HR context structural auths and unrelated personnel IDs
Hi,
we are working on HR SAP 4.7 SAP R/3 Enterprise with these patch levels:
COMPONENT Rel Liv. Supp.Pack. Descr.
SAP_BASIS 620 0038 SAPKB62038 SAP Basis Component
SAP_ABA 620 0038 SAPKA62038 Cross-Application Component
SAP_APPL 470 0020 SAPKH47020 Logistics and Accounting
SAP_HR 470 0028 SAPKE47028 Human Resources
EA-HR 200 0009 SAPKGPHB09 SAP R/3 Enterprise HR Extension
We are using only context structural authorizations (P_ORGINCON) with these switches:
ADAYS 15 HR: tolerance time for authorization check
APPRO 0 HR: Test procedures
DFCON 4 HR: Default Position (Context)
INCON 1 HR: Master Data (Context)
NNCON 0 HR:Customer-Specific Authorization Check (Context)
NNNNN 0 HR: Customer-specific authorization check
ORGIN 0 HR: Master data
ORGPD 4 HR: Structural authorization check
ORGXX 0 HR: Master data - Extended check
PERNR 1 HR: Master data - Personnel number check
XXCON 0 HR: Master Data - Enhanced Check (Context)
Everything works fine except for personnel IDs not linked to OM.
If we use PA40 to assigne an "unrelated object" (personnel IDs) to the OM structure, the
action works correctly.
We are not able to assign a unrelated personnel IDs to OM using PPOM.
Even if we have assigned the value 4 to both DFCON and ORGPD, we have to create a large
structural autorization with maintain flag active (the same as ALL in OOSP) and assign it to
the user in order to see the button "unrelated object" in PPOM.
In other words: it seems that unrelated personnel IDs need structural authorizations in order
to be assigned in OM.
Any idea ?
Is this a bug ?
Thanks
Andrea Cavalleri
There are many ways of doing this depends which one you like....
1. Create a custom Function Module which will perform end to end extraction of desired Objects. There is no need to pass on some inputs for evaluation path. Just while creating structural, keep everything blank except for the last column to put your custom FM. This is a technique to control Structural using FM only.
2. In a structural use two lines...one might be with standard FM, other one should pick specific objects which you don't want user to have access. Ensure to check exclude beside that line. The Intention is to remove undesired objects from populating in OOSB.
3. Implement a BADI which will be executed after RHBAUS* programs are run, whose objective should be to identify these CIDs and remove them from T77UU table or INDX or from OOSB.
Please do not confuse P_ORGINCON with structural authorization. The integration of PA and structural authorization is to provide different level of access to set of objects pulled by structural auth.
There can be plenty other ways to do it.....HR Security is a playground where multiple games can be played at a time
Similar Messages
-
Restrict HR Authorization Object PLOG By HR Structural Auth Profile
Via OSS Note 453786, SAP requested customers not to use HR Authorization Object PLOG_CON.
We have a requirement to restrict HR Authorization Object PLOG by HR Structural Authorization Profiles. How are other customers able to accomplish this objective without authorization object PLOG_CON being used?
(Custom solution: ZPLOG_CON/custom FM, or use HRBAS00_STRUAUTH BADI)?
Thank you,
KenKen,
1. the note you mentioned is specific to sap version 46b. is that the version your client is on? just wanted to check.
2. then you have not mentioned anything about the requirement, i mean explicit details.. without which it is very difficult to come to a solution.
3. you look like you are on the right track of thinking though with the z-auth-object/function module/badi thingy...
4. ultimately solution is dependant on the explicit requirements.
the 'con' bit usually refers to context sensitiveness of security when a mixture of regular and structural auths would not meet the security requirements.... so at a high level:
1. design the structural profile with the right combo of eval path and function module(z-fm?)
2. do the right thing by plog by explicitly mentioning levels of suths for all objects and subtypes and infotypes as well.
3. use p_origincon to assign the structural profile
4. a combination of all of the above should do the trick...
good luck
cheers -
Users Are Not Removed From Old Position Via Structural Auth
Hello...
Has anyone experienced an issue where someone move from one position into a new one, the old reporting manager can still see this person information via structural auth? There's a general structural profile with the evaluation path o-s-p and function module RH_GET_ORG_ASSIGNMENT which is assigned to all accounts in the system. This profile works as intended when Person A moves to a different position reporting to Manager B. Manager B can view Person A information (time, personal, etc.); however, the system does not remove Person A from Manager A. In addition, the RHPROFL0 is scheduled twice a day.
Thanks for any insights or thoughts on this issue.Hmm...
Which release and SP are you on?
Also check the depth of the profile (just in case the employees were demoted...) and the period (although you mention that it should be current only).
I have only been involved is custom implementations of "structural authorizations" because the standard is quite tricky and complex to find an error or inconsistency - so hopefully one of the other gurus who are more familiar with it can help as well.
Cheers,
Julius -
Need to deactivate structural auth. check for a custom Report
Hi all experts:
I have a report that is based on PNPCE logical database and it displays work hours for a project, all non-sensitive information. We would like a wide range of users to have access to this but since this is based on PNPCE logical database whenever a user runs it, the str. authorization check is performed. I have tried deactivate this check with P_ABAP object and coers 2 but it only ignores infotype auth. check but still checks the structural. We don't want to expand str. profile for users.
Do you know if there is a way to deactive this just for one report?
Your help will be greatly appreciated.
Regards,
NetThanks Kiran. I had tried that value but still got the same message. I am having problem understanding exactly when this value 2 ignores structural authorization because it works on some reports and not others. Anyway, we implemented BADI for this report to ignore structural auth. check and it is working fine.
Thanks again,
NT -
Show two trees with same context structure
Hi,
I'm having problems showing two trees using the same context structure but different data simultaneously.
Here is my context structure:
tree (value node)
- expanded (boolean)
- label (string)
- leaf (boolean)
- recursion (recursion node with ref on tree)
I fill the first two layers of this tree in wdDoInit, the rest is loaded dynamically triggered by the onLoadChildren event.
This setting works fine for one tree. But I have the requirement to set up a second tree using the context structure of the first tree with different data. The problem is both should be shown simultaneously.
What I expected to work is:
1. to wrap the above mentioned structure into a container
2. make the tree a prototype (singleton=false) and
3. instantiate two tree nodes
4. fill both nodes with data
5. bind each with its corresponding ui elements manually
So the "shared" context structure would be:
treeContainer (value node)
- tree (value node, singleton=false)
-- expanded (boolean)
-- label (string)
-- leaf (boolean)
-- recursion (recursion node with ref on tree)
My data mapping code begins with these lines
ITreeContainerElement treeContainerElement =
treeContainerNode.createTreeContainerElement();
treeContainerNode.addElement(treeContainerElement);
ITreeNode treeFactory = wdContext.nodeTree();
which is then called one time for each tree. What happens is that both trees show the aggregated data, so each tree shows the data for both trees. When I use the factory of the element instead
ITreeContainerElement treeContainerElement =
treeContainerNode.createTreeContainerElement();
treeContainerNode.addElement(treeContainerElement);
ITreeNode treeFactory = treeContainerElement.nodeTree();
both trees show the data for the first tree.
I am aware that when I copy the context tree to a different location and rename every value node, e.h. tree2, recursion2 that this will work. But the problem is that the two trees will interact together, e.g. copy branches, and I want to use the typed API since the tree will get quite complex and they have absolutely the same structure.
I guess I'm getting sth. terribly wrong here with my understanding of the context, so any help is appreciated.
Best regards,
FabianHi,
It seems to be that my understanding of the context was terribly wrong. After I traced the behaviour in the debugger I realized that I made one important fault. The datasource of the UI elements should have been bound to the first and second instance of the recursion node container. Therefore the parent node should not be singleton since I access two instances simultaneously.
However, I now separated both trees in the context for the sake of maintainability. I work now with the generic API In order to reuse the functionality.
To determine the correct container I introduced the convention that the tree value node should only contain the recursion node. Then I use the following code to determine the right container:
private IWDNode getContainer(IWDNodeElement parentElement) {
IWDNode parentContainer = parentElement.node();
IWDNodeInfo parentContainerInfo = parentContainer.getNodeInfo();
boolean isRecursive = parentContainerInfo.isRecursive();
String childName = null;
if (isRecursive)
childName = parentContainerInfo.getName();
else {
IWDNodeInfo recursiveNodeInfo =
(IWDNodeInfo) parentContainer
.getNodeInfo()
.iterateChildren()
.next();
childName = recursiveNodeInfo.getName();
return parentContainer.getChildNode(childName, parentElement.index());
I'm sorry if my question was somehow imprecise and lead into the wrong direction. With the code now working I reckon the question as answered and give you both points for good answers!
