Issue of SSL - EAS

Similar Questions

• Issue of SSL Vpn client'

  you are not sure if it's possible/Device asa 5550 - but a customer can establish SSL VPN to the remote network and devices on the local network to access remote network printers?

  so you have a network client that creates an SSL VPN to network B network B configurable so that the automatic work met the same vpn ssl to a different IP address?

  I don't know if its just me, but I don't understand what you mean with that:

  so you have a network client that creates an SSL VPN to network B network B configurable so that the automatic work met the same vpn ssl to a different IP address?

  You can try to explain once more?

  Now I think tell you the following, please look at this:

  HQ - ASA - INTERNET - office2

  Now the office2 will a clientless vpn SSL to the ASA and subsequently, you want HQ in order to communicate with certain printers or servers to Desktop 2 via SSL vpn without customer... If that's the question the answer is no. clientless vpn SSL will only allow traffic to go from office2 at HQ and not all traffic , this will depend on which allows you to configure the clientless ssl (Smart tunnels, Port-forwarding, Plugins).

  Yet once I don't know if that is the question.

  Kind regards

  Julio

  Note all useful posts

• Impossible to deploy - issues with SSL keys?

  Hi - I was unable to get the last BDE (2.0) deployed in a new environment of vCenter.

  The environment is the following:

  A host ESXi - 5.5 build 1623387

  A vCenter device - 5.5 build 2001466

  Embedded DB, incorporated SSO

  BDE 2.0.0.951 build 1885370

  NTP and DNS are configured and tested.

  Deployment of seems to work fine, but I can't go beyond the error at initialization:

  ERROR: Unable to launch the Web Service of Serengeti. Illegal option: /opt/serengeti/.certs/serengeti_ws.jks.keytool - importkeystore [OPTION]... Any one or all entries from another file of keys... Options:... -srckeystore source keystore name. - destkeystore destination keystore name. - srcstoretype source keystore type. - deststoretype destination keystore type. - srcstorepass source keystore password. - deststorepass destination keystore password: srcprotected password key source protected. -srcprovidername source keystore provider name. -destprovidername destination keystore provider name. - srcalias source alias. - destalias. destination alias - srckeypass source key password. - destkeypass destination key password. - noprompt do not prompt - providerclass class name. Provider - provider argument. - providerpath provider classpath. providerarg - exit wordy v... Use 'keytool - help' for all available commands and, while I can connect to the server with the plugin, BDE

  I can't create objects as they cause an error "Unable to connect to vCenter Server" - it sounds like the BDE unit is to have a hard time, import the SSL vCenter keys. Has anyone seen this?  Any thoughts on getting a pass? Thank you! -Andrew

  Hi, could attach you the /opt/serengeti/logs/*.log files on server BDE?  And your BDE VAPP is deployed in the vCenter rather than the host ESX cluster?  You will see this error if it is deployed on the ESX host.

  -Jesse

• Cisco IOS SSL VPN does not-Internet Explorer

  Hi all

  I seem to have a strange issue of SSL VPN.  I have a Cisco 877 router with c870-advsecurityk9 - mz.124 - 24.T4.bin and I can't get the SSL VPN (VPN Web) works with Internet Explorer (tried IE8 on XP and IE9 on Windows 7).  When I go to https://x.x.x.x, I 'Internet Explorer cannot Display The Webpage ".  It kind of works in Chrome (I can get the Web page and connect, but I can't start the thin client, when I click on Start, nothing happens).  It seems to only work with Firefox.  It seems quite similar to this topic with the ASAs - http://www.infoworld.com/d/applications/cisco-asa-users-cant-use-ssl-vpns-ie-8-901

  Here is an excerpt of the configuration:

  ------------

  !

  username password vpntest XXXXX

  AAA authentication login default local
  !
  !
  !
  Crypto pki trustpoint TP-self-signed-1873082433
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 1873082433
  revocation checking no
  rsakeypair TP-self-signed-1873082433
  !
  !
  TP-self-signed-1873082433 crypto pki certificate chain
  certificate self-signed 01
  -omis-
  quit smoking
  !
  WebVPN gateway SSLVPN
  router host name
  address IP X.X.X.X port 443
  SSL encryption aes-sha1
  SSL trustpoint TP-self-signed-1873082433
  development
  !
  WebVPN context SSLVPN
  title "Blah Blah"
  SSL authentication check all
  !
  Login-message "enter the magic words...". »
  !
  port-forward "PortForwardList."
  description of remote-port 3389 to remote-server '10.0.1.3' local-port 33389 "RDP".
  !
  SSL-policy strategy group
  port-forward "PortForwardList" auto-Télécharger
  Group Policy - by default-SSL-policy
  Gateway SSLVPN
  users of max - 3
  development

  ------------

  I tried:

  Activation of SSL 2.0 in Internet Explorer

  * Adding the site to websites of trusted in Internet Explorer

  * Add to the list of sites allowed to use Cookies

  At a loss to understand this.  Has anyone encountered this before?  Whereas Cisco's Web site shows an example usage of IE (http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a008072aa61.shtml), surely, it should work in IE you would think?

