ACE: Problem configuring probe snmp
Hi,
I have a problem when I configure probe snmp and My Server W2K3 dual core, snmp comunity public has an oid cpu .1.3.6.1.2.1.25.3.3.1.2, the output is:
access-list anyone line 8 extended permit ip any any
probe snmp was
interval 4
faildetect 2
passdetect interval 10
receive 2
community public
oid .1.3.6.1.2.1.25.3.3.1.2
threshold 70
rserver host was1
ip address 10.24.8.200
probe was
inservice
rserver host was2
ip address 10.24.8.201
probe was
inservice
serverfarm host servers
rserver was1
inservice
rserver was2
inservice
class-map type management match-any ADM-CONTEX-SERV1
4 match protocol icmp any
5 match protocol snmp any
class-map type http loadbalance match-all Check-Headers
2 match http url .*
3 match http header Host header-value "10.24.16.*"
4 match http header User-Agent header-value ".*MSIE.*"
class-map match-all VIP-10-HTTP
2 match virtual-address 10.24.16.10 tcp eq www
class-map type http loadbalance match-all other-HTTP
2 match http url .*
policy-map type management first-match ADM-CTX-SERV1
class ADM-CONTEX-SERV1
permit
policy-map type loadbalance first-match L7-logic
class Check-Headers
serverfarm servers
class other-HTTP
serverfarm servers
policy-map type loadbalance first-match lb-logic
class class-default
serverfarm servers
policy-map multi-match client-vips
class VIP-10-HTTP
loadbalance vip inservice
loadbalance policy L7-logic
loadbalance vip icmp-reply active
interface vlan 60
ip address 10.24.8.5 255.255.255.0
access-group input anyone
access-group output anyone
service-policy input ADM-CTX-SERV1
no shutdown
interface vlan 233
ip address 10.24.16.5 255.255.255.0
access-group input anyone
access-group output anyone
service-policy input ADM-CTX-SERV1
service-policy input client-vips
no shutdown
ip route 0.0.0.0 0.0.0.0 10.24.16.1
sh probe was detail
probe : was
type : SNMP
state : ACTIVE
description :
port : 161 address : 0.0.0.0 addr type : TRANSPARENT
interval : 4 pass intvl : 10 pass count : 3
fail count: 2 recv timeout: 2
version : 1 community : public
oid string #1 : .1.3.6.1.2.1.25.3.3.1.2
type : PERCENTILE max value : 100
weight : 16000 threshold : 70
--------------------- probe results --------------------
probe association probed-address probes failed passed health
------------------- ---------------+----------+----------+----------+-------
rserver : was1
10.24.8.201 13 13 0 FAILED
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 1
No. Probes skipped : 0 Last status code : 0
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Server reply - bad SNMP OID
Last probe time : Tue Feb 24 23:22:41 2009
Last fail time : Tue Feb 24 23:20:47 2009
Last active time : Never
Server load : 16000
rserver : was2
10.24.8.200 12 12 0 FAILED
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 1
No. Probes skipped : 0 Last status code : 0
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Server reply timeout (no reply)
Last probe time : Tue Feb 24 23:22:34 2009
Last fail time : Tue Feb 24 23:20:52 2009
Last active time : Never
Server load : 16000
Hi,
For a multicore processor you need to make a few changes to get the load on each core/processor. You need to have an instance for each core.
Try adding .1 or .2 to the OID to get the load on each core.
Also try doing an snmpwalk on the OID to see what the real structure is.
HTH
Cathy
Similar Messages
-
ACE: Problem dual proccesor server predisctor least-load and 2 oids
Hello,
I have a problem, I have configured predictor least-loaded and probe snmp in ACE, My Servers are dual core proccesor. the oids are:
oid .1.3.6.1.2.1.25.3.3.1.2.1 and oid .1.3.6.1.2.1.25.3.3.1.2.2
In 1 context (integracion1) I configured oid .1.3.6.1.2.1.25.3.3.1.2.1 and the other context (integracion2) I configured oid .1.3.6.1.2.1.25.3.3.1.2.2 and the results was positive, but when I configure 2 oid in integracion2 the output says FAILED, I need sense 2 proccesors to balance. how can do it? when I configure .1.3.6.1.2.1.25.3.3.1.2 (2 proccesors) the output says FAILED
I attachment 3 configurations
Best Regardswhen you use multiple oid's on a probe , you need to manually configure the weight and make sure weights add up to 16000 so your probe should be configured as follows:
probe snmp test-server
interval 4
faildetect 2
passdetect interval 10
receive 2
community public
oid .1.3.6.1.2.1.25.3.3.1.2.1
threshold 75
weight 8000
oid .1.3.6.1.2.1.25.3.3.1.2.2
threshold 75
weight 8000 -
ACE Appliance HTTP Probe with "POST" query
Does the ACE support HTTP Probe with a "POST" query?
Thanks
JoeHi Joe,
The ACE only supports GET and HEAD
Here is the documentation related to this:
http://www.cisco.com/en/US/customer/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/probe.html#wp1031485
Cesar R -
Ace 4710 active/standby SNMP config
We have 2 x Ace 4710 deployed in Active/Standby config. Since the configuration mode is disabled on the Standby unit, how can we configure the SNMP settings (such as location etc.) on the standby unit different from the active unit?
The 2 devices are in physically separated data centers so the SNMP location settings need to be set differently on both units. The standby unit does not allow any configuration.Comments inline:
Since this is the admin context, we would better not do this. As i understand correctly, this will turn off the config sync on the 2 units and we may end up with some issues.
KM - Correct, you need to manually manage the configurations of both devices.
Also, if at a later stage, we sync the configs again in the admin context, it will overwrite the different config on the standby unit with that from the active unit?
KM - Correct, the device with the lower priority will be overwritten when config-sync is re-enabled. This is one of the reasons you need to be careful in the Admin context. For example: Ff the lower priority device has contexts defined that the primary does not, they would be removed when you re-enablethis command.
Since my requirement is just the SNMP location config, I do not think i should go for this; rather i can have some descriptive location setting identifying the 2 units in cluster mode...
KM - This would be more ideal than disabling config sync. You could also put both locations like this:
snmp-server location "San Jose, CA & Seattle, WA"
Regards
Kris -
Folks,
We'll be adding a farm this weekend to do some kind of balance for LDAP and LDAPs servers.
I've been thinking about what would be the best way to probe that servers.
I assume an generic TCP probe has to be created testing 389 and 636, but i honestly don't know what should i expect coming from the real servers.
Does anyone have a LDAP farm in place or something like that.. ? I've found an script on the internet, but it seems a little bit further that what i can understand.. therefore i'm not really confident to use this.
Thanks for any advices.
AndreHi Andre,
You can use scripted ldap probe (LDAP_PROBE) available with ACE. It sends an anonymous bind request and check for bind success.
probe tcp LDAPS_Probe
port 636
probe tcp LDAP_Probe
port 389
This is how you can apply the script for LDAP port 389.
script file 1 LDAP_PROBE
probe scripted LDAP_PROBE_389
interval 5
passdetect interval 30
receive 5
script LDAP_PROBE
serverfarm host SF-LDAP-389
description SF LDAP Port 389
predictor leastconns
probe LDAP_PROBE_389
rserver LDAP-RS1-389
inservice
The only supported LDAP probe on the ACE module is the unsecure scripted probe,
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/script.html#wp1111558
The pre-made TCL script probes available from the Software download page also contains an LDAP probe that you can use to verify the health of the LDAP servers.
The ace_scripts.tgz zip file contains these scripts and is located at this URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cat6500-ace
To unzip this file, use the gunzip command in Exec mode,
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/script.html#wp1107470
For your convenience, the following sample scripts for the ACE are available to support the TCL feature and are supported by Cisco TAC:
•CHECKPORT_STD_SCRIPT
•ECHO_PROBE_SCRIPT
•FINGER_PROBE_SCRIPT
•FTP_PROBE_SCRIPT
•HTTP_PROBE_SCRIPT
•HTTPCONTENT_PROBE
•HTTPHEADER_PROBE
•HTTPPROXY_PROBE
•IMAP_PROBE
•LDAP_PROBE -----------------> "The LDAP probe you are looking for"
•MAIL_PROBE
•POP3_PROBE
•PROBENOTICE_PROBE
•RTSP_PROBE
•SSL_PROBE_SCRIPT
•TFTP_PROBE
Also remember that the binding request should be send as a binary and not via ASCII. To get a packet capture of a succeessful credential binding request with username and password and then convert this to HEX value and insert it in the script.
