Authentication errors in Magic Triangle set up

Hi All,
I have recently integrated a SL server into AD to provide MCXs to Mac workstations as well as network homes, time machine server etc.
Everything is working fine and there aren't any major problems - clients can log into AFP homes and the majority of MCXs are working well.  One thing I have noticed though is that exactly every 2 hours I get an error in Windows event viewer complaining of a Kerberos authentication error (Event ID 4768).  The account name specified in the event log is the computer record for the OD master.
I did a bit of digging through the logs and can see the successful logging in of the Mac server computer account to the Password server.  In the password server service log, I get this:
RSAVALIDATE: success.
Apr  8 2012 14:10:12    USER: {0x4f7e1ea56b8b4567000000040000000, server.domain.com$} is the current user.
Apr  8 2012 14:10:12    AUTH2: {0x4f7e1ea56b8b4567000000040000000, server.domain.com$} CRAM-MD5 authentication succeeded.
The computer account 'server.domain.com$' is listed when you go into WGM and go to 'show system records' and is the computer account for the mac server that is the OD master.
I believe that the server is trying to authenticate to the Windows DC, receiving an error (and generating the 4768 error code) and then successfully authenticating to OD. 
I have changed the search policy on the server to authenticate against OD first and then AD, but I am still getting this error.  I don't know whether Directory Utility is buggy and incorrectly shows LDAP before AD as I cannot find the dscl command to list search policies anywhere, only to add, delete and amend search policies.
Questions:
1) Why is the server authenticating to itself every 2 hours?
2) Does anyone know how to list the search policy order in dscl, so I can verify that the server is actually authing against OD first?
3) If the search policy is OK, and I suspect it is, why is the server trying to auth against AD?
4) Has anyone else seen this error and, if so, how did you resolve?
Coincidently, I also get this error when I log into WGM using the directory admin username/password.
TIA

Hi James,
Received wisdom for Magic Triangle is to bind the Mac server to AD and ensure that Kerberos is disabled on the Mac server. It sounds like you may not have done it that way?
This reference may help:
http://www.afp548.com/netboot/mactips/activedir.html
Just a guess - but perhaps the re-authentication every 2 hours is due to Kerberos ticket expiration?
Best

Similar Messages

  • Mobile Home problem with Magic Triangle

    So I have been setting up a magic triangle for the past few days with an OSX Lion server.  I believe it is working properly.  The server is running OD and is bound to my AD.  I have made an OD group which contains my AD users, and I have set that OD group to have limited application preferences (one of them is to block the App store).  All my users have MacBook Airs which they will take off-site, so I enabled mobile home folders in the AD bind and in the OD group mobility settings (with confirmation required).
    When I tested it today, with Airs running 10.7.4, here is what happened.
    When the system was on the network, it would log a user in, ask to create the mobile account, and successfully create it.  Once logged in they were limited to the application preferences that I set on the server.  I considered this a complete success.
    When I disconnected them from the network, I had expected that they would still be able to log in and the system would fuction the same way with the exception that they would not sync their changes until they were back on-site.
    Instead...
    When the same user trys to log in it says the AD server is unavailable and then logs them in anyway.  However, once they are at the desktop, none of the permissions are in place.  They can go to the app store, or do anything else they feel like.  Once they are back on the network, all the server based preferences reappear and lock the system down.
    So my questions are:
    1. Should a mobile account based system compain that it cant find the AD domain when offsite?
    2.  Why is it not checking some cached verison of the permissions and locking down the notebook when offsite?  I can tell that it is caching the user name and password (as loging in as a user the air has never seen before will simply give a login error), as it will let them in, but it is not holding any preferences. 
    3.  How can I prevent users from simply disconnecitng from the network to bypass all my server based policies?
    Hope someone can help

    Hi,
    I'm having a similar problem with exactly the same setup, our clients are 10.7.4 wired not wireless the OD server is 10.7.4 and the clients are authenticating via an AD 2008 R2 domain.
    We've had this scenario in the past running 10.5 and 10.6 without any problems but with 10.7.4 the clients' MCX settings are lost when they're not connected to our network. It seems to only lose the settings applied to user groups but not computer groups.
    At this moment in time I don't have an aswer I'm still looking, have you found a solution?
    I know configuration profiles are the way forward and in the future I'll move over to them but they don't seem to work that well with PHD's at the moment.
    If anyone has any thought on this it would be much appreciated.
    Thanks,
    Jay.

