Exchange2013 preparead error: "length of the access control list exceed the allowed maximum"

Similar Messages

• Public parts not allowed to be used by the access control list

  hi,
  I have 2 DCs. DC1 and DC2.  I want to use public parts of DC2 in DC1. When I try to do so in in the dependencies tab, I get the following error.
  some public parts are not allowed to be used by the access control list.
  how to resolve this error ?
  Thanks !

  Hi,
  Sorry for the delayed response ....Both ends static routes are added for the connected test interfaces.....
  Regards,
  Mahesh 

• ERROR    does not support access control lists

  Please be patient ...
  guiengine: login in process.
  INFO       2004-07-19 16:33:45 [syxxcfile.cpp:346]
             CSyFileImpl::copy(iastring)
  Copying file C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.xml to: q0w9e9r8t7.1.xml.
  INFO       2004-07-19 16:33:45 [syxxcfile.cpp:446]
             CSyFileImpl::copy(iastring)
  Copying file C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.xml to: q0w9e9r8t7.1.xml.
  INFO       2004-07-19 16:33:45 [synxcnodut.cpp:339]
             CSyNodeUtils::createNodeWithType(iastring,bool,ISyNode::eNodeType,iastring)
  Creating file C:\Program Files\sapinst_instdir\j2ee-sneak-preview\install\q0w9e9r8t7.1.xml.
  INFO       2004-07-19 16:33:47 [syxxcfile.cpp:346]
             CSyFileImpl::copy(iastring)
  Copying file C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.xml to: C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.1.xml.
  INFO       2004-07-19 16:33:47 [syxxcfile.cpp:446]
             CSyFileImpl::copy(iastring)
  Copying file C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.xml to: C:/Program Files/sapinst_instdir/j2ee-sneak-preview/install/keydb.1.xml.
  INFO       2004-07-19 16:33:47 [synxcnodut.cpp:339]
             CSyNodeUtils::createNodeWithType(iastring,bool,ISyNode::eNodeType,iastring)
  Creating file C:\Program Files\sapinst_instdir\j2ee-sneak-preview\install\keydb.1.xml.
  INFO       2004-07-19 16:33:49 [ianxbusprv.cpp:337]
             CIaNtUserPrivileges::add_impl(., ASIAPACIFIC\chirutha, SeTcbPrivilege SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege)
  Successfully added privileges 'SeTcbPrivilege SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege' to account 'ASIAPACIFIC\chirutha' on host '.'.
  PHASE      2004-07-19 16:33:52 [iaxxcwalker.cpp:409]
             CDomWalker::printPhaseInfo()
  Prepare the installation program.
  INFO       2004-07-19 16:33:57 [iaxxcwalker.cpp:59]
             CDomWalker::walk()
  Installation start: Monday, 19 July 2004, 16:33:45; installation directory: C:\Program Files\sapinst_instdir\j2ee-sneak-preview\install; product to be installed: Sneak Preview Edition of SAP Web Application Server Java 6.40> Install SAP Web Application Server Java 6.40
  INFO       2004-07-19 16:34:03
             CJSlibModule::writeLogEntry()
  DNS is configured correctly.
  INFO[E]    2004-07-19 16:34:07 [synxcfsmgt.cpp:126]
             CSyFileSystemMgtImpl::getFSExport(iastring)
  File system export (share) saploc does not exist.
  INFO[E]    2004-07-19 16:34:23 [synxcuser.cpp:98]
             CSyUserImpl::CSyUserImpl(const CUserData&, bool)
  Account user="j2eadm" does not exist. <#1>
  INFO[E]    2004-07-19 16:34:27 [synxcfsmgt.cpp:126]
             CSyFileSystemMgtImpl::getFSExport(iastring)
  File system export (share) saploc does not exist.
  INFO       2004-07-19 16:34:28
             CJSlibModule::writeLogEntry()
  Looking for WebAS instances installed on this host...
  INFO       2004-07-19 16:34:28
             CJSlibModule::writeLogEntry()
  No installed instances found!
  WARNING[E] 2004-07-19 16:34:29 [syxxcnamrs.cpp:125]
             PSyServicesEntry CSyIPNameResolverImpl::getServiceByName(const iastring& serviceName, const iastring& protocol) const
  Error converting from service name=sapmsJ2E/protocol=tcp to port number. SAPRETURN=12
  WARNING[E] 2004-07-19 16:34:29 [syxxcnamrs.cpp:334]
             PSyServicesEntry CSyIPNameResolverImpl::getServiceByPort(const unsigned int portNumber, const iastring& protocol) const
  Error converting from port number=3601/protocol=tcp to service names. SAPRETURN=12
  INFO[E]    2004-07-19 16:34:33 [synxcuser.cpp:98]
             CSyUserImpl::CSyUserImpl(const CUserData&, bool)
  Account user="chiruthad1\j2eadm" does not exist. <#1>
  INFO[E]    2004-07-19 16:34:38 [synxcuser.cpp:98]
             CSyUserImpl::CSyUserImpl(const CUserData&, bool)
