nslookup DomainName if you still call no joy there is nothing we can do (without contacting your Domain Admin and asking if DomainName is live)
Martin ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > From: seema...@hotmail.com > To: users@tomcat.apache.org > Subject: RE: java.net.UnknownHostException: Failed to negotiate with a > suitable domain controller for xxx > Date: Thu, 1 Aug 2013 12:02:34 +0100 > > > > > Date: Thu, 1 Aug 2013 12:06:39 +0200 > > From: a...@ice-sa.com > > To: users@tomcat.apache.org > > Subject: Re: java.net.UnknownHostException: Failed to negotiate with a > > suitable domain controller for xxx > > > > Seema Patel wrote: > > > Hi, > > > > > > I am not sure if this is the right List to post this on, please advise if > > > it isn't and let me know where is best to post. > > > > > > I am getting the following error on one of our applications running on > > > our intranet: > > > > > > 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR > > > org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] > > > - Servlet.service() for servlet action threw exception > > > java.net.UnknownHostException: Failed to negotiate with a suitable domain > > > controller for xxx.LOCAL > > > at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187) > > > at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150) > > > at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114) > > > at > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) > > > at > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > > > at > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) > > > at > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) > > > at > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) > > > at > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > > > at > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) > > > at > > > org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393) > > > at > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) > > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) > > > at > > > org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837) > > > at > > > org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640) > > > at > > > org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287) > > > at java.lang.Thread.run(Unknown Source) > > > > > > > I believe that you should read this page carefully, in particular the blue > > text at the > > beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html > > > > Can you have a look at the WEB-INF/web.xml file *of your application*, and > > check if there > > is a servlet filter configured there, which matches the name above ? > > > > If so, make a backup copy of that web.xml file, and then edit it to remove > > that filter > > from it, and try again. > > I am not quite sure, but it looks possible to me that you have a duplicate > > authentication > > mechanism in use : one at the container (Tomcat) level, and one at the > > application level. > > And the one used at the application level is obsolete, unsupported, > > unmaintained etc.. > > > > I have found out that JCIFS is no longer supported, but it will take a lot of > time, development and resources to update it to the recommended Jespa. In my > web.xml file I have the following: > > <filter> > <filter-name>NtlmHttpFilter</filter-name> > <filter-class>jcifs.http.NtlmHttpFilter</filter-class> > > <!-- > always needed for preauthentication / SMB signatures > --> > <init-param> > <param-name>jcifs.smb.client.domain</param-name> > <param-value>xxx</param-value> > </init-param> > <!-- SMB message signing requires a valid existing login --> > <init-param> > <param-name>jcifs.smb.client.username</param-name> > <param-value>xxx</param-value> > </init-param> > <init-param> > <param-name>jcifs.smb.client.password</param-name> > <param-value>xxx</param-value> > </init-param> > <!-- Set the logging level --> > <init-param> > <param-name>jcifs.util.loglevel</param-name> > <param-value>3</param-value> > </init-param> > <!-- allow non-IE browsers to use basic auth --> > <init-param> > <param-name>jcifs.http.insecureBasic</param-name> > <param-value>true</param-value> > </init-param> > </filter> > <filter> > <filter-name>HRADGroupFilter</filter-name> > <filter-class>xxx.ADGroupFilter</filter-class> > <init-param> > <param-name>AllowedGroups</param-name> > <param-value>G-HR,G-MIS</param-value> > </init-param> > </filter> > <filter> > <filter-name>SuggestionsGroupFilter</filter-name> > <filter-class>xxx.ADGroupFilter</filter-class> > <init-param> > <param-name>AllowedGroups</param-name> > <param-value>xxx, xxx</param-value> > </init-param> > </filter> > > <filter-mapping> > <filter-name>NtlmHttpFilter</filter-name> > <url-pattern>/suggestions/*</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>SuggestionsGroupFilter</filter-name> > <url-pattern>/suggestions/*</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>NtlmHttpFilter</filter-name> > <url-pattern>/xxx/*</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>HRADGroupFilter</filter-name> > <url-pattern>/xxx/xxx.do</url-pattern> > </filter-mapping> > > > So, are you saying to just remove the following from the above?: > <filter-name>NtlmHttpFilter</filter-name> > <filter-class>jcifs.http.NtlmHttpFilter</filter-class> > > Is there anything else in there that needs to be removed? Sorry for my lack > of understanding, but this was all developed by previous developers, who are > no longer working here and have left no documentation. > > Thanks > > > > > > In my tomcat/conf/server.xml file I have: > > > > > > <Realm className="com.viatel.tomcatrealms.ADJNDIRealm" > > > debug="01" resourceName="ActiveDirectory" > > > connectionURL="ldap://xxx:xxx"; > > > alternativeURL="ldap://xxx:xxx"; > > > connectionName="LDAP@xxx.local" connectionPassword="xxx" > > > referrals="follow" userBase="dc=vtlwavenet,dc=local" > > > userSearch="(sAMAccountName={0})" userSubtree="true" > > > roleBase="dc=xxx,dc=local" roleSearch="(member={0})" > > > roleName="cn" roleSubtree="true" /> > > > > > > I have 2 .war files running from this tomcat - 1) intranet portal A, 2) > > > intranet helpdesk page and also another intranet portal B (both run from > > > slightly different URLs). > > > When tomcat was restarted the intranet portal A runs, intranet portal B > > > runs but the intranet helpdesk portal doesn't run. For this we get the > > > error message shown above. > > > > > > I don't know if it is the java code, some setting in the tomcat catalina > > > base or if it is a tomcat network issue. > > > > > > We are running Tomcat 5.5.29. > > > java version "1.5.0_22" > > > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03) > > > Java HotSpot(TM) Client VM (build 1.5.0_22-b03, mixed mode, sharing) > > > It is on a Windows Server 2003 R2 SP2 VM box. > > > > > > Any help on this is appreciated. > > > Thanks in advance > > > > > > Seema > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > >
