Victim of unauthorised activity

I have been a victim of unauthorised activity it seems in Taiwan whereby the hackers have taken up three subscriptions costing me a total of £33. I would greatly appreciate if could redeem this amount by crediting my PayPal account.
Thanks
askyriacou
Solved!
Go to Solution.

Hello,
Your acount has been hacked. You should change both your Skype account and e-mail passwords immediately and that of your PayPal account. The ONLY way in which an account can be hacked is by the hacker either knowing (or "cracking") your password. For this reason Skype doesn't reimburse any assets lost due to an account being hacked. You could also contact Paypal
TIME ZONE - US EASTERN. LOCATION - PHILADELPHIA, PA, USA.
I recommend that you always run the latest Skype version: Windows & Mac
If my advice helped to fix your issue please mark it as a solution to help others.
Please note that I generally don't respond to unsolicited Private Messages. Thank you.

Similar Messages

Help needed from Adobe for unauthorised activity on my account

Help please!
I bought some education software from an Adobe supplier on the recommendation of my school. It turns out (without me knowing or being told when I placed the order) that I was being sold old software, at what he now claims was cost price (interesting as I subsequently bought the next version for just $30 more). I have not been able to register that software as it was the wrong version for my region, and after a month of trying I asked for a refund.
He is now accessing my account, (probably from a link in an email i sent him!!) and is trying to get the software he sold me registered so he doesn't have to refund me!
Okay, so bad enough that I have hassles with this "person" but worse that he has access to my account and I seem unable to change this.
This whole process has been a nightmare!! I need to close two open cases immediately but can't get hold of Adobe by phone or on chat!!! Help please!

You should be able to contact chat support from http://adobe.ly/yxj0t6

FAO: Customer Services! Skype have ruined my Chris...

Thank you very much Skype. You have just ruined my Christmas. I live in Singapore and went on holiday to Indonesia, confident that I would be able to contact my family in the UK over the Christmas period. However, upon arriving in Indonesia, I received and email saying that my account had been suspended due to 'unauthorised login' which I assume was me logging in from Bali. Fair enough. I respect the fact that you protected my account from potentially unauthorised activity. So, I duly followed the link you sent me in the email to reactivate my account. "Oops, something went wrong with our website. Please try again later". After ten or so attempts to resubmit the form over the Christmas holidays, I gave up. The website wouldn't work and I couldn't post a question in the forum, because I wasn't allowed to log in as my account was suspended! ARGH! I'd been so excited about logging on and watching my family open their Christmas presents and this was impossible without my Skype premium account. Now I've finally got back to Singapore and the account recovery site worked straight away. So I'm back into my account, but I'm still not allowed to add any credit or extend my premium account because that is still suspended and when I try to use the customer support 'text chat' service, it tells me that it has been initiated in another window but this window never appears. So I'm being forced to use a public forum, which I wanted to avoid. So please Skype, please get in touch so that I can reactivate all of ther functionality of my account and finally speak to my family, even if it is two weeks too late. I am hugely dissappointed and infuriated with how difficult your process has been. Please make this right.

I've had several accounts for years and they've never been compromised. I don't know why you are referencing an article years old as your sole basis for the root of your hijacking. Anything is possible just like your password being compromised on any computer or network you trusted and accessed that contained your Skype account info in the past few years. VPNs can also create a compromising situation since you are essentially traversing another private network that you don't necessarily manage.
Skype has their own security policies and if your account is violating those policies or harming their network they have a right to terminate that account temporarily or permanently at their discretion to stop damages from occurring on their network, even if you may not be directly responsible. If your work is solely dependent on the Skype service you should have a backup plan. I personally have 2 cell phones on standby from two different networks that I can use at any time for either Internet access or as a standard phone. I also have several Skype accounts should one of them be inaccessible. Should "disaster" strike I have an action plan so I'm not dead in the water.
An outage of services for a prolonged amount of time is one thing but an outage due to a detected security violation is another. You're as much a victim as Skype is so I don't understand the focused animosity for a service that has otherwise worked well for you in the past 2 years.. If someone steals my car, joy rides it and engages in illegal activity, I don't plan on getting that car back anytime soon so I make arrangements for a rental if I need to get to work the following day. Trying to bill the police department due to their lack of pre-crime doesn't accomplish anything.

Can't able to buy itunes store with several problems

As I mentioned before,
, it appears that of your devices was linked to possible unauthorized activity on the iTunes Store.
Because of this, I strongly recommend using a different device or computer to use the iTunes Store.
Additionally, it appears that your account is not in compliance with the iTunes Store Terms and Conditions, so we will not be able to resolve the error message you’ve encountered.
This is the message form apple support.
I explained them, i just bought iphone 5 second hand and started my own account and filled 200USD with itunes gift cards and i went local repair shop for my iphone 5 Home sleep mode bottom is not working. and after that, i clicked purchased a game and apple wouldn't let me, it said ( contact support ). I contacted them and explained and wait almost about 3 days their reply as i showed about that message.But i can purchase all free apps without problems but i changed my password to be secure and then i must need to verify my payment and i clicked none (because i have money in my credit store). however it said contact support. Now i am doomed , my account and my phone is useless now. Apple senior adviser strongly recommended i am better change devices to use.
What a nice recommend! I am not rich , that's why i bought second hand iphone and get doomed. if i am able to buy other devices to use , how i contact apple for wasting my time. and the next is if i sell this phone again to others, the buyers will get troubles like me. I don't also know my device was linked to possible unauthorized activity on the iTunes Store. and the next thing is my account is not compliance with itunes store terms and conditions. I set my valid US address ,but i used it from over sea. Millions of US people used to buy itunes store from oversea , why i am the only one person that getting trouble.
Please suggest me and advice me ,. I hope apple staffs saw my message
Thank you

We are fellow users here on these forums, you're not talking to iTunes Support nor Apple.
If you were using the US store when you weren't in the US then you are violating the store's terms of use (which you agreed to) :
The iTunes Service is available to you only in the United States, its territories, and possessions. You agree not to use or attempt to use the iTunes Service from outside these locations. Apple may use technologies to verify your compliance.
If you were using your phone to purchase content from the US store when not in the US then that might be the unauthorised activity that they are referring to. If you contact iTunes Support and ask them to remove the balance from your account so that you can put your correct address on your account (you can't change countries whilst you have a balance) then you might be able to use the account.