The easiest way is to capture a packet with the authentication credentials and then replace the hex bind string in the example.
The alternative is to handcode the BER coded ASN.1 data string - which while more fun is time consuming. The remainder of the script can stay the same.
You can do this on an ACE module. You have to be aware that 300c02010160 in the example script string is a sort of "header" that holds the request id (1). This will be different in your packet capture.
If you look at the decomposition of the example you'll be able to see how it is put together and what you need to change.
0x30 The start of a universal constructed sequence
0x0c The length of the sequence minus the tag and length bytes = 12 bytes
0x02 Next field is an integer
0x01 The length of the next field (1 byte)
0x01 Value (this is the message ID)
0x60 Application, number 0, use RFC2251 to decode. This is a Bind Request
0x07 Length of data to follow.
0x02 Integer
0x01 Length 1
0x03 3 - this is the LDAP version.
0x04 String
0x00 Length 0
0x80 Simple Authentication
0x00 Length 0
Just keep the id the same in the unbind.
The string I use is:
302d02010160280201030418636e3d41636550726f78792c6f3d556e69766572736974798009ffffffffffffffffff
where I've replaced the 9 character password with 9*x'ff'.
The username for binding is AceProxy. If you want to use the same script then create that username and set the password in the string above (in hex). If for example you set the password to Example12 then you need to set the 9*x'ff' to '4578616d706c653132' - which is the hex representation of the ASCII.
Note that if you use fewer or more than 9 characters then you'll need to change other values in the string because they refer to lengths.
You need to create a copy of the standard LDAP probe into your own file and then replace the hex string in the "puts" line which you identified above with the new string.
Then copy the file to the ACE:
ace1/ldap# copy ftp: disk0:
Enter source filename[]? My-LDAP_PROBE
Enter the destination filename[]? [My-LDAP_PROBE]
Enter hostname for the ftp server[]?
1.2.3.4
Enter username[]? anonymous
Enter the file transfer mode[bin/ascii]: [bin]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
In the context create a scripted probe definition:
probe scripted PROBE-LDAP-389
interval 60
receive 20
script My-LDAP_PROBE
Load the script into the context:
script file 10 My-LDAP_PROBE
And then add it to the serverfarm:
serverfarm host FARM-LDAP
probe PROBE-LDAP-389
The manual implies that you can pass arguments to a scripted probe, but you would then have to build the hex string dynamically - taking care that all the length values were correct.
This should be enough to enable you to implement the script.
Find another example on this
URL:http://scuq.abyle.org/?page_id=201
#!name = ADV_LDAP_PROBE
#### > user for linux tclsh !/usr/bin/tclsh8.4
# Stefan Nistelberger
# changes to cisco's original probe
# * username and password with ldap simple bind (dynamically generated packets)
# * unable to connect exception handling
# * debug message for invalidCredentials
# debug procedure
# set the EXIT_MSG environment variable to help debug
# also print the debug message when debug flag is on
proc ace_debug { msg } {
global debug ip port EXIT_MSG
set EXIT_MSG $msg
if { [ info exists ip ] && [ info exists port ] } {
set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
if { [ info exists debug ] && $debug } {
puts $EXIT_MSG
# main
# parse cmd line args and initialize variables
## set debug value
set debug 1
if { [ regsub -nocase "DEBUG" $argv "" argv] } {
set debug 1
ace_debug "initializing variable"
set EXIT_MSG "Error config: script ADV_LDAP_PROBE \[DEBUG\]"
set ip $scriptprobe_env(realIP)
set port "0"
set ldap_start "30"
set ldap_bindheader "02010160"
set ldap_bind "0201"
set ldap_version "02"
set ldap_gap1 "04"
set ldap_gap2 "80"
set ldap_bindheader_len 5
set base_len 0c
set ldap_simple_auth "8007"
proc toASCII { char } {
scan $char %c value
return [format %-x $value]
set username [ lindex $argv 0 ]
set hexusername ""
set password [ lindex $argv 1 ]
set hexpassword ""
foreach char [split $username ""] {
set hexchar [toASCII $char]
append hexusername $hexchar
foreach char [split $password ""] {
set hexchar [toASCII $char]
append hexpassword $hexchar
set username_len [string length $username]
ace_debug $username_len
set password_len [string length $password]
ace_debug $password_len
set base_len [expr 0x$base_len]
set seq_len [expr $username_len + $password_len + $base_len]
set sub_seq_len [expr $seq_len - $ldap_bindheader_len]
set seq_len [format %02x $seq_len]
set sub_seq_len [format %02x $sub_seq_len]
set hexldapbindpckt ""
append hexldapbindpckt $ldap_start
append hexldapbindpckt "$seq_len"
append hexldapbindpckt $ldap_bindheader
append hexldapbindpckt $sub_seq_len
append hexldapbindpckt $ldap_bind
append hexldapbindpckt $ldap_version
append hexldapbindpckt $ldap_gap1
append hexldapbindpckt [format %02x $username_len]
append hexldapbindpckt $hexusername
append hexldapbindpckt $ldap_gap2
append hexldapbindpckt [format %02x $password_len]
append hexldapbindpckt $hexpassword
# if port is zero the use well known ldap port 389
if { $port == 0 } {
set port 389
#ace_debug $hexldapbindpckt
# PROBE START
set errorcode [catch {
set sock [ socket $ip $port ]
} msg ]
if {$errorcode != 0} {
ace_debug $msg
exit 30002
fconfigure $sock -buffering line -translation binary
# anonymous bind request
#puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]
puts -nonewline $sock [ binary format "H*" $hexldapbindpckt ]
set code "ffffff"
flush $sock
ace_debug "bef"
set line [read $sock 22]
ace_debug "aft"
binary scan $line H* res
binary scan $line @15H6 code
close $sock
# make probe fail by exit with 30002 if ldap reply code != success code 0x0a0100
if { $code != "0a0100" } {
if { $code == "0a0131" } {
ace_debug " probe failed : expect response code \'0a0100\' but received
\'$code\' = invalidCredentials"
} else {
ace_debug " probe failed : expect response code \'0a0100\' but received
\'$code\'"
exit 30002
## make probe success by exit with 30001
ace_debug "probe success"
exit 30001
URL for reference:
https://cisco-support.hosted.jivesoftware.com/thread/132800?decorator=print&displayFullThread=true
HTH
Sachin Garg -
Problems configuring HP Laserjet M1213nf MFP with Mac via AirPrint
Hello,
I have a HP Laserjet M1213nf MFP printer, connected to a Dlink DSL-2730U ADSL router. I am having problems configuring the printer with my Macbook running OSX Yosemite. I can see the printers name in nearby printers but when I try to add the printer, the mac gives me an error saying, "unable to communicate with the printer at this time". The network settings on the printer are configure for iPv4 and iPv6 addresses.
Previously, I had the ADSL DSL-2750U model router, and the printer was connected fine. I did not face any issues then. I have been facing problems since I changed my router so the problem should be in the router. I have the IP for the printer reserved in the DHCP reservation list on the router settings using the mac address of the printer.
Can someone please help me out here? Is there something I am probably missing.
Rgds
~n~I talked to the DLink Support. They asked me to disable an option called "MultiAP Isolation" and Voila, the printer is working fine. I can add it to all my devices on the wireless network. I looked up google. Apparently, this isolation feature present in some routers, prevent wifi clients to interact with other devices connected to the wired network and also with each other. Thats why only my desktop which was also connected wired was only able to access the printer and not the laptops connected wirelessly.
Problem solved. Thanks for all your help on this one.
Cheers! -
Problems configuring Platform Domain with MS Sql Server
Hi,
We are having problems configuring a Platform Domain with MS Sql Server 2000.
