Error Resource In-policy Requests

Similar Messages

• Android MS RDP - RPC Error: Your connection was denied because of a Resource Access Policy (TS_RAP). Please contact your server administrator. (2147965402).

  I love iTap Mobile.  Paid for the app.  Sorry to see them discontinue it, but now I know why.  Microsoft bought them out!  But even though free, I am getting an error: RPC Error: Your connection was denied because of a Resource Access
  Policy (TS_RAP). Please contact your server administrator. (2147965402).  I worked with iTap to fix this so I guess they sold Microsoft their older buggy code...  Microsoft, please fix!
  PS: This is the Android version.  Mac and iOS are both okay.
  EDIT:  After an update a few months ago, iOS is no longer working.  Not sure if the problem is related to the Android MSRDP issue.
  UPDATE - Relevant posts (need Android RDP software engineer to fix):
  Event Viewer Log when using Android client:
  The user
  "DOMAIN\testuser", on client computer "10.x.x.x", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM". (This
  is most likely for logging into RD Web - icons shows up).
  The
  user "DOMAIN\testuser", on client computer "10.x.x.x", did not meet resource authorization policy requirements and was therefore not authorized to resource"localhost".
  The following error occurred: "23002".  (This is after clicking on any
  of the icons).
  I
  think the Android MS RDP client is providing the incorrect resource.  It shouldn't be "localhost".
   It should be the RD Connection Broker's hostname, I believe.
  Here's what it should look like (connected using a Windows PC going
  through the RD Web portal via Internet Explorer):
  The user "DOMAIN\testuser", on client computer "10.x.x.x", met connection
  authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM".
  The user "DOMAIN\testuser", on client computer "10.x.x.x", met resource
  authorization policy requirements and was therefore authorized to connect to resource "rdsfarm.domain.com".
  The user "DOMAIN\testuser", on client computer "10.x.x.x", connected
  to resource "rdsfarm.domain.com".
  Stephan,
  Do you have any way to contact the software engineer who worked on the Android version of the RDP client?  Please
  have them read this thread.  They need to fix the hard coded "localhost" resource to be a variable (namely whatever the user put in for the server).
  This is why the MS RDP app is failing in situations where the FQDN for the RD Gateway and Connection Broker uses
  the same host name.
  Again, this is not a configuration problem on our end as it works as intended with the native Windows RDP client
  as well as the Mac and iOS version of the mobile RDP client (all based on iTap Mobile's RDP app).
  This is a problem specific to the Android RDP app.
  PS: No matter how hard I try, the WYSIWYG editor is not very WYSIWYG at all, and so everything here looks messed up even though it looked right when I posted it (it is deleting new blank lines I'm inserting to make it spaced out and easier to read). See
  below to read the post in context.

  Thanks for the bumps, everyone.  I haven't check this thread in a while because I basically gave up on Microsoft's ability to respond.  Unlike paid apps, there's no number to call or ticket to open when an app like this malfunctions.
  Just to give you an update, iOS users started having issues connecting a few months ago.  I don't remember what version started this.  I'm not sure if it's the same problem.
  Also, the newest version now gives a slightly different error message:  RpcOverHttpEndpointException: 2, Your connection was denied because of a Resource Access Policy (TS_RAP).  Please contact your server administrator.
  For Android users, I am starting to recommend Xtralogic Remote Desktop Client.  It's a paid app, but it works great.  I don't know of any alternative for iOS.
  MSRDP for Mac OSX (was also an iTap application) continues to work throughout the many updates.
  We need a software engineer from MS to read my first post.  All the information that will point to a fix is there.  I strongly believe someone hardcoded the string "localhost" instead of using a variable to point to the FQDN of the rdsfarm
  name.
  Here's that info again (copied/pasted).  It doesn't take an engineer to understand the issue.  If you know how to decipher Event Logs, you can see where the problem is.
  Event
  Viewer Log when using Android client:
  The
  user "DOMAIN\testuser", on client computer "10.x.x.x", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM". (This
  is most likely for logging into RD Web - icons shows up).
  The
  user "DOMAIN\testuser", on client computer "10.x.x.x", did not meet resource authorization policy requirements and was therefore not authorized to resource"localhost".
  The following error occurred: "23002".  (This
  is after clicking on any of the icons).
  I
  think the Android MS RDP client is providing the incorrect resource.  It shouldn't be "localhost".
   It should be the RD Connection Broker's hostname, I believe.
  Here's
  what it should look like (connected using a Windows PC going through the RD Web portal via Internet Explorer):
  The user "DOMAIN\testuser", on client computer "10.x.x.x",
  met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM".
  The user "DOMAIN\testuser", on client computer "10.x.x.x",
  met resource authorization policy requirements and was therefore authorized to connect to resource "rdsfarm.domain.com".
  The user "DOMAIN\testuser", on client computer "10.x.x.x",
  connected to resource "rdsfarm.domain.com".

