Check Directory fails with MS AD using AL BPM 5.7.1
Hi,
I have created a directory on MS Active Directory using AL BPM 5.7.1. I can see that the fuego directory objects were created successfully in the "Active Directory Users and Computers" tool.
However, in the AL BPM Admin Center, when I click the "Check..." button to test the directory, I get an error message "Cannot find the Directory Service."
Further, when I attempt to log in to the work portal, I see an error message that it cannot find the directory service.
All help appreciated!
How do I successfully configure AL BPM to work with MS AD?
Environment:
Windows Server 2003 Enterprise Edition
AquaLogic BPM 5.7 sp 1 Enterprise for IBM WebSphere
Microsoft Active Directory 2000
IBM WebSphere v6
As a further detail to the previous posting, there is an interesting message in the webConsole.log file:
[ 0130 09:35:02.015] Main (main): Directory [msad://alx2-1116-was-3.mwlab.local/mwlab.local] has not been correctly initialized.
[ (cont) ] Main: Detail:Even though a Directory Service is currently present at the specified location, the expected BEA Systems, Inc. entries could not be found. Either the schema has not been created or the existing directory corresponds to a different BEA Systems, Inc. version.
[ (cont) ] Main:
[ (cont) ] Main:
[ (cont) ] Main: fuego.directory.exception.InvalidSchemaException: Directory [msad://alx2-1116-was-3.mwlab.local/mwlab.local] has not been correctly initialized.
[ (cont) ] Main: Detail:Even though a Directory Service is currently present at the specified location, the expected BEA Systems, Inc. entries could not be found. Either the schema has not been created or the existing directory corresponds to a different BEA Systems, Inc. version.
[ (cont) ] Main:
[ (cont) ] Main: at fuego.directory.provider.ldap.LDAPProviderUtils.getDirectoryRoot(LDAPProviderUtils.java:60)
[ (cont) ] Main: at fuego.directory.provider.ldap.LDAPFactory.fillPassport(LDAPFactory.java:329)
[ (cont) ] Main: at fuego.directory.Directory.fillPassport(Directory.java:182)
Similar Messages
-
W2k3 Auth failed with KRB5KDC_ERR_ETYPE_NOSUPP when using DES
We are authenticating users on AD server 2k3, and the users are setup in AD to use DES (checked "Use DES encryption types for this account" in user properties).
It failed somehow with ETYPE_NOSUPP. From the packet capture, I can find KRB5 AS-REQ contains des-cbc-crc/des-cbc-md5/des-cbc-md4 as encryption types.
This is the request:
++++++++++ REQUEST ++++++++++++++++
Kerberos AS-REQ
Pvno: 5
MSG Type: AS-REQ (10)
padata: PA-ENC-TIMESTAMP
Type: PA-ENC-TIMESTAMP (2)
Value: 303ba003020117a2340432482d36ca7556ebf719421fc8b4... rc4-hmac
Encryption type: rc4-hmac (23)
enc PA_ENC_TIMESTAMP: 482d36ca7556ebf719421fc8b4530cfea187d35318fd63bd...
KDC_REQ_BODY
Padding: 0
KDCOptions: 00000010 (Renewable OK)
.0.. .... .... .... .... .... .... .... = Forwardable: Do NOT use forwardable tickets
..0. .... .... .... .... .... .... .... = Forwarded: This is NOT a forwarded ticket
...0 .... .... .... .... .... .... .... = Proxiable: Do NOT use proxiable tickets
.... 0... .... .... .... .... .... .... = Proxy: This ticket has NOT been proxied
.... .0.. .... .... .... .... .... .... = Allow Postdate: We do NOT allow the ticket to be postdated
.... ..0. .... .... .... .... .... .... = Postdated: This ticket is NOT postdated
.... .... 0... .... .... .... .... .... = Renewable: This ticket is NOT renewable
.... .... ...0 .... .... .... .... .... = Opt HW Auth: False
.... .... .... ..0. .... .... .... .... = Constrained Delegation: This is a normal request (no constrained delegation)
.... .... .... ...0 .... .... .... .... = Canonicalize: This is NOT a canonicalized ticket request
.... .... .... .... .... .... ..0. .... = Disable Transited Check: Transited checking is NOT disabled
.... .... .... .... .... .... ...1 .... = Renewable OK: We accept RENEWED tickets
.... .... .... .... .... .... .... 0... = Enc-Tkt-in-Skey: Do NOT encrypt the tkt inside the skey
.... .... .... .... .... .... .... ..0. = Renew: This is NOT a request to renew a ticket
.... .... .... .... .... .... .... ...0 = Validate: This is NOT a request to validate a postdated ticket
Client Name (Principal): test
Name-type: Principal (1)
Name: test
Realm: SRV.MYTESTSERVER.LOC
Server Name (Unknown): krbtgt/SRV.MYTESTSERVER.LOC
Name-type: Unknown (0)
Name: krbtgt
Name: FP.DEREKTESTING.COM
from: 2011-04-07 08:10:06 (UTC)
till: 2011-04-08 08:10:06 (UTC)
Nonce: 1302163806
Encryption Types: aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 rc4-hmac des-cbc-crc des-cbc-md5 des-cbc-md4
Encryption type: aes256-cts-hmac-sha1-96 (18)
Encryption type: aes128-cts-hmac-sha1-96 (17)
Encryption type: des3-cbc-sha1 (16)
Encryption type: rc4-hmac (23)
Encryption type: des-cbc-crc (1)
Encryption type: des-cbc-md5 (3)
Encryption type: des-cbc-md4 (2)
++++++++++ REQUEST ++++++++++++++++
And this is the response:
++++++++++ RESPONSE ++++++++++++++++
Kerberos KRB-ERROR
Pvno: 5
MSG Type: KRB-ERROR (30)
stime: 2011-04-07 08:10:06 (UTC)
susec: 247525
error_code: KRB5KDC_ERR_ETYPE_NOSUPP (14)
Realm: SRV.MYTESTSERVER.LOC
Server Name (Unknown): krbtgt/SRV.MYTESTSERVER.LOC
Name-type: Unknown (0)
Name: krbtgt
Name: SRV.MYTESTSERVER.LOC
e-data
padata: PA-ENCTYPE-INFO
Type: PA-ENCTYPE-INFO (11)
Value: 30443020a003020103a119041746502e444552454b544553... des-cbc-md5 des-cbc-crc
Encryption type: des-cbc-md5 (3)
Salt: 46502e444552454b54455354494e472e434f4d6a69616e
Encryption type: des-cbc-crc (1)
Salt: 46502e444552454b54455354494e472e434f4d6a69616e
++++++++++ RESPONSE ++++++++++++++++
What could have possibly gone wrong? I also tried to reset the passwords of administrator and the user and restart the kdc services. It didn't help.
