I have some code that is sending an INVITE to a lync address (test1#lync2013.example.com). I initially receive a 401 Unauthorized from the server (as expected). I then perform a TLS-DSK handshake as documented here: http://msdn.microsoft.com/en-us/library/ff530353(v=office.12).aspx and this completes.
However, I am now stuck receiving a 403 Forbidden response when trying to INVITE (that is, sending my 4th INVITE - the first 3 are used for the TLS-DSK handshaking), and in the ms-diagnostics header in the response has:
ms-diagnostics: 4005;reason="Destination URI either not enabled for SIP or does not exist";source="LYNC13.test.example.com"
The test1 user definitely does exist (I can call it from another Lync client) and an the Control Panel I have the user set for "Enterprise Voice" telephony which I believe is correct if the client is set up to be able to receive external SIP calls. Am I missing any more configuration?
If it helps, my SIP domain is lync2013.example.com, my AD domain is test.example.com and my Lync server FQDN is LYNC13.test.example.com.
Many thanks in advance to anyone able to help (or is seeing the same problem specifically on Lync 2013). I am in the process of configuring Lync 2010 that I will be able to check against.
Thanks again,
Simon Tolham
Related
I have a question regarding SQL Server Reporting Services 2019:
We have received a HTTPS-certificate and added a URL for both Web Service and Web Portal. When we try to access either /Reports or /ReportServer on HTTP we can get through with no problem, but when we try to access on HTTPS then we are met with a logon dialog which will give three attempts at log on before displaying a white page. All attempts at entering a valid combination of user name and password returns a 401 error.
We've tried removing and reinserting all bindings for HTTP, HTTPS, SSL, changing logon mechanism in the config file to use Kerberos, NTLM or a combination of those but nothing works.
Does anyone what the source of this problem might be and how to solve it?
We figured out what the problem was. Authentication issues did not behave the same for HTTP and HTTPS. My test user wasn't a member of the correct user group. Once we gave it "System User" access then we could log in.
I want to use Apache Nifi to track real time tweets
i pasted in my keys correctly but all requests return this error :
19:15:20 UTC ERROR
GetTwitter[id=59b5cb18-017e-1000-a6a2-991a653ec138] Received error HTTP_ERROR: HTTP/1.1 403 Forbidden. Will attempt to reconnect
i dont know where the problem is from.
thank you.
403 Forbidden means the Twitter API is rejecting your request - your access keys could be incorrect, or you might not have the right access rights for the endpoint you're accessing.
The request is understood, but it has been refused or access is not allowed. An accompanying error message will explain why.
Check that your developer account includes access to the endpoint you’re trying to use. You may also need to get your App allowlisted (e.g. Engagement API or Ads API) or sign up for access.
From https://developer.twitter.com/en/support/twitter-api/error-troubleshooting
Make sure you follow the advice from Twitter here and make note of:
With Essential access, you are only able to make requests to the Twitter API v2 endpoints, and not the v1.1 or enterprise endpoints. You are limited to 500K Tweets/month, and unable to take advantage of certain developer portal functionality such as teams and access to additional App environments
There are limits on what you can do with the Essential access level. See here.
If that doesn't help - please include a screenshot of your GetTwitter config and your version of NiFi.
If it raises 403 error while using GetTwitter processor in nifi.
API Key & consumer key aren't only a problem. Change the Twitter endpoint field while configuring the GetTwitter processor from
Filter Endpoint
to
Firehose Endpoint
In the field of twitter endpoint
Probably this will work!!
We have a curious situation with http referrer and response.
Our application is a J2EE with a WEB and EJB project. Working fine for years.
Recently, from one specific location, when user click to submit, our EJB sysout picked up trace that there was more than one submit (POST request) resulting in a null pointer. Our button have been designed to be disabled after it has been clicked. We are not sure how a subsequent request can possibly happen. In this simulation of the problem, we click once and there is only one user in the system.
Since this only occur when we connect from a particular ISP. We do not experience multiple request from other ISP locations. So we are suspecting that the ISP may have in advertently trigger a resubmit. But we are not sure. What else can we do to trace the root cause of this problem.
Thanks for your help.
Update on 12-Apr
We have installed wireshark to trace the signal from the browser side. We notice that the browser concern makes a "retry" after every 11 or 12 minutes. Would this be a normal browser behaviour?
I think we have found the cause of the problem. It is explained by by this https://blogs.oracle.com/ravello/beware-http-requests-automatic-retries
It is something in the HTTP spec
"If an HTTP/1.1 client sends a request which includes a request body, but which does not include an Expect request-header field with the "100-continue" expectation, and if the client is not directly connected to an HTTP/1.1 origin server, and if the client sees the connection close before receiving any status from the server, the client SHOULD retry the request. W3 Hypertext Transfer Protocol -- HTTP/1.1
While using Google Cloud Message API I occasionally get 401 Unauthorized status. So, sometimes my push notifications are send and sometimes not, without changing anything in the API request.
I use curl request with server key.
I tried to specify IPs list and set it to "Any IP allowed".
I already tried to create new server keys and projects, as some people here tell it helps them in similar situation. Sadly, it not helps me.
I'm seeing a similar problem with other Google Cloud APIs and I suspect it's related to your authentication being expired. Make sure to refresh any tokens you are using.
In IIS I can configure my custom error pages.
For each HTTP Error code I can say where to go. Several codes have a number of "sub" codes available. For example 404 has a regular 404, 404;1, 404;2 and so on..
What are they for? When are they returned? Should I make custom pages for these errors? Can I somehow easely configure all code "families" to come to the same page?
401 - Access denied. IIS defines several different 401 errors that indicate a more specific cause of the error. These specific error codes are displayed in the browser but are not displayed in the IIS log:
401.1 - Logon failed.
401.2 - Logon failed due to server configuration.
401.3 - Unauthorized due to ACL on resource.
401.4 - Authorization failed by filter.
401.5 - Authorization failed by ISAPI/CGI application.
401.7 – Access denied by URL authorization policy on the Web server (This error code is specific to IIS 6.0.)
Here is the complete list in the MSDN documentation for IIS 5.0 and 6.0 and for IIS 7.0, 7.5 and 8.0.
If you want to show your visitors or users a nice custom message depending on these subcode, you could do it. But you needn't.
"Substatus" error codes are specific to IIS. They are for "internal" logging purposes - whatever the substatus code, it is the the parent error that gets returned to the client (404.2 gets sent back as 404)
They were implemented specifically to reduce the surface area of attack of IIS whilst still providing sysadmins with a meaningful amount of data. Therefore you actively should not send back specific substatus error messages as you will be opening your IIS installation to possible attack.
Reference
This blog article appears to explain a lot of this. Perhaps it can be of help? At the very least, it explains the meaning of the 'sub-codes'.