Failed to decrypt UME session security password from secure storage

Similar Messages

• Reading Encrypted Password from Configuration File and Decrypt it at login

  Hi All,
  My application reads a configuration file to connect to the ORACLE database. The values defined for password are clear text as given below:
  user: 'mh'
  password='abcd1234'
  Is there is any way I can give an encrypted password in the configuration file instead of a clear text file and at the time of login ORACLE decrypts it. I am using ORACLE 11g Database.
  My company have a requirement that passwords are not stored in the clear in properties files. the reason being I suppose that if the password is stored in plaintext someone could hit the property file directly, get the password and then connect to the database with it.
  For a regular user connecting through an Oracle client or SQL Developer they would need to have the plaintext password in order to connect.
  its based on the requirements of
  International Standards Organization Guidance
  ISO 17799 � 9.5.4 requires password management systems to:
  � enforce the use of individual passwords
  � allow users to select and change their own passwords if appropriate
  � enforce a choice of quality passwords
  � force regular changes of passwords
  � maintain a record of previous user passwords to prevent re-use
  � not display passwords when they are being entered
  � store password files separately from application system data
  � store passwords in encrypted form using a one way encryption algorithm
  � alter default vendor passwords following installation of software
  So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.
  I have feeling there is a way of configuring this in Oracle advanced Security, but just can't quite get it to work.
  Edited by: user5568473 on 20-May-2013 00:05

  So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.... and neither can your application. Encryption is needed in this case. The decryption must be written into your application. I've written my own in some cases, but finding a library for your development language is a smarter solution.
  One alternative is using an Oracle wallet. It doesn't fit every circumstance and does have some maintenance headaches.
  You can set up a basic secure password store to encrypt and store the password for a given user@instance combination, and then connect to the database without passing a password. SQL*Net adds in the appropriate password from the wallet for when you connect.
  http://www.oracle.com/technetwork/database/security/twp-db-security-secure-ext-pwd-stor-133399.pdf
  Advanced Security Option also allows you to set up a Public Key Infrastructure connections (SSL encryption and/or authentication). It also uses a wallet to store the SSL certificates and credentials. I don't have personal experience on this approach.
  SSL and the wallet allow you to connect to the database similar to CONNECT/@net_service_name or sqlplus /@net_service_namehttp://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#CIHCBIEG

• Failed to Open a Session on the Device - scanning from Mac OSX 10.9.3 - M1217nfw

  Hello,
  I'm running into some issues scanning wirelessly from our HP LaserJet M1217nfw MFP from any Mac running 10.9.3. I've tried to "Reset Printing System" and re-adding the printer with no success. Each time I open either Preview/Printers & Scanners/Image Capture, I receive the following error message: "Failed to Open a Session on the Device." When I add the printer, I do so by selecting the "+" icon, and selecting "Add Printer or Scanner..." selecting the printer from the list listed via bonjour, and "Select the software" but my model printer is not listed. The closest printer listed is HP LaserJet Professional M1210nf MPF Series, but it doesn't work. Any ideas here?
  This question was solved.
  View Solution.

  Welcome to the HP Forums jpuebla,
  I see by your post that you are having issues scanning, you aren't able find the drivers to add the printer.
  I can help you with this issue.
  The drivers for Maverick are the Apple Update drivers.
  OS X v10.9 Mavericks: Installing and Using the Printer on a Mac.
  Repair the Disk Permissions on the Mac:
  Close all applications.
  On the Apple menu bar, click Go, click Applications and then click Utilities.
  Double-click Disk Utility.
  Highlight your hard drive/partition on the left.
  Click Verify and then Repair Disk Permissions.
  Restart the computer.
  Reset the Printing System:
  Note: This will remove all printers in the print and Fax/Scan, any printer removed can be re-added later by clicking the plus (+) symbol.
  Click the Apple icon ( ), and then click System Preferences.
  Click Printers & Scanners.
  Right-click (or Ctrl +click) in the left white side panel, then click Reset printing system.
  Click OK to confirm the reset.
  Type the correct Name and Password.
  Click OK to reset the printing system.
  Then click the + sign, then select the printer from the list and click on the Add button.
  (make sure it shows the printer name beside Use, not the Airprint driver)
  You might have to run the Apple Updates again with USB cable connected to get the drivers installed.
  Then try and add the bonjour printer again.
  Test the printer again.
  If you are having network issues, then add the printer through the IPProtocal.
  After clicking the  + button, select the IP icon across the top, type in the printer's IP address, select jet direct below and then Apply.
  Test the printer.
  I have seen the HP Printer Drivers v.2.16.1 for OS X drivers work successfully, if the issue persists.
  If you need further assistance, let me know.
  Have a nice day!
  Thank You.
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
  Gemini02
  I work on behalf of HP

• Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state

  we have developed packages to do the followings
  Extract data from DB2 Source and put it in MS Sql Server 2008 database (Lets Say DatabaseA).From MS Sql Server 2008 (DatabaseA)
  we will process the data and place it in another database MS Sql Server 2008 (DatabaseB)
  We have created packages in BIDS..We created datasource connection in Datasource folder in BIDS..Which has DB2 Connection and both Ms Sql Server connection (Windows authentication-Let
  say its pointing to the server -ServerA which has DatabaseA and DatabaseB).The datasource connections will be used in packages during development.
  For deployment we have created Package Configuration which will have both DB2 Connection and MS SqlServer connection in the config
  We deployed the packages in different MS SqlServer by changing the connectionstring in the config for DB2 and MS SqlServer...
  While runing the package we are getting the following error message
  Code: 0xC0016016     Source:       Description: Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for
  use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available.
  ilikemicrosoft

  Hi Surendiran,
  This is because the package has been created by somebody else and the package is being deployed under sombody else's account. e.g. If you are the creator then the package is encryption set according to your account and the package setup in SQL server is
  under a different user account.
  This happens because the package protection level is set to EncryptSensitiveWithUserKey which encrypts
  sensitive information using creator's account name.
  As a solution:
  Either you have to set up the package in SQL server under your account (which some infrastructures do not allow).
  OR
  Set the package property Protection Level to "DontSaveSensitive" and add a configuration file
  to the package and set the initial values for all the variables and all the connection manager in that configuration file (which might be tedious of-course).
  OR
  The third options (which I like do) is to open the package file and delete the password encryption entries from the package. Do note that this is not supported by designer and every time you make changes to the connection managers these encryption entries come
  back.
  Hope this helps. 
  Please mark the post as answered if it answers your question

• Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B

  Hi,
  I have developed several SSIS packages with the last Beta of VS2005 / SQL Server CTP. After the public release I tried to uninstall the CTP-Versions to install the msdn finals but this time I got lost and was not able to satisfy the requirements of the final setup of VS2005. So I decided to install the whole pc again and after some hours I had a clean machine (XP with latest SQL Server 2005 Standard and VS2005 Professional).   Now I have tried to open my SSIS-Project but getting the following error:   Error loading ImpNetqNewsRss.dtsx: Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Schlüssel ist im angegebenen Status nicht gültig.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available.
  After some “googleing” I found this thread: http://forums.microsoft.com/msdn/showpost.aspx?postid=22739&siteid=1   If I’m right the solution should be to use a Package Password, but I can’t figure out where I have to go enter/change a password. I even can’t remember I that ever used a password on my old installation for a dtsx-package??   Any help is welcome…   Regards, Dirk