  • Question re magic triangle/kerberos

    Hi
    Bit of a newbie question - we have a Windows 2003 domain in school to which we are planning to add a Mac SL server, using OD / AD "magic triangle"
    I've followed the instructions here -
    http://www.copiouscom.com/2010/08/magic-triangle-setup-with-windows-file-server- backed-portable-home-directories/
    - to set this up and all seems to be OK bar Kerberos authentication.
    If I log on to the server as admin, and in terminal enter id <AD username> I get the correct info returned, but if I then enter su <AD username> I get "authentication error" (tried different usernames, and passwords are known to be correct)
    Can anyone help ?
    Thanks

    Hi
    +"Our AD does not provide Kerberos services"+
    Are you sure? AFAIK it's practically impossible to disable SSO on the Domain Controller while it's in a DC Role. Kerberos starts by default and is always running when issuing DCPROMO. If it's a Standalone Server then it won't be running anyway. In which case it wont be an Active Directory environment. Not in the sense I understand it to be?
    +"Do I need to have kerberos enabled somewhere for the Magic Triangle?"+
    Assuming you mean 'Classic AD-OD Integration' and assuming you want users to participate in a Single Sign On environment - Yes.
    +"If so, can I provide it on the ODM instead of the AD?"+
    Yes but only for users that exist on OD. But then you would not have a Magic Triangle in the sense I understand it to be. If all your users are in AD they can be authenticated using other authentication mechanisms available on OSX Server for Services those users are authorised to use. You don't strictly need OD for that to happen. You can create an OD Master providing SSO for AD users if you export those users from AD into OD assuming parallel environments?
    There are so many variables here it's difficult to know what to advise? If your DC does not provide SSO (hard to see how) what is it doing exactly?
    HTH?
    Tony

  • Can't figure out how to make my OSX Server / AD (magic triangle) work- Please help

    Hi there,
    I have set up a machine with Mac OS X 10.9.1 and Server.app 3.0.2. I think installation and configuration was made ok (I do have experience with Macs and I am part-time admin for the Active Directory in my organisation). I set up a magic triangle by binding my Mac server to an Active Directory domain. Now, I am not a specialist for this so I bought and used "OS X Mountain Lion Server For Dummies" by John Rizzo, which helped me. I did set up everything, even including AD users to OD groups on the Mac server.
    Now, I'm biding a Mac client to my OD server, and trying to log in. Can't do that. Any username I type that is not a local client name does not work. I have tried to use 'username' as a login and also 'DOMAINNAME\username', none of which work. I also tried to create a local network user on my OD server, and even with that username I can't log in on the client.
    I did check System preferences / Users and groups :
    - There is a green light next to my OD server name
    - I checked the "allow network users to log in" and checked that "All users" are ok for login.
    Two things that don't seem normal but I can't understand :
    - Kerberos seems off on the server (klist in terminal returns nothing and Ticket Viewer.app shows no ticket)
    - If I try to specify network users that CAN log in (i.e. not "everyone") I see users in the editor window but can't add them to the list
    I'm kinda lost here. Anyone wishing to help?

    No reason to be angry as it's in his book on page 112. You possibly did not understand its significance until you'd done it yourself?
    In an AD-OD integrated environment (I prefer this to 'Magic Triangle' as there is no triangle as such) there are no users in OD. They're all in AD. You nest AD Users or Groups (best to use groups) into an OD Group and apply managed preferences that way. You could bypass group nesting if you wish and simply create OD Computer Groups instead. Manage the workstations directly. All users admin or not, local or otherwise would have have those preferences applied.
    "Are preferences correctly inherited between AD and OD groups and users?"
    In my experience they are.
    "What if I want users in some AD Groups to be controlled users on the client and users in other AD groups to be admins on the client?"
    You can do the first part of the question using the provided Server Tools, PM or WGM. To make users local admins you use a terminal command. You don't want to be doing this for student accounts. To make AD groups administrators access Directory Utility's Advanced Options section in the AD plug-in. Clicking on the Administrative tab should give you the option you may be looking for? Alternatively you could use the command line (man dsconfigad) as there are more settings available using it than there are in the GUI.

