ADFS errors on single account
Hello,
A single account cannot login to O365 OWA. The ADFS server logs Event 364 " Encountered error during federation passive request" and Event 342 "Token Validation Failed" are logged.
We know the account has a good password and the account can login to the domain. The UPN matches both on-prem and in Azure. Any idea what could be the source of the problem?
Thanks!
Hi,
Thanks for the post.
Possible causes for Event ID 364:
- The time difference between the ADFS proxy and the ADFS server is too big (should be synchronized as close together as possible - manually or via Win32Time)
- The SSL certificate of either the ADFS proxy or the ADFS server is failing revocation checking on either side (standard PKI troubleshooting applies).
- The SSL certificate of either the ADFS proxy or the ADFS server is unable to chain up to a Trusted Root on either side (verify all CA certificates in the chain are installed in the personal store of the application pool service account).
Please try to reset the time on the ADFS proxy servers to match the time on the ADFS servers to check the result.
Regards.
Vivian Wang
Similar Messages
-
Adf Error while creating user in oim 11gr2
Hi All,
We are using Oracle identity Management11gr2(11.1.2.0)
After installation and configuration of oim on cluster environment. We tired to create the user, but when i clicked on create i am getting ADF Error.
DuplicateRefException. In document /oracle/iam/ui/runtime/form/view/pages/userCreateFrom.jsff there are multiple elements with same ID_xg_pf10
Error Log:
[2013-07-12T04:41:07.105-07:00] [server_oim_UAT01] [WARNING] [] [oracle.adfinternal.view.faces.lifecycle.LifecycleImpl] [tid: [ACTIVE].ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 1aa77d16a3678da4:-4fe3765c:13fd2a04a68:-8000-0000000000000313,0] [APP: oracle.iam.console.identity.self-service.ear#V2.0] ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6[[
javax.faces.FacesException: javax.servlet.ServletException: OracleJSP error:
oracle.mds.exception.MDSRuntimeException: MDS-00010: DuplicateRefException. In document /oracle/iam/ui/runtime/form/view/pages/userCreateForm.jsff there are multiple elements with the same ID _xg_pfl0.
at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:415)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:44)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:44)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:44)
at oracle.adfinternal.view.faces.config.rich.RecordRequestAttributesDuringDispatch.dispatch(RecordRequestAttributesDuringDispatch.java:44)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:45)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.dispatch(ExternalContextDecorator.java:45)
at org.apache.myfaces.trinidadinternal.context.FacesContextFactoryImpl$OverrideDispatch.dispatch(FacesContextFactoryImpl.java:268)
at com.sun.faces.application.ViewHandlerImpl.executePageToBuildView(ViewHandlerImpl.java:471)
at com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:140)
at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:191)
at org.apache.myfaces.trinidadinternal.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:193)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:979)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:408)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:237)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.view.page.editor.webapp.WebCenterComposerFilter.doFilter(WebCenterComposerFilter.java:117)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:131)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:447)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:447)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.iam.ui.platform.servletfilter.IdentityContextFilter.doFilter(IdentityContextFilter.java:51)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.iam.platform.servletfilter.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:165)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.bpel.services.workflow.client.worklist.util.WorkflowFilter.doFilter(WorkflowFilter.java:248)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.bpel.services.workflow.client.worklist.util.DisableUrlSessionFilter.doFilter(DisableUrlSessionFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:181)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:264)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:134)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: javax.servlet.ServletException: OracleJSP error:
oracle.mds.exception.MDSRuntimeException: MDS-00010: DuplicateRefException. In document /oracle/iam/ui/runtime/form/view/pages/userCreateForm.jsff there are multiple elements with the same ID _xg_pfl0.
Please help me out from this issue
Regards,
$SidTry to check which OBJ Class violation are you hitting , for example: If you have uniquemember instead of member and try to add more than one member this will be a rule violation. Eg: ADD request to an attribute that is included in an account entry because the attribute entry has been existed prior to the ADD request.
