DHCP requests through ASA

Hi ,
I have ASA5585 in routed mode (Check the attached diagram) , and my DHCP client on the inside , while the DHCP server is on the outside.
I know that ASA can be configured as a DHCP relay , but there is a condition
“DHCP clients must be directly connected to the ASA and cannot send requests through another relay agent or a router”
Is this means that the setup in the attached diagram cannot work ?
Is there any other way to make it work , without changing the ASA to transparent mode?

Hi,
I think the text above refers to a situation where you are actually using the ASA to Relay DHCP messages.
You couldnt therefore use the ASA to relay DHCP messages that were relayed by another device behind the ASA. Though I dont know why the DHCP messages would need to be relayed twice.
But as we can see in this case the L3 Switch is the device that handles the relay of DHCP messages to the actual DHCP server and the ASA doesnt have to do anything related to DHCP other than pass the unicast UDP traffic. Therefore you wouldnt be confiuring any DHCP related settings on the ASA and the above quote/limitation wouldnt apply to your setup
So it seems to me that you can leave out all the DHCP/DHCP relay configurations from the ASA and just allow the traffic originating from the L3 Switch
I might be able to lab this for you at some point at my home network if needed (Though naturally with different ASA model). Though I think we have several environments at work already that use an ASA5585-X (multiple context mode) where the customer Router uses "ip helper-address" to relay DHCP messages to a DHCP server located on a DMZ inteface of the ASA context.
- Jouni

Similar Messages

  • How to forward DHCP requests through 1140N AP

    We have an 1140N AP connected to a switch and our "network partner" controls the router and will hand out DHCP and do the NAT for this WLAN.  How can I configure the AP to forward DCHP requests through.
    I have WPA2 PSK (TKIP) setup and the client is able to authenticate however we fail to get an address.  In this case the Ethernet interface was left alone so it has the default config and it gets a DHCP address fine.  How can I configure this AP to enable the rest of the WiFI clients to get an IP?

