Auth/auth_number_in_userbuffer
Good morning,
Looking for more info about the Auth/auth_number_in_userbuffer system parameter I have found that it is actually obsolete on my system (SAP ECC 6.0)
I found "Note 75908 - Authorizations missing after client copy" that explains that this user buffer is now stored in the database for performance reasons.
I know it is a table and logically it shouldn't have any limitation in size. Can someone confirm that is the case and when it comes to Authorisation Buffer Size there is no configuration to be done anymore?
Thank you
Corinne
Hi Corinne, I agree with Juan, this parameter hasn't been used since version 4.6 (I think).
The buffer changes facilitated the theoretical instant update of a users authorisations (depending on auth/new_buffering) when changed by an admin, though occasionally they still have to log out & back in again.
If you are looking to assign users with a large number of authorisations, there is a maximum of around 300 roles (assuming 1 role = 1 profile) that can be assigned to the user master
Cheers
alex
Similar Messages
-
MAIN_NEWBAS/STARTSAP_NBAS were negative!
Hi Expert,
We have this issue in Downtime phase
Last error code set: Process D:\usr\sap\DLW\DVEBMGS00\exe/sapcontrol.exe exited with 2, see 'H:\SUM\abap\log\SAPup.ECO' for details<br/> System start failed<br/> Earlier, validating the profile failed, see INSTANCE.OUT
This trouble ticket was created by SAPup on 20140223181007
SAPup broke during phase STARTSAP_NBAS in module MAIN_NEWBAS / Downtime II: Conversion, Main Import, XPRAs
Error Message: Process D:\usr\sap\DLW\DVEBMGS00\exe/sapcontrol.exe exited with 2, see 'H:\SUM\abap\log\SAPup.ECO' for details
System start failed
Earlier, validating the profile failed, see INSTANCE.OUT
SAPup LOG
CURRENTPHASE MAIN_NEWBAS/STARTSAP_NBAS
...started at 20140223172906
# Phase error status set: NO SYSTEM START
..finished at 20140223173446 with status FAILED.
# Error message set: 'RFC login to system DLW ashost UST2A041 nr 00 gwhost UST2A041 gwservice sapgw00 failed with code 1 key RFC_COMMUNICATION_FAILURE:
LOCATION CPIC (TCP/IP) on local host with Unicode
ERROR partner '165.28.146.55:3300' not reached
TIME Sun Feb 23 17:34:26 2014
RELEASE 721
COMPONENT NI (network interface)
VERSION 40
RC -10
MODULE nixxi.cpp
LINE 3285
DETAIL NiPConnect2: 165.28.146.55:3300
SYSTEM CALL connect
ERRNO 10061
ERRNO TEXT WSAECONNREFUSED: Connection refused
COUNTER 117
System start failed
Earlier, validating the profile failed, see INSTANCE.OUT'
...begin dialog at 20140223173449
...end dialog at 20140223180848
..answered at 20140223180848.
-> decided to try again.
CURRENTPHASE MAIN_NEWBAS/STARTSAP_NBAS
...started at 20140223180848
# Phase error status set: NO SYSTEM START
..finished at 20140223181007 with status FAILED.
# Error message set: 'Process D:\usr\sap\DLW\DVEBMGS00\exe/sapcontrol.exe exited with 2, see 'H:\SUM\abap\log\SAPup.ECO' for details
System start failed
Earlier, validating the profile failed, see INSTANCE.OUT'
...begin dialog at 20140223181010
INSTANCE LOG
SAPup> Starting subprocess in phase 'MOD_PFPAR_BAS' at 20140223141142
ENV: CLASSPATH=H:\DVD\51041943_\db2jcc.jar;H:\DVD\51041943_\db2jcc_license_cisuz.jar;H:\DVD\51041943_\db2jcclu.jar;H:\DVD\51041943_\db2jcc4.jar
ENV: DB2CODEPAGE=819
ENV: DB2_CLI_DRIVER_INSTALL_PATH=D:\usr\sap\DLW\SYS\global\db2\WINDOWS_AMD64\db2_clidriver
ENV: DB2_MAX_RETRY=50
ENV: DBMS_TYPE=db2
ENV: JAVA_HOME=H:\SUM\jvm\jre
ENV: PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
ENV: PATH=H:\SUM\abap\exe;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Enterprise Server\Utils;C:\Program Files\BMC Software\CI\common\globalc\bin\Windows-x86;C:\Program Files\BMC Software\CI\common\globalc\bin\Windows-x86-64;C:\Program Files\BMC Software\Patrol3\BEST1\7.5.10\bgs\bin;D:\SAP\SUNJAVA\bin;D:\SAP\SUNJAVA\bin;D:\usr\sap\QLW\SYS\exe\nuc\NTAMD64;D:\usr\sap\DLW\DVEBMGS00\exe;D:\usr\sap\DLW\SYS\exe\nuc\NTAMD64;D:\usr\sap\DLW\SYS\exe\nuc\NTAMD64\db2_clidriver\bin;D:\usr\sap\DLW\SYS\global\db2\WINDOWS_AMD64\db2_clidriver\bin;D:\SAP\SUNJAVA\bin
ENV: R3_JCL_WAIT_TIME=1
ENV: SAPSYSTEMNAME=DLW
ENV: SDB2_DEBUG=0
ENV: dbs_db2_alter_catlg=0
ENV: dbs_db2_con_profile=H:\SUM\abap\DLW\SYS\global\connect.ini
ENV: dbs_db2_no_chkstogroup=1
ENV: dbs_db2_sap_stosid=1
ENV: dbs_db2_schema=SAPR3
ENV: dbs_db2_ssid=DLW
ENV: dbs_db2_use_defer_yes=-1
ENV: dbs_db2_use_define_no=1
ENV: dbs_db2_use_drda=1
ENV: dbs_db2_user=DLWDB2C
EXECUTING H:\SUM\abap\exe\sappfpar.EXE check "pf=D:\usr\sap\DLW\SYS\profile\DLW_DVEBMGS00_UST2A041 "
================================================================================
== Checking profile: D:\usr\sap\DLW\SYS\profile\DLW_DVEBMGS00_UST2A041
================================================================================
***WARNING: Unexpected parameter: DB2DB6EKEY =0
***WARNING: Unexpected parameter: SETENV_00 =DIR_LIBRARY=D:\usr\sap\DLW\DVEBMGS00\exe
***WARNING: Unexpected parameter: SETENV_01 =DIR_LIBRARY=D:\usr\sap\DLW\DVEBMGS00\exe
***WARNING: Unexpected parameter: SETENV_04 =DB2_CLI_DRIVER_INSTALL_PATH=D:\usr\sap\DLW\DVEBMGS00\exe\db2_clidriver
***WARNING: Unexpected parameter: SETENV_05 =dbs_db2_user=DLWDB2C
***WARNING: Unexpected parameter: SETENV_06 =DB2CODEPAGE=819
***WARNING: Unexpected parameter: auth/auth_number_in_userbuffer =5000
***WARNING: Unexpected parameter: dbs/db2/alter_catlg =0
***WARNING: Unexpected parameter: dbs/db2/max_priqty =72000
***WARNING: Unexpected parameter: dbs/db2/max_retry =50
***WARNING: Unexpected parameter: dbs/db2/no_chkstogroup =1
***WARNING: Unexpected parameter: dbs/db2/nupd_stop =00C90096,00E7000F,00C20031,00C20255,00C900A5
***WARNING: Unexpected parameter: dbs/db2/pcon =1
***WARNING: Unexpected parameter: dbs/db2/sap_stosid =1
***WARNING: Unexpected parameter: dbs/db2/use_lockmax_system =1
***WARNING: Unexpected parameter: es/implementation =flat
***WARNING: Unexpected parameter: rdisp/system_needs_spool =false
***WARNING: Unexpected parameter: rsau/local/file =D:\usr\sap\DLW\DVEBMGS00\log\++++++++.AUD
***WARNING: Unexpected parameter: rsdb/pmandt =000
***WARNING: Unexpected parameter: rspo/spool_id/use_tskh =0
***WARNING: Unexpected parameter: stat/smtp =5
***ERROR: Maximum shared memory segment size exceeded
================================================================
Shared memories exceeding size limit
Key: 6 Size: 1384448000 (1320.3 MB) ABAP program buffer
SOLUTIONS: (1) reconfigure your operating system for shared memory
segment size of 2048.0 MB minimum
(2) configure smaller SAP buffers
Shared memory disposition overview
================================================================
Key: 1 Size: 2500 ( 0.0 MB) System administration
Key: 2 Size: 50270860 ( 47.9 MB) Disp. administration tables
Key: 3 Size: 33432000 ( 31.9 MB) Disp. communication areas
Key: 4 Size: 522448 ( 0.5 MB) statistic area
Key: 5 Size: 4096 ( 0.0 MB) SCSA area
Key: 6 Size: 1384448000 (1320.3 MB) ABAP program buffer
Key: 7 Size: 14838 ( 0.0 MB) Update task administration
Key: 8 Size: 134217828 ( 128.0 MB) Paging buffer
Key: 9 Size: 268435556 ( 256.0 MB) Roll buffer
Key: 11 Size: 500000 ( 0.5 MB) Factory calender buffer
Key: 12 Size: 6000000 ( 5.7 MB) TemSe Char-Code convert Buf.
Key: 13 Size: 40500000 ( 38.6 MB) Alert Area
Key: 14 Size: 35000000 ( 33.4 MB) Presentation buffer
Key: 16 Size: 22400 ( 0.0 MB) Semaphore activity monitoring
Key: 17 Size: 2754336 ( 2.6 MB) Roll administration
Key: 18 Size: 917604 ( 0.9 MB) Paging adminitration
Key: 19 Size: 92000000 ( 87.7 MB) Table-buffer
Key: 30 Size: 35840 ( 0.0 MB) Taskhandler runtime admin.