HT203983 my apple id does not accept my payment method. why? i am using that same visa card the last 5 years!

my apple id does not accept my payment method. why? i am using that same visa card the last 5 years!

there may be several reasons why your credit card may be declined by the iTunes store ,
the reason the iTunes store require c.card when you setup your apple id is for verification purposes
if you have called the iTunes store in the past about unrecognised charges, or unauthorised activity ,
then your bank may have blocked your card from being used on the iTunes store, i would recommend contacting your banking institute

ITunes account was hacked from CHINA?

So I wake up yesterday and get these emails, and am out $20+taxes from my balance. Emailed Apple and they said they would refund me back, but I'm more worried about my personal information and CC...I know they probably saw my address/phone but what about my CC info? Apple's email never answered my question regarding the CC card.
The following information for your Apple ID [email protected] was updated on 09/04/2011:
Credit card
If these changes were made in error, or if you believe an unauthorized person accessed your account, please reset your account password immediately by going to iforgot.apple.com.
and then:
Your Apple ID, [email protected], was just used to download 帝國 Online from the App Store on a computer or device that had not previously been associated with that Apple ID.
If you initiated this download, you can disregard this email. This email was sent as a safeguard designed to protect you against unauthorised activity.
If you did not initiate this download, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.
Regards,
Apple
and then:
Your Apple ID, [email protected], was just used to download 明珠三国OL from the App Store on a computer or device that had not previously been associated with that Apple ID.
If you initiated this download, you can disregard this email. This email was sent as a safeguard designed to protect you against unauthorised activity.
If you did not initiate this download, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.
Regards,
Apple

Mine was hacked last week too! I got the same emails where chineese apps were purchased. My first came through my PAYPAL account for .89 c. That was a Friday for which I recieved the email on SAT. BC it was poker i assumed it was my husband. But then 2 days later was the 19.99 charge that came from my account balance!! I reset my password on that day (MONDAY). Contacted apple and got my full balance back without a problem. HOWEVER----->>>>> I've been "DISABLED" over and over again since that time. I've reset my password 3-4 times. I"m running out of passwords that will be fairly easy to remember! I'm guessing this is happening b/c someone is still attempting to get into my account from abroad and after 3-5 failed attempts i'm disabled AGAIN!!
I was told just to allow it to be DISABLED for a few weeks then try again. By then they will have stopped trying to use my account. but everytime i change my password it UNLOCKS it and they start trying again. its an endless circle of reset---->>>hackers hack------>>disabled account etc etc. LUCKILY they've gotten no more $$ bc i removed my method of payment until I feel more comfortable.

Skype calls

I recently purchased credit to make calls from europe to USA. Payment went through and i was making calls. SKYPE then considered this unauthorised activity on my account and asked the relevant q's to ascertain I was who I said I was. Initially I was pleased that security is obviously a priority to skype. Now however after making another call and answering the second set of security qs someone has decided there is still unauthorised activities on my account. My purchase of skype credit was then refunded and now my account is locked. I NEED to call the USA via skype. How can I convince someon at skype that my account has not been hacked so that I can nake calls again?

unfortunately, only the customer support can assist you from this point. You may need to get in touch them again for further clarifications and to know what your possible options are.
CONTACT SKYPE CUSTOMER SERVICE | HOW TO RECORD SKYPE VIDEO CALLS | HOW TO HANDLE SUPICIOUS CALLS AND MESSAGES | WINDOWS PROBLEMS TROUBLESHOOTING | SKYPE DOWNLOAD LINKS
MORE TIPS, TRICKS AND UPDATES AT
skypefordummies.blogspot.com

Logging internet traffic

Is there anything in Leopard that allows me to track any external access from the internet?
I recently had my mailbox Hijacked on my ISP and somehow they managed to change the password on the webmail server and it appears used my email address to send the usual phishing crap. They didnt get it from me. I dont keep passwords on my Macs in plain language but I want to make sure that there has been no unauthorised activity from the net.
I dont open or respond to anything that I dont know or understand. I am morelikely to junk valid emails than open invalid stuff
Its not the first time that I have had issues with my ISP. Seems to me that they have been hacked esp as Comcast denies all emails from this ISP because quote"80% of emails from your part of the world are genreated by your ISP " unquote

If your Mac's firewall is off, turn it on.
Little Snitch might help you out:
http://www.obdev.at/products/littlesnitch/index.html
~Lyssa

Provider-hosted Apps debug error: The remote server returned an error: (401) unauthorised