We are using Weblogic version 7.0.0.2. These are the steps we followed
1.We manually created a database called TestDB and created a user account called
"system", pwd ==>> "weblogic" in SQL server and assigned him as the DB owner for
the TestDB created.
2. Changed dbsettings_properties files (Commented pointbase entries and uncommented
SQL Server entries. I gave the connection parameter as connection=jdbc:weblogic:mssqlserver4:localhost:1433
in this file.
3. Modified Config.xml and changed properties for DataSyncPool, WLIPool, CommercePool,WLIPool
and modified the RDBMS realm properties to point to the database.
4. ran the create_db script and it seemed to have run fine looking at the log
file.
5. I then tried to start the BEA Server instance and I get the following error.
I am also attaching the config.xml file for reference.
Appreciate any help/suggestions. Thanks in Advance.
Vikram
<Apr 9, 2003 2:57:45 AM EDT> <Error> <RDBMSRealm> <000000> <An error occured cre
ating a database connection for the realm.
java.sql.SQLException: Invalid port: weblogic:mssqlserver4:localhost:1433
at weblogic.jdbc.mssqlserver4.ConnectionInfo.<init>(ConnectionInfo.java:
193)
at weblogic.jdbc.mssqlserver4.ConnectDriver.parse(ConnectDriver.java:333
at weblogic.jdbc.mssqlserver4.ConnectDriver.connect(ConnectDriver.java:1
02)
at com.bea.p13n.security.realm.RDBMSDelegate.<init>(RDBMSDelegate.java:1
69)
at com.bea.p13n.security.realm.RDBMSDelegate$DFactory.getInstance(RDBMSD
elegate.java:962)
at com.bea.p13n.security.realm.internal.Pool.<init>(Pool.java:53)
at com.bea.p13n.security.realm.RDBMSRealm.createPool(RDBMSRealm.java:153
at com.bea.p13n.security.realm.RDBMSRealm.<init>(RDBMSRealm.java:140)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:232)
at weblogic.security.acl.Realm.getRealm(Realm.java:87)
at weblogic.security.acl.Realm.getRealm(Realm.java:65)
at weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:353)
at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.in
itialize(AuthorizationProviderImpl.java:72)
at weblogic.security.service.SecurityServiceManager.createSecurityProvid
er(SecurityServiceManager.java:1875)
at weblogic.security.service.AuthorizationManager.initialize(Authorizati
onManager.java:206)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationMa
nager.java:127)
at weblogic.security.service.SecurityServiceManager.doATZ(SecurityServic
eManager.java:1613)
at weblogic.security.service.SecurityServiceManager.initializeRealm(Secu
rityServiceManager.java:1426)
at weblogic.security.service.SecurityServiceManager.loadRealm(SecuritySe
rviceManager.java:1365)
at weblogic.security.service.SecurityServiceManager.initializeRealms(Sec
urityServiceManager.java:1487)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
>
<Apr 9, 2003 2:57:45 AM EDT> <Emergency> <WebLogicServer> <000342> <Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.R
DBMSException: An error occured creating a database connection for the realm.]
java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.RDBMSExcepti
on: An error occured creating a database connection for the realm.]
at weblogic.security.acl.Realm.getRealm(Realm.java:94)
at weblogic.security.acl.Realm.getRealm(Realm.java:65)
at weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:353)
at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.in
itialize(AuthorizationProviderImpl.java:72)
at weblogic.security.service.SecurityServiceManager.createSecurityProvid
er(SecurityServiceManager.java:1875)
at weblogic.security.service.AuthorizationManager.initialize(Authorizati
onManager.java:206)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationMa
nager.java:127)
at weblogic.security.service.SecurityServiceManager.doATZ(SecurityServic
eManager.java:1613)
at weblogic.security.service.SecurityServiceManager.initializeRealm(Secu
rityServiceManager.java:1426)
at weblogic.security.service.SecurityServiceManager.loadRealm(SecuritySe
rviceManager.java:1365)
at weblogic.security.service.SecurityServiceManager.initializeRealms(Sec
urityServiceManager.java:1487)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
>
The WebLogic Server did not start up properly.
Exception raised:
java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.RDBMSExcepti
on: An error occured creating a database connection for the realm.]
at weblogic.security.acl.Realm.getRealm(Realm.java:94)
at weblogic.security.acl.Realm.getRealm(Realm.java:65)
at weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:353)
at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.in
itialize(AuthorizationProviderImpl.java:72)
at weblogic.security.service.SecurityServiceManager.createSecurityProvid
er(SecurityServiceManager.java:1875)
at weblogic.security.service.AuthorizationManager.initialize(Authorizati
onManager.java:206)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationMa
nager.java:127)
at weblogic.security.service.SecurityServiceManager.doATZ(SecurityServic
eManager.java:1613)
at weblogic.security.service.SecurityServiceManager.initializeRealm(Secu
rityServiceManager.java:1426)
at weblogic.security.service.SecurityServiceManager.loadRealm(SecuritySe
rviceManager.java:1365)
at weblogic.security.service.SecurityServiceManager.initializeRealms(Sec
urityServiceManager.java:1487)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.R
DBMSException: An error occured creating a database connection for the realm.]
java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.RDBMSExcepti
on: An error occured creating a database connection for the realm.]
at weblogic.security.acl.Realm.getRealm(Realm.java:94)
at weblogic.security.acl.Realm.getRealm(Realm.java:65)
at weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:353)
at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.in
itialize(AuthorizationProviderImpl.java:72)
at weblogic.security.service.SecurityServiceManager.createSecurityProvid
er(SecurityServiceManager.java:1875)
at weblogic.security.service.AuthorizationManager.initialize(Authorizati
onManager.java:206)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationMa
nager.java:127)
at weblogic.security.service.SecurityServiceManager.doATZ(SecurityServic
eManager.java:1613)
at weblogic.security.service.SecurityServiceManager.initializeRealm(Secu
rityServiceManager.java:1426)
at weblogic.security.service.SecurityServiceManager.loadRealm(SecuritySe
rviceManager.java:1365)
at weblogic.security.service.SecurityServiceManager.initializeRealms(Sec
urityServiceManager.java:1487)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
[config.xml]Try removing the server section from the SchemaProperties line.
Preferrably do not use localhost or hostnames in the server
configuration file.
<RDBMSRealm
Name="wlcsRealm"
DatabaseDriver="weblogic.jdbc.mssqlserver4.Driver"
DatabasePassword="weblogic"
DatabaseURL="jdbc:weblogic:mssqlserver4:yourIPAddress:1433"
RealmClassName="com.bea.p13n.security.realm.RDBMSRealm"
SchemaProperties="user=system;password=weblogic"/>
Also consider ...
If you have a new Portal database created in SQL Server?
Does the user system have the Portal database as his default database?
-- Jim
Vikram wrote:
Hi,
We are having problems configuring a Platform Domain with MS Sql Server 2000.
We are using Weblogic version 7.0.0.2. These are the steps we followed
1.We manually created a database called TestDB and created a user account called
"system", pwd ==>> "weblogic" in SQL server and assigned him as the DB owner for
the TestDB created.
2. Changed dbsettings_properties files (Commented pointbase entries and uncommented
SQL Server entries. I gave the connection parameter as connection=jdbc:weblogic:mssqlserver4:localhost:1433
in this file.
3. Modified Config.xml and changed properties for DataSyncPool, WLIPool, CommercePool,WLIPool
and modified the RDBMS realm properties to point to the database.
4. ran the create_db script and it seemed to have run fine looking at the log
file.
5. I then tried to start the BEA Server instance and I get the following error.
I am also attaching the config.xml file for reference.
Appreciate any help/suggestions. Thanks in Advance.
