Create a new target application - Secure Store Service administration issues

Hi,
I am trying to create new target application, when I go to Secure Store Service in Centra admin I have:
Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator.
I have used this few days ago and avarything else is working fine on the server, and I have applications created with it running fine.
Any help is appreciated.
cheers
Valko

I know this has been open and possibly answered for a while but I thought I would mention what I ran into since I haven't found it posted anywhere.
It was confusing because once I clicked the Ssecure Store Service I recieved the message that is mentioned here in this thread. With that, you can't make any changes. After trying numerous things I simply highlighted the Secure Store Service (the Applicaiont
not the Application Proxy) and selected Properties from the Operations section of the ribbon at the top of the page. This opened the properties page where I was able to change the Application Pool that the service was using.
In my case it was using the Sharepoint Web Services Default and changing it to the SecurityTokenServiceApplicationPool, which I had already configured to run on a named account with adequate priveleges (although it should run find on Local or Network
Service if they are configured correctly in IIS) corrected the issue.
Hope this helps someone...
Cheers

Similar Messages

  • The Secure Store Service application Secure Store Service Proxy is not accessible

    I am working on setting up a new SharePoint 2013 Farm for our external web site which is currently running on 2010 SharePoint. Because this is an External Website for our organization we have an internally available Publishing Site and there is an Web App
    Extension to provide Anon Access to users using the www address. Currently I am doing everything on a single server for testing with HOSTS entries to loop back so I can test with real host headers and not impact the 2010 prod environment. We will be setting
    up 2 more WFEs with a NLB before moving this into prod but it isn't there yet. We brought the Site Collection Databases over but are still running in 2010 mode for now.
    I migrated a copy of the Secure Store Database over from 2010 and had it put on the 2013 Farm's Database Server. Set up Secure Store and the Secure Store Proxy. I went into the Secure Store Proxy in CA and refreshed the Key with the proper Pass Phrase. After
    doing that I could see the Target Application IDs listed. Everything was looking good so I went off to test. If I am on the publishing site I can go to a page that has the solution on it and it operates as expected. It does a query to a non SharePoint database
    and returns information filtered based on the search parameters. The only odd thing I see is if I click on the "Site Actions" I get a message "An error has occurred with the data fetch. Please refresh page and retry." Need to look into
    that more but it only happens on pages that have these solutions. Maybe a clue. If I go to the Anonymous Access page (www......) and try and use the solution, it immediately (way too quick to appear like it is doing anything) comes back with "The security
    token request cannot be completed."
    If I dig through the usage logs I am finding the following.
    The Secure Store Service application Secure Store Service Proxy is not accessible. The full exception text is: The security token request cannot be completed.
    Unexpected exception from endpoint address : https://[Servername]:32844/4e87fd3aabb640fb8cc3ed52188cf5c0/SecureStoreService.svc/https
    Logging unknown/unexpected client side exception: InvalidOperationException. This will cause this application server to be removed from the load balancer queue. Exception: System.InvalidOperationException: The security token request cannot be completed.
        at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForServiceContext(Uri contextUri)     at Microsoft.SharePoint.SPChannelFactoryOperations.InternalCreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1 factory, EndpointAddress
    address, Uri via)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetChannel(Uri address)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName,
    Boolean validateCanary, ExecuteDelegate`1 operation).
    Initially I was fighting a firewall issue because it wasn't working (different errors) on both sides. Had Network Engineers open firewall ports needed and now it works on the publishing side. Still the same error on the Anon side. I suspect I have missed
    something when it comes to configuring the Secure Store to allow access to anonymous connections.
    Let me know if you need any more information but that should paint a pretty good picture as to how things are set up.
    Thanks for any help on this one. Searches haven't found much that has helped so far.

    Hi Sennister,
    I recommend to verify the things below:
    Did this issue occur with all the pages in the anonymous side?
    Check if the Claims to Windows Token Service is started.
    Change the <identity impersonate="true" /> in the web.config to see if the issue still occurs.
    Thanks,
    Victoria
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Victoria Xia
    TechNet Community Support

  • Secure Store Service Application takes a lot of time and does not create the database

    Hi everybody,
    I was trying to configure sharepoint performance point and I was following the instruction. After I created the performance point services application I tried to creat the secure store service application. When I do this, the progress window stays open forever
    even after 2 hours. If I close the window, I will see that the secure store service and proxy app is created and the application pool also is created in IIS but the database is not and the application service is stopped. even when I want to delete it, it's
    the same story and the progress window stays until I close it manually. Nothing has been logged in the event viewer because it doesn't throw any exceptions.
    I don't think that I have permission issues on the database server side because I have created the performance point service app and the database is there. I have used the same credentials to crete the secure store.
    I have restarted the secure store service and IIS for many times and even the server itself.
    I'm wondering if anybody has had this issue because I couldn't find anything on the web.
    Thanks,
    Edwin 

    Alex, please ignore my previous answer. I found more information in the ULS. At the time that I started creating the service application by power shell these things are logged and they are repeated several times:
       it starts with:
    11/13/2013 15:19:55.52 PowerShell.exe (0x1698)                
    0x170C
    Secure Store Service          
    Secure Store                  
    esj6 High    
    Creating Secure Store Service Application 'Secure Store Service Application'.
    c402af0c-5ff6-4995-83b8-3f95210a8b3d
    11/13/2013 15:19:55.54 PowerShell.exe (0x1698)                
    0x170C
    Secure Store Service          
    Secure Store                  
    esj9 Medium  
    Creating "database object" 'SP_SecureStore' for application. At this time database is not created.
    c402af0c-5ff6-4995-83b8-3f95210a8b3d
    11/13/2013 15:19:55.54 PowerShell.exe (0x1698)                
    0x170C
    Secure Store Service          
    Secure Store                  
    esk0 Medium  
    Saving "database object" 'SP_SecureStore' in the config db.
    c402af0c-5ff6-4995-83b8-3f95210a8b3d
    11/13/2013 15:19:55.83 w3wp.exe (0x0944)                      
    0x0DB4
    Secure Store Service          
    Secure Store                  
    d4gx Verbose
    BackgroundTasks instance accesed.
    11/13/2013 15:19:55.83 SPUCWorkerProcessProxy.exe (0x13A0)    
    0x02B0
    Secure Store Service          
    Secure Store                  
    d4gx Verbose
    BackgroundTasks instance accesed.
    11/13/2013 15:19:55.83 PowerShell.exe (0x1698)                
    0x1740
    Secure Store Service          
    Secure Store                  
    f7wk Verbose
    StartTracker called for secure store ''
    11/13/2013 15:19:55.83 PowerShell.exe (0x1698)                
    0x1740
    Secure Store Service          
    Secure Store                  
    f7wl Verbose
    Tracker not started because call not made from Service Host.
    11/13/2013 15:19:55.83 WebAnalyticsService.exe (0x0A6C)        
    0x1B88 Secure Store Service          
    Secure Store                  
    f7wk Verbose
    StartTracker called for secure store ''
    Finally it says:
    11/13/2013 15:19:55.90 PowerShell.exe (0x1698)                
    0x170C
    Secure Store Service          
    Secure Store                  
    esk9 High    
    Secure Store Service Application 'Secure Store Service Application' created.
    c402af0c-5ff6-4995-83b8-3f95210a8b3d

  • Secure Store Service problems

    Hi, I am getting the following error when trying to manage the Secure Store Service (CMA -> Application Management -> Service Applications -> Manage Service Applications)
    "Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator."
    Looking at the Sharepoint logs I noticed the following errors:
    The Secure Store Service application Secure Store Service is not accessible. The full exception text is: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
    TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:32843.
    Unexpected exception from endpoint address : https://extsharepoint:32844/49c2533b83924aed91e0059a9ee957d9/SecureStoreService.svc/https
    Error occured while managing Secure Store Application 190b7e02-1aff-4a9b-bf01-007f953df8d1. Error message: Secure Store Service did not performed the operation..
    Logging unknown/unexpected client side exception: EndpointNotFoundException. This will cause this application server to be removed from the load balancer
    queue. Exception: System.ServiceModel.EndpointNotFoundException: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas. TCP error code 10061: No connection could be made because the target machine actively refused
    it 127.0.0.1:32843.  ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:32843     at System.Net.Sockets.Socket.DoConnect(EndPoint
    endPointSnapshot, SocketAddress socketAddress)     at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32
    timeout, Exception& exception)     --- End of inner exception stack trace ---     at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)     at System.Net.HttpWebRequest.GetRequestStream()    
    at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()     --- End of inner exception stack trace ---    Server stack trace:      at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()
        at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)     at System.ServiceModel.Channels.RequestChannel.Request(Message
    message, TimeSpan timeout)     at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message,
    TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
    rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken,
    SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)     at Microsoft.SharePoint.SPSecurityContext.<>c__DisplayClass7.<GetProcessSecurityTokenForServiceContext>b__6()     at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated
    secureCode)     at Microsoft.SharePoint.SPSecurityContext.GetProcessSecurityTokenForServiceContext()     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForServiceContext(Uri contextUri)     at Microsoft.SharePoint.SPChannelFactoryOperations.InternalCreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1
    factory, EndpointAddress address, Uri via)     at Microsoft.SharePoint.SPChannelFactoryOperations.CreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1 factory, EndpointAddress address)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetChannel(Uri
    address)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName, Boolean validateCanary, ExecuteDelegate`1 operation).
    An exception occurred when trying to issue security token: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
    TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:32843. .
    Request for security token failed with exception: System.ServiceModel.EndpointNotFoundException: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
    TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:32843.  ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could
    be made because the target machine actively refused it 127.0.0.1:32843     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)     at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure,
    Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)     --- End of inner exception stack trace ---     at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
    context)     at System.Net.HttpWebRequest.GetRequestStream()     at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()     --- End of inner exception stack trace ---    Server stack trace:
         at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()     at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message
    message, TimeSpan timeout)     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)     at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan
    timeout)     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[]
    ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type)     at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse&
    rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken
    actAs, SecurityToken delegateTo)
    Please help, I've been trying all sorts of solutions for a few days to no avail, including uninstalling and reinstalling.
    Thanks.
    Nicholas

    can you browse this page "http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc"
    also try to run the IISreset on the server?
    what you mean installing and uninstalling?
    check this post:
    https://blogs.blackmarble.co.uk/blogs/rhepworth/post/2010/01/07/reassigning-the-correct-ssl-certificate-to-sharepoint-2010-web-services-iis-site.aspx
    Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

