Windows Server 2008 R2 as a resources
Hello All,
Has anyone successfully used Server 2008 R2 as an IdM managed resource?
Thanks for all replies.
Hi There !!!
I want to use Windows server 2008 R2 as a router for a lab setup. I have a DC, Exchange and some other machines. I want to use member server to use as a router. I have installed the routing and remote access role. I have also enabled it.
I am able to ping internal ips and external ips from the router ( Windows sErver 2008 r2 machine). The problem is that i am not able to ping other subnet from internal PCs ( ANY Of them).
Regards,
Mohammed.
But how did you configure it? You should be able to see other subnets if you configured it as a NAT router (but they will not be able to see your new subnet). If you configured it as a LAN router, you will only be able to contact other subnets if
you have set up the necessary routing so that they know how to reach your new subnet.
(Hint - what is the default gateway of the other subnets?)
Bill
Similar Messages
-
The cluster resource could not be found-SAP ECC on Windows Server 2008 MSCS
Hi,
I'm installing SAP ECC 6.0 on Windows server 2008 MSCS Cluster. As mentioned in the guide, i've created a service and added a resource.
I was able to successfully configure the DB installation and cluster configuration. But when I start the ASCS installation, the installation fails when it tries to create system folders with the following error.
Error when sharing file system export (share) saploc : The cluster resource could not be found
I'm using a user with domain admin access and also a member of the local administrators group. I've even tried to install using the domain administrator user but still the problem exists.
Can anyone please let me know where am I going wrong ?
NB: The host on which I'm installing is not a domain controller but it is a member of a domain.
Regards,
Varadharajan MYes Krishna,
I've not created any shared folders manually and I've used the "Use domain of current user" option.
Actually SAPINST has created the usr and sap folder in the SAP drive (say E: drive) which is a clustered disk. The name of that clustered sidk is "Clustered Disk 1". I could able to open up the shared directories available in that SAP virtual host by issuing
<SAPGRP>. I don't know where am I going wrong:( I've also opened a call with a SAP and waiting for their reply.
Regards,
Varadharajan M -
Hello !
I have a server with Windows Server 2008 R2 (AD, File Server, DNS Server and DHCP Server) that not access network share other Domain Controller.
Well, is very crazy.
I view network shares by network computers and devices,
but not \\domain_controller or \\IP_domain_controller.
I execute ping for succeed for all servers.
Follow error bellow:irectory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine SRVMTZDC01, is a Directory Server.
Home Server = SRVMTZDC01
* Connecting to directory service on server SRVMTZDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=shcorp,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=SAO,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=CWB,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=POA,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=RIO,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=VIX,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=SSA,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=FOR,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=BHZ,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=BSB,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=RCF,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=BEL,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=shcorp,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC05,CN=Servers,CN=SAO,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC06,CN=Servers,CN=CWB,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC13,CN=Servers,CN=POA,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC07,CN=Servers,CN=RIO,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC08,CN=Servers,CN=VIX,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC09,CN=Servers,CN=SSA,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC12,CN=Servers,CN=FOR,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC04,CN=Servers,CN=BHZ,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVDC10,CN=Servers,CN=BSB,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVMTZDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SRVRCFDC11,CN=Servers,CN=RCF,CN=Sites,CN=Configuration,DC=shcorp,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 12 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SRVMTZDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SRVMTZDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SRVMTZDC01
Starting test: Advertising
The DC SRVMTZDC01 is advertising itself as a DC and having a DS.
The DC SRVMTZDC01 is advertising as an LDAP server
The DC SRVMTZDC01 is advertising as having a writeable directory
The DC SRVMTZDC01 is advertising as a Key Distribution Center
Warning: SRVMTZDC01 is not advertising as a time server.
The DS SRVMTZDC01 is advertising as a GC.
......................... SRVMTZDC01 failed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... SRVMTZDC01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... SRVMTZDC01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SRVMTZDC01 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SRVMTZDC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Role Domain Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Role PDC Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Role Rid Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRVDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
......................... SRVMTZDC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SRVMTZDC01 on DC SRVMTZDC01.
* SPN found :LDAP/SRVMTZDC01.shcorp.local/shcorp.local
* SPN found :LDAP/SRVMTZDC01.shcorp.local
* SPN found :LDAP/SRVMTZDC01
* SPN found :LDAP/SRVMTZDC01.shcorp.local/SHCORP
* SPN found :LDAP/9956d321-332f-482c-855c-8bceee885bb6._msdcs.shcorp.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9956d321-332f-482c-855c-8bceee885bb6/shcorp.local
* SPN found :HOST/SRVMTZDC01.shcorp.local/shcorp.local
* SPN found :HOST/SRVMTZDC01.shcorp.local
* SPN found :HOST/SRVMTZDC01
* SPN found :HOST/SRVMTZDC01.shcorp.local/SHCORP
* SPN found :GC/SRVMTZDC01.shcorp.local/shcorp.local
......................... SRVMTZDC01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SRVMTZDC01.
* Security Permissions Check for
DC=ForestDnsZones,DC=shcorp,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=shcorp,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=shcorp,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=shcorp,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=shcorp,DC=local
(Domain,Version 3)
......................... SRVMTZDC01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SRVMTZDC01\netlogon
Verified share \\SRVMTZDC01\sysvol
......................... SRVMTZDC01 passed test NetLogons
Starting test: ObjectsReplicated
SRVMTZDC01 is in domain DC=shcorp,DC=local
Checking for CN=SRVMTZDC01,OU=Domain Controllers,DC=shcorp,DC=local in domain DC=shcorp,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SRVMTZDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local in domain CN=Configuration,DC=shcorp,DC=local on 1 servers
Object is up-to-date on all servers.
......................... SRVMTZDC01 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=shcorp,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... SRVMTZDC01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14100 to 1073741823
* SRVDC01.shcorp.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 11600 to 12099
* rIDPreviousAllocationPool is 11600 to 12099
* rIDNextRID: 11737
......................... SRVMTZDC01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SRVMTZDC01 passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0x00000422
Time Generated: 05/02/2014 12:55:01
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\shcorp.local\SysVol\shcorp.local\Policies\{1A69D491-B88A-4F66-B294-4ABEC8C62886}\gpt.ini from a domain controller and was not successful. Group
Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An error event occurred. EventID: 0x00000422
Time Generated: 05/02/2014 13:11:54
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\shcorp.local\SysVol\shcorp.local\Policies\{1A69D491-B88A-4F66-B294-4ABEC8C62886}\gpt.ini from a domain controller and was not successful. Group
Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
A warning event occurred. EventID: 0x80001083
Time Generated: 05/02/2014 13:18:00
Event String:
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed
at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections
from a given local endpoint to a given remote endpoint.
An error event occurred. EventID: 0xC0002719
Time Generated: 05/02/2014 13:20:41
Event String:
DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 05/02/2014 13:21:03
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols.
......................... SRVMTZDC01 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SRVMTZDC01,OU=Domain Controllers,DC=shcorp,DC=local and backlink on
CN=SRVMTZDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=SRVMTZDC01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=shcorp,DC=local
and backlink on
CN=NTDS Settings,CN=SRVMTZDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=shcorp,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=SRVMTZDC01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=shcorp,DC=local
and backlink on CN=SRVMTZDC01,OU=Domain Controllers,DC=shcorp,DC=local
are correct.
......................... SRVMTZDC01 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : shcorp
Starting test: CheckSDRefDom
......................... shcorp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... shcorp passed test CrossRefValidation
Running enterprise tests on : shcorp.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\SRVMTZDC01.shcorp.local
Locator Flags: 0xe00031bc
PDC Name: \\SRVDC01.shcorp.local
Locator Flags: 0xe00033fd
Time Server Name: \\SRVDC01.shcorp.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SRVDC01.shcorp.local
Locator Flags: 0xe00033fd
KDC Name: \\SRVMTZDC01.shcorp.local
Locator Flags: 0xe00031bc
......................... shcorp.local passed test LocatorCheck
Starting test: Intersite
Skipping site SAO, this site is outside the scope provided by the
command line arguments provided.
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
Skipping site CWB, this site is outside the scope provided by the
command line arguments provided.
Skipping site POA, this site is outside the scope provided by the
command line arguments provided.
Skipping site RIO, this site is outside the scope provided by the
command line arguments provided.
Skipping site VIX, this site is outside the scope provided by the
command line arguments provided.
Skipping site SSA, this site is outside the scope provided by the
command line arguments provided.
Skipping site FOR, this site is outside the scope provided by the
command line arguments provided.
Skipping site BHZ, this site is outside the scope provided by the
command line arguments provided.
Skipping site BSB, this site is outside the scope provided by the
command line arguments provided.
Skipping site RCF, this site is outside the scope provided by the
command line arguments provided.
Skipping site BEL, this site is outside the scope provided by the
command line arguments provided.
......................... shcorp.local passed test Intersite -
Problems LMS-4.2 Installation on Windows Server 2008 R2 Enterprise SP1
Hi all,
During the installation of the LMS-4.2,
It passed the "Initializing" and "Copying" stages,
but, in the "Configuring", it never finishes,
Anyone had have a similar problem?
the installer is for - LMS-4.2 and the OS is Windows Server 2008 R2 Enterprise SP1Thanks for the update. Glad to know it has installed now.
There can be some port clashes and resource scarcity when other applications may be using it. Hence we recommend to have majorly LMS as the primary software on the server's.
Also, LMS is not supported in other languages installers or setups except English and Japanese.
There are a couple more things you can do/check prior to running the installation.
LMS generally need Naming convention to handle long names/path etc. By default C: has 8.3 Naming convention enabled. However if you installed on different drive (for eg E:), for which this may be disabled.
To check naming convention you can run the following command from Windows Command prompt:
cmd>fsutil.exe 8dot3name query <Drive>
Example:
C:\Users\winlau>fsutil 8dot3name query C:
The volume state for Disable8dot3 is 0 (8dot3 name creation is enabled).
The registry state of NtfsDisable8dot3NameCreation is 2, the default (Volume level setting).
Based on the above two settings, 8dot3 name creation is enabled on C:.
8dot3 needs to be enabled for all drives LMS will potentially use, including:
Drive where TEMP/TMP is located
The drive LMS is installed to
The drive LMS backs up to
Drive used for a relocated RME Shadow directory or other nonstandard paths written to.
In some cases, altering the TEMP and TMP variables to be a short path (eg C:/temp or C:/tmp) may avoid the issue, but not always.
