Identity firewall NetBIOS Probe problem

Similar Messages

• ASA Identity Firewall

  Hi,
  I have setup an Identity Firewall on a ASA version 5.6 on a DMZ interface.
  I have installed the ADAgent on a domain member Win2008 and configured as follows:
  aaa-server ADAGENT_SERVER protocol radius
  ad-agent-mode
  aaa-server ADAGENT_SERVER (VPN) host 172.17.v.x  key *****
  I have configured the LDAP connection to the DC as follows:
  aaa-server DOMAIN_SERVER protocol ldap
  aaa-server DOMAIN_SERVER (VPN) host 172.17.v.z
  ldap-base-dn DC=YYY,DC=local
  ldap-scope subtree
  ldap-login-password *****
  ldap-login-dn vvvvv
  server-type microsoft
  The identity config is as follows:
  user-identity domain YYY aaa-server DOMAIN_SERVER
  user-identity default-domain YYY
  user-identity action netbios-response-fail remove-user-ip
  user-identity logout-probe netbios local-system
  user-identity ad-agent aaa-server ADAGENT_SERVER
  user-identity user-not-found enable
  access-list 122 extended permit ip user YYY\ashdew any any
  where ashdew is a domain user and ACL 122(only one line) is applied on the dmz interface and NAT is properly configured.
  The ADagent has been properly tested and ASA can register to it.
  The ASA can connect to AD DC controller and query user database.
  I have placed a laptop ip 172.17.h.x on the DMZ and can ping the DMZ interface.
  The laptop cannot authenticate on the domain and the asa does not seem to retrieve the user identity
  Do I need to add extra rules in the access-list 122 to permit trafic to DC?
  Can I check on the AD Agent if it can retrieve the user to ip mapping ?
  Thanks
  Ashley

  Thanks Karsten,
  Great its clear now. I know the DMZ seems a bit odd. Actually, the DMZ is only accessible through the any-connect VPN.
  In the DMZ, we will have a citrix farm to access internal resources through identity management.
  We are testing with a laptop in the first place.
  Now, we have allowed in the acl to access AD, the laptop authenticates in the domain but then all connections are refused since the AD Agent is not retrieving the mapping.
  Is there a way to check if the ADAgent is properly retrieved the mapping. We suspect the problem is here.
  We did a capture on the ASA and we have found that the ASA contact the ADAgent when the user authenticates but then ADAgent does not return any ip mapping. The ASA sees the user as  ip as user-not -found .
  Thanks again for your help,
  Ashley

• Major flaw in Identity Firewall?

  Hi!
  I have just configured identity firewall on our ASA 5510.
  I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server:
  A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
  Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.
  But not the Android phone.
  Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy!!
  This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.
  Err. hello?
  So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.
  If this isn't a major flaw, I don't know what is.
  Unless, of course, there is something I have completely misunderstood.
  Please tell me that I have.

  Hello,
  For devices that are not joined to the AD domain, the IDFW feature supports learning username to IP mappings via VPN or cut-through proxy authentication. The configuration guide describes this type of deployment:
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html#wp1372180
  -Mike

• Identity firewall with OpenLDAP ?!

  Hi Guys
  I am interested to use identity firewall but I am using OpenLDAP , as far as I know there is no OpenLDAP agent like AD Agent!
  Does it mean that I only able to use OpenLDAP for VPN authentication and not for identity feature ?
  Thanks
  Ehsan

  Probably the answer is Yes I guess , ASA identity feature works only with Microsoft Active Directory !!!!

• Can Identity Firewall work with L2L IPSec

  Hello,
  One of my customers has requested a L2L IPSec tunnel between a 3rd party ASA5505 and their central office 5510.
  The tunnel works fine but they have asked to enable Identity Firewall against the incoming connections in relation to the IPSec tunnel.
  I've read about sysopt and vpn filter. So there are 2 choices.
  1. Disable access rule bypass for VPN connections via the sysopt command and configure the access rules accordingly.
  2. Use the vpn filter mechanism and define the ACL / ACE w/ the Identity Firewall.
  This is an excerpt from the Identity Firewall chapter ASA 9.0/ASDM 7.0.
  VPN filter—Although VPN does not support identity  firewall ACLs in general, you can use configure the ASA to enforce  identity-based access rules on VPN traffic. By default, VPN traffic is  not subject to access rules. You can force VPN clients to abide by  access rules that use an identity firewall ACL (
  no sysopt connection permit-vpn
  command). You can also use an identity firewall ACL with the VPN filter  feature; VPN filter accomplishes a similar effect as allowing access  rules in general.
  Has anyone attempted and succeeded with such a configuration? If so, did it support AD authentication or LOCAL only?
  Thanks in advance for your input.

  Anyone??

• Identity Firewall using CDA

  Hello All,
  I am thinking to set up Identity Firewall functionality too for our  environment.  I had a couple of questions.  Is the new version of AD  Agent now called CDA (Context Directory Agent)?  Also will this support  Windows 2012?
  Adil

  Hi,
  Yes, CDA is the replacement of AD Agent.
  Supported Active Directory Versions
  The Cisco CDA supports the following Active Directory versions:
  •Windows 2003
  •Windows 2003R2
  •Windows 2008
  •Windows 2008 R2
  •Windows 2012
  http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html#wp1059944
  HTH
  Luis Silva
  "If you need PDI (Planning, Design, Implement) assistance feel free to reach us"
  http://www.cisco.com/web/partners/tools/pdihd.html

