ISE 1.2.1.198 patch 5 - Operations Authentications not loading or displaying

Similar Messages

• Setups for new operating units not loading to target

  If there is a new operating unit in the source, setups for that operating unit do not seem to load into the target if that new operating unit does not exist in the target.
  Is there a script to address this issue?
  Any additional advice will be appreciated.
  Edited by: user11071661 on Apr 16, 2009 1:34 PM

  Hi,
  There are lot of dependencies between setup data that you are trying to load. Operating Unit depends on Accounting Setup which in turn depends on setups like Calendar, Currencies and Chart of Accounts. So, you have to make sure that you have loaded all prerequisite data before loading operating unit.
  Thanks
  Mugunthan.

• Operating system not able to display some website or display with many lines. too sllow also.

  I just have a new HP pavillon .but am not able to access some of the website I was using wiht windows 7.What will happen if I change it to windows 7. Do I am going to loose my garanty ?

  I have a iMac and Macbook pro at work and at home also, all less than two years old, one two weeks old, and I have noticed the same behavior.  As in your case it has been going on for a couple of months or so. Depending on the download speed the page eventually loads and it never happens later in the evening or early in the am. Have a PC that has the same issue among others.  My ISP says it's a bottleneck problem that they have no control over.  Minor irritation, if yours is more than that it may be something else but I wouldn't try to fix something that might not be broken, give it some time my connection speeds have been better lately and haven't noticed it as much if at all.  

• Q: How can ISE 1.2 be configured to display "IP Address" in the Operations-Authentication view ?

  Hi Forum !
  I have several ISE installations running, and I have come across an Issue, that may or may not be a real issue.
  How can ISE 1.2 and/or the WLC be configured to display "IP Address" in the Operations-Authentication view ?
  I simply can not see any IP address in this field, when the dot1x Authentication is done on a WLC.
  This may be "works as designed" due to the fact that dot1x runs before the IP is assigned, but then again I do get profiler date etc, and hence I would expect the IP to be displayed.
  Please see attachment for clarification of the field in the ISE dashboard.
  FYI
  I do see IP in WIRED dot1x senarios, but then again I run LowImpact modes, as opposed to CloseMode in the WiFi senarios
  I have the same ono WLC OS 7.0, aswell as on 7.5 & 7.6 (i.e. no IP address shown in dashboard)
  Have Fun !
  Regards
  Martin

  I have seen this before but never really bothered to look more into it. It has always showed for wired but not wireless. I did some digging and it appears that the "framed-ip-address" is being sent/honored by the NAS in the "access-accept" packet.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0101001.html#ID676
  Why is it not showing in ISE's screen is now another quesiton. I would say a bug but I recall this since the 1.0 days and I have done several deployments. Perhaps Cisco can chime in here or if you can open a TAC case and report back your findings :)
  Thank you for rating helpful posts!

• ISE 1.2.1.198 Wired - Central WebAuth Fail

  Hello, I have a trouble with WebAuth.
  I follow this guide to implement this, but it does not work.
  http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html
  Port Redirection is working, because when I am trying to access any page, and open guestportal.
  After GuestPortal is open, I set user/pass on the webpage.
  user: webauthuser
  After this, display the page Self-Provisioning Portal "Welcome webauthuser" but with the error "The system administrator has either not configured or enabled a policy for your device. Contact your system administrator".
  I have this Authorization Profiles
  On Operations / Authentication, I have the following...
  Event 21:28:21.801

  Partner help to troubleshoot this. It was fix.
  Uncheck "Enable Self-Provisioning Flow" on
  Administration > Web Portal Management > Settings > Guest > Multi-Portal Configurations > DefaultGuestPortal > Operations
  Tks.

• ISE version 1.1.2 patch-5 or 1.1.3

  I am about to deploy ISE in a new environment.  My plan is to go with ISE 1.1.2 with patch-5 or with 1.1.3
  My problem with 1.1.3 is that it is new and no patch.  While there are new features in 1.1.3 but it also comes with unknown issues and bugs that will not be resolved until patch-1 in 1.1.3.  Therefore, I plan on staying at 1.1.2 patch-5.
  What do  you think?

  Hello David-
  With any new products, such as ISE (version 1.x), I tend to always go with the latest release as there are constantly more and more bugs that are being fixed along with new features. I have one deployment running on 1.1.3 and I have not had/heard any issues.
  Also, there is a nasty bug with 1.1.2 where if you use automatic backups your EAP-TLS authentications start to fail and can only be resolved by a reload. (CSCud00831). So if you are planning to use EAP-TLS type authentications then I would strongly recommend that you go with 1.1.3
  Thank you for rating!