  • Authentication Error while  Configue SOA in JDev 11g TP4

    Hi everyone.
    I'm trying to configure SOA suite 11g in my local system. I have done the schema creation and already created a App server connection in JDev->Tools-> Java EE Runtime Preferences.
    When I start the configue SOA, it failes to start or stop the oc4j instance as below phase:
    [echo] Changing oc4j ports with following values:
    HTTP Port : 8988 -> 8888
    RMI Port : 23891 -> 12401
    RMI SSL Port: 24043 -> 24043
    JMS Port : 9227 -> 12601
    [echo] Create jms queues/topics from new oc4j jms template
    [echo] Changing jms.xml to use port : 12601
    [echo]
    * Configuring SOA Infrastructure. This will take 5-10 minutes. *
    * Summary of SOA configuration parameters: *
    ** Oracle Home = F:\jdeveloper11g\
    ** Oracle Instance = F:\jdevinstance\system11.1.1.0.22.49.49
    ** SOA Database = localhost:1521:XE
    ** SOA Database User = jdev_soainfra
    ** HTTP Port = 8888
    ** RMI Port = 12401
    ** JMS Port = 12601
    ** Component Type = o.j2ee
    ** Component Name = embedded-oc4j
    ** Configure OWSM = false
    ** Configure SOA Console = true
    ** Configure B2B UI = false
    ** Configure XEngine = false
    [echo] ==Stopping oc4j standalone...
    [exec] Result: 1
    [echo] ==Waiting max 240 second(s) for shutdown of URL http://ESFANDIYAR:8888...
    BUILD FAILED
    F:\jdeveloper11g\install\bpel\build.xml:10: The following error occurred while executing this line:
    F:\jdeveloper11g\install\bpel\soa-infra-config.xml:48: The following error occurred while executing this line:
    F:\jdeveloper11g\install\bpel\soa-infra-config.xml:89: ***************************************************
    * Configuring SOA Infrastructure has FAILED.
    * If following log files exists, please check them for possible cause:
    * F:\jdevinstance\system11.1.1.0.22.49.49\o.j2ee\embedded-oc4j\install\tmp\soa-infra-java.log
    * F:\jdevinstance\system11.1.1.0.22.49.49\o.j2ee\embedded-oc4j\log\startsoa.log
    Total time: 4 minutes 23 seconds
    I checked the log file and it says it is encountered an authentication error. I'm wondering which user name and password it is referring and where shall I set the correct values. During the app server connection, I have entered the proper value for oc4jadmin/password.
    Aug 30, 2008 11:37:00 PM oracle.j2ee.util.AnnotatedLogger logWithThrowable
    WARNING: J2EE JNDI-00005
    Authentication failed when trying to connect to the server. You need to provide a valid username and password.
    Caused by:class javax.naming.AuthenticationException: Not authorized
    oracle.oc4j.admin.deploy.cmdline.AdminCommandException:
    Failed to connect to the server with deployment URI (deployer:oc4j:ESFANDIYAR:12401). Please refer to the exception trace from server above to identify the cause.
         at oracle.oc4j.admin.deploy.cmdline.AdminCommandBase.execute(AdminCommandBase.java:54)
         at oracle.oc4j.admin.deploy.cmdline.Oc4jAdminCmdline.executeCommand(Oc4jAdminCmdline.java:107)
         at oracle.oc4j.admin.deploy.cmdline.Oc4jAdminCmdline.main(Oc4jAdminCmdline.java:71)
    Thanks for any help.
    Esfand

    Hi Heidi,
    I tried once again to install a fresh instance of Oracle soa suite 10.1.3.0 and upgraded it to 10.1.3.4 successfully. I did all the JDeveloper 11g installation and configure SOA process all successfully. I can create a connection to OC4J using 12401 RMI port successfully but none of my applications are deployed to server.
    This message is repeatedly displaying in messages tab:
    Exception returned by remote server: com.evermind.server.rmi.RMIConnectionException: Disconnected: oracle.oc4j.admin.management.shared.SharedModuleType. local class incompatible during deploy ...
    The default OC4J RMI port is 23791 but in my installation it is set to 12401 when I checked the Runtime Port option of Oracle Application Server and the connection is fine with this port but applications can not be deployed with this configuration.
    I can deploy applications on separate standalone OC4J instance successfully but not able to do it with my SOA application server.
    Any comments will be appreciated.
    Thanks again
    Esfand
    Edited by: user3788199 on Sep 8, 2008 6:50 AM

  • Oracle BI Portlet -Authentication Error  in WebSphere Portal

    We have deployed the oracle BI Portlet in WebSphere Portal Server.
    We have made necessary changes in the portlet.xml and created the credential vault to store user information as well .
    Our WebSpere Portal is integrated with LDAP Server .
    When the Portal Admin logs in he can see the reports in Oracle BI Portlet ......however a non admin user gets the following error message.
    Authentication error. Details: An invalid User Name or Password was entered.
    Can someone plz help.

