    30
  63     WebVPN SVC Rekey period(4206)      4    0
  64     WebVPN SVC Rekey method(4207)      4    0
  65     WebVPN SVC Compression(4208)      4    2
  66     WebVPN Customization(4209)      0    0x00007fff351ce08a   ** Unresolved Attribute **
  67     Single Sign On Server Name(4210)      0    0x00007fff351ce08b   ** Unresolved Attribute **
  68     WebVPN SVC Firewall Rule(4211)     17    "private#,public#,"
  69     WebVPN Deny message(4212)    180    "Login was successful, but because certain criteria ha"
  70     WebVPN SVC DTLS Compression(4213)      4    2
  71     HTTP compression method(4216)      4    0
  72     Maximum object size to ignore for updating the session timer(4217)      4    4
  73     Extended Authentication-On-Rekey(4218)      4    0
  74     WebVPN SVC DTLS enable(4219)      4    1
  75     WebVPN SVC MTU(4221)      4    1406
  76     CIFS hidden shares(4222)      4    0
  77     CVC-Modules(4223)     20    "dart,vpngina,posture"
  78     CVC-Profile(4224)     15    "IPSEC_VPN#user,"
  79     CVC-IKE-Retry-Timeout(4225)      4    10
  80     CVC-IKE-Retry-Count(4226)      4    3
  81     CVC-Ask(4227)      4    2
  82     CVC-Ask-Timeout(4228)      4    0
  83     IE-Proxy-Pac-URL(4229)      0    0x00007fff351ce1a4   ** Unresolved Attribute **
  84     IE-Proxy-Lockdown(4230)      4    1
  85     WebVPN Smart Tunnel(4232)      0    0x00007fff351ce1a9   ** Unresolved Attribute **
  86     WebVPN ActiveX Relay(4233)      4    1
  87     WebVPN Smart Tunnel Auto Download enable(4234)      4    0
  88     WebVPN Smart Tunnel Auto Sign On enable(4235)      0    0x00007fff351ce1b2   ** Unresolved Attribute **
  89     VLAN ID(4236)      4    0
  90     NAC Settings(4237)      0    0x00007fff351ce1b7   ** Unresolved Attribute **
  91     MemberOf(4241)      0    0x00007fff351ce1b8   ** Unresolved Attribute **
  92     WebVPN Idle timeout alert interval(4244)      4    1
  93     WebVPN Session timeout alert interval(4245)      4    1
  94     Maximum object size for download(4253)      4    2147483647
  95     Maximum object size for upload(4254)      4    2147483647
  96     Maximum object size for post(4255)      4    2147483647
  97     User storage(4256)      0    0x00007fff351ce1cd   ** Unresolved Attribute **
  98     User storage objects(4257)     19    "cookies,credentials"
  99     User storage shared key(4258)      0    0x00007fff351ce1e2   ** Unresolved Attribute **
  100     VDI configuration(4259)      0    0x00007fff351ce1e3   ** Unresolved Attribute **
  101     NAC Exception List(4312)      4    0
  102     List of address pools to assign addresses from(4313)      0    0x00007fff351ce1e8   ** Unresolved Attribute **
  103     List of IPv6 address pools to assign addresses from(4314)      0    0x00007fff351ce1e9   ** Unresolved Attribute **
  104     IPv6 filter-id(4315)      8    ""
  105     WebVPN Unix user ID(4317)      4    65534
  106     WebVPN Unix group ID(4318)      4    65534
  107     Disconnect VPN tunnel when a Smartcard is removed(4321)      4    1
  108     WebVPN Smart Tunnel Tunnel Policy(4323)      0    0x00007fff351ce1fe   ** Unresolved Attribute **
  109     Disable Always-On VPN(4325)      4    1
  110     SVC ignore DF bit(4326)      4    0
  111     SVC client routing/filtering ignore(4327)      4    0
  112     Configure the behaviour of DNS queries by the client when Split tunneling is enabled(4328)      4    0
  113     Client Bypass Protocol(4331)      4    0
  114     IPv6-Split-Tunneling-Policy(4332)      4    0
  115     Gateway FQDN(4333)      0    0x00007fff351ce217   ** Unresolved Attribute **
  116     CA URL for SCEP enrollment(20530)      0    0x00007fff351ce218   ** Unresolved Attribute **
  Auth Status = ACCEPT
  AAA API: In aaa_close
  AAA task: aaa_process_msg(0x00007fff28d327d0) received message type 3
  In aaai_close_session (3)
  Thanks,