  • Error with Secure Store Service

    Hi - I sure could use some help with an issue I'm having trying to configure the Secure Store Service in SharePoint 2010.
    I'm using SharePoint Server 2010 and this is the first time that I've installed and trying to configure. When I try to generate a key for the Secure Store Service App, I get this error: "Cannot complete this action as the Secure Store Shared Service is not
    responding. Please contact your Administrator."
    I also see an error in the Event Viewer: "The Secure Store Service application Secure Store Service App is not accessible. The full exception text is: Access is denied"
    I have verified that the App Pool is using the correct domain acount and the database security allows this same acount as well. The account is DBO in the Secure Store databse. What else should I check that would cause access denied?
    Thank you!
    Kerry

    I found when the error message dialog box has a phrase like "Additional information has been logged for your administrator" it means to check the Windows Event-Application log (not the SP correlation ID log).  In my case, the specific domain\uid being
    denied was mentioned in the error message details.  I found that the domain\uid in that message was not in the SQL Server log in collection with permissions to the appropriate DBs.  The Event-Application log also told me which DB object was being
    denied.  I set the account for dbo access to simplify my work (dbo is needed to run stored procedures and functions).  Other attributes (other than dbo) may be sufficient and "more secure". 

  • SAML authentication Secure store service target ID Project server integration with excel service

    I installed and configured share Point 2013 Project server 2013, and Created web application Trusted Identity Provider (SAML 2.0) ,it is working as we expected means
    ..end user are able to access application(User Login through email and alies(account NAME) )
    My problem here CA is working NTLM authentication ,Web application is working SAML
    while creating service application(LIKE SSSA Excel Performance ... ( it automatically take NTLM) I CREATED TARGET ID in secure store service application ,I chooser "GROUPS" under SSSA,and
    we added members "group to account and email id.
    I configure Excel service application and i SSSA Target ID in this excel service application  also added trusted location for PWA site
    while opening excel sheet under Project server (An error occurred while accessing application id ProjectServerApplication from Secure
    Store Service. The following connections failed to refresh)
    I tried target ID choose option " Group Ticket" 
    Is it CA required for SAML authentication? .. (extend web application 
    How Service application like SSSA will work for SAML  authentication? 

    Hi SridharMandipudi, 
    as i know, usually when the error appear, you need to check the member.
    The domain group that was specified the Secure Store Service ID ProjectServerApplication did not have any members in the group. 
    and please also have a try in a testing secure store service application:
    Created new secure store service application with new target application ID. and added this ID in excel service application -----global settings----Application ID.
    went to Central admin---manage web application---selected web application ---click on Service Connection---associated newly created secure store service application.
    edited data connection string of excel file.
    went to site and tried refresh that excel file and able to refresh the file.
    Regards,
    Aries
    Microsoft Online Community Support
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Impact of generating a new key for Secure Store Application

    I inherited my development environment from a predecessor, who did not document the secure store pass phrase anywhere. There are a couple of projects doing development on the system that cannot be impacted, but I need to get Project Server running on the
    system, and I cannot get the secure store to accept the credentials I set for the target application. I have recreated the target application several times, but nothing works.
    MossHostSsoHost.GetSecureStoreCredentials: Failed to get credentials from Secure Store. SecureStoreProvider threw a SecureStoreException. Exception: Microsoft.Office.SecureStoreService.Server.SecureStoreServiceException: Access is denied to the Secure Store
    Service.     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName, Boolean validateCanary, ExecuteDelegate`1 operation)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetCredentials(Guid
    rawPartitionId, String applicationId)     at Microsoft.Office.SecureStoreService.Server.SecureStoreProvider.GetCredentials(String appId)     at Microsoft.Office.Excel.Server.MossHost.MossHostSsoHost.GetSecureStoreCredentials(String
    secureStoreApplicationId)
    So, I am wondering if I need to generate a new key for the secure store application, and what impact that would have on the existing target applications. Can someone please tell me if I generate a new key, will this break the existing applications? Thanks.