Key: 31 Size: 8412000 ( 8.0 MB) Dispatcher request queue
Key: 33 Size: 40960000 ( 39.1 MB) Table buffer, part.buffering
Key: 34 Size: 52428800 ( 50.0 MB) Enqueue table
Key: 41 Size: 10000 ( 0.0 MB) DB statistics buffer
Key: 42 Size: 27648992 ( 26.4 MB) DB TTAB buffer
Key: 43 Size: 68358392 ( 65.2 MB) DB FTAB buffer
Key: 44 Size: 13062392 ( 12.5 MB) DB IREC buffer
Key: 45 Size: 10502392 ( 10.0 MB) DB short nametab buffer
Key: 46 Size: 20480 ( 0.0 MB) DB sync table
Key: 47 Size: 8193024 ( 7.8 MB) DB CUA buffer
Key: 48 Size: 300000 ( 0.3 MB) Number range buffer
Key: 49 Size: 2769392 ( 2.6 MB) Spool admin (SpoolWP+DiaWP)
Key: 51 Size: 18000000 ( 17.2 MB) Extended memory admin.
Key: 52 Size: 180000 ( 0.2 MB) Message Server buffer
Key: 54 Size: 40968192 ( 39.1 MB) Export/Import buffer
Key: 55 Size: 8192 ( 0.0 MB) Spool local printer+joblist
Key: 57 Size: 1572864 ( 1.5 MB) Profilparameter in shared mem
Key: 58 Size: 4096 ( 0.0 MB) Enqueue ID for reset
Key: 62 Size: 85983232 ( 82.0 MB) Memory pipes
Key: 63 Size: 409600 ( 0.4 MB) ICMAN shared memory
Key: 64 Size: 4202496 ( 4.0 MB) Online Text Repository Buf.
Key: 65 Size: 245768192 ( 234.4 MB) Export/Import Shared Memory
Key: 81 Size: 21760 ( 0.0 MB) Security Audit Log
Key: 1002 Size: 400000 ( 0.4 MB) Performance monitoring V01.0
Nr of operating system shared memory segments: 42
Shared memory resource requirements estimated
================================================================
Total Nr of shared segments required.....: 42
Shared memory segment size required min..: 1384448000 (1320.3 MB)
Swap space requirements estimated
================================================
Shared memory....................: 2555.1 MB
Processes........................: 288.4 MB
Extended Memory .................: 4096.0 MB
Total, minimum requirement.......: 6939.5 MB
Process local heaps, worst case..: 24576.0 MB
Total, worst case requirement....: 31515.5 MB
Errors detected..................: 1
Warnings detected................: 21
SAPup> Process with PID 6624 terminated with status 1 at 20140223141143!
Do you know how to fix it?
Thanks
Nicolas MerlaniRB ,
I restarted windows and now the error change to:
Logs:
1 ETQ359 RFC Login to: System="DLW", AsHost="UST2A041" Nr="00", GwHost="UST2A041", GwService="sapgw00"
2EETQ231 RFC Login failed
1 ETQ399 SYSTEM MANAGER: SAPControl action START failed for instance 00.
1 ETQ399 SYSTEM MANAGER: CheckSystemStatus.
1 ETQ399 SAPCONTROL MANAGER: getProcessList with host: UST2A041 and instance: 00
3 ETQ399 20140223193330: PID 4296 execute 'D:\usr\sap\DLW\DVEBMGS00\exe\sapcontrol.exe -format script -prot PIPE -host UST2A041 -nr 00 -function GetProcessList' , output written to 'H:\SUM\abap\log\SAPup.ECO'.
3 ETQ399 20140223193330: PID 4296 exited with status 3 (time 0.000 real)
1EETQ399 SYSTEM MANAGER: START of mandatory instance 00 on server UST2A041 has failed
2EETQ354 Starting system failed, rc="-1"
4 ETQ010 Date & Time: 20140223193330
1EETQ399 Last error code set is: RFC login to system DLW ashost UST2A041 nr 00 gwhost UST2A041 gwservice sapgw00 failed with code 2 key RFC_LOGON_FAILURE: Logon not possible (error in license check)
System start failed
Earlier, validating the profile failed, see INSTANCE.OUT
1EETQ203 Upgrade phase "STARTSAP_NBAS" aborted with errors ("20140223193330")
Problog:
This trouble ticket was created by SAPup on 20140223193330
SAPup broke during phase STARTSAP_NBAS in module MAIN_NEWBAS / Downtime II: Conversion, Main Import, XPRAs
Error Message: RFC login to system DLW ashost UST2A041 nr 00 gwhost UST2A041 gwservice sapgw00 failed with code 2 key RFC_LOGON_FAILURE: Logon not possible (error in license check)
System start failed
Earlier, validating the profile failed, see INSTANCE.OUT
Do you know how to fix it?
Thanks
Nicolas -
Hi All,
We are having frequent issues where the memory is being consumed fully.
We have 16 gb of ram.
================================================================================
== Checking profile: prd_DVEBMGS52_sapprd
================================================================================
***WARNING: Unexpected parameter: auth/auth_number_in_userbuffer =9000
***WARNING: Unexpected parameter: auth/test_mode =N
***WARNING: Unexpected parameter: system/type =ABAP
***ERROR: /dev/shm is too small (19264 MB required, 8008 MB configured)
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_0 with 2047 MB
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_1 with 2047 MB
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_2 with 2047 MB
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_3 with 2047 MB
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_4 with 2047 MB
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_5 with 2047 MB
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_6 with 2047 MB
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_7 with 2047 MB
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_8 with 2047 MB
***INFO: Temporary create ES2 resource /SAP_ES2_sappfpar_9 with 841 MB
Shared memory disposition overview
================================================================
Shared memory pools
Key: 10 Pool
Size configured.....: 200000000 ( 190.7 MB)
Size min. estimated.: 128139520 ( 122.2 MB)
Advised Size........: 132000000 ( 125.9 MB)
Key: 40 Pool for database buffers
Size configured.....: 184000000 ( 175.5 MB)
Size min. estimated.: 178871040 ( 170.6 MB)
Advised Size........: 182000000 ( 173.6 MB)
Shared memories inside of pool 10
Key: 11 Size: 500000 ( 0.5 MB) Factory calender buffer
Key: 12 Size: 6000000 ( 5.7 MB) TemSe Char-Code convert Buf.
Key: 13 Size: 60500000 ( 57.7 MB) Alert Area
Key: 16 Size: 22400 ( 0.0 MB) Semaphore activity monitoring
Key: 17 Size: 11116480 ( 10.6 MB) Roll administration
Shared memories inside of pool 40
Key: 42 Size: 21312992 ( 20.3 MB) DB TTAB buffer
Key: 43 Size: 66774392 ( 63.7 MB) DB FTAB buffer
Key: 44 Size: 13526392 ( 12.9 MB) DB IREC buffer
Key: 45 Size: 8406392 ( 8.0 MB) DB short nametab buffer
Key: 46 Size: 20480 ( 0.0 MB) DB sync table
Key: 47 Size: 15361024 ( 14.6 MB) DB CUA buffer
Key: 48 Size: 500000 ( 0.5 MB) Number range buffer
Key: 49 Size: 2968344 ( 2.8 MB) Spool admin (SpoolWP+DiaWP)
Shared memories outside of pools
Key: 1 Size: 2500 ( 0.0 MB) System administration
Key: 2 Size: 60839260 ( 58.0 MB) Disp. administration tables
Key: 3 Size: 114048000 ( 108.8 MB) Disp. communication areas
Key: 4 Size: 542848 ( 0.5 MB) statistic area
Key: 6 Size: 638976000 ( 609.4 MB) ABAP program buffer
Key: 7 Size: 14838 ( 0.0 MB) Update task administration
Key: 8 Size: 268435556 ( 256.0 MB) Paging buffer
Key: 9 Size: 268435556 ( 256.0 MB) Roll buffer
Key: 14 Size: 20000000 ( 19.1 MB) Presentation buffer
Key: 18 Size: 3670116 ( 3.5 MB) Paging adminitration
Key: 19 Size: 150000000 ( 143.0 MB) Table-buffer
Key: 30 Size: 70656 ( 0.1 MB) Taskhandler runtime admin.
Key: 31 Size: 4806000 ( 4.6 MB) Dispatcher request queue
Key: 33 Size: 61440000 ( 58.6 MB) Table buffer, part.buffering
Key: 34 Size: 30720000 ( 29.3 MB) Enqueue table
Key: 41 Size: 25010000 ( 23.9 MB) DB statistics buffer
Key: 51 Size: 3200000 ( 3.1 MB) Extended memory admin.
Key: 52 Size: 40000 ( 0.0 MB) Message Server buffer
Key: 54 Size: 40968192 ( 39.1 MB) Export/Import buffer
Key: 55 Size: 8192 ( 0.0 MB) Spool local printer+joblist
Key: 57 Size: 1048576 ( 1.0 MB) Profilparameter in shared mem
Key: 58 Size: 4096 ( 0.0 MB) Enqueue ID for reset
Key: 62 Size: 85983232 ( 82.0 MB) Memory pipes
Key: 63 Size: 409600 ( 0.4 MB) ICMAN shared memory
Key: 64 Size: 4202496 ( 4.0 MB) Online Text Repository Buf.
Key: 65 Size: 4202496 ( 4.0 MB) Export/Import Shared Memory
Key: 76 Size: 1586464 ( 1.5 MB) ?????????????
Key: 77 Size: 518432 ( 0.5 MB) ?????????????
Key: 78 Size: 500256 ( 0.5 MB) ?????????????
Key: 1002 Size: 400000 ( 0.4 MB) Performance monitoring V01.0
Key: 58900152 Size: 4096 ( 0.0 MB) SCSA area
Nr of operating system shared memory segments: 33
Shared memory resource requirements estimated
================================================================
Total Nr of shared segments required.....: 33
System-imposed number of shared memories.: 1000
Shared memory segment size required min..: 638976000 ( 609.4 MB)
System-imposed maximum segment size......: 14025752576 (13376.0 MB)
Swap space requirements estimated
================================================
Shared memory....................: 2008.5 MB
..in pool 10 122.2 MB, 64% used
..in pool 40 170.6 MB, 97% used
..not in pool: 1707.2 MB
Processes........................: 897.9 MB
Extended Memory .................: 7788.0 MB
Extended Memory 2 ...............: 19264.0 MB
.. 70 VMs, 1048.0 MB address space
Total, minimum requirement.......: 29958.4 MB
Process local heaps, worst case..: 28610.2 MB
Total, worst case requirement....: 58568.7 MB
Errors detected..................: 0
Warnings detected................: 3
sapkxpsrmdb01:prdadm 4> free -m
total used free shared buffers cached
Mem: 16023 15474 548 0 174 11794
-/+ buffers/cache: 3505 12518
Swap: 21599 3717 17882
Oracle memory areas
SQL> show sga
Total System Global Area 4714397696 bytes
Fixed Size 2090240 bytes
Variable Size 2415921920 bytes
Database Buffers 2281701376 bytes
Redo Buffers 14684160 bytes
SQL> show parameter pga
NAME TYPE VALUE
pga_aggregate_target big integer 3407200911
SQL>
Why is that we are running out of memory even though we have enough RAM to accomodate oracle and SAP and linux OS requirements?
