Strange problem with cut-through proxy
hi
i have configured cut- through proxy on the router with acs.i am facing a strange problem .
my routers's ethernet 3/0 interface ip add is 10.1.1.1/24 and the acs server is 10.1.1.2/24 and the host ip is 10.1.1.3/24
my routers' e2/0 interface is connected a server running a website .
int e2/0
no shutdown
ip add 20.1.1.1/24
exit
the webserver is running on 20.1.1.2
my router's config
aaa new-model
aaa authentication login default group tacacs+
aaa authorization auth-proxy default group tacacs+
aaa authorization exec default group tacacs+
tacacs-server host 10.1.1.2
tacacs-server key cisco
ip http server
ip http authentication aaa
ip access-list 101 permit tcp host 10.1.1.2 eq tacacs host 10.1.1.1
ip auth-proxy name auth http
int e3/0
no shutdown
ip add 10.1.1.1/24
ip access-group 101 in
ip auth-proxy auth
exit
on the acs server in the tacacs+ ios
i have selected auth-proxy in the services for users and groups
i have created a user john with privilege level 15
have selected auth-proxy and custom attributes
proxyacl#1=permit tcp any any priv-lvl=15
i get the auth-proxy login page when the host on 10.1.1.3 is trying to access 20.1.1.2 web site .
after putting the login credentials i get authentication failed
i tried the debug. i see the router is sending the authentication login and password and getting the status from the acs as pass. i also see the auth-proxy triggered. in there i see
AUTH-PROXY PROTOCOL NOT CONFIGURED.
could someone pls help me what could be the problem. i am have tried many times to get this work. but not fortunate enough.
am i missing on any commands on the router or on the acs. i tried doing as the example mentioned in the student guide but still failed. pls help. waiting for some reply.
sebastan
Check out the following link...
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b5e.html
Similar Messages
-
Hasn't anyone out here worked with cut-through proxy
hasn't enyone out here worked with cut-through proxy with acs. is there no one out here to help me out with cut-through proxy.
sebastanHi Sebastan,
For your case, what's the scenario looks like?
Rgds,
AK -
ASA cut through proxy with RADIUS challenge response?
Have this working for IPSEC VPN on same box (tested on 8.2.1 and 8.2.3)
Want to do cut through proxy with challenge response - same ASA and same RADUIS server but using aaa authentication match command and this is what happens...
It looks like the ASA sends a completely different radius authentication request than with VPN authentication request. Is there any way to specify what request is sent?
What the RADIUS Server sees with ASA VPN auth - THIS WORKS OK (included for comparison)
Date: 15/11/2010
Time: 3:53:57 PM
Type: Information
Source: Server
Category: RADIUS
Code: I-006001
Description: A RADIUS Access-Request has been received.
AMID: 0xC8500B80B3D8F49C6CB37E5D32DA6682
Details:
Source Location : 10.xx.21.24
Client Location : 10.xx.21.230:1025
Request ID : 31
Password Protocol : PAP
Input Details : RADIUS Code:1, RADIUS Id:31, , User-Name:xxxx, User-Password:******, NAS-IP-Address:10.xx.21.230, NAS-Port:31, NAS-Port-Type:Virtual, vendor(9):attrib(1):0x1A2000000009011A69703A736F757263652D69703D31302E32312E352E313137, Calling-Station-Id:ip:source-ip=10.21.5.117
Action : Process
What the RADIUS Server sees with ASA cut thru - THIS FAILS (any help V welcome)
Date: 17/11/2010
Time: 2:29:31 PM
Type: Warning
Source: Server
Category: RADIUS
Code: W-006001
Description: An invalid RADIUS packet has been received.