• Identity firewall with Single Forest/Multi-Domain

  I have a question with regard to setting up the ID firewall on the ASA 5585 in a single forest, multiple domain windows network.
  Currently I have a semi-operational IDF at the top level but can't find users on the lower other domains, here is the setup:
  I have 3 domains.
  domain1.test.com
  domain2.domain1.test.com
  domain3.domain2.domain1.test.com
  Both domains have a two way parent-child trust and I can look for users in AD Users/Computer on both domains.  I initially setup the ASA to look at domain1.test.com using an LDAP aaa-server per the IDF instructions, and then proceeded to configure the ad-agent.  I installed the adagent on the domain1.test.com domain controller configured the settings on that system and had no problem adding users to the firewall and getting functionality within domain1.  I looked to see if I could see domain 2 and domain 3 users and found none.  I went ahead and added the domain2 system to the adagent on the DC and the system says that it is up, but when I search for users is not pulling them from domain2.  Instead, it shows domain1 users as domain2\user1.  I also configured another adserver in the ASA to search ldap on domain 2 to no avail.
  The cisco documentation states the following:
  •Before you configure even a single domain controller machine using the adacfg dc create command, ensure that the AD Agent machine is first joined to a domain (for example, domain J) that has a trust relationship with each and every domain (for example, domain D[i]) that it will monitor for user authentications (through the domain controller machines that you will be configuring on the AD Agent machine).
  Single Forest, Multiple Domains—All the domains in a single forest already have an inherent two-way trust relationship with each other. Thus, the AD Agent must first be joined to one of the domains, J, in this forest, with this domain J not necessarily being identical to any of the domains D[i] corresponding to the domain controller machines. Because of the inherent trust relationship between domain J and each of the domains D[i], there is no need to explicitly configure any trust relationships.
  Reading that it sounds like it should just work.  I had everything properly configured before I installed the adagent, but I'm guessing that there is a chance that you can't have the adagent on the top level DC and get to communicate with the lower level domains.  I wanted to ask though before I blow everything up and start over.  The instructions are not overwhelming clear on what needs to done in this scenario.  Suggestions?

  Hi Matthew,
  If I understand your post correctly, the problem is that the ASA is unable to search users in domain2, correct? This portion of the communication is unrelated to the AD Agent, but it sounds like the Agent can talk to the DC just fine. The ASA searches for users directly on the DC via LDAP queries. The communication between the ASA and the Agent is all done via RADIUS.
  If the above is correct, I would focus on why the LDAP queries are failing between the ASA and the domain2 DC. Feel free to open a TAC case on this as well for additional assistance from the AAA experts.
  -Mike

• PIX loadbalancing woth CSM - probe problem

  2 CSM/CATs on one side (FT)
  2 CSM/CATS on other (also FT)
  load balancing 2 PIX 535.
  probing icmp pings only "direct" pix interface
  the opposite interface will never answer to ping.
  So switching off int in one pix make real FAILED on one side but other side still have working real and sends traffic to one leg PIX.
  How to solve that ?

  I thinking about that:
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/csm_3_2/icn/fwldbal.htm#1037625
  when Firewall 1 and Firewall 2 are pinged on directly connected interfaces then directly connected probe detect pix problem. But problem with whole PIX device is less typical than one of his interfaces down (ie. fiber patchcord unplug) than one (opposite/working) interface answers with ping and CSM sends traffic to that "real".
  Great solution will be pinging opposite pix interface
  but this isn't supported by PIX ASA. So i have tried
  ping "any" ip behind pix which is currentl ip address of CSM VLAN.
  When you had one PIX there is no a problem... but when you had two of them you need check both of them.. you defining static route:
  ip_behind_pix VIA ip_pix_direct_int
  Then thing not only about ECHO REQ but also on ECHO REPLY - there is no way to put static routing for those devices what active and standbys on both sides will detect pix interface errros...
  There is no way to put REPLY on different gate than ECHO REQ...
  Think of it drawing 6 icons, giving them 10 ip (2 for pix inside and outside, one for every CSM) adds
  and then try set up static route that ping REQ and reply will go the same way. There is no such way...
  IMHO 8-)