• I cannot log into facebook. I get the following message: 404 Error - Not Found The resource you have requested could not be found on the server. There are many possible reasons for this. Either the file does not exist, there is an error in your request,

  I am not able to go to the facebook site. www.facebook.com is not working. I get the following error message. 404 Error - Not Found
  The resource you have requested could not be found on the server. There are many possible reasons for this. Either the file does not exist, there is an error in your request, or the file is not accessible in the requested directory. Please verify that:
  * You have used the proper case; requests ARE case-sensitive!
  * You have entered the URL correctly. (i.e. proper directory/filename)
  * You used the FULL URL. (i.e. proper file type: .html, .gif , .jpg, etc.)
  * You use a tilde (~) before user directories. (i.e. www.furcen.org/~jurann/ )
  * The user/file still exists on this server.
  I also get redirected to "Busca Google" when typing www.facebook.com in the address bar.
  == URL of affected sites ==
  http://facebook.com; buscagoogle.com

  I have the same problem and it does not have to do with firefox. Do you have any idea how to fix it through?

• Not Authorized HTTP Error 401. The requested resource requires user authentication.

  Hi All,
  I have MDS web application on one server and MDS DB on another, both in same domain .
  MDS web application is created as new website on same IIS with SharePoint and have their own port assign
  In IIS Windows Authentication is added and enabled.
  Users do have function permission and module enabled.
  MDS is accessible only on server where web application is.
  When it is accessed from any computer within domain error is
  Not Authorized
  HTTP Error 401. The requested resource requires user authentication.
  Can anyone offer any suggestions?
  Thanks
  Zorko

  Hi Zorko,
  The issue may happen in case:
  1. The Master Data Service(MDS) web application is running under a domain user account
  2. You didn't register a Service Principal Name(SPN) for the account
  3. You are using fully qualified domain name(FQDN) or host name to access the MDS
  4. You are able to access the MDS by IP address(http://<ip address>)
  If I am right, it is because of the browser choose to use Kerberos authentication to connect to the MDS.
  So then, to fix the issue, please:
  Register SPN for the application pool account. Enable the delegation.
  Or, please force the web site to use NTLM authentication only.
  For more information, please see:
  How to use SPNs when you configure Web applications that are hosted on Internet Information Services:
  http://support.microsoft.com/kb/929650
  Forcing NTLM Authentication (IIS 6.0):
  http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7258232a-5e16-4a83-b76e-11e07c3f2615.mspx?mfr=true
  Thanks,
  Jinchun Chen
  Jinchun Chen(JC)
  TechNet Community Support

