User unable to check in content in URM 10g

Similar Messages

• Workflow issues for checking in content in URM

  I am pretty new to the whole workflow thing and am giving it my best shot.
  I am trying to trigger the workflow for all new content that has the account 'ABC'. Setting up the criteria was the easy part.
  The hard part for me is the statements that actually trigger the workflow.
  I used the following statements, where my name is entered into the metadata field xvg_busconname and received this error:
  <$wfSet("wfMailSubject","workflow item " & DocName)$>
  <$wfSet("wfMessage", "This item has been checked in." & DocName)$>
  <$wfNotify(xvg_busconname,"user")$>
  Error executing script:
  Evaluated value: <$wfSet("wfMailSubject","workflow item " & DocName)$>
  <$wfSet("wfMessage", "This item has been checked in." & DocName)$>
  <$wfNotify(xvg_busconname,"user")$>. Offset in runtime evaluation is at line 3 and character 27. Could not find the parameter 'xvg_busconname'&lrm;.
  wfMailSubject=workflow item
  wfMessage=This item has been checked in.
  I also tried it slightly different, where my email address was entered into the metadata field xvg_busconeemail:
  <$wfSet("wfMailSubject","workflow item " & DocName)$>
  <$wfSet("wfMessage", "This item has been checked in." & DocName)$>
  <$wfNotify(xvg_busconemail,"emailformat")$>
  and recieved this error:
  Error executing script:
  Evaluated value: <$wfSet("wfMailSubject","workflow item " & DocName)$>
  <$wfSet("wfMessage", "This item has been checked in." & DocName)$>
  <$wfNotify(xvg_busconemail,"emailformat")$>. Offset in runtime evaluation is at line 3 and character 27. Could not find the parameter 'xvg_busconemail'&lrm;.
  wfMailSubject=workflow item
  wfMessage=This item has been checked in.
  If anyone sees an obvious problem with where I am going wrong, please let me know.
  Thanks.

  Hi liqian,
  Download the ContentIntegrationSuite which gives you Java API's to interract with URM.
  I would like to know about the usage of agent services / web services to checkin / checkout the content from Content Server.
  regards
  Ravi.

• Users unable to access US content due to canadian external IP address

  Hello there,
  We have users in US who are required to access US websites for content searching but unable to do so because of their IP address is being Natted to external IP that is assigned in Canadian block.
  We cannot use proxy servers due to legality.
  any suggestions or recommendations ? 
  Thanks 
  M

  Hi,
       Here is my working solution that I have used for years with StrongVPN.
  http://forum.strongvpn.com/forums/topic/3480/cisco-ios-l2tp-working-connection-config
  Hope this helps.
  Cheers.
  Jason

• Publisher 6.4 to 6.5 - unable to check out content items

  Hello,
  We upgraded from publisher 6.4 to 6.5 and now are having issues with existing content.
  When trying to check out a content item - the browser hangs - checking task manager IE is hung but continually grabbing memory.
  Eventually it comes back as a Windows Internet Explorer error - Out of Memory at line 21 - then it just ignore any other clicks to the 'Check Out' link.
  Previous to this I got an error that said
  "Stop running script?
  A script on this page is causing Internet Explorer to run slowly.
  If it continues to run, your computer may become unresponsive."
  So I did this http://support.microsoft.com/kb/175500
  But now I get the out of memory error.
  I cannot even check out the content item to see what the issue is. It is not all content items just this one. Trying to find a way to edit it...
  Suggestions? Any thoughts?
  Thanks,
  V

  Did you check the publisher log files? Logs should be located here ptcs\6.5\logs
  you could also try increasing the amount of memory publisher uses by changing the min/max settings in this file.. ptcs\6.5\settings\config\service.conf
  After you change the memory settings you may need to uninstall and reinstall the publisher service using the ptcs\6.5\bin\service.bat -remove and -intall....
  Hope that helps.

• PC Users are unable to check Outlook while my (mac) Mail is open

  Ever since I upgraded to 10.4, whenever I have my Mail application open, the PC users are unable to check their IMAP mail through Outlook. The PC Users and myself are all using different accounts, but are checking the same server.
  At first, this seemed like it was a coincidence... but then I shut my powerbook and they could check their again. I have to use a web mail client to check my email when I am on the network at work.
  Any ideas to resolve this issue? Mail is set to check every 5 minutes.