I wanted to know as what exactly the sappfpar reports? and PGA will be allocated on demand right?Hi Markus,
Thanks for the response.Hope you are doing good.Nice to hear from you.
I presume you are refrering to
sunrpc.tcp_slot_table_entries = 16
sunrpc.udp_slot_table_entries = 16
sunrpc.max_resvport = 1023
sunrpc.min_resvport = 665
sunrpc.nlm_debug = 0
sunrpc.nfsd_debug = 0
sunrpc.nfs_debug = 0
sunrpc.rpc_debug = 0
vxvm.vxinfo.volkio_commitwaitq = volkioq_commitwait_start count: 0
vxvm.vxinfo.volkio_commitwaitq = volkioq_commitwait_start:
vxvm.vxinfo.volkioqueue = volkioq_start count: 0
vxvm.vxinfo.volkioqueue = volkioq_start:
vxvm.vxinfo.volsio_otherq = volsioq_done count: 0
vxvm.vxinfo.volsio_otherq = volsioq_done:
vxvm.vxinfo.volsio_otherq = volsioq_restart count: 0
vxvm.vxinfo.volsio_otherq = volsioq_restart:
vxvm.vxinfo.volsio_otherq = volsioq_redone count: 0
vxvm.vxinfo.volsio_otherq = volsioq_redone:
vxvm.vxinfo.volsio_idleq = volsioq_idle_start count: 0
vxvm.vxinfo.volsio_idleq = volsioq_idle_start:
vxvm.vxinfo.volsioqueue = volsioq_start count: 0
vxvm.vxinfo.volsioqueue = volsioq_start:
vxvm.vxinfo.volktrans = vol_config_loaded: 1
vxvm.vxinfo.volktrans = vol_commit_in_progress: 0
vxvm.vxinfo.volktrans = vol_ktrans_locked: 0
vxvm.vxinfo.volktrans = vol_ktrans_pending_abort: 0
vxvm.vxinfo.volktrans = vol_ktrans_abort_is_possible: 0
vxvm.vxinfo.volktrans = transaction state: last transaction committed
vxvm.vxinfo.voliod_info = voliod_running: 0
vxvm.vxinfo.voliod_info = voliod_need: 0
vxvm.vxinfo.voliod_info = voliod_count: 32
vxvm.vxinfo.voliod_info = voliod_want_count: 32
vxvm.vxinfo.voliomem = memory reservation pool usage
vxvm.vxinfo.voliomem = id: max mem used: total allocated mem: mem in use: min mem: max mem
vxvm.vxinfo.voliomem = 0 0 100000 0 100000 8000000
vxvm.vxinfo.volkiocount_locked = volkiocount: 0
vxvm.vxinfo.volkiocount = volkiocount: 0
vxvm.vxio.vol_rp_decrement = 8
vxvm.vxio.vol_rp_increment = 8
vxvm.vxio.vol_use_rq = 1
vxvm.vxio.vol_use_rq = 1
vxvm.vxio.hacomm_logbuf_slots = 1000
vxvm.vxio.hacomm_transbuf_slots = 256
vxvm.vxio.hacomm_tracebuf_slots = 1024
vxvm.vxio.svm_session_trace_count = 2000
vxvm.vxio.svm_debugging_enable = 0
vxvm.vxio.vxvm_req_stack_endio = 3072
vxvm.vxio.vxvm_req_stack = 4096
vxvm.vxio.hacomm_min_winsz_enable_app = 2048
vxvm.vxio.hacomm_min_winsz_enable_peer = 2048
vxvm.vxio.hacomm_min_split_segsz = 1024
vxvm.vxio.hacomm_max_segsz = 1048576
vxvm.vxio.hacomm_min_split_fragsz = 2048
vxvm.vxio.hacomm_max_fragsz = 1048576
vxvm.vxio.hacomm_rcv_bufsz = 1048576
vxvm.vxio.hacomm_snd_bufsz = 1048576
vxvm.vxio.hacomm_msg_batching_ok = 1
vxvm.vxio.hacomm_direct_send_ok = 1
vxvm.vxio.hacomm_restore_interval = 60
vxvm.vxio.hacomm_hb_interval = 3
vxvm.vxio.hacomm_ack_interval = 200
vxvm.vxio.svm_txpt_type = 2
vxvm.vxio.voldrl_max_seq_dirty = 3
vxvm.vxio.vol_max_volumes = 65534
vxvm.vxio.vol_rvio_maxpool_sz = 134217728
vxvm.vxio.vol_vvr_use_nat = 0
vxvm.vxio.vol_max_wrspool_sz = 16777216
vxvm.vxio.vol_nm_hb_timeout = 10
vxvm.vxio.vol_dcm_replay_size = 262144
vxvm.vxio.volraid_minpool_size = 4194304
vxvm.vxio.volcvm_smartsync = 1
vxvm.vxio.vol_min_lowmem_sz = 4194304
vxvm.vxio.vol_max_nmpool_sz = 16777216
vxvm.vxio.vol_max_rdback_sz = 67108864
vxvm.vxio.volpagemod_max_memsz = 1536 0
vxvm.vxio.vol_fmr_logsz = 4
vxvm.vxio.voliomem_maxpool_sz = 134217728
vxvm.vxio.voliomem_chunk_size = 32768
vxvm.vxio.vol_max_nlogs = 20
vxvm.vxio.vol_max_nconfigs = 20
vxvm.vxio.vxtask_max_monitors = 32
vxvm.vxio.vxtask_max_monitors = 32
vxvm.vxio.vol_checkpt_default = 20480
vxvm.vxio.voliot_max_open = 32
vxvm.vxio.voliot_errbuf_dflt = 16384
vxvm.vxio.voliot_iobuf_default = 8192
vxvm.vxio.voliot_iobuf_max = 65536
vxvm.vxio.voliot_iobuf_limit = 131072
vxvm.vxio.vol_maxstablebufsize = 256
vxvm.vxio.vol_mvr_maxround = 512
vxvm.vxio.vol_maxparallelio = 256
vxvm.vxio.voldrl_max_drtregs = 2048
vxvm.vxio.voldrl_min_regionsz = 1024
vxvm.vxio.vol_default_iodelay = 50
vxvm.vxio.maxiosize = 2048
vxvm.vxio.vol_maxioctl = 32768
vxvm.vxio.vol_maxkiocount = 20000
vxdmp.dmp_retry_count = 5
vxdmp.dmp_restore_cycles = 10
vxdmp.dmp_restore_policy = 1
vxdmp.dmp_restore_interval = 300
vxdmp.dmp_pathswitch_blks_shift = 11
abi.vsyscall32 = 1
dev.scsi.logging_level = 0
dev.raid.speed_limit_max = 200000
dev.raid.speed_limit_min = 1000
dev.cdrom.check_media = 0
dev.cdrom.lock = 1
dev.cdrom.debug = 0
dev.cdrom.autoeject = 0
dev.cdrom.autoclose = 1
dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17
dev.cdrom.info =
dev.cdrom.info = drive name: hda
dev.cdrom.info = drive speed: 24
dev.cdrom.info = drive # of slots: 1
dev.cdrom.info = Can close tray: 1
dev.cdrom.info = Can open tray: 1
dev.cdrom.info = Can lock tray: 1
dev.cdrom.info = Can change speed: 1
dev.cdrom.info = Can select disk: 0
dev.cdrom.info = Can read multisession: 1
dev.cdrom.info = Can read multisession: 1
dev.cdrom.info = Can read MCN: 1
dev.cdrom.info = Reports media changed: 1
dev.cdrom.info = Can play audio: 1
dev.cdrom.info = Can write CD-R: 0
dev.cdrom.info = Can write CD-RW: 0
dev.cdrom.info = Can read DVD: 1
dev.cdrom.info = Can write DVD-R: 0
dev.cdrom.info = Can write DVD-RAM: 0
dev.cdrom.info = Can read MRW: 1
dev.cdrom.info = Can write MRW: 1
dev.cdrom.info = Can write RAM: 1
dev.cdrom.info =
dev.cdrom.info =
dev.rtc.max-user-freq = 64
debug.exception-trace = 1
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.max_desync_factor = 600
net.ipv6.conf.default.regen_max_retry = 5
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.default.temp_valid_lft = 604800
net.ipv6.conf.default.use_tempaddr = 0
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.default.router_solicitation_delay = 1
net.ipv6.conf.default.router_solicitation_interval = 4
net.ipv6.conf.default.router_solicitations = 3
net.ipv6.conf.default.dad_transmits = 1
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.default.accept_redirects = 1
net.ipv6.conf.default.accept_ra = 1
net.ipv6.conf.default.mtu = 1280
net.ipv6.conf.default.hop_limit = 64
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.all.max_addresses = 16
net.ipv6.conf.all.max_desync_factor = 600
net.ipv6.conf.all.regen_max_retry = 5
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.router_solicitation_interval = 4
net.ipv6.conf.all.router_solicitations = 3
net.ipv6.conf.all.dad_transmits = 1
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.accept_redirects = 1
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.all.hop_limit = 64
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.bond0.max_addresses = 16
net.ipv6.conf.bond0.max_desync_factor = 600
net.ipv6.conf.bond0.regen_max_retry = 5
net.ipv6.conf.bond0.temp_prefered_lft = 86400
net.ipv6.conf.bond0.temp_valid_lft = 604800
net.ipv6.conf.bond0.use_tempaddr = 0
net.ipv6.conf.bond0.force_mld_version = 0
net.ipv6.conf.bond0.router_solicitation_delay = 1
net.ipv6.conf.bond0.router_solicitation_interval = 4
net.ipv6.conf.bond0.router_solicitations = 3
net.ipv6.conf.bond0.dad_transmits = 1
net.ipv6.conf.bond0.autoconf = 1
net.ipv6.conf.bond0.accept_redirects = 1
net.ipv6.conf.bond0.accept_ra = 1
net.ipv6.conf.bond0.mtu = 1500
net.ipv6.conf.bond0.hop_limit = 64
net.ipv6.conf.bond0.forwarding = 0
net.ipv6.conf.lo.max_addresses = 16
net.ipv6.conf.lo.max_desync_factor = 600
net.ipv6.conf.lo.regen_max_retry = 5
net.ipv6.conf.lo.temp_prefered_lft = 86400
net.ipv6.conf.lo.temp_valid_lft = 604800
net.ipv6.conf.lo.use_tempaddr = -1
net.ipv6.conf.lo.force_mld_version = 0
net.ipv6.conf.lo.router_solicitation_delay = 1
net.ipv6.conf.lo.router_solicitation_interval = 4
net.ipv6.conf.lo.router_solicitations = 3
net.ipv6.conf.lo.dad_transmits = 1
net.ipv6.conf.lo.autoconf = 1
net.ipv6.conf.lo.accept_redirects = 1
net.ipv6.conf.lo.accept_ra = 1
