Active Directory Binding Errors
I'm having an issue binding a server to AD. I've traced the error to the computer and not the AD account. I can bind other computers with the account I'm using for the server, it just won't bind using from the server. It won't bind using any account at all.
I've tried deleting the following files: everything inside /Library/Preferences/DirectoryService, Library/Preferences/edu.mit.kerberos and /etc/crb5.keytab, but the error remains.
The error I get from the ADPlugin is: Setting Computer Password FAILED for existing record. This doesn't make sense since I can bind using the same account on other computers.
Other things I should try?
XServe G4 Mac OS X (10.4.7)
Try the suggestions on this page.
(14603)
Similar Messages
-
Hi everyone. Putting this here as I could not find a better forum. My company's Macs are bound to a Mac OS X Server, but it's the Active Directory binding that is the issue.
We have a number of Macs, running 10.6.8, that starting sometime recently, began to have login issues. When connected to the network, users could not log in. These are mobile accounts authenticating against a Windows 2008 Active Directory server.
I started by checking whether binding was still valid. It was not. So I attempt to unbind, and there get an "Active Directory Time Error." It appears that usually, this means that the time on the client and the time reported by the AD server are out of sync. But they're not. I can force unbind, and on attempting to rebind, I get the time error again.
In nearly every case, these commands in Terminal resolve the issue:
$ sudo rm -rdfv /Library/Preferences/DirectoryService
$ sudo rm -rdfv /var/db/dslocal/nodes/default/config
$ sudo killall -USR1 DirectoryService
(then restart)
This didn't happen all at once, the issue has been popping up in one 10.6 machine after another. (We also have a number of 10.8 and 10.9 machines, which so far seem unaffected.)
Does anyone have any inkling what factors could be causing this to keep happening?Not sure how you've confirmed that the times are not skewed; I'd (still) look for a problem with the ntp servers (one ntp server with a rogue time within a pool can play havoc with a network, for instance), and whether the local ntp clients are all reporting as being locked. See the ntpdc -c peers command, among other commands.
-
Snow Leopard and Windows 2003 Active Directory Binding Issues
Ok I have a new imac 27" with snow leopard (completely patched).
I am attempting to join it to an active directory domain.
First the prequel:
* I have opened full traffic to and from the machine and our domain controllers
* I have enabled full logging on the firewall and there are no blocked packets
* I have used wireshark to watch the traffic on the mac and there appear to be no anomalies (packets being sent out but not getting a response, dns requests that aren't answered, etc)
* I have enabled full KDC logging on the domain controller in question and there are no errors in any of the event logs on either domain controller.
* The domain admin account in question has Enterprise, Schema and Domain Admin rights
* I have tried it both with and without an existing computer account and with every conceivable combination of caps and no caps on domain name, user and computer names.
I am getting the following error at the very end of the process:
"Unable to add server. Credential operation failed because an invalid parameter was provided (5102)"
I enabled debugging on Directory Services and will post a log in a reply.
Anyone have any ideas? I have been banging my head on this for a week with no luck.Here is the log with the Active Directory: entries grepped... the full log is far too large to reply to here, if you think you need it let me know and I can email it to you it is 548kb
obviously machine names, usernames and ip addresses have been munged.
2011-02-09 12:13:32 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:36 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:41 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:46 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 1 - Searching for Forest/Domain information
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 2 - Finding nearest Domain controllers
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 3 - Verifying credentials
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Attempting Replica connect to dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: CheckWithSelect - good socket to host dc3.subdomain.domain.tld. from poll and verified LDAP
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Established connection to dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:vyvyIt4
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:vyvyIt4
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Processing Site Search with found IP
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: No site name available
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating Mappings from inSchema.........
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated schema for node name subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Configuration naming context = cn=Partitions,CN=Configuration,DC=subdomain,DC=domain,DC=tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Top domain set as <cn=subdomain,cn=partitions,cn=configuration,dc=subdomain,dc=domain,dc=tld>
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating domain hierarchy cache
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating policies from domain subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated policies for node name subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - Searching for existing computer
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:zXpbfEi
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:zXpbfEi
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing Computer search for Ethernet address - 10:9a:dd:56:1b:1d
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - no mapping for Ethernet MAC address
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 5 - Bind/Join computer to domain
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Looking for existing Record of machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: KerberosID Found for account CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld - MACHINENAME$
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Existing record found @ CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld with [email protected].
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Setting Computer Password FAILED for existing record......
