Grandfelt Powershell Management Agent...synch rules..joins?
Sorry for the newbie question.
I am following Kent's posting for managing O365 using the Powershell MA
https://konab.com/managing-office-365-licenses-using-fim-2010/
However, I am guessing I am missing something either in my synchronization rule or my understating of the PSMA.
Eventhough, I have setup a relationship of email to UPN on my Outbound Synch Rule I am unable to get any joining. It seems that joins do now work, unless I create a explicit join within the PSMA itself.
Do I need both the Sync rule and the join in the MA? Or I am just not understanding correctly? Any help would be appreciated.
Well, I'm sorry - from what you've sent me, I can't seem to find the issue. I don't use SR's that much anymore; I prefer classic so I might be missing something here :-)
Seems your data is okay, since direct-joins is working, so it must be some config error or similar in your SR's (scoped to the right object type?)
Sorry, I cant be of more help. This is not a PSMA problem, but a SR problem...
Regards, Soren Granfeldt
blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt
Similar Messages
-
New version of PowerShell Management Agent
I just released a new version of my PowerShell Management Agent. It now supports two sets of credentials, allowing for greater flexibility for your scripts security contexts. Oh, and there is added script host robustness and a few bugfixes.
http://blog.goverco.com/2014/03/new-version-of-powershell-management.html
Regards, Soren Granfeldt
blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldtI am not really sure if Azure support this but its worth to make your configuration file to support .NET 4.0
$PShome\PowerShell_ISE.CONFIG and $PSHOME\PowerShell.exe.config will be not existing.
So you can make an entry in configuration to support .NET framework 4.0
like shown below
$config_text = @"
<?xml version="1.0"?>
<configuration>
<startup useLegacyV2RuntimeActivationPolicy="true">
<supportedRuntime version="v4.0.30319"/>
<supportedRuntime version="v2.0.50727"/>
</startup>
</configuration>
$config_text| Out-File $pshome\powershell.exe.config
$config_text| Out-File $pshome\powershell_ise.exe.config
Close PowerShell Console and open as administrator.
Try loading the modules back and let me know.
Regards Chen V [MCTS SharePoint 2010] -
Import Photos Powershell Management Agent
Hello ,
i'am using the powershell management agent to import photo to Metaverse but when i run a full import i have some errors
"Microsoft.MetadirectoryServices.ExtensibleExtensionException: Unable to cast object of type 'System.Byte[]' to type 'System.Object[]'.
at Granfeldt.PowerShellManagementAgent.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.1.3441.0"
any idea ?
ThanksBe sure to use the latest version of the MA. There was a feature change regarding this. Remi did a post on this -
http://www.iamblogg.com/2013/04/14/import-pictures-into-fim-portal/
Regards, Soren Granfeldt
blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt -
Microsoft powershell management agent
Recently microsoft released PS management agent. Actually i saw some of the MSDN article about it but i find them less informative.
1- Can any provide me more details on how to use PS management agents ? I have installed it but not able to use it.
Details about various sections like schema import export etc
2-A guide with step by step instructions for a scenario which I can implement in lab and learn more about PS MA and use it configure other PS compatible systems.
AdiKumarHi,
I faced the same problem, the documentation and sample are very rarly.
I compared the connector with the PowerShell MA from Soren and find him's easier to understand, in addition there are also some sample scripts and a lot of people use that MA as you can see on some questions here in the forum.
Sorens PowerShell MA
He did also a great introduction to his MA on the FIM Team User Group some time ago.
See:
https://unifysolutions.jira.com/wiki/display/FIMTEAMCOM/2013-07-17+-+A+quick+introduction+to+the+PowerShell+MA
/Peter
Peter Stapf - ExpertCircle GmbH - My blog:
JustIDM.wordpress.com -
FIM 2010 Management Agents usage
Hi all,
we have implemented some FIM management agent that read information from different AD forest and the write email contacts into a destination forest. I looking for a tool, or powershell cmdlets I can use to export management agents errors.
I try to explain better, ope FIM Syncronization Service, click on operations button, select the row that reports errors and in pane below show erros details and informations. In my case DistinguishedName for the object that encountered errors. I would
like to export this rows to have a list with all the Distinguishedname and the use that with a script to manage and resolve the issues. i hope to have explained my needed.
Thanks in advance for your help.
RegardsHi!
You can get this info from FIM sync with WMI.
$maName = "AD-MA"
(Get-WmiObject -Namespace "root\MicrosoftIdentityIntegrationServer" -class "MIIS_ManagementAgent"| where {$_.name -eq $maName}).RunDetails().returnvalue
You will have to pick what you want from the xml but this should get you started.
/Robert
Thanks Robert,
well I try to ask again for more information: :)
Running your script I retrieve:
<?xml version="1.0" encoding="utf-16"?>
<run-history>
<run-details>
<ma-id>{AFB1D87E-1580-488F-9F2A-8A382FF4B14A}</ma-id>
<ma-name>MA_SI</ma-name>
<run-number>282</run-number>
<run-profile-name>Delta Sync</run-profile-name>
<security-id>DOMAIN\user</security-id>
<step-details step-number="1" step-id="{4550BF08-A3E1-40D4-854E-546C44FBE016}">
<start-date>2014-04-16 05:10:26.320</start-date>
<end-date>2014-04-16 05:10:43.310</end-date>
<step-result>completed-sync-errors</step-result>
<step-description>
<step-type type="apply-rules">
<apply-rules-subtype>apply-pending</apply-rules-subtype>
</step-type>
<partition>DC=fqdn,DC=fqdn,DC=fqdn</partition>
<custom-data>
<adma-step-data><batch-size>100</batch-size><page-size>500</page-size><time-limit>120</time-limit></adma-step-data>
</custom-data>
</step-description>
<current-export-step-counter>0</current-export-step-counter>
<last-successful-export-step-counter>0</last-successful-export-step-counter>
<ma-connection>
</ma-connection>
<ma-discovery-errors>
</ma-discovery-errors>
<ma-discovery-counters>
</ma-discovery-counters>
<synchronization-errors><import-error cs-guid="{F56B20AE-8EA3-E311-A7B3-005056A80FB6}" dn="CN=NAME,OU=Contacts,OU=Resources,DC=fqdn,DC=fqdn,DC=fqdn">
<first-occurred>2014-04-15 22:20:32.657</first-occurred>
<retry-count>3</retry-count>
<date-occurred>2014-04-16 05:10:38.847</date-occurred>
<error-type>extension-dll-exception</error-type>
<algorithm-step>provisioning</algorithm-step>
<extension-error-info>
<extension-name>MVExtension.dll</extension-name>
<extension-callsite>provisioning</extension-callsite>
<call-stack>Microsoft.MetadirectoryServices.ObjectAlreadyExistsException: An object with DN ""CN=NAME,OU=Contacts,OU=Resources,DC=fqdn,DC=fqdn,DC=fqdn"" already exists in management agent "AD_CF". An object with
targetAddress smtp:[email protected] already exists, Contact for ObjectName from CAN NOT BE CREATED
at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry)
</call-stack>
</extension-error-info>
</import-error>
</synchronization-errors>
<mv-retry-errors/>
<outbound-flow-counters ma="AD_CF" ma-id="{58020956-DC2A-4C09-9DF1-296778D4788E}">
<provisioned-add-flow detail="true">1</provisioned-add-flow>
</outbound-flow-counters>
<staging-counters>
<stage-no-change detail="false">0</stage-no-change>
<stage-add detail="true">0</stage-add>
<stage-update detail="true">0</stage-update>
<stage-rename detail="true">0</stage-rename>
<stage-delete detail="true">0</stage-delete>
<stage-delete-add detail="true">0</stage-delete-add>
<stage-failure detail="true">0</stage-failure>
</staging-counters>
<inbound-flow-counters>
<disconnector-filtered detail="true">2711</disconnector-filtered>
