Could not retrieve a valid windows identity - access is denied

Similar Messages

• Claims debacle (error) with Term Store: "Could not retrieve a valid windows identity" for all sites in a particular web app.

  When I pull up the Term store in CA or any MySite collection, it works.
  When I do so in any other site collection (HNSCs, incidentally), It doesn't return any term stores.
  My ULS log immediately before and after the "/_vti_bin/taxonomyinternalservice.json/CheckPermission" POST on termstore .aspx triggers the WCF call:
  Claims Authentication af30y Verbose Claims Windows Sign-In: Successfully signed-in the the user 'contoso\domainUser' for request url 'https://sp13-root-prd.contoso.com/_vti_bin/taxonomyinternalservice.json/CheckPermission'.
  Claims Authentication af30q Verbose Updating header 'LOGON_USER' with value '0#.w|contoso\domainUser' for the request url 'https://sp13-root-prd.contoso.com/_vti_bin/taxonomyinternalservice.json/CheckPermission'.
  Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|contoso\domainUser, ClaimsCount=77
  Logging Correlation Data xmnv Medium Site=/
  Topology e5mc Medium WcfSendRequest: RemoteAddress: 'http://CONTOSOFE3:32843/00e6d55691824965ac223f1d1cfae6d2/MetadataWebService.svc' Channel: 'Microsoft.SharePoint.Taxonomy.IMetadataWebServiceApplication' Action: 'http://schemas.microsoft.com/sharepoint/taxonomy/soap/IDataAccessReadOnly/GetChanges2' MessageId: 'urn:uuid:590e916c-c89a-4f89-9819-a82c97fabcaa'
  Claims Authentication bz7l Medium SPSecurityContext: Could not retrieve a valid windows identity for username 'contoso\domainUser' with UPN '[email protected]'. UPN is required when Kerberos constrained delegation is used. Exception: System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: WTS0003: The caller is not authorized to access the service. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.UnauthorizedAccessException: WTS0003: The caller is not authorized to access the service. at Microsoft.IdentityModel.WindowsTokenService.CallerSecurity.CheckCaller(WindowsIdentity callerIdentity) at Microsoft.IdentityModel.WindowsTokenService.S4UServiceContract.PerformLogon(Func`1 logonOperation, Int32 pid) at SyncInvokeUpnLogon(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet))..
  Claims Authentication g220 Unexpected No windows identity for contoso\domainUser.
  The "The caller is not authorized to access the service." message seems pertinent.
  Both web apps are using only NTLM auth.
  The url for both web apps ends in the same contoso.com domain. 
  I get the same errors no matter what account I use, including the install account.
  Things I've tried:
  Deleting and building a new HNSC root web app and site. Error happens in all sites in all web apps except the PBSC hosting MySites.
  Giving the root site app pool identity full control of the metadata service app (even though the MySite identitiy doesn't have it)
  Giving the root site app pool identity full permissions on the metadata service app.
  Comparing database and web app config permissions between dev (where everything works perfectly) and prod (where it does not).
  Made sure IIS auth settings on both sites are identical
  Both sites are using the same SSL certificate (though the call to the web service appears to be http)
  Reprovisioned the metadata service app with a new database and new app pool identity.
  Made sure C2WT is running. Tried it with the service stopped as well.
  Web.configs are identical between working and non-working apps.
  I'm stumped but still Googling. I'm hoping to avoid having to call Micrososft. Any help would be appreciated!
  UPDATE:
  Interestingly, when I restored the web application from backup (via CA), I ended up with 3 identical "Windows Authentication" authentication providers assigned to the problem web app. Since there was more than one, I was directed to the provider-chooser
  page when visiting the site. Upon choosing 1 of the 3, I was authenticated, and *poof*, no more authentication errors and the term store loaded term sets as expected.
  Of course, 3 providers was not an ideal state, so I grabbed the one that worked (#1) via get-spauthenticationprovider, and assigned it to the web app via set-spwebapplication, and my problem returned.
  I am currently updating the farm to SP1 from June 2013 CU. Fingers crossed.
  Update:
  The update to SP1 went smoothly, but did not resolve the issue. Also related (I believe) are the random authentication errors when trying to upload images to some libraries, and 401-errors on the accessdenied.aspx page itself.
  Update:
  The problem is resolved, seemingly after making 4 changes. I'm trying to narrow down which change was the cure, if any:
  I installed SP1 on all 6 servers, rebooted and upgraded. This appeared to have no effect.
  Removed an old login from SQL that no longer existed in AD because of this ULS error:
  System.Runtime.InteropServices.COMException: The user or group contoso\svc_xxxxxxxxx' is unknown., StackTrace:    at Microsoft.SharePoint.Utilities.SPUtility.GetFullNameFromLoginEx(String loginName, Boolean&
  bIsDL)
  This login was the identity of the application pool that used to run the web app in question.
  This login was the schema owner of a schema named after itself on every SharePoint database so I changed the schema owner to dbo but left the schema attached.
  The problem may have surfaced initially when the app pool identity was changed in CA, but went unnoticed?
  Note that the web app had been deleted and recreated many times with a new identity and pool to no avail, but the URL remained the same throughout each attempted fix. Relevant?
  Grasping at straws, I changed the app pool identity for this web app to the same one that runs the MySite web app pool as per this only slightly related problem: http://www.planetsharepoint.org/m/preview.php?id=372&rid=34764&author=Vlad+Catrinescu
  I changed the authentication method from NTLM to Negotiate.
  I am rolling back #3 and #4 to see if the issue resurfaces.
  Update:
  It doesn't appear to have been the NTLM/Negotiate setting. Web app is currently set to NTLM and all is well. No strange accessdenies, and term Store is still manageable from all sites.
  Update: Sorry for the delay. I am administering 6 farms these days. Will update as soon as the final phase of rollbacks happens.
  I think I can. I think I can.