  Account user="chiruthad1\SAPServiceJ2E" does not exist. <#1>
  INFO       2004-07-19 16:34:38 [syxxcfile.cpp:346]
             CSyFileImpl::copy(iastring)
  Copying file C:/Program Files/SAPinst_WAS/J2EE-CD/JDKVersion.xml to: ..
  INFO       2004-07-19 16:34:38 [syxxcfile.cpp:446]
             CSyFileImpl::copy(iastring)
  Copying file C:/Program Files/SAPinst_WAS/J2EE-CD/JDKVersion.xml to: ..
  INFO       2004-07-19 16:34:38 [synxcnodut.cpp:339]
             CSyNodeUtils::createNodeWithType(iastring,bool,ISyNode::eNodeType,iastring)
  Creating file C:\Program Files\sapinst_instdir\j2ee-sneak-preview\install\JDKVersion.xml.
  INFO[E]    2004-07-19 16:34:38 [syxxccuren.hpp:192]
             CSyCurrentProcessEnvironmentImpl::getEnvironmentVariable(iastring)
  Unable to get value for environment variable JAVA_HOME.
  INFO       2004-07-19 16:34:39
             CJSlibModule::writeLogEntry()
  Execution of the command "C:/j2sdk1.4.2_04/bin/java.exe '-version'" finished with return code 0. Output: 1.4.2_04
  INFO       2004-07-19 16:34:40
             CJSlibModule::writeLogEntry()
  Execution of the command "C:/j2sdk1.4.2_03/bin/java.exe '-version'" finished with return code 0. Output: 1.4.2_03
  WARNING    2004-07-19 16:34:40
             CJSlibModule::writeLogEntry()
  Directory C:/WINNT is not a valid JDK directory: the java executable is missing.
  INFO       2004-07-19 16:34:40
             CJSlibModule::writeLogEntry()
  Found valid JAVA_HOME directory C:\j2sdk1.4.2_04 with JDK version 1.4.2_04.
  INFO       2004-07-19 16:34:40
             CJSlibModule::writeLogEntry()
  Execution of the command "C:\j2sdk1.4.2_04/bin/java.exe '-version'" finished with return code 0. Output: 1.4.2_04
  INFO[E]    2004-07-19 16:34:41 [syxxccuren.hpp:192]
             CSyCurrentProcessEnvironmentImpl::getEnvironmentVariable(iastring)
  Unable to get value for environment variable SAPINST_DEBUG_TRACE.
  INFO[E]    2004-07-19 16:34:46 [synxcfsmgt.cpp:126]
             CSyFileSystemMgtImpl::getFSExport(iastring)
  File system export (share) saploc does not exist.
  INFO[E]    2004-07-19 16:34:48 [synxcfsmgt.cpp:126]
             CSyFileSystemMgtImpl::getFSExport(iastring)
  File system export (share) saploc does not exist.
  INFO[E]    2004-07-19 16:35:09 [synxcfsmgt.cpp:126]
             CSyFileSystemMgtImpl::getFSExport(iastring)
  File system export (share) saploc does not exist.
  INFO       2004-07-19 16:35:22
             CJSlibModule::writeLogEntry()
  Execution of the command "C:\j2sdk1.4.2_04/bin/java.exe '-version'" finished with return code 0. Output: 1.4.2_04
  Transaction begin ********************************************************
  ERROR      2004-07-19 16:35:22
             CJSlibModule::writeLogEntry()
  The file system on drive C: does not support access control lists. Choose a different drive.
  Transaction end **********************************************************
  WARNING    2004-07-19 16:35:22 [iaxxccntrl.cpp:474]
             CController::stepExecuted()
  The step checkParameters with step key J2EE_Workplace|ind|ind|ind|WebAS|630|0|J2EE_EngineEnterpriseDefault|ind|ind|ind|WebAS|630|0|J2EE_Engine|ind|ind|ind|J2EE_Engine|630|0|checkParameters was executed with status ERROR.
  SAPinst component stack:
  ========================
    Preinstall|ind|ind|ind|ind|ind|0
  Current script:
  ===============
  if (context.getBool("installJ2EEEngine") && ! context.getBool('applyPatch')) {
    ASSERT(arguments.callee, context.get("JAVA_HOME"), "JAVA_HOME ist not set.");
    var jh = context.get("JAVA_HOME");
    var len = jh.length;
    if (jh.substr(len-1) == "/" || jh.substr(len-1) == "
      jh = jh.substr(0, len-1);
      context.set("JAVA_HOME", jh);
    var versions = Java.readVersionFile(installer.getCD("J2EE"));
    var version = Java.checkHome(jh, versions.minVersion, versions.maxVersion);
    if (!version) {
      installer.writeErrorWithArray(Java.errorMessage);
    } else if (Java.compareVersions(version, versions.maxVersion) != -1) {
      installer.writeWarningWithArray(Java.errorMessage);
  var drives = ["WindowsDrive", "DBDataDrive", "DBRedologDrive", "DBSoftwareDrive"];
  for (var i = 0; i < drives.length; ++i) {
    var drive = context.get(drives<i>);
    if (drive && ! check_drive(drive)) {
      installer.writeError("ind-rel.ind-os.ind-db.j2ee-eng.noFAT", drive);
  WARNING    2004-07-19 16:36:48 [iaxxcsihlp.hpp:183]
             main()
  An error occurred during the installation. 
  Exit status of child: 1

  Hi Stefan,
  Thanks.
  Regards,
  krishna

• "LOCAL" not available in the access control list

  trying to enable mac address access control. however i only see timed and radius in the pulldown menu. do i need to reconfigure the base station? connect via ethernet while i set it up? thanks.

  use the "timed" version and set it for unlimited access

• Access Control List Problem -won't let me in anymore?

  Whilst attempting to add a second Airport Express (AE2) to my network I believe i have changed some setting somewhere!!!
  I can see the new AE (AE2) in the menu bar as a seperate network not what i want - more importantly, when i select my network 'orchard' i now get the following message...
  "...Selected Network uses Access Control List to restrict Access etc...
  See Administrator for help - well i'm the Administrator!!!
  If i select other from the menu bar and then 'orchard' from that list
  Then enter the WEP p/w i get the same message as above.
  Any ideas please - all i wanted to do was add AE2 to enable iTunes to stream throughout the house - now i'm i a right old mess!!!
  thanks
  ianjh

  That message indicates that you have enabled the access control list on the AirPort Express (AX) and the computer you are trying to connect is not on that list.
  I suggest that you disable that list since it doesn't offer any real security. The MAC addresses are broadcast, easy to determine, and easy to clone.
  If you only want to use the AirPort Express (AX) for iTunes, reset the AX and then follow the directions in KB 302153, AirPort Express: How to join an existing wireless network in client mode.

• Cannot remove the access control entry object on the object because the ACE isn't present

  Hello,
  I am very new to using Powershell and Exchange Management Shell, and have no prior experience using either of these tools. However, the software I am installing requires me to use the EMS tool in order to set certain permissions for a user in Exchange, which
  will be like the admin account. 
  The command I am attempting to run follows as:
  Get-ExchangeServer | Remove-ADPermission -User $newusername -Deny -ExtendedRights Receive-As -Confirm:$False 
  This throws me an error saying:
  cannot remove the access control entry on the object because the ACE isn't present. I've done some research, and have found that this error is quite common, but the solutions do not apply to what I am specifically trying to accomplish. I am simply trying
  to remove the Receive-As permission for the admin user that I just created.
  Once again, I am very new to Exchange and Powershell, but if there is any advice anyone has, it would greatly appreciated.

