Using JDeveloper 10.1.12with Windows Server 2008
When Addiing Radio Button and putting the Radio Button under a Button Group when you run the application when you select "Yes" the "No" disappears
10.1.2 isn't certified on Windows 2008.
Why are you using such an old release? 10.1.2 used JDK 1.4, which was end-of-life in 2008.
John
Similar Messages
-
Use of User CAL in Windows Server 2008 R2 Standard
We are using win server 2008 R2 server as domain controller.
Can we know how to use User CAL here in this scenario.Hi,
First install the licensing role service applicable to your operating system.
To install the RD Licensing role service
1.On the server on which you want to install the RD Licensing role service, open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
2.If the Remote Desktop Services role is not already installed:
In the left pane, right-click Roles, and then click Add Roles.
On the Before You Begin page of the Add Roles Wizard, click Next.
On the Select Server Roles page, select the Remote Desktop Services check box, and then click Next.
On the Remote Desktop Services page, click Next.
On the Select Role Services page, select the Remote Desktop Licensing check box, and then click Next.
If the Remote Desktop Services role is already installed:
In the left pane, expand Roles.
Right-click Remote Desktop Services, and then click Add Role Services.
On the Select Role Services page, select the Remote Desktop Licensing check box, and then click Next.
3.On the Configure Discovery Scope for RD Licensing page, you can specify a discovery scope for the license server. For more information, see Terminal Services License Server Discovery.
4.On the Configure Discovery Scope for RD Licensing page, you can also specify the location where the RD Licensing database will be stored. If you want to specify a database location other than the default location provided, click Browse.
Note that the database location must be a local folder on the computer on which the RD Licensing role service is being installed.
5.Click Next.
6.On the Confirm Installation Selections page, verify that the RD Licensing role service will be installed, and then click Install.
7.On the Installation Progress page, installation progress is noted.
8.On the Installation Results page, confirm that installation of the RD Licensing role service succeeded, and then click Close.
To install and issue TS CALs or RDS CALs, you must first
activate the license server. When the license server is activated, Microsoft provides the license server with a limited-use digital certificate that validates server ownership and identity. Microsoft
uses the X.509 industry standard certificate for this purpose. Using this certificate, a license server can make subsequent transactions with Microsoft. To activate your license server, go to
Windows Terminal Services Licensing, a site designed to help you manage your license server and obtain client access license tokens.
For detailed information, view the link below:
Install and issue RDS CALs or TS CALs
http://technet.microsoft.com/en-us/library/hh553159(v=ws.10).aspx
Installing the Remote Desktop Licensing Role Service
http://technet.microsoft.com/en-us/library/ff710500(WS.10).aspx
Hope this helps.
Steven Lee
TechNet Community Support -
Support for JDeveloper 10.1.3 on Windows Server 2008 64 bit OS
Hello,
We are using JDeveloper 10.1.3.3.0 (patch # 9879989) for R12.
Would like to know support for Jdeveloper on windows server 2008 - 64 bit.
Thanks,
Swati.Hi Swati,
Currently I am using Jdeveloper Patch#9172975 for R12.1.2 on windows server 2008 X64 and it works fine.
As Jdeveloper Patch#9172975 is lower version then Jdeveloper Patch#9879989, Patch#9879989 should work on Windows Server 2008 64bit.
Still I am not confirm about Jdeveloper Patch#9879989 on Windows Server 2008 64bit.
Thanks,
Laukik -
Windows Server 2008 R2 problem
Hi there
I'm a newbie to Flash media server and I would like to explore its usage.
Does any one have experience with Flash Media Server 3.5.3 running on Windows Server 2008 R2? I installed FMS on my Windows Server 2008 R2, but the admin console cannot start.
By the way, I installed FMS on a Windows Server 2003 32-bit machine. And I'm able to use the admin console on Server 2003 to connect to the Server 2008 R2 installation.
Also, I have a separate disk that is used to hold the media content to be streamed via FMS. How can I configure FMS to use that disk as root for media file instead of using "c:\program files (x86)\...\webroot\vod"
Thanks very much in helping me to start the project.
Best Regards
Steve YauForThanks very much for your prompt response.
For (1), if I start "Flash Media Administration Console" from the Start menu, an IE prompts up and it tries to open "c:\program files(x86)\Adobe\Flash Media Server 3.5\tools\fms_adminConsole.htm" with the following in the information bar:
"An add-on for this website failed to run. Check the security settings in Internet Options for potential conflicts"
I thought it was the problem of flash player that cannot be run on 64-bit IE, so i tried 32-bit IE, but still in vain. I also tried to install flash player using 32-bit IE on Windows server 2008 R2 but the installation cannot start.
The FMSAdmin service is surely running with firewall configured. I've also installed FMS on another Windows Server 2003 32-bit. There I can start the admin console and connect to the Windows Server 2008 R2 FMSAdmin service.
For (2), I've added the line as per your kind help. But my question will be: How can I test whether my FMS is correctly streaming the video? For Windows Media Service, I can easily open URL in WMP and the streaming can be verified easily. But I don't know how to test FMS setup from web client side. Any clues? For your information, I don't have Adobe Flash or Dreamweaver stuff.
Thanks again for your kind help
Regards
Steve Yau -
Ethernet controller driver not installing after Windows Server 2008 installation on Cisco UCS blade
I am using MDT 2010 to deploy Windows Server 2008 to a Cisco UCS B200 blade. The OS and hotfixes install with no problem. The system reboots and attempts to connect to the deployment share to continue with the task sequence and I receive an error stating
"A connection to the deployment share could not be made. The following networking device did not have a driver installed. PCI\VEN_1137&DEV_0043&SUBSYS_00481137&REV_A2"
The driver in question is the driver for the Ethernet controller for the UCS blade. More specifically, it is the network driver for the Palo card in the UCS Chassis. When I Ignore or Abort the install, I am able to manually install the driver and restart the
task sequence. The build then completes successfully with no further issue. I just cannot seem to automate the driver install. Has anyone dealt with this type of issue?Vik and stealthfield - thank you for your responses.
I was preparing a script to manually move the driver into the c:\windows\inf location when I had to stop to create a new task sequence for a different build. It was while building this task sequence that I found the soulution to the problem.
In the Post Install -> Inject Drivers step of the Task Sequence, I noticed that it was executing a command of type "Inject Drivers" with a selection profile of "All Drivers" and "Install only matching drivers
from the selection profile" selected.
I changed this to run a command of type "Run Command Line" and specified that it execute "%Scriptroot%\ZTIdrivers.wsf". I noticed that this was selected in one of my other builds that was working properly, so I thought I'd
give it a try. - IT WORKED.
So to sum up, the solution was to change the type of command being executed in the "Post Install -> Inject Drivers" step of the task sequence. After this change, the machine came up and continued the task sequence with no further issues.
Thanks again for the responses - They were helpful and I do appreciate it. -
Windows Server 2008 R2 - access from Anywhere
Dear All,
We have small business network in our institutions. Our network infrastructure is follows as,
Windows Server 2008 R2 with Domain Controller - Roles installed are ADDS, File Service, WDM, DNS, DHCP
Fully Qualified Domain Name : XXXXXX.local
Client System: Windows 7 Ultimate 32 bit systems 30 Numbers.
