CUP 5.3 Superuser Access Request Error
Dear Exparts,
I have a path u201CSuperuser Access Requestu201D with three stages* for assigning FF IDs to requesting users in CUP.
Stage1: Manager (Determinator: Manager)
Stage2: Superuser Owner (Determinator: Superuser Owner)
Stage3: Security Admin (Determinator: Security)
I have no problem assigning FF IDs to users through this path.
However, I have a problem when I tried to remove all FF IDs from a user (with an error message: Failed to process your request, Configuration Error, Approvers not found for SUPERUSER OWNER stage).
I kinda know that this is an error due to the fact that I am, in a request, removing all the FF IDs which are supposedly tied to superuser owners---Missing superuser owners causing this error.
Is there any way I can remove all FF IDs and still keep the user ID for day-to-day standard access?
PS: I have tried to create a detour path to the security admin stage in the case if no superuser owner is found. Unfortunately, this didnu2019t work since there is no such pre-defined condition as u201CNo Superuser Owneru201D in the detour path configuration.
Please help if you can.
Thanks,
HM
HM,.
How are you removing FFID's from users via CUP?
Michael,
Superuser provisioning via CUP actually assigns available FFID's to the user.
For more details on this functionality, please visit our AC5.3 Best Practice site at: http://help.sap.com/bp_grc53/GRC_US/HTML/index.htm
Not sure, but you might need your S-number to access.
Thanks!
Ankur
SAP GRC RIG
Similar Messages
-
CUP 5.3 (SP5) New Request Error
I'm getting an issue similar to this thread: [Link|https://forums.sdn.sap.com/click.jspa?searchID=20771465&messageID=6447131]
When I go to the main http://<server>:<port>/AE page, and click on the New Request link (or any of the links that use requestAccess.do) nothing happens. When I right click and open the link in a new tab, the page completes with a 'null' error, but I'm never able to get to a New Request screen. I've restarted the server, system, and JAVA stacks without a resolution to this issue. Does anyone know if this is a known issue, and if there's a workaround?
Thanks.Hi William,
Have you done LDAP mapping. This is essential because when CUP shows initial screen shows up it need to extract data like user, requestor info. If your LDAP mapping is not done and/or User Data source is not defined then you might encounter this problem.
Try checking the a/m details and let me know if could help further I'll do my best.
Rgds,
Asok -
System error - User not authorized to access requested Info Object!
Hi, Experts,
I have a user ID begin with S***, but when I click some links, the following message shows:
"System error - User not authorized to access requested Info Object!"
How could I have authorization to see these links?
Thanks!
LorrieHi Lorrie,
If you are a superuser, you should not get this error.
If not, you can not change any autohorizations.
Check it out. For your job, you have to be a super user.
Thanks,
Gordon -
CUP Process - Superuser Access -- Assignment of Firefigter Role
Hi Everyone,
we configured the superuser access process in CUP and the assignment of the user to a firefighter ID works...
However, the person can not use the firefighter since the required role "/VIRSA/Z_VFAT_FIREFIGHTER" is not assigned.
Is there any way how to automatically assign that Firefighter Role to the user? Obviously the process is quite useless otherwise
Thanks
Edited by: Gert_2010 on Sep 17, 2010 3:24 PM
Edited by: Gert_2010 on Sep 17, 2010 5:08 PMHi Thanks for your answer,
I understand that you can set for which request type you can set the default roles... but you can not do it on role level...
In our scenario:
Request Type: is set to All --> since we have a role ("General") that we want to assign to EACH user that is created in the system!
Therefore, I can not change the "Request Type" Setting to the Firefighter Process, since then the role "General" is not provisioned to all users anymore... If I just add the "Firefighter" Role, EVERYONE will get the Firefighter role as well...
(I am aware that this is not a big risk since the user ID must also be mapped to a Firefighter ID, however it is not really a nice solution)....
Regards -
CUP 5.3 - Deactivating Superuser Access button
Good day all.
My client had decided on using Fire Fighter Roles over Fire Fighter ID's. The challenge is that when the end users are logging request via the links on the Request Access screen on CUP 5.3, the Select Superuser Access button is visible and avaliable to be clicked.
How or where can I deactivate/grey-out the button?
Regards,
Michael HannieHi Michael,
End user personlization can be used to manage fields on a request form but not the request type itself. Go to configuration -> request configuration -> Request type to deactivate any request type you don't need. There is a request type called 'SUPER_USER_ACCESS'. Click on the Active icon (Last column), which will deactive this.
Regards,
Alpesh -
Hello
On our SharePoint Foundation 2013 server approving Access Requests fails with "request approval failed" after pressing the approve button. The user is site administrator, site collection administrator and site owner.
