GNS (Grid Naming Service) Real World configuration
I am looking for some information on setting up of the GNS. It would be really good to see the actual configuration that someone has used in configuring this in a larger corporation, rather than the over simplified examples that appear in the Oracle DOCO and elsewhere.
The questions I would like to see answered are:
Has anyone set this up in their network?
Do you have more than one Cluster? (eg Pre-Prod/Prod)
If so have you created seperate sub-domains?
Do you have pre 11gR2 clients connecting to your Database?
If so how are these configured to connect to the databases?
Are you using OID or some other SQL*Net name resolution?
If so, how have you configured these?
I would really like to see actual DNS entries is possible.
Peter.
Abuse reported.
Similar Messages
-
Difference bewteen Single Client Access Name (SCAN) & Grid Naming Service
Hi ,
Whats the difference bewteen Single Client Access Name (SCAN) & Grid Naming Service in 11g RAC R2?
Regards,
StephenHi Stephen,
There is a very good document about it (http://www.oracle.com/technetwork/products/clustering/overview/scan-129069.pdf).
Best regards,
Gennady -
Hi....sort of a cryptic subject, but here's what I'm trying to do:
What is the easy way (not too much thinking) to use a grid that will help me with the size and placement of two objects?
Let's say I have a image taken with a digital camera of an interior house wall. The real size of the wall is 19' x 12'. My plan is to size and print this "wall" image onto an 8 x 11.5 paper. But before printing, I want to paste into the "wall" image two rectangles that are 24" x 36"-----intended to be pictures hanging on the wall.
The confusion I have is how to make the relationship in real size (inches and feet) work for the size, placement, and printing. For all objects and all with a grid that would also represent a scale like 1"=1'.
Any ideas? Hoping to hear from you.
MikeHi Mike,
Get out your calculator, :-)
You should have the wall width dimension (19') as the images longer
dimension (landscape).
You may need to Crop the image to fit the wall width and hight to get
the proper dimensions. You can use "Image" > "transform" > "Perspective"
to square the wall on the image.
Divide the wall pixel dimension by the real world dimension in feet.
The answer is what you want to set the "Gridline every [answer] pixels"
dimension to. If you set the "Subdivisions [12] you will have a line
every inch.
HTH,
Alex B., -
What's the exact use of GNS(Grid Naming Server) ???
Hi,
I have doubt that what's the use of GNS ? What's the logic behind GNS ? Can we use DNS in stead of GNS ( I assume that probably we can use DNS in place of GNS as GNS is sub domain of DNS ). The last question : Can we use GPNP without GNS ?
Regards,
Dheeraj VaishIt means that GNS is sub-domain of DNS and DNS delegates the request to GNS. Now As per me :
1. We can directly use DNS (if we don't want to use GPnP and only want to use SCAN using DHCP and DNS), what would be drawback (cons) in this method for not using GNS .
2. We can not use GPnP withous setting us GNS (Please correct me if I am wrong). So DHCP, DNS,GNS all are mandatory for GPnP .
Kindly suggest.
Regards,
Dheeraj vaish -
New Enterprise Manager Book on Advanced EM Techniques for the Real World
Dear Friends,
I am pleased to say my first EM book can be ordered now.
Oracle Enterprise Manager Grid Control: Advanced Techniques for the Real World
[http://www.rampant-books.com/book_1001_advanced_techniques_oem_grid_control.htm]
Please let your colleagues and friends and clients know – it is the first book in the world to include EM 11g Grid Control. It is a great way for people to understand the capabilities of EM.
Oracle’s Enterprise Manager Grid Control is recognized as the IT Industry’s leading Oracle database administration and management tool. It is unrivalled in its ability to monitor, manage, maintain and report on entire enterprise grids that comprise hundreds (if not thousands) of Oracle databases and servers following an approach that is consistent and repeatable.
However, Enterprise Manager Grid Control may seem daunting even to the most advanced Oracle Administrator. The problem is you know about the power of Enterprise Manager but how do you unleash that power amongst what initially appears to be a maze of GUI-based screens that feature a myriad of links to reports and management tasks that in turn lead you to even more reports and management tasks?
This book shows you how to unleash that power.
Based on the Author’s considerable and practical Oracle database and Enterprise Manager Grid Control experience you will learn through illustrated examples how to create and schedule RMAN backups, generate Data Guard Standbys, clone databases and Oracle Homes and patch databases across hundreds and thousands of databases. You will learn how you can unlock the power of the Enterprise Manager Grid Control Packs, PlugIns and Connectors to simplify your database administration across your company’s database network, as also the management and monitoring of important Service Level Agreements (SLAs), and the nuances of all important real-time change control using Enterprise Manager.
There are other books on the market that describe how to install and configure Enterprise Manager but until now they haven’t explained using a simple and illustrated approach how to get the most out of your Enterprise Manager. This book does just that.
Covers the NEW Enterprise Manager Grid Control 11g.
Regards,
Porus.Abuse reported.
-
Making Effective Use of the Hybrid Cloud: Real-World Examples
May 2015
Explore
The Buzz from Microsoft Ignite 2015
NetApp was in full force at the recent Microsoft Ignite show in Chicago, and it was clear that NetApp's approach to hybrid cloud and Data Fabric resonated with the crowd. NetApp solutions such as NetApp Private Storage for Cloud are solving real customer problems.
Hot topics at the NetApp booth included:
OnCommand® Shift. A revolutionary technology that allows you to move virtual machines back and forth between VMware and Hyper-V environments in minutes.
Azure Site Recovery to NetApp Private Storage. Replicate on-premises SAN-based applications to NPS for disaster recovery in the Azure cloud.
Check out the following blogs for more perspectives:
Microsoft Ignite Sparks More Innovation from NetApp
ASR Now Supports NetApp Private Storage for Microsoft Azure
Four Ways Disaster Recovery is Simplified with Storage Management Standards
Introducing OnCommand Shift
SHIFT VMs between Hypervisors
Infront Consulting + NetApp = Success
Richard Treadway
Senior Director of Cloud Marketing, NetApp
Tom Shields
Senior Manager, Cloud Service Provider Solution Marketing, NetApp
Enterprises are increasingly turning to cloud to drive agility and closely align IT resources to business needs. New or short-term projects and unexpected spikes in demand can be satisfied quickly and elastically with cloud resources, spurring more creativity and productivity while reducing the waste associated with over- or under-provisioning.
Figure 1) Cloud lets you closely align resources to demand.
Source: NetApp, 2015
While the benefits are attractive for many workloads, customer input suggests that even more can be achieved by moving beyond cloud silos and better managing data across cloud and on-premises infrastructure, with the ability to move data between clouds as needs and prices change. Hybrid cloud models are emerging where data can flow fluidly to the right location at the right time to optimize business outcomes while providing enhanced control and stewardship.
These models fall into two general categories based on data location. In the first, data moves as needed between on-premises data centers and the cloud. In the second, data is located strategically near, but not in, the cloud.