• ERROR: Fail to parse policy requests

  I noticed that the ..\sms_p01\inboxes\polreq.box\bad\ folder has accumulated 20 bad policy request files over the last three days.  The ..\sms_p01\Logs\chmgr.log shows this every five minutes:
  Inbox file change detected at 7/20/2012 11:46:09 AM Central Daylight Time 7/20/2012 11:46:09 AM
  New policy file arrived 7/20/2012 11:46:09 AM
  On primary site: process files to DB 7/20/2012 11:46:09 AM
  Client Health Manager is processing *.POL files 7/20/2012 11:46:09 AM
  Processing file POL2012720164690.POL 7/20/2012 11:46:09 AM
  Try to bind to table v_CH_PendingPolicyRequests 7/20/2012 11:46:09 AM
  Column number is 3 7/20/2012 11:46:09 AM
  Successfully bind to table v_CH_PendingPolicyRequests 7/20/2012 11:46:09 AM
  Begin to get policy requests body 7/20/2012 11:46:09 AM
  Successfully get policy requests body 7/20/2012 11:46:09 AM
  Begin to parse policy requests 7/20/2012 11:46:09 AM
  ERROR: Invalid policy request data 7/20/2012 11:46:09 AM
  ERROR: Fail to parse policy requests 7/20/2012 11:46:09 AM
  ERROR: Fail to read from file D:\Program Files\Microsoft Configuration Manager\inboxes\polreq.box\POL2012720164690.POL 7/20/2012 11:46:09 AM
  WARN: Fail to process file POL2012720164690.POL 7/20/2012 11:46:09 AM
  Bad Policy request file was moved to D:\Program Files\Microsoft Configuration Manager\inboxes\polreq.box\bad\POL2012720164690.POL 7/20/2012 11:46:09 AM
  Successfully executed stored procedure CH_SummarizePolicyRequests 7/20/2012 11:46:09 AM
  Work completed at 7/20/2012 11:46:09 AM Central Daylight Time 7/20/2012 11:46:09 AM
  Next wake up time is 7/21/2012 11:46:09 AM Central Daylight Time 7/20/2012 11:46:09 AM
  The SMS_CLIENT_HEALTH component's status shows that it is healthy.
  The only component that shows an unhealthy status is the SMS_DISTRIBUTION_MANAGER.  The DistMgr.Log shows this for package P0100008:
  Used 0 out of 3 allowed processing threads. 7/20/2012 12:37:22 PM
  Starting package processing thread, thread ID = 0x1580 (5504) 7/20/2012 12:37:22 PM
  Sleep 3600 seconds... 7/20/2012 12:37:22 PM
  STATMSG: ID=2304 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=PSCCMA2W.theocc.com SITE=P01 PID=256 TID=5504 GMTDATE=Fri Jul 20 17:37:22.883 2012 ISTR0="P0100008" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8=""
  ISTR9="" NUMATTRS=1 AID0=400 AVAL0="P0100008" 7/20/2012 12:37:22 PM
  Retrying package P0100008 7/20/2012 12:37:22 PM
  No action specified for the package P0100008. 7/20/2012 12:37:22 PM
  Start validating package P0100008 on server ["Display=\\PSCCMA2W.theocc.com\"]MSWNET:["SMS_SITE=P01"]\\PSCCMA2W.theocc.com\... 7/20/2012 12:37:22 PM
  Failed to start DP health monitoring task for package 'P0100008'. Error code: -1 7/20/2012 12:37:22 PM
  Updating package info for package P0100008 7/20/2012 12:37:22 PM
  Only retrying local DP update for package P0100008, no need to replicate package definition to child sites or DP info to parent site. 7/20/2012 12:37:22 PM
  StoredPkgVersion (7) of package P0100008. StoredPkgVersion in database is 7. 7/20/2012 12:37:22 PM
  SourceVersion (7) of package P0100008. SourceVersion in database is 7. 7/20/2012 12:37:22 PM
  STATMSG: ID=2302 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=PSCCMA2W.theocc.com SITE=P01 PID=256 TID=5504 GMTDATE=Fri Jul 20 17:37:22.989 2012 ISTR0="All Security Updates " ISTR1="P0100008" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6=""
  ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="P0100008" 7/20/2012 12:37:22 PM
  Failed to process package P0100008 after 45 retries, will retry 55 more times 7/20/2012 12:37:22 PM
  Exiting package processing thread. 7/20/2012 12:37:22 PM
  Used 0 out of 3 allowed processing threads. 7/20/2012 12:37:28 PM
  Sleep 1824 seconds... 7/20/2012 12:37:28 PM
  Site P01 is the one and only site and has all of the site system roles - including DP.  There is only one site server for this Primary Site.  SQL is local as well.  The server has been restarted to see if this would help.  It didn't.
  If I open one of these 'Bad' *.POL files, I can see that one GUID is not like the others.  It is the same for all of the other corrupt *.POL files:

  I have been having similar issues. Check if you have the EndPoint Protection client running on your site server. If you do, ensure that you have the scanning directory exceptions set.
  http://blogs.technet.com/b/systemcenterpfe/archive/2012/11/29/system-center-2012-configuration-manager-antivirus-exclusions.aspx
  -Ravi

• All website went "Not Found HTTP Error 404. The requested resource is not found." and the "Firefox cannot load websites but other programs can" page is not help

  ''dupe of https://support.mozilla.org/en-US/questions/928117''
  all website went "Not Found HTTP Error 404. The requested resource is not found." and the "Firefox cannot load websites but other programs can" page is not helping in any ways

  A possible cause is security software (firewall,anti-virus) that blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
  Remove all rules for Firefox and the plugin-container from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
  See:
  *https://support.mozilla.org/kb/Server+not+found
  *https://support.mozilla.org/kb/Firewalls
  *http://kb.mozillazine.org/Error_loading_websites
  You can try to reset (power off/on) the router.

• All website went "HTTP Error 404. The requested resource is not found."

