Handling Auto-provisioning failure Manually?

Similar Messages

• CUP Provisions user to SAP successfully but gives "Auto-Provisioning" error

  Hi All,
  I'm getting an "auto-provisioning" error in CUP when a "Change Account" workflow is approved. The strange thing is, CUP does successfully provision the change to the SAP backend. Yet, the "New Account" provisions successfully without the error.
  Here is an example of the audit trail log from Change Account:
  Request submitted for approval by Dylan Hack(HACKDY) on 06/28/2010 17:14 
  Approved By Dylan Hack(HACKDY) Path AE_AUTO_APPROV_ERROR and Stage AE_AUTOPROV_ERR on 06/28/2010 17:14 
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
     Approved FI_xxxxx-DEV role for Add action with validity dates 06/28/2010-12/31/9999
  Auto provisioned for request on 06/28/2010 17:14 
     User Provisioning failed for System(s) : DEV. Error Message :
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
     Role: FI_xxxxx assigned to user: testngin in System(s): DEV.
  Request submitted for reroute by system on 06/28/2010 17:14 due to auto provisioning failure 
     Rerouted in the Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR to Path : AE_AUTO_APPROV_ERROR and Stage : AE_AUTOPROV_ERR
  Note: the role names were replaced with "xxxxxxx."
  The system log gives an error, but it is very vague:
  2010-06-28 17:14:34,682 [SAPEngine_Application_Thread[impl:3]_33] ERROR com.virsa.ae.service.ServiceException
  com.virsa.ae.service.ServiceException
       at com.virsa.ae.service.sap.SAPProvisionDAO.intializeWithChangeUserInputParameters(SAPProvisionDAO.java:762)
       at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3457)
       at com.virsa.ae.service.sap.SAPProvisionDAO.changeUser(SAPProvisionDAO.java:3419)
  Any ideas or suggestions?
  Current software level AC5.3 SP12.
  -Dylan

  Hello Varun,
  Thanks for the thought on this. We don't use User Defaults for Change Account, but do for New Account. You question prompted me to do more testing with very interesting results.
  Results
  New Account with User Defaults configured:
  User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
  New Account without User Defaults configured:
  User provisioned successfully, no Auto-Provision error.
  Change Account with User Defaults configured:
  User provisioned successfully, no Auto-Provision error, Defaults NOT provisioned.
  Change Account without User Defaults configured:
  User provisioned successfully, Auto-Provision ERROR, Defaults NOT provisioned.
  In both New and Change Account, the configured User Defaults are NOT provisioned even though the user is provisioned. AC5.3 is on SP12, the RTA is VIRSANH SP12 and VIRSAHR SP10.
  For the Change Account, the user is always provisioned regardless of User Defaults; however, when no User Default is configured, the Auto-Provisioning error occurs. The User Defaults NOT provisioning is a real problem, the CUP error message, I can work around for now.
  What about on your side? Am I the only guy using SP12 here?

• GRC 5.3 CUP auto provisioning of Mitigation Assignment in RAR

  Hello,
  Is there any other workflow that needs to be triggered for the auto provisioning of the Mitigation control id assignment to the userid in RAR system from CUP,  upon request completion?
  I created a request that after the final stage of sox approver, got auto provisioned roles assigned to the user id in the SAP system , but it also stated that auto provisioning failed and got re-routed to the detour path of the security admin as I configured in case of auto provisioning failure. When I look at the error log, it states:
  User Provisioning failed for System(s) : XYZ. Error Message : User type TE is unknown
     Role: ROLEA assigned to user: TESTER1 in System(s): XYZ.
  1). So, even though the approved role is being assigned to the user in the backend system, some other stuff is failing at auto provisioning. And I thought it might be the mitigation control assignment to the userid in RAR. I have the mitigation fields/objects active. But how do I ensure the auto-assignment of mitigation control ids also gets assigned on the same request upon sox approval?
  2). The other question is where is the value of the 'controller' stored when configuring a stage for workflow approver determinator in the sox approver stage? Where is this value picked up from? We don't want to use the RAR mitigation approvers or monitors, we want to use a custom approver id from CUP and then the control id to be assigned upon approval automatically to the userid in RAR via CUP request completion during auto provisioning. Is this possible? The only thing failing for us is trying to determine how to create the custom approver determinator for SOX approver in CUP since it asks for 'attribute' value for workflow type 'Compliant User Provisioning' which doesn't make sense for this.
  And then the above error even though the user role assignment is auto provisioning already but still giving the error as I listed above and re-routing to detour path instead of completing the request. Is it due to auto provisioning failure of mitigation control assignment in RAR?
  Thanks in advance,
  Alley
  Edited by: Alley1 on Sep 20, 2011 1:15 AM

