Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 257/388 | < Previous Page | 253 254 255 256 257 258 259 260 261 262 263 264  | Next Page >

  • Cannot connect to Amazon RDS

    - by Justin
    I have created an Amazon RDS database under the free tier (SQL Server Express, micro instance etc.), but I cannot connect to the server using Microsoft SQL Server Management Studio. I have configured the security group of the database instance (default) to accept my IP address. I am following the connection guide from amazon located here The error I receive is: Cannot connect to databaseName.c***rnqg***v.us-east-1.rds.amazonaws.com,1433. A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) (Microsoft SQL Server, Error: 10060) I am using Server type "Database Engine" and using SQL Server Authentication.

    Read the article

  • WCF client endpoint identity - configuration question

    - by Roel
    Hi all, I'm having a strange situation here. I got it working, but I don't understand why. Situation is as follows: There is a WCF service which my application (a website) has to call. The WCF service exposes a netTcpBinding and requires Transport Security (Windows). Client and server are in the same domain, but on different servers. So generating a client results in the following config (mostly defaults) <system.serviceModel> <bindings> <netTcpBinding> <binding name="MyTcpEndpoint" ...> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/> <message clientCredentialType="Windows" /> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint address="net.tcp://localhost:xxxxx/xxxx/xxx/1.0" binding="netTcpBinding" bindingConfiguration="MyTcpEndpoint" contract="Service.IMyService" name="TcpEndpoint"/> </client> </system.serviceModel> When I run the website and make the call to the service, I get the following error: System.ServiceModel.Security.SecurityNegotiationException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed --- End of inner exception stack trace --- at System.Net.Security.NegoState.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.NegotiateStream.EndAuthenticateAsClient(IAsyncResult asyncResult) at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.InitiateUpgradeAsyncResult.OnCompleteAuthenticateAsClient(IAsyncResult result) at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorAsyncResult.CompleteAuthenticateAsClient(IAsyncResult result) --- End of inner exception stack trace --- Server stack trace: at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result) .... Now, if I just alter the configuration of the client like so: <endpoint address="net.tcp://localhost:xxxxx/xxxx/xxx/1.0" binding="netTcpBinding" bindingConfiguration="MyTcpEndpoint" contract="Service.IMyService" name="TcpEndpoint"> <identity> <dns /> </identity> </endpoint> everything works and my server happily reports that it got called by the service account which hosts the AppPool for my website. All good. My question now is: why does this work? What does this do? I got to this solution by mere trial-and-error. To me it seems that all the <dns /> tag does is tell the client to use the default DNS for authentication, but doesn't it do that anyway? Thanks for providing me with some insight.

    Read the article

  • WCF GZip Compression Request/Response Processing

    - by IanT8
    How do I get a WCF client to process server responses which have been GZipped or Deflated by IIS? On IIS, I've followed the instructions here on how to make IIS 6 gzip all responses (where the request contained "Accept-Encoding: gzip, deflate") emitted by .svc wcf services. On the client, I've followed the instructions here and here on how to inject this header into the web request: "Accept-Encoding: gzip, deflate". Fiddler2 shows the response is binary and not plain old Xml. The client crashes with an exception which basically says there's no Xml header, which ofcourse is true. In my IClientMessageInspector, the app crashes before AfterReceiveReply is called. Some further notes: (1) I can't change the WCF service or client as they are supplied by a 3rd party. I can however attach behaviors and/or message inspectors via configuration if this is the right direction to take. (2) I don't want to compress/uncompress just the soap body, but the entire message. Any ideas/solutions? * SOLVED * It was not possible to write a WCF extension to achieve these goals. Instead I followed this CodeProject article which advocate a helper class: public class CompressibleHttpRequestCreator : IWebRequestCreate { public CompressibleHttpRequestCreator() { } WebRequest IWebRequestCreate.Create(Uri uri) { HttpWebRequest httpWebRequest = Activator.CreateInstance(typeof(HttpWebRequest), BindingFlags.CreateInstance | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance, null, new object[] { uri, null }, null) as HttpWebRequest; if (httpWebRequest == null) { return null; } httpWebRequest.AutomaticDecompression =DecompressionMethods.GZip | DecompressionMethods.Deflate; return httpWebRequest; } } and also, an addition to the application configuration file: <configuration> <system.net> <webRequestModules> <remove prefix="http:"/> <add prefix="http:" type="Pajocomo.Net.CompressibleHttpRequestCreator, Pajocomo" /> </webRequestModules> </system.net> </configuration> What seems to be happening is that WCF eventually asks some factory or other deep down in system.net to provide an HttpWebRequest instance, and we provide the helper that will be asked to create the required instance. In the WCF client configuration file, a simple basicHttpBinding is all that is required, without the need for any custom extensions. When the application runs, the client Http request contains the header "Accept-Encoding: gzip, deflate", the server returns a gzipped web response, and the client transparently decompresses the http response before handing it over to WCF. When I tried to apply this technique to Web Services I found that it did NOT work. Although the helper class was executed in the same was as when used by the WCF client, the http request did not contain the "Accept-Encoding: ..." header. To make this work for Web Services, I had to edit the Web Proxy class, and add this method: protected override System.Net.WebRequest GetWebRequest(Uri uri) { System.Net.HttpWebRequest rq = (System.Net.HttpWebRequest)base.GetWebRequest(uri); rq.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate; return rq; } Note that it did not matter whether the CompressibleHttpRequestCreator and block from the application config file were present or not. For web services, only overriding GetWebRequest in the Web Service Proxy worked.

