Ap authentication/join issue

i am having issues joining new 1242LAP's to my controller.  i am receiving the follwing error on my controller:
AAA Authentication Failure for UserName:5475d01144f0 User Type: WLAN USER
username is the MAC of my new 1242LAP.  older 1242LAP's have no issue.  i have 70 of the newer ones that i have just installed and fail to join the controller with the above error message.  i'm not sure how to resolve.  any help would be appreciated.  thanks.
Brandon

Hi Brandon,
Good question.  Sounds like your WLC may be authorizing LAPs via an Auth-list or AAA.  You can view these settings here:
Web GUI --> Secuirty --> AAA --> AP Policies
If you do not wish to authorize the APs via an auth-list or AAA, simply uncheck the following option:
Authorize MIC APs against auth-list or AAA
Cheers.
Drew

Similar Messages

  • AP - WLC joining issue

    We have 3 WLC's(5500) in our network and about 150 AP's. Only 4 AP's register to 1 controller, over 70 to 2nd and about 50 to 3rd. On checking & comparing few of the AP's this is what i concluded.
    1. 4 AP's that registered to the first WLC did not have that AP in the primary, secondary or tertiary list. If it was there then it was either secondary or tertiary or the device name entered is not resolvable by DNS but the device name is correct. Management IP was not configured on any of the 4 AP's for any of the WLC's
    2. AP's registered to second and third WLC's have similar config. First WLC as Primary, Second as secondary and third Tertiary with correct DNS name in the field but wrong device name. Also all have Management IP's entered as well.
    CAPWAP Join Taken Time for 4 AP's varies from 6to10 mins while for other AP its few seconds. DNS for cisco-capwap-controller points to WLC with4 AP's. I donot see any use of option in DNS for WAP's.
    How can i make AP's join this WLC. 
    Should I get the DNS and device name discrepancy corrected? 
    What is the selection process for AP's to choose WLC, as I see AP's not joining WLC in there building but joining a WLC in other adjacent building? Is there a way for me to influence this decision?

    What is the selection process for AP's to choose WLC, as I see AP's not joining WLC in there building but joining a WLC in other adjacent building? Is there a way for me to influence this decision?
    Best way to do this is configure AP High Availability of APs with primary,secondary,tertiary WLC name & IP (both fields required). This is taking precedence over any other methods.
    http://mrncciew.com/2013/04/07/ap-failover/
    If you have AP join issue, try to configure DHCP option 43 & see if that helps
    http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html
    If this is one off case, you can try static or broadcast forwarding as a interim solution
    http://mrncciew.com/2013/03/17/ap-registration/
    http://mrncciew.com/2013/05/04/wlc-discovery-via-broadcast/
    HTH
    Rasika
    *** Pls rate all useful responses ***

  • Join issues with Multicube reports

    I experts,
    We have a Multicube M  with a Real time cube A and Basic Cube B.  Cube B was added to the Multicube recently.
    Cube A contains Phasing data ( like Forecast) for Opportunities. See some eg records below.
    Oppt PERIOD KF1
    001   001       10
    001   002       20
    001   003       30
    002   001       40
    002   002       20
    002   003       30.
    Cube B containes Opportunities and Customer ( with Nav Attr). The Customer master data looks like below. Here both TYPE and GROUP are Nav attr of Customer.
    Customer  Type  Grp
    C1            T1     G1
    C2            T2     G2
    Cube B contains records as shown below
    Oppt Customer KF2
    001   C1           100
    002   C2           300.
    Now when we ran our Report on MultiCube, we expect to see below 
    Oppt Period Customer Type Grp KF1
    001     001       C1        T1    G1   10
    001     002       C1        T1    G1   20
    001     003       C1        T1    G1   30
    002     001       C2        T2    G2   40
    002     002       C2        T2    G2   20
    002     003       C2        T2    G2   30.
    But in place Customer, Type, Grp, we get 'Not assinged" .
    I have checked teh identification for all KFs and Chars, they are identified.
    Can anyone help??
    Thanks,
    DV