Thanks.I am not sure, the exact behaviour must be specified somewhere, but I was not able to find any precise documentation on the topic. It may be, that the DC preferes AES if allowed by the client and it may colide with the setting on the user account.
Anyway, why do you use the checkbox at all? If you wanted to enforce DES, you could have enabled the "System Cryptography: Use FIPS compliant algorithms for encryption, hashing and siging" policy which would switch the whole environment to DES or AES automatically.
The user account setting is meant to only those accounts that are used by non-windows services IMHO.
ondrej. -
Jvm startup fails with error when using large -Xmx value
I'm running JDK 1.6.0_02-b05 on RHEL5 server. I'm getting error when starting the JVM with large -Xmx value. The host has ample memory to succeed yet it fails. I see this error when I'm starting tomcat with a bunch of options but found that it can be easily reproduced by starting the JVM with -Xmx2048M and -version. So it's this boiled down test case that I've been examining more closely.
host% free -mt
total used free shared buffers cached
Mem: 6084 3084 3000 0 184 1531
-/+ buffers/cache: 1368 4716
Swap: 6143 0 6143
Total: 12228 3084 9144
Free reveals the host has 6 GB of RAM, approximately half is available. Swap is totally free meaning I should have access to about 9 GB of memory at this point.
host% java -version
java version "1.6.0_02"
Java(TM) SE Runtime Environment (build 1.6.0_02-b05)
Java HotSpot(TM) Server VM (build 1.6.0_02-b05, mixed mode)
java -version succeeds
host% java -Xmx2048M -version
Error occurred during initialization of VM
Could not reserve enough space for object heap
Could not create the Java virtual machine.
java -Xmx2048M -version fails. Trace of this reveals mmap call fails.
mmap2(NULL, 2214592512, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
Any ideas?These are the relevant java options we are using:
-server -XX:-OmitStackTraceInFastThrow -XX:+PrintClassHistogram -XX:+UseLargePages -Xms6g -Xmx6g -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=128m -XX:MaxPermSize=192m -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled -XX:+CMSPermGenSweepingEnabled -XX:+ExplicitGCInvokesConcurrent -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.awt.headless=true
This is a web application that is very dynamic and uses lots of database calls to build pages. We use a large clustered cache to reduce trips to the database. So being able to acces lots of memory is important to our application.
I'll explain some of the more uncommon options:
We use the Concurrent Garbage collector to reduce stop the world GC's. Here are the CMS options:
-XX:+UseConcMarkSweepGC
-XX:+CMSClassUnloadingEnabled
-XX:+CMSPermGenSweepingEnabled An explicit coded GC invokes the Concurrent GC instead of the stop the world GC.
-XX:+ExplicitGCInvokesConcurrentThe default PermSizes where not large enough for our application. So we increased them.
-XX:PermSize=128m
-XX:MaxPermSize=192mWe had some exceptions that were omitting their stack traces. This options fixes that problem:
-XX:-OmitStackTraceInFastThrowWe approximate between 10% to 20% performance improvement with Large Page support. This is an advance feature.
-XX:+UseLargePagesUseLargePages requires OS level configuration as well. In SUSE10 we configured the OS's hugepages by executing
echo "vm.nr_hugepages = 3172" >> /etc/sysctl.confand then rebooting. kernel.shmmax may also need to be modified. If you use Large Page be sure to google for complete instructions.
When we transitioned to 64bit we transitioned from much slower systems having 4GB of ram to much faster machines with 8GB of ram, so I can't answer the question of degraded performance, however with our application, the bigger our cache the better our performance, so if 64bit is slower we more than make up for it being able to access more memory. I bet the performance difference depends on the applications. You should do your own profiling.
You can run both the 32bit version and the 64bit version on most 64bit OSes. So if there is a significant difference run the version you need for the application. For example if you need the memory use the 64bit version if you don't then use the 32bit version. -
DOM Parser fails with regular expression using anchor (carat, dollar)
I'm using version "Oracle XDK Java 9.0.4.0.0 Production"
In trying to parse XML against schema: a regular expression fails to parse the data "8:00" with the following simple regular expression: "^.*$" (used to narrow the error)
The error message is
<Line 14, Column 25>: XSD-2025: (Error) Invalid text '8:00' in element: 'XYZ'
If I remove the anchors and just have ".*", the data is parsed successfully.