    Read the article

  • Sonicwall VPN, Domain Controller Issues

    - by durilai
    I am trying to get the domain logon script to execute when I connect to VPN. I have a SonicWall 4060PRO, with the SonicOS Enhanced 4.2.0.0-10e. The VPN connects successfully, but the script does not execute. I am posting the log below, but I see two issues. The first is the inability to connect to domain. 2009/12/18 19:49:53:457 Information XXX.XXX.XXX.XXX NetGetDCName failed: Could not find domain controller for this domain. The second is the failure of the script. 2009/12/18 19:49:53:466 Warning XXX.XXX.XXX.XXX Failed to execute script file \DT-WIN7netlogondomain.bat, Last Error: The network name cannot be found.. I assume the second issue is caused because of the first, also on the second issue it seems to be trying to get the logon script from my local PC, not the server. Finally, the DC can be pinged and reached by its computer name once the VPN is connected. The shares that the script is tring to map can be mapped manually. Any help is appreciated. 2009/12/18 19:49:31:063 Information The connection "GroupVPN_0006B1030980" has been enabled. 2009/12/18 19:49:32:223 Information XXX.XXX.XXX.XXX Starting ISAKMP phase 1 negotiation. 2009/12/18 19:49:32:289 Information XXX.XXX.XXX.XXX Starting aggressive mode phase 1 exchange. 2009/12/18 19:49:32:289 Information XXX.XXX.XXX.XXX NAT Detected: Local host is behind a NAT device. 2009/12/18 19:49:32:289 Information XXX.XXX.XXX.XXX The SA lifetime for phase 1 is 28800 seconds. 2009/12/18 19:49:32:289 Information XXX.XXX.XXX.XXX Phase 1 has completed. 2009/12/18 19:49:32:336 Information XXX.XXX.XXX.XXX Received XAuth request. 2009/12/18 19:49:32:336 Information XXX.XXX.XXX.XXX XAuth has requested a username but one has not yet been specified. 2009/12/18 19:49:32:336 Information XXX.XXX.XXX.XXX Sending phase 1 delete. 2009/12/18 19:49:32:336 Information XXX.XXX.XXX.XXX User authentication information is needed to complete the connection. 2009/12/18 19:49:32:393 Information An incoming ISAKMP packet from XXX.XXX.XXX.XXX was ignored. 2009/12/18 19:49:36:962 Information XXX.XXX.XXX.XXX Starting ISAKMP phase 1 negotiation. 2009/12/18 19:49:37:036 Information XXX.XXX.XXX.XXX Starting aggressive mode phase 1 exchange. 2009/12/18 19:49:37:036 Information XXX.XXX.XXX.XXX NAT Detected: Local host is behind a NAT device. 2009/12/18 19:49:37:036 Information XXX.XXX.XXX.XXX The SA lifetime for phase 1 is 28800 seconds. 2009/12/18 19:49:37:036 Information XXX.XXX.XXX.XXX Phase 1 has completed. 2009/12/18 19:49:37:094 Information XXX.XXX.XXX.XXX Received XAuth request. 2009/12/18 19:49:37:100 Information XXX.XXX.XXX.XXX Sending XAuth reply. 2009/12/18 19:49:37:110 Information XXX.XXX.XXX.XXX Received initial contact notify. 2009/12/18 19:49:37:153 Information XXX.XXX.XXX.XXX Received XAuth status. 2009/12/18 19:49:37:154 Information XXX.XXX.XXX.XXX Sending XAuth acknowledgement. 2009/12/18 19:49:37:154 Information XXX.XXX.XXX.XXX User authentication has succeeded. 2009/12/18 19:49:37:247 Information XXX.XXX.XXX.XXX Received request for policy version. 2009/12/18 19:49:37:253 Information XXX.XXX.XXX.XXX Sending policy version reply. 2009/12/18 19:49:37:303 Information XXX.XXX.XXX.XXX Received policy change is not required. 2009/12/18 19:49:37:303 Information XXX.XXX.XXX.XXX Sending policy acknowledgement. 2009/12/18 19:49:37:303 Information XXX.XXX.XXX.XXX The configuration for the connection is up to date. 2009/12/18 19:49:37:377 Information XXX.XXX.XXX.XXX Starting ISAKMP phase 2 negotiation with 10.10.10.0/255.255.255.0:BOOTPC:BOOTPS:UDP. 2009/12/18 19:49:37:377 Information XXX.XXX.XXX.XXX Starting quick mode phase 2 exchange. 2009/12/18 19:49:37:472 Information XXX.XXX.XXX.XXX The SA lifetime for phase 2 is 28800 seconds. 2009/12/18 19:49:37:472 Information XXX.XXX.XXX.XXX Phase 2 with 10.10.10.0/255.255.255.0:BOOTPC:BOOTPS:UDP has completed. 2009/12/18 19:49:37:896 Information Renewing IP address for the virtual interface (00-60-73-4C-3F-45). 2009/12/18 19:49:40:189 Information The virtual interface has been added to the system with IP address 10.10.10.112. 2009/12/18 19:49:40:319 Information The system ARP cache has been flushed. 2009/12/18 19:49:40:576 Information XXX.XXX.XXX.XXX NetWkstaUserGetInfo returned: user: Dustin, logon domain: DT-WIN7, logon server: DT-WIN7 2009/12/18 19:49:53:457 Information XXX.XXX.XXX.XXX NetGetDCName failed: Could not find domain controller for this domain. 2009/12/18 19:49:53:457 Information XXX.XXX.XXX.XXX calling NetUserGetInfo: Server: , User: Dustin, level: 3 2009/12/18 19:49:53:460 Information XXX.XXX.XXX.XXX NetUserGetInfo returned: home dir: , remote dir: , logon script: 2009/12/18 19:49:53:466 Warning XXX.XXX.XXX.XXX Failed to execute script file \DT-WIN7netlogondomain.bat, Last Error: The network name cannot be found..

