What is the policy on The Holiday Promise?
Devices'
Without any third party contract also known as the carrier or service agreement between you and the Best buy store would or wouldn't meet the requirements; Extended Return & Exchange Promise until January 15 2015
Hi MrGreg,
Here are the details of our extended Holiday Return & Exchange Promise.
Holiday Return & Exchange Promise
Buy your gifts and other items this holiday with the peace-of-mind of easy returns. Almost every purchase made throughout November and December can be returned through January 15, 2015.
Purchases made between Nov.1 – Dec. 31, 2014 have an extended return period through January 15, 2015, excluding items purchased with a third-party contract (ex. Mobile Phone carrier contracts, DirecTV, etc.) and Geek Squad Protection service plans. All other terms and conditions of our Return & Exchange Promise apply.
For full Return & Exchange Promise details, click here.
Is there a particular item/situation you're asking about?
Thanks for your question,
Elizabeth|Social Media Supervisor|Best Buy® Corporate
Private Message
Similar Messages
-
Change Policy of the main menu
I would like change the policy of the main menu Arial 15 or 17, to mistral or any hand writing to get in Armorny with th page edit
Any tipsIf you use a non Web Safe Font any computer that doesn't have that font will substitute another for it and it probably will not fit the format or look of the site. But you can change the font by selecting it, clicking on the Font button at the bottom and selecting what you want to use.
To make that new font look the same in any web browser on any computer add a drop shadow to it and set the opacity to 1 or zero percent. If you have iWeb's preferences set to indicate which text has been converted you'll see the following:
Click to view full size
That will, however, add size to the web page and cause it to load more slowly in browsers. Too many image files on a site is murder for Internet Explorer. Use this method sparingly.
OT -
How can I change the policy file?
I have designed an applet to read a file from the local Machine.
This applet thro a servlet reads the contents of the file specified.
I use Tomcat 4.1.12 server and this is an client-server application.
To read the file in the local machine, I set the permission as follows in the .java.policy file in the Local Machine.
grant codeBase "http://MyMachine:8080/Example" {
permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete, execute";
as the applet file is in the Example of the server "MyMachine".
Its working and my applet is able to read the file from the local machine it runs.
Now my problem is I cannot set/change the policy file in every machine where my applet runs.
Instead if there is a way to change the policy when the applet downloads,that'll be effective.
That is I donot want to go and change the policy file manually in each and every machine where my applet runs(I donot even know which are the machines going to run the applet).
Is there any means to acheieve my need?
Please explain me in detail or direct me to the relevent web sites or links.
Thank youHi Hosuke,
I had the same problem, thanks for the advise.
Still I have a remark to make.
The thing is that, in order for the applet to have the permission granted (for whatever), you need to have a policy file which you can include in the JAR file (like you explained before) AND also you need to add an entry in the java.security file (located for me: "C:\Program Files\Java\j2re1.4.1_01\lib\security\java.security") that tells the applet where to find all the .policy files.
Something like: policy.url.4=file:/c:/java.policy
But since we are talking about an applet we are not able to make changes to this file.
Maybe you or anyone else knows a workaround for this problem.
Thanks in advance,
Ronald Vromans. -
Oracle Security : what do you think about the following policy violation ?
If you install OEM10, you will be able to see if you violate some security guidelines :
Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...
Take care about the failed login attempts. If you set it to 10 to the default profile, and if your DBSNMP password is NOT the default password, then Oracle will lock your account after node discovery!
In Solaris, you can disable execution of the user stack with the system parameters set noexec_user_stack=1
set noexec_user_stack_log=1. I did not find how to do it on AIX. However, those settings may have side effects.
About the ports, it complains about open ports, even if this is the port oracle listener is using! Simply ignore most of the violations there.
About JAccelerator (NCOMP), it is located on the "companion" CD.
Ok, Waiting for your feedback
Regards
Laurent
[High] Critical Patch Advisories for Oracle Homes Configuration Host Checks Oracle Homes for missing critical patches
[High] Insufficient Number of Control Files Configuration Database Checks for use of a single control file
[High] Open ports Security Host Check for open ports
[High] Remote OS role Security Database Check for insecure authentication of remote users (remote OS role)
[High] EXECUTE UTL_FILE privileges to PUBLIC Security Database Test for PUBLIC having EXECUTE privilege on the UTIL_FILE package
[High] Listener direct administration Security Listener Ensure that listeners cannot be administered directly
[High] Remote OS authentication Security Database Check for insecure authentication of remote users (remote OS authentication)
[High] Listener password Security Listener Test for password-protected listeners
[High] HTTP Server Access Logging Security HTTP Server Check that HTTP Server access logging is enabled
[High] Web Cache Access Logging Security Web Cache Check that Web Cache access logging is enabled
[High] Web Cache Dummy wallet Security Web Cache Check that dummy wallet is not used for production SSL load.