  Hi Karell,
     Here is response to your questions:
  I can use the following CAD in an AE workflow: web service to fetch role approvers. I question this as it is merely a RE workflow service : No. As far as I know the web service is only for RE/ERM.
  Can the Risk Analysis be initiated in stage x automatically once stage (x-1) was completed. So no person involved, it is mandatory however, in my opinion there should be no extra person involved to actually press the button "Risk Analysis" : No. There is no way to automate the risk analysis part. Someone will have to click on the button to check for SoD violations. You can configure to run automatic risk analysis when the request is submitted but this is not 100% perfect. If someone adds or removes role during approval phase, it will invalidate the risk analysis which was run during request submission.
  Can somehow the Risk Owners defined in the RAR componed be asked to approve/reject risk that came out of the Risk Analysis described in my previous point. They should only be contacted when there is a risk indicated. : This is possible by following Babak's workflow.
  Regards,
  Alpesh

• Limitations of Auto-Provisioning through CUP (AE)

  Hi all,
  I am looking for some information on what are all the benefits and limitations of using auto-provisioning over manual provisioning for the backend systems through CUP (AE).
  We are implementing GRC AC 5.3 and it is organization's business decision whether we need the proviosing piece to be automated or not. However, I would like to get your suggestions based on your project experiences esp in a decentralized security administration where security admins are in different geographical locations and have to provision only for their user groups.
  Can we perform all the activities thro' auto-provision similar to a security administrator manually creating a user, assign appropriate user groups etc.,  or is there any limitation?
  Which approach would be better for decentralized administration?
  Appreciate your suggestions..
  Thanks
  Siri

  Hi Alpesh & Williams,
  The user default settings such as date, timezone, decimal etc can be configured through the 'user defaults' and 'user default mapping' . I see the option of assigning user  groups and appropriate parameters too.
  Say the user belong to user group AAA_XXX  and another user belongs to AAA_YYY, where
  AAA - location
  XXX - Dept
  I have configured these (location, dept) as required fields while entering the request in CUP .
  However, during run time how will the correct user group be assigned to the user. Is it through the user default mapping? Where do we maintain all the user group information that is available in the ECC system? Do we have to create user default, user default mapping for each user group??
  The documentation from SAP is not very clear .. Appreciate if you can provide some lights on this area.
  Thanks
  Siri

• SP12: CUP: Error for requesttype "change" at auto-provisioning

  Hello,
  We have an error while auto-provisioning a change-request in CUP.
  The request stages can be approved correctly but after the last stage, the request is rerouted to administrator because of escape-route settings. (auto provisioning failures)
  So the audit trail reports an error at auto-provisioning, BUT in the backend-system the user was changed correctly.
  If we now want to approve the request on admin-stage, the error appears again. So we have a closed loop reaction.
  Any ideas?
  Does anybody have the same issue?
  Our client have the same problem with SP12 on the prod.system but in the dev.system (also SP12) we can create the request well.
  Thanks,
  Alexa