• Application identity multi-colum PK problem

  Hello,
  I am having problem with application identity in case of multi-colum PK when
  componente of OID class are themselve percistent classes.
  OrgUnitTypeRole class identified by OrgUnitType and Role which are both
  persistent classes.
  Attached are OrgUnitTypeRole and OrgUnitTypeRoleOid classes
  I am getting following exception:
  javax.jdo.JDOFatalDataStoreException: The registered class
  "peacetech.gao.usorg.jdo.OrgUnitTypeRole" is not compiled or not longer
  exists. If the class has been deleted, unregister it before proceeding.
  NestedThrowables:
  java.lang.VerifyError: (class: peacetech/gao/usorg/jdo/OrgUnitTypeRole,
  method: jdoCopyKeyFieldsToObjectId signature:
  (Ljavax/jdo/PersistenceCapable$ObjectIdFieldManager;Ljava/lang/Object;)V)
  Bad type in putfield/putstatic
  at com.solarmetric.kodo.impl.jdbc.schema.DB.getPersistentTypes(DB.java:270)
  at
  com.solarmetric.kodo.impl.jdbc.JDBCPersistenceManagerFactory.setup(JDBCPersi
  stenceManagerFactory.java:170)
  at
  com.solarmetric.kodo.runtime.PersistenceManagerFactoryImpl.privateSetup(Pers
  istenceManagerFactoryImpl.java:501)
  at
  com.solarmetric.kodo.runtime.PersistenceManagerFactoryImpl.getPersistenceMan
  ager(PersistenceManagerFactoryImpl.java:61)
  at
  com.solarmetric.kodo.runtime.PersistenceManagerFactoryImpl.getPersistenceMan
  ager(PersistenceManagerFactoryImpl.java:50)
  at
  peacetech.gao.usorg.jdo.JDOFactory.getPersistenceManager(JDOFactory.java:70)
  at peacetech.gao.usorg.gui.BrowserFrame.<init>(BrowserFrame.java:158)
  at peacetech.gao.usorg.gui.Browser.<init>(Browser.java:23)
  at peacetech.gao.usorg.gui.Browser.main(Browser.java:85)
  Thank you very much in advance
  Alex
  begin 666 OrgUnitTypeRoleOid.java
  M"B\J*@H@*B!#;W!Y<FEG:'0@*&,I(#(P,# L(%!E86-E(%1E8VAN;VQO9WDL
  M($EN8RX*("H@)$%U=&AO<B0*("H@)%)E=FES:6]N)"P@)$1A=&4D"B J("1.
  M;TME>7=O<F1S) H@*B\*"G!A8VMA9V4@<&5A8V5T96-H+F=A;RYU<V]R9RYJ
  M9&\N;VED.PH*:6UP;W)T('!E86-E=&5C:"YG86\N=7-O<F<N:F1O+D]R9U5N
  M:714>7!E.PII;7!O<G0@<&5A8V5T96-H+F=A;RYU<V]R9RYJ9&\N4F]L93L*
  M"G!U8FQI8R!C;&%S<R!/<F=5;FET5'EP95)O;&5/:60@:6UP;&5M96YT<R!J
  M879A+FEO+E-E<FEA;&EZ86)L92!["B @<'5B;&EC($]R9U5N:714>7!E(&]R
  M9U5N:714>7!E.PH@('!U8FQI8R!2;VQE(')O;&4["@H@('!U8FQI8R!/<F=5
  M;FET5'EP95)O;&5/:60H*2![?0H*("!P=6)L:6,@3W)G56YI=%1Y<&52;VQE
  M3VED*$]R9U5N:714>7!E(&]R9U5N:714>7!E+"!2;VQE(')O;&4I('L*(" @
  M('1H:7,N;W)G56YI=%1Y<&4@/2!O<F=5;FET5'EP93L*(" @('1H:7,N<F]L
  M92 ](')O;&4["B @?0H*("!P=6)L:6,@:6YT(&AA<VA#;V1E*"D@>PH@(" @
  M<F5T=7)N(&]R9U5N:714>7!E+FAA<VA#;V1E*"D["B @?0H*("!P=6)L:6,@
  M8F]O;&5A;B!E<75A;',H3V)J96-T(&\I('L*(" @(&EF("AO(#T]('1H:7,I
  M('L*(" @(" @<F5T=7)N('1R=64["B @("!](&5L<V4@:68@*&\@:6YS=&%N
  M8V5O9B!/<F=5;FET5'EP95)O;&5/:60I('L*(" @(" @3W)G56YI=%1Y<&52
  M;VQE3VED(&]T:&5R(#T@*$]R9U5N:714>7!E4F]L94]I9"EO.PH@(" @("!R
  M971U<FX@*&]R9U5N:714>7!E+F5Q=6%L<RAO=&AE<BYO<F=5;FET5'EP92D@
  M)B8@<F]L92YE<75A;',H;W1H97(N<F]L92DI.PH@(" @?2!E;'-E('L*(" @
  =(" @<F5T=7)N(&9A;'-E.PH@(" @?0H@('T*?0H`
  `
  end
  begin 666 OrgUnitTypeRole.java
  M+RHJ"B J($-O<'ER:6=H=" H8RD@,C P,"P@4&5A8V4@5&5C:&YO;&]G>2P@
  M26YC+@H@*B D075T:&]R.B!2;WET;6%N+"!!;&5X) H@*B D4F5V:7-I;VXZ
  M(#0D+" D1&%[email protected]\R-R\R,# Q(#<Z,C0Z,S8@4$TD"B J("1.;TME>7=O
  M<F1S) H@*B\*"B\J"DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H
  M;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED
  M+"!H;VYO<FEF:6,I(%9!3%5%4R H,2P@,3$X+" Q+" G4V5N+B<I.PI)3E-%
  M4E0@24Y43R!O<F=?=6YI=%]T>7!E7W)O;&4@*&]R9U]U;FET7W1Y<&5?<F]L
  M95]I9"P@;W)G7W5N:71?='EP92P@<F]L95]I9"P@:&]N;W)I9FEC*2!604Q5
  M15,@*#(L(#(Q."P@,BP@)U)E<"XG*3L*"FEN<V5R="!I;G1O(&]R9U]U;FET
  M7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T
  M>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I"G-E;&5C="!R;W=N=6T@*R Q,"P@
  M="XJ("!F<F]M("@*<V5L96-T(&]R9U]U;FET7W1Y<&4L(')O;&5?:60L("=3
  M96XN)PIF<F]M(&]R9U]U;FET7W1Y<&4L(')O;&4*=VAE<F4@;W)G7W5N:71?
  M='EP92!B971W965N(#$S,"!A;F0@,3@P("!A;F0@(')O;&5?:60@/B R"G5N
  M:6]N"G-E;&5C="!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+" G4F5P+B<*9G)O
  M;2!O<F=?=6YI=%]T>7!E+"!R;VQE"G=H97)E(&]R9U]U;FET7W1Y<&4@8F5T
  M=V5E;B R,S @86YD(#(X," @86YD("!R;VQE7VED(#X@,@IU;FEO;@IS96QE
  M8W0@;W)G7W5N:71?='EP92P@<F]L95]I9"P@;G5L; IF<F]M(&]R9U]U;FET
  M7W1Y<&4L(')O;&4*=VAE<F4@;W)G7W5N:71?='EP92!B971W965N(#,S,"!A
  M;F0@,S@P("!A;F0@(')O;&5?:60@/B R"BD@= H*24Y315)4($E.5$\@;W)G
  M7W5N:71?='EP95]R;VQE("AO<F=?=6YI=%]T>7!E7W)O;&5?:60L(&]R9U]U
  M;FET7W1Y<&4L(')O;&5?:60L(&AO;F]R:69I8RD@5D%,5453("@Q+" Q,3 L
