Configure BO System to Accept Secure Login Certificate

Similar Messages

• How to Configure the system to use an firm's accepted warning banner in 10g

  Hello.
  I need to configure the system (oracle 10.2) to use an firm's accepted warning banner. I was able to do it in version 11 by putting entries in sqlnet.ora file. It then displayed when connectting as user (sys, system). I tried the same with 10.2 version and it doesnt display. Do i need to do anything different in 10g. I could not find the lead on googling it.
  I used theses entries in sqlnet.ora for 11g
  SEC_USER_UNAUTHORIZED_ACCESS_BANNER = <path>\banner2.txt
  SEC_USER_AUDIT_ACTION_BANNER = <path>\banner.txt
  Do we have to do differenetly in 10g. please help
  Thank you very much

  maggie wrote:
  Thanks for responding. Is there a way to create a banner in 10.2 version of oracle. I need to didpaly it as part of checklist i am working on for 10g.
  ThanksUnfortunately, auditors and security nazis dream up "requirements" without ever considering the capabilities and limitations of the selected technology. A lot of these guys get their technical knowledge from American Airlines Magazine when they get tired of reading the SkyMall catalog.
  Sometimes you just have to document the exception, get a manager's signature, and keep it on file.

• Since I uninstalled avast! antivirus and installed Bitdefender Internet Security 2015 Thunderbird asks whether to accept an invalid certificate.

  Since I uninstalled avast! antivirus and installed Bitdefender Internet Security 2015 Thunderbird asks whether to accept an invalid certificate when trying to receive new messages.
  Please have a look at the two attachments (there seems to be a problem with uploading jpg files).
  Obviously Bitdefender manipulates the certificate (probably to be able to scan the mails via SSL connection). But I'm not sure.
  Would you recommend to confirm an exception for this certificate (permanently)?
  Thanks in advance.
  Greetings
  Marco

  Thank you, christ1.
  I found out that after disabling SSL Scanning in Bitdefender, this issue no longer exists.
  Maybe this can be considered as confirmation that this certificate really belongs to Bitdefender. Because that's actually what I'm concerned about, i.e. how to validate this certificate to make sure that Bitdefender is the issuer.

• Secure Login System

  I know that this might be quite simple to advanced PHP users and CSS coders but I am new to that sort of thing. Although I am very advanced in HTML and with computers in general, and dreamweaver, but I am confused on how I would go about adding in a secure login system for my sites users to use and a member area for their profiles they can use and such. I have done a lot of looking around and research on how to do this and all I have seem to find are terrible youtube videos on how to do MSQL which is doesnt really comply with DW, and other numerous sites offering paid for exstentions for such a thing.
  Is there any easy way to do this such as somone who has (or can) write a easy to cpy and paste code that allows this. I know that sounds weak and lazy but I dont understand any other way to do this. Im kinda on a low budget which is why I make websites in the firstplace. So if anyone can lead me in the right direction or just help me in some or any way at all i would really appreciate it.
  Thanks.

  The Dreamweaver Help files contain instructions on how to build a login system. There's also an online tutorial by Sherri German (a very reliable writer on Dreamweaver). Sherri's article is based on the original release of the user authentication server behaviors as a Dreamweaver extension. The server behaviors are now built into Dreamweaver, so you don't need an extension.

• System.setProperty("java.security.auth.login.config","rajesh.txt");

  Dear All,
  System.setProperty("java.security.auth.login.config","rajesh.txt");
  Is this a right way to define system property. Since I am not able to set this property. Even from cmd prompt also
  I have tried. But no use. Please suggest me, what elseI have to do to set this property.
  Thanks,
  Rajesh

  hi,
  Thanks for your response, finally i got solution. As you told I just check with file path, it works.
  regards
  rajesh

• Reading Encrypted Password from Configuration File and Decrypt it at login

  Hi All,
  My application reads a configuration file to connect to the ORACLE database. The values defined for password are clear text as given below:
  user: 'mh'
  password='abcd1234'
  Is there is any way I can give an encrypted password in the configuration file instead of a clear text file and at the time of login ORACLE decrypts it. I am using ORACLE 11g Database.
  My company have a requirement that passwords are not stored in the clear in properties files. the reason being I suppose that if the password is stored in plaintext someone could hit the property file directly, get the password and then connect to the database with it.
  For a regular user connecting through an Oracle client or SQL Developer they would need to have the plaintext password in order to connect.
  its based on the requirements of
  International Standards Organization Guidance
  ISO 17799 � 9.5.4 requires password management systems to:
  � enforce the use of individual passwords
  � allow users to select and change their own passwords if appropriate
  � enforce a choice of quality passwords
  � force regular changes of passwords
  � maintain a record of previous user passwords to prevent re-use
  � not display passwords when they are being entered
  � store password files separately from application system data
  � store passwords in encrypted form using a one way encryption algorithm
  � alter default vendor passwords following installation of software
  So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.
  I have feeling there is a way of configuring this in Oracle advanced Security, but just can't quite get it to work.
  Edited by: user5568473 on 20-May-2013 00:05