AMID: 0xC19D988F83365F20151C3F6339DEC74B
Details:
Source Location : 10.xx.21.24:1812 (Authentication)
Client Location : 10.xx.21.230:1025
Reason : The sub-protocol of the received RADIUS packet cannot be determined
Request ID : 33
Input Details : 0x01210066055A8B6881266714BDB20380B9FE5FAC01066962333504060AC815E60506000000203D06000000051A2000000009011A69703A736F757263652D69703D31302E34302E352E3131311F1A69703A736F757263652D69703D31302E34302E352E313131
Request Type : Access-Request
Thanks in advance
IBHi Ian,
sorry for the late reaction - do you still need help with this?
The difference between the working (VPN) auth and the failing (CTP) auth seems to be that VPN is using PAP (so no challenge-response!) while the CTP is using MS-Chapv2
So my guess is that your Radius server does not support MS-Chapv2. If that is the case then you may want to try this:
aaa-server () host
no mschapv2-capable
Although this command is not really meant to be used in this scenario, so I'm not sure if it will work but I'm hoping it will make the ASA revert to PAP for all auth requests to this host.
Note that you won't be doing challenge/response, so your passwords will be transmitted over the wire (encrypted).
hth
Herbert -
ASA - Cut-through proxy probleme
I have to configure my ASA 7.2.2 for cut-through proxy but when the users use authentication prompt ,
but only , for (http://1.1.0.2/netaccess/connstatus.html) the ASA send the following message:
User Authentication
User Authentication is not required.
help me
it is ok when one uses cut-through-proxy by ACL :
access-list ACL_INT extended permit tcp object-group PC-UAUTH_DYN host MVINCT19 eq www
access-list ACL_AUTH line 1 extended permit tcp host poste_auvinet host MVINCT19 eq www
aaa-server auth_inside protocol radius
aaa-server auth_inside host SVR-ACS-IN
key xxx
username admin password xxx privilege 15
aaa authentication match ACL_AUTH inside auth_inside
aaa authentication listener http inside port www
on a pix 525 is OKHi,
The config looks good. Please remember that successful authentication is cached (show uauth) and till it expires user will not need to authenticate again.
Please clear uauth and see if it helps.
Regards,
Vivek -
Hi, I am trying to use "Remote Resources" on the current version of the Microsoft Remote Desktop for Android app, I can input the webfeed and it even shows the apps that I have configured on the server for "Remote App", sadly whenever
I try to load any of the RemoteApps, I receive an error stating " A problem with the system proxy caused the connection to fail. End of File".
I don't know what I can do to fix this, I've tried many things to no avail, also, normal Remote Desktop connections from the Microsoft Android app work flawlessly to the server.
The relevant log is the following:
[2014-Jan-09 04:40:54] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-Jan-09 04:40:54] RDP (0): Final rdp configuration used: memory bookmark [
label
hostname DIAZSERVER
port 3389
loadbalanceinfo
ui.swapmousebutton false
remote.program ||ZWaveUtil
remote.workingdirectory
remote.name ZWave Adapter Utility
remote.args
rail true
soundmode 0
connect_to_console false
redirectsdcard true
performance_flags 134
arc.sessionid 0
anonymous_username
authentication_level 2
use_redirection_server_name false
username administrator
gateway [
host = DIAZSERVER
port = 443
bypass = false
connect info[
hostnames = [localhost]
gatewayHost = DIAZSERVER
gatewayPort = 443
routingToken = Cookie: mstshash=administrator
redirectionGUID =
proxyHost = 200.5.68.10
proxyPort = 8080
sessionId = -1
[2014-Jan-09 04:40:54] RDP (0): Using HttpConnect proxy at 200.5.68.10:8080
[2014-Jan-09 04:40:54] RDP (0): Using Basic Authentication with username ''
[2014-Jan-09 04:40:54] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
AsioEndpointContext (0): startup(): starting up down context
[2014-Jan-09 04:40:54] RDP (0): Resolved '200.5.68.10' to '200.5.68.10' using NameResolveMethod_DNS(1)
[2014-Jan-09 04:40:54] RDP (0): Resolved '200.5.68.10' to '200.5.68.10' using NameResolveMethod_DNS(1)
ASIOSocketAdapter (9): readSomething error. message: End of file. instance: 0x5d39d5c0
RpcOverHttp (9): Stream error in endpoint 0x5abbc170 : A problem with the system proxy caused the connection to fail: End of file
[2014-Jan-09 04:40:55] RDP (0): Error message: A problem with the system proxy caused the connection to fail: End of file
[2014-Jan-09 04:40:55] RDP (0): Error message: A problem with the system proxy caused the connection to fail: End of file
[2014-Jan-09 04:40:55] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
ASIOSocketAdapter (9): handleRead(): exception: Exception in file '/var/lib/jenkins/jobs/rc-android-app/workspace/rdp-layer/library/jni/librdp/private/httpendpoint.cpp' at line 489
User Message : Failed to read from channel: -1. instance: 0x5d39d5c0
[2014-Jan-09 04:40:55] RDP (0): Disconnect initiated by client
RpcOverHttp (9): Exception in endpoint 0x5abbc170 : Exception in file '/var/lib/jenkins/jobs/rc-android-app/workspace/rdp-layer/library/jni/librdp/private/httpendpoint.cpp' at line 489
User Message : A problem with the system proxy caused the connection to fail: Failed to read from channel: -1
[2014-Jan-09 04:40:55] RDP (0): Exception caught: Exception in file '/var/lib/jenkins/jobs/rc-android-app/workspace/rdp-layer/library/jni/librdp/private/httpendpoint.cpp' at line 489
User Message : A problem with the system proxy caused the connection to fail: Failed to read from channel: -1
[2014-Jan-09 04:40:55] RDP (0): Exception caught: Exception in file '/var/lib/jenkins/jobs/rc-android-app/workspace/rdp-layer/library/jni/librdp/private/httpendpoint.cpp' at line 489
User Message : A problem with the system proxy caused the connection to fail: Failed to read from channel: -1
AsioEndpointContext (0): shutdown(): shutting down context
AsioEndpointContext (0): shutdown(): context shut down
AsioEndpointContext (0): shutdown(): shutting down context
AsioEndpointContext (0): shutdown(): context shut down
[2014-Jan-09 04:40:57] RDP (0): ------ END ACTIVE CONNECTION ------My problem is that the "proxy" is the proxy set up by my 3G configuration so, I tried connecting to the remote resources through my work wifi and I get the following:
[2014-Jan-14 16:58:13] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-Jan-14 16:58:13] RDP (0): Final rdp configuration used: memory bookmark [
label
hostname DIAZSERVER
port 3389
loadbalanceinfo
ui.swapmousebutton false
remote.program ||chrome
remote.workingdirectory
remote.name Google Chrome
remote.args
rail true
soundmode 0
connect_to_console false
redirectsdcard true
performance_flags 134
arc.sessionid 0
anonymous_username
authentication_level 2
use_redirection_server_name false
username Administrator
gateway [
host = DIAZSERVER
port = 443
bypass = false
connect info[
hostnames = [localhost]
gatewayHost = DIAZSERVER
gatewayPort = 443
routingToken = Cookie: mstshash=Administrator
redirectionGUID =
proxyHost =
proxyPort = 0
sessionId = -1
[2014-Jan-14 16:58:13] RDP (0): Not using any proxy
[2014-Jan-14 16:58:13] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
AsioEndpointContext (0): startup(): starting up down context
ASIOSocketAdapter (9): handleResolve(): boost error: Host not found. Please provide the fully-qualified name or the IP address of the host.. instance: 0x5d474090
RpcOverHttp (9): Stream error in endpoint 0x5d46b678 : Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 16:58:17] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 16:58:17] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 16:58:17] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
ASIOSocketAdapter (9): handleResolve(): boost error: Host not found. Please provide the fully-qualified name or the IP address of the host.. instance: 0x5d445158
RpcOverHttp (9): Stream error in endpoint 0x5d49fa30 : Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 16:58:17] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 16:58:17] RDP (0): Disconnect initiated by client
[2014-Jan-14 16:58:17] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
AsioEndpointContext (0): shutdown(): shutting down context
AsioEndpointContext (0): shutdown(): context shut down
AsioEndpointContext (0): shutdown(): shutting down context
AsioEndpointContext (0): shutdown(): context shut down
[2014-Jan-14 16:58:17] RDP (0): ------ END ACTIVE CONNECTION ------
Now, I know the host can be resolved because: if I connect to the same host but on a full remote desktop (as opposed to just RemoteApp on it) I have no trouble either through 3G OR through my work connection.
