WS Policy problem for encryption

Hello,
1- I'm using osb 10g3 and I have problems to configure ws policy for encryption.
I have configured weblogic realm security to provide my keystore and also certificat path provider to register my trusted key
and PKI credential mapper .but I have always the same soap fault :
java.security.cert.CertPathBuilderException: [Security:090686]The CertificateRegistry could not build a certificate path for the subject key identifier
My certif X509V3 public key
. This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
Someone can help me to configure this step ?
(i'm using soapui and for testing my proxy and the policy used is encrypt.xml policy
Edited by: user11144716 on Jul 28, 2009 6:19 AM

Can you post more details, like the annotations you used or the policy?

Similar Messages

  • WS Policy problem for encryption at proxy side

    Hello ,
    I'm using osb - weblogic 10g3 and I have problem to configure ws policy for encryption in my proxy.
    I have configured weblogic reaml security to provide my keystore, also certificat path to register my trusted key
    and PKI credential mapper .but I have always the same soap fault :
    Trace:
    java.security.cert.CertPathBuilderException: Security:090686The CertificateRegistry could not build a certificate path for the subject key identifier
    My certif X509V3 public key
    . This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
    Someone can help me to configure this step ?
    The policy is enable at the proxy side. and the the registry is set to trust my certificate (.pem).
    Thanks !

    Hello ,
    I'm using osb - weblogic 10g3 and I have problem to configure ws policy for encryption in my proxy.
    I have configured weblogic reaml security to provide my keystore, also certificat path to register my trusted key
    and PKI credential mapper .but I have always the same soap fault :
    Trace:
    java.security.cert.CertPathBuilderException: Security:090686The CertificateRegistry could not build a certificate path for the subject key identifier
    My certif X509V3 public key
    . This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
    Someone can help me to configure this step ?
    The policy is enable at the proxy side. and the the registry is set to trust my certificate (.pem).
    Thanks !

  • Adobe Reader 9.1 Printing Problem for Encrypted Documents

    Hi All.
    Have a client who is on a early 2008 MBP 15" running OSX 10.5.7, using a AEBSn set at 802.11n with a HP LaserJet 4000 Series printer connected to the AEBSn and working great.
    The client received an encrypted PDF document that seems to break the printing system when you try to print.
    I installed Reader 9.1, ran Disk Util, reset PRAM (for good measure) and restarted.
    Everything prints fine, except this document. The stall happens when it goes to the printer -- printer blinks as if its receiving the document but times out. Cancel the print job and try something else, no problems.
    I'm stumped.

    Guess no one can answer this.

  • Problem: KDC has no support for encryption type (14)

    hi, I have dealing the problem for long time and no response in bea forum.
    I feel very exhausted when checking mit's kerberos mailist and sun forum. Any try every method they provide but not success.
    first I generate the keytab using w2k's ktpass
    ktpass -princ HTTP/[email protected] -mapuser weblogic -pass weblogic -out dlsvr_keytab -crypto des-cbc-crc
    and it turn out to be successful.
    My W2KSP4 KDC Config is:
    c:\winnt\krb5.ini-----------------------------
    [libdefaults]
    default_realm = DLSVR.COM
    default_tkt_enctypes = des-cbc-crc
    default_tgs_enctypes = des-cbc-crc
    ticket_lifetime = 600
    [realms]
    DLSVR.COM = {
    kdc = 192.168.2.231
    admin_server = dlserver
    default_domain = DLSVR.COM
    [domain_realm]
    .dlsvr.com= DLSVR.COM
    [appdefaults]
    autologin = true
    forward = true
    forwardable = true
    encrypt = true
    i also set des type in AD Accout and also reset password after that
    i create my keytab using des-cbc-crc as you can see in the log below :
    <2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
    KeyTab: load() entry length: 50
    KeyTabInputStream, readName(): DLSVR.COM
    KeyTabInputStream, readName(): host
    KeyTabInputStream, readName(): weblogic
    KeyTab: load() entry length: 44
    KeyTabInputStream, readName(): dlsvr.com
    KeyTabInputStream, readName(): weblogic
    EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
    crc32: e9889c7a
    crc32: 11101001100010001001110001111010
    KrbAsReq calling createMessage
    KrbAsReq in createMessage
    KrbAsReq etypes are: 1
    KrbKdcReq send: kdc=192.168.2.231 UDP:88, timeout=30000, number of retries =3, #bytes=216
    KDCCommunication: kdc=192.168.2.231 UDP:88, timeout=30000,Attempt =1, #bytes=216
    KrbKdcReq send: #bytes read=1217
    KrbKdcReq send: #bytes read=1217
    EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
    crc32: 54c176ae
    crc32: 1010100110000010111011010101110
    KrbAsRep cons in KrbAsReq.getReply host/weblogicFound key for host/[email protected]
    Entered Krb5Context.acceptSecContext with state=STATE_NEW
    <2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no
    support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProvider
    Impl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    So i don't know why win2k's KDC not support the des-cbc-crc,
    Any Help or Clue woud be highly appreciated!
    david

    Exception was: javax.naming.AuthenticationException: KDC has no support for encryption type (14) [Root exception is KrbException: KDC has no support for encryption type (14)]
    at com.sco.tta.server.security.java14.KerberosAuth.login(KerberosAuth.java:286)
    at com.sco.tta.server.login.ADLoginAuthority.authenticate(ADLoginAuthority.java:39 0)
    Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2.
    Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.
    On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
    Value Name: allowtgtsessionkey
    Value Type: REG_DWORD
    Value: 0x01 ( default is 0 )
    By default, the value is 0; setting it to "0x01" allows a session key to be included in the TGT.