Vikram
<Apr 9, 2003 2:57:45 AM EDT> <Error> <RDBMSRealm> <000000> <An error occured cre
ating a database connection for the realm.
java.sql.SQLException: Invalid port: weblogic:mssqlserver4:localhost:1433
at weblogic.jdbc.mssqlserver4.ConnectionInfo.<init>(ConnectionInfo.java:
193)
at weblogic.jdbc.mssqlserver4.ConnectDriver.parse(ConnectDriver.java:333
at weblogic.jdbc.mssqlserver4.ConnectDriver.connect(ConnectDriver.java:1
02)
at com.bea.p13n.security.realm.RDBMSDelegate.<init>(RDBMSDelegate.java:1
69)
at com.bea.p13n.security.realm.RDBMSDelegate$DFactory.getInstance(RDBMSD
elegate.java:962)
at com.bea.p13n.security.realm.internal.Pool.<init>(Pool.java:53)
at com.bea.p13n.security.realm.RDBMSRealm.createPool(RDBMSRealm.java:153
at com.bea.p13n.security.realm.RDBMSRealm.<init>(RDBMSRealm.java:140)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:232)
at weblogic.security.acl.Realm.getRealm(Realm.java:87)
at weblogic.security.acl.Realm.getRealm(Realm.java:65)
at weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:353)
at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.in
itialize(AuthorizationProviderImpl.java:72)
at weblogic.security.service.SecurityServiceManager.createSecurityProvid
er(SecurityServiceManager.java:1875)
at weblogic.security.service.AuthorizationManager.initialize(Authorizati
onManager.java:206)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationMa
nager.java:127)
at weblogic.security.service.SecurityServiceManager.doATZ(SecurityServic
eManager.java:1613)
at weblogic.security.service.SecurityServiceManager.initializeRealm(Secu
rityServiceManager.java:1426)
at weblogic.security.service.SecurityServiceManager.loadRealm(SecuritySe
rviceManager.java:1365)
at weblogic.security.service.SecurityServiceManager.initializeRealms(Sec
urityServiceManager.java:1487)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
<Apr 9, 2003 2:57:45 AM EDT> <Emergency> <WebLogicServer> <000342> <Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.R
DBMSException: An error occured creating a database connection for the realm.]
java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.RDBMSExcepti
on: An error occured creating a database connection for the realm.]
at weblogic.security.acl.Realm.getRealm(Realm.java:94)
at weblogic.security.acl.Realm.getRealm(Realm.java:65)
at weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:353)
at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.in
itialize(AuthorizationProviderImpl.java:72)
at weblogic.security.service.SecurityServiceManager.createSecurityProvid
er(SecurityServiceManager.java:1875)
at weblogic.security.service.AuthorizationManager.initialize(Authorizati
onManager.java:206)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationMa
nager.java:127)
at weblogic.security.service.SecurityServiceManager.doATZ(SecurityServic
eManager.java:1613)
at weblogic.security.service.SecurityServiceManager.initializeRealm(Secu
rityServiceManager.java:1426)
at weblogic.security.service.SecurityServiceManager.loadRealm(SecuritySe
rviceManager.java:1365)
at weblogic.security.service.SecurityServiceManager.initializeRealms(Sec
urityServiceManager.java:1487)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
The WebLogic Server did not start up properly.
Exception raised:
java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.RDBMSExcepti
on: An error occured creating a database connection for the realm.]
at weblogic.security.acl.Realm.getRealm(Realm.java:94)
at weblogic.security.acl.Realm.getRealm(Realm.java:65)
at weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:353)
at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.in
itialize(AuthorizationProviderImpl.java:72)
at weblogic.security.service.SecurityServiceManager.createSecurityProvid
er(SecurityServiceManager.java:1875)
at weblogic.security.service.AuthorizationManager.initialize(Authorizati
onManager.java:206)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationMa
nager.java:127)
at weblogic.security.service.SecurityServiceManager.doATZ(SecurityServic
eManager.java:1613)
at weblogic.security.service.SecurityServiceManager.initializeRealm(Secu
rityServiceManager.java:1426)
at weblogic.security.service.SecurityServiceManager.loadRealm(SecuritySe
rviceManager.java:1365)
at weblogic.security.service.SecurityServiceManager.initializeRealms(Sec
urityServiceManager.java:1487)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.R
DBMSException: An error occured creating a database connection for the realm.]
java.lang.IllegalAccessError: Exception[com.bea.p13n.security.realm.RDBMSExcepti
on: An error occured creating a database connection for the realm.]
at weblogic.security.acl.Realm.getRealm(Realm.java:94)
at weblogic.security.acl.Realm.getRealm(Realm.java:65)
at weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:353)
at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.in
itialize(AuthorizationProviderImpl.java:72)
at weblogic.security.service.SecurityServiceManager.createSecurityProvid
er(SecurityServiceManager.java:1875)
at weblogic.security.service.AuthorizationManager.initialize(Authorizati
onManager.java:206)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationMa
nager.java:127)
at weblogic.security.service.SecurityServiceManager.doATZ(SecurityServic
eManager.java:1613)
at weblogic.security.service.SecurityServiceManager.initializeRealm(Secu
rityServiceManager.java:1426)
at weblogic.security.service.SecurityServiceManager.loadRealm(SecuritySe
rviceManager.java:1365)
at weblogic.security.service.SecurityServiceManager.initializeRealms(Sec
urityServiceManager.java:1487)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
<Domain Name="epmsDomain">
<Log
FileName="logs/wl-domain.log"
Name="epmsDomain"
/>
<!-- Configuration Wizard Cluster and Admin/Managed Node support -->
<Server
Name="platformServer"
ListenAddress="localhost"
ListenPort="7501"
NativeIOEnabled="true"
TransactionLogFilePrefix="logs/"
>
<SSL
Name="platformServer"
ListenPort="7502"
Enabled="true"
ServerCertificateChainFileName="ca.pem"
ServerCertificateFileName="democert.pem"
ServerKeyFileName="demokey.pem"
/>
<Log
FileName="logs/weblogic.log"
/>
<WebServer
DefaultWebApp="splashPage"
LogFileName="./logs/access.log"
LoggingEnabled="true"
Name="platformServer"
/>
</Server>
<!-- WLP Pool -->
<JDBCConnectionPool
Name="commercePool"
DriverName="weblogic.jdbc.mssqlserver4.Driver"
URL="jdbc:weblogic:mssqlserver4:localhost:1433"
Properties="user=system;password=weblogic;server=jdbc:weblogic:mssqlserver4:localhost:1433"
Password="weblogic"
InitialCapacity="20"
MaxCapacity="20"
CapacityIncrement="1"
RefreshMinutes="0"
ShrinkingEnabled="false"
Targets="platformServer"
TestConnectionsOnReserve="false"
TestTableName="WEBLOGIC_IS_ALIVE"
/>
<!-- WLI Pool -->
<JDBCConnectionPool
CapacityIncrement="2"
DriverName="weblogic.jdbc.mssqlserver4.Driver"
InitialCapacity="8"
LoginDelaySeconds="1"
MaxCapacity="36"
Name="wliPool"
Properties="user=system;password=weblogic;server=jdbc:weblogic:mssqlserver4:localhost:1433"
Password="weblogic"
RefreshMinutes="0"
ShrinkPeriodMinutes="15"
ShrinkingEnabled="true"
Targets="platformServer"
URL="jdbc:weblogic:mssqlserver4:localhost:1433"
/>
<JDBCTxDataSource
EnableTwoPhaseCommit="false"
JNDIName="weblogic.jdbc.jts.commercePool"
Name="commercePool"
PoolName="commercePool"
Targets="platformServer"
/>
<JDBCDataSource
JNDIName="weblogic.jdbc.pool.commercePool"
Name="commercePool"
PoolName="commercePool"
Targets="platformServer"
/>
<JDBCDataSource
JNDIName="WLAI_DataSource"
Name="WLAI_DataSource"
PoolName="wliPool"
Targets="platformServer"
/>
<JDBCTxDataSource
EnableTwoPhaseCommit="true"