Hence, to be safe, it is best to enable 8dot3name creation globally, either via the registry or Windows CLI
Sample command to enable globally:
"fsutil 8dot3name set 0"
Sample command to enable on one volume:
"fsutil 8dot3name set X: 0"
Note that this needs a reboot to take effect. You should not disable 8dot3name creation which already has it enabled, especially the system volume (usually C:).
For further information http://technet.microsoft.com/en-us/library/cc778996%28v=ws.10%29.aspx
-Thanks
Vinod
**Encourage Contributors. RATE them** -
Windows update KB2964444 broke Event Logging Service and SQL Agent Service on Windows Server 2008 R2
I got the following problem:
I discovered that on my Windows Server 2008R2 machine the event logging stopped working on 04/May/2014 at 03:15.
Also, SQL Agent Service won't run
The only change that day was security
update KB2964444 - Security
Update for Internet Explorer 11 for Windows Server 2008 R2for x64-based Systems, that was installed exactly 04/May/2014 at 03:00. Apparently, that's what broke my machine...
When I try to start Windows Event Log via net
start eventlog or via Services
panel, I get an error:
C:\Users\Administrator>net start eventlog
The Windows Event Log service is starting.
The Windows Event Log service could not be started.
A system error has occurred.
System error 2 has occurred.
The system cannot find the file specified.
I tried:
restarted the OS (virtual on the host's VMWare).
re-checked the settings in services menu -they are like in the link.
checked the identity in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog -
the identity is NT
AUTHORITY\LocalService
gave all Authenticated Users full access to C:\Windows\System32\winevt\Logs
ran fc /scannow - Windows Resource Protection did not find any integrity violations.
went to the file %windir%\logs\cbs\cbs.log -
all clean, [SR] Repairing 0 components
EDIT: Uninstalled the recent system updates and rebooted - didn't help
EDIT: Sysinternals Process Monitor results when running start service from services panel (procmon in elevated mode):
filters:
process name is svchost.exe : include
operation contains TCP : exclude
the events captured are:
21:50:33.8105780 svchost.exe 772 Thread Create SUCCESS Thread ID: 6088
21:50:33.8108848 svchost.exe 772 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read
21:50:33.8109134 svchost.exe 772 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
21:50:33.8109302 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\Services REPARSE Desired Access: Read
21:50:33.8109497 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\Services SUCCESS Desired Access: Read
21:50:33.8110051 svchost.exe 772 RegCloseKey HKLM SUCCESS
21:50:33.8110423 svchost.exe 772 RegQueryKey HKLM\System\CurrentControlSet\services SUCCESS Query: HandleTags, HandleTags: 0x0
21:50:33.8110705 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\services\eventlog SUCCESS Desired Access: Read
21:50:33.8110923 svchost.exe 772 RegQueryKey HKLM\System\CurrentControlSet\services\eventlog SUCCESS Query: HandleTags, HandleTags: 0x0
21:50:33.8111257 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\services\eventlog\Parameters SUCCESS Desired Access: Read
21:50:33.8111547 svchost.exe 772 RegCloseKey HKLM\System\CurrentControlSet\services SUCCESS
21:50:33.8111752 svchost.exe 772 RegCloseKey HKLM\System\CurrentControlSet\services\eventlog SUCCESS
21:50:33.8111901 svchost.exe 772 RegQueryValue HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll SUCCESS Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\wevtsvc.dll
21:50:33.8112148 svchost.exe 772 RegCloseKey HKLM\System\CurrentControlSet\services\eventlog\Parameters SUCCESS
21:50:33.8116552 svchost.exe 772 Thread Exit SUCCESS Thread ID: 6088, User Time: 0.0000000, Kernel Time: 0.0000000
NOTE: previoulsy, for
21:46:31.6130476 svchost.exe 772 RegQueryValue HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll SUCCESS Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\wevtsvc.dll
I also got NAME
NOT FOUND error ,so I created the new string value for the Parameters with
the name ServiceDll and
data %SystemRoot%\System32\wevtsvc.dll (copied
from the upper HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog key)
and this event now is
21:46:31.6130476 svchost.exe 772 RegQueryValue HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll SUCCESS Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\wevtsvc.dll
I also checked for the presence of wevtsvc.dll in
the place and it's there.
Also, I tried to capture all events with path containing 'event' and
got following events firing every several seconds:
21:38:38.9185226 services.exe 492 RegQueryValue HKLM\System\CurrentControlSet\services\EventSystem\Tag NAME NOT FOUND Length: 16
21:38:38.9185513 services.exe 492 RegQueryValue HKLM\System\CurrentControlSet\services\EventSystem\DependOnGroup NAME NOT FOUND Length: 268
21:38:38.9185938 services.exe 492 RegQueryValue HKLM\System\CurrentControlSet\services\EventSystem\Group NAME NOT FOUND Length: 268
Also, I tried to capture all the events containing 'file',
excluding w3wp.exe,
chrome.exe, wmiprvse.exe, wmtoolsd.exe, System and it shows NO attempts to access any file ih the time I try to start
the event logger (if run from cmd - there are several hits by net executable,
not present if run from the panel).
What can be done?Hi,
I don’t found the similar issue, if you have the IE 11 please try to update system automatic or install the MS14-029 update.
The related KB:
MS14-029: Security update for Internet Explorer 11 for systems that do not have update 2919355 (for Windows 8.1 or Windows Server 2012 R2) or update 2929437 (for Windows 7
SP1 or Windows Server 2008 R2 SP1) installed: May 13, 2014
http://support.microsoft.com/kb/2961851/en-us
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Windows Server 2008 R2 SP1 BSOD 0x1a with CLFS.sys
Hello,
I've got a BSOD on a Windows Server 2008 R2 with SP1 installed. Analyzed the dump and could
see a Bug-check of 0x1a which means "MEMORY_MANAGEMENT".
Further analysis on this dump shows me, that this probably is caused by the CLFS.sys, which
is the Common Log File System Driver. This CLFS.sys is installed with date:
Tue Jul 14 01:19:57 2009
I have now searched trough MS Support pages and resources and also the Internet, but I found no
information about an update for this or a newer version. It's nearby impossible to find newer versions
for specific files in i.e. Hot-fixes.
Do you know this issue with the 0x1a BSOD and CLFS.sys and/or do you know a newer version ?
Any help would be very appreciated!
Thanks and regards plus have a nice day !
TinoHi Tino,
Regarding to Bug Check 0x1A, please refer to following article.
Bug Check 0x1A: MEMORY_MANAGEMENT
Did you install any third-party application in this problematic server? Would you please let me know whether
the BSOD issue occurred regularly? Or just occurred suddenly? If the BSOD issue occurred regularly, please
perform a clean boot and check if this BSOD issue still exists.
In addition, please check if necessary updates need to be installed and drivers need to be updated. Please
run sfc /scannow command to scan all protected system files and check if find errors.
As you know, troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Actually, it is not effective
for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
àThis CLFS.sys is installed with date: Tue Jul 14 01:19:57 2009
àor do you know a newer version?
By the way, I checked the CLFS.sys in a Windows Server 2008 R2 in my Lab environment. It also created in July
2009.
Hope this helps.
Best regards,
Justin Gu -
Windows Server 2008 R2 SP1 - BSOD Stop Error 0x00000050 RDPWD.SYS
Hi all,
I have been struggling with a BSOD for the past 5 weeks and have scoured the web trying in vain to find someone else with the same issue.
Environment:
8 x 2008 R2 SP1 Windows Servers (8Gb RAM, 25Gb HDD) with Remote Desktop Services Roles installed, running as part of an RDS Farm. All Servers are VM Guests (hardware version 7) running on VMware vSphere v4.1.0-260247 Hosts (Dell
PowerEdge R710 - 128Gb RAM). Our vSphere 'farm' has 5 Hosts that connect to our EMC SAN via iSCSI with multipath routes.
Each RDS Server is load balanced via a Connection Broker, and each server has the same set of software / vm hardware installed. In a nutshell, each has Symantec Endpoint Protection v11.0.5002.333, Symantec Altiris v7.0, Microsoft Office 2007 as well as
other various software essential to these servers.
Symptoms:
Randomly throughout the day, one (or more) of the RDS Servers will crash with a BSOD more often than not with "caused by driver ntoskrnl.exe" sometimes with "cng.sys" and once with "ksecpkg.sys". So far in the 5 weeks I have had 90 crashes. Yesterday
all 8 of the RDS Servers crashed at some point throughout the day.
On a typical BSOD, it says:
The problem seems to be caused by the following file: ntoskrnl.exe
PAGE_FAULT_IN_NONPAGED_AREA
Technical Information:
*** STOP: 0x00000050 (0xfffffa800c153284, 0x0000000000000001, 0xfffff880053dc0c9, 0x0000000000000000)
*** ntoskrnl.exe - Address 0xfffff8000169ac40 base at 0xfffff8000161e000 DateStamp 0x4e02aaa3
Using BlueScreenView it says "caused by address: ntoskrnl.exe+7cc40" nearly every time.
