"24427 Access to Active Directory failed" error in ACS 5.1
Hello,
I'm working on implementing a RADIUS authentication for wireless access with the following :
- PCs running Windows 7, protocol used is PEAP (without validating the server certificate to make it simple at first),
- AP 1252 configured to use a RADIUS server to authenticate (it's working good with an ACS server 4.2),
- ACS Server 5.1.0.44.5 running as VM connected to an AD domain and working good with VPN connections,
- AD domain running on Windows 2003 Server.
My ACS VM is working good since a couple of months for VPN (RADIUS) and administration (TACACS) remote access, both using Active Directory. Now, I'd like to use it to authenticate people connecting to a 1252 Cisco access point but I'm getting this error "24427 Access to Active Directory failed". I switched from PEAP to LEAP but this is the same.
All I can get running the expert troubleshoot
Investigating failure code: 24427 Access to Active Directory failed
Checking if Active Directory is configured
Active Directory is configured
Attempting connection to Active Directory
Connection to Active Directory was successful.
Troubleshooting completed.
Click on Show Results Summary to view results.
I followed this guide, at least for the ACS certificate section :
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml
Anyone has an idea where the problem may come from?
Thanks in advance,
Vincent
hey there, I ran into the same issue with 5.3 and it turned out being this bug. i came across your post looking for instructions on retrieving the logs. thanks mate.
link
Problem: Error "24495 Active Directory servers are not available"
Authentication starts failing with this error: 24495 Active Directory servers are not available. in the ACS 5.3 logs.
Solution
Check the ACSADAgent.log file through the CLI of the ACS 5.x for messages such as:Mar 11 00:06:06 xlpacs01 adclient[30401]: INFO base.bind.healing Lost connection to xxxxxxxx. Running in disconnected mode: unlatch. If you see the Running in disconnected mode: unlatch error message, this means the ACS 5.3 cannot maintain a stable connection with Active Directory. The workaround is to either switch to LDAP or downgrade the ACS to 5.2 version. Refer to Cisco bug ID CSCtx71254 (registered customers only) for more information.
Similar Messages
-
Unable to save Unified Messaging PIN: Access to Active Directory Failed
I'm trying to enable all of our users for Unified Messaging and I've created a powershell script for each of users I want to enable but I am getting an error message everytime I try and run it.
Unable to save Unified Messaging PIN for mailbox 'smtp address': Access to Active Directory Failed
Our setup is forest root domain and 2 child domains. Most of the users are in the child domains and the Exchange server is in the forest root domain.
I'm using -domaincontroller but this doesn't make a difference. Here is the script I am using:
Enable-UMMailbox -Identity [email protected] -UMMailboxPolicy "DefaultUM Default Policy" -Extensions 303 -PIN 1234 -SIPResourceIdentifier "[email protected]" -PINExpired $false -domaincontroller "rc-curdc-01.curriculum.riddlesdown.local"
Can someone point out why this isn't working?I had the same experience as Gueetar. Couldn't enable a UM mailbox, or change the PIN. Got a generic "Access to Active Directory Failed" message instead of anything useful. Even went so far as enabled a ton of diagnostic logging, which didn't report anything
useful.
Of course, all the accounts I was enabling had the HiddenFromAddressListsEnabled property set to $true (these were old deactivated accounts I was using to test with). I found that setting it back to $false corrected the issue.
Of course I didn't know it was that exact problem at the time. I only found a difference after disabling/re-connecting mailboxes (and of course newly created mailboxes exhibited no issues). Assuming this was going to be the case for all mailboxes this would
be fine for testing and proof of concept, bad for production/implementation. Instead I ran a bunch of scenarios over two days, culminating in a crap load of LDIFDEs and DSACL dumps to enumerate the object properties and compare the values that were different.
This property (HideFromALEnabled) and a few others stood out. Luckily it wasn't ACL-related - that would've been a complete head wreck!
Dear Microsoft: More descriptive errors next time, please :) -
Credential Roaming failed to write to the Active Directory. Error code 5 (Access is denied.)
Hi All,
I could see following error event in all client computers , Could you please some one help me on this ?