JNDIName="com.bea.wlpi.TXDataSource"
Name="TXDataSource"
PoolName="wliPool"
Targets="platformServer"
/>
<JDBCTxDataSource
EnableTwoPhaseCommit="true"
JNDIName="WLCHub.DS"
Name="WLCHub.DS"
PoolName="wliPool"
Targets="platformServer"/>
/>
<!-- Configure WebLogic Workshop to run in Platform domain -->
<JDBCTxDataSource
EnableTwoPhaseCommit="true"
JNDIName="cgDataSource"
Name="cgDataSource"
PoolName="commercePool"
Targets="platformServer"/>
<JDBCTxDataSource
EnableTwoPhaseCommit="true"
JNDIName="cgSampleDataSource"
Name="cgSampleDataSource"
PoolName="commercePool"
Targets="platformServer"/>
<JMSConnectionFactory JNDIName="weblogic.jws.jms.QueueConnectionFactory"
Name="cgQueue" Targets="platformServer"/>
<JMSJDBCStore ConnectionPool="commercePool" Name="cgJDBCStore" PrefixName="WEBLOGIC"/>
<JMSServer Name="cgJMSServer" Store="cgJDBCStore" Targets="platformServer">
<JMSQueue JNDIName="jws.queue" Name="cgJWSQueue" StoreEnabled="default"/>
</JMSServer>
<JTA Name="epmsDomain" TimeoutSeconds="3600"/>
<!-- End: Configure WebLogic Workshop to run in Platform domain -->
<!-- WLP DATASYNC -->
<JDBCConnectionPool
Name="dataSyncPool"
DriverName="weblogic.jdbc.mssqlserver4.Driver"
URL="jdbc:weblogic:mssqlserver4:localhost:1433"
Properties="user=system;password=weblogic;server=jdbc:weblogic:mssqlserver4:localhost:1433"
Password="WEBLOGIC"
InitialCapacity="1"
MaxCapacity="5"
CapacityIncrement="1"
RefreshMinutes="0"
ShrinkingEnabled="false"
TestConnectionsOnReserve="false"
TestTableName="WEBLOGIC_IS_ALIVE"
Targets="platformServer"/>
/>
<JDBCTxDataSource
EnableTwoPhaseCommit="false"
JNDIName="weblogic.jdbc.jts.dataSyncPool"
Name="dataSyncPool"
PoolName="dataSyncPool"
Targets="platformServer"/>
/>
<!-- General Config -->
<Security
GuestDisabled="false"
Name="epmsDomain"
PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm"
CompatibilityMode="true"
/>
<PasswordPolicy
Name="wl_default_password_policy"
/>
<Realm
Name="wl_default_realm"
CachingRealm="wlcsCachingRealm"
FileRealm="wl_default_file_realm"
/>
<CachingRealm
BasicRealm="wlcsRealm"
CacheCaseSensitive="true"
Name="wlcsCachingRealm"
/>
<RDBMSRealm DatabaseDriver="weblogic.jdbc.mssqlserver4.Driver"
DatabasePassword="weblogic"
DatabaseURL="jdbc:weblogic:mssqlserver4:localhost:1433"
SchemaProperties="user=system;password=weblogic;server=jdbc:weblogic:mssqlserver4:localhost:1433"
Name="wlcsRealm"
RealmClassName="com.bea.p13n.security.realm.RDBMSRealm"/>
<FileRealm
Name="wl_default_file_realm"
/>
<StartupClass
ClassName="com.beasys.commerce.ebusiness.security.KeyBootstrap"
FailureIsFatal="false"
Name="KeyBootstrap"
Targets="platformServer"
/>
<!-- WLI configuraion for Platform -->
<JMSConnectionFactory Name="WLI_B2B_TopicFactory"
JNDIName="com.bea.wli.b2b.server.TopicConnectionFactory"
AllowCloseInOnMessage="true"
UserTransactionsEnabled="true"
Targets="platformServer"
/>
<JMSConnectionFactory
AllowCloseInOnMessage="true"
JNDIName="com.bea.wli.b2b.rosettanet.QueueConnectionFactory"
Name="RNQueueFactory"
Targets="platformServer"
UserTransactionsEnabled="true"
/>
<JMSConnectionFactory
AllowCloseInOnMessage="false"
DefaultDeliveryMode="Persistent"
DefaultPriority="4"
DefaultTimeToLive="0"
JNDIName="com.bea.wlai.JMSConnectionFactory"
MessagesMaximum="10"
Name="WLAI_JMSConnectionFactory"
OverrunPolicy="KeepOld"
UserTransactionsEnabled="true"
Targets="platformServer"/>
/>
<JMSConnectionFactory
AllowCloseInOnMessage="true"
JNDIName="com.bea.wlpi.TopicConnectionFactory"
Name="wlpiFactory"
Targets="platformServer"
UserTransactionsEnabled="true"
/>
<JMSConnectionFactory
AllowCloseInOnMessage="true"
JNDIName="com.bea.wlpi.QueueConnectionFactory"
Name="wlpiQueueFactory"
Targets="platformServer"
UserTransactionsEnabled="true"
/>
<JMSJDBCStore
ConnectionPool="wliPool"
Name="JMSWLIStore"
PrefixName="PBPUBLIC"
/>
<JMSServer Name="WLIJMSServer"
Targets="platformServer"
TemporaryTemplate="TemporaryTemplate"
Store="JMSWLIStore">
<JMSTemplate Name="TemporaryTemplate"/>
<!-- B2B -->
<JMSQueue Name="WLI_B2B_RNEncoderQueue"
JNDIName="com.bea.wli.b2b.rosettanet.EncoderQueue"/>
<JMSTopic Name="WLI_B2B_Topic"
JNDIName="com.bea.wli.b2b.server.B2BTopic"/>
<JMSQueue Name="WLI_B2B_OutboundQueue"
JNDIName="com.bea.b2b.OutboundQueue"/>
<!-- BPM -->
<JMSTopic Name="wlpiEvent"
JNDIName="com.bea.wlpi.EventTopic"/>
<JMSQueue Name="WLI_BPM_Timer"
JNDIName="com.bea.wli.bpm.TimerQueue"
StoreEnabled="true"
Template="WLI_JMSTemplate"/>
<JMSQueue Name="WLI_BPM_Event"
JNDIName="com.bea.wli.bpm.EventQueue"
StoreEnabled="true"
Template="WLI_JMSTemplate"/>
<JMSQueue Name="WLI_BPM_ValidatingEvent"
JNDIName="com.bea.wli.bpm.ValidatingEventQueue"
StoreEnabled="true"
Template="WLI_JMSTemplate"/>
<JMSTopic Name="WLI_BPM_Error"
JNDIName="com.bea.wli.bpm.ErrorTopic"/>
<JMSTopic Name="WLI_BPM_Audit"
JNDIName="com.bea.wli.bpm.AuditTopic"/>
<JMSTopic Name="WLI_BPM_Notify"
JNDIName="com.bea.wli.bpm.NotifyTopic"/>
<!-- AI -->
<JMSQueue Name="WLAI_ASYNC_REQUEST_QUEUE"
JNDIName="com.bea.wlai.ASYNC_REQUEST_QUEUE"/>
<JMSQueue Name="WLAI_ASYNC_RESPONSE_QUEUE"
JNDIName="com.bea.wlai.ASYNC_RESPONSE_QUEUE"/>
<JMSQueue Name="WLAI_EVENT_QUEUE"
JNDIName="com.bea.wlai.EVENT_QUEUE"/>
<JMSTopic Name="WLAI_EVENT_TOPIC"
JNDIName="com.bea.wlai.EVENT_TOPIC"/>
<!-- App View control -->
<JMSQueue JNDIName="com.bea.wlai.WORKSHOP_ASYNC_RESPONSE_QUEUE" Name="WLAI_WORKSHOP_ASYNC_RESPONSE_QUEUE"/>
<JMSQueue JNDIName="com.bea.wlai.WORKSHOP_EVENT_QUEUE" Name="WLAI_WORKSHOP_EVENT_QUEUE"/>
<!-- WLI -->
<JMSQueue Name="WLI_FailedEvent"
JNDIName="com.bea.wli.FailedEventQueue"
StoreEnabled="true"/>
<JMSTemplate Name="WLI_JMSTemplate"
ErrorDestination="WLI_FailedEvent"
RedeliveryDelayOverride="60000"
RedeliveryLimit="10"/>
</JMSServer>
<JMSJDBCStore Name="JMSWLIStore"
ConnectionPool="wliPool"
PrefixName="platformServer"/>
<!-- Distributed queue/topic configuration for WLI components -->
<!-- End WLI configuraion for Platform -->
<!--===========================================================================-->
<!-- Configure the J2EE enterprise applications supporting the Platform -->
<!--===========================================================================-->
<!-- The enterprise application containing the WLS-based Tax and Payment WebService -->
<Application
Deployed="true"
Name="taxWSApp"
Path="C:/bea/user_projects/epmsDomain/beaApps/taxWSApp"
TwoPhase="true"
>
<EJBComponent
Name="tax"
URI="tax.jar"
Targets="platformServer"
/>
<WebAppComponent
Name="tax-webservice"
URI="tax-ws"
Targets="platformServer"
/>
</Application>
<Application
Deployed="true"
Name="paymentWSApp"
Path="C:/bea/user_projects/epmsDomain/beaApps/paymentWSApp"
TwoPhase="true"
>
<EJBComponent
Name="payment"
URI="payment.jar"
Targets="platformServer"
/>
<WebAppComponent
Name="payment-edit webservice"
URI="pay-ws"
Targets="platformServer"
/>
</Application>
<!-- The enterprise application containing the installed/online links documentation -->
<Application
Deployed="true"
Name="wlpDocsApp"
Notes=""
Path="C:/bea/weblogic700/portal/lib"
TwoPhase="true"
>
<WebAppComponent
IndexDirectoryEnabled="false"
Name="wlpDocs"
Targets="platformServer"
URI="wlpDocs.war"
ServletReloadCheckSecs="300"
/>
</Application>
<!-- The enterprise application containing the WLP components -->
<Application
Deployed="true"
Name="portalApp"
Notes=""
Path="C:/bea/user_projects/epmsDomain/beaApps/portalApp"
TwoPhase="true"
>
<ApplicationConfiguration
Name="portalApp"
Targets="platformServer"
URI="META-INF/application-config.xml"
/>
<EJBComponent
Name="events"
Targets="platformServer"
URI="events.jar"
/>
<EJBComponent
Name="pipeline"
Targets="platformServer"
URI="pipeline.jar"
/>
<EJBComponent
Name="property"
Targets="platformServer"
URI="property.jar"