Hi,
Any help appreciated!!
I'm getting this error: "The remote server returned an error: (401) unauthorised when I debug a provider-hosted app. I get the error on this line:
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
See code below
I created a high trust development environment following the instructions provided here:
http://msdn.microsoft.com/en-us/library/office/fp179901(v=office.15).aspx and
http://msdn.microsoft.com/library/office/fp179923
I created a provider-hosted app with the intent to:
create a SharePoint list in the appweb
Use self-signed certificate, tokenhepler.cs and sharepointcontext.cs to retrieve current user context and access on SharePoint. (No changes were made to tokenhelper.cs and sharepointcontext.cs)
retrieve list items from the SharePoint list in a button click event handler on a default.aspx of the remote web
What happens:
The app is deployed successfully to the Dev site
The SharePoint feature is deployed and activated
The default.aspx page of the remote web loads
The error (see image) is returned on clicking of the button
My environment is an on-premise SharePoint 2013 with AD and my dev box is standalone windows 8.1 running Visual Studio Professional 2013 Update 3.
The code block below is a copy of the default.aspx code-behind
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using Microsoft.SharePoint.Client;
using Microsoft.IdentityModel.S2S.Tokens;
using System.Net;
using System.IO;
using System.Xml;
using System.Data;
using System.Xml.Linq;
using System.Xml.XPath;
namespace Idea.GeneratorWeb
public partial class Default : System.Web.UI.Page
SharePointContextToken contextToken;
string accessToken;
Uri sharepointUrl;
protected void Page_PreInit(object sender, EventArgs e)
Uri redirectUrl;
switch (SharePointContextProvider.CheckRedirectionStatus(Context, out redirectUrl))
case RedirectionStatus.Ok:
return;
case RedirectionStatus.ShouldRedirect:
Response.Redirect(redirectUrl.AbsoluteUri, endResponse: true);
break;
case RedirectionStatus.CanNotRedirect:
Response.Write("An error occurred while processing your request.");
Response.End();
break;
protected void Page_Load(object sender, EventArgs e)
//// The following code gets the client context and Title property by using TokenHelper.
//// To access other properties, the app may need to request permissions on the host web.
var spContext = SharePointContextProvider.Current.GetSharePointContext(Context);
//var spContext = new ClientContext("MySPDevInstance");
//spContext.Credentials = new NetworkCredential("username", "password");
//using (var clientContext = spContext.CreateUserClientContextForSPHost())
// clientContext.Load(clientContext.Web, web => web.Title);
// clientContext.ExecuteQuery();
// Response.Write(clientContext.Web.Title);
string contextTokenString = TokenHelper.GetContextTokenFromRequest(Request);
if (contextTokenString != null)
// Get context token
contextToken = TokenHelper.ReadAndValidateContextToken(contextTokenString, Request.Url.Authority);
// Get access token
sharepointUrl = new Uri(Request.QueryString["SPAppWebUrl"]);
accessToken = TokenHelper.GetAccessToken(contextToken, sharepointUrl.Authority).AccessToken;
// Pass the access token to the button event handler.
Button1.CommandArgument = accessToken;
protected void Button1_Click(object sender, EventArgs e)
// Retrieve the access token that the Page_Load method stored
// in the button's command argument.
string accessToken = ((Button)sender).CommandArgument;
if (IsPostBack)
sharepointUrl = new Uri(Request.QueryString["SPAppWebUrl"]);
// REST/OData URL section
string oDataUrl = "/_api/Web/lists/getbytitle('Diagrams In Idea Generator')/items?$select=Title,Diagram,SharingStatus";
// HTTP Request and Response construction section
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(sharepointUrl.ToString() + oDataUrl);
request.Method = "GET";
request.Accept = "application/atom+xml";
request.ContentType = "application/atom+xml;type=entry";
request.Headers.Add("Authorization", "Bearer " + accessToken);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
// Response markup parsing section
XDocument oDataXML = XDocument.Load(response.GetResponseStream(), LoadOptions.None);
XNamespace atom = "http://www.w3.org/2005/Atom";
XNamespace d = "http://schemas.microsoft.com/ado/2007/08/dataservices";
XNamespace m = "http://schemas.microsoft.com/ado/2007/08/dataservices/metadata";
List<XElement> entries = oDataXML.Descendants(atom + "entry")
.Elements(atom + "content")
.Elements(m + "properties")
.ToList();
var entryFieldValues = from entry in entries
select new
Character = entry.Element(d + "Title").Value,
Actor = entry.Element(d + "Diagram").Value,
CastingStatus = entry.Element(d + "SharingStatus").Value
GridView1.DataSource = entryFieldValues;
GridView1.DataBind();
Any ideas what I might be doing wrong

Hi ,
Use the below code
Public string GetAccessToken(){
string sharePointSiteUrlHost = Page.Request["SPHostUrl"].Tostring();
string AccessToken = tokenHelper.GetS2SAccessTokenWithWindowsIdentity(sharePointSiteUrlHost, Request.LogonUserIdentity);
return accessToken;
Than initialize the ClientCOntext with the below Method
private static ClientContext GetClientContextWithAccessTokenString(string targetUrl, object accessToken)
ClientContext clientContext = new ClientContext(targetUrl);
clientContext.AuthenticationMode = ClientAuthenticationMode.Anonymous;
clientContext.FormDigestHandlingEnabled = false;
clientContext.ExecutingWebRequest +=
delegate(object oSender, WebRequestEventArgs webRequestEventArgs)
webRequestEventArgs.WebRequestExecutor.WebRequest.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
webRequestEventArgs.WebRequestExecutor.RequestHeaders["Authorization"] =
"Bearer " + accessToken;
return clientContext;
use this clientCOntext and it will work.
Do not use
SharePointContextProvider
Whenever you see a reply and if you think is helpful,Vote As Helpful! And whenever you see a reply being an answer to the question of the thread, click Mark As Answer

PSN hack, system activation/deactivation and a foreboding of DRM restrictions to come.