Internet Connection: 1 Mbps download speed and 420 Kbps Upload speed from Airtel.
Router: TP-Link ADSL Router.
So far we have used our server within our premises, the router acted as a gateway and supplied internet service for server and client system. Now we want to access the server from outside of our network from i.e. domain users logon from anywhere from the
world. What are the requirements for this kind of setup and steps to implement this setup.
Thanks and Regards S.R. Karthick System EngineerHi,
Firstly, it is not recommended to install the DHCP role on a DC.
In addition, you can use the DirectAccess feature in Windows server 2008 R2 so that the clients
running Windows 7 Ultimate
can securely connect to the corporate network from any location without any type of traditional VPN. For more detailed information, please refer to the link below:
DirectAccess for Windows
Server 2008 R2
Best regards,
Susie -
Hello !
I have a server with Windows Server 2008 R2 (AD, File Server, DNS Server and DHCP Server) that not access network share other Domain Controller.
Well, is very crazy.
I view network shares by network computers and devices,
but not \\domain_controller or \\IP_domain_controller.
I execute ping for succeed for all servers.
Follow error bellow:irectory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine SRVMTZDC01, is a Directory Server.
Home Server = SRVMTZDC01
* Connecting to directory service on server SRVMTZDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=shcorp,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=SAO,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=CWB,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=POA,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=RIO,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=VIX,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=SSA,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=FOR,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=BHZ,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=BSB,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=RCF,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=BEL,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=shcorp,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC05,CN=Servers,CN=SAO,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC06,CN=Servers,CN=CWB,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC13,CN=Servers,CN=POA,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC07,CN=Servers,CN=RIO,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC08,CN=Servers,CN=VIX,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC09,CN=Servers,CN=SSA,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC12,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC04,CN=Servers,CN=BHZ,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC10,CN=Servers,CN=BSB,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVMTZDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVRCFDC11,CN=Servers,CN=RCF,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 12 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SRVMTZDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SRVMTZDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SRVMTZDC01
Starting test: Advertising
The DC SRVMTZDC01 is advertising itself as a DC and having a DS.
The DC SRVMTZDC01 is advertising as an LDAP server
The DC SRVMTZDC01 is advertising as having a writeable directory
The DC SRVMTZDC01 is advertising as a Key Distribution Center
Warning: SRVMTZDC01 is not advertising as a time server.
The DS SRVMTZDC01 is advertising as a GC.
......................... SRVMTZDC01 failed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... SRVMTZDC01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... SRVMTZDC01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SRVMTZDC01 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SRVMTZDC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Role Domain Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Role PDC Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Role Rid Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
......................... SRVMTZDC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SRVMTZDC01 on DC SRVMTZDC01.
* SPN found :LDAP/SRVMTZDC01.shcorp.local/shcorp.local
* SPN found :LDAP/SRVMTZDC01.shcorp.local
* SPN found :LDAP/SRVMTZDC01
* SPN found :LDAP/SRVMTZDC01.shcorp.local/SHCORP
* SPN found :LDAP/9956d321-332f-482c-855c-8bceee885bb6._msdcs.shcorp.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9956d321-332f-482c-855c-8bceee885bb6/shcorp.local
* SPN found :HOST/SRVMTZDC01.shcorp.local/shcorp.local
* SPN found :HOST/SRVMTZDC01.shcorp.local
* SPN found :HOST/SRVMTZDC01
* SPN found :HOST/SRVMTZDC01.shcorp.local/SHCORP
* SPN found :GC/SRVMTZDC01.shcorp.local/shcorp.local
......................... SRVMTZDC01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SRVMTZDC01.
* Security Permissions Check for
DC=ForestDnsZones,DC=shcorp,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=shcorp,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=shcorp,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=shcorp,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=shcorp,DC=local
(Domain,Version 3)
......................... SRVMTZDC01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SRVMTZDC01\netlogon
Verified share \\SRVMTZDC01\sysvol
......................... SRVMTZDC01 passed test NetLogons
Starting test: ObjectsReplicated
SRVMTZDC01 is in domain DC=shcorp,DC=local
Checking for CN=SRVMTZDC01,OU=Domain Controllers,DC=shcorp,DC=local in domain DC=shcorp,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SRVMTZDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local in domain CN=Configuration,DC=shcorp,DC=local on 1 servers
Object is up-to-date on all servers.
......................... SRVMTZDC01 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... SRVMTZDC01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14100 to 1073741823
* SRVDC01.shcorp.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 11600 to 12099
* rIDPreviousAllocationPool is 11600 to 12099
* rIDNextRID: 11737
......................... SRVMTZDC01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SRVMTZDC01 passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0x00000422
Time Generated: 05/02/2014 12:55:01
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\shcorp.local\SysVol\shcorp.local\Policies\{1A69D491-B88A-4F66-B294-4ABEC8C62886}\gpt.ini from a domain controller and was not successful. Group
Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An error event occurred. EventID: 0x00000422
Time Generated: 05/02/2014 13:11:54
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\shcorp.local\SysVol\shcorp.local\Policies\{1A69D491-B88A-4F66-B294-4ABEC8C62886}\gpt.ini from a domain controller and was not successful. Group
Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
A warning event occurred. EventID: 0x80001083
Time Generated: 05/02/2014 13:18:00
Event String:
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed
at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections
from a given local endpoint to a given remote endpoint.
An error event occurred. EventID: 0xC0002719
Time Generated: 05/02/2014 13:20:41
Event String:
DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 05/02/2014 13:21:03
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols.
......................... SRVMTZDC01 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SRVMTZDC01,OU=Domain Controllers,DC=shcorp,DC=local and backlink on
CN=SRVMTZDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=SRVMTZDC01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=shcorp,DC=local
and backlink on
CN=NTDS Settings,CN=SRVMTZDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=SRVMTZDC01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=shcorp,DC=local
and backlink on CN=SRVMTZDC01,OU=Domain Controllers,DC=shcorp,DC=local
are correct.
......................... SRVMTZDC01 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : shcorp
Starting test: CheckSDRefDom
......................... shcorp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... shcorp passed test CrossRefValidation
Running enterprise tests on : shcorp.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\SRVMTZDC01.shcorp.local
Locator Flags: 0xe00031bc
PDC Name: \\SRVDC01.shcorp.local
Locator Flags: 0xe00033fd
Time Server Name: \\SRVDC01.shcorp.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SRVDC01.shcorp.local
Locator Flags: 0xe00033fd
KDC Name: \\SRVMTZDC01.shcorp.local
Locator Flags: 0xe00031bc
......................... shcorp.local passed test LocatorCheck
Starting test: Intersite
Skipping site SAO, this site is outside the scope provided by the
command line arguments provided.
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
Skipping site CWB, this site is outside the scope provided by the
command line arguments provided.
Skipping site POA, this site is outside the scope provided by the
command line arguments provided.
Skipping site RIO, this site is outside the scope provided by the
command line arguments provided.
Skipping site VIX, this site is outside the scope provided by the
command line arguments provided.
Skipping site SSA, this site is outside the scope provided by the
command line arguments provided.
Skipping site FOR, this site is outside the scope provided by the
command line arguments provided.
Skipping site BHZ, this site is outside the scope provided by the
command line arguments provided.