  maybe that web app was accidentally created with classic auth?
  here's an example of how to create claims based, with classic, and then "doing 2013" claims
  #Create the example web application, as mentioned above, either with gui, and pick later, or
  New-SPWebApplication-ApplicationPool$applicationPool-ApplicationPoolAccount$serviceAcct-Name$WebApp-Port
  5050
  -databaseName$contentDB-securesocketslayer
  #If doing for 2013
  New-SPWebApplication-ApplicationPool$applicationPool-ApplicationPoolAccount$serviceAcct-Name$WebApp-Port
  5050
  -AuthenticationProvider(new-spauthenticationprovider)
  -databaseName$contentDB-secureSocketsLayer

• Error: SPSecurityContext.WindowsIdentity: Could not retrieve a valid windows identity for NTName='

  I'm getting the following error, but it only seems to happen with my 'admin' id.  At our company we have a regular user id that we use for daily use that has our email attached to it, and then we have an admin id that has elevated privileges on the
  various systems.
  I haven't found any trace of this error appearing for anyone else in the system, only for my Admin id.  I don't know if it has something to do with not having an Exchange account set up for it, or if there is something else missing.  In searching
  for this error I can find lots of references to Kerberos, but we don't have that running at this company.  I'm not sure why it says Kerberos in the error message.
  Any ideas?
  THanks.
  Ted
  P.S.  Here is the error:
  SPSecurityContext.WindowsIdentity: Could not retrieve a valid windows identity for NTName='Domain\ID', UPN='[email protected]'. UPN is required when Kerberos constrained delegation is used. Exception: System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]:
  WTS0003: The caller is not authorized to access the service. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.UnauthorizedAccessException: WTS0003: The caller is not authorized to access
  the service.   
   at Microsoft.IdentityModel.WindowsTokenService.CallerSecurity.CheckCaller(WindowsIdentity callerIdentity)    
   at Microsoft.IdentityModel.WindowsTokenService.S4UServiceContract.PerformLogon(Func`1 logonOperation, Int32 pid)    
   at SyncInvokeUpnLogon(Object , Object[] , Object[] )    
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)    
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)    
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)    
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc)    
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet))..
   

