Windows Replication RPC Problems with IPSec GRE Tunnel

Similar Messages

• Problem with IPSec on  solaris 9

  Hi all
  I'm facing a problem with IPSec on solaris 9 that I didn't have with Solaris 8 (With the Security package installed).
  I've an application that creates SA's by using the pf-key interface.
  What it does is first doing a GETSPI to a specific SPI and a specific Destination IP Address.
  This will create an SA and put it in a LARVAL state. After about a minute my application will do an UPDATE to this SPI and that command should change the state of the SA from LARVAL to MATURE but instead I get an error saying that this SPI & IP address already exist (errno = 17).
  Well of course it's already exist that's the all point it should just change the state of an existing SA.
  This exact scenarion was is working fine on Solaris 8.
  Am I doing somthing wrong (maybe there is a package on the solaris 9 that I need to install ?)
  or is this a bug in solaris 9.
  If anyone has any idea on how to do that (without using a one step ADD for a new SA) I will be very thankfull.

  Sorry for using reply for querying.
  I got a problem in creating a Security Association using the PF_KEY Socket (first used SADB_GETSPI and got SPI,with SPI tried to update SADB_UPDATE).
  Getting this problem on Sun Solaris 8.
  It returns errno 122 . operation not supported.
  Here is my mailId [email protected]
  I got few more queries regarding PF_KEY socket.
  Not much directions are available also for pf_key socket in internet.
  Monitor produces the following error.
  # ipseckey monitor
  "Base message (version 2) type UPDATE, SA type AH.
  Error Operation not supported on transport endpoint from PF_KEY.
  Message length 16 bytes, seq=4294967294, pid=450."
  Here is my mailId [email protected]
  Thanks in Advance.
  ssundar.

• Windows 7 detects problem with iPod shuffle and after troubleshooting say it can't fix and disconnects it.  What's up?

  Windows 7 detects problem with iPod shuffle and after troubleshooting say it can't fix and disconnects it.  What's up?

  You might get some help over on the shuffle discussions.
  http://discussions.apple.com/forum.jspa?forumID=822

• Windows 8.1 Problem with games from windows store.

  I've got a problem with games from windows store. The installation is going well without any problems, however when I try to open it it's loading and then it turns off. The same problem happens when I try to use Games for Windows. I've use a sfc scan and
  it shows some errors but unfortunately it cannot fix them. Should I share the CBS log or find the solution somewhere else? I hope you help, best regards.

  Hi,
  According to my experience, the problem like store game app open failed probably caused by hardware driver. such as Audio and Graphic driver. So, first of all, please try to reinstall these two driver to fix this problem for test.
  In addition, for SFC scan failed problem, it can be caused by many reasons, I would suggest you use another command to fix your system for test.
  Dism /Online /Cleanup-Image /ScanHealth
  Also you can test SFC command in Windows 8.1 safe mode.
  Thirdly, if problem persists, please check Event Viewer, generally speaking, it would record the app open failed events.
  Roger Lu
  TechNet Community Support

• Does change to Windows XP involve problems with applicatio​n runnig with Labview 6.1?

  Thank you

  A little more information maybe helpful. Are you saying you have upgraded from a OS to Windows XP and it caused problems with your application, or are you asking if there will be any problems if you upgrade? What OS were you upgrading from? LabVIEW 6.1 is the first issue of LabVIEW that was supported under Windows XP, so there should not be any issues there. In my experience, doing upgrades from one Windows version to another is never a smooth transition. If you are using any hardware I would advise that you uninstall the drivers and remove the hardware before the upgrade. I might go as far as removing existing National Instruments (such as LabVIEW) before you upgrade and then reinstall the software and hardware after you have upgraded. This will be the be
  st way of ensureing you have as little problems as possible after you upgrade.

• Windows 10 for phones emulators on Windows 10 10041 - problem with network connection

  Hi,
  I can't connect to Internet on Windows 10 mobile emulators on Windows 10041. I have tried to resolve problem. First I noticed, there was problem with displaying properties main network connection. I had reinstalled network driver. After that I reinstalled
  Hyper-V on Windows and recreated virtual machines for mobile emulators. Nothing helps.
  On the same machine Windows Phone 8.1 emulator on Windows 8 has access to Internet.
  I don't know if there was issue which is discribed
  http://blogs.msdn.com/b/wsdevsol/archive/2013/10/01/why-can-t-the-windows-phone-emulator-go-online.aspx, becuse the same configuration I have on Windiows 8.1 and Windows 10 and on Windows 8.1 I have access and on Windows 10 I haven't.
  Martin

  I just disabled bluetooth connection in Network Connections panel and I have access to Internet in Windows 10 emulator!