  AA8 and AA9 allow Reader Rights so the user can save the form. This is restricted by the license to 500 uses. In the long run, the only advantage of the Reader Rights is for your users, not for you. You can always import the data into the form and have the same result as they had in the form. It is not necessary to transmit the full form to you, only the data. If you were developing a web form that would likely exceed the 500 uses, you would have to negotiate a price with Adobe for Reader Rights (thousands of $$ should be expected).
  If saving is important in a company environment, not online, then you may want to read the EULA carefully as to the exceptions. You will still have to have at least AA8.
  I guess the printing problem was answered.

• "Unable to check revocation" error while checking CDP from non-domain user account

  Hi!
  I use 3-tier PKI infrastructure:
  Stand-alone offline Root CA: RootCA;
  Stand-alone offline Intermediate subordinate CA: SubCA;
  Enterprise CA: EntSubCA.
  In certificate we have three CDP point for CRL check:
  ldap:///, http:// and file://
  I have Windows 2008 R2 server joined to domain.
  I use command certutil –verify –urlfetch <filename.cer> >check.txt for revocation checking of certificate.
  When I use domain user account for revocation checking, all OK.
  I have access to any CDP and all fine.
  But when i use local server user account, I haven't access to ldap:/// and process failed although all other links is OK.
  My question is "why check fail with non-domain user accout while other CDP point succesfully verifed"?
  Here is the logfile from local user:
  Issuer:
  CN=EntSubCA
  DC=DED
  DC=ROOT
  Subject:
  CN=servername.domain_name
  Cert Serial Number: 5a896145000300006ee2
  dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
  dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
  dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_BASE
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ChainContext.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  SimpleChain.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
  Issuer: CN=EntSubCA, DC=DED, DC=ROOT
  NotBefore: 05.02.2015 20:03
  NotAfter: 05.02.2016 20:03
  Subject: CN=servername.domain_name
  Serial: 5a896145000300006ee2
  SubjectAltName: DNS Name=servername.domain_name
  Template: Machine
  70 e4 6b 16 05 a1 62 e3 6d 24 96 ff 44 74 ee a2 3e ce df 18
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ---------------- Certificate AIA ----------------
  Failed "AIA" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?cACertificate?base?objectClass=certificationAuthority
  Verified "Certificate (0)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crt
  Verified "Certificate (0)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crt
  ---------------- Certificate CDP ----------------
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?certificateRevocationList?base?objectClass=cRLDistributionPoint
  Verified "Base CRL (018d)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [1.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [1.0.2] http://webserver/crl/EntSubCA.crl
  Verified "Base CRL (018d)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [2.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [2.0.2] http://webserver/crl/EntSubCA.crl
  ---------------- Base CRL CDP ----------------
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  OK "Base CRL (018d)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [1.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [1.0.2] http://webserver/crl/EntSubCA.crl
  OK "Base CRL (018d)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [2.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [2.0.2] http://webserver/crl/EntSubCA.crl
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 018d:
  Issuer: CN=EntSubCA, DC=DED, DC=ROOT
  33 af 4d be 0e 35 45 94 bc 8b 3f d9 c1 60 e7 0c c4 83 17 b6
  Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
  CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=SubCA
  NotBefore: 13.11.2014 19:12
  NotAfter: 13.11.2017 19:22
  Subject: CN=EntSubCA, DC=DED, DC=ROOT
  Serial: 6109015b000100000008
  Template: SubCA
  9b 04 17 9f c5 fe 52 ca a5 58 49 6c c6 18 fa db 13 b3 92 9e
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Failed "AIA" Time: 0
  Error retrieving URL: The network path was not found. 0x80070035 (WIN32: 53)
  file://\\sub_ca\CertEnroll\sub_ca_SubCA(1).crt
  Verified "Certificate (0)" Time: 0
  [1.0] file://\\ca\crl\SubCA.crt
  Verified "Certificate (0)" Time: 4
  [2.0] http://webserver/crl/SubCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (32)" Time: 0
  [0.0] file://\\ca\crl\SubCA.crl
  Verified "Base CRL (32)" Time: 4
  [1.0] http://webserver/crl/SubCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 32:
  Issuer: CN=SubCA
  8d a9 9d 51 65 a3 8e 77 02 22 40 57 62 70 e8 f6 c5 2e 60 1e
  CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=RootCA
  NotBefore: 28.05.2008 12:09
  NotAfter: 28.05.2058 12:19
  Subject: CN=SubCA
  Serial: 616bd19f000100000004
  Template: SubCA
  06 d2 47 e7 dc 8f a7 97 a2 b8 c3 92 03 19 24 0c 47 45 22 14
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crt
  Verified "Certificate (0)" Time: 4
  [1.0] http://webserver/crl/RootCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (1c)" Time: 4
  [0.0] http://webserver/crl/RootCA.crl
  Verified "Base CRL (1c)" Time: 0
  [1.0] file://\\ca\crl\RootCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 1c:
  Issuer: CN=RootCA
  dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
  CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=RootCA
  NotBefore: 27.05.2008 16:10
  NotAfter: 27.05.2110 16:20
  Subject: CN=RootCA
  Serial: 258de6fbd3bbab92460530e9e9f10536
  5d e4 56 38 13 0a 52 aa 66 51 25 61 19 33 c9 d7 a2 c7 dd 38
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crt
  Verified "Certificate (0)" Time: 4
  [1.0] http://webserver/crl/RootCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (1c)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crl
  Verified "Base CRL (1c)" Time: 4
  [1.0] http://webserver/crl/RootCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 1c:
  Issuer: CN=RootCA
  dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
  Issuance[0] = 1.2.700.113556.1.4.7000.233.28688.7.167403.1102261.1593578.2302197.1
  Exclude leaf cert:
  5b 8d 96 39 f8 a3 6f af f3 89 bc 8d 78 e2 da 53 21 b8 ff aa
  Full chain:
  ca 99 30 47 9b ad ab ce 97 cc 70 80 a5 4e 11 b3 1a 83 98 78
  Verified Issuance Policies: None
  Verified Application Policies:
  1.3.6.1.5.5.7.3.2 Client Authentication
  1.3.6.1.5.5.7.3.1 Server Authentication
  ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613)
  CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
  CertUtil: -verify command completed successfully.