  Hi Ted,
  What operations(e.g. create a site?) are your performing with your "admin" account, when you are getting this error?
  Please check the following article with similar posts, e.g. grant the admin account proper permissions, or modify the config file (please back up the original file in a safe place for recovery in future), etc., let us know results.
  http://onefootinthecloud.blogspot.jp/2012/01/save-template-error-no-windows-identity.html
  https://social.msdn.microsoft.com/Forums/sqlserver/en-US/efb39291-857c-4a85-b244-56712f11430a/sharepoint-2010-migrated-to-claims-strange-error?forum=sharepointadminprevious
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/b4d06b64-a713-480e-a00c-d02a466ad891/claims-to-windows-token-issue?forum=sharepointadminprevious
  Thanks,
  Daniel Yang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] 
  Daniel Yang
  TechNet Community Support

• ERROR: Could not retrieve a valid windows identity

  When I try to create PowerView reports from BISM connection file, I get error:
  <MoreInformation>
  <Source>Microsoft.ReportingServices.ProcessingCore</Source>
  <Message msrs:ErrorCode="rsErrorOpeningConnection" msrs:HelpLink="http://go.microsoft.com/fwlink/?LinkId=20476&amp;EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&amp;EvtID=rsErrorOpeningConnection&amp;ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&amp;ProdVer=11.0.3000.0"
  xmlns:msrs="http://www.microsoft.com/sql/reportingservices">Cannot create a connection to data source 'TemporaryDataSource'.</Message>
  <MoreInformation>
  <Source>Microsoft.AnalysisServices.AdomdClient</Source>
  <Message/>
  <MoreInformation>
  <Source>Microsoft.SharePoint</Source>
  <Message>Could not retrieve a valid Windows identity.</Message>
  <MoreInformation>
  <Source>mscorlib</Source>
  <Message>WTS0003: The caller is not authorized to access the service.</Message>
  </MoreInformation>
  </MoreInformation>
  </MoreInformation>
  </MoreInformation>
  From SharePoint logs: I get following exception details:
  01/02/2013 11:00:34.17            w3wp.exe (0x0828)        0x2AEC SharePoint Foundation  Claims Authentication               
  bz7l        Medium              
  SPSecurityContext: Could not retrieve a valid windows identity for username 'DOMAIN\user' with UPN 'user@domain'. UPN is required when Kerberos
  constrained delegation is used. Exception: System.ServiceModel.EndpointNotFoundException: The message could not be dispatched because the service at the endpoint address 'net.pipe://localhost/s4u/022694f3-9fbd-422b-b4b2-312e25dae2a2' is unavailable for the
  protocol of the address.    Server stack trace:      at System.ServiceModel.Channels.ConnectionUpgradeHelper.DecodeFramingFault(ClientFramingDecoder decoder, IConnection connection, Uri via, String contentType, TimeoutHelper&
  timeoutHelper)     at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)     at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection
  connection, TimeoutHelper& timeoutHelper)     at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)     at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan
  timeout)     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
  timeout)     at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)     at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)    
  at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
  methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
  reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dup.UpnLogon(String
  upn, Int32 pid)     at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(Func`2 contractOperation)     at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity().               
  a1bef09b-025a-208e-cd5e-4ef6678b6d0d
  Any help on how to get this resolved would be greatly appreciated.