I have analysed as best I could using Microsoft WinDbg, and this is the output of a typical mini-dump file:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [\\hqrds01\c$\Windows\Minidump\030112-19359-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Program Files\Debugging Tools for Windows (x64)\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`01609000 PsLoadedModuleList = 0xfffff800`0184e670
Debug session time: Thu Mar 1 09:14:00.921 2012 (UTC + 0:00)
System Uptime: 0 days 21:31:41.950
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa800be83284, 1, fffff8800576f0c9, 0}
Could not read faulting driver name
Probably caused by : RDPWD.SYS ( RDPWD!memcpy+1d9 )
Followup: MachineOwner
1: kd> !analyze -v
* Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800be83284, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff8800576f0c9, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018b8100
fffffa800be83284
FAULTING_IP:
RDPWD!memcpy+1d9
fffff880`0576f0c9 668901 mov word ptr [rcx],ax
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800bf70a80 -- (.trap 0xfffff8800bf70a80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000023d rbx=0000000000000000 rcx=fffffa800be83284
rdx=ffffffffffe7e63b rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800576f0c9 rsp=fffff8800bf70c18 rbp=0000000000000001
r8=000000000000001c r9=fffff8a0033401e8 r10=fffff8a0033401e8
r11=fffffa800be83268 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
RDPWD!memcpy+0x1d9:
fffff880`0576f0c9 668901 mov word ptr [rcx],ax ds:0c40:fffffa80`0be83284=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800016319fc to fffff80001685c40
STACK_TEXT:
fffff880`0bf70918 fffff800`016319fc : 00000000`00000050 fffffa80`0be83284 00000000`00000001 fffff880`0bf70a80 : nt!KeBugCheckEx
fffff880`0bf70920 fffff800`01683d6e : 00000000`00000001 fffffa80`0be83284 00000000`00000000 fffff8a0`0be85820 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`0bf70a80 fffff880`0576f0c9 : fffff880`057547cf 00000000`00000000 00000000`00000022 00000000`00000002 : nt!KiPageFault+0x16e
fffff880`0bf70c18 fffff880`057547cf : 00000000`00000000 00000000`00000022 00000000`00000002 fffff880`0576c99d : RDPWD!memcpy+0x1d9
fffff880`0bf70c20 fffff880`0576c9fc : fffff8a0`0f938010 00000000`00000022 00000000`00000019 00000000`00000002 : RDPWD!SM_MCSSendDataCallback+0x303
fffff880`0bf70c60 fffff880`0576b354 : fffff880`0bf70da0 fffff8a0`033401e8 00000000`00000000 fffff880`0576abfd : RDPWD!HandleAllSendDataPDUs+0x188
fffff880`0bf70d10 fffff880`0576af64 : 00000000`00000031 fffffa80`0bd01895 00000006`0000001f fffff880`05739079 : RDPWD!RecognizeMCSFrame+0x28
fffff880`0bf70d50 fffff880`029ba1f8 : fffff8a0`03345000 fffffa80`0bae6e80 fffffa80`0a5c0e60 fffff880`05737e00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`0bf70df0 fffff880`057378d0 : 00000000`00000000 fffff880`0bf70f10 fffff880`0bf70f08 00000000`00000000 : termdd!IcaRawInput+0x50
fffff880`0bf70e20 fffff880`05736d85 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`0bf70e50 fffff880`057367c2 : fffffa80`088e8a28 fffffa80`00000000 00000000`00000031 fffff800`00000000 : tssecsrv!CFilter::FilterIncomingData+0xc9
fffff880`0bf70ef0 fffff880`029ba1f8 : fffff880`009b8180 00000000`00000001 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`0bf70f60 fffff880`0572c4c5 : fffffa80`088e8a10 fffffa80`0bd01658 00000000`00000000 fffffa80`088e8a10 : termdd!IcaRawInput+0x50
fffff880`0bf70f90 fffff880`029baf3e : fffffa80`0bd01620 fffffa80`0c100420 fffffa80`0bd4b450 fffffa80`0973b9b0 : tdtcp!TdInputThread+0x465
fffff880`0bf71810 fffff880`029b9ae3 : fffffa80`09d902b0 fffffa80`0973b9b0 fffffa80`093d8520 fffffa80`0bd4b450 : termdd!IcaDriverThread+0x5a
fffff880`0bf71840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPWD!memcpy+1d9
fffff880`0576f0c9 668901 mov word ptr [rcx],ax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: RDPWD!memcpy+1d9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPWD
IMAGE_NAME: RDPWD.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab45
FAILURE_BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
Followup: MachineOwner
The RDS servers are set to reboot automatically, and after a period of 5 minutes or so, the users can reconnect and log back in. On a typical day each server will have around 10 people RDP'd in to them.
The Users connecting to the RDS Servers included XP laptops/desktops and IGEL UD-120-LX Thin Terminals. The XPs have SP3 installed and are fully patched via Symantec Altiris.
Things I have tried:
- Analyse the dump-files (as per above).
- I have tracked each user logging on to the RDS Farm (via batch scripts) and tried to determine if this is caused by the same individual(s) but it appears random.
- Check to see if the crashing Virtual Machine is running on a specific host, but it has happened on all Hosts.
- Check to see if there was anything specific that happened on the day that the crashes started. There were about 5 new poeple introduced to the RDS Farm at that time, but there were using (a) client machines that had been used previously elsewhere with
no issues, (b) software that had been used previously, (c) in a remote location that had previous users using RDS, (d) have not been logged on to a RDS Server when it has crashed.
- Updated Windows Server 2008 R2 SP1 to the latest patches (as of Feb 2012).
- Turned on Verifier (using recommended settings), and then analysed dump-files with the same reference to rdpwd.sys.
- Fixed the Memory Resource Reservation in vSphere to the full 8Gb for all these RDS Servers (so that the memory is not shared at all).
- Ran MEMTEST on a VM Guest with the full 8Gb RAM, on a couple of the ESX Hosts.
- Changed the VMTools Video Driver to the SVGA II driver from the Standard VGA Driver.
- Ran a full AV Scan (using SEP).
- Isolated the Printer Drivers using the Printer Management MMC.
- Ran sfc /scannow of all RDS Servers and rebooted.
The mini-dump file mentioned above is here:https://skydrive.live.com/redir.aspx?cid=48f471f287af2349&resid=48F471F287AF2349!105&parid=48F471F287AF2349!103
I hope someone can help, as what hair I have left (from pulling it out) is turning grey!
Andy* Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800c153284, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff880053dc0c9, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018cd100
fffffa800c153284
FAULTING_IP:
RDPWD!memcpy+1d9
fffff880`053dc0c9 668901 mov word ptr [rcx],ax
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800aa48a80 -- (.trap 0xfffff8800aa48a80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000000001ff rbx=0000000000000000 rcx=fffffa800c153284
rdx=ffffffffffee6b8b rsi=0000000000000000 rdi=0000000000000000
rip=fffff880053dc0c9 rsp=fffff8800aa48c18 rbp=0000000000000001
r8=000000000000001c r9=fffff8a0123923a8 r10=fffff8a0123923a8
r11=fffffa800c153268 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
RDPWD!memcpy+0x1d9:
fffff880`053dc0c9 668901 mov word ptr [rcx],ax ds:8c40:fffffa80`0c153284=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800016469fc to fffff8000169ac40
STACK_TEXT:
fffff880`0aa48918 fffff800`016469fc : 00000000`00000050 fffffa80`0c153284 00000000`00000001 fffff880`0aa48a80 : nt!KeBugCheckEx
fffff880`0aa48920 fffff800`01698d6e : 00000000`00000001 fffffa80`0c153284 00000000`00000000 fffff8a0`10919830 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`0aa48a80 fffff880`053dc0c9 : fffff880`053c17cf 00000000`00000000 00000000`00000022 00000000`00000002 : nt!KiPageFault+0x16e
fffff880`0aa48c18 fffff880`053c17cf : 00000000`00000000 00000000`00000022 00000000`00000002 fffff880`053d999d : RDPWD!memcpy+0x1d9
fffff880`0aa48c20 fffff880`053d99fc : fffff8a0`10cf30d0 00000000`00000022 00000000`00000019 00000000`00000002 : RDPWD!SM_MCSSendDataCallback+0x303
fffff880`0aa48c60 fffff880`053d8354 : fffff880`0aa48da0 fffff8a0`123923a8 00000000`00000000 fffff880`053d7bfd : RDPWD!HandleAllSendDataPDUs+0x188
fffff880`0aa48d10 fffff880`053d7f64 : 00000000`00000031 fffffa80`0c039de5 00000006`0000001f fffff880`053a6079 : RDPWD!RecognizeMCSFrame+0x28
fffff880`0aa48d50 fffff880`012c01f8 : fffff8a0`12393000 fffffa80`0bb7aa60 fffffa80`0b81e9c0 fffff880`053a4e00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`0aa48df0 fffff880`053a48d0 : 00000000`00000000 fffff880`0aa48f10 fffff880`0aa48f08 fffffa80`0c039ba8 : termdd!IcaRawInput+0x50
fffff880`0aa48e20 fffff880`053a3d85 : fffff880`01716890 fffffa80`0c0327e8 00000000`00000000 00000000`00000000 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`0aa48e50 fffff880`053a37c2 : fffffa80`0c16e598 fffffa80`00000000 00000000`00000031 fffff800`00000000 : tssecsrv!CFilter::FilterIncomingData+0xc9
fffff880`0aa48ef0 fffff880`012c01f8 : fffff880`009b8180 00000000`00000001 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`0aa48f60 fffff880`052994c5 : fffffa80`0c16e580 fffffa80`0c039ba8 00000000`00000000 fffffa80`0c16e580 : termdd!IcaRawInput+0x50
fffff880`0aa48f90 fffff880`012c0f3e : fffffa80`0c039b70 fffffa80`0acccf20 fffffa80`0a95c450 fffffa80`0abf9620 : tdtcp!TdInputThread+0x465
fffff880`0aa49810 fffff880`012bfae3 : fffffa80`0c0a6560 fffffa80`0abf9620 fffffa80`087eee80 fffffa80`0a95c450 : termdd!IcaDriverThread+0x5a
fffff880`0aa49840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPWD!memcpy+1d9
fffff880`053dc0c9 668901 mov word ptr [rcx],ax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: RDPWD!memcpy+1d9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPWD
IMAGE_NAME: RDPWD.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab45
FAILURE_BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
Followup: MachineOwner
Bug Check Code 0x50:http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx
Please start by that:
Update all possible drivers
Uninstall all unused programs
Disable all security softwares you have
Run chkdsk /r /f and sfc /scannow
Run memtest86+ to check if all is okay with your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support
If this does not help then upload MEMORY.DMP file (You can zip it and divide it using 7-ZIP) using Microsoft Skydrive and post a link here.
You can also contact Microsoft CSS for assistance.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft
Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer -
Update error of SQL Server 2012 enterprise running on Windows server 2008 standard SP2 (32 bits)
Hi there;
I have a windows server 2008 SP2 (32bits) in which I have an instance of SQL Server
2008 and another of 2012.
My Windows server 2008 installed the following updates; (see below).
(KB2898858),(KB2909921),(KB890830),(KB2898869),(KB2911502),(KB2901126),
(KB2916036),(KB2862973),(KB2901113)
After the machine was re-started, I was not abble to connect
to the instance of SQL Server 2012. I am able
to connect to the instance of SQL Server 2008.
The error message I get when I atemp to connect can be found
at the end of the list of updates below.
Do I need to uninstall an update? if so, which one and how do I do that?
