Agents in Active Directory 9.1.0.2
Hi experts,
I've installed OIM AD Connector 9.1.1.7 in OIM 9.1.0.2 and after a lot os issues it is working sucessfully using SSL. Now, I need to integrate with OIM solution some VB Scripts that I have to run before and after provisioning process.
Please, help me on that. What should I do here?
cheers,
ok, let me try here:
Solution called Remote Manager: Basically Remote managers are employed when Oracle Identity Manager needs to perform some function with this third-party application. And this Remote Manager configuration enables OIM to communicate with a remote application that is either non-network-aware or is network-aware. Basically it is not located on OIM server.
Steps:
1 – Install Remote Manager
1.1-Follow the installation for Remote Manager. It's similar in a Windows or Linux server.
1.2-Linux: run the script “install_rm.sh” ; Windows: run “setup_rm.exe”.
2 – Configure and Start the Remote Manager
2.1-Modify $REMOTE_MANAGER/config/xlconfig.xml and change the entry “false” to “false“.
2.2- Linux: run the script “$REMOTE_MANAGER/remotemanager.sh” ; Windows: run “%REMOTE_MANAGER%\remotemanager.sh”.
3 – I will suggest you to create a New Resource to Test the Remote Manager
3.1-Create a new IT Resource of type “RemoteObject” and add the Remote Manager IT Resource in the “Remote Manager” field.
3.2-Create a jar file, “rm.jar” with the class above. Whith this jar, copy it to the JavaTask directory in OIM and Remote Manager installations.
4 – Testing Remote Manager
The new resource can now be requested or manually provisioned to users.
After finished, the logs in the Remote Manager should show that the method (create java code) has been invoked.
TIPS(not forget):
Make changes to enable RMI(such as rmi://host:RMI Registry Port/service name.)
Create another ITResource in OIM to enable Remote Manager, eg: Service Name: RManager and URL: //host:RMI Registry Port
hope this helps,
Thiago L Guimaraes
Similar Messages
-
Failover agents who work with active directory integration
Hi Guys,
I have implemented 'Active Directory' failover in SCOM. But what i see is that it doesn't work.
The agents are assigned by AD, but the first (RMS Role) management server has got all the agents and is to busy and
has got many problems to handle all the load. Even with this case nothing is failing over.
A few i could failover with hand, but the most i cannot because 'change primary management' server is blanked out. Even with the agents turned back from manuel to automatic (blog Kevin Holman).
1. Has anybody got any idea of getting the AD failover to work automatic?
2. Has anybody got a workaround to do this manual, by powershell (SCOM 2012 R2 cmdlets), bypassing the grayed out 'Change primary management server?
3. In my failover screen is see the management servers + the internet DMZ gateway server. I don't want to failover to the internet DMZ Gateway server. Can i delete this?
Please have a look at my specific question. I did read many blogs who are based on powershell without AD integration or AD integration without explaining how the automatic failover works.
Kind regards,
AndréHi,
SCOM windows agents automatic failover does not require AD integration or PowerShell scripting or Configuration Manager or manual agents installation specially for small to medium environment and agents distribution between different SCOM management servers
can be accomplished through push agents wizard, and windows agents failover can be simply verified from event viewer.
Please refer to the below links for more details:
How to Use Active Directory Domain Services to Assign Computers to Management Servers
http://technet.microsoft.com/en-us/library/hh212712.aspx
OpsMgr AD Integration - how it works
http://blogs.msdn.com/b/steverac/archive/2008/03/20/opsmgr-ad-integration-how-it-works.aspx
Regards,
Yan Li
Regards, Yan Li -
Hi, can anyone help me troubleshoot the following please:
Active Directory Security Group Discovery Agent reported warnings for 524 object(s). DDRs were generated for 0 object(s) that had warning(s) while reading non-critical properties. DDRs were not generated for 524 object(s) that had warnings while reading
critical properties.
Possible cause: OU name or Security Group name may contain at least a Unicode character which has conversion problem between Unicode and your system ANSI locale(e.g. Korean characters in English System Locale). The site server might not have access to
some properties of this object. The container specified might not have the properties available.
Solution: Please verify the Active Directory schema for properties that are not replicated or locked. Refer to the discovery logs for more information.
Does the error relate to 524 security groups? There are several invalid search paths listed in adsgdis.log, are these related?