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Computer password change date is 2011-02-04 18:21:01 -0500
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Schtldled computer password change every 1209600 seconds - starting 2011-02-09 12:13:50 -0500
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x00000001026AA000\] - Active Directory: Failed to changed computer password in Active Directory domain
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:51 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
Message was edited by: aelana -
Credential Roaming failed to write to the Active Directory. Error code 5 (Access is denied.)
Hi All,
I could see following error event in all client computers , Could you please some one help me on this ?
Log Name: Application
Source:
Microsoft-Windows-CertificateServicesClient-CredentialRoaming
Event ID: 1005
Level: Error
Description: Certificate Services Client: Credential Roaming failed to write to the Active Directory. Error code 5 (Access is denied.)
Regards, Srinivasu.MuchcherlaIf you are not using certificates and Credential Roaming for clients then simply ignore the error message.
If you are using certificates then you are getting access denied message when Credential Roaming is trying to write to your AD. More details about Credential Roaming here: http://blogs.technet.com/b/askds/archive/2009/01/06/certs-on-wheels-understanding-credential-roaming.aspx
http://blogs.technet.com/b/instan/archive/2009/05/26/considerations-for-implementing-credential-roaming.aspx
This is probably related to the fact that your schema version not 44 or higher: https://social.technet.microsoft.com/Forums/windowsserver/en-US/5b3a6e61-68c4-47d3-ae79-8296cb3be315/certificateservicesclientcredentialroaming-errors?forum=winserverGP
Active Directory
ObjectVersion
Windows 2000
13
Windows 2003
30
Windows 2003 R2
31
Windows 2008
44
Windows 2008 R2
47
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
"24427 Access to Active Directory failed" error in ACS 5.1
Hello,
I'm working on implementing a RADIUS authentication for wireless access with the following :
- PCs running Windows 7, protocol used is PEAP (without validating the server certificate to make it simple at first),
- AP 1252 configured to use a RADIUS server to authenticate (it's working good with an ACS server 4.2),
- ACS Server 5.1.0.44.5 running as VM connected to an AD domain and working good with VPN connections,
- AD domain running on Windows 2003 Server.
My ACS VM is working good since a couple of months for VPN (RADIUS) and administration (TACACS) remote access, both using Active Directory. Now, I'd like to use it to authenticate people connecting to a 1252 Cisco access point but I'm getting this error "24427 Access to Active Directory failed". I switched from PEAP to LEAP but this is the same.
All I can get running the expert troubleshoot
Investigating failure code: 24427 Access to Active Directory failed
Checking if Active Directory is configured
Active Directory is configured
Attempting connection to Active Directory
Connection to Active Directory was successful.
Troubleshooting completed.
Click on Show Results Summary to view results.
I followed this guide, at least for the ACS certificate section :
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml
Anyone has an idea where the problem may come from?
Thanks in advance,
Vincenthey there, I ran into the same issue with 5.3 and it turned out being this bug. i came across your post looking for instructions on retrieving the logs. thanks mate.
link
Problem: Error "24495 Active Directory servers are not available"
Authentication starts failing with this error: 24495 Active Directory servers are not available. in the ACS 5.3 logs.
Solution
Check the ACSADAgent.log file through the CLI of the ACS 5.x for messages such as:Mar 11 00:06:06 xlpacs01 adclient[30401]: INFO base.bind.healing Lost connection to xxxxxxxx. Running in disconnected mode: unlatch. If you see the Running in disconnected mode: unlatch error message, this means the ACS 5.3 cannot maintain a stable connection with Active Directory. The workaround is to either switch to LDAP or downgrade the ACS to 5.2 version. Refer to Cisco bug ID CSCtx71254 (registered customers only) for more information. -
Active Directory binding not working
Hi
I'm trying to bind to my active directory at work.
On tiger I used the following settings
serverdomain.ad
the servers name is machine
Which worked fine.
On leopard when I use either serverdomain.ad or machine.serverdomain.ad I get the following error message
(loosely translated from swedish)
An unknown combination of domain and treecollection was used. You should use a complete DNS-name for the domain and tree collection (i.e something.company.se)
Does anyone know what I should use..the FQDN is machine.serverdomain.ad - shouldnt that work?The answer was dns.. my client was using the correct nameserver.
The binding worked after that..although I'm not sure its autenticating as it should -
Failed JNDI - Active Directory binding
Hello everyone,
First off, forgive me if I'm posting to the wrong place and please let me know where I should post.