In the ulsviewer we see the following error:
System.NotSupportedException: No data is available for encoding 1033. at System.Text.Encoding.GetEncodingRare(Int32 codepage) at System.Text.Encoding.GetEncoding(Int32 codepage) at Microsoft.SharePoint.Email.SPMailMessageHelper.GetSocialNotificationMailMessage(SPWeb
web, String senderAddress, String senderName, Boolean useSenderAddressAsFromAddress, String recipientAddress, CultureInfo recipientCulture, String subject, String sidebarHtml, String descriptionHtml, String customMessageHtml, List`1 embeddedAttachments)
at Microsoft.SharePoint.SPSharingEmailHelper.SendAccessRequestsEmail(SPCachedItemEventProperties eventProperties, SPUser sender, String message, SPUser recipient, String recipientEmailAddress, String strSubject, String body) at Microsoft.SharePoint.SPSharingEmailHelper.SendRequestorNotification(SPCachedItemEventProperties
eventProperties, String objRequestedTitle, SPUser reqByUser, SPUser reqForUser, String message, Boolean isMessageUpdate, Int32 status) at Microsoft.SharePoint.SPAccessRequestsOperationHandler.HandleStatusChangingToApprove(SPCachedItemEventProperties
properties, Int32 reqByUserId, Int32 reqForUserId, Int32 newStatus, SPUserCollection users, SPGroupCollection groups, IEnumerable`1 roleDefs) at Microsoft.SharePoint.SPAccessRequestsOperationHandler.HandleRequestStatusChanging(SPCachedItemEventProperties
properties, SPUserCollection users, SPGroupCollection groups, IEnumerable`1 roleDefs) at Microsoft.SharePoint.SPAccessRequestsOperationHandler.ItemUpdating(SPCachedItemEventProperties properties, SPUserCollection users, SPGroupCollection
groups, IEnumerable`1 roleDefs) at Microsoft.SharePoint.SPAccessRequests.UpdateItem(Int32 newStatus, SPUser reqFor, String convStr, String permType, Int32 permissionLevel, Boolean extendInvitation, String anonLinkType, SPList accReqList,
SPListItem item, SPUserCollection users, SPGroupCollection groups, IEnumerable`1 roleDefs) at Microsoft.SharePoint.SPAccessRequests.ChangeRequestStatusCore(Int32 newStatus, SPUser reqFor, String convStr, String permType, Int32 newPermissionLevel,
Boolean extendInvitation, String anonLinkType, SPList accReqList, SPListItem request) at Microsoft.SharePoint.SPAccessRequests.ChangeRequestStatus(Int32 itemId, Int32 newStatus, SPUser reqForUser, String convStr, String permType, Int32
permissionLevel, Boolean extendInvitation, String anonLinkType, SPWeb web) at Microsoft.SharePoint.SPAccessRequests.ChangeRequestStatus(Int32 itemId, Int32 newStatus, String convStr, String permType, Int32 permissionLevel)
at Microsoft.SharePoint.ServerStub.SPAccessRequestsServerStub.ChangeRequestStatus_MethodProxy(XmlNodeList xmlargs, ProxyContext proxyContext) at Microsoft.SharePoint.ServerStub.SPAccessRequestsServerStub.InvokeStaticMethod(String methodName,
XmlNodeList xmlargs, ProxyContext proxyContext, Boolean& isVoid) at Microsoft.SharePoint.Client.ServerStub.InvokeStaticMethodWithMonitoredScope(String methodName, XmlNodeList args, ProxyContext proxyContext, Boolean& isVoid)
at Microsoft.SharePoint.Client.ClientMethodsProcessor.InvokeStaticMethod(String typeId, String methodName, XmlNodeList xmlargs, Boolean& isVoid) at Microsoft.SharePoint.Client.ClientMethodsProcessor.ProcessStaticMethod(XmlElement
xe) at Microsoft.SharePoint.Client.ClientMethodsProcessor.ProcessOne(XmlElement xe) at Microsoft.SharePoint.Client.ClientMethodsProcessor.ProcessStatements(XmlNode xe) at Microsoft.SharePoint.Client.ClientMethodsProcessor.Process() 449c7b9c-6cec-f09a-9792-3d76c4d7e351
The server is running on an English Windows 2012 Server and also the English version of SharePoint Foundation 2013 with the June 2013 CU.
We see exactly the same error when add users to a group with the option "Send an email invitation" enabled.
Any ideas what could cause this problems?
Regards,
ReinhardHi Reinhard ,
According to your error message, it says that no data is available after encoding the social notification mail message. It should be caused by the E-Mail encoding setting.
For troubleshooting your issue, please check the character set of your E-Mail Settings:
Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
On the Central Administration Home page, click System Settings.
On the System Settings page, in the E-Mail and Text Messages(SMS) section, click Configure outgoing e-mail settings.