Log Name: Application
Source:
Microsoft-Windows-CertificateServicesClient-CredentialRoaming
Event ID: 1005
Level: Error
Description: Certificate Services Client: Credential Roaming failed to write to the Active Directory. Error code 5 (Access is denied.)
Regards, Srinivasu.MuchcherlaIf you are not using certificates and Credential Roaming for clients then simply ignore the error message.
If you are using certificates then you are getting access denied message when Credential Roaming is trying to write to your AD. More details about Credential Roaming here: http://blogs.technet.com/b/askds/archive/2009/01/06/certs-on-wheels-understanding-credential-roaming.aspx
http://blogs.technet.com/b/instan/archive/2009/05/26/considerations-for-implementing-credential-roaming.aspx
This is probably related to the fact that your schema version not 44 or higher: https://social.technet.microsoft.com/Forums/windowsserver/en-US/5b3a6e61-68c4-47d3-ae79-8296cb3be315/certificateservicesclientcredentialroaming-errors?forum=winserverGP
Active Directory
ObjectVersion
Windows 2000
13
Windows 2003
30
Windows 2003 R2
31
Windows 2008
44
Windows 2008 R2
47
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Hi,
I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
Error is enclosed & here is the port configuration.
Port Configuration.
interface GigabitEthernet0/2
switchport access vlan 120
switchport mode access
switchport voice vlan 121
authentication event fail action next-method
authentication event server dead action reinitialize vlan 120
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 60
spanning-tree portfast
ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
switchport access vlan 120
switchport mode access
switchport voice vlan 121
authentication event fail action next-method
authentication event server dead action reinitialize vlan 120
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 60
spanning-tree portfast
ip dhcp snooping limit rate 30
Please help.The error message means that Active Directory server Reject the authentication attempt
as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
Event Logs why did the user account got locked.
Under Even Viewers, You can find it out
Regards
Minakshi (Do rate the helpful posts) -
Hi,
Since we implemented Cisco ISE we receive the following failure on several Notebooks:
Authentication failed : 24408 User authentication against Active Directory failed since user has entered the wrong password
This happens 2 or 3 times per Day. So basically the authentications are working. But when the failure appears, the connection is lost for a short time.
The Clients are using PEAP(EAP-MSCHAPv2) for Authentication. We've got a Cisco Wireless Environment (WLC 5508).
Why is this happening?
Thanks,
MarcThe possible causes of this error message are:
1.] If the end user entered an incorrect username.
2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.
3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.
In your cases, the 3rd option seems to be the most closest one.
Jatin Katyal
- Do rate helpful posts - -
Synchronization with Active Directory issue - Error ID 1004
I found the Application Event Log error below.
Error ID 1004: The resource 'D:\SharePoint 2010\14.0\Service\Microsoft.ResourceManagement.Service.exe' does not exist.
This means, the Network Service account does not have rights to the %programfiles%\Microsoft Office Servers\14.0 folder so,
the User Profile Synchronisation with Active Directory does not run properly.
The solution is to grant read access to the Network Service account to the ...\14.0 folder.
https://support2.microsoft.com/kb/2473430?wa=wsignin1.0
But I cannot find %programfiles%\Microsoft
Office Servers\14.0 folder. Instead
there is a folder in D drive: 'D:\SharePoint 2010\14.0 and I granted read access to the Network Service account to this
folder and ran Full synchronization but still not a joy.
Could you please advise me?
ThanksThanks Victoria,
I granted full access to the user
NETWORK SERVICE:, which
is listed in the error message on the folder D:\SharePoint 2010\14.0.
Then reset IIS and ran a full
synchronization, but there are still some user accounts who are a member of an AD group (this AD group has contribute right to the Intranet) and when
I check permission for those users, it seems they don't inherit permission from that AD group.
For example :
AD group name: TeamMembers
TeamMembers has contribute
permission.
user1, user2, user3 and user4 are members of TeamMembers
user1 and user2 have contribute
permissionGiven through the "TeamMembers"
group.
user3 and user4 have no permission!!!
I don't know what the problem is. I don't have access to Active Directory but the people who have access to say all users are members of that AD group.
