Friday, 2012-11-09

*** nowen has quit (Quit: Leaving.)		00:03
*** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid		12:45
*** MarkH (540c8c38@gateway/web/freenode/ip.84.12.140.56) has joined #wikid		15:51
MarkH	Nick?	15:52
nowen	hi	15:52
MarkH	Hi. Our Wikid system has stopped working. lots of errors to do with Invalid Certificate after I restarted after adding a new Network Client	15:53
nowen	what company do you work for again?	15:54
MarkH	Soft Option Technologies Ltd	15:54
MarkH	Renamed now to MJog Limited (same co - different name). www.mjog.com	15:54
*** _markh_ (~chatzilla@wish-hq3.gotadsl.co.uk) has joined #wikid		15:57
_markh_	@nowen. Got bounced .. back again. Did you get my last?	15:57
nowen	yes	15:57
_markh_	OK. Crap network link today. Logging says "Couldn't validate the client certificate. Verify the validity and dates of the client cert."	15:58
nowen	can I get you to pay your invoice?	15:58
_markh_	What invoice?	15:58
nowen	I just resent it	15:58
_markh_	:)	15:58
_markh_	Never got the original... I'm trying to pay it now. The software should warn before it just quits tho.	16:01
nowen	working on it	16:01
nowen	you just need to recreate your certs	16:01
nowen	are you only using radius?	16:02
_markh_	not only radius. Some wAuth	16:02
nowen	hmm, those will need to be recreated - new p12 files	16:02
_markh_	but it's none opf the hosts are working now...	16:04
_markh_	I can't get your shopping catrt to work. Can't update the quantity of a line nor delte anything...	16:04
nowen	aghh	16:05
nowen	how many licenses are you?	16:05
_markh_	10 users	16:05
_markh_	some how I have qty 3 of 10user/iyear licences	16:06
_markh_	1 year	16:06
nowen	frack. can you pop into a new browser? http://www.wikidsystems.com/simplecartitem/10-seat-1-year-license	16:06
nowen	that is odd	16:07
nowen	why would that suddenly stop working?	16:07
_markh_	OK Paid - via mark.howells@mjog.com	16:11
nowen	thanks	16:11
_markh_	I added a new Network client	16:11
nowen	http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid	16:12
_markh_	and restarted the wikid server. The new client doesn't appear in iptables -L either	16:12
nowen	check both your certs to see if they are expired	16:12
_markh_	sorry - BRB	16:19
*** MarkH has quit (Quit: Page closed)		16:19
_markh_	keytool error: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded	16:21
nowen	run 'locate java.security'	16:22
nowen	two should come up	16:22
nowen	run diff on the two and let me know if there is a difference in the files	16:23
_markh_	sorry. let me try again	16:24
_markh_	the first "keytool -list -v -keystore /opt/WiKID/private/intCAKeys.p12 -storetype pkcs12" show expired Jan 23 2012	16:24
nowen	ok - I recommend you recreate the intermediate CA from the WiKIDAdmin	16:25
nowen	you can rm them from /opt/WiKID/private if you like too	16:25
_markh_	done. Server restart?	16:33
nowen	yes	16:33
nowen	then check radius clients.	16:34
nowen	do your wauth clients use localhost.p12?	16:34
_markh_	the old radius NC's now work - phew!	16:38
nowen	;)	16:38
_markh_	the new one I added doesn't.	16:38
nowen	hmm	16:38
nowen	is there an error message in the logs?	16:38
_markh_	iptables -L doesn't show the NC ip address	16:38
nowen	hmm.	16:39
nowen	perhaps modify it and then restart? you don't need to change anything	16:39
_markh_	well, I deleted it, added it again and restarted the wikid server - still not presetn in iptables -L	16:44
nowen	when you restart, are you using 'wikidctl restart'? if so, can you try stop/start?	16:45
nowen	you can also run 'killall -9 java' after stop	16:46
_markh_	no improvement. loads of errors in the log	16:53
_markh_	Error loading WebappClassLoader delegate: false repositories: /WEB-INF/classes/ ----------> Parent Classloader: org.apache.catalina.loader.StandardClassLoader@11db6bb pgPool	16:54
nowen	is a little bomb icon next to the error? click it for the full trace	16:54
nowen	are you in replication?	16:54
_markh_	java.lang.ClassNotFoundException: pgPool	16:55
_markh_	no replication	16:55
nowen	what version of WiKID is this>	16:56
nowen	?	16:56
_markh_	wikid-server-enterprise-3.4.87-b1171	16:57
nowen	might be that upgrading will clear that error.	16:58
nowen	is this a vmware image?	16:58
_markh_	yes	16:58
nowen	do you have a backup image?	16:59
_markh_	nope	17:00
nowen	http://wikidsystems-dl.com/wikid-server-enterprise-3.4.87.b1216-1.noarch.rpm	17:00
nowen	well	17:00
nowen	I guess take one now?	17:00
_markh_	Sorry, there was an error while checking for updates.	17:00
_markh_	Error: /opt/WiKID/sbin/check_for_updates.pl returned exit value 9. (Instead of the expected value 0.)	17:00
nowen	just run 'wget http://wikidsystems-dl.com/wikid-server-enterprise-3.4.87.b1216-1.noarch.rpm;	17:01
nowen	I mean 'wget http://wikidsystems-dl.com/wikid-server-enterprise-3.4.87.b1216-1.noarch.rpm'	17:01
nowen	and then rpm -UVh wikid-server-enterprise-3.4.87.b1216-1.noarch.rpm	17:01
_markh_	--upgrade: unknown option	17:04
_markh_	I'm not familiar with rpm - we use ubuntu	17:04
nowen	just 'rpm -Uvh wikid-server-enterprise-3.4.87.b1216-1.noarch.rpm'	17:05
nowen	will do it	17:05
_markh_	OK, so it said "Preparing... 1:wikid-server-enterprise########################################### [100%]", then stopped the services. Shall I start them?	17:07
nowen	yes	17:07
_markh_	same error	17:09
_markh_	:(	17:09
_markh_	hold on...	17:09
_markh_	first error appears to be "IOException while saving persisted sessions: java.io.FileNotFoundException: /opt/WiKID/tomcat/work/Catalina/localhost/wikid/SESSIONS.ser (No such file or directory)"	17:12
nowen	you can ignore that one	17:12
_markh_	then the first error on restart is "Error loading WebappClassLoader delegate: false repositories: /WEB-INF/classes/ ----------> Parent Classloader: org.apache.catalina.loader.StandardClassLoader@11db6bb pgPoo"	17:13
_markh_	as before ...	17:13
_markh_	I have 13 radius NC's all was well whemn there were 12...	17:14
nowen	ok 'cd /opt/WiKID/tomcat/webapps/WiKIDAdmin'	17:15
nowen	and then 'grep -r pgPool .'	17:15
nowen	it should return	17:15
nowen	./WEB-INF/web.xml: <!--<servlet-name>pgPool</servlet-name>-->	17:15
nowen	./WEB-INF/web.xml: <!--<servlet-class>pgPool</servlet-class>-->	17:15
nowen	does it?	17:15
_markh_	yes	17:16
nowen	ok	17:16
nowen	stop the server	17:16
nowen	and 'cd /opt/WiKID/tomcat/work'	17:16
nowen	and them 'rm -Rf *' in that directory	17:16
nowen	then start the server	17:16
_markh_	same error....	17:21
nowen	and does the 13th radius client still not work?	17:22
nowen	is the date correct on the server?	17:22
_markh_	client fails.	17:23
_markh_	Date is correct.	17:23
_markh_	I was mistaken about iptables -L tho. It is (and always was) listed	17:23
nowen	you created a new localhost cert, right?	17:23
_markh_	yes	17:23
nowen	ok	17:23
nowen	that's interesting	17:23
nowen	set radius logging to debug: http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests	17:24
nowen	perhaps it is something else	17:24
_markh_	it a new dedicated server and the reverse pointer appears to point to the old owners so I didn;t recognose it	17:25
_markh_	no requests hittin wikid from that host. I can see other requests	17:32
nowen	run 'tcpdump port radius' on the WiKID terminal to see if they are hitting the server	17:32
nowen	double check the IP address	17:33
_markh_	Looks like the reverse pointer might be the problem. The rev lookup on the address gives the old owners domain. A forward lookup on that gives a different IP. I guess iptables is throwing it out	17:39
nowen	seems likely	17:41
_markh_	still getting that error on starup tho. Leave it with me and I'll beat up our ISP and see if I get the DNS sorted properly whether that helps.	17:42
nowen	not sure why that error is hanging around. but, if the other network clients are working and the one isn't, I don't think the error is the issue	17:43
_markh_	I agree. I'll the the IP records fixed, and try again. Leave it with me till next week. Cheers, Mark	17:47
nowen	cheers	17:48
_markh_	And thanks ...	17:48
nowen	thank you for renewing1	17:48
nowen	and sorry for the sudden issues.	17:48
_markh_	no worries. Thanks..	17:49
*** _markh_ has quit (Quit: ChatZilla 0.9.89 [Firefox 16.0.2/20121024073032])		17:49
*** Sroman (46b71922@gateway/web/freenode/ip.70.183.25.34) has joined #wikid		18:06
Sroman	Hi all, I have a questio on Cisco Router authenticaion to Radius	18:07
nowen	for WiKD?	18:07
Sroman	I have WikID runnign and working great against ASA 5525X for VPN auth	18:08
nowen	ok	18:08
Sroman	I am now trying to get a Cisco Router to auth users for admin purposes	18:08
Sroman	The router is a basic config	18:08
Sroman	I setup th eRadsius info and the network client matching ther ASA but the logs on the WikID keep showing me java errors	18:09
Sroman	I have checked numerous sites for radius config on the routers and they are all the same. It should be a simple setup, but I am hung up on something	18:10
nowen	what are the errors? use pastebin.org if they on long	18:11
Sroman	ok will upload	18:11
Sroman	Pasted	18:22
Sroman	IE kept crashing so had to use FF	18:22
nowen	ok - post the url here	18:22
Sroman	url?	18:24
nowen	the pastbin.org url.	18:24
Sroman	I pasted ok to pastebin	18:24
nowen	I go to it to see the upload	18:24
Sroman	subject is WikID and cisco router	18:24
nowen	paste the url here, so i know what post it is	18:24
Sroman	http://pastebin.com/87D1VbBR	18:28
nowen	thanks	18:28
nowen	unknownNAS means the request is coming from a different IP than expected	18:29
nowen	did you restart WiKID after you added the network client/	18:29
nowen	?	18:29
Sroman	no	18:32
nowen	ok just run 'wikidctl stop'	18:32
nowen	and then 'wikidctl start'	18:32
Sroman	forgot about that	18:33
Sroman	let me try that real quick	18:33
Sroman	but different IP that is odd	18:33
Sroman	the router only has one interface up	18:33
nowen	yeah, radius caches everything, so if the IP isn't cached, it is rejected	18:33
Sroman	Now I get this, closer	18:37
Sroman	Access-Request(1) LEN=98 10.41.1.30:1645 Access-Request by sroman Failed: AccessRejectException: Access Denied	18:37
nowen	check to make sure you are enabled	18:37
Sroman	yup enabled	18:38
Sroman	I have been using VPN with WikID and an ASA for awhile now	18:38
nowen	set radius logging to debug: http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-can-i-set-radius-logging-to-debug-how-can-i-see-if-wikid-is-getting-the-radius-requests	18:38
nowen	that will tell you more about why you are being denied	18:39
Sroman	other msg	18:39
Sroman	Access denied for sroman, domain code: 070183021137 client: /10.41.1.30	18:39
nowen	is that client ip the cisco?	18:40
Sroman	yup	18:42
Sroman	just set logging to debugging	18:42
nowen	ok, try again	18:42
Sroman	Passcode is not a number. error	18:43
Sroman	RADIUS client supplied passcode is ?????%? +_??	18:43
nowen	check your shared secrets.	18:43
Sroman	they are matched	18:45
nowen	and you only entered the OTP?	18:45
Sroman	I changed the port for radius to 1812 and 1813 to match the ASA, should I put bacl to 1645	18:45
Sroman	yes on the OTP	18:46
nowen	the port needs to be 1812	18:46
Sroman	ok then that is good	18:47
Sroman	Wonder if I need to put a domain with my login name?	18:47
nowen	if your wikid username is sroman, then that seems right	18:48
Sroman	another msg	18:48
Sroman	RADIUS client supplied passcode is ?b?n??b?Ld?+?	18:48
nowen	that is the problem	18:48
Sroman	wonder if I need any attributes on the WikiD Server for network client. It has non selected, but the ASA which works also has nothing	18:51
nowen	that's fine.	18:51
nowen	the "RADIUS client supplied passcode is" should be the decrypted passcode	18:52
Sroman	I know it is something simple, just cannot find the issue	18:53
nowen	hmm. usually it is the shared secrets.	18:54
Sroman	I will re enter them	18:55
nowen	ok, and restart wikid for good measure	18:55
Sroman	yup	18:58
Sroman	restarting	18:58
Sroman	Little better but no go RADIUS client supplied passcode is 379564	19:02
nowen	ok - now check that you are enabled	19:03
Sroman	Access denied for sroman, domain code: 070183021137 client: /10.41.1.30	19:03
Sroman	Check returned false	19:03
nowen	the previous attempts would be counted as bad passcode attemtps	19:03
Sroman	Server returns passcode: -1	19:03
Sroman	yes 10.41.1.30	19:03
nowen	are you enabled?	19:06
Sroman	yup	19:06
nowen	you will probably need to reset the logs for debug - they get reset on a restart	19:07
nowen	then try again	19:07
Sroman	hold that	19:07
Sroman	I check my user and inside says enabled	19:07
Sroman	but looking at the user list I am disabled	19:07
Sroman	a bug maybe? or my browser greaking out	19:07
Sroman	let me enable	19:08
nowen	probably just cached	19:08
Sroman	same error and denied	19:12
nowen	hmm	19:16
nowen	try resetting the logs to debug again	19:17
Sroman	see the port on this error	19:19
Sroman	<30> Access-Request(1) LEN=98 10.41.1.30:1645 Access-Request by sroman Failed: AccessRejectException: Access Denied	19:19
nowen	is the cisco sending to 1645?	19:19
Sroman	the router is setup for 1812 but it look like it is talking 1645	19:20
Sroman	radius-server host x.x.x.x auth-port 1812 acct-port 1813	19:20
nowen	and your other network clients are working fine?	19:23
Sroman	yes	19:24
Sroman	tried changing to 1645 and 1646 and the logs show good info but the router keeps saying access denied	19:25
nowen	I don't think changing the ports on WiKID is a good idea	19:25
nowen	I have to go out for a meeting soon. I will be back around 4pm.	19:27
Sroman	only changed th erouter port	19:28
nowen	ahh	19:29
Sroman	but stil no work	19:29
nowen	what i don't get is why wikid would say ") LEN=98 10.41.1.30:1645" if it is listening on 1812?	19:29
nowen	ok, try this	19:30
nowen	run 'wikidctl stop'	19:30
nowen	then 'killall -9 java'	19:30
nowen	then 'wikidctl start'	19:30
nowen	maybe the radius cache isn't getting stopped fully	19:30
Sroman	stopped	19:35
Sroman	checked and no java running	19:35
Sroman	started and still no login	19:35
nowen	is there additional logging from debug?	19:35
Sroman	ciphertext length: 256	19:38
Sroman	Passcode request processing successfully completed.	19:38
Sroman	Sent 256 bytes to client.	19:39
Sroman	trace com.mchange.v2.resourcepool.BasicResourcePool@34151f [managed: 3, unused: 2, excluded: 0] (e.g. com.mchange.v2.c3p0.impl.NewPooledConnection@178b64b)	19:39
Sroman	All looks good but no login	19:39
nowen	do you see anything like:	19:40
nowen	User-Name (1), Length: 7, Data: [nowen], 0x6E6F77656E Acct-Session-Id (44), Length: 18, Data: [1352489956T57phl], 0x3133353234383939353654353770686C NAS-IP-Address (4), Length: 6, Data: [IP 127.0.0.1], 0x7F000001 NAS-Identifier (32), Length: 11, Data: [Localhost], 0x4C6F63616C686F7374 NAS-Port (5), Length: 6, Data: [# 0], 0x00000000 Calling-Station-Id (31), Length: 12, Data: [1115551212], 0x31313135353531323132 User-Password (2),	19:40
nowen	and Checking nowen:912899:192168001081	19:40
nowen	ok - I have to run. I'll be back at 4. Sorry	19:41
Sroman	ok	19:42
*** nowen has quit (Quit: Leaving.)		19:42
*** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid		20:41
nowen	Sroman: any progress?	20:42
Sroman	nope, I tried everything	20:44
Sroman	I have debuggiung on the router says acess rejected	20:44
Sroman	Received from id 1645/62 192.168.28.28:1812, Access-Reject, len 20	20:44
nowen	still with the 1645?	20:45
Sroman	no I have it at 1812	20:45
nowen	what does the leading 1645 mean?	20:45
Sroman	radius-server host 192.168.28.28 auth-port 1812 acct-port 1813 key	20:45
Sroman	that says id, not sure if it means port as you can see the IP: 1812	20:46
nowen	ok	20:46
nowen	ok, can you show me the part of your logs that looks like:	20:48