[High] HTTP Server Dummy wallet Security HTTP Server Check that dummy wallet is not used for production SSL load.
[High] Web Cache owner and setuid bit' Security Web Cache Check that webcached binary is not owned by root and setuid is not set
[High] HTTP Server Owner and setuid bit Security HTTP Server Check the httpd binary is not owned by root and setuid bit is not set.
[High] HTTP Server Directory Indexing Security HTTP Server Check that Directory Indexing is disabled on this HTTP Server
[High] Insufficient Redo Log Size Storage Database Checks for redo log files less than 1 Mb
[Medium] Insufficient Number of Redo Logs Configuration Database Checks for use of less than three redo logs
[Medium] Invalid Objects Objects Database Checks for invalid objects
[Medium] Insecure services Security Host Check for insecure services
[Medium] DBSNMP privileges Security Database Check that DBSNMP account has sufficient privileges to conduct all security tests
[Medium] Remote password file Security Database Check for insecure authentication of remote users (remote password file)
[Medium] Default passwords Security Database Test for known accounts having default passwords
[Medium] Unlimited login attempts Security Database Check for limits on the number of failed logging attempts
[Medium] Web Cache Writable files Security Web Cache Check that there are no group or world writable files in the Document Root directory.
[Medium] HTTP Server Writable files Security HTTP Server Check that there are no group or world writable files in the Document Root directory
[Medium] Excessive PUBLIC EXECUTE privileges Security Database Check for PUBLIC having EXECUTE privileges on powerful packages
[Medium] SYSTEM privileges to PUBLIC Security Database Check for SYSTEM privileges granted to PUBLIC
[Medium] Well-known accounts Security Database Test for accessibility of well-known accounts
[Medium] Execute Stack Security Host Check for OS config parameter which enables execution of code on the user stack
[Medium] Use of Unlimited Autoextension Storage Database Checks for tablespaces with at least one datafile whose size is unlimited
[Informational] Force Logging Disabled Configuration Database When Data Guard Broker is being used, checks primary database for disabled force logging
[Informational] Not Using Spfile Configuration Database Checks for spfile not being used
[Informational] Use of Non-Standard Initialization Parameters Configuration Database Checks for use of non-standard initialization parameters
[Informational] Flash Recovery Area Location Not Set Configuration Database Checks for flash recovery area not set
[Informational] Installation of JAccelerator (NCOMP) Installation Database Checks for installation of JAccelerator (NCOMP) that improves Java Virtual Machine performance by running natively compiled (NCOMP) classes
[Informational] Listener logging status Security Listener Test for logging status of listener instances
[Informational] Non-uniform Default Extent Size Storage Database Checks for tablespaces with non-uniform default extent size
[Informational] Not Using Undo Space Management Storage Database Checks for undo space management not being used
[Informational] Users with Permanent Tablespace as Temporary Tablespace Storage Database Checks for users using a permanent tablespace as the temporary tablespace
[Informational] Rollback in SYSTEM Tablespace Storage Database Checks for rollback segments in SYSTEM tablespace
[Informational] Non-System Data Segments in System Tablespaces Storage Database Checks for data segments owned by non-system users located in tablespaces SYSTEM and SYSAUX
[Informational] Users with System Tablespace as Default Tablespace Storage Database Checks for non-system users using SYSTEM or SYSAUX as the default tablespace
[Informational] Dictionary Managed Tablespaces Storage Database Checks for dictionary managed tablespaces (other than SYSTEM and SYSAUX)
[Informational] Tablespaces Containing Rollback and Data Segments Storage Database Checks for tablespaces containing both rollback (other than SYSTEM) and data segments
[Informational] Segments with Extent Growth Policy Violation Storage Database Checks for segments in dictionary managed tablespaces (other than SYSTEM and SYSAUX) having irregular extent sizes and/or non-zero Percent Increase settingsInterresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...Okay, as this is (I think) aimed at me, I'll fall for it ;)
What is the point of revoking UTL_FILE from PUBLIC? Yes I know what you think the point is, but without rights on an Oracle DIRECTORY being able to execute UTL_FILE is useless. Unless of course you're still using the init.ora parameter
UTL_FILE_DIR=*which I sincerely hope you're not.