Skipping site BSB, this site is outside the scope provided by the
command line arguments provided.
Skipping site RCF, this site is outside the scope provided by the
command line arguments provided.
Skipping site BEL, this site is outside the scope provided by the
command line arguments provided.
......................... shcorp.local passed test Intersite -
Printing problem with Konica Minolta BizHub282 using RDP on Windows Server 2008 R2
Hello,
I have an office setup as follows: Local office IP adress scheme 192.168.201.x. There is a Konica Minolta BizHub 282 printer connected to the 192.168.201.x network as well as around 10 workstations running Windows 7. There are also about
10 additional teleworkers WHO DO NOT NEED print access to the Minolta 282. All of their data is on a cloud server. I have them setup to first connect to the cloud server using a RRAS PPTP VPN and then to start an RDP session to the separate
RDP server. The Konica Minolta works ??okay?? with the easy print services and until now, we have just dealt with the lack of features and the occasional print job that goes crazy and prints out 400 blank pages (btw, this is usually on Excel) or a job
that cuts off the margins even when you have it set to "fit to page" (this usually happens in Adobe.) When I originally set this up, I tried loading the native Konica drivers on the server, but there was no joy because I couldn't get it to
work using the native drivers. The problem at hand is a feature called "account track." This feature authenticates your print job by using an account code. If there is no code, the job just disappears. When I load the native
Konica driver, the ability to turn on this feature is greyed out (see below):
When I use easy print, the codes seem to go through, but as I mentioned earlier, sometimes the print job just goes insane. After researching this, it seems to me that there are two ways to overcome this if we can't turn off the account track feature:
1) Overcome the driver problem. I've tried both of their current drivers without success: VXL and Visual Postscript. When I login to RDP, the (redirected) Konica 282 printer is listed, but when I try to print, it fails due to the missing account track code.
I'm hoping that there is a registry hack to turn this feature on by default with the code or a driver version that works with RDP. They have a WHQL driver available, but it didn't work any better. Is there a way to report this issue to the WHQL labs? Maybe
I can light a fire under Konica's rear end and motivate them to fix the driver.
2) I saw one discussion where the guy installed the printer out in the clouds as a local printer. He seemed to have a site-to-site VPN, not a client-to-site VPN, so this worked. Is there a way to do something similar when the customer connects to the
VPN through standard "connect to workplace" setup? I tried pinging the Konica 282 from the server while logged into the VPN, but the printer could not be found.
3) I considered setting it up as a google cloud print prnter, but that would require everyone to setup a google account and add a layer of complexity.
Anyone else run into this and have a solution? If not, does anyone have any ideas on a solution or workaround?
Thanks,
Jeffery SmithHi Jeffery,
Thank you for your comment.
Yeah, you can use universal print driver by configuring Remote Desktop Easy print on RDS Server. Install the driver on RDS server. Now to configure Easy print you need to have minimum client RDP 6.1(But suggest you to install RDP 8.1), .Net Framework 3.5 or
above and RDSH role.
Also under GPO setting need to check below settings.
Do not allow client print redirection: Disable
Use Terminal Service Easy print printer driver first: Enable
Computer Configuration > Administrative templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Printer redirection
For more information, you can refer below articles.
How to configure Microsoft RDS Universal Printing
http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/microsoft-hyper-v/how-configure-microsoft-rds-universal-printing.html
Using Remote Desktop Easy Print in Windows 7 and Windows Server 2008 R2
http://blogs.msdn.com/b/rds/archive/2009/09/28/using-remote-desktop-easy-print-in-windows-7-and-windows-server-2008-r2.aspx?Redirected=true
Hope it helps!
Thanks.
Dharmesh Solanki -
SChannel Fails Authentication on Windows Server 2008 R2 Using TLS1
I am trying to use SChannel to secure a socket connection. I modified the example at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380537(v=vs.85).aspx, converting it from Negotiate to SChannel. Following the specs for the SSPI APIs I was able the get a Client & Server connection authenticated on Windows 7.
However, when I try running the same programs on Windows Server 2008 R2, either the Client side or Server side fails, depending on how I select the security protocol.
Here is the modified example code, details about my results follow the code.
Client.cpp
// Client-side program to establish an SSPI socket connection
// with a server and exchange messages.
// Define macros and constants.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "SspiExample.h"
#include <string>
#include <iostream>
CredHandle g_hCred;
SecHandle g_hCtext;
#define SSPI_CLIENT "SChannelClient:" __FUNCTION__
void main(int argc, char * argv[])
SOCKET Client_Socket;
BYTE Data[BIG_BUFF];
PCHAR pMessage;
WSADATA wsaData;
SECURITY_STATUS ss;
DWORD cbRead;
ULONG cbHeader;
ULONG cbMaxMessage;
ULONG cbTrailer;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
SecPkgContext_ConnectionInfo ConnectionInfo;
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName);
char Server[512] = {0};
WCHAR CertName[512] = {0};
// Validate cmd line parameters
if ( argc != 3 )
LOGA ( ( __log_buf, SSPI_CLIENT " required parameters ServerName & CertName not entered.\n"));
LOGA( ( __log_buf, SSPI_CLIENT " Abort and start over with required parameters.\n") );
std::cin.get();
else
// argv[1] - ServerName - the name of the computer running the server sample.
// argv[2] - TargetName the common name of the certificate provided
// by the target server program.
memcpy(Server, argv[1], strlen(argv[1]));
size_t sizCN;
mbstowcs_s(&sizCN, CertName, strlen(argv[2])+1, argv[2], _TRUNCATE);
LOGA ( ( __log_buf, SSPI_CLIENT " input parameters - ServerName %s CertName %ls.\n", Server, CertName ));
// Initialize the socket and the SSP security package.
if(WSAStartup (0x0101, &wsaData))
MyHandleError( __FUNCTION__ " Could not initialize winsock ");
// Connect to a server.
SecInvalidateHandle( &g_hCtext );
if (!ConnectAuthSocket (
&Client_Socket,
&g_hCred,
&g_hCtext,
Server,
CertName))
MyHandleError( __FUNCTION__ " Authenticated server connection ");
LOGA ( ( __log_buf, SSPI_CLIENT " connection authenticated.\n"));
// An authenticated session with a server has been established.
// Receive and manage a message from the server.
// First, find and display the name of the SSP,
// the transport protocol supported by the SSP,
// and the size of the header, maximum message, and
// trailer blocks for this SSP.