    Read the article

  • Event 4098, 0x80070533 Logon failure: account currently disabled?

    - by Josh King
    Having started to upgrade our PCs to Windows 7 we have noticed that we are getting group policy warnings in Event Viewer such as: "The user 'Word.qat' preference item in the 'a_Office2007_Users {A084A37B-6D4C-41C0-8AF7-B891B87FC53B}' Group Policy object did not apply because it failed with error code '0x80070533 Logon failure: account currently disabled.' This error was suppressed." 15 of these warnings appear every two hours on every Windows 7 PC, most of which are to do with core office applications and two are for plug-ins to out document management system. These warnings aren't afecting the users, but it would be nice to track down the source of them before we rollout Win7 to the rest of the Organisation. Any ideas as to where the login issue could be comming from (All users are connecting to the domain and proxy, etc fine)?

    Read the article

  • HTTP response time profiling

    - by Sparsh Gupta
    Hello I have a nginx reverse proxy. The server is close to serving 600-700 requests per second. I have a Munin HTTP load time plugin which is outputting this: http://monitor.wingify.com/munin/visualwebsiteoptimizer.com/lb1.visualwebsiteoptimizer.com-http_loadtime.html Now, the problem is I am seeing some spikes in the graph. Expected response times should always be under 200ms. I am keeping an eye on syslog and messages but I am unable to figure out the actual cause of this. I was wondering if there is any good HTTP response time profiling system which I can install / embed with this nginx server and get a detailed reports / logs on the breakup of time taken by different things and what exactly is the cause of the spikes. The profiling system would also help me understand bottlenecks and how can I further optimize the latency. Most important right now is to investigate the cause of the spikes in the HTTP load time graphs (similar pattern is reported by external monitors - Pingdom) and to fix it to get consistent response times Thanks

    Read the article

  • Enabling SFTP Access within PLESK

    - by spelley
    Hello everyone, I have a client who wants to ensure his upload is secure, so we are trying to enable SFTP for him on our Linux PLESK server. I have enabled SSH access to bin/bash for FTP accounts, and created a new user. When I attempt to SFTP using either the IP address or the domain name, this is the error FileZilla is giving me: Error: Authentication failed. Error: Critical error Error: Could not connect to server Here is some basic information regarding the server: Operating system Linux 2.6.24.5-20080421a Plesk Control Panel version psa v8.6.0_build86080930.03 os_CentOS 5 I had read in some places that I should reboot the SSH Service in Server - Services, however, there is no SSH Service within the list. I'm not really a server guy so it's quite possible I'm missing something obvious. Thanks for any help that you guys can provide!