net.ipv6.conf.lo.accept_ra = 1
net.ipv6.conf.lo.mtu = 16436
net.ipv6.conf.lo.hop_limit = 64
net.ipv6.conf.lo.forwarding = 0
net.ipv6.neigh.bond0.locktime = 0
net.ipv6.neigh.bond0.proxy_delay = 79
net.ipv6.neigh.bond0.anycast_delay = 99
net.ipv6.neigh.bond0.proxy_qlen = 64
net.ipv6.neigh.bond0.unres_qlen = 3
net.ipv6.neigh.bond0.gc_stale_time = 60
net.ipv6.neigh.bond0.delay_first_probe_time = 5
net.ipv6.neigh.bond0.base_reachable_time = 30
net.ipv6.neigh.bond0.retrans_time = 1000
net.ipv6.neigh.bond0.app_solicit = 0
net.ipv6.neigh.bond0.ucast_solicit = 3
net.ipv6.neigh.bond0.mcast_solicit = 3
net.ipv6.neigh.lo.locktime = 0
net.ipv6.neigh.lo.proxy_delay = 79
net.ipv6.neigh.lo.anycast_delay = 99
net.ipv6.neigh.lo.proxy_qlen = 64
net.ipv6.neigh.lo.unres_qlen = 3
net.ipv6.neigh.lo.gc_stale_time = 60
net.ipv6.neigh.lo.delay_first_probe_time = 5
net.ipv6.neigh.lo.base_reachable_time = 30
net.ipv6.neigh.lo.retrans_time = 1000
net.ipv6.neigh.lo.app_solicit = 0
net.ipv6.neigh.lo.ucast_solicit = 3
net.ipv6.neigh.lo.mcast_solicit = 3
net.ipv6.neigh.default.gc_thresh3 = 1024
net.ipv6.neigh.default.gc_thresh2 = 512
net.ipv6.neigh.default.gc_thresh1 = 128
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.locktime = 0
net.ipv6.neigh.default.proxy_delay = 79
net.ipv6.neigh.default.anycast_delay = 99
net.ipv6.neigh.default.proxy_qlen = 64
net.ipv6.neigh.default.unres_qlen = 3
net.ipv6.neigh.default.gc_stale_time = 60
net.ipv6.neigh.default.delay_first_probe_time = 5
net.ipv6.neigh.default.base_reachable_time = 30
net.ipv6.neigh.default.retrans_time = 1000
net.ipv6.neigh.default.retrans_time = 1000
net.ipv6.neigh.default.app_solicit = 0
net.ipv6.neigh.default.ucast_solicit = 3
net.ipv6.neigh.default.mcast_solicit = 3
net.ipv6.mld_max_msf = 10
net.ipv6.ip6frag_secret_interval = 600
net.ipv6.ip6frag_time = 60
net.ipv6.ip6frag_low_thresh = 196608
net.ipv6.ip6frag_high_thresh = 262144
net.ipv6.bindv6only = 0
net.ipv6.icmp.ratelimit = 1000
net.ipv6.route.min_adv_mss = 1
net.ipv6.route.mtu_expires = 600
net.ipv6.route.gc_elasticity = 0
net.ipv6.route.gc_interval = 30
net.ipv6.route.gc_timeout = 60
net.ipv6.route.gc_min_interval = 0
net.ipv6.route.max_size = 4096
net.ipv6.route.gc_thresh = 1024
net.unix.max_dgram_qlen = 10
net.token-ring.rif_timeout = 600000
net.ipv4.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
net.ipv4.netfilter.ip_conntrack_tcp_loose = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_log_invalid = 0
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_buckets = 8192
net.ipv4.netfilter.ip_conntrack_count = 223
net.ipv4.conf.eth1.force_igmp_version = 0
net.ipv4.conf.eth1.disable_policy = 0
net.ipv4.conf.eth1.disable_xfrm = 0
net.ipv4.conf.eth1.arp_ignore = 0
net.ipv4.conf.eth1.arp_announce = 0
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.eth1.tag = 0
net.ipv4.conf.eth1.log_martians = 0
net.ipv4.conf.eth1.bootp_relay = 0
net.ipv4.conf.eth1.medium_id = 0
net.ipv4.conf.eth1.proxy_arp = 0
net.ipv4.conf.eth1.accept_source_route = 0
net.ipv4.conf.eth1.send_redirects = 0
net.ipv4.conf.eth1.rp_filter = 1
net.ipv4.conf.eth1.shared_media = 1
net.ipv4.conf.eth1.secure_redirects = 0
net.ipv4.conf.eth1.accept_redirects = 0
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.secure_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 0 -
System Monitoring with Solution Manager Ehp1
Hi,
I'm Tomas Piqueres, and I'm working in a VAR SAP with Solution Manager.
Recently, we installed Solution Manager Ehp1 and we are trying to configure it for System Monitoring. When I worked with Solution Manager SP17 I used to go to transaction RZ21 to add the system I wanted to monitoring and then put the SID and RFCs of the system.
Now with Solution Manager Ehp1, when I create the system in transaction RZ21, first I have to set the Component Type to Be Monitored and then the SID, Message Server Logon Group, the client and user are set automatically, and the password I've set to user CSMREG.
when I fill all the entries, I can see the RFCs used for the monitoring of the system. Those RFCs are set automatically:
<SID>_RZ20_COLLECT
<SID>_RZ20_ANALYZE
I can't edit those RFCs, so I have to create it manually. I check that RFCs destination works fine and both pass the authorization test, so when I try to save the system at transaction RZ21, I see the following errors:
<SID>_RZ20_COLLECT_123539Error when opening an RFC connection
Error during remote call of SAL_MS_GET_LOCAL_MS_INFO function: Error when opening an RFC connection
Error during remote call of SALC function: Error when opening an RFC connection
Error during remote call of RFC1 function: Error when opening an RFC connection
I've been looking for information about those errors and how to monitoring with Solution Manager Ehp1, but I haven't found anything usefull.
Please, Could you help me?
Thanks and regards,
Tomas.Tomas,
I need to configure EWA from my Solman system and I completed the steps (defining and creation of RFC destinations to the target systems from my Solman system). I downloaded the lates ccmsagent file from the market place based my target system configurations.
Herewith attaching the logs while I'm trying to check the profile parameter.
tqaadm@saptqa01:/usr/sap/TQA/SYS/exe/run 5> sappfpar check pf=/usr/sap/TQA/SYS/profile/TQA_DVEBMGS30_saptqa01
================================================================================
== Checking profile: /usr/sap/TQA/SYS/profile/TQA_DVEBMGS30_saptqa01
================================================================================
***WARNING: Unexpected parameter: DIR_EPS =/usr/sap/trans/EPS/----
***WARNING: Unexpected parameter: SAPSECULIB =/usr/sap/TQA/SYS/exe/run/libsapsecu.o
***WARNING: Unexpected parameter: abap/buffersize_part1 =1200000
***WARNING: Unexpected parameter: auth/auth_number_in_userbuffer =5000
***WARNING: Unexpected parameter: dbs/io_buf_size =100000
***WARNING: Unexpected parameter: rsau/local/file =/usr/sap/TQA/DVEBMGS30/log/audit/audit_++++++++
***WARNING: Unexpected parameter: rsau/selector1/class =35
***WARNING: Unexpected parameter: rsau/selector1/severity =2
***WARNING: Unexpected parameter: rsdb/rclu/cachelimt =0
***ERROR: Size of shared memory pool 40 too small
================================================================
SOLUTIONS: (1) Locate shared memory segments outside of pool 40
with parameters like: ipc/shm_psize_<key> =0
SOLUTION: Increase size of shared memory pool 40
with parameter: ipc/shm_psize_40 =1472000000
Shared memory disposition overview
================================================================
Shared memory pools
Key: 10 Pool
Size configured.....: 642000000 ( 612.3 MB)
Size min. estimated.: 637597428 ( 608.1 MB)
Advised Size........: 640000000 ( 610.4 MB)
Key: 40 Pool for database buffers
Size configured.....: 1048000000 ( 999.4 MB)
Size min. estimated.: 1468229308 (1400.2 MB)
Advised Size........: 1472000000 (1403.8 MB)
Shared memories inside of pool 10
Key: 1 Size: 2500 ( 0.0 MB) System administration
Key: 4 Size: 523648 ( 0.5 MB) statistic area
Key: 7 Size: 14838 ( 0.0 MB) Update task administration
Key: 8 Size: 67108964 ( 64.0 MB) Paging buffer
Key: 9 Size: 134217828 ( 128.0 MB) Roll buffer
Key: 11 Size: 500000 ( 0.5 MB) Factory calender buffer
Key: 12 Size: 6000000 ( 5.7 MB) TemSe Char-Code convert Buf.
Key: 13 Size: 200500000 ( 191.2 MB) Alert Area
Key: 16 Size: 22400 ( 0.0 MB) Semaphore activity monitoring
Key: 17 Size: 2672386 ( 2.5 MB) Roll administration
Key: 30 Size: 37888 ( 0.0 MB) Taskhandler runtime admin.
Key: 31 Size: 4806000 ( 4.6 MB) Dispatcher request queue
Key: 33 Size: 39936000 ( 38.1 MB) Table buffer, part.buffering
Key: 34 Size: 20480000 ( 19.5 MB) Enqueue table
Key: 51 Size: 3200000 ( 3.1 MB) Extended memory admin.