    Hi Susan,
    Once you decide to generate a new encryption key, you could follow the steps in Generate an encryption Key part in the link below:
    http://technet.microsoft.com/en-us/library/ee806866(v=office.15).aspx
    You should back up the database of the Secure Store Service application before generating a new key. Then refresh the encryption key to propagate the key to all the application servers in the farm.
    Regards,
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected] .
    Rebecca Tu
    TechNet Community Support

  • Error occurred while accessing application id Excel services application unattended service account from secure store service

    Hi,
      I follow up the book "Professional SharePoint 2013 Administration" to build the SharePoint 2013 BI include Excel Services. and created the Secure Store services to save the user SP_Install for member.
    For Now, I can upload the worksheet and open it in browser, but when I tried to refresh it, the SP 2013 show error "Error occurred while accessing application id Excel services application unattended service account from secure store service".
     does anybody can help ? and do I need to turn on C2WTS ? 
    Thanks
    James Liang

    Hi James,
    Excel Services can be used with Secure Store in three primary scenarios:
    Unattended Service Account
    Embedded Connections
    External Data Connections
    If you haven't configure unattended service account yet, you could refer to the article below:
    http://technet.microsoft.com/en-us/library/hh525344(v=office.15).aspx
    More information:
    http://technet.microsoft.com/en-us/library/ff191191(v=office.15).aspx
    Regards,
    Rebecca Tu
    TechNet Community Support