Could you please advise?
Thanks -
Hi everyone. Putting this here as I could not find a better forum. My company's Macs are bound to a Mac OS X Server, but it's the Active Directory binding that is the issue.
We have a number of Macs, running 10.6.8, that starting sometime recently, began to have login issues. When connected to the network, users could not log in. These are mobile accounts authenticating against a Windows 2008 Active Directory server.
I started by checking whether binding was still valid. It was not. So I attempt to unbind, and there get an "Active Directory Time Error." It appears that usually, this means that the time on the client and the time reported by the AD server are out of sync. But they're not. I can force unbind, and on attempting to rebind, I get the time error again.
In nearly every case, these commands in Terminal resolve the issue:
$ sudo rm -rdfv /Library/Preferences/DirectoryService
$ sudo rm -rdfv /var/db/dslocal/nodes/default/config
$ sudo killall -USR1 DirectoryService
(then restart)
This didn't happen all at once, the issue has been popping up in one 10.6 machine after another. (We also have a number of 10.8 and 10.9 machines, which so far seem unaffected.)
Does anyone have any inkling what factors could be causing this to keep happening?Not sure how you've confirmed that the times are not skewed; I'd (still) look for a problem with the ntp servers (one ntp server with a rogue time within a pool can play havoc with a network, for instance), and whether the local ntp clients are all reporting as being locked. See the ntpdc -c peers command, among other commands.
-
SMB access for Active Directory users
Hi there,
My server is an OD Master bound to AD for authentication and my institution's Kerberos realm.
When I try to share files from the server via SMB and connect as an Active Directory user I get the following error in the logs:
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parse_name(myserver$) failed (Configuration file does not specify default realm)
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
I've read something vague about having to Kerberize the SMB service seperately so I'm not sure if that's the problem.
My smb.conf file is as follows:
; Configuration file for the Samba software suite.
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
; The following configuration should suit most systems for basic usage and
; initial testing. It gives all clients access to their home directories and
; allows access to all printers specified in /etc/printcap.
; BEGIN required configuration
; Parameters inside the required configuration block should not be altered.
; They may be changed at any time by upgrades or other automated processes.
; Site-specific customizations will only be preserved if they are done
; outside this block. If you choose to make customizations, it is your
; own responsibility to verify that they work correctly with the supported
; configuration tools.
[global]
debug pid = yes
log level = 1
server string = Mac OS X
printcap name = cups
printing = cups
encrypt passwords = yes
use spnego = yes
passdb backend = odsam
idmap domains = default
idmap config default: default = yes
idmap config default: backend = odsam
idmap alloc backend = odsam
idmap negative cache time = 5
map to guest = Bad User
guest account = nobody
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = 437
vfs objects = darwinacl,darwin_streams
; Don't become a master browser unless absolutely necessary.
os level = 2
domain master = no
; For performance reasons, set the transmit buffer size
; to the maximum and enable sendfile support.
max xmit = 131072
use sendfile = yes
; The darwin_streams module gives us named streams support.
stream support = yes
ea support = yes
; Enable locking coherency with AFP.
darwin_streams:brlm = yes
; Core files are invariably disabled system-wide, but attempting to
; dump core will trigger a crash report, so we still want to try.
enable core files = yes
; Configure usershares for use by the synchronize-shares tool.
usershare max shares = 1000
usershare path = /var/samba/shares
usershare owner only = no
usershare allow guests = yes
usershare allow full config = yes
; Filter inaccessible shares from the browse list.
com.apple:filter shares by access = yes
; Check in with PAM to enforce SACL access policy.
obey pam restrictions = yes
; Don't be trying to enforce ACLs in userspace.
acl check permissions = no
; Make sure that we resolve unqualified names as NetBIOS before DNS.
name resolve order = lmhosts wins bcast host
; Pull in system-wide preference settings. These are managed by
; synchronize-preferences tool.
include = /var/db/smb.conf
[printers]
comment = All Printers
path = /tmp
printable = yes
guest ok = no
create mode = 0700
writeable = no
browseable = no
; Site-specific parameters can be added below this comment.