<disconnector-joined-no-flow detail="true">0</disconnector-joined-no-flow>
<disconnector-joined-flow detail="true">0</disconnector-joined-flow>
<disconnector-joined-remove-mv detail="true">0</disconnector-joined-remove-mv>
<disconnector-projected-no-flow detail="true">0</disconnector-projected-no-flow>
<disconnector-projected-flow detail="true">1</disconnector-projected-flow>
<disconnector-projected-remove-mv detail="true">0</disconnector-projected-remove-mv>
<disconnector-remains detail="false">235</disconnector-remains>
<connector-filtered-remove-mv detail="true">0</connector-filtered-remove-mv>
<connector-filtered-leave-mv detail="true">0</connector-filtered-leave-mv>
<connector-flow detail="true">0</connector-flow>
<connector-flow-remove-mv detail="true">0</connector-flow-remove-mv>
<connector-no-flow detail="true">0</connector-no-flow>
<connector-delete-remove-mv detail="true">0</connector-delete-remove-mv>
<connector-delete-leave-mv detail="true">0</connector-delete-leave-mv>
<connector-delete-add-processed detail="true">0</connector-delete-add-processed>
<flow-failure detail="true">2</flow-failure>
</inbound-flow-counters>
<export-counters>
<export-add detail="true">0</export-add>
<export-update detail="true">0</export-update>
<export-rename detail="true">0</export-rename>
<export-delete detail="true">0</export-delete>
<export-delete-add detail="true">0</export-delete-add>
<export-failure detail="true">0</export-failure>
</export-counters>
</step-details>
</run-details>
</run-history>
If I want to retrieve information from field:
<synchronization-errors> and <call-stack> how I can do this ?
I'd like to have an output with few rows reporting something like:
<synchronization-errors><import-error cs-guid="{F56B20AE-8EA3-E311-A7B3-005056A80FB6}" dn="CN=NAME,OU=Contacts,OU=Resources,DC=fqdn,DC=fqdn,DC=fqdn">
<call-stack>Microsoft.MetadirectoryServices.ObjectAlreadyExistsException: An object with DN ""CN=NAME,OU=Contacts,OU=Resources,DC=fqdn,DC=fqdn,DC=fqdn"" already exists in management agent "AD_CF". An object with targetAddress
smtp:[email protected] already exists, Contact for ObjectName from CAN NOT BE CREATED
at Mms_Metaverse.MVExtensionObject.Microsoft.MetadirectoryServices.IMVSynchronization.Provision(MVEntry mventry)
</call-stack>
Do you have any ideas on how to do that ?
Thanks in advance!!!
Regards -
SO I am getting a strange error when trying to access the FIM Management Agents
Hi Everyone,
So I am getting a really odd error when I go to FIM --> Management Agents -->MOSS-guid ID right click on that and choose porperties, then Configure Connection Information, then I click OK and I get this pop up error "the type of 'pictureurl' string
is not compatible with the type of 'sps_mv_octelstring_pictureurl'. I got here by noticing that in the error log there was an error that said:
The management agent "MOSS-guid ID" failed on run profile "MOSS_EXPORT_Guid ID" because the server encountered errors.
when I searched on that error, it lead me to a ton of blogs that said to do the following:go to FIM --> Management Agents -->MOSS-guid ID right click on that and choose porperties, then Configure Connection Information at the bottom of the page there
is a Connect To field and every blog I read said to change it to direct:{Domain}:{Port}. The thing is that my domain and port were fine, so that is when I clicked ok, and got that error message. Ever since this happened, my FIM has been broken, and I really
can't figure out why???
So I haven't done any updates to the server in at least a year, so nothing could be happening there.
Any help at all with this would be taken with the greatest appreciation.
Best regards, MikeWhat you're doing is unsupported. You need to manipulate the MAs via Central Admin -> Manage Service Applications, find your UPA SA and manage it. You can then Manage User Properties and make changes to the Picture property from here.
Trevor Seward
Follow or contact me at...
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Too Slow - Domino 6.5.4 with access manager agent 2.2 ?
I don't know how to tune Domino 6.5.4 with access manager agent 2.2?
I think AMAgent.properties is not good for SSO.
Please help me to tune it.
# $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
# Copyright ? 2002 Sun Microsystems, Inc. All rights reserved.
# U.S. Government Rights - Commercial software. Government users are
# subject to the Sun Microsystems, Inc. standard license agreement and
# applicable provisions of the FAR and its supplements. Use is subject to
# license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
# trademarks or registered trademarks of Sun Microsystems, Inc. in the
# U.S. and other countries.
# Copyright ? 2002 Sun Microsystems, Inc. Tous droits r閟erv閟.
# Droits du gouvernement am閞icain, utlisateurs gouvernmentaux - logiciel
# commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
# licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
# vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl閙ents
# ? celles-ci.
# Distribu? par des licences qui en restreignent l'utilisation. Sun, Sun
# Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
# marques d閜os閑s de Sun Microsystems, Inc. aux Etats-Unis et dans
# d'autres pays.
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Access Manager
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Access Manager will disable the SDK.
com.sun.am.cookie.name = iPlanetDirectoryPro
# The URL for the Access Manager Naming service.
com.sun.am.naming.url = http://sportal.yjy.dqyt.petrochina:80/amserver/namingservice
# The URL of the login page on the Access Manager.
com.sun.am.policy.am.login.url = http://sportal.yjy.dqyt.petrochina:80/amserver/UI/Login
# Name of the file to use for logging messages.
com.sun.am.policy.agents.config.local.log.file = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAgent
# This property is used for Log Rotation. The value of the property specifies
# whether the agent deployed on the server supports the feature of not. If set
# to false all log messages are written to the same file.
com.sun.am.policy.agents.config.local.log.rotate = true
# Name of the Access Manager log file to use for logging messages to
# Access Manager.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Access Manager.
com.sun.am.policy.agents.config.remote.log = amAuthLog.Dominoad.yjy.dqyt.petrochina.80
# Set the logging level for the specified logging categories.
# The format of the values is
# <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
# 0 Disable logging from specified module*
# 1 Log error messages
# 2 Log warning and error messages
# 3 Log info, warning, and error messages
# 4 Log debug, info, warning, and error messages
# 5 Like level 4, but with even more debugging messages
# 128 log url access to log file on AM server.
# 256 log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.log.level =
# The org, username and password for Agent to login to AM.
com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslcert.dir = c:/Sun/Access_Manager/Agents/2.2/domino/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certdb.prefix =
# Should agent trust all server certificates when Access Manager
# is running SSL?
# Possible values are true or false.
com.sun.am.trust_server_certs = true
# Should the policy SDK use the Access Manager notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notification.enable = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notification.url = http://Dominoad.yjy.dqyt.petrochina:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.url_comparison.case_ignore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.polling.interval=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the access manager. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userid.param=UserToken
# Profile attributes fetch mode
# String attribute mode to specify if additional user profile attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user profile attributes will be introduced.
