Data Access Manager

Similar Messages

• Unable to connect to the Data Access service for this management server

  Hate to raise a sleeping horse but was hoping someone might have some insight into why SCOM Report Server install is failing. I am using a domain account for SCOM 2012 R2 services in a distributive environment
  with 2 management servers and 2 SQL servers…one for Ops db and one for DW db.
   Install was failing on selecting the management server. Research led me to
  Kevin Holman's site. I followed his doc and SPN are set per your config and can telnet to MGMT1 on 5723…firewall is off on all servers. I am a domain admin and scom.mgmt account (MSOMSdkSvc) is a local admin on the MGMT servers.
  >setspn -l domain\scom.mgmt
  Registered ServicePrincipalNames for CN=scom.mgmt,OU=Service Accounts,DC= domain,DC=net:
  MSOMSdkSvc/SCOM-MGMT1
  MSOMSdkSvc/SCOM-MGMT1.domain.net
  MSOMSdkSvc/SCOM-MGMT2
  MSOMSdkSvc/SCOM-MGMT2.domain.net
  >setspn -l domain\scom-mgmt1
  Registered ServicePrincipalNames for CN=SCOM-MGMT1,OU=SCOM,OU=INTERNAL,DC=domain,DC=net:
  MSOMHSvc/SCOM-MGMT1.domain.net
  TERMSRV/SCOM-MGMT1.domain.net
  WSMAN/SCOM-MGMT1.domain.net
  RestrictedKrbHost/SCOM-MGMT1.domain.net
  HOST/SCOM-MGMT1.domain.net
  MSOMHSvc/SCOM-MGMT1
  TERMSRV/SCOM-MGMT1
  WSMAN/SCOM-MGMT1
  RestrictedKrbHost/SCOM-MGMT1
  HOST/SCOM-MGMT1
  >setspn -l domain\scom-mgmt2
  Registered ServicePrincipalNames for CN=SCOM-MGMT2,OU=SCOM,OU=INTERNAL,DC=domain,DC=net:
  MSOMHSvc/ SCOM-MGMT2.domain.net
  MSOMHSvc/ SCOM-MGMT2
  WSMAN/SCOM-MGMT2.domain.net
  WSMAN/SCOM-MGMT2
          TERMSRV/SCOM-MGMT2.domain.net
  TERMSRV/SCOM-MGMT2
  RestrictedKrbHost/SCOM-MGMT2
  HOST/CHH-SCOM-MGMT2
  RestrictedKrbHost/CHH-SCOM-MGMT2.osi-asp.net
  HOST/CHH-SCOM-MGMT2.osi-asp.net
  >setspn -l domain\scom-ssrs
  Registered ServicePrincipalNames for CN=SCOM-SSRS,OU=SCOM SQL,OU=SCOM,OU=CHH-INTERNAL,DC=domain,DC=net:
      WSMAN/SCOM-SSRS
  WSMAN/SCOM-SSRS.domain.net
  MSSQLSvc/SCOM-SSRS.domain.net
  MSSQLSvc/SCOM-SSRS.domain.net:1433
      TERMSRV/SCOM-SSRS.domain.net
  TERMSRV/SCOM-SSRS
  RestrictedKrbHost/SCOM-SSRS
    HOST/SCOM-SSRS
  RestrictedKrbHost/SCOM-SSRS.domain.net
  HOST/SCOM-SSRS.domain.net
  When I point to the MGMT server, I keep getting “Unable to connect to the Data Access service for this management server. Ensure the Data Access service is running and that the service, the management group, and setup are
  all the same version”.
  OpsMgrSetupWizard.log states…
  Info:     
  :Could not connect to Management Server: scom-mgmt1.domain.net with exception: Threw Exception.Type: System.ArgumentException, Exception Error Code: 0x80070057, Exception.Message: Version string portion was too short or
  too long.
  Info:     
  :StackTrace:   at System.Version.TryParseVersion(String version, VersionResult& result) at System.Version..ctor(String version) at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.IsManagementServerCurrentVersion(String
  managementServer) at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.CanConnectToManagementGroup(String managementServer)
  When I searched on "Exception.Message: Version string portion was too short or too long" it led me to .Net strings in the reg. i deleted all refs to older versions (3.x) but still no good.
  Bob

  Well, I’m back to trying to get SCOM Report Server up and running. This time I decided to try the command line silent install and rely on logs to debug. But it still fails.
  This is the script: SETUP /install /InstallPath:D:\Program Files\Microsoft System Center 2012 R2\Operations Manager /components:OMReporting /ManagementServer:<server>.<domain> /SRSInstance:<instance> /DataReaderUser:<domain>\<account>
  /DataReaderPassword:******** /SendODRReports:0 /UseMicrosoftUpdate:0 /AcceptEndUserLicenseAgreement:1
  When I run the script, I get a pop-up: “System CenterOperations Manager Setup has stopped working with the following:
  Problem signature:
  Problem Event Name:                       
  CLR20r3
  Problem Signature 01:                      
  setupchainerui.exe
  Problem Signature 02:                      
  7.0.5000.0
  Problem Signature 03:                      
  522a5b85
  Problem Signature 04:                      
  mscorlib
  Problem Signature 05:                      
  4.0.0.0
  Problem Signature 06:                      
  53b4fc1e
  Problem Signature 07:                      
  e4d
  Problem Signature 08:                      
  5a
  Problem Signature 09:                      
  System.FormatException
  OS Version:                                         
  6.1.7601.2.1.0.274.10
  Locale ID:                                            
  1033
  Additional Information 1:                 
  4911
  Additional Information 2:                 
  49111a576c61a461b7f2900e4224563c
  Additional Information 3:                 
  a1e6
  Additional Information 4:                 
  a1e62e9c159c1d7601a31ccff83dbf94
  App Event Log:
  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  - <System>
  <Provider Name=".NET Runtime" />
  <EventID Qualifiers="0">1026</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2015-01-29T19:02:39.000000000Z" />
  <EventRecordID>4999</EventRecordID>
  <Channel>Application</Channel>
  <Computer>SERVER NAME</Computer>
  <Security />
  </System>
  - <EventData>
  <Data>Application: SetupChainerUI.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception.
  Exception Info: System.FormatException Stack: at Microsoft.SystemCenter.Essentials.SetupFramework.Program.Main()</Data>
  </EventData>
  </Event>
  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  - <System>
  <Provider Name="Application Error" />
  <EventID Qualifiers="0">1000</EventID>
  <Level>2</Level>
  <Task>100</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2015-01-29T19:02:41.000000000Z" />
  <EventRecordID>5000</EventRecordID>
  <Channel>Application</Channel>
  <Computer>SERVER NAME</Computer>
  <Security />
  </System>
  - <EventData>
  <Data>SetupChainerUI.exe</Data>
  <Data>7.1.10226.0</Data>
  <Data>522a5b85</Data>
  <Data>KERNELBASE.dll</Data>
  <Data>6.1.7601.18409</Data>
  <Data>5315a05a</Data>
  <Data>e0434352</Data>
  <Data>000000000000940d</Data>
  <Data>a64</Data>
  <Data>01d03bf626a03a7a</Data>
  <Data>C:\Users\USER NAME\AppData\Local\SCOM\Setup\SetupChainerUI.exe</Data>
  <Data>C:\Windows\system32\KERNELBASE.dll</Data>
  <Data>65be21be-a7e9-11e4-a4d7-005056966e1b</Data>
  </EventData>
  </Event>
  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  - <System>
  <Provider Name="Windows Error Reporting" />
  <EventID Qualifiers="0">1001</EventID>
  <Level>4</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2015-01-29T19:03:27.000000000Z" />
  <EventRecordID>5001</EventRecordID>
  <Channel>Application</Channel>
  <Computer>SERVER NAME</Computer>
  <Security />
  </System>
  - <EventData>
  <Data />
  <Data>0</Data>
  <Data>CLR20r3</Data>
  <Data>Not available</Data>
  <Data>0</Data>
  <Data>setupchainerui.exe</Data>
  <Data>7.0.5000.0</Data>
  <Data>522a5b85</Data>
  <Data>mscorlib</Data>
  <Data>4.0.0.0</Data>
  <Data>53b4fc1e</Data>
  <Data>e4d</Data>
  <Data>5a</Data>
  <Data>System.FormatException</Data>
  <Data />
  <Data />
  <Data>C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_setupchainerui.e_9724aaa8eec4ffba07c27fea369e612e949d75_5b269652</Data>
  <Data />
  <Data>0</Data>
  <Data>65be21be-a7e9-11e4-a4d7-005056966e1b</Data>
  <Data>0</Data>
  </EventData>
  </Event>
  OpsMgrSetupWizard.log
  [13:48:16]:          
  Error:     :Uncaught Exception: Threw Exception.Type: System.FormatException, Exception Error Code: 0x80131537, Exception.Message: Input string was not in a correct format.
  [13:48:16]:          
  Error:     :StackTrace:  
  at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
     at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
     at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
     at Microsoft.SystemCenter.Essentials.SetupFramework.PropertyBagDictionary.GetProperty[T](String property)
     at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.ValidateBureaucraticSwitches()
     at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.RationalizeCommandLineArguments.ValidateSilentInstallCommandLineOptions()
     at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.RationalizeCommandLineArguments.Rationalize()
     at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.RationalizeGeneralInstall()
     at Microsoft.SystemCenter.Essentials.SetupFramework.Program.RationalizeInstall()
     at Microsoft.SystemCenter.Essentials.SetupFramework.Program.Main()
  Any ideas? I feel like I’m just going in circles…Bob