/>
<EJBComponent
Name="rules"
Targets="platformServer"
URI="rules.jar"
/>
<EJBComponent
Name="usermgmt"
Targets="platformServer"
URI="usermgmt.jar"
/>
<EJBComponent
Name="customer"
Targets="platformServer"
URI="customer.jar"
/>
<EJBComponent
Name="ebusiness"
Targets="platformServer"
URI="ebusiness.jar"
/>
<EJBComponent
Name="portal"
Targets="platformServer"
URI="portal.jar"
/>
<EJBComponent
Name="campaign"
Targets="platformServer"
URI="campaign.jar"
/>
<EJBComponent
Name="catalogws"
Targets="platformServer"
URI="catalogws.jar"
/>
<EJBComponent
Name="document"
Targets="platformServer"
URI="document.jar"
/>
<EJBComponent
Name="ejbadvisor"
Targets="platformServer"
URI="ejbadvisor.jar"
/>
<EJBComponent
Name="mail"
Targets="platformServer"
URI="mail.jar"
/>
<EJBComponent
Name="placeholder"
Targets="platformServer"
URI="placeholder.jar"
/>
<WebAppComponent
Name="toolSupport"
Targets="platformServer"
URI="toolSupport"
ServletReloadCheckSecs="300"
/>
<WebAppComponent
Name="tools"
Targets="platformServer"
URI="tools"
ServletReloadCheckSecs="300"
/>
<WebAppComponent
Name="datasync"
Targets="platformServer"
URI="datasync"
ServletReloadCheckSecs="300"
/>
<WebAppComponent
Name="splashPage"
Targets="platformServer"
URI="splashPage"
ServletReloadCheckSecs="300"
/>
<!-- The enterprise application containing the WLP P13N Console components -->
</Application>
<Application
Deployed="true"
TwoPhase="true"
StagedTargets="platformServer"
Name="p13nConsoleApp"
Path="C:/bea/weblogic700/portal/lib"
>
<WebAppComponent
Name="p13nConsole"
ServletReloadCheckSecs="300"
Targets="platformServer"
URI="p13nConsole.war"
/>
</Application>
<!-- The enterprise application containing the WLI components -->
<Application Deployed="true" LoadOrder="900" Name="EAI" Path="C:/bea/weblogic700/samples/workshop/wlai/ear/" TwoPhase="true">
<EJBComponent
DeploymentOrder="100"
Name="repository-ejb.jar"
Targets="platformServer"
URI="repository-ejb.jar"/>
<EJBComponent Name="WLI-B2B Startup"
DeploymentOrder="200"
Targets="platformServer"
URI="b2b-startup.jar"/>
<EJBComponent DeploymentOrder="300" Name="b2b-rosettanet.jar" Targets="platformServer" URI="b2b-rosettanet.jar"/>
<WebAppComponent DeploymentOrder="400" Name="b2b.war" Targets="platformServer" URI="b2b.war"/>
<WebAppComponent DeploymentOrder="500" Name="b2bconsole.war" Targets="platformServer" URI="b2bconsole.war"/>
<EJBComponent DeploymentOrder="600" Name="WLI-AI Server" Targets="platformServer" URI="wlai-server-ejb.jar"/>
<WebAppComponent DeploymentOrder="700" Name="wlai" Targets="platformServer" URI="wlai.war"/>
<EJBComponent DeploymentOrder="800" Name="WLI-AI Async Processor" Targets="platformServer" URI="wlai-asyncprocessor-ejb.jar"/>
<EJBComponent DeploymentOrder="900" Name="WLI-AI Event Processor" Targets="platformServer" URI="wlai-eventprocessor-ejb.jar"/>
<EJBComponent DeploymentOrder="1000" Name="wlpi-ejb.jar" Targets="platformServer" URI="wlpi-ejb.jar"/>
<EJBComponent DeploymentOrder="1100" Name="wlpi-master-ejb.jar" Targets="platformServer" URI="wlpi-master-ejb.jar"/>
<EJBComponent DeploymentOrder="1200" Name="wlpi-mdb-ejb.jar" Targets="platformServer" URI="wlpi-mdb-ejb.jar"/>
<EJBComponent DeploymentOrder="1300" Name="WLXTEJB.jar" Targets="platformServer" URI="WLXTEJB.jar"/> -
Problem configuring Username token profile on ALSB
Hi All !!
First of all, thanks for your support!!
I'm facing a problem configuring an active intermediary Proxy service with username token profile. This proxy service has a security policy referencing Auth.xml file to implement Username token profile. That proxy calls a business service which calls a web service.
On test page, username and password is requested (already created in the security domain), then an error is returned "Unable to add security token for identity".
Below you can find the Invocation Trace:
Invocation Trace
(receiving request)
Initial Message Context
added $body
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<per:getPersona xmlns:per="http://com/indra/persona">
<per:nombre>string</per:nombre>
<per:apellidos>string</per:apellidos>
</per:getPersona>
</soapenv:Body>
added $header
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
added $inbound
<con:endpoint name="ProxyService$PruebaWSsecurity$PersonaProxy92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:uri>/PersonaProxy92</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
*<con:security>*
*<con:transportClient>*
*<con:username><anonymous></con:username>*
*</con:transportClient>*
*<con:messageLevelClient>*
*<con:username>securityUser</con:username>*
*<con:principals>*
*<con:group>Administrators</con:group>*
*<con:group>IntegrationAdministrators</con:group>*
*</con:principals>*
*</con:messageLevelClient>*
*</con:security>* </con:endpoint>
added $messageID
2741921765813726088-1b0fcf1c.12204e4868c.-8f3
RouteNode1
Routed Service
Route to: "PersonaBusiness92"
$outbound:
<con:endpoint name="BusinessService$PruebaWSsecurity$PersonaBusiness92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
</con:request>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
$body (request):
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<per:getPersona xmlns:per="http://com/indra/persona">
<per:nombre>string</per:nombre>
<per:apellidos>string</per:apellidos>
</per:getPersona>
</soapenv:Body>
$header (request):
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
$attachments (request):
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
Message Context Changes
added $outbound
<con:endpoint name="BusinessService$PruebaWSsecurity$PersonaBusiness92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:uri>http://esmadaix01:9103/WSPersona/Persona</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<tran:user-header name="SOAPAction" value=""""/>
<tran:user-header name="X-Powered-By" value="Servlet/2.4 JSP/2.0"/>
<http:Content-Type>text/xml; charset="utf-8"</http:Content-Type>
<http:Date>Mon, 22 Jun 2009 10:34:18 GMT</http:Date>
<http:Transfer-Encoding>chunked</http:Transfer-Encoding>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
<tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">OK</tran:response-message>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
<http:http-response-code>200</http:http-response-code>
</con:response>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
changed $header
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>
changed $inbound
<con:endpoint name="ProxyService$PruebaWSsecurity$PersonaProxy92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:uri>/PersonaProxy92</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username><anonymous></con:username>
</con:transportClient>
<con:messageLevelClient>
<con:username>securityUser</con:username>
<con:principals>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:messageLevelClient>
</con:security>
</con:endpoint>
changed $attachments
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
changed $body
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<m:getPersonaResponse xmlns:m="http://com/indra/persona">
<persona>
<correo>[email protected]</correo>
<telefono>91546789</telefono>
</persona>
</m:getPersonaResponse>
</soapenv:Body>
System Error Handler
$fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
*<con:reason>*
*A web service security fault occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Unable to add security token for identity]*
*</con:reason>*
<con:details>
<err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">soapenv:Server</err:faultcode>
<err:faultstring>
Unable to add security token for identity
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>We have the same problem.