Best regards,
Fabian -
[The title of this forum is "Labview Ideas". Although this is NOT a direct suggestion for a change or addition to Labview, it seems appropriate to me to post it in this forum.]
In-Place Element Structures, References and Pointers, Compiler Optimization, and General Stupidity
I'd like to see NI actually start a round-table discussion about VI references, Data Value references, local variables, compiler optimizations, etc. I'm a C programmer; I'm used to pointers. They are simple, functional, and well defined. If you know the data type of an object and have a pointer to it, you have the object. I am used to compilers that optimize without the user having to go to weird lengths to arrange it.
The 'reference' you get when you right click and "Create Reference" on a control or indicator seems to be merely a shorthand read/write version of the Value property that can't be wired into a flow-of-control (like the error wire) and so causes synchronization issues and race conditions. I try not to use local variables.
I use references a lot like C pointers; I pass items to SubVIs using references. But the use of references (as compared to C pointers) is really limited, and the implementation is insconsistent, not factorial in capabilites, and buggy. For instance, why can you pass an array by reference and NOT be able to determine the size of the array EXCEPT by dereferencing it and using the "Size Array" VI? I can even get references for all array elements; but I don't know how many there are...! Since arrays are represented internally in Labview as handles, and consist of basically a C-style pointer to the data, and array sizing information, why is the array handle opaque? Why doesn't the reference include operators to look at the referenced handle without instantiating a copy of the array? Why isn't there a "Size Array From Reference" VI in the library that doesn't instantiate a copy of the array locally, but just looks at the array handle?
Data Value references seem to have been invented solely for the "In-Place Element Structure". Having to write the code to obtain the Data Value Reference before using the In-Place Element Structure simply points out how different a Labview reference is from a C pointer. The Labview help page for Data Value References simply says "Creates a reference to data that you can use to transfer and access the data in a serialized way.". I've had programmers ask me if this means that the data must be accessed sequentially (serially)...!!! What exactly does that mean? For those of use who can read between the lines, it means that Labview obtains a semaphore protecting the data references so that only one thread can modify it at a time. Is that the only reason for Data Value References? To provide something that implements the semaphore???
The In-Place Element Structure talks about minimizing copying of data and compiler optimization. Those kind of optimizations are built in to the compiler in virtually every other language... with no special 'construct' needing to be placed around the code to identify that it can be performed without a local copy. Are you telling me that the Labview compiler is so stupid that it can't identify certain code threads as needing to be single-threaded when optimizing? That the USER has to wrap the code in semaphores before the compiler can figure out it should optimize??? That the compiler cannot implement single threading of parts of the user's code to improve execution efficiency?
Instead of depending on the user base to send in suggestions one-at-a-time it would be nice if NI would actually host discussions aimed at coming up with a coherent and comprehensive way to handle pointers/references/optimization etc. One of the reasons Labview is so scattered is because individual ideas are evaluated and included without any group discussion about the total environment. How about a MODERATED group, available by invitation only (based on NI interactions with users in person, via support, and on the web) to try and get discussions about Labview evolution going?
Based solely on the number of Labview bugs I've encountered and reported, I'd guess this has never been done, with the user community, or within NI itself.....Here are some articles that can help provide some insights into LabVIEW programming and the LabVIEW compiler. They are both interesting and recommended reading for all intermediate-to-advanced LabVIEW programmers.
NI LabVIEW Compiler: Under the Hood
VI Memory Usage
The second article is a little out-of-date, as it doesn't discuss some of the newer technologies available such as the In-Place Element Structure you were referring to. However, many of the general concepts still apply. Some general notes from your post:
1. I think part of your confusion is that you are trying to use control references and local variables like you would use variables in a C program. This is not a good analogy. Control references are references to user interface controls, and should almost always be used to control the behavior and appearance of those controls, not to store or transmit data like a pointer. LabVIEW is a dataflow language. Data is intended to be stored or transmitted through wires in most cases, not in references. It is admittedly difficult to make this transition for some text-based programmers. Programming efficiently in LabVIEW sometimes requires a different mindset.