  Hi GuYuming
  I have already read the mentioned blog. Code mentioned there gives me the following output. 
  I have already verified that the c2WTS service is running and it's dependency 'Cryptographic services' is also running.
  Where is the root cause? How can I resolve this?
  Output of the code on the mentioned blog:
  Testing Service c2WTS
   +- Service c2WTS found
   +- Service c2WTS is running
   +- Path of service: C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe
   +- Config File: C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe.config
   +- Service Logon: SYSTEM\NT AUTHORITY
  ----- start of config file ----
  <?xml version="1.0"?>
  <configuration>
    <configSections>
      <section name="windowsTokenService" type="Microsoft.IdentityModel.WindowsTokenService.Configuration.WindowsTokenServiceSection, Microsoft.IdentityModel.WindowsTokenService, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
  />
    </configSections>
    <startup>
      <supportedRuntime version="v4.0" />
      <supportedRuntime version="v2.0.50727" />
    </startup>
    <windowsTokenService>
      <!--
          By default no callers are allowed to use the Windows Identity Foundation Claims To NT Token Service.
          Add the identities you wish to allow below.
        -->
      <allowedCallers>
        <clear />
        <add value="WSS_WPG" />
      </allowedCallers>
    </windowsTokenService>
  </configuration>
  -----  end of config file  ----
  Retrieving security groups/users allowed to use the service from config file
   +- WSS_WPG
  Trying to login .........
  Using current Windows Credentials
  ***** c2WTS could not provide a valid Windows Token. Reason: WTS0003: The caller is not authorized to access the service.
  Server stack trace: 
     at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
     at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]: 
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dup.UpnLogon(String upn, Int32 pid)
     at Microsoft.IdentityModel.WindowsTokenService.S4UClient.<>c__DisplayClass1.<UpnLogon>b__0(IS4UService_dup channel)
     at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(Func`2 contractOperation)
     at c2WTSTest.Form1.button2_Click(Object sender, EventArgs e)
  Now Verifying if user DOMAIN/monish has rights on c2WTS
   +- User  DOMAIN/monish has no access to the service
  *** Analysis Complete ***
  Monish Gupta

• SPSecurityContext.WindowsIdentity: Could not retrieve a valid windows identity. No windows identity for domain\user.

  Hi,
  We get plenty of error messages:
  SPSecurityContext.WindowsIdentity: Could not retrieve a valid windows identity.
  No windows identity for domain\user.
  Our SharePoint 2010 environment consists of 2 app and 2 front end servers. We have plenty of SPSecurityContext.WindowsIdentity errors in our SharePoint logs. I found that this is related to C2WTS service. We have this service running under Local System account
  and only running on both Front-end servers. We are not using Kerberos in our environment.
  My question is should this service be configured with domain account even we are not using Kerberos?
  Also should this server be started on App sharepoint servers?
  Is any other way to prevent those errors?
  Thank you,

  Since local accounts are unable to query the domain, and I suspect that the Local System account uses a virtual local account (as opposed to the computer's domain account), then the same would apply to your C2WTS.
  Yes, configure a domain account (DEDICATED, since C2WTS requires some VERY elevated privileges), and the C2WTS will be able to do all of its domain lookups.
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Catch: could not retrieve wsdl imports for wsdl

  Hello, I am using JDeveloper 11.1.1.17 and am configuring a catch in a BEPL for a web service.
  The web service itself works, and the composite that is calling the web service works properly.  I am now trying to configure the catch for the web service.  I create the catch, and double-click it to get the GUI for the configuration.
  I click on the magnifier to open the "Fault Chooser" window.  I click on the Partner links, then the service, and then the "Imported WSDL" for the service.  This exposes an error message:  Exception: could not retrieve wsdl imports for wsdl
  Given that the web service calls a service on a remote server (within my organization, however), I tried re-creating the web service call, and the second time specified that it "copythe WSDL and its dependent artifacts into the project" to see if this would allow the catch to "grab" the wsdl.
  It does not.  The wsdl is listed under the project wsdl files, but each project wsdl file does not show the necessary information.
  Does anyone know if I am doing anything incorrect?
  Points Vigorously awarded!
  Stuart

  Hi HDeiby,
  We are facing similar issue and trying to resolve the Oracle advices not to Copy the WSDL files locally , and writes a note " Keeping a copy of WSDL may result in synchronization issues "  in Jdeveloper when you try to create a reference .
  We found out a way to access the Fault by adding PartnerLink to the WSDL ( I know that it is not a best practice to mix interface and implementation ) . This avoids the synchronization issues .
  Do you have any other Thoughts .
  Cheers,
  Lakshmi

• Could not retrieve the in-memory service URL after starting the in-memory.

