Access Policy Issues on WRT600N

I dunno what the deal is but I am having issues setting up an access policy for a computer on my network. I added the ip address of the computer that I want to set restrictions on to the list of "applied pc's", then set "Allow" internet access, "everyday", "24 hours", block website "www.yahoo.com". Then I enabled and clicked save.
The problem is that after I enable this policy NONE of my other computers on the network get internet access AT ALL anymore. The computer that I set the policy on gets internet access and yahoo.com is blocked. But like I said none of my other computers can get access while this policy is enabled.

This is EXACTLY what my router is doing...
2) Access restrictions do not work, PERIOD...."ALLOW" will disable internet access for the entire subnet (regardless of the rule), and "DENY" will prevent uploading of file attachments to hotmail, myspace, facebook etc....for every computer on the subnet.
Message Edited by DSMKilla on 10-26-2008 11:08 AM
(Edited post for guideline compliance. Thanks!) 
Message Edited by JOHNDOE_06 on 10-26-2008 11:39 AM

Similar Messages

  • Access policy issues and daylight savings

    I have the WRVS4400N. I have purchased a few Linksys routers in the past and have been happy with their operation. The wireless access however, was mediocre until I purchased this model. This model has great a great wireless connection. I like the fact that I can make many changes to the settings on the router without having to reboot the router. The performance of this router in combination with the cable modem has been excellent. It far outperforms the equipment that it replaced. I will normally pick a linksys product over another brand.
    I am having 2 intermittent issues that are really causing me grief and an additional couple of annoying issues. I need help in fixing these issues. I have confirmed that I have the latest firmware version.
    1) Some computers do not have connection to the internet. As if the security policy is confused about the time or connection. I really think this is a security policy issue, but I will let you decide.
    2) There are some computers that I allow a 24/7 connection to the internet. For the rest I don’t want them to have access between the hours of 12a-6a. I have found that the connection doesn’t always shut-off. I have kids and do not want them to have access during those hours. I never had problems with my previous linksys router.
    3) I am unable to set an access policy that spans the 5 min between 11:55p and 12a. In my previous linksys router I could.
    4) The new daylight savings schedule is not part of my current firmware. This really threw off my security policies.
    I have found that if I reboot or if I simply goto the security policy screen and click on save settings it seems to correct itself. But, I shouldn’t have to babysit it to make sure that it’s working correctly. When I am out of town I need to know that my security policies will continue to work while I am away.
    Here’s my set up:
    1) I have a linksys cable modem that connects me to the internet through my cable provider.
    2) I have the linksys wireless (WRVS4400N) router that connects to the cable modem.
    3) I have a 3Com Superstack II switch as the backbone of my network which connects to the router.
    4) I have several devices connected to this router: computers, xbox, vonage phone line.

    This is EXACTLY what my router is doing...
    2) Access restrictions do not work, PERIOD...."ALLOW" will disable internet access for the entire subnet (regardless of the rule), and "DENY" will prevent uploading of file attachments to hotmail, myspace, facebook etc....for every computer on the subnet.
    Message Edited by DSMKilla on 10-26-2008 11:08 AM
    (Edited post for guideline compliance. Thanks!) 
    Message Edited by JOHNDOE_06 on 10-26-2008 11:39 AM