  ''dupe of https://support.mozilla.org/en-US/questions/928117''
  all website went "HTTP Error 404. The requested resource is not found."
  this only happen in firefox (i'm using IE to post this question)

  A possible cause is security software (firewall,anti-virus) that blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
  Remove all rules for Firefox and the plugin-container from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
  See:
  *https://support.mozilla.org/kb/Server+not+found
  *https://support.mozilla.org/kb/Firewalls
  *http://kb.mozillazine.org/Error_loading_websites
  You can try to reset (power off/on) the router.

• MP has rejected a policy request from GUID:27935EC8-95F1-4104-A613-E72D2A9764E0 because it was not approved. The operating system reported error 2147942405: Access is denied.

  Why Microsoft doesn't have correct fix to run automatically. How many years we need to cry with same error again n again?
  Does any one have correct solution which will fix permanently while running more than 4000 systems in our environment
  Manual stuff isn't easy. Pls provide permanent fix?
  MP has rejected a policy request from GUID:27935EC8-95F1-4104-A613-E72D2A9764E0 because it was not approved. The operating system reported error 2147942405: Access is denied. 

  This isn't a bug to fix. This is by design. Clients must be approved to be managed. Thus, only your configuration or expectations must be fixed. To correct your configuration, see the link Henrik posted. To correct your expectations, read the content linked
  by Henrik.
  Jason | http://blog.configmgrftw.com

• Requested gave this error: Denied by policy

  We recently installed Exchange Edge Transport on a server between our Exchange and our TMG and are receiving some previously unseen email bounces, please see below:
  Requested rejected your message to the following e-mail addresses:
  user at mcafee dot com 
  Requested gave this error:
  Denied by policy
  A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
  Diagnostic information for administrators:
  Generating server: EDGE.college.ac.uk
  user at mcafee dot com
  Requested #550 Denied by policy ##
  Original message headers:
     Received: from EXCH1.college.ac.uk (10.0.1.12) by EDGE.college.ac.uk
  (10.0.1.98) with Microsoft SMTP Server (TLS) id 14.2.347.0; Thu, 24 Apr 2014
  12:11:26 +0100
  Received: from EXCH1.college.ac.uk ([10.0.1.12]) by EXCH1.college.ac.uk
  ([10.0.1.12]) with mapi id 14.02.0247.003; Thu, 24 Apr 2014 12:11:26 +0100
  From: "Shunnar, Saber" <user at Lowestoft.ac.uk>
  To: "user at mcafee dot com
  " <user at mcafee dot com
  >
  Subject: High risk mail srver remove request
  Thread-Topic: High risk mail srver remove request
  Thread-Index: Ac9fre5VPELKTwiyR2G/2FrKw/zq7Q==
  Date: Thu, 24 Apr 2014 11:11:25 +0000
  Message-ID: <>
  Accept-Language: en-GB, en-US
  Content-Language: en-US
  X-MS-Has-Attach:
  X-MS-TNEF-Correlator:
  x-originating-ip: [10.0.30.3]
  Content-Type: multipart/alternative;
              boundary="_000_81BDB8D50CF42D4BB9B163C04FA31C8972A28150EXCH1collegeacu_"
  MIME-Version: 1.0
  Return-Path:
  It doesn't seem clear what is generating the message? has anyone seen this before?
  Thank you in advance for your help.

  Hello,
  Please check if some users from other external domains send message to your organization, the issue also occurs. If the issue occur on specific domain or sender , please check your sender filter agent.
  Or disable anti-spam agent temporarily to check the result.
  Cara Chen
  TechNet Community Support