Key: 52 Size: 40000 ( 0.0 MB) Message Server buffer
Key: 54 Size: 20488192 ( 19.5 MB) Export/Import buffer
Key: 55 Size: 8192 ( 0.0 MB) Spool local printer+joblist
Key: 57 Size: 1048576 ( 1.0 MB) Profilparameter in shared mem
Key: 58 Size: 4096 ( 0.0 MB) Enqueue ID for reset
Key: 62 Size: 85983232 ( 82.0 MB) Memory pipes
Shared memories inside of pool 40
Key: 2 Size: 31168040 ( 29.7 MB) Disp. administration tables
Key: 3 Size: 114048000 ( 108.8 MB) Disp. communication areas
Key: 6 Size: 1064960000 (1015.6 MB) ABAP program buffer
Key: 14 Size: 28600000 ( 27.3 MB) Presentation buffer
Key: 19 Size: 90000000 ( 85.8 MB) Table-buffer
Key: 42 Size: 13920992 ( 13.3 MB) DB TTAB buffer
Key: 43 Size: 43422392 ( 41.4 MB) DB FTAB buffer
Key: 44 Size: 8606392 ( 8.2 MB) DB IREC buffer
Key: 45 Size: 6558392 ( 6.3 MB) DB short nametab buffer
Key: 46 Size: 20480 ( 0.0 MB) DB sync table
Key: 47 Size: 13313024 ( 12.7 MB) DB CUA buffer
Key: 48 Size: 300000 ( 0.3 MB) Number range buffer
Key: 49 Size: 3309932 ( 3.2 MB) Spool admin (SpoolWP+DiaWP)
Shared memories outside of pools
Key: 18 Size: 1792100 ( 1.7 MB) Paging adminitration
Key: 41 Size: 25010000 ( 23.9 MB) DB statistics buffer
Key: 63 Size: 409600 ( 0.4 MB) ICMAN shared memory
Key: 64 Size: 4202496 ( 4.0 MB) Online Text Repository Buf.
Key: 65 Size: 4202496 ( 4.0 MB) Export/Import Shared Memory
Key: 1002 Size: 400000 ( 0.4 MB) Performance monitoring V01.0
Key: 58900130 Size: 4096 ( 0.0 MB) SCSA area
Nr of operating system shared memory segments: 9
Shared memory resource requirements estimated
================================================================
Nr of shared memory descriptors required for
Extended Memory Management (unnamed mapped file).: 64
Total Nr of shared segments required.....: 73
System-imposed number of shared memories.: 1000
Shared memory segment size required min..: 1472000000 (1403.8 MB)
System-imposed maximum segment size......: 35184372088832 (33554432.0 MB)
Swap space requirements estimated
================================================
Shared memory....................: 2050.4 MB
..in pool 10 608.1 MB, 99% used
..in pool 40 999.4 MB, 140% used !!
..not in pool: 34.4 MB
Processes........................: 716.8 MB
Extended Memory .................: 8192.0 MB
Total, minimum requirement.......: 10959.2 MB
Process local heaps, worst case..: 1907.3 MB
Total, worst case requirement....: 12866.5 MB
Errors detected..................: 1
Warnings detected................: 9
After checking the profile parameter I tried to run sapccm4x in /run directory but got the below error and I'm not able tomove further.
Pls have a look at these two and let me know what could I do to proceed further.
tqaadm@saptqa01:/usr/sap/TQA/SYS/exe/run 5> sapccm4x -R pf=/usr/sap/TQA/SYS/profile/TQA_DVEBMGS30_saptqa01
INFO: CCMS agent sapccm4x working directory is /usr/sap/TQA/DVEBMGS30/log/sapccm4x
INFO: CCMS agent sapccm4x config file is /usr/sap/TQA/DVEBMGS30/log/sapccm4x/csmconf
INFO: Central Monitoring System is [SMP]. (found in config file)
additional CENTRAL system y/[n] ? :
INFO: found ini file /usr/sap/TQA/DVEBMGS30/log/sapccm4x/sapccmsr.ini.
INFO:
CCMS version 20040229, 64 bit, multithreaded, Non-Unicode
compiled at Jun 28 2010
systemid 324 (IBM RS/6000 with AIX)
relno 6400
patch text patch collection 2010/1, OSS note 1304480
patchno 335
INFO Runtime:
running on saptqa01 AIX 3 5 00069A8FD600
running with profile /usr/sap/TQA/SYS/profile/TQA_DVEBMGS30_saptqa01
INFO profile parameters:
alert/MONI_SEGM_SIZE = 200000000
alert/TRACE = 1
SAPSYSTEM = 30
SAPSYSTEMNAME = TQA
SAPLOCALHOST = saptqa01
DIR_CCMS = /usr/sap/ccms
DIR_LOGGING = /usr/sap/TQA/DVEBMGS30/log
DIR_PERF = /usr/sap/tmp
INFO:
pid 4165682
INFO: Attached to Shared Memory Key 13 (size 200141728) in pool 10
INFO: Connected to Monitoring Segment [CCMS Monitoring Segment for application server saptqa01_TQA_30, created with version CCMS version 20040229, 64 bit single threaded, compiled at Oct 3 2008, kernel 6400_20020600_254, platform 324 (IBM RS/6000 with AIX)]
segment status ENABLED
segment started at Tue Sep 14 09:35:56 2010
segment version 20040229
ERROR: Shared Memory misconfiguration ==> can not monitor SAP application server saptqa01_TQA_30
Dispatcher Admin Shared Memory (Key 01) and CCMS Shared Memory (Key 13) both in pool 10.
Please change configuration with profile parameters
ipc/shm_psize_01 = -<different pool nr>
xor
ipc/shm_psize_13 = -<different pool nr>
EXITING with code 1 -
RFC error when sending logon data
Hi;
We cannot configure the STMS of our development system. When we try to
configure it, system gives an error message: Errors during distribution
of tp configuration; TMS Alert Viewers tells us
RFC_COMMUNICATION_FAILURE: RFC communications error with
system/destination TMSADM-FKT.DOMAIN_FKT RFC error when sending logon
data and READ_PROFILE_FAILED:File
erptest\sapmnt\trans\bin\TPPARAM
could not be opened for reading (No such file or directory).
Is there any advise for solution?
Best regards
Noyan
PS: Please find the profiles below:
START:
#.* Start profile START_DVEBMGS00_erptest *
#.* Version = 000006 *
#.* Generated by user = BASIS *
#.* Generated on = 30.12.2010 , 15:40:55 *
generated by R3SETUP
SAPSYSTEMNAME = FKT
INSTANCE_NAME = DVEBMGS00
SAPSYSTEM = 00
SAPGLOBALHOST = erptest
DIR_PROFILE = D:\usr\sap\FKT\SYS\profile
start database
#_DB = strdbs.cmd
#Start_Program_02 = immediate $(DIR_EXECUTABLE)\$(_DB) FKT
start message server
#_MS = msg_server.exe
Start_Program_03 = local $(DIR_EXECUTABLE)\$(_MS) pf=$(DIR_PROFILE)\FKT_DVEBMGS00_erptest
Start IGS
Start_Program_05 = local $(DIR_EXECUTABLE)$(DIR_SEP)igswd$(FT_EXE) -mode=profile pf=$(DIR_PROFILE)$(DIR_SEP)FKT_DVEBMGS00_erptest
start application server
#_DW = disp+work.exe
#Start_Program_04 = local $(DIR_EXECUTABLE)\$(_DW) pf=$(DIR_PROFILE)\FKT_DVEBMGS
General parameters for starting the system
#parameter created by: BASIS 24.12.2007 23:53:27
#SAPSYSTEM = 00
#parameter created by: BASIS 24.12.2007 23:53:27
#SAPSYSTEMNAME = FKT
#parameter created by: BASIS 24.12.2007 23:53:27
#INSTANCE_NAME = DVEBMGS00
#parameter created by: BASIS 24.12.2007 23:53:27
DIR_PROFILE = D:\usr\sap\FKT\SYS\profile
#parameter created by: BASIS 24.12.2007 23:53:27
#SAPGLOBALHOST = erptest
Start database
#parameter created by: BASIS 24.12.2007 23:53:27
_DB = strdbs.cmd
#parameter created by: BASIS 24.12.2007 23:53:27
Start_Program_01 = immediate $(DIR_EXECUTABLE)\$(_DB) $(SAPSYSTEMNAME)
Start message server
#parameter created by: BASIS 24.12.2007 23:53:27
MS = msgserver.exe
#parameter created by: BASIS 24.12.2007 23:53:27
Start_Program_02 = local $(DIR_EXECUTABLE)\$(_MS) pf=$(DIR_PROFILE)\FKT_DVEBMGS00_erptest
Start applications server
#parameter created by: BASIS 24.12.2007 23:53:27
_DW = disp+work.exe
#parameter created by: BASIS 24.12.2007 23:53:27
Start_Program_03 = local $(DIR_EXECUTABLE)\$(_DW) pf=$(DIR_PROFILE)\FKT_DVEBMGS00_erptest
DEFAULT:
SAPDBHOST = ERPTEST
dbms/type = mss
dbs/mss/server = ERPTEST
dbs/mss/dbname = FKT
dbs/mss/schema = fkt
SAPSYSTEMNAME = FKT
SAPGLOBALHOST = erptest
SAPFQDN = tr.delta.is
SAPLOCALHOSTFULL = $(SAPLOCALHOST).$(SAPFQDN)
SAPDBHOST = erptest
SAPTRANSHOST = erptest
DIR_TRANS =
$(SAPTRANSHOST)\sapmnt\trans
#DIR_TRANS = D:\usr\sap\trans
DIR_PROFILE = D:\usr\sap\FKT\SYS\profile
SAP Message Server for ABAP
rdisp/mshost = erptest
rdisp/sna_gateway = erptest
rdisp/sna_gw_service = sapgw00
rdisp/vbname = erptest_FKT_00
rdisp/enqname = erptest_FKT_00
rdisp/btcname = erptest_FKT_00
rdisp/msserv = sapmsFKT
rdisp/msserv_internal = 3900
rdisp/bufrefmode = sendoff,exeauto
login/system_client = 200
#GUVENLIK PARAMETRELERI
login/password_expiration_time = 90
login/min_password_lng = 6
#parameter created by: BASIS 25.03.2004 08:41:25
rdisp/gui_auto_logout = 10800
#parameter created by: BASIS 25.03.2004 08:37:47
#old_value: 3 changed: BASIS 25.03.2004 08:42:38
login/fails_to_user_lock = 6
#validasyon geregi, g#venligi artirma ama#i - check active but no check for SRF
#parameter created by: BASIS 16.06.2007 17:35:41
#old_value: 2
#changed: BASIS 14.05.2008 15:24:55
auth/rfc_authority_check = 1
#otomatik unlocki iptal eder
#parameter created by: BASIS 10.11.2006 17:47:15
login/failed_user_auto_unlock = 0
#AUDIT PARAMETRELER?
