From users-return-242938-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org Thu Aug 1 13:26:35 2013 Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 91A5910DDF for ; Thu, 1 Aug 2013 13:26:35 +0000 (UTC) Received: (qmail 76767 invoked by uid 500); 1 Aug 2013 13:26:31 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 76714 invoked by uid 500); 1 Aug 2013 13:26:31 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 76705 invoked by uid 99); 1 Aug 2013 13:26:31 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Aug 2013 13:26:31 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of mgainty@hotmail.com designates 65.55.111.86 as permitted sender) Received: from [65.55.111.86] (HELO blu0-omc2-s11.blu0.hotmail.com) (65.55.111.86) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Aug 2013 13:26:24 +0000 Received: from BLU172-W9 ([65.55.111.73]) by blu0-omc2-s11.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 1 Aug 2013 06:26:03 -0700 X-TMN: [QszST4kgk71jJEObtYTxzeRR0YNIt04F] X-Originating-Email: [mgainty@hotmail.com] Message-ID: Content-Type: multipart/alternative; boundary="_a122a764-0cfd-4685-ac8e-94274844d47c_" From: Martin Gainty To: Tomcat Users List Subject: RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx Date: Thu, 1 Aug 2013 09:26:02 -0400 Importance: Normal In-Reply-To: References: ,,<51FA332F.2000702@ice-sa.com>, MIME-Version: 1.0 X-OriginalArrivalTime: 01 Aug 2013 13:26:03.0822 (UTC) FILETIME=[ABD494E0:01CE8EBA] X-Virus-Checked: Checked by ClamAV on apache.org --_a122a764-0cfd-4685-ac8e-94274844d47c_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable nslookup DomainName if you still call no joy there is nothing we can do (without contacting you= r Domain Admin and asking if DomainName is live) Martin=20 ______________________________________________=20 Verzicht und Vertraulichkeitanmerkung/Note de d=E9ni et de confidentialit= =E9 Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaeng= er sein=2C so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiter= leitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient l= ediglich dem Austausch von Informationen und entfaltet keine rechtliche Bin= dungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen w= ir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut =EAtre privil=E9gi=E9. Si vous n'=EAtes= pas le destinataire pr=E9vu=2C nous te demandons avec bont=E9 que pour sat= isfaire informez l'exp=E9diteur. N'importe quelle diffusion non autoris=E9e= ou la copie de ceci est interdite. Ce message sert =E0 l'information seule= ment et n'aura pas n'importe quel effet l=E9galement obligatoire. =C9tant d= onn=E9 que les email peuvent facilement =EAtre sujets =E0 la manipulation= =2C nous ne pouvons accepter aucune responsabilit=E9 pour le contenu fourni= . =20 > From: seema165@hotmail.com > To: users@tomcat.apache.org > Subject: RE: java.net.UnknownHostException: Failed to negotiate with a su= itable domain controller for xxx > Date: Thu=2C 1 Aug 2013 12:02:34 +0100 >=20 >=20 >=20 > > Date: Thu=2C 1 Aug 2013 12:06:39 +0200 > > From: aw@ice-sa.com > > To: users@tomcat.apache.org > > Subject: Re: java.net.UnknownHostException: Failed to negotiate with a = suitable domain controller for xxx > >=20 > > Seema Patel wrote: > > > Hi=2C > > > =20 > > > I am not sure if this is the right List to post this on=2C please adv= ise if it isn't and let me know where is best to post. > > > =20 > > > I am getting the following error on one of our applications running o= n our intranet: > > > =20 > > > 2013-07-31 17:15:11=2C180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.= catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Serv= let.service() for servlet action threw exception > > > java.net.UnknownHostException: Failed to negotiate with a suitable do= main controller for xxx.LOCAL > > > at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187) > > > at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150) > > > at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114) > > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(A= pplicationFilterChain.java:215) > > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(Applicati= onFilterChain.java:188) > > > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapp= erValve.java:213) > > > at org.apache.catalina.core.StandardContextValve.invoke(StandardConte= xtValve.java:172) > > > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authent= icatorBase.java:465) > > > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValv= e.java:127) > > > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValv= e.java:117) > > > at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn= .java:393) > > > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngine= Valve.java:108) > > > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.