Search Results

Search found 2089 results on 84 pages for 'symmertric encryption'.

Page 61/84 | < Previous Page | 57 58 59 60 61 62 63 64 65 66 67 68  | Next Page >

  • What’s the password for my FileVault 2 boot volume?

    - by cbowns
    Apple’s support document for FileVault 2 (a.k.a. “full disk encryption” or “FDE”) has lots of information about enabling FDE and what it means for booting the machine. However, it doesn’t cover one very important thing I’m trying to do: mount the drive in the Recovery HD environment to reinstall OS X on it. The Recovery HD environment asks me for the volume passphrase so it can mount my drive and try to install OS X onto it. If this were an external drive which I’d manually enabled FDE on with diskutil, or an external Time Machine volume, I’d know it because it makes you pick one (just like a regular login password), but FileVault 2 never asked me for a volume passphrase (I assume it selects one behind the scenes). I’ve tried my main user’s password, but that doesn’t work, and neither does the recovery key set for the volume. Keychain Access doesn’t have anything that I could find. How do I unlock this volume?

    Read the article

  • SonicOS Enhanced 5.8.1.2 L2TP VPN Authentication Failed

    - by Dean A. Vassallo
    I have a SonicWall TZ 215 running SonicOS Enhanced 5.8.1.2-6o. I have configured the L2TP VPN using the default crypto suite ESP: 3DES/HMAC SHA1 (IKE). Proposals are as such: IKE (Phase 1) Proposal DH Group: Group 2 Encryption: 3DES Authentication: SHA1 Life Time (seconds): 28800 Ipsec (Phase 2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 Enable Perfect Forward Secrecy DISABLED Life Time (seconds): 28800 When attempting to connect via my Mac OS X client I get an authentication error. It appears to pass the pre-authentication but fails to complete. I am at a complete loss. I reconfigured from scratch multiple times...used simple usernames and passwords to verify this wasn't a miskeyed password issue. I have Here are the logs (noted IP has been removed for privacy): 7/1/13 8:19:05.174 PM pppd[1268]: setup_security_context server port: 0x1503 7/1/13 8:19:05.190 PM pppd[1268]: publish_entry SCDSet() failed: Success! 7/1/13 8:19:05.191 PM pppd[1268]: publish_entry SCDSet() failed: Success! 7/1/13 8:19:05.191 PM pppd[1268]: pppd 2.4.2 (Apple version 727.1.1) started by dean, uid 501 7/1/13 8:19:05.192 PM pppd[1268]: L2TP connecting to server ‘0.0.0.0’ (0.0.0.0)... 7/1/13 8:19:05.193 PM pppd[1268]: IPSec connection started 7/1/13 8:19:05.208 PM racoon[1269]: accepted connection on vpn control socket. 7/1/13 8:19:05.209 PM racoon[1269]: Connecting. 7/1/13 8:19:05.209 PM racoon[1269]: IPSec Phase 1 started (Initiated by me). 7/1/13 8:19:05.209 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 1). 7/1/13 8:19:05.209 PM racoon[1269]: >>>>> phase change status = Phase 1 started by us 7/1/13 8:19:05.231 PM racoon[1269]: >>>>> phase change status = Phase 1 started by peer 7/1/13 8:19:05.231 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 2). 7/1/13 8:19:05.234 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 3). 7/1/13 8:19:05.293 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 4). 7/1/13 8:19:05.295 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 5). 7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 AUTH: success. (Initiator, Main-Mode Message 6). 7/1/13 8:19:05.315 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 6). 7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 Initiator: success. (Initiator, Main-Mode). 7/1/13 8:19:05.315 PM racoon[1269]: IPSec Phase 1 established (Initiated by me). 7/1/13 8:19:06.307 PM racoon[1269]: IPSec Phase 2 started (Initiated by me). 7/1/13 8:19:06.307 PM racoon[1269]: >>>>> phase change status = Phase 2 started 7/1/13 8:19:06.308 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). 7/1/13 8:19:06.332 PM racoon[1269]: attribute has been modified. 7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). 7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). 7/1/13 8:19:06.333 PM racoon[1269]: IKEv1 Phase 2 Initiator: success. (Initiator, Quick-Mode). 7/1/13 8:19:06.333 PM racoon[1269]: IPSec Phase 2 established (Initiated by me). 7/1/13 8:19:06.333 PM racoon[1269]: >>>>> phase change status = Phase 2 established 7/1/13 8:19:06.333 PM pppd[1268]: IPSec connection established 7/1/13 8:19:07.145 PM pppd[1268]: L2TP connection established. 7/1/13 8:19:07.000 PM kernel[0]: ppp0: is now delegating en0 (type 0x6, family 2, sub-family 3) 7/1/13 8:19:07.146 PM pppd[1268]: Connect: ppp0 <--> socket[34:18] 7/1/13 8:19:08.709 PM pppd[1268]: MS-CHAPv2 mutual authentication failed. 7/1/13 8:19:08.710 PM pppd[1268]: Connection terminated. 7/1/13 8:19:08.710 PM pppd[1268]: L2TP disconnecting... 7/1/13 8:19:08.711 PM pppd[1268]: L2TP disconnected 7/1/13 8:19:08.711 PM racoon[1269]: IPSec disconnecting from server 0.0.0.0 7/1/13 8:19:08.711 PM racoon[1269]: IKE Packet: transmit success. (Information message). 7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA). 7/1/13 8:19:08.712 PM racoon[1269]: IKE Packet: transmit success. (Information message). 7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA). 7/1/13 8:19:08.713 PM racoon[1269]: glob found no matches for path "/var/run/racoon/*.conf" 7/1/13 8:19:08.714 PM racoon[1269]: pfkey DELETE failed: No such file or directory