I dont understand why the parse fails when I use a anchors in the regular expression, and the java Pattern/Matcher classes succeed with the anchors?That "ns670" string is an xml namespace prefix. it should have a corresponding xml namespace declaration somewhere in the xml document (i'm guessing you have not shown the whole document). the actual value of an xml namespace prefix is meaningless. if you parse the xml with a namespace aware DOM parser, it should generate Nodes with the correct namespace. the namespace is the value you care about when extracting data from the document, not the namespace prefix.
alternately, if you parse the document using a namespace aware DOM parser, you can just look for nodes based on their "local" name (the part after the ":" separator) and ignore the namespace/prefix.
whatever you do, please do not parse the xml with a regex, see this http://stackoverflow.com/a/1732454/552759 for details (applies to xml as well). -
Hello everyone.
I'm using SQL Server 2014, and writting on some C++ app to query and modify the database. I use the ODBC API.
I'm stuck on inserting an SQL_NUMERIC_STRUCT value into the database, if the corresponding database-column has a scale set.
For test-purposes: I have a Table named 'decTable' that has a column 'id' (integer) and a column 'dec' (decimal(5,3))
In the code I basically do:
1. Connect to the DB, get the handles, etc.
2. Use SQLBindParameter to bind a SQL_NUMERIC_STRUCT to a query with parameter markers. Note that I do include the information about precision and scale, something like: SQLBindParameter(hstmt, 2, SQL_PARAM_INPUT, SQL_C_NUMERIC, SQL_NUMERIC, 5, 3, &numStr,
sizeof(cbNum), &cbNum);
3. Prepare a Statement to insert values, something like: SQLPrepare(hstmt, L"INSERT INTO decTable (id, dec) values(?, ?)", SQL_NTS);
4. Set some valid data on the SQL_NUMERIC_STRUCT
5. Call SQLExecute to execute. But now I get the error:
SQLSTATE: 22003; nativeErr: 0 Msg: [Microsoft][ODBC Driver 11 for SQL Server]Numeric value out of range
I dont get it what I am doing wrong. The same code works fine against IBM DB2 and MySql. I also have no problems reading a SQL_NUMERIC_STRUCT using SQLBindCol(..) and the various SQLSetDescField to define the scale and precision.
Is there a problem in the ODBC Driver of the SQL Server 2014?
For completeness, here is a working c++ example:
// InsertNumTest.cpp
// create database using:
create a table decTable with an id and a decimal(5,3) column:
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TABLE[dbo].[decTable](
[id][int] NOT NULL,
[dec][decimal](5, 3) NULL,
CONSTRAINT[PK_decTable] PRIMARY KEY CLUSTERED
[id] ASC
)WITH(PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON[PRIMARY]
) ON[PRIMARY]
GO
// Then create an odbc DSN entry that can be used:
#define DSN L"exOdbc_SqlServer_2014"
#define USER L"exodbc"
#define PASS L"testexodbc"
// system
#include <iostream>
#include <tchar.h>
#include <windows.h>
// odbc-things
#include <sql.h>
#include <sqlext.h>
#include <sqlucode.h>
void printErrors(SQLSMALLINT handleType, SQLHANDLE h)
SQLSMALLINT recNr = 1;
SQLRETURN ret = SQL_SUCCESS;
SQLSMALLINT cb = 0;
SQLWCHAR sqlState[5 + 1];
SQLINTEGER nativeErr;
SQLWCHAR msg[SQL_MAX_MESSAGE_LENGTH + 1];
while (ret == SQL_SUCCESS || ret == SQL_SUCCESS_WITH_INFO)
msg[0] = 0;
ret = SQLGetDiagRec(handleType, h, recNr, sqlState, &nativeErr, msg, SQL_MAX_MESSAGE_LENGTH + 1, &cb);
if (ret == SQL_SUCCESS || ret == SQL_SUCCESS_WITH_INFO)
std::wcout << L"SQLSTATE: " << sqlState << L"; nativeErr: " << nativeErr << L" Msg: " << msg << std::endl;
++recNr;
void printErrorsAndAbort(SQLSMALLINT handleType, SQLHANDLE h)
printErrors(handleType, h);
getchar();
abort();
int _tmain(int argc, _TCHAR* argv[])
SQLHENV henv = SQL_NULL_HENV;
SQLHDBC hdbc = SQL_NULL_HDBC;
SQLHSTMT hstmt = SQL_NULL_HSTMT;
SQLHDESC hdesc = SQL_NULL_HDESC;
SQLRETURN ret = 0;
// Connect to DB
ret = SQLAllocHandle(SQL_HANDLE_ENV, NULL, &henv);
ret = SQLSetEnvAttr(henv, SQL_ATTR_ODBC_VERSION, (SQLPOINTER)SQL_OV_ODBC3, SQL_IS_INTEGER);
ret = SQLAllocHandle(SQL_HANDLE_DBC, henv, &hdbc);
ret = SQLConnect(hdbc, (SQLWCHAR*)DSN, SQL_NTS, USER, SQL_NTS, PASS, SQL_NTS);
if (!SQL_SUCCEEDED(ret))
printErrors(SQL_HANDLE_DBC, hdbc);
getchar();
return -1;
ret = SQLAllocHandle(SQL_HANDLE_STMT, hdbc, &hstmt);
// Bind id as parameter
SQLINTEGER id = 0;
SQLINTEGER cbId = 0;
ret = SQLBindParameter(hstmt, 1, SQL_PARAM_INPUT, SQL_C_SLONG, SQL_INTEGER, 0, 0, &id, sizeof(id), &cbId);
if (!SQL_SUCCEEDED(ret))
printErrorsAndAbort(SQL_HANDLE_STMT, hstmt);
// Bind numStr as Insert-parameter
SQL_NUMERIC_STRUCT numStr;
ZeroMemory(&numStr, sizeof(numStr));
SQLINTEGER cbNum = 0;
ret = SQLBindParameter(hstmt, 2, SQL_PARAM_INPUT, SQL_C_NUMERIC, SQL_NUMERIC, 5, 3, &numStr, sizeof(cbNum), &cbNum);
if (!SQL_SUCCEEDED(ret))
printErrorsAndAbort(SQL_HANDLE_STMT, hstmt);