  • Create a new web application, how shall I update the file server.xml

    Hi,
    I will create a new web application, i.e named newApp. Then I create a file structure as follows:
    - <server-root>/newApp
    - <server-root>/newApp/WEB-INF
    - <server-root>/newApp/WEB-INF/classes
    Then I must tell the server that I have created a new web application. Then I must update my file server.xml, How shall I do this and where in the file shall I type in the new information?
    I use windows XP Pro, and Tomcat 4.1.27.
    My server.xml file looks like below:
    <!-- Example Server Configuration File -->
    <!-- Note that component elements are nested corresponding to their
    parent-child relationships with each other -->
    <!-- A "Server" is a singleton element that represents the entire JVM,
    which may contain one or more "Service" instances. The Server
    listens for a shutdown command on the indicated port.
    Note: A "Server" is not itself a "Container", so you may not
    define subcomponents such as "Valves" or "Loggers" at this level.
    -->
    <Server port="8005" shutdown="SHUTDOWN" debug="0">
    <!-- Comment these entries out to disable JMX MBeans support -->
    <!-- You may also configure custom components (e.g. Valves/Realms) by
    including your own mbean-descriptor file(s), and setting the
    "descriptors" attribute to point to a ';' seperated list of paths
    (in the ClassLoader sense) of files to add to the default list.
    e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
    -->
    <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
    debug="0"/>
    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
    debug="0"/>
    <!-- Global JNDI resources -->
    <GlobalNamingResources>
    <!-- Test entry for demonstration purposes -->
    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
    <!-- Editable user database that can also be used by
    UserDatabaseRealm to authenticate users -->
    <Resource name="UserDatabase" auth="Container"
    type="org.apache.catalina.UserDatabase"
    description="User database that can be updated and saved">
    </Resource>
    <ResourceParams name="UserDatabase">
    <parameter>
    <name>factory</name>
    <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
    </parameter>
    <parameter>
    <name>pathname</name>
    <value>conf/tomcat-users.xml</value>
    </parameter>
    </ResourceParams>
    </GlobalNamingResources>
    <!-- A "Service" is a collection of one or more "Connectors" that share
    a single "Container" (and therefore the web applications visible
    within that Container). Normally, that Container is an "Engine",
    but this is not required.
    Note: A "Service" is not itself a "Container", so you may not
    define subcomponents such as "Valves" or "Loggers" at this level.
    -->
    <!-- Define the Tomcat Stand-Alone Service -->
    <Service name="Tomcat-Standalone">
    <!-- A "Connector" represents an endpoint by which requests are received
    and responses are returned. Each Connector passes requests on to the
    associated "Container" (normally an Engine) for processing.
    By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
    You can also enable an SSL HTTP/1.1 Connector on port 8443 by
    following the instructions below and uncommenting the second Connector
    entry. SSL support requires the following steps (see the SSL Config
    HOWTO in the Tomcat 4.0 documentation bundle for more detailed
    instructions):
    * Download and install JSSE 1.0.2 or later, and put the JAR files
    into "$JAVA_HOME/jre/lib/ext".
    * Execute:
    %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
    $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
    with a password value of "changeit" for both the certificate and
    the keystore itself.
    By default, DNS lookups are enabled when a web application calls
    request.getRemoteHost(). This can have an adverse impact on
    performance, so you can disable it by setting the
    "enableLookups" attribute to "false". When DNS lookups are disabled,
    request.getRemoteHost() will return the String version of the
    IP address of the remote client.
    -->
    <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8080" minProcessors="5" maxProcessors="75"
    enableLookups="true" redirectPort="8443"
    acceptCount="100" debug="0" connectionTimeout="20000"
    useURIValidationHack="false" disableUploadTimeout="true" />
    <!-- Note : To disable connection timeouts, set connectionTimeout value
    to -1 -->
    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <!--
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    useURIValidationHack="false" disableUploadTimeout="true">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" />
    </Connector>
    -->
    <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8009" minProcessors="5" maxProcessors="75"
    enableLookups="true" redirectPort="8443"
    acceptCount="10" debug="0" connectionTimeout="0"
    useURIValidationHack="false"
    protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
    port="8009" minProcessors="5" maxProcessors="75"
    acceptCount="10" debug="0"/>
    -->
    <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
    <!-- See proxy documentation for more information about using this. -->
    <!--
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8082" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="100" debug="0" connectionTimeout="20000"
    proxyPort="80" useURIValidationHack="false"
    disableUploadTimeout="true" />
    -->
    <!-- Define a non-SSL legacy HTTP/1.1 Test Connector on port 8083 -->
    <!--
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
    port="8083" minProcessors="5" maxProcessors="75"
    enableLookups="true" redirectPort="8443"
    acceptCount="10" debug="0" />
    -->
    <!-- Define a non-SSL HTTP/1.0 Test Connector on port 8084 -->
    <!--
    <Connector className="org.apache.catalina.connector.http10.HttpConnector"
    port="8084" minProcessors="5" maxProcessors="75"
    enableLookups="true" redirectPort="8443"
    acceptCount="10" debug="0" />
    -->
    <!-- An Engine represents the entry point (within Catalina) that processes
    every request. The Engine implementation for Tomcat stand alone
    analyzes the HTTP headers included with the request, and passes them
    on to the appropriate Host (virtual host). -->
    <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
    <Engine name="Standalone" defaultHost="localhost" debug="0" jmvRoute="jvm1">
    -->
    <!-- Define the top level container in our container hierarchy -->
    <Engine name="Standalone" defaultHost="localhost" debug="0">
    <!-- The request dumper valve dumps useful debugging information about
    the request headers and cookies that were received, and the response
    headers and cookies that were sent, for all requests received by
    this instance of Tomcat. If you care only about requests to a
    particular virtual host, or a particular application, nest this
    element inside the corresponding <Host> or <Context> entry instead.
    For a similar mechanism that is portable to all Servlet 2.3
    containers, check out the "RequestDumperFilter" Filter in the
    example application (the source for this filter may be found in
    "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
    Request dumping is disabled by default. Uncomment the following
    element to enable it. -->
    <!--
    <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
    -->
    <!-- Global logger unless overridden at lower levels -->
    <Logger className="org.apache.catalina.logger.FileLogger"
    prefix="catalina_log." suffix=".txt"
    timestamp="true"/>
    <!-- Because this Realm is here, an instance will be shared globally -->