Moreover, I also tried directly inputting the IP as opposed to the web address of my server, I get the same error, that is the Remote Resources tab is able to access the feed (because it shows the available RemoteApps) but when I click an app it says it can't
find the Host, here's the log for the connection directly to the IP address/rdweb/feed/webfeed.aspx :
[2014-Jan-14 17:09:27] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-Jan-14 17:09:27] RDP (0): Final rdp configuration used: memory bookmark [
label
hostname DIAZSERVER
port 3389
loadbalanceinfo
ui.swapmousebutton false
remote.program ||chrome
remote.workingdirectory
remote.name Google Chrome
remote.args
rail true
soundmode 0
connect_to_console false
redirectsdcard true
performance_flags 134
arc.sessionid 0
anonymous_username
authentication_level 2
use_redirection_server_name false
username administrator
gateway [
host = DIAZSERVER
port = 443
bypass = false
connect info[
hostnames = [localhost]
gatewayHost = DIAZSERVER
gatewayPort = 443
routingToken = Cookie: mstshash=administrator
redirectionGUID =
proxyHost =
proxyPort = 0
sessionId = -1
[2014-Jan-14 17:09:27] RDP (0): Not using any proxy
[2014-Jan-14 17:09:27] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
AsioEndpointContext (0): startup(): starting up down context
ASIOSocketAdapter (9): handleResolve(): boost error: Host not found. Please provide the fully-qualified name or the IP address of the host.. instance: 0x5d372f28
RpcOverHttp (9): Stream error in endpoint 0x5dd6b168 : Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 17:09:31] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 17:09:31] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 17:09:31] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
ASIOSocketAdapter (9): handleResolve(): boost error: Host not found. Please provide the fully-qualified name or the IP address of the host.. instance: 0x5d378de0
RpcOverHttp (9): Stream error in endpoint 0x5e9cc1f0 : Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 17:09:31] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
[2014-Jan-14 17:09:31] RDP (0): Disconnect initiated by client
[2014-Jan-14 17:09:31] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.
AsioEndpointContext (0): shutdown(): shutting down context
AsioEndpointContext (0): shutdown(): context shut down
AsioEndpointContext (0): shutdown(): shutting down context
AsioEndpointContext (0): shutdown(): context shut down
[2014-Jan-14 17:09:31] RDP (0): ------ END ACTIVE CONNECTION ------
I'm really puzzled here, I've tried checking if ports where open, and ports 443 and 3389 are wide open, I don't know what else it could be. -
ASA - cut through proxy authentication for RDP?
I know how to set this up on a router (dynamic access-list - lock and key)... But, I'm having trouble understanding how to setup OUTSIDE to INSIDE cut through proxy authentication for RDP.
OUTSIDE to INSIDE RDP is currently working.
I have 2 servers I want RDP open for..
[*]OUTSIDE 1.1.1.1 to INSIDE 10.10.70.100
[*]OUTSIDE 1.1.1.2 to INSIDE 10.10.50.200
What's required for OUTSIDE users to authenticate on the ASA before allowing port 3389 opens? I was hoping for is a way to SSH into this ASA, login with a special user, then have the ASA add a dynamic ACE on the OUTSISE interface to open 3389 for a designated time limit. Is this possible?