  2010-10-15 13:45:54,456 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@1794:getProvisioningStatusDTO() : OUT of the method
  2010-10-15 13:45:54,458 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@1827:getProvisioningStatusDTO() : OUT of the method
  2010-10-15 13:45:54,458 [SAPEngine_Application_Thread[impl:3]_32] DEBUG com.virsa.ae.accessrequests.bo.ProvisioningBO : autoProvision() :   : listMessagesForSysType,list size=1
  2010-10-15 13:45:54,459 [SAPEngine_Application_Thread[impl:3]_32] DEBUG com.virsa.ae.accessrequests.bo.ProvisioningBO : autoProvision() :   : listMessagesForSysType #0# element:com.virsa.ae.configuration.po.ApplicationLogPO@31cf3f2[userId=GRC_20,emailId=<null>,reqNo=716,system=LS_DI6_300,recDate=10/15/2010,changedBy=AKOLB,logAction=USER CREATE,newValue=GRC_20,description=<null>,error=true,singleMessage=false]
  2010-10-15 13:45:54,461 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@248:autoProvision() :  Preparing Provision to SAP ... DONE
  2010-10-15 13:45:54,463 [SAPEngine_Application_Thread[impl:3]_32] DEBUG  ProvisioningBO.java@277:autoProvision() : OUT of the method
  2010-10-15 13:45:54,465 [SAPEngine_Application_Thread[impl:3]_32] WARN   RequestBO.java@5924:autoProvisioningForApprove() : Exception occured during auto provisioning , error messages : [com.virsa.ae.configuration.po.ApplicationLogPO@31cf3f2[userId=GRC_20,emailId=<null>,reqNo=716,system=LS_DI6_300,recDate=10/15/2010,changedBy=AKOLB,logAction=USER CREATE,newValue=GRC_20,description=<null>,error=true,singleMessage=false]]
  2010-10-15 13:45:54,469 [SAPEngine_Application_Thread[impl:3]_32] ERROR  RequestBO.java@6665:approveRequest() : AutoProvisioning Exception, checking if the escape route is enabled
  2010-10-15 13:45:54,478 [SAPEngine_Application_Thread[impl:3]_32] ERROR  RequestBO.java@6681:approveRequest() : AutoProvisioning Exception, escape route is enabled, going for the escape route
  2010-10-15 13:45:54,490 [SAPEngine_Application_Thread[impl:3]_32] DEBUG com.virsa.ae.accessrequests.bo.RequestBO : rerouteRequest() : AKOLB : INTO the method with toPathName : , poRequestDetails : com.virsa.ae.accessrequests.po.RequestDetailsPO@70e31b05[requestForOthers=false,userLookupEnabled=false,userIDFieldEnabled=false,userFirstNameFieldEnabled=false,userLastNameFieldEnabled=false,approverLookupEnabled=false,locationFieldEnabled=false,departmentFieldEnabled=false,emailFieldEnabled=false,telephoneFieldEnabled=false,companyFieldEnabled=false,employeeTypeFieldEnabled=false,managerTelephoneFieldEnabled=false,managerEmailFieldEnabled=false,managerNameFieldEnabled=false,requestorTelephoneFieldEnabled=false,requestorEmailFieldEnabled=false,requestorNameFieldEnabled=false,addRole=false,approveReject=,approveRejects=approveRejects,accessChanged=false,fileAttached=false,reqDataApplProvDTOs={com.virsa.ae.dao.dto.RequestDataApplicationProvisionDTO@46b5291a[reqNo=716,application=LS_DI6_300,provisionAction=ASSIGN_ROLES,userId=GRC_20,roleId=2,isProvisioned=true,isNew=false,LMD=<null>],com.virsa.ae.dao.dto.RequestDataApplicationProvisionDTO@1f9d8e3a[reqNo=716,application=LS_DI6_300,provisionAction=ASSIGN_ROLES,userId=GRC_20,roleId=3,isProvisioned=true,isNew=false,LMD=<null>],com.virsa.ae.dao.dto.RequestDataApplicationProvisionDTO@20e4920d[reqNo=716,application=LS_DI6_300,provisionAction=ASSIGN_ROLES,userId=GRC_20,roleId=4,isProvisioned=true,isNew=false,LMD=<null>]},accntValidationmsgs=[],connectionFailedSystems=,userExistSystems=,userNotExistSystems=,comm_method_type=,cstmFldName=,usersPOList=[com.virsa.ae.accessrequests.po.RequestUserPO