    Here is my cleaned config.  I put helpers everywhere and still can't an IP. 
    I don't have control over the switch or router that this will plug into nor the setup.  The switchport it will plug into has a VLAN designated for Guest Wireless access.  I suspect that I need to redo the config without VLAN10 involved correct?
    Current configuration : 4880 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname [removed]
    enable secret [removed]
    no aaa new-model
    dot11 syslog
    dot11 ssid {removed]
       vlan 10
       authentication open
       authentication key-management wpa version 2
       guest-mode
       wpa-psk ascii 7 [removed]
    crypto pki trustpoint TP-self-signed-1278736388
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1278736388
    revocation-check none
    rsakeypair TP-self-signed-1278736388
    crypto pki certificate chain TP-self-signed-1278736388
    certificate self-signed 01
      3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 31323738 37333633 3838301E 170D3032 30333035 32323138
      33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32373837
      33363338 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100BDA9 327F8A3C CFB3C216 F23AA107 CEEE007D CFC2A89C 9064A4F2 66A07EB7
      EB7F3602 74B505D1 9A374875 1DC71A58 607632F3 2A41250B 6BB79B68 D5C1E00D
      B7AA55EB 4E36668B 9BF92E94 C2B0699D A009902A D7A802D1 DCF699F2 99F20B0B
      D5BAB32F 3F8749B2 6C641CF2 6BC7FE8C 3078876C DAC97CFD 69BA42E5 98F81B37
      70830203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
      551D1104 19301782 1561702E 736F732D 61642E73 74617465 2E6E762E 7573301F
      0603551D 23041830 1680141A 78042A2D A7149DAC E90E1EAF 6496AB47 DF674630
      1D060355 1D0E0416 04141A78 042A2DA7 149DACE9 0E1EAF64 96AB47DF 6746300D
      06092A86 4886F70D 01010405 00038181 00B38305 C973DD31 F23C1B17 78181DF9
      A5A8A409 FDBAEF54 DF94DB89 815954EA 45322B5B BDB32C6A F0353228 ADD4A398
      CC249C49 A4C9C66D 08712AC7 7C5D12D5 C412933C 9E2893C3 4A432577 2FCA9A67
      2F89FF79 8FA0DECD 88CBB2C1 A5DA778A 80839D51 1883EEE7 A8754EC9 283E25E0
      7D91F064 AC633286 81232031 0BEF403E C1
      quit
    username [removed] privilege 15 password [removed]
    bridge irb
    interface Dot11Radio0
    no ip address
    ip helper-address 10.135.14.1
    no ip route-cache
    encryption vlan 10 mode ciphers tkip
    ssid [removed]
    antenna gain 0
    speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.10
    encapsulation dot1Q 10
    ip helper-address 10.135.14.1
    no ip route-cache
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding
    bridge-group 10 spanning-disabled
    interface Dot11Radio1
    no ip address
    ip helper-address 10.135.14.1
    no ip route-cache
    encryption vlan 10 mode ciphers tkip
    ssid [removed]
    antenna gain 0
    dfs band 3 block
    speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
    channel dfs
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio1.10
    encapsulation dot1Q 10
    ip helper-address 10.135.14.1
    no ip route-cache
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding
    bridge-group 10 spanning-disabled
    interface GigabitEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    no keepalive
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0.10
    encapsulation dot1Q 10
    no ip route-cache
    bridge-group 10
    no bridge-group 10 source-learning
    bridge-group 10 spanning-disabled
    interface BVI1
    ip address dhcp client-id GigabitEthernet0
    ip helper-address 10.135.14.1
    no ip route-cache
    ip http server
    ip http authentication local
    no ip http secure-server
    ip http help-path
    http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    bridge 1 route ip
    banner motd ^C
    Access to this device is restricted to authorized users. Unauthorized access is a violation of state and federal, civil and criminal laws (e.g., NRS 205.4765). Evidence of unauthorized access will be provided to law enforcement personnel.
    ^C
    line con 0
    password [removed]
    login local
    line vty 0 4
    password [removed]
    login local
    end
    Current configuration : 4880 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname [removed]
    enable secret [removed]
    no aaa new-model
    dot11 syslog
    dot11 ssid {removed]
       vlan 10
       authentication open
       authentication key-management wpa version 2
       guest-mode
       wpa-psk ascii 7 [removed]
    crypto pki trustpoint TP-self-signed-1278736388
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1278736388
    revocation-check none
    rsakeypair TP-self-signed-1278736388
    crypto pki certificate chain TP-self-signed-1278736388
    certificate self-signed 01
      3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 31323738 37333633 3838301E 170D3032 30333035 32323138
      33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32373837
      33363338 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100BDA9 327F8A3C CFB3C216 F23AA107 CEEE007D CFC2A89C 9064A4F2 66A07EB7
      EB7F3602 74B505D1 9A374875 1DC71A58 607632F3 2A41250B 6BB79B68 D5C1E00D
      B7AA55EB 4E36668B 9BF92E94 C2B0699D A009902A D7A802D1 DCF699F2 99F20B0B
      D5BAB32F 3F8749B2 6C641CF2 6BC7FE8C 3078876C DAC97CFD 69BA42E5 98F81B37
      70830203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
      551D1104 19301782 1561702E 736F732D 61642E73 74617465 2E6E762E 7573301F
      0603551D 23041830 1680141A 78042A2D A7149DAC E90E1EAF 6496AB47 DF674630
      1D060355 1D0E0416 04141A78 042A2DA7 149DACE9 0E1EAF64 96AB47DF 6746300D
      06092A86 4886F70D 01010405 00038181 00B38305 C973DD31 F23C1B17 78181DF9
      A5A8A409 FDBAEF54 DF94DB89 815954EA 45322B5B BDB32C6A F0353228 ADD4A398
      CC249C49 A4C9C66D 08712AC7 7C5D12D5 C412933C 9E2893C3 4A432577 2FCA9A67
      2F89FF79 8FA0DECD 88CBB2C1 A5DA778A 80839D51 1883EEE7 A8754EC9 283E25E0
      7D91F064 AC633286 81232031 0BEF403E C1
      quit
    username [removed] privilege 15 password [removed]
    bridge irb
    interface Dot11Radio0
    no ip address
    ip helper-address 10.135.14.1
    no ip route-cache
    encryption vlan 10 mode ciphers tkip
    ssid [removed]
    antenna gain 0
    speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.10
    encapsulation dot1Q 10
    ip helper-address 10.135.14.1
    no ip route-cache
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding
    bridge-group 10 spanning-disabled
    interface Dot11Radio1
    no ip address
    ip helper-address 10.135.14.1
    no ip route-cache
    encryption vlan 10 mode ciphers tkip
    ssid [removed]
    antenna gain 0
    dfs band 3 block
    speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
    channel dfs
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio1.10
    encapsulation dot1Q 10
    ip helper-address 10.135.14.1
    no ip route-cache
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding
    bridge-group 10 spanning-disabled
    interface GigabitEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    no keepalive
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0.10
    encapsulation dot1Q 10
    no ip route-cache
    bridge-group 10
    no bridge-group 10 source-learning
    bridge-group 10 spanning-disabled
    interface BVI1
    ip address dhcp client-id GigabitEthernet0
    ip helper-address 10.135.14.1
    no ip route-cache
    ip http server
    ip http authentication local
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    bridge 1 route ip
    banner motd ^C
    Access to this device is restricted to authorized users. Unauthorized access is a violation of state and federal, civil and criminal laws (e.g., NRS 205.4765). Evidence of unauthorized access will be provided to law enforcement personnel.
    ^C
    line con 0
    password [removed]
    login local
    line vty 0 4
    password [removed]
    login local
    end