  M(#$L("=396YA=&]R)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L
  M92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE
  M7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,BP@,3$P+" R+" G4V5N871O<B<I
  M.PI)3E-%4E0@24Y43R!O<F=?=6YI=%]T>7!E7W)O;&4@*&]R9U]U;FET7W1Y
  M<&5?<F]L95]I9"P@;W)G7W5N:71?='EP92P@<F]L95]I9"P@:&]N;W)I9FEC
  M*2!604Q515,@*#,L(#$Q,"P@,RP@)U-E;F%T;W(G*3L*24Y315)4($E.5$\@
  M;W)G7W5N:71?='EP95]R;VQE("AO<F=?=6YI=%]T>7!E7W)O;&5?:60L(&]R
  M9U]U;FET7W1Y<&4L(')O;&5?:60L(&AO;F]R:69I8RD@5D%,5453("@T+" Q
  M,3 L(#0L("=396YA=&]R)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?
  M<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R
  M;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H-2P@,34P+" Q+" G4V5N871O
  M<B<I.PI)3E-%4E0@24Y43R!O<F=?=6YI=%]T>7!E7W)O;&4@*&]R9U]U;FET
  M7W1Y<&5?<F]L95]I9"P@;W)G7W5N:71?='EP92P@<F]L95]I9"P@:&]N;W)I
  M9FEC*2!604Q515,@*#8L(#$U,"P@,BP@)U-E;F%T;W(G*3L*24Y315)4($E.
  M5$\@;W)G7W5N:71?='EP95]R;VQE("AO<F=?=6YI=%]T>7!E7W)O;&5?:60L
  M(&]R9U]U;FET7W1Y<&4L(')O;&5?:60L(&AO;F]R:69I8RD@5D%,5453("@W
  M+" Q-3 L(#,L("=396YA=&]R)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y
  M<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E
  M+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H."P@,34P+" T+" G4V5N
  M871O<B<I.PI)3E-%4E0@24Y43R!O<F=?=6YI=%]T>7!E7W)O;&4@*&]R9U]U
  M;FET7W1Y<&5?<F]L95]I9"P@;W)G7W5N:71?='EP92P@<F]L95]I9"P@:&]N
  M;W)I9FEC*2!604Q515,@*#DL(#$P.2P@,RP@)U-E;F%T;W(G*3L*"DE.4T52
  M5"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE
  M7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%
  M4R H,3$L(#(Q,"P@,2P@)U)E<')E<V5N=&%T:79E)RD["DE.4T525"!)3E1/
  M(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O
  M<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,3(L
  M(#(Q,"P@,BP@)U)E<')E<V5N=&%T:79E)RD["DE.4T525"!)3E1/(&]R9U]U
  M;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI
  M=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,3,L(#(Q,"P@
  M,RP@)U)E<')E<V5N=&%T:79E)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y
  M<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E
  M+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,30L(#(Q,"P@-"P@)U)E
  M<')E<V5N=&%T:79E)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L
  M92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE
  M7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,34L(#(U,"P@,2P@)U)E<')E<V5N
  M=&%T:79E)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G
  M7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H
  M;VYO<FEF:6,I(%9!3%5%4R H,38L(#(U,"P@,BP@)U)E<')E<V5N=&%T:79E
  M)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?
  M='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF
  M:6,I(%9!3%5%4R H,3<L(#(U,"P@,RP@)U)E<')E<V5N=&%T:79E)RD["DE.
  M4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R
  M;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!
  M3%5%4R H,3@L(#(U,"P@-"P@)U)E<')E<V5N=&%T:79E)RD["DE.4T525"!)
  M3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED
  M+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H
  M,3DL(#(P.2P@,RP@)U)E<')E<V5N=&%T:79E)RD["BHO"@H*<&%C:V%G92!P
  M96%C971E8V@N9V%O+G5S;W)G+FID;SL*"G!U8FQI8R!C;&%S<R!/<F=5;FET
  M5'EP95)O;&4@>PH@('!R:79A=&4@3W)G56YI=%1Y<&4@;W)G56YI=%1Y<&4[
  M"B @<')I=F%T92!2;VQE(')O;&4["B @<')I=F%T92!3=')I;F<@:&]N;W)I
  M9FEC.PH*("!P=6)L:6,@3W)G56YI=%1Y<&52;VQE*"D@>WT*"B @<'5B;&EC
  M($]R9U5N:714>7!E(&=E=$]R9U5N:714>7!E*"D@>PH@(" @<F5T=7)N(&]R
  M9U5N:714>7!E.PH@('T*"B @<'5B;&EC('9O:60@<V5T3W)G56YI=%1Y<&4H
  M3W)G56YI=%1Y<&4@;W)G56YI=%1Y<&4I('L*(" @('1H:7,N;W)G56YI=%1Y
  M<&4@/2!O<F=5;FET5'EP93L*("!]"@H@('!U8FQI8R!V;VED('-E=%)O;&4H
  M4F]L92!R;VQE*2!["B @("!T:&ES+G)O;&4@/2!R;VQE.PH@('T*"B @<'5B
  M;&EC(%)O;&4@9V5T4F]L92@I('L*(" @(')E='5R;B!R;VQE.PH@('T*"B @
  M<'5B;&EC('9O:60@<V5T2&]N;W)I9FEC*%-T<FEN9R!H;VYO<FEF:6,I('L*
  M(" @('1H:7,N:&]N;W)I9FEC(#T@:&]N;W)I9FEC.PH@('T*"B @<'5B;&EC
  M(%-T<FEN9R!G971(;VYO<FEF:6,H*2!["B @("!R971U<FX@:&]N;W)I9FEC
  M.PH@('T*"B @<'5B;&EC(&EN="!H87-H0V]D92@I('L*(" @(')E='5R;B!O
  M<F=5;FET5'EP92YH87-H0V][email protected]@('T*"B @<'5B;&EC(&)O;VQE86X@
  M97%U86QS*$]B:F5C="!O*2!["B @("!I9B H;R ]/2!T:&ES*2!["B @(" @
  M(')E='5R;B!T<G5E.PH@(" @?2!E;'-E(&EF("AO(&EN<W1A;F-E;V8@3W)G
  M56YI=%1Y<&52;VQE*2!["B @(" @($]R9U5N:714>7!E4F]L92!O=&AE<B ]
  M("A/<F=5;FET5'EP95)O;&4I;SL*(" @(" @<F5T=7)N("AO<F=5;FET5'EP
  M92YE<75A;',H;W1H97(N;W)G56YI=%1Y<&4I("8F(')O;&4N97%U86QS*&]T
  M:&5R+G)O;&4I*3L*(" @('T@96QS92!["B @(" @(')E='5R;B!F86QS93L*
  -(" @('T*("!]"@I]"@``
  `
  end