; END required configuration.
Any help would be much appreciated!!
Thanks.I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
[2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
Not feeling the Mac OS X love tonight.
Bill
System is bound to active directory - green light in Directory Utility -
Dear all,
We have an issue regarding active directory user registry. Our application wants to retrieve the user registry from active directory,
So after we type the domain name, username and password for the domain admin, the apps add a schema in the AD, usually we directly can get the respons from the active directory server.
Below is the log from the configuration
< 3/17/2013 - 8:26:43 PM
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<
3/17/2013-8:27:03 PM: Configuring Access Manager Policy Server....
C:\PROGRA~2\Tivoli\POLICY~1\sbin\ivmgrd_setup.exe -y no -m "********" -
r 7135 -l 1460 -t 7200 -D no -f no
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
hostname
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
useEncryption
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
domain
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
dnforpd
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
Multi-domain
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
bind-id
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
bind-pwd
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
C:\PROGRA~2\Tivoli\POLICY~1\sbin\mgrsslcfg.exe -config -f no -t 7200 -l
1460 -D no
Creating the SSL certificate. This might take several minutes.
The SSL configuration of the Tivoli Access Manager policy server
has completed successfully.
The policy server's signed SSL certificate is base-64 encoded and
saved in text file "C:\PROGRA~2\Tivoli\POLICY~1\keytab\pdcacert.b64."
This file is required by the configuration program on each machine
in your secure domain.
C:\PROGRA~2\Tivoli\POLICY~1\sbin\bassslcfg.exe -config -f no -c "C:
\PROGRA~2\Tivoli\POLICY~1\keytab\pdcacert.b64" -p 7135 -h TAMEB1
The SSL configuration of Access Control Runtime has completed
successfully.
Tivoli Access Manager policy server domain name: Default
Tivoli Access Manager policy server host name: TAMEB1
Tivoli Access Manager policy server listening port: 7135
2013-03-17-20:27:13.770-07:00I----- 0x16B48064 PID#2848 ERROR rgy ad E:
\build\am611\src\uraf\ad\schema\adschema_update.cpp 550 0x00000ad0
HPDRG0100E The operation in the Active Directory registry for
adschema_update.exe: ADSCHEMA_CHECK_SCHEMA_RIGHTS failed with return
error 8000500d.
adschema_update: result 1, retcode -2147463155
HPDBG0938E Configuration failed.
3/17/2013-8:29:13 PM: HPDBG0938E Configuration failed.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>
> 3/17/2013 - 8:29:15 PM
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>
Please your advice,
Thanks,
Best Regards,
AchmadHi you log states:
adschema_update.exe: ADSCHEMA_CHECK_SCHEMA_RIGHTS failed
with return
error 8000500d.
The error code is documented in
this kbTo go short i think the running user does not have the required privilegs to edit the AD schema. You need to be member of 'Schema Admins' in the forest root domain to edit the AD schema.
MCP/MCSA/MCTS/MCITP -
Weblogic 10.3.3 and Windows Active Directory connection error
Hi,
A i am trying to set up Windows AD LDAP realm.
But the connection is not working. I have already double checked the passwords, user names and host. Everything is correct - but the only thing that i got in the log file is this (with enabled debug):
<Debug> <JMXCore> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <Invoking method listUsers with (java.lang.String,java.lang.Integer,)>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <list users, user:*,max:1001>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <new LDAP connection to host 192.168.10.253 port 389 use local connection is false>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <created new LDAP connection LDAPConnection { ldapVersion:2 bindDN:""}>
<Debug> <DiagnosticContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <new localDiagnosticContext for thread [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
<Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.management.JMXContext, | SOAP)>
<Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.diagnostics.DiagnosticContext, | MIME_HEADER)>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098144> <BEA-000000> <connection failed netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772 >
<Error> <Console> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098160> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3479)
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3466)
at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2251)
at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:227)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy149.listUsers(Unknown Source)
at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2121)
at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:159)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:257)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:416)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:429)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:389)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:212)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:253)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:131)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.reflect.InvocationTargetException
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4153)
at weblogic.security.utils.Pool.newInstance(Pool.java:37)
at weblogic.security.utils.Pool.getInstance(Pool.java:33)
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3474)
... 117 more
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4130)
... 120 more
>
could any one know where is the problem or do i need some patch to apply? I am running out of ideas what could be the cause to it.