As for UTL_SMTP and UTL_TCP, I think whether a program is allowed to send e-mail to a given SMTP server is really in the remit of the e-mail adminstrator rather than the DBA.
Look, DBAs are kings of their realm and can set their own rules. The rest of us have to live with them. A couple of years ago I worked a project where I was not allowed access to the USER_DUMP_DEST directory. So every time I generated a TRC file I had to phone up the DBA and a couple of hours later I got an e-mail with an attachment. Secure yes, but not very productive when I was trying to debug a Row Level Security implementation.
I have worked on both sides of the DBA/Developer fence and I understand both sides of the argument. I think it is important for developers to document all the privileges necessary to make their app run. Maybe you don't have a better way of doing that than revoking privileges from PUBLIC. Or maybe you just want to generate additional communication with developers. That's fine. I know sometimes even DBAs get lonely.
Cheers, APC -
What is the policy of RepaintManager ?
Hi all,
Can anyone explain to me the policy of RepaintManager ? meaning how RepaintManager decide how to join repaints ?
thanks
zlzlzlI already read it, but did not understood what is DirtyRegion and when the implementation decide when to mark it.
-
What is the policy on taking back a faulty ipad3?
What is the policy on taking back a faulty ipad3? It's 7 month old but getting more things wrong with it :(
If it is found, by Apple to be defective, it will be replaced with the same model, same capacity, same colour.
-
What is Microsoft's official policy regarding the processing time for HCK2.1 Driver Submissions?
What is Microsoft's official policy regarding the processing time for HCK2.1 Driver Submissions?
Can someone point me to a document that states the official policy stating their maximum review time? This info used to be in the WLK1.6 FAQ but I don't see it for the HCK2.1 suite.
Thanks!
AlIan,
Thanks for your reply. Yes, I'm sure LabVIEW uses the (default) Windows timer. And yes, 1 mS is not guaranteed due to the preemptive nature of Windows (and even "RTOSs" to varying degrees), which is why I see about plus or minus 2 mS.
Apparently the Windows timer can be set by API calls. See: http://www.lucashale.com/timer-resolution/. Here's a screen shot of his TimerResolution.exe on a Windows 7 PC:
Here it is on my Windows XP PC after I set it to "Maximum" (initially it was 15.625 mS):
Notice that it sets the Maximum to less than 1 mS, which is supposed to be the max, so there are some bugs. Plus the Default button does not reset it in XP, but does work on Windows 7 or 8. (I know this is not the place to "debug" non-LabVIEW applications!)
I'll bet LabVIEW sets it, too. The only caveat, as I said, is it looks like another application can change it, since the hardware timer is a "global" timer. I have not seen this issue in my LabVIEW applications, have you?
I guess I need to do some more digging to see the code to set the timer, but it looks like the developers of LabVIEW have it figured it out.
(FYI, I did notice that running my LabVIEW app (which gives about 2 mS resolution) or a C# app, which gives 15.625 mS resolution, does not affect what TimerResolution.exe reports, so I'm not sure if it's really working correctly. If I figure it out I'll post the results.)
Ed -
I am implementing FIM R2 SP1 on win 2012 servers and migrating FIM 2010 RTM configurations to the new environment. Some of the custom Sets, MPRs etc did not import correctly into the new portal and when I try to manually add a set or
alter an MPR I recieve the following error
Error processing your request: The operation was rejected because of access control policies.
Reason: The operation failed as a result of insufficient access rights.
Attributes: ActionParameter,ActionType
Correlation Id: 11a13390-6a1f-4776-a796-fd0f05101120
Request Id:
Details: No policy grants the Requestor permission to complete all changes.
I have tried enabling "all attributes" in "Administration: Administrators control set resources" and "Administration: Administrators control management policy rule resources" and recieved the same errors. I am logged in
as the user who installed the portal and it is a member of the administartors set.
What am I missing? Any ideas welcome please.Hi Peter,
I found the import had not completely imported the configuration while trying to import the configuration (as I said above) and while trying to troubleshoot this issue I discovered this error.
I have tried importing the old database and this does not help.
I should mention that the configuration is coming from the production environment into a stand-alone development environment for testing.
I have, today, in an attempt to resolve this error, uninstalled the portal and service (which are installed on the same server) and reinstalled it creating a new database. This is to attempt to resolve any "overwritten" default sets or MPRs
as you have suggested.
I thought I would try out the FIM 2010 R2 Service and Portal configuration Backup Tool described here
http://technet.microsoft.com/en-us/library/jj134311(v=ws.10).aspx but note there is no instructions for their use in restoring the environment. I assume you just copy the
files to the appropriate place, run the reg keys and sql scripts that it creates and that does it all for you? I was hoping that this might be a successful alternative to the old Import-FIMconfig way of doing things. -
What impact do changes to the CUCM "Default Credential Policy" have?