Here is my current config.
[code]
ASA Version 8.2(5)
hostname ASA5505
names
name 10.10.0.0 LANTraffic
name 10.10.30.0 SALES
name 10.10.40.0 FoodServices
name 10.10.99.0 Management
name 10.10.20.0 Office
name 10.10.80.0 Printshop
name 10.10.60.0 Regional
name 10.10.70.0 Servers
name 10.10.50.0 ShoreTel
name 10.10.100.0 Surveillance
name 10.10.90.0 Wireless
interface Ethernet0/0
description TO INTERNET
switchport access vlan 11
interface Ethernet0/1
description TO INSIDE 3560X
switchport access vlan 10
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
security-level 50
no ip address
interface Vlan10
description Cisco 3560x
nameif INSIDE
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Vlan11
description Internet Interface
nameif OUTSIDE
security-level 0
ip address 1.1.1.1 255.255.255.224
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2
domain-name test.local
access-list RDP-INBOUND extended permit tcp any host 1.1.1.1 eq 3389
access-list RDP-INBOUND extended permit tcp any host 1.1.1.2 eq 3389
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging device-id hostname
logging host INSIDE 10.10.70.100
mtu INSIDE 1500
mtu OUTSIDE 1500
ip verify reverse-path interface OUTSIDE
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 1 LANTraffic 255.255.0.0
static (INSIDE,OUTSIDE) tcp interface 3389 10.10.70.100 3389 netmask 255.255.255.255
static (INSIDE,OUTSIDE) tcp 1.1.1.2 3389 10.10.50.200 3389 netmask 255.255.255.255
access-group RDP-INBOUND in interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
route INSIDE LANTraffic 255.255.0.0 10.10.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http Management 255.255.255.0 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.10.70.100 255.255.255.255 INSIDE
ssh Management 255.255.255.0 INSIDE
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 5
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat shun
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
username scott password CNjeKgq88PLZXETE encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1e9d278ce656f22829809f4c46b04a07
: end
[/code]You're running ASA 8.2(5). In 8.4(2) Cisco added support for what they call Identity Firewall rules. That is, you can make access-lists entries specific to users (or object groups containing users).
There's an overview document on this posted here. It's a bit dated but I believe the only change is that Cisco is now preferring use of the more current Context Directory Agent (CDA) - a free VM they provide - vs. the deprecated AD agent (software service that runs on your DC). -
Strange problem with color measure in Mac.
Hello, I am having a strange problem with color measure in Mac. For example i create a gradient in Photoshop from color 200 200 200 to color 240 240 240. When i measure the color of the gradient with the color measure tool of Photoshop or with the built in OS X color measure tool the measured color is from 200 199 197 to 240 240 238. I have measured the same gradient with Photoshop for PC and the values are OK (the same values that i create).
I dont know what is the problem, but i belive that the colors that i create would be the same that i measure after creating them, and also the same values between Mac and PC. I will appreciate it a lot any help or information that you could give me that helps me to understand what is happening here.
Thank you for your time
Marcelo.Yep you got it, proof as monitor basicaly strips out any profiling and just delivers it straight.
is there any way to make the OS X color measure tool to measure the original color values
You mean the document colors - No, like I said photoshop is filtering your image through document profile, proof setup and monitor profile. Why do you want to use Digital color meter anyway for this?
i dont understand what is the point to measure color values that will change every time a calibrate my monitor.
Because color values are 'bigger' than whats on your monitor. Your monitor (via photoshop) is only doing the best it can to display those values - which can be anything from LAB colors outside the gamut of your monitor - to CMYK colors. Calibrating it is the only way to allow your monitor to do this in any way accurately. (not ever really possible) Monitors have a certain gamut and are only dispays/representations of the REAL colors that a document, with a profile, holds. So there's only one good reason to measure monitor values, and that's to generate a monitor profile. -
ASA Cut through proxy configuration
Hi guys,
I would like to configure limited internet access to olnly a select group of Windows AD users.