I hope this helps.
Thiago Leoncio. -
we have a windows azure server with active directory and adfs (icw Office 365)
this has worked in the past
since yesterday the services stoped working
i checked and saw it wasn't pointing to itself for dns (instead a other dc) and in the eventlog there was a meesage the password for the managed service account wasn't reset
i point the dns to 127.0.0.1 and verified it could resolve local and remote hostnames
after this i reset the managed service account password and restarted the server
i replaced the company and domain name in the logs bellow
Log Name: AD FS/Admin
Source: AD FS
Date: 8/19/2014 11:48:22
Event ID: 111
Task Category: None
Level: Error
Keywords: AD FS
User: domain\ADFS$
Computer: company-dc01.company.com
Description:
The Federation Service encountered an error while processing the WS-Trust request.
Request type: http://schemas.microsoft.com/idfx/requesttype/issue
Additional Data
Exception details:
System.TypeInitializationException: The type initializer for 'Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService' threw an exception. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(Type type, Object[] args)
at Microsoft.IdentityModel.Configuration.SecurityTokenServiceConfiguration.CreateSecurityTokenService()
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
<EventID>111</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2014-08-19T09:48:22.405647300Z" />
<EventRecordID>1021</EventRecordID>
<Correlation ActivityID="{00000000-0000-0000-1A00-0080000000C0}" />
<Execution ProcessID="3676" ThreadID="4560" />
<Channel>AD FS/Admin</Channel>
<Computer>company-dc01.company.com</Computer>
<Security UserID="S-1-5-21-2034257005-3014172703-327212626-1115" />
</System>
<UserData>
<Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
<EventData>
<Data>http://schemas.microsoft.com/idfx/requesttype/issue</Data>
<Data>System.TypeInitializationException: The type initializer for 'Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService' threw an exception. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(Type type, Object[] args)
at Microsoft.IdentityModel.Configuration.SecurityTokenServiceConfiguration.CreateSecurityTokenService()
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()</Data>
</EventData>
</Event>
</UserData>
</Event>
Log Name: AD FS/Admin
Source: AD FS
Date: 8/19/2014 11:48:22
Event ID: 364
Task Category: None
Level: Error
Keywords: AD FS
User: domain\ADFS$
Computer: company-dc01.company.com
Description:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
http://adfs.company.com/adfs/services/trust
Exception details:
System.TypeInitializationException: The type initializer for 'Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService' threw an exception. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(Type type, Object[] args)
at Microsoft.IdentityModel.Configuration.SecurityTokenServiceConfiguration.CreateSecurityTokenService()
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSsoSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
<EventID>364</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2014-08-19T09:48:22.549017600Z" />
<EventRecordID>1022</EventRecordID>
<Correlation ActivityID="{00000000-0000-0000-1A00-0080000000C0}" />
<Execution ProcessID="3676" ThreadID="4560" />
<Channel>AD FS/Admin</Channel>
<Computer>company-dc01.company.com</Computer>
<Security UserID="S-1-5-21-2034257005-3014172703-327212626-1115" />
</System>
<UserData>
<Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
<EventData>
<Data>Saml</Data>
<Data>http://adfs.company.com/adfs/services/trust</Data>
<Data>System.TypeInitializationException: The type initializer for 'Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService' threw an exception. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(Type type, Object[] args)
at Microsoft.IdentityModel.Configuration.SecurityTokenServiceConfiguration.CreateSecurityTokenService()
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSsoSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
</Data>
</EventData>
</Event>
</UserData>
</Event>Hi,
Here are some references for you:
Troubleshooting Fedpassive request failures with AD FS 2.0
http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-fedpassive-request-failures(v=WS.10).aspx
ADFS Error 364 / 111 after Windows Update KB2843639
http://social.technet.microsoft.com/Forums/lync/en-US/cb15677d-a7f5-4b47-84ae-1826252bb4ae/adfs-error-364-111-after-windows-update-kb2843639?forum=winserverDS
If the issue persists, I suggest you refer to experts from the following forum to get professional support:
Claims based access platform (CBA), code-named Geneva Forum
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
Best Regards,
Amy -
Error – SAML Single Logout request does not correspond to the logged-in session participant
We are relatively new to ADFS, having set up working rp-trusts with three partners in the last few months. Our 4th partner is proving problematic. Single sign in works, but the ADFS
responds the single logout request from the RP with a status of Requester. The ADFS event log shows
The SAML Single Logout request does not correspond to the logged-in session participant.