#old_value: changed: BASIS 20.04.2005 17:13:37
rsau/max_diskspace/per_day = 1996800000
#old_value: 1000000000 changed: BASIS 20.04.2005 17:17:01
#old_value: 0 changed: BASIS 20.04.2005 17:19:12
rsau/max_diskspace/local = 2048000000
#old_value: 2000000000 changed: BASIS 28.03.2005 23:17:11
#old_value: 2 changed: BASIS 29.03.2005 12:09:14
#old_value: 0 changed: BASIS 20.04.2005 17:13:37
rsau/max_diskspace/per_file = 665600000
rsau/enable = 1
rsau/local/file = D:\usr\sap\FKT\DVEBMGS00\log\++++++++######..AUD
rsau/selection_slots = 12
#rec/client = ALL
DIR_AUDIT = D:\usr\sap\FKT\DVEBMGS00\log
FN_AUDIT = ++++++++######..AUD
#DIL PARAMETRELERI
#Turkish codepage settings
abap/import_char_conversion = 0
install/codepage/db/non_transp = 1610
install/codepage/db/transp = 1610
zcsa/installed_languages = DET
#zcsa/system_language = E
zcsa/system_language = T
zcsa/second_language = E
install/codepage/appl_server = 1610
#OS dependent
abap/locale_ctype = Turkish_turkey.28599
#DIR_PUT = D:\usr\sap\FKQ\upg\abap
*** UPGRADE EXTENSIONS (RELEASE "701") ***
#rdisp/msserv_internal = 3900
#system/type = ABAP
INSTANCE:
SAPSYSTEMNAME = FKT
SAPGLOBALHOST = erptest
SAPSYSTEM = 00
INSTANCE_NAME = DVEBMGS00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_INSTANCE)\exe
icm/server_port_0 = PROT=HTTP,PORT=80$$
SAP Message Server parameters are set in the DEFAULT.PFL
ms/server_port_0 = PROT=HTTP,PORT=81$$
#rdisp/wp_no_dia = 10
#rdisp/wp_no_btc = 3
#rdisp/wp_no_enq = 1
#rdisp/wp_no_vb = 1
#rdisp/wp_no_vb2 = 1
#disp/wp_no_spo = 1
rdisp/wp_no_dia = 12
rdisp/wp_no_vb = 3
rdisp/wp_no_vb2 = 0
rdisp/wp_no_enq = 1
rdisp/wp_no_btc = 3
rdisp/wp_no_spo = 1
#PERFORMANS PARAMETRELERI
#parameter created by: SAP* 08.08.2001 10:30:18
abap/fieldexit = yes
#parameter created by: ALPER 13.10.2000 18:24:16
install/collate/active = 1
rdisp/max_wprun_time = 25000
MEMORY_NO_MORE_PAGING dump nedeniyle
#parameter created by: BASIS 27.12.2006 17:00:22
rdisp/PG_MAXFS = 262144
abap/heap_area_nondia = 2000000000
rdisp/PG_SHM = 16384
rdisp/ROLL_SHM = 32768
#'STORAGE_PARAMETERS_WRONG_SET' or 'TSV_TNEW_PAGE_ALLOC_FAILED'
#Note 552209 - Maximum memory utilization for processes on NT/Win2000
#parameter created by: BASIS 30.10.2007 10:57:24
#abap/heap_area_nondia = 50000
#parameter created by: BASIS 30.10.2007 10:58:54
#rdisp/PG_SHM = 0
#parameter created by: BASIS 30.10.2007 10:58:27
#rdisp/ROLL_SHM = 625
#EWA report 12.2007
#parameter created by: BASIS 03.01.2008 19:49:57
dbs/mss/stats_on = 1
#EWA report 12.2007
#parameter created by: BASIS 03.01.2008 19:49:33
dbs/oledb/stats_on = 1
#EWA report 12.2007
#parameter created by: BASIS 03.01.2008 19:48:23
dbs/oledb/add_procs = 8
#EWA report 12.2007
#parameter created by: BASIS 03.01.2008 19:47:29
rsdb/esm/max_objects = 2000
#EWA report 12.2007
#parameter created by: BASIS 03.01.2008 19:47:03
rsdb/otr/buffersize_kb = 4096
#EWA report 12.2007
#parameter created by: BASIS 03.01.2008 19:46:21
rsdb/esm/buffersize_kb = 4096
Eyl#l 2006 EWA raporu
#parameter created by: BASIS 24.11.2006 13:18:14
ztta/parameter_area = 16000
Eyl#l 2006 EWA raporu
#parameter created by: BASIS 24.11.2006 13:16:43
enque/table_size = 10000
Eyl#l 2006 EWA raporu
#parameter created by: BASIS 24.11.2006 13:16:20
gw/max_sys = 2000
#Eyl#l 2006 EWA raporu
#parameter created by: BASIS 24.11.2006 13:16:01
gw/max_overflow_size = 25000000
#Eyl#l 2006 EWA raporu
#parameter created by: BASIS 24.11.2006 13:15:19
rdisp/max_comm_entries = 2000
Eyl#l 2006 EWA raporu
#parameter created by: BASIS 24.11.2006 13:14:48
rdisp/tm_max_no = 2000
Eyl#l 2006 EWA raporu
#parameter created by: BASIS 24.11.2006 13:14:20
gw/max_conn = 2000
Eyl#l 2006 EWA raporu
#parameter created by: BASIS 24.11.2006 13:13:42
rdisp/max_arq = 2000
#Eyl#l 2006 EWA raporu
#parameter created by: BASIS 24.11.2006 13:12:57
ztta/roll_area = 3500000
#parameter created by: BASIS 18.05.2005 09:20:25
#old_value: 90 changed: BASIS 18.05.2005 09:22:25
rdisp/max_hold_time = 300
#parameter created by: BASIS 20.08.2003 12:10:20
#old_value: 6144
#changed: BASIS 03.01.2008 19:42:10
rsdb/obj/buffersize = 20000
#parameter created by: BASIS 20.08.2003 12:09:48
#old_value: 6000
#changed: BASIS 03.01.2008 19:42:59
rsdb/obj/max_objects = 20000
note 103747
#parameter created by: BASIS 08.07.2003 20:42:11
#old_value: 250000
#changed: BASIS 30.10.2007 10:56:17
#abap/buffersize = 100000
#changed: BASIS 03.01.2008 19:40:36
#abap/buffersize = 300000
#by: BASIS 12.06.2008
abap/buffersize = 400000
note 103747
#parameter created by: BASIS 08.07.2003 20:41:32
#zcsa/presentation_buffer_area = 20000000
#64 bite gectikten sonra by: BASIS 10.06.2008
zcsa/presentation_buffer_area = 30000768
note 103747
#parameter created by: BASIS 08.07.2003 20:40:55
rsdb/ntab/ftabsize = 30000
note 103747
#parameter created by: BASIS 08.07.2003 20:40:12
rtbb/max_tables = 500
note 103747
#parameter created by: BASIS 08.07.2003 20:39:15
#old_value: 20000
#changed: BASIS 03.01.2008 19:41:29
#rtbb/buffer_length = 30000
#64 bite gectikten sonra by: BASIS 10.06.2008
rtbb/buffer_length = 50000
note 103747
#parameter created by: BASIS 08.07.2003 20:38:26
zcsa/db_max_buftab = 10000
note 103747
#parameter created by: BASIS 08.07.2003 20:37:37
#zcsa/table_buffer_area = 50000000
#64 bite gectikten sonra by: BASIS 10.06.2008
#zcsa/table_buffer_area = 89000000
by: BASIS 12.06.08
zcsa/table_buffer_area = 99000000
note 103747
#parameter created by: BASIS 08.07.2003 20:36:54
sap/bufdir_entries = 10000
note 103747
#parameter created by: BASIS 08.07.2003 20:36:12
rsdb/cua/buffersize = 8000
#note 103747
#parameter created by: BASIS 08.07.2003 20:34:46
#old_value: 5000 changed: BASIS 08.07.2003 20:35:39
rsdb/ntab/sntabsize = 5500
#parameter created by: BASIS 08.07.2003 20:33:56
#note 103747
#old_value: 10607 changed: BASIS 08.07.2003 20:34:58
#old_value: 10000 changed: BASIS 08.07.2003 20:35:39
rsdb/ntab/irbdsize = 11000
#note 103747
#parameter created by: BASIS 08.07.2003 20:32:18
rsdb/ntab/entrycount = 40000
#old_value: 2076 changed: BASIS 28.06.2005 19:36:21
#old_value: 5735 changed: BASIS 28.06.2005 19:40:01
PHYS_MEMSIZE = 4096
#64 bite gectikten sonra by: BASIS 10.06.2008
abap/heaplimit = 40894464
abap/heap_area_total = 2000683008
ztta/roll_extension = 2000683008
em/blocksize_KB = 4096
*** UPGRADE EXTENSIONS (RELEASE "701") ***
#rdisp/elem_per_queue = 2000
#auth/auth_number_in_userbuffer = 9000
#snc/enable = 0Hi Srikishan;
You are right. The problem was releated with secstore. I found a SAP note ( Note 1532825 - Deleting SECSTORE entries during system export/system copy). I created the program which ise mentioned in the note and than run it. After that everything seems ok now.
Thanks for your help and interest
Best regards
Noyan -
A user has the authorizations in his UMR, but error still appearing
Hi all,
I have an issue with several issue in a company i am working for. The issue is the following:
When a user wants to do something SAP gives an authorization error for an authorization that the user has in his UMR. When i remove any other role, the user can execute the transaction.
I have seen the RZ10 looking for auth/auth_number_in_userbuffer but it does not exist!!!! what can i do????????
