How to configure 2 CSM modules in 6500 ?

Similar Messages

• How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?

  hi.
  I found How to Configure Transparent caching on Cat 6500 with CSM in routed mode.
  But,
  I need help How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?
  Please let me know sample configuration.
  thanks.

  Hi,
  I wrote the document you mentioned and I also wrote the one below.
  http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00802c1201.shtml
  The one with the SSLM is a bridge mode config.
  If you replace the SSLM with a cache [or a farm of caches] it would be a similar config.
  Replace the SSL21 vserver with an HTTP vserver [most important is to keep the vlan configured on each vserver]
  Regards,
  Gilles.

• How to configure 7916 expansion module

  Hi
  Can somebody show me, how to configure 7916 expansion module, it's the first time I worked with and i have just a blue screen when I connect it to 7965.
  thanks for all

  Hi Malek,
  The steps are detailed here;
  Attaching a Cisco Unified IP Phone Expansion Module
  http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7962g_7961g_7961g-ge_7942g_7941g_7941g-ge/7_1/english/administration/guide/62614241set.html#wp1039513
  Hope this helps!
  Rob

• How to Configure Transparent caching on Cat 6500 with CSM in routed mode

  I am trying to configure Transparent caching on Cat 6500 with CSM in routed mode, but facing some problems in it , also I have gone thru the example config on cisco site for transparent caching using CSM on Cat 6500 , but the above does not fit my clients requirement.
  The scenario is like
  Access Switches - Cat6500 with MSFC & CSM - Internet Router
  |
  Cache Engines and Real servers
  The clients as well as real servers are on seperate VLANs (L3) and the requirement is to load balance the internet traffic using cache engines.
  I'd really appreciate any helpful suggestions or any useful links/docs/info on this.
  Thanks
  kumar

  Hello Joerg,
  Thanks for the reply.
  I have already gone thru the sample config shown by this weblink, however this link refers to configuring transparent caching on the CSM in BRIDGED MODE ( i.e both the client and server vlans are having the same IP address ) but in our case , we have multiple L3 VLANS on the CAT6509 having IP addresses in different SUBNETS , and the Real servers to be used for caching also exist on one of these VLANS. Thus, the scenario described by the Weblink does not apply here. Also , in the configuration referred by the above weblink, the VLAN 100 is configured as client , however the endusers are shown to be on vlan200 which is configured as SERVER VLAN in the CSM.
  Dont you think there is something wrong here, I mean the endusers should be on VLAN 100 (Client) and real servers on VLAN 200 (SERVER).
  So, I have to configure CSM in routed mode ( i.e both the client and server vlans will have seperate IP addresses in different subnets ) and the endusers will be on all VLANS .
  Pls let me know , how I can implement this solution.
  Thanks again
  Sudhir

• CSM module: rserver to rserver (or VIP) connections between serverfarms

  Hello,
  I am trying to audit an existing configuration of CSM module.
  Unfortunately have not an experience in CSM module configaration.
  The main goal is to understand if there are any direct connection between servers
  in different serverfarms (i.e. server from one serfarm opens session to server in
  second serverfarm to VIP or to real IP). Also I need to know if there exist any
  server initiated connection.
  For serverfarms in CSM configuration there are two options configured
  1)
  nat server
  nat client <pool>
  2)
  nat server
  no nat client
  As I understand, if there is no "static nat" lines in CSM configuration it means that
  there can not be server initiated connections. Is this correct?
  What is the best way to check if there are any direct connections between different serverfarms?
  Is it enough to take an output of "show conn" command like
      prot vlan source                destination           state      
  In  UDP  149  10.13.205.20:57944    10.36.22.20:23235     ESTAB      
  Out UDP  449  10.36.22.24:23235     10.13.205.20:57944    ESTAB      
  and check if there is "In" connection from <source IP> in one serverfarm to <destination IP>
  in second serverfarm? As for now I did not see such connections.
  Will be presented direct server-server/VIP or server initiated connections in "sh conn" command
  output for CSM module?
  Could you advise me how to check this in CSM configuration or show commands output?
  Thank you in advance.