  • Policy Agent for JBoss

    Hi,
    I have installed SAM (together with S1DS, Web Server and Administration Server (from JES installer)).
    I have installed and configured Policy Agent for JBoss AS, but i'm getting a browser "Redirect loop" (Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked.) error after I login with a correct user/password combination when I try to access the sample application.
    My browser accepts cookies from all domains and I get no error in console.
    My AMAgent.properties looks like this:
    com.sun.identity.agents.config.user.mapping.mode = USER_ID
    com.sun.identity.agents.config.user.attribute.name = employeenumber
    com.sun.identity.agents.config.user.principal = false
    com.sun.identity.agents.config.user.token = UserToken
    com.sun.identity.agents.config.client.ip.header =
    com.sun.identity.agents.config.client.hostname.header =
    com.sun.identity.agents.config.load.interval = 0
    com.sun.identity.agents.config.locale.language = en
    com.sun.identity.agents.config.locale.country = US
    com.sun.identity.agents.config.organization.name = /
    com.sun.identity.agents.config.audit.accesstype = LOG_BOTH
    com.sun.identity.agents.config.log.disposition = ALL
    com.sun.identity.agents.config.remote.logfile = amAgent_11_126_14_20_8080.log
    com.sun.identity.agents.config.local.logfile = /home/ciuc/stuff/src/j2ee_agents/am_jboss_agent/agent_001/logs/audit/amAgent_11_126_14_20_8080.log
    com.sun.identity.agents.config.local.log.rotate = false
    com.sun.identity.agents.config.local.log.size = 52428800
    com.sun.identity.agents.config.webservice.enable = false
    com.sun.identity.agents.config.webservice.endpoint[0] =
    com.sun.identity.agents.config.webservice.process.get.enable = true
    com.sun.identity.agents.config.webservice.authenticator =
    com.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
    com.sun.identity.agents.config.webservice.autherror.content  = WSAuthErrorContent.txt
    com.sun.identity.agents.config.access.denied.uri =
    com.sun.identity.agents.config.login.form[0] =
    com.sun.identity.agents.config.login.error.uri[0] =
    com.sun.identity.agents.config.login.use.internal = true
    com.sun.identity.agents.config.login.content.file = FormLoginContent.txt
    com.sun.identity.agents.config.auth.handler[] =    
    com.sun.identity.agents.config.logout.handler[] =
    com.sun.identity.agents.config.verification.handler[] =
    com.sun.identity.agents.config.redirect.param = goto
    com.sun.identity.agents.config.login.url[0] = http://sam.domain:80/amserver/UI/Login
    com.sun.identity.agents.config.login.url.prioritized = true
    com.sun.identity.agents.config.agent.host =
    com.sun.identity.agents.config.agent.port =
    com.sun.identity.agents.config.agent.protocol =
    com.sun.identity.agents.config.login.attempt.limit = 0
    com.sun.identity.agents.config.sso.decode = true
    com.sun.identity.agents.config.amsso.cache.enable = true
    com.sun.identity.agents.config.cookie.reset.enable = false
    com.sun.identity.agents.config.cookie.reset.name[0] =
    com.sun.identity.agents.config.cookie.reset.domain[] = 
    com.sun.identity.agents.config.cookie.reset.path[] =
    com.sun.identity.agents.config.cdsso.enable = false
    com.sun.identity.agents.config.cdsso.redirect.uri = /agentapp/sunwCDSSORedirectURI
    com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = http://dm-test-win-1:80/amserver/cdcservlet
    com.sun.identity.agents.config.cdsso.clock.skew = 0
    com.sun.identity.agents.config.cdsso.trusted.id.provider[0] = http://dm-test-win-1:80/amserver/cdcservlet
    com.sun.identity.agents.config.logout.application.handler[] =
    com.sun.identity.agents.config.logout.uri[] =
    com.sun.identity.agents.config.logout.request.param[] =
    com.sun.identity.agents.config.logout.introspect.enabled = false
    com.sun.identity.agents.config.logout.entry.uri[] =
    com.sun.identity.agents.config.fqdn.check.enable = true
    com.sun.identity.agents.config.fqdn.default = jbossAS.domain
    com.sun.identity.agents.config.fqdn.mapping[] =
    com.sun.identity.agents.config.legacy.support.enable = false
    com.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
    com.sun.identity.agents.config.legacy.redirect.uri = /agentapp/sunwLegacySupportURI
    com.sun.identity.agents.config.response.header[] =
    com.sun.identity.agents.config.redirect.attempt.limit = 0
    com.sun.identity.agents.config.port.check.enable = false
    com.sun.identity.agents.config.port.check.file = PortCheckContent.txt
    com.sun.identity.agents.config.port.check.setting[8080] = http
    com.sun.identity.agents.config.notenforced.uri[0] = /agentsample/public/*
    com.sun.identity.agents.config.notenforced.uri[1] = /agentsample/images/*
    com.sun.identity.agents.config.notenforced.uri[2] = /agentsample/styles/*
    com.sun.identity.agents.config.notenforced.uri[3] = /agentsample/index.html
    com.sun.identity.agents.config.notenforced.uri[4] = /agentsample
    com.sun.identity.agents.config.notenforced.uri.invert = false
    com.sun.identity.agents.config.notenforced.uri.cache.enable = true
    com.sun.identity.agents.config.notenforced.uri.cache.size = 1000
    com.sun.identity.agents.config.notenforced.ip[0] =
    com.sun.identity.agents.config.notenforced.ip.invert = false
    com.sun.identity.agents.config.notenforced.ip.cache.enable = true
    com.sun.identity.agents.config.notenforced.ip.cache.size = 1000
    com.sun.identity.agents.config.attribute.cookie.separator = |
    com.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
    com.sun.identity.agents.config.attribute.cookie.encode = true
    com.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
    com.sun.identity.agents.config.profile.attribute.mapping[] =
    com.sun.identity.agents.config.session.attribute.fetch.mode = NONE
    com.sun.identity.agents.config.session.attribute.mapping[] =
    com.sun.identity.agents.config.response.attribute.fetch.mode = NONE
    com.sun.identity.agents.config.response.attribute.mapping[] =
    com.sun.identity.agents.config.bypass.principal[0] =
    com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
    com.sun.identity.agents.config.privileged.attribute.type[0] = Role
    com.sun.identity.agents.config.privileged.attribute.tolowercase[Role] = false
    com.sun.identity.agents.config.privileged.session.attribute[0] =
    com.sun.identity.agents.config.service.resolver = com.sun.identity.agents.jboss.v40.AmJBossAgentServiceResolver
    com.sun.identity.agents.app.username = amagent
    com.iplanet.am.service.secret = AQICJmGvlBWYuAYQndALuvNKiw==
    am.encryption.pwd = /mY/WidDT34aJtbcFS0pCKFEt6evPeTF
    com.sun.identity.client.encryptionKey= /mY/WidDT34aJtbcFS0pCKFEt6evPeTF
    com.iplanet.services.debug.level=error
    com.iplanet.services.debug.directory=/home/ciuc/stuff/src/j2ee_agents/am_jboss_agent/agent_001/logs/debug
    com.iplanet.am.cookie.name=iPlanetDirectoryPro
    com.iplanet.am.naming.url=http://sam.domain:80/amserver/namingservice
    com.iplanet.am.notification.url=http://jbossAS.domain:8080/agentapp/notification
    com.iplanet.am.session.client.polling.enable=false
    com.iplanet.am.session.client.polling.period=180
    com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
    com.iplanet.am.sdk.remote.pollingTime=1
    com.sun.identity.sm.cacheTime=1
    com.iplanet.am.localserver.protocol=http
    com.iplanet.am.localserver.host=jbossAS.domain
    com.iplanet.am.localserver.port=8080
    com.iplanet.am.server.protocol=http
    com.iplanet.am.server.host=sam.domain
    com.iplanet.am.server.port=80
    com.sun.identity.agents.server.log.file.name=amRemotePolicyLog
    com.sun.identity.agents.logging.level=BOTH
    com.sun.identity.agents.notification.enabled=true
    com.sun.identity.agents.notification.url=http://jbossAS.domain:8080/agentapp/notification
    com.sun.identity.agents.polling.interval=3
    com.sun.identity.policy.client.cacheMode=subtree
    com.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
    com.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
    com.sun.identity.policy.client.clockSkew=1011.126.14.20 is the computer where I have the JBoss installation.
    11.126.14.18 is the computer where I have SAM services.
    Do you have any idea why this error may occur?
    Thank you in advance,
    Cristi