    Can you check for the data inside the infoproviders in the cubes with the manage option. It possible when the grouping is not done properly. Check for the Master date entry of the customer. I dont think its because of the join issue..
    Good Luck..
    Sandhya

  • Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

    Please excuse the lousy table...Its late :-)
    I have a multi-server SP2010 farm.  Patched up to
    Configuration database version: 14.0.6106.5002
    My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
    letter (
    http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
    IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
    Claims Auth log entries:
    1:06:25 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    f2ut
    Verbose
    Authenticated with login provider. Validating request security token.
    1:06:25 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    0
    Verbose
    Using membership provider 'ADAMProvider'.
    1:06:25 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    0
    Verbose
    Doing password check on '[email protected]'.
    1:06:46 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    0
    Verbose
    Failed password check on '[email protected]'.
    1:06:46 AM
    w3wp.exe (0x0EDC)               
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    0
    Unexpected
    Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
    token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
    1:06:46 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    fo1t
    Monitorable
    SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
    could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
    1:06:46 AM
    w3wp.exe (0x1B34)                      
    0x08A0
    SharePoint Foundation        
    Claims Authentication        
    fsq7
    High   
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
      at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    1:06:46 AM
    w3wp.exe (0x1B34)                      
    0x08A0
    SharePoint Foundation        
    Claims Authentication        
    8306
    Critical
    An exception occurred when trying to issue security token: The security token username and password could not be validated..
    1:06:46 AM
    w3wp.exe (0x1B34)                      
    0x08A0
    SharePoint Foundation        
    Claims Authentication        
    f2un
    Verbose
    Form authentication failed.
    I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
     I found plenty out there and nothing directly correlates with this issue. 
    I searched on all parts of the errors I got.
    This contains an interesting blurb about setting up access for the apppool id correctly. 
    That’s not the case for me.  It works in dev and the same id are used there. 
    http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
    This was good but it doesn’t give specs on what the environment looks like:
    http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
    The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
    http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
    Any and all help would be greatly appreciated!

    Hi.
    You say its a multiserver farm, do you have more than one web server then?
    If thats the case, have you tried accessing the site on each server directly?
    Found this for you, maybe that can help?
    Troubleshooting Exceptions: System.ServiceModel.FaultException`1
    http://msdn.microsoft.com/en-us/library/bb907220.aspx
    and this:
    SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
    http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
    and
    This seems to be a good guide:
    http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
    Good luck
    Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com

  • Joins issue in query - OBIEE 11g

    Hi all,
    I have created a new repository with a simple star schema, and also have created ragged hierarchy. Now when i select any dimension field and a measure from the fact, the query generated by BI has 2 physical queries i.e. one for dimension and other for fact. but when it joins these 2 subqueries it does not consider any common column to join on , and results in incorrect data.
    Not able to figure out what is going wrong. Pls. let me know hw to resolve this issue if any one has faced a similar one.
    rgds,
    Shruti