  If the vserver to vserver connection is made between devices in the same subnet and the client uses the vsever address (rather than a vip address) then this will not be seen via the CSM at all. If the client vserver targets the vip address, then it is probable that you will require source nat to make it work. If a vserver starts a connection to another vserver addess (not vip) in a different subnet and the connection flows via the CSM,  then the CSM will show this in its connection table. You can test this via "telnet " and check the connection table. Any working vserver to vip connections will be visible in the connection table. Matthew

• How to configure link between 2921 and SM-D-ES3G-48-P EtherSwitch Service Module

  hi,
  I can't do that like the procedure given by Cisco.
  http://www.cisco.com/en/US/partner/docs/routers/access/interfaces/software/feature/guide/eesm_sw.html#wp1942894
  Cisco Procedure :
  interface gi10/0
  ip address x.x.x.x x.x.x.x
  service-module gigabitethernet 1/0 session
  My result :
  R2921-8CPITR-1(config)#int gi 1/1
  R2921-8CPITR-1(config-if)#ip address 2.2.2.2 255.255.255.192
  % IP addresses may not be configured on L2 links.
  R2921-8CPITR-1(config-if)
  R2921-8CPITR-1(config)#interface gigabitEthernet 1/1.1 ?
  % Unrecognized command
  R2921-8CPITR-1(config)#interface gigabitEthernet 1/1 ?
    <cr>
  R2921-8CPITR-1(config)#
  the session is not possible also ?
  R2921-8CPITR-1#service-module gigabitEthernet 1/1 sess
                                                    ^
  % Invalid input detected at '^' marker.
  R2921-8CPITR-1#
  The routeur said that it's not a L3 port, so how to configure it to allow communication between the 2921 and the card ?
  Is there a bug with that version I'm in 15.1(4)M4 ????
  R2921-8CPITR-1#sh ver
  Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Tue 20-Mar-12 18:57 by prod_rel_team
  ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
  R2921-8CPITR-1 uptime is 19 hours, 21 minutes
  System returned to ROM by power-on
  System restarted at 16:00:45 GAB Fri Sep 14 2012
  System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
  Last reload type: Normal Reload
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco CISCO2921/K9 (revision 1.0) with 479232K/45056K bytes of memory.
  Processor board ID FGL1618119E
  6 Gigabit Ethernet interfaces
  2 terminal lines
  DRAM configuration is 64 bits wide with parity enabled.
  255K bytes of non-volatile configuration memory.
  250880K bytes of ATA System CompactFlash 0 (Read/Write)
  License Info:
  License UDI:
  Device#   PID                   SN
  *0        CISCO2921/K9          FGL1618119E
  Technology Package License Information for Module:'c2900'
  Technology    Technology-package           Technology-package
                Current       Type           Next reboot
  ipbase        ipbasek9      Permanent      ipbasek9
  security      None          None           None
  uc            None          None           None
  data          None          None           None
  Configuration register is 0x2102
  R2921-8CPITR-1#

  Same issue here.
  I just waited a few minutes and the interface went down and back up, this time it was a L3 interface.
  My guess is that it was booting the switch module IOS, and it detected it until it was fully booted:
  Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
  Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
  Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
  Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
  Apr 11 05:26:52.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
  Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
  Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
  Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
  Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
  Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
  Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
  Apr 11 05:27:46.947: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
  Apr 11 05:27:47.031: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
  Apr 11 05:27:47.083: %LINK-5-CHANGED: Interface GigabitEthernet1/0, changed state to administratively down
  Apr 11 05:27:47.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
  Apr 11 05:27:48.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to down
  Apr 11 05:27:49.283: %IP-5-WEBINST_KILL: Terminating DNS process
  Apr 11 05:27:52.499: %LINK-3-UPDOWN: Interface GigabitEthernet1/1, changed state to up
  Apr 11 05:27:53.087: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Tue 04-Sep-12 16:50 by prod_rel_team
  Apr 11 05:27:53.255: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
  Apr 11 05:27:53.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up
  Apr 11 05:28:21.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
  Apr 11 05:29:22.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down
  Apr 11 05:29:22.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
  Router>en
  Router#sh ip int brief
  Interface                  IP-Address      OK? Method Status                Protocol
  Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down
  GigabitEthernet0/0         unassigned      YES unset  administratively down down
  GigabitEthernet0/1         unassigned      YES unset  administratively down down
  GigabitEthernet0/2         unassigned      YES unset  administratively down down
  GigabitEthernet1/0         unassigned      YES unset  administratively down down
  GigabitEthernet1/1         unassigned      YES unset  up                    down
  Vlan1                      unassigned      YES unset  down                  down
  Router#
  Apr 11 05:29:46.106: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to upconf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  Router(config)#int g1/0
  Router(config-if)#ip add 1.1.1.1 255.255.255.0
  Router(config-if)#no shut
  Router(config-if)#
  Apr 11 05:30:09.046: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
  Apr 11 05:30:10.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
  Router(config-if)#end