// Prepare statement
ret = SQLPrepare(hstmt, L"INSERT INTO decTable (id, dec) values(?, ?)", SQL_NTS);
if (!SQL_SUCCEEDED(ret))
printErrorsAndAbort(SQL_HANDLE_STMT, hstmt);
// Set some data and execute
id = 1;
SQLINTEGER iVal = 12345;
memcpy(numStr.val, &iVal, sizeof(iVal));
numStr.precision = 5;
numStr.scale = 3;
numStr.sign = 1;
ret = SQLExecute(hstmt);
if (!SQL_SUCCEEDED(ret))
printErrorsAndAbort(SQL_HANDLE_STMT, hstmt);
getchar();
return 0;This post might help:
http://msdn.developer-works.com/article/12639498/SQL_C_NUMERIC+data+incorrect+after+insert
If this is no solution try increasing the decimale number on the SQL server table, if you stille have the same problem after that change the column to a nvarchar and see the actual value that is put through the ODBC connector for SQL. -
Call to Java Method to Zip directory fails with error Invalid parameter 1
Hi all,
I try to translate the following Java Code to PeopleCode and I do not succeed in it.
Can somebody please help me out ?
On that website http://www3.ntu.edu.sg/home/ehchua/programming/java/J5b_IO.html I extracted the Java Code:
import java.io.File;
public class ListDirectoryRecusive {
public static void main(String[] args) {
File dir = new File("d:\\myproject\\test"); // Escape sequence needed for '\'
listRecursive(dir);
public static void listRecursive(File dir) {
if (dir.isDirectory()) {
File[] items = dir.listFiles();
for (File item : items) {
System.out.println(item.getAbsoluteFile());
if (item.isDirectory()) listRecursive(item); // Recursive call
PeopleCode
I want to get all the files included in the directory
Local string &SourceDirPath = S1_FS_RDCFG_AET.S1_CHMN_TODO;
Local JavaObject &Javadir = CreateJavaObject("java.io.File", &SourceDirPath);
Local array of any &StrArray;
&ArrayOfAny = CreateArrayAny();
Local JavaObject &JavaFilesArray = CreateJavaArray("java.lang.Object[]", 1024);
&JavaFilesArray = &Javadir.listFiles();
CopyFromJavaArray(&JavaFilesArray, &ArrayOfAny);
==> I alway get the error
Message:
Invalid parameter 1 for function CopyFromJavaArray. (2,116) S1_DSITE_ZIP.MAIN.GBL.default.1900-01-01 .DIRECTOR.OnExecute PCPC:511 Statement:9
I thank you in avance
Edited by: Meapri on Jan 23, 2013 9:33 AMThe Pcode I wrote to Zip Directories
Function AddFileToZip(&sDirSeparator, &zipInternalPath, &fileNameToZip, &zipFileName, &outFileStream, &zipStreamOut)
Local JavaObject &file = CreateJavaObject("java.io.File", &fileNameToZip);
Local JavaObject &inFileStream = CreateJavaObject("java.io.FileInputStream", &fileNameToZip);
Local JavaObject &zipEntry = CreateJavaObject("java.util.zip.ZipEntry", &fileNameToZip);
REM ** Créer le flux de sortie de données pour le fichier ZIP final;
REM ** We will read &fileNameToZip into a buffer and write it out to &zip;
Local string &ZippedfileName = &zipInternalPath | &sDirSeparator | &zipFileName;
REM ** Make sure zip entry retains original modified date;
&zipEntry.setTime(&file.lastModified());
&zipStreamOut.putNextEntry(&zipEntry);
Local JavaObject &buf = CreateJavaArray("byte[]", 1024);
Local number &byteCount;
&byteCount = &inFileStream.read(&buf);
While &byteCount > 0
&zipStreamOut.write(&buf, 0, &byteCount);
&byteCount = &inFileStream.read(&buf);
End-While;
&inFileStream.close();
MessageBox(0, "", 99000, 0, "Zipped File : " | &fileNameToZip);
End-Function;
Function getDirContent(&sDirSeparator, &parentFolder, &zipFileName, &outFileStream, &zipStreamOut)
MessageBox(0, "", 99000, 0, "Directory to scan : " | &parentFolder);
Local JavaObject &Folder = CreateJavaObject("java.io.File", &parentFolder);
Local JavaObject &jItems = &Folder.list();
/* Transformation en Array Pcode*/
Local array of any &items = CreateArrayAny();
Local number &idx = 1;
&items [&jItems.length] = Null;
CopyFromJavaArray(&jItems, &items);
For &idx = 1 To &jItems.length
Local string &Entry = &parentFolder | &sDirSeparator | &items [&idx];
Local JavaObject &FileOrFolder = CreateJavaObject("java.io.File", &Entry);
If &FileOrFolder.isDirectory() Then
getDirContent(&sDirSeparator, &Entry, &zipFileName, &outFileStream, &zipStreamOut);
Else
AddFileToZip(&sDirSeparator, &parentFolder, &Entry, &zipFileName, &outFileStream, &zipStreamOut);
End-If;
End-For;
End-Function;
Local string &RootName = "C:\TEMP\TEST";
Local string &sDirSeparator = "\";
REM ** Create Output Zip File ;
Local string &ZipFileName = &RootName | &sDirSeparator | "Temp2_Zip.zip";
Local JavaObject &OutFileStream = CreateJavaObject("java.io.FileOutputStream", &ZipFileName, True);
Local JavaObject &zipStreamOut = CreateJavaObject("java.util.zip.ZipOutputStream", &OutFileStream);
REM ** Create Zip File Entries found in the directory;
getDirContent(&sDirSeparator, &RootName, &ZipFileName, &OutFileStream, &zipStreamOut);
REM Close Output Zip File ;
&zipStreamOut.close();Edited by: Meapri on Feb 2, 2013 10:54 AM : copy and paste code that works!
Edited by: Meapri on Feb 2, 2013 10:56 AM
Edited by: Meapri on Feb 2, 2013 11:02 AM -
Why SCCM 20012 Install fails with remote 64 bit SQL Server but proceeds for remote 32 bit SQL Server
I have the following setup:
AD User accounts
- SQLAdmin (used to run SQL Services i.e. Database Engine)
- SCCMADmin (used to install SCCM 2012)
SPN registered for user account SQLAdmin
setspn -S MSSQLSvc/SQL.Domain_Name:1432 Domain_Naem\SQLAdmin
setspn -S MSSQLSvc/SQL:1432 Domain_Name\SQLAdmin
setspn -S MSSQLSvc/SQL.Domain_Name:1433 Domain_Naem\SQLAdmin
setspn -S MSSQLSvc/SQL:1433 Domain_Name\SQLAdmin
and checked with setspn -L TESTING\SQLAdmin
1 SERVER called SQL
32bit Server with SQL Server 2008 + SP3 + Cumulative Update 6
2 SQL instances - Default (MSSQLSERVER) and
SCCM2012
MSSQLSERVER instance uses TCP port 1433
SCCM2012 Instance users TCP port 1432 (no dynamic ports)
User accounts that have been given public and sysadmin SQL server roles
on both instances are: SQLAdmin, SCCMAdmin, Domain Administrator, Local Administrator and computer account SCCM
Client Protocols TCP enabled (and Named Pipes) (checked via SQL Server Configuration Manager)
Local Administrators Group on this server has members - SQLAdmin, SCCMAdmin, Domain Administrator, Local Administrator and computer account SCCM
Firewall turned on with access allowed on Ports 1432, 1433, 4022,445, and WMI - WMI-in, DCOM-in and ASync-iN builtin rules allowed\enabled.
1 SERVER called SQL3
64bit Server with SQL Server 2008 + SP3 + Cumulative Update 6
2 SQL instances - Default (MSSQLSERVER) and
SCCM2012
MSSQLSERVER instance uses TCP port 1433
SCCM2012 Instance users TCP port 1432 (no dymanic ports)
User accounts that have been given public and sysafmin SQL server roles on both instances are:
SQLAdmin, SCCMAdmin, Domain Administrator, Local Administrator and computer account SCCM
Client Protocols TCP enabled (and Named Pipes) (checked via SQL Server Configuration Manager)
Local Administrators Group on this server has members - SQLAdmin, SCCMAdmin, Domain Administrator, Local Administrator and computer account SCCM
Firewall turned off
1 SERVER called SCCM
64bit Server that is to be the Primary Site Server\MP for SCCM 2012
ODBC link to SQL\SCCM2012,1432
ODBC link to SQL3\SCCM2012,1432
ODBC uses SQL Native Client 10.0 (64 bit)
Both ODBC connections when TESTed pass and suggest connectivity to SQL Servers
Install process doe SCCM2012
Tried to install SCCM 2012 RC2 when logged in to SCCM Server as AD user account
SCCMAdmin, and when utilising the SCCM2012 SQL instance on
32 bit server of SQL install proceeds barring warning about 8GB rec, for SQL Server. Then fails on PKI certificate issue. Installation (chose HTTP for MP). I beleive the PKI failure as install starts is
due to the fact that SCCM 2012 needs its database server to b 64 bit ?
Thus i then tried to install SCCM 2012 RC2 when logged in to SCCM Server as AD user account SCCMAdmin, and
when using the SCCM2012 SQL instance on
64 bit server of SQL install proceeds but fails at checking stage and says:
SQL Server sysadmin rights FAILED SQL3.Domain_Name
Either the user account running Configuration Manager Setup does not have sysadmin SQL Server role permissions on the SQL Server instance selected for site database installation, or the SQL Server instance could not be contacted to verify permissions. Setup
cannot continue.
and
Site System to SQL Server communication WARNING SCCM.Domain_Name
A communication error has been detected between the specified site system and the site database computer. This error can occur when the site database server is offline or if a valid SPN has not been registered in Active Directory Domain Services for the SQL
Server instance hosting the site database. Setup cannot continue.
Why does the install of SCCM 2012 with 32 bit SQL proceed further than the install with 64 bit SQL, with the latter process failing as above error meesages show and yet both servers are set identically (apart from temporary turning off Firewall on the 64
bit server) and during the install the Databse Server specified is accepted ?Thanks for the reply.
I can connect via ODBC to the the 32 bit SQL Server and the 64 bit SQL Server from the SCCM Server
The SQL Server Unit called SQL3 unit is a 64 bit SQL.