• Failed Auto Provisioning UCMA

  Hi,
  currently i build ucma application and run this application on top of Lync FE Server. But we got the following problems:
  1. We created auto provisioning application endpoint called "startup.sample" using Lync management shell then running simple ucma application to receive incoming call.
  But it return the following error "external server must be installed , code failure:2".
  My question is how do we know the things that make this error come up, maybe incorrect configuration?
  2. We create manual-provisioning on ucma application and run the application.
  As a result, the platform started and application endpoint established without error.
  Then I’m modified the code and put an event to handle incoming call after establishing endpoint success to handle incoming call.
  But, when I call from Lync client to the trusted application endpoint "startup.sample" that I have created before,  it seems that the event not raised, since the ucma application didn’t return anything incoming status.
  my question is, how do we know this error and the cause that make event not raised?
  The following are architecture/topology that we used in  our environment:
  - DC server
  - Lync FE Server (UCma application in top of the server)
  - 3 Notebook with Lync client 2013 installed.

  Sam,
  See the other post in the list talking about your problem, "host not trusted".
  I had the same problem and the fix was to upgrade the IPS to 7.1(9)E4 . 
  Mike

• CUP - How to handel requests with no auto provisioning

  Dear Friends,
  We are not using Auto-Provisioning in our CUP component.
  We don't know how to handle a situation when although the request was approved at all stages, the provisioning it self (which is executed manually) does not happen (for example, the security manger forgot to do the changes).
  How can we detect those differences ?
  And if we did detect them, is there a possibility to add some comments to a request that was fully approved.
  thanks
  Yudit

  Hi Yudit,
  Not exactly. It is some manual work.
  CUP>>Informer>>Provisioning
  Run these two reports (select specific period):
  Role Assigned / Removed
  User Processed
  Run t-code RSSCD100_PFCG_USER (You find this repot in SUIM).
  Use the same period as above.
  Export the report to Excel. If many entries, create a function to compare the results orilter the result by Action and compare to CUP reports.
  Good luck,
  Vit

• CUP Auto Provisioning Error 260: User Comparison

  I am in the process of configuring the CUP 5.3 module within our ECC and SRM environments.  I believe the path and associated stages are established properly.  I have tested the auto provisioning functionality within both SRM and ECC.  As it relates to SRM, the auto provisioning functionality works without a hitch.  However, when I attempt to auto provision a user into our ECC environment, I receive the following error:
  Auto provisioned for request on 04/07/2010 13:41 
     New User: T00522 created on 04/07/2010 13:42 in System(s): DR4-300.
     User attributes changed for User : T00522 in System(s) :DR4-300.
     Role Provisioning failed for System(s) : DR4-300. Error Message : 260:User master comparison incomplete; see long text
  Speaking with out security team, the only time they have seen this issue was when they attempted to map a user, using PFCG, to a role.  However, I informed them that CUP uses SU01.  They have not experienced such an issue using SU01 and clicking on the user comparison button. 
  Interesting point:  The user record is created and roles assigned to user but have a red light indicator by the role within SU01.  However, when the next day rolls around the role has been changed to a Green light, profile assigned and everything is looking good.  Unfortunately, CUP can't seem to register this and when the Role Owner attempts to approve the role / user request again.  The same error occurs and until I can get around this error, the workflow is not closed out nor is the requester notifiied.
  Questions:
  (1)  How can I fix this issue, I assume it will require a security change to be made within the ECC environment?
  (2)  If this issue can't be fixed, can I get around this issue with a detour or other CUP error processing step?

