Stopweblogic.sh failed to authenticated

Similar Messages

• "invalid password "on Iweb Test. and on SEO Tool, Login Failed Login Authentication Failed, ALL SETTING ARE CORRECT HELP

  I have been updating my site over the last week, using Iweb SEO TOOL, but suddenly 2 days ago I can no longer update when i go to publish it says "invalid password "on Iweb Test. and on SEO Tool, Login Failed Login Authentication Failed, the password and all settings are correct.
  I am 100% sure the all the setting are correct, as it has been working for the last 7 months and I have just been updating it, then suddenly it stopped, I have all the FTP settings wrote down, and even changed the passwords twice hoping that may work to no avail.

  Try the following:
  delete the iWeb preference files, com.apple.iWeb.plist and com.apple.iWeb.plist.lockfile, that resides in your Home() /Library/Preferences folder.
  go to your Home()/Library/Caches/com.apple.iWeb folder and delete its contents.
  Click to view full size
  launch iWeb and try again.
  If that doesn't help continue with:
  move the domain file from your Home/Library/Application Support/iWeb folder to the Desktop.
  launch iWeb, create a new test site, save the new domain file and close iWeb.
  go to the your Home/Library/Application Support/iWeb folder and delete the new domain file.
  move your original domain file from the Desktop to the iWeb folder.
  launch iWeb and try again.

• Updating hybrid configuration failed - Kerberos authentication: The network path was not found

  I'm configuring Exchange 2010 SP3 as a Hybrid server with Exchange Online. This is a single server running Exchange roles Mailbox, Client Access, Unified Messaging and Hub Transport.
  When I run the Manage Hybrid Configuration, I receive the following error:
  Updating hybrid configuration failed with error
  'System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: The network
  path was not found.
  The full text from the Hybrid Configuration log file (C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration)
  [1/5/2014 21:21:1] INFO:Opening runspace to
  http://[servername]/powershell?serializationLevel=Full
  [1/5/2014 21:21:1] INFO:Disconnected from On-Premises session
  [1/5/2014 21:21:1] ERROR:Updating hybrid configuration failed with error 'System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server failed with the following error message : WinRM cannot process the request. The following
  error occured while using Kerberos authentication: The network path was not found. 
   Possible causes are:
    -The user name or password specified are invalid.
    -Kerberos is used when no authentication method and no user name are specified.
    -Kerberos accepts domain user names, but not local user names.
    -The Service Principal Name (SPN) for the remote computer name and port does not exist.
    -The client and remote computers are in different domains and there is no trust between the two domains.
   After checking for the above issues, try the following:
    -Check the Event Viewer for events related to authentication.
    -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
   Note that computers in the TrustedHosts list might not be authenticated.
     -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
     at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
     at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
     at System.Management.Automation.Runspaces.RunspacePool.Open()
     at System.Management.Automation.RemoteRunspace.Open()
     at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.Connect(PSCredential credentials, CultureInfo sessionUiCulture)
     at Microsoft.Exchange.Management.Hybrid.Engine.Execute(ILogger logger, String onPremPowershellHost, PSCredential onPremCredentials, PSCredential tenantCredentials, HybridConfiguration hybridConfiguration)
     at Microsoft.Exchange.Management.SystemConfigurationTasks.UpdateHybridConfiguration.InternalProcessRecord()'.
  I have sought help, posting on the forum at community.office365.com -
  http://community.office365.com/en-us/forums/158/t/212265.aspx. But I've got to a point where I believe the problem is more to do with how PowerShell is operating on the on-prem Exchange server.
  Has anyone else come across this problem running the Hybrid Configuration Wizard?

  Hello Darrell,
  Have you verified the settings of Powershell virtual directories for the on-premises Exchange Servers? The following article has a list of some common issues with that virtual directory and how to correct them:
  http://technet.microsoft.com/en-us/library/ff607221(v=exchg.80).aspxI would take a look at the one titled "Configure Kerberos Authentication" specifically to ensure everything
  looks good.
  As the article states you can run the Exchange BPA and it will check if any of these exist as well.

• Windows 7 fails when authenticating to another computer on the network

  In Windows 7 (home premium, 64 bit), I am attached to a VPN (Using OpenVPN). Then, whenever I try to either:
  - Use explorer to look at the file system of another computer 
  - Use the remote desktop connection on another computer
  - Map a folder on another computer as a network drive
  ... in all of these cases, I get the authentication dialog and once I send my username and password, it crashes. For example, when I use explorer, it hangs, and then comes back with the message: "Explorer has stopped working"
  I have elsewhere seen a proposed solution for similar symptoms, of deleting this key: 
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling 
  However, this is not applicable in my case, as the key is not present.
  I don't think that this can be a problem with the network, because:
  a) this works fine from a different computer, running XP,
  b) I have in fact seen this working on this computer, but just once, straight after a system restore, and I can't replicate the success by doing another system restore.
  c) If it were a problem with the network, you would expect Windows to fail gracefully.
  Additionally:
  - Disabling the firewall doesn't help.
  - Disabling the antivirus software (AVG) doesn't help.
  - Doing a clean boot doesn't help.
  I'd be grateful for any suggestions.