  I ran this command, and a very long list was displayed, it looks like everything is there.
  The weird thing is that I was able to run a previous command which granted Receive-As access to the user I am creating: 
  Get-ExchangeServer | Add-ADPermission -User $newusername -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin -Confirm:$False 
  The description for the commands to run read to 'grant permissions and to revoke denies, if present'. I'm not sure what this means, but the second part of this pertains to the second command that I am having trouble with:
  Get-ExchangeServer | Remove-ADPermission -User $newusername -Deny -ExtendedRights Receive-As -Confirm:$False

• Macbook pro +   access control list

  Hi everyone,
  i hope someone can help me here.  I keep trying to sign on to my wireless network with my macbook pro and it keeps giving me the error "this network uses an access control list and you're not on the list".....so i go into my router with my desktop and turn off the access control list, and it works until i put my mac to sleep.  when it wakes up, the same error message comes up again.  This has happened for the last 2 months or so.
  I've tried adding the macbook pro to the access control list and turning off the access control list altogether....to no avail, i get the same error message no matter what i do.  The only solution that's worked is if i reset my router every single time i wake up the mac.
  I have an intel macbook pro circa 2007 running on os x tiger, my router is a netgear wireless G router.  i've scoured the internet for answers but can't find anything, here's to hoping someone can help me.  Thanks ahead.

  When you turn off access control do you restart your router.  Also take a look at this link, http://support.netgear.com/app/answers/detail/a_id/13112/~/securing-your-wireles s-network%3A-access-control-list

• Cannot sort in file/folder access control list in 8 or Server 2012

  I use Windows 8 and Server 2012 Datacenter (with GUI).  In 7/2008R2, I was formerly able to get properties on a file or folder, go to Security tab, click Advanced, and sort the access control list by type, access, inherited from, etc.  Now, it
  doesn't do anything when I click on the headings.   I know I did not find this during the Beta or Release Preview periods, but I do wish this feature would be added back.
  I tried to send this through MS Connect, but they said it was a Server 2008 issue.  Does that mean that it was never supposed to sort?  But I argue that 8 and Server 2012 have the bug.  Here is an image of the window I am referring to, for
  clarification:

  This is really frustrating. Just got 2012 R2 management server and a week after, I noticed the same issue. The only difference is that I'm sorting AD delegation, with 150+ ACEs. While having huge lists of ACEs, it is a must of being able to sort them
  by different columns. Sad that it is considered a bug - it's usually an opposite, when a bug is offered as a feature...
  I still hope this will be fixed with time to come, else - it will be more practical to use PowerShell than such handicapped GUI.
  MCSE, MCITP

• Designing a network with 6 base stations and an Access control lists

  I have 6 airport extreme (802.11n) base stations setup in my studio.
  I'm a little concerned about security as they're all setup individually (wireless mode: Create a wireless network) with the same Network names (mystudio) and WPA/WPA2 personal password so my roaming users don't have to keep entering passwords / experience dropouts etc
  i have lots of freelancers who are in and out of the studio and there isn't anyway for me to monitor who is currently connected to my wifi network.
  i'd like to setup a wireless network that only allows you to connect to the WIFI network only if your MAC address is on the access control list.
  is this possible with Apple Airport extreme base stations or would it be a better idea for me to invest in a 3rd party product?
  all the base station are connected to an Ethernet point and have static IP's assigned to them.
  whats the best way to deploy such a solution;should i keep the setting as they are and manually enter the mac address for 30 portable machines on each base station or is there a more pragmatic solution...
  any help / input would be much appreciated.
  Thank You

  When employing Access Control in a roaming network configuration, the MAC addresses would be required to be entered atr each of the base stations ... as there is no means (unfortunately) to have them "automatically" migrate amongst them.
  However, one important thing to note. Only wireless security, using WPA or WPA2, will actually secure the wireless network. MAC addresses can easily be spoofed. Someone, determined to do so, can still access your network ... even if secured by Access Control.

• Error while turning on Access control for web proxy

  When I try turning on access control setting for the service (using web-based server admin page: sever preferences->restrict access), i got this pop-up error message:
  System Error:
  The POST variables could not be read from stdin.
  Environment:
  Windows2000 SP2
  Sun ONE WebProxy 3.6 SP1
  File-System NTFS
  Thx

  Hi,
  Please mention on which platform you have installed the iplanet web proxy server. If it is on NT then make sure it must on NTFS partition.
  refer the following link for more details
  http://docs.iplanet.com/docs/manuals/proxy/36/adminnt/contents.htm

• The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Origin 'null' is therefore not allowed access.