Thanks in advance!Hi ,
From the error stack trace I could find the below error.
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
This error occurs if there is a LDAP authentication issue for the user used to bind to Active Directory, the value
Data 525, refers to user not found error that is used to bind to the Active Directory.
Make sure you have the correct credentials to connect to the Active Directory.
You can simplify the test using the LDAP Broswer, which helps you to connect to the LDAP servers.
A sample usage of LDAP Broswer is given below.
http://weblogic-wonders.com/weblogic/2010/05/20/connecting-to-weblogic-server-embedded-ldap-using-ldap-browser/
Note: The LDAP Browsers help us to traverse the LDAP Tree, there are many LDAP Broswers available in the market.
You can download a sample version of softerra.
http://www.ldapbrowser.com/download.htm
You can also refer the below link for details about WebLogic and Active Directory configuration.
http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
For more details about different LDAP Issues.
http://weblogic-wonders.com/weblogic/2010/11/08/common-ldap-server-issues/
Regards,
Anandraj
http://weblogic-wonders.com -
Active Directory - "Failed to Ping Infrastructure Op Master"
FYI - I've opened this in the AD forum, and it was suggested I move this to SCOM, as it could be that I need to tweak SCOM settings for AD.
Hello - three of our domain controllers have started to randomly report this error at different times in the day. There have been three different occurrences from three different domain controllers. Two of the reporting domain controllers are VM's
- and one is physical. Switch logs look clean, no reports of any issues nor any other servers having network issues. As far as the error - it's being reported from SCOM and I'm wondering if this is a legit error or not. The Op Master is a
physical host, not a VM. Logs on both servers look clean, no sign of network issues. TIA!!
AD Op Master Response : Failed to ping Infrastructure Op Master 'servername.
The default gateway (172.25.x.x) is not pingable.
AD Replication Monitoring : encountered a runtime error.
Failed to write the adminDescription attribute of 'CN=servername,CN=,DC=com' to Active Directory.
The error returned was: 'The object already exists.
' (0x80071392)
Check the access permissions for this object.
Some more info on this:
I've checked AD performance (replication) and it looks like all is well. The question I have, is that this is also
the Primary DNS server for our internal networks. Is it possible that there could be too much traffic (ethernet) on the server and thus it's causing this alert? So in summary, this server is the PDC Emulator, RID Master, Infrastructure Master AND
the Primary DNS server. Our network is comprised of @ 400 servers, 1300 workstations, and a lot of in-house custom applications that who knows generates how many DNS requests....
Mike ZamboriniHello
I have 4 physical boxes and 4 virtual.
Most of the alerts are coming from the virtual boxes, but I have one instance where a physical box is reporting the issue too (talking to another physical box). So I guess I cannot say mines completely virtual. I can say this, the machines are
in blades.. Is it possible that I should be digging in on that side? (note, multiple blade chassis' are involved)
Mike Zamborini -
10.7.4 Web Access for Active Directory Users
Does anyone know how to permantly set the AuthType in Web Services to Basic ?
The reason I ask is I have a web site I want to protect and allow active directory users access to it.
I have added the users to a local group, added the group to the Who Can Access option.
Local users can log in but not Active Directory. If I edit the conf file for the site in /etc/apache2/sites and change the AuthType from Digist to Basic it works fine until I change something in the server app then the conf file gets rewritten.
DanI am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
[2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
Not feeling the Mac OS X love tonight.
Bill
System is bound to active directory - green light in Directory Utility -
This active directory is a replica of master on 2nd Mac Mini server which still thinks replica is there (perhaps it is) and will not let us delete in order to recreate. Both servers are running 10.8.4. Nothing changed on either server, simply did a reboot. When we logged in, Active Directory was turned off and when trying to turn on or access received message "Unable to open the requested node. The node LDAPV3/127.0.0.1 could not be opened because of an unexpected error -14006".