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT "QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " QueryContextAttributes failed.\n");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
cbHeader = SecPkgSizes.cbHeader;
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_CLIENT " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_CONNECTION_INFO,
&ConnectionInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
switch(ConnectionInfo.dwProtocol)
case SP_PROT_TLS1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: TLS1\n"));
break;
case SP_PROT_SSL3_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL3\n"));
break;
case SP_PROT_PCT1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: PCT\n"));
break;
case SP_PROT_SSL2_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL2\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Protocol: 0x%x\n", ConnectionInfo.dwProtocol));
switch(ConnectionInfo.aiCipher)
case CALG_RC4:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC4\n");)
break;
case CALG_3DES:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Triple DES\n"));
break;
case CALG_RC2:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC2\n"));
break;
case CALG_DES:
case CALG_CYLINK_MEK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: DES\n"));
break;
case CALG_SKIPJACK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Skipjack\n"));
break;
case CALG_AES_256:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: AES 256\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Cipher: 0x%x\n", ConnectionInfo.aiCipher));
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher strength: %d\n", ConnectionInfo.dwCipherStrength));
switch(ConnectionInfo.aiHash)
case CALG_MD5:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: MD5\n"));
break;
case CALG_SHA:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: SHA\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Hash: 0x%x\n", ConnectionInfo.aiHash));
LOGA ( ( __log_buf, SSPI_CLIENT " Hash strength: %d\n", ConnectionInfo.dwHashStrength));
switch(ConnectionInfo.aiExch)
case CALG_RSA_KEYX:
case CALG_RSA_SIGN:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: RSA\n"));
break;
case CALG_KEA_KEYX:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: KEA\n"));
break;
case CALG_DH_EPHEM:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: DH Ephemeral\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Key exchange: 0x%x\n", ConnectionInfo.aiExch));
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange strength: %d\n", ConnectionInfo.dwExchStrength));
// Decrypt and display the message from the server.
if (!ReceiveBytes(
Client_Socket,
Data,
BIG_BUFF,
&cbRead))
MyHandleError( __FUNCTION__ " No response from server\n");
if (0 == cbRead)
MyHandleError(__FUNCTION__ " Zero bytes received.\n");
pMessage = (PCHAR) DecryptThis(
Data,
&cbRead,
&g_hCtext);
// Skip the header to get the decrypted message
pMessage += cbHeader;
ULONG cbMessage = cbRead-cbHeader-cbTrailer;
if ((cbMessage == strlen(TEST_MSG)) &&
!strncmp(pMessage, TEST_MSG, strlen(TEST_MSG)) )
LOGA ( ( __log_buf, SSPI_CLIENT " SUCCESS!! The message from the server is \n -> %.*s \n",
cbMessage, pMessage ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " UNEXPECTED message from the server: \n -> %.*s \n",
cbMessage, pMessage ));
LOGA ( ( __log_buf, SSPI_CLIENT " rcvd msg size %u, exp size %u\n", cbMessage, strlen(TEST_MSG) ));
// Terminate socket and security package.
DeleteSecurityContext (&g_hCtext);
FreeCredentialHandle (&g_hCred);
shutdown (Client_Socket, 2);
closesocket (Client_Socket);
if (SOCKET_ERROR == WSACleanup ())
MyHandleError( __FUNCTION__ " Problem with socket cleanup ");
exit (EXIT_SUCCESS);
} // end main
// ConnectAuthSocket establishes an authenticated socket connection
// with a server and initializes needed security package resources.
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *g_hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName)
unsigned long ulAddress;
struct hostent *pHost;
SOCKADDR_IN sin;
// Lookup the server's address.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n"));
ulAddress = inet_addr (pServer);
if (INADDR_NONE == ulAddress)
LOGA ( ( __log_buf, SSPI_CLIENT " calling gethostbyname with %s.\n", pServer ));
pHost = gethostbyname (pServer);
if (NULL == pHost)
MyHandleError(__FUNCTION__ " Unable to resolve host name ");
memcpy((char FAR *)&ulAddress, pHost->h_addr, pHost->h_length);
std::string ipAddrStr;
ipAddrStr = inet_ntoa( *(struct in_addr*)*pHost->h_addr_list);
LOGA ( ( __log_buf, __FUNCTION__ " gethostbyname - ipAddress %s, name %s.\n", ipAddrStr.c_str(), pHost->h_name ) );
// Create the socket.
*s = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == *s)
MyHandleError(__FUNCTION__ " Unable to create socket");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Socket created.\n"));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = ulAddress;
sin.sin_port = htons (g_usPort);
// Connect to the server.
if (connect (*s, (LPSOCKADDR) &sin, sizeof (sin)))
closesocket (*s);
MyHandleError( __FUNCTION__ " Connect failed ");
LOGA ( ( __log_buf, SSPI_CLIENT " Connection established.\n"));
// Authenticate the connection.
if (!DoAuthentication (*s, pCertName))
closesocket (*s);
MyHandleError( __FUNCTION__ " Authentication ");
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n"));
return(TRUE);
} // end ConnectAuthSocket
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName)
BOOL fDone = FALSE;
DWORD cbOut = 0;
DWORD cbIn = 0;
PBYTE pInBuf;
PBYTE pOutBuf;
if(!(pInBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
if(!(pOutBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " 1st message.\n"));
if (!GenClientContext (
NULL,
0,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext
LOGA ( ( __log_buf, SSPI_CLIENT " GenClientContext failed\n"));
return(FALSE);
if (!SendMsg (s, pOutBuf, cbOut ))
MyHandleError(__FUNCTION__ " Send message failed ");
while (!fDone)
if (!ReceiveMsg (
s,
pInBuf,
MAXMESSAGE,
&cbIn))
MyHandleError( __FUNCTION__ " Receive message failed ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " Message loop.\n"));
if (!GenClientContext (
pInBuf,
cbIn,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext))
MyHandleError( __FUNCTION__ " GenClientContext failed");
if (!SendMsg (
s,
pOutBuf,
cbOut))
MyHandleError( __FUNCTION__ " Send message failed");
LOGA ( ( __log_buf, SSPI_CLIENT " fDone %s.\n", fDone ? "Yes" : "No" ));
if (NULL != pInBuf)
free(pInBuf);
pInBuf = NULL;
if (NULL != pOutBuf)
free(pOutBuf);
pOutBuf = NULL;
LOGA ( ( __log_buf, SSPI_CLIENT " exit.\n"));
return(TRUE);
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *g_hCred,
struct _SecHandle *g_hCtext)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff[2];
ULONG ContextAttributes;
static TCHAR lpPackageName[1024];
if( NULL == pIn )
wcscpy_s(lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME );
ss = AcquireCredentialsHandle (
NULL,
lpPackageName,
SECPKG_CRED_OUTBOUND,
NULL,
NULL,
NULL,
NULL,
g_hCred,
&Lifetime);
if (!(SEC_SUCCESS (ss)))
MyHandleError( __FUNCTION__ " AcquireCreds failed ");
// Prepare the buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// The input buffer is created only if a message has been received
// from the server.
if (pIn)
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with pIn supplied.\n"));
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = InSecBuff;
InSecBuff[0].cbBuffer = cbIn;
InSecBuff[0].BufferType = SECBUFFER_TOKEN;
InSecBuff[0].pvBuffer = pIn;
InSecBuff[1].pvBuffer = NULL;
InSecBuff[1].cbBuffer = 0;
InSecBuff[1].BufferType = SECBUFFER_EMPTY;
ss = InitializeSecurityContext (
g_hCred,
g_hCtext,
pCertName,
MessageAttribute,
0,
0,
&InBuffDesc,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
else
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with NULL pIn.\n"));
ss = InitializeSecurityContext (
g_hCred,
NULL,
pCertName,
MessageAttribute,
0,
0,
NULL,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext failed with error 0x%08x\n", ss));
MyHandleError ( __FUNCTION__ " InitializeSecurityContext failed " );
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext returned 0x%08x\n", ss));
// If necessary, complete the token.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (g_hCtext, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " complete failed: 0x%08x\n", ss));
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss) ||
(SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_CLIENT " Token buffer generated (%lu bytes):\n", OutSecBuff.cbBuffer));
PrintHexDump (OutSecBuff.cbBuffer, (PBYTE)OutSecBuff.pvBuffer);
return TRUE;
PBYTE DecryptThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// By agreement, the server encrypted the message and set the size
// of the trailer block to be just what it needed. DecryptMessage
// needs the size of the trailer block.