    Let's Say your package name is MyPackage
    In Visual Studio  Go to Control Flow Tab.
    Righ Click on an empty area inside the window not clicking  "Data Flow Component" .  pop up menu click the the properties to get to the properties window of MyPackage package.
  Under the Security Area -> You will see 
          ProtectionLevel              -- Change that to EncryptSensitiveWithPassword
          PackagePassword          -- enter password->  temp
  This should do the trick however to be sure:
  Below you will connection managers:
  Database Connections (if more than one preform on all) 
    Double Click your connection to get the property pages. Click "ALL" under the Connection Link on Left Side. Scroll Down to Security Area.
    Provide the followings:
     Password  (for the sql userid being used)
     Persist Security Info  = True
  Save the Package and connect to SQL Integration Srvices in SQL Manager  (To Server e.g; DBServer (Integration Services) 
    Stored Packages -> MSDB -->  Right Click --> choose Import Package
    in the property dialog box 
                Package Location :   File System 
                Package Path  -- Choose the location of your dtsx file.  (MyPackage.dtsx)
    Leave everything default.
    Click OK.
    Dialog box will appear asking for the Package Password 
    Provide the password-> temp
    You have successfully imported the package called MyPackage.
    In order to create a job.   
    In the job Step->
         Type:  SQL Server Integration Services Package
         In the General Tab:
                   Package Source :  SSIS Package Store
                   Server : DBServer  (Where we stored our package above)
      Click the button for the package:  Choose your package  (MyPackage)
     Click OK :
      It will ask the package password again :  temp
                  Package has successfully been loaded to Job Step.  Now you can schedule and do a test run on the job.
    Thanks for the patience of reading for those who are expert.
    - Azhar

• Trying to Change AD Password from GW2014 failing

  Hello,
  I've got the Caledonia books by Danita and I am preparing to upgrade / move our GW2012 edirectory system to 2014, then migrating that to AD. In preparation, I have set up a test GW2014 server and set it to authenticate LDAP against AD. I was easily able to get a user to sync and login to both the 2014 client and webaccess. However, when I try to change the password for this user through either client, the attempt fails with the following error in the POA:
  17:10:43 4233 Error: LDAP failure detected [D06B] User:gw2014test (gw2014test)
  The closest TID I have seen on this is for GW 2012 where it says that LDAP passwords in GroupWise were designed to work with eDirectory so the function does not work in other LDAP servers?!
  Any help would be much appreciated!
  Thanks

  I don't believe there is a way to check for expired pwd. I'll check with developers though.
  --Morris
  >>> davearre<[email protected]> 8/1/2014 4:36 AM >>>
  Hi, Morris,
  Awesome, thank you that worked!! After I posted my question I tried to
  do the SSL but got LDAP error 81 on the POA because I exported the DC's
  certificate and not the CA's. Once I followed your steps and exported
  the CA certificate I was able to login and change the password without
  error in both the client and webaccess.
  One more question, I tried to do a "user must change their password on
  next login", which is what we do now with eDirectory with new teachers
  especially in the summertime, they can change passwords from home before
  they arrive. With edir and an expired password, Webaccess puts up a page
  for them to change their password. It also does this at password
  expiration time. When I set the user must change password in AD, I could
  no longer log into webaccess at all, it acted like the password was
  incorrect. Is there a trick to get the change password page prompt in
  Webaccess or is this something not available with AD as the
  authentication source?
  Thanks for your quick help!
  mblackham;2327566 Wrote:
  > You can change your AD password via the GW 2014 client, however, due to
  > requirements of AD, the LDAP session must be SSL'ized to do so. So
  > you'll have to export the CA cert that your AD LDAP process is using and
  > import it in to the AD directory configuration in GW Admin Console.
  > Here are the high level steps to getting the AD cert:
  >
  >
  >
  >
  > •Run MMC on the Domain Controller
  >
  > •Add the “Certificates” Snap-In for the Computer account. (File |
  > Add/Remove Snap-Ins)
  >
  > •Find the certificate issued to the domain controller in the
  > “Personal/Certificates” folder.
  >
  > •View the certification path for the certificate, locate the CA and
  > view it’s properties.
  > Export the CA certificate as a DER or PEM file
  >
  >
  > --Morris
  >
  >
  >
  > >>> davearre<[email protected]> 7/31/2014 3:36 PM >>>
  >
  >
  >
  >
  > Hello,
  >
  > I've got the Caledonia books by Danita and I am preparing to upgrade /
  > move our GW2012 edirectory system to 2014, then migrating that to AD.
  > In
  > preparation, I have set up a test GW2014 server and set it to
  > authenticate LDAP against AD. I was easily able to get a user to sync
  > and login to both the 2014 client and webaccess. However, when I try to
  > change the password for this user through either client, the attempt
  > fails with the following error in the POA:
  >
  > 17:10:43 4233 Error: LDAP failure detected [D06B] User:gw2014test
  > (gw2014test)
  >
  > The closest TID I have seen on this is for GW 2012 where it says that
  > LDAP passwords in GroupWise were designed to work with eDirectory so
  > the
  > function does not work in other LDAP servers?!
  >
  > Any help would be much appreciated!
  >
  > Thanks
  >
  >
  > --
  > davearre
  > ------------------------------------------------------------------------
  > davearre's Profile: https://forums.novell.com/member.php?userid=14696
  > View this thread: https://forums.novell.com/showthread.php?t=478544
  davearre
  davearre's Profile: https://forums.novell.com/member.php?userid=14696
  View this thread: https://forums.novell.com/showthread.php?t=478544