• Help with cisco ISE 1.1.2.145 patch-3 to ISE 1.2.0.899-2-85601 upgrade procedure

  Need help from ISE experts/gurus in this forum.
  Due to a nasty bug in Cisco ISE (bug ID CSCue38827 ISE Adclient daemon not initializing on leave/join), this bug will make the ISE stopping working completely and a reboot is required (very nice bug from cisco) .  This leaves me no choice but to upgrade to version 1.2.0.899-2-85601. 
  Scenario: 
  - 4 nodes in the environment running ISE version 1.1.2.145 patch 3
  - node 1 is Primary Admin and Secondary Monitoring - hostname is node1
  - node 2 is Secondary Admin and Primary Monitoring - hostname is node2
  - node 3 is Policy service node - hostname is node3
  - node 4 is Policy service node - hostname is node4
  Objective:  Upgrade the ISE environment to ISE version 1.2 with patch version 1.2.0.899-2-85601.
  My understand  is that I have to upgrade the existing environment from ISE version 1.1.2.145 patch 3
  to ISE version 1.1.2.145 patch 10 (patch 10 was released on 10/04/2013) before I can proceed with
  upgrading to ISE version 1.2 and patch it with 1.2.0.899-2-85601. 
  Can I patch my exsiting environment from 1.1.2 patch 3 to patch 10 prior to upgrading to version 1.2.0.899-2-85601?
  I look at Cisco website and patch 10 was released on 10/04/2013 while version 1.2 was released back in 07/05/2013.
  I am trying to get a definite answer from Cisco TAC but it seems like they don't know either. 
  Question #1:  How do I proceed with upgrading the current ISE environment from 1.1.2.145 patch 3 to 1.1.2.145 patch 10?
  Propose solution: 
  step #1: make ISE node1 to be both Primary Admin and Primary monitoring.  ISE node2 is now Secondary Admin and Secondary Monitoring. 
           Then go ahead and apply ISE version 1.1.2.145 patch 10 to ISE node2 via the GUI,
  step #2: Once ISE node2 patch 10 is completed, make node2 Primary Admin and Primary Monitoring.  At this point, apply ISE 1.1.2.145 patch 10
           to ISE node1 via the GUI,
  step #3: Once ISE node1 patch 10 is completed, make node1 Primary Admin and Secondary Monitoring and node2 Secondary Admin and Primary Monitoring,
  step #4: apply ISE 1.1.2.145 patch 10 to ISE Policy Service node3.  Once that is completed, verify that node2 is working and accepting traffics,
  step #5: apply ISE 1.1.2.145 patch 10 to ISE Policy Service node4.  Once that is completed, verify that node2 is working and accepting traffics,
  Question #2: How do I proceed with upgrading the current ISE environment from 1.1.2.145 patch 10 to ISE version 1.2 with patch version 1.2.0.899-2-85601?
  Propose solution:
  step #1:  Make ISE node1 the Primary Admin and Primary monitoring.  At this point ISE node2 will become Secondary Admin and Secondary Monitoring
  step #2:  Perform upgrade on the ISE node2 via the command line "application upgrade <app-bundle> <repository>".  Once ISE node2 upgrade is completed, it will
            form a new ISE 1.2 cluster independent of the old cluster,
  step #3:  Perform upgrade on the ISE Policy Service node3 via the command line "application upgrade <app-bundle> <repository>".  After the upgrade the ISE
            Policy Service Node3 will automatically joins the ISE node2 which is already in version 1.2
  step #4:  Perform upgrade on the ISE Policy Service node4 via the command line "application upgrade <app-bundle> <repository>".  After the upgrade the ISE
            Policy Service Node4 will automatically joins the ISE node2 which is already in version 1.2
  step #5:  At this point the only node remaining in the 1.1.2.145 patch 10 is the ISE node1 Primary Admin and Primary Monitoring
  step #6:  Check and see if there are any more PSN's registered in ISE node1 (there should not be any)
  step #7:  Perform the upgrade on the ISE node1 from command line  "application upgrade <app-bundle> <repository>"
  step #8:  Once upgrade on ISE node1 is complete, ISE node1 will automatically join the new ISE 1.2 cluster,
  step #9:  Make ISE node1 Primary Admin and Secondary and ISE node2 Secondary Admin and Primary Monitoring,
  Question #3:  How do I proceed with upgrading the current ISE environment from 1.2 patch0 to 1.2.0.899-2-85601?
  Propose solution: 
  step #1: make ISE node1 to be both Primary Admin and Primary monitoring.  ISE node2 is now Secondary Admin and Secondary Monitoring. 
           Then go ahead and apply ISE 1.2.0.899-2-85601 to ISE node2 via the GUI,
  step #2: Once ISE node2 1.2.0.899-2-85601 is completed, make node2 Primary Admin and Primary Monitoring.  At this point, apply 1.2.0.899-2-85601
           to ISE node1 via the GUI,
  step #3: Once ISE node1 patch 10 is completed, make node1 Primary Admin and Secondary Monitoring and node2 Secondary Admin and Primary Monitoring,
  step #4: apply ISE 1.2.0.899-2-85601 to ISE Policy Service node3.  Once that is completed, verify that node2 is working and accepting traffics,
  step #5: apply ISE 1.2.0.899-2-85601 to ISE Policy Service node4.  Once that is completed, verify that node2 is working and accepting traffics,
  does these steps make sense to you?
  Thanks in advance.