Thanks In advance!!!Hi,
Firstly, auth/auth_number_in_userbuffer is obsolete. Check for parameter auth/new_buffering. The value should be set to 4. Also, ensure that the PFCG_TIME_DEPENDENCY job is scheduled and running every day.
Refer to SAP note 209899 for more information on the new parameter.
Regards,
Raghu -
Dialogue workprocesses going in PRIV mode
Dear all,
More than 95% of dialogue work processes are going in PRIV mode
The extended memory in ST02 is 100% full
Nobody is able to do nothing
Below pasted are the values from the instance profile
ztta/roll_extension 4000000000
rdisp/wppriv_max_no 1
zcsa/db_max_buftab 10000
sap/bufdir_entries 6000
rsdb/obj/large_object_size 16384
rsdb/obj/max_objects 4000
rsdb/obj/buffersize 8192
rsdb/ntab/irbdsize 9000
rsdb/ntab/ftabsize 45000
rsdb/ntab/entrycount 30000
rsdb/cua/buffersize 6000
abap/buffersize 600000
zcsa/presentation_buffer_area 6600000
zcsa/table_buffer_area 30000000
ztta/parameter_area 8000
auth/auth_number_in_userbuffer 9000
Any suggestions?Dear all,
Problem was with the following two parameters: --
em/initial_size_MB = 512
em/max_size_MB = 512
De-activating these 2 parameters in instance profile, solved the problem
Thank you all
Would like to add some more here just in case if anyone wants some more details: --
If a Dialog work process has used its quota of Extended Memory (EM) defined by parameter ztta/roll_extension OR all EM has been used up by all the other work processes (em/initial_size_MB), then the task starts to allocate HEAP up to quota (per work process) of abap/heap_area_dia.(this is PRIV mode).
To investigate, check out the dev_w* trace file, to check which program cause work process go into PRIV
Also, follow what Markus has suggested
You can try to set rdisp/wppriv_max_no to prevent this kind problem.
Exmaple: If you set it as 5, will limit only 5 work processes go to PRIVmode.
Please also update your kernel patch to latest version, if you haven't done so.
See also note: 79435 Automatic resetting from PRIV mode
Rgds -
How many single role we can attach to single user?
Dear Friends,
How many single role we can attach to single user?
SachinHi Sachin,
The below parameter can be checked for this topic. Infact the limit is about 9000 for this parameter and typically i have seen ID's in 4.7 environment with around 150 roles or more...
<b>Auth/auth_number_in_userbuffer</b>
When a user logs onto SAP, the authorizations contained in the users profiles are copied to a user buffer in memory. The maximum number of authorizations copied is set by this parameter. The size of the buffer must always exceed the maximum number of authorizations as authorization checks are made only against those in the buffer.
Refer to OSS notes 84209 and 75908 for more detailed information regarding changes to the size of the user buffer.
Transaction SU56 shows the contents of the users user buffer and a total for all the authorizations in a user master record.
Hope this info helps
Br,
Sri
Award points for helpful answers -
I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL> -
Help need in creation of auth object
Hi all,
can anyone assist me in creating an auth object to restrict users based on plant.
I would appreciate i anyone of you could send me screen shots of the procedure.
My email id is
<b><removed by moderator></b>
Thanks
VenkiHi,
Basically you can use derived role and restric users based on plant...
Other than standard objects do you want to create auth objects.
For more information on you can follow link. info on objects
http://help.sap.com/saphelp_47x200/helpdata/en/ea/e9b0054c7211d189520000e829fbbd/frameset.htm
Cheers
Soma -
Auth.log - Rejected send message, 2 matched rules; type="method_call"
Hi,
i'm checking the /var/log/auth.log and I found out that there is this error message
Jun 9 20:19:56 localhost polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session2 (system bus name :1.23 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Jun 9 20:19:57 localhost dbus[513]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.23" (uid=1000 pid=861 comm="/usr/bin/gnome-shell ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=654 comm="/usr/sbin/console-kit-daemon --no-daemon ")
Jun 9 20:19:57 localhost dbus[513]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.23" (uid=1000 pid=861 comm="/usr/bin/gnome-shell ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=654 comm="/usr/sbin/console-kit-daemon --no-daemon ")
Jun 9 20:19:57 localhost dbus[513]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.23" (uid=1000 pid=861 comm="/usr/bin/gnome-shell ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=654 comm="/usr/sbin/console-kit-daemon --no-daemon ")
if think the problem is in /etc/dbus-1/system.conf
<deny send_type="method_call"/>
I'm tempted to change this to allow, but I won't as long as I don't understand why this deny-rule is implemented.
Last edited by miky76 (2012-06-09 20:41:06)That deny rule is the default. Things in /etc/dbus-1/system.d override it. There's a ConsoleKit.conf file in there that describes what interaction ConsoleKit actually allows.
That said, ConsoleKit.conf also denies this access:
<deny send_destination="org.freedesktop.ConsoleKit"
send_interface="org.freedesktop.DBus.Properties" />
I don't know why this is denied - most likely it's to prevent private data from being stolen from console-kit-daemon in this way. I don't see any such private data stored in properties on ConsoleKit, though:
$ dbus-send --print-reply --system --dest=org.freedesktop.ConsoleKit /org/freedesktop/ConsoleKit/Session1 org.freedesktop.DBus.Introspectable.Introspect
method return sender=:1.5 -> dest=:1.14 reply_serial=2
string "<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node>
<interface name="org.freedesktop.DBus.Introspectable">
<method name="Introspect">
<arg name="data" direction="out" type="s"/>
</method>
</interface>
<interface name="org.freedesktop.DBus.Properties">
<method name="Get">
<arg name="interface" direction="in" type="s"/>
<arg name="propname" direction="in" type="s"/>
<arg name="value" direction="out" type="v"/>
</method>
<method name="Set">
<arg name="interface" direction="in" type="s"/>
<arg name="propname" direction="in" type="s"/>
<arg name="value" direction="in" type="v"/>
</method>
<method name="GetAll">
<arg name="interface" direction="in" type="s"/>
<arg name="props" direction="out" type="a{sv}"/>
</method>
</interface>
<interface name="org.freedesktop.ConsoleKit.Session">
<method name="SetIdleHint">
<arg name="idle_hint" type="b" direction="in"/>
</method>
<method name="GetIdleSinceHint">
<arg name="iso8601_datetime" type="s" direction="out"/>
</method>
<method name="GetIdleHint">
<arg name="idle_hint" type="b" direction="out"/>
</method>
<method name="Unlock">
</method>
<method name="Lock">
</method>
<method name="Activate">
</method>
<method name="GetCreationTime">
<arg name="iso8601_datetime" type="s" direction="out"/>
</method>
<method name="IsLocal">
<arg name="local" type="b" direction="out"/>
</method>
<method name="IsActive">
<arg name="active" type="b" direction="out"/>
</method>
<method name="GetLoginSessionId">
<arg name="login_session_id" type="s" direction="out"/>
</method>
<method name="GetRemoteHostName">
<arg name="remote_host_name" type="s" direction="out"/>
</method>
<method name="GetDisplayDevice">
<arg name="display_device" type="s" direction="out"/>
</method>
<method name="GetX11DisplayDevice">
<arg name="x11_display_device" type="s" direction="out"/>
</method>
<method name="GetX11Display">
<arg name="display" type="s" direction="out"/>
</method>
<method name="GetUnixUser">
<arg name="uid" type="u" direction="out"/>
</method>
<method name="GetUser">
<arg name="uid" type="u" direction="out"/>
</method>
<method name="GetSessionType">
<arg name="type" type="s" direction="out"/>
</method>
<method name="GetSeatId">
<arg name="sid" type="o" direction="out"/>
</method>
<method name="GetId">
<arg name="ssid" type="o" direction="out"/>
</method>
<signal name="Unlock">
</signal>
<signal name="Lock">
</signal>
<signal name="IdleHintChanged">
<arg type="b"/>
</signal>
<signal name="ActiveChanged">
<arg type="b"/>
</signal>
<property name="idle-hint" type="b" access="readwrite"/>
<property name="is-local" type="b" access="readwrite"/>
<property name="active" type="b" access="readwrite"/>
<property name="x11-display-device" type="s" access="readwrite"/>
<property name="x11-display" type="s" access="readwrite"/>
<property name="display-device" type="s" access="readwrite"/>
<property name="remote-host-name" type="s" access="readwrite"/>
<property name="session-type" type="s" access="readwrite"/>
<property name="user" type="u" access="readwrite"/>
<property name="unix-user" type="u" access="readwrite"/>
</interface>
</node>
Note those properties at the end of that list, which are the same things you can learn by running ck-list-session.
If you want to change the deny to allow, you may as well do it in the ConsoleKit.conf line, so it's specific to this usage, rather than allowing any method call in the world called through dbus.
FWIW, I can reproduce this same error, trying to do it "by hand", though I don't use GNOME, as you do:
$ dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.ConsoleKit /org/freedesktop/ConsoleKit/Session1 org.freedesktop.DBus.Properties.GetAll string:org.freedesktop.ConsoleKit.Session
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.17" (uid=1000 pid=13892 comm="dbus-send --print-reply --system --type=method_cal") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination="org.freedesktop.ConsoleKit" (uid=0 pid=751 comm="/usr/sbin/console-kit-daemon --no-daemon ") -
Implement Hierarchy's On InfoObject that is Not Auth Relevant.
Hello Friends,
Please Advice me in this issue.
I am Upgrading from 3.1 to 7.0.I am able to implement hierarchies when the Infoobject is auth relevant.
There are hierarchies in 3.1 on Infoobjects which are Not Auth Relevant.
Like 0PLANT ..I don't know how to implement using this.
Is there any way to implement hierarchies on InfoObjects which are not auth relevant in BI 7.0 using Analysis authorizations.
Or Do i need to make thes non auth relevant InfoObjects of 3.1 to auth relevant in 7.0 and implement hierarchies.
Please advice.
Thanks,
RamHi Keerti,
Can you please tell me how to implement hierarchy with out making 0PLANT auth relevant.
We are upgrading from 3.1 to 7.0.
0PLANT is not auth relevant in 3.1 but it has Hierarchies.
So business team wants to have the same in 7.0 with out making it auth relevant.
Please help me in doing this.
Thanks
Ram -
How do I use Kerberos Auth in Java 6?
Hi,
I have a problem with the Kerberos authentication. I have a simple class that tries to connect to an LDAP server using Kerberos. It works great when I use java 5, but with java 6 it fails.
