Failover/Registered token issue

I have a system that utilizes registered tokens. The secondary sun server in the FOG went down so I had to get it repaired and had to reinstall the OS and sun ray software from scratch. I have installed it to match the specs of the primary server and am ready to rejoin this server to the FOG. My question is will the primary server automatically replicate the token information so that the new server will recognize the existing token id's? Or do I have to do some manual backup/import process?

When you restart SRSS after configuring the new system for Data Store replication (via 'utconfig' and 'utreplica') SRSS should automatically pull a complete copy of the Data Store contents from the existing primary. This will bring all of the existing token registrations onto the new system. You shouldn't need to do any additional manual work.
OttoM.
Disclaimer: I work for Oracle, but I do not speak for Oracle.

Similar Messages

  • Constantly getting "Reopen for Clustered Client Failover registered application has failed for FileObject " error in CCFilter eventlog.

    Hi everybody.
    Hope somebody will be able to help me with the following issue.
    I have the following environment configuration:
    1. WFC cluster (cluster1) contains 3 nodes - sql1,sql2,sql3
    2. sql1 and sql2 can run single shared instance SQL server
    3. Node sql3 is a standalone SQL server.
    4. AlwaysON is turned on shared instance and standalone SQL servers and availability group have been configured for multiple DBs. So sql3 is a replica of shared instance.
    5. All this runs on Vmware as a virtual machine.
    I'm  constantly getting following error in Microsoft-Windows-CCFFilter/Operational logfile when I execute SQL DB/Transaction log backup maintenance plan on my shared instance SQL server (sql1 or sql2):
    Log Name:      Microsoft-Windows-CCFFilter/Operational
    Source:        Microsoft-Windows-CCFFilter
    Date:          10/24/2014 6:00:12 AM
    Event ID:      2000
    Task Category: None
    Level:         Error
    Keywords:      
    User:          DOMAIN\wfcsqlsvc
    Computer:      SQL1
    Description:
    Reopen for Clustered Client Failover registered application has failed for FileObject 0xfffffa801cbb08a0 to \SQL3\Backups\Logs\DB1\DB1_backup_2014_10_24_060003_3960528.trn with status 0xC0000034
    Getting multiple mentioned errors for every single DB I'm running my backup maintenance plan against. The maintenance plan gets executed on SQL1 which is shared instance machine.
    Any ideas of what can cause this and how to fix it.
    Thanks in advance.

    Yes. I'm doing backup on primary replica in the AlwaysOn Availability Group. And this primary replica itself is a WFC shared SQL instance.
    I've double checked Maintenance Plan's History and Agent's logs. No Error, no warning, nothing. And by the way DB full and transaction log backups gets created as they should. By that I mean that 'For availability databases, ignore Replica Priority for Backup
    and Backup on Primary Settings' property is turned on and this allows me to do backups from primary replica.
    As you've written I've clear the maintenance plan setting ''For availability databases, ignore Replica Priority for Backup and Backup on Primary Settings.', and configure the availability group's AUTOMATED_BACKUP_PREFERENCE setting to allow backup from any
    replica for certain availability group. But still nothing. Getting the same error.
    This is how AVG1 are configured regarding Backup preferences:
    For example this subplan from Maintenance plan cause mentioned errors:

  • Azure API and tokens issued by azure AD

    anyone know of a sample that showcases the azure API management/delivery feature consuming (access) tokens issued by Azure AD?
    is there a reasons why its not even a sensible thing to conceive? (it seems obvious...but perhaps I have a disconnect somewhere)

    perhaps a useful comment flows from this:
    The documentation (at github, on AAD samples) is very engineering centric. Its very correct; very precise, overly so. It embeds best practices within (without teaching how to think about which of the 10 flows are proper, for different scenarios); and sometimes
    calls things opened connect, sometimes oauth2. Distinguishing the differences is the subtle art of interpreting Microsoft engineering speak.
    I learned 10 years not to program Microsoft apps in a way that is not demonstrated by an official sample. Thus the lack of a AAD sample of Azure API is problematic. I don't know (having been burned 100 times) that the OAUTH2 mentioned in the API docs is
    compatible with one of the oauth2 flows of AAD sample land.
    call me over thinker, if you like. But, this is what its like to be on the en d of the fragmented, drip drip, ALL change EVERY  3 years, communications style in windows/azure/win32 comsec.
    i suspect the fix is another attempt at a best practices document - with best practice teaching samples - similar to those that so excellently rounded out WIF work, in the last generation of efforts.