    RqList <<184070>> [for database 3023:147018:DEVFRC,57] /* FETCH FIRST 1000001 ROWS ONLY */
    0 as c1 [for database 3023:147018,57],
    D2.c1 as c2 [for database 3023:147018,57],
    D1.c1 as c3 [for database 3023:147018,57]
    Child Nodes (RqJoinSpec): <<184109>> [for database 3023:147018:DEVFRC,57]
    RqJoinNode <<184107>> []
    RqList <<184082>> [for database 3023:147018:DEVFRC,57] distinct
    sum(FCT_LEDGER_STAT.N_VALUE) as c1 [for database 3023:147018,57]
    Child Nodes (RqJoinSpec): <<184085>> [for database 3023:147018:DEVFRC,57]
    RqJoinNode <<184084>> []
    FCT_LEDGER_STAT T147426
    ) as D1
    RqJoinNode <<184108>> []
    RqList <<184088>> [for database 3023:147018:DEVFRC,57] distinct
    DIM_FINANCIAL_ELEMENT.V_FINANCIAL_ELEM_NAME as c1 [for database 3023:147018,57]
    Child Nodes (RqJoinSpec): <<184099>> [for database 3023:147018:DEVFRC,57]
    RqJoinNode <<184098>> []
    DIM_FINANCIAL_ELEMENT T147109
    ) as D2
    OrderBy: c2 asc NULLS LAST [for database 3023:147018,57]
    =========================================================
    PHYSICAL
    ==================================================
    WITH
    SAWITH0 AS (select sum(T147426.N_VALUE) as c1
    from
    OFSAAATOMIC.FCT_LEDGER_STAT T147426),
    SAWITH1 AS (select distinct T147109.V_FINANCIAL_ELEM_NAME as c1
    from
    OFSAAATOMIC.DIM_FINANCIAL_ELEMENT T147109)
    select D1.c1 as c1, D1.c2 as c2, D1.c3 as c3 from ( select 0 as c1,
    D2.c1 as c2,
    D1.c1 as c3
    from
    SAWITH0 D1,
    SAWITH1 D2
    order by c2 ) D1 where rownum <= 1000001

  • Outer Join issue in SSRS

    Symptom description:
    I have a Department table and an Employee table. In Department table, Deptno is the primary key. In Employee table, Empid is the primary key and Deptno is a foreign key pointing to Deptno of Department table.
    Using BIDS, I have created a Data Source View (DSV) incorporating the above two tables and a relationship is also formed where Employee is the source and Department is the destination. I have then autogenerated a Report Model (.smdl) using the DSV.
    Now, when I select attributes from both Department entity and Employee entity in Report Builder 3.0, the query generated by Report Builder fetches only those records from Department for which an employee exists.
    My objective is to fetch all records from Department when Department is joined with Employee irrespective of whether an employee exists or not for that department. How can this be achieved?
    Given below is the query generated by Report Builder:
    SELECT DISTINCT
        "DEPT"."DepartmentNo" "DepartmentNo",
        "DEPT"."DepartmentDepartmentName" "DepartmentDepartmentName",
        "DEPT"."City" "City",
        "EMP"."EMPID" "EmployeeID",
        "EMP"."EMP_NAME" "EmployeeName",
        "EMP"."SALARY" "Salary"
    FROM
        "CLINICOPIA_REPORTS"."EMP" "EMP"
        LEFT OUTER JOIN (
            SELECT /*+ NO_MERGE */
                "DEPT"."DEPTNO" "DepartmentNo",
                "DEPT"."DEPT_NAME" "DepartmentDepartmentName",
                "DEPT"."CITY" "City",
                "DEPT"."DEPTNO" "DEPTNO"
            FROM
                "CLINICOPIA_REPORTS"."DEPT" "DEPT"
        ) "DEPT" ON "EMP"."DEPTNO" = "DEPT"."DEPTNO"
    WHERE
        CAST(1 AS NUMERIC(1,0)) = 1
    ORDER BY
        "DepartmentNo", "DepartmentDepartmentName", "City", "EmployeeID", "EmployeeName", "Salary";
    Environment: SharePoint 2010 serves as the Web Front-End Server and also hosts Reporting Services Add-in. SQL Server 2008 R2 SP2 is the Back-End Server hosting Sql Server Reporting Services
    (SSRS) in SharePoint Integrated mode. The data is fetched in the Report Builder 3.0 reports from an Oracle database.
    Environment details-
    Web Front-End Server: SharePoint Server 2010 with Enterprise Client Access License features. Operating System is Microsoft Windows Server 2008 R2 Standard - 64 Bit.
    Back-End Database Server: SQL Server 2008 R2 Enterprise SP2. Operating System is Microsoft Windows Server 2008 R2 Standard - 64 Bit.
    Oracle Database Server: Operating System is Red Hat Enterprise Linux Server release 5 (Tikanga). Oracle Database version is Oracle Database 10g R2 Enterprise Edition Release 10.2.0.2.0 - Production.