    Read the article

  • TP-Link TL-WA701N not working good as wireless extender

    - by djechelon
    I bought the device in subject to extend the range of my WPA2/PSK-protected wifi network powered by a TP-Link TL-WR340G device (AP+router). I configured it as follows: Operation mode: Universal Repeater MAC of AP: scanned my SSID and got it Channel width: 20MHz Security options: the same as the parent AP (WPA2/PSK with AES encryption) After configuration inSSIDer shows me two APs beaconing the same SSID at different SNRs (because I was with my laptop close to the extender). After a few hours my tablet, far from the parent AP, stopped working. I found that the scan reported two networks with the same SSID: one WPA-protected and one free at all. This happened very frequently. Rebooting the extender by unplugging it worked but this doesn't last long. Sometimes the extender stops transmitting at all, sometimes it beacons an open network to which nobody can connect (because there is no DHCP). What's wrong with my configuration?

    Read the article

  • AXway/tumbleweed EMF in exchange 2007

    - by Buckwheat
    Looking for someone who has implemented an axway EMF recently. I'm about to implement an axway SM product for company wide email encryption. I current have an edge transport server and an exchange 2007 server. I want to route email like the follow: the edge picks up internet email to exchange and all out going email will go out the axway. I have two things to figure out: do I only have to build a new send connector on exchange to point to a smarthost (axway) and disable the send connector going to the transport edge server? and two The axway server has to route notifcations to people. Am I looking into something like this? http://msexchangeteam.com/archive/2006/12/28/432013.aspx

    Read the article

  • Windows XP computer can't see Windows 7 shares

    - by Alex Brault
    I am building a network containing notably a laptop running XP and a computer running Windows 7. Both computer have shared folders and the 7 has a shared printer, to which another laptop running 7 is able to print. If I attempt to see the laptop's network shares on the PC, everything works perfectly: I am able to see and enter the folders. The reverse operation however doesn't work. Xp doesn't see the Windows 7 PC. Other things to note: As mentioned above, another Windows 7 computer is able to see the printer and I can ping both computers from either PC. Both computers are in the same workgroup named ALLAITEMENT Password-protected shares are turned off on the PC. The 7 Computer uses 40/56 bit encryption The Windows XP laptop has SP3