  • DHCP request through accesspoint and router

    This is how our setup is like:
    Laptops => Cisco 1100 AP(static IP) => Wired LAN (Subnet 1) => Cisco Router => Wired LAN (Subnet 2) => DHCP server
    What i would like is that the DHCP-request from our laptops is forwarded/relayed through the AP and Router to the DHCP-server and back.
    We dont want to use the AP's internal DHCP server but centralise this.
    At the moment i'v configured the AP through CLI and added the following command: ip dhcp-server xx.xx.xx.xx
    Where xx is the IP of the DHCP server
    On the Router i'v added the command ip helper-address xx.xx.xx.xx
    Where xx is the IP of the DHCP server
    Don't know if this is the correct way, but i do know it isn't working.
    Some help is realy appreciated.
    Grx,
    Joris

    You need at least the following connectivity for DHCP relay to work.
    Between the DHCP relay agent and the DHCP server:
    - UDP Port 67 <-> UDP Port 67
    Between the DHCP server and the DHCP client:
    - UDP Port 67 <-> UDP Port 68 (renewing/releasing a lease)
    - ICMP echo (Most DHCP servers check if an IP is still free)
    On the Cisco router you can use some debugging commands
    to check that relaying works.
    (This might produce a lot of output, careful on a production system.)
    #term mon
    #debug ip dhcp server packet
    #debug ip dhcp server events
    For Subnet 1 with the router's IP 10.0.0.1 and two configured
    DHCP servers (192.168.0.1, 192.168.9.1) as "ip helper" a successfull
    exchange looks like this:
    DHCPD: DHCPREQUEST received from client 0100.aabb.bbcc.cc.
    DHCPD: setting giaddr to 10.0.0.1.
    DHCPD: BOOTREQUEST from 0100.aabb.bbcc.cc forwarded to 192.168.0.1.
    DHCPD: BOOTREQUEST from 0100.aabb.bbcc.cc forwarded to 192.168.9.1.
    DHCPD: forwarding BOOTREPLY to client 00aa.bbbb.cccc.
    DHCPD: Forwarding reply on numbered intf
    DHCPD: creating ARP entry (10.0.0.49, 00aa.bbbb.cccc).
    DHCPD: unicasting BOOTREPLY to client 00aa.bbbb.cccc (10.0.0.49).
    #undebug all
    I would also try to ping the router's IP in Subnet 1 and a client
    with a fixed IP in Subnet 1 from the server. (The DHCP server uses
    this to check if a lease is actually free before handing it out)
    Otherwise it's time for packet sniffing on the DHCP server
    and the client. (snoop, tcpdump, ethereal)