    Setting the Cardinality of Department > Employee role to OptionalOne
    gives rise to cartesian join (which is a bigger issue).
    Therefore, the Cardinality of Department > Employee role should remain as
    OptionalMany (default).
    This means, the outer join problem still remains unsolved. I have, therefore,
    unmarked the above answer by me.
    The question is - why has Report Builder been designed in such a way that the primary entity is always the child entity when attributes are selected from both parent and child entities?
    Most people desire that all the rows of the parent entity be fetched irrespective of whether there are corresponding rows in the child entity or not. Report Builder tool should not dictate what the user wants to get, meaning it is not right to assume
    that the focus of the report is Employee when attributes are selected from both Department and Employee. Report Builder should not make the child entity (i.e., Employee) as the primary entity when the user selects attributes from the child entity after
    having selected attributes from the parent entity.
    I am sorry to say that clients may not accept the Report Builder tool as this does not fetch the records as desired.
    I hope there is someone who can suggest how the outer join problem can be solved by just tweaking the properties of the report model (SMDL).
    Besides, the end users are business users and are not tech savvy. They are not expected to modify queries. They would simply drag and drop attributes from entities to create adhoc reports.

  • Merge join issue

    hi all,
    In my project am using table type varibale as paramter with the columns of id salary to the table. In my procedure i have used merge join with the passed table type variable with the existing table.Insert the value given id does not match,update the value
    to the id if matched this is the condition to my merge join. I passed the below table as parameter. Every id is new so i passed the id as -1. My problem is, when i insert the below table with my procedure it is not maintainig order. For example during insert
    600 should be first,300 should be second and 800 should be third row, but am not getting like that it always save ascending order 300,600,800 respectively. Am i facing this issue since am using merge join?if so can any one help me to maintain order during
    insert.
    My table type variable paramter value has been given below
    id   salary
    -1   600
    -1   300
    -1   800

    For example during insert 600 should be first,300 should be second and 800 should be third row,
    Can you tell me on what's the rule that determines the order of insertion?
    Please Mark This As Answer if it solved your issue
    Please Vote This As Helpful if it helps to solve your issue
    Visakh
    My Wiki User Page
    My MSDN Page
    My Personal Blog
    My Facebook Page

  • Join Issues After 4i to 10g Upgrade

    Hi,
    We have noticed issues with folder joins after upgrading from 4i to 10g. These joins existed and worked as expected in 4i. But after the upgrade to 10g, reports will pull all data instead of limiting to the parameters.
    For example, we have a order headers folder and invoice headers folder in a business area created from the database. The 2 folders have a join. If I create a report that pulls columns from both folders and then create parameters to limit the invoice creation date, it will pull all records from the database instead of limiting to the parameters.
    Has anyone else experienced this issue? Can someone point me to some documentation that relates to the issue?
    Any help is greatly appreciated!
    Thanks,
    Troy

    Hi Troy,
    I seem to remember that there is a difference in how 4i and 10g handle outer joins. There is also an issue associated with applying joins to different types of folders. Please send me a copy of the SQL generated from the "view SQL" function for this worksheet and I'll try to help you debug the issue. It would also be helpful if you could do this for 4i also.
    --Srinu                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  • ISE Distributed System - AD join issue

    Hi,
    We have deployed 04 ISE nodes in the following senario. (ISE ver 1.1.2.245)
    1 ISE - Primary (A) Secondary (M)
    2 ISE - Primary (M) Secondary (A)
    3 ISE -  Policy Service (PDP)
    4 ISE -  Policy Service (PDP)
    When integrating with AD, we can only integrat to the 1 ISE only. NTP, Timezone, DNS working on all 04 boxes perfectly. We are getting the attached error while integrating AD with other ISE nodes.
    In the above senario, what ISE nodes should have the AD joined, only the PDP or all 04 nodes should have joined..?
    Can someone please advise. Please see the attached screenprints for the deployment and detailed error while joining to AD.
    Thanks in advance.

