ADCS Enable User is not getiing Initiated

Hi All,
ADCS Enable user is not getting initiated, when ever OIm user gets enabled. I am assuming, If we enable OIm user, then Oim will enable all resource accounts of that particular users by default. Am I correct? In that case, OIm is not initiating Enable ADCS user adapter, when I enable oim user
(User is having account on AD). Do I need to perform any thing here to initiate that adapter?
Please suggest
Thanks.

Rajiv,
We have not used any event handlers in our implementation, but some how, getting the following error, when ever, we modify any user.
<Nov 9, 2011 4:44:23 PM EST> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
How can I find it out this event handler and delete? please suggest.
Thanks.

Similar Messages

Enable User is not working for Provisioning

Hi,
I am trying to provision enable user to target system. For that, in my process definition, I have a task "Enable User" added with Task Effect as "Enables Process Or Access To Application" with Conditional, Required for Completion, Allow Cancellation while Pending, and Allow Multiple Instances selected. But somehow it's not working. I have checked, system property XL.EnableDisabledResources is set to TRUE. Can you please help me with this.
As an alternative solution, I have also tried adding "USR_STATUS" or "USR_DISABLED" code under Lookup.USR_PROCESS_TRIGGERS and having a task and having a task added in my process definition with same name as meaning of this code. But those are also not working. This is exactly like Change First Name meaning under Lookup.USR_PROCESS_TRIGGERS. So, I hoped change in USR_STATUS or USR_DISABLED will trigger my task, but no luck :-(
Can anybody please help with this? I have also read some that Enable User has some issues in OIM 11g R2. If that is the case, what's my alternatives?
BTW, scheduled job "Evaluate User Policies" is also enabled and running successful every 10 minutes.
Thanks,
Ashish

Hi Have you get to know what was cause of this issue yet? If yes, can you share of what have you found?
Thanks

Enabled users are not seen in the rtc database

Hi,
I have installed Lync 2013 into our environment and I am having an issue where users enabled for Lync are not able to log into the client, receiving the error:
"You didn't get signed in. It might be your sign-in address or logon credentials, so try those again. If that doesn't work, contact your support team."
We have an EE FE pool and all the AD prep and server install sections completed successfully.
When a user is enabled via the Control Panel or using Enable-CsUser, all the relevant attributes within AD are populated and visible in AD and the Get-CsUser command. However, running dbanalyze with /report:user returns the following error:
###50010:ReportUserData: [email protected] is not found in this database.
Also, running dbanalyze with /report:diag returns:
No contacts found in the database.
I have checked SQL profiler and can see similar issues to this post -
http://jamesosw.wordpress.com/2013/08/04/cant-sign-in-to-lync/ with the same errors in SQL Profiler and OCS Logger Tool, but we only have one domain, so this fix doesn't work and isn't relevant anyway.
Is there anyone who could shine a light on this problem?
Thanks,
James

Run
Update-CsUserDatabase and after 5 minutes Can we get the output of Get-csuserpoolinfo -identity "domain\username"
Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph

OIM 11g - User Not enabled After the job "enable user after start date"

Hi,
I have a future hired user in OIM whose start date is set in OIM. The status of the user in OIM is 'Disabled Until Start Date'.
After the start date has passed and the scheduled job 'enable user after start date' is run, I see that the user is still in the status 'Disabled Until Start Date'. I re-run the scheduled job 'enable user after start date', this time manually, still the state of the user remains unchanged.
Please help in troubleshooting as to find out the root cause of the issue and a workaround/solution, if possible.
This issue is intermittent and has happened with quite a number of user. Any pointer would be helpful.
Regards,
Sudipto S.

I agree with Nayan.
One alternative approach can be to write your own custom scheduler which can overcome the limitation of OOTB scheduled job 'enable user after start date'. Let the OOTB job get executed first. After it, your custom scheduler should fire a simple SQL Query:
SELECT USR_KEY, USR_STATUS FROM USR WHERE (USR_START_DATE > SYSDATE -1) AND USR_STATUS='Disabled Until Start Date';
//Means those users who are supposed to get enabled today and are still not yet enabled and are in 'Disabled Until Start Date'. May be 2-3 user keys at max will come...
As you said it happens only intermittently and not for all users... So, let the OOTB scheduled job take care of most of such users... And after it has finished, if any user still remains in 'Disabled Until Start Date', your custom scheduler should enable it via using tcUserOperationsIntf.enableUser(userKey);
Using API is always better than database update... Because APIs trigger downstream provisioning workflows as well and not just updates OIM Database...
Keeping your constraints in mind, I think it is the correct answer.