2. The LabVIEW compiler, while by no means perfect, is a complicated, feature-rich set of machinery that includes a large and growing set of optimizations. Many of these are described in the first link I posted. This includes optimizations you'd find in many programming environments, such as dead code elimination, inlining, and constant folding. One optimization in particular is called inplaceness, which is where LabVIEW determines when buffers can be reused. Contrary to your statement, the In-Place Element Structure is not always required for this optimization to take place. There are many circumstances (dating back years before the IPE structure) where LabVIEW can determine inplaceness and reuse buffers. The IPE structure simply helps users enforce inplaceness in some situations where it's not clear enough on the diagram for the LabVIEW compiler to make that determination.
The more you learn about programming in LabVIEW, the more you realize that inplaceness itself is the closest analogy to pointers in C, not control references or data references or other such things. Those features have their place, but core, fundamental LabVIEW programming does not require them.
Jarrod S.
National Instruments -
Connection between Structure Field and Table Field
Hello everybody,
I'm trying to find a connection between a field in the structure and the actual filed in the table of the database. For example in the structure CAUFVD you have the field PLNNR. This information is stored in the table AFFL in the field PLNNR.
In the transaction SE84 you can display a structure with all it's fields but I don't see anywhere from which table and field the information is gathered.
Can you please help me in finding the connection between the structure field and the table field in the database in which the displayed information is stored?
Thanks and best regards,
CALIN Marius-Bogdan
SAP - PP-KeyUserDouble-click on the structure field and you can do a where-used to find the codepoints, interface usage, etc. You might find it that way. You could also look at the flow logic of your screen and try to trace it back. Otherwise, you'd have to use watchpoints, the debugger, runtime analysis or various other developer tools to find the data population. If you are a user and not a developer as your signature indicates, you might need to find a developer for this. Sometimes, it can be incredibly frustrating with SAP because the data field will be handed off 4 or 5 times before it actually reaches its destination field. Unfortunately, I haven't worked with PP in at least 10 years so I can't give you a better answer; maybe someone else can.
-
Hi,
I take a exeption on the SharePoint 2013 left navigation.
Exeption: "The context has expired and can no longer be used. (Exception from HRESULT: 0x80090317)"
I searched this exeption keyword on the internet and I find usualy 3 results
1)check datetime servers --> I checked datetime for all SP Severs ,DB server and AD server ..there is no problem
2)Disabled the WebPageSecurity Validation on CA>General Settings-->I tired and problem not solved
3) Reset IIS --> if I restart IIS problem solved but after 2-3 hours or anytime error comes again..
ULS Log:
PortalSiteMapProvider was unable to fetch children for node
at URL: /MySite/MySubSite, message: The context has expired and can no longer be used. (Exception from HRESULT: 0x80090317), stack trace:
at Microsoft.SharePoint.SPGlobal.HandleComException(COMException comEx)
at Microsoft.SharePoint.Library.SPRequest.SetHttpParameters(String bstrHttpMethod, String bstrRequestDigest, UInt32 flags, Guid gTranLockerId, Byte[]& ppsaImpersonateUserToken, Boolean bIgnoreTimeout, String bstrUserLogin, String bstrUserKey, UInt32
ulRoleCount, String bstrRoles, Boolean bWindowsMode, String bstrAppPrincipalName, Boolean bIsHostHeaderAppPrincipal, String bstrOriginalAppPrincipalIdentifier, ApplicationPrincipalInfo& pAppUserInfo, Boolean bInvalidateCachedConfigurationProperties, Int32
lAppDomainId, ISPManagedObjectFactory pFactory, Boolean bCallstack, ISPDataCallback pCanaryCallback)
at Microsoft.SharePoint.SPGlobal.CreateSPRequestAndSetIdentity(SPSite site, String name, Boolean bNotGlobalAdminCode, String strUrl, Boolean bNotAddToContext, Byte[] UserToken, SPAppPrincipalToken appPrincipalToken, String userName, Boolean bIgnoreTokenTimeout,
Boolean bAsAnonymous)
at Microsoft.SharePoint.SPWeb.InitializeSPRequest()
at Microsoft.SharePoint.SPWeb.EnsureSPRequest()
at Microsoft.SharePoint.SPWeb.get_Request()
at Microsoft.SharePoint.Publishing.Navigation.SiteNavigationSettings..ctor(SPSite site)
at Microsoft.SharePoint.Publishing.Navigation.SiteNavigationSettings.GetSiteNavigationSettings(SPSite site)
at Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapNode.GetNavigationChildren(NodeTypes includedTypes, NodeTypes includedHiddenTypes, Boolean trimmingEnabled, OrderingMethod ordering, AutomaticSortingMethod method, Boolean ascending, Int32 lcid)
at Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapNode.GetNavigationChildren(NodeTypes includedTypes, NodeTypes includedHiddenTypes, OrderingMethod ordering, AutomaticSortingMethod method, Boolean ascending, Int32 lcid)
at Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapNode.GetNavigationChildren(NodeTypes includedHiddenTypes)
at Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapProvider.GetChildNodes(PortalSiteMapNode node, NodeTypes includedHiddenTypes)
Plaase Help.Hi Veli,
Please check the security token timeout value and it is set to 1440 as expected by default. You can check via running the command:
stsadm -o getproperty -pn token-timeout
Then check the OOB recycle times of the probkematic web application pool, and add daily recycle times for the problematic web application pool. You can do as the article:
http://technet.microsoft.com/en-us/library/cc754494(v=WS.10).aspx
Best Regards,
Wendy
Wendy Li
TechNet Community Support -
I have followed the instructions on this blog. http://blog.cloudshare.com/2012/10/22/how-to-fix-sharepoint-2013-web-application-error-the-context-has-expired-and-can-no-longer-be-used/ and
it fixes the problem for a short time. I have to keep doing IISResets to get my farm backup.
Please Help.Have you trid Ajay Khanna's suggestion from the comments field?
From Central Admin- Select the web application and Select --> Web Application General Settings --> Navigate to 'Web page Security validation', change or disable the timeout field.
Steven Andrews
SharePoint Business Analyst: LiveNation Entertainment
Blog: baron72.wordpress.com
Twitter: Follow @backpackerd00d
My Wiki Articles:
CodePlex Corner Series
Please remember to mark your question as "answered" if this solves (or helps) your problem. -
The context has expired and can no longer be used
I am running across a repeatable error when accessing a specific Site Collection. EVERY TIME the SC is loaded we receive the error 'The context has expired and can no longer be used'.
I have already validated the SharePoint servers' time zones are all the same and match the web application(s), as well as set the 'Web
page Security validation' to "Off".
What else could I be missing? Could this have anything to do with Distributed Cache?
- RickHi,
We just began to have the same error. The servers are also correctly set for the timezone (UTC) as well as the Web Applications.
The error happens for every site collections, there isn't a specific site where I'm able to reproduce the issue.
This is the ULS :
05/27/2014 12:59:05.98 w3wp.exe (0x1524) 0x0780 Web Content Management Publishing Cache ahh6l Verbose CreateListItemFromUrl : Parameters url : '/sitename/SitePages/Home.aspx', enableCheckedOutItem : 'True', checkedOutByCurrentUser 'False' retVal Id = '4618889e-0e1c-4503-a7fb-70fd36e2661d'. 01ff949c-98cc-d0fb-9795-c691c2852f54
05/27/2014 12:59:05.98 w3wp.exe (0x1524) 0x0780 Web Content Management Publishing Cache ahh6l Verbose CreateListItemFromUrl : Parameters url : '/sitename/SitePages/Home.aspx', enableCheckedOutItem : 'True', checkedOutByCurrentUser 'False' retVal Id = '4618889e-0e1c-4503-a7fb-70fd36e2661d'. 01ff949c-98cc-d0fb-9795-c691c2852f54
05/27/2014 12:59:06.00 w3wp.exe (0x1524) 0x0780 SharePoint Foundation Runtime tkau Unexpected System.Runtime.InteropServices.COMException: The context has expired and can no longer be used. (Exception from HRESULT: 0x80090317) at Microsoft.SharePoint.Library.SPRequestInternalClass.SetHttpParameters(String bstrHttpMethod, String bstrRequestDigest, UInt32 flags, Guid gTranLockerId, Byte[]& ppsaImpersonateUserToken, Boolean bIgnoreTimeout, String bstrUserLogin, String bstrUserKey, UInt32 ulRoleCount, String bstrRoles, Boolean bWindowsMode, String bstrAppPrincipalName, Boolean bIsHostHeaderAppPrincipal, String bstrOriginalAppPrincipalIdentifier, ApplicationPrincipalInfo& pAppUserInfo, Boolean bInvalidateCachedConfigurationProperties, Int32 lAppDomainId, ISPManagedObjectFactory pFactory, Boolean bCallstack, ISPDataCallback pCanaryCallback) at Microsoft.SharePoint.Library.SPRequest.SetHttpParameters(String bstrHttpMethod, String bstrRequestDigest, UInt32 flags, Guid gTranLockerId, Byte[]& ppsaImpersonateUserToken, Boolean bIgnoreTimeout, String bstrUserLogin, String bstrUserKey, UInt32 ulRoleCount, String bstrRoles, Boolean bWindowsMode, String bstrAppPrincipalName, Boolean bIsHostHeaderAppPrincipal, String bstrOriginalAppPrincipalIdentifier, ApplicationPrincipalInfo& pAppUserInfo, Boolean bInvalidateCachedConfigurationProperties, Int32 lAppDomainId, ISPManagedObjectFactory pFactory, Boolean bCallstack, ISPDataCallback pCanaryCallback) 01ff949c-98cc-d0fb-9795-c691c2852f54 -
We have a problem with our wiki site collection. Once a day (and sometimes more), we get the following error message :
The context has expired and can no longer be used. (Exception from HRESULT: 0x80090317)
This message is displayed to everyone, and will stay there for an hour or so before the collection is back to life.