• Web service security: Unable to extract username / password from soapheader

  Hi All,
  For a webservice, we have implemented basic authentication (plain text password) using jdeveloper wizard. We are successfully getting the textbox for username and password. However, the problem is when trying to extract the username and password from the soapHeader on the server side.
  Here is the soap message:
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.dubaitrade.ae"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" mustUnderstand="1"><wsse:UsernameToken><wsse:Username>testuser</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testpass</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header>
  <soap:Body>
  <ns:processValidateCust>
  <paymentMethod>cash</paymentMethod>
  </ns:processValidateCust>
  </soap:Body>
  </soap:Envelope>
  Here is the sample java file:
  public class ValidateCustImpl implements javax.xml.rpc.server.ServiceLifecycle {
  ServletEndpointContext ctx;
  public String processValidateCust(String paymentMethod) {
  if (ctx != null) {
  SOAPMessageContext context =
  (SOAPMessageContext)ctx.getMessageContext();
  try {
  SOAPHeader header =
  context.getMessage().getSOAPPart().getEnvelope().getHeader();
  System.out.println(header.getNamespaceURI() + " " +header.toString());
  } catch (SOAPException x) {
  System.out.println("Exception" + x);
  x.printStackTrace();
  Here is the output:
  NamespaceURI for header is:http://schemas.xmlsoap.org/soap/envelope/
  and the header is:<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"/>
  However, if i "Inspect" the header in "debug" mode in jdev, i do see the strings i had passed.
  Name     Value     Type
  - header     soap:Header     Header11
  + headerExtensionContext          HeaderExtensionContext
  defaultNs     null     String
  name     null     Name
  childrenNeedUpdate     false     boolean
  nodeId     21474836507     long
  flags     1     int
  - data          Object[1024]
       + [43]     wsse:Security     HeaderElement11
  + [44]     xmlns:wsse     QxName
  + [45]     "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"     String
  + [46]          XMLAttr
  + [49]     wsse:Security     HeaderElement11
  + [50]     mustUnderstand     QxName
  + [51]     "1"     String
  + [55]     wsse:Security     HeaderElement11
  + [56]     wsse:UsernameToken     QxName
  - [60]     wsse:Username     Element11
  defaultNs     null     String
  name     null     Name
  childrenNeedUpdate     false     boolean
  nodeId     42949673023     long
  flags     1     int
  + data          Object[1024]
  + [61]     wsse:Password     Element11
  + [63]     wsse:UsernameToken     Element11
  + [64]     wsse:Username     QxName
  + [66]     wsse:Password     Element11
  + [68]          TextImpl
  + [69]          TextImpl
  + [71]     wsse:Username     Element11
  + [72]     "testuser"     char[3]
  + [75]     wsse:UsernameToken     Element11
  Any idea how do i extract this username from the header?
  TIA,
  abbas

  Can someone help here please?