    Hi
    I am trying to integrate OBIEE 10.1.3.4.1 with Websphere Portal.
    I perform following steps :
    1. Installed OBIEE and created a report at url "http://punitp63969d:9704/analytics/saw.dll?Dashboard"
    2. Modified portlet.xml of sawjsr168portlets.war as follows
    <preference>
    <name>oracle.bi.presentation.sawserver.URL</name>
    <value>http://punitp63969d:9704/analytics/saw.dll?Dashboard</value>
    <read-only>false</read-only>
    </preference>
    <preference>
    <name>oracle.bi.presentation.portlets.jsr168.reportui.AdminUserName</name>
    <value>Administrator</value>
    <read-only>false</read-only>
    </preference>
    <preference>
    <name>oracle.bi.presentation.portlets.jsr168.reportui.AdminPwd</name>
    <value>Administrator</value>
    <read-only>false</read-only>
    </preference>
    <preference>
    <name>oracle.bi.presentation.portlets.websphere.SuperuserSlotId</name>
    <value>sawseveradmin</value>
    <read-only>false</read-only>
    </preference>
    where Administrator/Administrator is user-id/password for OBIEE and
    sawseveradmin is name of credential vault in WebSphere-Portal.
    3. Deployed the war on WebSphere Portal and got portlet disable with following error in log :
    WSVR0200I: Starting application: PA_SAWReport
    9/4/09 18:42:52:067 IST 000001ff ApplicationMg A WSVR0204I: Application: PA_SAWReport Application build level: Unknown
    9/4/09 18:42:52:708 IST 000001ff WebGroup A SRVE0169I: Loading Web Module: SAWReport.
    9/4/09 18:42:52:973 IST 000001ff VirtualHost I SRVE0250I: Web Module SAWReport has been bound to default_host:10000,:80,:10002,:10015,:10016,:443,:10023,:10026,:10040,:10035.
    9/4/09 18:42:53:130 IST 000001ff ApplicationMg A WSVR0221I: Application started: PA_SAWReport
    9/4/09 18:42:59:692 IST 00000037 WebContainer E SRVE0255E: A WebGroup/Virtual Host to handle /searchfeed/myserver/scopes has not been defined.
    9/4/09 18:43:26:458 IST 00000037 WebContainer E SRVE0255E: A WebGroup/Virtual Host to handle /searchfeed/myserver/scopes has not been defined.
    9/4/09 18:43:50:318 IST 000000a5 ServletWrappe I SRVE0242I: PA_SAWReport [wps/PA_SAWReport] Oracle_Business_Intelligence_Report_View_Portlet: Initialization successful.
    9/4/09 18:43:50:521 IST 000000a5 MimeResponseI E com.ibm.ws.portletcontainer.core.impl.MimeResponseImpl getWriter EJPPC0176W: Invalid content type
    9/4/09 18:43:50:661 IST 000000a5 ServletWrappe E SRVE0068E: Uncaught exception thrown in one of the service methods of the servlet: Oracle_Business_Intelligence_Report_View_Portlet. Exception thrown : javax.servlet.ServletException: java.lang.IllegalStateException: No content type set.
    at com.ibm.ws.portletcontainer.invoker.impl.PortletServlet.doDispatch(PortletServlet.java:369)
    Caused by: java.lang.IllegalStateException: No content type set.
         at com.ibm.ws.portletcontainer.core.impl.MimeResponseImpl.getWriter(MimeResponseImpl.java:114)
         at com.siebel.analytics.web.portlets.jsr168.ReportUI.checkUser(ReportUI.java:852)
         at com.siebel.analytics.web.portlets.jsr168.ReportUI.doView(ReportUI.java:167)
         at javax.portlet.GenericPortlet.doDispatch(GenericPortlet.java:328)
         at com.siebel.analytics.web.portlets.jsr168.ReportUI.doDispatch(ReportUI.java:1058)
         at javax.portlet.GenericPortlet.render(GenericPortlet.java:233)
         at com.ibm.ws.portletcontainer.invoker.impl.PortletFilterChainImpl.doFilter(PortletFilterChainImpl.java:128)
         at com.ibm.wps.propertybroker.standard.filter.C2APortletFilter.doFilter(C2APortletFilter.java:185)
         at com.ibm.ws.portletcontainer.invoker.impl.PortletFilterChainImpl.doFilter(PortletFilterChainImpl.java:120)
         at com.ibm.ws.portletcontainer.invoker.impl.PortletServlet.doDispatch(PortletServlet.java:573)
         at com.ibm.ws.portletcontainer.invoker.impl.PortletServletCollaboratorChainImpl.doCollaborator(PortletServletCollaboratorChainImpl.java:114)
         at com.ibm.isclite.container.collaborator.PortletServletCollaborator.doRender(PortletServletCollaborator.java:68)
         at com.ibm.ws.portletcontainer.invoker.impl.PortletServletCollaboratorChainImpl.doCollaborator(PortletServletCollaboratorChainImpl.java:105)
         at com.ibm.ws.portletcontainer.rrd.RRDServerPortletServletCollaborator.doRender(RRDServerPortletServletCollaborator.java:123)
         at com.ibm.ws.portletcontainer.invoker.impl.PortletServletCollaboratorChainImpl.doCollaborator(PortletServletCollaboratorChainImpl.java:105)
         at com.ibm.ws.portletcontainer.cache.CacheCollaborator.doRender(CacheCollaborator.java:92)
         at com.ibm.ws.portletcontainer.invoker.impl.PortletServletCollaboratorChainImpl.doCollaborator(PortletServletCollaboratorChainImpl.java:105)
         at com.ibm.wps.pe.pc.waspc.core.impl.PortletServletCollaboratorImpl.doRender(PortletServletCollaboratorImpl.java:156)
         at com.ibm.ws.portletcontainer.invoker.impl.PortletServletCollaboratorChainImpl.doCollaborator(PortletServletCollaboratorChainImpl.java:105)
         at com.ibm.ws.portletcontainer.invoker.impl.PortletServlet.doDispatch(PortletServlet.java:273)
         ... 219 more
    Please help me resolve this issue.Thanks in advance.