I have had an ongoing issue since yesterday which has now escalated due to the terrible customer service at sony's call centres. My account has clearly been tampered with in some way and no one seems to believe me at customer support.Let me start by stating that this is my ONLY ps4. I purchased it 2 weeks ago and activated it as my primary console upon initilisation. There are no other users accessing it at any time, no sub accounts or otherwise. i am the SOLE user. According to the ignorant staff member i spoke to and i quote 'you have activated consoles 60 times in the last week. several ps3's and 2 ps4's' alarmed by this i replied; 'Well clearly that shows evidence of account tampering as i am categorically stating to you that i have only 1 ps4 and 1 ps3 and have only activated devices of any kind once for almost 2 years; That being my ps4. There are no other users on my PS4 or psn account, no friends or family accessing my content in any way. My ps4 is currently listed as not being the primary in my account details. So obviously there is either an error on your end or someone has hacked my account. Could i please gain assistance with shutting down whoever has manipulated my account privelages? So far no unauthorised transactions have been made as i updated my security details almost immediately after this occured. But as this is a recent circumstance i do not feel comfortable about my account security.' the rep was attempting to interrupt me the entire time despite not having a grasp of the full situation. ultimately his response, condescending throughout was: 'As i have just explained several times, your ps4 has been deactivated on one console and activated on another as a primary. As no fraudulent purchases have been made i conclude that no one has tampered with your account and that you have deactivated your console and activated another. You need to have an active connection to the internet to play or use any digital content purchased through PSN, regardless of whether you are the primary user or not. We are going round in circles so unless you have any other questions pertaining to anything that does not relate to this subject or PSN i will have to terminate this call.' Firstly, you do NOT have to have a constant connection to PSN to play your games. This is one of the deciding factors in me actually purchasing this over an x box ( slowly regretting this decision). DRM only takes effect if a SECONDARY ps4 is trying to access content downloaded on the primary with your account. So not only did he attempt to misinform me in order to shut the call down, he outright refused to take my issue further, simply repeating his earlier statement as a default response to pretty much anything i suggested. Secondly. You DO NOT hang up on a customer simply because you personally are refusing to solve the problem. I wasn't rude or inflammatory towards him in any way, which was difficult to accomplish with just how ignorant and stand offish he was behaving ( unacceptable behaviour from someone who represents a company that just received over 600 pounds worth of money from a loyal customer once again).When i asked him if i could speak to a senior staff member or if i could be redirected to another department he simply stated:'I will not be doing that, my decision is final and you will not be able to change your activation for the next 6 months.' when i suggested that it's highly unusual for ANYONE to activate/deactivate multiple consoles 60 times within one week he replied with; 'no that's not unusual at all, either yourself or someone in the household has done this. I am terminating this call.' Seriously, i have never received such flagrant, atrocious customer service in my life. By some miracle after my 3rd phone call i got through to someone named Arctur who was extremely helpful. Instead of assuming i have 50 consoles he actually used his brain and assessed the details with common sense. he concluded that someone HAD in fact been on my account and had locked me out as the primary user in order to gain access to privelages and ultimately shut down my account entirely. He deactivated the 'fake' ps4. Which according to the rep from before they had no power to do (go figure). And apologised to me personally. is this the future of SEN? DRM policies convulted to the nth degree, content lock for games i've purchased with MY money unless i am connected to the internet? and customer service staff refusing to adhere to thier own job roles? I don't feel secure enough to even sign in at the moment let alone purchase anything else from this company. I've never experienced such an awful situation as this when i had my ps3. 2 weeks after i purchase my ps4 this happens. I never paid much credence to all the transcripts online of people having constant problems with PSN and PS4. I just assumed the stories were either over exaggerated or there were just disgruntled customers using twitter as a knee jerk reaction to an interruption in thier service. But after yesterday/today. I really think Sony need to slow down the aggressive marketing wagon and reallocate some funds to hire competent staff members for both thier online security/customer service. If this happens again i will be getting a full refund for this and simply returning to my PS3. I'd rather have a secure last -gen console than a next-gen one that's about as secure as a straw house. Being inadvertently 'locked 'out of all digital content that belongs to ME due to this issue has me seriously doubting Sony's assurance that the 'always online' ideology will be far from restrictive. If your servers are soo easy to breach, then surely you should allow your customers to verify themselves and thier ps4 through it's serial ID and simply waive the 6 month restriction on deactivation no? Instead i get locked out of my own content for your failings to fix your errors or protect your company from online attacks.i could play anything on my ps3 anytime i wanted, internet connection or no. So whichever way you look at it, this is a step back, not forward. I truly believe issues like this need widespread coverage so that new customers know exactly what they could potentially be getting into. it's unnacceptable that a decent portion of your consumer base gets ignored just because the majority face no problems.

Is anyone still having this problem? I had a similar experience this afternoon, I was logged out of my system because another PS4 had been logged in with my credetials. I phoned the two people in my family who's PS4s I've logged in on and one had already deleted the account months ago and the other was not at home.When I updated my password it still happened, so I updated my email address aswell, within a minute of updating my email address I receive a PSN message from an account I don't know saying they were named Denis, 10 yrs old and could the please play my games.