    Read the article

  • Duplicity not writing to a pre-existing S3 bucket

    - by Saurabh Nanda
    I'm trying to backup a directory to a pre-existing Amazon S3 bucket using the following command: duplicity --no-encryption system/ s3+http://MY_BUCKET_NAME/backup However, I'm getting the following error consistently: S3CreateError: S3CreateError: 409 Conflict <?xml version="1.0" encoding="UTF-8"?> <Error><Code>BucketAlreadyOwnedByYou</Code><Message>Your previous request to create the named bucket succeeded and you already own it.</Message><BucketName>vacationlabs</BucketName><RequestId>3C1B8C49469E3374</RequestId><HostId>4dU1TKf3Td6R0yvG9MaLKCYvQfwaCpdM8FUcv53aIOh0LeJ6wtVHHduPSTqjDwt0</HostId></Error> The S3 bucket is empty and does NOT have the backup directory The bucket is in Singapore region

    Read the article

  • IIS requesting certificates even though set to ignore

    - by lupefiasco
    I have a web site in IIS 6 with directory security set to Require secure channel (SSL) and Require 128-bit encryption. Also, the Client certificates setting is set to "Ignore client certificates". When I hit https://servername/resource in Internet Explorer and Chrome , I am prompted for a certificate. I can cancel the prompt, and the resource will load, but I don't want to see this prompt at all. I looked at the virtual directories and resources within the web site, and they all have the ignore client certificates setting on. Could there be another setting, perhaps in the metbase, that is overriding the web site's directory security settings?