  • ASA DHCP Request incorrect hostname length

    I have an ASA 5505 with software version  8.2(1). It is making DHCP  requests for IPSec clients that connect to the ASA. The DHCP requests  packets the ASA makes have an extra '00' appended to the hostname field,  and the length field is the size of the hostname + 1.
    The DHCP server  is Microsoft Server 2003 and this causes the hostname to be registered  with an unknown character which appears as []hostname. Then when server  2003 tries to update the DNS record, it fails because of the invalid  character in the hostname.
    Is there anyway to have the ASA have the  correct length for the hostname field in the DHCP packet, or a  workaround that will solve this problem?

    I am thinking it may not be option 12 in the DHCP packet, but option 81.  I have included a portion of the DHCP request from the ASA below:
       Option: (t=53,l=1) DHCP Message Type = DHCP Request
            Option: (53) DHCP Message Type
            Length: 1
            Value: 03
        Option: (t=57,l=2) Maximum DHCP Message Size = 1152
            Option: (57) Maximum DHCP Message Size
            Length: 2
            Value: 0480
        Option: (t=61,l=42) Client identifier
            Option: (61) Client identifier
            Length: 42
            Value: 00636973636F2D303032312E353537352E636131372D6D79...
        Option: (t=54,l=4) Server Identifier = 192.168.8.3
            Option: (54) Server Identifier
            Length: 4
            Value: C0A80803
        Option: (t=50,l=4) Requested IP Address = 192.168.8.105
            Option: (50) Requested IP Address
            Length: 4
            Value: C0A80869
        Option: (t=12,l=11) Host Name = "myhostname"
            Option: (12) Host Name
            Length: 11
            Value: 6D79686F73746E616D6500
        Option: (t=51,l=4) IP Address Lease Time = 8 days
            Option: (51) IP Address Lease Time
            Length: 4
            Value: 000A8C00
        Option: (t=55,l=6) Parameter Request List
            Option: (55) Parameter Request List
            Length: 6
            Value: 01060F2C0321
            1 = Subnet Mask
            6 = Domain Name Server
            15 = Domain Name
            44 = NetBIOS over TCP/IP Name Server
            3 = Router
            33 = Static Route
        Option: (t=81,l=14) Client Fully Qualified Domain Name
            Option: (81) Client Fully Qualified Domain Name
            Length: 14
            Value: 0400000A6D79686F73746E616D65
            Flags: 0x04
            0000 .... = Reserved flags: 0x00
            .... 0... = Server DDNS: Some server updates
            .... .1.. = Encoding: Binary encoding
            .... ..0. = Server overrides: No override
            .... ...0 = Server: Client
            A-RR result: 0
            PTR-RR result: 0
            Client name: 0A6D79686F73746E616D65
        End Option
        Padding
    Notice in option 81 the Client Name has a leading binary value of 0A (which is a new line):  0A6D79686F73746E616D65.
    Does CSCsz07757 relate to that?  Is there a way to have the ASA not include option 81 as part of the DHCP requests it makes?
    Thank you.

  • Do client dhcp requests go through the lwapp tunnel

    do client dhcp requests go through the lwapp tunnel?
    for local not h-reap.
    do they drop out of the lwapp tunnel and hit the dynamic interface and get forwarded to whatever the dhcp is for that vlan?

    The WLC will dump the traffic out on the appropriate dynamic interface. This interface is how the wireless communicates to that particular vlan.