• Iphone 3GS - windows 7 - syncing problems with windows live mail

  I brought a new iphone 3gs last week and tried to sync it with my new dell PC running windows 7 (with windows live mail).
  It wouldnt sync, so I read the forums and reset the sync history through itunes.
  This worked, and synced my iphone to the computer. It appears to have backed up all my contacts on the iphone to somewhere on the PC (cant find where) but it hasnt copied the contacts from windows live mail to the iphone
  Have I confused anyone??

  have you tried using imap instead?
  if you can access your email from the web page then sounds more like a problem with windows live mail and not your BT account
  If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
  If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

• Window 8 WiFi problem with Cisco wireless network

  Anyone encounter a Windows 8 WiFi authentication problem with Cisco wireless network?
  We are using WLC 5508, 7.2.111, and AP 3602i with WPA2.
  Sent from Cisco Technical Support iPad App

  This problem occurred with Soney, and Dell models.  Lenovo with Windows 8 factory installed is working fine.
  Won't make any difference as these laptop's wireless NIC cards are different.
  Can you try with OPEN authentication.  If the Sony and/or Dell laptop works, then you start cranking up the security and/or encryption settings until you break them.
  I'm with Scott here:  It's got to be a wireless NIC card driver.
  As what George has stated, post the debug of the failed attempts.

• Problems with ipsec and crls

  Hello all
  I�d really appreciate it if you could provide me your comments regarding a problem I have when using CRLs (Certificate Revocation Lists) in a Solaris-10 IPSec connection. I establish an IPSec tunnel between two servers, Solaris-10 and MS Windows 2003, and it works fine. However, when I try to implement CRLs in the Solaris conf, I get some errors in the logs and the connection doesn�t work.
  At the end of the message I show you IPSec configuration I�m using. This conf works ok if I don�t use CRL. I changed the �etc/inet/ike/config� file to the following:
  #ignore crls
  use_http
  I used OpenSSL to generate the CRL and both the servers and the CA digital certificates. I put the distribution point �http://192.168.1.1/test-crl.crl� inside the CA certificate which is in the Solaris 10 server. This HTTP server is an IIS in the other MS Windows I mentioned. I also have generated the certificates in several ways including PEM and DER trying to see what the Solaris is expecting.
  I would appreciate your opinion about:
  (a)     Do you think the problem could be an incompatibility with the certificates and/or the CRL file formats?
  (b)     What is the format that Solaris supports for the certificates and CRLs?
  I am also attaching the logs I got from Solaris. I guess it shows that the server can not obtain the CRL, but I�m not sure.
  Thank you so much and I look forward to hearing from you at your earliest convenience,
  ***** IPSec conf *****
  - ID Type: Fully Qualified Domain Name (FQDN)
  - Phase 1 mode: Main Mode
  - Authentication method: RSA Signatures
  - Encryption algorithm � Phase 1: Triple DES
  - Hash - Phase 1: SHA-1
  - SA lifetime - Phase 1: 28800
  - Diffie-Hellman group � Phase 1: Group 2
  - SA lifetime - Phase 2: 1800
  - IP Compression: NO
  - Protocol - Phase 2: ESP
  - Encryption Algorithm - Phase 2: Triple DES
  - Hash - Phase 2: SHA-1
  - Encapsulation: Transport Mode
  - Diffie-Hellman group � Phase 2(PFS): Group 2
  ***** Solaris Logs *****
  lun 26 sep 05 14:59:30: in.iked: In ssh_policy_find_private_key.
  lun 26 sep 05 14:59:30: in.iked: Start ssh_policy_request_certificates
  lun 26 sep 05 14:59:30: in.iked: Requesting certs for 1 CA's
  lun 26 sep 05 14:59:31: in.iked: spsi: ike_udp_callback_common -1
  lun 26 sep 05 14:59:34: in.iked: spsi: ike_udp_callback_common -1
  lun 26 sep 05 14:59:38: in.iked: spsi: ike_udp_callback_common -1
  lun 26 sep 05 14:59:41: in.iked: Could not retrieve certificate list, ca=0.
  lun 26 sep 05 14:59:41: in.iked: spsi: ike_send_packet -1
  lun 26 sep 05 14:59:41: in.iked: ssh_policy_negotiation_done_isakmp:
  natt_state -1
  lun 26 sep 05 14:59:41: in.iked: Phase 1 negotiation error: code 24
  (Authentication failed).
  *****

  Jason,
  Thank you for your question.  This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product.  Please post your question in the Cisco NetPro forums located here: http://forums.cisco.com/eforum/servlet/NetProf?page=main This forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.
  However, just looking at your configuration, I did see that your hashing algorithm on the YMCA side is using SHA and group 1 for isakmp policy 20 while on the Server side you are using 3des and group2 for policy 20.
  Good Luck,
  Bill

