TMG not logging correct authentication

Hello,
I have rather a strange issue where I cant seem to find any logs on any of my servers including TMG. I can log in using AD credentials to various sites we have which rely on the same TMG servers and AD servers perfectly fine with all accounts. However when
I have an account which the password is going to expire in a month (4 weeks) the users are unable to log in to the OWA site and get a message stating:
"You could not be logged onto the Forefront TMG. Make sure that your domain name, user name, and password are correct, and then try again."
However if I use the same credentials on one of the other sites the account works fine as the account is still active and has not yet expired. The users are in different physical locations and different OU's but on the same AD servers and TMG. The issue
is not present with accounts which have had a recent password reset or are out of scope for a password expiration within a month. In other words if they have an expiry date longer than a month they can log in to OWA perfectly fine.
The TMG will log traffic which is authenticated on OWA and I can see this on the IIS servers and DC's as well. However with the expiring account I see nothing on the TMG, IIS or DC's. The same thing happens if I fail authentication purposefully on a live
account (one not expiring in the next 4 weeks). I am not sure where to go as I have no logs to look through so I cant see the issue to resolve it.The other sites which are working as published on the TMG as well which work find regardless of expiration date
approaching.
Does anyone else have this issue or any ideas on where to go?
I hope this all makes sense.
Thanks in advance
James

Hi,
What's the version of your TMG? You could check the KB below.
FIX: "You could not be logged on to Forefront TMG" error message when you try to log on to a published website after a domain name is not provided in the authentication settings for LDAP servers in the New Web Publishing Rule Wizard
https://support.microsoft.com/kb/2579940?wa=wsignin1.0
Best Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Similar Messages

  • ISE 1.2 not logging failed authentications on guest portal (CWA)

    Hi there
    I think this is a bug but wanted to check, if someone knows a good reason why failed authentication attemps with non-existing user account are not logged on ISE 1.2 (CWA).
    The different cases:
    Case 1: existing user / wrong password -> logged
    Case 2: no user / any password -> logged
    Case 3: no user / no password -> logged
    Case 4: non-existing user / any password -> not logged
    In my opinion this is a critical case to be logged because this could be an indicator of a DoS attack or a password penetration test.
    Thanks in advance and best regards
    Dominic

    Hi vatullu
    thanks man, you helped me a lot.
    Regards
    Dominic

  • Cisco Secure ACS not logging correctly

    I asked an ACS question in this thread the other day and it got answered so not sure if this is the right thread or not but I couldn't see any ACS questions under the Security or AAA threads.
    I'm running 2 ACS 4.2(patch 11) servers and the logging seems to have stopped working. Whilst some events are logged sporadically (some devices in particular consistently work - CatOS switches seem to still log TACACS accounting), the majority of messages I would expect to see in most of the logs are not present.
    I have tried changing the frequency of the logging from monthly to weekly to daily and each time I change the frequency its as if some messages that were "held up" suddenly appear in the penultimate log file where they should have been present the whole time.
    I can confirm that the ACS server is handling the AAA correctly just that it seems to not log it.
    I was thinking about raising a TAC but thought I'd try here first.

    Paul
    I was browsing by and I want to express our collective thanks to those who raise a question and then come back to post an answer when they have solved the issue. It helps make the forum more useful when people can read about an issue and can read what resolved the issue. And it is even better when the original poster is able to post the solution.
    So thanks to you.
    HTH
    Rick

  • Expired messages not logged correctly

    The Expiration Policy is set to "Log" and the Expiration Logging Policy is set to "%header%,%properties%" yet there are no entries in the server log.
              I am using a JMS template to configure my destinations and I can see that the other template settings (Redelivery Delay Override, Redelivery Limit) are correctly recognized. This is configured on WebLogic Server 8.1 SP5
              I can see the messages are being redelivered as many times as specified in the template but after the final attempt nothing is logged in the server log. Please advise how to resolve this issue.

    TimeToLive is a synonym for "expiration time".
              TimeToDeliver is only activated if your application or configuration has enabled an optional extension for scheduled messaging - sometimes also referred to as "setting the message's birth time" to be sometime in the future rather than immediate.
              Expired messages and messages that have reached redelivery limit can be automatically moved to an error destination - see http://e-docs.bea.com/wls/docs81/ConsoleHelp/domain_jmsqueue_config_redelivery.html
              Tom

  • SiteMinder Authentication Realm has NOT been correctly configured and...