  What you have discovered is the reason to *not* use LDAP URLs for CDP and AIA extensions in your PKI. To access those URLs, the account must access to the URLs. In your output, it is quite clear that the local account does not have necessary permissions
  (you also use FILE URLs for publication, which again is not recommended).
  The best practice is to use a single URL for the CDP extension. It should be an HTTP URL that is hosted on a highly available (internally and externally accessible) Web cluster.
  For the AIA extension, it should contain two URLs: one for the CA certificate - again to an internally and externally accessible, highly available Web cluster and one for the OCSP service - also
  an internally and externally accessible, highly available Web cluster.
  the other issue is that the root CA is *not* trusted when run by a non-domain account. How are you adding the trusted root CA. It is recommended to do this by running
  certutil -dspublish -f RootCA.crt.
  This will ensure that the computer account trusts the root CA. In your output, the root CA certificate is not trusted.
  Brian

• 'Unable to check credentials of user. Permission denied...'

  Hi everyone, i have this problem when i try to login in a jsp that connects with WCC to check user and password.
  oracle.stellent.ridc.protocol.ServiceException: Unable to check credentials of user. Permission denied. Address 'xx.xx.xx.xx' is not an allowable remote socket address.
       at oracle.stellent.ridc.protocol.ServiceResponse.getResponseAsBinder(ServiceResponse.java:142)
       at oracle.stellent.ridc.protocol.ServiceResponse.getResponseAsBinder(ServiceResponse.java:108)
       at wcc.WccConnection.checkUser(WccConnection.java:597)
  The Address 'xx.xx.xx.xx' is a the IP Address of the VM where i mounted the WCC Server.
  I can access from another machine to the Control panel of the WCC with http://xx.xxx.xx.xx/cs so it has connectivity.
  Somebody said i had to change the file config.cfg in the WCC and add that address to the "SocketHostAddressSecurityFilter" variable, but it still doesnt work.
  Anyone has idea about this error?
  Thanks a lot!

  Check how Incoming Socket Connection Address Security Filter is configured. For more info see http://docs.oracle.com/cd/E23943_01/doc.1111/e14495/config.htm#INECM1695
  (don't forget to restart the server after changing the value)

• Can't download purchased content. "Unable to check for available downloads"

  I can no longer download purchased content. Each time I check for available downloads I get an error message that says "Unable to check for available downloads. The iTunes Store is temporarily unavailable. Please try again later."
  The screen says I have 17 itunes downloads available but cannot download them. The most recent purchase I am not able to download is Season 3 of Dexter in standard def and some other season passes. This is really annoying; I already paid for the content and am not able to watch it...