    <!-- This Realm uses the UserDatabase configured in the global JNDI
    resources under the key "UserDatabase". Any edits
    that are performed against this UserDatabase are immediately
    available for use by the Realm. -->
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
    debug="0" resourceName="UserDatabase"/>
    <!-- Comment out the old realm but leave here for now in case we
    need to go back quickly -->
    <!--
    <Realm className="org.apache.catalina.realm.MemoryRealm" />
    -->
    <!-- Replace the above Realm with one of the following to get a Realm
    stored in a database and accessed via JDBC -->
    <!--
    <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
    driverName="org.gjt.mm.mysql.Driver"
    connectionURL="jdbc:mysql://localhost/authority"
    connectionName="test" connectionPassword="test"
    userTable="users" userNameCol="user_name" userCredCol="user_pass"
    userRoleTable="user_roles" roleNameCol="role_name" />
    -->
    <!--
    <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
    driverName="oracle.jdbc.driver.OracleDriver"
    connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
    connectionName="scott" connectionPassword="tiger"
    userTable="users" userNameCol="user_name" userCredCol="user_pass"
    userRoleTable="user_roles" roleNameCol="role_name" />
    -->
    <!--
    <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
    driverName="sun.jdbc.odbc.JdbcOdbcDriver"
    connectionURL="jdbc:odbc:CATALINA"
    userTable="users" userNameCol="user_name" userCredCol="user_pass"
    userRoleTable="user_roles" roleNameCol="role_name" />
    -->
    <!-- Define the default virtual host -->
    <Host name="localhost" debug="0" appBase="webapps"
    unpackWARs="true" autoDeploy="true">
    <!-- Normally, users must authenticate themselves to each web app
    individually. Uncomment the following entry if you would like
    a user to be authenticated the first time they encounter a
    resource protected by a security constraint, and then have that
    user identity maintained across all web applications contained
    in this virtual host. -->
    <!--
    <Valve className="org.apache.catalina.authenticator.SingleSignOn"
    debug="0"/>
    -->
    <!-- Access log processes all requests for this virtual host. By
    default, log files are created in the "logs" directory relative to
    $CATALINA_HOME. If you wish, you can specify a different
    directory with the "directory" attribute. Specify either a relative
    (to $CATALINA_HOME) or absolute path to the desired directory.
    -->
    <!--
    <Valve className="org.apache.catalina.valves.AccessLogValve"
    directory="logs" prefix="localhost_access_log." suffix=".txt"
    pattern="common" resolveHosts="false"/>
    -->
    <!-- Logger shared by all Contexts related to this virtual host. By
    default (when using FileLogger), log files are created in the "logs"
    directory relative to $CATALINA_HOME. If you wish, you can specify
    a different directory with the "directory" attribute. Specify either a
    relative (to $CATALINA_HOME) or absolute path to the desired
    directory.-->
    <Logger className="org.apache.catalina.logger.FileLogger"
    directory="logs" prefix="localhost_log." suffix=".txt"
    timestamp="true"/>
    <!-- Define properties for each web application. This is only needed
    if you want to set non-default properties, or have web application
    document roots in places other than the virtual host's appBase
    directory. -->
         <DefaultContext reloadable="true"/>
    <!-- Tomcat Root Context -->
    <Context path="" docBase="ROOT" debug="0"/>
    <!-- Tomcat Examples Context -->
    <Context path="/examples" docBase="examples" debug="0"
    reloadable="true" crossContext="true">
    <Logger className="org.apache.catalina.logger.FileLogger"
    prefix="localhost_examples_log." suffix=".txt"
    timestamp="true"/>
    <Ejb name="ejb/EmplRecord" type="Entity"
    home="com.wombat.empl.EmployeeRecordHome"
    remote="com.wombat.empl.EmployeeRecord"/>
    <!-- If you wanted the examples app to be able to edit the
    user database, you would uncomment the following entry.
    Of course, you would want to enable security on the
    application as well, so this is not done by default!
    The database object could be accessed like this:
    Context initCtx = new InitialContext();
    Context envCtx = (Context) initCtx.lookup("java:comp/env");
    UserDatabase database =
    (UserDatabase) envCtx.lookup("userDatabase");
    -->
    <!--
    <ResourceLink name="userDatabase" global="UserDatabase"
    type="org.apache.catalina.UserDatabase"/>
    -->
    <!-- PersistentManager: Uncomment the section below to test Persistent
    Sessions.
    saveOnRestart: If true, all active sessions will be saved
    to the Store when Catalina is shutdown, regardless of
    other settings. All Sessions found in the Store will be
    loaded on startup. Sessions past their expiration are
    ignored in both cases.
    maxActiveSessions: If 0 or greater, having too many active
    sessions will result in some being swapped out. minIdleSwap
    limits this. -1 or 0 means unlimited sessions are allowed.
    If it is not possible to swap sessions new sessions will
    be rejected.
    This avoids thrashing when the site is highly active.
    minIdleSwap: Sessions must be idle for at least this long
    (in seconds) before they will be swapped out due to
    activity.
    0 means sessions will almost always be swapped out after
    use - this will be noticeably slow for your users.
    maxIdleSwap: Sessions will be swapped out if idle for this
    long (in seconds). If minIdleSwap is higher, then it will
    override this. This isn't exact: it is checked periodically.
    -1 means sessions won't be swapped out for this reason,
    although they may be swapped out for maxActiveSessions.
    If set to >= 0, guarantees that all sessions found in the
    Store will be loaded on startup.
    maxIdleBackup: Sessions will be backed up (saved to the Store,
    but left in active memory) if idle for this long (in seconds),
    and all sessions found in the Store will be loaded on startup.
    If set to -1 sessions will not be backed up, 0 means they
    should be backed up shortly after being used.
    To clear sessions from the Store, set maxActiveSessions, maxIdleSwap,
    and minIdleBackup all to -1, saveOnRestart to false, then restart
    Catalina.
    -->
    <!--
    <Manager className="org.apache.catalina.session.PersistentManager"
    debug="0"
    saveOnRestart="true"
    maxActiveSessions="-1"
    minIdleSwap="-1"
    maxIdleSwap="-1"
    maxIdleBackup="-1">
    <Store className="org.apache.catalina.session.FileStore"/>
    </Manager>
    -->
    <Environment name="maxExemptions" type="java.lang.Integer"
    value="15"/>
    <Parameter name="context.param.name" value="context.param.value"
    override="false"/>
    <Resource name="jdbc/EmployeeAppDb" auth="SERVLET"
    type="javax.sql.DataSource"/>
    <ResourceParams name="jdbc/EmployeeAppDb">
    <parameter><name>username</name><value>sa</value></parameter>
    <parameter><name>password</name><value></value></parameter>
    <parameter><name>driverClassName</name>
    <value>org.hsql.jdbcDriver</value></parameter>
    <parameter><name>url</name>
    <value>jdbc:HypersonicSQL:database</value></parameter>
    </ResourceParams>
    <Resource name="mail/Session" auth="Container"
    type="javax.mail.Session"/>
    <ResourceParams name="mail/Session">
    <parameter>
    <name>mail.smtp.host</name>
    <value>localhost</value>
    </parameter>
    </ResourceParams>
    <ResourceLink name="linkToGlobalResource"
    global="simpleValue"
    type="java.lang.Integer"/>
    </Context>
    </Host>
    </Engine>
    </Service>
    </Server>