• SSL, 128-bit encryption problem

  Hi
  I need to establish a connection over SSL with 128-bit encryption from my
  client application to Active Directory. But when a connection is established
  I look at the System log and see the cipher strength is only 56.
  Does anybody have an idea how can I raise the cipher strength?
  Thanks

  Sorry,
  It was my fault. I used 56-bit SDK. After upgrade all is perfect.
  "Gennady" <[email protected]> wrote in message
  news:9mgd4d$[email protected]..
  Hi
  I need to establish a connection over SSL with 128-bit encryption from my
  client application to Active Directory. But when a connection isestablished
  I look at the System log and see the cipher strength is only 56.
  Does anybody have an idea how can I raise the cipher strength?
  Thanks

• Server 3 / SSL Certificate / Open Directory - Problem!

  We've updated from Server 2 to Server 3 / OS X 10.9.
  We have an SSL certificate for server from Comodo.
  Under Server 2, all worked just fine, with the SSL certificate being used to secure all services (configure via Server app).
  Under Server 3, all works just fine, but Open Directory will not accept certificate - so Certificates / Settings in Server 3 app shows "Custom Configuration" for Settings - and on inspecting this it is because Open Directory set to be not secured but everything else is using SSL.
  I've tried setting the Open Directory to use the SSL, but when ever I do it simply bounces back to being unsecured.
  Does this matter?  Presumably it should be possible (as the standard setting appears to try and set Open Directory to use the SSL certificate), but not sure whether trying to fix is simply a fools errand.
  Anyone got any clues as to whether to fix or not, and if to fix, how?
  Thanks in advance.

  Have you check to see that the certificate is indeed "Trusted" by your server?
  Above, you stated that they're in the etc/certificates folder, but that doesn't mean that the server likes them.  You can create a "Self Signed" Certificate and still have certificates in there.  That doesn't mean that anyone else on the planet has to trust them.
  Open Keychain Access in your utilities folder.  Depending on how you have it configured, you may have to look around to find the certificate in question.  It may be under login, or System. 
  When you select your Certificate, if it's there, does it show as trusted?
  Another thing you can check...  Often times Certificate authories, use Intermdeiate certificates.  Since anyone can sell a certificate, in order to have it trusted, you need to have it signed by someone else.  A good example is Godaddy.  They sell both SSL and Code signing certificates of all flavours.  In order to get them to be trusted, the "Intermediate Certificate" needs to also be installed in the keychain.  My Godaddy cert looks to be trusted by Verisign via an intermediate.
  Have a look here...  https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid =1182
  Not sure if it's directly relevant, but there it is.
  The point is, I think you need to verify that your certificate is trusted by your server.  OD won't use an untrusted certificate. 
  --an afterthought--  Anything in the logs?
  Open up your server window where you try to select the certificate for OD.  Also, in another window open up the terminal.  In terminal, type:
  tail -f /var/log/system.log
  In the server window try to select the certificate and click done.  See what the output in terminal says.

• JDK setting / Execution problem

  I have installed jdk 6 on C:\JAVA\JDK\ path. I am creating simple hello world application inside bin folder. when i compile this file it gets compiled - ok. but when i try to run this file using command java.exe i get following.......
  C:\Java\jdk\bin>javac test.java
  C:\Java\jdk\bin>java test
  Exception in thread "main" java.lang.NoClassDefFoundError: test
  Caused by: java.lang.ClassNotFoundException: test
  at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
  at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:276)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
  at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
  source code is
  class test {
  public static void main (String args[]){
  System.out.println("hello");
  I have installed oracle jbuilder 10g, 10g developer suite, 9i database and may have some other java applications. I try to set path and classpath but none works.. any body help.................