  Hello. I added custom http response headers to my SP site web config file as follows: 
  <httpProtocol>
        <customHeaders>
               <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS" />
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="Content-Type,Authorization" />
        </customHeaders>
      </httpProtocol>
  When I try to call any web service, i get these headers two times each: 
  HTTP/1.1 200 OK
  Cache-Control: private, max-age=0
  Transfer-Encoding: chunked
  Content-Type: application/atom+xml;type=entry;charset=utf-8
  Expires: Sat, 01 Mar 2014 19:11:37 GMT
  Last-Modified: Sun, 16 Mar 2014 19:11:37 GMT
  ETag: "3"
  X-SharePointHealthScore: 0
  SPClientServiceRequestDuration: 20
  SPRequestGuid: b4e77d9c-bfc3-a050-493a-ca5d251d1a72
  request-id: b4e77d9c-bfc3-a050-493a-ca5d251d1a72
  X-FRAME-OPTIONS: SAMEORIGIN
  Persistent-Auth: true
  Access-Control-Allow-Methods: POST,GET,OPTIONS
  Access-Control-Allow-Origin: *
  Access-Control-Allow-Headers: Content-Type,Authorization
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Access-Control-Allow-Methods: POST,GET,OPTIONS
  Access-Control-Allow-Origin: *
  Access-Control-Allow-Headers: Content-Type,Authorization
  MicrosoftSharePointTeamServices: 15.0.0.4569
  Date: Sun, 16 Mar 2014 19:11:37 GMT
  and that gives me error from ajax: The 'Access-Control-Allow-Origin'
  header contains multiple values '*, *', but only one is allowed. Origin 'null' is therefore not allowed access.
  The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
   Origin 'null' is therefore not allowed access.
  Any idea???

  Hi Ann,
  Please check whether there are duplicate custom headers in your code.
  Similar issue for your reference:
  http://social.msdn.microsoft.com/Forums/office/en-US/b79b75f4-b46b-46ae-ae29-17a352b6b90b/custom-http-response-headers-for-sp-2013-shown-2-times?forum=sharepointdevelopment 
  Regards,
  Rebecca Tu
  TechNet Community Support

• ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP

  I am getting following ACL error while executing following procedure:
  create or replace procedure sat_proc as
  http_req utl_http.req;
  http_resp utl_http.resp;
  BEGIN
  http_req := utl_http.begin_request('www.yahoo.com');
  http_resp := utl_http.get_response(http_req);
  utl_http.end_response(http_resp);
  END;
  exec sat_proc;
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1130
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at "TRANSDBA.SAT_PROC", line 5
  ORA-06512: at line 1
  I am able to execute successfully while executing above code as PL/SQL block:
  DECLARE
  http_req utl_http.req;
  http_resp utl_http.resp;
  BEGIN
  http_req := utl_http.begin_request('www.yahoo.com');
  http_resp := utl_http.get_response(http_req);
  utl_http.end_response(http_resp);
  END;
  PL/SQL procedure successfully completed.
  Could help me find why I am getting error while executing same code in a procedure? Is there any privilege missing?