  • RVS4000 Internet Access Policy issues after FW upgrade to 1.3.3.5

    Hi,
    we run a small home/business network using an RVS4000v1. Everything is pretty simple and straight forward. We use 10 different Internet Access Policies (IAP) that's it. We recently upgraded the Firmware to 1.3.3.5.
    Since then all IPaddresses (that is 2 IPaddresses in total) that have 24 hr access to the internet will get cut off the internet just before/around midnight. All IAPs that use a time window (e.g. 8:00 AM to 10:00 PM) are working fine (also on the next day).
    The web GUI still works and the status of the routers still says its up and the WAN access is up as well. We have to reboot the router (through the webGUI) to get 24hr access again or save the same IAP again.
    Reading the release note for FW 1.3.3.5 I note that there is a know issue with IAP.
    >>QUOTE
    The second Internet access policy does not work.
    Work Around: Configure only one Internet access policy within a 24-hour
    interval.
    >>UNQUOTE
    I am just not sure how to read it.
    Is it only the second IAP that has the issue (and the IAP numbers 3 to 10 do not)? Or will only ONE IAP work and no others?
    Or is the second policy that uses a 24hr setting meant to be the issue? If this was the case, could a work around be to set the time from 00:05 AM to 11:55 PM (or in my case 00:05 to 23:55)?
    We appreciate your help
    Andy

    Friends,
    The issue is resolved. I just switched off my phone and removed the battery. Inserted the battery after a minute or so and everything seems to be fine. Even the available memory shown is around 25.15 GB.I had even forgotten to take a backup before upgrading to PR 1.3. Still all my Photos,Videos,Documents are as they were before upgrading.
    Thankfully i can heave a sigh of relief now
    Cheers,
    Goks

  • Access policy Issue

    Hi all,
    I am trying to add a EBS responsibility automatically when creating a new user in OIM.
    I created the rules, group and access policy needed. In the access policy I selected EBS responsibility as the resource to provision.
    To test the new access policy I created a new User in OIM. The status of the resource is in ready state.
    Any suggestions on why this is happening.
    Thanks,

    This is the error in the log file.
    ERROR,09 Aug 2010 22:33:32,832,[XELLERATE.APIS],Class/Method: tcFormInstanceOperationsBean/getObjectFormVersion encounter some problems: A version of form for object instance with key '50133' does not exist.
    ERROR,09 Aug 2010 22:33:32,849,[XELLERATE.APIS],Class/Method: tcFormInstanceOperationsBean/getObjectFormDataData encounter some problems: Error occurred while getting form data for object instance with key '50133'.
    ERROR,09 Aug 2010 22:33:32,849,[XELLERATE.APIS],Class/Method: tcFormInstanceOperationsBean/getObjectFormDataData encounter some problems: com.thortech.xl.dataaccess.tcDataSetException: Cannot convert 'EBSHF-APPS12' to a long: For input string: "EBSHF-APPS12"
    com.thortech.xl.dataaccess.tcDataSetException: com.thortech.xl.dataaccess.tcDataSetException: Cannot convert 'EBSHF-APPS12' to a long: For input string: "EBSHF-APPS12"
         at com.thortech.xl.dataaccess.tcDataSet.setString(Unknown Source)
         at com.thortech.xl.dataobj.tcDataSet.setString(Unknown Source)
         at com.thortech.xl.dataaccess.tcDataSet.setString(Unknown Source)
         at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.getObjectFormDataData(Unknown Source)
         at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.getObjectFormData(Unknown Source)
         at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.getObjectFormData(Unknown Source)
         at com.thortech.xl.ejb.beans.tcFormInstanceOperations_2j82mm_EOImpl.getObjectFormData(tcFormInstanceOperations_2j82mm_EOImpl.java:1420)
         at Thor.API.Operations.tcFormInstanceOperationsClient.getObjectFormData(Unknown Source)
         at sun.reflect.GeneratedMethodAccessor366.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.security.Security.runAs(Security.java:41)
         at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
         at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
         at $Proxy67.getObjectFormData(Unknown Source)
         at com.thortech.xl.webclient.actions.UserDefinedFormAction.prepareObjectForm(Unknown Source)
         at sun.reflect.GeneratedMethodAccessor362.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
         at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
         at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
         at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
         at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    ERROR,09 Aug 2010 22:33:32,849,[XELLERATE.WEBAPP],Class/Method: UserDefinedFormAction/prepareObjectForm encounter some problems: Error occurred while getting form data for object instance with key '50133'.
    Thor.API.Exceptions.tcAPIException: Error occurred while getting form data for object instance with key '50133'.
         at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.getObjectFormDataData(Unknown Source)
         at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.getObjectFormData(Unknown Source)
         at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.getObjectFormData(Unknown Source)
         at com.thortech.xl.ejb.beans.tcFormInstanceOperations_2j82mm_EOImpl.getObjectFormData(tcFormInstanceOperations_2j82mm_EOImpl.java:1420)
         at Thor.API.Operations.tcFormInstanceOperationsClient.getObjectFormData(Unknown Source)
         at sun.reflect.GeneratedMethodAccessor366.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.security.Security.runAs(Security.java:41)
         at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
         at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
         at $Proxy67.getObjectFormData(Unknown Source)
         at com.thortech.xl.webclient.actions.UserDefinedFormAction.prepareObjectForm(Unknown Source)
         at sun.reflect.GeneratedMethodAccessor362.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
         at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
         at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
         at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
         at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
         at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