Let's look at what some customers are doing with hybrid cloud in the real world, their goals, and the outcomes.
Data in the Cloud
At NetApp, we see a variety of hybrid cloud deployments sharing data between on-premises data centers and the cloud, providing greater control and flexibility. These deployments utilize both cloud service providers (CSPs) and hyperscale public clouds such as Amazon Web Services (AWS).
Use Case 1: Partners with Verizon for Software as a Service Colocation and integrated Disaster Recovery in the Cloud
For financial services company BlackLine, availability, security, and compliance with financial standards is paramount. But with the company growing at 50% per year, and periodic throughput and capacity bursts of up to 20 times baseline, the company knew it couldn't sustain its business model with on-premises IT alone.
Stringent requirements often lead to innovation. BlackLine deployed its private cloud infrastructure at a Verizon colocation facility. The Verizon location gives them a data center that is purpose-built for security and compliance. It enables the company to retain full control over sensitive data while delivering the network speed and reliability it needs. The colocation facility gives Blackline access to Verizon cloud services with maximum bandwidth and minimum latency. The company currently uses Verizon Cloud for disaster recovery and backup. Verizon cloud services are built on NetApp® technology, so they work seamlessly with BlackLine's existing NetApp storage.
To learn more about BlackLine's hybrid cloud deployment, read the executive summary and technical case study, or watch this customer video.
Use Case 2: Private, Nonprofit University Eliminates Tape with Cloud Integrated Storage
A private university was just beginning its cloud initiative and wanted to eliminate tape—and offsite tape storage. The university had been using Data Domain as a backup target in its environment, but capacity and expense had become a significant issue, and it didn't provide a backup-to-cloud option.
The director of Backup turned to a NetApp SteelStore cloud-integrated storage appliance to address the university's needs. A proof of concept showed that SteelStore™ was perfect. The on-site appliance has built-in disk capacity to store the most recent backups so that the majority of restores still happen locally. Data is also replicated to AWS, providing cheap and deep storage for long-term retention. SteelStore features deduplication, compression, and encryption, so it efficiently uses both storage capacity (both in the appliance and in the cloud) and network bandwidth. Encryption keys are managed on-premises, ensuring that data in the cloud is secure.
The university is already adding a second SteelStore appliance to support another location, and—recognizing which way the wind is blowing—the director of Backup has become the director of Backup and Cloud.
Use Case 3: Consumer Finance Company Chooses Cloud ONTAP to Move Data Back On-Premises
A leading provider of online payment services needed a way to move data generated by customer applications running in AWS to its on-premises data warehouse. NetApp Cloud ONTAP® running in AWS proved to be the least expensive way to accomplish this.
Cloud ONTAP provides the full suite of NetApp enterprise data management tools for use with Amazon Elastic Block Storage, including storage efficiency, replication, and integrated data protection. Cloud ONTAP makes it simple to efficiently replicate the data from AWS to NetApp FAS storage in the company's own data centers. The company can now use existing extract, transform and load (ETL) tools for its data warehouse and run analytics on data generated in AWS.
Regular replication not only facilitates analytics, it also ensures that a copy of important data is stored on-premises, protecting data from possible cloud outages. Read the success story to learn more.
Data Near the Cloud
For many organizations, deploying data near the hyperscale public cloud is a great choice because they can retain physical control of their data while taking advantage of elastic cloud compute resources on an as-needed basis. This hybrid cloud architecture can deliver better IOPS performance than native public cloud storage services, enterprise-class data management, and flexible access to multiple public cloud providers without moving data. Read the recent white paper from the Enterprise Strategy Group, “NetApp Multi-cloud Private Storage: Take Charge of Your Cloud Data,” to learn more about this approach.
Use Case 1: Municipality Opts for Hybrid Cloud with NetApp Private Storage for AWS
The IT budgets of many local governments are stretched tight, making it difficult to keep up with the growing expectations of citizens. One small municipality found itself in this exact situation, with aging infrastructure and a data center that not only was nearing capacity, but was also located in a flood plain.
Rather than continue to invest in its own data center infrastructure, the municipality chose a hybrid cloud using NetApp Private Storage (NPS) for AWS. Because NPS stores personal, identifiable information and data that's subject to strict privacy laws, the municipality needed to retain control of its data. NPS does just that, while opening the door to better citizen services, improving availability and data protection, and saving $250,000 in taxpayer dollars. Read the success story to find out more.
Use Case 2: IT Consulting Firm Expands Business Model with NetApp Private Storage for Azure
A Japanese IT consulting firm specializing in SAP recognized the hybrid cloud as a way to expand its service offerings and grow revenue. By choosing NetApp Private Storage for Microsoft Azure, the firm can now offer a cloud service with greater flexibility and control over data versus services that store data in the cloud.
The new service is being rolled out first to support the development work of the firm's internal systems integration engineering teams, and will later provide SAP development and testing, and disaster recovery services for mid-market customers in financial services, retail, and pharmaceutical industries.
Use Case 3: Financial Services Leader Partners with NetApp for Major Cloud Initiative
In the heavily regulated financial services industry, the journey to cloud must be orchestrated to address security, data privacy, and compliance. A leading Australian company recognized that cloud would enable new business opportunities and convert capital expenditures to monthly operating costs. However, with nine million customers, the company must know exactly where its data is stored. Using native cloud storage is not an option for certain data, and regulations require that the company maintain a tertiary copy of data and retain the ability to restore data under any circumstances. The company also needed to vacate one of its disaster-recovery data centers by the end of 2014.
To address these requirements, the company opted for NetApp Private Storage for Cloud. The firm placed NetApp storage systems in two separate locations: an Equinix cloud access facility and a Global Switch colocation facility both located in Sydney. This satisfies the requirement for three copies of critical data and allows them to take advantage of AWS EC2 compute instances as needed, with the option to use Microsoft Azure or IBM SoftLayer as an alternative to AWS without migrating data. For performance, the company extended its corporate network to the two facilities.
The firm vacated the data center on schedule, a multimillion-dollar cost avoidance. Cloud services are being rolled out in three phases. In the first phase, NPS will provide disaster recovery for the company's 12,000 virtual desktops. In phase two, NPS will provide disaster recover for enterprise-wide applications. In the final phase, the company will move all enterprise applications to NPS and AWS. NPS gives the company a proven methodology for moving production workloads to the cloud, enabling it to offer new services faster. Because the on-premises storage is the same as the cloud storage, making application architecture changes will also be faster and easier than it would be with other options. Read the success story to learn more.
NetApp on NetApp: nCloud
When NetApp IT needed to provide cloud services to its internal customers, the team naturally turned to NetApp hybrid cloud solutions, with a Data Fabric joining the pieces. The result is nCloud, a self-service portal that gives NetApp employees fast access to hybrid cloud resources. nCloud is architected using NetApp Private Storage for AWS, FlexPod®, clustered Data ONTAP and other NetApp technologies. NetApp IT has documented details of its efforts to help other companies on the path to hybrid cloud. Check out the following links to lean more:
Hybrid Cloud: Changing How We Deliver IT Services [blog and video]
NetApp IT Approach to NetApp Private Storage and Amazon Web Services in Enterprise IT Environment [white paper]
NetApp Reaches New Heights with Cloud [infographic]
Cloud Decision Framework [slideshare]
Hybrid Cloud Decision Framework [infographic]
See other NetApp on NetApp resources.