Enable User task is not getting triggered

Hi All
We have a provisioning workflow configured. "Enable User" task is not getting triggered while the user is enabled in OIM. Can anyone give a clue as to how to get it triggerd? Rest all the tasks are fine (Create, Disable, Delete, and other custom tasks)
Thanks,
Vinay

There is a OOTB scheduled Task "Enable After Start Date". once the user get enabled in OIM user profile. You have to run this task manually to have effect on corresponding RO for enablement. Else it will execute automatically as per scheduled time.
if the version of OIM is 11.1.1.5. There is an issue. update patch BP02. for same
--nayan

Acrobat 8 Form - "This Operation Not Permitted" error when enable user rights and open Reader X

I have a form which is causing me fits. It was created from an existing PDF form to which I added data fields using LifeCyele Designer.
When I enable user rights to the document and try to open it in either Adobe Reader X or Acrobat 8 Pro I get the message "This operation is not permitted" twice. Once I get rid of the messages the form works fine.
Is there a way to upload the form to this forum for someone to look at it?
With my limited knowledge, I did try to investigate embeded font issues and hidden object issues. But after much work I've not gotten much closer to a resolution.
Best,
David

You cannot upload the file to the forum, but you can use Acrobat.com or Dropbox if you have an account. If you ha e no other options I'd be happy to take a look: acroscript at gmail dot com

Active Directory User which can Create a User but not Allowed to Enable Disabled Users

Hi Guys, we have a requirement to create a User Group in Active Directory which will grant its members permission to 'Create Users' but not be allowed to 'Enable' 'Disabled Users'.
We have tried delegating control and assigning permissions by going to 'Security Tab>Advanced'.
It seems like when a group is granted permission to create users, it will also be allowed to enable, disabled users.
Kindly advise if it is possible to create a user group with permissions to 'Create Users' but not be allowed to 'Enable', 'Disabled Users'.

Hi,
According to my experience, you can assign permission with create/delete user objects. If you want to disable/enbale
a user, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority.
In general, if you just give a user group the permission to create user objects, it cannot disable or enable user accounts. Please make sure that the permission you assigned is correct and the
user group are not the member of Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory.
Best regards,
Susie

Agent "User" is not enabled for enterprise voice. Only Enterprise Voice users can receive Response Group calls.

I have standard edition Lync 2013 deployed. I have also enabled enterprise Voice for all my users.
When I try to create a response group under group tab, I add the enterprise voice enabled users to the group and click on commit I get this warning:
Agent "User" is not enabled for enterprise voice. Only Enterprise Voice users can receive Response Group calls.
This is clearly a glitch since the users are already enabled for enterprise voice. Has anyone come across this issue before?
Thanks

Have you tried restarting the Response Group service? Are you able to add any EV enabled users to this RGS?
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Lync Sorted blog

LAN was down ie Users are not getting ip from DHCP server after enabling DHCP snooping

Hi All ,
Enclosed file has network connectivity diagram.
1. L3 vlan's ie 2,3,4,5 and 6 are configured on ACC-CR1 and ACC-CR2.
2.Trunk is configured between Core switches ( CR1 and CR2) and access switches .VTP mode is transparent on all switches.L2 vlans are configured on all access switches.
3.DHCP is server is located at different location and is reachable over MPLS.
Without enabling dhcp snooping , users connected to access switches (Sw1,sw2,sw3 and Sw4 ) are getting ip address from DHCP server without any problem and everything is working fine.
But users connected to Sw3 and Sw4 are getting ip address from rouge DHCP server which is not pingable from any one of the switch.
So we have configured DHCP snooping for all vlan's on CR1 , CR2 , SW3 and SW4 and "trusted uplink ports" which are connected to WAN routers from CR1 and CR2 and also "trusted uplink ports " of Sw3 and Sw4 which are connected to CR1 and CR2.
As soon we have enabled DHCP snooping and trusted respective uplink ports , users are not getting ip address from remote DHCP server and even users connected to Sw1 and SW2 are facing same issue.
Note : DHCP snooping is not configured on SW1 and SW2.
Why users are not getting ip address from remote DHCP server as soon as we enabled dhcp snooping on Core switches and two access switches ie sw3 and sw4 ? what could have caused DHCP packets to be dropped ? Any idea would be appreciated .