  • Access policy issue in oim11gr2

    Does auto provisioning through access policy work in 11g R2? I have the manual provisioning working fine.

    may your scheduled task "evaluate user policy" is disabled. Check "evaluate user policy" task, if it is not enabled, enable it and run once manually and let's see

  • OIm 11g: Access policy issue

    Hi All
    We are using OIm 11.1.1.5.0, Weblogic 10.3.5 and Oracle DB EE 11.2.0.2
    We have defined role "CommonUsers" and assigned access policies with "AD and Exchange" resources. Exchange is dependent resource on AD. Then We have excuted PSFT feed file to load users into OIm and will assign the role to Users based on conditions performed by custom adapters, Here "CommonUsers" role is getting assigned to users, but both resources are not assigned to the users. For some of the users "AD" assigned but not Exchnage, and some of the users both resources are not assigned. Few of the users both resources assigned.
    Can you please suggest, why OIM is not assigning the two resources to users, with the role assignment? And why its performing in that way?
    Thanks.

    I have done 4 users reconciled, role was assigned to them(4 users) but for 2 users, oim did not intiate Resource Provisioing. When I manually assign role to any user, some times its not intialting Resoirce Provisioning task. There is no log information for this situation.
    Thanks.

  • Issue with UAG/TMG communication to published SharePoint application is blocked by access policy settings

    We have a UAG/TMG server set up with SharePoint published. The UAG is also doing load balancing for the SharePoint farm. We have an MDM application that is trying to connect to our SharePoint but our SharePoint is routed through the UAG. The MDM application
    does not need to be published neither is there any component that can be accessed directly by end users. It is more of a proxy to relay content to mobile devices. It is using 443 and two other secondary ports.
    On the TMG logs, we can see requests hitting the TMG over port 443 from the MDM application server. We can also see that it is trying to be routed to our SharePoint but we get the following error in the TMG log:
    “Filter information: A request from source IP address xx.xx.xx.xx, user to trunk portal; Secure=1 for application SharePoint of type SharePoint15 failed. The endpoint device does not comply with access policy settings ([%PolicyId%]) for session [%SessionId]”
    The source IP is the internal IP of the host running the MDM application. In the UAG side, under the SharePoint publishing rule, for Access Policy Settings we have tried selecting the 'Always' option but that had no effect. It appears like there is a policy
    blocking communication to SharePoint. Does anyone have a suggestion on which policy or where the policy that is controlling this is located so that we can try to resolve this issue? Thanks.

    Looking at the UAG Web Monitor, it says that the access policy is 'Hybrid_Default_Session_Access' and the URL is /_vti_bin/Webs.asmx. 
    We can't find a 'Hybrid Default Session Access' policy. In the Endpoint Policy Settings tab, we tried using 'Always' for the Access Policy for the published SharePoint application but that did not make any difference. 