Thanks Gabriel I. Ruiz
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2898858)
Installation date: 2/12/2014 11:42 PM
Installation status: Successful
Update type: Important
More information:
http://support.microsoft.com/kb/2898858
Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2909921)
Installation date: 2/12/2014 11:42 PM
Installation status: Successful
Update type: Important
More information:
http://support.microsoft.com/kb/2909921
Windows Malicious Software Removal Tool - February 2014 (KB890830)
Installation date: 2/12/2014 11:41 PM
Installation status: Successful
Update type: Important
More information:
http://support.microsoft.com/kb/890830
Security Update for Microsoft .NET Framework 4.5.1 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2898869)
Installation date: 2/12/2014 11:40 PM
Installation status: Successful
Update type: Important
More information:
http://support.microsoft.com/kb/2898869
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2911502)
Installation date: 2/12/2014 11:36 PM
Installation status: Successful
Update type: Important
More information:
http://support.microsoft.com/kb/2911502
Security Update for Microsoft .NET Framework 4.5.1 on Windows 7, Windows Vista, and Windows Server 2008 x86 (KB2901126)
Installation date: 2/12/2014 11:36 PM
Installation status: Successful
Update type: Important
More information:
http://support.microsoft.com/kb/2901126
Security Update for Windows Server 2008 (KB2916036)
Installation date: 2/12/2014 11:34 PM
Installation status: Successful
Update type: Important
More information:
http://support.microsoft.com/kb/2916036
Security Update for Windows Server 2008 (KB2862973)
Installation date: 2/12/2014 11:34 PM
Installation status: Successful
Update type: Important
More information:
http://support.microsoft.com/kb/2862973
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2901113)
Installation date: 2/12/2014 11:34 PM
Installation status: Successful
Update type: Important
More information:
http://support.microsoft.com/kb/2901113
===================================
Cannot connect to HAVANA\HAVANA_2012_1ST.
===================================
The client was unable to establish a connection because of an error during connection initialization process before login. Possible causes include the following: the client tried to connect to an unsupported version of SQL Server; the server was too busy
to accept new connections; or there was a resource limitation (insufficient memory or maximum allowed connections) on the server. (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.) (.Net SqlClient Data Provider)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=233&LinkId=20476
Server Name: HAVANA\HAVANA_2012_1ST
Error Number: 233
Severity: 20
State: 0
Program Location:
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock)
at System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate)
at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate)
at System.Data.SqlClient.TdsParser.SendPreLoginHandshake(Byte[] instanceName, Boolean encrypt)
at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, Boolean withFailover)
at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)
at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer
timeout)
at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance,
SqlConnectionString userConnectionOptions, SessionData reconnectSessionData)
at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.Open()
at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateConnection(UIConnectionInfo ci, IServerType server)
at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()
===================================
No process is on the other end of the pipeHi,
Check if SQL Server service is running fine. I doubt you may have changed the user account password used for SQL Server service. After restarting the machine, you also need to update the user account of SQL Server service in Configuration
Manager. Re-type the user account name and password under Log on tab and see how it helps.
Thanks.
Tracy Cai
TechNet Community Support -
Windows Server 2008 backups failing
I have a Windows Server 2008, fully patched that backups recently started to fail and now, we are unable to open the Windows Server Backup. Also unable to open Disk Management or any other applications requiring Virtual Disk.
Attempts to start VDS from service or command line result in the following errors:
1:
A timeout was reached (180000 milliseconds) while waiting for the Virtual Disk service to connect.
2:
The Virtual Disk service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
I added the debuglog to registry and the $vds$.log only records the following:
(PID:8988,TID:10060,17:32:43) ERROR: CVdsLoader::LoadService, 3, hr=8007041D
I have also increased the timeout dramatically to no avail.
SFC /scannow returns:
Windows Resource Protection found corrupt files but was unable to fix some of them.
Nothing requiring Virtual Disk Service will operate making backups and imaging impossible.
Any thoughts?Hi,
As SFC could find some issues (but fail to fix), please try to DISM could help as well:
DISM.exe /Online /Cleanup-image /Restorehealth
Fix Windows corruption errors by using the DISM or System Update Readiness tool
http://support.microsoft.com/kb/947821
Also though the following hotfix is not specific for this error, it helps updating VDS components. Please try it and see if issue persists after installing it.
Virtual Disk Service (VDS) crashes when you try to extend a dynamic volume in an NTFS file system on a computer that is running Windows Vista, Windows Server 2008, Windows Server 2008 R2, or Windows 7
http://support.microsoft.com/kb/975680
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Development Platform:
Visual Studio 2003 (VB)
Crystal Reports XI Developers Edition (Version 11.0.0.895)
Developed on Windows XP (SP3)
Deployed (VB) Program Normally Runs Windows Server 2003 (No problems)
Problem: Cannot run on Windows Server 2008 (32 Bit nor 64 Bit Versions)
THREE QUESTIONS:
Q1. Is the CR XI Dev Ed (11.0.0.895) the same as CR XI R1?
Q2. Is there a known conflict between this version and Windows Server 2008 ( either 32 Bit or 64 Bit)? If so, is there a fix?
Q3. There is a service pack (SP4) which is for CR XI R1. Does this apply to my version of Crystal Reports? Are there updated Merge Modules as well?
The program deploys to both versions of WS 2008 fine. However, it does not work on either. The errors are different. On the 64 bit version, a simple u201Ccannot access the file in c:\windows\tempu201D message. Permissions have been checked and are ok. On the 32 bit version, we get a 503 error (Service Unavailable) and the Internet Server gets u201Chungu201D and will not clear without a reboot of the machine, literally.
This is an updated question to an eariler post, which is unresolved. Many thanks to whoever can help.Hi David,
Q1. Is the CR XI Dev Ed (11.0.0.895) the same as CR XI R1?
answer- Yes, both are same
Q2. Is there a known conflict between this version and Windows Server 2008 ( either 32 Bit or 64 Bit)? If so, is there a fix?
Answer-
unfortunately my help is very limited in this scenario.
Please do not deploy CR XI to win2008 OS.
This OS is not tested and not supported with CR XI.
Please see a full list of supported OS [here|https://websmp104.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000086718&_OBJECT=011000358700001092722008E]
Even the latest edition Reports [XI Release 2 u2013 Service Pack 4|https://websmp106.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000086812&_OBJECT=011000358700001080932008E] is not supported for Win2008.
Q3. There is a service pack (SP4) which is for CR XI R1. Does this apply to my version of Crystal Reports? Are there updated Merge Modules as well?
Answer- Yes, that SP4 is for CR version 11.0 - to download click [here|http://resources.businessobjects.com/support/additional_downloads/service_packs/crystal_reports_en.asp#CRXIR1].
Latest merge modules for CR XI R1 SP4 can be downloaded from [here|http://resources.businessobjects.com/support/additional_downloads/runtime.asp#05]
Hope that helps!!
Regards,
Amit
Best regards -
Error while performing SAP Installation in HA Env on Windows Server 2008
Hello,
I am performing a SAP Installation in HA Environment on Windows Server 2008. I am at the ASCS installation step.
As per the guide before installing ASCS there are some activities to be carried out on Failover Cluster Management.
I have done all the steps except one as per the guide. I am stuck in the Add FileServer Step. In this step the guide says to go to the Dependencies tab and add the cluster disk resource to the dependencies list. It also says to add the Name:Virtual NetworkName to the dependencies list.
Now in my scenario I have 3 shared drives for SAP and I have added each of them in the dependencies list of the new FileServer. The only problem is how do I add the Name:Virtual NetworkName to this list
When I continue without giving the Network name the system issues a warning "This resource requires dependencies on instances of the following resource types or classes:Network Name. Not adding these dependencies will prevent the resource from working properly. Do you want to save the current settings anyway"
If I click on Yes and bring this resource online it fails with this error message
"The action Bring this resource online did not complete.An error occured while attempting to bring the resource 'SAPECC FileServer online'. The cluster resource could not be brought online by resource monitor."
My question is how to add the Name:VirtualNetworkName to the dependencies list of the FileServer.
Regards
Mitesh NairHi,
I have resolved the issue with the help of cluster admin
Regards
Mitesh -
What is the most powerful books for Windows server 2008 and R2?
Hi,
There are many books out there that cover Windows server 2k8 and its R2 successor but i wonder which ones to focus on. In the same time, all books are for one purpose, "Windows Server 2008". Each author has his/her own view on the platform. I don't
want to read them all just to avoid confusions and complications.
These are the list of books that i have along with books that i finished reading them:
Exam 70-640 Configuring Windows Server® 2008 Active Directory® (Finished this)
Exam 70-642 Configuring Windows Server 2008 Network Infrastructure (Finished this)
Exam 70-643 Configuring Windows Server 2008 Application Infrastructure
(Finished this)
Exam 70-646 Windows_Server__2008_Server_Administrator_Second_Edition (Finished this)
Mastering_Windows_Server_2008_R2 (Finished this)
McGraw.Hill.Microsoft.Windows.Server.2008.Administration.Feb.2008
McGraw.Hill.Microsoft.Windows.Server.2008.The.Complete.Reference.Feb.2008
OReilly.Windows.Server.2008.The.Definitive.Guide.Mar.2008
Sams.Teach.Yourself.Windows.Server.2008.in.24.Hours.May.2008
Sybex.MCTS.Windows.Server.2008.Active.Directory.Configuration.Study.Guide
Windows Server 2008 Active Directory Resource Kit (Finished this)
Windows Server 2008 Networking and Network Access Protection (Finished this)
Windows Server 2008 Unleashed
Windows Server 2008 R2 Unleashed
Do you think the unfinished books worth reading?
Appreciate your help.Thank you for the reply. My goal is to read everything (ins and outs) about Win 2008 and R2 platforms before i jump into Win 2012. I have pretty good experience in certain roles in Win 2008 such ADDS and ADCS. As clarified, i've finished a good number of
books but i want to make sure that i didn't miss a single piece of information that maybe covered in another book.
Honestly, i find the Technet docs are informative but daunting. On the other hand, books written by authors are more friendly because authors can throw jokes while explaining a certain technology, which makes the reader more attracted to the topic. In addition,
examples, practices, labbing, and quizzes in the books are more fun. -
Very slow DFSR on Windows Server 2008
We need to have distributed file system between two location.
I evaluating possibility to use DFS and two Windows Server 2008 to do it.
I set up two computer with clean installation of system.
The test is on two local subnets, so speed should not be an issue.
Each server is defined in separate logical site.
The DFSR folder I create on one server has 50 GB / 40,000 files.