• How to configure FM module in BW after ECC6.0

  Can someone advice me on how to configure FM Module in BW after ECC6
  My company just upgrade R/3 system from 4.6C to ECC6.0. Before this Fund Management(FM) reside under 0FI (Financial Accounting) after ECC6.0 the FM reside in 0PSM (Public Sector Management).
  In 4.6C,  there is only 2 extractor for FM but for ECC6.0 there are a lot of extractor listed such as.
  - FM_BW_BUDGET
  - FM_BW_ACTUAL
  ECC6.0
  - FM_BW_BUDGET_DELTA_ISPS       
  - FM_BW_BUDGET_ENTRY_DOCUMENTS  
  - FM_BW_BUDGET_ISPS             
  - FM_BW_BUDGET_LINE_ITEMS       
  - FM_BW_BUDGET_TOTALS           
  - FM_BW_ACTUAL_CO_LINE_ITEMS_IS 
  - FM_BW_ACTUAL_FI_LINE_ITEMS_IS 
  - FM_BW_ACTUAL_ISPS             
  - FM_BW_ACTUAL_OI_LINE_ITEMS_IS 
  I need to know how to configure this new FM in BW and the 0PSM are not in BW System.

  Is there a different in configuration between BI7 and BW 3.5?
  Before this in 4.6C the query for FM read from BW3.5 but since the R/3 has upgrade to ECC6 and our BW System also has upgrade to Netweaver 2004s, so we'll be using BI7

• How to Configure Fixed Maturity Plans (FMP) in Treasury Module

  Dear Gurus
  I am trying to find out how to configure Mutual Fund-FMPs ie the Fixed Maturity Plans in SAP Treasury Module.
  Can you please help me out with the same.
  Thanks and regards
  Shaurya

  As per the product functionality, the condition - Final Repaymen may not work with Product type - 02A.
  In this case, I suggest you create a Sale transaction with future redemption date and keep the flow as contract till the redemption date occurs. But doesn't seems to be a perfect solution to your reqmt.
  Regards
  Prasad AV

• Cisco 6500 X6066 CSM Module Reporting

  Hi;
  Is there any tool for reporting on csm module reals/vservers etc. connections between given time periods ?
  If not , may i export these values with any commands from cli ?
  Thanks
  Umut

  Hi,
  You can use any SNMP tool to monitor CSM using SNMP MIBS.The Cisco CSM supports two Read Only MIBs: CISCO-SLB-MIB and CISCO-SLB-EXT-MIB, which are available at  ftp://ftp.cisco.com/pub/mibs/.
  Traps can be sent based on real server, virtual server, and fault tolerant state changes. This is an old product and not much options are available SNMP wise.
  While searching more related to this TOPIC i found a similar discussion. Kindly go through it and see if it helps you.
  https://supportforums.cisco.com/thread/2024621
  The CSM also allows you to confiure TCP scripts for HM and other particular tasks. Please have a look at the link below for details regarding the scripts:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/3.2/configuration/guide/scriptg.html
  Regards,
  Kanwal

• How to configure login modules for certificate logon

  Hello,
  perhaps someone of you has also tried to implement SSO via Client Certificates and is able to help me...
  I have configured the login modules for rule based authentication with the option Rule1.getUserFrom = wholeCert and I have attached my certificate to my user in useradmin.
  And also added the login module to the template ticket, as suggested by the documentation at help.sap.com
  But when I logon to the portal or other application (for example useradmin) via https the authentication doesn't work (but I'm still able to logon via password).
  I also tried auto. certifcate mapping and mapping by subject name but in every case the system ignores the configured login module. There are no errors in the log files.
  Thank You,
  Frank