• System Center Service Manager Data Access Service Start Up Failure Due to SQL Configuration Change to Mix Mode

  Our SCSM Management Console, SCSM web Portal, every thing is down after we change SQL Authentication to Mix Mode Windows and SQL. After this we had revert back to Windows Authentication Single Mode and delete that account who was having DB_Owner access.
  Please help to resolve this issue. Thanks in advance
  Sajid H. A. Rashid Analyst Application Developer

  strange...
  What do you mean by everything is Down? Is the SDK (data access) service able to start?
  http://codebeaver.blogspot.dk/

• Managed Beans and Data Access Object

  I have a question / need help understanding how to configure backing bean and model objects so that memory and object creation/deletion is done as efficiently as possible.
  1. I have a .jsf page with a form and a commandbutton that submits the form inputs to a backing bean (enrollispbean is backing bean)
  <h:commandButton value="Enter" action="#{enrollispbean.insert}"/>
  2. The backing bean is used for form handling - the insert() method is used to read the data fields from the form and create a SQL string that will be submitted to a model object, DbInsert, that is used as a generic data access object that connects to the database and insert the SQL string:
  public class EnrollIspBean {
  private String beanvar1="";
  private String beanvar2= "";
  // DbInsert is data access object
  private DbInsert dbinsert = new DbInsert();
  public String insert (){
  String sqlstmt;
  sqlstmt = "INSERT INTO ispmain VALUES(beanvar1, beanvar2,..)"
  dbinsert.insert(sqlstmt);
  return "success"; }
  3. DbInsert is the data access object that contains a method, insert(), that accepts a sql string to insert into the database. This method contains the code to obtain a connection from the database connection pool and then execute the sql statement (note: error checking code not shown):
  public class DbInsert {
  public void insert(String sqlstmt) throws SQLException {
  Connection conn = null;
  GetDBConnection getdbconnection = new GetDBConnection();
  PreparedStatement stmt = null;
  conn = getdbconnection.getdbconn();
  stmt = conn.prepareStatement(sqlstmt);
  stmt.executeUpdate();
  stmt.close();
  conn.close();
  return;
  Where I need help understanding is how to set up the scope for the managed beans and data access object. Currently, I have the backing bean within the session scope (using the facesconfig.xml file). My main question is how to set up the scope for the Data Access Object - currently I do not have it as a managed bean within facesconfig.xml. Instead I am creating a new instance within the backing bean:
  private DbInsert dbinsert = new DbInsert();
  Is this the best way to do this? Will the DBInsert object now be tied to the session scope of the backing bean (i.e., when backing bean is deleted, the DbInsert object will be deleted from session scope as well.)
  Ideally I would like the data access object to be available as a shared object throughout the life of the application. When I was programming using a servlet approach, I would have created a servlet to load on startup. Now that I'm using java server faces, I'm confused about the scope / how to efficiently set up a data access object that I want to be available to all backing beans in the application.
  tnanks for any help understanding this.
  Tom

  I was thinking about setting the data access object as application scope so that it can be used by an backing bean to execute sql statements.
  If I do set it as application scope, however, if I do this, do I still need to declare a new instance of the object from within each bean that uses the object?
  For example do I need to declare a new instance of the data access object from within the bean? or, should I assume that there is always an instance of the bean available in the application scope, and if so, how do I reference it from within the bean?
  Bean Code:
  public class EnrollIspBean {
  // DbInsert is data access object
  private DbInsert dbinsert = new DbInsert();
  Finally, I understand performance may be an issue if I have one instance of the data access object available in the application scope - is there a way to make multiple instances available in the application scope?
  thanks

• UWC/CE 6.3 and Access Manager 7.1 SSO sometimes fails (seems like a bug)

  PREAMBULA: I started writing this post thinking that our AM SSO setup was at fault in some step. As I was gathering data, checking the doc-links and config files and finally sniffed the servers for HTTP dialogs, I grew pretty sure there's a bug in UWC/CE, AM SDK or Web Server Policy Agent, whatever implements the AM SSO session checking.
  In short, as written below, our "sunmail" server can POST a broken cookie to AM server, if the cookie originally contained a "plus" character. The "plus" is replaced by a "space", invalidating the session check. As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here. I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  Is there some known bug or workaround that matches this description?
  Nevertheless, for completeness' sake I kept the description of our setup. Maybe it's at fault after all :)
  We have an installation of JCS5 with the latest patches as of early July 2008. And as the subject implies, we have problems with AM SSO in UWC/CE web-interface. I have reported them before, then they seemed fixed (not occuring for several tests in a row), but as time has shown, something wrong is still there.
  So I'll try to go into deeper detail now, as we've may have overlooked some nuance... Then again, as my sniffer research below shows, this may be an engine bug and these setup details are irrelevant.
  Our setup is split into several Solaris 10 full-root zones hosted on several servers, some of the components are enroute to HA (perhaps we made some mistakes on this part of the way?)
  So, we have the following software stack:
  1) two MMR Directory Servers (DSEE 6.3 = DSEE 6.2 from JCS5 + 125278-07__DSEE_6.3__x86x64 + 125277-07__DSEE_6.3__x86_sol9 patches) working in zones on two different servers. Except for one time when a manually forced ZFS rollback corrupted one of the server instances, no problems here.
  2) two zones with Directory Proxy Servers (6.3, exact versions as above) running at port 389 provide the clients with an illusion that they have a stable Directory Server, even if one of the actual servers is currently rebooting ;)
  These DPS zones are hosted on two different servers as well and are primarily used by LDAP clients (JCS components) running in other zones on the same respective servers.
  3) A zone with Sun Web Server 7.0U1 and Access Manager 7.1 (+ 126357-01__AM71_x86 patch) and Delegated Admin 6.4-4.01 (from JCS5 + 121582-18__COMMCLI64__x86 patch).
  At the moment there is one such zone (named "cos-psam-01.domain.ru" in the logs below), but we expect(-ed) it to become two similar zones as per AM HA setup.
  Zones listed in (1-3) use private IP numbers, they belong in our internal DMZ.
  Zones listed in (4-5) below use public (routed) IP numbers, they belong in our external DMZ.
  4) A zone with Sun Web Server 7.0U1 used primarily as a reverse-proxy server (optionally with a load-balancer libpassthrough.so plugin) successfully used for other hosted projects. One of its configurations now passes connections from an externally routed IP address published as "psam.domain.ru" to "cos-psam-01.domain.ru", per AM HA setup, so HTTP clients believe they work with an Access Manager instance. This zone has a backend interface with a private IP address to communicate with the actual AM instance.
  In AM configuration (both LDAP and file-based) we have configured a site ID with the publicly known name and mentioned both names (psam and cos-psam-01) in organization's realm/dns aliases.
  5) A zone with the rest of the Sun Java Communications Suite 5, as in Messaging Server 6.3 (6.3-6.03 64-bit: ci-5.0-1.03_solx86_x64__Messaging_Server_6.3-2 + patch 126480-09__MSG63__x86-64), UWC/CE 6.3 (from JCS5 + 122794-17__UWC63-4.01_core__x86), Instant Messaging 7.2 (from JCS5 + 118790-29__IM72__x86-1 + 118787-28__IM72__x86-2), Calendar Server 6.3 (from JCS5 + 121658-28__iCS63__x86). The web-components (UWC/CE, IM, /httpbind) are deployed in a Sun Web Server 7.0U1 as well.
  This zone is named "sunmail.domain.ru" and has a routed IP address for direct external access to its servicess.
  The AM SDK part is also patched (126357-01__AM71_x86); it points to the load-balancer name ("psam.domain.ru") as an actual AM server.
  # imsimta version
  Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
  libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
  SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pc
  While setting up this server set we tried to use AM SSO as the user login method, but it works unreliably.
  "Unreliably" means that while most of the time entering a correct uid and password in Access Manager login page ("http://psam.domain.ru/amserver/UI/Login") does redirect a user back to "http://sunmail.domain.ru/uwc/auth" along with a new cookie, and the user is redirected again to his or her mailbox, sometimes the user receives the UWC/CE login page. Entering the same uid and password here does log him in, but it breaks the whole point of SSO and only increases the end-user routine required to log in :\
  We have also seen the "missing mail tab" problem - if the users point the browser to any hostname different from "sunmail.domain.ru" (i.e. www.mail.domain.ru which is equivalent in DNS), they have only the Address book, Calendar and Options tabs; no webmail. So far this is resolved by Policy Agent forcing The One name of the server.
  Here's the configuration we did specifically for AM SSO:
  1) in AMConfig.properties of "sunmail" and "cos-psam-01" we set up
  com.iplanet.am.cookie.encode=false
  am.encryption.pwd=<the same value>
  all hostname-related parameters point to "psam.domain.ru"
  2) in AMConfig.properties of "cos-psam-01" a number of FQDN equivalence entries are added (so it does not redirect to a server hostname unknown to visitors):
  com.sun.identity.server.fqdnMap[publicname-or-ip]=psam.domain.ru
  com.sun.identity.server.fqdnMap[cos-psam-01.domain.ru]=cos-psam-01.domain.ru
  3) in "msg.conf" on "sunmail" (entries added via configutil):
  local.webmail.sso.amcookiename = iPlanetDirectoryPro
  local.webmail.sso.amnamingurl = http://psam.domain.ru:80/amserver/namingservice
  local.webmail.sso.singlesignoff = yes
  local.webmail.sso.uwcenabled = 1
  service.http.ipsecurity = no
  (perhaps some more options are required? Looking for confirmation about: local.webmail.sso.uwclogouturl local.webmail.sso.uwccontexturi local.webmail.sso.uwchome service.http.allowadminproxy )
  4) Configured Web Policy Agent for Sun Web Server, so that users without an AM session are required to get one. Set up per [http://msg.wikidoc.info/index.php/AM_redirection_using_Policy_Agent], except that com.sun.am.policy.agents.config.notenforced_list points to the many names our server can go known by.
  5) Updated the logout URL in /opt/SUNWuwc/webmail/main.js:
  --- main.js.orig        Sat Jan 26 07:52:09 2008
  +++ main.js     Mon Jul 21 01:06:29 2008
  @@ -667,7 +667,8 @@
  function cleanup() {
     if(laurel)
  -      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +//      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +      top.window.location =  "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     else
         exec('logout', '', 'exit()')
  @@ -1707,7 +1708,8 @@
     if(lg) {
           url = document.location.href
           url = url.substr(0,url.indexOf('webmail'))
  -        uwcurl = url + 'base/UWCMain?op=logout'        
  +//      uwcurl = url + 'base/UWCMain?op=logout'        
  +        uwcurl = "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     exit()
  }6) Calendar SSO - per docs...
  According to ngrep sniffing,
  1) the browser goes to "http://sunmail.domain.ru/uwc/auth" without any cookies
  2) receives a redirect and goes to "http://psam.domain.ru/amserver/UI/Login?gotoOnFail=http://sunmail.domain.ru:80/uwc&goto=http%3A%2F%2Fsunmail.domain.ru%3A80%2Fuwc%2Fauth"; sends no cookies either.
  3) The first response from the "psam" server (as redirected from "cos-psam-01") sets a few cookies while rendering the login page:
  Set-cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; Path=/
  Set-cookie: AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: amlbcookie=02; Domain=.domain.ru; Path=/
  4) The browser requests the login page resources (javascripts, images, etc) using these cookies, as in this header line:
  Cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; amlbcookie=02
  5) The browser POSTs the login request to "/amserver/UI/Login" and receives a redirection to http://sunmail.domain.ru:80/uwc/auth
  Set-cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: AMAuthCookie=LOGOUT; Domain=.domain.ru; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
  6) The browser requests "http://sunmail.domain.ru/uwc/auth" using the newly set cookie (looks like the old one to me though):
  Cookie: amlbcookie=02; iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#
  7) The "sunmail" web-server checks the AM session validity with the same "psam.domain.ru". It sends a series of POSTs to /amserver/namingservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="685">
  <Request><![CDATA[
  <NamingRequest vers="1.0" reqid="324" sessid="AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#">
  <GetNamingProfile>
  </GetNamingProfile>
  </NamingRequest>]]>
  </Request>
  </RequestSet>(receives a large XML list of different Access Manager configuration parameters and URLs)
  ...then a double-request to /amserver/sessionservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="Session" reqid="686">
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="678">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]>
  </Request>
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="679">
  <AddSessionListener>
  <URL>http://sunmail.domain.ru:80/UpdateAgentCacheServlet?shortcircuit=false</URL>
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </AddSessionListener>
  </SessionRequest>]]>
  </Request>
  </RequestSet>As a result it receives an XML with a lot of user-specific information (the username, LDAP DN, preferred locale, auth module used, etc.)
  !!!*** Now, the problem part ***!!!
  8) And then "sunmail" POSTs a broken cookie to "psam" (note the space in mid-text, where the "plus" sign was previously). As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here.
  I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. I looked over the large XML responses to the two previous requests, whenever they mention the session cookie value, the "plus" is there.
  For the most detail I can provide, I'll even paste the whole HTTP packet:
  POST /amserver/sessionservice HTTP/1.1
  Proxy-agent: Sun-Java-System-Web-Server/7.0
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#;amlbcookie=null
  Content-type: text/xml;charset=UTF-8
  Content-length: 336
  Cache-control: no-cache
  Pragma: no-cache
  User-agent: Java/1.5.0_09
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Host: cos-psam-01.domain.ru
  Client-ip: 194.xxx.xxx.xxx
  Via: 1.1 https-weblb.domain.ru
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="258">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="254">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]></Request>
  </RequestSet> The server's error response is apparent:
  HTTP/1.1 200 OK
  Server: Sun-Java-System-Web-Server/7.0
  Date: Thu, 31 Jul 2008 05:49:50 GMT
  Content-type: text/html
  Transfer-encoding: chunked
  19b
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="258">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="254">
  <GetSession>
  <Exception>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=# Invalid session ID
  AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</Exception>
  </GetSession>
  </SessionResponse>]]></Response>
  </ResponseSet>On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  For reference, here's a working final request-response (one with a good cookie, as received by the load-balancer web-server). Request looks a bit different:
  POST /amserver/sessionservice HTTP/1.1
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#;amlbcookie=null
  Content-Type: text/xml;charset=UTF-8
  Content-Length: 379
  Cache-Control: no-cache
  Pragma: no-cache
  User-Agent: Java/1.5.0_09
  Host: psam.domain.ru
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="281">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="277">
  <SetProperty>
  <SessionID>AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#</SessionID>
  <Property name="uwcstatus" value="active"></Property>
  </SetProperty>
  </SessionRequest>]]></Request>
  </RequestSet> ...and the response is OK:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="281">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="277">
  <SetProperty>
  <OK></OK>
  </SetProperty>
  </SessionResponse>]]></Response>
  </ResponseSet>