Doing an iisreset would get the site working but that will last for a day at the most.
This is what we checked and tried so far :
1. Our time zones are set and are correct.
2. Changing the timeout or disabling the web page security validation (followed by an iisreset) didn't work.
3. All server use the same NTP server for time sync (and they are indeed in sync).
4. It is happening only on the wiki collection, not the other collections.
5. We are unable to reproduce the behavior on the staging servers.
Some particularities :
1. Regional settings are set to French (Canada)
2. We have 500+ wiki pages in the site collection
3. We require page check-out / check-in for editing. Tried without, same problem.
Any ideas as to what should we try next ?
Regards,
homergggHi,
I don't think we have changed them from the default, a quick look shows ours are set to:
Token-timeout = 24hrs
FormsTokenLifetime = 10hrs
WindowsTokenLifetime = 10hrs
LogonTokenCacheExpirationWindow = 10m
Rob -
The context has expired and can no longer be used errors making farm unusable
There are a couple of other posts on this forum about the message "The context has expired and can no longer be used" but they all suggest something related to time and time zone differences. This is not the case in my farm and I have disabled
the security checking of requests on my web applications. Hopefully someone at Microsoft is very aware of this and is working to resolve it because my farm and many others are unusable like this.
I have dug through all of the ULS errors when it happens and there is nothing useful. It barely even registers as a message although, I have not turned on verbose logging, which I am about to try. I have SP 1 installed. Just to be clear, this is happening
on SharePoint 2013 Enterprise.
I have been fighting this for a month. I can add a few things about the farm I am trying to fix:
1. It was a WSS 3.0 farm that when through a 2007-2010-2013 migration in short order.
2. I believe it is under-powered on the hardware side. All VMs on a host shared with 40 other VMs, some fairly busy. Here's the virtual farm breakdown:
-1 WFE with 12GB RAM and 2 cores
-3 app servers with similar resources
-No paging file on C: on any VM. This is a decision by sysadmin. Paging on D: is system managed. Probably irrelevant.
3. Rapidly clicking from link to link seems to bring on the failure much sooner.
Any suggestions even about how to troubleshoot this would be appreciated.Ultimately, I think it is a time sync issue across the farm. We still have request management off on all boxes because I cannot get the admins to resolve this issue but, in my lab environment I ran into a similar thing.
I may turn RM back on later to see if it comes back but here's what I think happens: In production we have 2 ESXi hosts and our SP environment is all AD (of course). The clocks are all out of sync, sometimes beyond 5 minutes. (The time sync for AD is something
I believe a lot of admins don't understand when running virtual.)
If you allow ESXi to try to sync the time for all guests you run into problems. Maybe they are more pronounced with SharePoint. Anyway, VMware and AD start fighting over the time (check your event logs) and, for us, the clocks across the domain get out of
sync beyond the 5 minute allowable window.
I recommend disabling time sync from host to guest and do what MS recommends: make your domain controller the master time server and configure it to get its time from a reliable source (which can be a single hardware host over NTP). Make other domain controllers
sync from the PDC. The other windows machines will all sync to the domain when they log in. This will prevent SharePoint from issuing tokens from one machine that are out of sync time-wise with the other machines and thus throwing the "Context has expired
and can no longer be used" errors.