  Hi Frank,
  did you configure the SSO for an individual policy configuration or did you edit and save the changes the ticket policy config? I ask, b/c if you applied the changes to the individual policy config then the SSO with certificates will be used <b>only</b> when you access the applications for that policy config.
  You can also double check the login module flags - perhaps the authentication check doesn't reach the ClientCertLM at all.
  Since you followed the help portal instruction I assume you've enabled strong crypto - it is required for client cert SSO. Ano easily committed mistake is to also not use the HTTPS port in the access URL.
  Let me know if this helps...
  Yonko

• ASA Service Module on 6500 montoring console session

  We have 6500 with ASA Service Module
  On 6500 how can we configure so that if someone logs in to the ASA Service Module and reboots the firewall we can have logs of it in syslog of switch .
  Thanks for help

  I hate to answer my own posts, but here it is.  TAC tells us that there are 2 choices to make this work.  Apparently the way that worked on an ISR and ISRG2 does not work on the 4000 series routers.  I guess that's progress.
  Option 1. Use a physical cable to connect one of the router's interfaces to one of the etherswitches interfaces and treat it just like the etherswitch is a seperate physical switch.  I'm sure there is a use case for that but I'll not cover that here.
  Option 2. Use the "service instance" feature on the router's internal interface to bind it to a new "BDI" virtual interface on the router.  This is what we'll do.
  On our router ethernet-internal 1/0/0 maps to Gi0/18 on the etherswitch, all internal to the box.  The router will be10.0.0.1 and the switch will be 10.0.0.2.
  Router:
  interface Ethernet-Internal 1/0/0
  service instance 1 ethernet
  encapsulation dot1q 50
  rewrite ingress tag pop 1
  interface BDI 1
  mtu 9216
  ip address 10.0.0.1 255.255.255.0
  Switch:
  interface Gi0/18
  switchport trunk vlan allowed 50
  switchport mode trunk
  vlan 50
  name Egress vlan
  interface vlan 50
  ip address 10.0.0.2 255.255.255.0
  ip route 0.0.0.0 0.0.0.0 10.0.0.1
  Then there are a million ways to design and configure the switch as a normal 3560X switch but that's beyond the scope of my question.

• CSM Modules and Server availability project

  I have 2 geographically separated sites, site A in the main office and site B is the Disaster recovery office. These 2 sites are connected by a high speed Layer 3 link (10Gb), The goal is to have duplicate servers available in site B in the event of partial server failure in site A or even complete failure of site A. Can I accomplished this with the CSM modules given that these servers will be in different networks and overall how would this configuration work, I really appreciate it.

  Are you planning to put CSMs in both data centers or a single data center?
  If CSM will be at one site (site A) only then
  You need to use source NAT on CSM (Assumption: its in Site A) to make sure that the return traffic from servers in "site B"
  can go back to the client through CSM at "Site A"
  If both Data centers will have their own CSM modules then the best approach is to use GSS or any any Geo redundant setup that can check the load/health/availability/proximity of the VIPs (virtual ips configured on each CSM) in each data center and direct the clients intelligently to the appropriate data center.
  Syed Iftekhar Ahmed