  • Registering tokens across HTTPS

    I am currently working with an application that registers client token identifiers with their HTTPS based servers. Unfortunately I seem to be encountering errors that I cannot find solutions to. When I execute my application I get the following error:
    Exception in thread "main" java.lang.NoClassDefFoundError
    at javax.crypto.Cipher.getInstance(DashoA12275)
    at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(Unknown Source)
    at com.sun.net.ssl.internal.ssl.RSACipher.<init>(Unknown Source)
    at com.sun.net.ssl.internal.ssl.RSACipher.getInstance(Unknown Source)
    at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
    at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:113)
    at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:71)
    at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:335)
    at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:308)
    at com.iplanet.services.naming.WebtopNaming.getServerFromID(WebtopNaming.java:245)
    at com.iplanet.dpro.session.SessionID.parseServerID(SessionID.java:368)
    at com.iplanet.dpro.session.SessionID.parseSessionString(SessionID.java:318)
    at com.iplanet.dpro.session.SessionID.getSessionServerProtocol(SessionID.java:174)
    at com.iplanet.dpro.session.Session.getSessionServiceURL(Session.java:755)
    at com.iplanet.dpro.session.Session.getSession(Session.java:625)
    at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:147)
    at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:296)
    at SSOTokenRegister.main(SSOTokenRegister.java:61)The code I am executing agasint the API to get this error is fairly simple:
    //create instance of token manager
    SSOTokenManager manager = SSOTokenManager.getInstance();
    //register
    SSOToken token = manager.createSSOToken(tokenId);The following is the contents of my is61sdkwin32\lib\AMConfig.properties file:
    com.iplanet.services.debug.level=message
    com.iplanet.services.debug.directory=C:/Path/To/Logs/
    com.iplanet.am.naming.url=https://3rd.party.url.com/amserver/namingservice
    com.iplanet.am.version=6.1
    com.sun.identity.webcontainer=IAS7.0
    com.iplanet.am.notification.url=http://client.listener.url.com:3700/listener
    com.iplanet.am.naming.ignoreNamingService=true
    com.iplanet.am.server.protocol=https
    com.iplanet.am.server.host=3rd.party.url.com
    com.iplanet.am.server.port=443
    com.iplanet.am.jssproxy.trustAllServerCerts=trueI am executing my application with the following batch file
    SET TOKEN_TO_REGISTER=%1
    ::Store current environment vars
    set OLD_PATH=%PATH%
    set OLD_CLASSPATH=%CLASSPATH%
    ::Set runtime directory environment vars
    set BASE=C:\Path\To\Sdk\is61sdkwin32
    set BASE_CLASS_DIR=.
    set LIB_DIR=%BASE%\lib
    ::Set runtime environment vars
    set IS_CLASSPATH=.
    SET IS_CLASSPATH=%IS_CLASSPATH%;%LIB_DIR%
    SET IS_CLASSPATH=%IS_CLASSPATH%;%BASE%\locale
    SET IS_CLASSPATH=%IS_CLASSPATH%;%LIB_DIR%\jaas.jar
    SET IS_CLASSPATH=%IS_CLASSPATH%;%LIB_DIR%\am_services.jar
    SET IS_CLASSPATH=%IS_CLASSPATH%;%LIB_DIR%\am_sdk.jar
    SET IS_CLASSPATH=%IS_CLASSPATH%;%LIB_DIR%\jss311.jar
    SET IS_CLASSPATH=%IS_CLASSPATH%;%LIB_DIR%\servlet.jar
    SET IS_CLASSPATH=%IS_CLASSPATH%;%LIB_DIR%\iaik_ssl.jar
    SET IS_CLASSPATH=%IS_CLASSPATH%;%LIB_DIR%\crimson.jar
    SET IS_CLASSPATH=%IS_CLASSPATH%;%LIB_DIR%\am_logging.jar
    SET IS_CLASSPATH=%IS_CLASSPATH%;%BASE%\is61sdkwin32\dtd
    set PATH=%BASE%\lib;%LIB_DIR%\jss;%OLD_PATH%
    set CLASSPATH=%IS_CLASSPATH%;C:\Progra~1\Java\jre1.5.0_06\lib\tools.jar;C:\Progra~1\Java\jre1.5.0_06\lib\jce.jar
    ::Execute
    C:\Progra~1\Java\jre1.5.0_06\bin\java -classpath %CLASSPATH% SSOTokenRegister %TOKEN_TO_REGISTER%
    ::Reset environment vars
    set PATH=%OLD_PATH%
    set CLASSPATH=%OLD_CLASSPATH%Initially I assume that this was an issue with the CLASSPATH, however this seems not to be the case.
    I am 100% certain the remote servers are not the issue, as other non java based applications function correctly. However these do not use the SUN API so I am beginning to believe that the issue lies in either how I execute the application (i.e. CLASSPATH) or how I have configured the application via the AMConfig.properties file.
    Can anybody shed any light on this?

