[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] SecuRemote with user certificate

To: [email protected]
Subject: [FW-1] SecuRemote with user certificate
From: [email protected]
Date: Tue, 22 Oct 2002 17:10:26 +0000
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi All,

Has anyone successfully implemented SecuRemote to use certificate instead of pre-shared key on NG Feature Pack 2?

I'm having problem set this up.  When the user log in with the certificate, the SR comes up with "SR could not be started, contact your administrator" and the SR GUI terminates.  The log viewer shows, the user logs in successfully (key install: Main mode completion,  in infor field: reason: Client Encryption: Authenticated by RSA Signature). User with Pre-shared key works fine.

Thanks in advance.
Regards
Suga



out put of log created from the SR GUI:

log_file_name:sr_gui_tde

[ 892 588][21 Oct 16:19:24] SetDefaultDir: GetRegistryAppPathString failed
[ 892 588][21 Oct 16:19:24]
[ 892 588][21 Oct 16:19:24] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[ 892 588][21 Oct 16:19:24] SDL not enabled
[ 892 588][21 Oct 16:19:24] SSO not enabled
[ 892 588][21 Oct 16:19:24] RecursiveRegDeleteKey: SOFTWARE\CheckPoint\SecuRemote\CurrentSessionCredentials does not exist



log_file_name:sr_service_tde


[ 816 948][21 Oct 16:19:22] set_ikeStatus_post_fn: set fn 530e4153
[ 816 856][21 Oct 16:19:22] decrypt_obj: no cryptver
[ 816 856][21 Oct 16:19:22] decrypt_obj: no cryptver
[ 816 856][21 Oct 16:19:22] decrypt_obj: no cryptver
[ 816 856][21 Oct 16:19:22] decrypt_obj: no cryptver
[ 816 856][21 Oct 16:19:22] set_userc_post_fn: set fn 53071000
[ 816 856][21 Oct 16:19:22] set_userc_schedule_keep_alive: set fn 53867e6f
[ 816 856][21 Oct 16:19:22] set_userc_deschedule_keep_alive: set fn 53867eb7
[ 816 856][21 Oct 16:19:22] set_user_message_box_fn: set fn 5307102c
[ 816 868][21 Oct 16:19:22] InvokeIsakmpServer: Trying to bind to a different port than 500

[ 816 868][21 Oct 16:19:22] InvokeIsakmpServer: listening to IKE port 1298

[ 816 868][21 Oct 16:19:22] fwobj_get_myself: no module function set
[ 816 868][21 Oct 16:19:22] fwuserc_exec_switch: load.
[ 816 868][21 Oct 16:19:23] InvokeIsakmpServer: entered IKE port 1298 to userc_ike_local_port table

[ 816 868][21 Oct 16:19:23] fwuserc_loadtopo: entered gw ip:c2c9290d to userc_enc_domain_gws_table

[ 816 868][21 Oct 16:19:23] fwuserc_loadtopo: entered gw interface ip:c2c9290d to userc_enc_domain_gws_table

[ 816 868][21 Oct 16:19:23] fwuserc_loadtopo: entered gw interface ip:c0a80101 to userc_enc_domain_gws_table

[ 816 868][21 Oct 16:19:23] fwuserc_loadtopo: entered gw interface ip:0a000001 to userc_enc_domain_gws_table

[ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 259
[ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 259
[ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 259
[ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 259
[ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 273
[ 816 856][21 Oct 16:19:23] vpn_get_conn_user_fn: set fn 530466fa
[ 816 856][21 Oct 16:19:23] ckpSSLsession_from_ikeSA_clnt_fn: set fn 53046747
[ 816 856][21 Oct 16:19:23] create_ssl_clnt_params_fn: set fn 53046756
[ 816 856][21 Oct 16:19:23] ckpSSL_fwasync_connect_fn: set fn 5304675c
[ 816 856][21 Oct 16:19:23] ckpSSLparams_Free_fn: set fn 53046772
[ 816 856][21 Oct 16:19:23] ikeSA_is_needed_fn: set fn 5304677e
[ 816 868][21 Oct 16:20:11] fwuserc_exec_switch: update.
[ 816 868][21 Oct 16:20:11] fwuserc_topo_client_handler: CLN_TOPO_IKE_SSL_INIT
.......
.......
......
[ 816 868][21 Oct 16:20:15] _get_cp_temp_dir: Failed to initilaze temp_dir.
[ 816 868][21 Oct 16:20:15] _get_cp_temp_dir: Failed to initilaze temp_dir.
[ 816 868][21 Oct 16:20:17] [Mon Oct 21 16:20:17 2002] [pid=816] funcchain: Create Child process failed C:\Program Files\CheckPoint\SecuRemote\bin\fwssd.exe funcchain "__DEFAULT_LOGFILE__" "1" "0" "resolver_list": The system cannot find the file specified.
[ 816 868][21 Oct 16:20:17] [Mon Oct 21 16:20:17 2002] [pid=816] funcchain: Create Child process failed C:\Program Files\CheckPoint\SecuRemote\bin\fwssd.exe funcchain "__DEFAULT_LOGFILE__" "2" "1" "resolver_list": The system cannot find the file specified.
[ 816 868][21 Oct 16:20:18] [Mon Oct 21 16:20:18 2002] [pid=816] funcchain: Create Child process failed C:\Program Files\CheckPoint\SecuRemote\bin\fwssd.exe funcchain "__DEFAULT_LOGFILE__" "0" "1" "resolver_list": The system cannot find the file specified.
[ 816 936][21 Oct 16:20:18] fwuserc_mainloop_error_handler:: Got error from socket_worker - 10038
[ 816 936][21 Oct 16:20:18] socket_worker (936): select failed: Unknown Winsock error (10038)
[ 816 868][21 Oct 16:20:18] fwuserc_exec_switch: got T_event_mainloop exit command, sending panic
[ 1008 372][21 Oct 17:55:49] ------------------------------------------------------------------

--

Powered by Outblaze

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] NG FP2 logexport failure
Next by Date: Re: [FW-1] NG FP2 logexport failure
Prev by thread: Re: [FW-1] NG FP2 logexport failure
Next by thread: Re: [FW-1] SecuRemote with user certificate
Index(es):
- Date
- Thread