Data Fabric: NetApp Services for Hybrid Cloud
As the examples in this article demonstrate, NetApp is developing solutions to help organizations of all sizes move beyond cloud silos and unlock the power of hybrid cloud. A Data Fabric enabled by NetApp helps you more easily move and manage data in and near the cloud; it's the common thread that makes the uses cases in this article possible. Read Realize the Full Potential of Cloud with the Data Fabric to learn more about the Data Fabric and the NetApp technologies that make it possible.
Richard Treadway is responsible for NetApp Hybrid Cloud solutions including SteelStore, Cloud ONTAP, NetApp Private Storage, StorageGRID Webscale, and OnCommand Insight. He has held executive roles in marketing and engineering at KnowNow, AvantGo, and BEA Systems, where he led efforts in developing the BEA WebLogic Portal.
Tom Shields leads the Cloud Service Provider Solution Marketing group at NetApp, working with alliance partners and open source communities to design integrated solution stacks for CSPs. Tom designed and launched the marketing elements of the storage industry's first Cloud Service Provider Partner Program—growing it to 275 partners with a portfolio of more than 400 NetApp-based services.
Quick Links
Tech OnTap Community
Archive
PDFDave:
"David Scarani" <[email protected]> wrote in message
news:3ecfc046$[email protected]..
>
I was looking for some real world "Best Practices" of deploying J2EEapplications
into a Production Weblogic Environment.
We are new at deploying applications to J2EE application servers and arecurrently
debating 2 methods.
1) Store all configuration (application as well as Domain configuration)in properties
files and Use Ant to rebuild the domain everytime the application isdeployed.
I am just a WLS engineer, not a customer, so my opinions have in some
regards little relative weight. However I think you'll get more mileage out
of the fact that once you have created your config.xml, checking it into src
control, versioning it. I would imagine that application changes are more
frequent than server/domain configuration so it seems a little heavy weight
to regenerate the entire configuration everytime an application is
deployed/redeployed. Either way you should check out the wlconfig ant task.
Cheers
mbg
2) Have a production domain built one time, configured as required andalways
up and available, then use Ant to deploy only the J2EE application intothe existing,
running production domain.
I would be interested in hearing how people are doing this in theirproduction
environments and any pros and cons of one way over the other.
Thanks.
Dave Scarani -
Oracle Service Bus - Large Configuration Space Best Practices
Does anyone have any best practices for handling large configurations in Oracle Service Bus (formerly ALSB)? We are going to have hundreds of HTTP services defined. Any best practices for handling proxy service granularity, cross cutting areas and componentization to help us create a high level of quality and consistency?
ThanksWe are going to face the similar situation soon. Any real world experience would be great.
-
Issue while starting Named service
HI All,
I an in process of upgrading cluster from 1.2.0.5 to 11gr2.My OS is Redhat linux 5.3 For the same i am trying to configure DNS and scan .As i dont' have much idea about network so
I followed the link for configuring DNS Oracle 11gR2 2-node RAC on VMWare Workstation 8 – Part VII | The Gruff DBA . As per link i installed below rpms
[root@nod1 log]# rpm -qa bind*
bind-libs-9.3.4-10.P1.el5
bind-utils-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
bind-9.3.4-10.P1.el5
[root@nod1 log]#
root@nod1 log]# rpm -qa cach*
caching-nameserver-9.3.4-10.P1.el5
[root@nod2 named]# more /etc/named.conf---> Named.conf file from nod2
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forwarders { 192.168.1.1; };
include "/etc/rndc.key";
zone "mydomain" IN {
type master;
file "mydomain.zone";
allow-update { none; };
[root@nod1 named]# pwd
/var/named
[root@nod1 named]# more mydomain.zone
$TTL 86400
@ IN SOA mydomain. mydomain.(
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
nod1. IN NS 192.168.56.2
localhost IN A 127.0.0.1
nod2.mydomain IN A 192.168.56.5
nod1.mydomain IN A 192.168.56.2
nod2-vip.mydoamin. IN A 192.168.56.7
nod1-vip.mydoamin.. IN A 192.168.56.4
underworld-scan.mydomain. IN A 192.168.56.20
underworld-scan.mydomain. IN A 192.168.56.21
[root@nod2 named]# more /etc/resolv.conf
nameserver 192.168.56.5 # nod2 DNS server
nameserver 192.168.56.2 # nod1 DNS server
nameserver 192.168.1.1 # Primary DNS in the domain
search mydomain # Local Domain
But i am hitting issue when i am starting named service:
[root@nod1 log]# service named start
Starting named:
Error in named configuration:
zone mydomain/IN: loading master file mydomain.zone: file not found
_default/mydomain/IN: file not found
[FAILED]
[root@nod1 log]# Can anyone please help me out .. as its really hitting me badly . Thanks in advanceHi
To configure the SCAN , this SCAN IP should be resolve through DNS or /etc/hosts file .Please follow the below link to configure the DNS.
If you face any problem , then please let me know .
shivenracdba: configure DNS for Installtion of Oracle Grid Infrastructure RAC cluster
warm regards
Shivendra Narain Nirala -
Naming Services cannot work well!!!
Hi,
I have configured the AM2005Q4 and Policy agent with apache, apache http.conf file is like
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /hzycportal http://exchange.hzliqun.com:8013/hzycportal
ProxyPassReverse /hzycportal http://exchange.hzliqun.com:8013/hzycportal
When I type http://exchange.hzliqun.com:8080/hzycportal in IE, and type the user/password, but it cannot reach at the application system. The agent debug log is like
2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: HTTP Status = 200 (OK)
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Http::Response::readAndParse(): Reading headers.
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Server: Sun-Java-System-Web-Server/6.1
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Date: Mon, 21 Nov 2005 02:22:18 GMT
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Content-type: text/html
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Connection: close
2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: Http::Response::readAndParse(): No content length in response.
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 all: Connection::waitForReply(): returns with status success.
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Http::Response::readAndParse(): Completed processing the response with status: success
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ResponseSet vers="1.0" svcid="com.iplanet.am.naming" reqid="2922">
<Response><![CDATA[<NamingResponse vers="1.0" reqid="2916">
<GetNamingProfile>
<Exception>SessionID ---AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23---is Invalid</Exception>
</GetNamingProfile>
</NamingResponse>]]></Response>
</ResponseSet>
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: NamingService()::parseNamingResponse(): Buffer to be parsed: <NamingResponse vers="1.0" reqid="2916">
<GetNamingProfile>
<Exception>SessionID ---AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23---is Invalid</Exception>
</GetNamingProfile>
</NamingResponse>
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: NamingService::parseNamingResponse(): Got Exception in XML.