    Hi Neno,
    Below is the debug logs for AD joining. I can see the below two issues, but dont know how to find the solution..
    •1)      (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    •2)  SASL bind to ldap/[email protected] - GSSAPI Mechanism with Kerberos error ": Cannot contact any KDC for requested realm"
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG network.state ProbePorts complete for hqv-dcs-02.xxx.gov.qa. Elapsed time 0.014737 secs
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findkdc KDC locator for xxx.GOV.QA
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domaincontroller: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.dc.xxx.gov.qa: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findsrv FindSrvFromDns(0): _kerberos._tcp.xxxsite._sites.xxx.gov.qa
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG network.state NST: SniffList: postfailsort=hqv-dcs-02.xxx.gov.qa, hqp-dcs-01.xxx.gov.qa
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.kerberos.keytab GetSaltFromKDC returns: xxx.GOV.QAAdmin-Asif
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.aduser getSalt update: user:[email protected] salt:xxx.GOV.QAAdmin-Asif
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findkdc KDC locator for xxx.GOV.QA
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domaincontroller: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.dc.xxx.gov.qa: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findsrv FindSrvFromDns(0): _kerberos._tcp.xxxsite._sites.xxx.gov.qa
    Mar  3 09:53:47 xxx-TW-ISE-2 adjoin[27660]: DEBUG network.state NST: SniffList: postfailsort=hqv-dcs-02.xxx.gov.qa, hqp-dcs-01.xxx.gov.qa
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findkdc KDC locator for xxx.GOV.QA
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domaincontroller: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.dc.xxx.gov.qa: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findsrv FindSrvFromDns(0): _kerberos._tcp.xxxsite._sites.xxx.gov.qa
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG network.state NST: SniffList: postfailsort=hqv-dcs-02.xxx.gov.qa, hqp-dcs-01.xxx.gov.qa
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.bind.ad Performing LDAP binding with GSSAPI mechanisms to server - hqp-dcs-01.xxx.gov.qa
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findkdc KDC locator for xxx.GOV.QA
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domaincontroller: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.dc.xxx.gov.qa: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findsrv FindSrvFromDns(0): _kerberos._tcp.xxxsite._sites.xxx.gov.qa
    Mar  3 09:53:49 xxx-TW-ISE-2 adjoin[27660]: DEBUG network.state NST: SniffList: postfailsort=hqv-dcs-02.xxx.gov.qa, hqp-dcs-01.xxx.gov.qa
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.osutil Module=Kerberos : SASL bind to ldap/[email protected] - GSSAPI Mechanism with Kerberos error ": Cannot contact any KDC for requested realm" (reference base/adbind.cpp:495 rc: -1765328228)
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DEBUG network.state NST:reportFailure: hqp-dcs-01.xxx.gov.qa
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DIAG  base.bind.ad connectToServiceInDomain: Failed to connect to hqp-dcs-01.xxx.gov.qa:389: SASL bind to ldap/[email protected] - GSSAPI Mechanism with Kerberos error ": Cannot contact any KDC for requested realm"
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domaincontroller: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.dc.xxx.gov.qa: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findsrv FindSrvFromDns(0): _ldap._tcp.xxxsite._sites.xxx.gov.qa
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DEBUG network.state NST: SniffList: postfailsort=hqv-dcs-02.xxx.gov.qa, hqp-dcs-01.xxx.gov.qa
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.bind.ad Attempting to connect to a DC in site 'xxxsite'
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.bind.ad Connecting to hqv-dcs-02.xxx.gov.qa:389
    Mar  3 09:54:04 xxx-TW-ISE-2 adjoin[27660]: DIAG  base.bind.ldap 10.0.11.52:389 fetch dn="" filter="(objectclass=*)" timeout=11
    Mar  3 09:54:06 xxx-TW-ISE-2 adjoin[27660]: DEBUG lrpc.adobject new object:
    Mar  3 09:54:06 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.bind.ad Connected root=DC=xxx,DC=gov,DC=qa, domain=xxx.GOV.QA functionality=3
    Mar  3 09:54:06 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.bind.ad Address of hqv-dcs-02.xxx.gov.qa is 10.0.11.52
    Mar  3 09:54:06 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.bind.ad Performing LDAP binding with GSSAPI mechanisms to server - hqv-dcs-02.xxx.gov.qa