  So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.... and neither can your application. Encryption is needed in this case. The decryption must be written into your application. I've written my own in some cases, but finding a library for your development language is a smarter solution.
  One alternative is using an Oracle wallet. It doesn't fit every circumstance and does have some maintenance headaches.
  You can set up a basic secure password store to encrypt and store the password for a given user@instance combination, and then connect to the database without passing a password. SQL*Net adds in the appropriate password from the wallet for when you connect.
  http://www.oracle.com/technetwork/database/security/twp-db-security-secure-ext-pwd-stor-133399.pdf
  Advanced Security Option also allows you to set up a Public Key Infrastructure connections (SSL encryption and/or authentication). It also uses a wallet to store the SSL certificates and credentials. I don't have personal experience on this approach.
  SSL and the wallet allow you to connect to the database similar to CONNECT/@net_service_name or sqlplus /@net_service_namehttp://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#CIHCBIEG

• Secure Login and trust between BO/BW

  Hi.
  We configured server-side trust between BO and BW using libsapcrypto library. All works fine.
  Now we installing Secure Login (SAP NetWeaver Single Sign-On) for SSO from SAP GUI based on Kerberos token. To configure Secure Login we need to modify profile parameters like
    snc/identity/as=p:CN=QBW, OU=Surgutasuneft, O=Surgutneftegas, C=RU
    snc/gssapi_lib=/sapmnt/QBW/exe/libsapcrypto.so
  which were in use by server-side trust between BO and BW. So when we modify them like in installation guide for Secure Login to this:
    snc/identity/as=p:CN=SAP/[email protected]
    snc/gssapi_lib=/usr/sap/QBW/DVEBMGS20/SLL/libsecgss.sl
  we can use SAP GUI SSO to BW but can't run reports from BO since we broke server-side trust.
  We tried many different variations of using these two libraries (including fully regenerating certificates both on BW and BO for server-side trust) but they all failed.
  Any suggestions of how we can activate SAP NetWeaver Single Sign-On on our BW systems, without breaking server-side trust between BW and BO?
  Thanks in advance
  wbr
  Stanislav

  Thanks, but this problem was resolved. Frane was very helpfull in solving this problem, but it was beyond the forum.
  He described the possibility of Secure Login Client that I did not know.
  Another possibility is implemented in Secure Login Client 1.0 SP02 Patch 03 and higher (current version is 1.0 SP03 Patch 02).
  Secure Login Client is able to “rebuild” the required SPN Name (in your example p:CN=SAP/[email protected]).
  This means if the X.509 certificate SNC name is p:CN=KerberosSSO à Secure Login Client will rebuild p:CN=SAP/[email protected]
  This works also if the X.509 certificate name is p:CN=KerberosSSO, OU=SAP Security, C=RU
  Maybe this solution integration is easier for You? You can use the transaction STRUST to create a self-signed certificate.
  Thanks again, Frane.

• How to configure the system cache

  I found that JS2E has this enhancement:
  System Cache: Java Web Start now contains both system and user caches. The system administrator can now pre-load applications and shared libraries into the system cache so that multiple users can share the same resources.
  Now how exactly do I pre-load applications?