• ERROR: AmFilter: An error occured while processing request. Access will be

  Hello,
  I am having problem in accessing a protected resource in access manager. The debug log shows exception class not found.
  06/10/2005 11:24:51:188 AM EDT: Thread[service-j2ee,5,main]
  ERROR: AmFilter: An error occured while processing request. Access will be denied.
  java.lang.NoClassDefFoundError
  at com.sun.identity.agents.realm.AmRealm.initializeAmRealm(Unknown Source)
  at com.sun.identity.agents.realm.AmRealm.<init>(Unknown Source)
  at com.sun.identity.agents.realm.AmRealmManager.<init>(Unknown Source)
  at com.sun.identity.agents.realm.AmRealmManager.<clinit>(Unknown Source)
  at com.sun.identity.agents.as81.AmAS81J2EEAuthHandler.getModuleDebug(Unknown Source)
  at com.sun.identity.agents.as81.AmAS81J2EEAuthHandler.authenticate(Unknown Source)
  at com.sun.identity.agents.filter.AmFilter.doLocalAuthWithSessionBinding(Unknown Source)
  at com.sun.identity.agents.filter.AmFilter.doLocalAuth(Unknown Source)
  at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(Unknown Source)
  at com.sun.identity.agents.filter.AmAgentFilter.doFilter(Unknown Source)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
  at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
  at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
  at java.security.AccessController.doPrivileged(Native Method)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
  at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:221)
  at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2072)
  I am protecting a servlet running on application server 8.1 EE protected by J2ee Policy agent.
  I compared all the class path of another appserver instance with the protected appserver instance. Only difference is addition of policy agent jar files:
  /opt/SUNWam/j2ee_agents/lib/am_agent_sdk_2_1.jar
  /opt/SUNWam/j2ee_agents/lib/am_agent_filter_2_1.jar
  /opt/SUNWam/j2ee_agents/lib/am_sdk.jar
  /opt/SUNWam/j2ee_agents/lib/am_services.jar
  /opt/SUNWam/j2ee_agents/lib/am_sso_provider.jar
  /opt/SUNWam/j2ee_agents/lib/am_logging.jar
  /opt/SUNWam/j2ee_agents/lib/am_as81_agent_2_1.jar
  The application web.xml has the necessary filer added:
  <filter-mapping id="FilterMapping_PolicyAgent">
  <filter-name>Agent</filter-name>
  <url-pattern>/amsampleServlet</url-pattern>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>INCLUDE</dispatcher>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>ERROR</dispatcher>
  </filter-mapping>
  <servlet>
  Please let me know anybody has seen similar problem and what was the fix applied.
  Thanks
  Krishnakumar

  Found the problem....
  I had amclientsdk.jar in my classpath prefix which caused the probelm!
  It's working now!.
  Thanks
  Krishnakumar

• Error when submitting GRC request

  Hello IDM Gurus, <br>
  We were running into an issue when trying to set up our IDM - GRC integration; when submitting a request to GRC via the AC Validation task the "Submit AC Request" task always encounters an error, but in spite of which the request still gets created on the GRC end; weirdly enough, 2 requests get created each time:<br>
  putNextEntry failed storingcn=TESTUSER,ou=submitrequest,o=grc
  Exception from Add operation:javax.naming.CommunicationException: [LDAP: error code 2 - (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)]; remaining name 'cn=TESTUSER,ou=submitrequest,o=grc'
  <br>
  On the GRC end we noticed that we are getting the following error:<br>
  2011-12-05 20:21:32,046 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
  com.virsa.ae.service.umi.UMIException: com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
       at com.virsa.ae.service.umi.ume.UMESearchUser.getUserById(UMESearchUser.java:304)
       at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:198)
       at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
       at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
       at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)
  2011-12-05 20:21:32,064 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.virsa.ae.core.BOException:  Error in Searching Users...
  com.virsa.ae.core.BOException:  Error in Searching Users...
       at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:201)
       at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
       at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
       at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)
  As a result of this error GRC AC Submit request never completes successfully and so the polling task never starts, instead immediately the pending values are skipped and removed from the user in question.<br>
  <br>
  What are we supposed to set the User data source as within CUP? Is there something else we should be doing to fix this?<br>
  <br>
  Would greatly appreciate your help with trying to fix this!<br>
  <br>
  Thanks a lot in advance!<br>
  <br>
  Best regards,
  Sandeep
  Edited by: Sandeep Jayendran on Dec 6, 2011 11:22 AM

  Hello Gents,
  I ran another test and had a look at the VDS Operation log to get more detail around the error; here's an excerpt from the operation log:
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  End element SOAP-ENV:Envelope
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  org.apache.axis.i18n.resource::handleGetObject(empty00)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  NSPop (empty)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  org.apache.axis.i18n.resource::handleGetObject(setMsgForm)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Setting current message form to: FORM_OPTIMIZED (currentMessage is now org.apache.axis.utils.ByteArray)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Exit: SOAPPart::saveChanges(): org.apache.axis.utils.ByteArray@7ecd78
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Operations result is:SUCCESS
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Additional message = msgcode=000;msgdescription=Request Created;msgtype=SUCCESS;requestno=92
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Requst number: 92
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Exception in GRC WS API call:oracle.jdbc.driver.OracleDriver
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  *** Fetch result code ***
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Info  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Operation result: 2
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Warning  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Exception: (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Returning: opResult:2,info: ((GRC Submit Request:2:oracle.jdbc.driver.OracleDriver))
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Finished add operation
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Sending operation result
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: All  Thread: Thread[3,3,LDAP
  Sessions:main_listener_4389] Logger: Plain Message:
  Sending response to socket: 63621
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  LDAP Session continues ...
  It's the strangest thing, because it seems to send the request across successfully which is how the request is getting created in CUP but after it succeeds it encounters the exception with the GRC WebService call from the API; any ideas why this is happening? how can we possibly fix this?
  Would greatly appreciate any insight / advice on this!
  Cheers!
  Sandeep