  Denoted below is the log that corresponds to the 260 comparison error.  Does anyone know what access I am missing within the UME.  I have tested this provisioning process, manually, and do not run into a Comparison error within the SU01 screens:
  2010-04-27 13:44:54,748 [SAPEngine_Application_Thread[impl:3]_31] ERROR com.virsa.ae.service.ServiceException: 260:User master comparison incomplete; see long text
  com.virsa.ae.service.ServiceException: 260:User master comparison incomplete; see long text
       at com.virsa.ae.service.sap.SAPProvisionDAO.executeRoleOperation(SAPProvisionDAO.java:1706)
       at com.virsa.ae.service.sap.SAPProvisionDAO.assignRoles(SAPProvisionDAO.java:1458)
       at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionInNonCUA(ProvisionSAPUserDAO.java:1232)
       at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionRole(ProvisionSAPUserDAO.java:932)
       at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionUser(ProvisionSAPUserDAO.java:118)
       at com.virsa.ae.accessrequests.bo.ProvisioningBO.autoProvision(ProvisioningBO.java:216)
       at com.virsa.ae.accessrequests.bo.RequestBO.autoProvisioningForApprove(RequestBO.java:4572)
       at com.virsa.ae.accessrequests.bo.RequestBO.callAEExitService(RequestBO.java:5565)
       at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5339)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5191)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4984)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:941)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  2010-04-27 13:44:54,927 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.bo.RequestAuditHelper : logMajorAction() :   : intHstId : 3068
  2010-04-27 13:44:54,972 [SAPEngine_Application_Thread[impl:3]_31] ERROR no dtos exist which are in the same state as the passing dto
  com.virsa.ae.core.ObjectNotFoundException: no dtos exist which are in the same state as the passing dto
       at com.virsa.ae.workflow.bo.WorkFlowBOHelper.getIfUnapprovedPathExists(WorkFlowBOHelper.java:2662)
       at com.virsa.ae.workflow.bo.WorkFlowBOHelper.handleWFForNewPathStage(WorkFlowBOHelper.java:2516)
       at com.virsa.ae.workflow.bo.WorkFlowRequestRerouteHelper.rerouteRequest(WorkFlowRequestRerouteHelper.java:68)
       at com.virsa.ae.workflow.bo.WorkFlowBO.rerouteRequest(WorkFlowBO.java:614)
       at com.virsa.ae.accessrequests.bo.RequestBO.rerouteRequestForAutoProvisioningFailure(RequestBO.java:6897)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5239)
       at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4984)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:941)
       at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
       at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
       at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(AccessController.java:219)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  2010-04-27 13:44:55,394 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.actions.RequestViewAction : confirmRequestApproval() :   : setting context to true, ending context
  2010-04-27 13:44:55,414 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataForwardDAO : findTransactions() :   : sbQuery : SELECT REQNO, REQPATHID, STAGE_NAME, FWDED_BY, APRVRID, ITERATION, FORWARD_TYPE, STATUS FROM VIRSA_AE_RQD_WPFWD WHERE REQNO = ?
  2010-04-27 13:44:55,486 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.SAPConnectorDAO : findAllActiveSAPConnectors :   :  going to return no of records= 3
  2010-04-27 13:44:55,495 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.OracleAppsConnectorDAO : findAllActiveORACLEConnectors :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,498 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.PACSConnectorDAO : findAllActivePACSConnectors :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,502 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.WSConnectorDAO : findAllActive :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,505 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.ApplicationDAO : findAllForContext :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,532 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataSODConflictDAO : findAllForContext(SqljContext ctx)  :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,535 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataSODConflictDAO : findAllForContext(SqljContext ctx)  :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,540 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.dao.sqlj.RequestDataMitigationDAO : findAllForContext(SqljContext ctx)  :   :  going to return ImmutableList(empty)
  2010-04-27 13:44:55,579 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.actions.RequestViewAction : pageLoad() :   : INTO the method
  2010-04-27 13:44:55,580 [SAPEngine_Application_Thread[impl:3]_31] INFO  com.virsa.ae.accessrequests.actions.RequestViewAction : pageLoad() :   : request number : 154
  2010-04-27 13:45:14,055 [SAPEngine_Application_Thread[impl:3]_18] INFO  com.virsa.ae.dao.sqlj.RequestTypeDAO : findAll :   :  going to return no of records= 20