• Extracting username and password from security header

  Hey all,
  I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
  1) I secured my BPEL process
  2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
  3) I added the security variable to the Header Variables for the BPEL process input
  4) I added the security variable to the Input Header Variables for the web service's invoke operation
  This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
  Environment:
  JDeveloper 11.1.1.6.0
  Thanks,
  Bill

  Hi Sri,
  If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
  Thanks,
  Bill

• New Imac. I get rid off login password from security and account and restart. Now it asks for username and password and it's not acepting anything. Any ideas?

  New Imac. I get rid off login password from security and accounts and restart. Now it asks for username and password and it's not acepting anything. Any ideas?

  First, reset your password as follows.
  Boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the OS X Utilities screen appears, select Utilities ▹ Terminal from the menu bar.
  In the Terminal window, type this:
  resetpassword
  That's one word with no spaces. Then press return. A Reset Password window opens.
  Select your boot volume if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
  Select  ▹ Restart from the menu bar.
  You should now be able to log in with the new password, but you won't be able to unlock the Keychain. If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it. You’ll need to reset your keychain in the preferences of the Keychain Access application.
  If you're being prompted to authenticate when making changes to files inside your home folder, continue as follows.
  Back up all data now.
  This procedure will unlock all your user files (not system files) and reset their ownership and access-control lists to the default. If you've set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. If none of this is meaningful to you, you don't need to worry about it.
  Step 1
  Launch the Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Drag or copy — do not type — the following line into the Terminal window, then press return:
  sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; sudo chown -R $UID:20 ~ $_ ; chmod -R -N ~ $_ 2> /dev/null
  Be sure to select the whole line by triple-clicking anywhere in it. You'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. You don't need to post the warning. If you don’t have a login password, you’ll need to set one before you can run the command.
  The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal.
  Step 2
  Boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the OS X Utilities screen appears, select Utilities ▹ Terminal from the menu bar. A text window opens.
  In the Terminal window, type this:
  resetpassword
  That's one word with no spaces. Then press return. A Reset Password window opens. You’re not going to reset a password.
  Select your boot volume if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Under Reset Home Directory Permissions and ACLs, click the Reset button.
  Select  ▹ Restart from the menu bar.

• DRM-61026: Unable to create user session for the following reason: Login failed. Invalid user name or password.

  All Im very new to Oracle DRM and Im trying to get the app setup on Windows server running SQL Server 2008.  When I try to login to the Web Client I keep getting this error.
  DRM-61026: Unable to create user session for the following reason: Login failed. Invalid user name or password.
  Can you please help

  This might be due to The 'Oracle Instance' path may not have been set to a path relative to the 'CSS Bridge Host' (i.e. the Foundation Services machine) on the Configuration > Host Machines > CSS > General tab of the DRM Configuration Utility.
  if this is the case then
  1. Open the DRM Configuration Console.
  2. Go to the Configuration > Host Machines > CSS > General tab of the DRM Configuration Utility.
  3. Ensure that the path in 'Oracle Instance' has been set relative to the 'CSS Bridge Host' (i.e. the Foundation Services machine defined in 'CSS Bridge Host').
  4. If corrections are made to 'Oracle Instance' then restart the DRM services to pick up the change.
  Thanks,
  ~KKT~

• SET PASSWORD FROM SESSION STATE

  Hi, I need to set the password from session state but I can not do this when Display As option is set to PASSWORD. In case of Text Field works ok.
  How to accomplish this?

  Acctually I need to implement the functionality of email confirmation, but I thought a simple way is to login by clicking on a link sent by email.
  Anyhow in a password field I can not set the value, even I use a hidden item.

• How to retrive data from encrypted backup(failed in itunes) - i have the password!!