Service Broker Activation Deadlocking

I have implemented a (slightly) modified version of conversation recycling using conversation timers and stored procedure activation from http://rusanu.com/2007/05/03/recycling-conversations/ . However it appears that, occasionally, deadlocks occur
between the send and activated procedures on the conversation group/table. The main modification is that instead of having a column to represent the SPID in the table I am using an IdentifierType and Identifier value to identify the conversation. However I
am only using the defaults (@@SPID) so I don't think that should matter in this case.
For the send side I have:
CREATE PROCEDURE [dbo].[usp_SendMessage]
@endpointCode VARCHAR(255) = NULL,
@endpointGroup VARCHAR(255) = NULL,
@xmlPayload XML=NULL,
@binaryPayload VARBINARY(MAX)=NULL,
@varcharPayload VARCHAR(MAX)=NULL,
@identifier VARCHAR(50) = @@SPID,
@identifierType VARCHAR(50) = '@@SPID'
AS BEGIN
SET NOCOUNT ON
DECLARE @fromService SYSNAME,
@toService SYSNAME,
@onContract SYSNAME,
@messageType SYSNAME,
@conversationTimeout INT
SELECT @fromService = FromService
, @toService = ToService
, @onContract = OnContract
, @messageType = MessageType
, @conversationTimeout = ConversationTimeout
FROM dbo.ServiceBrokerEndpointConfig
WHERE GroupCode = @endpointGroup
IF @fromService IS NULL OR @toService IS NULL OR @onContract IS NULL OR @messageType IS NULL OR @conversationTimeout IS NULL
BEGIN
RAISERROR (
N'Failed to get endpoint config for GroupCode ''%s''.'
, 16, 1, @endpointGroup) WITH LOG;
RETURN;
END
DECLARE @SBDialog UNIQUEIDENTIFIER
DECLARE @Message XML
DECLARE @counter INT
DECLARE @error INT
DECLARE @handle UNIQUEIDENTIFIER;
DECLARE @NotNullCount INT = ((CASE WHEN @xmlPayload IS NULL THEN 0 ELSE 1 END)
+ (CASE WHEN @binaryPayload IS NULL THEN 0 ELSE 1 END)
+ (CASE WHEN @varcharPayload IS NULL THEN 0 ELSE 1 END))
IF @NotNullCount > 1
BEGIN
RAISERROR (
N'Failed to SEND because %i payload fields are filled in when no more than 1 is expected'
, 16, 1, @NotNullCount) WITH LOG;
RETURN;
END
SET @counter = 1
WHILE (1=1)
BEGIN
SET @handle = NULL
-- Seek an eligible conversation in [ServiceBrokerConversations]
-- We will hold an UPDLOCK on the composite primary key
SELECT @handle = Handle
FROM [ServiceBrokerConversations] WITH (UPDLOCK)
WHERE Identifier = @identifier
AND IdentifierType = @identifierType
AND FromService = @fromService
AND ToService = @toService
AND OnContract = @onContract;
IF @handle IS NULL
BEGIN
-- Need to start a new conversation for the current @Id
BEGIN DIALOG CONVERSATION @handle
FROM SERVICE @fromService
TO SERVICE @toService
ON CONTRACT @onContract
WITH ENCRYPTION = OFF;
-- Then the sender must listen on the
-- send queue for the http://schemas.microsoft.com/SQL/ServiceBroker/DialogTimer message type and
-- cleanup appropriately.
IF @conversationTimeout IS NOT NULL
BEGIN
BEGIN CONVERSATION TIMER (@handle) TIMEOUT = @conversationTimeout;
END
INSERT INTO [ServiceBrokerConversations]
(Identifier, IdentifierType, FromService, ToService, OnContract, Handle)
VALUES
(@identifier, @identifierType, @fromService, @toService, @onContract, @handle);
END;
IF @xmlPayload IS NOT NULL
BEGIN
-- Attempt to SEND on the associated conversation
;SEND ON CONVERSATION @handle
MESSAGE TYPE @messageType (@xmlPayload);
END ELSE IF @binaryPayload IS NOT NULL
BEGIN
;SEND ON CONVERSATION @handle
MESSAGE TYPE @messageType (@binaryPayload);
END ELSE BEGIN
;SEND ON CONVERSATION @handle
MESSAGE TYPE @messageType (@varcharPayload);
END
SELECT @error = @@ERROR;
IF @error = 0
BEGIN
-- Successful send, just exit the loop
BREAK;
END
SELECT @counter = @counter+1;
IF @counter > 10
BEGIN
-- We failed 10 times in a row, something must be broken
RAISERROR (
N'Failed to SEND on a conversation for more than 10 times. Error %i.'
, 16, 1, @error) WITH LOG;
BREAK;
END
-- Delete the associated conversation from the table and try again
DELETE FROM [ServiceBrokerConversations]
WHERE Handle = @handle;
SET @handle = NULL;
END
END
And for the activation on the initiator queue I have:
CREATE PROCEDURE [dbo].[usp_InitiatorQueueHandler]
AS
BEGIN
SET NOCOUNT ON
DECLARE @handle UNIQUEIDENTIFIER;
DECLARE @messageTypeName SYSNAME;
DECLARE @messageBody VARBINARY(MAX);
WHILE (1=1)
BEGIN
BEGIN TRAN;
;WAITFOR (RECEIVE TOP(1)
@handle = conversation_handle,
@messageTypeName = message_type_name,
@messageBody = message_body
FROM [InitiatorQueue]), TIMEOUT 5000;
IF (@@ROWCOUNT = 0)
BEGIN
COMMIT TRAN;
BREAK;
END
-- Call the base stored procedure to handle ending the conversation
EXEC dbo.usp_BrokerHandleInitiator @handle, @messageTypeName, @messageBody
COMMIT TRAN;
END
END
GO
ALTER QUEUE [InitiatorQueue]
WITH ACTIVATION (
STATUS=ON,
PROCEDURE_NAME=dbo.usp_InitiatorQueueHandler,
EXECUTE AS OWNER,
MAX_QUEUE_READERS=10
GO
CREATE PROCEDURE [dbo].[usp_BrokerHandleInitiator]
@handle UNIQUEIDENTIFIER,
@messageTypeName SYSNAME,
@messageBody VARBINARY(MAX)
AS
BEGIN
SET NOCOUNT ON
IF @handle IS NOT NULL
BEGIN
-- Delete the message from the [ServiceBrokerConversations] table
-- before sending the [EndOfStream] message. The order is
-- important to avoid deadlocks.
IF @messageTypeName = N'http://schemas.microsoft.com/SQL/ServiceBroker/DialogTimer'
OR @messageTypeName = N'http://schemas.microsoft.com/SQL/ServiceBroker/EndDialog'
BEGIN
DELETE FROM [ServiceBrokerConversations]
WHERE [Handle] = @handle;
END
IF @messageTypeName = N'http://schemas.microsoft.com/SQL/ServiceBroker/DialogTimer'
BEGIN
;SEND ON CONVERSATION @handle
MESSAGE TYPE [EndOfStream];
END
ELSE IF @messageTypeName = N'http://schemas.microsoft.com/SQL/ServiceBroker/EndDialog'
BEGIN
END CONVERSATION @handle;
END
ELSE IF @messageTypeName = N'http://schemas.microsoft.com/SQL/ServiceBroker/Error'
BEGIN