    did you try jss.donotInstallAtHighestPriority=true ? That always seems to be the magic configuration with AM encryption

  • Nameidentifier claims is no longer in the token issued by Access Control Service(ACS) with newly created ACS

    Hi,
    In our existing ACS, when we add a new relying party with that associate with rule as bellow:
    input claim type as
    htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
    and output claim type as
    htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    When I used the ACS created previously, for token I received, I have
    Received claims with existing ACS:
    htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier:           testoem2,
    htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name:             TESTOEM2-MS,
    htp://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider:                htps://wp8partnerservicesv1-tst.accesscontrol.windows.net/
    but for the new ACS namespace, when I configure it exactly the same way, I receive
    htp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name:             TestOem2-MS,
    htp://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider:                htps://zackpartnerservice1-tst.accesscontrol.windows.net/'
    The nameidentifier claim is no longer in the token.
    Does anyone from Azure ACS team know what change in ACS might have cause this issue and how do I config the ACS so that I can get nameidentifier claim in the token too?
    since my account is not verified, I use h_ttp instead of http in my question.
    thank you,
    Zach

    Greetings, Zach!
    Please refer to this:
    https://msdn.microsoft.com/en-us/library/hh446535.aspx
    The article elaborates how federated identity works with ACS.
    Thank you,
    Arvind

  • Web Service Security X509 token issue...

    Hi All,
    I have an issue with using X509 certificates. Please find the details attached below:-
    I used the following link to create a simple keystore using 3rd party tools:-
    http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/CreateKeyStore_howto.htm
    NOTES:
    1) I think the above link creates self signed certificates.
    2) The signature and encryption key for both the web service and proxy created below are the same.
    As can be seen from this link, two certificates are created with aliases sam and dave. I then used the following link to secure the web service and proxy:-
    http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
    This link uses the OAS manager to set the keytoll related properties. These entries are already into system-jazn-data.xml. A point to note here is that the aliases of the certificates are stored in system-jazn-data.xml.
    My oracle-webservices.xml has the mapping attribute of the verify-x509-token token set to CN (Common Name). Hence I changed the above entries in system-jazn-data to reflect the common names instead of the aliases.
    However the standalone OC4J server still throws the following error whether I try to run the proxy with the mapping attr set to alias or CN in the jazn file:-
    07/07/05 20:58:14 Oracle Containers for J2EE 10g (10.1.3.1.1) initialized
    2007-07-05 20:58:39.876 ERROR Cannot authenticate X509 certificate, User CN=Sam
    Cooke, OU=samDept, EMAILADDRESS=[email protected], O=samOrg, L=samCity, ST=samState
    , C=US does not exist in our system
    07/07/05 20:58:39 javax.security.auth.login.LoginException: Cannot authenticate
    X509 certificate, User CN=Sam Cooke, OU=samDept, EMAILADDRESS=[email protected], O=
    samOrg, L=samCity, ST=samState, C=US does not exist in our system
    I have not exported any certificates from client to serve or vice versa.
    Please could someone help out? This is urgent.
    Regards,
    Lester.

    I had the same issue and solved it like this:
    Create a signed certificate, import it into your keystore and use that as Signature Key alias in both the client as the server security. Make sure the user with the same name exists in the realm on the server.
    Hope this helps,
    Lonneke

  • How to make API manager developer console client use AAD as a oauth2 token issuer

    the answer is configure the oauth2 authorization service record to ONLY use the client_credentials grant type.
    See
    https://yorkporc.wordpress.com/2015/02/23/getting-api-manager-to-use-aad-sts-finally/ for a success case.
    Do NOT (as one might do, thinking as a security engineer) use the authorization_code grant.
    So, after a week of effort, I figured my way through awful documentation to do something really easy (once one knows how).
    The documentation at
    http://azure.microsoft.com/en-us/documentation/articles/api-management-howto-oauth2/#step1 sends one the wrong way, since its picture happens to select authorization_code (which doesn't work, at least with AAD as the AS).
    its pretty clear that the developer console site is not architected to be using AADs own rather excellent delegated user identity security model. One could be leveraging the web site's own session (itself derived from the id_token issued by AAD) to entitle
    the web app server-side process to act for the user, which would normally supply (user's) auth_code and the sites own client credential set  to get privileged access to certain api endpoints of the api management instance. Obviously, that would require
    the console to be nominating which resouces (Api endpoint, within a product) are to be placed in the audience field of the token, which in turn requires more advanced AAD configuration (of those API endpoints, as AAD apps in their own right).
    Sigh. MSDN editorial culture strikes yet again.