  Hello,
  I am having problem with application identity in case of multi-colum PK when
  componente of OID class are themselve percistent classes.
  OrgUnitTypeRole class identified by OrgUnitType and Role which are both
  persistent classes.
  Attached are OrgUnitTypeRole and OrgUnitTypeRoleOid classes
  I am getting following exception:
  javax.jdo.JDOFatalDataStoreException: The registered class
  "peacetech.gao.usorg.jdo.OrgUnitTypeRole" is not compiled or not longer
  exists. If the class has been deleted, unregister it before proceeding.
  NestedThrowables:
  java.lang.VerifyError: (class: peacetech/gao/usorg/jdo/OrgUnitTypeRole,
  method: jdoCopyKeyFieldsToObjectId signature:
  (Ljavax/jdo/PersistenceCapable$ObjectIdFieldManager;Ljava/lang/Object;)V)
  Bad type in putfield/putstatic
  at com.solarmetric.kodo.impl.jdbc.schema.DB.getPersistentTypes(DB.java:270)
  at
  com.solarmetric.kodo.impl.jdbc.JDBCPersistenceManagerFactory.setup(JDBCPersi
  stenceManagerFactory.java:170)
  at
  com.solarmetric.kodo.runtime.PersistenceManagerFactoryImpl.privateSetup(Pers
  istenceManagerFactoryImpl.java:501)
  at
  com.solarmetric.kodo.runtime.PersistenceManagerFactoryImpl.getPersistenceMan
  ager(PersistenceManagerFactoryImpl.java:61)
  at
  com.solarmetric.kodo.runtime.PersistenceManagerFactoryImpl.getPersistenceMan
  ager(PersistenceManagerFactoryImpl.java:50)
  at
  peacetech.gao.usorg.jdo.JDOFactory.getPersistenceManager(JDOFactory.java:70)
  at peacetech.gao.usorg.gui.BrowserFrame.<init>(BrowserFrame.java:158)
  at peacetech.gao.usorg.gui.Browser.<init>(Browser.java:23)
  at peacetech.gao.usorg.gui.Browser.main(Browser.java:85)
  Thank you very much in advance
  Alex
  begin 666 OrgUnitTypeRoleOid.java
  M"B\J*@H@*B!#;W!Y<FEG:'0@*&,I(#(P,# L(%!E86-E(%1E8VAN;VQO9WDL
  M($EN8RX*("H@)$%U=&AO<B0*("H@)%)E=FES:6]N)"P@)$1A=&4D"B J("1.
  M;TME>7=O<F1S) H@*B\*"G!A8VMA9V4@<&5A8V5T96-H+F=A;RYU<V]R9RYJ
  M9&\N;VED.PH*:6UP;W)T('!E86-E=&5C:"YG86\N=7-O<F<N:F1O+D]R9U5N
  M:714>7!E.PII;7!O<G0@<&5A8V5T96-H+F=A;RYU<V]R9RYJ9&\N4F]L93L*
  M"G!U8FQI8R!C;&%S<R!/<F=5;FET5'EP95)O;&5/:60@:6UP;&5M96YT<R!J
  M879A+FEO+E-E<FEA;&EZ86)L92!["B @<'5B;&EC($]R9U5N:714>7!E(&]R
  M9U5N:714>7!E.PH@('!U8FQI8R!2;VQE(')O;&4["@H@('!U8FQI8R!/<F=5
  M;FET5'EP95)O;&5/:60H*2![?0H*("!P=6)L:6,@3W)G56YI=%1Y<&52;VQE
  M3VED*$]R9U5N:714>7!E(&]R9U5N:714>7!E+"!2;VQE(')O;&4I('L*(" @
  M('1H:7,N;W)G56YI=%1Y<&4@/2!O<F=5;FET5'EP93L*(" @('1H:7,N<F]L
  M92 ](')O;&4["B @?0H*("!P=6)L:6,@:6YT(&AA<VA#;V1E*"D@>PH@(" @
  M<F5T=7)N(&]R9U5N:714>7!E+FAA<VA#;V1E*"D["B @?0H*("!P=6)L:6,@
  M8F]O;&5A;B!E<75A;',H3V)J96-T(&\I('L*(" @(&EF("AO(#T]('1H:7,I
  M('L*(" @(" @<F5T=7)N('1R=64["B @("!](&5L<V4@:68@*&\@:6YS=&%N
  M8V5O9B!/<F=5;FET5'EP95)O;&5/:60I('L*(" @(" @3W)G56YI=%1Y<&52
  M;VQE3VED(&]T:&5R(#T@*$]R9U5N:714>7!E4F]L94]I9"EO.PH@(" @("!R
  M971U<FX@*&]R9U5N:714>7!E+F5Q=6%L<RAO=&AE<BYO<F=5;FET5'EP92D@
  M)B8@<F]L92YE<75A;',H;W1H97(N<F]L92DI.PH@(" @?2!E;'-E('L*(" @
  =(" @<F5T=7)N(&9A;'-E.PH@(" @?0H@('T*?0H`
  `
  end
  begin 666 OrgUnitTypeRole.java
  M+RHJ"B J($-O<'ER:6=H=" H8RD@,C P,"P@4&5A8V4@5&5C:&YO;&]G>2P@
  M26YC+@H@*B D075T:&]R.B!2;WET;6%N+"!!;&5X) H@*B D4F5V:7-I;VXZ
  M(#0D+" D1&%[email protected]\R-R\R,# Q(#<Z,C0Z,S8@4$TD"B J("1.;TME>7=O
  M<F1S) H@*B\*"B\J"DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H
  M;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED
  M+"!H;VYO<FEF:6,I(%9!3%5%4R H,2P@,3$X+" Q+" G4V5N+B<I.PI)3E-%
  M4E0@24Y43R!O<F=?=6YI=%]T>7!E7W)O;&4@*&]R9U]U;FET7W1Y<&5?<F]L
  M95]I9"P@;W)G7W5N:71?='EP92P@<F]L95]I9"P@:&]N;W)I9FEC*2!604Q5
  M15,@*#(L(#(Q."P@,BP@)U)E<"XG*3L*"FEN<V5R="!I;G1O(&]R9U]U;FET
  M7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T
  M>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I"G-E;&5C="!R;W=N=6T@*R Q,"P@
  M="XJ("!F<F]M("@*<V5L96-T(&]R9U]U;FET7W1Y<&4L(')O;&5?:60L("=3
  M96XN)PIF<F]M(&]R9U]U;FET7W1Y<&4L(')O;&4*=VAE<F4@;W)G7W5N:71?
  M='EP92!B971W965N(#$S,"!A;F0@,3@P("!A;F0@(')O;&5?:60@/B R"G5N
  M:6]N"G-E;&5C="!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+" G4F5P+B<*9G)O
  M;2!O<F=?=6YI=%]T>7!E+"!R;VQE"G=H97)E(&]R9U]U;FET7W1Y<&4@8F5T
  M=V5E;B R,S @86YD(#(X," @86YD("!R;VQE7VED(#X@,@IU;FEO;@IS96QE
  M8W0@;W)G7W5N:71?='EP92P@<F]L95]I9"P@;G5L; IF<F]M(&]R9U]U;FET
  M7W1Y<&4L(')O;&4*=VAE<F4@;W)G7W5N:71?='EP92!B971W965N(#,S,"!A
  M;F0@,S@P("!A;F0@(')O;&5?:60@/B R"BD@= H*24Y315)4($E.5$\@;W)G
  M7W5N:71?='EP95]R;VQE("AO<F=?=6YI=%]T>7!E7W)O;&5?:60L(&]R9U]U
  M;FET7W1Y<&4L(')O;&5?:60L(&AO;F]R:69I8RD@5D%,5453("@Q+" Q,3 L
  M(#$L("=396YA=&]R)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L