    To use servlets u have indeed to update your web.xml...Well I'm not sure this is relevant to your case anyway.
    You have to add a <servlet> element to this file.
    Something like this:
    <servlet>
    <servlet-name>blabla</servlet-name>
    <servlet-class>blablapackage.Blablaclass</servlet-class>
    <init-param>...</init-param>
    </servlet>
    Now this may not solve your problem. Make sure you refer to your servlets using their full qualified names.btw, just to be sure, what is your definition of "servlet"? (i mean: any java class or only javax.servlet.Servlet)

  • Secure Store Service and Schedule Data Refresh

    Hi
    Can you please let us know how many (max) target application's we can create under 1 secure store service application? 
    As we know, Manage Data Refresh feature is only available for PowerPivot Service Report and we can access it from Sharepoint to schedule the Workbook for Data Refresh.
    As per our requirement, we need to build a interface to use this Schedule data refresh feature in a separate browser not from SharePoint. Please let us know how to build this interface, is there any option to use API Web Service.
    Thanks in advance.
    Regards
    K.V.B.Gururaaja

    Hi,
    For your first question, refer to the following link:
    https://social.technet.microsoft.com/Forums/en-US/ab7f24eb-0cbf-4101-931e-1f89446e2149/secure-store-service-target-application-max-number?forum=sharepointgeneral
    For your second problem, could you offer a screenshot about what is your intention?
    Besides, take a look at the article about  PowerPivot data refresh options:
    http://www.sqlchick.com/entries/2012/11/17/powerpivot-data-refresh-options.html
    Best Regards,
    Lisa Chen
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Lisa Chen
    TechNet Community Support

  • Problem when trying to actualize excel spreadsheet - Excel Service - Secure Store Service

    Hello
    I encoutner  a strange problem in SharePoint 2013
    when trying  to actualize Datas into a spreadsheet Excel Web Service <- RMQ:  Both Service & Application are started
    The goal is to connect the Excel  Web  spreadsheet  to a  SSAS Cube.
    I use an account "proxy" SharePoint Secure Store Service because people who
    connect to sharepoint don't have acces to the olap Cube.
    However, when updating data in SharePoint, I encounter the following problem:
    An error has occurred while attempting to access the application ID AccesExcel
    from the Secure Store Service. Failed to update the following connections: XXXXXXX
    Information: For testing the SharePoint access account doesn't  have access to OLAP
    and Excel connection uses SSS account (which of course it access to olap cube free).
    Where do you think  the problem could coming  from ?  
    It seems to me that the SECURE STORE SERVICE service is "unstable".
    Sensitive to the memory RAM of the server ?
    Thank you very much for your help

    We export it from java servlet. But we used ReportExportFormat._MSExcel (which is constant value 2 defined in crystal report SDK) for excel export. As I looked at your code sample in JSP page, I changed the "Excel" value from 2  to 6 which is ReportExportFormat._recordToMSExcel as in the sample code
    We have this code snippet to set the export options.     (No change)
                 ExportOptions exportOptions = new ExportOptions();
                 exportOptions.setExportFormatType(ReportExportFormat.from_int(exportType.getId()));
                 exportOptions.setFormatOptions(formatOptions);
    And now CRExportType enum is defined as below with value changed from 2 to 6 for Excel.
        WORD("Word",1),
        EXCEL("Excel",6),   //_recordToMSExcel; _MSExcel=2 didn't work with error UnsupportedFormatException
        RTF("RTF", 3), //_RTF
        PDF("PDF", 5); //_PDF
    After the change, it did work. So I'm still not clear why _MSExcel didn't work and what's the difference between _MSExcel(2) and _recordToMSExcel (6). But I'm good for now and thanks for your help.

  • Created a new planning application ..while loggin in giving error as :.....

    Created a new planning application with Admin id ..while loggin in giving error as :.....
    Unable to obtain a connection to Hyperion Essbase. If this problem persists, please contact your administrator
    Steps i followed :
    1. created schema
    2.created DSN on application servr
    3.Created planning Applicaion from AppWizard plannig link
    4.Application was succesfully created.
    5.tried login into the plannig aplication got the boce error.
    6.the application i not seen when i login with Admin id through EAS console ....
    7.Applicaction is not created in essbase server also...i see in essbase server back end

    Check out in shared services if the user is still provisioned with appropriate access, if not do it.
    Try running updateusers utility because user dosent exists as NTLM and try creating the application again from Essbase and from Planning.
    If it doesnt work then Create a new user with administrator access and In EAS refresh the security from shared services and try creating the essbase and planning applications using new admin. Check if it works.
    Edited by: RahulS on Dec 2, 2010 4:12 AM