I have a very simple Java application (more or less copied from the Sun tutorial on JNDI) and am trying to connect to a Win 2003 R2 domain controller with active directory configured and populated.
No matter what I try I get
Problem searching directory: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'RootDSE'
I can bind using any of the standard win32 programs including ldp.exe. I can also bind and browse using Softerra LDAP Administrator without problems. I'm obviously missing something, but I can't see what. Please help.
There is no authentication info in the code because I'm hoping that's not needed as long as I'm logged into the windows machine I'm running this on.
Here's the code:
package printerfinder00;
import java.util.Hashtable;
import java.util.jar.Attributes;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
public class Main {
public static void main(String[] args) {
Hashtable env = new Hashtable();
String ldapURL = "ldap://dc01.hr.local:389/";
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapURL);
try {
DirContext ctx = new InitialLdapContext(env, null);
SearchControls searchCtls = new SearchControls();
String returnedAtts[] = {"sn", "givenName", "mail"};
searchCtls.setReturningAttributes(returnedAtts);
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "(&(objectClass=user)(mail=*))";
String searchBase = "RootDSE";
int totalResults = 0;
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
totalResults++;
System.out.println(">>>" + sr.getName());
Attributes attrs = (Attributes) sr.getAttributes();
if (attrs != null) {
try {
System.out.println(" surname: " + attrs.get("sn").get());
System.out.println(" firstname: " + attrs.get("givenName").get());
System.out.println(" mail: " + attrs.get("mail").get());
} catch (NullPointerException e) {
System.out.println("Errors listing attributes: " + e);
System.out.println("Total results: " + totalResults);
ctx.close();
} catch (NamingException e) {
System.err.println("Problem searching directory: " + e);
}I think the error message is quite descriptive !
Problem searching directory: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'RootDSE'
Firstly you have not supplied any credentials or configured an authentication mechanism, hence you cannot perfom a search.
For simple authentication, it would be something of the form: String adminName = "FOOBAR\\administrator";
String adminPassword = "xxxxxxx";
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);Secondly, your search base is incorrect (although you haven't got to the stage where this will generate an error)
BTW, The search base will be a distinguished name of the form:"dc=foobar,dc=com"If you are perfoming this from a Windows client, and want to utilise single sign-on, then you will want to refer to the post titled "JNDI, Active Directory and Authentication (Part 1) (Kerberos)" available at http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
Good luck... -
Active Directory Binding Problems
Hi all,
I'm trying to bind to Active Directory but keep on getting the "unknown error occurred" at step 5.
I captured the adplugin debug log, the only error I can see is the following:
2006-03-30 15:53:48 BST - ADPlugin: Setting Computer Password FAILED Deleted Record......
Has anyone had the same problem? If so any ideas how to overcome it?
See Complete debug log below.
2006-03-30 15:33:07 BST - ADPlugin: PeriodicTask Called.......
2006-03-30 15:33:07 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:07 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:35 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:35 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:35 BST - ADPlugin: Doing CheckServerRecords......
2006-03-30 15:33:35 BST - ADPlugin: student.hastings.ac.uk - Start checking servers for site "any"
2006-03-30 15:33:35 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 1, kPasswd - 1
2006-03-30 15:33:35 BST - ADPlugin: No matching _kerberos records for server - "napier.student.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: student.hastings.ac.uk - Finished checking servers for domain
2006-03-30 15:33:36 BST - ADPlugin: Got rootDSE for server rutherford.student.hastings.ac.uk to determine forest
2006-03-30 15:33:36 BST - ADPlugin: Determined Forest of hastings.ac.uk from Domain Controller rutherford.student.hastings.ac.uk
2006-03-30 15:33:36 BST - ADPlugin: Found Default Domain student.hastings.ac.uk
2006-03-30 15:33:36 BST - ADPlugin: Global Catalogs - Start checking servers for site "any"
2006-03-30 15:33:36 BST - ADPlugin: Total Servers "any" LDAP - 3, Kerberos - 2, kPasswd - 2
2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Server #2 picked - "kepler.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Found Forest Domain GC hastings.ac.uk
2006-03-30 15:33:36 BST - ADPlugin: hastings.ac.uk - Start checking servers for site "any"
2006-03-30 15:33:36 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "kepler.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Server #2 picked - "galileo.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Found Forest Domain hastings.ac.uk
2006-03-30 15:33:36 BST - ADPlugin: Something wrong, unable to determine domain information from Config container......
2006-03-30 15:33:36 BST - ADPlugin: Finished CheckServerRecords......