  GRANT EXECUTE ON SYS.UTL_HTTP TO <your_user>;
  SQL> set time on
  17:21:01 SQL> set role none;
  Role set.
  17:21:23 SQL> @utl_http.sql
  17:21:34 SQL> DECLARE
  17:21:34   2  http_req utl_http.req;
  17:21:34   3  http_resp utl_http.resp;
  17:21:34   4  BEGIN
  17:21:34   5  http_req := utl_http.begin_request('www.yahoo.com');
  17:21:34   6  http_resp := utl_http.get_response(http_req);
  17:21:34   7  utl_http.end_response(http_resp);
  17:21:34   8  END;
  17:21:34   9  /
  PL/SQL procedure successfully completed.
  17:21:35 SQL> connect / as sysdba
  Connected.
  17:22:47 SQL> connect dbadmin/admindb
  Connected.
  17:23:06 SQL> @utl_http.sql
  17:23:22 SQL> DECLARE
  17:23:22   2  http_req utl_http.req;
  17:23:22   3  http_resp utl_http.resp;
  17:23:22   4  BEGIN
  17:23:22   5  http_req := utl_http.begin_request('www.yahoo.com');
  17:23:22   6  http_resp := utl_http.get_response(http_req);
  17:23:22   7  utl_http.end_response(http_resp);
  17:23:22   8  END;
  17:23:22   9  /
  PL/SQL procedure successfully completed.
  17:23:23 SQL> set role none;
  Role set.
  17:23:29 SQL> @utl_http.sql
  17:23:31 SQL> DECLARE
  17:23:31   2  http_req utl_http.req;
  17:23:31   3  http_resp utl_http.resp;
  17:23:31   4  BEGIN
  17:23:31   5  http_req := utl_http.begin_request('www.yahoo.com');
  17:23:31   6  http_resp := utl_http.get_response(http_req);
  17:23:31   7  utl_http.end_response(http_resp);
  17:23:31   8  END;
  17:23:31   9  /
  DECLARE
  ERROR at line 1:
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1130
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at line 5
  17:23:31 SQL> above is from test user
  Below is from SYSDBA account
  SQL> set time on
  17:20:53 SQL> revoke execute on sys.utl_http to dbadmin;
  revoke execute on sys.utl_http to dbadmin
  ERROR at line 1:
  ORA-00905: missing keyword
  17:22:03 SQL> revoke execute on sys.utl_http from dbadmin;
  revoke execute on sys.utl_http from dbadmin
  ERROR at line 1:
  ORA-04020: deadlock detected while trying to lock object
  ACLiLZU+w09hR7gQAB/AQAjcw==
  17:22:32 SQL> /
  Revoke succeeded.
  17:22:52 SQL> Edited by: sb92075 on Jun 10, 2010 5:24 PM

• Change in Access Control components on the Service Marketplace

  Hello GRC community:
  We would like to inform you that as of yesterday (5/30) the Access Control components for support messages/SAP Notes have been changed (they have actually been replaced so all messages/notes logged under the old component will be moved/replaced to the new).
  The main 4 components are now:
  New: GRC-SAC-ARA     Access Risk Management
  Old: GRC-SAC-SCC          Risk Analysis & Remediation (formerly Compliance Calibrator) 
  New: GRC-SAC-ARQ     Access Request
  Old: GRC-SAC-SAE          Compliant User Provisoning (formerly  Virsa Access Enforcer) 
  New: GRC-SAC-EAM     Emergency Access Management
  Old: GRC-SAC-SFF          Superuser Privilege Management (formerly Virsa Firefighter) 
  New: GRC-SAC-BRM     Business Role Management
  Old: GRC-SAC-SRE          Enterprise Role Management (formerly Virsa Role Expert)
  There are also NEW components specific to areas of functionality. If you are not sure of what component to log your message under, please use the main components above.
  GRC-SAC-ADS          Directory Services
  GRC-SAC-BI             Access Control BW
  GRC-SAC-CONF       Configuration
  GRC-SAC-DAS          Dashboard
  GRC-SAC-REP          Repository
  GRC-SAC-RPT          Reporting
  GRC-SAC-UAR          User Access Review
  GRC-SAC-UPG          Installation & Upgrade
  GRC-SAC-WF           Workflow
  Ramelyn Paredes
  AGS Primary Support

  Hello COmmunity,
  To Summarise in Short: New features introduced to V10.0 : GRC 10.0 is ABAP based, so extraction of data from users is fast & analysis as well.
  As usual, the names for the Access control tool has been changed
  A. Access Risk Analysis (RAR)
  1. USOBT & object information will be automatically updated with GRC rather than manual upload (earlier version)
  2. Mass Users can be imported from .CSV file for risk analysis, Role analysis etc.,
  3. Variant creation / reuse for any report analysis
  4. Option of having multiple rule sets & simulating users across multiple rule sets at same time
  5. Risk analysis for CUA, Composite roles
  6. Mitigation by system, risk id, mass mitigation for users, audit trail etc.,
  7. Risk analysis for HR objects
  B. Emergency Access Management (SPM)
  1. Mass reporting for all FF users, Ids, Executions
  2. Centrally maintained for all systems rather than individual ERPs.
  C. User Access Management (CUP)
  1. Customizable Access request forms
  2. HR based role assignment for position, org unit
  3. IDM integration using GRC Web services
  D. Business Role Management (ERM)
  1. Concept of Business role mapping for Technical roles.
  2. Audit Trails & PFCG Change history.
  Finally, the look, reporting format has been changed to provide additional information for analysis.
  More important - GRC V5.3 support is till 2015 & SAP has planned to push the customers to upgrade to 10.0. Eventually SAP is also planning to release GRC 11.0 by mid next year. So we have to wait & watch the show

• Getting a 1809 error when trying to remote control PC from the Console.