  • AS2 - Authentication Error

    Hi,
    We are setting up a EDI Customer in our development system and they tried to connect with us by sending a test order.  We have loaded the certificate given by them into our channels.
    Unfortunately, in the seeburger message monitor, It mentioned authentication error.  When i checked the comms., log, it said that it could not find the alias name.
    Is it because we had renamed the certificate while loading into visual admin. What else can be wrong?
    Regards
    Krish

    Hi Krish
    This links should be useful to you
    How to import Third ParSecurity Certificate into PI
    Regards
    Ramesh

  • HTTP XML Data Source authentication error

    Morning All,
    I have just started playing around with using XML as a data source for my CR4Ev2.0.1 reports.
    I have managed to create the local inline reports and change their data source loacation with no current
    issues.
    I am now trying to create the HTTPXML reports using code from Ted's BLOG.
    I manage to create a new report, and can open it in design, I can see the data source structure but as
    soon as I try browse the data or preview my report I get the following error
    Cannot Open file
    Server returned HTTP response code: 407 for URL:
    http://myserver/httpxml.xml
    I had a quick look up the 407 error and it seems to be a Proxy authentication error, we do have a proxy
    server setup which requires a username and password.
    Before I go through what I have tried I want to confess that for this httpxml.xml file all I did was take my
    inline.xml file and rename it and make it avaliable via a URL. So this might be the whole problem but I
    am sure this is ok.
    So I have tried turning off the proxy server as this URL is local so I dont need to go through the proxy.
    If I go to the URL in my browser it works fine and I do not need to enter any proxy details.
    Thats the problem with my HTTP XML attempt.
    If I use the code as is, from Ted's BLOG, for
    Crystal Reports off of HTTP XML data URL
    and try use the following 2 URLs
    propertyBag.put(
    "Http(s) XML URL", "http://resources.businessobjects.com/support/downloads/samples/cr/customer_db/orders.xml");
    propertyBag.put(
    "Http(s) Schema URL", "http://resources.businessobjects.com/support/downloads/samples/cr/customer_db/orders.xsd");
    propertyBag.put(
    "Http(s) XML URL", "http://resources.businessobjects.com/support/downloads/samples/cr/customer_db/customer.xml");
    propertyBag.put(
    "Http(s) Schema URL", "http://resources.businessobjects.com/support/downloads/samples/cr/customer_db/customer.xsd");
    But I get the following errors
    Exception in thread "main" com.crystaldecisions.sdk.occa.report.lib.ReportSDKLogonException: Logon
    Error: {0}---- Error code:-2147217393 Error code name:dbLogonFailed
         at com.businessobjects.reports.sdk.JRCCommunicationAdapter.a(Unknown Source)
         at com.crystaldecisions.sdk.occa.report.application.DatabaseController.byte(Unknown
    Source)
         at com.crystaldecisions.sdk.occa.report.application.DatabaseController.addTable(Unknown
    Source)
         at com.businessobjects.samples.CreateHttpXML.main(CreateHttpXML.java:90)
    Caused by: com.crystaldecisions.reports.common.LogonFailureException: Logon Error:{0}
         at com.crystaldecisions.reports.queryengine.Connection.br(Unknown Source)
         at com.crystaldecisions.reports.queryengine.Connection.bs(Unknown Source)
    Any ideas as to what my issues are or what I am missing.
    Thanks in advance.
    Darren
    Edited by: Darren Jackson on Apr 28, 2009 2:12 PM
    Is there any documentation as to what entries I can use in the property bag.
    Like is there a ("ProxySet", false) or something along those lines?
    Edited by: Darren Jackson on Apr 28, 2009 5:28 PM
    I have made a little more head way.
    I saved the Orders.xml and Orders.xsd files onto my webserver and editied the code to only worry about
    the Orders and ignore the Customer files.
    I now create my reports, open them in Eclipse to design them, but when I try preview the data it is now
    asking me for a username and password. I have tried all combinations that I can think of for our systems
    but none work.
    Grrrrrrrrrrrrrrr