  Clearly the documentation of these two subjects needs to be addressed. I will try to get a compete "How to" document posted later in the month, meanwhile:
  1.0)Enterprise Configuration Setup
  To configure a system or enterprise configuration, you need to create a file called �deployment.config� and put it in the right place. Java Plug-in and Java Web Start will look for this file first in the directory it calls �deployment system home� , and if not found there, will look in lib directory of the JRE you are running Plug-in or Web Start from. The �deployment.system.home� directory is platform dependent. On unix, it is �/etc/.java/deployment�. On Windows it is <windows dir>/Sun/Java/Deployment.
  If the file is in deployment.system.home, it will be used by all jres (only valid from 5.0 and up). If the file is not there, but in the lib directory of the jre, it will only be used when that Plugin-in or Web Start are launched from that jre.
  The file contains is a java properties file, with only two possible properties in it: deployment.system.config, and deployment.system.config.mandatory. Here are two example deployment.config files:
  deployment.system.config=http\://MyCompany.com/deployFiles/deployment.properties
  deployment.system.config.mandatory=true
  deployment.system.config=file\:/C\:/Program Files/java/jre1.5.0/lib/deployment.properties
  deployment.system.config.mandatory=false
  Note in both examples, the colon in a properties file must be escaped. This also applies to backslashes themselves in the examples below. This is a common problem.
  The first example could be deployed by the admin in deployment.system.home, to require all jres used on this system to load the default and locked properties from the url before launching any Java Plug-in applet or Java Web Start application.
  The second example could be deployed with the jre, with both deployment.config and deployment.properties
  The deployment.properties file pointed to, can contain any of the properties that can be contained in the users deployment.property file (see list on http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/properties.html). They can also lock properties by listing the property key with �.locked� appended to it. Here is an example system deployment.properties file:
  deployment.user.cachedir=D\:\\deployment\\cache
  deployment.security.sandbox.awtwarning=false
  deployment.security.askgrantdialog.notinca=false
  deployment.security.askgrantdialog.notinca.locked
  The first two properties are not locked. The use can change to use a different cache location, or turn back on the AWT Warning banner. The last property is locked. The user is not allowed to grant trust to applications who's jars are selfsigned (or signed with any root not in the rootCA certificate store, nor is he allowed to change this setting. The entry in the control panel for this property will be disabled, and any change made to the users deployment.properties file for this property will be ignored.
  Now for system cache:
  The system cache property is:"deployment.system.cache.dir". It can be set in either an enterprise or users deployment.properties file with:
  deployment.user.cachedir=D\:\\deployment\\system\\cache
  /Andy

• Secure Login library

  Hi All,
  I want to implement single sign on using secure login. Secure login provides 3 components: secure login server,secure login library and secure login client.
  In installation guide it says that it is not necessary to install all components.This depends upon the use case scenarios.
  In my case it will be active directory using kerberos technology. So I have to install login library and login client. or any one of them.
  Please let me know.
  Regards,
  Josh

  Hi,
  please do the below steps
  Step1: Install SAP library on your local P.C.
  Step 2: Configure the sapdoc.ini
  Configure file sapdoc.ini with the entry as shown. This file exists on C:\Windows. If it is not found, create it using your favorite text editor.
  HtmlHelpFilePath-EN=<C:\Program Files\SAP\SAP ERP Central Component 5.0 English\HELPDATA\EN> : Path of SAP help where you installed it on your P.C.
  u2014-
  Step3: logon to sap dev system
              u2013> Execute the tcode SR13
              u2013> Click on the tab HtmlHelp file
              u2013 >Click on New entries Enter variant name (ECC5 if u r using SAP ECC5)
              -->Platform =Win32 if you are using xp
              -->Area =IWBHELP
              -->Path = http://help.sap.com Or path of the your server where SAP library is installed.
               Save it. Request Dialog prompts you to create request. Create Request.
              Transport the request to Quality & Production.
  Note: Entries in the file sapdoc.ini overwrites the settings present in SR13, if SAP library is not available on your local
  system, it starts from central location.
  Do you  want more details for this issue please find  below link
  http://www.scribd.com/doc/6213550/How-to-Setup-Sap-Library
  Regards,
  K.Ramamoorthy

• Secure login client is not working in VPN

  Hi,
  We have scenario where users connect to office network though VPN and access SSO. When users connect through VPN, users are not able to login in SLC and hence not receiving X.509 user certificate. It shows the following error when try to login in SLC.
  "There are currently no logon servers available to service the logon request"
  But the same SLC is working when users connect directly (ex LAN or WI-FI) to the network.
  We have enabled secure login client trace and found the below errors in the trace when user is connected through VPN.
  SLC trace file
  [2014.04.23 14:23:24.531][ERROR][sbus.exe            ][BASE        ][  6060] ERROR(0xA0100017) in CRYPT->sec_crypt_cipher_get_cipher_len(): An attribute is missing
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/ssodev' with algorithm 23 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/ssodev' with algorithm  3 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/ssodev' failed (user name is [email protected])
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_spnego_CreateToken(): No Kerberos ticket for the requested service
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/[email protected]' with algorithm 23 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/[email protected]' with algorithm  3 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/[email protected]' failed (user name is [email protected])
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_spnego_CreateToken(): No Kerberos ticket for the requested service
  [2014.04.23 14:28:38.171][TRACE][sbus.exe            ][sbusslogin.d][  6056] { CSecureLogin_Protocol_2_0::Send_DeleteSession
  Anyone suggest us to fix this issue.
  Regards,
  Yogesh Kumar D