  A local jvm process is discovered but mission control will not connect.
  Both jvm process and mission control are on the same host.
  Any suggestion?
  Thanks.
  This is the mission control help version:
  Oracle® JRockit Mission Control 3.1.0 (R27.6.3-40_o, 112101)
  I'm running mission control and a jboss web server on jrockit:
  $ java -version
  java version "1.6.0_11"
  Java(TM) SE Runtime Environment (build 1.6.0_11-b03)
  BEA JRockit(R) (build R27.6.3-40_o-112056-1.6.0_11-20090318-2103-linux-x86_64, compiled mode)
  On linux:
  $ uname -a
  Linux isidore 2.6.27-11-generic #1 SMP Wed Apr 1 20:53:41 UTC 2009 x86_64 GNU/Linux
  This is the message that appears in the controlling tty window:
  Apr 24, 2009 9:55:43 PM com.jrockit.mc.browser.attach.LocalConnectionDescriptor tryJRCMDStyleStartingOfTheAgent
  SEVERE: Could not retrieve the in-memory service URL after starting the in-memory agent!
  Apr 24, 2009 9:55:43 PM com.jrockit.mc.browser.attach.LocalConnectionDescriptor tryJRCMDStyleStartingOfTheAgent
  Here is the exception in the dialog details:
  Could not open Management Console for [1.6] JBoss (5,474).
  java.lang.NullPointerException: null
  java.lang.NullPointerException
       at com.jrockit.mc.rjmx.ConnectionDescriptorToolkit.getHostName(ConnectionDescriptorToolkit.java:152)
       at com.jrockit.mc.rjmx.internal.RJMXConnection.setupServer(RJMXConnection.java:521)
       at com.jrockit.mc.rjmx.internal.RJMXConnection.connect(RJMXConnection.java:144)
       at com.jrockit.mc.rjmx.internal.RJMXConnectorModel.establishConnection(RJMXConnectorModel.java:111)
       at com.jrockit.mc.rjmx.internal.RJMXConnectorModel.connect(RJMXConnectorModel.java:154)
       at com.jrockit.mc.rjmx.ConnectionManager.innerConnect(ConnectionManager.java:95)
       at com.jrockit.mc.rjmx.ConnectionManager.connect(ConnectionManager.java:61)
       at com.jrockit.mc.console.ui.actions.StartConsole$1.preConnect(StartConsole.java:38)
       at com.jrockit.mc.browser.utils.PreConnectJob.run(PreConnectJob.java:74)
       at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)

  After I posed the above, I saw that the url on the exception is munged.
  I didn't stumble over how to manually override that url.
  Instead, I added remote jmx capability to the process and added a connector. That is my work around.
  Thanks,
  John

• Could not retrieve the document with the passed obsolete token.

  Hi,
  Issue is with the specific report not able to execute when the query is cancelled and getting an error when you are cancelling an already executing query.
  Receiving an error message during running one of our report in the
  following way:
  - Run the Webi report
  - Select the value for 8 prompts
  - Click on cancel
  - try to re-run by clicking on re-fresh and receive an error message.
  The error message is the following:
  "Could not retrieve the document with the passed obsolete token (Error: RWI 00323) (Error: INF)"
  Till now we have made the following changes:
  This might be caused by a storage token that identifies a document state, which is no longer available in the storage tokens stack.
  In the webi.properties file, increased the value of storage tokens stack size.
  1. Edit the webi.properties file found in the following location:
  u2022 <Installed dir>\program files\businessobjects\BOenterprise115\Web services\en\dsws_webservice_boe\data\asemble\dsewsBobjJava\src\WEB-INF\classes\webi.properties.
  2. Add or change the following variables:
  u2022 WID_FAILOVER_SIZE (This sets the maximum number of tokens to keep in memory. It is 10 by default.)
  u2022 WID_STORAGE_TOKEN_STACK_SIZE (this sets the maximum number of tokens stored on disk. It is 10 by default.)
  u2022     Deleted cookies.
  u2022     Add  the Java Runtime Parameter value from following path:
  Start - > Control Panel-> Java -> Java Applet Runtime Settings
  Click on View.
  Add the Java runtime Parameter value: Xmx200.
  It is not a machine specific issue however it is intermittent.
  Please advice.
  Regards,
  Pradnya Kokil