    I have subsequently determined that my main problem was my "cached" proxy settings within Eclipse.
    Even though I removed the proxy settings in Eclipse, it still required me to restart Eclipse after which it
    all started working ok.
    That was my main problem, but I am still interested in the Property Bag options that I mentioned before.
    If proxy settings are needed, how would one go about setting these details?
    Thanks
    Darren

  • Every time I launch Mail.app my server gets STMP authentication error

    From my server STMP log file:
    2015-02-23 15:48:57 plain authenticator failed for 77-173-xxx-xxx.ip.telfort.nl (mbp.home) [77.173.xxx.xxx]: 535 Incorrect authentication data (set_id=username)
    For some reason Mail.app tries to connect to the STMP server but doesn't properly authenticate. It does seem to set the username but not a valid password so the log files on my SMTP server are filled with these errors. Even worse brute force detection automatically blocks the ip address in the firewall because of this after 10 attempts. It's not just me, many other customers that use a mac have the same problem (I notice this because they call me for not being able to connect because of the blacklisting by the brute force scanner)
    How can I fix this? Why does Mail.app try to connect without proper authentication?

    No. You said to Change the authentication setting for the account on the client to one that the server supports. But I already have that. Sending mail works just fine, but for some reason Mail.app still causes authentication errors on launch and periodically about every 10 minutes

  • RDS 2012 (An Authentication error has occurred 0x607) - WINDOWS 8 ONLY

    Hi - please help. I've read many posts relating to this error, but none have fixed my issue.
    We have an RDS 2012 setup.  2 Servers.  Both session hosts.  only 1 is the broker.  Cert from official CA.
    My authentication is set to ONLY allow devices with Network Level Authority.  I don't want to remove this.
    Windows XP and Windows 7 can connect both internally, and externally via the RDWeb address perfectly fine, but all Win8 machines get the error "An authentication error has occurred. Code 0x607.
    Can anyone please advise why?
    Many thanks

    Hi,
    I have seen other similar cases got resolved by setting the encryption level to low and security layer to Negotiate.
    Here is a thread below:
    An authentication error has occured (Code: 0x607)
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/94780a11-23ba-4a3c-b11a-734007c2d2fd/an-authentication-error-has-occured-code-0x607?forum=winserverTS
    If it is not an option for you, I suggest you check whether the SSL certificate used by RDWeb access is trusted by the Windows 8 clients. There should be a corresponding root CA certificate installed in the Trusted Certification Authorities store.
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • OD / AD / Magic Triangle configuration in Snow Leopard Server

    Hi:
    I'm working on training / setting up a magic triangle. I've been able to perform the necessary binding of my 10.6.4 Server to the AD, Set up OD as an OD Master connected to AD and finally, binding a client 10.6.4 Mac to both AD and OD. FYI - I'm using the Apple Training Series: Macs OS X Directory Services v10.6 as my guide.
    I'm running into issues which are based upon how I connect / authenticate. I tried the 4 scenarios listed below with different results. The first scenario is the way to view/administer the directories according to the training guide. I tried the other 3 scenarios just to see what might happen:
    1 - local mac - run WGM and View Directories: Result: Can authenticate to AD directories, but can't authenticate to the OD directory on the OS X server.
    2 - local mac - run WGM and Authenticate to OS X Server: Result: Can authenticate to OD directory on the Server, but cannot authenticate to AD directories as AD Administrator
    3 - from the OS X Server - run WGM and Authenticate to OS X Server: Result: Automatically authenticate to OD directory on the Server, but cannot authenticate to AD directories as AD Administrator
    4 - from the OS X Server - run WGM and View Directories Result: Automatically authenticate to OD directory on the Server, but cannot authenticate to AD directories as AD Administrator
    Earlier today, while using #2 scenario, I was able to see the contents of the Active Directory and could even add computers/users to the groups I had created on the server's ldap directory and successfully tested attributes on the users/computers I assigned to the respective groups. This evening though, I can no longer see users/computers in the AD and the users I added to the OD groups have lost their connections - when I look at Members, each listing name initially shows loading then changes to not found. (The ID for each still appears though).
    Any ideas? I've completely reset the server configuration for OD and its binding to the Active Directoy a couple of times now, but still can't get it working. I have the sense I've missed some detail here.
    Thanks!

    It sounds like you lose the AD connection intermittently from at least the server.
    You are using the "AD" DNS?
    Reverse lookup of the OS X server name works (OS X server name added to forward zone and IP added to reverse zone for your LAN in "AD" DNS)?
    In SA, OD, Kerberos is not running (should use AD kerberos realm)?
    Anything in logs about this (DirectoryService)?