  There have been a few reports of the same behaviour with other customers - specifically with the handling of the encoding of "+" characters to " ". It relates to how cookie encoding/decoding is performed (as you have already observed).
  The solution for these customers was the following:
  => AM server/client side:
  Ensure that com.iplanet.am.cookie.encode=false in AMConfig.properties and AMAgent.properties on all systems.
  => AM client (UWC) side:
  - Set <property name="encodeCookies" value="false"/> in /var/opt/SUNWuwc/WEB-INF/sun-web.xml. This will prevent UWC from trying to urldecode the cookie it receives and therefore stops it turning the + into a space e.g.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'file:///net/wajra.india.sun.com/export/share/dtd/sun-web-app_2_3-1.dtd'>
  <sun-web-app>
     <property name="encodeCookies" value="false"/>
     <session-config>
        <session-manager/>
     </session-config>
     <jsp-config/>
  <property name="allowLinking" value="true" />
  </sun-web-app>Regards,
  Shane.

• Problem with second instance of access manager

  Well, after sorting out things with the first install of access manager, I went on to install a second instance on a different host (it's required for delegated admin..)
  Here are the options I used on install:
  Access Manager: Administration (1 of 6)
  Administrator User ID: amAdmin
  Administrator Password [] {"<" goes back, "!" exits}:
  Retype Password [] {"<" goes back, "!" exits}:
  LDAP User ID: amldapuser
  LDAP Password [] {"<" goes back, "!" exits}:
  Retype Password [] {"<" goes back, "!" exits}:
  Password Encryption Key [gFoe4t8UlUW3wEApngAY3S8bCQFVMlGk] {"<" goes back,
  "!" exits}: weW5jtopMLQsODiBZDp+hlEp1/CtbiXX
  Install type (Realm/Legacy) Mode [Legacy] {"<" goes back, "!" exits}:
  Access Manager: Web Container (2 of 6)
  1. Sun Java System Application Server
  2. Sun Java System Web Server
  Select the container to deploy the component and hit enter key [2] {"<" goes
  back, "!" exits}
  Access Manager: Sun Java System Web Server (3 of 6)
  Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
  Web Server Instance Directory [opt/SUNWwbsvr/https-zone2.corenode.com] {"<"
  goes back, "!" exits}:
  Web Server Port [80] {"<" goes back, "!" exits}:
  Document Root Directory [opt/SUNWwbsvr/docs] {"<" goes back, "!" exits}:
  Secure Server Instance Port [No] {"<" goes back, "!" exits}:
  Access Manager: Web Container for running Access Manager Services(4 of 6)
  Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
  Services Deployment URI [amserver] {"<" goes back, "!" exits}:
  Common Domain Deployment URI [amcommon] {"<" goes back, "!" exits}:
  Cookie Domain(Assure it is not a top level domain) [.corenode.com] {"<" goes
  back, "!" exits}:
  Administration Console [Yes] {"<" goes back, "!" exits}:
  Console Deployment URI [amconsole] {"<" goes back, "!" exits}:
  Password Deployment URI [ampassword] {"<" goes back, "!" exits}:
  Access Manager: Directory Server Information (5 of 6)
  Directory Server Host [] {"<" goes back, "!" exits}: zone1.corenode.com
  Directory Server Port [] {"<" goes back, "!" exits}: 389
  Directory Root Suffix [dc=corenode,dc=com] {"<" goes back, "!" exits}:
  Directory Manager DN [cn=Directory Manager] {"<" goes back, "!" exits}:
  Directory Manager Password [] {"<" goes back, "!" exits}:
  Access Manager: Directory Server Information (6 of 6)
  Is Directory Server provisioned with user data [No] {"<" goes back, "!"
  exits}? Yes
  Organization Marker Object Class [sunISManagedOrganization] {"<" goes back,
  "!" exits}:
  Organization Naming Attribute [o] {"<" goes back, "!" exits}:
  User Marker Object Class [inetorgperson] {"<" goes back, "!" exits}:
  User Naming Attribute [uid] {"<" goes back, "!" exits}:
  Yes, I am using the same key as was used on host1 for access manager. Yes, access manager on host 1 is quite functional right now. Yes, that directory server works. Now I'm really stumped on what to do! Everything in JES seems to work great except access manager, the exceptions it throws really don't help any at all in troubleshooting.
  Any ideas?