  thanks for ur kind reply but did not work.....
  C:\Java\jdk\bin>set classpath=c:\java\jdk\bin
  C:\Java\jdk\bin>java -classpath test
  Usage: java [-options] class [args...]
  (to execute a class)
  or java [-options] -jar jarfile [args...]
  (to execute a jar file)
  where options include:
  -client to select the "client" VM
  -server to select the "server" VM
  -hotspot is a synonym for the "client" VM [deprecated]
  The default VM is client.
  -cp <class search path of directories and zip/jar files>
  -classpath <class search path of directories and zip/jar files>
  A ; separated list of directories, JAR archives,
  and ZIP archives to search for class files.
  -D<name>=<value>
  set a system property
  -verbose[:class|gc|jni]
  enable verbose output
  -version print product version and exit
  -version:<value>
  require the specified version to run
  -showversion print product version and continue
  -jre-restrict-search | -jre-no-restrict-search
  include/exclude user private JREs in the version search
  -? -help print this help message
  -X print help on non-standard options
  -ea[:<packagename>...|:<classname>]
  -enableassertions[:<packagename>...|:<classname>]
  enable assertions
  -da[:<packagename>...|:<classname>]
  -disableassertions[:<packagename>...|:<classname>]
  disable assertions
  -esa | -enablesystemassertions
  enable system assertions
  -dsa | -disablesystemassertions
  disable system assertions
  -agentlib:<libname>[=<options>]
  load native agent library <libname>, e.g. -agentlib:hprof
  see also, -agentlib:jdwp=help and -agentlib:hprof=help
  -agentpath:<pathname>[=<options>]
  load native agent library by full pathname
  -javaagent:<jarpath>[=<options>]
  load Java programming language agent, see java.lang.instrument
  -splash:<imagepath>
  show splash screen with specified image
  C:\Java\jdk\bin>

• SSL offloading - Backend Server problem.

  I am configuring SSL offloading for the first time. After configuring my css 11503 to do the offloading I discoverd I can still access the secure web page through a normal HTTP request from the public internet. (as apposed to HTTPS). What is the best and esasiest way to stop this from happening.

  The solution is to use a redirect from HTTP to HTTPS
  You can let the server do the redirect or configure the CSS with a redirect service.
  More info at
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080094068.shtml
  Gilles.

• SSL Problem in Flex

  I am using Flex with PHP via AMF PHP. Building application
  was fine. But it gave me problem when I deployed it to server which
  sits behind SSL layer. The problem is not associate with data
  accessing I can access data very well but I when I go to any other
  page after visiting flex part it just kicks user out to login page
  again. If I simply use HTTP protocol it does not happen but if I
  use HTTPS protocol it does. I did intense research in this problem.
  I tried following solutions.
  USE crossdomain file name crossdomain.xml
  loadpolicy file
  class="mx.messaging.channels.SecureAMFChannel" in
  service-config.xml
  class="flex.messaging.endpoints.SecureAMFEndpoint" in
  service-config.xml
  lastly here is my crossdomain.xml
  <?xml version="1.0" ?>
  <!-- https://imtecintranet/shopping -->
  <!DOCTYPE cross-domain-policy SYSTEM "
  http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
  <allow-access-from domain="*" secure="false"
  to-ports="443"/>
  </cross-domain-policy>
  All this solution mentioned in different websites including
  flex documentation didn't worked. It's not the problem from PHP
  side since it works perfectly with Flex if I use HTTP protocol so I
  think problem is in Flex side. I read in this website
  http://www.onflex.org/ted/2005/11/using-flash-player-under-https-with.php
  that flash player have bugs and so, I tried to solve this
  problem by using cross-domain.xml file but unfortunately this
  didn't solve the problem. Any help will be greatly appreciated.

  with some additional attributes added on to server.xml <Connector /> tag application is loading fine in local environment.
  <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" bufferSize="64000" maxHttpHeaderSize="64000"  socket.appWriteBufSize="64000" socket.appReadBufSize="64000" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\user_name\.keystore" keystorePass="*****" allowTrace="false"/>
  But the same changes are not working in UAT environment, any clue on it will help me.
  thanks in advance.

• Problems in Working with J2me----- call jdk packages in j2me

  Hi guys,
  I am developing an application to compress mp3 in cell phone. I have developed a code using javax.sound and other jdk packages
  Th problem is that i want to call the functions of this code in the J2me code but it give me a error that the jdk packages not found
  So the question is there any way to use JDk packages in J2me
  Waiting for your Reply
  Thnx

  punit_solanki wrote:
  So the question is there any way to use JDk packages in J2meNo, there isn't. But if it is simple, you can try to implement the part of the JDK you use that it is not on J2ME.
  If you want to develop for J2ME, you should use an IDE that sets the configuration for J2ME and doesn't allow you to use libraries that are not on J2ME.
  Netbeans, for example, let you choose which mobile configuration are you going to develop for.