On the Outgoing E-Mail Settings page, make sure
Character set setting is 65001(Unicode UTF-8).
Best Regards,
Eric
Eric Tao
TechNet Community Support -
Access Denied Error while accessing "Site Settings Access requests and invitations"
Hi,
I am getting Access Denied Error while accessing "Site Settings > Access requests and invitations" in SharePoint 2013 online. Currently I am the owner of the site and have "FULL CONTROL" access. I am able to access using
site collection account. So, what permission I have to give my regular account to access this page?
Thanks, PalHello,
Have you recently changed the Owners group of the site collection or removed the user from the original owners group?
The reason I am asking is when the Access requests and invitations list are created, the permissions are given only to the default owners group at the time that the Access Request list was created. If this "regular account" is not part of that owners
group, the user will receive access denied. Site Collection Admins always have permissions for the Access Request List.
A workaround for the Access Denied issue is listed in the KB article http://support.microsoft.com/kb/2911390/en-us. By giving the correct group or user the permissions to this list, the users will not receive
the Access Denied issue anymore.
Preferably, in order to grant the user the full permissions ( you will see features like resending invitations may still fail after implementing the above workaround) there is one other workaround that may be required depending on what the original issue
was. Below are additional steps to restore full functionality.
1)Access the /_layouts/15/permsetup.aspx of the site collection, make sure the default Owners Group
is set correctly. (There is a group selected)
2) Add user to that Owners Group. (Issue may be resolved at this step if the site collection Owners
Group was never changed, if not continue to next step.)
3) Implement workaround on http://support.microsoft.com/kb/2911390/en-us, by adding that owners
group as Full control on Access Request list Permissions.
Let me know how this works out for you.
- Shpendi Jashari -
Error while trying to submit Access request to GRC from IDM
Hello
We have SAP IDM 7.2 SP8 installed and done all the prerequisite for connecting to GRC AC 10 as in configuration document.
We are trying to submit request to GRC using Standard GRC provisioning framework task ( AC Validation) but pass: Submit AC Request fails with error: "Pass stopped by script"
Is there anything wrong with the script which put RoleData details since its getting aborted ?
I tried providing Role name directly in Role data attribute inside the action task and got following error:
Error
putNextEntry failed
storingcn=IDMUSR0023,ou=useraccessrequest,o=grc
Exception from Add operation:javax.naming.NamingException: [LDAP: error code
82 - (GRC User Access Request:82:Script execution failed)]; remaining name
'cn=IDMUSR0023,ou=useraccessrequest,o=grc'
I checked VDS Logs and there was one error :
Additional message = msgcode=4;msgdescription=Mandatory field ITEM NAME is empty in line no 1 ;msgtype=ERROR
From where exactly ITEM NAME field value will be fetched and pass to GRC for request creation ?
Regards
Deepak GuptaThanks Christopher
I got my issue fixed, There was issue with my GRC Initial load job which couldn't enrich repository privileges and hence the issue was coming since script wasn't able to find GRC ROLE ID and Application ID attribute from privileges.
Regards
Deepak Gupta -
Block/Restrict access request page on CUP
Hi All,
I've an interesting requirement.
We use a CUP 5.3 SP7. We would be using the IDM webservices to create access requests to CUP and we want all our requests to be initiated ONLY through our IDM solution. Is there a way we can restrict the /AE/index.jsp page access to only the users with a AEAdmin role? (Assuming the Admins follow the rules !!!)
I've succeeded in taking out the Create Request and Copy Request from the AEApprover role mby adjusting the UME actions, but the same user can still access the /AE/index.jsp page to create a request.
Any insight/work around is greatly appreciated.
Thanks & Regards,
AnilAnil,
You can edit the index_left_nav.jsp page on the GRC server to disable the request access link on the Index page. To achieve this open the index_left_nav.jsp page and comment the whole tr and th lines containing the following words.
LocaleUtil.getLabel(AELabels.LBL_IDX_NAV_REQUESTACCESS
Commenting is done by the following characters <!--- and --->.
- Naveen -
Why can't I access my Blogger account and publish a blog? I get 'Bad Request Error 400" when I try.
When I tried this morning to publish my latest blog post the message 'Bad Request Error 400' came up on the screen. It seems other bloggers have been having the same problem today. I have subsequently tried to access my google blogger account through firefox but each time I do so the same message appears 'Bad Request Error 400'. What if anything do I need to do about it? Is the problem your end or is it a google problem?
I was re-decorating my blogger .. then I got the 'Bad Request Error 400' .. I re-formatted my computer, reloaded all .. I can now access my Blogger sites .. Don't know what the problem is/was, but I solved it by reloading my computer to Out-of-Box condition, and all is perfect now .. I have an alert set up for this Error 400 .. Masses of people are having problems daily ..
http://littlemisscinderellasquotes.blogspot.com/ -
I cannot open my gmail account on Firefox as of yesterday. I get, instead, Bad request Error 400. This is a recent devlopment and rather annoying. Safari works fine.