  More info from error logs:
  # pwd
  /var/opt/SUNWam/debug
  # tail -200 amAuth
  04/12/2006 09:56:47:127 AM HST: Thread[main,5,main]
  ERROR: AuthD failed to get auth session
  04/12/2006 09:56:47:165 AM HST: Thread[main,5,main]
  ERROR: AuthD init()
  com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
  at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:709)
  at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
  at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
  at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  # tail -200 amSession
  04/12/2006 09:56:47:098 AM HST: Thread[main,5,main]
  ERROR: SessionService.SessionService(): Initialization Failed
  com.iplanet.services.naming.ServerEntryNotFoundException: Cannot find server ID.
  at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:350)
  at com.iplanet.dpro.session.service.SessionService.<init>(SessionService.java:1540)
  at com.iplanet.dpro.session.service.SessionService.getSessionService(SessionService.java:382)
  at com.sun.identity.authentication.service.AuthD.getSS(AuthD.java:685)
  at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
  at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
  at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
  at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  04/12/2006 09:56:47:126 AM HST: Thread[main,5,main]
  ERROR: Error creating service session
  java.lang.NullPointerException
  at com.iplanet.dpro.session.service.SessionService.generateEncryptedID(SessionService.java:588)
  at com.iplanet.dpro.session.service.SessionService.generateSessionId(SessionService.java:612)
  at com.iplanet.dpro.session.service.SessionService.newInternalSession(SessionService.java:557)
  at com.iplanet.dpro.session.service.SessionService.getServiceSession(SessionService.java:501)
  at com.iplanet.dpro.session.service.SessionService.getAuthenticationSession(SessionService.java:408)
  at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
  at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
  at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
  at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  #

• Too  Slow - Domino 6.5.4  with access manager agent 2.2 ?