Does any one have experience with this and how can we recover? Thanks in advance for your help.Hi again,
I've been able to run Reports by changing the "Reports_Tmp" key in the Registry under:
Hkey_local_machine\software\oracle\home0\
to the D:\ drive -
Active directory Webservice error
I have installed and configured the active directory authentication webservice. I get the following error when I try to synchronize. Does anybody know the reason for the error?
Apr 28, 2006 11:35:13 AM- Sync Agent is processing memberships.
Apr 28, 2006 11:35:13 AM- ERROR: Authentication source sync agent failed to synchronize user and group memberships to parent group '9fa1505c-7ece-4f55-8d7a-76fa78684605' (ID=276).
*** Exception was: com.plumtree.server.impl.soap.OpenSoapException: Error in function AWSProvider.GetMembers (sUniqueGroupName == '9fa1505c-7ece-4f55-8d7a-76fa78684605'): Error in function SOAPEnvelope.Restore (arrayText == [B@23bdd1): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.So
ap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:622)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessSingleGroupMemberships(PTAuthSourceAgent.java:3599)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessMemberships(PTAuthSourceAgent.java:2203)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.PerformOperation(PTAuthSourceAgent.java:330)
at com.plumtree.automationserver.shell.PTJobShell.perform(PTJobShell.java:628)
at com.plumtree.automationserver.shell.PTJobShell.runJob(PTJobShell.java:210)
at com.plumtree.automationserver.shell.PTJobShell.run(PTJobShell.java:100)
Caused by: com.plumtree.server.impl.soap.OpenSoapException: Error in function SOAPEnvelope.Restore (arrayText == [B@23bdd1): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.soap.SOAPEnvelope.Restore(SOAPEnvelope.java:68)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:1017)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:906)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:616)
... 6 more
Caused by: com.plumtree.server.impl.soap.Ope
nSoapException: SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.server.impl.soap.SOAPParser.LoadInternal(SOAPParser.java:681)
at com.plumtree.server.impl.soap.SOAPParser.LoadBinary(SOAPParser.java:590)
at com.plumtree.server.impl.soap.SOAPEn<i></i>I am able to import one group. The users in this group doesn't get imported, instead it imports 1 user with the same name as the group.
The following are the job logs:-
May 2, 2006 12:37:13 PM- Starting to run operations (1 total) for job 'Active Directory AS Job'. Will stop on errors.
May 2, 2006 12:37:13 PM- *** Job Operation #1 of 1: AuthSource Agent [Run as owner 'Administrator']
May 2, 2006 12:37:13 PM- Creating the Everyone In Auth Source group (if one doesn't already exist).
May 2, 2006 12:37:13 PM- **********************************************************************************
May 2, 2006 12:37:13 PM- Sync Agent is processing groups.
May 2, 2006 12:37:14 PM- **********************************************************************************
May 2, 2006 12:37:14 PM- Sync Agent is processing users.
May 2, 2006 12:37:14 PM- ActiveDirectory\Technology - Portal
May 2, 2006 12:37:14 PM- **********************************************************************************
May 2, 2006 12:37:14 PM- Sync Agent is processing memberships.
May 2, 2006 12:37:14 PM- ERROR: Authentication source sync agent failed to synchronize user and group memberships to parent group '9fa1505c-7ece-4f55-8d7a-76fa78684605' (ID=278).