    Hi All,
    When I set the realm (associated with the authentication provider) as UNPROTECTED, I see the following in my AUWebAgent.log (authentication web agent log):
    [31 Aug 2006 16:19:07,050] [main] [INFO] Configuration: Support for TP cookies is : ENABLED.
    [31 Aug 2006 16:19:07,050] [main] [INFO] Configuration: DefaultAgentName: bppttest.micron.com.
    [31 Aug 2006 16:19:07,051] [main] [INFO] Configuration: FilterDomainName: DISABLED
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Creating caches ..
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: No Cache Timeout specified. Default is 600 seconds
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: No Resource Cache Size specified. Default is: 0
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: No Authentication Cache Size specified. Default is: 0
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: No Authorization Cache size specified. Default is: 0
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: Auditing is DISABLED
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: Caching for anonymous users is DISABLED
    [31 Aug 2006 16:19:07,053] [main] [DEBUG] The SiteMinder Resource Manager is checking if resource "/smauthenticationrealm" is Protected.
    [31 Aug 2006 16:19:07,129] [main] [INFO] Resource "/smauthenticationrealm" is NOT Protected.
    [31 Aug 2006 16:19:07,129] [main] [ERROR] The SiteMinder Authentication Realm has NOT been correctly configured and is unavailable.
    Additional info:
    Using SiteMinder 5.5 on WebLogic 8.1 sp5
    When & if I set all my realms as protected then I am unable to startup my servers and get the folowing error:
    We are trying to setup (as in intergrate SiteMinder with Savvion) SiteMinder v2 with weblogic 8.1 sp 5. We have appropriately included the references to variours siteminder related jars as per Netegrity's ASA document. We aren't using any webserver, instead wewould be using launching page (which be a protected resource). The following is the installation, configuration, and testing information related to various siteminder components:
    SiteMinder Identity Asserter (IA) - installed, configured & tested successfully.
    SiteMinder Authentication Provider - installed, configured & test result -> Unsuccessful.
    SiteMinder Authorziation provider - installed, configured & test result -> Unsuccessful.
    Has anyone seen anything similar to the following? My guess on the above is that it looks like it is trying initialise siteminder stuff every time we start each of the servers(admin, ejb and portal). Since the initialisation happens for the 1st time) when the admin server is started, an error is thrown complaining about not being to initialise when we start either portal or ejb after that. If this is true then is there a way around this problem?
    The Admin Server starts fine. But when we try to start either of the ejb or portal server, we get the following error:
    <Aug 16, 2006 4:03:01 PM MDT> <Critical> <WebLogicServer> <BEA-000364> <Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException: failed to marshal invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String ;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9]
    weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException: failed to marshal invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String ;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9]
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:225)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:283)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java :581)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm (SecurityServiceManagerDelegateImpl.java:700)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize (SecurityServiceManagerDelegateImpl.java:876)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
    at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:821)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:669)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:343)
    at weblogic.Server.main(Server.java:32)
    >
    <Aug 16, 2006 4:03:01 PM MDT> <Emergency> <WebLogicServer> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException : failed to marshal invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9 ]>
    The WebLogic Server did not start up properly.
    weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException: failed to marshal invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String ;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9]
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:225)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:283)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java :581)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm (SecurityServiceManagerDelegateImpl.java:700)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize (SecurityServiceManagerDelegateImpl.java:876)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
    at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:821)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:669)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:343)
    at weblogic.Server.main(Server.java:32)
    Reason: weblogic.security.service.SecurityServiceRuntimeException : [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException: failed to marshal invoke(Ljavax.management.ObjectName ;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9]
    Any help would be appreciated.
    Regards,
    Prashant

    but it just says it cannot repair due to another program being installed.
    I'd like to have a closer look at that error message please.
    Generate the error message again. While the error message box is open, hold down the Alt key and hit the PrtSc key. Paste the screenshot into an image file (using a program like Paint), and save the file.
    Start a reply here and click the wee camera icon at the top of the reply window. Click "Choose file", browse to the image file, select the file and click "Open". Now click "Insert file" to insert the screenshot into the reply.

  • Adobe Illustrator file will not display correctly when logged in as a user

    I am working with an Adobe Illustrator CS2 file that will open and display correctly if I log in as Administrator, but will not display correctly if I am logged on as a user. The error message is that there is not enough memory to display the file correctly and I am forced into preview mode. The user Home folder is on a server. Other than this, I have made certain that the criteria for opening the file match under both interfaces. I have opened the AI CS2 file on other Macs and it opens fine. I conclude that the problem is with the user Home folder, but beyond that, I'm stumped. Any help will be appreciated.

    After I filed a bug-report an Apple engineer contacted me, and asked me to try running java in headless mode: http://java.sun.com/developer/technicalArticles/J2SE/Desktop/headless/
    That solved the problem!

  • I was today invited to upgrade my iTunes when I logged on.  Update failed. Every time I now try to open iTunes I get error messages.  Second message reads "iTunes was not installed correctly. Please re-install iTunes. Error 7. Windows error 126"

    I was today invited to upgrade my iTunes when I logged on.  Update failed. Every time I now try to open iTunes I get error messages.  Second message reads "iTunes was not installed correctly. Please re-install iTunes. Error 7. Windows error 126". I now can't sync my iPhoneand I am worried that if I re-install I will lose all my contacts,calendar, notes, etc.

    I too had this problems (Windows 8.1).  A few weeks ago after the previous update before this version of itunes, I'd had a problem with the itunes store crashing and at that time I followed instructions to copy QTMovieWin.dll to the itunes folder, which fixed the store crashing.
    Today I fixed the problem by:
    Delete QTMovieWin.dll from C:\Program Files (x86)\iTunes.
    Uninstall ALL Apple Software using Control Panel / Programs and Features.  I uninstalled:
    iTunes
    QuickTime
    Apple Mobile Device Support
    Apple Application Support
    Apple Software Update
    Bonjour
    Delete the folders:
    C:\Program Files (x86)\iTunes
    C:\Program Files (x86)\Common Files\Apple
    Restart the computer
    Reinstall QuickTime
    Reinstall iTunes
    Everything works GREAT now, including the iTunes store.  You will not lose your media files, I got everything back, all my settings, playlists, etc.

  • Trying to log into my account an error message "this version of itunes has not been correctly localized for this language please run English version

    Today logging into my Itunes account an error message comes up, "This versionof Itunes has not been correctly localized for this language.  Please run English version.  Don't know why Im getting this and cannot get into account at all

    For general advice see Troubleshooting issues with iTunes for Windows updates.
    The steps in the second box are a guide to removing everything related to iTunes and then rebuilding it which is often a good starting point unless the symptoms indicate a more specific approach. Review the other boxes and the list of support documents further down page in case one of them applies.
    Your library should be unaffected by these steps but there is backup and recovery advice elsewhere in the user tip.
    tt2

  • Safari for Windows will not log into IIS sites with Windows Authentication

    Safari for Windows will not log into IIS sites with Windows Authentication enabled. The IIS log has thousands of login attempts from Safari that result in 401 errors.
    I disable Windows Authentication on IIS and it works fine. The problem with that is that my Windows clients stop working properly with seemless logins when I disable this.
    The expected behavior is that Safari will work with basic authentication when NTLM does not work. That would result in a password prompt followed by a successful login instead of Safari stopping at "Loading" while hammering the IIS logs.
    It does this on all machines that I have tried.
    Any ideas or is this a bug?

    I noticed that as well. I have to wonder if it's due to not making note of the the different end of line characters between Mac OS X and Windows in code.

  • TS1424 itunes purchase security questions & answers reset and answered correctly.  Can not log in with updated answers which state one or both are incorrect.

    Can anyone help with this situation?
    itunes purchase security questions & answers reset and answered correctly.  Can not log in with updated answers which state one or both are incorrect.

    You need to contact Apple to get the questions reset. Click here, phone them, and ask for the Account Security team, or fill out and submit this form.
    (94948)

  • I have not logged out in years. How can I check to see if I remember my password is correct?