    hi Peter,
    Thanks for your feedback!
    I will try to reproduce this issue on my side and report it. Thanks for your time and appreciate your patience.
    Any results, I will post back ASAP.
    Regards,
    Will
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Failover Cluster networking issue

    Normally when configuring a SQL cluster you put the communication to the shared storage (usually a SAN) on a separate network, and so your config looks something like this (long live ms paint!):
    So in this example the 192.168.100.0/28 subnet is used for cluster inter-communication (heartbeat) and for access to the shared storage. Access to the shared storage is kept completely isolated from the corporate network and everyone's happy.
    On the corporate network side the cluster registers itself onto DNS on the 10.0.0.0/24 subnet and clients can resolver the cluster name and connect to it.
    My configuration is slightly different though and I am having some problems with the networking side.
    In my configuration my shared storage is a file server cluster with two nodes. So the "clients" of the file server cluster are the SQL servers themselves. As such, the network configuration should, as I see it, be something like this:
    In this setup the SQL servers would still connect to the shared storage on a separate subnet, as per best practices, therefore keeping the cluster traffic separate from the corporate subnet.
    However, for this to work the file server cluster IP address needs to be on the 192.168.100.0/28 subnet, and still be able to register on the DNS server on 10.0.0.0/24 subnet. Now this already involves setting up a lot more things than you would normally
    on the cluster NICs, it is no longer just an IP address and a subnet mask, now you need a DNS server and a gateway, as well as ensuring that the DNS server is contactable from clients on the 192.168.100.0/28 subnet, meaning complete isolation is gone.
    I can't find any best practices on how to get this done, and I don't think that the solution is to put this on a the cluster communication on the corporate network, nor to create a DNS server on the 192.168.100.0/28 subnet, so does someone have any ideas
    how to get this done or how to improve the design of the setup?

    Hi cogumel0,
    In your case personal advice is you can add the additional NICs on SOFS computers and SQL cluster then make all this NIC at a same separate subnet such as 192.168.101.0/24,
    disable the default settings with new added NICs: DNS register AND NetBios over TCPIP, then create a static DNS A record point to the new added NICs IP address.
    Since the SQL on SMB storage only support the UNC path, we need create a another CAP On SOFS cluster (192.168.101.0/24 subnet CAP), after that we can create a static DNS A record
    for this CAP and configure the SQL cluster access this CAP only.
    The related information:
    Install SQL Server with SMB Fileshare as a Storage Option
    https://msdn.microsoft.com/en-us/library/hh759341.aspx?f=255&MSPPError=-2147217396
    Using Multiple Client Access Points (CAP) in a Windows Server 2008 (R2) Failover Cluster
    http://blogs.technet.com/b/askcore/archive/2010/08/24/using-multiple-client-access-points-cap-in-a-windows-server-2008-r2-failover-cluster.aspx
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Purchase Register Report issue

    Hi,
    I am working Purchase Register report.
    In this, we have a PO with 10 Quantity.  But at the time of MIGO we receive 5 qty out of 10.
    Now how can we pick the amount according to 5 qty received from MIGO because we want show MIGO condition in our report not from PO.
    What should be the table link for this...
    Plz guide..

    As per ur reference: -
    In PO, Condition are like--- PO Qty is 10
    Basic Amount..........1000
    taxes.........................100
    Freight.........................50
    Other...........................20
    and we have receive only 5 qty out of them, means all the condition amount will be 50%. like...
    Basic Amount..........500
    taxes.........................50
    Freight.......................25
    Other.........................10
    all condition will be calculate according to qty 5 not for 10 as showing in PO..
    I want to pick these condition. (according to 5 qty.)..
    Now suggest...

  • Web Service Security Username Token Issue

    Hi,
    I am trying to implement WS-Security (Username Token) on web services deployed on Weblogic Server 8.1 (sp4). The deployment works fine but whenever I try to invoke the service using auto generated client stub (created using clientgen) or weblogic server console (service test page) , I get the following error:
    <Nov 8, 2006 12:01:46 PM GMT+05:30> <Info> <WebService> <BEA-220024> <Handler weblogic.webservice.core.handler.WSSEClientHandler threw an exception from its handleRequest method. The exception was:
    java.lang.AssertionError: Bad password type: wsse:PasswordText.>
    Failed to create web service client:java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace)
    Detail:
    <detail>
    <bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">java.lang.AssertionError: Bad password type: wsse:PasswordText
    at weblogic.xml.security.wsse.v200207.UsernameTokenImpl.<init>(UsernameTokenImpl.java:64)
    at weblogic.xml.security.wsse.v200207.SecurityElementFactoryImpl.createToken(SecurityElementFactoryImpl.java:59)
    at weblogic.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:300)
    at weblogic.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:100)
    at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
    at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
    at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
    at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
    at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
    at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303)
    at com.cts.sipservices.implementation.client.MrmPartyServiceImplementationPort_Stub.getParty(MrmPartyServiceImplementationPort_Stub.java:46)
    at com.cts.sipservicesclient.client.SecureClient.<init>(SecureClient.java:76)
    at com.cts.sipservicesclient.client.SecureClient.main(SecureClient.java:38)
    </bea_fault:stacktrace>
    </detail>; nested exception is:
    javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace)
    This is the ‘security’ tag of my ‘web-services.xml’:
    <security>
    <spec:SecuritySpec xmlns:spec="http://www.openuri.org/2002/11/wsse/spec"
    Namespace="http://schemas.xmlsoap.org/ws/2002/07/secext"
    Id="default-spec">
    <spec:UsernameTokenSpec xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
    PasswordType="wsse:PasswordText">
    </spec:UsernameTokenSpec>
    </spec:SecuritySpec>
    </security>
    Thanks

    Apply these debug flags, to get some more debug information from WSSE server side processing following debug flags are helpful:
    -Dweblogic.webservice.security.debug=true
    -Dweblogic.webservice.security.verbose=true

  • RG1 Register updation issue

    Dear All,
    We are having one series group per plant for all sales scenario ,
    This we did to maintain plant wise single number range series for all sales scenarios,
    now the issue is how we can separate them while updation of RG1,
    e.g. Domestic Sales, Export Sales, Rebate Export, Deemed Export.
    Even though excise invoice type is also maintain properly in J1IIN,
    for example: while updating of RG1 in J1I5 with classification IDH all entries is coming for updation including domestic sales, exort sales, deemed export etc,
    Sai

    Hi,
    See First of all RG1 extraction is for material but not for sales area or plant
    Any way since you are telling through series group or excise group
    mention that excise group plant and classification and extract RG1
    Since it is respective to material we can extract it for all materials only.
    Regards
    Kiran

  • LAN-based Failover & intermittent drop issues

    Have 2 PIX535s each at remote sites configured for LAN-based failover. There is a VLAN("abc")designed for failover, but in that same VLAN are servers.
    My setup is as follows:
    PIX535 connects to a DMZ switch using 4 connections: the Inside intf & 3 other intfs.
    On that same DMZ switch connects my core switch on the inside network. The core switch is the Root Bridge for the said VLAN ("abc"). It trunks this VLAN, along with others, to the DMZ switch.
    On that same DMZ switch are a number of servers that are in this vlan ("abc").
    When I configure one of the PIX interfaces to be in this same VLAN and be used for LAN-based failover I get intermittently lose of connectivity to different servers at different times. Its never any one particular server.
    When I use another PIX interface, still connecting to this same DMZ switch, but in another VLAN ("xyz"), for LAN-based failover, I dont get any problems.
    This other PIX interface is also being used for State failover. The idea is to have two separate interfaces, one each for LAN-based & State failover.
    What could be the possible cause of this intermittent loss of connectivity to the servers in VLAN "abc" when I switch LAN-based failover to the PIX interface that connects to a VLAN "abc" port on the DMZ switch.

    Following link may help you
    http://www.cisco.com/warp/public/110/failover.html#lanbasedfailover

  • WS-Security Username Token issue with soap receiver

    Hi All,
    I have Proxy to SOAP scenario. Receiver web service is expecting below message in the soap header for authentication purpose.
    <soapenv:Header>
          <wsse:Security>
    <wsse:UsernameToken>
    <wsse:Username>username</wsse:Username>
    <wsse:Password Type="PasswordText">Password< wsse:Password>
    </wsse:UsernameToken>
          </wsse:Security>
       </soapenv:Header>
    User will trigger the message from ECC using some transaction. I need to pass this triggering person’s username and password to soap header dynamically. There are more than 2000 users in the system.
    How can I retrieve this username and password and bind it to <wsse:Security> node?
    Is it possible to achieve?
    Please note: User’s details will not come in the message payload. I cannot user look up here.
    Regards,
    Muni

    Asked web service team to use one service account for authentication. Used this blog How to Configure AXIS Framework for Authentication Using the "wsse" Security Standard in SAP PI to configure axis framework. Now we are able to send message to web service.
    Regards,
    Muni.

  • IPCC Failover issue

    I have 2 IPCC 7.x server configured for failover. The issue is when I am logged into my agent and my primary server failsover to backup server, my agent looses connection/goes offline and reconnects in not ready after 15 seconds. The same applies if I failback from my secondary to primary server.
    Is this a normal behaviour ? Is there a document on cisco that describes the same issue. Please let me know.
    Thanks

    Not sure with IPCC Enterprise, but IPCC Express (or UCCX nowadays) the behavior you are reporting is expected.  From the design guide:
    Automatic Failover. Upon failure of the active Cisco Unified CCX server, CAD will automatically re-login agents on the standby server, and the agent will be placed into a Not Ready state. Upon failure of the active Cisco Unified CCX server, active calls on agents phones will survive. However, the call duration and other information that is associated with the call in the historical reporting database may be affected. Historical reports generated for time periods in which a failover occurred will have missing or incorrect data. It will be called out in the report that a failover occurred.
    http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_7_0/design/guide/uccx70srnd.pdf  (page 25 of the pdf)
    It should also be noted that with UCCX, failback to the primary node (when it comes back on line) isn't automatic.  Mainly because the failback will exhibit the same behavior (along with an approximate 5 second hit on ACD/IVR functionality).  So, the failback should be manual - in my experience anyway.
    HTH.
    Regards,
    Bill
    Please remember to rate helpful posts.

  • Match user name (login name) and token

    Hi,
    I have setup the VDI 3.1 POC evaluation using VMware. It is all working great.
    I had 2 other requirements put forth by management:
    1) The Windows desktops had to lock the screen when a user removed his/her smart card
    2) The card and the user had to be the same. IE. Joe shouldn't be able to use Tom's card to login as Joe.
    I fixed issue 1 by using the SRWC Lockscreen addon for SRSS found here: http://wiki.sun-rays.org/index.php/How_To_Section#Sun_Ray_Connector_Lockscreen
    However, I cannot seem to fix item 2.
    It would seem that this functionality is/should be already builtin. I specified only registered tokens can attach and I registered the appropriate tokens. Then in the VDI Web interface, I specified that Token 1 belongs to Tom and Token 2 belongs to Joe.
    However, if I stick in Token 2 card, the login name comes up as Joe (good), but I can change the name to Tom and then login as Tom.
    Management doesn't want users who have lost their card to borrow someone else's to get in - they need to report the card lost/stolen and get a new one. This makes sense. However, the system doesn't seem to have any restrictions on this.
    What is the point of registering a specific token against a specific user without any enforcement? Seems like the system is broken. It really only functions as a suggestion of what user they should login as.
    Is there some way to correct this or implement this functionality?
    Thanks,
    Jim Nickel
    Jim

    If you really want to change the behavior of the login dialog, then I am afraid that can not be done without some code changes.
    What you could do as an alternative is to assign the desktops directly to the token(s), instead of assigning them to the user. Thus demonstrating that Joe/Tom can not access their desktops without having the right smart card. I know that this is not exactly what you want, but maybe that is sufficient for your demo.
    So to be precise here:
    1. The smart card of Joe (token A) should be assigned to desktop A (or alternatively to desktop pool A) using the Sun VDI admin UI.
    2. The smart card of Tom (token B) should be assigned to desktop B (or alternatively to desktop pool B).
    3. In addition you should configure these desktops that desktop A has only an account for Joe, and desktop B has only an account for Tom.
    If Tom uses the smart card of Joe (token A), he can still login into VDI but then he will not be able to access desktop B - instead he will be offered desktop A. However, the automatic login into the desktop's Windows OS will then not work, because the desktop does not have an account for Tom.
    As stated, not exactly what you want, but just to present an alternative here.
    - Klaus

Maybe you are looking for