  • IP Phone SSL VPN through ASA

    Im in the middle of configuring Ip Phone SSL VPN through ASA, got stuck on authentication.. When I enter username and password on the phone screen, i get "Username and password failed" message on the screen. However, in ASA logs I see the following line
    Feb 16 2011    15:12:57    725002    85.132.43.67    52684            Device completed SSL handshake with client vpn:85.132.*.*/52684
    Feb 16 2011    15:17:26    725007    85.132.43.67    52745            SSL session with client vpn:85.132.*.*/52745 terminated.
    What does it mean?  How can I turn on debugging to see what is going on?
    Thank you in advance!

    Hi,
    If you're not using certificates in client authentication then the SSL handshake will complete before the user is requested to authenticate with username/password.  If this authentication request fails you will see the SSL session terminated immediately following this failure (as in the logs you provided).  Notice the 5 seconds between the SSL session establishment and termination, this is most likely when the user is being authenticated against the aaa server.  If the phone is failing authentication against an external aaa-server you'll want to investigate the logs on that server to determine the root cause of the failure.  The ASA can also provide confirmation of the authentication request/reject with the command 'show aaa-server'.  If you want to see what's going on at an authentication protocol level you can enable several debugs including "debug aaa authentication|common|internal' and protocol specific debugs such as 'debug radius user|session|all' or 'debug ldap'.
    Did this answer your question? If so, please mark it Answered!

  • Multiple DHCP Subnet through V lan

    Dear All,
    i like to request a help, i am not good in cisco anyone can explain me  it will help for me.
    i am trying to configure muliple dhcp subent through Valn
    1. i create a dhcp server and create 3 subetnet
    a. my network card ip 192.168.50.200 dhcp enabled
    b . configure DHCP scope for 192.168.20.0 and 192.168.30.0
    2. i have sonicwall firewall with router there i create 2 valn .
    3. cisco switch sg300-28p also create valn. ( valn 20 port 3-5) (Vlan 30 port 7-10) create a trunk port for both Vlan port number 2.
    i give conection from sonicwall to switch trunk port 2 and connect laptop to valn 20 port i am getting 192.168.20.0 range ip, if i connect to laptop to Vlan 30 also getting Vlan 30 range IP.( this time Sonicwall DHCP is enabled)
    now come to the point, i need to relase DHCP from my server, so i disable dhcp from Sonicwall. and enable dhcp from server.
    but i am not getting ip address from server to any valn.
    i create a trunk port for DHCP server and connect to there. then also same problem
    please help to configure the best way.

    what you have to do is configure ip helper addresses on your vlans to point to the new server, it was probably pointing to your sonicwall which is why it was working on the sonicwall, but once you changed over to your server, you have to convert it over to your new dhcp server.
    without port forwarding your switches/routers do not know where to send those requests, especially if they are on different vlans.  thats one ceveat to running vlans and switches, it doesnt like flooding out requests to every port.
    it appears to be under:
    ip config - udp relay/ip helper
    that section, add your new dhcp server to that and it should fix it so it sends your dhcp requests to your dhcp server.

  • DHCP Relay through another firewall

    Hello,
    I have set up two ISA Servers in my lab (learning environment).
    One faces the internet, the other one is in between the lan and the perimetral network.
    Sort of:
    LAN  <--- ISA2--->  DMZ  <---ISA1---> INTERNET.
    The thing is that the other office connects to ISA1 through a VPN-Site-to-Site, and it goes all fine except that ISA1 cannot take any ip from the dhcp server standing on the lan.
    I have read this: http://technet.microsoft.com/en-us/library/cc302680.aspx
    But in my lab, there are two isa servers , so I don't know how to send dhcp requests from isa1 to isa2 excepto for broadcast 255.255.255.255 , but the isa1 does not know how to forward that to the dhcp server in the lan.
    I am mixed up because I am not an expert and am learning now about this dhcp relay thing now.
    Thanks in advance!!
    Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