  try changing windows authentication levels
  http://social.technet.microsoft.com/Forums/windows/en-US/aca3e2d0-6d43-431f-bbba-3c01aea6d5a6/changing-authentication-level?forum=w7itpronetworking
  http://technet.microsoft.com/en-us/library/jj852207.aspx

• BAM Adapter fails with Authentication

  Hi,
  I've created a simple BPEL process which populates a sensor variable and tries to insert a row in a BAM data object. I have already configured the BAM Adapter to reflect the host, port, password, etc. When I call the BPEL process, the sensor variable gets populated but it does not proceed thereon to BAM. The message fails at BAM with the following:
  javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User webbam javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User webbam denied
  at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:73)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  at javax.security.auth.login.LoginContext$5.run(LoginContext.java:707)
  at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
  at oracle.bam.common.security.authentication.BamLoginContext.loginJPS(BamLoginContext.java:320)
  at oracle.bam.common.security.authentication.BamLoginContext.loginJPS(BamLoginContext.java:289)
  at oracle.bam.common.security.authentication.BamLoginContext.login(BamLoginContext.java:157)
  at oracle.bam.common.security.authentication.BamLoginContext.login(BamLoginContext.java:95)
  at oracle.bam.adapter.adc.CachedConnection.<init>(CachedConnection.java:144)
  at oracle.bam.adapter.adc.ADCManagedConnectionFactory.getCachedConnection(ADCManagedConnectionFactory.java:503)
  at oracle.bam.adapter.adc.ADCInteraction.execute(ADCInteraction.java:226)
  at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAInteractionInvoker.executeJcaInteraction(JCAInteractionInvoker.java:303)
  at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAInteractionInvoker.invokeJcaReference(JCAInteractionInvoker.java:542)
  at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAInteractionInvoker.invokeAsyncJcaReference(JCAInteractionInvoker.java:502)
  at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAEndpointInteraction.performAsynchronousInteraction(JCAEndpointInteraction.java:491)
  at oracle.integration.platform.blocks.adapter.client.JCABindingOperation.executeInputOnlyOperation(JCABindingOperation.java:159)
  at com.collaxa.cube.engine.sensor.sa.publisher.bamMonitor.BAMMonitorDataPublisher.sendPayloadtoBam(BAMMonitorDataPublisher.java:119)
  at com.collaxa.cube.engine.sensor.sa.publisher.bamMonitor.BAMMonitorDataPublisher.publish(BAMMonitorDataPublisher.java:80)
  at com.collaxa.cube.engine.sensor.sa.publisher.bamMonitor.BAMMonitorPublisherAdapter.publish(BAMMonitorPublisherAdapter.java:60)
  at com.collaxa.cube.engine.sensor.sa.BpelPublisher.publishMonitor(BpelPublisher.java:179)
  at com.collaxa.cube.engine.sensor.sa.MonitorDataRouter.send(MonitorDataRouter.java:14)
  at com.collaxa.cube.engine.sensor.dca.DataCaptureAgency.sendMonitorActivityData(DataCaptureAgency.java:455)
  at com.collaxa.cube.engine.sensor.dca.DataCaptureAgency.onActivityActivate(DataCaptureAgency.java:253)
  at com.collaxa.cube.engine.util.CompositeInstanceObserver.onActivityActivate(CompositeInstanceObserver.java:34)
  at com.collaxa.cube.engine.ext.bpel.v1.blocks.BPELProcessBlock.activate(BPELProcessBlock.java:77)
  at orabpel.bploracletofltwiface.BPEL_BIN$$BPELC_BpPrc0.activate(BPEL_BIN.java:979)
  at com.collaxa.cube.engine.CubeEngine.invokeMethod(CubeEngine.java:882)
  at com.collaxa.cube.engine.CubeEngine._createAndInvoke(CubeEngine.java:699)
  at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:545)
  at com.collaxa.cube.engine.delivery.DeliveryService.handleInvoke(DeliveryService.java:654)
  at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(CubeDeliveryBean.java:355)
  at sun.reflect.GeneratedMethodAccessor1126.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.jee.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:104)
  at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:88)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:414)
  at oracle.security.jps.wls.JpsWeblogicEjbInterceptor.runJaasMode(JpsWeblogicEjbInterceptor.java:61)
  at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:106)
  at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:106)
  at sun.reflect.GeneratedMethodAccessor898.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.jee.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:69)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at $Proxy246.handleInvoke(Unknown Source)
  at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.handleInvoke(BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.java:462)
  at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle(InvokeInstanceMessageHandler.java:35)
  at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(DispatchHelper.java:141)
  at com.collaxa.cube.engine.dispatch.BaseDispatchTask.run(BaseDispatchTask.java:82)
  at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:909)
  at java.lang.Thread.run(Thread.java:619)
  I know a lot of user have faced this issue (numerous posts on this forum) and the issues have been solved once the BAM Adapter in the WLS console was updated with the host, port, username and password. However, I am facing this issue despite changing that.
  Are there any other changes I am supposed to do after entering the values in the BAM Adapter? Do I need to activate in the change center or redeploy? I am using SOA 11.1.1.3