// The size of the trailer is in the first DWORD of the
// message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before decryption including trailer (%lu bytes):\n",
*pcbMessage));
PrintHexDump (*pcbMessage, (PBYTE) pBuffer);
// Prepare the buffers to be passed to the DecryptMessage function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = *pcbMessage;
SecBuff[0].BufferType = SECBUFFER_DATA;
SecBuff[0].pvBuffer = pBuffer;
SecBuff[1].cbBuffer = 0;
SecBuff[1].BufferType = SECBUFFER_EMPTY;
SecBuff[1].pvBuffer = NULL;
SecBuff[2].cbBuffer = 0;
SecBuff[2].BufferType = SECBUFFER_EMPTY;
SecBuff[2].pvBuffer = NULL;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = DecryptMessage(
hCtxt,
&BuffDesc,
0,
&ulQop);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage failed with error 0x%08x\n", ss))
else
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage success? Status: 0x%08x\n", ss));
// Return a pointer to the decrypted data. The trailer data
// is discarded.
return pBuffer;
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[2];
ULONG ulQop = 0;
PBYTE pSigBuffer;
PBYTE pDataBuffer;
// The global cbMaxSignature is the size of the signature
// in the message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before verifying (including signature):\n"));
PrintHexDump (*pcbMessage, pBuffer);
// By agreement with the server,
// the signature is at the beginning of the message received,
// and the data that was signed comes after the signature.
pSigBuffer = pBuffer;
pDataBuffer = pBuffer + cbMaxSignature;
// The size of the message is reset to the size of the data only.
*pcbMessage = *pcbMessage - (cbMaxSignature);
// Prepare the buffers to be passed to the signature verification
// function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 2;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = cbMaxSignature;
SecBuff[0].BufferType = SECBUFFER_TOKEN;
SecBuff[0].pvBuffer = pSigBuffer;
SecBuff[1].cbBuffer = *pcbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pDataBuffer;
ss = VerifySignature(
hCtxt,
&BuffDesc,
0,
&ulQop
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " VerifyMessage failed with error 0x%08x\n", ss));
else
LOGA ( ( __log_buf, SSPI_CLIENT " Message was properly signed.\n"));
return pDataBuffer;
} // end VerifyThis
void PrintHexDump(
DWORD length,
PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_CLIENT " %s\n", rgbLine));
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes\n", cbBuf ));
if (!SendBytes (s, (PBYTE)&cbBuf, sizeof (cbBuf)))
LOGA ( ( __log_buf, SSPI_CLIENT " size failed.\n" ) );
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
LOGA ( ( __log_buf, SSPI_CLIENT " body failed.\n" ) );
return(FALSE);
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return(TRUE);
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
// Receive the number of bytes in the message.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n" ));
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " failed: size of cbData %lu, bytes %lu\n", sizeof (cbData), cbRead));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
return(FALSE);
if (cbRead != cbData)
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMessage
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent;
int cbRemaining = cbBuf;
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes.\n", cbRemaining ));
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_CLIENT " send failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
pTemp += cbSent;
cbRemaining -= cbSent;
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return TRUE;
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_CLIENT " Entry: %lu bytes.\n", cbRemaining ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes remaining.\n", cbRemaining ));
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " recv failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n" ));
return TRUE;
} // end ReceiveBytes
void MyHandleError(char *s)
DWORD err = GetLastError();
if (err)
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (0x%08.8X). Exiting.\n",s, err ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (no error info). Exiting.\n",s ));
exit (EXIT_FAILURE);
Server.cpp
// This is a server-side SSPI Windows Sockets program.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "Sspiexample.h"
#include <iostream>
CredHandle g_hcred;
struct _SecHandle g_hctxt;
static PBYTE g_pInBuf = NULL;
static PBYTE g_pOutBuf = NULL;
static DWORD g_cbMaxMessage;
static TCHAR g_lpPackageName[1024];
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb );
#define SSPI_SERVER "SChannelServer:" __FUNCTION__
void main (int argc, char * argv[])
CHAR pMessage[200];
DWORD cbMessage;
PBYTE pDataToClient = NULL;
DWORD cbDataToClient = 0;
PWCHAR pUserName = NULL;
DWORD cbUserName = 0;
SOCKET Server_Socket;
WSADATA wsaData;
SECURITY_STATUS ss;
PSecPkgInfo pkgInfo;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
ULONG cbMaxMessage;
ULONG cbHeader;
ULONG cbTrailer;
std::string certThumb;
// Create a certificate if no thumbprint is supplied. Otherwise, use the provided
// thumbprint to find the certificate.
if ( (argc > 1) && (strlen( argv[1]) > 0) )
certThumb.assign(argv[1]);
else
LOGA( ( __log_buf, SSPI_SERVER " : No certificate thumbprint supplied.\n") );
LOGA( ( __log_buf, SSPI_SERVER " : Press ENTER to create a certificate, or abort and start over with a thumbprint.\n") );
std::cin.get();
certThumb.clear();
Insert code to find or create X.509 certificate.
// Set the default package to SChannel.
wcscpy_s(g_lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME);
// Initialize the socket interface and the security package.
if( WSAStartup (0x0101, &wsaData))
LOGA ( ( __log_buf, SSPI_SERVER " Could not initialize winsock: \n") );
cleanup();
ss = QuerySecurityPackageInfo (
g_lpPackageName,
&pkgInfo);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " Could not query package info for %s, error 0x%08x\n",
g_lpPackageName, ss) );
cleanup();
g_cbMaxMessage = pkgInfo->cbMaxToken;
FreeContextBuffer(pkgInfo);
g_pInBuf = (PBYTE) malloc (g_cbMaxMessage);
g_pOutBuf = (PBYTE) malloc (g_cbMaxMessage);
if (NULL == g_pInBuf || NULL == g_pOutBuf)
LOGA ( ( __log_buf, SSPI_SERVER " Memory allocation error.\n"));
cleanup();
// Start looping for clients.
while(TRUE)
LOGA ( ( __log_buf, SSPI_SERVER " Waiting for client to connect...\n"));
// Make an authenticated connection with client.
if (!AcceptAuthSocket (&Server_Socket, certThumb ))
LOGA ( ( __log_buf, SSPI_SERVER " Could not authenticate the socket.\n"));
cleanup();
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
// The following values are used for encryption and signing.