Note that disabling host to guest time sync is not as simple as just clearing / un-checking the box in the VSphere client. That doesn't do it. You will need to Google for the 6 or so custom properties you must add to each guest to prevent VMWare from re-synchronizing
after certain hardware events. -
The Context has expired and can no longer be used error
Hello All,
I am getting ‘The context has expired and can no longer be used.’ error.
The last thing that was modified on the farm was Distributed Cache Service.
We stopped it on the application server and only have it run on the two WFE’s servers.
Also the cache size was changed to 2048MB.
Is it possible that this change is causing the error?
We don’t have ‘Default Time Zone’ selected for the web application.
But we never saw this error till now.
Any suggestions?
Thank you,
ZabciaHi Zabcia,
Thanks for posting this issue,
following could be the reason of raising this issue
1. Security context of your session might be expired
2. Somebody/you might have change the data time of your server.
you can follow below mentioned steps to fix this issue
Just change/update the Date/Time in the SharePoint server
Increase the Security context in SharePoint central admin. This can be done by following the below steps:
Go to central admin
Go to "Application management section" Go to "Web Application General Settings"
Go to "Web page Security validation" section & increase the timeout field. Or, you can simply disable this option.
I hope this is helpful to you, mark it as Helpful.
If this works, Please mark it as Answered.
Regards,
Dharmendra Singh (MCPD-EA | MCTS)
Blog : http://sharepoint-community.net/profile/DharmendraSingh -
A previous and unrelated text always appears when I need to send a new text. This prevens forwarding texts also, which I need to do all the time for my businss. How can I fix? Please help?
Hi,
This sounds like it is about Window positions.
iChat has Default places for Incoming Invites.
Video is always top Center of your Screen
Audio and Text chats are Upper right with the Audio slightly lower than Text Chats.
Secondary invites are sort of Stacked like when you open multiple files from the same App.
Your outgoing Windows are "Remembered" as to where the last one was when you used it.
This can be an issue if you use your Mac with a second display and turn Off Mirroring.
You windows can get "left" on the other screen.
Go to System Preferences > Displays and turn On Mirroring and the windows should come back to one Screen/display.
If this does not help go to your Home Folder/Library/Preferences and delete (Drag to Trash) com.apple.ichat.plist and restart iChat.
Unfortunately you will need to reset any iChat Preferences you have changed from defaults.
10:42 PM Tuesday; April 26, 2011
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb( 10.6.7)
, Mac OS X (10.6.7),
"Limit the Logs to the Bits above Binary Images." No, Seriously -
Is there any table in data dictionary has all clients and their email ids?
Is there any table in data dictionary has all clients and their email ids?
Hello,
KNVK-ADRNP_2
use this to pass to the bapi BAPI_BUPA_ADDRESS_GETDETAIL. this is function module & will return the address details in diff itabs..
You can also try the Table ADR6 field SMTP_ADDR where ADDRNUMBER = KNVK-ADRNP_2.
*************Reward points,if found useful
Maybe you are looking for
-
Does Multipoint Server 2012 Support Remote Connections?
I'm currently running Server 2008 R2 Foundation, and am considering an upgrade. I originally thought I'd move to 2012 R2 Essentials, but found that it only allows 2 concurrent users, and RDS is not available (what a joke!). Anyway, someone suggeste
-
After I updated user for i phone 4 s iCloud password is no way I can not phone and e-mail address has been blocked. I did not bring the solution to Turkey APPLE chief BILKOM is forgotten the password and e-mail address in the e-mail address asking fo
-
I have a HTC mobile with the BTWIFI app. When conected to a WIFI hotspot i frequently loose the signal and then approx 30 seconds later reconnect again, i find that this happens when indoors. The app states that i am connected to BTWIFI however i do
-
How can we migrate BO Enterprise XI 3.1 on Windows 2003 to new hardware?
Dear colleagues, we have BO Enterprise XI 3.1 running on Windows 2003. We have to move this to new hardare (same OS = Windows 2003). Is there any experience with such a move? Is there any documentation available for this task? Many thanks in advance
-
I sent Illustrator .ai artwork to be made into T shirts and when they sent me back the proofs they were wacked. I then sent pdf files and they were fine. Has anyone experienced this? I "created outlines" with the fonts with the artwork.