• Error: Resource not found in FilterOptionCollection. Please help

  Hi Experts,
  I'm currently implementing Approve Requests at a customer.
  I've got the service TASKPROCESSING pointing to ERP_WF. I can see the catalog SAP_FND_TC_TX1 and I've created a tile, pointing to my scenario as defined in the netweaver gateway.
  When I go to launchpad the reference error message is displayed.
  Details on the word file.
  Error Resource not found Filter Option Collection - Approve Requests.docx - Google Drive
  Thanks in advance!

  Thank you Andre,
  We finally solved it. I post the correction for future reference.
  The problem was solved by changing the configuration on the assignment of the data provider to the data model.
  ZTM_TGW_SVC_MODEL_0001_BE software version was DEFAULT, when it should've been /IWPGW/BWF.
  The route in SPRO is: SAP Netweaver->Gateway>OData Channel>Administration>General Settings> Assign Data Provider to Data Model.

• Error when submitting GRC request from IDM

  Hello GRC gurus,
  We were running into an issue when trying to set up our IDM - GRC integration; when submitting a request to GRC via the AC Validation task the "Submit AC Request" task always encounters an error, but in spite of which the request still gets created on the GRC end; weirdly enough, 2 requests get created each time:<br>
  putNextEntry failed storingcn=TESTUSER,ou=submitrequest,o=grc
  Exception from Add operation:javax.naming.CommunicationException: [LDAP: error code 2 - (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)]; remaining name 'cn=TESTUSER,ou=submitrequest,o=grc'
  <br>
  On the GRC end we noticed that we are getting the following error:<br>
  2011-12-05 20:21:32,046 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
  com.virsa.ae.service.umi.UMIException: com.sap.security.api.NoSuchUserAccountException: Cannot find user when logonid is null!
       at com.virsa.ae.service.umi.ume.UMESearchUser.getUserById(UMESearchUser.java:304)
       at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:198)
       at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
       at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
       at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)
  2011-12-05 20:21:32,064 [SAPEngine_Application_Thread[impl:3]_30] ERROR com.virsa.ae.core.BOException:  Error in Searching Users...
  com.virsa.ae.core.BOException:  Error in Searching Users...
       at com.virsa.ae.search.bo.SearchUserBO.getUserById(SearchUserBO.java:201)
       at com.virsa.ae.ejbutil.submitrequest.RequestSubmissionBean.submitRequest(RequestSubmissionBean.java:564)
       at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBBean.getSubmitRequest(SubmitRequestEJBBean.java:45)
       at com.virsa.ae.ejb.submitrequest.SubmitRequestEJBObjectImpl0_0.getSubmitRequest(SubmitRequestEJBObjectImpl0_0.java:119)
  As a result of this error GRC AC Submit request never completes successfully and so the polling task never starts, instead immediately the pending values are skipped and removed from the user in question.<br>
  <br>
  What are we supposed to set the User data source as within CUP? Is there something else we should be doing to fix this?<br>
  <br>
  Would greatly appreciate your help with trying to fix this!<br>
  <br>
  Thanks a lot in advance!<br>
  <br>
  Best regards,
  Sandeep