I beleive cut-through proxy will allow me to do this, just not sure how to configure it on a Cisco ASA-5510
thanksThe link given will definitely work however you would not be able to select access based on the AD group, if that is what you need to achieve and you have ASA version 8.0 you can work Cut-Through-Proxy together with DAP.
Using Cut-Trough-Proxy with a standard authentication server will only allow or reject depending on the authentication result, but any user within your AD schema will be able to get internet access. If you need to restrict this based o Windows Groups as well your best shot is Cut-Through-Proxy with DAP and LDAP:
http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml -
Strange problem with In-line If-Else block
Hi!
I've discovered a very strange problem with the following code:
enum Enum {
A, B, C
public static void main(String[] args) {
Enum e = Enum.C;
Object o = e == Enum.A ? 1 : e == Enum.B ? 2 : null; // Throws NullPointerException because of the null. Why???
}I'm using Java 6
Thanks in advance!Instead of guessing what the problem is, how about we go to [the source|http://java.sun.com/docs/books/jls/third_edition/html/expressions.html#15.25] and see what's actually happening.
Our line is
expr ? <int> : (expr ? <int> : <null>)Let's look at the inner conditional first. By JLS 5.1.8, we have two different types, neither of which is a reference type. The null is convertible to int, so we have two types convertible to numerics and we apply unboxing to the null, which is where your error is coming from.
Your fix works because Object is not convertible to int, so we fall through to the last case and use boxing on the ints instead of unboxing on the null.
Another way to fix this is to use Integers instead of ints. Since Integer is a reference type, we hit the third case and never try to unbox.
Object o = (e == A ? Integer.valueOf(1) : (e == B ? Integer.valueOf(2) : null)) -
Strange Problems With Display and Permissions Since 10.5.1 update.
Since I've done the 10.5.1 update I have been having a strange problem with my desktop and dock displays. On my desktop I have these strange lines that appear any time I log in or open any application, the lines never go away and change locations on the screen once I open an application or move a window. My dock has the reflective shelf for about half of it, the rest is a dull grey. I've also had problems with verifying and repairing my permissions. I can never actually complete either permissions task. I've used some third party apps, they always fail as well. The only time I can actually repair my permissions is by booting in to single user mode and doing a fsck -f command. When I boot back in to Leopard and try to use the Disk Utility to repair, it continues to fail.
I'm not sure if the video problem I am having stems from a permissions issue or possibly a corrupt video driver. Either way, I've done a lot research and haven't found anyone with the same problems I have been having so I thought I would give these forums a shot.
I am using a PowerMac G4 Quicksilver with dual 800Mhz, 1.5gb RAM, and a GeForce4 Ti 4600 128mb video card.
Here is a screen shot of the line and dock problem.
Here is a screen shot of my "About This Mac.
If anyone could lend some light on this issue, I would greatly appreciate it.
Thanks
Jeffyou can pile it on this: http://discussions.apple.com/thread.jspa?threadID=1246649&tstart=0
btw - no solution yet. -
Strange problem with Adobe Acrobat X (crash without a trace)
Hi,
I have a strange problem with Adobe Acrobat. It happens totally randomly, it leaves no signs in system logs.
What is happening: during my work Adobe Acrobat sudennly crashes. After a crash I cannot run it again - system seems to do something for a second, but then nothing happends. When i look into taks manager - there are no processes of Acrobat.exe. It just doesn't want to run. What I need to do is to reinstall whole Adobe Acrobat - which requires restart.
I've already tried to restart system after crash, it doesn't help - reinstall is required.
Sometimes everyting is fine for a 3 months, sometimes crash happens a week after the previous one. It also happens in very different situations (somtimes while opening a file, sometimes when doing something simple, sometimes in more complex tasks).
Has anyone encountered a similar problem?
Acrobat version: 10.1.1
System info: Windows 7 64 bitHi Kelvin,
Please let me know what OS version you are using.
The error also shows OS requirements not met.
Futher please try the steps below :
> Enable the hidden Admin Account on Windows 7 ( Ref : http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-wi ndows-vista/ )
> Disable all Non-Microsoft Startup Services. (Ref : http://helpx.adobe.com/x-productkb/global/disable-startup-items-services-windows.html )
> Disable all the Antivirus softwares like CA, Norton,Mc Afee etc. temporarily from the computer.
Reboot and try installing in the new enabled Admin user account and check.
Please refer the Kb Doc : http://helpx.adobe.com/creative-suite/kb/error-exit-6-exit-7.html.
Also see Troubleshoot with install logs | CS5, CS5.5, CS6 - http://helpx.adobe.com/creative-suite/kb/troubleshoot-install-logs-cs5-cs5.html for information on how to review your installation logs
Regards,
Rave -
Strange problem with Subviews on 1.0 Beta
Hi,
I'm having a strange problem with SubViews on 1.0 Beta. I'm not sure If I'm being stupid and have done something wrong, or if there's a problem here.
My application is directly based on one of the examples, so the structure etc is almost identical. I've simplified the files below to avoid confusing the issue.
The default landing page (greeting.jsp) looks like this:
<%@ taglib declarations for HTML and CORE taglibs %>
<HTML>
<HEAD><title>Insulation Layer Demo</title></HEAD>
<body bgcolor="white">
<f:view>
<jsp:include page="sysstatus.jsp" />
<!-- other strictly HTML content -->
</f:view>
</body>
</HTML>
sysstatus.jsp looks like this:
<%@ taglib declarations for HTML and CORE taglibs %>
<f:subview id="SystemStatusView">
<h:form id="systemStatusForm">
<p><h:selectboolean_checkbox id="System1Available" value="#{SystemStatus.system1Available}"/>System 1<br/>
<h:selectboolean_checkbox id="System2Available" value="#{SystemStatus.system2Available}"/>System 2</p>
<p><h:command_button id="submit" action="success" value="submit" /></p>
</h:form>
</f:subview>When I view this page, the checkboxes all seem to work okay (in that their state is preserved across calls etc), but the formatting is very screwy. The resulting page looks something like:
<chkbox1> <chkbox2> <Submit>
System 1
System 2
<Other HTML content from greeting.jsp>When I look at the HTML source code being generated, it is genuinly being generated as above, that is, all the form tags first, and then the rest of the content. Interestinly, I tried adding a ${SystemStatus.system2Available} into the body text, and it was rendered as literal text (i.e. not evaluated as EL), which is very curious -- makes me wonder if the included file is included as text, rather than JSP, although the custom taglibs and <f:form> tags etc are not in the generated HTML.
If I lift all the content between the <h:form> tags (inclusive) out of sysstatus.jsp and put it in greeting.jsp in place of the <jsp:include> tag, all is well.
Any ideas? All help gratefully recieved!
Thanks,
PaulPersonally, I think it is a bug in the rendering model of JSF itself because if you include any non-JSF tags, they don't get rendered according to my understanding of the what the spec says (in the location the tags are written).
The only workaround that I could come up with is to use straight JSF tags in all of your layers. Things are then rendered the way that they "should" be rendered.
You could try wrapping all of your HTML tags in <f:verbatim> tags and see if that helps.
Good luck!
David -
Strange problem with the mail app on an iPad
I've got a bit of a strange problem with the mail app on an iPad - it's sending and receiving mail ok but won't let you delete mail. If you keep at it, it appears as if you have deleted mail (though takes a very long time as you just have to keep deleting it over and over again) - but the size of the app still keeps going up - reached 600mb so far, even though there is hardly any mail or attachments (goes up quite a lot each time you try to delete anything) - any idea what's causing this and how I can fix it?
