CWMS hostnames are not treated as valid subject alternate names for a public certificate
Hi,
I have a problem to get s public certificate for my CWMS Server 2.0
fqdn for public vip is "meet.company.de"
But the fqdn hostnames for admin and media vm are "admin.company.corp"
The public certification authority does not accept our CSR because the Subject Alternate Name xxxx.company.corp ist not valid
Any ideas how we can proceed? Wildcard certificate is not an option.
Hello,
There are couple of things you can try to do:
1. Change the Certification Authority. At least until November 2015, CAs should accept internal company domains and provide SSL certs for them. Not sure what CA you are trying to use, but I've seen Verisign, GoDaddy, Entrust, etc. providing SSL certs for internal domain names (using SAN certs)
2. Change the FQDNs of your internal VMs. You would need to ensure you configure "company.de" zone in your internal DNS, create DNS entries for all the internal VMs, Private VIP and Admin and WebEx Site for "company.de" domain, and then perform the hostname change on CWMS for all the VMs and Admin site. You can change the VMs hostnames if you go to CWMS Dashboard > System > View More, and by clicking on each VM you will get an option to change the hostname. If the hostname is defined in DNS and resolves to the same IP address as the original hostname, the entry will be properly updated. (NOTE: don't change the IP addresses if not really needed. If needed, take a look at the instructions here) . Once you modified all the hostnames, you can generate new CSR (SAN) and you will get valid internal VM hostnames and your CA will be able to issue you a certificate.
3. If you end up using the same domain name on all the VMs and VIPs, you may consider wildcard certs (not sure why the are not the option in your case).
This is all that you can do when it comes to this issue.
I hope any of this will help.
-Dejan
Similar Messages
-
Documents I forward are not received under the original document name. How do I solve this?
If you're referring to the name of the attatchment showing when viewing the entire email, that's there's no way to change how it's done. The title and body of the actual document is unchanged after it's opened.
Does this naming of the attachment really confuse the recipient? If so, put something in the body of the email to make it clear what's attached. -
Since the update IOS 8.2, the artists are not any more sorted out by name in the application Music. Anybody has the same problem?
https://itunes.apple.com/us/album/king-dance-bonus-track-version/id531510300
Bailando por el Mundo shows up on my iPhone as just Juan Magan It should say Juan Magan, El Cata & Pitbull
Como Yo shows up on my iPhone as just Juan Magan. It should say Juan Magan & Buxxi
https://itunes.apple.com/us/album/meet-orphans-deluxe-edition/id402727180
Danza Kuduro shows up on my iPhone as just Don Omar. It should say Don Omar & Lucenzo
https://itunes.apple.com/us/album/don-omar-presents-mto2-new/id518105534
No Sigue Modas a.k.A Ella No Sigue Modas shows up on my iPhone as just Don Omar. It should say Don Omar & Juan Magan.
https://itunes.apple.com/us/album/globalization/id933984003
Time of Our Lives shows up on my iPhone as just Pitbull. It should say Pitbull & Ne-Yo -
Windows built-in IKEv2 clients are not finding a valid machine certificate
Hi All,
I'm trying to connect windows built-in clients to a Cisco IOS IKEv2 headend. I want to use EAP to authenticate the clients with there AD credentials. For EAP, I need to use certificates so I will use self-signed certificates as I don't have a CA.
Once I have ceated a certificate for the headend, i import this on the clients Trusted Root Certification Authorities. But when I try to connect the client to the headend, I get an error message from the client "Error 13806: IKE failed to find valid machine certificate". It seems that Microsoft is having issue with the certificate.
Does anyone have an idea what I'm doing wrong?