    Read the article

  • Nginx compiled --with-http_spdy_module yet raise errors complains ngx_http_spdy_module

    - by c19
    [emerg] 21101#0: the "spdy" parameter requires ngx_http_spdy_module in /etc/nginx/conf.d/cc.conf isn't it the same module? and it causes multi-redirection error too. I have no idea what is going on. Full configure arg: nginx version: nginx/1.4.2 built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-pcre --with-http_ssl_module `--with-http_spdy_module` --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --with-openssl=/usr/local/src/openssl-1.0.1e

    Read the article

  • Apache failover for JBoss

    - by DaveB
    I am running a JBoss web app (AS 6 Final) hosted on linux (Debian). I would like to implement a failover solution so that when JBoss is down, a static web page is served in its place. My current solution is to run Apache as a reverse proxy (described here), which allows me to serve .php files from apache and forward all other requests to JBoss. But I am not sure how make Apache step in when JBoss is down? Note. both apache and jboss will be running on the same box, this is (Application failover rather then server failover) to cover times when JBoss is re-deploying etc. So I am looking for the simplest solution really Many thanks

    Read the article

  • Windows 7: how to let AutoConfigURL change be effective immediately?

    - by Jeroen Pluimers
    I want to set both the script and the "Use automatic configuration script" checkbox in Windows 7 using a script that immediately affects anything using wininet.dll (Internet Explorer, Chrome, .NET apps, etc). I've done a before/after registry diff, and tried doing this through the registry, but things like the reg files below require the apps to be restarted. Chaning the settings by pressing the "LAN Settings" button through this Control panel shortcut has immediate affect: %windir%\system32\control.exe Inetcpl.cpl,,4 How can I script this immediate effect? These are the registry script files: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] “AutoConfigURL”=”http://www.company.com/proxy.pac” (registry scripts borrowed from http://danny.quantumspark.net/wordpress/) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] “AutoConfigURL”=- --jeroen (who is checking out the notify function at superuser.com)

    Read the article

  • 401 - Unauthorized On Server 2008 R2 IIS 7.5

    - by mxmissile
    I have a web application deployed to Server 2008 IIS 7.5 box. From remote it gives this error: 401 - Unauthorized: Access is denied due to invalid credentials. (remote = desktops on the same LAN) Have tried several remote clients using different browsers, all the same result. (IE, FF, and Chrome) Hitting the application from the desktop of the server itself works flawlessly. The application is using Anonymous Authentication. The application is written in .NET 4.0 Asp.Net using the MVC framework. Sysinternals procmon returns these 2 results for each request: FAST IO DISALLOWED and PATH NOT FOUND. I have 2 other MVC apps running fine on the same server. I have checked the security on the folders and they all match. App runs fine on a Server 2008 IIS 7.0 box. Nothing shows up in the Event log on the server related to this. Pulling my hair out here, any troubleshooting tips?

    Read the article

  • using Silverlight 3's HtmlPage.Window.Navigate method to reuse an already open browser window

    - by Phil
    Hi, I want to use an external browser window to implement a preview functionality in a silverlight application. There is a list of items and whenever the user clicks one of these items, it's opened in a separate browser window (the content is a pdf document, which is why it is handled ouside of the SL app). Now, to achieve this, I simply use HtmlPage.Window.Navigate(new Uri("http://www.bing.com")); which works fine. Now my client doesn't like the fact that every click opens up a new browser window. He would like to see the browser window reused every time an item is clicked. So I went out and tried implementing this: Option 1 - Use the overload of the Navigate method, like so: HtmlPage.Window.Navigate(new Uri("http://www.bing.com"), "foo"); I was assuming that the window would be reused when the same target parameter value (foo) would be used in subsequent calls. This does not work. I get a new window every time. Option 2 - Use the PopupWindow method on the HtmlPage HtmlPage.PopupWindow(new Uri("http://www.bing.com"), "blah", new HtmlPopupWindowOptions()); This does not work. I get a new window every time. Option 3 - Get a handle to the opened window and reuse that in subsequent calls private HtmlWindow window; private void navigationButton_Click(object sender, RoutedEventArgs e) { if (window == null) window = HtmlPage.Window.Navigate(new Uri("http://www.bing.com"), "blah"); else window.Navigate(new Uri("http://www.bing.com"), "blah"); if (window == null) MessageBox.Show("it's null"); } This does not work. I tried the same for the PopupWindow() method and the window is null every time, so a new window is opened on every click. I have checked both the EnableHtmlAccess and the IsPopupWindowAllowed properties, and they return true, as they should. Option 4 - Use Eval method to execute some custom javascript private const string javascript = @"var popup = window.open('', 'blah') ; if(popup.location != 'http://www.bing.com' ){ popup.location = 'http://www.bing.com'; } popup.focus();"; private void navigationButton_Click(object sender, RoutedEventArgs e) { HtmlPage.Window.Eval(javascript); } This does not work. I get a new window every time. option 5 - Use CreateInstance to run some custom javascript on the page private void navigationButton_Click(object sender, RoutedEventArgs e) { HtmlPage.Window.CreateInstance("thisIsPlainHell"); } and in my aspx I have function thisIsPlainHell() { var popup = window.open('http://www.bing.com', 'blah'); popup.focus(); } Guess what? This does work. The only thing is that the window behaves a little strange and I'm not sure why: I'm behind a proxy and in all other scenarios I'm being prompted for my password. In this case however I am not (and am thus not able to reach the external site - bing in this case). This is not really a huge issue atm, but I just don't understand what's goign on here. Whenever I type another url in the address bar of the popup window (eg www.google.com) and press enter, it opens up another window and prompts me for my proxy password. As a temporary solution option 5 could do, but I don't like the fact that Silverlight is not able to manage this. One of the main reasons my client has opted for Silverlight is to be protected against all the browser specific hacking that comes with javascript. Am I doing something wrong? I'm definitely no javascript expert, so I'm hoping it's something obvious I'm missing here. Cheers, Phil