Have you the reposne?
Request Document
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
<soapenv:Body>
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="unt_ZqnW7MTAb7P77cPL" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>weblogic10</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">??????????????</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soapenv:Body>
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
</soapenv:Envelope>
Response Document
The invocation resulted in an error: .
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>
Unable to add security token for identity
</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
Response Metadata
<con:metadata xmlns:con="http://www.bea.com/wli/sb/test/config">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">1</tran:response-code>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:metadata>
Invocation Trace
(receiving request)
Initial Message Context
added $body
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
added $header
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
added $inbound
<con:endpoint name="ProxyService$ctxweb$t17i_wss-1" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:uri>/ctxweb/t17i_wss_1</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username><anonymous></con:username>
</con:transportClient>
<con:messageLevelClient>
<con:username>weblogic10</con:username>
<con:principals>
<con:group>AdminChannelUsers</con:group>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:messageLevelClient>
</con:security>
</con:endpoint>
added $messageID
6412299231164769748--466a8253.12535a4d4fe.-7f29
RouteTo_NORA-bs
Routed Service
Route to: "NORA-bs"
$outbound:
<con:endpoint name="BusinessService$business$NORA-bs" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
</con:request>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
$body (request):
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
$header (request):
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
$attachments (request):
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
Message Context Changes
added $outbound
<con:endpoint name="BusinessService$business$NORA-bs" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:uri>
http://www.integracion.jakina.ejiedes.net/t17iApiWSWar/t17iApiWS
</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<tran:user-header name="Set-Cookie" value="JSESSIONID=Q02mLVvKw8hRcvYm7nwmyJyCQHC2FJknpGbltNPnsqp2gstzHy0M!-1566668667!734317392; path=/"/>
<http:Connection>close</http:Connection>
<http:Content-Length>666</http:Content-Length>
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:Date>Tue, 01 Dec 2009 14:59:22 GMT</http:Date>
<http:Server>
Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7a
</http:Server>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
<tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">OK</tran:response-message>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
<http:http-response-code>200</http:http-response-code>
</con:response>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
changed $body
<env:Body xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<m:pais_getByDescResponse xmlns:m="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<n1:result xsi:type="n2:ArrayOfPais" xmlns:n1="http://www.ejie.es/webServiceEJB/t17iApiWSWar" xmlns:n2="java:t17i.vo">
<n2:Pais xsi:type="n2:Pais">
<n2:descripcionOficial>Bulgaria</n2:descripcionOficial>
<n2:id>104</n2:id>
</n2:Pais>
</n1:result>
</m:pais_getByDescResponse>
</env:Body>
changed $attachments
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
changed $inbound
<con:endpoint name="ProxyService$ctxweb$t17i_wss-1" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:uri>/ctxweb/t17i_wss_1</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username><anonymous></con:username>
</con:transportClient>
<con:messageLevelClient>
<con:username>weblogic10</con:username>
<con:principals>
<con:group>AdminChannelUsers</con:group>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:messageLevelClient>
</con:security>
</con:endpoint>
changed $header
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>
System Error Handler
$fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
<con:reason>
A web service security fault occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Unable to add security token for identity]
</con:reason>
<con:details>
<err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">soapenv:Server</err:faultcode>
<err:faultstring>
Unable to add security token for identity
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault> -
PX2-300D - How to configure a SNMP RO community.
Hi, I searched on the forum then I can't find a post about that. How can I configure a SNMP RO Community on a PX2-300D ?
Hello boubou,
Please see this thread:
https://forums.lenovo.com/t5/Iomega-Desktop-Network-Storage/SNMP-OID/td-p/2104876
From what I've been able to gather, you will need an SNMP manager, you then point the px at the manager from the UI.
That is the extent of our firmware's involvement in the process. -
Problem configuring RVS4000 router
I just purchase the Cisco Router RVS4000 vpn and I am having problem configuring the VPN option. I just try all way I could imaging, but somehow something are missing and I don't know what it is. Here are a image of my current configuration.
Without examining this in detail, it is only half of the equation. The other end of the tunnel needs to be configured as well. BTW, don't ever post your WAN IP and shared key in a public forum. Change the key.
-
ACE: SSL termination, Probe and Redirect problem
Hello,
I have problem with three things: -1) SSL offload, -2) probe, and -3) server redirect.
1) I made SSL offload like shows attached file with "show run". But during going to the VIP address by the browser: https://192.168.254.143 I get window with Java error: java.lang.NullPointerException - I have to click OK on this window and then can work fine. Without SSL offload I don't have this error message in window.
When I have SSL offload I have following configuration:
ssl-proxy service SSL
key klucz.pem
cert certyfikat.pem
serverfarm host SFARM
rserver S1 8080
rserver S2 8080
policy-map multi-match SLB-POLICY
class SLB
ssl-proxy server SSL
Without SSL offloading I have only this:
serverfarm host SFARM
rserver S1 (without 8080!)
rserver S2
2) Right now I have two real servers and I send traffic to them by port TCP 8080. So I made probe to check TCP 8080 port availability.:
probe tcp TCP_8080
port 8080
interval 15
passdetect interval 60
serverfarm host SFARM
rserver S1 8080
probe TCP_8080
inservice
rserver S2 8080
probe TCP_8080
inservice
I want also check port TCP 6400 availability, and I only one from port 8080 or 6400 don't work - make real server unavailable. So must work TCP port 8080 ang 6400 togethet to treat real server as operational.
So I want to make something like this:
probe tcp TEST
port 8080 and 6400 !?! - ofcourse It is impossible but I want to make config with this functionality.
How to do this?
3) I hant to make that when I write in browser https://bo.kw.coig.biz/ = https://192.168.254.143 I want to be redirected to one of real server on address: https://bo.kw.coig.biz/businessobjects/enterprise115/desktoplaunch/InfoView/logon/logon.do
I made something like this:
rserver redirect S3
webhost-redirection https://%h/businessobjects/enterprise115/desktoplaunch/InfoView/logon/logon.do 302
inservice
serverfarm redirect REDIRECT
rserver S3
inservice
policy-map type loadbalance first-match POLICY-TYPE
class class-default
serverfarm REDIRECT
But this configuration dosn't work. I have in browser window with error messeging.
How to do this?1/ this is a java problem.
Java is telling you that it attempted to use a null pointer. You need to check with the people who created the java program
2/ you can configure multiple tcp probe, one for each port you need to monitor and assign all the probes to the serverfarm.
BTW, you can assign the problem to the entire serverfarm so you don't need to specify it for each rserver.
3/ the problem with your redirect is that you applied to class-default.
So even a request to ...../logon will be redirected to ...../logon.
Therefore you just created a nice loop.
You need to create a class-map to only match the url "/" so the redirect is only applied then.