    Hi,
    Thanks for your responses, I've included my AMAgent.properties below if you could take a look at it.
    I only seem to run into the problem when I authenticate if the following is set:
    com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER
    If that is set to NONE then I can access the application fine, but if i use the HTTP_HEADER and attempt to pass information via the header I get stuck in the loop which results in the message <strong>".Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked."</strong>
    There is no helpful output in either my container log or the Policy Agent logs.
    The myHost.local. exists within my /etc/hosts file and using ping and other tools resolve fine.
    I am using JBOSS 4.2.2 on Linux (and windows).
    If anyone can help save my sanity it would be appreciated.
    com.sun.identity.agents.config.filter.mode = URL_POLICY
    com.sun.identity.agents.config.user.mapping.mode = USER_ID
    com.sun.identity.agents.config.user.attribute.name = employeenumber
    com.sun.identity.agents.config.user.principal = false
    com.sun.identity.agents.config.user.token = UserToken
    com.sun.identity.agents.config.load.interval = 0
    com.sun.identity.agents.config.locale.language = en
    com.sun.identity.agents.config.locale.country = US
    com.sun.identity.agents.config.audit.accesstype = LOG_NONE
    com.sun.identity.agents.config.log.disposition = REMOTE
    com.sun.identity.agents.config.remote.logfile = amAgent_8089.log
    com.sun.identity.agents.config.local.logfile = /usr/j2ee_agents/am_jboss_agent/agent_001/logs/audit/amAgent_8089.log
    com.sun.identity.agents.config.local.log.rotate = false
    com.sun.identity.agents.config.local.log.size = 52428800
    com.sun.identity.agents.config.webservice.enable = false
    com.sun.identity.agents.config.webservice.endpoint[0] =
    com.sun.identity.agents.config.webservice.process.get.enable = true
    com.sun.identity.agents.config.webservice.authenticator =
    com.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
    com.sun.identity.agents.config.webservice.autherror.content  = WSAuthErrorContent.txt
    com.sun.identity.agents.config.login.form[0] = /manager/AMLogin.html
    com.sun.identity.agents.config.login.form[1] = /host-manager/AMLogin.html
    com.sun.identity.agents.config.login.error.uri[0] = /manager/AMError.html
    com.sun.identity.agents.config.login.error.uri[1] = /host-manager/AMError.html
    com.sun.identity.agents.config.login.use.internal = true
    com.sun.identity.agents.config.login.content.file = FormLoginContent.txt
    com.sun.identity.agents.config.auth.handler[] =   
    com.sun.identity.agents.config.logout.handler[] =
    com.sun.identity.agents.config.verification.handler[] =
    com.sun.identity.agents.config.redirect.param = goto
    com.sun.identity.agents.config.login.url[0] = http://myHost.local:8080/amserver/UI/Login
    com.sun.identity.agents.config.login.url.prioritized = true
    com.sun.identity.agents.config.login.url.probe.enabled = true
    com.sun.identity.agents.config.login.url.probe.timeout = 2000
    com.sun.identity.agents.config.agent.host =
    com.sun.identity.agents.config.agent.port =
    com.sun.identity.agents.config.agent.protocol =
    com.sun.identity.agents.config.login.attempt.limit = 0
    com.sun.identity.agents.config.sso.decode = true
    com.sun.identity.agents.config.amsso.cache.enable = true
    com.sun.identity.agents.config.cookie.reset.enable = false
    com.sun.identity.agents.config.cookie.reset.name[0] =
    com.sun.identity.agents.config.cookie.reset.domain[] =
    com.sun.identity.agents.config.cookie.reset.path[] =
    com.sun.identity.agents.config.cdsso.enable = false
    com.sun.identity.agents.config.cdsso.redirect.uri = /agentapp/sunwCDSSORedirectURI
    com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = http://myHost.local:8080/amserver/cdcservlet
    com.sun.identity.agents.config.cdsso.clock.skew = 0
    com.sun.identity.agents.config.cdsso.trusted.id.provider[0] = http://myHost.local:8080/amserver/cdcservlet
    com.sun.identity.agents.config.cdsso.secure.enable = false
    #com.sun.identity.agents.config.cdsso.domain[0] =
    com.sun.identity.agents.config.logout.application.handler[] =
    com.sun.identity.agents.config.logout.uri[] =
    com.sun.identity.agents.config.logout.request.param[] =
    com.sun.identity.agents.config.logout.introspect.enabled = false
    com.sun.identity.agents.config.logout.entry.uri[] =
    com.sun.identity.agents.config.fqdn.check.enable = true
    com.sun.identity.agents.config.fqdn.default = am.ufidev.local.
    com.sun.identity.agents.config.fqdn.mapping[] =
    com.sun.identity.agents.config.legacy.support.enable = false
    com.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
    com.sun.identity.agents.config.legacy.redirect.uri = /agentapp/sunwLegacySu<br />                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • KDC has no support for encryption type (14)