2006-03-30 15:33:36 BST - ADPlugin: Created KerberosClient record Generation ID 165422016
2006-03-30 15:33:36 BST - ADPlugin: Rebuilt Kerberos File
2006-03-30 15:33:36 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:36 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:36 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:36 BST - ADPlugin: Doing CheckServerRecords......
2006-03-30 15:33:37 BST - ADPlugin: PeriodicTask Called.......
2006-03-30 15:33:41 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:41 BST - ADPlugin: No existing connection in connection mgr for [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:41 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
2006-03-30 15:33:41 BST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:41 BST - ADPlugin: Processing Site Search with found IP
2006-03-30 15:33:41 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:41 BST - ADPlugin: student.hastings.ac.uk - Start checking servers for site "any"
2006-03-30 15:33:41 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 1, kPasswd - 1
2006-03-30 15:33:41 BST - ADPlugin: No matching _kerberos records for server - "napier.student.hastings.ac.uk"
2006-03-30 15:33:41 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
2006-03-30 15:33:41 BST - ADPlugin: student.hastings.ac.uk - Finished checking servers for domain
2006-03-30 15:33:42 BST - ADPlugin: Got rootDSE for server rutherford.student.hastings.ac.uk to determine forest
2006-03-30 15:33:42 BST - ADPlugin: Determined Forest of hastings.ac.uk from Domain Controller rutherford.student.hastings.ac.uk
2006-03-30 15:33:42 BST - ADPlugin: Found Default Domain student.hastings.ac.uk
2006-03-30 15:33:42 BST - ADPlugin: Global Catalogs - Start checking servers for site "any"
2006-03-30 15:33:42 BST - ADPlugin: Total Servers "any" LDAP - 3, Kerberos - 2, kPasswd - 2
2006-03-30 15:33:42 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
2006-03-30 15:33:42 BST - ADPlugin: Server #2 picked - "kepler.hastings.ac.uk"
2006-03-30 15:33:42 BST - ADPlugin: Found Forest Domain GC hastings.ac.uk
2006-03-30 15:33:42 BST - ADPlugin: hastings.ac.uk - Start checking servers for site "any"
2006-03-30 15:33:42 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2006-03-30 15:33:42 BST - ADPlugin: Server #1 picked - "kepler.hastings.ac.uk"
2006-03-30 15:33:42 BST - ADPlugin: Server #2 picked - "galileo.hastings.ac.uk"
2006-03-30 15:33:42 BST - ADPlugin: Found Forest Domain hastings.ac.uk
2006-03-30 15:33:42 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:42 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:42 BST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:42 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:42 BST - ADPlugin: Finished CheckServerRecords......
2006-03-30 15:33:42 BST - ADPlugin: Created KerberosClient record Generation ID 165422022
2006-03-30 15:33:42 BST - ADPlugin: Rebuilt Kerberos File
2006-03-30 15:33:42 BST - ADPlugin: Closing All Connections - Connection Manager
2006-03-30 15:33:42 BST - ADPlugin: Closing Connection - [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:42 BST - ADPlugin: Closing All Connections - Connection Manager Completed
2006-03-30 15:33:42 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:42 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:42 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:42 BST - ADPlugin: Verify called for [email protected]
2006-03-30 15:33:43 BST - ADPlugin: Verify successful for [email protected]
2006-03-30 15:33:43 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:43 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:43 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:43 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:43 BST - ADPlugin: No existing connection in connection mgr for [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:43 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
2006-03-30 15:33:43 BST - ADPlugin: Read Context information from server for schemaNamingContext of CN=Schema,CN=Configuration,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:47 BST - ADPlugin: Updating Mappings from Schema..........
2006-03-30 15:33:47 BST - ADPlugin: Doing Computer search for Ethernet address - 00:0a:95:e4:05:84
2006-03-30 15:33:47 BST - ADPlugin: Doing DN search for account - testibook
2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus -14136.
2006-03-30 15:33:47 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:47 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:47 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:47 BST - ADPlugin: Looking for existing Record of testibook
2006-03-30 15:33:47 BST - ADPlugin: Doing DN search for account - testibook
2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus -14136.
2006-03-30 15:33:47 BST - ADPlugin: Attempting Add Record......
2006-03-30 15:33:47 BST - ADPlugin: Adding in OU = CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:47 BST - ADPlugin: Added record CN=testibook,CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:47 BST - ADPlugin: Setting Computer Password......