Headend config:
aaa new-model
aaa group server radius AAA-AuthC-Group-RA
server-private v.v.v.v auth-port 1812 acct-port 1813 key secret
aaa authentication login AAA-AuthC-List-RA group AAA-AuthC-Group-RA
aaa authorization network AAA-AuthZ-List-RA local
crypto pki trustpoint PKI-TP-SS-RA
enrollment selfsigned
serial-number none
fqdn headend
ip-address none
subject-name cn=x.x.x.x
revocation-check none
rsakeypair PKI-TP-SS-RA-Key 2048
eku request server-auth
ip local pool IKEV2-POOL-RA 10.0.0.10 10.0.0.250
crypto ikev2 authorization policy IKEV2-AUTHORIZATION-POLICY-RA
pool IKEV2-POOL-RA
dns 10.0.0.1
netmask 255.255.255.0
crypto ikev2 proposal IKEV2-PROPOSAL-RA
encryption aes-cbc-256
integrity sha1
group 2
crypto ikev2 policy IKEV2-POLICY-RA
proposal IKEV2-PROPOSAL-RA
crypto ikev2 profile IKEV2-PROFILE-RA
match identity remote key-id mydomain.com
identity local dn
authentication remote eap query-identity
authentication local rsa-sig
pki trustpoint PKI-TP-SS-RA
dpd 60 2 on-demand
aaa authentication eap AAA-AuthC-List-RA
aaa authorization group eap list AAA-AuthZ-List-RA
virtual-template 10
no crypto ikev2 http-url cert
crypto ipsec profile IPSEC-PROFILE-AES-256
set transform-set IPSEC-AES-256
crypto ipsec profile IPSEC-PROFILE-AES256-SHA1
set transform-set IPSEC-AES256-SHA1
set ikev2-profile IKEV2-PROFILE-RA
interface Loopback10
ip address 10.0.0.1 255.255.255.0
interface Virtual-Template10 type tunnel
description FlexVPN-RA tunnel
bandwidth 20000
ip unnumbered Loopback10
ip mtu 1400
ip flow ingress
ip tcp adjust-mss 1360
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC-PROFILE-AES256-SHA1Please tell me where my Mail is getting Elementary School-isized. anyone?
Mail's Preferences do not affect what is seen at the other end, they are only for local display. To have the recipient see your desired font, you must set it individually for each message in the New Message pane (also you should make it different than what is set in the Preferences, because of a bug). Or you can use custom Stationery.
A workaround used by some is to create a signature in your desired font and begin your message in the first line of the sig.
If these options are not satisfactory, best to switch to Entourage or Thunderbird. -
Could not create a valid GL date rejection for PA transactions to GL
Hi All,
PRC: Interface Labor Costs to General Ledger has the Rejection "Could not create a valid GL date".
I have verified all Periods are Opened. Still there is a a rejection.
Thanks,
PraveenPraveen Bharadwaj wrote:
Hi All,
PRC: Interface Labor Costs to General Ledger has the Rejection "Could not create a valid GL date".
I have verified all Periods are Opened. Still there is a a rejection.
Thanks,
PraveenPlease see these docs.
PAGGLT, PASGLT gives 'Could Not Create A Valid GLDate', even when GL data is re-open. [ID 330874.1]
PRC: Interface Labor Costs to GL (PALDLC) Will Not Interface, CDL.Batch_Name Is Null [ID 437301.1]
PALDLC and PASDUC Error - Could Not Create A Valid GL Date For Provider [ID 338330.1]
Distribute Labor Cost Exception-Could Not Create A Valid GL Date [ID 418675.1]
PAXACCPB - PRC: Create Accounting Gets Error 95325 Gl Date Not An Open Or Future Enterable Period [ID 951452.1]
Thanks,
Hussein -
Reg:tasks are not getting displayed in the uwl mss for particular user
hi all
Tasks are not getting updated in the MSS under tasks tab for particular user in EP.can any one please share their exp and knowledge on this how to reslove it.
Thanks in advance.
DeepikaHi Sateesh,
This message will appear if either the background jobs are not scheduled, or UWL cannot tell that the background jobs are scheduled. The message no longer appears once you ensure the background jobs are scheduled to run via the user id UWL_SERVICE and that user is mapped to my portal user ID UWL_SERVICE.