  • OIM 11g AD Connector Access Policy Based Provisioning Issue

    Hi,
    I created Approval Policy for Access Policy Based Provisioning request type for request level (autoapproval) and operational level (used standart beneficiaryManagerApproval process), but when the resource must assigned to User,- throws exception when running setAdDn adapter of Process Definition Form:
    Running ISADAM
    Target Class = java.lang.String
    Running Get Attribute Map
    Running AD Create User
    Running ISADAM
    Target Class = java.lang.String
    Running GETUSESSL
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set User Attribute
    Running Set User Expiration Date
    Running ISADAM
    Target Class = java.lang.String
    Running CheckUserStatus
    Running GETPWDEXPIRESATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running Set Pwd Expires Attribute False
    Running GETATTRIBUTEHASH
    Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
    Running SETADDN
    [2012-07-19T16:15:52.281+03:00] [oim_server1] [ERROR] [] [XELLERATE.SERVER] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: tcDataObj/save Error :Insertion of dataobject into database failed
    [2012-07-19T16:16:34.375+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 0
    [2012-07-19T16:16:55.422+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 1
    [2012-07-19T16:17:12.750+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:14.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.203+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:15.703+03:00] [oim_server1] [ERROR] [] [XELLERATE.APIS] [tid: OIMQuartzScheduler_Worker-10] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    [2012-07-19T16:17:16.469+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 2
    [2012-07-19T16:17:37.516+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 3
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [WARNING] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Exception while trying to get the connection count : 4
    [2012-07-19T16:17:58.562+03:00] [oim_server1] [ERROR] [] [XELLERATE.DATABASE] [tid: [STUCK].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 3f3d2d8955322f32:-2e0e6e14:1389f3fa30b:-8000-00000000000000bb,0] [APP: oim#11.1.1.3.0] Class/Method: DirectDB/getConnection encounter some problems: Error while retrieving database connection.Please check for the follwoing[[
    Database srever is running.
    Datasource configuration settings are correct. java.sql.SQLException: Unexpected exception while enlisting XAConnection java.sql.SQLException: Transaction rolled back: Event handler ApprovalInitiation is asynchronous but orchestration is configured as synchronous.
         at weblogic.jdbc.jta.DataSource.enlist(DataSource.java:1616)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1503)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
         at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1522)
         at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
         at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
         at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
         at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:200)
         at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
         at com.thortech.xl.dataaccess.tcDataBase.getConnection(tcDataBase.java:3198)
         at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(tcDataBase.java:705)
         at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(tcDataBase.java:271)
         at com.thortech.xl.dataobj.tcDataBase.readStatement(tcDataBase.java:221)
         at com.thortech.xl.dataobj.tcDataBase.getError(tcDataBase.java:700)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1197)
         at com.thortech.xl.dataobj.tcDataObj.handleError(tcDataObj.java:1140)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:487)
         at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
         at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
         at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
         at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
         at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:234)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcORC.autoDOBSave(tcORC.java:2995)
         at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(tcOrderPackages.java:526)
         at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForUser(tcOrderPackages.java:177)
         at com.thortech.xl.dataobj.tcOIU.provision(tcOIU.java:527)
         at com.thortech.xl.dataobj.tcOIU.eventPostInsert(tcOIU.java:303)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
         at com.thortech.xl.dataobj.tcUserProvisionObject.insertImplementation(tcUserProvisionObject.java:283)
         at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:591)
         at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:104)
         at oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountActionHandler.execute(ProvisionAccountActionHandler.java:35)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
         at $Proxy250.execute(Unknown Source)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1035)
         at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
         at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
         at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
         at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
         at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
         at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
         at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy311.onMessage(Unknown Source)
         at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:574)
         at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:477)
         at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:379)
         at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
         at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
         at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
         at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
         at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    But when I try to provision this Resource through Access Policy, but without approving it works fine!!!
    Please, Help.
    Edited by: user13830503 on 19/7/2012 6:39

    2e0e6e14:1389f3fa30b:-8000-0000000000000003,0] [APP: oim#11.1.1.3.0] Class/Method: tcLookupOperationsBean/getLookupValuesFilteredData encounter some problems: The LookupCode 'Lookup.ESSOMFONumbers' does not exist.
    Make sure the lookup table exists and is spelled correctly in your process task.