  I don't know how to tune Domino 6.5.4 with access manager agent 2.2?
  I think AMAgent.properties is not good for SSO.
  Please help me to tune it.
  # $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
  # Copyright ? 2002 Sun Microsystems, Inc. All rights reserved.
  # U.S. Government Rights - Commercial software. Government users are
  # subject to the Sun Microsystems, Inc. standard license agreement and
  # applicable provisions of the FAR and its supplements. Use is subject to
  # license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
  # trademarks or registered trademarks of Sun Microsystems, Inc. in the
  # U.S. and other countries.
  # Copyright ? 2002 Sun Microsystems, Inc. Tous droits r&#38303;erv&#38303;.
  # Droits du gouvernement am&#38302;icain, utlisateurs gouvernmentaux - logiciel
  # commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
  # licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
  # vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl&#38297;ents
  # ? celles-ci.
  # Distribu? par des licences qui en restreignent l'utilisation. Sun, Sun
  # Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
  # marques d&#38300;os&#38289;s de Sun Microsystems, Inc. aux Etats-Unis et dans
  # d'autres pays.
  # The syntax of this file is that of a standard Java properties file,
  # see the documentation for the java.util.Properties.load method for a
  # complete description. (CAVEAT: The SDK in the parser does not currently
  # support any backslash escapes except for wrapping long lines.)
  # All property names in this file are case-sensitive.
  # NOTE: The value of a property that is specified multiple times is not
  # defined.
  # WARNING: The contents of this file are classified as an UNSTABLE
  # interface by Sun Microsystems, Inc. As such, they are subject to
  # significant, incompatible changes in any future release of the
  # software.
  # The name of the cookie passed between the Access Manager
  # and the SDK.
  # WARNING: Changing this property without making the corresponding change
  # to the Access Manager will disable the SDK.
  com.sun.am.cookie.name = iPlanetDirectoryPro
  # The URL for the Access Manager Naming service.
  com.sun.am.naming.url = http://sportal.yjy.dqyt.petrochina:80/amserver/namingservice
  # The URL of the login page on the Access Manager.
  com.sun.am.policy.am.login.url = http://sportal.yjy.dqyt.petrochina:80/amserver/UI/Login
  # Name of the file to use for logging messages.
  com.sun.am.policy.agents.config.local.log.file = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAgent
  # This property is used for Log Rotation. The value of the property specifies
  # whether the agent deployed on the server supports the feature of not. If set
  # to false all log messages are written to the same file.
  com.sun.am.policy.agents.config.local.log.rotate = true
  # Name of the Access Manager log file to use for logging messages to
  # Access Manager.
  # Just the name of the file is needed. The directory of the file
  # is determined by settings configured on the Access Manager.
  com.sun.am.policy.agents.config.remote.log = amAuthLog.Dominoad.yjy.dqyt.petrochina.80
  # Set the logging level for the specified logging categories.
  # The format of the values is
  #     <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
  # The currently used module names are: AuthService, NamingService,
  # PolicyService, SessionService, PolicyEngine, ServiceEngine,
  # Notification, PolicyAgent, RemoteLog and all.
  # The all module can be used to set the logging level for all currently
  # none logging modules. This will also establish the default level for
  # all subsequently created modules.
  # The meaning of the 'Level' value is described below:
  #     0     Disable logging from specified module*
  #     1     Log error messages
  #     2     Log warning and error messages
  #     3     Log info, warning, and error messages
  #     4     Log debug, info, warning, and error messages
  #     5     Like level 4, but with even more debugging messages
  # 128     log url access to log file on AM server.
  # 256     log url access to log file on local machine.
  # If level is omitted, then the logging module will be created with
  # the default logging level, which is the logging level associated with
  # the 'all' module.
  # for level of 128 and 256, you must also specify a logAccessType.
  # *Even if the level is set to zero, some messages may be produced for
  # a module if they are logged with the special level value of 'always'.
  com.sun.am.log.level =
  # The org, username and password for Agent to login to AM.
  com.sun.am.policy.am.username = UrlAccessAgent
  com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
  # Name of the directory containing the certificate databases for SSL.
  com.sun.am.sslcert.dir = c:/Sun/Access_Manager/Agents/2.2/domino/cert
  # Set this property if the certificate databases in the directory specified
  # by the previous property have a prefix.
  com.sun.am.certdb.prefix =
  # Should agent trust all server certificates when Access Manager
  # is running SSL?
  # Possible values are true or false.
  com.sun.am.trust_server_certs = true
  # Should the policy SDK use the Access Manager notification
  # mechanism to maintain the consistency of its internal cache? If the value
  # is false, then a polling mechanism is used to maintain cache consistency.
  # Possible values are true or false.
  com.sun.am.notification.enable = true
  # URL to which notification messages should be sent if notification is
  # enabled, see previous property.
  com.sun.am.notification.url = http://Dominoad.yjy.dqyt.petrochina:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
  # This property determines whether URL string case sensitivity is
  # obeyed during policy evaluation
  com.sun.am.policy.am.url_comparison.case_ignore = true
  # This property determines the amount of time (in minutes) an entry
  # remains valid after it has been added to the cache. The default
  # value for this property is 3 minutes.
  com.sun.am.policy.am.polling.interval=3
  # This property allows the user to configure the User Id parameter passed
  # by the session information from the access manager. The value of User
  # Id will be used by the agent to set the value of REMOTE_USER server
  # variable. By default this parameter is set to "UserToken"
  com.sun.am.policy.am.userid.param=UserToken
  # Profile attributes fetch mode
  # String attribute mode to specify if additional user profile attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user profile attributes will be introduced.
  # HTTP_HEADER - additional user profile attributes will be introduced into
  # HTTP header.
  # HTTP_COOKIE - additional user profile attributes will be introduced through
  # cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
  # The user profile attributes to be added to the HTTP header. The
  # specification is of the format ldap_attribute_name|http_header_name[,...].
  # ldap_attribute_name is the attribute in data store to be fetched and
  # http_header_name is the name of the header to which the value needs
  # to be assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-
  number,c|country
  # Session attributes mode
  # String attribute mode to specify if additional user session attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user session attributes will be introduced.
  # HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
  # HTTP_COOKIE - additional user session attributes will be introduced through cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
  # The session attributes to be added to the HTTP header. The specification is
  # of the format session_attribute_name|http_header_name[,...].
  # session_attribute_name is the attribute in session to be fetched and
  # http_header_name is the name of the header to which the value needs to be
  # assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.session.attribute.map=
  # Response Attribute Fetch Mode
  # String attribute mode to specify if additional user response attributes should
  # be introduced into the request. Possible values are:
  # NONE - no additional user response attributes will be introduced.
  # HTTP_HEADER - additional user response attributes will be introduced into
  # HTTP header.
  # HTTP_COOKIE - additional user response attributes will be introduced through
  # cookies.
  # If not within these values, it will be considered as NONE.
  com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
  # The response attributes to be added to the HTTP header. The specification is
  # of the format response_attribute_name|http_header_name[,...].
  # response_attribute_name is the attribute in policy response to be fetched and
  # http_header_name is the name of the header to which the value needs to be
  # assigned.
  # NOTE: In most cases, in a destination application where a "http_header_name"
  # shows up as a request header, it will be prefixed by HTTP_, and all
  # lower case letters will become upper case, and any - will become _;
  # For example, "common-name" would become "HTTP_COMMON_NAME"
  com.sun.am.policy.agents.config.response.attribute.map=
  # The cookie name used in iAS for sticky load balancing
  com.sun.am.policy.am.lb.cookie.name = GX_jst
  # indicate where a load balancer is used for Access Manager
  # services.
  # true | false
  com.sun.am.load_balancer.enable = false
  ####Agent Configuration####
  # this is for product versioning, please do not modify it
  com.sun.am.policy.agents.config.version=2.2
  # Set the url access logging level. the choices are
  # LOG_NONE - do not log user access to url
  # LOG_DENY - log url access that was denied.
  # LOG_ALLOW - log url access that was allowed.
  # LOG_BOTH - log url access that was allowed or denied.
  com.sun.am.policy.agents.config.audit.accesstype = LOG_DENY
  # Agent prefix
  com.sun.am.policy.agents.config.agenturi.prefix = http://Dominoad.yjy.dqyt.petrochina:80/amagent
  # Locale setting.
  com.sun.am.policy.agents.config.locale = en_US
  # The unique identifier for this agent instance.
  com.sun.am.policy.agents.config.instance.name = unused
  # Do SSO only
  # Boolean attribute to indicate whether the agent will just enforce user
  # authentication (SSO) without enforcing policies (authorization)
  com.sun.am.policy.agents.config.do_sso_only = true
  # The URL of the access denied page. If no value is specified, then
  # the agent will return an HTTP status of 403 (Forbidden).
  com.sun.am.policy.agents.config.accessdenied.url =
  # This property indicates if FQDN checking is enabled or not.
  com.sun.am.policy.agents.config.fqdn.check.enable = true
  # Default FQDN is the fully qualified hostname that the users should use
  # in order to access resources on this web server instance. This is a
  # required configuration value without which the Web server may not
  # startup correctly.
  # The primary purpose of specifying this property is to ensure that if
  # the users try to access protected resources on this web server
  # instance without specifying the FQDN in the browser URL, the Agent
  # can take corrective action and redirect the user to the URL that
  # contains the correct FQDN.
  # This property is set during the agent installation and need not be
  # modified unless absolutely necessary to accommodate deployment
  # requirements.
  # WARNING: Invalid value for this property can result in the Web Server
  # becoming unusable or the resources becoming inaccessible.
  # See also: com.sun.am.policy.agents.config.fqdn.check.enable,
  # com.sun.am.policy.agents.config.fqdn.map
  com.sun.am.policy.agents.config.fqdn.default = Dominoad.yjy.dqyt.petrochina
  # The FQDN Map is a simple map that enables the Agent to take corrective
  # action in the case where the users may have typed in an incorrect URL
  # such as by specifying partial hostname or using an IP address to
  # access protected resources. It redirects the browser to the URL
  # with fully qualified domain name so that cookies related to the domain
  # are received by the agents.
  # The format for this property is:
  # com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
  # This property can also be used so that the agents use the name specified
  # in this map instead of the web server's actual name. This can be
  # accomplished by doing the following.
  # Say you want your server to be addressed as xyz.hostname.com whereas the
  # actual name of the server is abc.hostname.com. The browsers only knows
  # xyz.hostname.com and you have specified polices using xyz.hostname.com at
  # the Access Manager policy console, in this file set the mapping as
  # com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
  # Another example is if you have multiple virtual servers say rst.hostname.com,
  # uvw.hostname.com and xyz.hostname.com pointing to the same actual server
  # abc.hostname.com and each of the virtual servers have their own policies
  # defined, then the fqdnMap should be defined as follows:
  # com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
  # WARNING: Invalid value for this property can result in the Web Server
  # becoming unusable or the resources becoming inaccessible.
  com.sun.am.policy.agents.config.fqdn.map =
  # Cookie Reset
  # This property must be set to true, if this agent needs to
  # reset cookies in the response before redirecting to
  # Access Manager for Authentication.
  # By default this is set to false.
  # Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
  com.sun.am.policy.agents.config.cookie.reset.enable=false
  # This property gives the comma separated list of Cookies, that
  # need to be included in the Redirect Response to Access Manager.
  # This property is used only if the Cookie Reset feature is enabled.
  # The Cookie details need to be specified in the following Format
  # name[=value][;Domain=value]
  # If "Domain" is not specified, then the default agent domain is
  # used to set the Cookie.
  # Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
  # token=value;Domain=subdomain.domain.com
  com.sun.am.policy.agents.config.cookie.reset.list=
  # This property gives the space separated list of domains in
  # which cookies have to be set in a CDSSO scenario. This property
  # is used only if CDSSO is enabled.
  # If this property is left blank then the fully qualified cookie
  # domain for the agent server will be used for setting the cookie
  # domain. In such case it is a host cookie instead of a domain cookie.
  # Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
  com.sun.am.policy.agents.config.cookie.domain.list=
  # user id returned if accessing global allow page and not authenticated
  com.sun.am.policy.agents.config.anonymous_user=anonymous
  # Enable/Disable REMOTE_USER processing for anonymous users
  # true | false
  com.sun.am.policy.agents.config.anonymous_user.enable=false
  # Not enforced list is the list of URLs for which no authentication is
  # required. Wildcards can be used to define a pattern of URLs.
  # The URLs specified may not contain any query parameters.
  # Each service have their own not enforced list. The service name is suffixed
  # after "# com.sun.am.policy.agents.notenforcedList." to specify a list
  # for a particular service. SPACE is the separator between the URL.
  com.sun.am.policy.agents.config.notenforced_list = http://dominoad.yjy.dqyt.petrochina/*.nsf http://dominoad.yjy.dqyt.petrochina/teamroom.nsf/TROutline.gif?
  OpenImageResource http://dominoad.yjy.dqyt.petrochina/icons/*.gif
  # Boolean attribute to indicate whether the above list is a not enforced list
  # or an enforced list; When the value is true, the list means enforced list,
  # or in other words, the whole web site is open/accessible without
  # authentication except for those URLs in the list.
  com.sun.am.policy.agents.config.notenforced_list.invert = false
  # Not enforced client IP address list is a list of client IP addresses.
  # No authentication and authorization are required for the requests coming
  # from these client IP addresses. The IP address must be in the form of
  # eg: 192.168.12.2 1.1.1.1
  com.sun.am.policy.agents.config.notenforced_client_ip_list =
  # Enable POST data preservation; By default it is set to false
  com.sun.am.policy.agents.config.postdata.preserve.enable = false
  # POST data preservation : POST cache entry lifetime in minutes,
  # After the specified interval, the entry will be dropped
  com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
  # Cross-Domain Single Sign On URL
  # Is CDSSO enabled.
  com.sun.am.policy.agents.config.cdsso.enable=false
  # This is the URL the user will be redirected to for authentication
  # in a CDSSO Scenario.
  com.sun.am.policy.agents.config.cdcservlet.url =
  # Enable/Disable client IP address validation. This validate
  # will check if the subsequent browser requests come from the
  # same ip address that the SSO token is initially issued against
  com.sun.am.policy.agents.config.client_ip_validation.enable = false
  # Below properties are used to define cookie prefix and cookie max age
  com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
  com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
  # Logout URL - application's Logout URL.
  # This URL is not enforced by policy.
  # if set, agent will intercept this URL and destroy the user's session,
  # if any. The application's logout URL will be allowed whether or not
  # the session destroy is successful.
  com.sun.am.policy.agents.config.logout.url=
  #http://sportal.yjy.dqyt.petrochina/amserver/UI/Logout
  # Any cookies to be reset upon logout in the same format as cookie_reset_list
  com.sun.am.policy.agents.config.logout.cookie.reset.list =
  # By default, when a policy decision for a resource is needed,
  # agent gets and caches the policy decision of the resource and
  # all resource from the root of the resource down, from the Access Manager.
  # For example, if the resource is http://host/a/b/c, the the root of the
  # resource is http://host/. This is because more resources from the
  # same path are likely to be accessed subsequently.
  # However this may take a long time the first time if there
  # are many many policies defined under the root resource.
  # To have agent get and cache the policy decision for the resource only,
  # set the following property to false.
  com.sun.am.policy.am.fetch_from_root_resource = true
  # Whether to get the client's hostname through DNS reverse lookup for use
  # in policy evaluation.
  # It is true by default, if the property does not exist or if it is
  # any value other than false.
  com.sun.am.policy.agents.config.get_client_host_name = false
  # The following property is to enable native encoding of
  # ldap header attributes forwarded by agents. If set to true
  # agent will encode the ldap header value in the default
  # encoding of OS locale. If set to false ldap header values
  # will be encoded in UTF-8
  com.sun.am.policy.agents.config.convert_mbyte.enable = false
  #When the not enforced list or policy has a wildcard '*' character, agent
  #strips the path info from the request URI and uses the resulting request
  #URI to check against the not enforced list or policy instead of the entire
  #request URI, in order to prevent someone from getting access to any URI by
  #simply appending the matching pattern in the policy or not enforced list.
  #For example, if the not enforced list has the value http://host/*.gif,
  #stripping the path info from the request URI will prevent someone from
  #getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
  #However when a web server (for exmample apache) is configured to be a reverse
  #proxy server for a J2EE application server, path info is interpreted in a different
  #manner since it maps to a resource on the proxy instead of the app server.
  #This prevents the not enforced list or policy from being applied to part of
  #the URI below the app serverpath if there is a wildcard character. For example,
  #if the not enforced list has value http://host/webapp/servcontext/* and the
  #request URL is http://host/webapp/servcontext/example.jsp the path info
  #is /servcontext/example.jsp and the resulting request URL with path info stripped
  #is http://host/webapp, which will not match the not enforced list. By setting the
  #following property to true, the path info will not be stripped from the request URL
  #even if there is a wild character in the not enforced list or policy.
  #Be aware though that if this is set to true there should be nothing following the
  #wildcard character '*' in the not enforced list or policy, or the
  #security loophole described above may occur.
  com.sun.am.policy.agents.config.ignore_path_info = false
  # Override the request url given by the web server with
  # the protocol, host or port of the agent's uri specified in
  # the com.sun.am.policy.agents.agenturiprefix property.
  # These may be needed if the agent is sitting behind a ssl off-loader,
  # load balancer, or proxy, and either the protocol (HTTP scheme),
  # hostname, or port of the machine in front of agent which users go through
  # is different from the agent's protocol, host or port.
  com.sun.am.policy.agents.config.override_protocol =
  com.sun.am.policy.agents.config.override_host =
  com.sun.am.policy.agents.config.override_port =
  # Override the notification url in the same way as other request urls.
  # Set this to true if any one of the override properties above is true,
  # and if the notification url is coming through the proxy or load balancer
  # in the same way as other request url's.
  com.sun.am.policy.agents.config.override_notification.url =
  # The following property defines how long to wait in attempting
  # to connect to an Access Manager AUTH server.
  # The default value is 2 seconds. This value needs to be increased
  # when receiving the error "unable to find active Access Manager Auth server"
  com.sun.am.policy.agents.config.connection_timeout =
  # Time in milliseconds the agent will wait to receive the
  # response from Access Manager. After the timeout, the connection
  # will be drop.
  # A value of 0 means that the agent will wait until receiving the response.
  # WARNING: Invalid value for this property can result in
  # the resources becoming inaccessible.
  com.sun.am.receive_timeout = 0
  # The three following properties are for IIS6 agent only.
  # The two first properties allow to set a username and password that will be
  # used by the authentication filter to pass the Windows challenge when the Basic
  # Authentication option is selected in Microsoft IIS 6.0. The authentication
  # filter is named amiis6auth.dll and is located in
  # Agent_installation_directory/iis6/bin. It must be installed manually on
  # the web site ("ISAPI Filters" tab in the properties of the web site).
  # It must also be uninstalled manually when unintalling the agent.
  # The last property defines the full path for the authentication filter log file.
  com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
  com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
  com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAuthFilter

  Hi,
  I installed opensso (so Sun Java(TM) System Access Manager 7.5) and the agent for Domino 6.5.4 and I have the message in logs "amAgent"
  2007-07-11 18:40:16.119 Error 1708:3dbcf768 PolicyAgent: render_response(): Entered.
  I have the box to identify but it doesnot connect me on my opensso server.
  It still identify with Domino's server
  Thanks for your response
  Thomas

• Failed to open the console and System Center Data Access Service wont start - SCOM 2012

  Log Name: Operations Manager
  Source: Data AccessLayer
  Event ID: 33333
  Data Access Layer rejected retry on SqlError:
   Request: ManagementGroupInfo
   Class: 16
   Number: 208
   Message: Invalid object name 'dbo.__MOMManagementGroupInfo__'.
  =============================================================
  Log Name: Operations Manager
  Source: OpsMgr SDK Service
  Event ID: 26380
  The System Center Data Access service failed due to an unhandled exception.  
  The service will attempt to restart.
  Exception:
  Microsoft.EnterpriseManagement.Common.SdkServiceNotInitializedException: The Data Access service has not yet initialized. Please try again.
     at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.get_Container()
     at Microsoft.EnterpriseManagement.Mom.Sdk.Service.SdkSubService.SdkChannel.Start()
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
     at System.Threading._ThreadPoolWaitCallback.PerformWaitCallbackInternal(_ThreadPoolWaitCallback tpWaitCallBack)
     at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object state)
  =============================================================
  Failed to connect to server ' xxxxx'
  Date: 16/09/2013 20:36:16
  Application: Operations Manager
  Application Version: 7.0.8560.0
  Severity: Error
  Message: Failed to connect to server 'xxxxxx'
  Microsoft.EnterpriseManagement.Common.ServiceNotRunningException: The Data Access service is either not running or not yet initialized. Check the event log for more information. ---> System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://xxxxx:5724/DispatcherService.
  The connection attempt lasted for a time span of 00:00:02.0020300. TCP error code 10061: No connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:5724.  ---> System.Net.Sockets.SocketException: No connection could
  be made because the target machine actively refused it xxx.xxx.xxx.xxx:5724
     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
     at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace:
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
     at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
     at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.EnterpriseManagement.Common.Internal.IDispatcherService.Connect(SdkClientConnectionOptions connectionOptions)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.Initialize(EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.CreateEndpoint[T](EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
     --- End of inner exception stack trace ---
     at Microsoft.EnterpriseManagement.Common.Internal.ExceptionHandlers.HandleChannelExceptions(Exception ex)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.CreateEndpoint[T](EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.ConstructEnterpriseManagementGroupInternal[T,P](EnterpriseManagementConnectionSettings connectionSettings, ClientDataAccessCore clientCallback)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.RetrieveEnterpriseManagementGroupInternal[T,P](EnterpriseManagementConnectionSettings connectionSettings, ClientDataAccessCore callbackDispatcherService)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.Connect[T,P](EnterpriseManagementConnectionSettings connectionSettings, ClientDataAccessCore callbackDispatcherService)
     at Microsoft.EnterpriseManagement.ManagementGroup.InternalInitialize(EnterpriseManagementConnectionSettings connectionSettings, ManagementGroupInternal internals)
     at Microsoft.EnterpriseManagement.Mom.Internal.UI.Common.ManagementGroupSessionManager.Connect(String server)
     at Microsoft.EnterpriseManagement.Monitoring.Console.Internal.ConsoleWindowBase.TryConnectToManagementGroupJob(Object sender, ConsoleJobEventArgs args)
  System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://xxxxx:5724/DispatcherService. The connection attempt lasted for a time span of 00:00:02.0020300. TCP error code 10061: No connection could be made because the target machine actively
  refused it xxx.xxx.xxx.xxx:5724.  ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:5724
     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
     at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace:
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
     at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
     at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.EnterpriseManagement.Common.Internal.IDispatcherService.Connect(SdkClientConnectionOptions connectionOptions)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.Initialize(EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.CreateEndpoint[T](EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
  System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:5724
     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
     at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
  =============================================================
  Log Name: Operations Manager
  Source: OpsMgr Root Connector
  Event ID: 28001
  The Root connector received an exception from the Config Service on StateSyncRequest:
  System.Runtime.Remoting.RemotingException: Failed to connect to an IPC Port: The system cannot find the file specified.
  Server stack trace:
     at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)
     at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)
     at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
     at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.EnterpriseManagement.Mom.Internal.IConfigService.OnStateSyncRequest(Guid source, UInt64 messageIdentifier, String cookie)
     at Microsoft.Mom.Connectors.Root.RootConnector.OnStateSyncRequest(Guid source, UInt64 messageIdentifier, String cookie)
  ================================================================
  Log Name: Operations Manager
  Source: OpsMgr Management Configuration
  Event ID: 29105
   The management group is not yet fully upgraded. OpsMgr Management Configuration Service will idle until upgrade is completed.
   Operations Manager database version: 1.0.0.0
   Minimum required version: 7.0.0.0

  Yes, i change the credentials, but doesnt work.
  Yes, i put the events in the
  main question!
  Events Logs:
  =======================================================
  Log Name: Operations Manager
  Source: Data AccessLayer
  Event ID: 33333
  Data Access Layer rejected retry on SqlError:
   Request: ManagementGroupInfo
   Class: 16
   Number: 208
   Message: Invalid object name 'dbo.__MOMManagementGroupInfo__'.
  =======================================================
  Log Name: Operations Manager
  Source: OpsMgr SDK Service
  Event ID: 26380
  The System Center Data Access service failed due to an unhandled exception.  
  The service will attempt to restart.
  Exception:
  Microsoft.EnterpriseManagement.Common.SdkServiceNotInitializedException: The Data Access service has not yet initialized. Please try again.
     at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.get_Container()
     at Microsoft.EnterpriseManagement.Mom.Sdk.Service.SdkSubService.SdkChannel.Start()
     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
     at System.Threading._ThreadPoolWaitCallback.PerformWaitCallbackInternal(_ThreadPoolWaitCallback tpWaitCallBack)
     at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object state)
  =======================================================
  Log Name: Operations Manager
  Source: OpsMgr Root Connector
  Event ID: 28001
  The Root connector received an exception from the Config Service on StateSyncRequest:
  System.Runtime.Remoting.RemotingException: Failed to connect to an IPC Port: The system cannot find the file specified.
  Server stack trace:
     at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)
     at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)
     at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
     at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.EnterpriseManagement.Mom.Internal.IConfigService.OnStateSyncRequest(Guid source, UInt64 messageIdentifier, String cookie)
     at Microsoft.Mom.Connectors.Root.RootConnector.OnStateSyncRequest(Guid source, UInt64 messageIdentifier, String cookie)
  =======================================================
  Log Name: Operations Manager
  Source: OpsMgr Management Configuration
  Event ID: 29105
   The management group is not yet fully upgraded. OpsMgr Management Configuration Service will idle until upgrade is completed.
   Operations Manager database version: 1.0.0.0
   Minimum required version: 7.0.0.0