• How to configure sso with SSL step by step

  Purpose
  In this document, you can learn how to configure SSO with SSL. After user have certificate installed in browser, he can login without input username and password.
  Overview
  In this document we will demonstrate:
  1.     How to configure OHS support SSL
  2.     How to Register SSO with SSL
  3.     Configure SSO for certificates
  Prerequisites
  Before start this document, you should have:
  1.     Oracle AS 10g infrastructure installed (10.1.2)
  2.     OCA installed
  Note:
  1.     “When you install Oracle infrastructure, please make sure you have select OCA.
  2.     How Certificate-Enabled Authentication Works:
  a.     The user tries to access a partner application.
  b.     The partner application redirects the user to the single sign-on server for authentication. As part of this redirection, the browser sends the user's certificate to the login URL of the server (2a). If it is able to verify the certificate, the server returns the user to the requested application.
  c.     The application delivers content. Users whose browsers are configured to prompt for a certificate-store password may only have to present this password once, depending upon how their browser is configured. If they log out and then attempt to access a partner application, the browser passes their certificate to the single sign-on server automatically. This means that they never really log out. To effectively log out, they must close the browser.
  Enable SSL on the Single Sign-On Middle Tier
  The following steps involve configuring the Oracle HTTP Server. Perform them on the single sign-on middle tier. In doing so, keep the following in mind:
  l     You must configure SSL on the computer where the single sign-on middle tier is running.
  l     You are configuring one-way SSL.
  l     You may enable SSL for simple network encryption; PKI authentication is not required. Note though that you must use a valid wallet and server certificate. The default wallet location is ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default.
  1.     Back up the opmn.xml file, found at ORACLE_HOME/opmn/conf
  2.     In opmn.xml, change the value for the start-mode parameter to ssl-enabled. This parameter appears in boldface in the xml tag immediately following.
  <ias-component id="HTTP_Server">
  <process-type id="HTTP_Server" module-id="OHS">
  <module-data>
  <category id="start-parameters">
  <data id="start-mode" value="ssl-enabled"/>
  </category>
  </module-data>
  <process-set id="HTTP_Server" numprocs="1"/>
  </process-type>
  </ias-component>
  3.     Update the distributed cluster management database with the change: ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct opmn
  4.     Reload the modified opmn configuration file:
  ORACLE_HOME/opmn/bin/opmnctl reload
  5.     Keep a non-SSL port active. The External Applications portlet communicates with the single sign-on server over a non-SSL port. The HTTP port is enabled by default. If you have not disabled the port, this step requires no action.
  6.     Apply the rule mod_rewrite to SSL configuration. This step involves modifying the ssl.conf file on the middle-tier computer. The file is at ORACLE_HOME/Apache/Apache/conf. Back up the file before editing it.
  Because the Oracle HTTP Server has to be available over both HTTP and HTTPS, the SSL host must be configured as a virtual host. Add the lines that follow to the SSL Virtual Hosts section of ssl.conf if they are not already there. These lines ensure that the single sign-on login module in OC4J_SECURITY is invoked when a user logs in to the SSL host.
  <VirtualHost ssl_host:port>
  RewriteEngine on
  RewriteOptions inherit
  </VirtualHost>
  Save and close the file.
  7.     Update the distributed cluster management database with the changes:
  ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct ohs
  8.     Restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl startproc process-type=HTTP_Server
  9.     Verify that you have enabled the single sign-on middle tier for SSL by trying to access the OracleAS welcome page, using the format https://host:ssl_port.
  Reconfigure the Identity Management Infrastructure Database