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbHeader = SecPkgSizes.cbHeader;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_SERVER " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
else
LOGA ( ( __log_buf, SSPI_SERVER " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
// Send the client an encrypted message.
strcpy_s(pMessage, sizeof(pMessage),
TEST_MSG);
cbMessage = (DWORD)strlen(pMessage);
EncryptThis (
(PBYTE) pMessage,
cbMessage,
&pDataToClient,
&cbDataToClient,
cbHeader,
cbTrailer);
// Send the encrypted data to client.
if (!SendBytes(
Server_Socket,
pDataToClient,
cbDataToClient))
LOGA ( ( __log_buf, SSPI_SERVER " send message failed. \n"));
cleanup();
LOGA ( ( __log_buf, SSPI_SERVER " %d encrypted bytes sent. \n", cbDataToClient));
if (Server_Socket)
DeleteSecurityContext (&g_hctxt);
FreeCredentialHandle (&g_hcred);
shutdown (Server_Socket, 2) ;
closesocket (Server_Socket);
Server_Socket = 0;
if (pUserName)
free (pUserName);
pUserName = NULL;
cbUserName = 0;
if(pDataToClient)
free (pDataToClient);
pDataToClient = NULL;
cbDataToClient = 0;
} // end while loop
LOGA ( ( __log_buf, SSPI_SERVER " Server ran to completion without error.\n"));
cleanup();
} // end main
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb )
SOCKET sockListen;
SOCKET sockClient;
SOCKADDR_IN sockIn;
// Create listening socket.
sockListen = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == sockListen)
LOGA ( ( __log_buf, SSPI_SERVER " Failed to create socket: %u\n", GetLastError ()));
return(FALSE);
// Bind to local port.
sockIn.sin_family = AF_INET;
sockIn.sin_addr.s_addr = 0;
sockIn.sin_port = htons(usPort);
if (SOCKET_ERROR == bind (
sockListen,
(LPSOCKADDR) &sockIn,
sizeof (sockIn)))
LOGA ( ( __log_buf, SSPI_SERVER " bind failed: %u\n", GetLastError ()));
return(FALSE);
// Listen for client.
if (SOCKET_ERROR == listen (sockListen, 1))
LOGA ( ( __log_buf, SSPI_SERVER " Listen failed: %u\n", GetLastError ()));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " Listening ! \n"));
// Accept client.
sockClient = accept (
sockListen,
NULL,
NULL);
if (INVALID_SOCKET == sockClient)
LOGA ( ( __log_buf, SSPI_SERVER " accept failed: %u\n",GetLastError() ) );
return(FALSE);
closesocket (sockListen);
*ServerSocket = sockClient;
return(DoAuthentication (sockClient, certThumb ));
} // end AcceptAuthSocket
BOOL DoAuthentication (SOCKET AuthSocket, std::string certThumb )
SECURITY_STATUS ss;
DWORD cbIn, cbOut;
BOOL done = FALSE;
TimeStamp Lifetime;
BOOL fNewConversation;
fNewConversation = TRUE;
PCCERT_CONTEXT pCertCtxt;
Insert code to retrieve pCertCtxt
// Build SCHANNEL_CRED structure to hold CERT_CONTEXT for call to AcquireCredentialsHandle
SCHANNEL_CRED credSchannel = {0};
credSchannel.dwVersion = SCHANNEL_CRED_VERSION;
credSchannel.grbitEnabledProtocols = SP_PROT_SSL2_SERVER | SP_PROT_TLS1_SERVER;
credSchannel.cCreds = 1;
credSchannel.paCred = &pCertCtxt;
ss = AcquireCredentialsHandle (
NULL, //pszPrincipal
g_lpPackageName, //pszPackage
SECPKG_CRED_INBOUND, //fCredentialuse
NULL, //pvLogonID
&credSchannel, //pAuthData - need SCHANNEL_CRED structure that indicates the protocol to use and the settings for various customizable channel features.
NULL, //pGetKeyFn
NULL, //pvGetKeyArgument
&g_hcred, //phCredential
&Lifetime); //ptsExpiry
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcquireCreds failed: 0x%08x\n", ss));
return(FALSE);
while(!done)
if (!ReceiveMsg (
AuthSocket,
g_pInBuf,
g_cbMaxMessage,
&cbIn))
return(FALSE);
cbOut = g_cbMaxMessage;
if (!GenServerContext (
g_pInBuf,
cbIn,
g_pOutBuf,
&cbOut,
&done,
fNewConversation))
LOGA ( ( __log_buf, SSPI_SERVER " GenServerContext failed.\n"));
return(FALSE);
fNewConversation = FALSE;
if (!SendMsg (
AuthSocket,
g_pOutBuf,
cbOut))
LOGA ( ( __log_buf, SSPI_SERVER " Send message failed.\n"));
return(FALSE);
return(TRUE);
} // end DoAuthentication
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewConversation)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff;
ULONG Attribs = 0;
// Prepare output buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// Prepare input buffers.
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = &InSecBuff;
InSecBuff.cbBuffer = cbIn;
InSecBuff.BufferType = SECBUFFER_TOKEN;
InSecBuff.pvBuffer = pIn;
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer received (%lu bytes):\n", InSecBuff.cbBuffer));
PrintHexDump (InSecBuff.cbBuffer, (PBYTE)InSecBuff.pvBuffer);
ss = AcceptSecurityContext (
&g_hcred,
fNewConversation ? NULL : &g_hctxt,
&InBuffDesc,
Attribs,
SECURITY_NATIVE_DREP,
&g_hctxt,
&OutBuffDesc,
&Attribs,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
// Complete token if applicable.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (&g_hctxt, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " complete failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
// fNewConversation equals FALSE.
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer generated (%lu bytes):\n",
OutSecBuff.cbBuffer));
PrintHexDump (
OutSecBuff.cbBuffer,
(PBYTE)OutSecBuff.pvBuffer);
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext result = 0x%08x\n", ss));
return TRUE;
} // end GenServerContext
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
ULONG * pcbOutput,
ULONG cbHeader,
ULONG cbTrailer)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// The size of the trailer (signature + padding) block is
// determined from the global cbSecurityTrailer.
LOGA ( ( __log_buf, SSPI_SERVER " Data before encryption: %s\n", pMessage));
LOGA ( ( __log_buf, SSPI_SERVER " Length of data before encryption: %d \n",cbMessage));
// Prepare buffers.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
PBYTE pHeader;
pHeader = (PBYTE) malloc (cbHeader);
SecBuff[0].cbBuffer = cbHeader;
SecBuff[0].BufferType = SECBUFFER_STREAM_HEADER;
SecBuff[0].pvBuffer = pHeader;
SecBuff[1].cbBuffer = cbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pMessage;
PBYTE pTrailer;
pTrailer = (PBYTE) malloc (cbTrailer);
SecBuff[2].cbBuffer = cbTrailer;
SecBuff[2].BufferType = SECBUFFER_STREAM_TRAILER;
SecBuff[2].pvBuffer = pTrailer;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = EncryptMessage(
&g_hctxt,
ulQop,
&BuffDesc,
0);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " EncryptMessage failed: 0x%08x\n", ss));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " The message has been encrypted. \n"));
// Allocate a buffer to hold the encrypted data constructed from the 3 buffers.