2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: NamingService::parseNamingResponse() returning with status invalid session.
2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: NamingService()::getProfile() returning with error code invalid session.
2005-11-21 10:23:07.578 Info 460:82f3d8 PolicyEngine: am_policy_evaluate: InternalException in Service::update_policy with error message:Naming query failed. and code:18
2005-11-21 10:23:07.578 Warning 460:82f3d8 PolicyAgent: am_web_is_access_allowed()(http://exchange.hzliqun.com:8080/hzycportal, GET) denying access: status = invalid session
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://exchange.hzliqun.com:8080/hzycportal.
2005-11-21 10:23:07.578 Info 460:82f3d8 PolicyAgent: am_web_is_access_allowed()(http://exchange.hzliqun.com:8080/hzycportal, GET) returning status: invalid session.
2005-11-21 10:23:07.578 Info 460:82f3d8 PolicyAgent: process_request(): Access check for URL http://exchange.hzliqun.com:8080/hzycportal returned invalid session.
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 PolicyAgent: am_web_get_url_to_redirect(): goto URL is http://exchange.hzliqun.com:8080/hzycportal
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_get_url_to_redirect: Before invoking find_active_login_server()
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: is_server_alive(): Connection timeout set to 2
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_get_url_to_redirect: After invoking find_active_login_server()
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: process_access_redirect(): get redirect url returned AM_SUCCESS, redirect url [http://sunam1.hzliqun.com:80/amserver/UI/Login?goto=http%3A%2F%2Fexchange.hzliqun.com%3A8080%2Fhzycportal].
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: process_access_redirect(): returning web result AM_WEB_RESULT_REDIRECT.
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_REDIRECT, data [http://sunam1.hzliqun.com:80/amserver/UI/Login?goto=http%3A%2F%2Fexchange.hzliqun.com%3A8080%2Fhzycportal]
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_REDIRECT
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: get_request_url(): Host: exchange.hzliqun.com:8080
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: get_request_url(): Port is 8080.
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: get_request_url(): Returning request URL http://exchange.hzliqun.com:8080/hzycportal.
2005-11-21 10:23:07.593 Warning 460:82f3d8 PolicyAgent: get_method_num(): Apache request method number did not match method string. Setting method number to match method string GET.
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: am_web_is_notification(), http://exchange.hzliqun.com:8080/hzycportal is not notification url http://exchange.hzliqun.com:8080/amagent/UpdateAgentCacheServlet?shortcircuit=false.
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: find_cookie(): cookie found: header [JSESSIONID=D835480D9BBF3902D562A596CC05E953; iPlanetDirectoryPro=AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%253D%2540AAJTSQACMDE%253D%2523] name [iPlanetDirectoryPro=AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%253D%2540AAJTSQACMDE%253D%2523] val [AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%253D%2540AAJTSQACMDE%253D%2523] val_len [78] next_cookie [NULL]
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: am_web_is_access_allowed(): processing url http://exchange.hzliqun.com:8080/hzycportal.
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: FqdnHandler::isValidFqdnResource() Resource => http://exchange.hzliqun.com:8080/hzycportal, is valid => true
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: am_web_is_access_allowed(): client_ip 10.44.202.218 not found in client ip not enforced list
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 AM_POLICY_SERVICE_NAME: am_policy_compare_urls(): compare usePatterns=true returned 3
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: in_not_enforced_list: enforcing access control for http://exchange.hzliqun.com:8080/hzycportal
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: set_host_ip_in_env_map: map_insert: client_ip=10.44.202.218
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 ServiceEngine: Executing update_policy(AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23, http://exchange.hzliqun.com:8080/hzycportal, GET, 2)
2005-11-21 10:23:07.593 Debug 460:82f3d8 all: cookieList is not empty
2005-11-21 10:23:07.593 Debug 460:82f3d8 all: Exit from buildCookieHeader
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="2923">
<Request><![CDATA[
<NamingRequest vers="1.0" reqid="2917" sessid="AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23">
<GetNamingProfile>
</GetNamingProfile>
</NamingRequest>]]>
</Request>
</RequestSet>
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: BaseService::sendRequest Request line: POST /amserver/namingservice HTTP/1.0
2005-11-21 10:23:07.593 Debug 460:82f3d8 NamingService: BaseService::sendRequest Cookie and Headers =Host: sunam1.hzliqun.com
2005-11-21 10:23:07.593 Debug 460:82f3d8 NamingService: BaseService::sendRequest Content-Length =Content-Length: 346
2005-11-21 10:23:07.593 Debug 460:82f3d8 NamingService: BaseService::sendRequest Header Suffix =Accept: text/xml
Content-Type: text/xml; charset=UTF-8
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: BaseService::sendRequest(): Total chunks: 7.
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: BaseService::sendRequest(): Sent 7 chunks.
And it will recycle these processes. From the logs, it seems that cannot get correct namingservices. But the agent configuration is correct, and likes these
# $Id: AMAgent.properties,v 1.86.2.6 2005/10/25 18:14:11 dknab Exp $
# Copyright ?2002 Sun Microsystems, Inc. All rights reserved.
# U.S. Government Rights - Commercial software. Government users are
# subject to the Sun Microsystems, Inc. standard license agreement and
# applicable provisions of the FAR and its supplements. Use is subject to
# license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
# trademarks or registered trademarks of Sun Microsystems, Inc. in the
# U.S. and other countries.
# Copyright ?2002 Sun Microsystems, Inc. Tous droits r�serv�s.
# Droits du gouvernement am�ricain, utlisateurs gouvernmentaux - logiciel
# commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
# licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
# vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl�ments
# ?celles-ci.
# Distribu?par des licences qui en restreignent l'utilisation. Sun, Sun
# Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
# marques d�pos�es de Sun Microsystems, Inc. aux Etats-Unis et dans
# d'autres pays.
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Sun [TM] ONE Identity Server
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Sun [TM] ONE Identity Server will disable the SDK.
com.sun.am.cookieName = iPlanetDirectoryPro
# The URL for the Sun [TM] ONE Identity Server Naming service.
com.sun.am.namingURL = http://sunam1.hzliqun.com:80/amserver/namingservice http://sunim1.hzliqun.com:80/amserver/namingservice
# The URL of the login page on the Sun [TM] ONE Identity Server.
com.sun.am.policy.am.loginURL = http://sunam1.hzliqun.com:80/amserver/UI/Login http://sunim1.hzliqun.com:80/amserver/UI/Login
#com.sun.am.policy.am.loginURL = http://sunam1.hzliqun.com:80/amserver/gateway http://sunim1.hzliqun.com:80/amserver/gateway
# By default the agent checks if the Access Manager AUTH server is
# active before performing the login.
# This check can be ignored by setting the following property to true.
# In this case the first server indicated in the loginURL property will
# be selected, wether it is active or not.
com.sun.am.ignore_server_check = false
# Name of the file to use for logging messages.
com.sun.am.logFile = D:/Apache/sun/Identity_Server/Agents/2.1/debug/apache_8080/amAgent
# Name of the Sun [TM] ONE Identity Server log file to use for
# logging messages to Sun [TM] ONE Identity Server.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Sun [TM] ONE Identity Server.