Kai -
Calls are not getting thru in Cisco voice GW for a particular Number
Cisco gateway is connecte to a PBX with an Qsig interface, for a particualr destination number the calls are not gettin estabilished.
the output of the Q931 debug :
Aug 16 16:17:46.145: ISDN Se0/0/0:23 Q931: RX <- SETUP pd = 8 callref = 0x7E05
Bearer Capability i = 0x8090A2
Standard = CCITT
Transfer Capability = Speech
Transfer Mode = Circuit
Transfer Rate = 64 kbit/s
Channel ID i = 0xA98396
Exclusive, Channel 22
Facility i = 0x9FAA068001008201008B0100A16E0202070102011530650201010A010
1800101A111A00FA50D0A010212083530303035393938A211A00FA50D0A010212083530303035393
938A312801054454C45434F4D20574F524B524F4F4DA412801054454C45434F4D20574F524B524F4
F4DA50C06062B0C02FF373730020500
Facility i = 0x9FAA068001008201008B0100A11D0202010002010080144E455453202
F204C4F4E472044495354414E4345
Calling Party Number i = 0x2183, '8168911010'
Plan:ISDN, Type:National
Called Party Number i = 0x89, '18553808521'
Plan:Private, Type:Unknown
Sending Complete
Aug 16 16:17:46.149: ISDN Se0/0/0:23 Q931: TX -> CALL_PROC pd = 8 callref = 0xF
E05
Channel ID i = 0xA98396
Exclusive, Channel 22
Aug 16 16:17:55.709: ISDN Se0/0/0:23 Q931: TX -> DISCONNECT pd = 8 callref = 0x
FE05
Cause i = 0x80BF - Service/option not available, unspecified
Aug 16 16:17:55.741: ISDN Se0/0/0:23 Q931: RX <- RELEASE pd = 8 callref = 0x7E0
5
Aug 16 16:17:55.741: ISDN Se0/0/0:23 Q931: TX -> RELEASE_COMP pd = 8 callref =
0xFE05
The Qsig and dial-peer configration :
interface Serial0/0/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-qsig
isdn overlap-receiving
isdn incoming-voice voice
isdn send-alerting
no cdp enable
dial-peer voice 1 voip
description To CBTS GK
destination-pattern +1T
signaling forward rawmsg
session protocol sipv2
session target ipv4:10.9.5.10
session transport tcp
voice-class codec 1
dtmf-relay rtp-nte
no vad
interface Serial0/0/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-qsig
isdn overlap-receiving
isdn incoming-voice voice
isdn send-alerting
no cdp enable
dial-peer voice 1 voip
description To CBTS GK
destination-pattern +1T
signaling forward rawmsg
session protocol sipv2
session target ipv4:10.9.5.10
session transport tcp
voice-class codec 1
dtmf-relay rtp-nte
no vadHi Raj,
My name is Edson Pineiro, I understand that your problem description is in regards to failed incoming calls from a qsig trunk.
According to the received q931 setup message I can see the called party number is 18553808521 and as so the gateway should route the dnis based on the best match in destination-pattern. My first suggestion would be to ensure your outgoing dial-peers has a matching destination-pattern that matches the dialed number, for example:
dial-peer voice 1 voip
destination-pattern 1T
The T is a wild card for any digit any length
Or you can be very specific.
dial-peer voice 1 voip
destinaton-pattern 18553808521
The next suggestion would be to ensure that your incoming pots dial-peers contains 'direct-inward dial'. This is so that you don't receive secondary dial tone when dialing in, which I don't think is happening here.
Another suggestion would be to remove 'isdn overlap-receiving' from interface serial 0/0/0:23. Reason being is that the DNIS received is enbloc and not overlapping. You can clearly see that the complete e164 number is received within the setup and no further digits are needed.
But overall the disconnect cause code is 0x80BF the 80 portion is related to the source of the disconnect which is the router and BF "Service/option not available, unspecified" which is described as:
The network or remote equipment cannot provide the service option that the user requests, due to an unspecified reason. A subscription problem can cause this issue.