The initial replication still is not finished after couple of days.
The transfer speed is only about 5kB/s and 3 files / min.
I increase staging quote to 100GB, so it should not be a limit.
I also make simple test of speed between both servers.
I create shared folder on both servers and manually copy files.
The transfer speed is reasonable 5 MB/s (1000 time faster that DFSR).
There is no processor load on servers (0% CPU).
This is test before real use so server do almost nothing else.
The event log shows sometimes 5014 but followed immediately with 5004.
Does anybody have an idea what is wrong?Thank you for your help.
The replication process just stopped.
This morning target folder size is exactly same as yesterday.
Previously it at least slowly increase.
I looked at those log files, but I still need to understand them.
The log level is default (means 4) and there is many entries there.
Anyway I attached examples, while searching what it their meaning.
The source server:
Many warning looking like this:
20090529 08:30:34.122 2772 SRTR 2344 [WARN] InitializeFileTransferAsyncState::ProcessIoCompletion Failed connId:{} rdc:0 uid:{}-v74162 gsvn:{}-v74162 Error: [Error:170(0xaa) InitializeFileTransferAsyncState::ProcessIoCompletion servertransport.cpp:2235 2772 W The requested resource is in use.] completion:0 ptr:09B27F40
From time to time errors sequence:
20090529 08:33:33.086 2608 DOWN 3991 [ERROR] DownstreamTransport::EstablishSession Failed on connId:{} csId:{} rgName:Common Volume Error:
+ [Error:9027(0x2343) DownstreamTransport::EstablishSession downstreamtransport.cpp:3984 2608 C A failure was reported by the remote partner]
+ [Error:9051(0x235b) DownstreamTransport::EstablishSession downstreamtransport.cpp:3984 2608 C The content set is not ready]
20090529 08:33:33.086 2608 INCO 3566 InConnection::RestartSession Retrying establish contentset session. connId:{} csId:{} csName:common
20090529 08:33:33.086 2608 INCO 774 [WARN] SessionTask::Step (Ignored) Failed, should have already been processed. Error:
+ [Error:9027(0x2343) InConnection::EstablishSession inconnection.cpp:3657 2608 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::EstablishSession downstreamtransport.cpp:4005 2608 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::EstablishSession downstreamtransport.cpp:3984 2608 C A failure was reported by the remote partner]
+ [Error:9051(0x235b) DownstreamTransport::EstablishSession downstreamtransport.cpp:3984 2608 C The content set is not ready]
The target server:
20090529 08:31:33.054 3196 SRTR 784 [WARN] SERVER_EstablishSession Failed on connId:{} csId:{} Error:
+ [Error:9051(0x235b) UpstreamTransport::EstablishSession upstreamtransport.cpp:707 3196 C The content set is not ready]
+ [Error:9051(0x235b) OutConnection::EstablishSession outconnection.cpp:2623 3196 C The content set is not ready]
20090529 08:31:33.974 1664 DOWN 2723 AsyncRpcHandler::ProcessReceive Completion. connId:{} csId:{} reqType:AsyncPollRequest reqState:Completed status:9026 ptr:056820B0
20090529 08:31:33.974 1664 DOWN 2748 [ERROR] AsyncRpcHandler::ProcessReceive Failed on connId:{} csId:{} reqType:AsyncPollRequest reqState:Completed status:9026 Error:
+ [Error:9027(0x2343) AsyncRpcHandler::ReceiveAsyncPoll downstreamtransport.cpp:2131 1664 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) AsyncRpcHandler::ReceiveAsyncPoll downstreamtransport.cpp:2073 1664 C A failure was reported by the remote partner]
+ [Error:9026(0x2342) AsyncRpcHandler::ReceiveAsyncPoll downstreamtransport.cpp:2073 1664 C The connection is invalid]
20090529 08:31:33.974 1664 INCO 2543 InConnection::ReConnect Ignoring reconnect. state:4 connId:{}
20090529 08:31:33.974 1664 RPCN 663 [ERROR] IoPortManager::ThreadEntryProc (Ignored) Failed IoCompletionProcessVvUp. Error:
+ [Error:9027(0x2343) AsyncRpcHandler::ProcessReceive downstreamtransport.cpp:2809 1664 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) AsyncRpcHandler::ReceiveAsyncPoll downstreamtransport.cpp:2131 1664 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) AsyncRpcHandler::ReceiveAsyncPoll downstreamtransport.cpp:2073 1664 C A failure was reported by the remote partner]
+ [Error:9026(0x2342) AsyncRpcHandler::ReceiveAsyncPoll downstreamtransport.cpp:2073 1664 C The connection is invalid]
20090529 08:30:34.118 2588 INCO 2705 InConnection::ProcessErrorStatus (Ignored) Remote error connId:{} Error:
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4768 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) RpcFinalizeContext downstreamtransport.cpp:1096 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4711 2588 C A failure was reported by the remote partner]
+ [Error:170(0xaa) DownstreamTransport::RawGet downstreamtransport.cpp:4711 2588 W The requested resource is in use.]
20090529 08:30:34.118 2588 MEET 2032 Meet::Download Download Succeeded : false updateName:Tutorial_V2_Gerotor_Surfaces_html_6de9f06.png uid:{}-v74168 gvsn:{}-v74168 connId:{} csName:common csId:{}
20090529 08:30:34.118 1920 INCO 5599 InConnection::LogTransferActivity Failed to receive RAWGET uid:{}-v74169 gvsn:{}-v74169 fileName:Tutorial_V2_Gerotor_Surfaces_html_7153b1c3.png connId:{} csId:{} stagedSize:0 Error:
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4768 1920 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) RpcFinalizeContext downstreamtransport.cpp:1096 1920 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4711 1920 C A failure was reported by the remote partner]
+ [Error:170(0xaa) DownstreamTransport::RawGet downstreamtransport.cpp:4711 1920 W The requested resource is in use.]
20090529 08:30:34.118 1920 INCO 2705 InConnection::ProcessErrorStatus (Ignored) Remote error connId:{} Error:
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4768 1920 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) RpcFinalizeContext downstreamtransport.cpp:1096 1920 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4711 1920 C A failure was reported by the remote partner]
+ [Error:170(0xaa) DownstreamTransport::RawGet downstreamtransport.cpp:4711 1920 W The requested resource is in use.]
20090529 08:30:34.118 2588 INCO 2705 InConnection::ProcessErrorStatus (Ignored) Remote error connId:{} Error:
+ [Error:9027(0x2343) Meet::InstallStep meet.cpp:1657 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) Meet::Download meet.cpp:2052 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) InConnection::RawGet inconnection.cpp:5688 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4768 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) RpcFinalizeContext downstreamtransport.cpp:1096 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4711 2588 C A failure was reported by the remote partner]
+ [Error:170(0xaa) DownstreamTransport::RawGet downstreamtransport.cpp:4711 2588 W The requested resource is in use.]
20090529 08:30:34.118 1920 MEET 2032 Meet::Download Download Succeeded : false updateName:Tutorial_V2_Gerotor_Surfaces_html_7153b1c3.png uid:{}-v74169 gvsn:{}-v74169 connId:{} csName:common csId:{}
20090529 08:30:34.118 2588 MEET 1263 Meet::Install -> WAIT Error processing update. updateName:Tutorial_V2_Gerotor_Surfaces_html_6de9f06.png uid:{}-v74168 gvsn:{}-v74168 connId:{} csName:common csId:{} code:170 Error:
+ [Error:9027(0x2343) Meet::InstallStep meet.cpp:1657 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) Meet::Download meet.cpp:2052 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) InConnection::RawGet inconnection.cpp:5688 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4768 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) RpcFinalizeContext downstreamtransport.cpp:1096 2588 C A failure was reported by the remote partner]
+ [Error:9027(0x2343) DownstreamTransport::RawGet downstreamtransport.cpp:4711 2588 C A failure was reported by the remote partner]
+ [Error:170(0xaa) DownstreamTransport::RawGet downstreamtransport.cpp:4711 2588 W The requested resource is in use.] -
SChannel Fails Authentication on Windows Server 2008 R2 Using TLS1
I am trying to use SChannel to secure a socket connection. I modified the example at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380537(v=vs.85).aspx, converting it from Negotiate to SChannel. Following the specs for the SSPI APIs I was able the get a Client & Server connection authenticated on Windows 7.
However, when I try running the same programs on Windows Server 2008 R2, either the Client side or Server side fails, depending on how I select the security protocol.
Here is the modified example code, details about my results follow the code.
Client.cpp
// Client-side program to establish an SSPI socket connection
// with a server and exchange messages.
// Define macros and constants.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "SspiExample.h"
#include <string>
#include <iostream>
CredHandle g_hCred;
SecHandle g_hCtext;
#define SSPI_CLIENT "SChannelClient:" __FUNCTION__
void main(int argc, char * argv[])
SOCKET Client_Socket;
BYTE Data[BIG_BUFF];
PCHAR pMessage;
WSADATA wsaData;
SECURITY_STATUS ss;
DWORD cbRead;
ULONG cbHeader;
ULONG cbMaxMessage;
ULONG cbTrailer;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
SecPkgContext_ConnectionInfo ConnectionInfo;
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName);
char Server[512] = {0};
WCHAR CertName[512] = {0};
// Validate cmd line parameters
if ( argc != 3 )
LOGA ( ( __log_buf, SSPI_CLIENT " required parameters ServerName & CertName not entered.\n"));
LOGA( ( __log_buf, SSPI_CLIENT " Abort and start over with required parameters.\n") );
std::cin.get();
else
// argv[1] - ServerName - the name of the computer running the server sample.
// argv[2] - TargetName the common name of the certificate provided
// by the target server program.
memcpy(Server, argv[1], strlen(argv[1]));
size_t sizCN;
mbstowcs_s(&sizCN, CertName, strlen(argv[2])+1, argv[2], _TRUNCATE);
LOGA ( ( __log_buf, SSPI_CLIENT " input parameters - ServerName %s CertName %ls.\n", Server, CertName ));
// Initialize the socket and the SSP security package.
if(WSAStartup (0x0101, &wsaData))
MyHandleError( __FUNCTION__ " Could not initialize winsock ");
// Connect to a server.
SecInvalidateHandle( &g_hCtext );
if (!ConnectAuthSocket (
&Client_Socket,
&g_hCred,
&g_hCtext,
Server,
CertName))
MyHandleError( __FUNCTION__ " Authenticated server connection ");
LOGA ( ( __log_buf, SSPI_CLIENT " connection authenticated.\n"));
// An authenticated session with a server has been established.