  Hi,
  I did not update the deployment plan for the BAMAdapter despite making changes in the BAMAdapter. This was the cause of the authentication failure.
  Thanks.

• Cisco ISE Machine failed machine authentication

  Hi, last week we migrated to ISE 1.2 Patch 7 and since then we are having trouble with our corporate SSID.
  We have a rule that says :
  1) User is domain user.
  2) Machine is authenticated.
  But for some reason that I can't figure out some machine(I would say around 200/1000) can't seem to authenticate.
  This is the message I found in the "steps"
  24423     ISE has not been able to confirm previous successful machine authentication for user in Active Directory
  I was wondering if I could force something on the controller or on ISE directly.
  EDIT : In the operation > Authentication I can see that some host/MachineName are getting authenticated.
  Would I be able to force this as a step in my other rule.

  Hi shertica, and thank you for the explanation. I started working with ISE a month ago and still getting familiarized but I think the problem is the relationship between the Machine and the user because I can't find any Host/MachineName fail in the last 24 hour and I can't seem to have any log further than that.
  Failure Reason
  15039 Rejected per authorization profile
  Resolution
  Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule. Check the appropriate Authorization policy rule-results.
  Steps
  11001
  Received RADIUS Access-Request
  11017
  RADIUS created a new session
  15049
  Evaluating Policy Group
  15008
  Evaluating Service Selection Policy
  15048
  Queried PIP
  15048
  Queried PIP
  15048
  Queried PIP
  15004
  Matched rule
  11507
  Extracted EAP-Response/Identity
  12300
  Prepared EAP-Request proposing PEAP with challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12302
  Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
  12318
  Successfully negotiated PEAP version 0
  12800
  Extracted first TLS record; TLS handshake started
  12805
  Extracted TLS ClientHello message
  12806
  Prepared TLS ServerHello message
  12807
  Prepared TLS Certificate message
  12810
  Prepared TLS ServerDone message
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12318
  Successfully negotiated PEAP version 0
  12812
  Extracted TLS ClientKeyExchange message
  12804
  Extracted TLS Finished message
  12801
  Prepared TLS ChangeCipherSpec message
  12802
  Prepared TLS Finished message
  12816
  TLS handshake succeeded
  12310
  PEAP full handshake finished successfully
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  12313
  PEAP inner method started
  11521
  Prepared EAP-Request/Identity for inner EAP method
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  11522
  Extracted EAP-Response/Identity for inner EAP method
  11806
  Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  11808
  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
  15041
  Evaluating Identity Policy
  15006
  Matched Default Rule
  15013
  Selected Identity Source - IdentityStore_AD_liadom01
  24430
  Authenticating user against Active Directory
  24402
  User authentication against Active Directory succeeded
  22037
  Authentication Passed
  11824
  EAP-MSCHAP authentication attempt passed
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  11810
  Extracted EAP-Response for inner method containing MSCHAP challenge-response
  11814
  Inner EAP-MSCHAP authentication succeeded
  11519
  Prepared EAP-Success for inner EAP method
  12314
  PEAP inner method finished successfully
  12305
  Prepared EAP-Request with another PEAP challenge
  11006
  Returned RADIUS Access-Challenge
  11001
  Received RADIUS Access-Request
  11018
  RADIUS is re-using an existing session
  12304
  Extracted EAP-Response containing PEAP challenge-response
  24423
  ISE has not been able to confirm previous successful machine authentication for user in Active Directory
  15036
  Evaluating Authorization Policy
  24432
  Looking up user in Active Directory - LIADOM01\lidoex
  24416
  User's Groups retrieval from Active Directory succeeded
  15048
  Queried PIP
  15048
  Queried PIP
  15048
  Queried PIP
  15048
  Queried PIP
  15048
  Queried PIP
  15004
  Matched rule - AuthZBlock_DOT1X
  15016
  Selected Authorization Profile - DenyAccess
  15039
  Rejected per authorization profile
  12306
  PEAP authentication succeeded
  11503
  Prepared EAP-Success
  11003
  Returned RADIUS Access-Reject
  Edit : I found a couple of these :
  Event
  5400 Authentication failed
  Failure Reason
  24485 Machine authentication against Active Directory has failed because of wrong password
  Resolution
  Check if the machine is present in the Active Directory domain and if it is spelled correctly. Also check whether machine authentication is configured properly on the supplicant.
  Root cause
  Machine authentication against Active Directory has failed because of wrong password.
  Username
  host/MachineName
  I also have an alarming number of : Misconfigured Supplicant Detected(3714)