Hi all,
We have been asked to make an update to the 'Default Credential Policy' on CUCM 6.1. The update is easy enough to carry out: User Management > Credential Policy > Default Credential Policy.
However, Cisco documentation isn't too clear as to what accounts this will impact. As best i can tell any changes made here will impact any 'new' Application or SuperUser (etc) accounts that are created *after* the policy is updated. Existing application accounts won't get impacted and would require a Bulk Upload to change them. Does that sound correct?
I'm also a little unsure if changes to this policy will impact the 'administrator' account that we created when we installed CUCM, or any of the normal 'phone' user accounts that our many IP phone users have (i presume not, but again Cisco documentation doesn't seem too hot on precisely what gets impacted by changes to this policy).
Screenshot below of the GUI screen i am referring to.
Thoughts appreciated.
Many thanks!Quick bump. We've read a few links that suggest User and Application User passwords etc would be impacted. However, they don't mention the main Administrator account, nor if we would need to use Bulk Upload to change existing User and Application User settings after chaning the Default Policy settings:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b08crpdf.html#wp1064073
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/6_1_1/ccmcfg/b08crpol.html#wp1030222
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/6_1_1/ccmcfg/b08crpdf.html#wp1055303
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080a57c4c.shtml
Ironically, a Google search for "CUCM Default Credential Policy" now lists this post as the fifth most significant one when trying those search terms doh!
Any thoughts appreciated.
Thanks -
What is apples policy on dead or stuck pixels on the iphone 5 ?
what is apples policy on dead or stuck pixels on the iphone 5 ?.
asif cain wrote:
thanks for your reply, i have 2 iphones with a dead or stuck pixel, is it a common problem ?.a friend of mine had his exchanged for 1 deea/stuck pixel
I don't know about steve---but I've owned 8 iPhones (5 for me and 3 for my wife) starting with the 3G and ending with my current iPhone 5 and none of them had a display problem of any kind.
Several of my family members also have iPhones--about 10 more, I'd guess, and none of them have a stuck pixel, either.
If I had received a display with a stuck pixel I would have definitely returned it immediately. -
My credit card was charged the $35 restocking fee but the manager in the store never returned the handset, I took my credit card statement showing the date and store information, when I contact acted Verizon Corporate office, I was told after 3 months it was an accessory I purchased, however the transaction was an electronic transaction done over the phone, so now instead of investigating the theft of the handset in their store Verizon is trying to bill me for an early termination on the phone? What a Shame, Corporate Greed!!
Every time I see a story such as this, I simply shake my head.
Why go thru Verizon? Contact your CC company. They are there to protect you. Once you report the transaction to them, the charge will be IMMEDIATELY removed from your card while the CC company investigates the incident. They have much more pull with Verizon than you EVER will. -
What is the policy for dead pixel or stuck pixel in apple store?
Hi, i'm the new mac user here. I never use the MAC. I just bought it 2 day ago at apple store. I'm so happy when i carry it back to my home. When I turn on my macbook, I think to get 1 DOT bad pixel on my screen......Oh..Is it my fault??? I just bought it and i didn't do anything....I would like to exchange and try to tell the reason that is not my fault..COZ "THIS ITEM IS DEFECT"...I asked the stuff overthere. If i would to return or exchange, I have to pay 10% off restock fee..coz i had already open box. How's come I have to pay it? How can i know is defect or not if i didn't open the box. I just bought it 2 day agos. Is it fair for me?? I'm so upset with apple a lot. I have to take it back and put in front of me and see that dot in the next 3 year.......or as long as this mac gone.
My question, How u can fix it out for this policy? Do u agree for this policy?
Macbook Mac OS X (10.4.9)I had to return my first MacBook for a worse defect. They wanted to hit me with the restocking fee. I called the manager of the Apple Store I went to over and spoke with him. I explained the same thing to him that you stated here...Why should I be penalized for something I couldn't have known about with opening the box. I told him that I want to exchange it for a new one and I would not agree to paying the fee for that. However, I will agree to pay the fee to return it and purchase it from another retailer with a better return/exchange policy. He exchanged it on the spot, no fee.
My point...plead your case and explain that you are not going to pay a restocking fee for an exchange. Be professional about it. I'm confident you can make it happen.
You may also want to call Apple first. They can sometimes override the store and direct them to exchange it for you.