2006-03-30 15:33:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:35:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:37:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:39:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:41:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:43:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:45:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:47:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:49:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:51:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:53:48 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:53:48 BST - ADPlugin: Existing connection too old in connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:53:48 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
2006-03-30 15:53:48 BST - ADPlugin: Deleting Record CN=testibook,CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk...
2006-03-30 15:53:48 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:53:48 BST - ADPlugin: Setting Computer Password FAILED Deleted Record......
2006-03-30 15:53:48 BST - ADPlugin: Updating Local Admin Group
2006-03-30 15:53:49 BST - ADPlugin: Cleaning Previous Additions to Local Admin Group
2006-03-30 15:53:49 BST - ADPlugin: Sending lookupd flushcache at request!
2006-03-30 15:53:49 BST - ADPlugin: Resetting memberd cache also!
2006-03-30 15:53:49 BST - ADPlugin: Closing All Connections - Connection Manager
2006-03-30 15:53:49 BST - ADPlugin: Closing Connection - [email protected]@student.hastings.ac.uk:389
2006-03-30 15:53:49 BST - ADPlugin: Closing All Connections - Connection Manager Completed
2006-03-30 15:53:49 BST - ADPlugin: Bind/Join failed - Launching kerberosautoconfig -u
2006-03-30 15:53:49 BST - ADPlugin: Calling CloseDirNode
Many Thanks
PaulHi Paul!
I've personally never seen this error message, but a quick search on Google (which you may have already done as well) for "Setting Computer Password FAILED Deleted Record" found someone else who had the same problem. His issue was firewall related and was fixed by opening some ports for AD. He also provides a link to a Microsoft KB article about this.
Hope this helps and good luck! bill
1 GHz Powerbook G4 Mac OS X (10.4.5) -
Dear all,
We have an issue regarding active directory user registry. Our application wants to retrieve the user registry from active directory,
So after we type the domain name, username and password for the domain admin, the apps add a schema in the AD, usually we directly can get the respons from the active directory server.
Below is the log from the configuration
< 3/17/2013 - 8:26:43 PM
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<
3/17/2013-8:27:03 PM: Configuring Access Manager Policy Server....
C:\PROGRA~2\Tivoli\POLICY~1\sbin\ivmgrd_setup.exe -y no -m "********" -
r 7135 -l 1460 -t 7200 -D no -f no
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
hostname
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
useEncryption
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
domain
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
dnforpd
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
Multi-domain
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
bind-id
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
bind-pwd
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
C:\PROGRA~2\Tivoli\POLICY~1\sbin\mgrsslcfg.exe -config -f no -t 7200 -l
1460 -D no
Creating the SSL certificate. This might take several minutes.
The SSL configuration of the Tivoli Access Manager policy server
has completed successfully.
The policy server's signed SSL certificate is base-64 encoded and
saved in text file "C:\PROGRA~2\Tivoli\POLICY~1\keytab\pdcacert.b64."
This file is required by the configuration program on each machine
in your secure domain.
C:\PROGRA~2\Tivoli\POLICY~1\sbin\bassslcfg.exe -config -f no -c "C:
\PROGRA~2\Tivoli\POLICY~1\keytab\pdcacert.b64" -p 7135 -h TAMEB1
The SSL configuration of Access Control Runtime has completed
successfully.
Tivoli Access Manager policy server domain name: Default
Tivoli Access Manager policy server host name: TAMEB1
Tivoli Access Manager policy server listening port: 7135
2013-03-17-20:27:13.770-07:00I----- 0x16B48064 PID#2848 ERROR rgy ad E:
\build\am611\src\uraf\ad\schema\adschema_update.cpp 550 0x00000ad0
HPDRG0100E The operation in the Active Directory registry for
adschema_update.exe: ADSCHEMA_CHECK_SCHEMA_RIGHTS failed with return
error 8000500d.
adschema_update: result 1, retcode -2147463155
HPDBG0938E Configuration failed.
3/17/2013-8:29:13 PM: HPDBG0938E Configuration failed.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>
> 3/17/2013 - 8:29:15 PM
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>
Please your advice,
Thanks,
Best Regards,
AchmadHi you log states:
adschema_update.exe: ADSCHEMA_CHECK_SCHEMA_RIGHTS failed
with return
error 8000500d.
The error code is documented in
this kbTo go short i think the running user does not have the required privilegs to edit the AD schema. You need to be member of 'Schema Admins' in the forest root domain to edit the AD schema.
MCP/MCSA/MCTS/MCITP -
Connect Active Directory Sync Error - operation-size-error
We are on Connect 9. We have our Active Directory Sync running once per day. I received a sync log error as follows:
E-Learning-All-Empl-grps
G
error
Change$Update$Group: SyncTargetException: StatusException$OperationSizeError: <status code="operation-size-error"/>
The E-Learning-All-Empl-grps is a distribution list in Active Driectory that is used to contain one of 9 sublists. Each sub-list has up to 800 names. This was to get around an earlier issue with their being a limitation when we are on Breeze that only a max of 800 names could be in any group.
What does this error mean and how can I correct this?
DaveI tried all of this, I still can not bind my Mac 10.6.3 to Microsoft Windows 2003 R2 Active Directory, and the failure I receive that Time settings between both computers is not synced although the time is the same on both machines, and I restart the NNTP on Windows Server, and added the Active Directory IP Address on the Date & time Settings on Mac.
Any Help -
Weblogic 10.3.3 and Windows Active Directory connection error
Hi,
A i am trying to set up Windows AD LDAP realm.
But the connection is not working. I have already double checked the passwords, user names and host. Everything is correct - but the only thing that i got in the log file is this (with enabled debug):
<Debug> <JMXCore> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <Invoking method listUsers with (java.lang.String,java.lang.Integer,)>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <list users, user:*,max:1001>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <new LDAP connection to host 192.168.10.253 port 389 use local connection is false>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <created new LDAP connection LDAPConnection { ldapVersion:2 bindDN:""}>
<Debug> <DiagnosticContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <new localDiagnosticContext for thread [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
<Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.management.JMXContext, | SOAP)>
<Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.diagnostics.DiagnosticContext, | MIME_HEADER)>
<Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098144> <BEA-000000> <connection failed netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772 >
<Error> <Console> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098160> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3479)
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3466)
at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2251)
at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:227)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy149.listUsers(Unknown Source)
at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2121)
at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:159)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:257)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:416)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:429)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:389)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:212)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:253)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:131)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.reflect.InvocationTargetException
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4153)
at weblogic.security.utils.Pool.newInstance(Pool.java:37)
at weblogic.security.utils.Pool.getInstance(Pool.java:33)
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3474)
... 117 more
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4130)
... 120 more
>
could any one know where is the problem or do i need some patch to apply? I am running out of ideas what could be the cause to it.
Thanks in advance!Hi ,
From the error stack trace I could find the below error.
Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
This error occurs if there is a LDAP authentication issue for the user used to bind to Active Directory, the value
Data 525, refers to user not found error that is used to bind to the Active Directory.
Make sure you have the correct credentials to connect to the Active Directory.
You can simplify the test using the LDAP Broswer, which helps you to connect to the LDAP servers.
A sample usage of LDAP Broswer is given below.
http://weblogic-wonders.com/weblogic/2010/05/20/connecting-to-weblogic-server-embedded-ldap-using-ldap-browser/
Note: The LDAP Browsers help us to traverse the LDAP Tree, there are many LDAP Broswers available in the market.
You can download a sample version of softerra.
http://www.ldapbrowser.com/download.htm
You can also refer the below link for details about WebLogic and Active Directory configuration.
http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
For more details about different LDAP Issues.
http://weblogic-wonders.com/weblogic/2010/11/08/common-ldap-server-issues/
Regards,
Anandraj
http://weblogic-wonders.com -
10.5.3 and Active Directory Binding
Hi gang!
Ever since I updated to 10.5.3, I am having all sorts of issues with AD binding to our domain now.
I'll try to keep it short...
It started with a Kerberos prompt from Entourage 2008. I was prompted with an update Kerberos window to enter my password. Entered my password but got an error that my password was invalid.
Navigated and opened the kerberos.app and noticed no ticket. Tried to create a new ticket. I was prompted with my account does not exist.
Opened directory utility and saw that my AD domain was red and my server was not responding.
Tried to unbind, got an error that the account and every other account I tried was invalid, again. Could not unbind even after restarting a few times.
So I decided to reset everything by deleting the DirectoryService directory from Library/Preferences and restarted.
Re-entered all my company information to now get an INVALID ERROR!
I cannot bind now no matter what information I enter.
And if it does pass all the steps and bind, the forest information and domain administration is not entered or received. Red dot server not responding.
I even reinstalled 10.5.3.
Still cannot bind.
Anyone know what gives?Ok here is what I did to fix our AD/OD issues.
Login in as root.
Unbind both AD/OD and delete them.
On the Mac Server remove all three entries pertaining to machine in OD.
machine$, machine.local, LKDC......
from a terminal you can type with no quotes "dscl . -read /Users/Admin AuthenticationAuthority" to get the Hash value.