# HTTP_HEADER - additional user profile attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user profile attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
# The user profile attributes to be added to the HTTP header. The
# specification is of the format ldap_attribute_name|http_header_name[,...].
# ldap_attribute_name is the attribute in data store to be fetched and
# http_header_name is the name of the header to which the value needs
# to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-
number,c|country
# Session attributes mode
# String attribute mode to specify if additional user session attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user session attributes will be introduced.
# HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
# HTTP_COOKIE - additional user session attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
# The session attributes to be added to the HTTP header. The specification is
# of the format session_attribute_name|http_header_name[,...].
# session_attribute_name is the attribute in session to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.session.attribute.map=
# Response Attribute Fetch Mode
# String attribute mode to specify if additional user response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user response attributes will be introduced.
# HTTP_HEADER - additional user response attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user response attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
# The response attributes to be added to the HTTP header. The specification is
# of the format response_attribute_name|http_header_name[,...].
# response_attribute_name is the attribute in policy response to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.response.attribute.map=
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.lb.cookie.name = GX_jst
# indicate where a load balancer is used for Access Manager
# services.
# true | false
com.sun.am.load_balancer.enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.config.version=2.2
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.config.audit.accesstype = LOG_DENY
# Agent prefix
com.sun.am.policy.agents.config.agenturi.prefix = http://Dominoad.yjy.dqyt.petrochina:80/amagent
# Locale setting.
com.sun.am.policy.agents.config.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.config.instance.name = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.config.do_sso_only = true
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.config.accessdenied.url =
# This property indicates if FQDN checking is enabled or not.
com.sun.am.policy.agents.config.fqdn.check.enable = true
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.config.fqdn.check.enable,
# com.sun.am.policy.agents.config.fqdn.map
com.sun.am.policy.agents.config.fqdn.default = Dominoad.yjy.dqyt.petrochina
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Access Manager policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
# Another example is if you have multiple virtual servers say rst.hostname.com,
# uvw.hostname.com and xyz.hostname.com pointing to the same actual server
# abc.hostname.com and each of the virtual servers have their own policies
# defined, then the fqdnMap should be defined as follows:
# com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.config.fqdn.map =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Access Manager for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
com.sun.am.policy.agents.config.cookie.reset.enable=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Access Manager.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.config.cookie.reset.list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
com.sun.am.policy.agents.config.cookie.domain.list=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.config.anonymous_user=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.config.anonymous_user.enable=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
com.sun.am.policy.agents.config.notenforced_list = http://dominoad.yjy.dqyt.petrochina/*.nsf http://dominoad.yjy.dqyt.petrochina/teamroom.nsf/TROutline.gif?
OpenImageResource http://dominoad.yjy.dqyt.petrochina/icons/*.gif
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.config.notenforced_list.invert = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.config.notenforced_client_ip_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.config.postdata.preserve.enable = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.config.cdsso.enable=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.config.cdcservlet.url =
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.config.client_ip_validation.enable = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.config.logout.url=
#http://sportal.yjy.dqyt.petrochina/amserver/UI/Logout
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.config.logout.cookie.reset.list =
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Access Manager.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetch_from_root_resource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.config.get_client_host_name = false
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.config.convert_mbyte.enable = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.policy.agents.config.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port =
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is true,
# and if the notification url is coming through the proxy or load balancer
# in the same way as other request url's.
com.sun.am.policy.agents.config.override_notification.url =
# The following property defines how long to wait in attempting
# to connect to an Access Manager AUTH server.
# The default value is 2 seconds. This value needs to be increased
# when receiving the error "unable to find active Access Manager Auth server"
com.sun.am.policy.agents.config.connection_timeout =
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# The three following properties are for IIS6 agent only.
# The two first properties allow to set a username and password that will be
# used by the authentication filter to pass the Windows challenge when the Basic
# Authentication option is selected in Microsoft IIS 6.0. The authentication
# filter is named amiis6auth.dll and is located in
# Agent_installation_directory/iis6/bin. It must be installed manually on
# the web site ("ISAPI Filters" tab in the properties of the web site).
# It must also be uninstalled manually when unintalling the agent.
# The last property defines the full path for the authentication filter log file.
com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAuthFilterHi,
I installed opensso (so Sun Java(TM) System Access Manager 7.5) and the agent for Domino 6.5.4 and I have the message in logs "amAgent"
2007-07-11 18:40:16.119 Error 1708:3dbcf768 PolicyAgent: render_response(): Entered.
I have the box to identify but it doesnot connect me on my opensso server.
It still identify with Domino's server
Thanks for your response
Thomas -
How many Management agents can you have running simultaneously on a host?
Hi all,
I've scoured the Oracle documentation and not been able to find a definitive answer to this question, how many Oracle management agents can you have on a single managed host target? Can you for example run an 11g agent and a 12c agent simultaneously (whilst migrating to 12c without upgrading the present OEM instance) If so can you run two 12c agents, each pointing to a different OMS? I’ve seen examples of an agent for each database instance on a host managed target, so a host with three Oracle database instances has three Oracle Management agents all pointing to the same OMS with each agent is monitoring just one of the database instances. There must be resource considerations here for memory, cpu and network traffic etc? I’ve always understood it to be one Oracle Management Agent per managed host
ThanksI don't think there's any data on impact or performance since it's not a recommended configuration. If you have host/configuration monitoring enabled on both agents, they will be running the same queries/scripts against the host/inventory, etc. so they will likely have contention at some point. If you monitor the same databases, you will definitely see contention and increased overhead as there will be multiple agents running the same queries. You might also see problems w/ any of the server generated alerts (tablespace, etc) if you change thresholds as the agents send that to the database, and then the database will be out of sync with the other agents.
What exactly is the goal for having multiple agents? Is it short term or long term? -
Installing oracle management agent 12.1.0.2.0 in silent mode.
version: 12.1.0.2.0
platform: IBM Aix power systems 64bit
I installed the oracle management service along with the oracle management agent that comes along with the the first installation. I deinstalled the first installed OMA and tried to install it again using the silent install mode with the response file.
(oms host and the oma host are the same)
among the 3 modes of silent install described in the installation guide, i used agent deploy method.
Here are the steps i followed with the install
1. this the status of my OMS
<oracle>chh-aix-beta/oem12c/product/oms/bin> ./emctl status oms -details
Oracle Enterprise Manager Cloud Control 12c Release 2
Copyright (c) 1996, 2012 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
Console Server Host : chh-aix-beta
HTTP Console Port : 7788
HTTPS Console Port : 7799
HTTP Upload Port : 4889
HTTPS Upload Port : 1159
EM Instance Home : /oem12c/product/gc_inst/em/EMGC_OMS1
OMS Log Directory Location : /oem12c/product/gc_inst/em/EMGC_OMS1/sysman/log
OMS is not configured with SLB or virtual hostname
Agent Upload is locked.