The SQL Server Unit called SQL is only 32 bit, but at least gets past the final checking stage and the error messages about sysadmin rights and Site System to SQL Server communication problem, and then fails with PKI certificate error message.
When trying to install SCCM specifying the 64 bit SQL Server as the Database Server it gives the 2 error messages at the final checking stage of the installation as listed.
So as I said what is confusing is the fact that if the SCCM install uses the remote 32 bit SQL Server it passes the final checking (although fails with PKI certificate message) but the 64 bit SQL Server set up exactly the same apart from the Firewall being
left off for the time being, fails at the final check stage with the 2 listed errors.
If I use a local 64 bit SQL Server the installation is fine.
Still would like to find out what cause the 2 issues for the remote 64 bit SQL Server, when ODBC seems fine, sysadmin rights have been given for the installer account and the SCCM computer account and SPNs have been set for the user account running the SQL
Services. -
Creating Open Directory Replica fails with Server Admin Error Value 1127
Hallo,
I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
When executing
slapconfig -createreplica master.ourdomain.com diradmin
as root on the prospective replica machine, I get the following error message:
ssh command failed with status 127
That command is not allowed with the root account via public key authentication.
That makes perfect sense to me, but how is it meant to work then?
Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
root login is not permitted to this machine via public key authentication.
While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
Replica Setup failed : This machine does not have a valid computer name
I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
Thanks and bye, Christian Völkerssh command failed with status 127
That command is not allowed with the root account via public key authentication.
Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
Then configure the /etc/sshd_config file on the OD master like this:
\# Authentication:
PermitRootLogin yes
PasswordAuthentication yes
PubkeyAuthentication no
and the /etc/ssh_config file on the OD replica like this:
PasswordAuthentication yes
PubkeyAuthentication no
Then from the OD replica as the 'root' user issue:
slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins. -
Wanboot using s10u3 and http fails with error 416 with a small(ish) flar
Hi,
Using S10 u3 (11/06) to provision a wanboot server fails
with a 1.4Gb flash image -- output at foot. The flar is there,
perms 644, and I can open it in a web browser. The serverside
log in /tmp/bootlog.HOST gives the same information.
At OpenSolaris.org, this thread
http://www.opensolaris.org/jive/thread.jspa?messageID=82856
mentions a known bug 6509337 s10s_u3 wanboot fails but
like another user of opensolaris, I cannot find that bug -- nor
does searching sunsolve for wanboot 416 give any hits.
Has anyone but the 3 folk at opensolaris and I seen this?
Thank you for your time
Using rules.ok from http://10.23.0.49/config.
Checking rules.ok file...
Using profile: profile
Executing JumpStart preinstall phase...
Searching for SolStart directory...
Checking rules.ok file...
Using begin script: install_begin
Using finish script: patch_finish
Executing SolStart preinstall phase...
Executing begin script "install_begin"...
Begin script install_begin execution completed.
Wed Jan 31 14:10:56 wanboot info: WAN boot messages->10.23.0.49:80
Processing profile
- Opening Flash archive
ERROR: Unable to access the archive. The server returned 416: Requested Range Not Satisfiable
ERROR: Could not read file (http://10.23.0.49:80/flash/s10.flar)
ERROR: Flash installation failed
Solaris installation program exited.Hi,
Using S10 u3 (11/06) to provision a wanboot server
fails
with a 1.4Gb flash image -- output at foot. The flar
is there,
perms 644, and I can open it in a web browser. The
serverside
log in /tmp/bootlog.HOST gives the same
information.
At OpenSolaris.org, this thread
http://www.opensolaris.org/jive/thread.jspa?messageID=
82856
mentions a known bug 6509337 s10s_u3 wanboot fails
but
like another user of opensolaris, I cannot find that
bug -- nor
does searching sunsolve for wanboot 416 give any
hits.
Has anyone but the 3 folk at opensolaris and I seen
this?
Thank you for your time
Using rules.ok from http://10.23.0.49/config.
Checking rules.ok file...
Using profile: profile
Executing JumpStart preinstall phase...
Searching for SolStart directory...
Checking rules.ok file...
Using begin script: install_begin
Using finish script: patch_finish
Executing SolStart preinstall phase...
Executing begin script "install_begin"...
Begin script install_begin execution completed.
Wed Jan 31 14:10:56 wanboot info: WAN boot
messages->10.23.0.49:80
Processing profile
- Opening Flash archive
Unable to access the archive. The server returned
416: Requested Range Not Satisfiable
ERROR: Could not read file
(http://10.23.0.49:80/flash/s10.flar)
ERROR: Flash installation failed
Solaris installation program exited.Same here:
Processing profile
- Opening Flash archive
ERROR: Unable to access the archive. The server returned 416: Requested Range Not Satisfiable
ERROR: Could not read file (http://199.17.241.103:80/wanboot/flar/flars/flar.sun4v.sol10_11_06.2)
ERROR: Flash installation failed
Solaris installation program exited.