  Hi Pradnya,
  Following solutions might help you to resolve the issue.
  Solution1:
  To achieve optimum performance, the developer should limit the number of new windows that can be opened using the OpenDocument function, particularly if using it within the drill function.
  If you must open a new window each time, you can increase the number of document instances available on the system by modifying parameters in the webi.properties file:
  1. On the Business Objects server, navigate to the following directory:
  C:\Program Files\Business Objects\Tomcat\webapps\businessobjects\enterprise115\desktoplaunch\WEB-INF\classes
  2. Open the webi.properties file using a text editor.
  3. Uncomment the FAILOVER_SIZE=10 line by removing the # from the beginning of the line.
  4. After FAILOVER_SIZE, add the following:
  STORAGE_TOKEN_STACK_SIZE=40
  5. Save the file.
  6. Restart the application server
  Solution2:
  Do not use Control Key + N or File New from Browser for invoking new instance of Browser
  Avoid opening Infoview by Hyperlinks.
  Alternatively, by setting logontoken.enabled property in web.xml for desktop.war, will stop users allowing using old token
  Locate web.xml file in desktop.war file deployed on your application server
  Locate the following string in web.xml:<param-name>logontoken.enabled</param-name>
  Change the <param-value> for logontoken.enabled from true to false (forexample, <param-value>false</param-value>)
  Save and close the file
  Restart the web application server to apply the changes
  Regards,
  Sarbhjeet Kaur

• ISync will not start with error "Could not retrieve .Mac config"

  iSync fails when run from .Mac System Preferences with message
  "There was a problem with the sync operation
  Could not retrieve .Mac configuration."
  However, Backup and iDisk access are successfull.
  Dual G5 Etc.   Mac OS X (10.4.7)  

  iSync does not run from a System Preferences pane, but .Mac Sync does.
  This is actually a .Mac Sync issue, not an iSync issue. Since the release of Mac OS X 10.4 about 19 months ago, the synchronization of selected content to and through .Mac has been the responsibility of .Mac Sync. You may want to post you query here, instead:
  http://discussions.apple.com/forum.jspa?forumID=957

• Seeburger AS2 - DECRYPTION_ERROR - Could not retrieve certificate

  Hi
  Can anyone suggest a reason why I am getting this error regarding failed Decryption:
  Error while parsing AS2 message: DECRYPTION_ERROR # Error while loading decryption certificate: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate TRUSTED\STEVEB\XX.com.seeburger.ediint.edi.EDIMessageException: cannot decrypt message (certificate or private key missing)
  I am pretty sure that the configuration is correct...
  Configuration:
  [View Creator Role|http://i1111.photobucket.com/albums/h469/SBentley2011/ViewCreatorRole.png]
  [JCA Connection Factory |http://i1111.photobucket.com/albums/h469/SBentley2011/connectionFactory.png]
  [Keystore View|http://i1111.photobucket.com/albums/h469/SBentley2011/keystore.png]
  [PI7.1 Config|http://i1111.photobucket.com/albums/h469/SBentley2011/config.png]
  BTW I am using PI7.1 ENH 1 and Seeburger 2.5.1
  Thanks for looking.
  Edited by: Andy Cliff on May 25, 2011 12:40 AM