MacBook Black - 2.16 GHz Intel Core 2 Duo Mac OS X (10.4.9) -
What happen to the Start menu that was promise?
I was so looking forward to the classic start bottom but found it was not present in the new Windows 10 Preview
How is it installed?
What is going on with the window store? I can never get a connectionHi,
For your first issue of missing Start menu, please check this settings:
Right click the taskbar and choose Properties.
Under Start Menu tab, please make sure that the option “Use the start menu installed of Start screen” is checked on:
For your second issue that Windows store fail to connect to internet, please follow these steps to see what’s going on:
Method 1: Use Microsoft’s Troubleshooter
To address this issue, Microsoft has come up with an instant troubleshooter that automatically detects problematic identities and fixes them on the spot. To download this tool,
visit the address and follow the wizard accordingly:
If running the troubleshooter did not help your case, try working through the following solutions.
Method 2: Disable Proxy Connection
Proxy server acts as an intermediate between your system and the outside world. This can often mess up the internet routes and block certain accesses. To disable this setting, execute this procedure:
Open Internet Explorer
Click the gears icon displayed at the top right and choose
Internet options
Navigate to Connections tab
Open LAN settings
Uncheck Use a proxy server for your LAN
Try accessing the Store again and see if the issue is mended. If it did not, try other alternatives quoted below.
Method 3: Swap Accounts
It is sometimes observed that switching back and forth between Local and Microsoft Accounts refreshes any recent account changes and cures the illness.
Click Windows icon, and choose PC settings.
Under Users and accounts, click Disconnect Microsoft account or Switch to a local account.
Then, reconnect the Microsoft account to check the issue
If this doesn’t help, continue with the journey.
Method 4: Reset Store Cache
Imitating your web browser, Microsoft Windows Store stores cache locally on your computer to help the apps load faster. Sometimes, this accumulation becomes a problem resulting in efficiency drop-downs and installation failures. To clear this data, reset
the cache through the following steps:
Click Windows Icon, type wsreset
Click wsreset show on the search resuts.
Wait for the cache to clear
Ensure the message The cache for the Store was cleared. You can now Browse he Store or app
Enter your Store again and see if the problem is eliminated. If not, there is still much more you can try.
Method 5: Disable Firewall Settings
Firewall manages data exchanged between your PC and the network. It is a highly important security tool, but sometimes, it even blocks legal activities hindering your network tasks. Try disabling this program and see if the issue disappears.
Hope these could be helpful.
Kate Li
TechNet Community Support -
Font Size
You are chatting with an Advisor now. This chat will be recorded. At the end of the session, you can print the transcript or request a copy via email.
Privacy Policy
Advisor [4:49 p.m.]:
Hi, my name is Jacob. It'll be just a moment while I review the comments you provided.
Advisor [4:49 p.m.]:
Hello Machelle, how may I assist you today?
Customer [4:51 p.m.]:
Can you please help me recover the new testament of the bible from media group. The have vanished.
Customer [4:52 p.m.]:
I need to recover the lost purchases I made from media group. I had all of the new testament.
Advisor [4:53 p.m.]:
Thank you for this information, I understand that you are missing some purchases. I do want to apologize for this inconvenience. I will be more then happy to look into this for you.
Advisor [4:53 p.m.]:
Would you be able to provide your Apple ID? This is the email used to sign into the iTunes store.
Customer [4:54 p.m.]:
[email protected]
Advisor [4:54 p.m.]:
Thank you, one moment please.
Advisor [4:56 p.m.]:
Were these individual purchases? If so could you provide the name for each individual purchase?
Customer [4:57 p.m.]:
yes it the new testament books of the bible
Customer [4:57 p.m.]:
genesis etc...
Advisor [4:58 p.m.]:
I apologize, but I am not exactly familiar with the New Testament. Would you be able to provide these names for me so I can locate them on my end?
Customer [4:59 p.m.]:
Genisis Mark Matthew Luke John
Customer [4:59 p.m.]:
Exodus Levitus Numbers
Advisor [5:00 p.m.]:
Just a quick question, were these all audiobooks?
Customer [5:00 p.m.]:
Duetoronomy
Customer [5:00 p.m.]:
Yes from media group
Advisor [5:00 p.m.]:
Okay, are you currently on a computer with iTunes installed?
Customer [5:01 p.m.]:
yes
Advisor [5:02 p.m.]:
Unfortunately, audiobooks and ringtones are the only items on the iTunes store unavailable for re-download through iTunes in the Cloud. What I can go ahead and do is try and re-add these audiobooks back to your download queue for re-download. Please note if they have been removed or modified on the iTunes store they may not be available for re-download. Would this be okay?