It occasionally comes up with a dialogue panel saying to check my account settings, but I have checked those and they are fine. The little 'loading' icon just keeps spinning constantly too.go to Settings > Mail > your account > Advanced > Move Discarded Messages Into
and make sure that Deleted Mailbox is ticked, and not Archive Mailbox
You can also adjust how long the deleted mail stays in the trash immediately below that.
If you are talking about a gmail account, you may also have to login to your account on the gmail server and update the settings there. This is what Barney previously posted about that: -
Hi,
I have just migrated an oracle database from 11.1.0.7 on Win Server 2003 to 11.2 on Linux 64 bit. I am having a strange problem with ACLs - I can create the ACL but when I perform either of the following two commands:
SELECT * FROM DBA_NETWORK_ACLS
or
SELECT * FROM NET$_ACL
I get no rows returned. The ACL exists somehow because if I try and create it again I get the error that it exists. Has anyone got any advice here? Something is out of sync and I need to know how to fix it up.
Thanks
AdamBEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
acl => 'email_server_acl.xml',
description => 'Network connection Email Server',
principal => 'MAIL',
is_grant => TRUE,
privilege => 'connect');
END;
PL/SQL procedure successfully completed.
select * from DBA_NETWORK_ACLS;
(no rows)
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
acl => 'email_server_acl.xml',
description => 'Network connection Email Server',
principal => 'MAIL',
is_grant => TRUE,
privilege => 'connect');
END;
ORA-31003: Parent /sys/acls/ already contains child entry email_server_acl.xml
ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 252
ORA-06512: at line 2
Edited by: Adam J. Sawyer on 15/04/2011 17:08 -
Some strange problem with Flash/As3
Hi,
I am having some strange problem with my flash cs3.
Whatever script I write in as3 doesn't work, even a stop() function doesn't work . But when I change my publish setting to as2 it works fine.
Not sure about the root cause, may be some setting or preference or my cs3 is corrupted.
Can anybody please advise.
Thanks,
Kishortry this
create a new fla as3,
select frame 1
open the actions panel
paste in the following code
var squares:Array = new Array;
setup();
function setup():void {
for (var i = 0; i < 25; i++) {
var square:Sprite = new Sprite();
//square.name = "square" + i;
square.graphics.beginFill(Math.random() * 0xffffff);
squares.push(square);
squares[i].graphics.drawRect(0, 0, 100, 100);
squares[i].x = i*3;
squares[i].y = i*3;
squares[i].filters = [];
square.graphics.endFill();
stage.addChild(squares[i]);
for (var j = 0; j < squares.length; j++) {
squares[j].addEventListener(MouseEvent.MOUSE_DOWN, dragMovie);
squares[j].addEventListener(MouseEvent.MOUSE_UP, dropMovie);
squares[j].buttonMode = true;
function dragMovie(event:MouseEvent):void {
event.target.startDrag();
function dropMovie(event:MouseEvent):void {
event.target.stopDrag();
Maybe you are looking for
-
Can't drag docs from desktop onto the HD icon.
I am no longer able to drag documents onto the hard drive. I get an error message: The item "xxxxxx" can't be moved because "Macintosh HD" can't be modified. Do I "authenticate" or run to the apple store. I've had this computer for 2 years; updated t
-
Retrieval and Sort Buffer settings w/ASO in 9.2.02
Are there differences in the limits on setting the retrieval and sort buffers between BSO and ASO or System 9 and prior versions? Traditionally, the limit was 100 to maintain a stable environment.
-
How to make any CUCM image, bootable image
Como estas everyone I have non bootable CUCM image and i want to make it bootable Any help with this Thanks
-
Sending the SOAP request back in the SOAP response
Hi, I have a requirement in which I need to update a database from the information I receive in a SOAP request. Now my database will respond back with the number of records that are updated. Now I need to send back a SOAP response which should have t
-
What is error =8400 when downloading itunes Extra for movie ?
Help !!!!!!!!!!!!!!!!!