  M92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE
  M7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,BP@,3$P+" R+" G4V5N871O<B<I
  M.PI)3E-%4E0@24Y43R!O<F=?=6YI=%]T>7!E7W)O;&4@*&]R9U]U;FET7W1Y
  M<&5?<F]L95]I9"P@;W)G7W5N:71?='EP92P@<F]L95]I9"P@:&]N;W)I9FEC
  M*2!604Q515,@*#,L(#$Q,"P@,RP@)U-E;F%T;W(G*3L*24Y315)4($E.5$\@
  M;W)G7W5N:71?='EP95]R;VQE("AO<F=?=6YI=%]T>7!E7W)O;&5?:60L(&]R
  M9U]U;FET7W1Y<&4L(')O;&5?:60L(&AO;F]R:69I8RD@5D%,5453("@T+" Q
  M,3 L(#0L("=396YA=&]R)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?
  M<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R
  M;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H-2P@,34P+" Q+" G4V5N871O
  M<B<I.PI)3E-%4E0@24Y43R!O<F=?=6YI=%]T>7!E7W)O;&4@*&]R9U]U;FET
  M7W1Y<&5?<F]L95]I9"P@;W)G7W5N:71?='EP92P@<F]L95]I9"P@:&]N;W)I
  M9FEC*2!604Q515,@*#8L(#$U,"P@,BP@)U-E;F%T;W(G*3L*24Y315)4($E.
  M5$\@;W)G7W5N:71?='EP95]R;VQE("AO<F=?=6YI=%]T>7!E7W)O;&5?:60L
  M(&]R9U]U;FET7W1Y<&4L(')O;&5?:60L(&AO;F]R:69I8RD@5D%,5453("@W
  M+" Q-3 L(#,L("=396YA=&]R)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y
  M<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E
  M+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H."P@,34P+" T+" G4V5N
  M871O<B<I.PI)3E-%4E0@24Y43R!O<F=?=6YI=%]T>7!E7W)O;&4@*&]R9U]U
  M;FET7W1Y<&5?<F]L95]I9"P@;W)G7W5N:71?='EP92P@<F]L95]I9"P@:&]N
  M;W)I9FEC*2!604Q515,@*#DL(#$P.2P@,RP@)U-E;F%T;W(G*3L*"DE.4T52
  M5"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE
  M7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%
  M4R H,3$L(#(Q,"P@,2P@)U)E<')E<V5N=&%T:79E)RD["DE.4T525"!)3E1/
  M(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O
  M<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,3(L
  M(#(Q,"P@,BP@)U)E<')E<V5N=&%T:79E)RD["DE.4T525"!)3E1/(&]R9U]U
  M;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI
  M=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,3,L(#(Q,"P@
  M,RP@)U)E<')E<V5N=&%T:79E)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y
  M<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E
  M+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,30L(#(Q,"P@-"P@)U)E
  M<')E<V5N=&%T:79E)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L
  M92 H;W)G7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE
  M7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H,34L(#(U,"P@,2P@)U)E<')E<V5N
  M=&%T:79E)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G
  M7W5N:71?='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H
  M;VYO<FEF:6,I(%9!3%5%4R H,38L(#(U,"P@,BP@)U)E<')E<V5N=&%T:79E
  M)RD["DE.4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?
  M='EP95]R;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF
  M:6,I(%9!3%5%4R H,3<L(#(U,"P@,RP@)U)E<')E<V5N=&%T:79E)RD["DE.
  M4T525"!)3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R
  M;VQE7VED+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!
  M3%5%4R H,3@L(#(U,"P@-"P@)U)E<')E<V5N=&%T:79E)RD["DE.4T525"!)
  M3E1/(&]R9U]U;FET7W1Y<&5?<F]L92 H;W)G7W5N:71?='EP95]R;VQE7VED
  M+"!O<F=?=6YI=%]T>7!E+"!R;VQE7VED+"!H;VYO<FEF:6,I(%9!3%5%4R H
  M,3DL(#(P.2P@,RP@)U)E<')E<V5N=&%T:79E)RD["BHO"@H*<&%C:V%G92!P
  M96%C971E8V@N9V%O+G5S;W)G+FID;SL*"G!U8FQI8R!C;&%S<R!/<F=5;FET
  M5'EP95)O;&4@>PH@('!R:79A=&4@3W)G56YI=%1Y<&4@;W)G56YI=%1Y<&4[
  M"B @<')I=F%T92!2;VQE(')O;&4["B @<')I=F%T92!3=')I;F<@:&]N;W)I
  M9FEC.PH*("!P=6)L:6,@3W)G56YI=%1Y<&52;VQE*"D@>WT*"B @<'5B;&EC
  M($]R9U5N:714>7!E(&=E=$]R9U5N:714>7!E*"D@>PH@(" @<F5T=7)N(&]R
  M9U5N:714>7!E.PH@('T*"B @<'5B;&EC('9O:60@<V5T3W)G56YI=%1Y<&4H
  M3W)G56YI=%1Y<&4@;W)G56YI=%1Y<&4I('L*(" @('1H:7,N;W)G56YI=%1Y
  M<&4@/2!O<F=5;FET5'EP93L*("!]"@H@('!U8FQI8R!V;VED('-E=%)O;&4H
  M4F]L92!R;VQE*2!["B @("!T:&ES+G)O;&4@/2!R;VQE.PH@('T*"B @<'5B
  M;&EC(%)O;&4@9V5T4F]L92@I('L*(" @(')E='5R;B!R;VQE.PH@('T*"B @
  M<'5B;&EC('9O:60@<V5T2&]N;W)I9FEC*%-T<FEN9R!H;VYO<FEF:6,I('L*
  M(" @('1H:7,N:&]N;W)I9FEC(#T@:&]N;W)I9FEC.PH@('T*"B @<'5B;&EC
  M(%-T<FEN9R!G971(;VYO<FEF:6,H*2!["B @("!R971U<FX@:&]N;W)I9FEC
  M.PH@('T*"B @<'5B;&EC(&EN="!H87-H0V]D92@I('L*(" @(')E='5R;B!O
  M<F=5;FET5'EP92YH87-H0V][email protected]@('T*"B @<'5B;&EC(&)O;VQE86X@
  M97%U86QS*$]B:F5C="!O*2!["B @("!I9B H;R ]/2!T:&ES*2!["B @(" @
  M(')E='5R;B!T<G5E.PH@(" @?2!E;'-E(&EF("AO(&EN<W1A;F-E;V8@3W)G
  M56YI=%1Y<&52;VQE*2!["B @(" @($]R9U5N:714>7!E4F]L92!O=&AE<B ]
  M("A/<F=5;FET5'EP95)O;&4I;SL*(" @(" @<F5T=7)N("AO<F=5;FET5'EP
  M92YE<75A;',H;W1H97(N;W)G56YI=%1Y<&4I("8F(')O;&4N97%U86QS*&]T
  M:&5R+G)O;&4I*3L*(" @('T@96QS92!["B @(" @(')E='5R;B!F86QS93L*
  -(" @('T*("!]"@I]"@``
  `
  end