• Failed MAB Authentication Logs

  Having an issue where a user will plug a PC into a switch.  The switch does a MAB authenticaiton and the MAC is not located in the ACS server.  It logs the failed attempt, but when the PC is removed from the switch, the failed attempts keep getting logged until the port is bounced.  Any way to keep the attemps from happening after the PC is removed?  If not, any way to make it stop without bouncing the port?
  running ACS ver. 5.2.0.26
  switch port config: 
  interface GigabitEthernet1/0/2
  sw access vlan 2 sw mode access
  authentication control-direction in
  authenticaion host-mode multi-auth
  authentication port-control auto
  mab
  spanning-tree portfast

  Hi,
  What version and code is your switch?
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Checksum failed while authenticating via Kerberos

  Hi All,
  I having a problem getting authentication using kerberos to work, I get the message checksum failed. The environment is Windows 2008 Server as DC and IE 8 as client and the application is running inside JBoss (in this case I am using the negotiation-toolkit) and the following trace is in the server.log. Can someone point me in the right direction for solving this problem, i've configured two local environments using w2k3 and w2k8 which are both working just fine but in the customers network it fails with the following trace:
  l
  2011-03-30 11:33:21,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8888-1) Setting threadlocal:{}
  2011-03-30 11:33:21,846 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-0.0.0.0-8888-1) Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
  2011-03-30 11:33:21,846 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0-8888-1) Authenticating user
  2011-03-30 11:33:21,846 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0-8888-1) Header - Negotiate 2011-03-30 11:33:21,847 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (http-0.0.0.0-8888-1) 2011-03-30 11:33:21,847 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (http-0.0.0.0-8888-1)2011-03-30 11:33:21,848 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0-8888-1) associate 176127440
  2011-03-30 11:33:21,850 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) Begin isValid, principal:FFE8282EB0A470619839BBD7EDF16A5E, cache info: null
  2011-03-30 11:33:21,850 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) defaultLogin, principal=FFE8282EB0A470619839BBD7EDF16A5E
  2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) Begin getAppConfigurationEntry(SPNEGO), size=13
  2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
  [0]
  LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
  ControlFlag: LoginModuleControlFlag: requisite
  Options:
  name=serverSecurityDomain, value=host
  name=password-stacking, value=useFirstPass
  [1]
  LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
  ControlFlag: LoginModuleControlFlag: required
  Options:
  name=usersProperties, value=props/spnego-users.properties
  name=rolesProperties, value=props/spnego-roles.properties
  name=password-stacking, value=useFirstPass
  2011-03-30 11:33:21,850 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) initialize
  2011-03-30 11:33:21,850 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Security domain: SPNEGO
  2011-03-30 11:33:21,850 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) serverSecurityDomain=host
  2011-03-30 11:33:21,850 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) login
  2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) Begin getAppConfigurationEntry(host), size=13
  2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
  [0]
  LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
  ControlFlag: LoginModuleControlFlag: required
  Options:
  name=principal, value=host/[email protected]
  name=useKeyTab, value=true
  name=storeKey, value=true
  name=keyTab, value=/DATA/jbossserver.host.keytab
  name=debug, value=true
  name=doNotPrompt, value=true
  2011-03-30 11:33:21,850 INFO [STDOUT] (http-0.0.0.0-8888-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /DATA/jbossserver.host.keytab refreshKrb5Config is false principal is host/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  2011-03-30 11:33:21,850 INFO [STDOUT] (http-0.0.0.0-8888-1) KeyTab instance already exists
  2011-03-30 11:33:21,850 INFO [STDOUT] (http-0.0.0.0-8888-1) Added key: 23version: 4
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Ordering keys wrt default_tkt_enctypes list
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Using builtin default etypes for default_tkt_enctypes
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) default etypes for default_tkt_enctypes:
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 3
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 1
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 23
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 16
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 17
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) .
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) principal's key obtained from the keytab
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Acquire TGT using AS Exchange
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Using builtin default etypes for default_tkt_enctypes
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) default etypes for default_tkt_enctypes:
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 3
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 1
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 23
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 16
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 17
  2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) .
  2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbAsReq calling createMessage
  2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbAsReq in createMessage
  2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbKdcReq send: kdc=rm-hq-dc1.shipyard.local UDP:88, timeout=30000, number of retries =3, #bytes=158
  2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KDCCommunication: kdc=rm-hq-dc1.shipyard.local UDP:88, timeout=30000,Attempt =1, #bytes=158
  2011-03-30 11:33:21,853 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbKdcReq send: #bytes read=633
  2011-03-30 11:33:21,854 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbKdcReq send: #bytes read=633