Requestor: https://test-sso.rp.com/fed/sp
Request name identifier: Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, NameQualifier: http://fs.idp.com/adfs/services/trust SPNameQualifier:
https://test-sso.rp.com/fed/sp, SPProvidedId:
Logged-in session participants:
Count: 1, [Issuer: https://test-sso.crmondemand.com/fed/sp, NameID: (Format: , NameQualifier:
SPNameQualifier: , SPProvidedId: )]
This request failed.
User Action
Verify that the claim provider trust or the relying party trust configuration is up to date. If the name identifier in the request is different from the name identifier
in the session only by NameQualifier or SPNameQualifier, check and correct the name identifier policy issuance rule using the AD FS 2.0 Management snap-in.
The LogoutRequest looks like this
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://fs.timken.com/adfs/ls/"
ID="id-HAScmHCfwfuYk76bce6YBfO2uOM-"
IssueInstant="2013-01-14T13:24:04Z"
Version="2.0">
. . . cert, etc. omitted . . .
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
NameQualifier="http://fs.idp.com/adfs/services/trust"
SPNameQualifier="https://test-sso.rp.com/fed/sp"
>jsmith</saml:NameID>
<samlp:SessionIndex>_df13d31b-162e-42e1-8331-f36be6bf1194</samlp:SessionIndex>
</samlp:LogoutRequest>
The session index and the username in NameID matches the Response we got from our AuthRequest. I don't know how to figure out what ADFS thinks does not match.
Any suggestions would be appreciated.
For completeness sake, the Response to AuthRequest looked like this.
<Subject>
<NameID>jsmith</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData NotOnOrAfter="2013-01-14T13:28:52.199Z"
Recipient="https://test-sso.rp.com/fed/sp/authnResponse20"
/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2013-01-14T13:23:52.183Z"
NotOnOrAfter="2013-01-14T14:23:52.183Z"
>
<AudienceRestriction>
<Audience>https://test-sso.rp.com/fed/sp</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement AuthnInstant="2013-01-14T13:10:43.826Z"
SessionIndex="_df13d31b-162e-42e1-8331-f36be6bf1194"
>Okay, here are the relevant SAML messages.
The <AuthnRequest>
<samlp:AuthnRequest ID="_ced78e65-14d2-4c4d-8417-51f664a9e2e3"
Version="2.0"
IssueInstant="2013-02-04T13:29:20.887Z"
Destination="https://fs.timken.com/adfs/ls/"
Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
>
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://fs.timken.com/adfs/services/trust</Issuer>
<Conditions xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<AudienceRestriction>
<Audience>https://test-sso.salesdemand.com/fed/sp</Audience>
</AudienceRestriction>
</Conditions>
</samlp:AuthnRequest>The AuthnRequest Response<samlp:Response ID="_890f3128-6cae-414e-8272-30cde3bda94a" Version="2.0" IssueInstant="2013-02-04T13:29:29.748Z" Destination="https://test-sso.salesdemand.com/fed/sp/authnResponse20" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://fs.timken.com/adfs/services/trust</Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:Status> <Assertion ID="_82f82c5c-2653-4e18-9308-349ebeb67743" IssueInstant="2013-02-04T13:29:29.748Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" > <Issuer>http://fs.timken.com/adfs/services/trust</Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#_82f82c5c-2653-4e18-9308-349ebeb67743"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>RxZZLlbdh5eD6Ht4+aVna3Rtbnc=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>Es8LAN9noqGIJEbgZe/...XW8LAv5Mgr3tOXpHRlcsJNss/A==</ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIFDDCCA/SgAwIB...