  Hi Diego,
  Thanks a lot for your quick response! Sorry for the delay in responding; I was travelling.
  Uploading the new files from the Note you mentioned allowed us to view what the actual errors were; but we've started running into new errors now; when looking at the operation logs for VDS, I see that the webservice actually returns an operation result of SUCCESS also quoting that "Finished add operation"; which is why the request does in fact get created in CUP but a couple of log entries later after the webservice returns the request number I encounter the following error within VDS:
  Exception in GRC WS API call:oracle.jdbc.driver.OracleDriver
  Here's the error found in sequence within a set of other operational log messages within VDS:
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  End element SOAP-ENV:Envelope
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  org.apache.axis.i18n.resource::handleGetObject(empty00)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  NSPop (empty)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  org.apache.axis.i18n.resource::handleGetObject(setMsgForm)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Setting current message form to: FORM_OPTIMIZED (currentMessage is now org.apache.axis.utils.ByteArray)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Exit: SOAPPart::saveChanges(): org.apache.axis.utils.ByteArray@7ecd78
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Operations result is:SUCCESS
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Additional message = msgcode=000;msgdescription=Request Created;msgtype=SUCCESS;requestno=92
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Requst number: 92
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Exception in GRC WS API call:oracle.jdbc.driver.OracleDriver
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  *** Fetch result code ***
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Info  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Operation result: 2
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Warning  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Exception: (GRC Submit Request:2:oracle.jdbc.driver.OracleDriver)
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Returning: opResult:2,info: ((GRC Submit Request:2:oracle.jdbc.driver.OracleDriver))
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Finished add operation
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  Sending operation result
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: All  Thread: Thread[3,3,LDAP
  Sessions:main_listener_4389] Logger: Plain Message:
  Sending response to socket: 63621
  Time: Tue Dec 13 18:01:43 GMT 2011  Level: Debug  Thread: Thread[3,3,LDAP Sessions:main_listener_4389] Logger: Plain Message:
  LDAP Session continues ...
  It's the strangest thing, because it seems to send the request across successfully which is how the request is getting created in CUP but after it succeeds it encounters the exception with the GRC WebService call from the API; any ideas why this is happening? how can we possibly fix this?
  Would greatly appreciate any insight / advice on this!
  Cheers,
  Sandeep

• "insufficient existing resources to complete requested service" IO problem?

  Hi, my application reads from a repository of 1 million documents and then do some processing (very simple and requires little memory or computation) then outputs to another repository, where output files are placed in a flat structure, i.e., 1 million files in a single folder, not organised into any subfolders. I know this is a bad design and Im about to change it, but not sure if this is the cause of my problem (see following).
  My program haulted and threw exception *"insufficent existing resources to complete requested service"* every time it reached about 800k documents. And after I got this exception, my WinXP OS starts to misbehave, like sometimes I cannot open applications properly, and sometimes memory reference address issues, and once I tried to run JAVA IDE (intellij 7.0) again and I got this message:
  "ERROR: transport error 202: recv failed during handshake: No buffer space available (maximum connections reached?)"
  Also I tried to list all open files in a console, but the command hangs and without responding, looks like there are too many things to list or too little resources available to complete the operation.
  All these problems go away if I restart system.
  I have confirmed the following possible causes and they do not apply:
  - unclosed IO's , I checked the code and all IO operations properly instantiated and closed;
  - memory leak, java profiler shows memory consumption well below allocated max, and very stable (test on 100k documents, not whole of 1million though)
  I do not have any clue now as how this problem happend and how I can solve it. I wonder if placing all 800k documetns in a single folder causes problem? I know that if I try to call File.listFiles() on a folder with too many files that will cause memory problem. But I didnt have this kind of method call at all, but simply writing a particular file to that folder. Does this cause problem too? I am about to change this and to organise the output folder to subfolders, but is this the right dirrection to take?
  I am sorry that my description may be insufficient to truely debug the problem, but that is all I can get and it does look strange to myself too. Please could you throw in your ideas - any thoughts about the exception message, even any guess on what would be causes to this etc...
  Any thoughts are very much appreciated!
  Thanks so much inadvance!