  • BI portlet "Authentication error" on WebCenter

    Hi, all
    I'm trying to deploy BI reportUI portlet to WebCenter server.
    Following the introduction on BI document:
    1. Download sawjsr168portlets.war
    2. Edit portlet.xml and set oracle.bi.presentation.sawserver.URL, oracle.bi.presentation.portlets.jsr168.reportui.AdminUserName and oracle.bi.presentation.portlets.jsr168.reportui.AdminPwd
    3. Deploy the portlet to Jdevelper preconfigured OC4J successfully.
    4. Consuming BI ReportUI portlet within JSF page
    After I click "customize" of the generated "Oracle Business Intelligence Report View Portlet" and input the "report path", which is a qualified URL accessible on IE brower,
    a error displays:
    "Authentication error. Details: An invalid User Name or Password was entered."
    Check the log file and find some error message like:
    <sawsoape:Message>State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
    [nQSError: 43001] Authentication failed for PUBLIC in repository Star: invalid user/password. (08004)</sawsoape:Message>
    I'm sure the admin user name and password are both set correctly in "portlet.xml" file.
    Any suggestion or help are highly appreciated! Thanks.
    regards,
    Rongrong Wang

    I was able to resolve the authentication error by securing the web center application using container based security.
    I got a report to display on my page, but was getting the below error on my server logs:
    2008-01-21 15:08:18.531 WARNING Error in Siebel Analytics ReportUI portlet
    Jan 21, 2008 3:08:18 PM org.apache.axis.client.Call invoke
    SEVERE: Exception:
    org.xml.sax.SAXException: Bad types (class java.lang.String -> class com.siebel.analytics.web.soap.AuthResult)
         at org.apache.axis.message.RPCHandler.onStartChild(RPCHandler.java:286)
         at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)
         at org.apache.axis.message.SAX2EventRecorder.replay(SAX2EventRecorder.java:165)
         at org.apache.axis.message.MessageElement.publishToHandler(MessageElement.java:1141)
         at org.apache.axis.message.RPCElement.deserialize(RPCElement.java:236)
         at org.apache.axis.message.RPCElement.getParams(RPCElement.java:384)
         at org.apache.axis.client.Call.invoke(Call.java:2448)
         at org.apache.axis.client.Call.invoke(Call.java:2347)
         at org.apache.axis.client.Call.invoke(Call.java:1804)
         at com.siebel.analytics.web.soap.SAWSessionServiceStub.impersonateex(SAWSessionServiceStub.java:540)
         at com.siebel.analytics.web.portlets.jsr168.SAWConnection.init(SAWConnection.java:80)
         at com.siebel.analytics.web.portlets.jsr168.ReportUI.getSAWConnection(ReportUI.java:905)
         at com.siebel.analytics.web.portlets.jsr168.ReportUI.getSAWPage(ReportUI.java:1010)
         at com.siebel.analytics.web.portlets.jsr168.ReportUI.doViewIFrameWithActionLinks(ReportUI.java:422)
         at com.siebel.analytics.web.portlets.jsr168.ReportUI.doView(ReportUI.java:178)
         at javax.portlet.GenericPortlet.doDispatch(GenericPortlet.java:235)
         at com.siebel.analytics.web.portlets.jsr168.ReportUI.doDispatch(ReportUI.java:1052)
         at javax.portlet.GenericPortlet.render(GenericPortlet.java:163)
         at oracle.portlet.server.containerimpl.ServerImpl.getMarkup(ServerImpl.java:161)
         at oracle.portlet.wsrp.v2.WSRPv2ToServer.getMarkup(WSRPv2ToServer.java:867)
         at oracle.portlet.wsrp.v2.WSRP_v2_Markup_PortTypeSoapToJaxb.getMarkup(WSRP_v2_Markup_PortTypeSoapToJaxb.java:70)
         at oasis.names.tc.wsrp.v2.bind.runtime.WSRP_v2_Markup_Binding_SOAP_Tie.invoke_getMarkup(WSRP_v2_Markup_Binding_SOAP_Tie.java:675)
         at oasis.names.tc.wsrp.v2.bind.runtime.WSRP_v2_Markup_Binding_SOAP_Tie.processingHook(WSRP_v2_Markup_Binding_SOAP_Tie.java:1448)
         at oracle.j2ee.ws.server.StreamingHandler.handle(StreamingHandler.java:297)
         at oracle.j2ee.ws.server.JAXRPCProcessor.doEndpointProcessing(JAXRPCProcessor.java:413)
         at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:349)
         at oracle.j2ee.ws.server.JAXRPCProcessor.doRequestProcessing(JAXRPCProcessor.java:277)
         at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:114)
         at oracle.j2ee.ws.server.JAXRPCProcessor.doService(JAXRPCProcessor.java:134)
         at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:177)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
         at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
         at oracle.portlet.server.service.ContextFilter.doFilter(ContextFilter.java:86)
         at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
         at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
         at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
         at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
         at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
         at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
         at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
         at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
         at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
         at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
         at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
         at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
         at java.lang.Thread.run(Thread.java:595)
    Also when I click on a filter list box in the report, the portlet breaks. It tries to call the below url
    http://xx.yy.zz.zz1:yyyy/biee/sawbridge?SAWServer=Enc_f90c1fd07336dfa8f51c4dc19eb2efe516fc155234bba315c39fa2dada94a1f0d879a0bcb4100abce14e85a9f576c6f5&RedirectURL=saw.dll%3fNoAuthGo
    Any help would be appreciated.
    Regards,
    Aneesh