Here is part of the code:
System.setProperty("java.security.auth.login.config", "/etc/login.conf");
System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
System.out.println("Trying to login using kerberos...");
KerberosCallbackHandler kerberosCallbak = new KerberosCallbackHandler();
LoginContext loginContext = new LoginContext(loginContextName, kerberosCallbak);
loginContext.login();
System.out.println("Login succeeded");
//Login succeeds on both java 5 and java 6
Subject.doAs(loginContext.getSubject(), new JndiAction());
System.out.println("Connected through Kerberos successfully");The failure happens in the JndiAction:
public class JndiAction implements PrivilegedExceptionAction<Integer>
public Integer run() throws Exception
String username = user + "@" + domain;
System.out.println("User to connect to Kerberos is " + username);
System.out.println("Provider URL is: " + url);
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put("java.naming.ldap.derefAliases", "finding");
env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
System.out.println("Trying to create context...");
new InitialLdapContext(env, null);
return 0;
}An exception occures when calling new InitialLdapContext:
Exception in thread "main" java.security.PrivilegedActionException: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at KerberosAuth.connectKerberos(KerberosAuth.java:71)
at KerberosAuth.main(KerberosAuth.java:29)
Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at KerberosAuth$JndiAction.run(KerberosAuth.java:155)
at KerberosAuth$JndiAction.run(KerberosAuth.java:1)
... 4 more
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
... 18 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
... 19 more
Caused by: KrbException: Server not found in Kerberos database (7)
at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
... 22 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.TGSRep.init(Unknown Source)
at sun.security.krb5.internal.TGSRep.<init>(Unknown Source)
... 27 moreI want to emphasize that the login function did succeed, and that I try to connect to the same server with the same username and password and same configuration. With java 5 it works, with java 6 it does not.
Does anybody know what I should do to solve this problem?
TIA,
DiklaNote: This thread was originally posted in the [Java Secure Socket Extension (JSSE)|http://forums.sun.com/forum.jspa?forumID=2] forum, but moved to this forum for closer topic alignment.
-
How do I use my own Custom Auth/Authentication/Entitlement (Token)?
[ Background ]
Adobe Access DRM provides for 3 authentication mechanisms:
Anonymous - Licenses are issued irregardless on if there is/isn't a valid authentication token attached to the license request.
UsernamePassword - Licenses are ONLY issued if the license request has a valid Adobe-Access-Server-Issued authentication token.
Custom - Licenses are ONLY issued if there is a valid cusom authentication token attached to the license request.
Typically, customers already have some authentication scheme in place and choose to re-use that system, instead of leveraging Adobe Access' built-in usernamePassword support. For this to succeed, accomodations must be made during packaging time, on the client device, and at the Adobe Access license server endpoint.
[ More Background ]
Here's a forum thread that prompted this thread: http://forums.adobe.com/message/5085330#5085330
[ Recipe ]
1. Adobe Access DRM Policy is created that specifies a "custom" authentication token. As of Adobe Access 4.0, the tools that ship with the Java SDK cannot create a DRM policy with "custom" authentication out the box; a small Java application will have to be written to do this, which is covered in the thread posted above.
2. Content is packaged using this custom_auth policy.
3. Client device performs authentication via whatever channel already exists for you to perform authentication (e.g. SAML tokens, etc...)
4. Client device sets the authentication token: DRMManager.setAuthenticationToken()
5. Client device attempts to acquire a license for the content created in step #2: DRMManager.loadVoucher();
5a) Because step #4 set the authentication, all license requests going forward will automatically have this custom auth token appended to it
6. License server receives request & extracts custom auth token to parse & perform additional entitlement checks
7. Licnese server generates a license to return to client device.
[ Server Code Snippet (RefImplLicenseReqHandler.java) ]
try {
ServletInputStream in = request.getInputStream();
ServletOutputStream out = response.getOutputStream();
HandlerConfiguration context = super.getHandlerContext();
ServerCredential licenseServerCred = getLicenseParams().getLicenseServerCred();
licenseHandler = new LicenseHandler(context, in, out, licenseServerCred);
licenseHandler.parseRequest();
List<? extends LicenseRequestMessage> requests = licenseHandler.getRequests();
// Multiple request in one message is not supported in FAXS 2.0 or 3.0 client.
for (LicenseRequestMessage licenseReq : requests) {
try {
// TODO: If custom authentication is specified in the DRM policy, here is where
// you can retrieve the custom authentication token and perform custom parsing to
// determine further business rules and entitlement before issuing a license.
// The "Custom Authentication" will look like:
// 1. Client device obtains auth token using some other channel
// 2. Client device sets auth token by calling DRMManager.setAuthenticationToken()
// 3. Client makes a license request by calling DRMManager.loadVoucher()
// 4. Adobe Access Server receives request and:
// 4a) Determines Custom Auth is required by DRM Policy: licenseReq.getContentInfo().getContentMetadata().getPolicies()[0].getLicenseServerInfo(). getAuthenticationType();
// 4b) Retrieves Custom Auth token for custom parsing/handling: licenseReq.getRawAuthenticationToken()
// 5. If there are no errors when parsing the custom token, Adobe Access Server generates a license.
V2ContentMetaData metadata = licenseReq.getContentInfo().getContentMetadata();
ApplicationProperties applicationProperties = null;
String usageModelString = null;
if (metadata != null) {
applicationProperties = metadata.getCustomProperties();
if (applicationProperties != null) {
usageModelString = applicationProperties.getSingleValueAsUTF8String(DEMOMODE);
cheers,
/Eric.Google Search: '''firefox create a persona'''
* '''Personas for Firefox''' | How to Create Personas<br>https://www.getpersonas.com/en-US/demo_create
* '''Personas for Firefox''' | Frequent Questions<br>http://www.getpersonas.com/en-US/faq
* '''Personas for Firefox''' | Getting Started<br>http://www.getpersonas.com/en-US/getting_started
'''I think you'd have a lot more fun with Styles though''', personas tend to hide things on toolbars, styles can be more helpful (or just as bad)
* '''Stylish''' :: Add-ons for Firefox<br>https://addons.mozilla.org/en-US/firefox/addon/stylish/
* '''Restyle the web with Stylish!''' - userstyles.org<br>http://userstyles.org/
* '''Scrollbar Context Menu''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/54
* '''Scrollbar Menu''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/52
* '''Link Warning''' - Themes and Skins for Mozilla - userstyles.org<br>http://userstyles.org/styles/1301
* '''Tabs, Enlarge list-all-tabs button''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/18553
* '''Tabs Bar Minimal Size''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/9043
* '''Tab Color Underscoring active/read/unread (Fx3.6)''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/24728 -
ITunes auth problem on Windows 7 64-bit
Hi,
I experience weird issues with the iTunes auth-process on a Windows 7 (64bit) machine.
When I try to authorize my computer it results in a message telling me something about connection issues. Anyhow, it seems the computer is kind of activated since I can deauth my computer. If I try auth'in my computer several times, it also allows to deauth it several times until it says that it is not auth'd anymore.
My tries so far to solve this
- updated to latest iTunes
- deactivated, even uninstalled firewall (used NIS2011), also disabled the Windows Firewall after that
- checked hosts file
- deleted SC Info
- even tried with creating new library
- disabled User Access Control in Windows
- disabled all startup items in "msconfig"
- tried to activate with same account a different computer in the same network, I was able to play movies using the private home sharing feature, also activation was no problem
- re-installed Apple Software (including iTunes, Quicktime and Safari)
- checked Diagnostic within iTunes with no problems
So my guess is that it could have something to do with 64 bit or any hard- or software related issue at my computers side.
Detailed procedure:
1 - Start iTunes, click Store > Authorize > Enter credentials
and now the weird thing is that the "authorize" button says "deauthorize", no matter how often I try to deauthorize before.
2 - Repeated step 1 since it says always the same error message (connectivity alert)
3 - Playback of any DRM protected media does not work (movies). It asks for authorization again but fails to do so with the same message again
4 - Deauthorizing is possible and I noticed that I can do this as many times as I tried to authorize before.
Does anyone have a suitable idea for helping me out in this issue? I never had problems on my mac before, nor on a Windows 7 32bit system.
My 64 bit machine is only used with one iTunes account.
I already contacted the iTunes Support via Mail but they could not help me since this could be a technical issue.
Any help is much appreciated.
Thanks in advance,
BenjaminAfter numerous calls with Apple support, I finally got it working
For me, the problem was the following:
1. Make sure that Internet Explorer is your standard browser for windows (if not...make it)!
2. In Internet Explorer go to "Internet Options" then "Advanced"
3. In the list scroll down to "Security" and UNCHECK "Check for server certificate revocation"
4. Make sure that (a bit further down) "Use SSL 3.0" and "Use TLS 1.0" are CHECKED.
5. Delete the "SC Info" folder once again...
6. Run iTunes in Admin-Mode
After that, I was able to activate my computer and I changed my browser back to Firefox afterwards...
Hope that will help you too !!
Cheers
Maybe you are looking for
-
I don't have an "Adobe ebooks" icon on my Pandigital Novel
I would like to download books from the library onto my Pandigital Novel. I have no problems buying books from Barnes and Noble and downloading them but I can't do it for library books. Here's what I know so far: 1. I have to download the book in
-
Records lost and not transferable/playable
Now I am quite angry Have just come back from 2 days with interviews and found that none of the recordings were possible to transfer either by using Itunes or by using iPod as a harddisk. In the iPod in the memolist, all memos were there and every me
-
Photoshop CC not displaying 30bit color
PS CC does not seem to display 30bit color as per the Ramp.psd file from AMD. PS CS6 displays 30bit color just fine. I've seen other posts and problems with AMD FirePro cards but I have an Nvidia Quadro K2000 and I an having the same problem. Has the
-
Migrating table from Sybase 12 to Oracle 10g
Hi , We have a situation where we have to migrate multiple Sybase databases to Oracle10g . These multiple database have same set of tables but different data in these tables on each sybase database ( data differ, based on location or region wise but
-
Can itune 9.2 and iOS4 shared by iphone 4g and 3GS
I upgraded to iphone 4g, but I still like to keep my old 3gs as a back up, but in order to get iOS4 in 3gs working properly, I had to do "set up a new iphone" instead of "restore" which I did and the 3gs is good now, but just without any of my iphone