• New Firewall Install- Having problems

  Hello,We are upgrading from a Cisco ASA to a Fortigate on our network. I am having problems getting everything working properly, and i'm not sure if it's a network configuration or if it a rule or some other setting on the firewall, and so I'm looking for a little help. I didn't design or configure the current network or firewall, so i'm getting frustrated trying to troubleshoot this.We have multiple vlans across our network, lets call them, vlan1, vlan2, vlan3 and vlan4. The current firewall configured on a completely separate vlan, lets call it 25. All the internet traffic is getting to the current firewall and I can see traffic from all the vlans. However, when I plug in the new firewall, and configure the interfaces the same way as the Cisco, I only see some of the devices, and most of the internet traffic times out.I can do a...

  The most spiced-up topic this week was one of ourSpotlight on ITseries, in whichRoy (UBM Tech)shared his take on why IT is about more than fixing computers. That was followed (in spiciness) byColtsFanMN, who let off some steam overincompetency in IT.KM_8took third place with 195 spice-ups with a anotherSpotlight in ITabout his overnight introduction to IT, and Serge7400took fourth place with a story about how a $5.00 USB stick took down a million dollar infrastructure.Steve.rounded out the lot with athank you note to Spiceworks, where he called us the "cool aunt/uncle," (an on-point observation, if I do say so myself) and praised the splendor that is SysadminDay.The most spiced-up topic by partnerwas, for a double-whammy,Roy (UBM Tech), whoseSpotlight on ITwontwo categories (see above)! That was followed by Melanie for SoftLayer, who...