END CONVERSATION @handle;
-- We could send a notification or store the error in a table for further inspection
DECLARE @error INT;
DECLARE @description NVARCHAR(4000);
WITH XMLNAMESPACES (N'http://schemas.microsoft.com/SQL/ServiceBroker/Error' AS ssb)
SELECT
@error = CAST(@messageBody AS XML).value(
'(//ssb:Error/ssb:Code)[1]', 'INT'),
@description = CAST(@messageBody AS XML).value(
'(//ssb:Error/ssb:Description)[1]', 'NVARCHAR(4000)')
-- Maybe log to audit log instead?
RAISERROR(N'Received error Code:%i Description:"%s"',
16, 1, @error, @description) WITH LOG;
END;
END
END
The deadlock XML is:
<deadlock>
<victim-list>
<victimProcess id="process807dbd0c8" />
</victim-list>
<process-list>
<process id="process807dbd0c8" taskpriority="0" logused="0" waitresource="METADATA: database_id = 21 CONVERSATION_GROUP($hash = 0xff26c7e1:0x478840de:0xd403bb)" waittime="2600" ownerId="8333217736" transactionname="GetDialogByHandle" lasttranstarted="2015-03-23T10:53:58.683" XDES="0x87f251c90" lockMode="X" schedulerid="2" kpid="7220" status="suspended" spid="110" sbid="0" ecid="0" priority="0" trancount="2" lastbatchstarted="2015-03-23T10:53:58.683" lastbatchcompleted="2015-03-23T10:53:58.683" lastattention="1900-01-01T00:00:00.683" clientapp=".Net SqlClient Data Provider" hostname="COLFOQA2" hostpid="1436" loginname="dev" isolationlevel="read committed (2)" xactid="8333217704" currentdb="21" lockTimeout="4294967295" clientoption1="673185824" clientoption2="128056">
<executionStack>
<frame procname="MYDB.dbo.usp_SendMessage" line="116" stmtstart="7540" stmtend="7696" sqlhandle="0x03001500aada77428391a0005da4000001000000000000000000000000000000000000000000000000000000">
SEND ON CONVERSATION @handle
MESSAGE TYPE @messageType (@xmlPayload); </frame>
</executionStack>
<inputbuf>
Proc [Database Id = 21 Object Id = 1115151018] </inputbuf>
</process>
<process id="process869a5e558" taskpriority="0" logused="588" waitresource="KEY: 21:72057594039959552 (1f1ae6770d1b)" waittime="2600" ownerId="8333217730" transactionname="user_transaction" lasttranstarted="2015-03-23T10:53:58.683" XDES="0x3e28456a8" lockMode="U" schedulerid="4" kpid="6720" status="background" spid="22" sbid="0" ecid="0" priority="0" trancount="2">
<executionStack>
<frame procname="MYDB.dbo.usp_BrokerHandleInitiator" line="28" stmtstart="1996" stmtend="2144" sqlhandle="0x03001500f704cd06e691a0005da4000001000000000000000000000000000000000000000000000000000000">
DELETE FROM [ServiceBrokerConversations]
WHERE [Handle] = @handle; </frame>
<frame procname="MYDB.dbo.usp_InitiatorQueueHandler" line="29" stmtstart="1014" stmtend="1172" sqlhandle="0x03001500316f56101694a0005da4000001000000000000000000000000000000000000000000000000000000">
EXEC dbo.usp_BrokerHandleInitiator @handle, @messageTypeName, @messageBody </frame>
</executionStack>
<inputbuf>
</inputbuf>
</process>
</process-list>
<resource-list>
<metadatalock subresource="CONVERSATION_GROUP" classid="$hash = 0xff26c7e1:0x478840de:0xd403bb" dbid="21" id="lock54fdb1800" mode="X">
<owner-list>
<owner id="process869a5e558" mode="X" />
</owner-list>
<waiter-list>
<waiter id="process807dbd0c8" mode="X" requestType="wait" />
</waiter-list>
</metadatalock>
<keylock hobtid="72057594039959552" dbid="21" objectname="MYDB.dbo.ServiceBrokerConversations" indexname="PK__ServiceB__877FDFD18DF079BD" id="lock6c65b1a00" mode="U" associatedObjectId="72057594039959552">
<owner-list>
<owner id="process807dbd0c8" mode="U" />
</owner-list>
<waiter-list>
<waiter id="process869a5e558" mode="U" requestType="wait" />
</waiter-list>
</keylock>
</resource-list>
</deadlock>
I have a clustered index on the fields I am SELECTing by and a UNIQUE index on the Handle (for the DELETE). When running the SELECT/DELETE statements against the table the query plan reports index seeks are being used:
CREATE TABLE [dbo].[ServiceBrokerConversations] (
[Identifier] VARCHAR (50) NOT NULL,
[IdentifierType] VARCHAR (50) NOT NULL,
[FromService] [sysname] NOT NULL,
[ToService] [sysname] NOT NULL,
[OnContract] [sysname] NOT NULL,
[Handle] UNIQUEIDENTIFIER NOT NULL,
[CreateDate] DATETIME2 (7) NULL,
PRIMARY KEY CLUSTERED ([Identifier] ASC, [IdentifierType] ASC, [FromService] ASC, [ToService] ASC, [OnContract] ASC) ON [PRIMARY],
UNIQUE NONCLUSTERED ([Handle] ASC) ON [PRIMARY]
) ON [PRIMARY];
What appears to be happening is the DELETE is somehow deadlocking with the SEND but I am not sure how since I am using them in the same order in both the send procedure and the activated procedure. Also, RCSI is enabled on the database I am receiving the
deadlocks on.
EDIT:
I think I have found the culprit with lock acquisition order:
- In the usp_SendMessage proc:
The SELECT locks the conversation record
The SEND locks the conversation group
- In the timer activated proc on the initiator queue:
The RECEIVE locks the conversation group
The DELETE locks the conversation record
Given that I think there may be a few solutions:
There is some subtle difference between my code and the code from the article that I am not noticing that when fixed will resolve the deadlocking. I am hoping this is the case since it seems that others have used this pattern without issues as far as I
know.
Or...The deadlocking is inherent to the pattern the code is using and I can either:
Deal with the deadlocking by adjusting the deadlock priority on the activated stored procedure so that it becomes the victim, and I can implement retry logic.
Remove conversation timers and activation all together and resort to some sort of job that expires the conversation by polling it, where I can control the ordering.
My ultimate goal is to eliminate any deadlocking on usp_SendMessage so that it "never" fails.
I appreciate any feedback!
Thanks