Thanks,
DaleYou'll have to examine the log to determine exactly which objects its referring to. Although this is in the context of group discovery, group discovery still creates DDRs for computer objects within those groups so it could be either groups or computers.
This is not a search path issue though as it's clear that the discovery process found 524 different objects, but as stated, it could not properly read criticial properties of those objects and thus did not create DDRs for them.
As mentioned, reading the log in detail will list the objects individually and the reason it could not create a DDR for it.
Jason | http://blog.configmgrftw.com -
CCE Web Administration - Active Directory issue when managing agent attributes
I am experiencing an issue when managing agents (supervisors specifically) in CCE Web Admin. When attempting to add / remove / modify an Attribute for a supervisor agent we are getting an error that the supervisor must have a valid active directory account. (Screenshot attached) The agents that this is affecting are correctly configured in ICM as a supervisor and ICM was able to successfully move their AD account into the 'Config' AD Security Group. From looking at the logs on the AWS it appears that the Web Admin tool is attempting to lookup their account in AD via UPN by appending their username to the domain name.
Log Snippet:
exception=com.cisco.ccbu.api.jaxb.error.ApiException: supervisorUserInfo.userName: Could not find user. Check if a domain account exists for [email protected]
This isn't going to work for some users in our account because we have multiple suffixes in our domain. (Our domain is a single forest and I'm not aware of a requirement to have a single suffix.)
I'm curious why it wouldn't use samaccountname which is what I believe ICM Configuration Manager is using. Has anyone else experienced this issue?Lo and behold, my AD sync started working.
Though I have added the site to my local intranet sites, I'm not very confident whether this was the actual solution. I've performed several actions configuring my farm before I started troubleshooting this issue again, so it might be another action that
solved this.
Alemaitre: can you try the following please:
See if the SharePoint Web Service site is started in IIS. If not, start it, see if that works.
Instead of adding the site to your Trusted Sites, try Local Intranet Sites (click Advanced to add sites besides using auto-discovery)
Turn the Security Level for the zone all the way down.
Turn off Compression for your site in IIS, do an iisreset, see if that works.
I've also had to remove a host header from my MySite portal (running on port 8080 here), unlikely for this to be the cause but it's just one of the things I did this morning :-)
Should I think of anything else, I'll let you know.
Bonne chance. -
Monitoring Microsoft Windows 2008 Active Directory by a remoted Agent
Oracle documentation (E14542-01) said that for remote Agent monitoring with default settings, Grid Control can monitor only the Active Directory associated with the primary domain controller.
But for Microsoft Windows 2008 Active Directory primary domain doesn't exist anymore, can we use a remote Agent to monitor Microsoft Windows 2008 Active Directory ?
Thanks
DominikDominik wrote:
Oracle documentation (E14542-01) said that for remote Agent monitoring with default settings, Grid Control can monitor only the Active Directory associated with the primary domain controller.
But for Microsoft Windows 2008 Active Directory primary domain doesn't exist anymore, can we use a remote Agent to monitor Microsoft Windows 2008 Active Directory ?I think , you can monitor it . Please check :
Oracle Enterprise Manager Grid Control Certification Checker [ID 412431.1]
How to Install the Microsoft Active Directory Plugin for Grid Control R2 [ID 359621.1]
Regards
Rajesh -
Event ID 31138 "during the active directory update not -uc enabled agents were found"
Hi All,
I have Lync standard 2013 server on-premise and Exchange Office 365. I have enabled my users for Voice.
When I add a user to a response group I get the warning that the user is not enterprise voice enabled. This is strange as the user is enterprise enabled and can make and receive calls.
I also have Event ID 31138 on my Front End server.
"during the active directory update not -uc enabled agents were found
The following agents are specified as agents but are not UC enabled:
sip:[email protected]"
Any thoughts?Hi,
Did you change the default SIP Domain before?
If yes. You may need to remove agent from database. As the agents of a Response Group are added to the rgsconfigdatabase, within the database you will find a table called dbo.Agents. When open it you will see an overview of theagents which are member
of the groups. You can do the following steps to remove an agent from this table:
Right click on the dbo.Agents table and select the option Edit Top 200 rows
Search for the user and remove the specific record.