  This is message i get when trying to remote view or remote control PC.....
  1809: An error has occurred while generating a session key for
  encryption.The remote session cannot be initiated. Contact Novell
  Techical Services and specify this code.

  This is for a 1807 error. My error is and 1809 error. Is there somewhere
  else to research on a 1809 error when trying to remote control PC from
  the Console?
  > Perhaps.................
  >
  > http://support.novell.com/techcenter/search/search.do?
  cmd=displayKC&docType=kc&externalId=10094808html&s liceId=&dialogID=2356487
  >
  > --
  > Craig Wilson
  > Novell Product Support Forum Sysop
  > Master CNE, MCSE 2003, CCNA
  >
  > Editor - http://www.ithowto.com
  >
  > (Seeking Full-Time Expert? Drop me a note :> )
  > <[email protected]> wrote in message
  > news:09i_e.2044$[email protected]..
  > > This is message i get when trying to remote view or remote control
  PC.....
  > >
  > >
  > > 1809: An error has occurred while generating a session key for
  > > encryption.The remote session cannot be initiated. Contact Novell
  > > Techical Services and specify this code.
  >
  >

• Access Control Lists on USB drive connected to AirPort Extreme

  I have a Seagate 320GB drive mounted in a NexStar 2 IDE drive enclosure and connected via USB to my AirPort Extreme Base Station, running version 7.4.1 firmware upgrade.
  Every time I restart the computer or unmount the network drive, an access control list appears to be written to the drive when there should be none, according to Disk Utility. I can tell when there are problems with the drive because the desktop icon turns from bright blue to grey-blue. I have to unmount the drive from the base station and connect it directly to the computer via firewire in order for Disk Utility to examine it. Generally, Disk Utility will report "Incorrect number of Access Control Lists (It should be 0 instead of (whatever number found) )
  Does anyone know why these Access Control Lists are appearing? Is there any easy way to locate them and remove them, other than disconnecting it from the base station and connecting to the computer?
  This problem happens with several different drives, in various NexStar 2 and NexStar 3 enclosures.

  Same problem for me, exept that it happends after copying a file to the drive. It don't happend if I just mount and unmount the disc. The same for all discs I have tryed.
  2009-03-04 12:59:30 +0100: Disk Utility started.
  2009-03-04 12:59:43 +0100: Verifying volume “UltramaxB”
  Starting verification tool: 2009-03-04 12:59:43 +0100
  2009-03-04 12:59:43 +0100: Checking Journaled HFS Plus volume.
  2009-03-04 12:59:43 +0100: Checking Extents Overflow file.
  2009-03-04 12:59:43 +0100: Checking Catalog file.
  2009-03-04 12:59:43 +0100: Checking multi-linked files.
  2009-03-04 12:59:43 +0100: Checking Catalog hierarchy.
  2009-03-04 12:59:43 +0100: Checking Extended Attributes file.
  2009-03-04 12:59:43 +0100: Incorrect number of Access Control Lists
  2009-03-04 12:59:43 +0100: 2009-03-04 12:59:43 +0100: 2009-03-04 12:59:43 +0100: (It should be 5427 instead of 5430)
  2009-03-04 12:59:43 +0100: Checking volume bitmap.
  2009-03-04 12:59:44 +0100: Checking volume information.
  2009-03-04 12:59:44 +0100: 2009-03-04 12:59:44 +0100: The volume UltramaxB needs to be repaired.
  2009-03-04 12:59:44 +0100: Error: Filesystem verify or repair failed.2009-03-04 12:59:44 +0100:
  2009-03-04 12:59:44 +0100: Disk Utility stopped verifying “UltramaxB” because the following error was encountered:
  Filesystem verify or repair failed.
  2009-03-04 12:59:44 +0100: