Windows 2008

Jul 5, 2010 at 2:22 PM
We have extends the test to more systems now and there are new problems. Because the current problems with Negotiate we use only NTLM and Basic. The result is curious. The follow is independent if it run as windows service or as standalone application IE: NTLM does not work, Basic work. Firefox: work Chrome: work It occur the error message that the token is invalid for this function.
Coordinator
Jul 5, 2010 at 3:13 PM

Well, there's nothing else than anecdotal data here. You should go through the same path as you did last time figuring out which account the tests run as, which protocol is actually used, isolate the failures, post logs. The token is invalid is always the same user privileges problem for the account under which your server is running (until you can convince me otherwise :)).

Jul 6, 2010 at 11:17 AM
The log out has not help in the last time. That I have described the problem in the hope that you can reproduce it. I think not that you can solve it with the log output. But ok here is the log output. The output look like the output from WFETCH where I receive the same error with the invalid token. Testing more with a different system. It show that the problem is not related to Windows 2008. On a second 2008 system it work. Testing more show then that the problem is related to this single IE browser. This IE browser does not work with any WAFFLE Server but work with IIS. An IE on another Windows 2008 work. I have test another Base64 encoder/decoder. Without any luck. There is ever the error -2146893048.

06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter <init>
FEIN: [waffle.servlet.NegotiateSecurityFilter] loaded
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: waffle.servlet.spi.BasicSecurityFilterProvider/realm=i-net Crystal-Clear
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols=NTLM
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: allowGuestLogin=false
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: initializing default secuirty filter providers
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: setting waffle.servlet.spi.BasicSecurityFilterProvider, realm=i-net Crystal-Clear
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: setting waffle.servlet.spi.NegotiateSecurityFilterProvider, protocols=NTLM
06.07.2010 12:58:43 waffle.servlet.spi.NegotiateSecurityFilterProvider initParameter
FEIN: init protocol: NTLM
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
INFO: [waffle.servlet.NegotiateSecurityFilter] started
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter doFilter
INFO: GET null, contentlength: 0
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter doFilter
INFO: authorization required
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter <init>
FEIN: [waffle.servlet.NegotiateSecurityFilter] loaded
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: waffle.servlet.spi.BasicSecurityFilterProvider/realm=i-net Crystal-Clear
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols=NTLM
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: allowGuestLogin=false
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: initializing default secuirty filter providers
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: setting waffle.servlet.spi.BasicSecurityFilterProvider, realm=i-net Crystal-Clear
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: setting waffle.servlet.spi.NegotiateSecurityFilterProvider, protocols=NTLM
06.07.2010 12:58:43 waffle.servlet.spi.NegotiateSecurityFilterProvider initParameter
FEIN: init protocol: NTLM
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
INFO: [waffle.servlet.NegotiateSecurityFilter] started
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter doFilter
INFO: GET /remote, contentlength: -1
06.07.2010 12:58:43 waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: security package: NTLM, connection id: 2002:d201:a4ec:0:0:0:d201:a4ec:61028
06.07.2010 12:58:43 waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: token buffer: 40 byte(s)
06.07.2010 12:58:43 waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: continue token: TlRMTVNTUAACAAAAGAAYADgAAAAFgomi+ul68d35KhsAAAAAAAAAALYAtgBQAAAABgByFwAAAA9JAE4ARQBUAFMATwBGAFQAVwBBAFIARQ
ACABgASQBOAEUAVABTAE8ARgBUAFcAQQBSAEUAAQAGAFYAQgA0AAQAJABpAG4AZQB0AHMAbwBmAHQAdwBhAHIAZQAuAGwAbwBjAGEAbAADACwAVgBCADQA
LgBpAG4AZQB0AHMAbwBmAHQAdwBhAHIAZQAuAGwAbwBjAGEAbAAFACQAaQBuAGUAdABzAG8AZgB0AHcAYQByAGUALgBsAG8AYwBhAGwABwAIAOpv6TL6HMsB
AAAAAA==
06.07.2010 12:58:43 waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: continue required: true
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter <init>
FEIN: [waffle.servlet.NegotiateSecurityFilter] loaded
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: waffle.servlet.spi.BasicSecurityFilterProvider/realm=i-net Crystal-Clear
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols=NTLM
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: allowGuestLogin=false
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: initializing default secuirty filter providers
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: setting waffle.servlet.spi.BasicSecurityFilterProvider, realm=i-net Crystal-Clear
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
FEIN: setting waffle.servlet.spi.NegotiateSecurityFilterProvider, protocols=NTLM
06.07.2010 12:58:43 waffle.servlet.spi.NegotiateSecurityFilterProvider initParameter
FEIN: init protocol: NTLM
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter init
INFO: [waffle.servlet.NegotiateSecurityFilter] started
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter doFilter
INFO: GET /remote, contentlength: -1
06.07.2010 12:58:43 waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: security package: NTLM, connection id: 2002:d201:a4ec:0:0:0:d201:a4ec:61028
06.07.2010 12:58:43 waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: token buffer: 448 byte(s)
06.07.2010 12:58:43 waffle.servlet.NegotiateSecurityFilter doFilter
WARNUNG: error logging in user: Das Token, das der Funktion übergeben wurde, ist ungültig.

Jul 6, 2010 at 11:59 AM
The problem is solved. There was multiple instances of NegotiateSecurityFilter. Now I hold a central instance in a static variable instead in the session. Why this had only an effect with one browser and with browser on a single system is unclear for me. PS: Windows 7 work also now. There is only the problem with the guest account. Do you know when a final 1.3 release will be available? Are there a time frame?
Coordinator
Jul 6, 2010 at 1:46 PM
Horcrux7 wrote:
The problem is solved. There was multiple instances of NegotiateSecurityFilter. Now I hold a central instance in a static variable instead in the session. Why this had only an effect with one browser and with browser on a single system is unclear for me. PS: Windows 7 work also now. There is only the problem with the guest account. Do you know when a final 1.3 release will be available? Are there a time frame?
  • Did you make any changes in Waffle? (How are you using this?) Probably with IE you get a different protocol selected (NTLMv2 vs. NTLMv1) or something like that.
  • What's the guest account problem?
  • After JNA 3.2.6, since Waffle is using recent JNA changes. I don't have a timeframe, but probably "soon". You could ask the JNA users list about the JNA release.

 

Jul 6, 2010 at 4:44 PM
  • Did you make any changes in Waffle? (How are you using this?) Probably with IE you get a different protocol selected (NTLMv2 vs. NTLMv1) or something like that.

No changes in Waffe. I have made a change in my code. Before I have save an instance of NegotiateSecurityFilter in the session. If a new session was created then a new instance of NegotiateSecurityFilter was created. That with this one installation of IE 8 there was used different NegotiateSecurityFilter for a single login. That the token was invalid. Now I have a static reference to NegotiateSecurityFilter

  • What's the guest account problem?

In ticket http://waffle.codeplex.com/workitem/8415 I have add a comment. I can not reopen the ticket. It seems that Windows 7 has a new or other SID for the guest account.

  • After JNA 3.2.6, since Waffle is using recent JNA changes. I don't have a timeframe, but probably "soon". You could ask the JNA users list about the JNA release.

I know that the JNA 3.2.6 is the base for a release. But in the project JNA there is also an user dblock which checkin code. That I have hope that you now some think over a release termin.

 

Coordinator
Jul 10, 2010 at 6:49 PM

I've opened http://waffle.codeplex.com/workitem/8965 for the anonymous logon problem. I am not quite clear on what's anonymous, guest and something else any more, I'll take a look.

I do commit to JNA, but I don't ship it. There're still a few open issues in Waffle 1.3, I don't want to rush a release. I do think that it's wrapping somewhat up.