More details:
http://troubleshootinglync.blogspot.com/2013/05/event-id-31137-unable-to-removeadd.html
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Context Directory Agent maps the Active Directory Anti-Virus user
Hi,
Today I was able to join a couple of CDA's to our Active Directory domain (2008 R2 DC's) using a non-privileged account and the CDA maps (most) users to IP addresses.
I would like to use the CDA solely for building up firewall policies based on AD details whenever possible
as maintaining granular firewall policies on 8 different ASA's is too time consuming as we are not a large IT organization.
But, after deploying the first "AD Group" based rule, it turned out, that the AD user-account mapped to the IP address of my PC was actually a domain user, running the local anti-virus engine, and not my own.
It makes total sense that the the anti-virus user is logged on to the PC before any user, so it can do "its thing",
but my own user-account is never mapped.
CDA was able to map certain users to an IP address, even though the anti-virus user is actually logged on to the PC before them.
Has anyone deployed Identity Based Firewalling and experienced something which resembles this scenario and were you able to do any workarounds?
I looked into filtering out the logon events (for the Sophos user-account) from the Windows Security logs,
so the CDA will not be able to map these, but it seems a bit far fetched, and would probably violate a security policy or two :)
Cheers, Søren Elleby SørensenI opened a case and they refer me to bug CSCun10631.
(CDA doesn't support 2012R2).
the good news is that a new patch (3) should be release this month (July) and will include support. -
ACS Express integration with Active Directory
Hello,
I have ACS Express version 5.0.1 installed on Cisco ADE; I'm trying to get it integreated with an Active Directory without sucess.
I did packet captures on the ASA that is in between and I can see communication going thru just fine. I ran a diagnostic on the ACS express and got this:
DIAGNOSTIC USING THE IP ADDRESS OF THE DOMAIN CONTROLLER:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Output of AD Domain Diagnostics:
IP Diagnostics
Local host name: he-zfm-acs-01
Local IP Address: 172.31.67.10
Not found in DNS!Make sure it is in Reverse Lookup Zone.
FQDN host name:he-zfm-acs-01.clarocr.americamovil.ca1
Domain Diagnostics:
Domain: 172.24.2.93
Subnet site:
WARNING! Unable to locate computer's subnet site in Active Directory.
Ask your Active Directory administrator to add this computer's subnet
to the appropriate site.
DNS query for: _ldap._tcp.172.24.2.93
Found no SRV records!
Computer Account Diagnostics
Not joined to any domain
AD Agent Process Status: Not joined to any domain
DIAGNOSTIC USING THE AD REALM:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Output of AD Domain Diagnostics:
IP Diagnostics
Local host name: he-zfm-acs-01
Local IP Address: 172.31.67.10
FQDN host name:he-zfm-acs-02.clarocr.americamovil.ca1
Domain Diagnostics:
Domain: CLAROCR.AMERICAMOVIL.CA1
Subnet site: TELECOM
DNS query for: _ldap._tcp.CLAROCR.AMERICAMOVIL.CA1
Found SRV records:
rom-pro-dc-03.clarocr.americamovil.ca1:389
Testing Active Directory connectivity:
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1
ldap: 389/tcp - good
ldap: 389/udp - good
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - good
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:389
Domain controller type: Windows 2003
Domain Name: CLAROCR.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Forest Name: AMERICAMOVIL.CA1
DNS query for: _gc._tcp.AMERICAMOVIL.CA1
Testing Active Directory connectivity:
Global Catalog: rom-des-dc-01.desa1sv.americamovil.ca1
gc: 3268/tcp - timeout
No TCP LDAP response, giving up on rom-des-dc-01.desa1sv.americamovil.ca1
Global Catalog: rom-amv-dc-02.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-tlc-dc-01.telecom.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-pro-dc-03.clarocr.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-tlc-dc-02.telecom.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-amv-dc-01.americamovil.ca1
gc: 3268/tcp - good
Domain Controller: rom-amv-dc-02.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-tlc-dc-01.telecom.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: TELECOM.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: CLAROCR.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-tlc-dc-02.telecom.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: TELECOM.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-amv-dc-01.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Forest Name: AMERICAMOVIL.CA1
Computer Account Diagnostics
Not joined to any domain
AD Agent Process Status: Not joined to any domainDennis,
TIme in sync on the ACS and AD servers?
Faisal -
Looking for successful auth debug between cisco 1113 acs 4.2 and Active Directory
Hello,
Does anyone have a successful authentication debug using cisco 1113 acs 4.2 and Active Directory? I'm not having success in setting this up and would like to see what a successful authentication debug looks. Below is my current situation:
Oct 6 13:52:23: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:23: TPLUS: processing authentication start request id 444
Oct 6 13:52:23: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:23: TPLUS: Using server 110.34.5.143
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 26 (0x1A)
Oct 6 13:52:23: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:23: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:23: T+: user:
Oct 6 13:52:23: T+: port: tty515
Oct 6 13:52:23: T+: rem_addr: 10.10.10.10
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:23: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
Oct 6 13:52:23: T+: msg: Username:
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:23: TPLUS: Received authen response status GET_USER (7)
Oct 6 13:52:30: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:30: TPLUS: processing authentication continue request id 444
Oct 6 13:52:30: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 15 (0xF)
Oct 6 13:52:30: T+: AUTHEN/CONT msg_len:10 (0xA), data_len:0 (0x0) flags:0x0
Oct 6 13:52:30: T+: User msg: <elided>
Oct 6 13:52:30: T+: User data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE: wrote entire 27 bytes request
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:30: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
Oct 6 13:52:30: T+: msg: Password:
Oct 6 13:52:30: T+: data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:30: TPLUS: Received authen response status GET_PASSWORD (8)
Oct 6 13:52:37: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:37: TPLUS: processing authentication continue request id 444
Oct 6 13:52:37: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:37: T+: AUTHEN/CONT msg_len:11 (0xB), data_len:0 (0x0) flags:0x0
Oct 6 13:52:37: T+: User msg: <elided>
Oct 6 13:52:37: T+: User data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE: wrote entire 28 bytes request
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 33bytes data)
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 45 bytes response
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 33 (0x21)
Oct 6 13:52:37: T+: AUTHEN/REPLY status:7 flags:0x0 msg_len:27, data_len:0
Oct 6 13:52:37: T+: msg: Error during authentication
Oct 6 13:52:37: T+: data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:37: TPLUS: Received Authen status error
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: timed out
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: No sock_ctx found while handling request timeout
Oct 6 13:52:37: TPLUS: Choosing next server 101.34.5.143
Oct 6 13:52:37: TPLUS(000001BC)/1/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:37: TPLUS(000001BC)/46130160: releasing old socket 0
Oct 6 13:52:37: TPLUS(000001BC)/1/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:49: TPLUS: processing authentication start request id 444
Oct 6 13:52:49: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:49: TPLUS: Using server 172.24.5.143
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 26 (0x1A)
Oct 6 13:52:49: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:49: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:49: T+: user:
Oct 6 13:52:49: T+: port: tty515
Oct 6 13:52:49: T+: rem_addr: 10.10.10.10
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 43bytes data)
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 55 bytes response
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 43 (0x2B)
Oct 6 13:52:49: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
Oct 6 13:52:49: T+: msg: 0x0A User Access Verification 0x0A 0x0A Username:
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Received authen response status GET_USER (7)
The 1113 acs failed reports shows:
External DB is not operational
thanks,
jamesHi James,
We get External DB is not operational. Could you confirm if under External Databases > Unknown User Policy, and verify you have the AD/ Windows database at the top?
this error means the external server might not correctly configured on ACS external database section.
Another point is to make sure we have remote agent installed on supported windows server.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289013
Also provide the Auth logs from the server running remote agent, e.g.:-
AUTH 10/25/2007 15:21:31 I 0376 1276 External DB [NTAuthenDLL.dll]:
Attempting Windows authentication for user v-michal
AUTH 10/25/2007 15:21:31 E 0376 1276 External DB [NTAuthenDLL.dll]: Windows
authentication FAILED (error 1783L)
thanks,
Vinay -
Active Directory not replicating from SBS 2003 to Server 2008 R2 Standard
I have an old SBS 2003 server and am migrating to a 2008 R2 server. I followed this guide:
http://demazter.wordpress.com/2010/04/29/migrate-small-business-server-2003-to-exchange-2010-and-windows-2008-r2/
I followed the guide (except the exchange stuff, because they are moving from exchange to Google apps for business) and everything went fine.
I removed the sbs from Domain controller status (dcpromo'ed it out) and everything seemed to go fine. I haven't turned off the old server yet, because they are still using it for a couple of other unrelated applications.
After I did this I added new computers to active directory, but they only showed up on the active directory on the old sbs (I think something went wrong when I too the old sbs out of domain controller status).
I ran dcdiag on the new server and this is the result:
Time Generated: 01/10/2014 14:57:56
Event String:
The SiSRaid4 service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 01/10/2014 14:57:56
Event String:
The stexstor service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 01/10/2014 14:57:56
Event String:
The vhdmp service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 01/10/2014 14:57:56
Event String:
The vsmraid service failed to start due to the following error:
A warning event occurred. EventID: 0x8000001D
Time Generated: 01/10/2014 14:58:00
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
An error event occurred. EventID: 0x0000164A
Time Generated: 01/10/2014 14:58:20
Event String:
The Netlogon service could not create server share C:\Windows\SYSVOL
\sysvol\PIIKANIPW.local\SCRIPTS. The following error occurred:
An error event occurred. EventID: 0xC0001B58
Time Generated: 01/10/2014 14:58:21
Event String:
The Qntm3520 service failed to start due to the following error:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 14:58:36
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
A warning event occurred. EventID: 0x00002724
Time Generated: 01/10/2014 14:58:40
Event String:
This computer has at least one dynamically assigned IPv6 address.For
reliable DHCPv6 server operation, you should use only static IPv6 addresses.
A warning event occurred. EventID: 0x800013B8
Time Generated: 01/10/2014 14:58:49
Event String:
The application '/tmsWebAgent' belonging to site '1' has an invalid
AppPoolId 'Classic .NET AppPool' set. Therefore, the application will be ignore
d.
A warning event occurred. EventID: 0x80003BC4
Time Generated: 01/10/2014 15:01:53
Event String:
SSL Certificate Settings deleted for Port : 0.0.0.0:50106 .
A warning event occurred. EventID: 0x80003BC5
Time Generated: 01/10/2014 15:01:53
Event String:
SSL Certificate Settings created by an admin process for Port : 0.0.
0.0:50106 .
An error event occurred. EventID: 0xC0001B7A
Time Generated: 01/10/2014 15:01:59
Event String:
The TMS Print Agent service terminated unexpectedly. It has done th
is 1 time(s).
A warning event occurred. EventID: 0x0000000C
Time Generated: 01/10/2014 15:02:00
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
An error event occurred. EventID: 0x0000165B
Time Generated: 01/10/2014 15:02:34
Event String:
The session setup from computer 'PK-PC1' failed because the se
curity database does not contain a trust account 'PK-PC1$' referenced by t
he specified computer.
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:03:37
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
A warning event occurred. EventID: 0x000727AA
Time Generated: 01/10/2014 15:04:01
Event String:
The WinRM service failed to create the following SPNs: WSMAN/PKDC01.
PIIKANIPW.local; WSMAN/PKDC01.
A warning event occurred. EventID: 0x80003BC4
Time Generated: 01/10/2014 15:06:54
Event String:
SSL Certificate Settings deleted for Port : 0.0.0.0:50106 .
A warning event occurred. EventID: 0x80003BC5
Time Generated: 01/10/2014 15:06:54
Event String:
SSL Certificate Settings created by an admin process for Port : 0.0.
0.0:50106 .
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:08:37
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x000016AD
Time Generated: 01/10/2014 15:13:21
Event String:
The session setup from the computer PK-PC1 failed to authentic
ate. The following error occurred:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:13:38
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:18:39
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:20:28
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000457
Time Generated: 01/10/2014 15:20:33
Event String:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:23:39
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:28:40
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:33:41
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:38:41
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved.
......................... PKDC01 failed test SystemLog
Starting test: VerifyReferences
......................... PKDC01 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : PIIKANIPW
Starting test: CheckSDRefDom
......................... PIIKANIPW passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... PIIKANIPW passed test CrossRefValidation
Running enterprise tests on : PIIKANIPW.local
Starting test: LocatorCheck
......................... PIIKANIPW.local passed test LocatorCheck
Starting test: Intersite
......................... PIIKANIPW.local passed test Intersite
I also noticed that the SYSvol share on the new server is empty and the NETLOGON share doesn't exist.
Please help! Thanks.Hi,
Do you currently have any relevant errors in your System or Application logs?
Seems like the replication is not successfully.
An SBS server shouldn't shut down upon detecting the existence of another DC as that's a fully supported scenario.
Regards.