  Hi
  Really strange, but no joy at all. Even going for the alternative 'Code Based Access' option described below, I continually get  Error:
  java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate
  _Code Based Access to the SAP Keystore_
  Creating/Inserting a New Certificate
  1. Create a personalized key store view. Certificates and private key entries should be stored in this
  view.
  2. Using the Security tab of the key storage service web interface, assign the following list of
  permissions to the codebase of the adapter in use:
  4. Note that permissions that are view based only need to be set once per view and
  codebase/domain combination, but entry based permissions need to be set for each entry in the
  view to the codebase/domain!
  5. Open the NetWeaver Administrator - Application Resources and select the JCA Connection
  Factory for the respective adapter. In the lower pane, select the Configuration Properties and
  adjust the adapterUser to an empty String (delete the previously entered name). This disables the
  user based access and enables code based access. Do not forget to Save your changes.
  The following table lists the adapters and the corresponding codebases/domains:
  SEEBURGER Adapter Configuration for SAP NW Process Integration 19
  In case you experience errors which read as "Reauthentication failed" or "Error
  construction implementation" you might need to restart the J2EE server
  u2022 VIEW_ALIASES
  u2022 GET_VIEW
  u2022 LIST_VIEW
  u2022 IS_VIEW_EXISTS
  u2022 FIND_ALIAS
  u2022 LIST_ENTRY
  u2022 READ_ENTRY
  u2022 IS_ENTRY_A_KEY
  u2022 IS_ENTRY_EXISTS
  u2022 CREATE_ENTRY_AT_VIEW (for pending keystores)
  4. Note that permissions that are view based only need to be set once per view and
  codebase/domain combination, but entry based permissions need to be set for each entry in the
  view to the codebase/domain!
  5. Open the NetWeaver Administrator - Application Resources and select the JCA Connection
  Factory for the respective adapter. In the lower pane, select the Configuration Properties and
  adjust the adapterUser to an empty String (delete the previously entered name). This disables the
  user based access and enables code based access. Do not forget to Save your changes.

• Problem with CDN - Could not retrieve the cdn enpoints in subscription with id...

   I tried to set-up a CDN endpoint over a storage account last night and kept getting 404. suspecting that this is just time to propagate I called it a day.
  This morning when I went to look again - my CDN endpoint was not visible in the portal and instead I get the warning.
  I tried to set-up a new endpoint and that fails too, now I have two warnings -
  Could not retrieve the CDN endpoints in subscription with ID '34280cfc-814c-4d35-8836-0ec2b7ce68e7'.
  Could not retrieve the CDN endpoints in subscription with ID '440d3de7-23fd-424f-8961-a57f6f6384ed'.
  Any thoughts?
  Yossi Dahan - http://yossidahan.wordpress.com - [To help others please mark replies as answers if you found them helpful]

  Hi,
  This issue is reported at Azure Status:
  https://azure.microsoft.com/en-us/status/#history below is the detailed information, the incident has now been mitigated.
  7/30
  CDN - Multi-Region - Partial Service Interruption
  This incident has now been mitigated. From 30 July, 2014, at 06:00 to 18:28 UTC, engineers received reports of an issue in which CDN customers might experience issues while creating new CDN connections and accessing their existing content. Error messages
  indicated "Warnings occurred while loading the management data for this resource type" and "Could not retrieve the CDN endpoints in subscription with ID". Preliminary investigations indicate that this incident was caused by a misconfiguration of Network endpoint
  connecting to the service, and engineers implemented a configuration change to mitigate impact.
  Best Regards,
  Jambor
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Replication Monitor could not open the Detail Window

  The publisher is running SQL Server 2008 R2 on a Server 2008 R2 box. The subscriber is running SQL Server 2012 on a Server
  2012 box. I have tried launching the replication monitor from both servers but can't drill down into details on either instance. I have three publications and subscriptions and they all throw this error when trying to drill down into the details. I would post
  a picture but am unable to do so. 
  Here are the error details
  ===================================
  Replication Monitor could not open the Detail Window. (Replication Monitor)
  ===================================
  Specified cast is not valid. (ReplicationMonitor)
  Program Location:
     at Microsoft.SqlServer.Management.UI.PublicationDetailControl.ShowSubscriptionDetailWindow(Int64 rowIdx)

  Have you tried running repair?
  Brandon Williams (blog |
  linkedin)

• Error "Could not retrieve process instance" w UWL-GP thru Load Balancer

  Hi,
  We're using NW'04s EP SP14 for developing our portal website. An external load balancer balances the load between two portal instances CI & DI.
  We are getting an Exception "Could not retrieve process instance: contact your system administrator" when we try to access the UWL Requests through the Load Balancer though it is working fine with the direct HostName in the URL.
  SAP Note 1026119 did not solve the issue.
  Has anyone faced such an issue before?
  Thanks.