On AD delete the machine record for the computer your trying to bind (if it exists)
Delete contents of /Library/Preferences/DirectoryService (not the folder!)
Delete system keychain /Library/Keychain/System.keychain
Empty Trash
Open up Terminal Go > Utilities > Terminal
type with no quotes: "sudo rm -fr /var/db/krb5kdc"
Then type with no quotes: "sudo /usr/libexec/configureLocalKDC"
this will recreate the Hash value for the machine.
Reboot (Important)
Login as root.
Open directory Services.
Bind to OD, then to AD.
Under services make sure your "/Active Directory/All Domains" is higher than your OD record if you want authentication from AD.
Open up your Date & Time preferences and sync clock with your AD server.
Reboot.
Login. (It did take awhile before I could login, about 5-15 minutes)
I hope this helps. -
The last 3 days or so random Macs from our 350 or so here have been falling off our Active Directory domain. When trying to unbind/rebind them Directory Utility tells me all about how AD "only permits slight variations between clocks on your computer and the AD server." This I know - Kerberos will only allow up to 5 mins difference between a workstation and the server. For this reason we sync the server (main domain controller) with a network time service, and sync all workstations and other servers to that server. This has never been a problem, and indeed works fine - the time on the workstation exactly matches the server time/time zone/date, etc.
So why is the AD plugin (and Kerberos) telling me that the clocks are out of sync when they patently are not?
This is happening with Macs of all kinds - 10.3 to 10.5, Intels, PPCs, everything.
My current workaround is to stop the Mac getting its time from the server, changing the clock by a couple of seconds, and then re-binding. This generally works. The odd ones that this doesn't work on, or that fall off the domain again within 24 hours, I've removed from AD and have given local logins to for now. I'm getting to the point where I just want to scrap AD integration and get every machine locally authenticating!
Our AD guys swear there have been no patches or changes on their end. I am equally certain there have been no changes to the Macs. So what could it be???Thank you, this has (again, indirectly) solved the problem. I had asked out network administrator to check the time on both domain controllers a couple of weeks ago when the issue started. He had only checked the primary, assuming that the second DC was syncing time with that. Your helpful post prompted me to go check it myself and found a 6 minute difference between the two. Manually resetting the second DC to the same time as the first fixed the problem.
Now Mr Network Admin is left with the task of working out why dc2 isn't getting the right time. Me, I'm thankful that it's not my problem any more and just have the task of rebinding 60 or 70 machines.
Thanks! -
This active directory is a replica of master on 2nd Mac Mini server which still thinks replica is there (perhaps it is) and will not let us delete in order to recreate. Both servers are running 10.8.4. Nothing changed on either server, simply did a reboot. When we logged in, Active Directory was turned off and when trying to turn on or access received message "Unable to open the requested node. The node LDAPV3/127.0.0.1 could not be opened because of an unexpected error -14006".
Does any one have experience with this and how can we recover? Thanks in advance for your help.Hi again,
I've been able to run Reports by changing the "Reports_Tmp" key in the Registry under:
Hkey_local_machine\software\oracle\home0\
to the D:\ drive -
Active directory Webservice error
I have installed and configured the active directory authentication webservice. I get the following error when I try to synchronize. Does anybody know the reason for the error?
Apr 28, 2006 11:35:13 AM- Sync Agent is processing memberships.
Apr 28, 2006 11:35:13 AM- ERROR: Authentication source sync agent failed to synchronize user and group memberships to parent group '9fa1505c-7ece-4f55-8d7a-76fa78684605' (ID=276).
*** Exception was: com.plumtree.server.impl.soap.OpenSoapException: Error in function AWSProvider.GetMembers (sUniqueGroupName == '9fa1505c-7ece-4f55-8d7a-76fa78684605'): Error in function SOAPEnvelope.Restore (arrayText == [B@23bdd1): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.So
ap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:622)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessSingleGroupMemberships(PTAuthSourceAgent.java:3599)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessMemberships(PTAuthSourceAgent.java:2203)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.PerformOperation(PTAuthSourceAgent.java:330)
at com.plumtree.automationserver.shell.PTJobShell.perform(PTJobShell.java:628)
at com.plumtree.automationserver.shell.PTJobShell.runJob(PTJobShell.java:210)
at com.plumtree.automationserver.shell.PTJobShell.run(PTJobShell.java:100)
Caused by: com.plumtree.server.impl.soap.OpenSoapException: Error in function SOAPEnvelope.Restore (arrayText == [B@23bdd1): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.soap.SOAPEnvelope.Restore(SOAPEnvelope.java:68)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:1017)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:906)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:616)
... 6 more
Caused by: com.plumtree.server.impl.soap.Ope
nSoapException: SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.server.impl.soap.SOAPParser.LoadInternal(SOAPParser.java:681)
at com.plumtree.server.impl.soap.SOAPParser.LoadBinary(SOAPParser.java:590)
at com.plumtree.server.impl.soap.SOAPEn<i></i>I am able to import one group. The users in this group doesn't get imported, instead it imports 1 user with the same name as the group.