    Read the article

  • Can't get the L2TP IPSEC up and running

    - by Maciej Swic
    i have an Ubuntu 11.10 (oneiric) server running on a ReadyNAS. Im planning to use this to accept ipsec+l2tp connections through a router. However, the connection is failing somewhere half through. Using Openswan IPsec U2.6.28/K3.0.0-12-generic and trying to connect with an iOS 5 iPhone 4S. This is how far i can get: auth.log: Jan 19 13:54:11 ubuntu pluto[1990]: added connection description "PSK" Jan 19 13:54:11 ubuntu pluto[1990]: added connection description "L2TP-PSK-NAT" Jan 19 13:54:11 ubuntu pluto[1990]: added connection description "L2TP-PSK-noNAT" Jan 19 13:54:11 ubuntu pluto[1990]: added connection description "passthrough-for-non-l2tp" Jan 19 13:54:11 ubuntu pluto[1990]: listening for IKE messages Jan 19 13:54:11 ubuntu pluto[1990]: NAT-Traversal: Trying new style NAT-T Jan 19 13:54:11 ubuntu pluto[1990]: NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19) Jan 19 13:54:11 ubuntu pluto[1990]: NAT-Traversal: Trying old style NAT-T Jan 19 13:54:11 ubuntu pluto[1990]: adding interface eth0/eth0 192.168.19.99:500 Jan 19 13:54:11 ubuntu pluto[1990]: adding interface eth0/eth0 192.168.19.99:4500 Jan 19 13:54:11 ubuntu pluto[1990]: adding interface lo/lo 127.0.0.1:500 Jan 19 13:54:11 ubuntu pluto[1990]: adding interface lo/lo 127.0.0.1:4500 Jan 19 13:54:11 ubuntu pluto[1990]: adding interface lo/lo ::1:500 Jan 19 13:54:11 ubuntu pluto[1990]: adding interface eth0/eth0 2001:470:28:81:a00:27ff:* Jan 19 13:54:11 ubuntu pluto[1990]: loading secrets from "/etc/ipsec.secrets" Jan 19 13:54:11 ubuntu pluto[1990]: loading secrets from "/var/lib/openswan/ipsec.secrets.inc" Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: received Vendor ID payload [RFC 3947] method set to=109 Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b] Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110 Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110 Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110 Jan 19 14:04:31 ubuntu pluto[1990]: packet from 95.*.*.233:500: received Vendor ID payload [Dead Peer Detection] Jan 19 14:04:31 ubuntu pluto[1990]: "PSK"[1] 95.*.*.233 #1: responding to Main Mode from unknown peer 95.*.*.233 Jan 19 14:04:31 ubuntu pluto[1990]: "PSK"[1] 95.*.*.233 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Jan 19 14:04:31 ubuntu pluto[1990]: "PSK"[1] 95.*.*.233 #1: STATE_MAIN_R1: sent MR1, expecting MI2 Jan 19 14:04:33 ubuntu pluto[1990]: "PSK"[1] 95.*.*.233 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed Jan 19 14:04:33 ubuntu pluto[1990]: "PSK"[1] 95.*.*.233 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Jan 19 14:04:33 ubuntu pluto[1990]: "PSK"[1] 95.*.*.233 #1: STATE_MAIN_R2: sent MR2, expecting MI3 Jan 19 14:05:03 ubuntu pluto[1990]: ERROR: asynchronous network error report on eth0 (sport=500) for message to 95.*.*.233 port 500, complainant 95.*.*.233: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Router config UDP 500, 1701 and 4500 forwarded to 192.168.19.99 (Ubuntu server for ipsec). Ipsec passthrough enabled. /etc/ipsec.conf # /etc/ipsec.conf - Openswan IPsec configuration file # This file: /usr/share/doc/openswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification config setup nat_traversal=yes #charonstart=yes #plutostart=yes protostack=netkey conn PSK authby=secret forceencaps=yes pfs=no auto=add keyingtries=3 dpdtimeout=60 dpdaction=clear rekey=no left=192.168.19.99 leftnexthop=192.168.19.1 leftprotoport=17/1701 right=%any rightprotoport=17/%any rightsubnet=vhost:%priv,%no dpddelay=10 #dpdtimeout=10 #dpdaction=clear include /etc/ipsec.d/l2tp-psk.conf /etc/ipsec.d/l2tp-psk.conf conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT # # PreSharedSecret needs to be specified in /etc/ipsec.secrets as # YourIPAddress %any: "sharedsecret" authby=secret pfs=no auto=add keyingtries=3 # we cannot rekey for %any, let client rekey rekey=no # Set ikelifetime and keylife to same defaults windows has ikelifetime=8h keylife=1h # l2tp-over-ipsec is transport mode type=transport # left=192.168.19.99 # # For updated Windows 2000/XP clients, # to support old clients as well, use leftprotoport=17/%any leftprotoport=17/1701 # # The remote user. # right=%any # Using the magic port of "0" means "any one single port". This is # a work around required for Apple OSX clients that use a randomly # high port, but propose "0" instead of their port. rightprotoport=17/%any dpddelay=10 dpdtimeout=10 dpdaction=clear conn passthrough-for-non-l2tp type=passthrough left=192.168.19.99 leftnexthop=192.168.19.1 right=0.0.0.0 rightsubnet=0.0.0.0/0 auto=route /etc/ipsec.secrets include /var/lib/openswan/ipsec.secrets.inc %any %any: PSK "my-key" 192.168.19.99 %any: PSK "my-key" /etc/xl2tpd/xl2tpd.conf [global] debug network = yes debug tunnel = yes ipsec saref = no listen-addr = 192.168.19.99 [lns default] ip range = 192.168.19.201-192.168.19.220 local ip = 192.168.19.99 require chap = yes refuse chap = no refuse pap = no require authentication = no ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes /etc/ppp/options.xl2tpd pcp-accept-local ipcp-accept-remote noccp auth crtscts idle 1800 mtu 1410 mru 1410 defaultroute debug lock proxyarp connect-delay 5000 ipcp-accept-local /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses maciekish * my-secret * * maciekish my-secret * I can't seem to find the problem. Other ipsec connections to other hosts work from the network im currently at.