</ds:X509Certificate> </ds:X509Data> </KeyInfo> </ds:Signature> <Subject> <NameID>mooreta</NameID> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData NotOnOrAfter="2013-02-04T13:34:29.748Z" Recipient="https://test-sso.salesdemand.com/fed/sp/authnResponse20" /> </SubjectConfirmation> </Subject> <Conditions NotBefore="2013-02-04T13:29:29.732Z" NotOnOrAfter="2013-02-04T14:29:29.732Z" > <AudienceRestriction> <Audience>https://test-sso.salesdemand.com/fed/sp</Audience> </AudienceRestriction> </Conditions> <AuthnStatement AuthnInstant="2013-02-04T13:29:29.545Z" SessionIndex="_82f82c5c-2653-4e18-9308-349ebeb67743" > <AuthnContext> <AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion></samlp:Response>The LogoutRequest<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://fs.timken.com/adfs/ls/" ID="id-uvoTioVCLdMycE88o-6CU5RrSNM-" IssueInstant="2013-02-04T13:29:57Z" Version="2.0" > <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >https://test-sso.salesdemand.com/fed/sp</saml:Issuer> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <dsig:Reference URI="#id-uvoTioVCLdMycE88o-6CU5RrSNM-"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>ZT0yQqiaL2dD2a7rt6ywJ9EoM1I=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>Z7F7zYS31y1K48FbUHevJT86+txOlPM9awlHiMNj1TiMxRAEVz1rOj2uG0oVMd7NkblkneCrE8aVtJuebdUY4Q0DAcXR8lSTuNEFocT2R6eCIwQb48xQqQMs8ZE6siPsPFMS+QAhpgDom/IY61L/.../NNxVg==</dsig:SignatureValue> <dsig:KeyInfo> <dsig:X509Data> <dsig:X509Certificate>MIIFxTCCBK2gAwIBAgIQAN+.../G6p95pNm1ZAqroUjufLeHO4q34Mx3xNyw0tmyjmWgkxY11Pa+M0gCeLOdLzxafIOXUFXOhKfOUg4Jp4S+/sCVcd9fBDPvfEHSr8uMmQC2IdQaRE7IvZdRF0OUP+l1MpRBkMsy98hPXTBK6n1ivklOxzmWie88jav8gzjWhwQC5Ia2/JNYxVBkPsNkRw86n8KBnlsumU9EV0dAeXTOaehKtG+RNnD1Gt4Y34TQccaIbf7OTLisY4kMkjZbRu3sJnX9KjM=</dsig:X509Certificate> </dsig:X509Data> </dsig:KeyInfo> </dsig:Signature> <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="http://fs.timken.com/adfs/services/trust" SPNameQualifier="https://test-sso.salesdemand.com/fed/sp" >mooreta</saml:NameID> <samlp:SessionIndex>_82f82c5c-2653-4e18-9308-349ebeb67743</samlp:SessionIndex></samlp:LogoutRequest>The LogoutRequest Response<samlp:LogoutResponse ID="_bf7199a8-3248-4201-9ca4-609bec5404d6" Version="2.0" IssueInstant="2013-02-04T13:29:59.076Z" Destination="https://test-sso.salesdemand.com/fed/sp/samlv20" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="id-uvoTioVCLdMycE88o-6CU5RrSNM-" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://fs.timken.com/adfs/services/trust</Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester" /> </samlp:Status></samlp:LogoutResponse>The ADFS Error Log EntryThe SAML Single Logout request does not correspond to the logged-in session participant. Requestor: https://test-sso.salesdemand.com/fed/sp Request name identifier: Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, NameQualifier: http://fs.timken.com/adfs/services/trust SPNameQualifier: https://test-sso.salesdemand.com/fed/sp, SPProvidedId: Logged-in session participants: Count: 1, [Issuer: https://test-sso.salesdemand.com/fed/sp, NameID: (Format: , NameQualifier: SPNameQualifier: , SPProvidedId: )] This request failed. User Action Verify that the claim provider trust or the relying party trust configuration is up to date. If the name identifier in the request is different from the name identifier in the session only by NameQualifier or SPNameQualifier, check and correct the name identifier policy issuance rule using the AD FS 2.0 Management snap-in. -
Error : Excise modvat accounts not defined for GRPO transaction and U1 exci
I have Created Impot PO, After Planned Delivery cost MIRO I am trying to Perform GR then its giving Error "Excise modvat accounts not defined for GRPO transaction and U1 excise group
Message no. 8I402"
I have already maintained GL account in "Specify G/L Accounts per Excise Transaction" for Excise group U1
This problem is coming when Additional Duty on custom condition type JADC is maintained in "Maintain Excise Defaults" node in the column "ADC Cond" . If I remove JADC condition type from this place the this error is not coming but AED column is not fetching any value while doing GR.