    I have come across a posting on "KDC has no support for encryption type (14)" - " http://www.webservertalk.com/message1277232.html"
    and believe that I am hitting the same problem. However, there is no solution. Can anybody help?
    I have done all the necessary steps suggested, including changing the registry and removing the unwanted SPN, but the error still there. The only different is probably I combined WebLogic and AD in one machine. But, does that make any difference?
    Client
    ====
    Name: ssoclient.ssow2k.com
    OS: Win XP SP2
    Server
    =====
    Name: ssow2kserver.ssow2k.com
    OS: Windows 2000 Advanced Server SP4
    WLS: BEA WebLogic 8.1.4
    <<Registry>>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
    Value Name: allowtgtsessionkey
    Value Type: REG_DWORD
    Value: 0x01
    The following is the WebLogic myserver log for your reference:
    ========================================================================================
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=console, contextPath=/console, uri=/*>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Admin>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Operator>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Deployer>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Monitor>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(Admin,Operator,Deployer,Monitor)}>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(Admin,Operator,Deployer,Monitor)} successfully deployed for resource type=<url>, application=console, contextPath=/console, uri=/*>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
    ####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> < PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
    ####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Found Negotiate with SPNEGO token>
    ####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext (GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity (SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm (CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Exception weblogic.security.providers.utils.NegotiateTokenException: GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    weblogic.security.providers.utils.NegotiateTokenException : GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:419)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity (PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java :199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute (ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ========================================================================================
    The following are some krb5 packets captured. I suspected it is due to the encryption type used - RC4-HMAC:
    ========================================================================================
    KRB5 (AS-REQ)
    ============
    No. Time Source Destination Protocol Info
    125 10.301166 10.122.1.2 10.122.1.200 KRB5 AS-REQ
    Frame 125 (345 bytes on wire, 345 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.848903000
    Time delta from previous packet: 0.008330000 seconds
    Time since reference or first frame: 10.301166000 seconds
    Frame Number: 125
    Packet Length: 345 bytes
    Capture Length: 345 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Source: 10.122.1.2 (00:0c:29:17:9a:be)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 331
    Identification: 0x0158 (344)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x208d [correct]
    Source: 10.122.1.2 (10.122.1.2 )
    Destination: 10.122.1.200 (10.122.1.200)
    User Datagram Protocol, Src Port: 1075 (1075), Dst Port: kerberos (88)
    Source port: 1075 (1075)
    Destination port: kerberos (88)
    Length: 311
    Checksum: 0x1133 [correct]
    Kerberos AS-REQ
    Pvno: 5
    MSG Type: AS-REQ (10)
    padata: PA-ENC-TIMESTAMP PA-PAC-REQUEST
    Type: PA-ENC-TIMESTAMP (2)
    Type: PA-PAC-REQUEST (128)
    KDC_REQ_BODY
    Padding: 0
    KDCOptions: 40810010 (Forwardable, Renewable, Canonicalize, Renewable OK)
    Client Name (Principal): ssouser
    Realm: SSOW2K.COM
    Server Name (Service and Instance): krbtgt/SSOW2K.COM
    till: 2037-09-13 02:48:05 (Z)
    rtime: 2037-09-13 02:48:05 (Z)
    Nonce: 1870983219
    Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
    Encryption type: rc4-hmac (23)
    Encryption type: rc4-hmac-old (-133)
    Encryption type: rc4-md4 (-128)
    Encryption type: des-cbc-md5 (3)
    Encryption type: des-cbc-crc (1)
    Encryption type: rc4-hmac-exp (24)
    Encryption type: rc4-hmac-old-exp (-135)
    HostAddresses: SSOCLIENT<20>
    KRB5 (AS-REP)
    ============
    No. Time Source Destination Protocol Info
    126 10.303156 10.122.1.200 10.122.1.2 KRB5 AS-REP
    Frame 126 (1324 bytes on wire, 1324 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.850893000
    Time delta from previous packet: 0.001990000 seconds
    Time since reference or first frame: 10.303156000 seconds
    Frame Number: 126
    Packet Length: 1324 bytes
    Capture Length: 1324 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
    Destination: 10.122.1.2 (00:0c:29:17:9a:be)
    Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1310
    Identification: 0x0a0f (2575)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1403 [correct]
    Source: 10.122.1.200 (10.122.1.200)
    Destination: 10.122.1.2 (10.122.1.2)
    User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1075 (1075)
    Source port: kerberos (88)
    Destination port: 1075 (1075)
    Length: 1290
    Checksum: 0xb637 [correct]
    Kerberos AS-REP
    Pvno: 5
    MSG Type: AS-REP (11)
    Client Realm: SSOW2K.COM
    Client Name (Principal): ssouser
    Ticket
    enc-part rc4-hmac
    Encryption type: rc4-hmac (23)
    Kvno: 1
    enc-part: E3610239EACDD0E6D4E89AA7D81A355F6C93B95D95B13B56...
    KRB5 (TGS-REQ)
    ============
    No. Time Source Destination Protocol Info
    127 10.309350 10.122.1.2 10.122.1.200 KRB5 TGS-REQ
    Frame 127 (1307 bytes on wire, 1307 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.857087000
    Time delta from previous packet: 0.006194000 seconds
    Time since reference or first frame: 10.309350000 seconds
    Frame Number: 127
    Packet Length: 1307 bytes
    Capture Length: 1307 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Source: 10.122.1.2 (00:0c:29:17:9a:be)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1293
    Identification: 0x0159 (345)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1cca [correct]
    Source: 10.122.1.2 (10.122.1.2)
    Destination: 10.122.1.200 ( 10.122.1.200)
    User Datagram Protocol, Src Port: 1076 (1076), Dst Port: kerberos (88)
    Source port: 1076 (1076)
    Destination port: kerberos (88)
    Length: 1273
    Checksum: 0xd085 [correct]
    Kerberos TGS-REQ
    Pvno: 5
    MSG Type: TGS-REQ (12)
    padata: PA-TGS-REQ
    Type: PA-TGS-REQ (1)
    KDC_REQ_BODY
    Padding: 0
    KDCOptions: 40800000 (Forwardable, Renewable)
    Realm: SSOW2K.COM
    Server Name (Service and Instance): HTTP/ssow2kserver.ssow2k.com
    till: 2037-09-13 02:48:05 (Z)
    Nonce: 1871140380
    Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
    Encryption type: rc4-hmac (23)
    Encryption type: rc4-hmac-old (-133)
    Encryption type: rc4-md4 (-128)
    Encryption type: des-cbc-md5 (3)
    Encryption type: des-cbc-crc (1)
    Encryption type: rc4-hmac-exp (24)
    Encryption type: rc4-hmac-old-exp (-135)
    KRB5 (TGS-REP)
    ============
    No. Time Source Destination Protocol Info
    128 10.310791 10.122.1.200 10.122.1.2 KRB5 TGS-REP
    Frame 128 (1290 bytes on wire, 1290 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.858528000
    Time delta from previous packet: 0.001441000 seconds
    Time since reference or first frame: 10.310791000 seconds
    Frame Number: 128
    Packet Length: 1290 bytes
    Capture Length: 1290 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
    Destination: 10.122.1.2 (00:0c:29:17:9a:be)
    Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1276
    Identification: 0x0a10 (2576)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1424 [correct]
    Source: 10.122.1.200 (10.122.1.200)
    Destination: 10.122.1.2 (10.122.1.2)
    User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1076 (1076)
    Source port: kerberos (88)
    Destination port: 1076 (1076)
    Length: 1256
    Checksum: 0x1318 [correct]
    Kerberos TGS-REP
    Pvno: 5
    MSG Type: TGS-REP (13)
    Client Realm: SSOW2K.COM
    Client Name (Principal): ssouser
    Ticket
    enc-part rc4-hmac
    Encryption type: rc4-hmac (23)
    Kvno: 1
    enc-part: 4D2A9E8590CC716EA6571B093B6FAF89537B0B89F832C073...
    ========================================================================================
    Can anybody enlighten me on how you solve this problem? Thanks.