  Thank you

  Hello

  I would check out where exactly it is a failure, either the connection ssl itself or something after that. The best way to do that is executed a wireshark capture when you try to access the page using IE. You can compare this with that with Mozilla too just to confirm that ssl works fine.

  Also you can try with different SSL encryption algorithms as a difference between the browsers is the encryption they use. 3DES is expected to be a good option to try.

• Number of SSL VPN - a weird

  I ran into an issue using SSL VPN to connect remotely to our society and I am the only one in question (which is good because it still works for everyone).  I've been tinkering with the profile editor Anyconnect trying to get work always based on Anyconnect and it seems that I watered something along the way.  I uninstalled and reinstalled the Anyconnect client, but it causes problems.  It seems locked my laptop where I can't on a network, like a customer of the NAC.  However, when I log on the Anyconnect site for my business, I get the following error:

  AnyConnect can confirm that it is connected to your secure gateway.  The local network cannot be trusted.  Please try another network.

  According to what I found on the Cisco site, it can be a certificate problem, but I get no ceritifcate error when I try to connect.  I'm puzzled.  I went through the registry to remove everything about Anyconnect, but he has not made a difference.

  Any ideas would be great.

  TIA,

  Dan

  You may need to remove the profiles and preferences files that will be present even after uninstall.

  For the profile, delete the contents of this folder (Win XP):

  C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client

  Remove the contents of these preferences:

  C:\Documents and Settings\\Local Settings\Application Data\Cisco\Cisco AnyConnect VPN Client

  Please try after removing all these files.

• I wish to establish an SSL connection to a Web page

  I want to set up an SSL connection to a Web page that has a Flex application on the inside.

  The only thing is that the swf file is around 2 mb and I am really worried about the performance. Do you have any advice?

  If you use RSL to outsource parts of the Flex framework or active in other sovereign funds, which can be a boon for large Flex projects, please carefully test in as many browsers as possible (not just your browsers get some colleagues or friends to take a look). I saw weird errors and behaviors of Flex applications deployed in this manner, where sovereign wealth funds outsourced not loading, etc.

  Again, RSL can be a good choice and, when used correctly, reduce considerably the size of your SWF files, but your users will have to always download these sovereign wealth funds the first time they use the application (they are cached after that - just like your MB 2 SWF will be cached, so this sort of can ruin some benefits) not all, of the RSL).

  As for the performance, in general a Flex of 2MB application is not that huge, I don't think, and once it has downloaded, it is 'local' in the browser of users, so no issue there. The biggest performance issue with SSL is what type and how much data you are moving to and from the application?

• Transparent wall - APPLICATION HELP

  Hello
  
  I have two applications (ASO, BSO) and am trying to create a transparent wall with ASO as source and OSI as a target. The two applications are the same size with the exception of the period dimension that has 100 members in ASO and about 20 in OSB. The sector of partition for period dimension is IChildren ("Q1")... IChildren ("Q4") in both applications.
  
  My Regional service console does not respond when I click on "Partition" in the GUI (very frustrating). So I'm running a Maxl but fail to create the partition, as says the message-"Partition definition for unit [1] is not parsed.
  
  Please let me know how to solve this problem because it's now on my neck.
  
  Thank you!

  Hi gugler

  I also had a few issues recently where EAS would become unresponsive when I na define a partition replicated correctly... It was like rubbing your mistakes in your face. I ended up having use maxl also but for other reasons (substitution variables were working on the definition of areas but not in maps).

  Anyway.

  My experience is that the output of the partition is quite imprecie, BUT the details can usually be found in the newspapers. In my view, there are details in the newspapers of the target application & Source and also the server or logs. In my view, the target server log has depth, but you can check that. You should be able to find if there are specific members causing you problems by looking in these newspapers.

  Can't really help even more without more information.

• When you access Intranet sites that use SSL certificates issued by our internal PKI, FF for Windows gives an error of "incorrectly put in the form of message coded DER"

  When to access Intranet sites who have the SSL certificates issued by our internal PKI, FF for Windows gives an error message - an error occurred when connecting to myshaw. Security Library: improperly formatted DER encoded message. (Error code: sec_error_bad_der)

  Chrome and IE work fine. This is a PKI again using the signature SHA-2 algorithm.