Vivian Wang -
MBAM bitlocker-protected removable drives recovery keys saved on sql database not active directory
Hi Guys
I need help in saving bitlocker protected removable drives on the sql database instead of active directory .
I have tried to play around with the policy and I am not winning , currently my GPO : Choose how bitlocker-protected removable drives can be recovered has only the allow data recovery agent chosen and I have left out all the AD DS option unticked
Please point me in the right direction on how to achieve this , I want all my keys in a SQL database so the users can recover the keys themselves using the mbam helpdesk websiteUnder client management, define your endpoint URLs. You can see the help and the description section for that particular policy. Copy and paste the URL removing the port number and replace the name of the Server with that of your MBAM Web server.
Also, Disable or don't configure the policy "Choose how bitlocker protected removable Drives can
be recovered".
This will save your recovery keys to the MBAM DBs.
Gaurav Ranjan -
I've several apex applications that use LDAP (Active Directory) authentication. I don't need any bind DN - a generic AD account allowed for querying LDAP information - at all in order to authenticate users. I heard that OBIEE does require a bind DN with password for LDAP integration. Why does this happen? Isn't this just like giving out an administrator account to query account information? Is it a good practice for OBIEE to use bind DN at all?
Thanks.
AndyYes. If you are having problems adding agents to your master when they are in different domains, I have found two ways to fix this.
1. On the master, add the agent server's domain to the "Append these DNS suffixes" box in the advanced TCP/IP settings under the Local Area Connection Properties.
2. In the Tidal console, open the Connection Definition box for the problem agent, click the Connection tab, and in the Machine Name field, enter the fully qualified server name, for example: server01.companyname.com. Also make sure that there is no firewall blocking traffic on port 5912 between the two domains.
Hope that helps! -
SAP ECC 6.0 / Active Directory Password synchronization
Hello,
We have a need to synchronize our users Windows passwords (AD) to our SAP systems (ECC 6.0, BW 3.5, and SCM 5.0). We do not use CUA and currently do not use a Portal and are not looking at doing SSO. We simply want to have one repository (AD) that will manage passwords for our Windows apps as well as our SAP systems. So far, we have not found a way to do this. SAP Note 603208 says this kind of synchronizing is not possible due to encryptions, among other things. However, we did find a white paper that stated the following:
~snip
<i>The Management Agents delivered with MIIS generally support password management: <b>they can take a password from some source (either from a user password change from the Windows interface, or from a self-service web-based password reset interface) and can set the same password in the various connected systems</b>. The Management Agent developed by Oxford is no exception. To change a password in an R/3 System the Susr_User_Change_Password_Rfc function can be used, but this is only possible if the old password is known and the SAP system allows the password change for this user. In cases where the old password is not known (for example the setting of an initial password) the password can be reset using the BAPI_User_change function.</i>~snip
Does anyone have any information on how we can achieve the password synchronization between Active Directory and Abap-based SAP Systems?
I very much appreciate your time and help.
PaulPaul,
You can achieve this using "common authentication". Since Active Directory uses Kerberos, if you allow your SAP systems to support Kerberos authentication as well, then you will be able to logon to Windows workstation, and use the Kerberos credentials issued by Active Directory during this logon to log the user onto SAP.
This is common, and easy to acheive. You need to use the SNC capability which is provided in SAP GUI and also in SAP ABAP engine, and you also need a GSS-API library for both workstations and for the SAP servers that implements the Kerberos protocol. If your SAP server is running on Windows Servers then you can get this GSS-API library from SAP, but if (like many companies) you are running SAP ECC, BW, SCM etc. on UNIX or Linux servers then you need to license a third-party product which provides the GSS-API library etc. I represent a vendor (CyberSafe) that provides this exact product, but you can also find other vendors by looking on SAP partner website, under SNC certified products list. If you want to find out more about our product, please ask me offline by getting my email address from my business card.
I hope this helps. Of course, if there are any questions for me related to this which are appropriate for public viewing then please ask them via this forum instead of via email.
Regards,
Tim -
Active Directory Trusted Recon ends with NullPointerException
Hi,
I have installed OIM 11.1.2.2.0 and AD connector version: ActiveDirectory 11.1.1.6.0. when i run "Active Directory Group Lookup Recon", I can see the groups created in "Lookup.ActiveDirectory.Groups". But when I tried to do "Active Directory User Trusted Recon" OIM given below error. I attached ITResource and Scheduler configurations.