    I ran into this error and caught the error code to remind me to edit the registry.
    if (sError.contains("KDC has no support for encryption type (14)")){
                        JOptionPane.showMessageDialog(null,"Error " + ThisErrorCode.myErrorCode() + '\n' +
                        " http://support.microsoft.com/default.aspx?scid=kb;en-us;308339" + '\n' + '\n' +
                        "There is a known issue involving Windows clients running Windows 2000 SP4, XP SP2." + '\n' +
                        "To avoid the error, administrators need to update the Windows registry." + '\n' +
                        "The registry key, allowtgtsessionkey, should be added, and its value set correctly" + '\n' +
                        "to allow session keys to be sent in the Kerberos Ticket-Granting Ticket." + '\n' + '\n' +
                        "Windows XP SP2, add the registry entry:" + '\n' +
                        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\" + '\n' +
                        "Value Name: allowtgtsessionkey" + '\n' +
                        "Value Type: REG_DWORD" + '\n' +
                        "Value: 0x01" ,null, JOptionPane.ERROR_MESSAGE);
                        System.exit(-1);

  • 1809: An error has occured while generating a seccion key for encryption

    Hi
    I am trying to perform a remote control operation using Console One
    1.3.6c, but evry thime getting the following error message
    "1809: An error has occured while generating a seccion key for
    encryption." I had looked for it in Novell site & found that the fix is
    to upgrade to ZDF 6.5 SP1, but I am looking for a diffrent work around
    for it. Please let me know is there any work around for this problem.
    Regard
    Kallol
    kallol

    kallol,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
    - Check all of the other support tools and options available at
    http://support.novell.com.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://support.novell.com/forums)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://support.novell.com/forums/faq_general.html
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • Win XP : problems for itune to connect the airport remote speakers

    Hi there,
    My config is iTunes installed on my PC, a Tecom wifi router and two airport express base stations connected to speakers in different rooms of my flat.
    At first, iTunes has no problem for seeing the airport stations and the music goes well through the wifi.
    After two or three days, the PC doesn't see the stations anymore in iTunes (they actually still show, but in gray) .
    If I want them to be seen again, I need to close iTunes, go to "connexions", disconnect my PC from the network, connect again, run iTunes again, and then... it works !
    That's a bit boring. As strange as it could be, the act of shuting down my PC every night and running it "fresh" every morning doesn't help.
    Has any one any suggestion on how it could work better ?

    Hello Deb Parks. Welcome to the Apple Discussions!
    I'm not sure if, by product key, you mean the encryption password for your 802.11n AirPort Extreme Base Station's (AEBSn) wireless network. Is your AEBSn's wireless network currently running encryption (WEP or WPA)? If so, temporarily disable it, and then, see if the PC can connect.

  • I have been on the same problem for 2 days now.... it has become URGENT

    ==================
    CLIENT SIDE
    ==================
    try
    srvIntrface = (MyServerInterface) Naming.lookup("rmi://"+server+":1099/Interface");
    }catch(Exception e){System.out.println("clientForm, lookup: Error getting the remote service");}
    byte[] fileData = srvIntrface.getFile();
    This is how i connect to the interface on the client side... AND then get the file
    server variable - is the ip of the remote machine
    ==================
    SERVER SIDE
    ==================
    MyServer mySrvr = new MyServer();
    Naming.rebind("//localhost:1099/Interface",mySrvr);
    this is how i bind the interface to the server
    ================
    PROBLEM
    ================
    i am working on a LAN.... when i run the above codes on one of the machines e.g. machine1.... the machine1 works fine and can get the file from machine 2. but when i run it on machine 2 and try to get the file from machine 1 following exception occurs
    Connection refused to host: localhost; nested exception is: java.net.ConnectException: Connection refused: connect
    Please help

    Thank you for your responses....
    i do run the registry on both machines...
    as such
    "start rmiregistry 1099"
    plus i system.out the variable "server" with your suggestion.... it gives out the correct ip of the machines to be looked up!
    e.g.
    if i want to connect to 192.168.1.2.... the server variable is gives out the correct ip...
    i have been trying to solve this problem for a very long time... but can't seem to find a way around it...
    this is how i run my server and client
    java -Djava.rmi.server.codebase=file:/C:j2sdk1.4.2_04\bin/ -Djava.rmi.server.hostname=localhost
    -Djava.security.policy=java.policy MyServer
    java -Djava.rmi.server.codebase=file:/C:j2sdk1.4.2_04\bin/ -Djava.security.policy=java.policy MyClient
    my policy file is: just wanted to be very relaxed
    grant {
    permission java.net.SocketPermission "*:*","connect,accept,resolve";
    permission java.net.SocketPermission.AllPermission;
    permission java.security.AllPermission;
    permission java.io.FilePermission "c:\\j2sdk1.4.2_04/bin\\-","read,write,delete";
    Plz help

  • Problem in encryption and decryption

    hello everyone..
    I'm a new bee in this forum.I don't know weather it is the right place to put my query or some other place.I saw in this forum people putting up their problems regarding the java development.So i came up with my problem.
    I'm working on a web application using jdk1.5,struts 1.1,apache tomcat5.5 and mysql5.2.For user registering and loging i'm using a encryption /decryption code to encrypt the password to the database and decrypt it back during userid and password verification in the code.The code of the encryption/decryption is as follows...
    import java.util.Random;
    public class Crypt
         String key = "uy67jwq98JWPOI99dj9021032amiet";
         public String strencrypt(String str)
              String result="";
              int i = 0, current = 0;
              Random r = new Random();
              current = r.nextInt(30);
              if(current<10)     result = "0";
              result = result + current;
              if(((key.charAt(current)+ "").hashCode() + str.length()) < 10)
                   result = result + "0";
              result = result + (char)((key.charAt(current)+ "").hashCode() + str.length());
              while(i<str.length())
                   result = result + ( (char)( ((str.charAt(i)+"").hashCode()) + ((key.charAt(current++)+"").hashCode()) ) );
                   if(current==key.length())     current=0;
                   i++;
              while(i<key.length())
                   result = result + ( (char) ((r.nextInt(30)) + ((key.charAt(current++)+"").hashCode())) );
                   if(current==key.length())     current=0;
                   i++;
              return result;
         public String strdecrypt(String str)
              int current=0, len = 0, i = 0, header = 3;
              String result="", slen = "";
              current = Integer.parseInt(str.substring(0,2));
              slen = "" + (str.charAt(2)+"").hashCode();
              len = (Integer.parseInt(slen)) - ((key.charAt(current)+"").hashCode());
              i = header;
              while(i<(header + len))
                   result = result + ( (char) ((str.charAt(i)+ "").hashCode() - ((key.charAt(current++)+"").hashCode())) );
                   if(current == key.length())
                   current=0;
                   i++;
              return result;
    But the problem that i'm facing is regarding the the database mysql5.2 is installed in two operating system ie windows xp and windows 2000 server.When i try to connect my web application to the windows xp installed database mysql5.2 and try creating a new user and then try to login ,the loging fails.Even i have found out the reason.The above pasted code couldn't decrypt properly.Heres what i get when i System.out.println(""); the data retrived from the database...I'm pasting it also...
    s retriving from db=16l&#9574;&#9616;&#8976;?��??7pmofv??A?l?rNCdhhLAK
    password coming from welcome.jsp=gtplpune
    c.strencrypt(password)=14A��&#9560;&#9555;&#8976;��?LH7}?te???HG&#8962;??QFUkPj]
    c.strdecrypt(s)=gtp&#9788;pu&#9788;&#9792;
    encryption mismatch
    see that teh password coming from welcome/jsp is gtplpune
    and the password after decryption comingh from database is gtp&#9788;pu&#9788;&#9792;....
    where u can see some letter such as l,n,e could not be decrypted or in some other format....So the code is unable to validate teh user.....
    But teh strange thing is that when i'm using the mysql5.2 installed in windows 2000 server everything seems to work fine.There no problem in encryption or decryption and everything works fine...So anyone of you have any idea what can be the raeson for it.And what can be the probable solution to it.I'm waiting for ur replies which i guess will help me out.
    Thank you
    sabyasachi