nowen	User-Name (1), Length: 7, Data: [nowen], 0x6E6F77656E Acct-Session-Id (44), Length: 18, Data: [1352489956T57phl], 0x3133353234383939353654353770686C NAS-IP-Address (4), Length: 6, Data: [IP 127.0.0.1], 0x7F000001 NAS-Identifier (32), Length: 11, Data: [Localhost], 0x4C6F63616C686F7374 NAS-Port (5), Length: 6, Data: [# 0], 0x00000000 Calling-Station-Id (31), Length: 12, Data: [1115551212], 0x31313135353531323132 User-Password (2),	20:48
Sroman	here is comes	20:50
Sroman	*Nov 9 20:51:38.844: RADIUS(00000048): Config NAS IP: 0.0.0.0	20:50
Sroman	not pasting all	20:51
Sroman	I will put on pastebin	20:51
Sroman	link	20:51
Sroman	http://pastebin.com/qmedryVa	20:51
nowen	is that from your cisco?	20:52
Sroman	yup	20:53
nowen	I need to see the WiKID logs	20:53
Sroman	oh	20:53
Sroman	getting that	20:53
Sroman	http://pastebin.com/m918xuS0	20:56
nowen	hmm	20:58
nowen	what state is this for?	20:58
nowen	california?	20:58
Sroman	yes	20:59
nowen	and you've double-checked that the user is still enabled?	21:01
Sroman	As of my last few tests yes enabled. I keep checking on that	21:02
nowen	sorry to keep asking, but the user should get disabled in this situatino	21:02
Sroman	it does get disabled afwer a few tries then I need to go and enable it	21:04
nowen	ok, let's review everything.	21:04
nowen	on your WiKID server, you have a network client 10.41.1.30	21:05
Sroman	the cisco router config is super simple setup	21:05
nowen	it's using radius and the same domain as your other	21:05
nowen	can you post that?	21:05
Sroman	yes 10.41.1.30	21:05
Sroman	yes same domain	21:05
nowen	are the other network clients also 10.41.1.x?	21:06
Sroman	Cisco config	21:06
Sroman	aaa authentication login default group radius local	21:06
Sroman	radius-server host 192.168.28.28 auth-port 1812 acct-port 1813 key xxxxxx	21:06
Sroman	that is basically it	21:07
nowen	hmm, can you disable accounting?	21:07
Sroman	yes other net clients 10.41.1.x	21:07
Sroman	on the router?	21:07
nowen	yeah, is accounting required?	21:08
Sroman	no	21:09
Sroman	but it auto populates the acct port	21:09
Sroman	radius-server host 192.168.28.28 auth-port 1812 acct-port 1646 key	21:09
nowen	ok, new idea	21:13
nowen	can you edit /etc/WiKID/log4j.properties to be http://pastebin.com/VSTMHe6q	21:13
Sroman	will this break the anything?	21:14
nowen	no, upon restart it will send the logs to /opt/WiKID/log	21:15
nowen	and we might get a bit more insight	21:15
Sroman	I only had a few differences	21:22
Sroman	restartintg services	21:22
nowen	well, now that i have done the same, I don't see much difference	21:23
nowen	I assume you only have the one domain/	21:26
nowen	?	21:26
Sroman	yes	21:27
Sroman	nice and simple	21:27
nowen	and this same user can login to the other network clients now?	21:28
Sroman	only one other network device ASA which authenticates VPN users and yes I can still login	21:31
nowen	ok, so what are the differences?	21:32
Sroman	so I just checked th eVPN and now I cannot login anymore	21:34
nowen	ok, that's interesting	21:34
Sroman	So now no auth to WikID is working	21:34
nowen	can you check the validity of your certs: http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid	21:35
nowen	you set this up in May, right?	21:37
Sroman	yes	21:38
Sroman	it was all working the last time I checked the Firewall	21:38
Sroman	seems like something has change on the wikID server since nothing works now	21:44
nowen	did you check the certs?	21:44
nowen	what version of WiKID is this?	21:45
Sroman	how can I check AD auth from wikID?	21:46
Sroman	wonder if AD is disconnected?	21:46
nowen	wait, are the authentications passing through NPS?	21:46
Sroman	wikid-server-enterprise-3.4.87-b1216	21:46
Sroman	NPS?	21:47
nowen	The MS radius plugin	21:47
nowen	it's the only way to tie in AD	21:47
Sroman	I think I did it the simplest way, I remember you helped me	21:48
nowen	ok, then AD is most likely not in the loop	21:48
nowen	the most likely culprit is your certs	21:48
Sroman	I think it was	21:48
Sroman	but not sure anymore	21:49
nowen	well, in the case of the router, you had it talking directly to the WiKID, IP, correct?	21:49
Sroman	yes	21:50
Sroman	same as firewall	21:50
nowen	so, that means no AD. otherwise, AD would be a network client. and probably the only one	21:50
nowen	please run the commands listed here: http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-know-if-my-certificate-is-valid	21:52
Sroman	Ok I can connect now	21:54
Sroman	I was trying user sroman	21:54
nowen	?	21:54
Sroman	I have wikid on a new iphone	21:54
Sroman	So since I could not use the original name I created a new one	21:54
Sroman	I just tried it and it works	21:54
Sroman	So I knew it was something simple	21:55
nowen	can you also use that name on the router?	21:55
Sroman	Just a mixup in user account	21:55
nowen	so, everything works now?	21:55
Sroman	yes	21:56
Sroman	so hhow can I change the usernames, I have one for iphone 1 and one for iphone 2	21:56
Sroman	I want to user sroman for iphone 2 not 1	21:56
nowen	if you want two tokens on one username, you need to add the 2nd token via the API, see :http://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server/installing-the-wikid-strong-authentication-server-enterprise-edition-page-5	21:58
Sroman	this shows how to create one user	22:00
Sroman	I already have that part	22:00
nowen	yeah, but edit the page and you'll see the full functionality. "Add additional device to existing userid"	22:00
nowen	the page is very well documented	22:01
Sroman	Sorry for being lame, edit the page? from the Server or browser?	22:02
joevano	Start reading the web page he just posted to you after Figure 28 (real near the bottom)	22:06
nowen	yeah, edit that page and browse to it	22:10
joevano	have a good weekend nowen	22:16
nowen	thanks joevano you too!	22:17
Sroman	Line 48 says this	22:18
Sroman	String chall;	22:18
nowen	look on line 46, change 010000000129 to your domain id	22:19
nowen	then on 51, change 'passphrase' to your localhost passphrase	22:20
Sroman	ok, edited lines and browse and get constant invalid login	22:25
nowen	are you logging in with the WiKIDAdmin credentials?	22:26
Sroman	oh no user	22:26
Sroman	let me try that	22:26
Sroman	Now I cannot remember the WiKIDAdmin password and cannot change it. I created admin accounts to use and now this one cannot get on	22:29
nowen	any admin account will work	22:29
Sroman	Get this	22:35
Sroman	The wClient connection to the server was NOT successfully established	22:35
Sroman	with my admin account	22:35
nowen	hmm	22:35
nowen	so, are you sure you got the passphrase correct?	22:35
Sroman	the secret one correct?	22:37
Sroman	or an admin pwd	22:37
nowen	well, the passphrase for the localhost cert.	22:37
Sroman	which should be the one when restartig services	22:37
nowen	it's not the one for the intermediate CA that starts the service	22:37
Sroman	oh thats whatI was using	22:38
Sroman	how can I find that one	22:38
nowen	didn't you check the validity of your localhost cert earlier using the keytool command?	22:39
Sroman	no	22:40
nowen	well, you can guess at it that way	22:40
nowen	what passprhase did you use in the example.jsp?	22:41
Sroman	secret!@#	22:41
nowen	I meant did you use the intCA one?	22:41
Sroman	yes believe so	22:42
nowen	ok, so I guess it is not that one	22:42
nowen	you can create a new localhost through the WiKIDAdmin interface	22:42
Sroman	wont that break everything	22:44
nowen	no	22:44
nowen	but it's late here. 5:44, so I'm not going to be around much longer	22:44
Sroman	in the example.jsp	22:44
nowen	maybe we should pick this up monday	22:44
Sroman	line 52 has a CA certstore changeit	22:45
nowen	leave that one be	22:47
nowen	ok - gotta go. one tip: you will have to restart wikid to get any changes in example.jsp to show up	22:48
nowen	2nd tip: don't mess with critical infrastructure late on a Friday afternoon!	22:48
nowen	;_	22:48
nowen	;-)	22:49
Sroman	ok have a good weekend	22:49
nowen	l;ater!	22:49
*** nowen has quit (Quit: Leaving.)		22:49
*** Sroman has quit (Quit: Page closed)		22:53

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!