I can understand why the deadlock happens. As you point out the activation procedure and the send SP acquire locks on the resources in reverse order.
Really why Remus does not consider this in his blog post, I don't know. But may I ask, since you have replaced @@spid as a key with two other columns, does this also mean that multiple processes can use the same conversation? I'm not so sure that
this is a good idea. I worked with an SB implementation which reuses conversations some months ago, and I recall that considered channing the pattern, but that I decided against it the end although I don't remember the exact details.
But so much is clear, if multiple processes can use the same handle, they will serialise on the SELECT with UPDLOCK. That will not happen if you change to REPEATABLEREAD, but I guess they will serialiase on the SEND instead.
The best way to address the problem appears to use SET LOCK_TIMEOUT 0 in the activation procedure and trap the the timeout error in a CATCH block, and let the message go back to the queue. This should be better than SET DEADLOCK_PRIORITY, since the there
will never be a deadlock that upholds the the sender.
Erland Sommarskog, SQL Server MVP, [email protected]

How to make windows 7 genuine if it is activated but is not genuine?

Hi friends
I have an problem with my windows 7.2 months ago I have installed and activated my windows 7
and it was genuine. But after a month it shows the message on startup like
This copy of windows is not genuine
But when I saw the prorerties of Computer it says that windows 7 is activated
but when I want to check for updates it shows the message as
You may be a victim of software counterfeiting
and I can't install updates .
Diagnostic Report (1.9.0027.0):
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-V6MGY-G834Y-Y8QH3
Windows Product Key Hash: rtNFKFPViUJdHAbLucXCF+SK1pA=
Windows Product ID: 00426-321-7001157-70908
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {38BB1AD8-47A0-475E-AE2A-F177287F8BDD}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{38BB1AD8-47A0-475E-AE2A-F177287F8BDD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-Y8QH3</PKey><PID>00426-321-7001157-70908</PID><PIDType>5</PIDType><SID>S-1-5-21-2632616291-3724185990-1548790092</SID><SYSTEM><Manufacturer>System
manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0205   </Version><SMBIOSVersion major="2" minor="4"/><Date>20070720000000.000000+000</Date></BIOS><HWID>83B83607018400EC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India
Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>WN09
</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
C:\Windows\system32\slmgr.vbs(1124, 5) (null): 0xC004F012
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004F015
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:19:2010 11:47
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAnJ9o7YTYWv+qdkjkmJME7eD5XvEwoew7
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC   A_M_I_  OEMAPIC
FACP   A_M_I_  OEMFACP
HPET   A_M_I_  OEMHPET
MCFG   A_M_I_  OEMMCFG
SLIC   DELL   WN09
OEMB   A_M_I_  AMI_OEM
Please send me some solutions for this problem:
How to make windows 7 genuine if it is activated but is not genuine?
Please send me solutions at
[email protected]
Thanks
Dakshak

Diagnostic Report (1.9.0027.0):
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: 0xc004c4a2
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {0CCF5533-C044-4067-9F28-CF5C833D5D28}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0CCF5533-C044-4067-9F28-CF5C833D5D28}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2399280593-193699623-3160228986</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite
L750-X5317</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>2.20</Version><SMBIOSVersion major="2" minor="7"/><Date>20110713000000.000000+000</Date></BIOS><HWID>CC523707018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India
Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product
GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65612</Pid><PidType>14</PidType></Product></Products><Applications><App
Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App
Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7601.0000-3602011
Installation ID: 009046933085046584525573073645695632936540052790536966
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Notification
Notification Reason: 0xC004F200 (non-genuine).
Remaining Windows rearm count: 4
Trusted time: 12/26/2011 8:25:15 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x80072EFD
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:25:2011 23:08
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: NAAAAAMAAQABAAEAAAACAAAAAwABAAEA6GHETXD3zVB3FrJ6NqRIx6CDnsqot4Z4Jjkucw==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value
OEMTableID Value
APIC TOSQCI
TOSQCI00
FACP TOSQCI
TOSQCI00
HPET TOSQCI
TOSQCI00
BOOT TOSQCI
TOSQCI00
MCFG TOSQCI
TOSQCI00
WDAT TOSQCI
TOSQCI00
ASF! TOSQCI
TOSQCI00
SLIC ACRSYS
ACRPRDCT
SSDT INSYDE
INSYDE
ASPT TOSQCI
TOSQCI00
SSDT INSYDE
INSYDE
SSDT INSYDE
INSYDE

CiscoSecure ACS 3.3 and MS Active Directory ?