    Read the article

  • Server with IIS and Apache - how to SSL encrypt Apache with IIS

    - by GAThrawn
    I have a Windows Server 2003 box already setup and working with IIS 6. IIS is set to serve a site out over both HTTP and HTTPS connections using default ports. For various reasons I need to set Apache up on the same server and it needs to serve its pages to end-users as SSL encrypted HTTPS pages. Neither IIS or Apache are (or are ever likely to be) particularly high traffic or high usage. The way I see it there are two possible ways this could be done. Either export the SSL cert from IIS,set it up in Apache and get Apache to server the HTTPS connections itself over a non-default port. Or use IIS to proxy Apache in some way over it's existing SSL security. What is going to end up easiest to setup, configure, maintain and run? Which is going to work best? Has anyone done this sort of thing before? Any tips or things to look out for?

    Read the article

  • xl2tpd[845]: parse_config: line 13: data 'ipsec sared=yes' occurs with no context

    - by mmc18
    When I executed xl2tpd I amhaving following error. # xl2tpd -D xl2tpd[845]: parse_config: line 13: data 'ipsec sared=yes' occurs with no context xl2tpd[845]: init: Unable to load config file When I remove the "line 13" I having same error with "Line 14" thefore I do not think that the problem is about "ipsec sared" Here is my configuration file xl2tpd.conf. LINUX Ubuntu 12.0.4 ;Openswan IPsec 2.6.37; xl2tpd version: xl2tpd-1.3.1 ; [global] ipsec sared=yes listen-addr=47.168.137.27 ; [lns default] ip range = 192.168.1.10-192.168.1.20 local ip = 192.168.1.1 require chap = yes refuse pap = yes require authentication = yes ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes name=LinuxIPSECVPN ANSWER:(since have not enough reputation I am writting it over here.) removing the ";" character at the beginning of [global] and [lns default] have solved the issue. At fist I tought that [global] and[lns default] were just a comment.