  Hello,
  which kind of VPN do you use?
  Does this guarantee full network access to the domain servers?
  Is the VPN network IPv4 or IPv6 based?
  thanks for the information
  best regards
  Alexander Gimbel

• Web Center app with ADF Security - login problem

  I have a custome Oracle Web Center app.
  I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&amp;end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
  P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
  Edited by: new_to_webcenter on 18-Jan-2011 05:25

  Thanks for your response Frank.
  The web.xml has
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.html</form-error-page>
  </form-login-config>
  </login-config>
  When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
  "/faces/postLogin.jspx"
  this then adds into web.xml
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/postLogin.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  So the sequence which works is:
  Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
  I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
  So should the form be posting to j_security_check directly or to the adfAuthentication ?

• Help me configure my webserver to accept completed .pdf forms via free Acrobat Reader

  OK, just purchased Acrobat Pro XI subscription, I have already created the following .pdf at the link below:
  http://www.pdfdoctor.net/eca/creditapp004_02.pdf
  on the last page I have a Submit button, that will send/upload the completed .pdf to my web server, the .pdf is working fine, I just need help configuring my server to accept the file submissions itself, such as the following:
  1. what should be the directory file permissions?
  2. do I need a htaccess file in that directory or in my main root directory and what should be in it, I HAVE NO IDEA, once I get this working then I will be set, please help, thankyou.
  [email protected]

  Submitting in HTML format is useful if you're only interested in the form data, but since your form includes digital signature fields, you will want to submit the entire PDF. Using multiple digital signature fields intended for different signers doesn't make much sense for a web form, unless you intend to serve a form that was signed by one person to then be signed by another.
  If submitting the entire PDF, the script can save the entire incoming POSTed data to a file somewhere, in addition to all of the security-related things it needs to handle, and then return a response. As mentioned earlier, it is usually best if this response is an FDF. Here's a link to an introduction to some of the basic concepts: Working with Form Data in Acrobat X | Acrobat Community TV | Adobe TV
  starting at the 9:50 mark. It deals with submitting in HTML format, but it should get you started.

• Safari on Windows could not accept self-signed certificate

  Hi, i am using Safari 5.0.4 on Windows 7 and I am trying to access an https site with a self-signed certificate (internal developing site).
  after i install the certificate to the Windows certificate store (i try both Personal store and Trusted Root Certification), when i try to browse the site, Safari asks me to choose a certificate, after i choose it, after a long hang time, Safari displays "Safari can't open the page".
  My questions are:
  1. Any one has configured safari on windows to accept self-signed certificate successfully?
  2. i see some other posts saying "Safari on Windows has bug to use the self-signed certificate", any official document or link saying this if this is true?

  Microsoft Windows web browser support questions?   Try one or more of these resources:
  http://technet.microsoft.com/en-us/library/cc747495(WS.10).aspx
  http://www.leonmeijer.nl/archive/2008/08/01/123.aspx
  http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get-ie8-to-acc ept-a-self-signed-certificate
  That was from tossing the /internet explorer import self-signed certificate/ query at Google, and some poking around.  StackOverflow and Microsoft Technet and the Microsoft KBs have more details on Microsoft platforms and products and permutations, too.
  The usual best fix with this stuff is to create your own certificate authority (CA) root certificate and to configure that within your chosen platforms and browsers, but I do not know (off-hand) how to do that on Microsoft Windows boxes.  Google or some KB probably has details of loading your own root cert.  This approach means loading one cert, and the rest of what you create that's signed from that cert will now automatically be trusted.  Basically you become your own CA provider, load your root cert into each of your clients, and then issue your own certs chained from your own root cert, and Bob's Your Uncle.