    Mar  3 09:54:06 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findkdc KDC locator for xxx.GOV.QA
    Mar  3 09:54:06 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domaincontroller: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:06 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.dc.xxx.gov.qa: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:06 xxx-TW-ISE-2 adjoin[27660]: DEBUG dns.findsrv FindSrvFromDns(0): _kerberos._tcp.xxxsite._sites.xxx.gov.qa
    Mar  3 09:54:06 xxx-TW-ISE-2 adjoin[27660]: DEBUG network.state NST: SniffList: postfailsort=hqv-dcs-02.xxx.gov.qa, hqp-dcs-01.xxx.gov.qa
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.osutil Module=Kerberos : SASL bind to ldap/[email protected] - GSSAPI Mechanism with Kerberos error ": Cannot contact any KDC for requested realm" (reference base/adbind.cpp:495 rc: -1765328228)
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG network.state NST:reportFailure: hqv-dcs-02.xxx.gov.qa
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.bind.ad connectToList: Failed to connect to hqv-dcs-02.xxx.gov.qa:389: SASL bind to ldap/[email protected] - GSSAPI Mechanism with Kerberos error ": Cannot contact any KDC for requested realm"
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.osutil Module=LDAP : reconnect failed (reference base/adbind.cpp:785 rc: -11)
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG base.bind.ad Destroying binding to 'xxx.GOV.QA'
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting zonename to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting schema to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting zone to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.dc.xxx.gov.qa: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting domaincontroller to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting site to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting domain to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting prew2k.host to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting host to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG cli.adjoin Unexpected LDAP Error Connect error
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG cli.adjoin  due to unexpected configuration or network error.
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG cli.adjoin Please try the --verbose option or run 'adinfo --diag' to diagnose the problem.
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting host to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: DEBUG util.settings Setting prew2k.host to
    Mar  3 09:54:21 xxx-TW-ISE-2 adjoin[27660]: INFO  cli.adjoin Join to domain 'xxx.gov.qa', zone 'null' failed.
    Mar  3 09:54:23 xxx-TW-ISE-2 adinfo[27666]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:23 xxx-TW-ISE-2 adinfo[27666]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:23 xxx-TW-ISE-2 adinfo[27668]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:23 xxx-TW-ISE-2 adinfo[27668]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:33 xxx-TW-ISE-2 adinfo[28164]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:33 xxx-TW-ISE-2 adinfo[28164]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:44 xxx-TW-ISE-2 adinfo[28172]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:44 xxx-TW-ISE-2 adinfo[28172]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:54 xxx-TW-ISE-2 adinfo[28900]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:54:54 xxx-TW-ISE-2 adinfo[28900]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:05 xxx-TW-ISE-2 adinfo[28905]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:05 xxx-TW-ISE-2 adinfo[28905]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:16 xxx-TW-ISE-2 adinfo[28907]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:16 xxx-TW-ISE-2 adinfo[28907]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:27 xxx-TW-ISE-2 adinfo[28911]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:27 xxx-TW-ISE-2 adinfo[28911]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:38 xxx-TW-ISE-2 adinfo[28913]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:38 xxx-TW-ISE-2 adinfo[28913]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:49 xxx-TW-ISE-2 adinfo[28920]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:55:49 xxx-TW-ISE-2 adinfo[28920]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:56:00 xxx-TW-ISE-2 adinfo[28988]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:56:00 xxx-TW-ISE-2 adinfo[28988]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)
    Mar  3 09:56:11 xxx-TW-ISE-2 adinfo[29010]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:106 rc: 2)