com.sun.am.serverLogFile = amAuthLog.exchange.hzliqun.com.8080
# Set the logging level for the specified logging categories.
# The format of the values is
# <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
# 0 Disable logging from specified module*
# 1 Log error messages
# 2 Log warning and error messages
# 3 Log info, warning, and error messages
# 4 Log debug, info, warning, and error messages
# 5 Like level 4, but with even more debugging messages
# 128 log url access to log file on IS server.
# 256 log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.logLevels = all:5
# The org, username and password for Agent to login to IS.
#com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.username = amAdmin
com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslCertDir = D:/Apache/sun/Identity_Server/Agents/2.1/apache/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certDbPrefix =
# Should agent trust all server certificates when Sun [TM] ONE Identity Server
# is running SSL?
# Possible values are true or false.
com.sun.am.trustServerCerts = true
# Should the policy SDK use the Sun [TM] ONE Identity Server notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notificationEnabled = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notificationURL = http://exchange.hzliqun.com:8080/amagent/UpdateAgentCacheServlet?shortcircuit=false
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.urlComparison.caseIgnore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.cacheEntryLifeTime=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the identity server. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userIdParam=UserToken
# HTTP Header attributes mode
# String attribute mode to specify if additional policy response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional policy attributes will be introduced.
# HEADER - additional policy attributes will be introduced into HTTP header.
# COOKIE - additional policy attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.am.ldapattribute.mode=NONE
# The policy attributes to be added to the HTTP header. The specification is
# of the format ldap_attribute_name|http_header_name[,...]. ldap_attribute_name
# is the attribute in data store to be fetched and http_header_name
# is the name of the header to which the value needs to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.am.headerAttributes=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.ias_SLB_cookie_name = GX_jst
# indicate where a load balancer is used for Sun [TM] ONE Identity Server
# services.
# true | false
com.sun.am.loadBalancer_enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.version=2.1
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.logAccessType = LOG_DENY
# Agent prefix
com.sun.am.policy.agents.agenturiprefix = http://exchange.hzliqun.com:8080/amagent
# Locale setting.
com.sun.am.policy.agents.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.instanceName = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.do_sso_only = false
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.accessDeniedURL =
# This property allows the user to configure the URL Redirect parameter
# for different auth modules. By default this parameter is set to "goto"
com.sun.am.policy.agents.urlRedirectParam=goto
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.fqdnMap
com.sun.am.policy.agents.fqdnDefault = exchange.hzliqun.com
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.fqdnMap = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Identity Server policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdnMap = valid|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.fqdnMap =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Identity Server for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.cookie_reset_enabled=true
com.sun.am.policy.agents.cookie_reset_enabled=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Identity Server.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.cookie_reset_list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.cookie_reset_list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.cookieDomainList=.sun.com .iplanet.com
com.sun.am.policy.agents.cookieDomainList=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.unauthenticatedUser=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.anonRemoteUserEnabled=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
# com.sun.am.policy.agents.notenforcedList = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.reverse_the_meaning_of_notenforcedList = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.notenforced_client_IP_address_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.is_postdatapreserve_enabled = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.postcacheentrylifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.cdsso-enabled=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.cdcservletURL = http://sunam1.hzliqun.com:80/amserver/cdcservlet
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.client_ip_validation_enable = false
# Whether to decode the session cookie before sending it to IS.
# Set to true if the cookie value is URL encoded, false otherwise.
# For example, cookie values from browsers are URL encoded, and
# some containers always returns the cookie URL encoded.
com.sun.am.cookieEncoded = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.am.ldapattribute.cookiePrefix = HTTP_
com.sun.am.policy.am.ldapattribute.cookieMaxAge = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.logout.url=
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.logout.cookie_reset_list =
# Below property is reserved for future use. Please do not change the value.
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Identity Server.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetchFromRootResource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.getClientHostname = true
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.convertMbyteEnabled = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.overrideProtocol =
com.sun.am.policy.agents.overrideHost =
com.sun.am.policy.agents.overridePort =
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is tif you can add more details in your question, that'll be better.
in my case, i initially had pix515e with v6.1 on it, and cannot get a dialtone because my sip phone (ata186) is not registered on my proxy. but when i changed my pix to v6.2, it worked just fine. i didn't put any access-list though, as fixup does it for me already. -
Error getting the server-side naming service functionality
Hi all,
we are currently setting up the CTS+ activity based transport scenario. Everything seems to be working fine, however, we have to import each transport twice...
Before I go into detail in the error we get I will first describe our landscape. All the configuration we did was done in debate with SAP.
We use the SAP Solution manager (ehp1 SP 4) as the CTS+ server as recommended by SAP and have an NWDI system of which we only use the components DTR and CBS (since CMS is not used anymore in the activity based transport). We have defined three logical ports/RFCs. CTSCONFIG points to the NWDI system. CTSDEPLOY is running on the java stack of the solution manager and is only used for portal content (=epa) transports. CTSDEPLOY_DI is pointing to the NWDI system and is used for all NWDI (=dip) changes. The NWDI is running ehp1 SP3.
In STMS I defined all the non-abap systems (and configured them to use CTSDEPLOY_DI) and created the following transport route:
upload system (IMP) -> DEV -> ACC -> QAS -> PRD
I first attached the used dependencies in a transport request (SAP_BUILDT, EP_BUILDT, etc) these imported just fine. Then I did the SCA files which contain our custom code. I extracted these from the assemble step on our current NWDI system which will be removed as soon as we switch to the new CTS+ environment.
When we import the transport into the runtime systems then we see the DTR and CBS be filled sucesfully for this specific system. However, the transport request itself always fails with errorcode 12 and the error is:
Error during export service registration: Error getting the server-side naming service functionality during getInitialContext opera
tion. com.sap.engine.services.jndi.persistent.exceptions.NamingException: Error getting the server-side naming service functionality during getInitialContext operation.
Error in execution of Web services CTSDEPLOY_DI , exception is cx_cts_file_import_failed
File import canceled
When we then reimport the same transport it will go the second time fine. This is no problem during the setup but will not be workable when we go live ofcourse. Is there anyone who had this issue before as well and have a solution for it?
Kind Regards,
Nico van der Linden...Hello Nico,
I would need the java trace files to get more info on this issue, but you can start troubleshooting this error with these notes:
#1172252: CTS+, 'attach file': Troubleshooting Guide;
#1003674: Enhancement for non-ABAP systems in CTS;
#1155884: CTS+, configuration 'close coupling': Troubleshooting guide;
Pay special attention to parameter NON_ABAP_WBO_CLIENT, whether it's correctly set on your CTS+ system(s).
Note #1003674 is a must for any CTS+ systems to work properly, as well as having an updated version of the transport programs (tp and R3trans).