• TMS configuration  TWO  SYSTEM LAND SCAPE

  Hi
  can any body help me , how to configure TMS.
  i am using two systems (Development and Production), and 3 clients
  DEV = 100 for develpment, 300 for Quality
  PRD= 100 for Production.
  here we need any transport approvel
  Thanks in Advance
  siva kumar
  [email protected]

  Hi Siva,
  Logon to DEV 000 > STMS >
  Define the domain controller System DEV or PRD.
  Add PRD system into transport domain
  Overview Systems > Create > External System
  Specify Host name & SID Other parameters of the PRD. DEV will send the request to PRD system to accept the request from the DEV to add into the domain. Logon to the PRD go to STMS accept the request. In DEV system Approve the same.
  Now system are in domain. DEV system STMS > Extras Distribute and Activate the configuration. There you have to specify that 2 Systems are in landscape. Specify the DEV as Development  System. PRD as Production System. mention that automatically configure the transport route and distribute.
  Transport route Between DEV -> PRD.
  While Doing Transportation please follow my earlier reply like:
  Custmozing:- Release from DEV 100 and import into DEV 300 (Quality client) and Finally import into PRD with approval.
  Workbench:- Release from DEV and import into PRD
  This link may be useful for reference
  http://help.sap.com/saphelp_47x200/helpdata/en/44/b4a09a7acc11d1899e0000e829fbbd/frameset.htm
  Reward points if Helpful.
  Regards
  Ganesh

• Windows could not finish configuring the system error after sysprep /generalize

  Hi
  I just installed Windows 7 Ultimate RTM off from technet and as always I do make use of WIM images on having them deployed to my home PC's
  I was able to have it installed on a clean machine and once the wizard appeared i immediately entered Audit mode (shift+ctrl+f3) and the usual I loaded all of the software i need to pre-install after I was done I Immediately loaded sysprep and had it with the generalized option
  now this is where the problem begins....... after it restarts during the "Setup is starting Services" screen it gives me a message box error saying "Windows could not finish configuring the system. To attempt resume configuration, restart the computer" and once I press ok it jsut restarts and gives the same error again.
  This does not happen when i dont select the generalize option in sysprep.
  Anyone who had the same issues?

  I now have the ACTUAL SOLUTION to this problem.  This solution will actually tell you exactly what registry key is causing your sysprep to fail, so then you don't have to slowly install
  every program until you find the problem -- especially since this didn't work for me because my problem has been intermittent.
  This issue is caused by certain registry keys that are either:
  a) Larger than 8kb
  b) Set with incorrect permissions
  c) Corrupt in some way
  For me, the problem was intermittent (same registry key would sometimes cause the issue and sometimes not - must be corrupt sometimes) so it was impossible to tell what program was doing it.  Luckily, there is a log you can look at that will tell you
  exactly what registry key is erroring out.  Here are the steps for getting the log you need to see:
  When you see the error message, do the following:
  1.) Push Shift+F10 to get to a command prompt
  2.) Navigate to C:\windows\Panther
  3.) Find the Setup.etl file and find a way to copy this file off of the system (I copied it to the D:\ partition and used Ghost to gather that partition and get the file off)
  4.) Copy the setup.etl file from the corrupted system to another computer that has Windows 7.  Put it on the root of C:\ for easiest access.
  5.) Open a Command Prompt on the Windows 7 computer.
  6.) Navigate to the root of C:\ (or wherever you saved the file)
  7.) Type "tracerpt setup.etl -o logfile.csv"
  8.) Close the command prompt and open up logfile.csv in your text editor of choice. 
  9.) Look through the log file (towards the end probably) for messages that say "Failed to process reg key or one of it's decendants"  For me, the exact eror looked like this: "Failed to process reg key or one of its descendants: [\REGISTRY\MACHINE\SOFTWARE\ESET\ESET
  Security\CurrentVersion\Plugins\01000200\Profiles\@My profile]"  If you search for "reg key" or "failed to process" you should find the failure.
  10.) Remove this software from your image, or find out how to get the registry key that is failing to work properly.
  After this, you should be able to properly identify any problem keys and remove/workaround them on your image.
  I see this post is about a year old at this point, but after searching the internet for weeks, I had high hopes for this solution. It seemed to go well, but the logfile.csv doesn't have the word "fail" in it anywhere...no "reg key", nothing. Did a sysprep
  install with an unattend.xml answer file that seems to be working properly, but hangs at "Setup is starting services." forever.
  At this point, I'm pretty convinced that the problem is a service or reg key error from one of the apps I installed during audit mode, but I can't tell which app/service is causing the problem.
  Are there any other methods for viewing failed services or registry errors that would cause the sysprep install process to hang at "Setup is starting services."?
  Willing to post logfile.csv from the "tracerpt setup.etl -o logfile.csv" command, or other log files such as setupact.log, etc. Nothing popped out at me.
  For now I think I'll start making multiple .wim files with only certain software installed to try to discover which application is the culprit...just wish there was an easier way.