Customer [5:03 p.m.]:
yes thank you!
Advisor [5:03 p.m.]:
Excellent, one moment please.
Advisor [5:05 p.m.]:
I apologize but after reviewing your account, it looks like we have already issued 3 exceptions for you to re-download your audiobooks in the past. Back on 02/23/2013. I apologize but we will be unable to do another exception for you.
Customer [5:06 p.m.]:
that down load did include the new books of the bible that I had.
Customer [5:07 p.m.]:
that down load did not have the new testament books of the bible that I had
Advisor [5:07 p.m.]:
While reviewing the notes, this was issued to add all available audiobooks bought on your account. I again apologize but I will be unable to issue another exception to you. As the previous advisor did inform you to make sure to back up your files.
Customer [5:08 p.m.]:
the other advisor did not down load the new testament books. The advisor did not restore all of the books that I had originally brought.
Advisor [5:10 p.m.]:
While looking closer, the books that you are missing are no longer available to be re-downloaded. This is the reason why they were not added back to your download queue when he issued them. Unfortunately, as we do not handle the content on the iTunes store you will need to get in contact with the publisher of the content as they were the ones two remove or modify these books on the iTunes store. If you would like I can provide a link to their support site.
Customer [5:11 p.m.]:
yes they are I saw them.
Advisor [5:11 p.m.]:
They may have been modified by the content owner. This will be the reason why they were not added. As Apple does not control 3rd party content on the iTunes store. You will need to get in contact with them as we are unable to re-add this content back to your download queue.
Customer [5:12 p.m.]:
it is I just looked at it in the itunes store
Customer [5:13 p.m.]:
the material is still the same. The store does have it.
Advisor [5:13 p.m.]:
Machelle, if the items have been modified since you bought them, they will be unavailable for us to issue them back to you. You will need to get in contact with the providers for these books as they are the content owners and we do not have access to issue these back to you.
Customer [5:14 p.m.]:
the are still the same bible books that I purchased at the store.
Customer [5:14 p.m.]:
The audio books are the same. When I buy it again nothing will be different.
Advisor [5:14 p.m.]:
Machelle, I understand this. This is what our records are showing. When the previous advisor tried to re-issue them to you they were unable to as they have been modified on the iTunes store.
Advisor [5:15 p.m.]:
In order to receive further support for this issue you will need to get in contact with Media Group as they are the content providers for these audiobooks.
Customer [5:15 p.m.]:
I will buy them from another source. Don't say they have changed. The books are the same books I brought. They are at the store.
Advisor [5:16 p.m.]:
Machelle, Apple does not handle the content for 3rd party publishers on the iTuneMoonSwan wrote:I've never heard of a validating editor but I was recently wondering what exists that could help me. Aside from emacs, what should I search for to find one of these validating editors?
You can use whatever tool you prefer - for someone already using emacs, emacs is a natural choice. Simple, easy to use online tools exist e.g. http://schneegans.de/sv/
Just upload the file in question ('Validate by file upload' option) and click 'Validate':
The '=' character cannot be included in a name. (723:10)
<Terminal="Terminal">
^
Googling 'xml validation' should give you some more tools / services if this one is not good enough. -
One computer at COMPANY-A is attempting to communicate with two
computers located at COMPANY-B, via an IPsec tunnel between the
two companies.
All communications are via TCP protocol.
All devices present public IP addresses to one another, although they
may have RFC 1918 addresses on other interfaces, and NAT may be in use
on the COMPANY-B side. (NAT is not being used on the COMPANY-A side.)
The players:(Note: first three octets have been changed for security reasons)
COMPANY-A computer 1.2.3.161
COMPANY-A router 1.2.3.8 (also IPsec peer)
COMPANY-A has 1.2.3.0/24 with no subnetting.
COMPANY-B router 4.5.6.228 (also IPsec peer)
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
COMPANY-B has 4.5.6.0/23 subnetted in various ways.
COMPANY-B also has 9.10.11.0/24, but it is not involved in the issue.
What works:
The COMPANY-A computer 1.2.3.161 can communicate via the single IPsec
tunnel to COMPANY-B computer #1 4.5.7.94 without problems.
The "show crypto session detail" command shows Inbound/Outbound packets
flowing in the dec'ed and enc'ed positions.
What doesn't:
When the COMPANY-A computer 1.2.3.161 attempts to communicate
via the single IPsec tunnel with the COMPANY-B computer #2 4.5.7.29,
the COMPANY-A router eventually reports five of these messages:
Oct 9 15:24:54.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:24:57.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:03.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:15.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:39.329: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:26:27.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
and the "show crypto session detail" shows inbound packets being dropped.