    It's a shame nobody above gave you the correct.
    answer.
    You shouldn't encrypt passwords and store them in a
    database at all..
    You should digest them and store the digests,
    and digest whatever the user enters in the password
    field and compare the digests.
    The way you have it now is a major security
    problem.
    Hey i didn't know this..I encrypted the password in base 64 format and then store it in mysql db..then i retrive it frm db in encrypted format and then decrypt it and then match it when the user logs in..well thanks for ur approach..i will now try using the digest as u mentioned..well i'm not aware of it so i need to study this first...

  • Authorization issue with J2EE Policy Agent for AS7

    Following the documentaion I have created a simple J2EE application with a servlet and 2 jsp's. The 2 JSP's customer.jsp and admin.jsp are mapped to /customer and /admin. The entire web application is subject to a filter like:
    <filter>
    <filter-name>Agent</filter-name>
    <display-name>Agent</display-name>
    <description>SunTM ONE Idenitity Server Policy Agent for SunTM ONE Application Server 7.0</description>
    <filter-class>com.sun.amagent.as.filter.AgentFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    The two resources /customer and /admin are subjected security constraints like:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>col2</web-resource-name>
    <url-pattern>/customer</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>customer</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    The role-to-principal mapping is done in the sun-web.xml like:
    <security-role-mapping>
    <role-name>customer</role-name>
    <group-name>customer</group-name>
    <principal-name>amAdmin</principal-name>
    </security-role-mapping>
    <security-role-mapping>
    <role-name>admin</role-name>
    <group-name>admin</group-name>
    <principal-name>amAdmin</principal-name>
    </security-role-mapping>
    Two roles 'customer' and admin are created via the identity server console and users are added to these roles.
    The application deploys OK, when the app is accesed the user is redirected to the identity server and is authenticated fine. The user is directed to the main servlet and is allowed to access the the two jsp's. All is good till now, when the user access one these links say /customer, access is denied (403). The server logs prints out:
    [21/May/2003:10:34:24] FINE ( 6036): servletPath = /customer
    [21/May/2003:10:34:24] FINE ( 6036): pathInfo = null
    [21/May/2003:10:34:24] FINE ( 6036): SingleSignOn[ids]: Process request for '/idssample/customer'
    [21/May/2003:10:34:24] FINE ( 6036): SingleSignOn[ids]: Checking for SSO cookie
    [21/May/2003:10:34:24] FINE ( 6036): SingleSignOn[ids]: SSO cookie is not present
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Security checking request GET /idssample/customer
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: We have cached auth type PROGRAMMATIC for principal amAdmin
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Checking constraint 'SecurityConstraint[col2]' against GET /customer --> false
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Checking constraint 'SecurityConstraint[col2]' against GET /customer --> true
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Subject to constraint SecurityConstraint[col2]
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Calling checkUserData()
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: User data constraint has no restrictions
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Calling authenticate()
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: User authentication is not required
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Calling accessControl()
    [21/May/2003:10:34:24] FINEST ( 6036): PRINCIPAL : amAdmin hasRole?: customer
    [21/May/2003:10:34:24] FINEST ( 6036): PRINCIPAL TABLE: {}
    [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Failed accessControl() test
    [21/May/2003:10:34:24] WARNING ( 6036): CORE3283: stderr: <May 21, 2003 10:34:24 AM CDT> <Agent> <Info> AgentRealm.getGroupNames(amAdmin)
    [21/May/2003:10:34:24] WARNING ( 6036): CORE3283: stderr: <May 21, 2003 10:34:24 AM CDT> <Agent> <Info> AgentRealm.getGroupNames(amAdmin) => java.util.Vector$1@bb60ad
    Now, snooping around I have found that the AgentRealm.getGroupNames(userdn) does
    return the correct grops viz. customer,admin,anyone.
    PLEASE HELP

    -- Second Update --
    After policy installation I got several problems with PeopleSoft configuration. Which finally were solved.
    1. Some URL's has to be defined as not enforced.
    com.sun.am.policy.amFilter.notenforcedList[1]=/ps/images/*
    com.sun.am.policy.amFilter.notenforcedList[2]=*.css
    com.sun.am.policy.amFilter.notenforcedList[3]=*.ico
    2. In versions older than PeopleSoft 8.4.2 the policy agent modified the file
    /opt/fs/webserv/peoplesoft/applications/peoplesoft/PORTAL/WEB-INF/psftdocs/ps/configuration.properties to add the properties:
    byPassSignon=TRUE
    defaultUserid="DEFAULT_USER"
    defaultPWD="your password"
    signon_page=amsignin.html
    signonError_page=amsignin.html
    logout_page=amsignin.html
    expire_page=amsignin.html
    However, in the newer versions of PeopleSoft this properties are controled from the online Peoplesoft console. Which are set on:
    PeopleTools --> WebProfile ---> WebProfileConfiguration --> [PROFILE] --> Security --> In section "Public Users" the parameters that has to be changed are:
    Allow Public Access (cheked)
    User ID : DEFAULT_USER
    Password : your password
    HTTP Session Inactivity : (SSO TIMEOUT)
    and:
    PeopleTools --> WebProfile ---> WebProfileConfiguration --> [PROFILE] --> Look and Feel -->
    In section "SignOn/Logout" set the following values:
    Signon Page : amsignin.html
    Signon Error Page : amerror.html
    Logout Page : amsignout.html
    Note: After making any changes on the console; restart PIA (weblogic instance).
    With this the SSO with PeopleSoft is working Ok.
    Message was edited by:
    LpzYlnd