  • MS Active Directory LDAP Authentication/Locking Issue.

    Dear All,
    We are a software company; we have implemented feature of LDAP Authentication in our product using Java API and its working fine from our network environment.
    We have used following things with LDAP feature.
    1. User Authentication.
    2. Locking account after exceed the maximum attempts that has configured in window server.
    Main our issue is: The LDAP feature is not working properly from our client side. They are able to authenticate their LDAP user but do not able to lock user account however they have exceeded the maximum attempts from login dialog of our products but it still working in our side.
    If anybody has any experienced about it then please reply with positvie solution or any other information like require do the specific configuration for different version of Windows and Active Directory Server etc.
    Can any body know what are the possibilities for identifying and resolving this issue?
    Please help us if anybody has any experienced about it.
    Please do the needful.
    Thanks,
    Mehul.

    Hi,
    Thanks for your reply.
    We have used java package of javax.naming.* and javax.naming.directory.* for LDAP Authentication.
    Following code for checking whether ADS User is valid or not.
    * Function checks whether ADSUser is valid user or not
    * @returns int value indicating result.
    public int isValidADSUser() {
    Hashtable env = new Hashtable(5);
    Vector adsInfoVec = getADSInfo();
    env.put("java.naming.referral", "ignore");
    // env.put("java.naming.security.authentication", "simple");
    env.put(Context.SECURITY_AUTHENTICATION,"simple");
    String provider = "com.sun.jndi.ldap.LdapCtxFactory";
    env.put("java.naming.factory.initial", provider);
    //For handling Uncontinued reference found message of partial result exception
    env.put(Context.REFERRAL, "follow");
    env.put("java.naming.ldap.derefAliases", "always");
    env.put("java.naming.ldap.deleteRDN", "false");
    env.put("java.naming.ldap.attributes.binary", "");
    env.put(Context.PROVIDER_URL,
    "ldap://" + (String) adsInfoVec.elementAt(0) + ":" +
    (String) adsInfoVec.elementAt(1));
    // env.put("java.naming.security.principal",
    // userNameStr + "@" + (String) adsInfoVec.elementAt(0));
    env.put(Context.SECURITY_PRINCIPAL,
    userNameStr + "@" + (String) adsInfoVec.elementAt(0));
    if (userPassStr == null) {
    userPassStr = "";
    // env.put("java.naming.security.credentials", userPassStr);
    env.put(Context.SECURITY_CREDENTIALS, userPasswordStr);
    try {
    DirContext ctx = new InitialDirContext(env);
    ctx.lookup("");
    //System.out.println(ctx.lookup(""));
    ctx.close();
    catch (javax.naming.AuthenticationException ex) {
    //System.out.println();
    ex.printStackTrace();
    return AUTHENTICATION_ERROR;
    catch (javax.naming.PartialResultException pex) {
    pex.printStackTrace();
    return COMMUNICATION_ERROR;
    catch (javax.naming.CommunicationException pex) {
    pex.printStackTrace();
    return COMMUNICATION_ERROR;
    catch (NamingException e) {
    System.out.println("Failed to connect to ");
    e.printStackTrace();
    return COMMUNICATION_ERROR;
    return SUCCESS;
    Result of this code from our company: We are able to Authenticate LDAP user and also Lock User Account after exceed the Max Failure Attempt that configured from Windows Server.
    Result of this code from our client side: They are able to Authenticate LDAP user but they can't User Accout Lock however exceed the Max Failure Attemp that configured from their Windows Server.
    Can u please help us if any experience about it and suggest if any other configuration require from Windows Server / Active Directory Server OR also if some other implementation require for resolving this issue.
    Your optimistic reply is much appreciated.
    Thanks,
    Mehul Garnara.
    Edited by: [email protected] on Mar 6, 2008 10:24 PM
    Edited by: [email protected] on Mar 6, 2008 10:25 PM
    Edited by: [email protected] on Mar 6, 2008 10:25 PM