• Service Manager data warehouse management server Installation fails

  Hi there,
  In Virtual Machine Windows Server 2012 R2 Standard with my user being a Local Admin and SQL Admin. I tried to do a Service Manager data warehouse management server
  first installation I am facing the following image as error:
  In the event viewer I get the following error:
  "Microsoft System Center 2012 R2 Service Manager -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 25211
  The arguments are: -2147024809, The parameter is incorrect."
  In the Setup log, some of the errors are:
  WixRemoveFoldersEx:  Entering WixRemoveFoldersEx in C:\Windows\Installer\MSI35E.tmp, version 3.7.1224.0
  WixRemoveFoldersEx:  Error 0x80070057: Missing folder property: PSCONFIGFOLDER.A591E3B4_D228_431D_BF89_99D52C8FFB76 for row: wrf4582BC4C5CC47B1D2380408CD7A752DC.A591E3B4_D228_431D_BF89_99D52C8FFB76
  CustomAction WixRemoveFoldersEx.A591E3B4_D228_431D_BF89_99D52C8FFB76 returned actual error code 1603 but will be translated to success due to continue marking
  CAStartServices: CAStartServices was passed . OMCFG
  CAStartServices: Checking if service already started. OMCFG
  CAStartServices: Attempting to start service. OMCFG
  CAStartServices: StartService failed. Error Code: 0x8007042D.
  ConfigureSDKConfigService: CAStartServices failed, trying again.... Error Code: 0x8007042D. OMCFG
  Action start 17:47:05: _SetHealthServiceConfig.80B659D9_F758_4E7D_B4FA_E53FC737DCC9.
  GetMsiFeatureState: Failed to get feature state. Error Code: 0x80070646. MOMServer
  MSI (s) (EC!4C) [17:47:05:483]: Note: 1: 2711 2: MOMGateway
  SetHealthServiceConfig: Failed to get Feature State.. Error Code: 0x80070646. MOMServer
  GetMsiFeatureState: Failed to get feature state. Error Code: 0x80070646. MOMGateway
  I have checked the following post but it did not help me:
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/c42bb04d-a51e-4037-a8a3-37d714d6faac/scsm-management-server-installation-fails?forum=systemcenterservicemanager
  Could you please help me with this issue?
  Thanks a lot,
  M

  Hi,
  Sorry I cannot post the full log. I have found also these errors in the log:
  Calling custom action CAManaged!Microsoft.MOMv3.Setup.MOMv3ManagedCAs.RegisterSdkSCP
  RegisterSdkSCP: There is no previous serviceConnectionPoint
  RegisterSdkSCP: Creating New serviceConnectionPoint
  RegisterSdkSCP: Adding ACL for current user: DOMAIN\InstallationAccount
  RegisterSdkSCP: Adding ACL for SM Admini: DOMAIN\SCSMDWadmins
  RegisterSdkSCP: Error: Access is denied.
  InstallCounters: LoadPerfCounterTextStrings() failed . Error Code: 0x80070057. momv3 "D:\Program Files\Microsoft System Center 2012 R2\Service Manager\MOMConnectorCounters.ini"
  InstallPerfCountersHelper: pcCounterInstaller->InstallCounters() for the default counters failed. Error Code: 0x80070057. MOMConnector
  InstallPerfCountersLib: InstallHealthServicePerfCounters() failed . Error Code: 0x80070057.
  InstallPerfCountersLib: Retry Count : .
  InstallHSPerfCounters: Failed to install agent perf counters. Error Code: 0x80070057.
  Thanks for your reply.

• Sun Java System Access Manager 7.1 config. failed during installation

  {color:#0000ff}Hi,
  I have installed sun java communication suite 5 on a single host on sun solaris 10.
  I have installed required packages and it works fine.
  But as per organization need, I have to change domain name.
  So i have uninstalled everything and tried to install again with new domain name.
  I have made proper entries in hosts file and resolve.conf file.
  But duing the first phase of installation only , i failed in configuring access manager 7.1
  I have also cerate same scenario in my test environment, but everytime i face the same error.
  and sun java access manager 7.1 fails in first stage of installation only.
  So would like to know the proper installation procedure while i change the domain name on same hardware...
  I have checked both installation logs & summary logs.
  But no error, no failed , no severe.
  Attached is the summary of installation logs.
  Summary Logs :
  Installation Summary Report
  Install Summary
  Sun Java(TM) Communications Suite : Installed
  Sun Java(TM) System Web Server 7.0 : Installed, Configured
  Java DB : Installed, Configure After Install
  Sun Java(TM) System Message Queue 3.7 UR1 : Installed
  Sun Java(TM) System Monitoring Console 1.0 : Installed, Configure After Install
  Sun Java(TM) System Directory Preparation Tool : Installed
  Sun Java(TM) System Directory Server Enterprise Edition 6.0 : Installed, Configured
  Sun Java(TM) System Access Manager 7.1 : Installed, Configuration Failed
  Sun Java(TM) System Messaging Server 6.3 : Installed, Configure After Install
  Sun Java(TM) System Communications Express 6 : Installed, Configure After Install
  Communication Services Delegated Administrator : Installed, Configure After Install
  Configuration Data
  Sun Java(TM) System Web Server 7.0 :
  Web Server Instance installation Directory : /var/opt/SUNWwbsvr7
  Web Server installation Directory : /opt
  Web Server Administration Server Host : RADAGWMSG221.myreliancemail.com
  Web Server Admin Server Mode : true
  Web Server only CLI installation : false
  Sun Java(TM) System Directory Preparation Tool :
  Directory Preparation Tool Installation Directory : /opt/SUNWcomds
  Sun Java(TM) System Directory Server Enterprise Edition 6.0 :
  Directory Server Installation Directory : /opt/SUNWdsee
  Sun Java(TM) System Access Manager 7.1 :
  Access Manager Installation Directory : /opt
  Access Manager Protocol : http
  Access Manager Port : 80
  LDAP User ID : amldapuser
  Administrator User ID : amAdmin
  Web Container : WebServer
  Access Manager Web Server Host Name : RADAGWMSG221.myreliancemail.com
  Access Manager Web Server Instance Directory : /var/opt/SUNWwbsvr7/https-RADAGWMSG221.myreliancemail.com
  Access Manager Web Server Port : 80
  Access Manager Console Host (for Existing console) : RADAGWMSG221.myreliancemail.com
  Access Manager Console Deploy URI : amconsole
  Access Manager Password Deploy URI : ampassword
  Access Manager Host : RADAGWMSG221.myreliancemail.com
  Access Manager Console Port(for Existing console) : 80
  Access Manager Services Deploy URI : amserver
  Access Manager Cookie Domain List : .myreliancemail.com
  Access Manager Common Domain Deploy URI : amcommon
  Access Manager Directory Server Host Name : RADAGWMSG221
  Access Manager Directory Server Host : RADAGWMSG221.myreliancemail.com
  Access Manager Directory Server Port : 389
  Access Manager Directory Root Suffix : o=rmail
  Access Manager Directory Manager DN : cn=Directory Manager
  Organization Marker Object Class : sunISManagedOrganization
  User Marker Object Class : inetorgperson
  Organization Naming Attribute : o
  User Naming Attribute : uid
  Sun Java(TM) System Messaging Server 6.3 :
  Messaging Server Installation Directory : /opt/SUNWmsgsr
  Sun Java(TM) System Communications Express 6 :
  Communications Express Installation Directory : /opt/SUNWuwc
  Communication Services Delegated Administrator :
  Communication Services Delegated Administrator Installation Directory : /opt/SUNWcomm
  {color}

  Rushi-Reliance wrote:
  Kindly let us know how to proceed further as we are waiiting some reply from your team.As I already advised in your previous posting (http://forums.sun.com/thread.jspa?threadID=5359095), you are best off re-installing solaris from scratch and installing Communication Suite 6 update 1 if you cannot get Access Manager 7.1 configured.
  Regards
  Shane.

• JES Access Manager User Creation for Messanger

  Hi Everyone
  I installed JES 2005 Q4 on Solaris 10 x86 with schema 2 and Access Manager 7. The Directory Tree is as follows:
  Sol1.nucleussoftware.com:389
  dc=nucleussoftware,dc=com (34 acis)
  DSAME Users
  Internet
  People
  Groups
  Client Data
  services
  nucleussoftware.com
  People
  Groups
  o=Netscape Root (3 acis)
  cn=Schema (6 acis)
  cn=monitor (5 acis)
  cn=config (4 acis)
  Organization DN when I ran "configutil" after running comm_dssetup.pl, was specified o=nucleussoftware,dc=nucleussoftware,dc=com
  This is fresh installation and not any migration.
  Now I create user from Access Manager, http://sol1.nucleussoftware.com/amserver
  There are two organizations 1. Nucleussoftware and 2. Nucleussoftware->nucleussoftware.com
  So I have two locations to create users in People.
  When I create user from Access Manager and try to login into WebMail, I get Login Failed.
  But when I open "startconsole" or "mpsconsole" and open Messaging Server Console and in new user's property, Account Attribute, I mark the check box, and now try to login into WebMail, I get error message, "Mailbox is on a different server".
  I am missing one attribute that I used to get with schema 1 on iPlanet 5.2 for any user, Mail Server Address.
  Please tell me the exact method of creating a user for Messaging.
  Regards
  Amit Bist

  Access Manager was never intended to create working mail users. The Delegated Admin package is provided as part of JES, and that's what it is for, to manage users and groups. There's both a web interface, and a command-line interface, "commadmin"
  Or, you can examine the ldap entries for the automatically created accounts, and duplicate that. Messaging doesn't really care how the ldap entries get done, just so that they are done correctly.

• How can I force a re-creation of Access Manager's DIT?