Web server error log is clean, but access log contains the following:
199.17.247.252 - - [02/Feb/2007:21:35:31 -0600] "GET /cgi-bin/wanboot-cgi/?CONTENT=bootfile&IP=199.17.247.128&CID=0100144F0ED53C HTTP/1.1" 200 1087128 "-" "-"
199.17.247.252 - - [02/Feb/2007:21:35:40 -0600] "GET /cgi-bin/wanboot-cgi/?CONTENT=bootfs&IP=199.17.247.128&CID=0100144F0ED53C&NONCE=80E23BAF0AE7E91E0B8141E0B7B66323A300C4A6 HTTP/1.1" 200 379111 "-" "-"
199.17.247.252 - - [02/Feb/2007:21:35:42 -0600] "GET /cgi-bin/wanboot-cgi/?CONTENT=rootfs&IP=199.17.247.128&CID=0100144F0ED53C HTTP/1.1" 200 235 "-" "-"
199.17.247.252 - - [02/Feb/2007:21:35:42 -0600] "GET /wanboot/miniroot/miniroot.sun4v_sol10_11_06 HTTP/1.1" 200 273847296 "-" "-"
199.17.247.252 - - [02/Feb/2007:21:38:57 -0600] "HEAD /wanboot/flar/sysidcfg.patrick/sysidcfg HTTP/1.1" 200 - "-" "-"
199.17.247.252 - - [02/Feb/2007:21:38:57 -0600] "GET /wanboot/flar/sysidcfg.patrick/sysidcfg HTTP/1.1" 206 687 "-" "-"
199.17.247.252 - - [02/Feb/2007:21:43:27 -0600] "HEAD /wanboot/flar/rules.ok HTTP/1.1" 200 - "-" "-"
199.17.247.252 - - [02/Feb/2007:21:43:27 -0600] "GET /wanboot/flar/rules.ok HTTP/1.1" 206 341 "-" "-"
199.17.247.252 - - [02/Feb/2007:21:43:28 -0600] "HEAD /wanboot/flar/mybegin HTTP/1.1" 200 - "-" "-"
199.17.247.252 - - [02/Feb/2007:21:43:28 -0600] "GET /wanboot/flar/mybegin HTTP/1.1" 206 715 "-" "-"
199.17.247.252 - - [02/Feb/2007:21:43:28 -0600] "HEAD /wanboot/flar/profile.sol10_T2000_72g.0 HTTP/1.1" 200 - "-" "-"
199.17.247.252 - - [02/Feb/2007:21:43:28 -0600] "GET /wanboot/flar/profile.sol10_T2000_72g.0 HTTP/1.1" 206 501 "-" "-"
199.17.247.252 - - [02/Feb/2007:21:43:29 -0600] "HEAD /wanboot/flar/flars/flar.sun4v.sol10_11_06.2 HTTP/1.1" 200 - "-" "-"
199.17.247.252 - - [02/Feb/2007:21:43:29 -0600] "GET /wanboot/flar/flars/flar.sun4v.sol10_11_06.2 HTTP/1.1" 416 392 "-" "-"
showrev: Kernel version: SunOS 5.10 Generic_118833-33 -
Utility used to install the update failed with exit code 1
Hello!
When I try to install an update on my system, the following happens:
# smpatch update -i 119116-22
Update 119116-22 will not be downloaded since it already exists in the download directory.
Installing patches from /var/sadm/spool...
Failed to install patch 119116-22.
Utility used to install the update failed with exit code 1.
Validating patches...
Loading patches installed on the system...Done!
Loading patches requested to install.Done!
Checking patches that you specified for installation.Done!
Approved patches will be installed in this order:119116-22
Preparing checklist for non-global zone check...Checking non-global zones...
Cannot open pkginfo file //var/sadm/pkg/.save.SUNWhea/pkginfo
Non-global zone check failed. No change made to the System.
Patchadd exiting.
Failed to install patch 119116-22.
ALERT: Failed to install patch 119116-22.
Does anyone know how to fix this?
TIA
StephanThat is strange indeed, could you try downloading and
applying the unsigned zip to see if that works?The problem persits:
# patchadd -M /root/119116/
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
Checking patches that you specified for installation.
Done!
Approved patches will be installed in this order:
119116-22
Preparing checklist for non-global zone check...
Checking non-global zones...
Cannot open pkginfo file //var/sadm/pkg/.save.SUNWhea/pkginfo
Non-global zone check failed. No change made to the System.
Patchadd exiting. -
I have a web page that contains a ReportViewer control. I am trying to display a report, which is an .rdl file located on the SSRS server, in this ReportViewer control. I have set the ReportPath and ReportServerUrl correctly. I am
getting an error message.
Am I suppose to use an .rdlc file rather than a .rdl file? Does the web server configuration need to use a certain account?
I am getting the following error message:
The attempt to connect to the report server failed. Check your connection information and that the report server is a compatible version.
The request failed with HTTP status 404: Not Found.Hi bucaroov,
The error "The request failed with HTTP status 404: Not Found." means the ReportServerURL configured in the ReportViewer control is invalid.
Please follow these steps to solve the issue:
Logon the Report Server machine.
Open the Reporting Services Configuration Manager.
Copy the Report Server URL from 'Web Services URL'.
Logon the application server(in this case, it is the server that host the web page), check if we can use the URL we got from step 3 to access the Report Server. If so, please replace the ReportServerURL in the ReportViewer control with this URL. If it is
not available, could you please post the error message.
Additionaly, we don't need to provide the extension for a server report. The ReportPath should be like: /<reports folder>/<report name>
For more information, please see:
Walkthrough: Using the ReportViewer Control in Remote Mode:
http://msdn.microsoft.com/en-us/library/ms251669(VS.80).aspx
If you have any more questions, please feel free to ask.
Thanks,
Jin Chen
Jin Chen - MSFT -
AppContainers_test fails with error during pre-test configuration checks
Hello,
AppContainers_test fails with error during pre-test configuration checks:
"[FAIL] The machine is not properly configured for testing: the test directory "C:\Windows\SYSTEM32\" is not ACL'd to allow execute permission for "APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES"
But that kind of permission for APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES was allowed, also i tried to allow full access, but error was the same.