  • WebLogic SSO receiving "KDC has no support for encryption type (14)" error

    Hello,
    I am trying to implement SSO using an Off-the-Shelf app running on WebLogic, but receiving "KDC has no support for encryption type (14)" error. I have set the AD Server to “Use DES encryption types for this account” . I have added 'allowtgtsessionkey' registry entry on the client machine as well as the Windows Server on which WebLogic is running. My klist results on the client machine still seems to indicate AD is sending RC4 encryption format (please confirm looking at the results below). I am also attaching the WebLogic error log. I am slo seeing 2 errors at the very beginning of the WebLogic log when I restart the appserver.
    % KLIST output
    C:\Program Files\Resource Kit>klist tickets
    Cached Tickets: (2)
    Server: krbtgt/[email protected]
    KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
    End Time: 8/27/2008 1:52:56
    Renew Time: 9/2/2008 15:52:56
    Server: HTTP/[email protected]
    KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
    End Time: 8/27/2008 1:52:56
    Renew Time: 9/2/2008 15:52:56
    % WebLogic Error
    <Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.realm was not defined, this could cause problems using Kerberos for negotiation>
    <Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.kdc was not defined, this could cause problems using Kerberos for negotiation>
    <Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <Default Authorization isAccessAllowed(): returning PERMIT>
    <Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <DefaultAdjudicatorImpl.adjudicate results: PERMIT >
    <Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <AuthorizationManager.isAccessAllowed returning adjudicated: true>
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
    Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null KeyTab is devmax01.http.keytab refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
    KeyTab: load() entry length: 60
    KeyTabInputStream, readName(): DEV.DENVERWATER.ORG
    KeyTabInputStream, readName(): HTTP
    KeyTabInputStream, readName(): devmax01principal's key obtained from the keytab
    principal is HTTP/[email protected]
    EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
    KrbAsReq calling createMessage
    KrbAsReq in createMessage
    KrbAsReq etypes are: 3 1 1
    KrbKdcReq send: kdc=10.143.60.1 UDP:88, timeout=30000, number of retries =3, #bytes=252
    KDCCommunication: kdc=10.143.60.1 UDP:88, timeout=30000,Attempt =1, #bytes=252
    KrbKdcReq send: #bytes read=1311
    KrbKdcReq send: #bytes read=1311
    EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
    KrbAsRep cons in KrbAsReq.getReply HTTP/devmax01Added server's keyKerberos Principal HTTP/[email protected] Version 4key EncryptionKey: keyType=3 keyBytes (hex dump)=
    0000: B3 86 A4 E5 83 0E 6D 9E
    [Krb5LoginModule] added Krb5Principal HTTP/[email protected] to Subject
    Commit Succeeded
    Found key for HTTP/[email protected]
    Entered Krb5Context.acceptSecContext with state=STATE_NEW
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> < GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - IdentityAssertionException>

    dins wrote:Do you think the klist output in my original posting confirms that AD is not encrypting tickets in DES format ?Yes, the current line prove it :
    KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)The fact is that Microsoft seems to use by default the RC4-HMAC-MD5 encryption type for AD.
    Try to specify only des for encryption type in both your krb5.conf
    [libdefaults]
        default_realm = ...
        default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        ...and kdc.conf
    [realms]
       REALM = {
            kadmind_port = ...
            max_life = ...
            max_renewable_life = ...
            master_key_type = ddes-cbc-md5 des-cbc-crc des3-cbc-sha1
            supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
            kdc_supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        }If it still does not work, I'm out of ammo ;-).

  • KDC has no support for encryption type

    Hi,
    I hope not too much people are not reading this post because of the very common error message. But I'm really somewhat confused:
    For testing Kerberos 5 SSO I set up a little domain controller running Windows 2003 Server and a client in the domain running Windows XP. In the active directory I created a service account with the logon test-service and a user account test-user. The switch "Use DES encryption types for this account" is set for both accounts and I reseted the passwords after setting the switch. Additionally I added a service principal name test/test.krbtest.local to the service account.
    On the client machine I execute a very simple JAVA client program that tries to obtain a service ticket for the service test/test.krbtest.local. If I configure the client to prompt for a password, the service ticket is obtained without a problem using etype 3 (sun.security.krb5.internal.crypto.DesCbcMd5EType). But when trying to read the existing TGT from the native windows cache the client exits with:
    KDC has no support for encryption type (14)The debug output tells the following:
    >>> Obtained TGT from LSA: Credentials:
    [email protected]
    server=krbtgt/[email protected]
    authTime=20070413112833Z
    startTime=20070413112833Z
    endTime=20070413212833Z
    renewTill=20070420112833Z
    flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
    EType (int): 0
    Principal is [email protected]
    Commit Succeeded
    Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Apr 13 23:28:33 CEST 2007
    Entered Krb5Context.initSecContext with state=STATE_NEW
    Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Apr 13 23:28:33 CEST 2007
    Service ticket not found in the subject
    Credentials acquireServiceCreds: same realmUsing builtin default etypes for default_tgs_enctypes
    default etypes for default_tgs_enctypes: 3 1 23 16 17.
    CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
    EType: sun.security.krb5.internal.crypto.NullEType...Note that it says "Etype (int): 0" which I think is no valid encryption type at all. klist (from the windows resource kit) tells me that my tickets look like:
    Server: krbtgt/[email protected]
        KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
        End Time: 4/13/2007 23:28:33
        Renew Time: 4/20/2007 13:28:33
    ...But as mentioned above I set the option "Use DES encryption types for this account" for both the user and service account. Am I doing something wrong here??
    Additionally I thought JAVA 1.5.11 would support RC4-HMAC, is that wrong?
    Even more confusing:
    If I remove the "Use DES encryption types for this account" switch for the two accounts and configure my JAVA client program to prompt for a password, a ticket is obtained using the RC4-HMAC encryption type 23 (sun.security.krb5.internal.crypto.ArcFourHmacEType). But using the ticket from the cache again does not work.
    I'd appreciate any comments on that since I'm totally confused by now and have no idea on how to get this SSO thing working correctly in JAVA.
    Cheers
    P.S.:
    I just wanted to mention that adding
    default_tkt_enctypes = rc4-hmac
    default_tgs_enctypes = rc4-hmacto my krb5.ini has no effect on the desribed behaviour
    Message was edited by:
    sherazade

    Ok,
    perhaps I should have looked around the forum a little bit more in-depth...
    Setting the AllowTGTSessionKey registry key to 1 solves this issue...
    thanks

  • AM policy agents for Weblogic help

    I installed a Policy Agent for Weblogic Server 8.1 When I try to start the Weblogic server after modifications, the portal server throws an exception....
    com.sun.identity.agents.AmAgentFilter not found
    When u enter the URL for that application running on Weblogic , it is supposed to be forwarded to the Identity Management page ...but this does not happen..
    It is apparently able to read the web.xml file in the Weblogic application but is not able to find the particular class above....nor is it able to contact the IDM.
    Any suggestions?
    Anand

    I am trying to install a PA with a Weblogic server. The installation works fine and I have also configured the necessary config files...and the concerned Weblogic server starts up successfully.
    But when I enter the URL , I see the following error in the Logs....
    <Jan 3, 2006 3:54:12 PM CST> <Error> <HTTP> <BEA-101020> <[ServletContext(id=20772999,name=sbm,context-path=/sbm)] Servlet failed with Exception
    java.lang.ExceptionInInitializerError
         at com.sun.identity.agents.filter.AmFilter.<init>(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilterInstanceForModeConfigured(Unknown Source)
         at com.sun.identity.agents.filter.AmAgentFilter.doFilter(Unknown Source)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6724)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3764)
         at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    Caused by: java.lang.RuntimeException: Exception caught in AmAgentLogManager initializer: Unable to initialize Local Log Handler
         at com.sun.identity.agents.log.AmAgentLogManager.<clinit>(Unknown Source)
    Can someone help me taclke this problem??
    Thanks!
    anand

  • Different values for encryption and Decryption ...