The following are the job logs:-
May 2, 2006 12:37:13 PM- Starting to run operations (1 total) for job 'Active Directory AS Job'. Will stop on errors.
May 2, 2006 12:37:13 PM- *** Job Operation #1 of 1: AuthSource Agent [Run as owner 'Administrator']
May 2, 2006 12:37:13 PM- Creating the Everyone In Auth Source group (if one doesn't already exist).
May 2, 2006 12:37:13 PM- **********************************************************************************
May 2, 2006 12:37:13 PM- Sync Agent is processing groups.
May 2, 2006 12:37:14 PM- **********************************************************************************
May 2, 2006 12:37:14 PM- Sync Agent is processing users.
May 2, 2006 12:37:14 PM- ActiveDirectory\Technology - Portal
May 2, 2006 12:37:14 PM- **********************************************************************************
May 2, 2006 12:37:14 PM- Sync Agent is processing memberships.
May 2, 2006 12:37:14 PM- ERROR: Authentication source sync agent failed to synchronize user and group memberships to parent group '9fa1505c-7ece-4f55-8d7a-76fa78684605' (ID=278).
*** Exception was: com.plumtree.server.impl.soap.OpenSoapException: Error in function AWSProvider.GetMembers (sUniqueGroupName == '9fa1505c-7ece-4f55-8d7a-76fa78684605'): Error in function SOAPEnvelope.Restore (arrayText == [B@44d990): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soa
p.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:622)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessSingleGroupMemberships(PTAuthSourceAgent.java:3599)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessMemberships(PTAuthSourceAgent.java:2203)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.PerformOperation(PTAuthSourceAgent.java:330)
at com.plumtree.automationserver.shell.PTJobShell.perform(PTJobShell.java:628)
at com.plumtree.automationserver.shell.PTJobShell.runJob(PTJobShell.java:210)
at com.plumtree.automationserver.shell.PTJobShell.run(PTJobShell.java:100)
Caused by: com.plumtree.server.impl.soap.OpenSoapException: Error in function SOAPEnvelope.Restore (arrayText == [B@44d990): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.soap.SOAPEnvelope.Restore(SOAPEnvelope.java:68)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:1017)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:906)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:616)
... 6 more
Caused by: com.plumtree.server.impl.soap.Open
SoapException: SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.server.impl.soap.SOAPParser.LoadInternal(SOAPParser.java:681)
at com.plumtree.server.impl.soap.SOAPParser.LoadBinary(SOAPParser.java:590)
at com.plumtree.server.impl.soap.SOAPEnv
elope.Restore(SOAPEnvelope.java:65)
... 9 more
Maybe you are looking for
-
End routine to populate Info-cube.
Hi , Is it possible to load fileds of a Info-cube using End routines in the following scenairos. 1.Loading fields of info-cube by referencing/using a master data table in End routine. 2.Loading fields of info-cube by referencing/using a DSO fields i
-
How to install the Solution Manager
Hi Gurus, any one can help me out i want to install the Solution Manager 4 any one can help me out like what is the minimum HDD & RAM is required, and how many exports wil required this Solman. Can i download from Market place please gurus help me
-
My wireless keyboard is now azerty - I use it with my ipad - how can i come back to qwerty ??
My daughter played with my ipad and my wireless keyboard is now an azerty !! How can I come back to qwerty ?
-
Importing DV files from HD tape camera into one file
Hi there, I have an old sony HD Cam using DV tapes. I am capturing those tapes into Final Cut Pro to keep the original files in a .mov format, but when I do that, Final Cut slices the movie in 100 little pieces. I would like to know if there is a way
-
I can´t synchronise my iphone. The process doesn´t start
Hey folks since three days i cannot synchronise my Iphone.Itunes tells me the process could not start. I already made newstart with it but it didn´t work. any ideas ???would be great!!!! thanks