  • Fact Join Issue

    I am having star schema,Fact1 and dim1,dim2,dim3
    Now i am bringing one more fact table(fact2)..... common table between both fact i hav currency column like AED,INR,USD,other thn this i dont hav any common table to join with other dimension table
    so my join look like this
    fact2<<<<<fact1>>>>>>dim1
    After joining this if i try to drag column from dim1 and fact2,i do not get any result from fact2,
    I get below error
    Error:None of the fact tables are compatible with the query request
    so can i know how to make this work,is it possible?

    To fix your issue.. without looking at your data.. follow as below
    In BMM layer to the existing fact1->source properties-> General Tab
    Click on Add button and add the fact2 and pull required columns to existing logical fact table.
    Appreciate if you mark as correct/helpful

  • Join issue OBIEE (BMM Layer)

    Hi All -
    1. I have following tables:
    D1 - Dimension Table
    D2 - Dimension Table
    D3 - Dimension Table
    F1 - Fact Table
    We have join between - D1 - F1, D2, F1 & D3 - F1
    2. We have some more tables :
    D4 - dimension Table
    F2 - Fact Table
    We have join between - D4 - F2
    3. We have some more tables :
    D5 - Dimension Table
    F3 - Fact Table
    We have join between - D5 - F3
    Now the scenario is we need to enable joins between all these tables in the logical layer. i created dimensional hierarchies and assigned at the total level for the fact tables. but it is not working.
    can anybody please lookinto this issue?
    Thanks

    I noticed that if you create the FK in the physical layer BEFORE moving the columns into the Business Model layer it will keep them when you bring them over, but if you create the columns in the BM layer then made the physical joins you have to go back and join in the BM layer.
    Unfortunately if you'll lose anything in the Presentation or Business Model layer if you remove it from the BM and want to re-join.

  • Converging Join Issue

        Hi,
    I just have a scenario in my universe designer , when I Join the table as per my requirement I'm getting the below scenario, well my Question about the same is when we join like this we'll get " converging Join path issue", IN the image shown there is no cardinality defined for any one of the join. and they have joined on the basis of common object in one table to other table. Please suggest me on this , whether it will result in any error or not.. 

    Hi,
    Please Check the link below .
    simple example for SQL traps [chasm / fan trap]

  • Anchor Guest 3.2.171.6 Web Authentication page issue

    Hi folks,
    I'm having issues with our Anchor controller here running 3.2.171.6. Using a chain certificate for our Web authentication re-direct Page to a WEB-server. sometimes the Guest Clients are not re-directed to the WEb authentication page. After I reboot the Anchor this resolves the issue. I need to use this code to support the ipsec vpn module. any ideas would be appreciated.

    you need to try to find a non-chained certificate. I know that most CA do not use these anymore, but need to find one. WLC does not support chained-certificate until 5.2. It may work, but it is not supported.
    HTH,
    Steve

  • Domain joining issue

    Hi,
    following is the error while joining a 2008 R2 sp1 server to the domain
    NetpLdapBind: ldap_bind failed on <DC>: 86: Auth Unknown
    NetpJoinDomainOnDs: Function exits with status of: 0x52b
    Any clue?

    If the Patch from Lany Zhang(MSFT) does not correct the issue we will need to start looking at the domain and forest health, and communication between the clients and domain
    Whats the Forest Functional Level?
    Domain Functional Level?
    Domain Controllers OS level?
    Ipconfig /all From both the client (2008 R2) and the domain controller.
    Would also like to know if replication between domain controllers is healthy.
    So based on http://msdn.microsoft.com/en-us/library/gg465310.aspx
    LDAP_Auth_Unknown(0x56) basically translates to the windows world as ERROR_WRONG_PASSWORD
    Brad Held http://windorks.wordpress.com

Maybe you are looking for