You're welcome
-
SAP GRC 5.3 CUP: Approver Determinator "Super Access Owner"
Hi,
when configuring a stage, a standard approver determinator called "Super Access Owner" could be selected.My question is where to specify the Super Access Owner in SAP GRC CUP? In the Config Guide of SAP GRC AC 5.3 a hint explains on page 145
"If you select Superuser Access Owner as the approver determinator, the system
fetches the configured owner from the SAP system where the Superuser Privilege
Management is installed and assigns the request to that particular approver."
I do not really unterstand where to specifiy. Is it the former FireFighter in the backend.
Did anybody user this Approver Determinator already?
Thank you in advance.
MarcoHi Marco,
Yes this approver is defined in the backend Firefighter which is now Super User Privelege Management. The Firefighter ID owner will be taken as the approver if we select Super User Access Owner in the CUP request. This option is basically being provided for Integration of Compliant User Provisioning and Super User Privelege Management for SAP GRC AC 5.3. You may now create a request to assign a Firefighter ID to a Firefighter in CUP and do not need to go to SPM for the same.
In case you do not want to use this approver, please create a Custom Approver Determinator for the same.
Hope this helps.
Harleen -
I'm using share point 2007 under windows server 2008 R2(one web server, another db server).When I publish a excel(*.xlsx) to report library or view it in web browser with the same error as bellows:
Excel Web Access
An error has occurred.
Please contact your system administrator if this problem persists.
Please kindly support to guide how to fix it with bellow information in details such as log.Many thanks!
1. The 12/logs file is as bellows:
10/10/2014 09:53:55.18 w3wp.exe (0x6528) 0x5C08 Excel Services
Excel Calculation Services 2u7d Medium ExcelServerSharedWebApplication.Local: An exception was thrown by configdb infrastructure: System.InvalidOperationException: ExcelServerSharedWebApplication.Local: Could
not get ServerContext.Current, which indicates that either SharePoint or the SSP infrastructure isn't provisioned correctly or that we're running outside of a web context. at Microsoft.Office.Excel.Server.ExcelServerSharedWebApplication.get_Local().
10/10/2014 09:53:55.18 w3wp.exe (0x6528) 0x5C08 Excel Services
Excel Services Administration 8tqh Critical Excel Services: Unexpected exception while trying to access Shared Services Database;. Error = ExcelServerSharedWebApplication.Local: Could not get ServerContext.Current, which indicates that
either SharePoint or the SSP infrastructure isn't provisioned correctly or that we're running outside of a web context..
10/10/2014 09:53:55.18 w3wp.exe (0x6528) 0x5C08 Excel Services
Excel Web Access 6nfi Unexpected InternalEwr.OpenWorkbook - An unexpected exception in the ECS Proxy occurred. Message: Microsoft.Office.Excel.Server.ExcelServerSettingException:
An error has occurred. ---> System.InvalidOperationException: ExcelServerSharedWebApplication.Local: Could not get ServerContext.Current, which indicates that either SharePoint or the SSP infrastructure isn't provisioned correctly or that we're running
outside of a web context. at Microsoft.Office.Excel.Server.ExcelServerSharedWebApplication.get_Local() --- End of inner exception stack trace --- at Microsoft.Office.Excel.Server.ExcelServerSharedWebApplication.get_Local()
at Microsoft.Office.Excel.Server.ExcelServerSettings.get_Settings() at Microsoft.Office.Excel.Server.ExcelServerSettings.get_EcsList() at Microsoft.Office...
2.the event in event viewer is:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2014/10/10 9:49:43
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: ***.net
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: ***
Account Domain: ***
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc000006d
Sub Status: 0x0
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: ***
Source Network Address: ***
Source Port: 63664
Detailed Authentication Information:
Logon Process:
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2014-10-10T01:49:43.563436300Z" />
<EventRecordID>37602685</EventRecordID>
<Correlation />
<Execution ProcessID="532" ThreadID="26096" />
<Channel>Security</Channel>
<Computer>***.net</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">***</Data>
<Data Name="TargetDomainName">***</Data>
<Data Name="Status">0xc000006d</Data>
<Data Name="FailureReason">%%2304</Data>
<Data Name="SubStatus">0x0</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">
</Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">***</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">***</Data>
<Data Name="IpPort">63664</Data>
</EventData>
</Event>Hi Tracy,
Have you changed something on your SharePoint 2007 environment recently before this issue occurred?
This issue may be related to Alternate Access Mappings settings like the following similar post, if you have configured AAM, you can check if this issue happened to some URLs, if it's the case, please add the problematic URLs as a Publish URLs for the default
zone for your web application, and also add these URLs as trusted locations, then check results again.
If above doesn't work, please enable ULS log on verbose level to get more useful log errors which time are corresponding to the errors occur.
https://social.technet.microsoft.com/Forums/en-US/c9ab4818-65c9-444d-be50-1bfed1f1509b/excel-web-access-web-part-works-on-intranet-but-not-internet?forum=sharepointgenerallegacy
http://blog.bugrapostaci.com/2011/09/08/how-to-enable-verbose-log-mode-on-moss-2007/
Thanks
Daniel Yang
TechNet Community Support -
This is for information to help others
KEYWORDS:
- Sharing EFS encrypted files over a personal lan wlan wifi ap network
- Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
- transfer encryption keys / certificates
- set trusted delegation for user + computer for EFS encrypted files via
Kerberos
- Windows Active Directory vs network file share
- Setting up WinDAV server on Windows 7 Pro / Ultimate
It has been a long painful road to discover this information.
I hope sharing it helps you.
Using EFS on Windows 7 pro / ultimate is easy and works great. See
here and
here
So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
won't work (unless you follow below steps).
Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
Why such a EFS drama when a network is involved?
Assume a home peer-to-peer network with 2pc: \\fileserver and \\clientpc
When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
(on behalf of the clienpc's data request).
This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
Solutions
There are two main approaches to solve this:
1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
EFS operations occur on the computer storing the files.
EFS files are decrypted then transmitted in plaintext to the client's computer
This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
2) SOLVE by setting up WebDAV (efs files accessed through web folders)
EFS operations occur on the client's local computer
EFS files remain encrypted during transmission to the client's local computer where it is decrypted
This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
READ BELOW as this does
Create new encrypted file / folder on a network file share - via Active Directory
It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
Although this info is NOT for setting up EFS on an active directory domain [server],
for those interested here is the gist:
Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
EFS.
NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
Create new encrypted file / folder on a network file share - via WebDAV
For home users it is possible to make it all work.
Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
Setting up a wifi AP (for those less technical):
a) START ... CMD
b) type (no quotes): "netsh wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
c) type (no quotes): "netsh wlan start hostednetwork"
Set up a WebDAV server on Windows 7 Pro / Ultimate
-----ON THE FILESERVER------
1 click START and type "Turn Windows Features On or Off" and open the link
a) scroll down to "Internet Information Services" and expand it.
b) put a tick in: "Web Management Tools" \ "IIS Management Console"
c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
f) click ok
g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
KB892211 here ONLY for XP + Server 2003 (made in 2005)
KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
2 Click START and type "Internet Information Services (IIS) Manager"
3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
a) on the right side, under Actions, click "Enable WebDAV"
4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
a) on the "Anonymous Authentication" and click "Disable"
b) on the "Windows Authentication" and click "Enable"
NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
It can be by changing registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
BasicAuthLevel=2
c) on the "Windows Authentication" click "Advanced Settings"
set Extended Protection to "Required"
NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
a) on the right side, under Actions, click "Add Allow Rule"
b) set this to "all users". This will control who can view the "Default Site" through a web browser
NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
clientpc.
NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
a) on the right side, under Actions, click "Enable"
HOTFIX - double escaping
7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
a) on the right side, under Actions, click "Edit Feature Settings"
b) tick the box "Allow double escaping"
*THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
a) set the Alias to something sensible eg "D_Drive", set the physical path
b) it is essential you click "connect as" and set
this to a local user (on fileserver),
if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
NB: the user account selected here must have the required EFS certificates installed.
See
here and
here
NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
The work around is on the \\fileserver create an NTFS symbollic link
e.g. to share the entire contents of "D:\",
on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
in cmd in this folder create an NTFS symbolic link to "D:\"
so in cmd type "cd c:\inetpub\wwwroot"
then in cmd type "mklink /D D_Drive D:\"
NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
clientpc
9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
b) if some exist review existing allow or deny.
Take care to not only review the "allow access to" settings
but also review "permissions" (read/write/source)
NB: this can be set here for all added virtual directories, or can be set under each virtual directory
10 Open your firewall software and/or your router. Make an exception for port 80 and 443
a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
below, specifically "Cant find server due to network location"
b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
HOTFIX - MAJOR ISSUE - fix KB959439
11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
a) On Windows 7 you need only change one tiny registry value:
- click START, type "regedit", open link
-browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
-on the EDIT menu click NEW, then click DWORD Value
-Type "DisableEFSOnWebDav" to name it (no speech marks)
-on the EDIT menu, click MODIFY, type 1, then click OK
-You MUST now restart this computer for the registry change to take effect.
b) On Windows Server 2008 / Vista / XP you'll FIRST need to
download Windows6.0-KB959439 here. Then do the above step.
NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
a) make sure WebClient Service is running
(click START, type "services" and open, scroll down to WebClient and check its status)
b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
It should show the default "IIS7" image.
If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"
c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
e.g. http://localhost/D_drive
If nothing is listed, check "Directory Browsing" is enabled
13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
a) make sure WebClient Service is running
(click START, type "services" and open, scroll down to WebClient and check its status)
b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
eg if your server's computer name is "fileserver" go to "http://fileserver:80"
It should show the default "IIS7" image. If not, check firewall and port blocking.
Any issue ie if (12) works but (13) doesn't, will indicate a possible firewall issue or router port blocking issue.
c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
A directory listing of files should appear.
--- ON EACH CLIENT ----
HOTFIX - improve upload + download speeds
14 Click START and type "Internet Options" and open the link
a) click the "Connections" tab at the top
b) click the "LAN Settings" button at the bottom right
c) untick "Automatically detect settings"
HOTFIX - remove 50mb file limit
15 On Windows 7 you need only change one tiny registry value:
a) click START, type "regedit", open link
b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
c) click on "FileSizeLimitInBytes"
d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
16 On each clientpc click START, type "Internet Options" and open it
a) click on "Security" (top) and then "Custom level" (bottom)
b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
SUCH an easy fix. SUCH an annoying problem on a clientpc
NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
explorer.
TEST SETUP
17 On the client use the normal "map network drive"
e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
e.g. CMD: net use * "http://fileserver:80/C_drive"
If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
"manage network passwords") has NTFS permissions.
18 Test that EFS is now working over the network
a) On a clientpc, map network drive to http://fileserver/
b) navigate to a folder you know on the \\flieserver is encrypted with EFS
c) create a new folder, create a new file.
IF it throws an error, check carefully you mapped to the WebDAV and not file share
i.e. mapped to "http://fileserver" not "\\fileserver"
Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
clientpc decrypted it then copied it).
If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
If this is not readable check step (11) and that you restarted the \\fileserver computer.
19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
If a prompt for user+pass then check hotfix (16)
20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
a) see the last comment at the very bottom of
this page:
Points to consider:
- NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
either.
- CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
MORE INFO: HOTFIX: RAW DATA TRANSFERS
More info on step (11) above.
Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
There is a fix:
It is implimented above, see (11) above
Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
Other problems + fixes
PROBLEM: Can't find server due to network location.
This one took me a long time to track down to "network location".
Win 7 uses network locations "Home" / "Work" / "Public".
If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
FIX = either set IP address manually and specify a gateway
FIX = or force "unidentified" network locations to assume "home" or "work" settings -
read here or
here
FIX = or change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
login to gain file access.
PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
Read
here (i've posted a batch script to automatically make the required reg files)
I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?
-
Error while Running ESS - TypeBroker failed to access SLD: Error while obta
Hi all,
We try to run a WebDypro Application of ESS on 6.40 with mySAP ERP 2004:
All the necessary JCO connections
- SAP_R3_HumanResources
- SAP_RE_HumanResources_MetaData
are maintained and pinged and tested positive.
Still, we get following error message. (see complete stack below):
...TypeBroker failed to access SLD: Error while obtaining JCO connection.
Could anybody help, please?
ERROR STACK
An error has occurred:
"Failed to process the request."
Please contact your system administrator.
Hide details
Web Dynpro client:
HTML Client
Web Dynpro client capabilities:
User agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), version: null, DOM version: null, client type: msie6, client type profile: ie6, ActiveX: enabled, Cookies: enabled, Frames: enabled, Java applets: enabled, JavaScript: enabled, Tables: enabled, VB Script: enabled
Web Dynpro runtime:
Vendor: SAP, Build ID: 6.4011.00.0000.20050217164947.0000 (release=630_VAL_REL, buildtime=2005-02-20:21:49:12[UTC], changelist=329752, host=PWDFM026)
Web Dynpro code generators of DC sap.com/essarbank:
SapDictionaryGenerationCore: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:41[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
SapMetamodelWebDynpro: 6.4009.00.0000.20040910102423.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:28:58[UTC], changelist=280539, host=PWDFM026.wdf.sap.corp)
SapMetamodelCore: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:03[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapWebDynproGenerationCTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapGenerationFrameworkCore: 6.4009.00.0000.20040910102127.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:17:08[UTC], changelist=280527, host=PWDFM026.wdf.sap.corp)
SapIdeWebDynproCheckLayer: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:25[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapMetamodelDictionary: 6.4009.00.0000.20040609163924.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:21:50[UTC], changelist=253570, host=PWDFM026.wdf.sap.corp)
SapMetamodelCommon: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:14[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationCore: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:44[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapDictionaryGenerationTemplates: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:46[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
Web Dynpro code generators of DC sap.com/pcui_gp~xssutils:
SapDictionaryGenerationCore: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:41[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
SapMetamodelWebDynpro: 6.4009.00.0000.20040910102423.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:28:58[UTC], changelist=280539, host=PWDFM026.wdf.sap.corp)
SapMetamodelCore: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:03[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapWebDynproGenerationCTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapGenerationFrameworkCore: 6.4009.00.0000.20040910102127.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:17:08[UTC], changelist=280527, host=PWDFM026.wdf.sap.corp)
SapIdeWebDynproCheckLayer: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:25[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapMetamodelDictionary: 6.4009.00.0000.20040609163924.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:21:50[UTC], changelist=253570, host=PWDFM026.wdf.sap.corp)
SapMetamodelCommon: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:14[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationCore: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:44[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapDictionaryGenerationTemplates: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:46[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
Web Dynpro code generators of DC sap.com/ess~per:
SapDictionaryGenerationCore: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:41[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
SapMetamodelWebDynpro: 6.4009.00.0000.20040910102423.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:28:58[UTC], changelist=280539, host=PWDFM026.wdf.sap.corp)
SapMetamodelCore: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:03[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapWebDynproGenerationCTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapGenerationFrameworkCore: 6.4009.00.0000.20040910102127.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:17:08[UTC], changelist=280527, host=PWDFM026.wdf.sap.corp)
SapIdeWebDynproCheckLayer: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:25[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapMetamodelDictionary: 6.4009.00.0000.20040609163924.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:21:50[UTC], changelist=253570, host=PWDFM026.wdf.sap.corp)
SapMetamodelCommon: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:14[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationCore: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:44[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapDictionaryGenerationTemplates: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:46[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
Web Dynpro code generators of DC sap.com/tcwddispwda:
No information available
Web Dynpro code generators of DC sap.com/pcui_gp~xssfpm:
SapDictionaryGenerationCore: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:41[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
SapMetamodelWebDynpro: 6.4009.00.0000.20040910102423.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:28:58[UTC], changelist=280539, host=PWDFM026.wdf.sap.corp)
SapMetamodelCore: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:03[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapWebDynproGenerationCTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapGenerationFrameworkCore: 6.4009.00.0000.20040910102127.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:17:08[UTC], changelist=280527, host=PWDFM026.wdf.sap.corp)
SapIdeWebDynproCheckLayer: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:25[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapMetamodelDictionary: 6.4009.00.0000.20040609163924.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:21:50[UTC], changelist=253570, host=PWDFM026.wdf.sap.corp)
SapMetamodelCommon: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:14[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationCore: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:44[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapDictionaryGenerationTemplates: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:46[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
Web Dynpro code generators of DC sap.com/tcwdcorecomp:
No information available
Web Dynpro code generators of DC sap.com/ess~xx:
SapDictionaryGenerationCore: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:41[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
SapMetamodelWebDynpro: 6.4009.00.0000.20040910102423.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:28:58[UTC], changelist=280539, host=PWDFM026.wdf.sap.corp)
SapMetamodelCore: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:03[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapWebDynproGenerationCTemplates: 6.4009.00.0000.20040929105448.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:46:16[UTC], changelist=286523, host=PWDFM026)
SapGenerationFrameworkCore: 6.4009.00.0000.20040910102127.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:17:08[UTC], changelist=280527, host=PWDFM026.wdf.sap.corp)
SapIdeWebDynproCheckLayer: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:25[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapMetamodelDictionary: 6.4009.00.0000.20040609163924.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:21:50[UTC], changelist=253570, host=PWDFM026.wdf.sap.corp)
SapMetamodelCommon: 6.4009.00.0000.20040730142052.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:18:14[UTC], changelist=269100, host=PWDFM026.wdf.sap.corp)
SapWebDynproGenerationCore: 6.4009.00.0000.20040910102318.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:33:44[UTC], changelist=280536, host=PWDFM026.wdf.sap.corp)
SapDictionaryGenerationTemplates: 6.4009.00.0000.20040910101802.0000 (release=630_VAL_REL, buildtime=2004-09-29:21:24:46[UTC], changelist=280522, host=PWDFM026.wdf.sap.corp)
J2EE Engine:
No information available
Java VM:
Java HotSpot(TM) Server VM, version: 1.4.2_08-b03, vendor: Sun Microsystems Inc.