    Appologies to all who tried to answer my previous attempts at this question.  I have not logged off in years bc I was affraid I didn't remember my "log out password".  I never wrote it down. I never saved it in key chain.  I have a good idea what it is and want to prove it before I use the log out feature again.  Is there a way to do that?  I have gone into System Preferences > Accounts and tried to change password and was successful. Is that the same as the logout password?

    If you are still concerned Raymond, open Keychain Access. It is in your Mac's Utilities folder.
    Click the "login" Keychain as in the above screenshot. Then click the lock icon at the upper left. If it is already unlocked, it will lock your Keychain.
    Click it again to unlock it. It will then ask for your password:
    Type in the password you used in System Preferences and click OK.
    If the lock icon unlocks, you just proved your login password is correct and identical to your Keychain password, as it normally is. Then you can stop worrying about this and start worrying about the Mayan Apocalypse in a couple of days.

  • Can not log on after successfull installation - SAP Netweaver Trial JAVA

    Hello,
    I have successfully downloaded and installed the NW Java trial. (NW_JAVA_700SP14_SR3.rar)
    I can see in SAP MMC that all the services was started. At http://vjm:50000 I can see the default page.
    Unfortunately I can not log on to any page that need SAP authentication (eg. User management, NW administrator),
    but can log to pages which needs just basic browser authentication (eg: Web Service Navigator, UDDI client, System Information).
    The portal also does not let me log on (http://vjm:50000/irj ).
    When I get the standard SAP NW log on screen, after entering Administrator with the correct master password, simply the log on screen appears again (the password field is cleared). I also tried some incorrect user name / password just to check the difference. In that case I got the correct error message.
    I installed the software with WMware, Windows 2003 server, allocated enough disk space and 1.6Gbyte RAM. The installation finished without errors. Prior, I installed the MS loopback too (tried without it too). In SAP MMC everything is green, only have an open alert in J2E 00 -> Services -> Security -> Aggregated Data -> Invalid session count "262 > 200 last reported value above treshold".
    I am using the standard internet explorer coming with Win2003 server.
    Tried the users: Administrator, SDM, Guest, ADSUSER. I know that the password is correct, because I don't get any error if I use it, just getting the log on screen back ...
    Could anyone pls help me how can I log on to the system? Or is there any security trace file or log which could help me solve this problem?
    I am desperately trying to install this trial, I completely reinstalled the software 5 times but still can not use it
    Laszlo

    Hi,
    is your problem persisting?
    CAVE: If you use a wrong user/pw combination > 3 times the account of the user may be locked!
    try j2ee_admin instead of administrator or try adm together with your Masterpassword
    Do you have to specify the users pw inside the installation procedure? In "normal" installations this has to be done.
    If not the pw´s in the documentation of the previous answer`may fix your problem.
    The sap mmc is irrelevant for user authentication.
    Green means your system is running, nothing else.
    kind regards
    Tom

  • Outlook web login screen not displaying correctly on Exchange 2007 service pack install

    Hello everyone,
    I believe our exchange server installed a service pack 3 update and after rebooting the server, we noticed that the Outlook web access login screen is not displaying correctly.  The page looks white with some black X's (I think that's where the
    pictures/background images used to be).  We tried to restart the ISS service with no luck.  I would appreciate any help you guys can provide.
    Thanks,
    Brian Kourdou

    Hi,
    I have seen this issue in another similar thread, that issue was solved by re-creating the OWA virtual directory.
    Please try the following steps to solve this issue.
    Open EMC, navigate to Server Configuration -> Client Access, under Outlook Web App tab, double-click owa (default web site) properties.
    Then check InternalURL, ExternalURL, Forms-Based Authentication settings ect
    Open EMS, use Get-OwaVirtualDirectory get the list of virtual directories and identify the directory which is giving the problem.
    Remove it with this command
    Remove-OwaVirtualDirectory “owa (Default Web Site)”
    Now create it again with the following command
    New-OwaVirtualDirectory -OwaVersion “Exchange2007″ -Name “owa (Default Web Site)”
    Then configure the “owa” virtual directory settings like InternalURL, ExternalURL, Forms-Based Authentications etc… & check the OWA by logging with some test users.
    Best Regards.
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Lynn-Li
    TechNet Community Support