  • Android MS RDP - RPC Error: Your connection was denied because of a Resource Access Policy (TS_RAP). Please contact your server administrator. (2147965402).

    I love iTap Mobile.  Paid for the app.  Sorry to see them discontinue it, but now I know why.  Microsoft bought them out!  But even though free, I am getting an error: RPC Error: Your connection was denied because of a Resource Access
    Policy (TS_RAP). Please contact your server administrator. (2147965402).  I worked with iTap to fix this so I guess they sold Microsoft their older buggy code...  Microsoft, please fix!
    PS: This is the Android version.  Mac and iOS are both okay.
    EDIT:  After an update a few months ago, iOS is no longer working.  Not sure if the problem is related to the Android MSRDP issue.
    UPDATE - Relevant posts (need Android RDP software engineer to fix):
    Event Viewer Log when using Android client:
    The user
    "DOMAIN\testuser", on client computer "10.x.x.x", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM". (This
    is most likely for logging into RD Web - icons shows up).
    The
    user "DOMAIN\testuser", on client computer "10.x.x.x", did not meet resource authorization policy requirements and was therefore not authorized to resource"localhost".
    The following error occurred: "23002".  (This is after clicking on any
    of the icons).
    I
    think the Android MS RDP client is providing the incorrect resource.  It shouldn't be "localhost".
     It should be the RD Connection Broker's hostname, I believe.
    Here's what it should look like (connected using a Windows PC going
    through the RD Web portal via Internet Explorer):
    The user "DOMAIN\testuser", on client computer "10.x.x.x", met connection
    authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM".
    The user "DOMAIN\testuser", on client computer "10.x.x.x", met resource
    authorization policy requirements and was therefore authorized to connect to resource "rdsfarm.domain.com".
    The user "DOMAIN\testuser", on client computer "10.x.x.x", connected
    to resource "rdsfarm.domain.com".
    Stephan,
    Do you have any way to contact the software engineer who worked on the Android version of the RDP client?  Please
    have them read this thread.  They need to fix the hard coded "localhost" resource to be a variable (namely whatever the user put in for the server).
    This is why the MS RDP app is failing in situations where the FQDN for the RD Gateway and Connection Broker uses
    the same host name.
    Again, this is not a configuration problem on our end as it works as intended with the native Windows RDP client
    as well as the Mac and iOS version of the mobile RDP client (all based on iTap Mobile's RDP app).
    This is a problem specific to the Android RDP app.
    PS: No matter how hard I try, the WYSIWYG editor is not very WYSIWYG at all, and so everything here looks messed up even though it looked right when I posted it (it is deleting new blank lines I'm inserting to make it spaced out and easier to read). See
    below to read the post in context.

    Thanks for the bumps, everyone.  I haven't check this thread in a while because I basically gave up on Microsoft's ability to respond.  Unlike paid apps, there's no number to call or ticket to open when an app like this malfunctions.
    Just to give you an update, iOS users started having issues connecting a few months ago.  I don't remember what version started this.  I'm not sure if it's the same problem.
    Also, the newest version now gives a slightly different error message:  RpcOverHttpEndpointException: 2, Your connection was denied because of a Resource Access Policy (TS_RAP).  Please contact your server administrator.
    For Android users, I am starting to recommend Xtralogic Remote Desktop Client.  It's a paid app, but it works great.  I don't know of any alternative for iOS.
    MSRDP for Mac OSX (was also an iTap application) continues to work throughout the many updates.
    We need a software engineer from MS to read my first post.  All the information that will point to a fix is there.  I strongly believe someone hardcoded the string "localhost" instead of using a variable to point to the FQDN of the rdsfarm
    name.
    Here's that info again (copied/pasted).  It doesn't take an engineer to understand the issue.  If you know how to decipher Event Logs, you can see where the problem is.
    Event
    Viewer Log when using Android client:
    The
    user "DOMAIN\testuser", on client computer "10.x.x.x", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM". (This
    is most likely for logging into RD Web - icons shows up).
    The
    user "DOMAIN\testuser", on client computer "10.x.x.x", did not meet resource authorization policy requirements and was therefore not authorized to resource"localhost".
    The following error occurred: "23002".  (This
    is after clicking on any of the icons).
    I
    think the Android MS RDP client is providing the incorrect resource.  It shouldn't be "localhost".
     It should be the RD Connection Broker's hostname, I believe.
    Here's
    what it should look like (connected using a Windows PC going through the RD Web portal via Internet Explorer):
    The user "DOMAIN\testuser", on client computer "10.x.x.x",
    met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM".
    The user "DOMAIN\testuser", on client computer "10.x.x.x",
    met resource authorization policy requirements and was therefore authorized to connect to resource "rdsfarm.domain.com".
    The user "DOMAIN\testuser", on client computer "10.x.x.x",
    connected to resource "rdsfarm.domain.com".