Please help me in this issue , still No answer
Edited by: shiwanshu singh on Jan 28, 2009 10:26 AMDear sir
For GRPO have you maintained sub transaction Type IP for your excise group U1. If you not maintained pl maintain . and assign G/L account to modvat clearing account , the G/l account should be same as company code CVD account.
Regards
jrp -
Multiple iPads on a single account?
I am a school teacher, and my principal asked me if I wanted to use iPads for a small group of students to try creating a class with alternate assignments and activities. I would like to, but how do I get multiple iPads on a single account so they can be preloaded with apps, and students can't add or remove apps?
Or, and even better scenario would be that there is a main setting with certain apps that are added and cannot be changed by the individual students, but they could create a sub-account that they could use with their own iTunes account while they have use of the iPad. When they are done with it, and we use it for a different student, it would be good to be able to wipe out the sub accounts and still have them set to the school's requirements.
Any way that is possible? If not, there is no way I would use the iPad for a class. I need to be able to control what they have at a basic level, but I don't want them tied to my personal iTunes either.Visit the iPad Educators Ning or the EdTech listserv to talk to teachers who are using the iPad in the classroom. As VT said you can't create sub-accounts or limit their controls in the manner you're describing, but you may find other options.
The real question is what kind of "alternate assignments and activities" are you planning? Ones that require or take advantage of the unique form factor of the iPad? Ones that require apps? Or ones that can be done on a laptop/desktop computer just as easily? The project should drive the equipment, ideally, not the other way around - although I do understand that when trying out a new tool one wants to look for scenarios to use it. :-) -
Hello , can you with a single account creative cloud , install on two computers ? (The one from home and one at work)
This will avoid me lugging around my mac, sorry for my english.
Margaux, photographerYes, this has been allowed with Adobe applications going back many years. A program such as Photoshop can legally be installed and activated on two computers at a time for the use of the single licensed user. You can't install legally on your own and a friend's computer for use by the two different people. Prior to Creative Cloud, there was an unwritten limit on how many times a given application could be activated, but there is no longer such a limit under CC. That means you could theoretically install on three or four computers, activating only two at a time, and then deactivating one or both before activating on another computer.
-
Getting error " Incomplete update due to error in single records"
Dear All,
We are loading data from DSO to Cube using full load and the load is failing giving an error message Collection in the source system ended and when checked the error message button it is showing as " Incomplete update due to error in single records" . and also one more message "Messages (type E) for data records with record number 0
Message no. RSM2714". Can any one tell us the reason for the failure of this load ? and how to resolve it ?.
When we click on the help button of the error message it is displaying the message as below
Incomplete update due to errors in single records --> Long text
Message no. RSM2712
Diagnosis
In the update rules, one InfoSource record was used to create several records in the data target. These records must be handled in the same way to enable tracking into the PSA and the treatment of errors in individual records.