Hi,
as you say: " HSRP is configured between CR1 and CR2 and Vlans are active on CR1" does it mean there are L3 intrefaces configured in each VLAN on your CR switches and ip hepler-address pointing to the remote DHCP server is configured on each of them?
I know it's difficult in a productive environment but IMHO you need to find out where are the DHCP offers dropped.
Either by enabling DHCP debugging or by capturing packets via Wireshark, e.g.
Best regards,
Milan

Hi, On opening organiser on Elements 12, I get " Online services could not be initialized. Please reinstall. Press ok to continue without online services" And I can't open Editor

'Hi, On opening organiser on Elements 12, I get " Online services could not be initialized. Please reinstall. Press ok to continue without online services" And I can't open Editor. Where do I go to to reinstall and how??
Message was edited by: Taylor Cosson

What computer operating system are you using? If Windows go to:
C:\Users\99jon\AppData\Roaming\Adobe\Online Services
Inside the Online Services folder delete the Photoshop Elements 12.0.0 folder.
Re-launch Organizer and OLS should get recreated.
N.B substitute your user name for 99jon. If you can’t find AppData you may first need to enable the showing of hidden system files.
Follow these steps to display hidden files and folders.
Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files and folders, and then click OK.

Lync Client Search - Shows Non Lync Enabled Users

What is normal behavior - out of the box - for Lync 2010 and/or 2013 for the Lync Client search. Is it to return all AD objects (or all GAL objects?) regardless if they are Lync enabled or not? There is a bit of information here an there
on this but thought I'd post my specific question to end my torture.
We are in the process of migrating users from 2010 to 2013 (backend) and we initially setup the msRTC-GroupingID to limit our search but with this migration we are planning to clear this attribute to allow a search to return
all users and I notice that in doing so I see all objects reqardless if Lync enabled or not. This is not so desirable but if it's the way it works then I will have accept and move on. I read about using ABSconfig to alter this behavior
but for some reason this won't even run for me ... crashes right away upon opening running from FE server so even if I now got it to work my trust is shot for using this.
Thanks all ...

Not sure I follow. Assume you mean "the AD users with Lync ""NOT"" enabled should not be searched.
I look at the msRTCSIP attributes and they are not set and still i see them in my Lync search. I am totally baffled by this. I use a test Lync account with the GroupingID 'not set' and I see all accounts regardless if they are Lync enabled.
The ones I see in my search, that I am expecting NOT to see, do have the msRTCSIP attributes in AD object but they all show as 'not set' as I expect they should given they are not Lync enabled.
I must be missing something here, perhaps this is a 2013 thing? I have a lab with 2010 that this doesn't seem to be happening in but it doesn't exactly replicate our production so don't want to use that as a trusted reference point going forward.
The AD msRTCSIP attributes compare across the two environments too which is even more baffling. It's not clear what it is using to present NON enabled users in the Lync search.