The COMPANY-A computer that opens the TCP connection never gets past the
SYN_SENT phase of the TCP connection whan trying to communicate with the
COMPANY-B computer #2, and the repeated error messages are the retries of
the SYN packet.
On the COMPANY-A side, this IPsec configuration has been set up on a 3745,
a 3725, and some 76xx routers were tried, all with similar behavior,
with packets from one far-end computer passing fine, and packets from
another far-end computer in the same netblock passing through the same
IPsec tunnel failing with the "failed SA identity" error.
The COMPANY-A computer directs all packets headed to COMPANY-B via the
COMPANY-A router at 1.2.3.8 with this set of route settings:
netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
4.5.7.0 1.2.3.8 255.255.255.0 UG 0 0 0 eth3
1.2.3.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.1.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3
10.0.0.0 10.1.1.1 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth3
The first route line shown is selected for access to both COMPANY-B computers.
The COMPANY-A router (IPsec tunnel endpoint, 1.2.3.8) has this
configuration:
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 4.5.6.228
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set COMPANY-B01 esp-3des esp-sha-hmac
crypto map COMPANY-BMAP1 10 ipsec-isakmp
description COMPANY-B VPN
set peer 4.5.6.228
set transform-set COMPANY-B01
set pfs group2
match address 190
interface FastEthernet0/0
ip address 1.2.3.8 255.255.255.0
no ip redirects
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map COMPANY-BMAP1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.2.3.1
ip route 10.0.0.0 255.0.0.0 10.1.1.1
ip route 1.2.3.8.0 255.255.255.0 FastEthernet0/0
access-list 190 permit ip host 1.2.3.161 4.5.7.0 0.0.0.255
access-list 190 permit ip host 1.2.3.161 9.10.11.0 0.0.0.255
bridge 1 protocol ieee
One of the routers tried had this IOS/hardware configuration:
Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(25c),
RELEASE SOFTWARE (fc2)
isco 3725 (R7000) processor (revision 0.1) with 115712K/15360K bytes of memory.
Processor board ID XXXXXXXXXXXXXXX
R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
2 FastEthernet interfaces
4 ATM interfaces
DRAM configuration is 64 bits wide with parity disabled.
55K bytes of NVRAM.
31296K bytes of ATA System CompactFlash (Read/Write)
250368K bytes of ATA Slot0 CompactFlash (Read/Write)
Configuration register is 0x2102
#show crypto sess
Crypto session current status
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:06:26:27
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 651 drop 16 life (KB/Sec) 4496182/23178
Outbound: #pkts enc'ed 574 drop 2 life (KB/Sec) 4496279/23178
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
The COMPANY-B device on their end of the IPsec VPN is a Juniper SSG1000
Version 6.1 (ScreenOS)
We only have a limited view into the Juniper device configuration.
What we were allowed to see was:
COMPANY-B-ROUTER(M)-> sh config | incl COMPANY-A
set address "Untrust" "oss-COMPANY-A-1.2.3.161" 1.2.3.161 255.255.255.255
set ike gateway "COMPANY-A-1-GW" address 1.2.3.8 Main outgoing-interface "ethernet2/1" preshare xxxxxxxxxxxxxxxxxxxxxx proposal "pre-g2-3des-sha"
set vpn "COMPANY-A-1-IKE" gateway "COMPANY-A-1-GW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha-28800"
set policy id 2539 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "9.10.11.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2500
set policy id 2500 from "Trust" to "Untrust" "9.10.11.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2539
set policy id 2541 from "Trust" to "Untrust" "4.5.7.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2540
set policy id 2540 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "4.5.7.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2541
COMPANY-B-ROUTER(M)->
I suspect that this curious issue is due to a configuration setting on the
Juniper device, but neither party has seen this error before. COMPANY-B
operates thousands of IPsec VPNs and they report that this is a new error
for them too. The behavior that allows traffic from one IP address to
work and traffic from another to end up getting this error is also unique.
As only the Cisco side emits any error message at all, this is the only
clue we have as to what is going on, even if this isn't actually an IOS
problem.
What we are looking for is a description of exactly what the Cisco
IOS error message:
IPSEC(epa_des_crypt): decrypted packet failed SA identity check
is complaining about, and if there are any known causes of the behavior
described that occur when running IPsec between Cisco IOS and a Juniper
SSG device. Google reports many other incidents of the same error
message (but not the "I like that IP address but hate this one" behavior),
and not just with a Juniper device on the COMPANY-B end, but for those cases,
not one was found where the solution was described.