  I know there are other software that may help to retrive the data but it doesn't work with encrypted backup.
  Now i have the password, i have the encrypted backup (failed to recover in itunes).
  What can i do? is it possible to remove the password from the encrypted backup provided that i have the password????

  No, it's not possible.
  What happens when trying to restore the backup via iTunes?  It is entirely possible that the backup is simply corrupted.

• How do I migrate the passwords from secured pdfs/their profiles to a new computer and new version of

  how do I migrate the passwords from secured pdfs/their profiles to a new computer and new version of acrobat?  I lost one computer that had standard 9, went to new computer, then upgraded to XI.  All my password profiles are not coming through.  How do I get them back?

  There is also a program called Senuti that I used when I had a PC crash with all my iTunes stuff on it:
  www.fadingred.com/Senuti

• SQL Server Agent Failed to decrypt protected XML node

  I'm getting the below error when trying to run sql server agent to run an SSIS package. I've updated folder security to allow sql server agent access, but cannot get the package to execute within SQL Management Studio. The package runs find in SSIS. 
  11.0.2100.60 for 64-bit  Copyright (C) Microsoft Corporation. All rights reserved.    Started:  12:12:00 PM  Error: 2014-11-30 12:12:02.65     Code: 0xC0016016     Source: LoadStgProspects      Description:
  Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that
  the correct key is available.  End Error  Error: 2014-11-30 12:12:03.88     Code: 0xC0016016     Source: LoadStgProspects      Description: Failed to decrypt protected XML node "DTS:Password" with error
  0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available.  End Error  Error: 2014-11-30
  12:12:04.74     Code: 0xC0209303     Source: LoadStgProspects Connection manager "Excel Connection Manager"     Description: The requested OLE DB provider Microsoft.Jet.OLEDB.4.0 is not registered. If the 64-bit driver
  is not installed<c/> run the package in 32-bit mode. Error code: 0x00000000.  An OLE DB record is available.  Source: "Microsoft OLE DB Service Components"  Hresult: 0x80040154  Description: "Class not registered".
   End Error  Error: 2014-11-30 12:12:04.74     Code: 0xC020801C     Source: Load prospect files Prospect xls [231]     Description: SSIS Error Code DTS_E_CANNOTACQUIRECONNECTIONFROMCONNECTIONMANAGER.  The AcquireConnection
  method call to the connection manager "Excel Connection Manager" failed with error code 0xC0209303.  There may be error messages posted before this with more information on why the AcquireConnection method call failed.  End Error  Error:
  2014-11-30 12:12:04.74     Code: 0xC0047017     Source: Load prospect files SSIS.Pipeline     Description: Prospect xls failed validation and returned error code 0xC020801C.  End Error  Error: 2014-11-30 12:12:04.74
      Code: 0xC004700C     Source: Load prospect files SSIS.Pipeline     Description: One or more component failed validation.  End Error  Error: 2014-11-30 12:12:04.74     Code: 0xC0024107     Source:
  Load prospect files      Description: There were errors during task validation.  End Error  Error: 2014-11-30 12:12:04.74     Code: 0xC00220DE     Source: LoadStgProspects      Description: Error
  0xC0012050 while loading package file "C:\Users\Jim\Documents\Visual Studio 2010\Projects\SSISTraining\SSISTraining\LoadStgProspects.dtsx". Package failed validation from the ExecutePackage task. The package cannot run.  .  End Error  DTExec:
  The package execution returned DTSER_FAILURE (1).  Started:  12:12:00 PM  Finished: 12:12:04 PM  Elapsed:  4.337 seconds.  The package execution failed.  The step failed.,00:00:04,0,0,,,,0

  Hi selfdestruct80,
  According to your description, you created SSIS package and it works fine. But you got the error message when the SSIS package was called from a SQL Server Agent job.
  According to my knowledge, the package may not run in the following scenarios:
  The current user cannot decrypt secrets from the package.
  A SQL Server connection that uses integrated security fails because the current user does not have the required permissions.
  File access fails because the current user does not have the required permissions to write to the file share that the connection manager accesses.
  A registry-based SSIS package configuration uses the HKEY_CURRENT_USER registry keys. The HKEY_CURRENT_USER registry keys are user-specific.
  A task or a connection manager requires that the current user account has correct permissions.
  According to the error message, the SSIS Package ProtectionLevel property to EncryptSensitiveWithPassword as ArthurZ mentioned. To solve the problem, you need to go to Command Line tab, manually specify the paassword in SQL Agent Job with the command like below:
  /FILE "\"C:\Users\xxxx\Documents\SQL Server Management Studio\SSIS\Package.dtsx\"" /DECRYPT somepassword /CHECKPOINTING OFF /REPORTING E
  If you have any more questions, please feel free to ask.
  Thanks,
  Wendy Fu
  Wendy Fu
  TechNet Community Support

• Problems in Changing LDAP (AD) Initial Password from Portal

  Hello ,
  We are using EP 7.01 SP 05 with Microsoft AD as our user data store (flat structure).
  For newly created users on AD, we are wanting them to be able to change their initial passwords from portal (on their first logon).
  SSL is set up between EP and AD.
  The user we are using to access LDAP has write privileges.
  We are using a standard configuration file (writeable version) (dataSourceConfiguration_ads_writeable_db.xml)
  We are able to modify users from User Administration console (including password change) without any problem.
  However, there are two problems we are facing:
  1. If the flag "User must change password at first logon" is set on AD/LDAP, then on Portal the user is not getting prompted for changing password - and User authentication failed
  2. If the flag "User must change password at first logon" is NOT set on AD/LDAP, then - User is getting prompted to change the password" - however password change is not going through successfully - Error says - "Missing".
  From logs I can see the following error:
  #1.5#0050568767DE006B0000000700005D7C00048EC433D5B0FC#1282873241046#com.sap.security.core.persistence#sap.com/irj#com.sap.security.core.persistence.[cf=com.sap.security.core.persistence.datasource.imp.LDAPPersistence][md=changePassword][cl=64495]#Guest#0#SAP J2EE Engine JTA Transaction : [044ffffffd35700451]#n/a##19ae55e0b17c11dfb0d00050568767de#SAPEngine_Application_Thread[impl:3]_23##0#0#Error##Java###Can not change password
  [EXCEPTION]
  {0}#1#javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, \#1:
  0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
  ]; remaining name 'cn=portal test'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2943)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2749)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1449)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
  Can any one pls suggest what is this error about and what I am missing.
  Thanks ,
  Shanti

  Hello All,
  Thank you for your time and valuable replies.
  I got rid of the "Missing" error and now I am one step away from the solution.
  Now I am at a stage where: (for a user with initial password on LDAP)
  1. In AD if "User needs to change password on next logon" flag is NOT set - user can successfully logon to portal. (without being prompted for password change)
  2. In AD if "User needs to change password on next logon" flag is set - then user cannot logon to portal - I get User authentication failed error.
  I have went through a lot of discussions around this topic on SDN and different SAP Notes. I have tried to maintain UME Security policy as close as possible to LDAP (I cannot make it exactly same due to some differences in LDAP and UME).
  However, when and administrator can change passwords from UME successfully without any problem - it means that:
  - Security policy is being met
  - Service user used to communicate to LDAP has all the required access
  The only missing piece of the puzzle is how to enable the users to be able to change their passwords (with initial or expired passwords).
  According to Note 865399 - the default value for The property ume.ldap.access.set_pwd is TRUE.
  Also the property ume.ldap.access.pwd.via.usercontext can only be TRUE when ume.ldap.access.set_pwd is set to FALSE.
  So, I have tried setting the following without any success:
  <ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
  <ume.ldap.access.set_pwd>false</ume.ldap.access.set_pwd>
  Thanks,
  Shanti