Chat user is not getting message from the other users

In my application when user [A] initiate the chat with user[B] , I am facing following issues
-          User[B] is not getting initiation notification so that I am unable to open chat pod for user [A] on user[B] application
-          Due to above problem , User[B] not getting any message sent by the User[A]
-          User[A] can send only one message and it is displayed on simple chat pod
when User[A]tries to send more then one message it is not displayed on simple chat pod but on the console I can see the messages
following is sample code
public function connectChat() :void {
_collectionNode =
new CollectionNode();_collectionNode.sharedID = NOTIFICATION_COLLECTION_NODE;
_collectionNode.connectSession =
this.connectSession;_collectionNode.addEventListener(CollectionNodeEvent.SYNCHRONIZATION_CHANGE, onSynchronizationChange,
false, 0, true);_collectionNode.addEventListener(CollectionNodeEvent.ITEM_RECEIVE, onItemReceive,
false, 0, true);_collectionNode.subscribe();
/*** @private
* Handles the creation of a collection node if it does not already exist
protected function onSynchronizationChange(event:CollectionNodeEvent):void {
if (_collectionNode.isSynchronized) {
if (!_collectionNode.isNodeDefined(START_CHAT_LIST) && _collectionNode.canUserConfigure(connectSession.userManager.myUserID)) {_collectionNode.createNode(START_CHAT_LIST,
new NodeConfiguration(UserRoles.VIEWER, UserRoles.VIEWER, true, false, true,false, NodeConfiguration.STORAGE_SCHEME_QUEUE));}
public function connectChat() :void{
trace('connectChat');_collectionNode =
new CollectionNode();_collectionNode.sharedID = NOTIFICATION_COLLECTION_NODE;
_collectionNode.connectSession =
this.connectSession;_collectionNode.addEventListener(CollectionNodeEvent.SYNCHRONIZATION_CHANGE, onSynchronizationChange,
false, 0, true);_collectionNode.addEventListener(CollectionNodeEvent.ITEM_RECEIVE, onItemReceive,
false, 0, true);_collectionNode.subscribe();
/*** @private
* Handles the creation of a collection node if it does not already exist
protected function onSynchronizationChange(event:CollectionNodeEvent):void {
if (_collectionNode.isSynchronized) {
//Creates the nodes if they don't exist
if (!_collectionNode.isNodeDefined(START_CHAT_LIST) && _collectionNode.canUserConfigure(connectSession.userManager.myUserID)) {_collectionNode.createNode(START_CHAT_LIST,
new NodeConfiguration(UserRoles.VIEWER, UserRoles.VIEWER, true, false, true,false, NodeConfiguration.STORAGE_SCHEME_QUEUE));}
/*** Checks if a chat is going to be started with this specific user
protected function onItemReceive(event:CollectionNodeEvent):void {
var item:MessageItem = event.item;
var openChatEvent:OpenChatEvent = OpenChatEvent.ToOpenChatEvent( item.body, OpenChatEvent.OPEN_CHAT );
switch (item.nodeName) {
case START_CHAT_LIST:
trace("Starting Chat Notified");
if( openChatEvent.userId && openChatEvent.userId == this.connectSession.userManager.myUserID ){
this.dispatchEvent( openChatEvent );
if( this._collectionNode.isSynchronized )
this._collectionNode.retractItem( START_CHAT_LIST, openChatEvent.roomId );}
break;}
/*** Publishes a request for someone to join a chat
public function publishChatRequest(notificationEvent : NotificationEvent) :void {
if( this.connectSession.userManager.getUserDescriptor( notificationEvent.userID ) ){
var openChatEvent:OpenChatEvent = new OpenChatEvent( OpenChatEvent.PUBLISH_CHAT,null,notificationEvent.sharedID, notificationEvent.userNotificationList, null, notificationEvent.userID );
if( this.presenceUsers )openChatEvent.descriptors =
this.presenceUsers; _collectionNode.publishItem(
new MessageItem( START_CHAT_LIST, openChatEvent, openChatEvent.roomId ) );}
else{
Alert.show(
"User "+ notificationEvent.userID + " is not logged in.", "Publish Error" );}

A) are these methods copied twice in the code here on purpose?
   connectChat() and onSynchronizationChange is repeated in code due copy paste mistake
B) are both users subscribing to _collectionNode right away? Do each of them
get to onSynchronizationChange?
   Yes , each of them get to onSynchronizationChange
C) If you put a breakpoint in onSynchronizationChange, do you see the node
get created? Do you see it in the dev console?
Yes , it is creating a node
D) Is user B receiving an onItemReceive at all? Is user A?
Yes , it is creating a node
Now both the user getting chat message, have following issue
When user A initiate the chat with user B this action is not opening chat pod / window on user B end which shows user A has initiated chat with user B
But when user B click on user A name to initiate the chat, this action opens a chat window and user B can see message send by user A
Above scenario is not normal chat behavior in which other user gets the notification of chat . what could be the problem