OMS Console is unlocked.
Active CA ID: 1
Console URL: https://chh-aix-beta:7799/em
Upload URL: https://chh-aix-beta:1159/empbs/upload
WLS Domain Information
Domain Name : GCDomain
Admin Server Host: chh-aix-beta
Managed Server Information
Managed Server Instance Name: EMGC_OMS1
Managed Server Instance Host: chh-aix-beta
WebTier is Up
Oracle Management Server is Up2. I got the version and the platform info of the oms by doing the following
<oracle>chh-aix-beta/oem12c/product/oms/bin> ./emcli get_supported_platforms
Getting list of platforms ...
Check the logs at /oem12c/product/gc_inst/em/EMGC_OMS1/sysman/emcli/setup/.emcli/agent.log
About to access self-update code path to retrieve the platforms list..
Getting Platforms list ...
Version = 12.1.0.2.0
Platform = IBM AIX on POWER Systems (64-bit)
Platforms list displayed successfully.3. I downloaded the management agent software by doing the following ()
$<OMS_HOME>/bin/emcli get_agentimage -destination=/oem12102 -platform="IBM AIX on POWER Systems (64-bit) " -version=12.1.0.2.04. I unzipped the management agent software.
5. I edited the response file as follows. (i edited only the oms_host, em_upload_port, agent_registration_password, since they are the only ones that are mandatory)
OMS_HOST=172.16.24.65
EM_UPLOAD_PORT=1159
AGENT_REGISTRATION_PASSWORD=cchorcl01
#AGENT_INSTANCE_HOME=
#AGENT_PORT=
b_startAgent=true
#ORACLE_HOSTNAME=
#s_agentHomeName=
EM_INSTALL_TYPE="AGENT"6. then i ran the AgentDeploy.sh script using the following.
./agentDeploy.sh -ignorePrereqs AGENT_BASE_DIR=/oem12c/base/agent RESPONSE_FILE=/oem12102/agent.rsp(I ignored the prereqs because, i was getting an error with the hostname and the hostname is correct)
7. this the following output i am getting after running step 6.
-e Validating the OMS_HOST & EM_UPLOAD_PORT
Executing command : /oem12c/base/agent/core/12.1.0.2.0/jdk/bin/java -classpath /oem12c/base/agent/core/12.1.0.2.0/jlib/agentInstaller.jar:/oem12c/base/agent/core/12.1.0.2.0/oui/jlib/OraInstaller.jar oracle.sysman.agent.installer.AgentInstaller /oem12c/base/agent/core/12.1.0.2.0 /oem12102 /oem12c/base/agent -prereq
Validating oms host & port with url: http://172.16.24.65:1159/empbs/genwallet
Validating oms host & port with url: https://172.16.24.65:1159/empbs/genwallet
Return status:3
Unzipping the agentcoreimage.zip to /oem12c/base/agent ....
12.1.0.2.0_PluginsOneoffs_212.zip
Executing command : /oem12102/unzip -o /oem12102/12.1.0.2.0_PluginsOneoffs_212.zip -d /oem12c/base/agent
Executing command : /oem12c/base/agent/core/12.1.0.2.0/jdk/bin/java -d64 -classpath /oem12c/base/agent/core/12.1.0.2.0/oui/jlib/OraInstaller.jar:/oem12c/base/agent/core/12.1.0.2.0/oui/jlib/xmlparserv2.jar:/oem12c/base/agent/core/12.1.0.2.0/oui/jlib/srvm.jar:/oem12c/base/agent/core/12.1.0.2.0/oui/jlib/emCfg.jar:/oem12c/base/agent/core/12.1.0.2.0/jlib/agentInstaller.jar:/oem12c/base/agent/core/12.1.0.2.0/oui/jlib/share.jar oracle.sysman.agent.installer.AgentInstaller /oem12c/base/agent/core/12.1.0.2.0 /oem12102 /oem12c/base/agent /oem12c/base/agent/agent_inst AGENT_BASE_DIR=/oem12c/base/agent -ignorePrereqs AGENT_BASE_DIR=/oem12c/base/agent RESPONSE_FILE=/oem12102/agent.rsp
Cloning the agent home...
Executing command: /oem12c/base/agent/core/12.1.0.2.0/oui/bin/runInstaller -ignoreSysPrereqs -clone -forceClone -silent -waitForCompletion -nowait ORACLE_HOME=/oem12c/base/agent/core/12.1.0.2.0 -responseFile /oem12102/agent.rsp AGENT_BASE_DIR=/oem12c/base/agent AGENT_BASE_DIR=/oem12c/base/agent RESPONSE_FILE=/oem12102/agent.rsp -noconfig ORACLE_HOME_NAME=agent12c3 -force b_noUpgrade=true AGENT_PORT=-1
Clone Action Logs Location:/software/oracle/logs/cloneActions<timestamp>.log
Cloning of agent home completed successfully
Attaching sbin home...
Executing command: /oem12c/base/agent/core/12.1.0.2.0/oui/bin/runInstaller -ignoreSysPrereqs -attachHome -waitForCompletion -nowait ORACLE_HOME=/oem12c/base/agent/sbin ORACLE_HOME_NAME=sbin12c3 -force
Attach Home Logs Location:/oem12c/base/agent/core/12.1.0.2.0/cfgtoollogs/agentDeploy/AttachHome<timestamp>.log
Attach home for sbin home completed successfully.
Updating home dependencies...
Executing command: /oem12c/base/agent/core/12.1.0.2.0/oui/bin/runInstaller -ignoreSysPrereqs -updateHomeDeps -waitForCompletion HOME_DEPENDENCY_LIST={/oem12c/base/agent/sbin:/oem12c/base/agent/core/12.1.0.2.0,} -invPtrLoc /oem12c/base/agent/core/12.1.0.2.0/oraInst.loc -force
Update Home Dependencies Location:/oem12c/base/agent/core/12.1.0.2.0/cfgtoollogs/agentDeploy/UpdateHomeDeps<timestamp>.log
ERROR: Update home dependency failed.I am getting stuck at updating home dependencies. I dont know what that means. If you have faced similar problems while installing oracle management agent please do share your solution. if you need more info please let me know.All these commands are run on the host (hostname=chh-lpar20) where the agent is being installed, and these commands are run as root user.
ifconfig -a
en0: flags=5e080863,c0<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),PSEG,LARGESEND,CHAIN>
inet 172.16.28.222 netmask 0xfffffc00 broadcast 172.16.31.255
tcp_sendspace 131072 tcp_recvspace 65536 rfc1323 0
lo0: flags=e08084b,c0<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGESEND,CHAIN>
inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
inet6 ::1%1/0
tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1ping chh-lpar20
PING chh-lpar20: (172.16.28.222): 56 data bytes
64 bytes from 172.16.28.222: icmp_seq=0 ttl=255 time=0 ms
64 bytes from 172.16.28.222: icmp_seq=1 ttl=255 time=0 msnslookup chh-lpar20
Server: 172.16.29.213
Address: 172.16.29.213#53
** server can't find chh-lpar20: NXDOMAINnslookup 172.16.28.222
Server: 172.16.29.213
Address: 172.16.29.213#53
** server can't find 222.28.16.172.in-addr.arpa: NXDOMAINto check the if the port 3872 and 1830-1849 are free I ran the follwoing command
./agentDeploy.sh -prereqOnly AGENT_BASE_DIR=/oem12102/base/agent
this was the result i got inregards to the ports
Check complete: Passed
========================================================
Performing check for PortCheck
Checking for port availability and hostname validity...