Any help is greatly appreciated.
[2015-04-29T21:20:40.816+05:30] [oim_server1] [ERROR] [] [] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: eefe7b19b2a021e0:6c7958f0:14d05d5c757:-8000-000000000000009d,0] [APP: oim#11.1.2.0.0] [DSID: 0000Ko5qWtjFW7WFLz6UOA1LGFhL000004] Failed to communicate with any of configured Access Server, ensure that it is up and running.
[2015-04-29T21:20:40.863+05:30] [oim_server1] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: eefe7b19b2a021e0:6c7958f0:14d05d5c757:-8000-000000000000009d,0] [APP: oim#11.1.2.0.0] [DSID: 0000Ko5qWtjFW7WFLz6UOA1LGFhL000004] [[
java.lang.NullPointerException
at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:89)
at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:123)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1277)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3069)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.receiveEvent(LookupActor.java:3056)
at oracle.iam.consoles.faces.mvc.canonic.Model.handleIntent(Model.java:975)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doHandleIntent(Controller.java:533)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:204)
at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:748)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:93)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:371)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:97)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:104)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:93)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:371)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:97)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:98)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:957)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:427)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:112)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)I believe suddenly after running use cases related with target recon, you are trying to run trusted recon.
Make sure you update the following value in IT Resource whenever u run it for trusted recon:
Configuration Lookup
This parameter holds the name of the lookup definition that stores configuration information used during reconciliation and provisioning.
If you have configured your target system as a target resource, then enterLookup.Configuration.ActiveDirectory.
If you have configured your target system as a trusted source, then enterLookup.Configuration.ActiveDirectory.Trusted.
Default value: Lookup.Configuration.ActiveDirectory
http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm#BABGFCFE
~J -
Active directory Webservice error
I have installed and configured the active directory authentication webservice. I get the following error when I try to synchronize. Does anybody know the reason for the error?
Apr 28, 2006 11:35:13 AM- Sync Agent is processing memberships.
Apr 28, 2006 11:35:13 AM- ERROR: Authentication source sync agent failed to synchronize user and group memberships to parent group '9fa1505c-7ece-4f55-8d7a-76fa78684605' (ID=276).
*** Exception was: com.plumtree.server.impl.soap.OpenSoapException: Error in function AWSProvider.GetMembers (sUniqueGroupName == '9fa1505c-7ece-4f55-8d7a-76fa78684605'): Error in function SOAPEnvelope.Restore (arrayText == [B@23bdd1): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.So
ap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:622)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessSingleGroupMemberships(PTAuthSourceAgent.java:3599)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessMemberships(PTAuthSourceAgent.java:2203)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.PerformOperation(PTAuthSourceAgent.java:330)
at com.plumtree.automationserver.shell.PTJobShell.perform(PTJobShell.java:628)
at com.plumtree.automationserver.shell.PTJobShell.runJob(PTJobShell.java:210)
at com.plumtree.automationserver.shell.PTJobShell.run(PTJobShell.java:100)
Caused by: com.plumtree.server.impl.soap.OpenSoapException: Error in function SOAPEnvelope.Restore (arrayText == [B@23bdd1): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.soap.SOAPEnvelope.Restore(SOAPEnvelope.java:68)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:1017)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:906)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:616)
... 6 more
Caused by: com.plumtree.server.impl.soap.Ope
nSoapException: SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.server.impl.soap.SOAPParser.LoadInternal(SOAPParser.java:681)
at com.plumtree.server.impl.soap.SOAPParser.LoadBinary(SOAPParser.java:590)
at com.plumtree.server.impl.soap.SOAPEn<i></i>I am able to import one group. The users in this group doesn't get imported, instead it imports 1 user with the same name as the group.
The following are the job logs:-
May 2, 2006 12:37:13 PM- Starting to run operations (1 total) for job 'Active Directory AS Job'. Will stop on errors.
May 2, 2006 12:37:13 PM- *** Job Operation #1 of 1: AuthSource Agent [Run as owner 'Administrator']
May 2, 2006 12:37:13 PM- Creating the Everyone In Auth Source group (if one doesn't already exist).
May 2, 2006 12:37:13 PM- **********************************************************************************
May 2, 2006 12:37:13 PM- Sync Agent is processing groups.