*pcbOutput = cbHeader + cbMessage + cbTrailer;
* ppOutput = (PBYTE) malloc (*pcbOutput);
memset (*ppOutput, 0, *pcbOutput);
memcpy (*ppOutput, pHeader, cbHeader);
memcpy (*ppOutput + cbHeader, pMessage, cbMessage);
memcpy (*ppOutput + cbHeader + cbMessage, pTrailer, cbTrailer);
LOGA ( ( __log_buf, SSPI_SERVER " data after encryption including trailer (%lu bytes):\n",
*pcbOutput));
PrintHexDump (*pcbOutput, *ppOutput);
return TRUE;
} // end EncryptThis
void PrintHexDump(DWORD length, PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_SERVER " %s\n", rgbLine));
} // end PrintHexDump
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
if (!SendBytes (
s,
(PBYTE)&cbBuf,
sizeof (cbBuf)))
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
return(FALSE);
return(TRUE);
} // end SendMsg
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
// Retrieve the number of bytes in the message.
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed retrieving byte count.\n", cbBuf ));
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer size (%lu) differs from reported size (%lu)\n", sizeof(cbData), cbRead ));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed.\n", cbBuf ));
return(FALSE);
if (cbRead != cbData)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer bytes (%lu) differs from reported bytes (%lu)\n", cbData, cbRead ));
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMsg
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_SERVER " send failed: %u\n", GetLastError ()));
return FALSE;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes sent\n", cbSent ));
pTemp += cbSent;
cbRemaining -= cbSent;
return TRUE;
} // end SendBytes
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " recv failed: %u\n", GetLastError () ) );
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
return TRUE;
} // end ReceivesBytes
void cleanup()
if (g_pInBuf)
free (g_pInBuf);
g_pInBuf = NULL;
if (g_pOutBuf)
free (g_pOutBuf);
g_pOutBuf = NULL;
WSACleanup ();
exit(0);
SspiExample.h
// SspiExample.h
#include <schnlsp.h>
#include <sspi.h>
#include <windows.h>
#include <string>
BOOL SendMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
BOOL SendBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
void cleanup();
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *hCred,
PSecHandle phCtext
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewCredential
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput,
ULONG cbHeader,
ULONG cbTrailer
PBYTE DecryptThis(
PBYTE achData,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt
BOOL
SignThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature
void PrintHexDump(DWORD length, PBYTE buffer);
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName
BOOL CloseAuthSocket (SOCKET s);
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName );
BOOL DoAuthentication (SOCKET s, std::string certThumb );
void MyHandleError(char *s);
#define DBG_SIZE 1024
int OutputDebug( char buff[DBG_SIZE] )
int retval;
char debugstring[DBG_SIZE+32];
retval = _snprintf_s( debugstring, DBG_SIZE+32, _TRUNCATE, " %s", buff );
OutputDebugStringA( debugstring );
return retval;
int DbgBufCopy( char *buff, const char *format, ...)
int iLen;
va_list args;
/// Call va_start to start the variable list
va_start(args, format);
/// Call _vsnprintf_s to copy debug information to the buffer
iLen = _vsnprintf_s(buff, DBG_SIZE, _TRUNCATE, format, args);
/// Call va_end to end the variable list
va_end(args);
return iLen;
#define LOGA(_format_and_args_)\
{ char __log_buf[DBG_SIZE];\
DbgBufCopy _format_and_args_;\
printf("%s", __log_buf );\
OutputDebug(__log_buf);\
#define TEST_MSG "This is your server speaking"
My initial attempt built an SCHANNEL_CRED structure following the documentation to set
grbitEnabledProtocols to 0, and let SChannel select the protocol. This worked on Windows 7, selecting TLS1. When I ran the same exe-s on 2008 R2, the Client program failed, with InitializeSecurityContext returning SEC_E_DECRYPT_FAILURE.
The failure occurred on the 2nd call, using phNewContext returned on the first call.
My next attempt set grbitEnabledProtocols to SP_PROT_TLS1_SERVER. This also worked on Win 7, but 2008R2 failed again, this time on the Server side. AcceptSecurityContext failed, returning SEC_E_ALGORITHM_MISMATCH.
TLS is a requirement for my project, but to try getting the sample to run, I next set grbitEnabledProtocols to SP_PROT_SSL2_SERVER. This did work for 2008R2, selecting SSL2, but now the Server failed on Win7 with AcceptSecurityContext returning
SEC_E_ALGORITHM_MISMATCH.
My final try was to set grbitEnabledProtocols to SP_PROT_TLS1_SERVER | SP_PROT_SSL2_SERVER, but that failed identically to the first case, with the Client on 2008R2 returning SEC_E_DECRYPT_FAILURE.
So my question is - What is required to get SChannel to select TLS regardless of the Windows version on which the programs are running?Thank you for the reference. That did provide the information I needed to get TLS working. However, the documentation is not accurate with regard to setting the registry keys and values.
The tables all show DisabledByDefault as a subkey under the protocol. They also describe a DWORD value, Enabled, as the mechanism to enable/disable a protocol.
What I found is DisabledByDefault is a DWORD value under Client/Server and it appears to be the determining factor to whether a protocol is enabled/disabled.
The only way I was able to get TLS 1.1 working is with the following path present:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
Under Client, I must have DisabledByDefault set to 0. With that, the Enabled value does not need to be present.
This held true for any level of TLS.
I also found the setting of grbitEnabledProtocols in the SCHANNEL_CRED structure to be misleading. From the description at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx, I thought my Server program could set this field to 0, and SChannel would select the protocol as directed by the registry. What I found is that the structure flag must
agree with the registry setting for TLS to work. That is with the resgistry key above for TLS 1.1, I must set grbitEnabledProtocols to SP_PROT_TLS1_1.
Can you confirm the relationship between the SCHANNEL_CRED contents and registry state? -
Cannnot use 3TB hard drive to install Windows Server 2008 R2
I am trying to install Windows 2008 R2 on a server with a 3TB HDD, but I can only create a 2TB partition on the hard drive, leaving around 800GB which I cannot even access. I can install Windows on the 2TB partition, but even after installation, I cannot
physically access the remaining 800GB. When I right click on the 800GB unallocated partition in Storage\Disk Manager, I have no options to create a new partition. If I right-click on the existing 2TB partition, I have no option to extend it using the remaining
800GB.
Motherboard details:
Asus Veriton S460
Product Name: EG31M
System BIOS: R01-C2
BIOS Release Date: 11/27/08
Can I do anything to use the remaining 800GB?
Thanks.Link
Known Issues/Limitations
Because the transition to a single-disk capacity of greater than 2 TB has occurred fairly recently, Microsoft has investigated how
Windows supports these large disks. The results reveal several issues that apply to all versions of Windows earlier than and including Windows 7 with Service Pack 1 and Windows Server 2008 R2 with Service Pack 1.
To this point, the following incorrect behavior is known to occur when Windows handles single-disk storage capacity of greater than 2 TB:
The numeric capacity beyond 2 TB overflows. This results in the system being able to address only the capacity beyond 2 TB. For example, on a 3 TB disk, the available capacity may be only 1 TB.
The numeric capacity beyond 2 TB is truncated. This results in no more than 2 TB of addressable space. For example, on a 3 TB disk, the available capacity may be only 2 TB.
The storage device is not detected correctly. In this case, it is not displayed in either the Device Manager or Disk Management windows.
Many storage controller manufacturers offer updated drivers that provide support for storage capacities of more than 2 TB. Contact your
storage controller manufacturer or OEM to determine what downloadable support is available for single-disk capacities that are greater than 2 TB. -
How to recognize if application is installed using "Install application on remote desktop..." option in Control Panel in Windows Server 2008 R2?