Operating system:
Windows 2000, version: 5.0, architecture: x86
Error stacktrace:
com.sap.tc.webdynpro.services.exceptions.WDTypeNotFoundException: type com.sap.pcuigp.xssfpm.wd.model.types.Ext_Service could not be loaded: com.sap.dictionary.runtime.DdException: TypeBroker failed to access SLD: Error while obtaining JCO connection.
at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker.getSimpleType(DataTypeBroker.java:242)
at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker.getDataType(DataTypeBroker.java:205)
at com.sap.tc.webdynpro.progmodel.context.AttributeInfo.init(AttributeInfo.java:485)
at com.sap.tc.webdynpro.progmodel.context.NodeInfo.initAttributes(NodeInfo.java:771)
at com.sap.tc.webdynpro.progmodel.context.NodeInfo.init(NodeInfo.java:756)
at com.sap.tc.webdynpro.progmodel.context.NodeInfo.init(NodeInfo.java:761)
at com.sap.tc.webdynpro.progmodel.context.Context.init(Context.java:40)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:199)
at com.sap.tc.webdynpro.progmodel.controller.Component.getCustomControllerInternal(Component.java:433)
at com.sap.tc.webdynpro.progmodel.controller.Component.getController(Component.java:362)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.getPublicInterface(DelegatingComponent.java:142)
at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdGetBackendConnectionsController(InternalFPMComponent.java:199)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:171)
at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:105)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:95)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:346)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:349)
at com.sap.tc.webdynpro.clientserver.task.WebDynproMainTask.execute(WebDynproMainTask.java:599)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:59)
at com.sap.tc.webdynpro.clientserver.cal.ClientManager.doProcessing(ClientManager.java:251)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doWebDynproProcessing(DispatcherServlet.java:154)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:116)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:48)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:391)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:265)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:345)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:323)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:865)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:240)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)
at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:162)
Caused by: com.sap.dictionary.runtime.DdException: TypeBroker failed to access SLD: Error while obtaining JCO connection.
at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker$1.fillSldConnection(DataTypeBroker.java:89)
at com.sap.dictionary.runtime.ProviderFactory.internalResolveLogicalNameToJCODestination(ProviderFactory.java:408)
at com.sap.dictionary.runtime.ProviderFactory.resolveLogicalNameToJCODestination(ProviderFactory.java:354)
at com.sap.dictionary.runtime.ProviderFactory.internalGetProvider(ProviderFactory.java:215)
at com.sap.dictionary.runtime.ProviderFactory.getProvider(ProviderFactory.java:180)
at com.sap.dictionary.runtime.DdDictionaryPool.getProvider(DdDictionaryPool.java:87)
at com.sap.dictionary.runtime.DdDictionaryPool.getDictionary(DdDictionaryPool.java:73)
at com.sap.dictionary.runtime.DdDictionaryPool.getDictionary(DdDictionaryPool.java:48)
at com.sap.dictionary.runtime.DdBroker.getDataType(DdBroker.java:149)
at com.sap.dictionary.runtime.DdBroker.getSimpleType(DdBroker.java:170)
at com.sap.tc.webdynpro.services.datatypes.core.DataTypeBroker.getSimpleType(DataTypeBroker.java:234)
... 40 moreHi
The type broker error indicates, issue with regard to your SLD. Check whether the SLD is configured properly. You need to do a initial level of SLD between your message server (SAp/back end) and your server. Check whether landscape has been created for the SAP server.
landscape must be proper with your server configuration/installation number, SID and instance number...etc...
After you have your SLD, recheck on your JCO for the model data and meta data connections..
If you have any specific issues do let us know
thanks
sathya
Maybe you are looking for
-
Adobe Photoshop Album 2.0 Mini の登録方法
Adobe Photoshop Album 2.0 Miniを最近使いはじめました.継続使用したいので「登録 」をしようとしているのですが.サイトに接続できませんと表示されます どうしたらよいかわからないのでどなたか教えていただけないでしょうか?
-
System Settings will not save my desired mouse scroll direction
I understand the Apple genius of wanting the Settings: Mouse: Scroll direction: Natural box to be checked. But **** it, this is MY iMac and I want the scroll direction to remain Unchecked, so the screen scrolls in the direction I've been used to for
-
How to call main method in one class from another class
Suppose i have a code like this class Demo public static void main(String args[]) System.out.println("We are in First class"); class Demo1 public static void main(String args[]) System.out.println("We are in second class"); In the above program how t
-
Assert error/hangs running the performance sample code
Hi, I'm doing some work to understand how fast I can expect Berkeley DB to run and I found the 2006 white paper on [Performance Metrics and Benchmarks|http://www.oracle.com/technology/products/berkeley-db/pdf/berkeley-db-perf.pdf] so I downloaded the
-
I'm having difficulties with fonts
I'd like to be able to use a font in my design that I can quickly create a page and publish it. Firstly, it's not showing all of my system fonts in the font selection; and in particular the font I'm interested in. When I go to Typekit I can locate a