• Csm probe problem

  Hello,
  I have the following problem after configuring/setting up tcp probe:
  probe TCP tcp
  interval 10
  failed 30
  vserver test:3389
  virtual x.x.x.x tcp 3389
  serverfarm test
  inservice
  serverfarm test
  real a.a.a.a
  inservice
  real b.b.b.b
  inservice
  real c.c.c.c
  inservice
  probe TCP
  Vserver shows o.o.s
  serverfarm shows o.o.s probe failed for all servers
  when I show probe, I get:
  real vserver serverfarm policy status
  a.a.a.a:3389 test:3389 test (default) OPERABLE
  I have a separate VIP setup for each server without a probe and I can connect to them on port 3389, so I know
  the application/servers are ok.
  The csm is running ver 3.1(4)
  Can you explain why the probe shows operable yet the serverfarm shows probe_failed?
  Thanks,

  if you remove the probe, is the vserver inservice ?
  I would also recommend to test with a software more recent.
  There was some probe issues in the past and they should be fixed with new releases.
  Gilles.

• Identity Server 6.1 problem in appserver 7.0

  Hi,
  I am trying to install ID6.1 on Appserver 7.0.They are all part of JES03Q4Sparc bits.
  After installing the ID6.1 on Appserver7.0 ,i am not able to bring the amconsole.It says "page cannot be found".
  I looked into the log file and there are visible problems during installation.
  1./var/sadm/pkg/SUNWamsdk/install/postinstall: /usr/jdk/entsys-j2se/bin/native2ascii: not found
  /var/sadm/pkg/SUNWamsdk/install/postinstall: /usr/jdk/entsys-j2se/bin/jar: not found
  2: cannot access /opt/SUNWam/web-apps/introduction/WEB-INF/web.xml
  /var/sadm/pkg/SUNWamsai/install/postinstall: /opt/SUNWam/web-apps/introduction/WEB-INF/web.xml: cannot create
  cp: cannot access /opt/SUNWam/web-apps/introduction/WEB-INF/classes/FSIntroConfig.properties
  3Installation of <SUNWamsai> was successful.
  ps/introduction/WEB-INF/classes/FSIntroConfig.properties: cannot create
  /var/sadm/pkg/SUNWamsai/install/postinstall: /usr/jdk/entsys-j2se/bin/jar: not found
  mv: cannot access introduction.war
  Installed Package: SUNWamsai
  Install complete.
  I could see the amadmin user in the directory server 5.2.The only problem seems to be that installation fails to load amconsole,ampassword related webmodule into the appserver.
  Btw,am using JDK1.4_0_6.
  Any help would be greatly appreciated.
  Thanks

  it is evident that your jdk is not installed properly
  jar and native2ascii are required for successful install
  make sure these utilities installed properly
  and reinstall ID server

• Cannot remove identity plate and other problems

  Hi- so I think I may have majorly screwed up. I am relatively new to lightroom, and here's what I did.
  I was just putting the finishing touches on a few of my photos to get them to the client today, and my computer started acting funny and wouldn't let me use the keyboard and would only open limited things. Desperate not to lose all the work I had done, I clicked on "export pdf" and saved the images to my hard drive.
  After rebooting my computer, all of my images were missing from lightroom, and when I googled how to fix this, the solution I found was to synchronize the lightroom catalog with the folder on my hard drive. Now, some of the images have what looks like a permanent identity plate, and the other images are still missing.
  Can anyone help me with where to go from here?
  Thanks so much
  Chiara

  Oh, I'm using lightroom 3

• Identity Sync for Windows problems and questions.

  the setup:
  2 multimaster 5.2 LDAP servers sending updates to a slave replica 5.2 LDAP server.
  The slave replica is the instance that has all of ISW software installed, ISW itself and the plugin.
  1 2003 AD server is accepting password, cn, and other attribute changes from the slave LDAP replica.
  the problem:
  When changing a password, or any other attribute on the slave replica, all the changes get synced to AD tree.
  When changing any attribute, except for the password on the master LDAP servers, all the changes get synced to LDAP replica and AD tree, except for the password entry in the AD tree. All the password policies have been disabled on all 4 servers.
  An interesting detail - eventhough the LDAP replication updates the password entry from LDAP masters to LDAP slave replica, that same change doesn't propagade to the AD tree. Any other attribute changed on the master server, propagades all the way to the
  AD tree. The only way to actually force the password change in AD tree, is to initiate the change from the LDAP slave.
  Why is that and what can be done to fix it ?
  Also, on the subject of replication. Since ISW configuration is stored in the main suffix tree, any attempt to reinitialize the slave replica ( aka ISW server ) erases the configuration completely, requiring a VERY long reinstall and reconfiguration effort.
  Is there a way to preven the replica init from erasing ISW configuration ?
  Any other suggestions or workarounds ??
  thank you

  Agree with you on most points. However no all the evnironments are continuously static. In ours, we need to add servers when demand grows
  and with LDAP it does so continuosly. Different departments constantly coming up with more and more applications that take advantage for different data in the directory, some demanding authoritate control over various attributes, so I can see there's going to be need for 2 or more multimaster servers down the road. Hence the concern with replica initialization with IDSYNC present on a consumer.
  The procedure for replication is defined clearly and the one step that troubles me ( if IDSYNC is present ) is replica initialization, since it completely erases all LDAP data from the replica. That's the problem.
  If I restore the replica from the backup, restoring IDSYNC configuration with it, perhaps you're right,it may continue working, but at this point I see it as a design flaw and a major risk anyway.
  I didn't see any options during the IDSYNC install to chose another directory
  suffix to store IDSYNC configuration, which would've been a simple work around, since replica init erases everything under a specific parent suffix.
  I'm just searcing for other ideas how this can be prevented, maybe
  using some restrictive ACL to prevent IDSYNC config from being erased by
  "Replication Manager" or something along those lines.

• Firewall + Oracle connection problem, please help!

  We've written a Java application (GUI) that resides on end user desktop. The tool uses a type 4 driver to connect to Oracle that is nested inside a firewall. The connection fails when trying to login to Oracle from the clients' computers that are not in our network; error says "Invalid protocol error!". Please advise...
  Note- there are no connectivity issues with the tool when running inside the network.
  Thanks,
  KN

  You need to open up the firewall for the selected port and probably the TCP/IP protocol on that port.
  Thomas