  2011-03-30 11:33:21,854 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
  2011-03-30 11:33:21,854 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbAsRep cons in KrbAsReq.getReply host/jbossserver
  2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) principal is host/[email protected]
  2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 4F C6 44 97 D0 B8 9C 96 A9 79 5B 87 EB 44 71 33 O.D......y[..Dq3
  2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) Added server's keyKerberos Principal host/[email protected] Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
  0000: 4F C6 44 97 D0 B8 9C 96 A9 79 5B 87 EB 44 71 33 O.D......y[..Dq3
  2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1)           [Krb5LoginModule] added Krb5Principal host/[email protected] to Subject
  2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) Commit Succeeded
  2011-03-30 11:33:21,858 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Subject = Subject:
       Principal: host/[email protected]
       Private Credential: Ticket (hex) =
  0000: 61 82 01 1F 30 82 01 1B A0 03 02 01 05 A1 13 1B a...0...........
  0120: 9E 96 D4 ...
  Client Principal = host/[email protected]
  Server Principal = krbtgt/[email protected]
  Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
  0000: 81 5B 77 9E C3 74 46 AC 87 26 B0 00 5C B6 56 6E .[w..tF..&..\.Vn
  Forwardable Ticket false
  Forwarded Ticket false
  Proxiable Ticket false
  Proxy Ticket false
  Postdated Ticket false
  Renewable Ticket false
  Initial Ticket false
  Auth Time = Wed Mar 30 11:33:17 CEST 2011
  Start Time = Wed Mar 30 11:33:17 CEST 2011
  End Time = Wed Mar 30 21:33:17 CEST 2011
  Renew Till = null
  Client Addresses Null
       Private Credential: Kerberos Principal host/[email protected] Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
  0000: 4F C6 44 97 D0 B8 9C 96 A9 79 5B 87 EB 44 71 33 O.D......y[..Dq3
  2011-03-30 11:33:21,858 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Logged in 'host' LoginContext
  2011-03-30 11:33:21,858 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Creating new GSSContext.
  2011-03-30 11:33:21,866 INFO [STDOUT] (http-0.0.0.0-8888-1) Found key for host/[email protected](23)
  2011-03-30 11:33:21,867 INFO [STDOUT] (http-0.0.0.0-8888-1) Entered Krb5Context.acceptSecContext with state=STATE_NEW
  2011-03-30 11:33:21,868 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
  2011-03-30 11:33:21,869 ERROR [STDERR] (http-0.0.0.0-8888-1) Checksum failed !
  2011-03-30 11:33:21,870 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Result - GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
  2011-03-30 11:33:21,870 ERROR [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Unable to authenticate
  GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
       at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
       at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
       at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
       at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAs(Subject.java:337)
       at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
       at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
       at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
       at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
       at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Thread.java:619)
  Caused by: KrbException: Checksum failed
       at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
       at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
       at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
       at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
       at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
       at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
       at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
       ... 35 more
  Caused by: java.security.GeneralSecurityException: Checksum failed
       at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388)
       at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
       at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
       ... 41 more
  2011-03-30 11:33:21,871 INFO [STDOUT] (http-0.0.0.0-8888-1)           [Krb5LoginModule]: Entering logout
  2011-03-30 11:33:21,871 INFO [STDOUT] (http-0.0.0.0-8888-1)           [Krb5LoginModule]: logged out Subject
  2011-03-30 11:33:21,872 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) abort
  2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) initialize
  2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Security domain: SPNEGO
  2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) findResource: null
  2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Properties file=vfsfile:/DATA/jboss-5.1.0.GA/server/default/conf/props/spnego-users.properties, defaults=null
  2011-03-30 11:33:21,872 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Loaded properties, users=[]
  2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) findResource: null
  2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Properties file=vfsfile:/DATA/jboss-5.1.0.GA/server/default/conf/props/spnego-roles.properties, defaults=null
  2011-03-30 11:33:21,872 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Loaded properties, users=[[email protected], [email protected]]
  2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) abort
  2011-03-30 11:33:21,872 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) Login failure
  javax.security.auth.login.LoginException: Unable to authenticate - Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
       at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:141)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
       at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
       at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
       at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
       at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Thread.java:619)
  2011-03-30 11:33:21,873 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) End isValid, false
  2011-03-30 11:33:21,873 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0-8888-1) clear 176127440
  2011-03-30 11:33:21,873 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8888-1) Setting threadlocal:null
  2011-03-30 11:33:21,873 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8888-1) Setting threadlocal:null