    Read the article

  • Active Directory Password Policy Problem

    - by Will
    To Clarify: my question is why isn't my password policy applying to people in the domain. Hey guys, having trouble with our password policy in Active Directory. Sometimes it just helps me to type out what I’m seeing It appears to not be applying properly across the board. I am new to this environment and AD in general but I think I have a general grasp of what should be going on. It’s a pretty simple AD setup without too many Group Policies being applied. It looks something like this DOMAIN Default Domain Policy (link enabled) Password Policy (link enabled and enforce) Personal OU Force Password Change (completely empty nothing in this GPO) IT OU Lockout Policy (link enabled and enforced) CS OU Lockout Policy Accouting OU Lockout Policy The password policy and default domain policy both define the same things under Computer ConfigWindows seetings sec settings Account Policies / Password Policy Enforce password History : 24 passwords remembered Maximum Password age : 180 days Min password age: 14 days Minimum Password Length: 6 characters Password must meet complexity requirements: Enabled Store Passwords using reversible encryption: Disabled Account Policies / Account Lockout Policy Account Lockout Duration 10080 Minutes Account Lockout Threshold: 5 invalid login attempts Reset Account Lockout Counter after : 30 minutes IT lockout This just sets the screen saver settings to lock computers when the user is Idle. After running Group Policy modeling it seems like the password policy and default domain policy is getting applied to everyone. Here is the results of group policy modeling on MO-BLANCKM using the mblanck account, as you can see the policies are both being applied , with nothing important being denied Group Policy Results NCLGS\mblanck on NCLGS\MO-BLANCKM Data collected on: 12/29/2010 11:29:44 AM Summary Computer Configuration Summary General Computer name NCLGS\MO-BLANCKM Domain NCLGS.local Site Default-First-Site-Name Last time Group Policy was processed 12/29/2010 10:17:58 AM Group Policy Objects Applied GPOs Name Link Location Revision Default Domain Policy NCLGS.local AD (15), Sysvol (15) WSUS-52010 NCLGS.local/WSUS/Clients AD (54), Sysvol (54) Password Policy NCLGS.local AD (58), Sysvol (58) Denied GPOs Name Link Location Reason Denied Local Group Policy Local Empty Security Group Membership when Group Policy was applied BUILTIN\Administrators Everyone S-1-5-21-507921405-1326574676-682003330-1003 BUILTIN\Users NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users NCLGS\MO-BLANCKM$ NCLGS\Admin-ComputerAccounts-GP NCLGS\Domain Computers WMI Filters Name Value Reference GPO(s) None Component Status Component Name Status Last Process Time Group Policy Infrastructure Success 12/29/2010 10:17:59 AM EFS recovery Success (no data) 10/28/2010 9:10:34 AM Registry Success 10/28/2010 9:10:32 AM Security Success 10/28/2010 9:10:34 AM User Configuration Summary General User name NCLGS\mblanck Domain NCLGS.local Last time Group Policy was processed 12/29/2010 11:28:56 AM Group Policy Objects Applied GPOs Name Link Location Revision Default Domain Policy NCLGS.local AD (7), Sysvol (7) IT-Lockout NCLGS.local/Personal/CS AD (11), Sysvol (11) Password Policy NCLGS.local AD (5), Sysvol (5) Denied GPOs Name Link Location Reason Denied Local Group Policy Local Empty Force Password Change NCLGS.local/Personal Empty Security Group Membership when Group Policy was applied NCLGS\Domain Users Everyone BUILTIN\Administrators BUILTIN\Users NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users LOCAL NCLGS\MissingSkidEmail NCLGS\Customer_Service NCLGS\Email_Archive NCLGS\Job Ticket Users NCLGS\Office Staff NCLGS\CUSTOMER SERVI-1 NCLGS\Prestige_Jobs_Email NCLGS\Telecommuters NCLGS\Everyone - NCL WMI Filters Name Value Reference GPO(s) None Component Status Component Name Status Last Process Time Group Policy Infrastructure Success 12/29/2010 11:28:56 AM Registry Success 12/20/2010 12:05:51 PM Scripts Success 10/13/2010 10:38:40 AM Computer Configuration Windows Settings Security Settings Account Policies/Password Policy Policy Setting Winning GPO Enforce password history 24 passwords remembered Password Policy Maximum password age 180 days Password Policy Minimum password age 14 days Password Policy Minimum password length 6 characters Password Policy Password must meet complexity requirements Enabled Password Policy Store passwords using reversible encryption Disabled Password Policy Account Policies/Account Lockout Policy Policy Setting Winning GPO Account lockout duration 10080 minutes Password Policy Account lockout threshold 5 invalid logon attempts Password Policy Reset account lockout counter after 30 minutes Password Policy Local Policies/Security Options Network Security Policy Setting Winning GPO Network security: Force logoff when logon hours expire Enabled Default Domain Policy Public Key Policies/Autoenrollment Settings Policy Setting Winning GPO Enroll certificates automatically Enabled [Default setting] Renew expired certificates, update pending certificates, and remove revoked certificates Disabled Update certificates that use certificate templates Disabled Public Key Policies/Encrypting File System Properties Winning GPO [Default setting] Policy Setting Allow users to encrypt files using Encrypting File System (EFS) Enabled Certificates Issued To Issued By Expiration Date Intended Purposes Winning GPO SBurns SBurns 12/13/2007 5:24:30 PM File Recovery Default Domain Policy For additional information about individual settings, launch Group Policy Object Editor. Public Key Policies/Trusted Root Certification Authorities Properties Winning GPO [Default setting] Policy Setting Allow users to select new root certification authorities (CAs) to trust Enabled Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only Administrative Templates Windows Components/Windows Update Policy Setting Winning GPO Allow Automatic Updates immediate installation Enabled WSUS-52010 Allow non-administrators to receive update notifications Enabled WSUS-52010 Automatic Updates detection frequency Enabled WSUS-52010 Check for updates at the following interval (hours): 1 Policy Setting Winning GPO Configure Automatic Updates Enabled WSUS-52010 Configure automatic updating: 4 - Auto download and schedule the install The following settings are only required and applicable if 4 is selected. Scheduled install day: 0 - Every day Scheduled install time: 03:00 Policy Setting Winning GPO No auto-restart with logged on users for scheduled automatic updates installations Disabled WSUS-52010 Re-prompt for restart with scheduled installations Enabled WSUS-52010 Wait the following period before prompting again with a scheduled restart (minutes): 30 Policy Setting Winning GPO Reschedule Automatic Updates scheduled installations Enabled WSUS-52010 Wait after system startup (minutes): 1 Policy Setting Winning GPO Specify intranet Microsoft update service location Enabled WSUS-52010 Set the intranet update service for detecting updates: http://lavender Set the intranet statistics server: http://lavender (example: http://IntranetUpd01) User Configuration Administrative Templates Control Panel/Display Policy Setting Winning GPO Hide Screen Saver tab Enabled IT-Lockout Password protect the screen saver Enabled IT-Lockout Screen Saver Enabled IT-Lockout Screen Saver executable name Enabled IT-Lockout Screen Saver executable name sstext3d.scr Policy Setting Winning GPO Screen Saver timeout Enabled IT-Lockout Number of seconds to wait to enable the Screen Saver Seconds: 1800 System/Power Management Policy Setting Winning GPO Prompt for password on resume from hibernate / suspend Enabled IT-Lockout

    Read the article

  • Pidgin not working with Gtalk

    - by Selvakumar Ponnusamy
    I have downloaded latest Pidgin(version 2.10.6) for Windows and tried to gtalk account to it. It shows "not authorized" error. I have tried many options given in the net and its not working for me, Below are the values I have given, Basic Tab: Protocal: XMPP Username: <my username> Domain: gmail.com Password: <My Password> and enabled Remember password check box Advanced Tab: Connection security: Require Encryption (Default) Unhecked "Allow plaintext auth over unencrypted streams" (Default) Connection Port: 5222 (Default) Connect server: talk.google.com File Transfer proxies: proxy.eu.jabber.org (default) BOSH URL: <Empty> (default) I enabled two step verification process for my gmail account, So I created application specific password and given here. But Its not working. Please help me what could be the problem and how to resolve it?

    Read the article

  • Best MTA setup for home or laptop computers - not server

    - by thomasrutter
    Hello, What is a good MTA (e.g. Postfix or something else) setup for a home computer behind a NAT, or a laptop that connects to various different wifi networks? I've read a lot of Postfix tutorials on how to set it up this way or that, but they are usually geared towards computers that are servers ie they have a static IP have a domain name are always connected to the same network My requirements are, I guess: Ability to forward mail for "root" to another server of my choosing. No listening for incoming SMTP connections - outgoing only Ability to route outgoing mail via an external SMTP server with authentication (and perhaps encryption) If not Postfix, I need an MTA which can queue up mails in case it temporarily has no internet connection.

    Read the article

  • Windows 7 won't read from NAS on LAN

    - by Alfy
    I've got a Linkstation NAS drive on a local network. Having just got a new laptop with Windows 7 Home Professional, I can no longer read anything of the drive. I've tried accessing the drive using \192.168.1.55\share, using ftp programs such as WinSCP, filezilla and even using firefox to hit ftp://192.168.1.55. The really annoying thing is that through these methods I can see the files on the drive, counting out any kind of connection issues. I can navigate through the NAS file system, but as soon as I try and copy a file off the NAS, things just stop working. Accessing the drive through a Windows XP machine works fine. So far I've tried: Disabling firewalls Adding the LmCompatibilityLevel key to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Using the 40 - 56 bit encryption instead of the 128 bit. Has anyone got any suggestions of what I can check or try? This is driving me crazy and I'm totally out of ideas?

    Read the article

  • 1Tb disk formatted on Linux won't mount on windows nor mac

    - by Pedro MC
    I have an external HD (western digital) with 1Tb. I use Linux but I wanted to reserve a cross platform partition on the disk. I decided to create two partitions and used the "disks" application to do it. I created one partition with the LUKS (version 1) encryption and the other one, cross platform, in NTFS filesystem. Things work fine on my OS but when I try to use the disk (the cross platform partition) on both windows and mac the device is not recognized. What could it be? Next, output of "sfdisk -l /dev/sdb": Disk /dev/sdb: 121600 cylinders, 255 heads, 63 sectors/track Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0 Device Boot Start End #cyls #blocks Id System /dev/sdb1 0+ 36473- 36473- 292968750 83 Linux /dev/sdb2 36473+ 121600- 85128- 683789062+ 83 Linux /dev/sdb3 0 - 0 0 0 Empty /dev/sdb4 0 - 0 0 0 Empty

    Read the article

  • What is a good and safe way of sharing certificates?

    - by Kaustubh P
    I have a few certificates, that are used as authentication, to ssh into my servers on the Amazon cloud. I rotate those certificates weekly, manually. My question is, I need to share the certificates with some colleagues, a few on the LAN, and a few in another part of the country. What is the best practice to share the certificate? My initial thoughts were Dropbox and email. We dont host dedicated email servers with encryption and all, and dont have a VPN. Thanks.

    Read the article

  • Connect iPad to windows 7 VPN

    - by Linuz
    My iPad keeps spitting out the error: "A connection could not be established to the PPP server." I am trying to connect it to a VPN I set up with Windows 7 as an incoming connection. On the iPad, I went into the VPN settings, added a new PPTP VPN with the following information Server: Windows 7 Computer's IP RSA SecurID: OFF Account: Account Username Password: Account Password Encryption Level: Auto Send All Traffic: ON Proxy: Off Now I know that it is making some connection to the Windows 7 Computer because whenever I intentionally put in the wrong VPN password on the iPad, it makes me put in the correct one before trying to connect again. All the ports are forwarded on my router for PPTP, and my Windows 7 Firewall is even off to try to get this to work. Any help would be greatly appreciated, thanks.

    Read the article

  • HP Compaq T20 Thin Clients & Windows Server 2008 R2: RDP Disconnects instantly.

    - by sinni800
    Hello, I have some HP Compaq T20 Thin Clients connecting to a Windows Server 2003. Now I want to upgrade to 2008 R2, so I tested a trial installation with remote desktop in administration mode. So I try to connect my T20 to the server and... It doesn't matter if I turn off encryption or not it disconnects with an generic error instantly. The T20s have Windows CE embedded with RDP 5.2 installed. Out of curiosity I tried Windows Server 2008 (no R2) and it worked! I tried the same with a Windows 7 machine set up with- no work. I can not update the T20s to Windows NT embedded for example because they only have a low amount of flash memory. It seems the "new" version of RDP coming from Windows 7 / Windows Server 2008 R2 is completely incompatible with the older 5.2 version. People are having the same problem here: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/700488cd-a872-47e5-85a7-595f050afc10

    Read the article

  • NetApp erroring with: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

    - by Sobrique
    Since a sitewide upgrade to Windows 7 on desktop, I've started having a problem with virus checking. Specifically - when doing a rename operation on a (filer hosted) CIFS share. The virus checker seems to be triggering a set of messages on the filer: [filerB: auth.trace.authenticateUser.loginTraceIP:info]: AUTH: Login attempt by user server-wk8-r2$ of domain MYDOMAIN from client machine 10.1.1.20 (server-wk8-r2). [filerB: auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- attempting authentication with domain controller \\MYDC. [filerB: auth.trace.authenticateUser.loginRejected:info]: AUTH: Login attempt by user rejected by the domain controller with error 0xc0000199: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. [filerB: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: Delaying the response by 5 seconds due to continuous failed login attempts by user server-wk8-r2$ of domain MYDOMAIN from client machine 10.1.1.20. This seems to specifically trigger on a rename so what we think is going on is the virus checker is seeing a 'new' file, and trying to do an on-access scan. The virus checker - previously running as LocalSystem and thus sending null as it's authentication request is now looking rather like a DOS attack, and causing the filer to temporarily black list. This 5s lock out each 'access attempt' is a minor nuisance most of the time, and really quite significant for some operations - e.g. large file transfers, where every file takes 5s Having done some digging, this seems to be related to NLTM authentication: Symptoms Error message: System error 1808 has occurred. The account used is a computer account. Use your global user account or local user account to access this server. A packet trace of the failure will show the error as: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (0xC0000199) Cause Microsoft has changed the functionality of how a Local System account identifies itself during NTLM authentication. This only impacts NTLM authentication. It does not impact Kerberos Authentication. Solution On the host, please set the following group policy entry and reboot the host. Network Security: Allow Local System to use computer identity for NTLM: Disabled Defining this group policy makes Windows Server 2008 R2 and Windows 7 function like Windows Server 2008 SP1. So we've now got a couple of workaround which aren't particularly nice - one is to change this security option. One is to disable virus checking, or otherwise exempt part of the infrastructure. And here's where I come to my request for assistance from ServerFault - what is the best way forwards? I lack Windows experience to be sure of what I'm seeing. I'm not entirely sure why NTLM is part of this picture in the first place - I thought we were using Kerberos authentication. I'm not sure how to start diagnosing or troubleshooting this. (We are going cross domain - workstation machine accounts are in a separate AD and DNS domain to my filer. Normal user authentication works fine however.) And failing that, can anyone suggest other lines of enquiry? I'd like to avoid a site wide security option change, or if I do go that way I'll need to be able to supply detailed reasoning. Likewise - disabling virus checking works as a short term workaround, and applying exclusions may help... but I'd rather not, and don't think that solves the underlying problem. EDIT: Filers in AD ldap have SPNs for: nfs/host.fully.qualified.domain nfs/host HOST/host.fully.qualified.domain HOST/host (Sorry, have to obfuscate those). Could it be that without a 'cifs/host.fully.qualified.domain' it's not going to work? (or some other SPN? ) Edit: As part of the searching I've been doing I've found: http://itwanderer.wordpress.com/2011/04/14/tread-lightly-kerberos-encryption-types/ Which suggests that several encryption types were disabled by default in Win7/2008R2. This might be pertinent, as we've definitely had a similar problem with Keberized NFSv4. There is a hidden option which may help some future Keberos users: options nfs.rpcsec.trace on (This hasn't given me anything yet though, so may just be NFS specific). Edit: Further digging has me tracking it back to cross domain authentication. It looks like my Windows 7 workstation (in one domain) is not getting Kerberos tickets for the other domain, in which my NetApp filer is CIFS joined. I've done this separately against a standalone server (Win2003 and Win2008) and didn't get Kerberos tickets for those either. Which means I think Kerberos might be broken, but I've no idea how to troubleshoot further. Edit: A further update: It looks like this may be down Kerberos tickets not being issued cross domain. This then triggers NTLM fallback, which then runs into this problem (since Windows 7). First port of call will be to investigate the Kerberos side of things, but in neither case do we have anything pointing at the Filer being the root cause. As such - as the storage engineer - it's out of my hands. However, if anyone can point me in the direction of troubleshooting Kerberos spanning two Windows AD domains (Kerberos Realms) then that would be appreciated. Options we're going to be considering for resolution: Amend policy option on all workstations via GPO (as above). Talking to AV vendor about the rename triggering scanning. Talking to AV vendor regarding running AV as service account. investigating Kerberos authentication (why it's not working, whether it should be).