It is hoped that with a better explanation of the error message
and any known issues with Juniper configuration settings causing
this error, we can have COMPANY-B make adjustments to their device.
Or, if there is a setting change needed on the COMPANY-A router,
that can also be implemented.
Thanks in advance for your time in reading this, and any ideas.Hello Harish,
It is believed that:
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
both have at least two network interfaces, one with a public IP address
(which we are supposedly conversing with) and one with a RFC 1918 type
address. COMPANY-B is reluctant to disclose details of their network or
servers setup, so this is not 100% certain.
Because of that uncertainty, it occurred to me that perhaps COMPANY-B
computer #2 might be incorrectly routing via the RFC 1918 interface.
In theory, such packets should have been blocked by the access-list on both
COMPANY-A router, and should not have even made it into the IPsec VPN
if the Juniper access settings work as it appears they should. So I turned up
debugging on COMPANY-A router so that I could see the encrypted and
decrypted packet hex dumps.
I then hand-disassembled the decoded ACK packet IP header received just
prior to the "decrypted packet failed SA check" error being emitted and
found the expected source and destination IP addresses (4.5.7.29 and 1.2.3.161),
in the unecapsulated packet. I also found the expected port numbers of the TCP
conversation that was trying to be established in the TCP header. So, it
looks like COMPANY-B computer #2 is emitting the packets out the right
interface.
The IP packet header of the encrypted packet showed the IP addresses of the
two routers at each terminus of the IPsec VPN, but since I don't know what triggers
the "SA check" error message or what it is complaining about, I don't know what
other clues to look for in the packet dumps.
As to your second question, "can you check whether both encapsulation and
decapsulation happening in 'show crypto ipsec sa'", the enc'ed/dec'ed
counters were both going up by the correct quantities. When communicating
with the uncooperative COMPANY-B computer #2, you would also see the
received Drop increment for each packet decrypted. When communicating
with the working COMPANY-B computer #1, the Drop counters would not
increment, and the enc'ed/dec'ed would both increment.
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:54
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 5 life (KB/Sec) 4458308/28784
Outbound: #pkts enc'ed 401 drop 3 life (KB/Sec) 4458308/28784
Attempt a TCP communication to COMPANY-B computer #2...
show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:23
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 6 life (KB/Sec) 4458307/28753
Outbound: #pkts enc'ed 402 drop 3 life (KB/Sec) 4458307/28753
Note Inbound "drop" changed from 5 to 6. (I didn't let it sit for all
the retries.)
#show crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: COMPANY-BMAP1, local addr 1.2.3.8
protected vrf: (none)
local ident (addr/mask/prot/port): (1.2.3.161/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (4.5.7.0/255.255.255.0/0/0)
current_peer 4.5.6.228 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 402, #pkts encrypt: 402, #pkts digest: 402
#pkts decaps: 376, #pkts decrypt: 376, #pkts verify: 376
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 3, #recv errors 6
local crypto endpt.: 1.2.3.8, remote crypto endpt.: 4.5.6.228
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0xDF2CC59C(3744253340)
inbound esp sas:
spi: 0xD9D2EBBB(3654478779)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xDF2CC59C(3744253340)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: SW:3, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
The "send" errors appear to be related to the tunnel reverting to a
DOWN state after periods of inactivity, and you appear to get one
each time the tunnel has to be re-negotiated and returned to
an ACTIVE state. There is no relationship between Send errors
incrementing and working/non-working TCP conversations to the
two COMPANY-B servers.
Thanks for pondering this very odd behavior.
Maybe you are looking for
-
Why can I no longer add photos my iPhoto book? Is there a limit to the number of photos? Must I delete unused photos?
-
How to find out the common things between two rpds?
How to find out the common things between two rpds? And place the common things in a common RPD.
-
Hello, I have web application created using htp packages. from check logins link i will show how many login per application. on the same page i want to create a graph to those logins. few questions here I have are: First of all how can I achieve this
-
Acrobat 8 Standard - Data1.cab Corrupt
I've been trying to get Acrobat 8 Standard installed on my Vista desktop. At first, I was having problem with the PDF writer print driver, but in trying to resolve that, I have developed another problem. I uninstalled Acrobat, and was trying to re-
-
Preview in Finder doesn't work. Doesn't preview movies or audio.
When i used to preview files in finder such as movies or audio they would play in a preview window. now, instead, all that comes up is a picture of the application the file is opened in, i.e. quick time or itunes. help?