In the test WindowsFilteringPlatform_Tests, the same requirement "REQ - Wfp-based products must not block App Container apps operating within their declared network intentions by default" was checked successfully.
How can i pass successfully AppContainers_test?
I installed lastest versions of QFE and filters on my server, but it didn't help.Hi M'Alerter,
I have the same issue, have you found a solution to your problem ?
Cheers,
Ghalem -
Hello SAP Gurus,
when trying to install SAPNW2004sSneakPreviewABAP in phase 4 I get error:
ERROR 2006-08-08 08:52:40
CJS-30129 Creating node $(DIR_TRANS) with type DIRECTORY failed. Original exception text was: syslib.filesystem.nodeCreationFailed:
Unable to create node
pc05\sapmnt\ with type DIRECTORY: can't create parent node..
I searched SDN and found as possible error causes: lacking authorization of installation user or users nspadm and SAPServiceNSP, wrong JRE version, but those are not applicable.
Any other suggestions?
SimonHello Prince Jose,
thanks for the reply, it brought me to the solution: I had to de-activate the Windows Firewall and hat to check 'Network users are allowed to change files'.
I know made it till phase 17, quite a step.
Best,
Simon -
We have a hosted SSRS server and we access it's reports using the reportviewer in an ASP.net application.
We are getting the error: The request failed with HTTP status 401: Unauthorized. When trying to run one of the reports. I have confirmed that the login details work when logging into the report manager page directly.
I have implemented an instance of IReportServerCredentials in a separate class (below) and I call it from the page before it tries to access the report. I'm not sure if this is all I need but can't seem to find any other info.
I have managed to gain access connecting to the external server from my PC and accessed the report, but when I promote the code to production and run it from there on my local PC I get the unauthorized message again: the request failed with http status
401: unauthorized
The class:
[Serializable]
public sealed class MyReportServerCredentials :
IReportServerCredentials
public WindowsIdentity ImpersonationUser
get
// Use the default Windows user. Credentials will be
// provided by the NetworkCredentials property.
return null;
public ICredentials NetworkCredentials
get
// Read the user information from the Web.config file.
// By reading the information on demand instead of
// storing it, the credentials will not be stored in
// session, reducing the vulnerable surface area to the
// Web.config file, which can be secured with an ACL.
// User name
string userName =
ConfigurationManager.AppSettings
["MyReportViewerUser"];
if (string.IsNullOrEmpty(userName))
throw new Exception(
"Missing user name from web.config file");
// Password
string password =
ConfigurationManager.AppSettings
["MyReportViewerPassword"];
if (string.IsNullOrEmpty(password))
throw new Exception(
"Missing password from web.config file");
// Domain
string domain =
ConfigurationManager.AppSettings
["MyReportViewerDomain"];
return new NetworkCredential(userName, password);
public bool GetFormsCredentials(out Cookie authCookie,
out string userName, out string password,
out string authority)
authCookie = null;
userName = null;
password = null;
authority = null;
// Not using form credentials
return false;
The call to the class, just before the report is run:
if (GetConnection.GetConnectionString().ToString().Contains("IP of external server removed"))
invoiceviewer.ServerReport.ReportServerCredentials = new MyReportServerCredentials();
We have tried so many things here, we don't even care whether the server authenticates or not but it appears to be as standard. Our hosting company has also drawn a blank and changed so many settings to no avaHi Nasa1999,
According to your description, you are getting the error: The request failed with HTTP status 401: Unauthorized when you access the report using the ReportViewer in an ASP.net application.
Regarding the 401 error, it could cause by the Service Principal Name(SPN) for the account the Reporting Services is running under hasn’t been registered when the Reporting Services is configured to use Kerberos authentication. So in your scenario,
please check if you are using Kerberos authentication. If that is a case, please make sure SPN is configured correctly. For more information, please refer to the similar thread:
The request failed with HTTP status 401: Unauthorized. in SSRS.
If issue persists, please check the Reporting Service error log (default location: %programfiles%\Microsoft SQL Server\<SQL Server Instance>\Reporting Services\LogFiles) around the time that the error message thrown out.
If you have any question, please feel free to ask.
Best regards,
Qiuyun Yu
Qiuyun Yu
TechNet Community Support -
Installer MSI fails with no error or message of any kind. Tested compatability with the windows compatability check and it comes back as not compatible. What now?
Hans,
It is a known problem on Windows 98, Windows and Windows 2000 if you are using Intel Pentium 4 processor with Sun JRE and Symantec JIT. I had the same problem with Windows 98. Oracle has a patch. Please see Note:131299.1 on metalink for details.
Maybe you are looking for
-
My ipod is connected to the computer but not shown in itunes
so i hooked my ipod nano 4gb to my computer and it says do not disconnect on the screen. also the owner ipod is not showin in itunes player what should i do.
-
How does one change an IMAP email account to a POP account in Apple Mail? I'm using OS 10.6.8 and Apple Mail 4.5. Thank you.
-
How to fix a crooked lid?
Unfortunately, due to student life, the lid of my new unibody MBP has been knocked crooked. Everything works perfectly, the issue is purely cosmetic. Does anyone know if it is feasible to take the back panel off and attempt to push the hinge back in
-
BAPI or IDOC for Advance Shipment in CS
Hello I have to create Interface (inbound to SAP) for following function. (1) Create Service Notification and Create Sales Order from Notification and need copy from contract. This function can execute by manual. 1) IW51 create Notificatio
-
Why have my contacts' addresses disappeared from my iphone and ipad?
Why have my contacts' addresses disappeared from my iphone and ipad?