  Hi Paul, thanks. I have did as you suggested, implemented a standalone program to test the issue. What I did is, I wrote a simple program which extends Thread, and creates 1 million files and write empty content and store to disk. Then I tested with 4 instances of such class, i.e., 4 threads writing 4 milllion files in total to disk - but to different locations, so there's no writing-to-same-file issues. And the system crashes at certain point.
  I then did another test to make the problem clearer. instead of running the 4 threads in parallel, I only create a new thread after previous one has completed. and this time still it crashes for the same reason, and at about 2.5million files have been created.
  The crash looks severe, as it simply crashes the system and I cannot do anything but to force shut down my pc. Then a restart asks to check disk integrity, and reported alot messages like :
  "deleting orphaned file xyx.xml ......" from drive X where X is the drive that the files are written to.
  Here I attach my testing code:
  public class TestClass extends Thread{
  public void process (String inputPath, String outputRootPath){
  FileStoreProxy p=new FileStoreProxy(outputRootPath);   // a FileStoreProxy keeps record of a root directory where files are created and
  // written to. It also creates subfolder (File.mkdirs()) such that every 10000 files
  //are stored in a subfolder under the root directory. The class doesnt do any IO
  List<File> folders = FileLoader.getFolderRecursive(new File(inputPath)); // this method loads all folders from inputPath. InputPath is a disk
  // directory that contains more than 1million xml files
  for (File folder : folders) {
    File[] files = folder.listFiles();
      for (File f : files) {
        if (f.isFile()) {
           FileOutputStream stream = null;
           try {
                File newFile = new File(p.nextBestLocation()+"/"+f.getName());  //basically this line creates a new file whose path is composed by
  //the directory returned by FileStoreProxy, plus the filename as the input filename.
                stream = new FileOutputStream(newFile, false);          // create an outputstream
                stream.write("test".getBytes());                                  //write to the file
           catch (IOException ioe) {
              e.printStackTrace()
           finally {
              if (stream != null) {
                 try {
                    stream.close();
                    stream = null;
                 } catch (IOException ioe) {
                   e.printStackTrace();
  }And here is the class which creates four threads
  TestClass tc1 = new TesetClass;
  tc1.process("input_file_repository","f:/temp/outputpath1");
  while (!tc1.isFinished()){        // isFinished() is a method in TestClass, which tells whehter the thread has finished running.
  TestClass tc2 = new TesetClass;
  tc2.process("input_file_repository","f:/temp/outputpath2");
  while (!tc2.isFinished()){        // isFinished() is a method in TestClass, which tells whehter the thread has finished running.
  TestClass tc3 = new TesetClass;
  tc3.process("input_file_repository","f:/temp/outputpath3");
  while (!tc3.isFinished()){        // isFinished() is a method in TestClass, which tells whehter the thread has finished running.
  TestClass tc4 = new TesetClass;
  tc4.process("input_file_repository","f:/temp/outputpath4");
  while (!tc4.isFinished()){        // isFinished() is a method in TestClass, which tells whehter the thread has finished running.
  }Hope this helps... I had a feeling that the cause of the problem is that File IO is doing too fast such that some resources (file handle for example?) are not released in time and are floating somewhere, as a result, after some point it crashes. And later on the OS disk check reports that there are orphan files which are created by the program.
  Any ideas much appreciated! thanks!

• ISE Guest Portal - Error Resource not found

  Hello,
  When I create a guest user through the sponsor portal, then try to login with this guest user through the Guest Portal, after I press login button, the following error message occurs and do not know what to do to solve.
  Error: Resource not found.
  Resource: /guestportal/
  None of the messages on the forum about it helped me to solve the problem.
  I am using ISE 1.1.3.124 and this is a new re-image appliance.
  Can anyone help?                  

  Hello,
  As you are not able to  get the guest portal, then you need to assure the following things:-
  1) Ensure that the  two  Cisco av-pairs that are configured on the authorization profile should  exactly match the example below. (Note: Do not replace the "IP" with the  actual Cisco ISE IP address.)
  –url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp
  –url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also  defined on the access switch)
  2) Ensure that the URL redirection portion of the ACL have been applied  to the session by entering the show epm session ip   command on the switch. (Where the session IP is the IP address that is  passed to the client machine by the DHCP server.)
  Admission feature : DOT1X
  AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e
  URL Redirect ACL : ACL-WEBAUTH-REDIRECT
  URL Redirect :
  https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72
  0000A45A2444BFC2&action=cpp
  3) Ensure that the preposture assessment DACL that is enforced from the  Cisco ISE authorization profile contains the following command lines:
  remark Allow DHCP
  permit udp any eq bootpc any eq bootps
  remark Allow DNS
  permit udp any any eq domain
  remark ping
  permit icmp any any
  permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
  permit tcp any host 80.0.80.2 eq www --> Provides access to internet
  permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
  port
  permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
  communication between NAC agent and ISE (Swiss ports)
  permit udp any host 80.0.80.2 eq 8905 --> This is for posture
  communication between NAC agent and ISE (Swiss ports)
  permit udp any host 80.0.80.2 eq 8906 --> This is for posture
  communication between NAC agent and ISE (Swiss ports)
  deny ip any any
  Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.
  4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on  the switch as follows:
  ip access-list extended ACL-WEBAUTH-REDIRECT
  deny ip any host 80.0.80.2
  permit ip any any
  5) Ensure that the http and https servers are running on the switch:
  ip http server
  ip http secure-server
  6) Ensure that, if the client machine employs any kind of personal  firewall, it is disabled.
  7) Ensure that the client machine browser is not configured to use any  proxies.
  8) Verify connectivity between the client machine and the Cisco ISE IP  address.
  9) If Cisco ISE is deployed in a distributed environment, make sure that  the client machines are aware of the Policy Service ISE node FQDN.
  10) Ensure that the Cisco ISE FQDN is resolved and reachable from the  client machine.
  11) Or you need to do re-image again.