  David,
  A few answers to your questions -
  Question 1: My recommendation is to follow vivek's blog since most fixes and upgrade steps are provided there - I would recommend installing the patch that was release prior to the 1.2 release date since the directions to "install the latest patch" would put you at the version of when the ISE 1.2 was released
  https://supportforums.cisco.com/community/netpro/security/aaa/blog/2013/07/19/upgrading-to-identity-services-engine-ise-12
  You do not have the ability to install ISE patch through the GUI on any of the "non-primary" nodes (you can use the cli commmand to achieve this), the current patching process was designed so you can install the patch on the primary admin node and it will then roll the patches out to the entire deployment (one node at at time). I painfully verified this by watching the services on each node and when a node was up and operational the next node would start the patching process. First the admin nodes then the PSNs.
  Every ISE upgrade that I have attempted as not been flawless and I can assure you that I have done an upgrade on 1.1.2 patch 3 and this worked fine, however I used the following process. You will need the service account information that is used to join your ISE to AD.
  I picked the secondary admin/monitoring node and made it a standalone node by deregistering (much like the old procedure) in your case this will be node2.
  I backed up the certificates from the UI and the database from the CLI (pick the local disk or ftp-your choice).
  I reset the database and ran the upgrade script (since I did not have access to the vsphere console or at the location of the non UCS hardware [for a 1.1.4 upgrade]).
  Once the upgrade was completed I then restored the 1.1.x database, ISE 1.2 now has the ability to detect the version of the database that is restored and will perform the migration for you.
  Once the restore finished, I then restored the certificate and picked one of the PSNs
  backup the cert,
  Had the AD join user account handy
  reset-db,
  and run the upgrade script.
  Once that is done I then restore the cert
  Join the PSN to the new deployment
  Join both nodes to AD through primary admin node
  Monitor for a few days (seperate consoles to make sure everything runs smooth)
  If anything doesnt look or feel right, you can shut down the 1.2 PSN and force everything through the existing 1.1.2 setup and perform some investigation, if it all goes smooth you can then follow the above step for the other two nodes, starting with the last PSN and the the last admin node.
  Thanks and I hope that helps,
  Tarik Admani
  *Please rate helpful posts*

• Bug CSCup27305 in ISE 1.2.1.198 patch3

  Hi guys,
  I´m hitting bug CSCup27305 in version ISE 1.2.1.198 patch3 but cant find a fix version.
  Do you know what version can be applied, so DACL can start with permit IP Host 2.2.2.2 Host 1.1.1.1 = is NOT ok!
  Thanks a lot for your help.
  Erick Flamenco

  It is not resolved in any shipping version and will currently be in first release that ships post 1.3
  Note that this issue impacts DACL validator functionality in that does not detect the invalid DACL as it should but does not impact any end to end functionality and so may not get priortized for any earlier patch

• ISE 1.2.0.899 patch 1,2,3,4 with blackberry 9700

                     Hi, I'm using ISE 1.2.0.899 patch 1,2,3,4, and I am trying to use guest portal on blackberry 9700.
  I verified that I am able to do 802.1x with blackberry.
  I associated to ssid, and opened web browser, and I can see the guest portal.
  However, when I clicked on "don't have account?" to creating guest ID, I could not go any further.
  does anyone know if it's supported or not ? if it's working or not ?
  I know in the network compatibility document for 1.2, there is no mention about blackberry.
  does anyone know about this ?