  • Oracle bi authentication error

    Hi,
    I am getting authentication error when I tried to login in to oracle bi publisher when I tried to save an i bot again I get authentication error. Is there anyway for me to override authentication or what can caıuse something like this. any help would be appreciated

    Hi,
    You are probably encountering 2 different issues.
    For BI Publisher:
    With a default OBI installation the BI Publisher security model is set to "Oracle BI Server". So to log into BI Publisher the BI Server has to be up. It can also be the case that you created a new repository. Then you probably have not created and granted the right roles to the OBI user (i.e. XMLP_ADMIN etc. see the default paint.rpd or samplesales.rpd for those roles).
    You can turn off the OBI authentication. For that you have to go the Admin tab, security configuration and use another security model (i.e. BI Publisher security).
    For the iBot:
    Did you follow all configuration steps as stated in the configuration guide? One step is to add the user, which you configured with the job manager, to the credential store. I think you missed that step.
    Regards

  • Authentication error (0:5:111) error during Online Oracle DB backup

    Hi All,
    larger database backup have been failing with below error from Networker backup tool.
    channel CH5: starting piece 1 at 06-JUN-12
    RMAN-03009: failure of backup command on CH4 channel at 06/07/2012 05:24:16
    ORA-27192: skgfcls: sbtclose2 returned error - failed to close file
    ORA-19511: Error received from media manager layer, error text:
    Authentication error (0:5:111)
    continuing other job steps, job failed will not be re-run
    channel CH4: starting full datafile backup set
    channel CH4: specifying datafile(s) in backup set
    Backup got successfully completed for small database backup like "user" or "system" tablespace including control file and also manual backup got completed from oracle client end.
    Kindly suggest what to do ...........
    Thanks,
    Sabarna Deb

    Hi,
    And did you try the following backup command?
    RUN {
    ALLOCATE CHANNEL CH1 TYPE 'SBT_TAPE';
    ALLOCATE CHANNEL CH2 TYPE 'SBT_TAPE';
    ALLOCATE CHANNEL CH3 TYPE 'SBT_TAPE';
    ALLOCATE CHANNEL CH4 TYPE 'SBT_TAPE';
    ALLOCATE CHANNEL CH5 TYPE 'SBT_TAPE';
    SEND DEVICE TYPE 'SBT_TAPE' 'NSR_ENV=(NSR_CLIENT=uidl1-rac-a18-002)';
    # Set the maximum stream per tape-channel.
    set limit channel CH1 kbytes 8388600;
    set limit channel CH2 kbytes 8388600;
    set limit channel CH3 kbytes 8388600;
    set limit channel CH4 kbytes 8388600;
    set limit channel CH5 kbytes 8388600;
    BACKUP
    FULL
    FORMAT '%d_%U'
    DATABASE
    INCLUDE CURRENT CONTROLFILE
    PLUS ARCHIVELOG
    RELEASE CHANNEL CH1;
    RELEASE CHANNEL CH2;
    RELEASE CHANNEL CH3;
    RELEASE CHANNEL CH4;
    RELEASE CHANNEL CH5;
    Regards,
    Tycho
    Edited by: tychos on 8-jun-2012 10:27

  • Authentication error on Linksys RE6500

    Hello, i am from holland.
    My setup Ubee EVW 320B set up as bridge, hardwired to the linksys EA 6900 and trough wifi connecting to Linksys RE6500. After the setup everything works great but, after a while if you are in range of the extender all the devices (laptop, Mac book, Ipod, iPhone, Ipad) will loose connection and it says authentication error. (verificatiefout in dutch) Can some one please tell me what is wrong? the range extender is in good range of the EA 6900. Already went back to the store and got a new RE 6500 because i thought it was broken but the new one is doing the same. All firmware is up to date on the devices
    Greetings Erik

    The authentication error message is unusually. Can you provide more details on that?
    Please remember to Kudo those that help you.
    Linksys
    Communities Technical Support

Maybe you are looking for