  • [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

    Hi Experts,
    OIM Build Number: 1866.62 ( BP15 )
    IHAC that faced an unexpected behavior on User disabling.
    Some users were associated to groups that had access policies applied.
    When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
    I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
    Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
    I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
    Any help would be very appreciated.

    Hi Nishith,
    I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
    This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
    But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
    Is it any enhancement for this task in order to improve its performance, or something like that?
    What else I can check?
    Thanks in advance.

  • 8.0.6-119 on S160 can no longer see past the second access policy

    We upgraded an S160 to 8.0.6-119 today and now the appliance is not authenticating groups beyond restricted internet and information technology.  For example Access Policy #6 is called Marketing.  It has access to Streaming Media and Social Media (like youtube, facebook, twitter).  They are the marketing department that needs this access to do their job.  The identity policy is authenticated_users but it keeps falling under the last access policy "Global Access Policy" which results in request blocked based on URL category.
    I just don't get it.  Authenticated Users is selected to windows realm which the wsa joined to the domain and has 3 DC's and a CDA virtual appliance tied to it.  I don't see that being the issue because the policy trace correctly brings back all AD groups the user is tied to.  The scheme is Use Kerberos or NTLMSSP.  
    Next under access policies there are 14 of them before the global policy.  They are all authenticated users and pointed to the proper active directory groups.  Marketing is 6 out of 14 (not counting the non-numbered Global Policy at the bottom).
    So what could the issue be?

    I opened a case with TAC but have not heard back.  However it seems things are working now.  Perhaps they contacted in and corrected an issue but haven't had the chance to tell me what they did.  I have remote access enabled for Cisco TAC.
    Now when I do the policy trace, It actually applies the Marketing access policy, and AVC actually see's this is Facebook General (Facebook) in this case.  Before I think it said none for everything and access policy was global.

  • Access Policy is not getting trigggered after creation of user through GTC

    Hi,
    I have an access policy for ALL USER role and that provision users to an RO after getting created in oim. I have a trusted source flat file reconciliation GTC for user creation. I am facing issue when user is getting created through GTC, access policy is not getting triggered. But while creating an user through web console the same access policy is working fine and user is getting provisioned with RO.
    If anybody have any idea how to resolve this, please help me in this regards.
    Regards,
    Avijit

    Hi ,
    its good to know that its working. As per my experience it works for once (through reconciliation) but then stops working. Now to confirm try to revoke the user by changing the group member-ship through reconciliation and see if the resource is revoked or not (repeat it for 2 -3 times). Note that don't do it form within IDM web admin console, do it through reconciliation.
    do post your results.......
    Regards.