• OIM - OID (11g) auto-provision thru ldap sync

  Hi,
  I have configured ldap sync. I have following questions
  1. We have created custom attributes in OID and referred to custom object class. Now when I try to create user in OIM, user is auto-provisioned to OID. But the custom attributes in OIM are not getting provisioned to OID (unable to see the custom attributes in user object of OID, unless we refer manually the custom object class). Can any one let me know how to auto-provision the custom attribtues into OID?
  2. When user is auto-provisioned to OID, it is not showing any resource profile details of OID in OIM? Is it the expected behavior? But create, udpate, delete are happening as expected.
  Please let me know if any one know the solution.

  Hi,
  Where you able to achieve this?? i have similar requirment where, i have added 5 custom attributes in both OIM and OID, when i create the users these attributes doesnot get updated on OID....should i add these UDF in any objectclass which OIM understands??please suggest
  Thanks in advance

• CUP - Editing Auto Provisioning Email Content

  Hi,
  I am looking into the possibility of editing the content of the Auto Provisioning email that is automatically sent out after user creation is done. Our policy is to send User ID and Password in separate emails.
  Below not provides some insight into editing the initial data XML file AE_init_clean_and_insert_data.
  [Note 1253720 - Compliant User Provisioning 5.3-Supressing Password Email|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1253720]
  Questions I have:
  1) If editing this XML file and re-loading will over-write the workflow configuration, then do I have to manually reconfigure all our workflows again or is there an option to export the workflow configuration and the import it back after re-loading the XML file? Which all existing configuration will be overwritten by reloading this file?
  2) If at some point in time we decide to revert back to the standard XML file provided by SAP, then we again fall into the same issue as in the above question. What is best approach?
  If anyone has experience in implementing the above note, then can you please provide some insight?
  Regards,
  Jay

  Your workflows wont be effected. If you however wanted to export the workflows you could do so along with intial system configuration under intial system data, roles and connectors.
  If you want to export workflows alone, you can only export the initiators.
  Regards,
  Chinmaya

• CUP auto provision to position

  Hello Experts
  I hope you can help me on this issue. We have just implemented CUP (SP14) and have set up auto provisioning, indiirect to a position.
  Despite this CUP is provisioning all requests directly to the User ID. There are no error messages to indicate that provisioning to the position has failed or even if it has been attempted. All back end funtionality is standard and working when tested manually. The CUP logs are not showing anything that I can decipher. It is as if the auto provision configuration indirect to the position is being ignored.
  Any ideas what could cause this behaviour?
  Thanks
  Barry

  Hi Jwalant
  Thanks very much for the reply,
  I am using SAPHR as the data source and for authentication. However we only want the user id to authenticate.
  Auto provisioning is set to indirect with position for Global and by System and I have tried Provisioning at end of request and at end of each path. This should work without using the personnel number in the authentication shouldn't it?
  The users Hr information is being pulled into the request without problem. It seems that CUP is making no effort to provision to the position, it just does it to the user every time.
  Any ideas?
  Thanks
  Barry

• Error in Auto Provisioning ( Access Enforcer )