  Saurav Lodh, I did check the default time profile that is being used the sponsor. I even created a custom time profile to rule out any timeout on the Guest account, but even with the custom profile time the Guest account times out between 7 to 10 minutes and asks to re-authenticate again. I don't know if there is another place to look out for any timeouts, or is it maybe a bug with this version of ISE, but I couldn't find anybody else having this same issue which makes me think that it has to be a setting that is causing this problem.

• ISE 1.1.2.145 patch-3 and CLI password disable

  I am running ISE 1.1.2.145 patch-3 on VMWare ESXi 4.1  The ISE is running fine without any issues.
  During the initial setup of the ISE, I create an account called "admin" so that I can ssh into the ISE.  According to Cisco, the CLI password does NOT expire and does NOT lock out.  However, when I ssh into the ISE and "intentionally" entered the wrong password 5 times.  After that, I can no longer ssh or console in the ISE with the "admin" account.  The only way to fix this is to do "password recovery" with the DVD.
  I notice the same issue with ISE version 1.1.1.268 patch-5 as well.
  Is this a "known" issue with ISE or bug?

  There looks like there was a bug fixed for this issue in 1.1.1, you may need to open a tac case and see if the bug has resurfaced.
  http://www.cisco.com/en/US/docs/security/ise/1.1.1/release_notes/ise111_rn.html#wp411891
  CSCub89895
  SNMP process stops randomly due to an issue in netsnmp
  The netsnmp daemon on Cisco ISE can halt, causing any SNMP monitoring of  the Cisco ISE node to fail until the daemon is restarted. This issue  has been observed in Cisco ISE, Release 1.1.1.
  Workaround   Remove all SNMP commands and re-add them to start the daemon again or restart the ISE node.
  For more information, see: http://sourceforge.net/tracker/index.php?func=detail&aid=3400106&group_id=12694&atid=112694
  Tarik Admani
  *Please rate helpful posts*

• ISE 1.1.4 Patch 5 - Release Notes

  Any word on the availability of the release notes for ISE 1.1.4 Patch 5?  I have a production affecting bug that is supposed to resolved in a future release and I'd like to know if it is resolved in Patch 5.
  Also, in what case would you release a patch and not update the release notes?  This isn't a chicken vs egg argument, there is a patch therefore there should be release notes prior to the patch ever being released.  It's a bit of an oversight IMO.

  Hi
  You can install patches on ISE servers in your deployment from the primary administration node. ISE patches are usually cumulative, however, any restrictions on the patch installation will be described in the README file that will be included with the patch. Cisco ISE allows you to perform patch installation and rollback from either the command-line interface (CLI) or GUI. When you install or roll back a patch from a standalone or primary administration node, ISE restarts the application. You might have to wait for a few minutes before you can log back in.
  For more information regarding installation and configuration please go through the following link:
  http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf

• Error in crawl log "Error while crawling LOB contents. ( Error caused by exception: Microsoft.BusinessData.Infrastructure.BdcException The shim execution failed unexpectedly - The method or operation is not implemented..; SearchID "

  Hi 
  I get the following error in my crawl logs
  "Error while crawling LOB contents. ( Error caused by exception: Microsoft.BusinessData.Infrastructure.BdcException The shim execution failed unexpectedly - The method or operation is not implemented..; SearchID "
  Because of this i suspect, the search results are not including those aspx pages marked as "Hide physical urls from search".
  This error is not available in the another environment where the aspx pages are coming in the results.
  Thanks
  Joe

  Hi Joe,
  Greetings!
  Reset the index and re-crawl. That usually clears it
  If you are using NTLM authentication, then make sure that you specified the PassThrough authentication for crawling
  Probably you need to debug the BDC code that underlies the external content types.
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/41a86c43-151d-47cd-af73-967a4c940611/lotus-notes-connector-error-while-crawling-lob-contents?forum=sharepointsearch
  Please remember to click 'Mark as Answer' on the answer if it helps you

• The operation could not be completed. The specified module

  Microsoft Visual Studio
  The operation could not be completed. The specified module could not be found.
  OK
  i get teh above erro r msg when i am trying to open the crystal report rpt file in design mode
  i tried taking a new crysttal report but that too gives me same error msg

  Does it say what dll/module it can't find? Check the Application log for more info.
  What happens if you create a new report? What happens if you open an old report?
  Have you install any VS 2005 CR patches?
  Try one of these samples:
  Non-Enterprise Samples
  http://wiki.sdn.sap.com/wiki/display/BOBJ/CrystalReportsSDKSampleApplications
  Thank you
  Don

• The operation could not be performed because OLE DB provider "OraOLEDB.Oracle" for linked server ...