Trying for host : chh-lpar20/172.16.28.222 and port : 3872
Trying for host : chh-lpar20/192.168.12.23 and port : 3872
Port= 3872 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1830
Trying for host : chh-lpar20/192.168.12.23 and port : 1830
Port= 1830 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1831
Trying for host : chh-lpar20/192.168.12.23 and port : 1831
Port= 1831 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1832
Trying for host : chh-lpar20/192.168.12.23 and port : 1832
Port= 1832 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1833
Trying for host : chh-lpar20/192.168.12.23 and port : 1833
Port= 1833 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1834
Trying for host : chh-lpar20/192.168.12.23 and port : 1834
Port= 1834 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1835
Trying for host : chh-lpar20/192.168.12.23 and port : 1835
Port= 1835 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1836
Trying for host : chh-lpar20/192.168.12.23 and port : 1836
Port= 1836 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1837
Trying for host : chh-lpar20/192.168.12.23 and port : 1837
Port= 1837 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1838
Trying for host : chh-lpar20/192.168.12.23 and port : 1838
Port= 1838 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1839
Trying for host : chh-lpar20/192.168.12.23 and port : 1839
Port= 1839 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1840
Trying for host : chh-lpar20/192.168.12.23 and port : 1840
Port= 1840 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1841
Trying for host : chh-lpar20/192.168.12.23 and port : 1841
Port= 1841 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1842
Trying for host : chh-lpar20/192.168.12.23 and port : 1842
Port= 1842 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1843
Trying for host : chh-lpar20/192.168.12.23 and port : 1843
Port= 1843 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1844
Trying for host : chh-lpar20/192.168.12.23 and port : 1844
Port= 1844 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1845
Trying for host : chh-lpar20/192.168.12.23 and port : 1845
Port= 1845 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1846
Trying for host : chh-lpar20/192.168.12.23 and port : 1846
Port= 1846 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1847
Trying for host : chh-lpar20/192.168.12.23 and port : 1847
Port= 1847 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1848
Trying for host : chh-lpar20/192.168.12.23 and port : 1848
Port= 1848 is busy.
Trying for host : chh-lpar20/172.16.28.222 and port : 1849
Trying for host : chh-lpar20/192.168.12.23 and port : 1849
Port= 1849 is busy.
Check complete. The overall result of this check is: Failed <<<<
Check complete: Failed <<<<
Problem: Either port is unavailable or hostname configuration is not valid.
Recommendation: Make sure the port is available and the hostname configuration i
s proper.I don't know what to make of the results I got for executing the nslookup command. -
Oracle Enterprise Manager Agent deployment (Installation and Configuration) Error
Hello,
I am trying to create an agent on a linux server using Oracle Enterprise Manager 12.1.0.3. The user is created with root privilege on the server, by change /etc/sudoers entry username the same as the root entry. After that I tried to add host target by clicking Setup->Add Target->Add target Manually->Add Host Targets in the Oracle Enterprise Manager.
In the Add Target view: I clicked on add, then I entry host and platform information. After that I click next. Then I provided the Linux x86-64 : Installation Details for
Installation Base Directory, Instance Directory, Name Credential ... then click next. then click Deploy Agent.
In the Add Host Status view: stages Initialization and Remote Prerequisite Check successfully passed, but in the stage Agent Deployment, it failed in the Installation and Configuration phrase of the Agent Deployment stage.
The log content is shown below. There are numerous SEVERE Errors. But I don't have much experience in dealing with these type of problems. I thank you in advance for all the helps.
lf
WARNING: Validation of XML schema is disabled because AggregateDescriptions.xsd could not be found
INFO: Creating new CFM connection
INFO: Creating a new logger for oracle.sysman.top.agent
INFO: Unmarshalling /users/ncgf/em_agent/core/12.1.0.3.0/inventory/ContentsXML/ConfigXML/oracle.sysman.top.agent.12_1_0_3_0.xml
INFO: Creating a new logger for OuiConfigVariables
INFO: Unmarshalling /users/ncgf/em_agent/core/12.1.0.3.0/inventory/ContentsXML/ConfigXML/OuiConfigVariables.1_0_0_0_0.xml
INFO: Aggregate Description oracle.sysman.top.agent:12.1.0.3.0:common successfully loaded
INFO: Aggregate Description OuiConfigVariables:1.0.0.0.0:common successfully loaded
INFO: Successfully returning from CfmFactory.connect()
INFO: Cfm.save() was called
INFO: Cfm.save(): 2 aggregate instances saved
INFO: oracle.sysman.top.agent:IAction.perform() was called on {Action state:configuration in CfmAggregateInstance: oracle.sysman.top.agent:12.1.0.3.0:common:family=CFM:oh=/users/ncgf/em_agent/core/12.1.0.3.0:label=1}
INFO: Framework waiting for Action to complete at 15:08:10.272
INFO: CfwProgressMonitor:actionProgress:About to perform Action=configuration Status=is running with ActionStep=0 stepIndex=0 microStep=0
WARNING: Skipping environment variable line: "}": oracle.sysman.emCfg.common.CfwException: A non-empty environment line must contain "=": }
WARNING: Failed to read environment variable file /users/ncgf/em_agent/core/12.1.0.3.0/install/envVars.properties: java.io.FileNotFoundException: /users/ncgf/em_agent/core/12.1.0.3.0/install/envVars.properties (No such file or directory)
INFO: oracle.sysman.top.agent:About to execute plug-in Agent Configuration Assistant
INFO: oracle.sysman.top.agent:The plug-in Agent Configuration Assistant is running
INFO: oracle.sysman.top.agent:Internal PlugIn Class: oracle.sysman.agent.config.AgentConfiguration
INFO: oracle.sysman.top.agent:Classpath = /users/ncgf/em_agent/core/12.1.0.3.0/oui/jlib/srvm.jar:/users/ncgf/em_agent/core/12.1.0.3.0/jlib/agentConfig.jar:/users/ncgf/em_agent/core/12.1.0.3.0/jlib/emConfigInstall.jar:/users/ncgf/em_agent/core/12.1.0.3.0/sysman/jlib/emagentSDK.jar:/users/ncgf/em_agent/core/12.1.0.3.0/modules/oracle.http_client_11.1.1.jar:/users/ncgf/em_agent/core/12.1.0.3.0/sysman/jlib/log4j-core.jar
INFO: oracle.sysman.top.agent:AgentConfiguration:agent configuration has been started
INFO: oracle.sysman.top.agent:Parametes passed to agent configuration are:
1.ORACLE_HOME=/users/ncgf/em_agent/core/12.1.0.3.0
2.AGENT_PORT=3872
3.ORACLE_HOSTNAME=nsn175-89.us.oracle.com
4.b_doDiscovery=false
5.AGENT_BASE_DIR=/users/ncgf/em_agent
6.AGENT_INSTANCE_HOME=/users/ncgf/em_agent/agent_inst
7.s_hostname=nsn175-89.us.oracle.com
8.OMS_HOST=nsn175-105.us.oracle.com
9.b_startAgent=false
10.b_secureAgent=true
11.b_chainedInstall=false
12.b_forceConfigure=false
13.EM_UPLOAD_PORT=4904
14.b_forceAgentDefaultPort=false
15.s_staticPorts=
16.PROPERTIES_FILE=
b_skipValidation=false
INFO: oracle.sysman.top.agent:Validating OMS_HOST and EM_UPLOAD_PORT
INFO: oracle.sysman.top.agent:Validating with http protocol ...