  Hi
  I am getting the same error, but when i tried to retrieve the process instance from nwa I see the process instance to be missing. I could not trace the process instance.
  Can you please tell me where else can i look for the process instance.
  Its very urgent
  Thanks and Regards
  Anitha

• HELP! Premiere pro could not retrieve the 'my documents' folder location?!

  Hi
  I just installed Creative Cloud and downloaded Premiere CS6.
  When I start it, I get two dialogue boxes saying the same thing...
  "adobe premiere pro could not retrieve the 'my documents' folder location. The application will make use of a temporary folder for this session..."
  When I then go to export to Media Encoder, it crashes repeatedly.
  I am unable to find the My Documents folder on my system - it's a new system and must have been set up strangely.
  Can someone please help here as I am unable to run my video editing business when I can't export files!
  Thanks
  Geoff

  As far as I know "My Documents" is a Windows thing... giving more information when asking a question is a good thing... Information FAQ http://forums.adobe.com/message/4200840
  If you are on Windows, search http://search.microsoft.com/search.aspx?mkt=en-US&setlang=en-US for help on creating that folder

• Log shipping Could not retrieve backup settings for primary ID

  hello,
  I implemented log shipping in our server the process of implementation went fine but when I view job history I found
  Message
  2014-06-11 12:00:01.53    *** Error: Could not retrieve backup settings for primary ID '99817903-626e-4380-bcf1-c09ca6f48b6d'.(Microsoft.SqlServer.Management.LogShipping) ***
  2014-06-11 12:00:01.53    *** Error: The specified agent_id 99817903-626E-4380-BCF1-C09CA6F48B6D or agent_type 0 do not form a valid pair for log shipping monitoring processing.(.Net SqlClient Data Provider) ***
  2014-06-11 12:00:01.53    *** Error: Could not log history/error message.(Microsoft.SqlServer.Management.LogShipping) ***
  2014-06-11 12:00:01.53    *** Error: The specified agent_id 99817903-626E-4380-BCF1-C09CA6F48B6D or agent_type 0 do not form a valid pair for log shipping monitoring processing.(.Net SqlClient Data Provider) ***
  2014-06-11 12:00:01.53    *** Error: Could not cleanup history.(Microsoft.SqlServer.Management.LogShipping) ***
  2014-06-11 12:00:01.53    *** Error: The specified agent_id 99817903-626E-4380-BCF1-C09CA6F48B6D or agent_type 0 do not form a valid pair for log shipping monitoring processing.(.Net SqlClient Data Provider) ***
  2014-06-11 12:00:01.53    ----- END OF TRANSACTION LOG BACKUP   -----
  Exit Status: 1 (Error)
  also I check for database ID using select * from msdb..log_shipping_primary_databases
  your help is appreciated.
  Please Mark it as Answered if it answered your question
  OR mark it as Helpful if it help you to solve your problem
  Elmozamil Elamir Hamid
  MCSE Data Platform
  MCITP: SQL Server 2008 Administration/Development
  MCSA SQL Server 2012
  MCTS: SQL Server Administration/Development
  MyBlog

  Thank you all for your contribution.
  After testing and debugging I found that when they move their database from one server (server2) to another server (server1) the database still using the old name (server2) which you can findusing this script:
  SELECT @@SERVERNAME
  so the replication can't retrieve information, unfortunately for me it is difficult to rename the server because it sis development server so they need to make analysis about side effects if we renamed it. 
  Please Mark it as Answered if it answered your question
  OR mark it as Helpful if it help you to solve your problem
  Elmozamil Elamir Hamid
  MCSE Data Platform
  MCITP: SQL Server 2008 Administration/Development
  MCSA SQL Server 2012
  MCTS: SQL Server Administration/Development
  MyBlog