In the previous case, one record was updated in this kind of group generated by update rules, whereas other records in the same group were rejected. If you updated the PSA data record again, the records that were already updated would be updated again. Duplicate records would appear in the data target and the data target would thus be inconsistent.
System Response
The data record with errors was highlighted in the PSA. However, no error request was generated.
Procedure
Delete the request in the data target and, after removing the error, update all records for the request to the data target again.
Regards,
JayaKrishnahi,
Can you please check out the PSA error record and check this out in Source DSO as this load is for DSO -> Cube....
Please correct it in PSA if this is not correct as per DSO ....prior correcting data in PSA pls delete the request from Cube.....then it will allow to correct or delete record in PSA and then further push data from PSA to Target Cube...
If its correct as per DSO then run load in DSO sometime few records wrongly updated by end user and they correct it by evening for Submission....So u will get the corrected record and then run manually further load to Cube...
Hope this will help....
Regards,
Mahesh -
Can a single account be logged into more than once at the same time
-
Firstly, please excuse me if this has already been asked - I tried searching for various terms but couldn't see anything.
At present we run a single account (non-admin) on our iMac G5 which holds all out families photos/music/movies etc. I'm wanting to add a MacBook to our iMac. They would communicate either wirelessly, or via an ethernet hub. We would like to fire up the laptop and log into that same account, so all that information is available (read and write) from both computers, and at the same time.
Is this possible? If so, how is it achieved. Is there some network settings that have to be made on the MacBook?
I'm aware that there will be limitations - i.e. two people won't be able to modify the same file at the same time. Also that the iMac will have to be powered up for the account to be accessed etc.
Finally, due to space considerations I'm wanting to move the home folder for our existing account onto an external FW drive (using the techniques I've found in other posts on this forum). Will this affect any solution to my original question?
Thanks for your time.When you turn on file sharing, others can see your computer in the Finder > Go > Network window, where they can click on it to see what shares are available. These can be the public folders (which don't need a password to connect), or user folders (which do). By connecting to one of the shares, they then have access to the files within them. If you don't want to use an external disk, you can use SharePoints to share folders within your account, such as Music or Pictures. Just be aware that sharing files within a user account can run into permissions issues, for example trying to edit a document owned by someone else, which is one of the reasons to use an external disk. Tiger and Leopard also support Access Control Lists, but you need to know what you are doing.
-
Error while changing Account Group for Prospective Customer
Dear All,
I am getting an error when the account group of a prospective customer needs to be changed to Sold to Party
The planned change is not allowed as the following groups would be masked by the new account group,
S Group Group Name M Group Name
V D315 Shipping 030 Rail Specifications.
Please let me know what is the reason for this error and as per my knowledge even if the no range is different for both these partner functions the system should allow me to change the account group however the earlier no given to prospective customer will still exist even if the prospective customer number is changed to sold to party please let me know otherwise.
Kind Regards
AtulHi,
Go to KOH2
Select the order by pressing F9. Now place the cursor where you want to put the order group. i.e on same level or Lower level.
Regards,
Jigar -
Error - No GL account selected for Asset account in Business partner master
Hi Experts,
Scenario - While adding A/P Invoice for Asset item, the error "Error - No GL account selected for Asset account in Business partner master Message (3518-13)
Awaiting your replies
Regards,
SidHi,
You need to map the control account of that vendor(business partner).
->Open the respective Business Partner master data
->Under accounting tab
->Under General tab
->Control accounts (will be indicated with ... button),on opening this
->You will be prompted to map the control accounts
^ Down Payment Payables
^Assets Account
^Open Debts
Here you need to map the Asset account which also must be a control account(control account option should be checked in the chart of accounts).
Pls do check in the test system,understand the behavior of this account by booking ap invoice and payment,then proceed in the live system.