  Thanks! That did the trick.
  For those who aren't sure what we're talking about, here are the details. In the inspector tab of the user's record in Workgroup Manager, there's an item called AuthenticationAuthority. For servers that use Kerberos, it should have at least two attributes, one for ApplePasswordServer and one for Kerberos.
  The Kerberos entry should look something like this:
  ;Kerberosv5;0x4de7dafb19f92bf00000008b0000207c;[email protected];
  MYSERVER.MYDOMAIN.COM;1024 35 1501888096699469040706569854027123220425732604738787130135110270232071940183724 3
  78199029604219894640418726569868666187867257570714183982184166144733112632082318
  21356466533532379022305132046121848691642928615842396713606475071069113591094835
  025483043226511805720826544139932983788313141311383927555379596135211 [email protected]:123.45.67.89
  When you copy the attribute from a working user, there are two items that need to be changed (assuming you have only one kerberos realm). The first item is the long string of letters and numbers after ;Kerberosv5; in the first line. That's the user's UUID. The second is the user's short name ("fred" in the example above). The easiest way to make the changes is to paste the attribute into a text editor (TextEdit, or TextWrangler if you have it). Copy the user's UUID from the problematic account, and paste it over the one in the text you previously copied and pasted. Then change the short name to match the problematic user. Then copy the entire block from your text editor, select AuthenticationAuthority and click the New Value button. Click in the Text: field and paste. The Hex field will take care of itself. Click OK, then Save your changes.
  Of course before you start making changes like this to your directory, make sure you have a good back up to revert back to in case something gets messed up.

• Connection to Licence Server fails - not authenticated

  System:
  SAP B1 2007A PL42
  SAP Client, SAP Server and SAP Service Manager are running on my local computer.
  Service Manager and Licenze Server are running.
  Try to login as manger to a client database in SAP B1.
  The login fails with error message "Connection to Licence Server is not authenticated" ("Verbindung zu Lizenz Server ist nicht authentifiziert!").
  Login to other client databases installed in the same system without any problem.
  Thank you for your help!
  Frank Romeni

  Hi Frank,
  Does the database name contain a '&' sign? If it does, could you please try restoring the database with a name that does not contain the '&' sign.
  When the database name is forwarded to the licence service in an XML format and there are certain characters which are not allowed to be in an XML: > < & ' " \                                                             
  The database name must not include such characters and this is what causes the error message you are receiving.                                                                               
  In order to solve this issue, please follow the steps below:                                                                               
  1. Detach DB, check datafile.mdf and logfile_log.log for special signs. If necessary rename.
  2. Attach it again. Make sure no special sign e.g. like "&" are used for the name of DB as well
  hope it helps,
  Regards,
  Ladislav
  SAP Business One Forum Team

• Automatic rules to Internal distribution group failing when authentication is enabled

  Hi Forum,
  I have set up a rule on a user's PC whereby when he ([email protected]) receives an external email (from [email protected]), it should be automatically forwarded to a
  distribution group ([email protected]) with cc to
  [email protected] and
  [email protected] .
  This worked well for some time until recently when it started failing. The only way we can get this working again is when we disable authentication to the distribution group ([email protected] ). We do not want
  this disabled as we don't want the outside world to Spam this distribution group. No changes has been made to the system which could have caused this issue. 
  Is there a way to get this rule working without disabling the authentication?
  Cheers
  Arvind

  Hi Arvind,
  Please refer to the following screenshot to create a transport rule and check the result:
  Best regards,
  Niko Cheng
  TechNet Community Support

• Exchange 2010 RPC over HTTPs failing with authentication error

  Hi.  I have my remote.xxx.co.uk domain and autodiscover.xxx.co.uk domain pointing to my SBS2011 server, have ports 25, 80, 443 open.  The Microsoft Connectivity Analyzer fails with the below error.
  Outlook will autodiscover happily on the local network, and works fine.  Phones etc do too.
  Outlook at a remote VPN connected site won't connect through autodiscover, but will if you do it manually (ignoring the RPC Proxy settings).  Everything works for a while, but then I guess outlook decides to use autodiscover to complete all the connection
  details, and then these machines can no longer connect to exchange as I guess they decide the speed is too slow and try to connect using RPC instead.
  Users can access OWA happily, and activesync is working on phones etc.
  SSL cert is a wildcard type on my domain, and certs are installed - all green and happy when visiting OWA on both remote.xxxxx.co.uk and autodiscover.xxxxx.co.uk domains.
  I cannot work out why I have an authentication error for RPC?
  Any advice would be great!
  Testing HTTP Authentication Methods for URL https://remote.xxxxx.co.uk/rpc/rpcproxy.dll?xxxxxx.xxxxxx.local:6002.
  The HTTP authentication test failed.
  Additional Details
  Exception details:
  Message: The operation has timed out
  Type: System.Net.WebException
  Stack trace:
  at System.Net.HttpWebRequest.GetResponse()
  at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()
  Elapsed Time: 100065 ms