User Settings not working in Calendar Express after Upgrade from 6.2 to 6.3

After Installing Patch 121657-19 the Calendar Express view seems to mix up
the default preferences with the user selected preferences.
For example let's say the user selects the green color scheme in the options panel,
at the next login to Calendar Express the user gets for the default blue color scheme
for the top frame, and the green colors for the middle frame.
This seems to randomly change for each page and even between just reloading the
page with the browser's reload button. It seems like each frame just randomly has
either the default or the selected color scheme.
This also seems to happens with the other User Preferences like "Default Initial View"
or "Default Calendar Group".
Any idea where to look to figure this out is greatly appreciated.

mwohlf wrote:
After Installing Patch 121657-19 the Calendar Express view seems to mix up
the default preferences with the user selected preferences.I hit the same issue with a 6.2->6.3 upgraded system and a fresh 6.3 installation. A quick search didn't reveal any pre-existing bugs nor could I find any obvious problems delving into the xsl code -- please log a Sun support case to have this issue looked into further. Please note that in 6.3 calendar express is a deprecated interface so you should be making every effort to move to UWC/CE anyway.
Regards,
Shane.

Security error - User is not allowed to execute Proces - Resolved

Enabled security on my domain by editing message-handlers.xml :
<inbound-flow>

<message-handler id="security" />
</inbound-flow>
commented out <property id="SecuredProcesses" > .. </property> to apply security to all processes.
Now when I initiate process through BPELConsole I tick the WS-Security and use bpeladmin/welcome1 as credentials (I'm logged into console as this), I get the following error. In fact I get the very same error if I make up a username/password.
<2007-10-24 08:17:41,343> <ERROR> <archi2.collaxa.cube> <BaseCubeSessionBean::lo
gError> Error while invoking bean "delivery": [com.collaxa.cube.engine.handlers.
HandlerInvocationException: Error while invoking inbound message handler.
An error has occurred while attempting to invoke the inbound message handler cla
ss "class com.collaxa.cube.security.Authenticator" for the message "". The exce
ption reported was: User is not allowed to execute Proces, User[true] process [f
alse]
ORABPEL-02175
In bpel.xml of the process itself I have this:
<?xml version = '1.0' encoding = 'UTF-8'?>
<BPELSuitcase>
<BPELProcess id="SQTest2" src="SQTest2.bpel">
<partnerLinkBindings> ....snip...
</partnerLinkBindings>
<preferences>
<property name="user" encryption="plaintext">bpeladmin</property>
<property name="pw" encryption="plaintext">welcome1</property>
</preferences>
</BPELProcess>
</BPELSuitcase>
If I don't supply username/password then I get "Could not apply security [No username provided, security expects user]" which sounds right enough.
I'm using the default authentication scheme system-jazn-data.xml and using 10.1.3.3 patchset on linux.

My own fault, putting user credentials in wrong place in bpel.xml:
<?xml version = '1.0' encoding = 'UTF-8'?>
<BPELSuitcase>
<BPELProcess id="SQTest2" src="SQTest2.bpel">
<partnerLinkBindings> ....
</partnerLinkBindings>
<configurations>
<property name="user" encryption="plaintext">bpeladmin</property>
<property name="pw" encryption="plaintext">welcome1</property>
</configurations>
</BPELProcess>
</BPELSuitcase>

TACACS enable password is not working after completing ACS & MS AD integration

Enable password for (Router, Switches) is working fine if identify source is "Internal Users", unfortunately after completed the integration between ACS to MS AD, and change the Identity source to "AD1" I got the following result
1. able to access network device (cisco switch) using MS AD username and password via SSH/Telnet.
2. Enable password is not working (using the same user password configured in MS AD.
3. When I revert back and change the ACS identity source from "AD1" to "Internal Users" enable password is working fine.
Switch Tacacs Configuration
aaa new-model
aaa authentication login default none
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting exec ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
aaa authorization console
aaa session-id common
tacacs-server host 10.X.Y.11
tacacs-server timeout 20
tacacs-server directed-request
tacacs-server key gacakey
line vty 0 4
session-timeout 5
access-class 5 in
exec-timeout 5 0
login authentication ACS
authorization commands 15 ACS
authorization exec ACS
accounting commands 15 ACS
accounting exec ACS
logging synchronous
This is my first ACS - AD integration experience, hoping to fix this issue with your support, thanks in advance.
Regards,

Hi Edward,
I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
Note:
I also attached here the captured screen and debug result for the "shell profiles"

ADCS Enable User is not getiing Initiated

Similar Messages

Maybe you are looking for