  After sending two e-mails and recording a screen-cast video solved the problem.
  Source: http://posterous.thisux.com/fixed-itunes-9-error-unable-to-check-for-avai

• Error: unable to connect to database using user system. please check privil

  Hi All,
  i have 2 oracle databases in my system (ORCL,RR). i am able to connect both databases i sql prompt. but in ggsci prompt not able to connect rr database due to below error
  dblogin userid system, password tiger.
  Error: unable to connect to database using user system. please check privil
  Can you please help me to connect RR database also in GGSCI promt.
  Thanks
  Raja

  Did you try with RR database tns name or sid while connecting ?
  If No then try this ,
  GGSCI (ATP) 6> DBLOGIN USERID SYSTEM@<tns alias name>
  Password:
  Successfully logged into database.
  HTP
  Annamalai.

• Unable to view the contents in NQS Config file

  Hi Forum,
  After I successfully install the OBI EE 10.1.3 Application, I am unable to view the contents in NQS Config file. It is opening in Notepad with error showing as "The filename, directory name or volume label syntax is incorrect."
  So please guide me in resolving this issue.
  Regards
  Cool j

  You probably have restricted access to the file. Check if the drive is ntfs. If the os user is in administrator group, you can give permissions in file properties.

• Adding keys to EFS files - "The revocation function unable to check revocation"

  I am having an issue on some, not all, computers while attempting to add user keys to encrypted files using the GUI tools (File Properties-->Advanced-->Details). Encrypting the file itself works fine. When I attempt to add users to an encrypted
  file, I am getting the error:
  "The revocation function was unable to check revocation because the revocation server was offline."
  However, I am not having any issues from those same computers when I add users to the encryption using the command line tool cipher.exe (/ADDUSER /USER options).
  The issue is not occurring with a particular Windows version. The working and non-working users/computers are on the same network, with no restrictions to the revocation locations (LDAP and HTTP). From one of the non-functioning computers, I verified
  that I can access the CRL using the HTTP CDP. I do not know a way to test/verify access to the LDAP CDP. I understand that the action of adding users to an encrypted document performs a CRL check. I am at a lost as to why it is failing when I attempt
  to do this through the GUI from only certain computers. This has just started to happen. Any ideas are appreciate. If anyone even knows exactly how the encryption process checks CRL or if there is a log I can look at, that would be of great
  help.

  The certutil command has been helpful, but I have no idea what the problem is. So I run certutil against a user certificate that I want to add to an encrypted file and here is what I get. It is showing that the AIA revocation check failed. I have no idea
  why that would be. I ran a packet capture as I ran this command and can see that it appears to connect to the web server hosting the CRL of the AIA. To give you some background, I have an offline root certificate authority, with its certificate and CRL published
  on our corporate internet website. Then I have an internal online Enterprise subordinate CA, signed by the root CA, that is issuing our user certificates. The subordinate's AIA and CDP for its root CA are on that corporate internet web site. the
  CDP and AIA for the user certificates are stored on the internal subordinate CA web server as well as Active Directory. Checks on those CRL locations looks to be completely fine. It appears to be failing on just the subordinate CA's CDP and AIA. However, near
  the bottom of the certutil output, you can see it does a check on those CDP and AIA locations, and it appears to succeed just fine. Again, the packet capture I ran looks to indicate everything is fine as well. I can see HTTP 200 responses with what appears
  to include the CRL contents.
   I attempted to strip all identifying information out of this, so excuse me if something looks odd.
  C:\>certutil -verify -urlfetch jdoe.cer
  Issuer:
  CN=My Company Subordinate CA
  DC=company
  DC=com
  Subject:
  CN=Doe, John
  OU=Users
  DC=company
  DC=com
  Cert Serial Number: 674dfc4d000100000494
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_BASE
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ChainContext.dwRevocationFreshnessTime: 79 Days, 24 Minutes, 47 Seconds
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  SimpleChain.dwRevocationFreshnessTime: 79 Days, 24 Minutes, 47 Seconds
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=My Company Subordinate CA, DC=company, DC=com
  NotBefore: 3/12/2014 1:48 PM
  NotAfter: 1/4/2016 3:25 PM
  Subject: CN="Doe, John", OU=Users, DC=company, DC=com
  Serial: 674dfc4d000100000494
  SubjectAltName: Other Name:Principal [email protected]
  Template: EFS v2
  3a ed ec e1 6f bc 25 8c 94 6c de 17 ef e3 1b 5b a3 c3 55 81
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Revocation Check Failed "Certificate (0)" Time: 0
  [0.0] ldap:///CN=My%20Company%20Subordinate%20CA,CN=AIA,CN=Public%20Key%20Services,CN
  =Services,CN=Configuration,DC=company,DC=com?cACertificate?base?objectClass=certificationAuthority
  Wrong Issuer "Certificate (1)" Time: 0
  [0.1] ldap:///CN=My%20Company%20Subordinate%20CA,CN=AIA,CN=Public%20Key%20Services,CN
  =Services,CN=Configuration,DC=company,DC=com?cACertificate?base?objectClass=certificationAuthority
  Revocation Check Failed "Certificate (0)" Time: 0
  [1.0] http://CAServer/CertEnroll/CAServer.company.com_My%20Company%20Subordinate%20CA(1).crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (0ad9)" Time: 0
  [0.0] http://CAServer/CertEnroll/CAServer.company.com_My%20Company%20Subordinate%20CA(1).crl
  Verified "Delta CRL (0ad9)" Time: 0
  [0.0.0] ldap:///CN=My%20Company%20Subordinate%20CA(1),CN=CAServer,CN=CDP,CN=Public%20K
  ey%20Services,CN=Services,CN=Configuration,DC=company,DC=com?deltaRevocationList?base?objectClass=cRLDistr
  ibutionPoint
  Verified "Delta CRL (0ad9)" Time: 0
  [0.0.1] http://CAServer/CertEnroll/My%20Company%20Subordinate%20CA(1)+.crl
  Verified "Base CRL (0ad9)" Time: 0
  [1.0] ldap:///CN=My%20Company%20Subordinate%20CA(1),CN=CAServer,CN=CDP,CN=Public%20Key
  %20Services,CN=Services,CN=Configuration,DC=company,DC=com?certificateRevocationList?base?objectClass=cRLD
  istributionPoint
  Verified "Delta CRL (0ad9)" Time: 0
  [1.0.0] ldap:///CN=My%20Company%20Subordinate%20CA(1),CN=CAServer,CN=CDP,CN=Public%20K
  ey%20Services,CN=Services,CN=Configuration,DC=company,DC=com?deltaRevocationList?base?objectClass=cRLDistr
  ibutionPoint
  Verified "Delta CRL (0ad9)" Time: 0
  [1.0.1] http://CAServer/CertEnroll/My%20Company%20Subordinate%20CA(1)+.crl
  ---------------- Base CRL CDP ----------------
  OK "Delta CRL (0add)" Time: 0
  [0.0] ldap:///CN=My%20Company%20Subordinate%20CA(1),CN=CAServer,CN=CDP,CN=Public%20Key
  %20Services,CN=Services,CN=Configuration,DC=company,DC=com?deltaRevocationList?base?objectClass=cRLDistrib
  utionPoint
  OK "Delta CRL (0add)" Time: 0
  [1.0] http://CAServer/CertEnroll/My%20Company%20Subordinate%20CA(1)+.crl
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 0ad9:
  Issuer: CN=My Company Subordinate CA, DC=company, DC=com
  99 d2 59 16 2c 8c 60 92 8d b6 56 41 a0 59 2c 12 1d 3f 31 07
  Delta CRL 0add:
  Issuer: CN=My Company Subordinate CA, DC=company, DC=com
  95 47 eb 15 2b 38 9b 22 ad 4c 8b a2 41 82 df 64 65 dc a0 de
  Application[0] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System
  CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=1000040
  Issuer: CN=My Company Root CA, DC=?????, DC=com
  NotBefore: 1/4/2011 3:15 PM
  NotAfter: 1/4/2016 3:25 PM
  Subject: CN=My Company Subordinate CA, DC=company, DC=com
  Serial: 46a8dd8f000000000003
  Template: SubCA
  3a 1f 61 ba 6d c7 6e cd d3 1e c0 46 8e 88 77 32 b7 68 13 34
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 0
  [0.0] http://www.?????.com/cert/root.crt
  ---------------- Certificate CDP ----------------
  Expired "Base CRL (0104)" Time: 0
  [0.0] http://www.?????.com/cert/root.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 0104:
  Issuer: CN=My Company Root CA, DC=?????, DC=com
  cf 4f 8c 73 00 ac 79 92 e6 35 40 c3 bb 0a be 85 18 e8 95 6e
  CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=My Company Root CA, DC=?????, DC=com
  NotBefore: 1/18/2007 1:48 PM
  NotAfter: 1/18/2022 1:49 PM
  Subject: CN=My Company Root CA, DC=?????, DC=com
  Serial: 10e926b3155629934dd5de4dba49eb85
  86 d1 d6 6f 46 41 1a 72 3e ac 23 24 7c e8 77 77 f8 89 6b 96
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  No URLs "None" Time: 0
  ---------------- Certificate CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  Exclude leaf cert:
  35 8d 46 36 ad 74 0a f0 28 6e 20 cf 15 8d 49 6c ed a3 31 8f
  Full chain:
  9b 5d 1d d2 43 a5 e0 97 2a c4 60 be 39 3c 5c 44 c1 d0 fd fb
  Issuer: CN=My Company Subordinate CA, DC=company, DC=com
  NotBefore: 3/12/2014 1:48 PM
  NotAfter: 1/4/2016 3:25 PM
  Subject: CN="Doe, John", OU=Users, DC=company, DC=com
  Serial: 674dfc4d000100000494
  SubjectAltName: Other Name:Principal [email protected]
  Template: EFS v2
  3a ed ec e1 6f bc 25 8c 94 6c de 17 ef e3 1b 5b a3 c3 55 81
  The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (
  -2146885613)
  Revocation check skipped -- server offline
  Leaf certificate revocation check passed
  CertUtil: -verify command completed successfully.

• Errors with SharePoint Security Token Service: "The revocation function was unable to check revocation for the certificate"

  I'm getting these errors in the eventlog and ULS, "An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root
  Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS CERTIFICATE THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate."
  The errors point to the SharePoint Security Token Service as the issue ("The revocation function was unable to check revocation for the certificate") reported back by the Topology service.  This is apparent when executing a search, accessing
  the managed metadata service, issuing SPSite commands in Powershell, or anything that needs to run through the "SharePoint Web Services" site.  I've looked at the certificate assigned to that site and everything appears to be in order. 
  It would seem to me to be either an incorrect endpoint configuration (internally cached perhaps?) or related to security access for the configuration database (in order to validate the certificate root).
  What I’ve tried so far:
  I’ve been all over the certificate settings, both in the server store, and within SharePoint Token Service config.  Both appear to be configured correctly such that the root CAs can be validated.
  Re-entered the passwords for the application pool domain accounts to eliminate these as a potential cause.  I’ve also verified the service accounts reporting the error, do have access to the configuration database.
  Re-provisioned the STS service to see if that might clear out any cached issues and validated everything else according to this
  MS Tech note.
  So far nothing has worked.  Is there anything else I could be looking at that I've missed? (Full eventlog detail below)
  Log Name:      Application
  Source:        Microsoft-SharePoint Products-SharePoint Foundation
  Date:          2/20/2015 11:19:41 AM
  Event ID:      8311
  Task Category: Topology
  Level:         Error
  Keywords:      
  User:          <SP SERVICE ACCOUNT>
  Computer:      <SHAREPOINTSERVER>
  Description:
  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS
  CERT THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
      <EventID>8311</EventID>
      <Version>14</Version>
      <Level>2</Level>
      <Task>13</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-20T17:19:41.213852500Z" />
      <EventRecordID>1611121</EventRecordID>
      <Correlation />
      <Execution ProcessID="10212" ThreadID="10328" />
      <Channel>Application</Channel>
      <Computer><SHAREPOINTSERVER></Computer>
      <Security UserID="<SP SERVICE ACCOUNT>" />
    </System>
    <EventData>
      <Data Name="string0">CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string1">CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string2"><STS CERT THUMBPRINT></Data>
      <Data Name="string3">RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  </Data>
    </EventData>
  </Event>

  Hi Darren,
  This problem seems to occur when an administrator deletes the local trust relationship of the farm from the Security section of the Central Administration website
  In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands
  $rootCert = (Get-SPCertificateAuthority).RootCertificate
  New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
  After running the above commands, perform an IISReset on all servers in the farm.
  More information:
  http://support.microsoft.com/kb/2545744
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• I have the latest version of free Quicktime, Itunes  and unable to view video on my PC all i get is a pink screen the audio is OK i have uninstalled and installed several times same problem, i have a Iphone 4 and unable to view the content.

  i have the latest version of free Quicktime, Itunes  and unable to view video on my PC all i get is a pink screen the audio is OK i have uninstalled and installed several times same problem, i have a Iphone 4 and unable to view the content.

  Open your QuickTime control panel (either via the Control panels, or by going "Edit > Preferences > QuickTime Preferences" in the Quicktime Player). In the Advanced tab, uncheck Enable Direct3D video acceleration:
  ... and click OK. Quit and restart the QuickTime Player prior to checking to see if the settings change has had any effect.

• Unable to check flight availability in DEMO 3.0

  Anybody,
  I finished configuring the demo but when I execute I get the following error:
  Unable to check flight availability.  
  Error Type:  XI system error 
  Error Details:  An error occurred when determining the business system (LD_ERROR) 
  Looking at the logs I found the following exception (actually more than one)
  Date : 12/01/2004
  Time : 18:04:35:593
  Category :
  Message ID : 00111174DBE8006000000018000010380003EA3440BF0ED4
  Severity : Error
  Location : com.sap.engine.services.rfcengine.RFCJCOServer.handleRequestInternal()
  Source Name : com.sap.engine.services.rfcengine
  Thread : Thread[JCO.ServerThread-16,10,SAPEngine_System_Thread[impl:5]_Group]
  Message : com.sap.mw.jco.JCO$AbapException: (126) SLD_CLIENT_EXCEPTION: AbapSLDRequestHandler.getObjectServer(): User credentials are invalid or user is denied access
  Datasource : 11862050:C:\usr\sap\ABC\DVEBMGS01\j2ee\cluster\server0\log\defaultTrace.trc
  Application :
  Argument Objs :
  Arguments :
  Dsr Component : ABC
  Dsr Transaction : C2AB51A566A64BC2B12F379616CF1EC6
  Dsr User : XISUPER                        
  Indent : 0
  Level : 0
  Message Code :
  Message Type : 0
  Relatives :
  Resource Bundlename :
  Session :
  Source : com.sap.engine.services.rfcengine
  ThreadObject : Thread[JCO.ServerThread-16,10,SAPEngine_System_Thread[impl:5]_Group]
  Transaction :
  User :
  It appears I don't have permission to execute load the bean and execute it.  Can anyone tell me what role or authorizations I need to assign to my XISUPER user in order to do this...
  Thanks
  Diego

  Alessandro, I'm experiencing almost the same kind of error as described before. However, in my case trx SLDCHECK (executed from the XI server and from the SAP application system) also generates errors. The error Im getting is as follows:
  Testing SLD API
  An exception has ocurred
  Description: Exception in SLD Client: AbapaSLDRequestHandler.ping() server connection *** failed ***
  Summary: Connection to SLD does not work
  => Check SLD function and configurations
  I have to say that the SLD home page from Integration Builder works correctly and when SLDCHECK is executed the browser opens the correct url and loads the page.
  I have followed all congiguration steps (maintain SLD details with trx SLDAPICUST, maintain HTTP and TCP/IP destinations, activate XI services, etc..) mentioned in the SAP documentation, however the problem persists.
  Thanks in adavnce for any feedback!
  Thanks, Roberto
  Message was edited by: Roberto Viana

• Vendors Unable to Check-In Contract Documents (e-Sourcing 5.1 Patch 06)

  Vendors Unable to Check-In Contract Documents (e-Sourcing 5.1 Patch 06)
  When moving to patch 06 for e-Sourcing we found that Vendors were no longer able to check-in contract documents, even though they checked them out successfully.
  On Patch 05 this was not an issue with the exact same configuration.
  Has anyone had any encounters with this? 
  - Is there a permission that needs to be set to something specific?   I tried create/read/edit but that doesn't seem to work.
  Thanks.

  When working with a Master Agreement or Sub Agreement within e-Sourcing you can attach Contract Documents (Word files) that you and the vendor can collaboratively work on. 
  Just like a source control system you can check out a document to make edits to ensure that no one else makes edits at the same time.  You then must check back in the document to remove the 'lock'. 
  On patch level 06 we found that although Vendors could perform the Check-out procedure (On a Contract Document click Actions -> Check-Out) they are not permitted to then check-in the document (Actions -> Check-In).
  Buyside users do not experience any issues with check-out/in.
  Hope that helps clear up the issue.
  Thanks,
  Greg