• Problems with ipsec on pix 501

  I have been running a 501 for a few years with several site to site vpns with no problems. At first there was 1 vpn and it has slowly grown to 4. They are all the same 501's with the latest software.
  The first few years were problem free but as more sits have been added the problems are getting worse.
  When i added the third site, i restored factory defaults to remove the remernace of old configerations. form that point onward i have had problems. The second site would not maintain a tunnel after 2 minutes. I have checked the configs, replaced the modem, replaced all cables, replaced the pix and still cannot solve the problem. At the moment i cannot get any of the vpns to connect.
  Using the monitor facility within the pdm, the ipsec tunnel does not connect and the ike tunnel connects for about 40 secs then drops, it keeps repeating the same cycle. I am using a pre shared key on the IKE, the pre shared key is definatly correct as i have copied and pasted it into both 501's with the same computer.
  During the  time of the first errors i was getting an error code of 402101 using the debug level log.
  I have employed a local cisco engineer to help me with the problem, he adivsed that the configeration be changed as i was putting the pix behind a netgear router and forwarding the correct ports, this config worked several years, i have now changed all sites so the pix is configuered to be directly to the internet. The engineer was happy all the configerations were correct and he could not solve the problem, after spending six hours on our sites, he only charged me for 1 hour and was never to be seen again. The problem is getting worse.
  I am able to connect the remote sites using a vpn client, all other functions of the firewall seem good. I have been throught the wizards many times on all units and am certain the configerations are correct.
  What am i doing wrong??, they used to work but know they don't.
  I have attached the two configerations but removed all the inportant info of ip's, usernames and passwords. again, the ip's were correct.
  Have i missed out a step after resoting factory defaults?
  I would greatly appreciate any help anybody has to offer.

  Jason,
  Thank you for your question.  This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product.  Please post your question in the Cisco NetPro forums located here: http://forums.cisco.com/eforum/servlet/NetProf?page=main This forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.
  However, just looking at your configuration, I did see that your hashing algorithm on the YMCA side is using SHA and group 1 for isakmp policy 20 while on the Server side you are using 3des and group2 for policy 20.
  Good Luck,
  Bill

• Ipsec gre tunnel explanation

  I have been doing some testing with mGRE tunnels and adding ipsec encryption to them so I can route my voip phones through the tunnels.  I have found something interesting and looking for an explanation as to why this is.
  I have 3 sites one of which is considered the hub and the other two sites considered a spoke.  I create the following configurations on all three routers:
  crypto isakmp policy 5
  encryption aes 128
  authentication pre-share
  group 2
  crypto isakmp key XXXX address 0.0.0.0 0.0.0.0
  crypto ipsec transform-set strong esp-aes esp-sha-hmac
  crypto ipsec profile medium
    set trasform-set medium
  then under the tunnel interface I apply the following command:
  tunnel protection ipsec profile medium
  With this config the first tunnel between the hub and spoke 1 comes up no problems, however the spoke 2 router will never establish a tunnel.
  What I have discovered is if I change this command on all three routers all of the tunnels come up and everything works but why?
  crypto isakmp key XXXX address 0.0.0.0 0.0.0.0 no-xauth
  Why does adding the no-xauth allow all of the tunnels to establish connectivity?
  What exactly does the no-xauth do and does adding it pose any security risk?
  Thanks for any input.

  Hi There,
  The "no x-auth" keyword is telling the router not try extended authentication for the VPN tunnels.
  Extended authentication (username and password) is used only when you are connecting VPN clients. If you have VPN clients and dynamic keys configured on the router you must add the "no x-auth" keyword at the end of those lines so that it doesnt try to authenticate the routers using a a user/pass combination.
  The keyword is there for that specific reason and you are not adding any security risk by adding it.
  HTH.
  Raga

• Windows 8 printing problem with 2575 printer

  My Photosmart 2575 printer worked ok with windows XP on my old Dell computer. On my new Lenovo Windows 8 computer using the usb printer connector there is a problem.
  When I try to print a word document it prints the first 6 to 8 lines of the document and then displays "printing"  and hangs, so I have to cancel the print. When I re-try the printing, it again prints 8 or so lines of the documentand, ejects the paper and says "out of paper". When I reload the paper it prints the document successfully.