  Change all references of http in single sign-on URLs to https within the identity management infrastructure database. When you change single sign-on URLs in the database, you must also change these URLs in the targets.xml file on the single sign-on middle tier. targets.xml is the configuration file for the various "targets" that Oracle Enterprise Manager monitors. One of these targets is OracleAS Single Sign-On.
  1.     Change Single Sign-On URLs
  Run the ssocfg script, taking care to enter the command on the computer where the single sign-on middle tier is located. Use the following syntax:
  UNIX:
  $ORACLE_HOME/sso/bin/ssocfg.sh protocol host ssl_port
  Windows:
  %ORACLE_HOME%\sso\bin\ssocfg.bat protocol host ssl_port
  In this case, protocol is https. (To change back to HTTP, use http.) The parameter host is the host name, or server name, of the Oracle HTTP listener for the single sign-on server.
  Here is an example:
  ssocfg.sh https login.acme.com 4443
  2. Restart OC4J_SECURITY instance and verify the configuration
  To determine the correct port number, examine the ssl.conf file. Port 4443 is the port number that the OracleAS installer assigns during installation.
  If you run ssocfg successfully, the script returns a status 0. To confirm that you were successful, restart the OC4J_SECURITY instance:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Then try logging in to the single sign-on server at its SSL address:
  https://host:ssl_port/pls/orasso/
       3. Back up the file targets.xml:
  cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.backup
  4. Open the file and find the target type oracle_sso_server. Within this target type, locate and edit the three attributes that you passed to ssocfg:
  ·     HTTPMachine—the server host name
  ·     HTTPPort—the server port number
  ·     HTTPProtocol—the server protocol
  If, for example, you run ssocfg like this:
  ORACLE_HOME/sso/bin/ssocfg.sh http sso.mydomain.com:4443
  Update the three attributes this way:
  <Property NAME="HTTPMachine" VALUE="sso.mydomain.com"/>
  <Property NAME="HTTPPort" VALUE="4443"/>
  <Property NAME="HTTPProtocol" VALUE="HTTPS"/>
  5.Save and close the file.
  6.     Reload the OracleAS console:
       ORACLE_HOME/bin/emctl reload
  7. Issue these two commands:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Registering mod_osso
  1.     This command sequence that follows shows a mod_osso instance being reregistered with the single sign-on server.
  $ORACLE_HOME/sso/bin/ssoreg.sh
       -oracle_home_path $ORACLE_HOME
       -config_mod_osso TRUE
       -mod_osso_url https://myhost.mydomain.com:4443
  2.     Restarting the Oracle HTTP Server
  After running ssoreg, restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  Configuring the Single Sign-On System for Certificates
  1.     Configure policy.properties with the Default Authentication Plugin
  Update the DefaultAuthLevel section of the policy.properties file with the correct authentication level for certificate sign-on. This file is at ORACLE_HOME/sso/conf. Set the default authentication level to this value:
  DefaultAuthLevel = MediumHighSecurity
  Then, in the Authentication plugins section, pair this authentication level with the default authentication plugin:
  MediumHighSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOX509CertAuth
  2.     Restart the Single Sign-On Middle Tier
  After configuring the server, restart the middle tier:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Bringing the SSO Users to OCA User Certificate Request URL
  The OCA server reduces the administrative and maintenance cost of provisioning a user certificate. The OCA server achieves this by authenticating users by using OracleAS SSO server authentication. All users who have an Oracle AS SSO server account can directly get a certificate by using the OCA user interface. This reduces the time normoally requidred to provision a certificate by a certificate authority.
  The URL for the SSO certificate Request is:
  https://<Oracle_HTTP_host>:<oca_ssl_port>/oca/sso_oca_link
  You can configure OCA to provide the user certificate request interface URL to SSO server for display whenever SSO is not using a sertificate to authenticate a user. After the OracleAS SSO server authenticates a user, it then display the OCA screen enabling that user to request a certificate.
  To link the OCA server to OracleAS SSO server, use the following command:
  ocactl linksso
  opmnctl stoproc type=oc4j instancename=oca
  opmnctl startproc type=oc4j instancename=oca
  You also can use ocactl unlinksso to unlink the OCA to SSO.

  I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
  The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
  on a URL that looks like this :
  http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  and gives the error :
  ( Forbidden
  You don't have permisission to access /sso/auth on this server at port 7777)
  when I manually change the URL to :
  https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  the SSO works correctly.
  The question is :
  How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
  Any ideas ?
  Thanks in advance

• How to configure Email output in SD

  Dear friends Pls sent me details of how to configure email output in SD module.
  <REMOVED>
  Thanks & Regards,
  <REMOVED>

  Hi
  Idoc Def :Standard SAP format for electronic data interchange between systems (Intermediate Document). Different message types (such as delivery confirmations or purchase orders) normally represent different specific formats, the IDoc types. However, multiple message types with related content can be assigned to one IDoc type: For example, the IDoc type ORDERS01 transfers the "logical" message types ORDERS (purchase order) and ORDRSP (order confirmation).
  Idocs are of two types basic type and the extension type .we need to configure the system settings for this process .
  IDOC (Intermediate Document) - A data holder.
  IDOC is divided in to three parts.
  Control Record
  Data Record
  Status Record
  Control record (Table: EDIDC):
  - Every IDOC has only one Control Record
  - Each Control Record contains header information like:
  o IDOC Number
  o Direction of IDOC: Inbound or Outbound
  o Date and Time of creation of IDOC
  o Date and time when the IDOC was last modified.
  o Message Type of IDOC
  o IDOC type and extension of IDOC
  o Sender and Receiver Partner
  Data record – (Table: EDID4):
  - Data Record contains Data to be processed.
  - Every IDOC has one data record with multiple segments in hierarchy.
  - Segments and Hierarchy of Segments are defined by IDOC Type and Extension.
  - IDOC created has to strictly follow the hierarchy; else IDOC fails with Syntax error.
  - Segments which are repetitive have qualifiers attached to it
  Status record – (Table: EDIDS):
  - Status Record describes the status of IDOC.
  - Each IDOC contains one status Record with multiple status information.
  - Status at each level is appended to IDOC. E.g. When IDOC is created in SAP, Status is “This IDoc has been generated through a test transaction”, When the IDOC is added to system it is “IDOC added”, “IDOC ready to be transferred to Application”……
  - Status should always be read bottom-up. Status at the top is the latest status.
  - Some Example of Status Records:
  o Inbound:
  § 53 - IDOC successfully posted
  § 51 – IDOC Failed
  § 64 - IDOC ready to be transferred to Application
  o
  Outbound:
  § 30 – IDOC ready for Dispatch
  § 03 – IDOC passed to port OK
  § 12 – IDOC Dispatched
  § 16 – Functional Acknowledgement Positive
  § 17 – functional Acknowledgement Negative
  IDoc Type: Defines the segments and hierarchy of segments
  o Transaction Code:
  § WE30 – To create, change or display the IDOC type and the extension.
  § WE31 – To create the Segment
  - IDOC type defines the segments to be used in the IDOC.
  - It also defines the hierarchy and syntax of the segments.
  - IDOC extension is nothing but to add segments to standard IDOC types.
  - Transaction WE31 allows you to create segments.
  - Program RSEIDOC3 documents the use of each IDOC type.
  Segments:
  Attributes of a Segment:
  - Mandatory Segment: If checked, this segment should always exist in the IDOC.
  - Minimum Number:
  - Maximum Number: Maximum number of times this segment can be repeated in IDOC. -
  Parent Segment: Parent of this segment
  - Hierarchy level: Level of hierarchy.
  Segment Definition (WE31):
  Messsage Type: Defines the type of data in the IDOC
  o Transaction Code:
  § WE81 – To create, change or display the Message type and the extension.
  § WE82 – Using this transaction you can link Message Type, IDOC Type, IDOC Extension and version.
  - Message type identifies the type of data IDOC holds. E.g. Orders (ORDERS), Delivery (DESADV), Invoice (INVOICE). It also defines what needs to be done with the data in the IDOC, in case of Inbound IDOC, and which data to be extracted in case of Outbound IDOC.
  - Message Type is linked to a process code, which in turn is linked to a Function Module. This function module extracts from or posts data to SAP depending on direction of IDOC.
  - Relation between Message Type, IDOC type and IDOC extension needs to define. Without this relation Message type or IDOC type cannot be used.
  Message Type Create, Change or Display (WE81):
  Setup link between Message Type, IDOC Type, IDOC Extension and Version (WE82)
  Process Code: Function Module is linked to a process code. This function module in executed for inbound or outbound IDOC.
  o Transaction Codes:
  § WE41 – Outbound Process Code
  § WE42 – Inbound Process Code
  - Process codes are linked to a Function Module.
  - Relationship is Message Type is linked to a Process Code which is linked to a Function Module.
  - In case if you are using a stand alone code to trigger an IDOC, you need not define a process code.
  RFC Destination: System definition of destination.
  o Transaction Code: SM59
  - RFC destination identifies the destination of IDOC.
  - In case of ALE:
  o In ALE the communication mode is IDOC to IDOC, hence the type used is R/3 Connections.
  o It is the destination SAP system which will receive the IDOC.
  o In RFC destination you define the destination SAP system details like System, Login and Password.
  Go thr below links:
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCMIDALEIO/BCMIDALEIO.pdf
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCMIDALEPRO/BCMIDALEPRO.pdf
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/CABFAALEQS/CABFAALEQS.pdf
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCSRVEDISC/CAEDISCAP_STC.pdf
  Sail

• How do I add my hp officejet 6500 e709n printer to my ipad mini

  How do I add my hp officejet 6500 e709n  ( HPCA103A ) printer to my ipad mini? Airprint says no printer found &amp; after buying this I can't afford to pay for other apps, ...help,I like my hp printer,..thank you.

  See requirements for AirPrint (http://support.apple.com/kb/ht4356):
  If your printer supports AirPrint but does not work then:
  Your printer might need a firmware update
  Your printer must be on the same WiFi network
  Your router must support Bonjour (Zero-configuration networking).
  For troubleshooting:
  Turn Off iPad, WiFi router (remove from power), and Printer (remove from power).
  Turn on WiFi router
  Wait 30 seconds
  Turn on printer
  Wait 30 seconds
  Turn on iPad
  Try to print.