Any ways seems like the router does not support the protocol or type of message included in the Setup. After decoding one of the facility message:
Facility i = 0x9FAA068001008201008B0100A16E0202070102011530650201010A010
1800101A111A00FA50D0A010212083530303035393938A211A00FA50D0A010212083530303035393
938A312801054454C45434F4D20574F524B524F4F4DA412801054454C45434F4D20574F524B524F4
F4DA50C06062B0C02FF373730020500
decode -->
Facility IE first byte (protocol profile): 0x9f(Network Extentions), depends on Network Protocol Profile
**Note:
**0x91/0x9f both be used by older qsig spec, including:
**ISO 11582:1995, ETSI 300 239:1993/1995
**newer qsig spec use 0x9f only, including:
**ISO 11582:1995/Cor.1:1999, ECMA 165(4th), ETSI 300 239:2003
**see CSCeb58118 for CCM compatibility issue
NetworkFacilityExtension ::= {
sourceEntity: 0
destinationEntity: 0
NetworkProtocolProfile not present
APDU is a ROSE
0
DivertingLegInformation2Invoke ::= {
invokeID: 1793
operationValue: 21
argument: DivertingLegInformation2Arg ::= {
diversionCounter: 1
diversionReason: 1
originalDiversionReason: 1
divertingNr: PrivatePartyNumber ::= {
privateTypeOfNumber: 2
privateNumberDigits: 50005998
originalCalledNr: PrivatePartyNumber ::= {
privateTypeOfNumber: 2
privateNumberDigits: 50005998
redirectingName: 54 45 4C 45 43 4F 4D 20 57 4F 52 4B 52 4F 4F 4D
originalCalledName: 54 45 4C 45 43 4F 4D 20 57 4F 52 4B 52 4F 4F 4D
Looks like this is a redirected call (call forward or transfer), the redireted number is "50005998" and the other end of the PRI maybe attempting to do either a 2 B channel transfer or B channel optimization, which is not supported certain gateways or needs the use of a tcl scripts. Any ways is it possible to confirm if such features are enabled on the other end of the qsig trunk? and what the number 50005998 is assigned too. This may warrant a TAC case.
However please ensure your carry through the first three configuration changes before looking at the possible bad facility message.
Here are some good documents on ISDN, IOS dial-peers and call legs:
Understanding debug isdn q931 Disconnect Cause Codes
http://www.cisco.com/en/US/tech/tk801/tk379/technologies_tech_note09186a008012e95f.shtml
Configuring Telephony Call-Redirect Features
Two B-Channel Transfer
http://www.cisco.com/en/US/docs/ios/voice/ivr/pre12.3_14_t/configuration/guide/ivrapp.pdf
Understanding Dial Peers and Call Legs on Cisco IOS Platforms
http://www.cisco.com/en/US/partner/tech/tk652/tk90/technologies_tech_note09186a008010ae1c.shtml
Understanding Direct-Inward-Dial (DID) on IOS Voice Digital (T1/E1) Interfaces
http://www.cisco.com/en/US/partner/tech/tk652/tk653/technologies_tech_note09186a00801142f8.shtml
Understanding Inbound and Outbound Dial Peers Matching on IOS Platforms
http://www.cisco.com/en/US/partner/tech/tk652/tk90/technologies_tech_note09186a008010fed1.shtml#prereq
Voice Translation Rules
http://www.cisco.com/en/US/partner/tech/tk652/tk90/technologies_tech_note09186a0080325e8e.shtml
Let me know how you go.
Thanks again for asking the tuff questions.
Cheers
Edson -
T/F: iPhone users are not required to pay $15/month extra for Good Technology
I have a personal Droid RAZR M. You may wonder why I am posting in the iPhone forum but you are about to find out.
I have access to corporate e-mail via Good Technology. When I got this service set up at the same time I acquired the phone, I was required to upgrade from a $30/month 2GB plan to a $45/month 2GB plan just to have this access ("needed for access to company servers"). That was a surprise but I got over it. However, since then, I have come to learn the following:
1. It appears that other than VZW, no other carriers are charging users extra for access to Good Technology.
2. Based on a colleague's information from a Good Technology support engineer and a office mate who is using a VZW iPhone, VZW iPhone users are *not* *required* to move to an Enterprise plan aren't paying an extra $15/month. If one searches the Internet, I am not the only one asking about this.
If you are using a Verizon Wireless iPhone and have Good Technology on your phone, would you let me know if were *required* to upgrade your data plan and pay extra just for using Good Technology?