  Hi.
  To update.
  I tried to recreate the virtual directories in the Exchange Management Console, using the recreate links and via the shell, but while they were recreated, they did not function as they should due to issues in the meta database.
  I then found the following which worked.
  Looking at the ActiveSync virtual directories, when running the below command, the result showed the directory was there, so I then knew to delete it.
  In EMS I ran,
  => Ran "$site = [ADSI]"IIS://localhost/W3SVC/1/Root/Microsoft-Server-ActiveSync""
  Result: Carriage return.
  => Ran "$site"
  Result:
  distinguishedName:
  Path: {C:\Program Files\Microsoft\ExchangeServer\V14\Client Access\Sync}
  In EMS I then ran,
  => Ran "$Site = [ADSI]"IIS://localhost/W3SVC/1/Root""
  Result: Carriage return.
  => Ran "$site.Delete("IIsWebVirtualDir","Microsoft-Server-ActiveSync")"
  Result: Carriage return.
  => Ran "$site.SetInfo()"
  Result: Carriage return.
  => Ran "$site"
  Result: Carriage return.
  => Ran "iisreset"
  I then recreated the virtual directories. 
  In EMS I ran,
  => Ran "New-ActiveSyncVirtualDirectory -WebSiteName "Default Web Site""
  Results: Successfully recreated.
  => Ran "iisreset"
  I am not sure exactly, but I did this for multiple virtual directories, and everything came to life just as it should.

• Wpa_supplicant fails association/authentication

  I've been at this for quite a while and I've looked in a lot of threads for a solution and none of them worked. Out of nowhere my wireless setup just stopped working (I didn't even upgrade anything) and I haven't been able to fix it ever since.
  At first I was using netcfg and it started giving me this:
  netcfg adn
  :: adn up [ BUSY ]
  > WPA Authentication/Association Failed
  [FAILED]
  After trying to figure out why this happened I decided to change to wicd but it also didn't work. So I followed the instructions listed here and when I run wpa_supplicant manually I get the following:
  wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -dd
  wpa_supplicant v1.0
  Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
  Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
  Reading configuration file '/etc/wpa_supplicant.conf'
  ctrl_interface='DIR=/run/wpa_supplicant GROUP=wheel'
  ap_scan=1
  fast_reauth=1
  Line: 4 - start of a new network block
  scan_ssid=1 (0x1)
  ssid - hexdump_ascii(len=29):
  61 5f 68 75 6d 62 6c 65 5f 67 75 79 5f 77 69 74 a_humble_guy_wit
  68 5f 61 5f 68 75 67 65 5f 64 69 63 6b h_a_huge_dick
  PSK - hexdump(len=32): [REMOVED]
  proto: 0x1
  key_mgmt: 0x2
  pairwise: 0x8
  group: 0x8
  Priority group 0
  id=0 ssid='a_humble_guy_with_a_huge_dick'
  WEXT: cfg80211-based driver detected
  wext: interface wlan0 phy: phy0
  rfkill: initial event: idx=0 type=1 op=0 soft=0 hard=0
  SIOCGIWRANGE: WE(compiled)=22 WE(source)=21 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf flags 0x0
  netlink: Operstate: linkmode=1, operstate=5
  wlan0: Own MAC address: 00:22:fb:6b:fb:0a
  wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
  wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
  wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
  wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
  wpa_driver_wext_set_countermeasures
  wlan0: RSN: flushing PMKID list in the driver
  wlan0: Setting scan request: 0 sec 100000 usec
  WPS: Set UUID for interface wlan0
  WPS: UUID based on MAC address - hexdump(len=16): e7 b8 35 ce 12 0f 5c d9 88 00 dd 38 8b 79 eb 7d
  EAPOL: SUPP_PAE entering state DISCONNECTED
  EAPOL: Supplicant port status: Unauthorized
  EAPOL: KEY_RX entering state NO_KEY_RECEIVE
  EAPOL: SUPP_BE entering state INITIALIZE
  EAP: EAP entering state DISABLED
  EAPOL: Supplicant port status: Unauthorized
  EAPOL: Supplicant port status: Unauthorized
  ctrl_interface_group=10 (from group name 'wheel')
  wlan0: Added interface wlan0
  Daemonize..
  After this trying to run dhcpcd or dhclient fails. I don't really understand what's wrong with that output and searching for bits of it gives me no answers that worked. I've also tried removing related packages and their configuration files and then starting from scratch but it also didn't work.
  This is my /etc/wpa_supplicant.conf:
  ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel
  ap_scan=1
  fast_reauth=1
  network={
  scan_ssid=1
  ssid=ID
  psk=KEY
  proto=WPA
  key_mgmt=WPA-PSK
  pairwise=TKIP
  group=TKIP
  Thanks for your time and sorry if I posted this on the wrong forum.
  Last edited by adnzzzzZ (2013-01-15 20:01:01)