Gilles. -
Problem configuring IP SLA using SNMP
I am trying to configure IP SLA on a Cisco device using SNMP. No matter what I do the rttMonCtrlAdminStatus changes to 1 even though I set it to 4.
The device is - Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1)
My snmpset command is as follows
snmpset -v2c -c xxxxxx 100.252.0.12 1.3.6.1.4.1.9.9.42.1.2.1.1.9.1 i 4 1.3.6.1.4.1.9.9.42.1.2.1.1.4.1 i 1 1.3.6.1.4.1.9.9.42.1.2.2.1.1.1 i 2 1.3.6.1.4.1.9.9.42.1.2.2.1.2.1 x 'AC 10 1B 06' 1.3.6.1.4.1.9.9.42.1.2.2.1.6.1 x '0A FE 00 02' 1.3.6.1.4.1.9.9.42.1.2.5.1.2.1 t 1 1.3.6.1.4.1.9.9.42.1.2.5.1.1.1 i 214748364
SNMPv2-SMI::enterprises.9.9.42.1.2.1.1.9.1 = INTEGER: 4
SNMPv2-SMI::enterprises.9.9.42.1.2.1.1.4.1 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.42.1.2.2.1.1.1 = INTEGER: 2
SNMPv2-SMI::enterprises.9.9.42.1.2.2.1.2.1 = Hex-STRING: AC 10 1B 06
SNMPv2-SMI::enterprises.9.9.42.1.2.2.1.6.1 = Hex-STRING: 0A FE 00 02
SNMPv2-SMI::enterprises.9.9.42.1.2.5.1.2.1 = Timeticks: (1) 0:00:00.01
SNMPv2-SMI::enterprises.9.9.42.1.2.5.1.1.1 = INTEGER: 214748364
Things look fine here. Now when I try to cross verify
snmpwalk -v2c -c xxxxxx 100.252.0.12 1.3.6.1.4.1.9.9.42.1.2.1.1.9
SNMPv2-SMI::enterprises.9.9.42.1.2.1.1.9.1 = INTEGER: 1
The rttMonCtrlAdminStatus shows as 1.
Is there something that I am missing out?This is normal. You set the row status to createAndGo, and because everything was configured properly, the row transitions to active(1) automatically. This what you want.
-
If I need to configure a request method probe for website www.abc.com, should the command be
request method head url /abc.com
OR
request method head url /www.abc.com
OR
request method head url www.abc.com
Regards.None of the above
www.abc.com is hostname not URL
If you want to probe home page url at www.abc.com the just use
request method head url /
and make sure that you configure
expect status 200 200
under probe definition.
Syed -
I have an ACE that I configured a couple of days ago with some very rudimentary configs for load sharing an ldap service. The service worked for one day with no problems. This morning around 9am, it stopped working. I can ping the VIP but cannot telnet to port 389 on the VIP. I can telnet to any of the individual servers, the serverfarm shows all nodes operational, the probe shows success.
I can't seem to figure out what has happened to this service. I reloaded the ACE, and still nothing. The sticky database is empty, no connections, nothing. The serverfarm stats look just like it's sitting there idle with nobody connecting. Yet when you try to connect, you don't get connected. It must be something simple, but I've looked at this until I'm not sure where to go next.
The config is as follows:
ciscoace3/Admin# sh run
Generating configuration....
hostname ciscoace3
boot system image:c6ace-t1k9-mz.A2_1_6a.bin
telnet maxsessions 5
resource-class RC1
limit-resource all minimum 0.00 maximum unlimited
limit-resource sticky minimum 10.00 maximum unlimited
context Admin
member RC1
access-list All line 8 extended permit ip any any
probe tcp ldap_probe
port 389
interval 30
passdetect interval 10
rserver host ldapauth1
ip address 10.0.68.56
inservice
rserver host ldapauth2
ip address 10.0.67.176
inservice
rserver host ldapauth3
ip address 10.0.67.177
inservice
serverfarm host ldapauth_farm
rserver ldapauth1
probe ldap_probe
inservice
rserver ldapauth2
probe ldap_probe
inservice
rserver ldapauth3
probe ldap_probe
inservice
sticky ip-netmask 255.255.255.255 address both ldapauth_sticky
timeout 30
replicate sticky
serverfarm ldapauth_farm
class-map match-all ldapauth_vip
2 match virtual-address 10.10.0.10 any
class-map match-all nat
2 match source-address 0.0.0.0 0.0.0.0
class-map type management match-any remote-access
description Remote access traffic match
2 match protocol ssh any
3 match protocol telnet any
4 match protocol icmp any
5 match protocol snmp any
6 match protocol https any
policy-map type management first-match everyone
class remote-access
permit
policy-map type loadbalance first-match ldapauth_lb_policy
class class-default
sticky-serverfarm ldapauth_sticky
policy-map multi-match ldapauth_multi_policy
class ldapauth_vip
loadbalance vip inservice
loadbalance policy ldapauth_lb_policy
loadbalance vip icmp-reply active
loadbalance vip advertise active
policy-map multi-match nat
class nat
nat dynamic 1 vlan 100
interface vlan 100
description Server VLAN (real server vlan)
ip address 10.0.64.250 255.255.192.0
nat-pool 1 10.0.64.251 10.0.64.251 netmask 255.255.255.255 pat
service-policy input everyone
no shutdown
interface vlan 101
description VLAN for Servers
ip address 10.10.0.5 255.255.255.0
service-policy input ldapauth_multi_policy
service-policy input nat
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.64.1You need to apply an access-group to allow traffic to the ACE. Example:
access-group input All
It can be applied globally or to an interface.
See:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/security/guide/acl.html
Regards -
ACE http health probes - best practice for interval and passdetect interval?
Hi,
Is there a recommended standard for http health probes in terms of interval and passdetect interval timings, i.e. should the passdetect interval always be less than the interval or visa versa? Can a http probe be 'mis-configured', i.e. return a 'false positive' by configuring an interval timeout thats 'incompatible' with the device it's polling?
I have a http probe for a serverfarm consisting of two Apache http servers and get intermittent 'server reply timeout' probe failures. I'm keen to ensure that the configuration of the probe isn't at fault so I can be confident that a failed probe indicates a problem with the server and not my configuration.
The probe is currently configured as below:-
probe http http-apache
interval 30
passdetect interval 15
passdetect count 6
request method get url /cs/images/ACE.html
expect status 200 304
Any advice on the subject woud be gratefully received.
thanks
MatthewHi Gilles,
Thanks for the advice. In another dicussion (found here https://supportforums.cisco.com/message/462397#462397) a poster has stated that:-
"(The) "Probe interval" should always be less then (open+recieve) timeout value. Default open & receive timeouts are 10 seconds."
Are you able to advise on whether the above is correct and if so, why? I currently have an interval value of 30 that obviously goes against the advice above (which I've interpretted to mean that if you leave the open & receive timeouts at their default settings your probe interval should be less than 20 seconds?).
thanks
Matthew
Maybe you are looking for
-
Hello All, I'm trying to create a List with ,say , 7 questions..................and i want to link each question with an answer.......... i tried creating alerts for each of the question however not been able to understand how can i link the question
-
How do I remove the ZoneAlarm toolbar? (It's currently disabled, but there's no "Remove" option.)
I'm running FF9 beta in Windows XP -- the ZoneAlarm security toolbar (which I never wanted but was somehow installed anyway) shows up in the extension list as disabled due to incompatibility with Firefox version 9. I'd prefer to just remove the toolb
-
I have to do a lot of proofreading of articles that come out of Iran and also China. I know that I can use 'International' in the preferences to input different fonts, but how do I get to read them in a document that is predominantly in English. In t
-
IPhoto '09 Loses Custom Titles on Import
Hello, All. I've searched these forums and others on the 'net and can't find a reason nor a solution. I import pix from my camera to the Finder, title them manually, start iPhoto and import. Previous versions of iPhoto has retained the titles I give
-
i purchased ilife 06 which included a trial version of iworks 06. i have iworks 05 installed on my g5 with isight. i hesitated to install the trial version thinking it would somehow mess up my 05 version, but the instructions stated it wouldn't affec