INFO: oracle.sysman.top.agent:URL framed is:http://nsn175-105.us.oracle.com:4904/empbs/genwallet
SEVERE: oracle.sysman.top.agent:Connection refusedUnexpected end of file from server
INFO: oracle.sysman.top.agent:Validating with https protocol ...
INFO: oracle.sysman.top.agent:URL framed is:https://nsn175-105.us.oracle.com:4904/empbs/genwallet
SEVERE: oracle.sysman.top.agent:The EM_UPLOAD_PORT passed is a secure port. Hence AGENT_REGISTRATION_PASSWORD or s_encrSecurePwd should be passed
INFO: oracle.sysman.top.agent:EM Protocol Switch determined: https
INFO: oracle.sysman.top.agent:Performing free port detection..
INFO: oracle.sysman.top.agent:Trying for host : nsn175-89/10.134.175.89 and port : 3872
INFO: oracle.sysman.top.agent: Trying for host : /127.0.0.1 and port : 3872
INFO: oracle.sysman.top.agent:** Agent Port Check completed successfully.**
INFO: oracle.sysman.top.agent:Agent Port from User Passed Port3872
INFO: oracle.sysman.top.agent:Paths after canonical format conversions are :
1. state_dir=/users/ncgf/em_agent/agent_inst
2. agentBaseDir=/users/ncgf/em_agent
3. oraHome=/users/ncgf/em_agent/core/12.1.0.3.0
INFO: oracle.sysman.top.agent:Parent directory of agent instance home:/users/ncgf/em_agent
INFO: oracle.sysman.top.agent:AgentConfiguration:perform:AgentPortHandler for /users/ncgf/em_agent/core/12.1.0.3.0 and hosts=nsn175-89.us.oracle.com returned Port to Use=3872
INFO: oracle.sysman.top.agent:Instantiating emctl.template file #DEFAULT_EMSTATE# with /users/ncgf/em_agent/agent_inst
INFO: oracle.sysman.top.agent:Writing the following contents into /users/ncgf/em_agent/core/12.1.0.3.0/install/oragchomelist
INFO: oracle.sysman.top.agent:/users/ncgf/em_agent/core/12.1.0.3.0:/users/ncgf/em_agent/agent_inst
INFO: oracle.sysman.top.agent:Both /etc/oragchomelist and /var/opt/oracle/oragchomelist does not exist.
INFO: oracle.sysman.top.agent:Executing emctl deploy agent command...
INFO: oracle.sysman.top.agent:AgentConfiguration: Executing emctl deploy agent command...
INFO: oracle.sysman.top.agent:Executing the command: /users/ncgf/em_agent/core/12.1.0.3.0/bin/emctl deploy agent -L -o nsn175-105.us.oracle.com:4904 -N /users/ncgf/em_agent/agent_inst nsn175-89.us.oracle.com:3872 nsn175-89.us.oracle.com
INFO: oracle.sysman.top.agent:Creating shared install...
INFO: oracle.sysman.top.agent:Source location: /users/ncgf/em_agent/core/12.1.0.3.0
INFO: oracle.sysman.top.agent:Destination (shared install) : /users/ncgf/em_agent/agent_inst
INFO: oracle.sysman.top.agent:Secure Mode: No
INFO: oracle.sysman.top.agent:DeployMode : agent
INFO: oracle.sysman.top.agent:
INFO: oracle.sysman.top.agent:Creating directories...
INFO: oracle.sysman.top.agent:Creating private.properties...
INFO: oracle.sysman.top.agent:Creating blackouts.xml...
INFO: oracle.sysman.top.agent:Creating targets.xml...
INFO: oracle.sysman.top.agent:Creating emctl control program...
INFO: oracle.sysman.top.agent:Creating emtgtctl control program...
INFO: oracle.sysman.top.agent:Agent will not be secured.
INFO: oracle.sysman.top.agent:Secure REPOSITORY_URL found. New agent should be configured for secure mode
INFO: oracle.sysman.top.agent:Secure emdWalletSrcUrl found. New agent should be configured for secure mode
INFO: oracle.sysman.top.agent:Oracle Enterprise Manager Cloud Control 12c Release 3
INFO: oracle.sysman.top.agent:Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
INFO: oracle.sysman.top.agent:Property 'agentTZRegion' is missing from /users/ncgf/em_agent/agent_inst/sysman/config/emd.properties. Updating it...
INFO: oracle.sysman.top.agent:An agentTZregion of 'US/Pacific' is installed in /users/ncgf/em_agent/agent_inst/sysman/config/emd.properties.
INFO: oracle.sysman.top.agent:The command: /users/ncgf/em_agent/core/12.1.0.3.0/bin/emctl deploy agent -L -o nsn175-105.us.oracle.com:4904 -N /users/ncgf/em_agent/agent_inst nsn175-89.us.oracle.com:3872 nsn175-89.us.oracle.com completed with status=0
SEVERE: oracle.sysman.top.agent:Securing of agent step will be skipped because of the following reasons:
1. Agent Registration Password was not passed.
2. b_secureAgent was passed as false
3. The flag -forceConfigure was assed from agentDeploy.sh
INFO: oracle.sysman.top.agent:Plugin File:/users/ncgf/em_agent/plugins.txt
INFO: oracle.sysman.top.agent:Plugin Homes found.
INFO: oracle.sysman.top.agent:Executing command :/users/ncgf/em_agent/core/12.1.0.3.0/perl/bin/perl /users/ncgf/em_agent/core/12.1.0.3.0/bin/AgentPluginDeploy.pl -oracleHome /users/ncgf/em_agent/core/12.1.0.3.0 -agentDir /users/ncgf/em_agent -pluginIdsInfoFile /users/ncgf/em_agent/plugins.txt -action configure -emStateDir /users/ncgf/em_agent/agent_inst
INFO: oracle.sysman.top.agent:
INFO: oracle.sysman.top.agent:
INFO: oracle.sysman.top.agent:The Agent emStateDir location passed is /users/ncgf/em_agent/agent_inst
INFO: oracle.sysman.top.agent: The log file is /users/ncgf/em_agent/agent_inst/install/logs/agentplugindeploy_2013_10_16_15_08_11.log
INFO: oracle.sysman.top.agent: The temp file created to check R/W permissions in Oraclehome: /users/ncgf/em_agent/core/12.1.0.3.0 is /users/ncgf/em_agent/core/12.1.0.3.0/rwFile
INFO: oracle.sysman.top.agent:Plugin command completed with status=0
INFO: oracle.sysman.top.agent:Executing command :/users/ncgf/em_agent/agent_inst/bin/emctl listplugins agent -type all
INFO: oracle.sysman.top.agent:Oracle Enterprise Manager Cloud Control 12c Release 3
INFO: oracle.sysman.top.agent:Oracle Enterprise Manager Cloud Control 12c Release 3
INFO: oracle.sysman.top.agent:Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
INFO: oracle.sysman.top.agent:Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
INFO: oracle.sysman.top.agent:---------------------------------------------------------------
INFO: oracle.sysman.top.agent:---------------------------------------------------------------
SEVERE: oracle.sysman.top.agent:ERROR: The Management Agent configuration failed. The plug-in configuration for the oracle.sysman.oh monitoring plug-in may have failed, or this plug-in may not be present in the Management Agent software. Ensure that the Management Agent software has the oracle.sysman.oh monitoring plug-in, if not then retry the operation. If the agent software has the oracle.sysman.oh monitoring plug-in, view the plug-in deployment log /users/ncgf/em_agent/agent_inst/install/logs to check if the plug-in configuration for the oracle.sysman.oh monitoring plug-in failed.