  • Problem with Access policy Provisioning on AD

    Hi,
    I have created an access policy, which will trigger the provisioning the user to AD when the user is added to group 'abc'.
    Its without approval.
    We have object form and process form. Process form is autosave.
    But, the problem is, as soon as the user is added to the group 'abc'.
    It triggers the provisioning flow. But the provisioning will be in ready state only.
    When we go and save the resource form only the provisioning flow triggers.
    If we make the object as auto save, it will work. But in our case we cannot make the object autosave as it has a resource form to be filled by user in other flow.
    Is there any approach to solve the issue?
    Regards,
    SK

    Hi Rajiv,
    So, there is no way we can implement this?
    My requirement is same as this,
    OIM: Question about "Auto Save" option on Resource Object
    I have a Resource Object that needs to be provisioned at least two ways:
    1) thru an access policy by group membership
    2) thru user self-request, who is not already in that group membership
    The problem is if I don't check the "Auto Save" check box the automatic assignment thru access policy is not completing and If I do check the check box then user request is not letting the user to enter values into the resource form. Instead it is directly going to submit request. Looks like these are mutually exclusive.
    Is there a way to make both work on the same Resource Object?
    Thanks
    SK

  • ISE Admin Menu Access Policy and Network Resources

    Hello Board,
    Does someone experience the same issue as me, if using an Admin Menu Access Policy?
    First of all, I'm using the latest ISE release (1.1.3.124 with patch 1).
    I created a custom Administrator Menu Access Policy (Admin Access -> Authorization -> Permissions -> Menu Access).
    But basically I allowed (show) all menu items.
    Then I bind this permission profile to an Admin Authorization Policy
    Everything works very well, but I have issues, if I want to administer "Network Resources", if I'm using this admin menu access
    - In "Network Devices", there is no Menu bar (no "add", "delete" or "edit" button)
    - In "Network Device Groups", there is just the folder "Groups" on the left side, but there is no way to create anything or navigate into the groups
    I'm not quite sure if this is a configuration fault on my side or just some kind of bug.
    By the way - I'm using the latest firefox.

    As far as I know everything seems fine to me from the configuration  side. You can try downgrading the ISE version to 1.1.2 patch 5 and also  try changing the browser which might help.

  • OIM Access Policy OU Updates

    All,
    I am wondering if any you have encountered an issue in OIM where a user’s OU in AD does not change when a new access policy applies to the user with a new OU (the old access policy is no longer valid). I have noticed that child form attributes (groups) are updated with the values from the new access policy, but parent form values such as OU, are not updated.
    The access policies currently do have retrofit selected.
    I also have tried running the “Evaluate User Policies” task with no luck.
    If you have any insight as to how we might resolve or workaround this issue, it would be appreciated.
    Thanks,
    -Derek

    What version of OIM are you using? And have you made any changes to the web client? (particularly xlWebAdmin.properties, struts-config.xml or the class files?)
    Deborah

Maybe you are looking for

  • Using mac as video monitor

    I connected a Sony DV camera to the mac via firewire. I can see live image via iMovie but I swear I was able to do this before and got an image that filled the entire screen (I don't this this was through iMovie). Can someone help me set this up agai

  • How do I re-activate my AVC Security and SKYPE since they were disabled by downloading FIREFOX 4.0??? Caan I return to an earlier version that I had prvious to FIREFOX 4.0?

    Pls advise how I can return to a previous version of FIREFOX so that my AVC security and SKYPE sites can be re-activated. Tx.

  • Build Error

    I have a very strange problem with workshop. I'm working on an application that contains several control projects, several java projects and a web project. Last week everything was working perfectly and suddenly on Thursday whenever I tried to build

  • Problems downloading IOS 5 to Ipad

    Is it normal to take hours to download IOS 5 to my Ipad?  It seems to freeze or slow down midway through download, so I cancel. I have yet to succeed downloading IOS 5.  Could it possibly be my personal computer (which is old) or the downloading proc

  • Optimizing the select query

    Hi All, I would like to know what would be alternate table or optimal way to make the following queries work in a more efficient manner. 1) select sfakn from vbrk into table tl_sfakn for all entries in tl_vbrp WHERE sfakn = tl_vbrp-vbeln. 2)   SELECT