    Thanks a lot Keith.
    I was all wrong. The relation between perimeter and lan (in ISA2) is route. And as far as I have read, that is how it should be, when no external network is involved.
    I have a question, I feel doubtful about: When ISA1 takes the DHCP request, does he make a broadcast petition to 255.255.255.255 or a unicast request directly to dhcp-server machine ? , because the ISA1 machine is a DHCP relay so, when I configured it I
    was asked to write the ip of the dhcp server, then maybe it just knows where to send the dhcp requests from the client and does not perfom multicast 255.255.255.255 but unicast to the dhcp server ?
    EDITION: In the statistics of dhcp-server, there is no dhcp requests, so the traffic is not reaching it.
    I am still digging in. This is difficult for me.
    Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

  • Error While Making a Request Through API

    Hi everyone,
    I'm trying to submit a request through the API for the "Assign Roles" template, I used http://java.net/projects/openptk/sources/svn/content/branches/Oracle/OIM11g/examples/java/OIMClient/src/oim/client/request/RequestRoleCreate.java?rev=1489 as a basis for my code. Pretty much line for line.
    This is my code.
    public static RequestStatusSummary[] applicationAccessRequest(String email, String templateName, String roleName) {
    String userKey = getUserKey(email);
    Beneficiary beneficiary = null;
    RequestBeneficiaryEntity entity = null;
    List<RequestBeneficiaryEntity> entityList = null;
    List<RequestBeneficiaryEntity> entityAttrList = null;
    // add role requested
    entityList = new ArrayList<RequestBeneficiaryEntity>();
    entity = new RequestBeneficiaryEntity();
    entity.setEntityKey(getRoleKey(roleName));
    entity.setEntityType(RequestConstants.ROLE);
    entity.setEntitySubType(roleName);
    entityList.add(entity);
    // set beneficiary to user
    beneficiary = new Beneficiary();
    beneficiary.setBeneficiaryType("user");
    beneficiary.setBeneficiaryKey(userKey);
    beneficiary.setTargetEntities(entityList);
    // add benficiaries to the request data
    List<Beneficiary> beneficiaries = new ArrayList<Beneficiary>();
    beneficiaries.add(beneficiary);
    requestData.setBeneficiaries(beneficiaries);
    System.out.println(requestData);
    // submit request
    String reqId = requestSvc.submitRequest(requestData);
    RequestStatusSummary[] requestStatusSummary = requestSvc.getRequestStatusSummary(reqId);
    return requestStatusSummary;
    getRoleKey() and getUserKey obtain the correct values. Directly before calling this method I log in to OIM using OIMClient this works correctly as well. The issue is that submitRequest() throws this. Any suggestions would be greatly appreciated. Thank you for your time.
    javax.ejb.EJBException: ; nested exception is:
         java.io.EOFException; nested exception is: java.io.EOFException
         at weblogic.rjvm.t3.MuxableSocketT3.endOfStream(MuxableSocketT3.java:345)
         at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:826)
         at weblogic.socket.SocketMuxer.deliverEndOfStream(SocketMuxer.java:760)
         at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:941)
         at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:888)
         at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:339)
         at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
         at weblogic.work.ExecuteRequestAdapter.execute(ExecuteRequestAdapter.java:21)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
    javax.ejb.EJBException: ; nested exception is:
         java.io.EOFException; nested exception is: java.io.EOFException
         at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.unwrapRemoteException(RemoteBusinessIntfProxy.java:121)
         at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:96)
         at $Proxy6.submitRequestx(Unknown Source)
         at oracle.iam.request.api.RequestServiceDelegate.submitRequest(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.security.Security.runAs(Security.java:41)
         at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
         at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
         at $Proxy7.submitRequest(Unknown Source)
         at testoimlogin.TestOIMLogin.applicationAccessRequest(TestOIMLogin.java:350)
         at testoimlogin.TestOIMLogin.main(TestOIMLogin.java:537)
    Caused by: java.io.EOFException
         at weblogic.rjvm.t3.MuxableSocketT3.endOfStream(MuxableSocketT3.java:345)
         at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:826)
         at weblogic.socket.SocketMuxer.deliverEndOfStream(SocketMuxer.java:760)
         at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:941)
         at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:888)
         at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:339)
         at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
         at weblogic.work.ExecuteRequestAdapter.execute(ExecuteRequestAdapter.java:21)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)

    How are you creating OIMClient ?
    Make sure that you are using proper OIM URL: t3://ManagerServer:MANAGEDSERVERPORT
    getting error while calling RequestService interface

  • How to add Objects to transport request through FM/BAPI?