  I was able to identify the problem. Our public key infrastructure has been using some signature algorithms that FF did not support.

• The host 'SMTP' could not be found. Please check that you have entered the server name correctly. _ subject 'Report issue', account: 'POP3', server: 'SMTP', Protocol: SMTP, Port: 25, secure (SSL): no, Socket error: 11001, error number: 0x800CCC0D

  The host 'SMTP' could not be found. Please check that you have entered the server name correctly.
  'Report issue', account: 'POP3', server: 'SMTP', Protocol: SMTP, Port: 25, secure (SSL): no, Socket error: 11001, error number: 0x800CCC0D.
  I'm answering an ad on craigslist and Windows Live continues to appear, but will not send my email I can be reached at * address email is removed from the privacy * or 614-499-1541.
  Thank you
  Stephen lawless

  Your post has nothing to do with Windows Update.

  You're not even close to have properly configured your e-mail account in Windows Live Mail.

  You will find support for Win7 e-mail Clients in this forum: http://social.answers.microsoft.com/Forums/en-US/w7network/threads

  You will find support for Windows Live Mail in this public newsgroup:
  http://www.Microsoft.com/communities/newsgroups/list/en-us/default.aspx?DG=Microsoft.public.Windows.live.mail.desktop

  Through your News Reader:
  News://msnews.Microsoft.com/Microsoft.public.Windows.live.mail.desktop

  ~ Robear Dyer (PA Bear) ~ MS MVP (that is to say, mail, security, Windows & Update Services) since 2002 ~ WARNING: MS MVPs represent or work for Microsoft

• Another post of EAS SSL...

  I'm still not able to connect after doing the routine of startcom ssl.

  My configuration:

  * Client machine is a Mac OS Leopard

  * Entourage 2008 - worm 12.1.5

  * 2003 SBS R2

  * I had a member of the forum help me by adding "custom A' records." (For my Moto Q9c & 755 p, I used my IP address that has worked well.) However for the Pre, I was brought to understand that it must be a domain name!).

  * AW, I did the above & I was able to connect (woot woot) on the server, using my self-signed certificate.

  * But all I saw was the Outbox & nothing else.

  * Another search on the forums, has led me to install Startcom (or any other provider checked like Godaddy) certificate

  * Gone thru' the movements of the same & installed.

  * Installed certificates on my pre

  * Opens the browser on the Meadow & was able to get on OWA

  * A tried to implement pre & error "SSL certificate error. Check the date & time. »

  * I restarted the Palm now several times. Do I need to restart the server too?

  Puzzled in Beaverton, or.

  Mamoudou

  SOLVED.

  With the help of another Member of the forum, MH, (who has a very few of his precious time with me troubleshooting), we got this to work.

  FWIW, here is the solution for EAS to work on non - SSL exchange servers. (HD, if you read this & would like to add, please do.)

  My configuration:

  * SBS 2003 R2

  * Without SSL

  * Download the latest 1.03 update.

  * If you are the administrator, make sure you have 'Type A' record for the e-mail domain, since I dn't believe meadow accepts IP addresses. So mark the IP address for this record of Type A. This area is the even that you will have access to your exchnage via OWA & no are not the domain name of your server.

  * If you are not sure, stil connect to your server, right-click on "My computer" > properties & you will find your computer name, details etc...

  * Do what no SSL is set up, OR your active directory, etc. don't want the same thing.

  On your Pre:

  * Email: Enter your email as [email protected]

  * http: since there is no SLL, you can enter http://maildomain.com (see that there is no https)

  *: Your (identical to that of the server) domain name

  * Name

  * Pwd

  If your settings are correct, you should see a msg "sycnhronising Exchange".

  G'luck.

  M

• Essbase vs EAS via SSL EPM 11.1.2.3

  Hello

  I have a problem with the ssl configuration between EAS and ESSBASE server connection

  1. I have configure the ESSBASE server using the protocol SSL (essbase.cfg)

  2. check with maxl secure connection (SSL works fine)

  3. performance EAS Console trying to add a new server (using the SSL connection) and error

  Error: 103: unexpected error Essbase 1030818

  Error: 1040142: NZERROR: nzos_Handshake failed (29024)

  Error: 1042006: error network [0]: unable to connect to [server: 6423]

  Error: 1030818: failed to connect. Please check if the server and port are correct. If you receive timeout or handshake failure, please check if you have tried to connect to secure the port without keyword secure or disable the port with the secure key word.

  4. all certificates in the keystore, the JAVA_OPTIONS value for keystore in admincon.bat

  Thank you.