  • CUC Cluster not functioning correctly

    Saw a few posts and documents relating to this issue but they don't match up perfectly with my particular scenario.  Basically, the customer could no longer log into the Unity Pub so we had to do a rebuild as nothing was working.  The sub took over as it should, a co-worker rebuilt their Pub and the split-brained effect never went away.  In, fact they arn't communicating at all almost a week later.  Here are the things I've checked so far:
    DB Replication: (from the subs perspective)
    DB and Replication Services: ALL RUNNING
    Cluster Replication State: Only available on the PUB
    DB Version: ccm9_1_1_10000_11
    Repltimeout set to: 300s
    PROCESS option set to: 1
    Cluster Detailed View from XXXXX-UCXN02 (2 Servers):
                                    PING            CDR Server      REPL.   DBver&  REPL.   REPLICATION SETUP
    SERVER-NAME     IP ADDRESS      (msec)  RPC?    (ID) & STATUS   QUEUE   TABLES  LOOP?   (RTMT)
    XXXXX-UCXN01    10.200.9.21     0.575   Yes     (2)  Connected   0      match   Yes     (2)
    XXXXX-UCXN02    10.103.9.22     0.067   Yes     (3)  Connected   0      match   Yes     (2)
    (Pubs perspective)
    DB and Replication Services: ALL RUNNING
    DB CLI Status: No other dbreplication CLI is running...
    Cluster Replication State: BROADCAST SYNC Completed on 1 servers at: 2015-01-23-17-19
         Last Sync Result: SYNC COMPLETED  603 tables sync'ed out of 603
         Sync Errors: NO ERRORS
    DB Version: ccm9_1_1_10000_11
    Repltimeout set to: 300s
    PROCESS option set to: 1
    Cluster Detailed View from XXXXX-UCXN01 (2 Servers):
                                    PING            CDR Server      REPL.   DBver&  REPL.   REPLICATION SETUP
    SERVER-NAME     IP ADDRESS      (msec)  RPC?    (ID) & STATUS   QUEUE   TABLES  LOOP?   (RTMT) & details
    XXXXX-UCXN01    10.200.9.21     0.084   Yes     (2)  Connected   0      match   Yes     (2) PUB Setup Completed
    XXXXX-UCXN02    10.103.9.22     0.663   Yes     (3)  Connected   0      match   Yes     (2) Setup Completed
    Clusters look good:
    admin:show network cluster
    10.200.9.21 xxxxx-ucxn01.xxxxx.local xxxxx-ucxn01 Publisher authenticated
    10.103.9.22 xxxxx-ucxn02.xxxxx.local xxxxx-ucxn02 Subscriber authenticated using TCP since Fri Jan 23 16:42:15 2015
    Server Table (processnode) Entries
    10.200.9.21
    10.103.9.22
    Successful
    Overall, they are in that split-brained mode and working with CUCM but I'm not sure why it hasn't corrected itself.  Both the pub and sub have been restarted to no effect....  Any ideas on why this is still happening?  I am in the process of pulling logs.
    Error shown by CUC at the Admin page after login:
      Communication is not functioning correctly between the servers in the Cisco Unity Connection cluster. To review server status for the cluster, go to the Tools > Cluster Management page of Cisco Unity Connection Serviceability.

    Check NTP. Ensure Unity is synced to a stable good stratum source - preferably stratum 1,2 or 3.
    On your version, time slips can cause memory leaks on servm. This in turn affects cluster communication.
    You said you couldn't access Pub. Pub would have been on high CPU. Another symptom of this issue.
    You can confirm by looking at the core dumps - 'utils core active list'
    See if there are any servm core dumps. Most likely the server is affected by CSCug53756 / CSCud58000
    HTH
    Anirudh