// Receive and manage a message from the server.
// First, find and display the name of the SSP,
// the transport protocol supported by the SSP,
// and the size of the header, maximum message, and
// trailer blocks for this SSP.
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT "QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " QueryContextAttributes failed.\n");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
cbHeader = SecPkgSizes.cbHeader;
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_CLIENT " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_CONNECTION_INFO,
&ConnectionInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
switch(ConnectionInfo.dwProtocol)
case SP_PROT_TLS1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: TLS1\n"));
break;
case SP_PROT_SSL3_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL3\n"));
break;
case SP_PROT_PCT1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: PCT\n"));
break;
case SP_PROT_SSL2_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL2\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Protocol: 0x%x\n", ConnectionInfo.dwProtocol));
switch(ConnectionInfo.aiCipher)
case CALG_RC4:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC4\n");)
break;
case CALG_3DES:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Triple DES\n"));
break;
case CALG_RC2:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC2\n"));
break;
case CALG_DES:
case CALG_CYLINK_MEK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: DES\n"));
break;
case CALG_SKIPJACK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Skipjack\n"));
break;
case CALG_AES_256:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: AES 256\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Cipher: 0x%x\n", ConnectionInfo.aiCipher));
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher strength: %d\n", ConnectionInfo.dwCipherStrength));
switch(ConnectionInfo.aiHash)
case CALG_MD5:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: MD5\n"));
break;
case CALG_SHA:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: SHA\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Hash: 0x%x\n", ConnectionInfo.aiHash));
LOGA ( ( __log_buf, SSPI_CLIENT " Hash strength: %d\n", ConnectionInfo.dwHashStrength));
switch(ConnectionInfo.aiExch)
case CALG_RSA_KEYX:
case CALG_RSA_SIGN:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: RSA\n"));
break;
case CALG_KEA_KEYX:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: KEA\n"));
break;
case CALG_DH_EPHEM:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: DH Ephemeral\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Key exchange: 0x%x\n", ConnectionInfo.aiExch));
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange strength: %d\n", ConnectionInfo.dwExchStrength));
// Decrypt and display the message from the server.
if (!ReceiveBytes(
Client_Socket,
Data,
BIG_BUFF,
&cbRead))
MyHandleError( __FUNCTION__ " No response from server\n");
if (0 == cbRead)
MyHandleError(__FUNCTION__ " Zero bytes received.\n");
pMessage = (PCHAR) DecryptThis(
Data,
&cbRead,
&g_hCtext);
// Skip the header to get the decrypted message
pMessage += cbHeader;
ULONG cbMessage = cbRead-cbHeader-cbTrailer;
if ((cbMessage == strlen(TEST_MSG)) &&
!strncmp(pMessage, TEST_MSG, strlen(TEST_MSG)) )
LOGA ( ( __log_buf, SSPI_CLIENT " SUCCESS!! The message from the server is \n -> %.*s \n",
cbMessage, pMessage ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " UNEXPECTED message from the server: \n -> %.*s \n",
cbMessage, pMessage ));
LOGA ( ( __log_buf, SSPI_CLIENT " rcvd msg size %u, exp size %u\n", cbMessage, strlen(TEST_MSG) ));
// Terminate socket and security package.
DeleteSecurityContext (&g_hCtext);
FreeCredentialHandle (&g_hCred);
shutdown (Client_Socket, 2);
closesocket (Client_Socket);
if (SOCKET_ERROR == WSACleanup ())
MyHandleError( __FUNCTION__ " Problem with socket cleanup ");
exit (EXIT_SUCCESS);
} // end main
// ConnectAuthSocket establishes an authenticated socket connection
// with a server and initializes needed security package resources.
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *g_hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName)
unsigned long ulAddress;
struct hostent *pHost;
SOCKADDR_IN sin;
// Lookup the server's address.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n"));
ulAddress = inet_addr (pServer);
if (INADDR_NONE == ulAddress)
LOGA ( ( __log_buf, SSPI_CLIENT " calling gethostbyname with %s.\n", pServer ));
pHost = gethostbyname (pServer);
if (NULL == pHost)
MyHandleError(__FUNCTION__ " Unable to resolve host name ");
memcpy((char FAR *)&ulAddress, pHost->h_addr, pHost->h_length);
std::string ipAddrStr;
ipAddrStr = inet_ntoa( *(struct in_addr*)*pHost->h_addr_list);
LOGA ( ( __log_buf, __FUNCTION__ " gethostbyname - ipAddress %s, name %s.\n", ipAddrStr.c_str(), pHost->h_name ) );
// Create the socket.
*s = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == *s)
MyHandleError(__FUNCTION__ " Unable to create socket");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Socket created.\n"));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = ulAddress;
sin.sin_port = htons (g_usPort);
// Connect to the server.
if (connect (*s, (LPSOCKADDR) &sin, sizeof (sin)))
closesocket (*s);
MyHandleError( __FUNCTION__ " Connect failed ");
LOGA ( ( __log_buf, SSPI_CLIENT " Connection established.\n"));
// Authenticate the connection.
if (!DoAuthentication (*s, pCertName))
closesocket (*s);
MyHandleError( __FUNCTION__ " Authentication ");
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n"));
return(TRUE);
} // end ConnectAuthSocket
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName)
BOOL fDone = FALSE;
DWORD cbOut = 0;
DWORD cbIn = 0;
PBYTE pInBuf;
PBYTE pOutBuf;
if(!(pInBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
if(!(pOutBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " 1st message.\n"));
if (!GenClientContext (
NULL,
0,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext
LOGA ( ( __log_buf, SSPI_CLIENT " GenClientContext failed\n"));
return(FALSE);
if (!SendMsg (s, pOutBuf, cbOut ))
MyHandleError(__FUNCTION__ " Send message failed ");
while (!fDone)
if (!ReceiveMsg (
s,
pInBuf,
MAXMESSAGE,
&cbIn))
MyHandleError( __FUNCTION__ " Receive message failed ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " Message loop.\n"));
if (!GenClientContext (
pInBuf,
cbIn,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext))
MyHandleError( __FUNCTION__ " GenClientContext failed");
if (!SendMsg (
s,
pOutBuf,
cbOut))
MyHandleError( __FUNCTION__ " Send message failed");
LOGA ( ( __log_buf, SSPI_CLIENT " fDone %s.\n", fDone ? "Yes" : "No" ));
if (NULL != pInBuf)
free(pInBuf);
pInBuf = NULL;
if (NULL != pOutBuf)
free(pOutBuf);
pOutBuf = NULL;
LOGA ( ( __log_buf, SSPI_CLIENT " exit.\n"));
return(TRUE);
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *g_hCred,
struct _SecHandle *g_hCtext)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff[2];
ULONG ContextAttributes;
static TCHAR lpPackageName[1024];
if( NULL == pIn )
wcscpy_s(lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME );
ss = AcquireCredentialsHandle (
NULL,
lpPackageName,
SECPKG_CRED_OUTBOUND,
NULL,
NULL,
NULL,
NULL,
g_hCred,
&Lifetime);
if (!(SEC_SUCCESS (ss)))
MyHandleError( __FUNCTION__ " AcquireCreds failed ");
// Prepare the buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// The input buffer is created only if a message has been received
// from the server.
if (pIn)
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with pIn supplied.\n"));
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = InSecBuff;
InSecBuff[0].cbBuffer = cbIn;
InSecBuff[0].BufferType = SECBUFFER_TOKEN;
InSecBuff[0].pvBuffer = pIn;
InSecBuff[1].pvBuffer = NULL;
InSecBuff[1].cbBuffer = 0;
InSecBuff[1].BufferType = SECBUFFER_EMPTY;
ss = InitializeSecurityContext (
g_hCred,
g_hCtext,
pCertName,
MessageAttribute,
0,
0,
&InBuffDesc,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
else
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with NULL pIn.\n"));
ss = InitializeSecurityContext (
g_hCred,
NULL,
pCertName,
MessageAttribute,
0,
0,
NULL,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext failed with error 0x%08x\n", ss));
MyHandleError ( __FUNCTION__ " InitializeSecurityContext failed " );
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext returned 0x%08x\n", ss));
// If necessary, complete the token.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (g_hCtext, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " complete failed: 0x%08x\n", ss));
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss) ||
(SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_CLIENT " Token buffer generated (%lu bytes):\n", OutSecBuff.cbBuffer));
PrintHexDump (OutSecBuff.cbBuffer, (PBYTE)OutSecBuff.pvBuffer);
return TRUE;
PBYTE DecryptThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// By agreement, the server encrypted the message and set the size
// of the trailer block to be just what it needed. DecryptMessage
// needs the size of the trailer block.
// The size of the trailer is in the first DWORD of the
// message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before decryption including trailer (%lu bytes):\n",
*pcbMessage));
PrintHexDump (*pcbMessage, (PBYTE) pBuffer);
// Prepare the buffers to be passed to the DecryptMessage function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = *pcbMessage;
SecBuff[0].BufferType = SECBUFFER_DATA;
SecBuff[0].pvBuffer = pBuffer;
SecBuff[1].cbBuffer = 0;
SecBuff[1].BufferType = SECBUFFER_EMPTY;
SecBuff[1].pvBuffer = NULL;
SecBuff[2].cbBuffer = 0;
SecBuff[2].BufferType = SECBUFFER_EMPTY;
SecBuff[2].pvBuffer = NULL;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = DecryptMessage(
hCtxt,
&BuffDesc,
0,
&ulQop);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage failed with error 0x%08x\n", ss))
else
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage success? Status: 0x%08x\n", ss));
// Return a pointer to the decrypted data. The trailer data
// is discarded.
return pBuffer;
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[2];
ULONG ulQop = 0;
PBYTE pSigBuffer;
PBYTE pDataBuffer;
// The global cbMaxSignature is the size of the signature
// in the message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before verifying (including signature):\n"));
PrintHexDump (*pcbMessage, pBuffer);
// By agreement with the server,
// the signature is at the beginning of the message received,
// and the data that was signed comes after the signature.
pSigBuffer = pBuffer;
pDataBuffer = pBuffer + cbMaxSignature;
// The size of the message is reset to the size of the data only.