    Hi All,
    I am creating a workbench request through program. I am able to create it by using BAPI  but i am unable to add objects to it through program.
    Can anybody tell me the funcion module/bapi to add object to transport request?
    i have the list of objects that are suppose to be added.
    No BDC please.
    Thanks ,
    Swarup

    Hi Swarup,
    Check FM TRINT_MODIFY_COMM. Also look at program TH_TKANL for the usage of FM.
    Thanks
    Lakshman

  • Submitting concurrent request through oa framework page

    want to submit a concurrent request through oa framework page and i wrote this code in controller
    try
    OAApplicationModule am = pageContext.getApplicationModule(webBean) ;
    OADBTransaction transaction = am.getOADBTransaction();
    Connection conn = transaction.getJdbcConnection();
    ConcurrentRequest cr = new ConcurrentRequest(conn);
    cr.setDeferred();
    Vector param = new Vector();
    param.add("21092008");
    int reqId = cr.submitRequest("XXC", "XXC_DATE_VALIDATION_TEST_1", "XXC DATE VALIDATION TEST 1", null, false, param);
    transaction.commit();
    System.out.println("Request ID >>> "+reqId);
    String id = "" + reqId + "";
    HashMap parameters = new HashMap();
    String url = "OA.jsp?akRegionCode=FNDCPREQUESTVIEWREGION&akRegionApplicationId=0";
    //parameters.put("akRegionApplicationId", "0");
    // parameters.put("akRegionCode", "FNDCPREQUESTVIEWPAGE");
    //parameters.put("akRegionCode", "FNDCPPROGRAMPAGE");
    parameters.put("requestMode", "DEFERRED");
    parameters.put("requestId", id);
    pageContext.setForwardURL(url,
    null,
    OAWebBeanConstants.KEEP_MENU_CONTEXT,
    null,
    parameters,
    true,
    OAWebBeanConstants.ADD_BREAD_CRUMB_NO,
    OAWebBeanConstants.IGNORE_MESSAGES);
    catch (SetDeferredException e)
    throw new OAException("Munish SetDeferredException " + e.getMessage(),OAException.ERROR);
    catch (RequestSubmissionException e)
    throw new OAException("Munish RequestSubmissionException " + e.getMessage(),OAException.ERROR);
    catch (Exception e)
    throw new OAException("Munish Exception " + e.getMessage(),OAException.ERROR);
    but i dont know whether it is submitted or not
    when i find my request using request id through e bussiness suite i can see ant thing regarding this id
    and i m getting this error
    java.lang.NullPointerException
    at oracle.apps.fnd.cp.viewreq.webui.ViewRequestsPageCO.processRequest(ViewRequestsPageCO.java:213)
    could anyone help me please
    Thanks

    Check the "Adding Request Monitoring to Your Product" section from dev guide.
    --Shiv                                                                                                                                                                               

  • Error occured when giving down payment request through  Tcode F-47

    Dear All,
                      Following error occured when giving down payment request through Tcode F-47 by
    inserting purchase contract in Purch. Doc. field :
    Purch. doc. 4600000442 neither a purch. order nor a schedul. agmt.
    Message no. ME703
    please suggests
    Regards
    Shailesh

    Hi
    As error message states, you should put PO number instead of Purchase Contract number in downpayment request.
    You can create a PO for that Purchase contract if you want purchase contract should also be used in that process.
    Brgds
    Abdulla

  • How to send POST HTTP Request through PI .

    Hi ,
    I am trying to send a XML mesage at HTTP server from SAP PI 7.1 .
    but not able to , reason is HTTP guy telling me is that ,i am sending a get request through SAP PI 7.1 and it should be POST.
    Where to change this this thing , so that only post request should go.
    There is one more thing , i am facing following request only in Quality . In Development request is going as Post and every thing running fine ...
    Regards
    PS

    It was always HTTP from our end , some config was missing at HTTP guys end , which solve the problem ..
    So there was no issue at PI end.

  • Multiple HTTP requests through same connection

    Hi...
    I am writing an application which connect to its server through HTTP protocol and the server is basicaly a bunch of servlets hosted somewhere (Right not it in the tomcat running in my PC)
    I know that with Connection Keep-Alive header you can keep the connection alive and do multiple requests from the same server.
    Can some one point me to where can I find some sample code which shows how to send multiple requests through same URL conection or URL object. What i cant figure out is how to reset the URL connection or its streams a and make them send anotehr request message to the serverso server can respond.
    Or do I have to do this manualy (using sockets)

    You SHOULD be able to do a HttpUrlConnection method. However, I have hand-coded HTTP server and client apps and the keep-alive is rarely enabled in servers.
    This is due to better handling of millions of unique hosts requesting, unlike a network os, which is made the other way around.

  • Incorrect data after activating the request through Process chain.

    Dear SDN chaps.
    Today morning. I encountered a strange issue in DSO..
    I have DSO which is updating from the AL11(application server) flat file.
    While i am loading it to PSA there were no issues and after loading it to the DSO there is no issue and its passing through the routine and the data is populating properly in NEW data Table .But after successful activation of  the request through process i am getting the wrong records in active data table.
    Then i deleted the request and reran it manually i mean triggered the DTP and ran the manual activation surprisingly accurate records are coming through manual process..
    I am just wondering why it is not working through process chain and why it is showing incorrect records through process chain execution and how it is showing accurate records through manual uploading process..'
    Could some one please help to come out from this..By the way mine is SAP BI 7 SP20 &SP05 for BW 7.01
    Thanks
    K M R
      

    Hi Pra
    Thanks for your response..
    We are doing PSA deletion and then we are uploading the data to PSA as well as DSO.
    Now the issue is not in the part of loading we are facing the issue in Actiation of request if i am executing the activation through process chain it is sucess but the values are incorrect. If i am doing the manual activation it sucess with correct data.
    Even i tried with a new chain but still i am facing the issue.
    Surprise thing is in new data table the data is perfect in both the ways like manual upate and Process chain update only during activation i am getting incorrect record in the active data table..
    Appreciate your help on this....
    Thanks
    K M R
    Edited by: K M R on Jul 9, 2010 11:09 AM

Maybe you are looking for

  • AJAX  like screen movement in Webdynpro

    Hi Experts,    I saw a video demonstration on sdn "https://wiki.sdn.sap.com/wiki/display/EmTech/IslandsWDA_MHO"  where with the new service pack we can move trays or other UI elements on the screen just by holding the mouse button on them like in AJA

  • Photoshop (Elements) Keywords to iPhoto Keywords

    I haven't tried it yet, but Rob from osxhints.com has written a new script for getting Photoshop keywords assigned as iPhoto keywords. If you are switching from Windows and have been using the Photoshop Elements Organizer's Tags, you can use this to

  • XML messages not processed

    Hi all, I have a problem in my FTP folder. I have a text file to be processed as XML messages in XI. The problem is, it's not processing. The text file goes straight to the archive folder without processing it to an XML file. It's not in sxmb_moni an

  • IPod Works but everythingi has the color Red What is this???

    My iTouch is acting really weird. It works, I can see my home screen play music everything. But it has this Red tint. I haven't changed settings of the background. So any advice anyone?

  • Upgrading from student edition to full

    I am currently running CS3 Design Premium student edition, but need to upgrade because I'm starting a business. Am I eligible to get the upgrade edition of CS4 or do I have to buy the full version?