Thanks,
TechvetI need to check some information at work about this, since they have some guidance on how their employees can connect to their corporate email with android and iphone devices.
-
So the files on my hard drive just disappeared, the space is still occupied, but they are not listed. The disk cannot be unmounted for some reason. And I did not hide any files.
Reinstall the WD HDD in a non WD enclosure. Any difference?
Also look at these links:
http://www.macrumors.com/2013/10/31/western-digital-warns-external-hard-drive-cu stomers-over-mavericks-data-loss/
http://www.macrumors.com/2013/11/26/western-digital-releases-new-hard-drive-soft ware-after-mavericks-data-loss/
Ciao. -
Post Author: SRK
CA Forum: General
Hi ,
I am using the following formula to display the alternate white and silver background color in every reocrd but this does not work because the records numbers are not in sequence for ex : its showing 54,56,58 which is not allowing the alternate color, Any advice.Thanks if remainder(recordnumber,2) =0 then crNoColorelse Color (218,218,218);Post Author: keiffer6
CA Forum: General
Could you simply add a running total for each record. That will give you the 1 2 3 4 5 6 ....
Then in the details section color formula, use something like this:
if RunningTotal Mod 2 = 0 then crSilver Else crNoColor.
HTH -
Reports are not posting with report repository webserver configured for Sin
Hi Everyone,
We have configured Single Signon on our Test environment (UADB1) using Sun Authentication Manager. Everything went well, we can login using our LDAP accounts except for one thing. The reports are not posting to the report repository.
Our setup goes like this. We have used only one webserver for login and for report repository purposes. SSL certificate was configured in the webserver and we are using https in the report node. Both URLs https://dv001.test.com:8450 and http://dv001.test.com:8400 were configured for Single Signon.
Report Node Definition
Node Name: uadb1
URL: https://dv001.test.com:8450/psreports/uadb1
Connection Information
https
URI Port: 8450
URI Host: dv001.test.com
URI Resource: SchedulerTransfer/uadb1
Below is the error I am getting. If I will use another webserver which is not the Single Signon configured as report repository the reports are posting. So, I am thinking this has something to do with the Single Signon setup and SSL. ANy idea? Thanks.
PSDSTSRV.2093190 (10) [06/13/10 01:05:43 PostReport](3) 1. Process Instance: 9499/Report Id: 8465/Descr: Process Scheduler System Purge
PSDSTSRV.2093190 (10) [06/13/10 01:05:43 PostReport](3) from directory: /psft/pt849/appserv/prcs/UADB1/log_output/AE_PRCSYSPURGE_9499
PSDSTSRV.2093190 (10) [06/13/10 01:05:44 PostReport](1) (JNIUTIL): Java exception thrown: java.net.SocketException: Unexpected end of file from server
PSDSTSRV.2093190 (10) [06/13/10 01:05:44 PostReport](3) HTTP transfer error.
PSDSTSRV.2093190 (10) [06/13/10 01:05:44 PostReport](3) Post Report Elapsed Time: 0.2300
PSDSTSRV.2093190 (10) [06/13/10 01:05:44 PostReport](1) =================================Error===============================
PSDSTSRV.2093190 (10) [06/13/10 01:05:44 PostReport](1) Unable to post report/log file for Process Instance: 9499, Report Id: 8465
PSDSTSRV.2093190 (10) [06/13/10 01:05:44 PostReport](2) Process Name: PRCSYSPURGE, Type: Application Engine
PSDSTSRV.2093190 (10) [06/13/10 01:05:44 PostReport](2) Description: Process Scheduler System Purge
PSDSTSRV.2093190 (10) [06/13/10 01:05:44 PostReport](2) Directory: /psft/pt849/appserv/prcs/UADB1/log_output/AE_PRCSYSPURGE_94Duplicated thread : Reports not posting if using Single Signon webserver as report repo
Nicolas. -
My audio and video are not syncing properly. There is a lag from the audio to the video. Does anyone have a permanent fix for Photo Booth where the Audio and Video are not syncing properly?
If you monitor the "More Like This" box (top right), other threads appear. Opening them usually displays other threads. You aren't the only one having this problem.
One person having a Photo Booth problem, although not the same one as you are having solved it by running Disk Utility/Repair Permissions. -
Hello,
The cusomer have exchange 2003/2010 in the same organisation for the forest @domain1.fr (main organisation exchange). all users in the same forest use smtp address @domain1.fr
This Exchange organisation is used as a rely for others branch. I mean that, they have multiples smtp connectors for another internal messaging organisation (postfix, exchange, exim....).
When a external mail sent to @toto.fr (internal or accepted smtp domain), it sent to the main organisation exchange (@domain1.fr) to be relayed for @toto.fr smtp server.
we want to filter the recipients in the main organisation exchange(only for @domain1.fr) by enable "Filter recipients who are not in the Directory" in global setting. we wonder if there is an impact for relying the mails to others accepted domain
because the recipients doesn't exist in the forest @domain1.fr.
is there a workaround ?
RegardsHi,
"Filter recipients who are not in the Directory".
Do you mean the "Block messages sent to recipients that do not exist in the directory"?
This will impact the whole Organisation.
More details to see:
http://technet.microsoft.com/en-us/library/aa995993(v=exchg.141).aspx
Please correct me if there is any misunderstanding.
Thanks
Mavis
Mavis Huang
TechNet Community Support -
One of my playlists is marked "ineligible" because it supposedly contains items that are not music. I went through the playlist and unchecked anything of the sort, and it still says it's ineligible. Is there another way to fix this?
I have tried all those things I even updated the software to the new iOS system and it still did fix my problem.
What happened is that my garage band looks like it will open then it shuts down.
I have lot of important things on my garage band and I'm afraid that if I uninstall it deleting it then reinstalling it all my work on it will be gone and I can't have that happen.
Everyday I am hoping that when i go to open the app that is will work but it doesn't it gets ready to turn on then it shuts off , the app doesn't even open all the way and turns off.
I really hope I don't have to erase it.
It'll say it's ,lading my songs then it shuts down .
If I waited for the App Store to come up with an update for garage band should I wait till then to update my app so it doesn't get damaged . I don't want to erase it and all my data get erased . I figured if I wait for an update then my garage band will reset itself but won't delete my data. I'm not sure if that will help. Is there anything you or anyone else might know that can help me with this matter ?
Thank you
Simachyahi -
my problem started when I tried to install latest operating system for my iphone 4 screen said verifying update for about 20 minutes, I got a text that i needed to reply to, then the whole thing locked up and forced me to restore phone. Icloud doesn't have my contacts(I thought that's what it does), I've tried to sync with my computer many times, the only time it said anything about contacts was "Can't sync contacts because they're disabled on Iphone). When I sync, I get old text messages, old photos, old voice memos, but no contacts.
Good evening from the Phils :)
That didn't work. I turned off the icloud for contacts already, so even the 5 network numbers are not on my phone anymore, which is okay. I tried the sync / replace info contacts on phone from itunes, no contacts still. At least, there were no other stuff lost. I might try the restore from backup next time.. But still hiping for something which would not involve doing the restore or any tools. Thanks! :)
Maybe you are looking for
-
I have a problem connecting to my webcam streaming chat site.
The problem is a weird problem, because I can connect to the application through an RTMP test site, Adobe Flash Server reconginzes the connection and allows it. But when I try to connect from the flash applet (It's called Videowhisper), the connectio
-
Error when generating the SmartForm
Hello, every time when I execute the form after generation I get the following message: "The test for /1BCDWB/SF00000006 was regenerated but errors occurred" the scarce description in the help is this: "One reason could be the complex typing of the f
-
"erro desconhecido" (Unknown error) login Mac App Store
I have a MBP (mac os x 10.6.8) and I would like to uprade to the new OS... but I'm having problems with my App Store. I can't acess my acount, after a introduce my aplle ID and password I get the following message: (Unknown error) Need some help here
-
Need help in Aging Analysis in AR for query
Hi, I need to build a query to find the aging analysis bucket wise in AR. Standard: 1 day 1-3 days 3-7 days as output Any help will be needful for me
-
Por favor cual es el office (procesador de texto, hoja de cálculo,....ideal para un Ipad2? Gracias Jucegoli