We just got and installed CiscoSecure ACS 3.3 on a domain controller for our MS active directory domain.
ACS seems to work with AD in the sense that it uses the usernames and passwords contained in AD for users. However I noticed it does not seem to popluate ACS with the users, instead you have to go in to ACS and add each user with the username from AD, and then just tell it to use the windows database for password authentication.
Is this correct or am I missing something in my setup that is preventing users from being populated in ACS?
Also, can you not use AD groups for ACS permissions? For example one of the things we are doing is defining certain groups for access to routers, switches and firewall commands. I have been able to do this manually in ACS by defining a group and setting the permissions as well as the command authorization set. However it does not seem very practical to have to go in manually to ACS to add a user to an ACS group. I thought since ACS works with active directory it would also use AD groups. So we could assign a user to a group in AD and it would then utilize the defined ACS permissions for that group.

I think you are a victim of the AD Aware as opposed to AD Integrated. CiscoSecure is AD Aware, it can use the AD database for Password authentication (a very simple implementation of single sign-on). But the local database is used for everything else. From my point of view this is a good thing.
If the AD Admin, Network Admin and Security officer are all the same person, then I agree with you.
From your message you seem to be using ACS to secure your Cisco devices (routers/switches), I would not want people who manage AD to be able to give network device access to anyone they choose. Nore do I trust AD admins to understand network security. Normally the network people are very small subset of IT organization, so this should not be a big problem. Also, the real component that you are using to secure the devices is TACACS+ (hopefully) or RADIUS because the devices are not AD Aware themselves.
If you need for every user that is in AD to be a user in ACS, there is import/export support for both for inital setup, after that it is up to you to keep the databases synchronized. You can do this with routine import/exports, but I advise against it.
If you are using ACS to manage a Dial or IPSec environment, I agree this is a pain, but do you really want everyone to be able to dial-in or VPN into your network without coming to you for access? Don't you want to be able to disable/expire peoples access for devices and remote access without calling the AD admin?
For the kind of things you want, you need an AD Integrated product like Exchange or you can try some of the vendors at listed at http://www.microsoft.com/windows2000/partners/adall.asp
FYI - This is my understanding of the product, I'm sure there are a lot of people out there that know more then me, so feel free to correct me.

WLS6.0 sp1 and MS Active Directory

Hi,
Is it possible to configure WLS' LDAP security realm to use MS' Active
Directory to authenticate users? A quick yes or no would be appreciated -
I'll worry about the finer details of how later!!
Regards
Laura Allen

Custom realm of course with the weblogic....ldaprealmv2.LDAPRealm
implementation class.
We did not use Kerberos authentication - just the plain password
authentication in "cleartext". Our servers are inside a secure data center -
no encryption required. That's why we did not need jdk1.4.
"Marc Carrion" <[email protected]> wrote in message
news:[email protected]...
>
Are you telling that you configured the ldap realm of WL to use activedirectory?
or you used your custom realm?
To use the authentication with Kerberos you need to use GSS-API and it'snot
included in jdk1.3 neither in jaas, that's why I needed to use jdk1.4
Can you explain how did you do that?
Thanks,
Marc
"Roy Cornell" <[email protected]> wrote:
Hi Laura:
No, BEA did not confirm the compatibility. We did our own investigation
and
found that the two systems work well together. One of the highlights
of the
research was the fact that the configuration of the WLS custom realm
for
Active Directory was more similar to Netscape Directory or Open LDAP
than to
the MS Site Server.
I am attaching the sample settings for the LDAP realm:
server.host=<some-ip-or-name>
server.principal=CN=wlsadmin001,OU=WLSMEMBERS1,DC=company,DC=com
user.filter=(&(cn=%u)(objectclass=user))
user.dn=OU=WLSMEMBERS1,DC=company,DC=com
group.filter=(&(cn=%g)(objectclass=group))
group.dn=OU=WLSGROUPS1,DC=company,DC=com
membership.filter=(&(member=%M)(objectclass=group))
We used the AD for authenticating the users and for authorizing the EJB
methods. AD contained the users and their security roles and the
deployment
descriptiors of the EJB's contained the permissions for the security
roles.
We ran repeated tests and were more or less satisfied.
Regards
P.S.
we used WLS 6.1 Jdk 1.3
----- Original Message -----
Sent: Tuesday, September 18, 2001 5:40 AM
Subject: WLS6.0 and Active Directory
Forgive me contacting you directly, but did you recieve a reply fromBEA
as
to whether WLS supports interaction with Active Driectory? And wereyou
attempting to use Active Directory just for user authentication? Anyinfo
on how WLS and Active Directory interact would be appreciated!
Regards
Laura Allen
The information in this e-mail and any attached files is confidential.It
is intended solely for the use of the addressee. Any unauthorised
disclosure or use is prohibited. If you are not the intended
recipient
of
the message, please notify the sender immediately and do not disclosethe
contents to any other person, use it for any purpose, or store or copythe
information in any medium. The views of the author may not necessarily
reflect those of the Company.
"Laura Allen" <[email protected]> wrote in message
news:[email protected]...
Hi,
Is it possible to configure WLS' LDAP security realm to use MS' Active
Directory to authenticate users? A quick yes or no would be
appreciated
I'll worry about the finer details of how later!!
Regards
Laura Allen

Error in HTTP framework - 401 unauthorised while creating a service consume

Hi,
I am trying to create a service consumer in SE80 by specifying a WSDL URL of a webservice ( I created this webservice from an inbound service interface ).....but at the last step it asks for user id and pwd......after specifying the user / pwd it says Error in HTTP framework - 401 unauthorised
what may be the problem....the user has all tha required authorisation as I can use the same user to test in wsnavigator.

In my experience this problem was always found to be around authorizations necessary for execution of specific activity. I would strongly advise you to speak with your Security/Authorization consultant to help you.

Victim of unauthorised activity

Similar Messages

Maybe you are looking for