    Read the article

  • WCF MustUnderstand headers are not understood

    - by raghur
    Hello everyone, I am using a Java Web Service which is developed by one of our vendor which I really do not have any control over it. I have written a WCF router which the client application calls it and the router sends the message to the Java Web Service and returns the data back to the client. The issue what I am encountering is, I am successfully able to call the Java web service from the WCF router, but, I am getting the following exceptions back. Router config file is as follows: <customBinding> <binding name="SimpleWSPortBinding"> <!--<reliableSession maxPendingChannels="4" maxRetryCount="8" ordered="true" />--> <!--<mtomMessageEncoding messageVersion ="Soap12WSAddressing10" ></mtomMessageEncoding>--> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Soap12WSAddressing10" writeEncoding="utf-8" /> <httpTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="true" keepAliveEnabled="true" maxBufferSize="65536" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"/> </binding> </customBinding> Test client config file <customBinding> <binding name="DocumentRepository_Binding_Soap12"> <!--<reliableSession maxPendingChannels="4" maxRetryCount="8" ordered="true" />--> <!--<mtomMessageEncoding messageVersion ="Soap12WSAddressing10" ></mtomMessageEncoding>--> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Soap12WSAddressing10" writeEncoding="utf-8"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> </textMessageEncoding> <httpTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true" /> </binding> </customBinding> If I use the textMessageEncoding I am getting <soap:Text xml:lang="en">MustUnderstand headers: [{http://www.w3.org/2005/08/addressing}To, {http://www.w3.org/2005/08/addressing}Action] are not understood.</soap:Text> If I use mtomMessageEncoding I am getting The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error. My Router class is as follows: [ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple, AddressFilterMode = AddressFilterMode.Any, ValidateMustUnderstand = false)] public class EmployeeService : IEmployeeService { public System.ServiceModel.Channels.Message ProcessMessage(System.ServiceModel.Channels.Message requestMessage) { ChannelFactory<IEmployeeService> factory = new ChannelFactory<IEmployeeService>("client"); factory.Endpoint.Behaviors.Add(new MustUnderstandBehavior(false)); IEmployeeService proxy = factory.CreateChannel(); Message responseMessage = proxy.ProcessMessage(requestMessage); return responseMessage; } } The "client" in the above code under ChannelFactory is defined in the config file as: <client> <endpoint address="http://JavaWS/EmployeeService" binding="wsHttpBinding" bindingConfiguration="wsHttp" contract="EmployeeService.IEmployeeService" name="client" behaviorConfiguration="clientBehavior"> <headers> </headers> </endpoint> </client> Really appreciate your kind help. Thanks in advance, Raghu

    Read the article

  • Problems with self-signed SSL certificate for SSTP in Windows Server Foundation 2008

    - by John Barton
    I am trying to configure SSTP in Windows Server Foundation 2008. I want to use a self-signed SSL certificate to do authentication. When the server is running, I get the following error when trying to connect: 0x800B0109: A certificate chain processed, but terminated in a root certificate that is not trusted by the trust provider. I created the self-signed certificate in the IIS "Server Certificates" panel. From that panel, I exported the certificate, with the private key, to a .pfx file. I installed this certificate on the client computer which I tried to connect from. The certificate bound to the SSL listener in the RRAS-Security panel is present in the Trusted Root Certificate Authority stores on both machines. I've been getting super annoyed setting up certificates. Any advice here?

    Read the article

  • Execute a remote command after sudo - su anotheruser in Rundeck

    - by Bera
    I'm new with Rundeck and completely amazed with it and I'm trying to execute a job and my scenario is detailed below: Rundeck is configured with ssh passwordless authentication for user master between node Server (rundeck server) and node Target (remote Solaris host) for user "master" In node Target I want to execute a script /app/acme/stopApp.sh with a user appmanager Normally and manually, when I need to run script above I proceed with ssh master@server sudo su - appmanager or simply ssh -t master@server 'sudo su - appmanager' works without password and finally run (as appmanager) /app/acme/stopApp.sh But I'm not sure how can I reproduce these steps using Rundeck. I read in some previous messages that for each job line rundeck use a new ssh connection, so the workflow below always fails for me with the messages: sudo: no tty present and no askpass program specified Remote command failed with exit status 1 Please someone could help me with some information to solve this issue. Without this functionality I wouldn't be able to introduce a little DevOps in my department. I read the user guide and admin guide but I couldn't find an easy example, neither in this forum, to follow.

    Read the article

  • Laravel Forge SSH on windows not recognized

    - by alysdal
    I decided to try out the Laravel Forge, but I'm having trouble with the SSH keys. I use digitalocean.com for the VMs and have used SSH keys with success many times before. However when I paste my public key into Forge (which adds it to the server) I'm not able to connect to it. I use Putty and I get the following error: Disconnected: No supported authentication methods available (server sent: publickey) Key was generated using puttygen and was added to pageant. I have tried using the very same key files as my other VM and tried creating a new one, but all without luck. I'm hoping someone can help me out here. Edit: here is my putty log http://pastebin.com/ZGmm8Mcv

    Read the article

  • Disable .htaccess or disable some rules from .htaccess on specific URL

    - by petRUShka
    I have Kerberos-based authentication and I want to disable it on only root url: mysite.com/. And I want it to works fine on any other page like mysite.com/page1. I have such things in my .htaccess: AuthType Kerberos AuthName "Domain login" KrbAuthRealms DOMAIN.COM KrbMethodK5Passwd on Krb5KeyTab /etc/httpd/httpd.keytab require valid-user I want to turn it off only for root URL. As workaround it is possible to turn off using .htaccess in virtual host config. Unfortunately I don't know how to do it. Part of my vhost.conf: <Directory /home/user/www/current/public/> Options -MultiViews +FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> It would be great if you can advice me something!

    Read the article

  • User Provisioning Tool for SQL Server 2008?

    - by Rob Sanders
    Yesterday I moved my machine from one domain to another - foolishly forgetting the implications for my local instance of SQL Server! Mixed Mode authentication is not enabled, and the only local account login has only "public" permissions. SQL Server 2005 Service Pack 2 had a tool called the User Provisioning Tool for Windows Vista (sqlprov.exe) which allowed you to add Domain Users to a local SQL 2005 instance (it doesn't work against SQL 2008 btw) - my question is.. is there a similar tool for SQL Server 2008 or am I going to have to do a reinstall? Also let me know if you think this belongs on StackOverflow

    Read the article

  • Exchange 2007 Owa (OnlineVersion) can not authenticate

    - by DingosBarn
    Exchange Authentication dll: https://red002.mail.emea.microsoftonline.com/owa/auth/owaauth.dll sending style is: request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; And sending following message destination=https://red002.mail.emea.microsoftonline.com/owa/[email protected]/?ae=Folder&t=IPF.Appointment&[email protected]&password=xxxx I'm getting this error: The remote server returned an error: (400) Bad Request. If I use the path in a webbrowser it is accesable. It is not a bad request indeed. The server is Exchange server 2007 and replaced the path for owa. But it can not auth the path?

    Read the article

  • Active Directory - Lightweight Directory Services and Domain Password Policy

    - by Craig Beuker
    Greetings all, We have an active directory domain which enforces a strict password policy. Hooray! Now, for the project we are working on, we are going to be storing users of our website Microsoft's AD-LDS service as well as using that for authentication of our web users. By default, it is my understanding that AD-LDS inherits its password policy from the domain of the machine it's installed on. Is there any way to break that link such that we can define a lighter password policy (or none if we so choose) for users in AD-LDS without affecting our domain? Note: AD-LDS is going to be hosted on a machine which is part of the domain. Thanks in advance.

    Read the article

  • Google chrome asking for username and password for OWA

    - by Grant
    Hi, i have a question about the google chrome browser. When i navigate to my work's Outlook Web Access site to read my emails, the chrome browser is prompting me for a username and password to the server saying "Authentication Required - the server XXXXXX.XXX:443 requires a username and password. After i put them in i then have to enter in the normal OWA username and password to access my emails as per normal. The funny thing is.. 1] If i click CANCEL on the first dialog it takes me to the OWA screen and i can log in normal anyway. However - subqeuent page clicks will keep prompting me each time for the server credentials. 2] I am NOT prompted for server UN and PW if i use IE or fireFox. Does anyone know how to stop chrome from asking me each time? or is it a server setting - i do know that a friend who uses the same browser (chrome) and also OWA does not have the same problem (NB: they work at a different company) Thanks!

    Read the article

  • Sonicwall SSL VPN: Unable to reconnect once connection drops

    - by Jeffrey Hantin
    One of my users is having problems with his NetExtender connection. After installing NetExtender from the portal, it connects fine -- ONCE. After that, attempting to reconnect gives Verifying user...authentication fail! and the log on the router shows: [timestamp] | Info | SSLVPN | Auth Failed: No user name in http request (message id: 1079) This seems odd to me because the user name, password and domain are entered on the NetExtender client. After this error occurs, the only way to connect again is to uninstall, reboot, and reinstall NetExtender. He can connect fine to the Sonicwall SSLVPN demo site, and a different user can connect fine to this site from a different PC. Any clues?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 253 254 255 256 257 258 259 260 261 262 263 264  | Next Page >