= java:174) > > > at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProce= ssor.java:837) > > > at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler= .process(Http11AprProtocol.java:640) > > > at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java= :1287) > > > at java.lang.Thread.run(Unknown Source) > > > =20 > >=20 > > I believe that you should read this page carefully=2C in particular the= blue text at the=20 > > beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html > >=20 > > Can you have a look at the WEB-INF/web.xml file *of your application*= =2C and check if there=20 > > is a servlet filter configured there=2C which matches the name above ? > >=20 > > If so=2C make a backup copy of that web.xml file=2C and then edit it to= remove that filter=20 > > from it=2C and try again. > > I am not quite sure=2C but it looks possible to me that you have a dupl= icate authentication=20 > > mechanism in use : one at the container (Tomcat) level=2C and one at th= e application level. > > And the one used at the application level is obsolete=2C unsupported=2C= unmaintained etc.. > >=20 >=20 > I have found out that JCIFS is no longer supported=2C but it will take a = lot of time=2C development and resources to update it to the recommended Je= spa. In my web.xml file I have the following: >=20 > > NtlmHttpFilter > jcifs.http.NtlmHttpFilter > =20 > > > jcifs.smb.client.domain > xxx > > > > jcifs.smb.client.username > xxx > > > jcifs.smb.client.password > xxx > > > > jcifs.util.loglevel > 3 > > > > jcifs.http.insecureBasic > true > > > > HRADGroupFilter > xxx.ADGroupFilter > > AllowedGroups > G-HR=2CG-MIS > > > > SuggestionsGroupFilter > xxx.ADGroupFilter > > AllowedGroups > xxx=2C xxx > > > =20 > > NtlmHttpFilter > /suggestions/* > > > SuggestionsGroupFilter > /suggestions/* > > > NtlmHttpFilter > /xxx/* > > > HRADGroupFilter > /xxx/xxx.do > >=20 >=20 > So=2C are you saying to just remove the following from the above?: > NtlmHttpFilter > jcifs.http.NtlmHttpFilter >=20 > Is there anything else in there that needs to be removed? Sorry for my l= ack of understanding=2C but this was all developed by previous developers= =2C who are no longer working here and have left no documentation. >=20 > Thanks >=20 > >=20 > > > In my tomcat/conf/server.xml file I have: > > > =20 > > > > > debug=3D"01" resourceName=3D"ActiveDirectory" > > > connectionURL=3D"ldap://xxx:xxx" > > > alternativeURL=3D"ldap://xxx:xxx" > > > connectionName=3D"LDAP@xxx.local" connectionPassword=3D"xxx" > > > referrals=3D"follow" userBase=3D"dc=3Dvtlwavenet=2Cdc=3Dlocal" > > > userSearch=3D"(sAMAccountName=3D{0})" userSubtree=3D"true" > > > roleBase=3D"dc=3Dxxx=2Cdc=3Dlocal" roleSearch=3D"(member=3D{0})" > > > roleName=3D"cn" roleSubtree=3D"true" /> > > > =20 > > > I have 2 .war files running from this tomcat - 1) intranet portal A= =2C 2) intranet helpdesk page and also another intranet portal B (both run = from slightly different URLs). > > > When tomcat was restarted the intranet portal A runs=2C intranet port= al B runs but the intranet helpdesk portal doesn't run. For this we get th= e error message shown above. > > > =20 > > > I don't know if it is the java code=2C some setting in the tomcat cat= alina base or if it is a tomcat network issue. > > > =20 > > > We are running Tomcat 5.5.29. > > > java version "1.5.0_22" > > > Java(TM) 2 Runtime Environment=2C Standard Edition (build 1.5.0_22-b0= 3) > > > Java HotSpot(TM) Client VM (build 1.5.0_22-b03=2C mixed mode=2C shari= ng)=20 > > > It is on a Windows Server 2003 R2 SP2 VM box. > > > =20 > > > Any help on this is appreciated. > > > Thanks in advance > > > =20 > > > Seema > > > =20 > > > =20 > > > =20 > > > =20 > >=20 > >=20 > > --------------------------------------------------------------------- > > To unsubscribe=2C e-mail: users-unsubscribe@tomcat.apache.org > > For additional commands=2C e-mail: users-help@tomcat.apache.org > >=20 > =20 = --_a122a764-0cfd-4685-ac8e-94274844d47c_--