  Yes. I've tried:
  wpa_passphrase ID "KEY" > /etc/wpa_supplicant.conf
  and it doesn't work either.
  Last edited by adnzzzzZ (2013-01-16 05:36:30)

• Flash Access DRM FMP Fails When Authentication Dialog Triggered for Display

  Hi all,
  Flash Media Playback is failing in the case when playing a video that has Flash Access DRM that requires display of an authentication dialog.  A sample failing configuration is here:
  http://provenwebvideo.com/codesamples/10/fmp_drm/ 
  Note, the link above includes the same video asset running successfully in Strobe Media Playback 1.0 (alongside to the right).
  Also, the link above includes FMP working successfully with a second video that has Flash Access DRM but which does NOT trigger display of an authentication dialog (second video in player in a row below the failing player).
  Source on the Flash Access DRM video test assets are from the Flash Access team via the following link:
  http://forums.adobe.com/message/3144143#3144143
  fyi, This is not a showstopper for me.  I am just reporting it as I was surprised that it works with SMP, but fails with current FMP.
  hth,
  g

  Wow, Greg, the test page is awesome! I can only wish that all the issues get reported this way!
  The issue with DRM content played with http://fpdownload.adobe.com/strobe/FlashMediaPlayback.swf is caused by the fact that the FlashMediaPlayback.swf is compiled for the Flash Player 10.0.
  I tested your sample with the Flash Media Playback compiled for 10.1 (http://fpdownload.adobe.com/strobe/FlashMediaPlayback_101.swf) and it works fine: http://smpfmp.appspot.com/fmp_drm.html
  Note that you need to ask your viewers to upgrade to the latest flash player, since Flash Media Playback doesn't handle this automatically, yet. (we have this feature in the backlog, but it might not fit into our future 1.5 release). Check this for technical details related to this: http://www.adobe.com/devnet/flashplayer/articles/swfobject.html
  Does this information help? Is there something that you would expect us to implement or document better?
  -Andrian

• Safari fails GSSAPI authentication when hostname is a CNAME (DNS alias)

  Hi,
  we heavily use kerberos as authentication mechanism for web sites. The Safari users among us discovered that they were unable to use GSSAPI (Kerberos) authentication for URLs that contain a CNAME instead of an A-record.
  Example:
  +http://statusmeldungen.uni-paderborn.de+ contains the hostname statusmeldungen.uni-paderborn.de which is just a CNAME to haldus.uni-paderborn.de.
  So the browser must request the service ticket HTTP/haldus.uni-paderborn.de
  Firefox does this, but Safari tries to fetch HTTP/statusmeldungen.uni-paderborn.de which does not exist, so it fails.
  Is this a known bug? Is this going to be fixed some day?
  Thanks,
  Christopher

  Hi,
  {quote}domain.com and http://www.domain.com work as URLs, but http://domain.com does not}
  Are you saying http://www.domain.com works as an outward directed request but http://domain.com does not?
  I presume you have the domain name registrar pointing domain.com to your IP address So all traffic to domain.com comes to your server. If you want to direct some of that traffic away then you can send it via a subdomain such as www.domain.com.
  If you want to redirect domain.com as an http request then setup a web site on your server for domain.com and redirect to the www.domain.com url.
  HTH,
  Harry

• Java 7 Failing Kerberos Authentication

  I see the original discussion has been locked here: https://forums.oracle.com/message/11227129#11227129
  Not sure why, but wanted to add that creating a Kerberos config file for java corrects the issue as well, without need to set AllowTGTSessionKey.
  Just create krb5.conf with these lines:
  [libdefaults]
     default_realm = MYDOMAIN.COM
     udp_preference_limit = 1
  [realms]
     MYDOMAIN.COM = {
        kdc = kdc.mydomain.com
        default_domain = mydomain.com
  [domain_realms]
  .mydomain.com=MYDOMAIN.COM
  mydomain.com=MYDOMAIN.COM
  And drop it in C:\Program Files (x86)\Java\jre7\lib\security or C:\Program Files\Java\jre7\lib\security.
  See this for more further details: Kerberos Requirements

  I see the original discussion has been locked here: https://forums.oracle.com/message/11227129#11227129
  Not sure why, but wanted to add that creating a Kerberos config file for java corrects the issue as well, without need to set AllowTGTSessionKey.
  Just create krb5.conf with these lines:
  [libdefaults]
     default_realm = MYDOMAIN.COM
     udp_preference_limit = 1
  [realms]
     MYDOMAIN.COM = {
        kdc = kdc.mydomain.com
        default_domain = mydomain.com
  [domain_realms]
  .mydomain.com=MYDOMAIN.COM
  mydomain.com=MYDOMAIN.COM
  And drop it in C:\Program Files (x86)\Java\jre7\lib\security or C:\Program Files\Java\jre7\lib\security.
  See this for more further details: Kerberos Requirements