*** Exception was: com.plumtree.server.impl.soap.OpenSoapException: Error in function AWSProvider.GetMembers (sUniqueGroupName == '9fa1505c-7ece-4f55-8d7a-76fa78684605'): Error in function SOAPEnvelope.Restore (arrayText == [B@44d990): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soa
p.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:622)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessSingleGroupMemberships(PTAuthSourceAgent.java:3599)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessMemberships(PTAuthSourceAgent.java:2203)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.PerformOperation(PTAuthSourceAgent.java:330)
at com.plumtree.automationserver.shell.PTJobShell.perform(PTJobShell.java:628)
at com.plumtree.automationserver.shell.PTJobShell.runJob(PTJobShell.java:210)
at com.plumtree.automationserver.shell.PTJobShell.run(PTJobShell.java:100)
Caused by: com.plumtree.server.impl.soap.OpenSoapException: Error in function SOAPEnvelope.Restore (arrayText == [B@44d990): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.soap.SOAPEnvelope.Restore(SOAPEnvelope.java:68)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:1017)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:906)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:616)
... 6 more
Caused by: com.plumtree.server.impl.soap.Open
SoapException: SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.server.impl.soap.SOAPParser.LoadInternal(SOAPParser.java:681)
at com.plumtree.server.impl.soap.SOAPParser.LoadBinary(SOAPParser.java:590)
at com.plumtree.server.impl.soap.SOAPEnv
elope.Restore(SOAPEnvelope.java:65)
... 9 more -
LDAP Using Active Directory failed in BAM
I tried to configure the LDAP Using Active Directory as described in the BAM installation guide 10.1.3.1.0.
In appsetting, i gave the server name, username and password used by us. Then i restarted the active data cache and IIS. Then i tried to access the http:\\server\oraclebam. But it is throwing the following error. What shall i do.
Exception Message The directory service is unavailable
Stack Trace at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at
System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at
System.DirectoryServices.DirectorySearcher.FindOne() at
Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at
Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at
Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at
Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String
strAssembly, String strApp, String strType, String strMethod, String strParam)
Debugging Information The directory service is unavailable [ErrorSource="System.DirectoryServices"] Debugging information:
System.Runtime.InteropServices.COMException (0x8007200F): The directory service is unavailable at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at
System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean
findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at
Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at
Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at
Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at
Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String
strAssembly, String strApp, String strType, String strMethod, String strParam)Hi,
We are also facing the issue stated in the first thread. We followed everything specified in the LDAP PDF under TechNotes and still not able to access the BAM console successfully.
The error we get is pasted at the end of this post. The request doesn't even seem to reach our LDAP server (configured in a remote system).
A couple of clarifications required:
1. Does our windows logon need to be the same as BAM console logon?
2. I do not know the LDAP setting for my actual windows logon. But i have retained my same usrId and have configured a user in LDAP with my own organization and other hierarchies. I have configured this userId with the complete hierarchy in BAM login management and have given admin access also to this user. Is this correct?
An error occurred while processing your request
Details...
Exception Message The server is not operational
Stack Trace at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String strAssembly, String strApp, String strType, String strMethod, String strParam) ...
Debugging Information The server is not operational [ErrorSource="System.DirectoryServices"] Debugging information: System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String strAssembly, String strApp, String strType, String strMethod, String strParam) ...
Assembly StartPage
State Oracle.BAM.StartPage.StartUp
Event Initialize
Thanks,
KM
Maybe you are looking for
-
Reference of sales area in follow-up action of sales support
Hello Experts, our client need to create a follow-up action from a contact (sales support document) in reference of a billing document. In the follow-up action the system takes automatically the sales area of the contact and leaves these field unchan
-
Error while deploying on a cluster
Hi all, when I deploy my WebApp on a cluster I recieved the following error: ####<Dec 13, 2006 5:18:14 PM CET> <Debug> <Deployer> <eb0bzl58> <admdwsgem> <ExecuteThread: '0' for queue: 'weblogic.admin.RMI'> <<WLS Kernel>> <> <BEA-149078> <Stack trace
-
Oracle 8i, Apache server and Intel P4
Is somebodey out there that managed to install Oracle 8i DB and Apache HTTP server on computer with Intel P4 (Windows 2000 Pro, 1GB RAM, 20GB HDD)? Do examples (JSPs, Java beans, JDBC connections...) on Apcahe work? In our case we already spent too m
-
What is this icon? And wifes phone has more bars
My wife and I just got two new iphones 3GS. Bought at the same time from the same place. At home, her phone has more strength bars than mine, sometimes by two bars. Any ideas why this would be? They have the exact same covers and are the same phone.
-
Move a mouse with Apple script
Hello, I need some apple script code to move a mouse to a certain location and then click. If possible could it record the location of the mouse, move it to the pre-assigned coordinates, click, and them move it back to where it was. I am doing this s