Lastly, note #1155884 goes through some JCoException exceptions that commonly take place during CTS+ transports. But again, you need to check the underlying trace files to find the root cause of your issue.
I hope this information helps.
Best regards,
Tomas Black -
PI Implementation Examples - Real World Scenarios
Hello friends,
In the near future, I'm going to give a presentation to our customers on SAP PI. To convince them to using this product, I need examples from the real world that are already implemented successfully.
I have made a basic search but still don't have enough material on the topic, I don't know where to look actually. Could you post any examples you have at hand? Thanks a lot.
Regards,
GökhanHi,
Please find here with you the links
SAP NetWeaver Exchange Infrastructure Business to Business and Industry Standards Support (2004)
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/90052f25-bc11-2a10-ad97-8f73c999068e
SAP Exchange Infrastructure 3.0: Simple Use Cases
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/20800429-d311-2a10-0da2-d1ee9f5ffd4f
Exchange Infrastructure - Integrating Heterogeneous Systems with Ease
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1ebea490-0201-0010-faad-a32dd753d009
SAP Network Blog: Re-Usable frame work in XI
/people/sravya.talanki2/blog/2006/01/10/re-usable-frame-work-in-xi
SAP NetWeaver in the Real World, Part 1 - Overview
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/20456b29-bb11-2a10-b481-d283a0fce2d7
SAP NetWeaver in the Real World, Part 3 - SAP Exchange Infrastructure
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/3172d290-0201-0010-2b80-c59c8292dcc9
SAP NetWeaver in the Real World, Part 3 - SAP Exchange Infrastructure
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/9ae9d490-0201-0010-108b-d20a71998852
SAP NetWeaver in the Real World, Part 4 - SAP Business Intelligence
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1f42d490-0201-0010-6d98-b18a00b57551
Real World Composites: Working With Enterprise Services
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d0988960-b1c1-2a10-18bd-dafad1412a10
Thanks
Swarup -
Access Manager 6 2005Q1 naming service behind load balancer
Access Manager is running on box A & box B using the Sun Web Server as its front end web server. Box A & B both have a complete install of Sun Web Server, Access Manager, and Directory Server. The Directory servers are set up to replicate changes between each other. Our Policy Agents are running on box C & box D under the Apache web servers.
Users will access applications on box C/D via https. The policy agents on box C/D should redirect the user to box A/B (via a load balancer VIP)for authentication. The redirect will be https. Once authenticated the user should be redirected back to box C/D.
All subsequent communications between the Agents on box C/D to AM on box A/B (via load balancer VIP) are http.
The load balancer VIP is setup in active/failover mode so all requests go to one server. We implemented it this way because our load balancers do not support SSL with cookies.
The data returned to the agent from a call to the naming service contains the host name of our AM hosts instead of the load balancer VIP. Subsequent calls from the agent to AM bypass the load balancer and go directly to one of the AM hosts.
We are looking to upgrade our load balancers to a version that supports cookies with ssl in order to take advantage of the second AM host.
How do we configure AM so the values returned by the naming service contain the load balancer VIP instead of the actual AM host names?Bernhard,
We have upgraded our Web PA to version 2.1-09. One of your previous replies stated the com.iplanet.am.naming.ignoreNamingservice property was not availalbe in the PA agent properties but only in the Java SKD. Indeed we do not see such a key in the new Web PA AMAgent.properties.
Can you please explain how to configure the AMAgent.properties and/or the Access Manager server (or properties) so that subsequent calls to the services (returned by the call to the naming service) get directed thru the load balancer? Below are the setting in our AMAgent and AMConfig properties files
AMAgent.properties
com.sun.am.namingURL = https://lb-mydomain.com:443/amserver/namingservice
com.sun.am.policy.am.loginURL = https://lb-mydomain.com:443/amserver/UI/Login
AMConfig.properties
com.iplanet.am.server.protocol=https
com.iplanet.am.server.host=am.mydomain.com
com.iplanet.am.server.port=443
com.iplanet.am.console.protocol=https
com.iplanet.am.console.host=lb-mydomain.com
com.iplanet.am.console.port=443
com.iplanet.am.profile.host=lb-mydomain.com
com.iplanet.am.profile.port=443
com.iplanet.am.naming.url=https://lb-mydomain.com:443/amserver/namingservice
com.iplanet.am.notification.url=https://lb-mydomain.com:443/amserver/notifica
tionservice
If we set com.iplanet.am.server.host=lb-mydomain.com we get an exception when trying to start the AM web container. I don't know if this may be partof our issue or not. Please comment.
Thanks,
Craig -
Real World Item Level Permission Performance?
I am considering implementing item level permission on a list we use. I've seen all the articles online cautioning not to do this with lists of more than 1000 items, but the articles seem to have little detailed information about the actual impact and what
causes the performance issues. Additionally, they seem to refer to document libraries more than lists. I'd like some feedback about what might occur if we were to use item level security in our situation.
Our situation is this: list of current ~700 items in a sharepoint list. Expected to grow around 700 items per year. The list has about 75 fields on it. We have 8 active-directory groups that have access to the list, based upon company department. Each
item in the list can apply to one or more departments. The groups represent around 100-150 different unique users.
We would like to use item level security to be set via workflow, to enable particular groups to access the item based upon their group membership. For example, if the list item is for the HR department, then the HR group has access. If the item is for IT,
then the IT group has access (and HR wouldn't).
That's it. There would be no nesting of items with multiple permission levels, no use of user-level ACLs on the items, etc.
Thoughts about this configuration and expected performance issues? Thanks for any feedback!Just an update for anyone who finds this thread:
I converted our data into a test SharePoint list with 1500 rows. I then enabled full item-level security, with restrictions to hide data not created by the person.
I then set individual permissions for each item that included 2-3 AD groups with different permissions--contribute, full ownership, etc, and 2-3 individuals with varying permissions. The individuals represented around 50 total people.
After the permissions were set I then did a comparison of loading individual views and the full data set in Standard and Datasheet views, for both myself as an administrator with full list access and with several of the individuals who only had access to
their designated items--typically 75-100 of the total list.
The results were that I found no discernable difference in system performance from the user interface level while loading list views after the item level security was configured in this way. I understand this will vary based up
hardware configuration and exact permission configuration, but in our situation the impact of item level security on a list of 1500 items had very little, if any, negative performance impact. Note that I didn't check performance at the database server level,
but I'm assuming the impact there was minimal since the front-end user experience was unaffected.
I expect we'll put this solution into place and if we do I'll update this post when we have additional real-world usage information. -
Im currently working on some code and Im really in need of a naming service, preferably one with a service provider for JNDI. In essence what Im looking for is a very basic name server, although knowing little about the suject at this point Im thinking that ldap, nis are really not well suited to my needs as my key goal is mapping names to references( under dynamic contexts), which Ive allready half implemented. As things are getting more complex and what Ive implemented of rather poor design, Im starting to feel like Im going to have a rough month or two ahead of me!! I dont want to re-invent the wheel and I know in my heart someone has allready coded the software I need!!! Unfortunately My search has been fruitless. Id greatly appreciate it if someone can steer me in the right direction. In the meantime I think Ill be pulling my hair out trying to figure out how to code the software I need.... Sorry for not fully explaining what Im after, if not enough info just let me know and Ill try to provide more detail.............