  I solved the problem... John was right, I import public keys in the Essbase-RTC portfolio and jrock keystore

• NZERROR: nzos_Handshake failed (29024) when adding Essbase to EAS (SSL)

  Hello Guru,
  
  I am trying to implement SSL for server Essbase on EMP 11.1.2.1, while trying to add the essbase server in EAS console using the SSL mode, it gives "NZERROR: nzos_Handshake failed (29024).
  
  I am still able to access Essbase using secure through MAXL.
  
  
  
  --
  Thanks and greetings
  Yoann

  Looks like this post - can not open/Add essbase server in the Regional in mode SSL service console

  See you soon

  John
  http://John-Goodwin.blogspot.com/

• StartCom is an unknown SSL issuer?

  I am trying to use a Web site at blocktogether.organd get the rogue connection failure, because it indicates that the issuer of the certificate is unknown. A picture of the cert details is attached. Quick google search has some comments that Startcom may have been sought to the possible withdrawal of the list of cases known because of something about the bug of software and their revocation of certificate policies, but I couldn't find anything definitive.

  I use Firefox 39.0 on Windows 7/64 with patches to microsoft update.

  It works for me on an another distro Fx38 but not on Fx40.
  Presumbly succeeded not stricter criteria of Firefox 39.

  You should be able to set an exception for this. See

  • Error "this connection is untrusted" message - what to do #w_bypassing-du-WARNING

  I note that this report mentions an incomplete string and a problem with the handling of prefix.

  • https://www.ssllabs.com/ssltest/analyze.html?d=blocktogether.org

• Issue ubuntu Client - openVPN - VPN connection to proSafe SSL / FSV318

  Hello

  I want to set up a Simple SSL VPN tunnel. A thin client Linux - connection to the FVS318N.

  The web - SSL is not suitable for me, because the java applet uses a root access, but normally, I do not use the root account.

  What kind of client do you recommend for linux guests? You have a description brief installation for it?

  I am trying to use openVPN, but get the following output from openVPN:

  Fri 22 April 10:58:18 error 2016 TLS: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
  Fri 22 April 10:58:18 error 2016 TLS: TLS handshake failed

  I see nothing in the SSL VPN on the FVS318 log file.

  Best regards

  Florian

  FHo salvation,

  You should probably use IPSec VPN.

  https://help.Ubuntu.com/community/IPSecHowTo

  Hope this helps

• SSL VPN issues

  Hello

  We have had problems with the SSL VPN for quite awhile, but don't seem to be getting anywhere.

  This is an intermittent problem that we can not simply track down.

  Users can connect to the VPN, get an IP address and show as connected on GEORGE page.
  Users concerned, always shows a time of 0: logon. If they try to access anything whatsoever, they cannot, as looks that all traffic is blocked.
  I ran a trace of packets to an affected user, and it shows this. To me, it looks like a firewall policy blocks.

  (* Parcel number: 1 * header values: bytes captured: 74, real bytes on the wire: 74 Packet Info(Time:02/19/2016 18:01:42.256): in: X 1 * (interface), out:-, DROPPED, Code Drop: 582 Id of Module (package abandoned-denied by SSLVPN under user control strategy),: 27 (policy), (Ref.Id: _968_qpmjdzDifdl), 18:31) ether header Ethernet Type: IP (0 x 800), Src = [00:11:22:33:44:55], Dst = [c2 [:ea:e4:b1:8 b: 23] Type of IP header IP Packet: ICMP (0 x 1), Src = [192.118.201.6], [172.18.1.252] = Type ICMP ICMP Packet Header Dst = 8 (ECHO_REQUEST), ICMP Code = 0, 19407 value = ICMP checksum: [2] dump hexadecimal and ASCII of the package: c2eae4b1 8 b 230011 22334455 and 08004500 003c1a76 00008001 *... #... "3DU... E...<.v....* e8bfc076="" c906ac12="" 01fc0800="" 4bcf0001="" 018c6162="" 63646566="" *...v........k.....abcdef*="" 6768696a="" 6b6c6d6e="" 6f707172="" 73747576="" 77616263="" 64656667="" *ghijklmnopqrstuvwabcdefg*="" 6869="" *hi="">

  The only solution is to unplug / reconnect several times, until he started working. We cannot find a reason for this. Somedays it works very good and other days it is not.
  

  Any help would be greatly appreciated.

  Thank you

  Hello

  Just came across the same problem.

  We had some additional IP address ranges that had to go through the firewall on SSLVPN. I beilive source was the same.

  When configuring users > local users must also assign in selected authorized user access VPN (pencil icon on the right of the user name) Configure > VPN access.

  Once I created the Group of subnet for all subnets internal and permitted all Local defined users to access this group for VPN access settings, all traffic began to flow.

  I see that 1/2 of last year, but I just joined.

  Kind regards

  Rajko