    Read the article

  • Hiding a file or data from being accessed unless on scheduled days [closed]

    - by gkt.pro
    Possible Duplicate: restricting access to volumes disk even for admin account windows How to restrict use of a computer? I want to limit my access to some data and what I want is that I should be able to access the data only on certain days of the month (e.g., every 3rd day). Is there any way like encryption or some utility to allow me to only access data on specific days? One idea that I was thinking of was to encrypt the data and store the password (will be complex and long so that I couldn't remember it right away) on some website which would then email me back the password in future on those specific days.

    Read the article

  • securing source code with bitlocker

    - by Daniel Powell
    We need to deploy a web based application at a client site where it will be within their local intranet. Part of our requirement is to provide some basic security to protect our IP. I realise that nothings a 100% guaranteed fix but we are just looking to make it a bit harder for most people. The server will be running server 2008 and I was considering using bitlocker as a cheap and nasty way to protect it. From what I understand assuming the mobo supports it we can use the Transparent bitlocker mode and this means that moving the hdd to another pc will mean the hdd will be unreadable in that machine baring some sort of cold boot attack to steal the encryption keys. Is this assumption correct and in the case that the motherboard or any other component fails in the pc and we need to replace it do we lose access to our data or is there a way to unencrypt it (obviously accessible to only our company) EDIT: we do have legal documents that cover this and we will be locking the pc physically and the client will not have access to the pc (windows login) other than via the website we host on it

    Read the article

  • Filemaker 10 Advanced sending email via script & SMTP

    - by Sean
    We are using a windows server box to run the databases but we have found via the headers that the emails are send from the local workstation. We have moved to a new email system and have set up a local linux server to securely send email out of our network to devices that do not support new protocols and encryption. But once we set up the script in filemaker 10 advanced (the local machine os x) we set it to the ip of our local box with no authentication but it does not send out an email. It creates a connection we see in the logs on the linux box but nothing more, additionally you can start a telnet connection with no issues. We have also made sure that there are no additional issue that we can see in our firewall policies. Any ideas where we should start? Does Filemaker 10 advanced log errors anywhere because I could not find any log files.