*pcbMessage = *pcbMessage - (cbMaxSignature);
// Prepare the buffers to be passed to the signature verification
// function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 2;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = cbMaxSignature;
SecBuff[0].BufferType = SECBUFFER_TOKEN;
SecBuff[0].pvBuffer = pSigBuffer;
SecBuff[1].cbBuffer = *pcbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pDataBuffer;
ss = VerifySignature(
hCtxt,
&BuffDesc,
0,
&ulQop
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " VerifyMessage failed with error 0x%08x\n", ss));
else
LOGA ( ( __log_buf, SSPI_CLIENT " Message was properly signed.\n"));
return pDataBuffer;
} // end VerifyThis
void PrintHexDump(
DWORD length,
PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_CLIENT " %s\n", rgbLine));
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes\n", cbBuf ));
if (!SendBytes (s, (PBYTE)&cbBuf, sizeof (cbBuf)))
LOGA ( ( __log_buf, SSPI_CLIENT " size failed.\n" ) );
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
LOGA ( ( __log_buf, SSPI_CLIENT " body failed.\n" ) );
return(FALSE);
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return(TRUE);
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
// Receive the number of bytes in the message.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n" ));
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " failed: size of cbData %lu, bytes %lu\n", sizeof (cbData), cbRead));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
return(FALSE);
if (cbRead != cbData)
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMessage
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent;
int cbRemaining = cbBuf;
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes.\n", cbRemaining ));
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_CLIENT " send failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
pTemp += cbSent;
cbRemaining -= cbSent;
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return TRUE;
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_CLIENT " Entry: %lu bytes.\n", cbRemaining ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes remaining.\n", cbRemaining ));
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " recv failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n" ));
return TRUE;
} // end ReceiveBytes
void MyHandleError(char *s)
DWORD err = GetLastError();
if (err)
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (0x%08.8X). Exiting.\n",s, err ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (no error info). Exiting.\n",s ));
exit (EXIT_FAILURE);
Server.cpp
// This is a server-side SSPI Windows Sockets program.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "Sspiexample.h"
#include <iostream>
CredHandle g_hcred;
struct _SecHandle g_hctxt;
static PBYTE g_pInBuf = NULL;
static PBYTE g_pOutBuf = NULL;
static DWORD g_cbMaxMessage;
static TCHAR g_lpPackageName[1024];
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb );
#define SSPI_SERVER "SChannelServer:" __FUNCTION__
void main (int argc, char * argv[])
CHAR pMessage[200];
DWORD cbMessage;
PBYTE pDataToClient = NULL;
DWORD cbDataToClient = 0;
PWCHAR pUserName = NULL;
DWORD cbUserName = 0;
SOCKET Server_Socket;
WSADATA wsaData;
SECURITY_STATUS ss;
PSecPkgInfo pkgInfo;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
ULONG cbMaxMessage;
ULONG cbHeader;
ULONG cbTrailer;
std::string certThumb;
// Create a certificate if no thumbprint is supplied. Otherwise, use the provided
// thumbprint to find the certificate.
if ( (argc > 1) && (strlen( argv[1]) > 0) )
certThumb.assign(argv[1]);
else
LOGA( ( __log_buf, SSPI_SERVER " : No certificate thumbprint supplied.\n") );
LOGA( ( __log_buf, SSPI_SERVER " : Press ENTER to create a certificate, or abort and start over with a thumbprint.\n") );
std::cin.get();
certThumb.clear();
Insert code to find or create X.509 certificate.
// Set the default package to SChannel.
wcscpy_s(g_lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME);
// Initialize the socket interface and the security package.
if( WSAStartup (0x0101, &wsaData))
LOGA ( ( __log_buf, SSPI_SERVER " Could not initialize winsock: \n") );
cleanup();
ss = QuerySecurityPackageInfo (
g_lpPackageName,
&pkgInfo);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " Could not query package info for %s, error 0x%08x\n",
g_lpPackageName, ss) );
cleanup();
g_cbMaxMessage = pkgInfo->cbMaxToken;
FreeContextBuffer(pkgInfo);
g_pInBuf = (PBYTE) malloc (g_cbMaxMessage);
g_pOutBuf = (PBYTE) malloc (g_cbMaxMessage);
if (NULL == g_pInBuf || NULL == g_pOutBuf)
LOGA ( ( __log_buf, SSPI_SERVER " Memory allocation error.\n"));
cleanup();
// Start looping for clients.
while(TRUE)
LOGA ( ( __log_buf, SSPI_SERVER " Waiting for client to connect...\n"));
// Make an authenticated connection with client.
if (!AcceptAuthSocket (&Server_Socket, certThumb ))
LOGA ( ( __log_buf, SSPI_SERVER " Could not authenticate the socket.\n"));
cleanup();
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
// The following values are used for encryption and signing.
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbHeader = SecPkgSizes.cbHeader;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_SERVER " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
else
LOGA ( ( __log_buf, SSPI_SERVER " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
// Send the client an encrypted message.
strcpy_s(pMessage, sizeof(pMessage),
TEST_MSG);
cbMessage = (DWORD)strlen(pMessage);
EncryptThis (
(PBYTE) pMessage,
cbMessage,
&pDataToClient,
&cbDataToClient,
cbHeader,
cbTrailer);
// Send the encrypted data to client.
if (!SendBytes(
Server_Socket,
pDataToClient,
cbDataToClient))
LOGA ( ( __log_buf, SSPI_SERVER " send message failed. \n"));
cleanup();
LOGA ( ( __log_buf, SSPI_SERVER " %d encrypted bytes sent. \n", cbDataToClient));
if (Server_Socket)
DeleteSecurityContext (&g_hctxt);
FreeCredentialHandle (&g_hcred);
shutdown (Server_Socket, 2) ;
closesocket (Server_Socket);
Server_Socket = 0;
if (pUserName)
free (pUserName);
pUserName = NULL;
cbUserName = 0;
if(pDataToClient)
free (pDataToClient);
pDataToClient = NULL;
cbDataToClient = 0;
} // end while loop
LOGA ( ( __log_buf, SSPI_SERVER " Server ran to completion without error.\n"));
cleanup();
} // end main
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb )
SOCKET sockListen;
SOCKET sockClient;
SOCKADDR_IN sockIn;
// Create listening socket.
sockListen = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == sockListen)
LOGA ( ( __log_buf, SSPI_SERVER " Failed to create socket: %u\n", GetLastError ()));
return(FALSE);
// Bind to local port.
sockIn.sin_family = AF_INET;
sockIn.sin_addr.s_addr = 0;
sockIn.sin_port = htons(usPort);
if (SOCKET_ERROR == bind (
sockListen,
(LPSOCKADDR) &sockIn,
sizeof (sockIn)))
LOGA ( ( __log_buf, SSPI_SERVER " bind failed: %u\n", GetLastError ()));
return(FALSE);
// Listen for client.
if (SOCKET_ERROR == listen (sockListen, 1))
LOGA ( ( __log_buf, SSPI_SERVER " Listen failed: %u\n", GetLastError ()));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " Listening ! \n"));
// Accept client.
sockClient = accept (
sockListen,
NULL,
NULL);
if (INVALID_SOCKET == sockClient)
LOGA ( ( __log_buf, SSPI_SERVER " accept failed: %u\n",GetLastError() ) );
return(FALSE);
closesocket (sockListen);
*ServerSocket = sockClient;
return(DoAuthentication (sockClient, certThumb ));
} // end AcceptAuthSocket
BOOL DoAuthentication (SOCKET AuthSocket, std::string certThumb )
SECURITY_STATUS ss;
DWORD cbIn, cbOut;
BOOL done = FALSE;
TimeStamp Lifetime;
BOOL fNewConversation;
fNewConversation = TRUE;
PCCERT_CONTEXT pCertCtxt;
Insert code to retrieve pCertCtxt
// Build SCHANNEL_CRED structure to hold CERT_CONTEXT for call to AcquireCredentialsHandle
SCHANNEL_CRED credSchannel = {0};
credSchannel.dwVersion = SCHANNEL_CRED_VERSION;
credSchannel.grbitEnabledProtocols = SP_PROT_SSL2_SERVER | SP_PROT_TLS1_SERVER;
credSchannel.cCreds = 1;
credSchannel.paCred = &pCertCtxt;
ss = AcquireCredentialsHandle (
NULL, //pszPrincipal
g_lpPackageName, //pszPackage
SECPKG_CRED_INBOUND, //fCredentialuse
NULL, //pvLogonID
&credSchannel, //pAuthData - need SCHANNEL_CRED structure that indicates the protocol to use and the settings for various customizable channel features.
NULL, //pGetKeyFn
NULL, //pvGetKeyArgument
&g_hcred, //phCredential
&Lifetime); //ptsExpiry
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcquireCreds failed: 0x%08x\n", ss));
return(FALSE);
while(!done)
if (!ReceiveMsg (
AuthSocket,
g_pInBuf,
g_cbMaxMessage,
&cbIn))
return(FALSE);
cbOut = g_cbMaxMessage;
if (!GenServerContext (
g_pInBuf,
cbIn,
g_pOutBuf,
&cbOut,
&done,
fNewConversation))
LOGA ( ( __log_buf, SSPI_SERVER " GenServerContext failed.\n"));
return(FALSE);
fNewConversation = FALSE;
if (!SendMsg (
AuthSocket,
g_pOutBuf,
cbOut))
LOGA ( ( __log_buf, SSPI_SERVER " Send message failed.\n"));
return(FALSE);
return(TRUE);
} // end DoAuthentication
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewConversation)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff;
ULONG Attribs = 0;
// Prepare output buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// Prepare input buffers.
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = &InSecBuff;
InSecBuff.cbBuffer = cbIn;
InSecBuff.BufferType = SECBUFFER_TOKEN;
InSecBuff.pvBuffer = pIn;
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer received (%lu bytes):\n", InSecBuff.cbBuffer));
PrintHexDump (InSecBuff.cbBuffer, (PBYTE)InSecBuff.pvBuffer);
ss = AcceptSecurityContext (
&g_hcred,
fNewConversation ? NULL : &g_hctxt,
&InBuffDesc,
Attribs,
SECURITY_NATIVE_DREP,
&g_hctxt,
&OutBuffDesc,
&Attribs,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
// Complete token if applicable.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (&g_hctxt, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " complete failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
// fNewConversation equals FALSE.