SEVERE: oracle.sysman.top.agent:Agent configuration has failed
INFO: oracle.sysman.top.agent:AgentConfiguration:agent configuration finished with status = false
INFO: oracle.sysman.top.agent:AgentConfiguration:agent configuration finished with status = false
INFO: oracle.sysman.top.agent:The plug-in Agent Configuration Assistant has failed its perform method
INFO: Cfm.save() was called
INFO: Cfm.save(): 2 aggregate instances saved
INFO: done waiting for Action from 15:08:10.272
Thank you for your help AkankshaSheoranKaler. I have executed the following command based on your request. If there is any issue, please let me know. Thanks!
"Can you run this command to make sure that the agents bits were downloaded correctly : oms home /bin /emcli verify_updates
Share the output of the command. I am suspecting this is a know issue (Bug 17300008) but i will wait for your output. Also if you can open an SR with oracle support to track this issue and its resolution. "
[ncgf@nsn175-105 bin]$ ./emcli setup -url=https://nsn175-105.us.oracle.com:7803/em -u sername=SYSMAN
Oracle Enterprise Manager 12c 3.
Copyright (c) 1996, 2013 Oracle Corporation and/or its affiliates. All rights reserve d.
The configuration directory "/users/ncgf" may not be local. See the "dir" option in t he help for the setup command.
Do you want to continue using this directory? [yes/no] yes
Enter password
Emcli setup successful
[ncgf@nsn175-105 bin]$ ./emcli verify_updates
Verifying updates. Starting validation...
Type : Plug-in
Description: Demo Hostsample Test Plugin
Attributes
Version: 1201000100
Revision: 0
OS Platform: Generic Platform
Plug-in Name: Demo Host Sample Plugin
Archives are missing from the Software Library. Unable to determine the URL for downloading the update. The update might not have come from Oracle Enterprise Manager Store.
For each update with missing archives, emcli import_update can be used with a -force option to re-upload the archives to the Software Library.Hello AkankshaSheoranKaler
We have done the following, but we aren't able to resolve this issue. Thank you for your help!
lf
“This happen if the software library is not accessible, readable or unmounted (if it is in shared file system).”
On Enterprise Manager server [nsn175-105], we did the following:
1. we modified /etc/exports to include this line: /export *(rw,no_root_squash,sync)
we start nfs service by executing command “service nfs start”.
On Management Agent server (nsn175-89), we verified that we are able to mount /export directory of EM server.
On Management Agent server, we started firefox browser and were able to run successfully https://nsn175-105.us.oracle.com:4904/empbs/genwallet
After making this change, we ran agent deployment again. We encountered the same error as shown above.
“You can fix the software library or you can download the agent bits in offline mode.”
For fixing the software library, select Setup->Provision and Patching->Offline Patching, then select Offline Patching radio button, download: https://updates.oracle.com/download/em_catalog.zip. Next upload this zip file.
“Try downloading the bits again”
We are not sure what agent bits are. Would you please explain this and provide procedure how we can download this?
(Here I have attempted to fix the software library, but I am new to Enterprise Manager and not sure how to interpret this). -
How do I install a management agent
How do I install a management agent?
I have OMS installed on Server A.
I have server B that I need to manage with OMS, how do I install an agent on that?
There seems to be no clear way of installing an agent, and pointing it to Server A for registration.
I have tried:
1. Downloading the management agent from http://www.oracle.com/technology/software/products/oem/htdocs/agentsoft.html
a. Running the ./runInstaller
b. It fails with missing .rsp files, I've touched .rsp files in order to get the installer to run
c. But it does not give me an option to install an agent, only an 'additional service'
2. The mass installer
a. I unzipped the agent .zip file into the appropriate directory on Server A
b. Modified the agentDownload.linux_x64 file
c. Copied the agentDownload.linux_x64 file to Server B
d. Run the agentDownload script, with -b option
i. The script downloaded some files from Server A
ii. The script quit
I can't seem to find any real documentation on how to do this that actually makes sense and works.
I only need to install the agent on a few servers, so I don't need any mass install, surely, how hard can it be?Here is some output from agentDownload
[oracle@drora02 ~]$ scp -p prdgrid01.uto:/opt/oracle/Middleware/oms11g/sysman/agent_download/11.1.0.1.0/linux_x64/agentDownload.linux_x64 .
[oracle@drora02 ~]$ egrep '^(OMShost|httpPort)' agentDownload.linux_x64
OMShost=prdgrid01.uto
httpPort=4900
[oracle@drora02 ~]$ ./agentDownload.linux_x64 -b $ORACLE_BASE -dt
agentDownload.linux_x64 invoked on Tue Aug 10 09:52:23 EST 2010 with Arguments "-b /opt/oracle -dt"
Platform=Linux.x86_64, OS=linux_x64
GetPlatform:returned=0, and os is set to: linux_x64, platform=Linux.x86_64
Creating /home/oracle/agentDownload11.1.0.1.0Oui ...
LogFile for this Download can be found at: "/home/oracle/agentDownload11.1.0.1.0Oui/agentDownload.linux_x64081010095223.log"
Running on Selected Platform: Linux.x86_64
Installer location: /home/oracle/agentDownload11.1.0.1.0Oui
Downloading Agent install response file ...
Downloading Agent install response file ...
Executing wget_get_file http://prdgrid01.uto:4900/agent_download/11.1.0.1.0/agent_download.rsp
using the url http://prdgrid01.uto:4900/agent_download/11.1.0.1.0/ to access OMS
--2010-08-10 09:52:23-- http://prdgrid01.uto:4900/agent_download/11.1.0.1.0/agent_download.rsp
Resolving prdgrid01.uto... 10.200.200.36
Connecting to prdgrid01.uto|10.200.200.36|:4900... connected.
HTTP request sent, awaiting response... 200 No headers, assuming HTTP/0.9
Length: unspecified
Saving to: `agent_download.rsp'
[ <=> ] 7 --.-K/s in 0s
2010-08-10 09:52:23 (570 KB/s) - `agent_download.rsp' saved [7]
Finished Downloading agent_download.rsp with Status=0
Response file check complete - Failed
Could not download through url . Trying secure download..