    Read the article

  • Windows 7 won't read from NAS on LAN

    - by Alfy
    I've got a Linkstation NAS drive on a local network. Having just got a new laptop with Windows 7 Home Professional, I can no longer read anything of the drive. I've tried accessing the drive using \192.168.1.55\share, using ftp programs such as WinSCP, filezilla and even using firefox to hit ftp://192.168.1.55. The really annoying thing is that through these methods I can see the files on the drive, counting out any kind of connection issues. I can navigate through the NAS file system, but as soon as I try and copy a file off the NAS, things just stop working. Accessing the drive through a WindowsXP machine works fine. So far I've tried: Disabling firewalls Adding the LmCompatibilityLevel key to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Using the 40 - 56 bit encryption instead of the 128 bit. Has anyone got any suggestions of what I can check or try. This is driving me crazy and I'm totally out of ideas? Thanks

    Read the article

  • WEP authentication suddenly failing in Ubuntu

    - by kellishaver
    I'm running Ubuntu 9.10 and after a recent reboot, I'm now unable to authenticate to wireless networks using WEP encryption. I can connect fine to open networks (no idea about WPA). When trying to connect via WEP, I'm continually prompted for the network key, which I know I have entered correctly (and should have been/is saved in my keyring anyway). Everything had been working fine until the reboot. No updates had been installed or configuration changes made. Hardware-wise, everything looks fine (http://pastebin.org/113777), and the fact that connecting to an open network works just fine leads me to think this is a software issue. I just don't know where to begin fixing it. Any insights would be greatly appreciated.

    Read the article

  • Sharing files from Ubuntu to Mac

    - by seengee
    Hi, Running Ubuntu 10.04 in one office and we want a couple of Mac's in another office to be able to connect to shares on this computer. Want a fairly simple solution to this if one exists. Started looking at setting up a VPN using PPTP but it seems quite complicated. Also seen mention of VNC but this seems more related to sharing desktops and all i want to do is share a directory. Could i just install open SSH and have the Mac users mount a share over SSH using public/private key encryption?

    Read the article

  • How secure is Remote Desktop from Mac OS X to Windows Server 2003?

    - by dwhsix
    It's unclear to me exactly how secure Remote Desktop access from Mac OS X to a Windows Server 2003 machine is. Is the communication encrypted by default? What level of encryption? Are there best practices for making this as secure as possible? I found http://www.mobydisk.com/techres/securing_remote_desktop.html but it's unclear how much of that is still relevant for current versions of RDP and Windows Server. I know I can tunnel RDP over ssh, but is that overkill or redundant?

    Read the article

  • What is the best MTA setup for a home/laptop computer (*not* server)?

    - by thomasrutter
    Hello, What is a good MTA (e.g. Postfix or something else) setup for a home computer behind a NAT, or a laptop that is not always online? I've read a lot of Postfix tutorials on how to set it up this way or that, but they are usually geared towards computers that are servers ie they have a static IP have a domain name are always connected to the same network My requirements are, I guess: Ability to redirect mail for local users to another server of my choosing. No listening for incoming SMTP connections - outgoing only Ability to route outgoing mail via an external SMTP server with authentication (and perhaps encryption) If not Postfix, I need an MTA which can queue up mails in case it temporarily has no internet connection.

    Read the article

  • How safe is locking the screen?

    - by D Connors
    So, both windows and linux have a pretty useful feature that allows you to leave everything running on the PC while also keeping invaders away by locking the screen. My question is: Say I leave my laptop with the screen locked while I go get a donnut, and then it gets stolen. Assuming the thief has access to whatever software he needs, how easy/hard would it be for him to access my (currently logged-in) account? Now let me be clear. I'm not asking if he can access the data on the harddrive. I know he can, and that issue would go under data encryption, which is not my question here. I'm focusing on how hard would it be to get around the "Insert Password" screen, and have full access to my account. I'm looking for answers regarding both OS's; but, if needed, assume Ubuntu. Thank you.

    Read the article

< Previous Page | 57 58 59 60 61 62 63 64 65 66 67 68  | Next Page >