Hope this is helpful -
Error in Posting Accounting Document from invoice
Hi,
When i create invoice, the system gives error while creating accounting document as,
"Tax code Y1 does not appear in any G/L account item".
In my pricing procedure. i have two tax condition types. MWST and ZSED (copy of mwst). when i delete ZSED from my pricing procedure and then i create a sales order/delivery & finally invoice...then it works fine (Accuonting document is created successfully).
i have assigned the gl accounts in vkoa. and MWST & ZSED goes to same gl account via MWS accounting key.
although i have searched the forum for this issue, but that didnt resolved my issue.
seeking your guidance.Dear Robert,
I'm having same issue as yours.
The requirement for us is if return sales in some order reason codes, then tax should be posted to different G/L other than the G/L defined in OB40(transaction MWS).
After several test, found the system only recognize the G/L in OB40, won't touch setting in VKOA. As if I delete the GL in table T030R, SAP will issue an error requesting GL assignment.
Please let me know if you have solved your issue! If yes, please share your solution!
Thanks in advance! -
Error 'Enter GL Account' while posting and invoice line item in MIRO
Hello Gurus,
I am facing a rather wierd issue.
While posting a PO invoice in Tcode MIRO, its asking to enter the GL account in line items. Everytime I am entering the GL account and pressing the enter key, it wipes off the GL account clean and gives the same error 'Enter GL account'.
It seems like this error is happening at the very first line item of the invoice. System is able to accept the GL account in 2,3,4th lines. If I delete the first line item, whatever is the first line item in that screen adapts the issue.
Any help would be great as I have no clue what to do.
ThanksHello Priyadarshini,
could you inform the error message number and it complete long text?
Regards,
Mateus Grings -
Error - G/L account 407350 requires a valid tax codeu201D.
I am getting error "G/L account 407350 requires a valid tax codeu201D, while executing F-28 transaction.
IF there are any User-exit available to resole this issue ?Rather than the use-exit, I suggest you to discuss this with configuration consultant who can make some change on the configuration and eliminate the error.
>
batramanish wrote:
> I am getting error "G/L account 407350 requires a valid tax codeu201D, while executing F-28 transaction.
> IF there are any User-exit available to resole this issue ? -
Error:G/L account missing when saving Sales order
Hi Guys,
I will appreciate your input on this.
Whenever I try to save a Standard order for a particular material I get the error"G/L account missing. I have checked all the Account assigment settings and they are correct.
I faced this issue while creating an order for downpayments.This error occurs when we use the material of the kind "make to order".
RegardsHi Pvarinder,
First please check the customer account assignment group at your sales order header level and material account assignment group at your item level.
If they are ok then go to Environment->Analysis->Account determination
As you said the entries are ok in VKOA, so my guess is I think you have some condition type which is not getting the right G/L account.
Please check and revert with your findings.
Regards,
MT
Maybe you are looking for
-
The function "Search" of iCal doesn't find (iMac)
Hello. Since a few days, the function "Search" inside iCal, on my desktop iMac, doesn't work. I get no answer or 1 or 2 occurences of a name or a word, even if , when checking by myself day by day, I find the item much more than 2 times. Though, it s
-
New version TB (31.5.0) keeps saying the group list can not be sent
After upgrading to this new version my group lists again started developing errors with a message that says something like An error occurred while sending mail. "The mail server responded: 5.5.0 <list name > invalid address. Please check the message
-
Deploying a CF app as WAR file
I'd like to package an existing ColdFusion application as a WAR file and deploy it on a J2EE server. I've been trying to test this out locally without success. If you have a magic bullet, you're disco-superfly. If you just have a suggestion for furth
-
Itunes will not install. I get the error message "Error writing to file: C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.IE.client_main.dll Verify that you have access to that directory."
-
Header pricng condition : Sales order
Hi All, I am adding a new condition type while creation of a sales order. Now my requirement is that the RATE entered against this conditon type should get copied to another conditon type as well. How can this be realized ? Awaiting a quick response.