  Good day foks,
  I'm deploying SJS AM 7 as part of a wider JES2005Q4 deploymeny.
  I accidentally deleted the contents of the ou=People context in DS where the AM installation created, among others, my amAdmin account.
  I can't restore the content from backup because I had added new indices to my DS directory.
  I can't re-create the user by re-configuring using amconfig or by re-installing using the installer GUI because the procedure detects the old DIT.
  So can anyone tell me how to force the re-creation of the DIT?
  Thank-you for reading this.
  Cheers,
  Etienne

  I've used the procedure described in the Sun Java System Access Manager 6 2005Q1 migration guide (817-7645.pdf), p47 of 98, "Configuring the Directory Server schema files". By re-importing the client data files manually, the amAdmin and the anonymous users got re-created.
  I don't know whether this procedure maintains consistency between amAdmin, anonymous on one part and the rest of the schema updates and data added on the other part. If anyone does know, I'd be glad to hear about it.

• "unable to connect to the data access service" installing report server

  Trying to do a 2 server SCOM 2012 R2 install on Server 2012 w/SQL 2012.  Management server and operations console on one, and SQL, web console, and reporting server on the other.  When I get to the web console and reporting server install, and
  the "Specify Management Server" screen, I input the 1st management server name and it gives me a red X with the message:
  "Unable to connect to the Data Access service for this management server. Ensure the Data Access service is running and that the service, the management group, and setup are all the same version."  
  Here is the setup log error:  
  "Info: :Could not connect to Management Server: scom-app with exception: Threw Exception.Type: System.ArgumentException, Exception Error Code: 0x80070057, Exception.Message: Version string portion was too short or
  too long."
  I don't see the "Data Access" service in services on either server.  I followed all of the setup prereqs in SCOM 2012 unleashed book, and also referenced this article for setup advice:
  http://blogs.technet.com/b/kevinholman/archive/2013/01/16/opsmgr-2012-sp1-quickstart-deployment-guide.aspx
  Everything seems to be working until I get to this point. 
  Thank you for any help you can provide,
  Dan

  Hi Tom,
  1. Did the setup complete successfully on the MS and Console server?
  >>>Yes, without issue
  2. You do not see the service "System Center Data Access Service"
  >>>I do indeed see it on the MS and Console server, it is set to Auto and running.  (I also tried rebooting this server and retried, no help)
  3. Is the Windows Firewall enabled?
  >>>It has symantec endpoint protection.  I disabled symantec completely on both servers and retried, no help.
  Thx,
  Dan

• Database access code in objects constructor, or in data access object

  Given an object that is stored in a database, is it better to have the database access code in a constructor method, or a data access layer object? E.g. I have a Person class
  public class Person{
  int Id;
  String name;
  int age;
  }When I want to read a person's details from the database, I could use a constructor something like this:
  public Person(int id){
  Connection con = getDatabaseConnection();
  ResultSet rs = con.createStatement().executeQuery("Select name, age from person where person_id = " + id);
  rs.next();
  this.name = rs.getString(1);
  this.age=rs.getInt(2);
  }Or I could use a method in a data access object :
  public Person getPerson(int id){
  Person p = new Person();
  Connection con = getDatabaseConnection();
  ResultSet rs = con.createStatement().executeQuery("Select name, age from person where person_id = " + id);
  rs.next();
  p.setName(rs.getString(1));
  p.setAge(rs.getInt(2));
  return p;
  }It seems to me that the constructor approach has two advantages
  (1) the SQL code is kept in the relevant class (so if I want to add a field to Person, I only have to make changes to the Person class)
  (2) I don't have to have a setter method for each field
  Is one or other of these ways generally recognized as 'best practise'?

  malcolmmc wrote:
  But then, on the other hand, everytime a Person gains a new field that's two places you have to change it. if the persistence interface is written in terms of the object and uses ORM, I don't have to touch the implementation. all i have to do is update the object, the database, and the mapping - just like you and your home brew ORM.
  besides, so what? i'd fear the resource leak, bad layering, more difficult testing more.
  Actually lately I've used annotations to label setters with database field names and run a simple home brew ORM to convert rows into objects even when not using a more complex persistence manager.home brew ORM? why is that necessary when you can choose from hibernate, ibatis, jdo, jpa, etc.? that's just nuts.
  %

• SCOM 2012 Issue The Data Access service is either not running or not yet initialized

  Hello All,
  My SCOM 2012 console all of sudden stopped working when I changed the size of the SQL database for the SCOM server.
  The setup is all on a virtual machine running windows 2012, with SQL 2012 running SCOM 2012 SP1. Everything was working until I made the SQL server database size change.
  Now I am getting an error when I try to open the SCOM 2012 console. It just says Failed to connect to server servername.internaldomain.com The Data Access service is either not running or not yet initialized. Check the event log for more information.
  here is the logs from the console app (the application logs are below this)
  Date: 2/11/2013 12:16:45 PM
  Application: Operations Manager
  Application Version: 7.0.9538.0
  Severity: Error
  Message: Failed to connect to server 'servername.internaldomain.com'
  Microsoft.EnterpriseManagement.Common.ServiceNotRunningException: The Data Access service is either not running or not yet initialized. Check the event log for more information. ---> System.ServiceModel.EndpointNotFoundException: Could not connect to
  net.tcp://servername.internaldomain.com:5724/DispatcherService. The connection attempt lasted for a time span of 00:00:02.0956135. TCP error code 10061: No connection could be made because the target machine actively refused it 192.168.X.X:5724.  --->
  System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 192.168.X.X:5724
     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
     at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace:
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
     at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
     at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.EnterpriseManagement.Common.Internal.IDispatcherService.Connect(SdkClientConnectionOptions connectionOptions)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.Initialize(EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.CreateEndpoint[T](EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
     --- End of inner exception stack trace ---
     at Microsoft.EnterpriseManagement.Common.Internal.ExceptionHandlers.HandleChannelExceptions(Exception ex)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.CreateEndpoint[T](EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.ConstructEnterpriseManagementGroupInternal[T,P](EnterpriseManagementConnectionSettings connectionSettings, ClientDataAccessCore clientCallback)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.RetrieveEnterpriseManagementGroupInternal[T,P](EnterpriseManagementConnectionSettings connectionSettings, ClientDataAccessCore callbackDispatcherService)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.Connect[T,P](EnterpriseManagementConnectionSettings connectionSettings, ClientDataAccessCore callbackDispatcherService)
     at Microsoft.EnterpriseManagement.ManagementGroup.InternalInitialize(EnterpriseManagementConnectionSettings connectionSettings, ManagementGroupInternal internals)
     at Microsoft.EnterpriseManagement.ManagementGroup.Connect(ManagementGroupConnectionSettings connectionSettings)
     at Microsoft.EnterpriseManagement.Mom.Internal.UI.Common.ManagementGroupSessionManager.Connect(String server)
     at Microsoft.EnterpriseManagement.Monitoring.Console.Internal.ConsoleWindowBase.TryConnectToManagementGroupJob(Object sender, ConsoleJobEventArgs args)
  System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://servername.internaldomain.com:5724/DispatcherService. The connection attempt lasted for a time span of 00:00:02.0956135. TCP error code 10061: No connection could be made because
  the target machine actively refused it 192.168.X.X:5724.  ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 192.168.X.X:5724
     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
     at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace:
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
     at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
     at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
     at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.EnterpriseManagement.Common.Internal.IDispatcherService.Connect(SdkClientConnectionOptions connectionOptions)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.Initialize(EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
     at Microsoft.EnterpriseManagement.Common.Internal.SdkDataLayerProxyCore.CreateEndpoint[T](EnterpriseManagementConnectionSettings connectionSettings, SdkChannelObject`1 channelObjectDispatcherService)
  System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 192.168.X.X:5724
     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
     at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
     at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
  Application Error: Event ID:1000
  Faulting application name: Microsoft.Mom.Sdk.ServiceHost.exe, version: 7.5.2808.0, time stamp: 0x5082b3a5
  Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
  Exception code: 0xe0434352
  Fault offset: 0x000000000003811c
  Faulting process id: 0xb28
  Faulting application start time: 0x01ce088d19221739
  Faulting application path: C:\Program Files\System Center 2012\Operations Manager\Server\Microsoft.Mom.Sdk.ServiceHost.exe
  Faulting module path: C:\Windows\system32\KERNELBASE.dll
  Report Id: 5a80a27e-7480-11e2-93fc-00155d01651b
  Faulting package full name:
  Faulting package-relative application ID
  .NET Runtime Error Event ID: 1026
  Application: Microsoft.Mom.Sdk.ServiceHost.exe
  Framework Version: v4.0.30319
  Description: The process was terminated due to an unhandled exception.
  Exception Info: Microsoft.EnterpriseManagement.ConfigurationReaderException
  Stack:
     at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.Initialize(Microsoft.EnterpriseManagement.InProcEnterpriseManagementConnectionSettings)
     at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.InitializeRunner(System.Object)
     at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
     at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
     at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
     at System.Threading.ThreadHelper.ThreadStart(System.Object)
  I tried to reinstall the console and some of other mentioned things from the other posts but I think that there is a SQL issue here that I am not seeing. Can someone please help.
  Thanks
  Robert Lavigne Network Operations Manager - Kilobytes Data Solutions.

  Hi
  The issue got resolved after refresh the SCOM Data base access service  account in SQL 2012.
  Unable to launch the operations manager 2012 R2 console after extended the C drive of the SQl server ,getting error "The Data
  Access service is either not
  running or not yet initialized.
  Got to your SQL server -->databases-operationsmanager--security-users--locate the daa service account and refresh.issue fixed and am able to luanch.