May 2, 2006 12:37:14 PM- **********************************************************************************
May 2, 2006 12:37:14 PM- Sync Agent is processing users.
May 2, 2006 12:37:14 PM- ActiveDirectory\Technology - Portal
May 2, 2006 12:37:14 PM- **********************************************************************************
May 2, 2006 12:37:14 PM- Sync Agent is processing memberships.
May 2, 2006 12:37:14 PM- ERROR: Authentication source sync agent failed to synchronize user and group memberships to parent group '9fa1505c-7ece-4f55-8d7a-76fa78684605' (ID=278).
*** Exception was: com.plumtree.server.impl.soap.OpenSoapException: Error in function AWSProvider.GetMembers (sUniqueGroupName == '9fa1505c-7ece-4f55-8d7a-76fa78684605'): Error in function SOAPEnvelope.Restore (arrayText == [B@44d990): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soa
p.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:622)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessSingleGroupMemberships(PTAuthSourceAgent.java:3599)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.ProcessMemberships(PTAuthSourceAgent.java:2203)
at com.plumtree.automationserver.agents.PTAuthSourceAgent.PerformOperation(PTAuthSourceAgent.java:330)
at com.plumtree.automationserver.shell.PTJobShell.perform(PTJobShell.java:628)
at com.plumtree.automationserver.shell.PTJobShell.runJob(PTJobShell.java:210)
at com.plumtree.automationserver.shell.PTJobShell.run(PTJobShell.java:100)
Caused by: com.plumtree.server.impl.soap.OpenSoapException: Error in function SOAPEnvelope.Restore (arrayText == [B@44d990): SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.openfoundation.util.XPException.GetInstance(XPException.java:371)
at com.plumtree.server.impl.soap.SOAPEnvelope.Restore(SOAPEnvelope.java:68)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:1017)
at com.plumtree.server.impl.webservice.PTWebService.Invoke(PTWebService.java:906)
at com.plumtree.server.impl.users.providers.AWSProvider.GetMembers(AWSProvider.java:616)
... 6 more
Caused by: com.plumtree.server.impl.soap.Open
SoapException: SOAP fault: faultcode='soap:Server' faultstring='System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Plumtree.Remote.ServiceException: Collection index must be in the range 1 to the size of the collection. Error in GetChildUsers
at com.plumtree.remote.auth.xp.XPSyncProvider.LogAndRethrow(IOKLogger logger, String functionName, Exception e) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 786
at com.plumtree.remote.auth.xp.XPSyncProvider.loggingGetChildUsers(IXPGroup group) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 541
at com.plumtree.remote.auth.xp.XPSyncProvider.GetMembers(String groupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\xpj2c\impl\com\plumtree\remote\auth\xp\XPSyncProvider.cs:line 429
at Plumtree.Remote.Auth.Soap.SyncProviderSoapBinding.GetMembers(String GroupID) in e:\latestbuild\Release\devkit\6.0.x\auth\src\dotnet\soap\SyncProviderSoapBinding.asmx.cs:line 208
--- End of inner exception stack trace ---'
at com.plumtree.server.impl.soap.SOAPParser.LoadInternal(SOAPParser.java:681)
at com.plumtree.server.impl.soap.SOAPParser.LoadBinary(SOAPParser.java:590)
at com.plumtree.server.impl.soap.SOAPEnv
elope.Restore(SOAPEnvelope.java:65)
... 9 more
Maybe you are looking for
-
Hi, I have a internal table in my Routine having Multiple line items. I want to print them through the Script. I want to pass the internal table line items to the output form, as we can't loop on PERFORM in the script editor. I have tried using FMs l
-
I do not know how to make this any more clear. The strange, 'squiggly' words are meant to protect a web site from computerized log ins (I think). If the words are interpreted and entered correctly, you can log in successfully. But since the strangely
-
any help would be nice!
-
Unable to read or download pdfs
When I click on a pdf file I get a white screen and the spinning color wheel, but it never displays or downloads the pdf. I have tried right-clicking and the command-click to invoke Preview but then I only get a pull-down option that says "Copy link.
-
Change of standard Structure KOMG Error
Dear All I have tried to add one extra field like MVGR1 (Material Group 1) in the KOMG structure. But it is showing an error as follows : Foreign key KOMG-RKE_WWADV (RKE_WWADV and WWMDI point to different domains) You assigned two fields from the dep