  @dave_sk, Welcome to the forums!
  I read about the troubles you are now having when trying to print from your Photosmart 2575 to your Windows 8 system. I sure hope I can help you through this obstacle and have you printing again!
  I would first like to mention the error message you see when trying to print. Here is the troubleshooting guide to work through the "Out of Paper" error, please try all the steps:
  HP Deskjet, Photosmart, and PSC All-in-Ones - 'Out of Paper' Error Message and the Printer Does Not ...
  Hopefully you can print without the error message however, if you see it again, run the Print and Scan Doctor. This diagnostic tool will check for any conflicts that could be causing the issue. The tool will show you a report at the end. If there was a problem that the tool could not fix, you will notice it in the results.
  Please write back with the outcome and also the results from running the PSDr.
  Click the thumbs up button below to give me a kudos for trying to help!
  Good luck
  R a i n b o w 7000I work on behalf of HP
  Click the “Kudos Thumbs Up" at the bottom of this post to say
  “Thanks” for helping!
  Click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution!

• Mac mini 6630m graphic card have problem during running windows 8.1 problem with bootcamp

  Hi All,
       I need a help!
       I am follow the Apple officeal document install windows 8.1 operation sysmtem in my Mac mini with BootCamp , and I have install the bootcamp drivers.
       But I got a problem ,the Graphic Card and the Audio device is not work ,and show video controller error.
       I have install the bootcamp many times ,but it doesn't at all.
       Thanks all.
       mac mini infomation:
            mid 2011, graphic card AMD HD 6630m

  Thank you for your reply!!
  I have try to install the driver for the bootcamp ,but it dosn't work too.
  now ,I have install windows 7 OS by bootcamp.
  Thank you again!!
  Best  wish!! 

• Windows 8.1 problems with my enterprise user

  Hi all,
  I have two problems that I need help with. For background information, I am in an IT-support enterprise and I am a support person for a client.
  Since I am developing and maintaining an application for this client that is to be used inside the enterprise I work for, I need unrestricted network access and administrative privileges.
  I asked my level 2 IT people to install on my machine Windows 8.1 to have Visual Studio 2015 (really loving the preview).
  The problem:
  1) My account and my machine have unrestricted network and have no proxy enabled, meaning that I should be able to reach any site on the internet. Somewhy, though, my pc is unable to do the Windows Activation with a valid serial, telling me that the server
  is unreachable. Is there any other way to activate my pc?
  2) My account is in basically all the administrator roles that are on my enterprise for testing, amongst others: administrator on my particular machine and Domain Administrator. Even when the AD is configured with those roles and my pc was installed with
  a normal image, I have NO administrative access, I have the most basic privileges a user can have in this enterprise.
  I am somehow able to enter Computer Management and change ALL the roles I want for anyone, I can even reset passwords for local users, but my personal user does not want to give me, for example, the command prompt. Could you please explain why and/or help
  me with this?

  Hi,
  1) Could you please share more information about the avtivation with us? How did you activate your PC? which method? What is the detailed error message prompted?
  Here's an solution for KMS activation (it's for Windows 7, but the solution is similiar in Windows 8.1. time synchronize)
  When trying to activate you get 0xC004F074 with description "The Key Management Server (KMS) is unavailable"
  http://support.microsoft.com/kb/974998
  2) Regarding to the account, I suggest you check the account properties under "AD users and computers", check what group the account belongs to. or run whoami command with the /groups option to find more information about the user
  http://technet.microsoft.com/en-in/library/cc771299.aspx
  At the end of your post, you mentioned the command prompt, may I know what is the issue with command prompt? Please check if there're some GPO applied which restrict some user operations.
  Yolanda Zhu
  TechNet Community Support

• SAPGUI for Windows via Portal - problem with frame

  We are launching SAPGUI for Windows via Portal to drive single sign-on via AD.  Our problem is that when SAPGUI launches, it is contained within an IE browser frame that causes some of the SAPGUI screens to not fit on the screen well.  Those same screens fit just fine if we launch SAPGUI directly.
  Is there any way to launch SAPGUI from Portal, with SSO enabled, but without the IE frame around it?

  Lonny,
  The best way to authenticate users when they logon using SAP GUI for Windows, is to use SNC authentication in SAP GUi. Then, the browser iview will launch the GUI and the GUI will authenticate the user using their AD credentials issued during the Windows logon. You will need to setup an SNC library on both the ABAP system which the user is logged onto, and the workstation where SAP GUI is installed.
  If you don't use SNC, and you just launch SAP GUI for Windows from browser, then an SSO2 ticket is used to authenticate the user to the ABAP stack, and this is not secure due to the fact that the SAP GUI session which is used to pass the SSO2 ticket is not protected - anybody can intercept the SAP GUI session, take the SSO2 ticket from this traffic and logon as that user - clearly this is bad security and needs SNC to make it secure.
  Thanks,
  Tim