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer generated (%lu bytes):\n",
OutSecBuff.cbBuffer));
PrintHexDump (
OutSecBuff.cbBuffer,
(PBYTE)OutSecBuff.pvBuffer);
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext result = 0x%08x\n", ss));
return TRUE;
} // end GenServerContext
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
ULONG * pcbOutput,
ULONG cbHeader,
ULONG cbTrailer)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// The size of the trailer (signature + padding) block is
// determined from the global cbSecurityTrailer.
LOGA ( ( __log_buf, SSPI_SERVER " Data before encryption: %s\n", pMessage));
LOGA ( ( __log_buf, SSPI_SERVER " Length of data before encryption: %d \n",cbMessage));
// Prepare buffers.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
PBYTE pHeader;
pHeader = (PBYTE) malloc (cbHeader);
SecBuff[0].cbBuffer = cbHeader;
SecBuff[0].BufferType = SECBUFFER_STREAM_HEADER;
SecBuff[0].pvBuffer = pHeader;
SecBuff[1].cbBuffer = cbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pMessage;
PBYTE pTrailer;
pTrailer = (PBYTE) malloc (cbTrailer);
SecBuff[2].cbBuffer = cbTrailer;
SecBuff[2].BufferType = SECBUFFER_STREAM_TRAILER;
SecBuff[2].pvBuffer = pTrailer;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = EncryptMessage(
&g_hctxt,
ulQop,
&BuffDesc,
0);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " EncryptMessage failed: 0x%08x\n", ss));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " The message has been encrypted. \n"));
// Allocate a buffer to hold the encrypted data constructed from the 3 buffers.
*pcbOutput = cbHeader + cbMessage + cbTrailer;
* ppOutput = (PBYTE) malloc (*pcbOutput);
memset (*ppOutput, 0, *pcbOutput);
memcpy (*ppOutput, pHeader, cbHeader);
memcpy (*ppOutput + cbHeader, pMessage, cbMessage);
memcpy (*ppOutput + cbHeader + cbMessage, pTrailer, cbTrailer);
LOGA ( ( __log_buf, SSPI_SERVER " data after encryption including trailer (%lu bytes):\n",
*pcbOutput));
PrintHexDump (*pcbOutput, *ppOutput);
return TRUE;
} // end EncryptThis
void PrintHexDump(DWORD length, PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_SERVER " %s\n", rgbLine));
} // end PrintHexDump
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
if (!SendBytes (
s,
(PBYTE)&cbBuf,
sizeof (cbBuf)))
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
return(FALSE);
return(TRUE);
} // end SendMsg
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
// Retrieve the number of bytes in the message.
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed retrieving byte count.\n", cbBuf ));
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer size (%lu) differs from reported size (%lu)\n", sizeof(cbData), cbRead ));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed.\n", cbBuf ));
return(FALSE);
if (cbRead != cbData)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer bytes (%lu) differs from reported bytes (%lu)\n", cbData, cbRead ));
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMsg
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_SERVER " send failed: %u\n", GetLastError ()));
return FALSE;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes sent\n", cbSent ));
pTemp += cbSent;
cbRemaining -= cbSent;
return TRUE;
} // end SendBytes
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " recv failed: %u\n", GetLastError () ) );
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
return TRUE;
} // end ReceivesBytes
void cleanup()
if (g_pInBuf)
free (g_pInBuf);
g_pInBuf = NULL;
if (g_pOutBuf)
free (g_pOutBuf);
g_pOutBuf = NULL;
WSACleanup ();
exit(0);
SspiExample.h
// SspiExample.h
#include <schnlsp.h>
#include <sspi.h>
#include <windows.h>
#include <string>
BOOL SendMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
BOOL SendBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
void cleanup();
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *hCred,
PSecHandle phCtext
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewCredential
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput,
ULONG cbHeader,
ULONG cbTrailer
PBYTE DecryptThis(
PBYTE achData,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt
BOOL
SignThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature
void PrintHexDump(DWORD length, PBYTE buffer);
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName
BOOL CloseAuthSocket (SOCKET s);
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName );
BOOL DoAuthentication (SOCKET s, std::string certThumb );
void MyHandleError(char *s);
#define DBG_SIZE 1024
int OutputDebug( char buff[DBG_SIZE] )
int retval;
char debugstring[DBG_SIZE+32];
retval = _snprintf_s( debugstring, DBG_SIZE+32, _TRUNCATE, " %s", buff );
OutputDebugStringA( debugstring );
return retval;
int DbgBufCopy( char *buff, const char *format, ...)
int iLen;
va_list args;
/// Call va_start to start the variable list
va_start(args, format);
/// Call _vsnprintf_s to copy debug information to the buffer
iLen = _vsnprintf_s(buff, DBG_SIZE, _TRUNCATE, format, args);
/// Call va_end to end the variable list
va_end(args);
return iLen;
#define LOGA(_format_and_args_)\
{ char __log_buf[DBG_SIZE];\
DbgBufCopy _format_and_args_;\
printf("%s", __log_buf );\
OutputDebug(__log_buf);\
#define TEST_MSG "This is your server speaking"
My initial attempt built an SCHANNEL_CRED structure following the documentation to set
grbitEnabledProtocols to 0, and let SChannel select the protocol. This worked on Windows 7, selecting TLS1. When I ran the same exe-s on 2008 R2, the Client program failed, with InitializeSecurityContext returning SEC_E_DECRYPT_FAILURE.
The failure occurred on the 2nd call, using phNewContext returned on the first call.
My next attempt set grbitEnabledProtocols to SP_PROT_TLS1_SERVER. This also worked on Win 7, but 2008R2 failed again, this time on the Server side. AcceptSecurityContext failed, returning SEC_E_ALGORITHM_MISMATCH.
TLS is a requirement for my project, but to try getting the sample to run, I next set grbitEnabledProtocols to SP_PROT_SSL2_SERVER. This did work for 2008R2, selecting SSL2, but now the Server failed on Win7 with AcceptSecurityContext returning
SEC_E_ALGORITHM_MISMATCH.
My final try was to set grbitEnabledProtocols to SP_PROT_TLS1_SERVER | SP_PROT_SSL2_SERVER, but that failed identically to the first case, with the Client on 2008R2 returning SEC_E_DECRYPT_FAILURE.
So my question is - What is required to get SChannel to select TLS regardless of the Windows version on which the programs are running?Thank you for the reference. That did provide the information I needed to get TLS working. However, the documentation is not accurate with regard to setting the registry keys and values.
The tables all show DisabledByDefault as a subkey under the protocol. They also describe a DWORD value, Enabled, as the mechanism to enable/disable a protocol.
What I found is DisabledByDefault is a DWORD value under Client/Server and it appears to be the determining factor to whether a protocol is enabled/disabled.
The only way I was able to get TLS 1.1 working is with the following path present:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
Under Client, I must have DisabledByDefault set to 0. With that, the Enabled value does not need to be present.
This held true for any level of TLS.
I also found the setting of grbitEnabledProtocols in the SCHANNEL_CRED structure to be misleading. From the description at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx, I thought my Server program could set this field to 0, and SChannel would select the protocol as directed by the registry. What I found is that the structure flag must
agree with the registry setting for TLS to work. That is with the resgistry key above for TLS 1.1, I must set grbitEnabledProtocols to SP_PROT_TLS1_1.
Can you confirm the relationship between the SCHANNEL_CRED contents and registry state? -
Installing forms 11gr2 services on windows server 2008 r2 64 bit
hello,
I successfully installed on windows 7 64 bit my developer forms & reports 11gR2 with weblogic 10.3.5 , jdk 1.6.0_+.
Now i want to install in it in windows server 2008 R2 64bit, to deploy the application i created as a test.
Question.
1. Can I used the same installation set up , step, procedure as the development mode by only changing the installation mode to production mode in windows 2008R2?
1.1 Do I need to create domain first after install the weblogic or it is like the development mode that the FRM_installation will create its classic domain?
2. Can I used it without the fusion middleware?
3. It is compatible version for forms 11gr2 for Oracle Fusion Middleware 11g Release 1 (11.1.1.6.0) ? << doubted not compatible.
4. It is valid if i only install weblogic server 10.3.5 without the fusion middleware? Am I or other clients can able to access it?
5. It is will be a AS server even if without the repository creation?
Note : i only need the forms&report server services to run our application on windows server 2008 R2 64 bit and compile respectedly.
I ve done it with OAS 10g before but different procedures now since forms 11gr2 is using now weblogic server.
Thank you very much.... i want to install in it ... , to deploy the application i created as a test If you chose the "Development" install option during the installation of 11.1.2 you would have everything you needed to run your form. The only significant difference between the Dev and Deploy installation is the that in the Dev install type the Forms and Reports Servlets are deployed into the Admin server Managed server rather than creating a unique one for each. For local testing purposes, this should be sufficient for most cases. If on the other hand you need a full installation (Deployment), I would recommend that you choose this option, but be sure to also include the Builders. The Builders are available for both install types. I would not recommend attempting to have both install types installed together although it likely can be done. Having both installed would likely create confusion and difficulty during troubleshooting.
Important point. If you choose the Deployment option and include the Builders during that installation, you do not need to start everything in order to run a form. All that is needed is WLS_FORMS. All other processes can be stopped if system resources is a concern. For an actual production deployment, it is recommended that you route end-user requests through HTTP Server, but this is not required unless you plan to use SSO or other feature that is managed through HTTP Server.
Maybe you are looking for
-
Report to show data for specific MD
Hello, I am racking my brain thinking of a way to do this... I have some specific masterdata for example Product 1,2,3...10 and i also have a cube where any Actual & target sales are recorded I need a way of producing a report whereby the report show
-
One OCS for multiple Company´s ???
Hello, It´s possible to install multiple "areas" on one OCS? We want to provide a OCS for our customers. They shouldn´t see other caledars or adress-book. Only ther own "area". KR Mathias
-
Using copy express for user settings
I am in the process of setting up 10 company databases on one system. The same users will have access to all of the databases (over 100 users). We have laboriously entered form settings for every possible form under the manager user in one of the d
-
I own Phillips 32pfl9604h TV. Recently I bought HDMI adapter. When I set up the iPad with HDMI to TV , TV is recognizing the iPad but the format is constantly switching between 2 different formats. I tried to connect it to a different model of TV and
-
Help - Difficulties with transate()
Hi, I am having some weird difficulties with the translate method. I am trying to reposition one of layers by using X and Y values from a CSV file. I tried to access the variables various ways. One was using part[5], (with 'part' as the variable'). T