  Our setup is that we have two databases; a SQL Server 2008 database and an Oracle database (11g). I've got the oracle MTS stuff installed and the Oracle MTS Recovery Service is running. I have DTC configured to allow distributed transactions. All access to the Oracle tables takes place via views in the SQL Server database that go against Oracle tables in the linked server.
  (With regard to DTC config: Checked-> Network DTC Access, Allow Remote Clients, Allow Inbound, Allow Outbound, Mutual Authentication (tried all 3 options), Enable XA Transactions and Enable SNA LU 6.2 Transactions. DTC logs in as NT AUTHORITY\NetworkService)
  Our app is an ASP.NET MVC 4.0 app that calls into a number of WCF services to perform database work. Currently the web app and the WCF service share the same app pool (not sure if it's relevant, but just in case...)
  Some of our services are transactional, others are not.
  Each WCF service that is transactional has the following attribute on its interface:
  [ServiceContract(SessionMode=SessionMode.Required)]
  and the following attribute on the method signatures in the interface:
  [TransactionFlow(TransactionFlowOption.Allowed)]
  and the following attribute on every method implementations:
  [OperationBehavior(TransactionScopeRequired = true, TransactionAutoComplete = true)]
  In my data access layer, all the transactional methods are set up as follows:
  using (IDbConnection conn = DbTools.GetConnection(_configStr, _connStr))
  using (IDbCommand cmd = DbTools.GetCommand(conn, "SET XACT_ABORT ON"))
  cmd.ExecuteNonQuery();
  using (IDbCommand cmd = DbTools.GetCommand(conn, sql))
  ... Perform actual database work ...
  Services that are transactional call transactional DAL code. The idea was to keep the stuff that needs to be transactional (a few cases) separate from the stuff that doesn't need to be transactional (~95% of the cases).
  There ought not be cases where transactional and non-transactional WCF methods are called from within a transaction (though I haven't verified this and this may be the cause of my problems. I'm not sure, which is part of why I'm asking here.)
  As I mentioned before, in most cases, this all works fine.
  Periodically, and I cannot identify what initiates it, I start getting errors. And once they start, pretty much everything starts failing for a while. Eventually things start working again. Not sure why... This is all in a test environment with a single user.
  Sometimes the error is:
  Unable to start a nested transaction for OLE DB provider "OraOLEDB.Oracle" for linked server "ORACLSERVERNAME". A nested transaction was required because the XACT_ABORT option was set to OFF.
  This message, I'm guessing is happening when I have non-transactional stuff within transactions, as I'm not setting XACT_ABORT in the non-transactional code (that's totally doable, if that will fix my issue).
  Most often, however, the error is this:
  System.Data.SqlClient.SqlException (0x80131904): The operation could not be performed because OLE DB provider "OraOLEDB.Oracle" for linked server "ORACLSERVERNAME" was unable to begin a distributed transaction.
  Now, originally we only had transactions on SQL Server tables and that all worked fine. It wasn't until we added transaction support for some of the Oracle tables that things started failing. I know the Oracle transactions work. And as I said, most of the time, everything is just hunky dorey and then sometimes it starts failing and keeps failing for a while until it decides to stop failing and then it all works again.
  I noticed that our transactions didn't seem to have a DistributedIdentifier set, so I added the EnsureDistributed() method from this blog post: http://www.make-awesome.com/2010/04/forcibly-creating-a-distributed-net-transaction/
  Instead of a hardcoded Guid (which seemed to cause a lot of problems), I have it generating a new Guid for each transaction and that seems to work, but it has not fixed my problem. I'm wondering if the lack of a DistribuedIdentifier is indicative of some other underlying problem. I've never dealt with an environment quite like this before, so I'm not sure what is "normal".
  I've also noticed that the DistributedIdentifier doesn't get passed to WCF. From the client, I have a DistributedIdentifier and a LocalIdentifier in Transaction.Current.TransactionInformation. In the WCF server, however there is only a LocalIdentifier set and it is a different Guid from the client side (which makes sense, but I would have expected the DistributedIdentifier to go across).
  So I changed the wait the code above works and instead, on the WCF side, I call a method that calls Transaction.Current.EnlistDurable() with the DummyEnlistmentNotification class from the link above (though with a unique Guid for each transaction instead of the hardcoded guid in the link). I now havea  DistributedIdentifier on the server-side, but it still doesn't fix the problem.
  It appears that when I'm in the midst of transactions failing, even after I shut down IIS, I'm unable to get the DTC service to shutdown and restart. If I go into Component Services and change the security settings, for example, and hit Apply or OK, after a bit of a wait I get a dialgo that says, "Failed ot restart the MS DTC serivce. Please examine the eventlog for further details."
  In the eventlog I get a series of events:
  1 (from MSDTC): "The MS DTC service is stopping"
  2 (From MSSQL$SQLEXPRESS): "The connection has been lost with Microsoft Distributed Transaction Coordinator (MS DTC). Recovery of any in-doubt distributed transactions
  involving Microsoft Distributed Transaction Coordinator (MS DTC) will begin once the connection is re-established. This is an informational
  message only. No user action is required."
  -- Folowed by these 3 identical messages
  3 (from MSDTC Client 2): 'MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system GCOVA38.'
  4 (from MSDTC Client 2): 'MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system GCOVA38.'
  5 (from MSDTC Client 2): 'MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system GCOVA38.'
  6 (From MSDTC 2): MSDTC started with the following settings: Security Configuration (OFF = 0 and ON = 1):
  Allow Remote Administrator = 0,
  Network Clients = 1,
  Trasaction Manager Communication:
  Allow Inbound Transactions = 1,
  Allow Outbound Transactions = 1,
  Transaction Internet Protocol (TIP) = 0,
  Enable XA Transactions = 1,
  Enable SNA LU 6.2 Transactions = 1,
  MSDTC Communications Security = Mutual Authentication Required, Account = NT AUTHORITY\NetworkService,
  Firewall Exclusion Detected = 0
  Transaction Bridge Installed = 0
  Filtering Duplicate Events = 1
  This makes me wonder if there's something maybe holding a transaction open somewhere?

  The statement executed from the sql server. (Installed version sql server 2008 64 bit standard edition SP1 and oracle 11g 64 bit client), DTS enabled
  Below is the actual sql statement issued
  SET XACT_ABORT ON
  BEGIN TRAN
  insert into XXX..EUINTGR.UPLOAD_LWP ([ALTID]
            ,[GRANT_FROM],[GRANT_TO],[NO_OF_DAYS],[LEAVENAME],[LEAVEREASON],[FROMHALFTAG]
            ,[TOHALFTAG] ,[UNIT_USER],[UPLOAD_REF_NO],[STATUS],[LOGINID],[AVAILTYPE],[LV_REV_ENTRY])
            values('IS2755','2010-06-01',
  '2010-06-01','.5',     'LWOP'     ,'PERSONAL'     ,'F',     'F',     'EUINTGR',
  '20101',1,1,0,'ENTRY')
  rollback TRAN
  OLE DB provider "ORAOLEDB.ORACLE" for linked server "XXX" returned message "New transaction cannot enlist in the specified transaction coordinator. ".
  Msg 7391, Level 16, State 2, Line 3
  The operation could not be performed because OLE DB provider "ORAOLEDB.ORACLE" for linked server "XXX" was unable to begin a distributed transaction.
  Able to execute the above statement successfully without using transaction.We need to run the statement with transaction.

• Logout Functionality in Form Based Authentication Not Working Properly

  Hi All,
  I am using Form Based Authentication in ADF. In this I followed the following steps:-
  1.Login On Page.
  2.In successful login page ,copy the url
  3.Click on "Logout"
  4.Paste the url in login page and click enter
  5.System taking me back to that page where I can perform all the actions.
  But the Login operation should not happen just by entering the url. Please provide any help how to stop redirecting to my authenticated page just by typing the url. This is a big security constraint.Any Assistance to this is highly appreciated.
  Thanks & Regards
  Lovenish Garg

  Hi BaiG,
  For Login I am using the form based authentication and for logout here is my code:-
  public void logout() {
  ExternalContext ectx =
  FacesContext.getCurrentInstance().getExternalContext();
  HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
  HttpSession session = (HttpSession)ectx.getSession(false);
  session.invalidate();
  response.setHeader("Cache-Control", "no-cache");
  response.setHeader("expires", "0");
  response.setHeader("Pragma", "no-cache");
  try {
  response.sendRedirect("AdminLogin.html");
  } catch (IOException e) {
  logger.severe(e.getMessage());
  //Inform JSF to not take the response in hands
  FacesContext.getCurrentInstance().responseComplete();
  logger.info("session invalidated");
  Thanks,
  Lovenish Garg