    The following program takes a string as input ...
    it uses tripel DES algorithm for encryption/decryption...
    The ciphertext is converted into hexachar string by the following process..
    1.first the cipher text is converted into byte format ..
    2.Then each byte is converted into two hexa-characters ..
    3.a string is formed by appending all the hexa-characters.
    when deconverting this hexa-character string into original cipher text
    Iam not getting the same byte string ...pls check and do let me know if you find out any mistake..
    BUT THE FINAL DECRYPTION IS WORKING GOOD (I.E I GOT THE ORIGINAL INPUT STRING AFTER DECRIPTION ...BUT THE CIPHER TEXT IS NOT SAME ..)
    import java.security.*;
    import javax.crypto.*;
    import java.io.*;
    public class endecryptor
         public static void main( String [] args ) throws Exception
              if ( args.length != 1 )
                        System.err.println("Usage: java SimpleExample text" );
                        System.exit(1);
              endecryptor d = new endecryptor();
              String text = args[0].trim();
              System.out.println("Generating a DESede (TripleDES) key ... " );
              //add the provider
              Provider sunJce = new com.sun.crypto.provider.SunJCE();
              Security.addProvider(sunJce);
              //create a triple DES key
              KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede");
              keyGenerator.init(168); //initialize with the keysize
              Key key = keyGenerator.generateKey();
              System.out.println("Key Algorithm :"+key.getAlgorithm());
              System.out.println("Key Algorithm :"+key);
              System.out.println( "Done generating the key." );
              //create a cipher using a key to initialize it
              Cipher cipher = Cipher.getInstance( "DESede/ECB/PKCS5Padding" );
              cipher.init( Cipher.ENCRYPT_MODE, key );;
              byte[] plaintext = text.getBytes( "UTF8" );
              //print out the bytes of the plaintext
              System.out.println( "\nPlaintext: "+plaintext);
              //perform the actual encryption
              byte[] ciphertext = cipher.doFinal( plaintext);
              //print out the ciphertext
              System.out.println( "\n\nCiphertext: "+ciphertext );
              System.out.println("Converting the cyphertext into hexachar ...");
              String hexcharString = d.bytes2Hex(ciphertext);
              System.out.println("hexcharString::"+hexcharString);
              //re initialize the cipher to decrypt mode
              byte[] tempCipherText = d.decryptorOfHexcharString(hexcharString);
              System.out.println( "after decryptor (for decrypting the hexchar) function ....");
              System.out.println("Temp Ciphertext ::"+ tempCipherText);
              System.out.println( "\n\nCiphertext: "+ciphertext );
              System.out.println("Decrypting the string ...");
              cipher.init( Cipher.DECRYPT_MODE, key );
              //perform the decryption
              //byte[] decryptedText = cipher.doFinal( ciphertext );
              byte[] decryptedText = cipher.doFinal( tempCipherText );
              String output = new String( decryptedText, "UTF8" );
              System.out.println( "\n\nDecrypted Text:" + output );
         public String bytes2Hex(byte[] raw) {
         // here is the code to convert a byte array to hex rep
         int higherbyte; // higher bits in the byte
         int lowerbyte; // the lower bits in the byte
         StringBuffer sb = new StringBuffer();
         int i;
         for (i = 0; i < raw.length; i++) {
         lowerbyte = (raw[i] & 0xf);
         higherbyte = (raw[i] >>> 4) & 0xf;
         sb.append(oneByte2HexChar(higherbyte));
         sb.append(oneByte2HexChar(lowerbyte));
         return sb.toString();
         } // end method bytes2Hex
         public char oneByte2HexChar (int fourbits) {
         // converts byte lower bits to hex char
         if (fourbits < 10) { return (char)('0' + fourbits); }
         return (char) ('a' + (fourbits - 10)) ;
         } // end method oneByte2HexChar
         public byte[] decryptorOfHexcharString(String hexcharStr)
                   int checker=0;
                   char ch1,ch2;
                   byte tempbyte1,tempbyte2,resultbyte;
                   int k=0,stringlength;
                   boolean lengthChecker;
                   int len = hexcharStr.length();
                   byte[] tempCipher = new byte[len/2];
                   System.out.println("length of the hex string:"+len);
                   stringlength = hexcharStr.length();
                   if(stringlength%2 == 0)
                        lengthChecker = true;
                   else
                        lengthChecker = false;
                   for(int i=0;i<stringlength;)
                        ch1 = hexcharStr.charAt(i);
                        tempbyte1 = (byte) getIntValue(ch1);
                        tempbyte1 = (byte) (tempbyte1 << 4);
                        if(i == stringlength-1)
                        if(lengthChecker)
                             ch2 = hexcharStr.charAt(i+1);
                             tempbyte2 = (byte) getIntValue(ch2);
                        else
                             tempbyte2 = 0;
                        else
                             ch2 = hexcharStr.charAt(i+1);
                             tempbyte2 = (byte) getIntValue(ch2);
                        resultbyte = (byte) (tempbyte1 | tempbyte2);
                        tempCipher[k++] = resultbyte;
                        i += 2;
                   return tempCipher;
              public int getIntValue(char character)
                   int val;
                   if(Character.isDigit(character))
                             val = ((int) character ) - '0';
                   else
                             val = ((int) character) + 10 - 'a';
                   return val;

    Dude - the only problem I can see is when you do stuff like this:        System.out.println("\nPlaintext: " + plaintext); That does NOT "print the bytes of" plaintext[]; it just spits out the array's hashcode. Two arrays where that value is different are just two different array variables - says nothing about the content of those arrays.
    Do your byte2hex trick on each ciphertext, and they'll be the same.
    One final thing - please learn to use the [ code ] tags when you post code; it helps us read your code and respond to it.
    Grant

Maybe you are looking for

  • Nw 6.5 sp8 frequently abends and freezes

    This gw 7.0.4 server has recently started abending and freezing 2-3 times a week. I was previously having memory issues: http://forums.novell.com/novell-prod...ry-issues.html I've gone close to server -u=136000000 for my memory issues. Thanks for any

  • Problem with iMovie quitting

    I purchased and downloaded the newest version of iMovie (08) and it keeps quitting on me. As soon as I open it, it quits and gives me a "report problem to Apple" note. Is there a fix for this?

  • Installing oracle 9i database in windows x 64 bit version

    Friends, I face difficulties in installing oracle 9i database in windows x 64 bit version 2003 server. The same had worked well with 32 bit version. I could install database and work in the same system in command prompt but the same could not be conn

  • Html to pdf generation

    Hi friends I want to convert html doc to pdf using itext can anyone help me Any help appreciated Thanks in advance

  • Possibility of cost allocation through PRT

    I have a costing requirement where the cost of a die on which components are manufactured is to be allocated on the components being manufactured based on the useful life of the die (in terms of no. of components that can be produced). Can this requi