Hi Prisco,
You can go very well fo JNDI. And you can use Netscape or Iplanet Directory server as LDAP server.
Please Download the Directory Server from this URL.
http://www.iplanet.com/downloads/download/2087.html
Also here with I am giving you a simple Authentication program, which makes use of JNDI and Netscape Directory server. If you follow these steps, you will get a good idea about JNDI.
DESCRIPTION:
I am trying to use LDAP to control access to a HTML page. I want an authentication
box to pop up, allowing the user to authenticate to the HTML page through a LDAP server.
If they succesfully authenticate, I need to check their username against a list
of valid usernames that's stored in a database, then give access to the page
based on that list. How can I implement this solution?
SOLUTION:
The best way is to use Basic Authentication solution with JNDI and LDAP server,
Netscape Directory server(for example) with a simple servlet program. Java Naming
and Directory Interface (JNDI) API is standardized, and enable to use different
directory services such as Netscape Directory server. LDAP server can be used
for storing some common data's used in the sample solution.
It can be done through a servlet to check the user and its password which is
stored in the LDAP server.
In order to demonstrate a sample solution, I will use the Netscape Directory
Server 4.13 as the LDAP server, which is loaded my own LDIF file with customized
attributes. The basic authentication algorithm will be used in this sample
solution.
The following steps are to implement this sample solution:
1. Creating our own LDAP data Interchange format (LDIF) file.
2. Loading(Import) the Ldif file in Netscape Directory Server.
3. Creation of user schema files for customized attributes.
4. Load the user schema files in the Netscape Directory Server.
5. Restart the Directory Server
6. A simple servlet program for basic authentication.
7. A sample HTML file is given last, used in servlet program.
Here are the detail description of the above steps:
STEP 1: Creating our own LDAP data Interchange format (LDIF) file:
Here is the LDIF (LDAP data Interchange format) file is a text based format used to work
on LDAP data, with both our application and end users.
Through this LDIF file, I am having an attribute "customerid: timb" for which I will
be preparing the authentication, which will have its own password
"userpassword: bakrudeen", through which it can be maintained in a common place.
Here again in the same LDIF file, other information related to the "customerid: timb"
such as common name "cn: Tim Briggs", sur name "sn: Briggs" etc are maintained.
The data in LDAP is organized in a tree, called a Directory Information tree(DIT).
Each leaf in DIT is called an entry. The first entry in DIT is called the root entry.
Here is a sample LDIF File which is used in our sample solution:-
Here the DIT is maintained in such a way data is organized in LDAP, is fairly simple. In this
sample we store all of our entries in a common root o=fedup.com, with the following branches
Customers - Customer Entries with " customer id: timb" , userpassword: bakrudeen, and other
information related to this customer is kept in a common place.
dn: uid=timb,ou=Customers,o=fedup.com
changetype:add
objectclass: customer
objectclass: inetorgperson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Tim Briggs
uid: timb
givenname: Tim
customerid: timb
sn: Briggs
facsimiletelephonenumber: 4101
telephonenumber: 4145
creatorsname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
createtimestamp: 20000501084001Z
aci: (target="ldap:///uid=timb,ou=Customers,o=fedup.com")(targetattr="*")(version 3.0; acl "unknown"; allow (all)(userdn = "ldap:///anyone");)
ou: Customers
mail:
userpassword: bakrudeen
modifiersname: uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
modifytimestamp: 20000605084001Z
STEP 2: Loading(Import) the Ldif file in Netscape Directory Server:-
Once after creating the above sample LDIF File, it should be added in Netscape Directory Server.
It should be imported in order to add the neccessary atributes in the Netscape Directory server,
so that we can make use of the Common data.
Steps for Importing the LDIF file in the Directory Server:-
1) Create an instance of the Directory Server.
2) Bind it to the different port with different organizational unit
(Here in this program, it is 1124).
3) Press the Configuration from the menu.
4) Then select import from the Console menu.
5) Choose the LDIF file you are going to import.
6) There also you have to provide a file for rejected entries, ie it will list all the entries
which is not added while loading.
STEP 3: Creation of our own USER SCHEMA Files:-
It is necessary for adding the attributes which are not defined in the
Netscape directory server. In the above, customerid which is defined in ldif
file is not existing in the directory server.
Here is the Schema file for attributes:(ie for defining for eg customer id).
The name of the file is slapd.user_at.conf:-
attribute customerid customerid-oid cis single
attribute packageid packageid-oid cis single
attribute receivedate receivedate-oid cis single
attribute shipdate shipdate-oid cis single
attribute shipperid shipperid-oid dn single
attribute receiveid receiveid-oid dn single
#Java Attributes
# Schema for storing java objects and java object references
attribute javaClassName 1.3.6.1.4.1.42.2.27.4.1.1 ces single
attribute javaCodebase 1.3.6.1.4.1.42.2.27.4.1.6 ces
attribute javaSerializedData 1.3.6.1.4.1.42.2.27.4.1.7 bin single
attribute javaRemoteLocation 1.3.6.1.4.1.42.2.27.4.1.8 ces single
attribute javaFactory 1.3.6.1.4.1.42.2.27.4.1.4 ces single
attribute javaReferenceAddress 1.3.6.1.4.1.42.2.27.4.1.3 ces
Here is Schema file for your own object classes:-
The name of the file is Slapd.user_oc.conf:-
In the similar way as above there are no "customer" class in the object classes
defined in the LDAP, so we will have to create our own "customer" Object class.
Also it extends inetOrgPerson to add some new attributes such as "customerid".
The object class of an entry specifies what attributes are required and what
attributes are allowed in a particular entry.
Also for eg, Package classes in the object class is created.
Here is the sample file for creating the above:-
objectclass package
oid package-oid
superior top
requires
packageid,
receiveid,
shipdate,
shipperid
allows
description,
ou,
receivedate
objectclass customer
oid customer-oid
superior inetorgperson
requires
customerid
allows
c
#JAVA Schema
# Schema for storing java objects and java object references
objectclass javaContainer
oid 1.3.6.1.4.1.42.2.27.4.2.1
superior top
requires
cn
objectclass javaObject
oid 1.3.6.1.4.1.42.2.27.4.2.4
superior top
requires
javaClassName
allows
javaCodebase
objectclass javaSerializedObject
oid 1.3.6.1.4.1.42.2.27.4.2.5
superior javaObject
requires
javaSerializedData
objectclass javaRemoteObject
oid 1.3.6.1.4.1.42.2.27.4.2.6
superior javaObject
requires
javaRemoteLocation
objectclass javaNamingReference
oid 1.3.6.1.4.1.42.2.27.4.2.7
superior javaObject
requires
javaReferenceAddress,
javaFactory
STEP 4: Loading the USER SCHEMA files in Directory Server:-
All the attributes created above should be added to the corresponding directory server,
in order to make it as a common attribute.