  • IChat - Host does not support Kerberos authentication

    Hi all,
    I have been trying but with no success to set up an iChat server on 10.6. Our OS X server is bound to AD and will hopefully be using AD to authenticate the iChat clients. I have followed Apple's guide on commenting out the <!-- <cram-md5/> --> section of the c2s.xml file which hasn't solved our problems. Open Directory isn't running as a master it is connected to another directory (our AD directory), and as a test I set up a Wiki server on the same box and this does allow us to authenticate against AD.
    The error message we are receiving in iChat is "The host example.com does not support Kerberos authentication. The client is set to use Kerberos, the username format is [email protected] all I think the correct settings.
    Under iChat General Settings on the server the Host Domain is example.com, SSL Certificate: No Certificate, Authentication: Any Method, and Enable XMPP server-to-server federation is enable for all domains.
    This is our jabber fullstatus:
    jabber:state = "RUNNING"
    jabber:readWriteSettingsVersion = 1
    jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
    jabber:logPaths:MUCSTDLOG = "/var/jabberd/log/mu-conference.log"
    jabber:logPaths:JABBER_LOG = "/var/log/system.log"
    jabber:proxyState = "RUNNING"
    jabber:currentConnections = "0"
    jabber:currentConnectionsPort1 = "0"
    jabber:currentConnectionsPort2 = "0"
    jabber:pluginVersion = "10.6.100"
    jabber:serviceMode = "CHATSERVER"
    jabber:domainName = "example.com"
    jabber:mucState = "RUNNING"
    jabber:servicePortsAreRestricted = "NO"
    jabber:servicePortsRestrictionInfo = emptyarray
    jabber:hosts:arrayindex:0 = "example.com"
    jabber:setStateVersion = 1
    jabber:startedTime = "2010-10-07 16:12:01 +0100"
    jabber:jabberdState = "RUNNING"
    This is our changeip -checkhostname:
    Primary address = 192.168.1.20
    Current HostName = ichat.example.com
    DNS HostName = ichat.example.com
    The names match. There is nothing to change.
    dirserv:success = "success"
    Any help with this would be much appreciated, and I can supply further logs details if needed. I have used example.com to protect our domain name but i kept the format identical.
    Cheers,
    Chris

    From the console:
    08/10/2010 13:00:52 com.apple.launchd.peruser.2027651558[416] ([0x0-0x16a16a].com.apple.iChat[2873]) The USER environmental variable changed out from under us!
    08/10/2010 13:00:52 com.apple.launchd.peruser.2027651558[416] ([0x0-0x16a16a].com.apple.iChat[2873]) In a future build of the OS, this error will be fatal.
    08/10/2010 13:00:52 com.apple.launchd.peruser.2027651558[416] ([0x0-0x16b16b].com.apple.iChatAgent[2875]) The USER environmental variable changed out from under us!
    08/10/2010 13:00:52 com.apple.launchd.peruser.2027651558[416] ([0x0-0x16b16b].com.apple.iChatAgent[2875]) In a future build of the OS, this error will be fatal.
    08/10/2010 13:00:52 iChatAgent[2875] [Warning] JConnection: Error: Error Domain=XMPPErrorDomain Code=122 UserInfo=0x10020b680 "The host corepublishing.co.uk does not support Kerberos authentication."
    The iChat server log shows this at the same time:
    Oct 8 13:00:52 ichat jabberd/c2s[1051]: [7] [::ffff:192.168.2.170, port=50624] connect
    Oct 8 13:00:52 ichat jabberd/c2s[1051]: [7] [::ffff:192.168.2.170, port=50624] disconnect jid=unbound, packets: 0

Maybe you are looking for

  • Carrying and Forwarding agent mapping

    Dear All, I have to map a certain scenario where there are two plants at two different states and one ware house and 20 C& F agents spread across the country. 1)How should i map this in SAP? 2) Whether i should map the C& F agents as S.Loc or any thi

  • No_adapter_engine_found

    Hi, the issue after upgrade XI SP16, I have been looking at all of contents from this site, but still having this problem. here is my test. i can see all adapters on adapter monitoring. 1. JDBC2JDBC, call adapter(receiver) on payload of SXMB_MONI, er

  • Db_keep_cache_size and cache in dba_tables

    Hello All: I have recently alter a table to cache it in db_keep_cache pool however i do not see the change reflected in dba_tables in cache column. Is this expected behaviour? Thanks S~

  • How to Provide Zoom-in/out Facility in SmartForms Report?

    hi all, can someone tell me how to provide Zoom-in/out facility in a smartforms report? We have a report with very small font and we hardly read contents in preview screen. can someone provide some help on this? thanks in advance, sid

  • Flash Builder Syntax Highlite question

    When I click or finish typing a word ("String" for example), Flash Builder or Eclipse highlights every other instance of it for me. Effectively making the word unreadable because of my color settings (see image). What is that lovely feature called an