  • Search issue caused by Secure Store Service Sporadic Failures

    I am running into a fun issue.  I am getting a lot of errors in my search crawl logs that say the following:
    The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly.
    And
    The filtering process has been terminated
    And
    An unrecognized HTTP response was received when attempting to crawl this item. Verify whether the item can be accessed using your browser. ( Error from SharePoint site: WebExceptionStatus TrustFailure The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. )
    And finally,
    The SharePoint item being crawled returned an error when requesting data from the web service. ( Error from SharePoint site )
    The thing is, I still get most of the results. Probably 3/4ths of the pages and external content are crawled. These happen sporadically.  I believe it to be caused by a spotty secure store service.  
    When I try to manage the secure store service, sometimes the page loads. Other times it says:
    Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator
    If I refresh the page a couple times, it comes back up. I believe this constant up and down is causing issues. I have tried the following to resolve this:
    IIS resets on all servers
    Restarting individual app pools on all servers
    Making sure the correct services were running on all servers, and restarting them
    Restarting the servers
    Creating a new secure store service is not an option, as the custom software running on the environment requires it heavily, and rebuilding all the credentials is a huge pain. If this were not a live environment, it would be worth it. However, this IS a
    live site.
    Has anyone else seen a spotty SSS like this one?

    You may be right, and these two could be unrelated, or both be caused by some underlying environmental issue (quite possible).  The Secure Store Service is indeed used when indexing.  I'm not logged into the servers right now, but when crawling
    the external content source, the errors are about the secure store service.
    I've set fiddler as a proxy on search and watched the crawls. I'll have to review those again to find the response, but I believe the errors were all authentication-related.
    I'll probably spend my day today going through logs and report back.

  • Get Current UserName in Infopath always returns the secure store service credential name

    I followed the 3 page tutorial here to get the current Display Name in an infopath textbox.https://spvee.wordpress.com/2013/04/10/auto-populate-user-information-in-infopath-with-claims-based-authentication-part-1-of-3/
    After several tries I narrowed down the problem to something very specific.
    It always shows the Display Name of the user used in the Credentials in the secure store service application. It doesnt use the current user.
    I do have access to the farm, but I didnt not install it, so am not aware if something is wrong on IIS/App Pools or service applications.
    Any idea??
    Follow me on Twitter
    levalencia Blog

    I followed the 3 page tutorial here to get the current Display Name in an infopath textbox.https://spvee.wordpress.com/2013/04/10/auto-populate-user-information-in-infopath-with-claims-based-authentication-part-1-of-3/
    After several tries I narrowed down the problem to something very specific.
    It always shows the Display Name of the user used in the Credentials in the secure store service application. It doesnt use the current user.
    I do have access to the farm, but I didnt not install it, so am not aware if something is wrong on IIS/App Pools or service applications.
    Any idea??
    Follow me on Twitter
    levalencia Blog

  • I' m not able to create a new Target Schema

    Hi folks,
    Always I tried to create a new Target Schema using OWB Runtime Assistant, installing into a new user schema or into an existing user schema I've got a Target Schema Installation Error. The log file shows the following error lines:
    (Spawn Token) Error loading Java into DB:
    Sun Feb 22 11:37:32 BRT 2004
    oracle.wh.util.DebugUtility: [processSPAWN]: A spawned program error. Exception = java.lang.Exception: java.io.BufferedInputStream@2cd19d
    Sun Feb 22 11:37:32 BRT 2004
    oracle.wh.util.DebugUtility: [processSPAWN]: Get the error, stop processing...
    Sun Feb 22 11:37:32 BRT 2004
    oracle.wh.util.DebugUtility: Files\Java\j2re1.4.0_03\lib\ext\QTJava.zip""=="" was unexpected at this time.
    Sun Feb 22 11:37:36 BRT 2004
    oracle.wh.util.DebugUtility: Assistant operation is unsuccessful ...
    I've installed both OWB Design Time and OWB Server Side, in the same machine using 2different Oracle_Homes.
    Please, tell me what I can do to overcome this.
    Thanks all,
    Ismael

    Hi Pierre,
    Thank you for your response.
    Actually, I've installed the OWB Server Side because I was getting the same problem using the OWB Run Time Assistant of the OWB Design Time that I've installed before. In the OWBInstallGuide I read the following text, recommending not to use the same Oracle_Home:
    "2.5 Step 4. Perform the OWB Server Side Install using Oracle Universal Installer
    Install the OWB Server Side components on the machine where your Oracle Database Server is installed.
    When you performed the OWB Design Time installation, you also installed the runtime components. Therefore, if you are performing the OWB Server Side install on the same machine as the OWB Design Time install, you are installing the runtime components twice. If you decide to go forward with this configuration, make sure to specify a separate ORACLE_HOME for each install."
    Any way I'm going to try your suggestion but I'm afraid it couldn't work because of the above text. I'm running out of time, I'm supposed to start a project next Monday and I'm stuck on this problem.
    Please, if you have any other hints let me know. I'll keep you informed after using the same Oracle_Home for both.
    Thanks again,
    Ismael

Maybe you are looking for