  Hi,
  When I go to Access Enforcer -> configuration -> workflow -> auto provisioning , I get this error:
  Application error occurred during request processing.
    Details:   java.lang.NullPointerException: null
  Exception id: [7ECF26E5A402006000000926000BB04A0004653E942D3D44]
  This is how my trace file look like:
  #1.#7ECF26E5A402006000000926000BB04A0004653E942D3D44#1237219355213#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#sap.com/AEEAR#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#J2EE_ADMIN#49704##n/a##d9a08ca0124311dec4817ecf26e5a402#SAPEngine_Application_Thread[impl:3]_6##0#0#Error##Plain###application [AE] Processing HTTP request to servlet [AEController] finished with error. The error is: java.lang.NullPointerException
          at java.lang.String.compareTo(String.java:449)
          at com.virsa.ae.service.cache.DropDown.compareTo(DropDown.java:71)
          at java.util.Arrays.mergeSort(Arrays.java:1166)
          at java.util.Arrays.mergeSort(Arrays.java:1178)
          at java.util.Arrays.sort(Arrays.java:1093)
          at java.util.Collections.sort(Collections.java:127)
          at com.virsa.ae.service.cache.AECacheUtil.getSystemsDropDown(AECacheUtil.java:963)
          at com.virsa.ae.service.cache.AECacheUtil.getSystemsDropDown(AECacheUtil.java:907)
          at jsp_cfg_workflow_provision_by_system1236276468461._jspService(jsp_cfg_workflow_provision_by_system1236276468461.java:28)
          at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
          at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
          at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
          at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.include(RequestDispatcherImpl.java:473)
          at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.include(PageContextImpl.java:178)
          at jsp_cfg_work_flow_auto_provisioning1236276463205._jspService(jsp_cfg_work_flow_auto_provisioning1236276463205.java:221)
          at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
          at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
          at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
          at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
          at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:452)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
          at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
          at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:452)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
          at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
          at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
          at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
          at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
          at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
          at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
          at java.security.AccessController.doPrivileged(AccessController.java:219)
          at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
          at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  #1.#7ECF26E5A402006000000928000BB04A0004653E942D3FBA#1237219355213#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/AEEAR#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#J2EE_ADMIN#49704##n/a##d9a08ca0124311dec4817ecf26e5a402#SAPEngine_Application_Thread[impl:3]_6##0#0#Error#1#/System/Server/WebRequests#Plain###application [AE] Processing HTTP request to servlet [AEController] finished with error.
  Please suggest.

  Hemant,
      Try re-uploading the initial data file you received with the installation. Once you re-import the file, reboot your J2EE engine and test again.
  Regards,
  Alpesh

• Using the JDE Connector to Auto Provision (11g)

  Looking for companies using OIM 11g who have recently setup auto provisioning using the JDE connector. Any insight (gotchas, etc.) you could post here would be appreciated.
  Edited by: user13686208 on Mar 23, 2011 12:02 PM

  Ranjini,
  By auto-provision, do you mean all users default gets an AD resource?
  To start off with,
  1)are you able to manually provision users to AD?
  If no, then ur problem is with the AD Connector parameters or Task Create User.
  If yes,
  2) do you have an access policy for provisioning?
  If no, you need to create a policy to provision the AD resource to the All User Group.
  If yes, need to check if the users are part of the group and also try retrofitting the policy.
  Rgds, Ajay

• Cisco Asterisk auto provisioning

  Hi all,
  I have setup asterisk pabx and the extension phones (SPA504g) have configured to auto provision by asterisk server.
  The system was working fine, but today one extension phone got unregistered. I have reset the phone and test it again, it gives "Checking DNS". Other phones are working fine.
  Do anyone has an idea about this issue?
  Thanks,
  Yasiru

  Hi yasiru and welcome to the Cisco Home Community!
  The SPA504G  is handled by the Cisco Small Business Support Community.
  For discussions about this product, please go here. https://supportforums.cisco.com/community/netpro/small-business
  cheers!
  OnnagokorO

• SCSI auto sense failure when SCSI tape drives are present

  I've got a driver based on Sun's old SCSI Solaris 8 bst.c sample that worked fine up until the latest Solaris 10. Now I get a "Check condition with Auto Sensing" failure on all SCSI targets using this driver whenever a SCSI tape drive is present.
  Is there a document that describes SCSI driver changes with the latest Solaris 10?

  When a failure occurs pkt_r is 0 (command complete), pkt_state has flags 0x17 (which mean xfer didn't happen and STATE_ARQ_DONE didn't happen), but the sts_chk bit is true indicating a check condition.
  rqsense option is set, so the driver doesn't attempt to manually retrieve sense data. Should it?
  Anyone at Sun want to advise on an OS behavior change that might be linked to this?