Steps for adding the User Schema files to the Directory Server:-
1. Copy the above user schema files to the appropriate instance of Netscape Directory Server
created above so that the existing LDIF file which is used in the Netscape directory
server is not appended or overwritten.
2. For eg, put it in "NetscapeServer/slapd-HostName/config" to replace the empty
files "slapd.user_at.conf" and "slapd.user_oc.conf" by default.
3. Then restart the Directory Server.
STEP 5: Simple Servlet Program for BASIC AUTHENTICATION.
Here is the simple servlet program for Basic Authentication:-
Here the way the LDAP authentication works is by attempting to the server with a
DN and a password. No user in their right mind will remember their DN, so we use
some other attribute such as user-id. Then we search in the LDAP server to find
an entry that contains the attribute. Here we are maintaining SUBTREE_SCOPE using
JNDI, which starts its search starting from the base entry, and searches
everything below it including the base entry. Also I am maintaining Global
variables for LDAP setting.
// Importing the necessary Packages
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.naming.*;
import javax.naming.directory.*;
public class AuthServ extends HttpServlet {
// Here are our global variables of our LDAP Settings.
public static String MY_CUSTOMER_BASE = "ou=Customers,o=fedup.com";
public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
public static int MY_PORT = 1124;
public static String MY_HOST = "ldap://sundts1.india.sun.com:" + MY_PORT;
public static String MY_MGR = "cn=Directory Manager";
public static String MY_PWD = "password";
public static String MY_SEARCHBASE = "o=fedup.com";
Hashtable env = new Hashtable();
// Using the Get Method of Servlet
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
res.setContentType("text/html");
// To Check to See if there is any data in the "Authorization" Http header from the browser.
// If not it will prompt for username and password.
String auth = req.getHeader("Authorization");
// Do we allow the user
if (!allowedUser(auth) ) {
// Not Allowed, so report unauthorized
res.setStatus(res.SC_UNAUTHORIZED);
res.setHeader("WWW-Authenticate", "BASIC realm=\"users\"");
// User is allowed in
else
// Using SSI to include and display the content of a Simple HTML Page
RequestDispatcher rd= this.getServletContext().getRequestDispatcher("/auth.html");
rd.include(req,res);
// This method checks to see whether the user exist in the LDAP database.
protected boolean allowedUser(String auth) throws IOException {
Hashtable env = new Hashtable();
boolean status = false;
try {
// No Authorization
if (auth == null) return false;
// Basic Authentication is Handled, Other possibilities are MD5 hash or SSL Certificates.
if (!auth.toUpperCase().startsWith("BASIC ")) {
return false; //only do BASIC
// Get encoded user and password, comes after BASIC
String userpassEncoded = auth.substring(6);
// Decode it, using any base 64 decoder
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
String userpassDecoded = new String(dec.decodeBuffer(userpassEncoded));
StringTokenizer st = new StringTokenizer(userpassDecoded,":");
String customerid = st.nextToken();
String pwd = st.nextToken();
Please Note:
LDAP Authentication works by attempting to bind to the server with a DN and a password.
No user will remember their DN so we use some other attribute such as user-id.
Then we search in the LDAP server to find an entry in the LDAP server to find an entry
that contains the attribute.
For a Secure System, we should use an attribute that will be unique per entry such as
uid, in our case the "customerid" attribute.
// Prepare for context
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
env.put(Context.PROVIDER_URL, MY_HOST);
// Get a reference to a directory context
DirContext ctx = new InitialDirContext(env);
// Specify the scope of the search
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
// Perform the actual search
// We give it a searchbase, a filter and the constraints
// containing the scope of the search
NamingEnumeration results =
ctx.search(MY_CUSTOMER_BASE, "(customerid=" + customerid + ")", constraints);
String dn = null;
If it does not throw an exception,
then it is considered to be an Successful Authentication
// Now step through the search results
while (results != null && results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
dn = sr.getName() + "," + MY_CUSTOMER_BASE;
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, pwd);
try {
DirContext ctx2 = new InitialDirContext(env);
status = true;
} catch (AuthenticationException e) {
log(e.toString());
} catch (NamingException x) {
log(x.toString());
return status;
STEP 6: Simple HTML file used in Servlet Program:-
Here is the Simple HTML File we are including in RequestDispatcher of the above program:-
<html>
<head>
<title> Authorisation</title>
</head>
<body>
<h1> Your Authorisation is Successful </h1>
</body>
</html>
I hope this will help you.
Thanks
Bakrudeen -
Hi,
Could someone please provide me with a good link for understanding Naming services and reportServer? And troubleshooting steps, logs to refer etc.
ThanksPlease briefly describe your problem. We'll try to indicate which forum will help you the most.
Typically 'Naming Service' means "translate the computer host name to an IP address" so that we can find the computer that contains some service we want to use. And typically, that is done by a translation file (/etc/hosts or C:\windows\system32\drivers\etc\hosts.) or by DNS (Dynamic Naming Services), which is a distributed-software database application that does the translation. Troubleshooting techniques will vary based on a lot of factors, including your network configuration.
However, the term may also be used 'find the right database' using Oracles "Transparent Network Substrate" as described in the 3 Oracle Networking books at http://www.oracle.com/pls/db102/portal.portal_db?selected=3#index-NET, with the TNSADMIN.ORA (in the Reference) being the most important one.
Your report server problem could fall either in the 'host name' or the 'database name' translation. If the latter, check 'Part 3' of the "Net Services Administrator's Guide"
Maybe you are looking for
-
Upgrade from Weblogic 10.3.1 to 10.3.3 Issues
Hi We are in process of migrating/upgrading from Weblogic server 10.3.1 to 10.3.3. A heavily distributed application is being migrated with high volume transaction on clustered environment. Have anybody experienced any issues/ concerns when migrating
-
Problem with the invitations that my ical sends
When recipients to my ical invitation receive their email, they are unable to add the invite to their calendar apps and the attachment doesn't work. Sometimes when they try to open the attachment, it even crashes their outlook. I sent an invite to my
-
Exchange Rate Type per Company Code
HI Experts, In our system the conversion rates for EURX are maintained since there are several European companies working with the system. Now we would like to use the same SAP-system for companies in China & Taiwan. In both countries there is an ind
-
Multiple .jar in libary directory
Hi. My application is using more and more libraries that are packed as jars. Is there anyway to include all jar files in applications /lib when executing the program whit out that every jar must be declared in the classpath...
-
Opening JPEGs in ACR from the Organizer
Many Photoshop Elements users like to edit JPEGs and other non-raw file formats with the Adobe Camera Raw (ACR) plug-in to Photoshop Elements. But if you rely on the Organizer for managing your files, opening a JPEG in ACR is clumsy – in the Editor,