Executing wget_get_file https://prdgrid01.uto:4900/agent_download/11.1.0.1.0/agent_download.rsp
using the url https://prdgrid01.uto:4900/agent_download/11.1.0.1.0/ to access OMS
--2010-08-10 09:52:23-- https://prdgrid01.uto:4900/agent_download/11.1.0.1.0/agent_download.rsp
Resolving prdgrid01.uto... 10.200.200.36
Connecting to prdgrid01.uto|10.200.200.36|:4900... connected.
WARNING: cannot verify prdgrid01.uto's certificate, issued by `/O=EnterpriseManager on prdgrid01.uto/OU=EnterpriseManager on prdgrid01.uto/L=EnterpriseManager on prdgrid01.uto/ST=CA/C=US/CN=prdgrid01.uto':
Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: 10008 (9.8K) [text/plain]
Saving to: `agent_download.rsp'
100%[===============================================================================================================================>] 10,008 --.-K/s in 0.005s
2010-08-10 09:52:23 (1.93 MB/s) - `agent_download.rsp' saved [10008/10008]
Finished Downloading agent_download.rsp with Status=0
Response file check Complete - Success
Checking the writable permission for baseDir - passed
If you wish to receive security updates, provide MYORACLESUPPORT_USERNAME in the <OMS_HOME>/sysman/agent_download/11.1.0.1.0/agent_download.rsp
If you do not want security updates, set DECLINE_SECURITY_UPATES to true in the <OMS_HOME>/sysman/agent_download/11.1.0.1.0/agent_download.rsp (or) invoke agentDownload with -y option
[oracle@drora02 ~]$ echo $?
1
And that is it, it stops there with no more information, and does not try to do anything further -
How to delete a management agent from grid control completely?
I have installed oem grid control 10.2.0.4.0 on single host(oemlinux.oracle.com), and I removed agent10g, and reinstall a new management agent into a new location, but when I wanted to add a weblogic server to monitor, I got error as below:
More than one Enterprise Manager Agent was found for the host.oemlinux.oracle.com
I found there were 2 agents in em console, how to delete the old agent from em console,anybody can help me?Click on the All targets tab, delete the agent.
Then confirm that the delete is in fact happening.
Click Setup, Management & Services Repository tab.
Deleted Targets link.
Time Deleted Completed must have a date in there...
If all that fails - do a quick search - I posted the sql you can run against the repository to wipe it clean of an agent :-)
Not too that if you are removing the O/S software - you need to use the runinstaller to remove the Oracle Home from the inventory.
If you don't do this - future auto installs using the agentDownload script of the agent will fail.
.Daryl -
Agent Determination Rule using Function Module
Hi all,
I am trying to create a custom agent determination rule using function module. But my rule is not getting invoked when the workflow is executed.
I created a custom rule and linked my function module (with proper signature).
FUNCTION 'ZRULEXXX''
""Local Interface:
*" TABLES
*" AC_CONTAINER STRUCTURE SWCONT
*" ACTOR_TAB STRUCTURE SWHACTOR
*" EXCEPTIONS
*" NOBODY_FOUND
And I am hard coding some values into table ACTOR_TAB
REFRESH ACTOR_TAB.
CLEAR ACTOR_TAB.
IF SY-SUBRC NE 0.
RAISE NOBODY_FOUND.
ELSE.
ACTOR_TAB-OTYPE = 'US'.
ACTOR_TAB-OBJID = 'XXXX'.
APPEND ACTOR_TAB.
ACTOR_TAB-OTYPE = 'US'.
ACTOR_TAB-OBJID = 'XXXXXX'.
APPEND ACTOR_TAB.
ENDIF.
But a worklist item is not being created for the users appended to ACTOR_TAB.
Is there anything am missing. Please let me know.
Thanks in advance
Regards
RajuHi,
Change it to following code. It will work.
REFRESH ACTOR_TAB.
CLEAR ACTOR_TAB.
*IF SY-SUBRC NE 0.
*RAISE NOBODY_FOUND.
*ELSE.
ACTOR_TAB-OTYPE = 'US'.
ACTOR_TAB-OBJID = 'XXXX'.
APPEND ACTOR_TAB.
ACTOR_TAB-OTYPE = 'US'.
ACTOR_TAB-OBJID = 'XXXXXX'.
APPEND ACTOR_TAB.
*ENDIF.
Regards,
Vaishali. -
Agent Determination Rule Not Working
I have created an new agent determination rule in PFAC.
The category I used is "Agent Determination: Responsibilities".
I have also selected the "Terminate if Rule Resolution has no Result" option.
The container has one element in it which is NOT mandatory called "Clinic".
I have set up the responsibilities, where there is only one which catches all - In other words, I created a responsibility for Clinic "*". I have also assigned a position as a responsible agent. The position is linked to a person number, and the person has a user-name assigned - All are in the valid period.
If I test the rule, and do not enter anything for the Clinic, and click the test button, it returns my one agent, which is correct.
The problem is that in my workflow I have assigned the rule as a responsible agent. At runtime, the workflow falls over saying that the agent determination has failed. This does not make sense, since I have not passed anything in binding to the rule. As mentioned earlier, when testing it works fine. I have tried using the rule with and without binding but it wont work. If I change the step in the workflow to rather use position, it works.
Please let me know if you have any ideas - I am really battling with this strange problem.I tried deselecting "Terminate if Rule Resolution has no Result" in the rule definition.
Having done that, the workflow now works correctly - It actually DOES find an agent and the workflow goes on as expected.
This is really weird, because if the terminate option is selected, it falls over saying that no person was found. Now with the terminate option not selected, it finds the agent - Is this a bug, or am I misunderstanding something??? -
How to change host name for management agent.
Hi,
I 've installed management agent for oracle, it's a part of Oracle Management Framework, but I have to change host name.
I know how to change port number, but I've no idea how to change host name.
Have you got any idea?
Thank you in advance.
MatinHi,
you can change it in System Landscape directory.
Go to the http:yourportal.com:50000/sld
then click on the Landscape and update the new host name.
Raghu
Maybe you are looking for
-
Photo gallery popups will not open in firefox, but does in internet explorer
In the last few days popups within a website will not open. IE photo gallerys, logins for internet banking. It seems to be a problem only in firefox as they will open with internet explorer
-
Error 306 won't let me download songs
when i purchased songs from itunes, the songs were bought but when i try to download them it comes up with error 306 then itunes started to redownload my songs for some reason and comes up with error 306 aswell. now i know that there are solutions fo
-
General query to recurse through XML nested elements
Hi all, Using 10g database...and I'm trying to parse XML (stored as clob, no registered schema) that handles nesting and reoccurring of the same element. i.e. <Policy ID="1"> <Risk ID="1.1"> <Risk ID="1.1.1"> <Risk ID="1.1.1.1"> </Risk> </Risk> </Ris
-
Hello every one.... As doing web log scenario..BW-XI integration( how to send XML data to BW from XI ). I configured all the steps in that web log..but final step is not woking eventhough i created html file nad xml file as per the web log
-
How to Offer High Res Image for Download
On a gallery site I would like to offer two or three high-res images for people to download as a sample. The images are pretty good with a lot of detail and it would enable viewers to see the texture and other detail in the artists work. Can someone