Basically, as administrator, I can't say if the user installed application using "Install application on remote desktop..." in Control Panel or he just installed it by clicking the .msi executable. I can't find anything that makes any difference.
I could not find anything in the registry. I am quite confused.
Thanks,
Aleksandar9Hi,
Thank you for your posting in Windows Server Forum.
Please make sure that you are using category view of control panel-programs to check the application. And in addition to “install application on Remote Desktop server” user can also use command line also.
change user /install
change user /execute
change user /query
“The first time you run the application, it searches the home directory for its .ini files. If the .ini files are not found in the home directory, but are found in the system directory, Terminal Services copies the .ini files to the home directory, ensuring
that each user has a unique copy of the application .ini files. Each user should have a unique copy of the .ini files for an application. This prevents instances where different users might have incompatible application configurations.” (Quoted formthis
article).
Hope it helps!
Thanks,
Dharmesh -
Using drag and drop in remote desktop on windows server 2008
we running an application on windows server 2008 terminal services .. this application was support drag and drop functionality .. i understand that terminal services on windows 2008 is supported to drag and drop but is not happening !! even when i run remote desktop connection on this server the drag and the drop is not working !
i need to enable the drag and drop for windows 2008 terminal services ..
Thanks in advanceHello Ayman,
If your requirement is to drag and drop files between local and remote sessions, Danny is right. Drag-and-drop feature is not supported in Windows Server 2008-based Terminal Server, which is a by-design behavior hard-coded in the current version of the Remote Desktop Protocol.
As a workaround, I recommend you to use copy-and-paste function instead of drag-and-drop. To enable the copy-and-paste between local and remote session, please enable the clipboard redirection in Windows Server 2008-based RDC. (In Windows Server 2003 environment, local drive redirection is needed.)
Hope it helps. Thanks.
Best Regards,
Lionel Chen -
Installing terminal server role on windows server 2012 to use for Windows server 2008 R2 machines.
Dear
Our current setup is as follows :-
Active Driectory is in Windows Server 2003.
Citrix Xenapp version 5.6 with all Xenapp servers in Windows Server 2003
Now we are upgrading our Citrix farm to 6.5 and all Xen app servers into Windows Server 2008R2.
We did the configuration and testing; everything works fine except the terminal server is not configured which gives the pop always for the expiry date.
We do have license for 2012 terminal server which is not possible to downgrade for some reason and managent need to install new Windows Server 2012 for terminal server and activte the licenses.
My question is :-
1 Whether Windows Server 2008 R2 will get RDS cal license from Windows Server 2012 terminal server (RDS CAL license is of windows server 2012).
2. What is the role and features I need to activate in Server 2012 in order to use for Citrix 6.5 (only applicable fetaure for getting the RDS cal license.)
3. Whether I can add this 2012 server into domain. Is it possible to add 2012 server into Windows Server 2003 AD.
Your early reply is highly appreciated.Thanks Jeremy..
I got exactly the right answers I am lookoing for ..
I successfully activated the terminal service on the newly created Windows 2012 Server and installed the retail license pack we had of 50+50+25 keys . It later shows the 125 keys successfully applied.
when I tried to link the Xenapp (Windows Server2008R2) to the license server, it first gives me error that session host service role is not installed on the ternial server. So I installed that role also in the terminal server.
But now its anothee error as below.
RDS Cals are not available for this Remote Desktop Session host server, and licensing Diagnostic has identified licensing problems for the RD session host server.
1. Is it wrong I did by installing session host server role into the terminal server (but really it gave me error like 'session host server role is not running on the license server' when I tried to link the license server).
2. Is it the problem that Windows Server 2008 R2 will not get license from 2012 RDS CAL license.
3. whether Clearing house will take time to update the license.
Your reply is highly appreciated. I need to know whether any other way I can link the Windows Server 2008 R2 Servers (Xenapp) to the license server. -
Can't install Adobe Reader using Firefox on Windows Server 2008 R2
I am hoping someone can kindly help me out here.
Using Firefox I went to http://get.adobe.com/reader/ and clicked the download button and received the Getplus add-on to Firefox.
When Firefox restarts the getplus window opens but sits there and does nothing with the window remaining blank for ever..
Each time I try it is the same
I am logged into Windows Server 2008 R2 as Administrator but it might be a permissions problem as this is a new install of 2008 and seems pretty locked down.
Thank you in advanceAre these signs of Adobe failing?
After subscribing to this forum, I received an email in German from Adobe......................
Vielen Dank für Ihren Beitritt im Adobe-Club. Als Mitglied können Sie eine Reihe exklusiver Vorteile, Ressourcen und Dienstleistungen in Anspruch nehmen.
Mitglieder können:
* unseren Newsletter Adobe Minute Mail (deutsch) abonnieren
* unseren Newsletter Adobe Edge (englisch) abonnieren
* Informationen zu ihren Käufen und Transaktionen im Adobe Store aufrufen
* ihr Adobe-Profil verwalten und aktualisieren
* in der Adobe Exchange Dateien hoch- und herunterladen
* Nachrichten in den Adobe-Foren veröffentlichen
Ihre Adobe-Club-ID lautet
Um Ihr Adobe-Profil und Ihre Voreinstellungen zu ändern oder um Adobe Edge zu abonnieren, loggen Sie sich einfach ein.
Whatever, Adobe -
Can I use Remote Desktop Connection (windows server 2008) even if no user is logged in?
I'm configuring a Server, running Windows Server 2008, to be accessed remotely. Suppose no user is logged in in the server (if it was just turned
on, for instance). Can I use the "Remote Desktop Connection" feature to log in remotely in this case? Or is it always necessary to have a user locally logged in, to remotely log in to one of the users available?If its a fresh installation, RDM might not work at first.
1. You need to check firewall and allow Remote Desktop. To be specific, communication to port 3389 TCP
2. Right click My Computer --> Properties --> Remote tab
Enable Remote Desktop
Allow connections to this computer
Click users and grant the permissions for the users. By default, Administrators do have the permission. An also, the users who are members of the 'Remote Desktop Users' security group also have the permission
Maybe you are looking for
-
Manipulate an uielement in webdynpro abap
Hi. How I can manipulate an uielement created in time of design (for example, to do visible or not an inputfield) in layout from a method.I´ve seen this code: data: LR_CONTAINER type ref to L_WD_UIELEMENT_CONTAINER, LR_BUTTON type ref to CL_WD_BUTTON
-
Issue with Loading COMMENTS in HFM ICT Module from FDMEE
Hi, We have a requirement wherein we can load all the HFM ICT Transactions from a Flat File using FDMEE. We are facing 2 issues: a. Firstly FDMEE Target application allows us to map only COMMENT1 as a dimension for FDMEE. There is no Dimension/P
-
Hi, anybody had used BTE 1321 ,if yes the plz reply me. Regards Ricky
-
How can I change the axis so I could see the four quadrant of my image?
Hi! I Have been graphying a polinomial with the intensity graph, but I couldn't see the four quadrants of my image,I can only see the first one, how could I fixed?
-
Message "not enough memory on start up disc" on MacBook pro
My 2 year old MacBook displays a message "not enough memory on start up disk".