Issue in Delegation

Similar Messages

• Serious issue in delegated administration

  I have serious issue in delegated administration. i have created delegated admin
  role and assign to group. so that i should be able to view/modify only that
  group, but i can view/modify using API all groups irrespective whether the role
  is assigned or not for a group.
  I have scenario like this.
  1. Create a group called "officeAdmin"
  2. Create a group called "users" under group "officeAdmin"
  3. Create a user called "companyadministrator" under "everyone" tree structure
  of admin portal
  4. create delegated administrator role called "companyrole" for a user "companyadministrator"
  5. assign "companyrole" to group "officeAdmin". so user "companyadministrator"
  will be administrator for "officeadmin" group and its child.
  Now my requirements is when "companyadministrator" login i should get only groups
  which he can administer i.e in this case i should get only "officeadmin" and "users"
  groups.
  Please help me how i should programatically get the groups "officeadmin" and "users"
  when "companyadministrator" logs in.
  test the scenaio : create the above scenario using admin portal and then login
  as "companyAdministrator" and you can see only "officeAdmin" and its child groups.
  thanks, shashi

  Jeanne,
  Thanks for answering.
  I tried changing the setting Preferred Navigation Pane
  Format, however, the results were not satisfactory.
  What is the most interesting aspect of the second issue
  (broken Glossary pane) is that the issue exists in newer browsers
  or browser versions (on Linux an HP-UX) and that on Windows
  systems, the issue was not seen with all browsers which were
  tested.
  Has anybody else spotted these issues, too?

• Linked Server : The old "Login failed for users "NT Authority\Anonymous Logon" issue

  Two SQL Servers: SQL Server 2008 sp3 and SQL Server 2014We are transitioning from 2008 to 2014.  We have need of some linked servers whilst this is ongoing.
  We've used them before, and indeed I set them up quite easily or so I thought.
  On the 2014 server, I can test the connection and everything ok.  If I logon to the linked server instance (ie the 2008 server) on the 2014 server, and connect to 2014 server, and test, I get the Error: 18456 Login failed error message.
  If I create a linked server on any instances of the 2008 server pointing to the 2014 server, no problems whatsoever going in that direction.
  Note that I'm selecting "Be made using the login's current security context"
  The 2008 sql server services is using a domain account as it's logon, whereas the 2014 server is using Managed Service Accounts.
  I've checked the SPN's and they all seem to be set ok.
  I then thought that perhaps there was an inconsistency with the Managed Service Account not being recognised (although does work when actually on the 2014 server).  I then changed (using Sql Server config manager) the account being used for the MSSQLSvc
  from the managed service account to the same account used by the 2008 sql server.  This seems to have produced a certain degree of success.  I can now test the connection from my local ssms and the 2008 server and these work ok for the most part. 
  I presumed I had a workaround and did further testing, however it doesn't always seem to run true.  This could of course be due to me not taking the same steps to reproduce the original workaround.
  This is effectively a transient condition as eventually we won't need the linked servers, however, they are needed for at least the next 2-3 months.
  Could anyone help explain the nature of this problem and where I'm going wrong?
  Regards
  Ian

  Hello,
  In addition to what Ashwin has asked (though the anonymous error message kind of gives it away):
  It does sound (I know you have you checked, but SPNs can be tricky devils) like an SPN issue or delegation issue
  The first thing I would point you to is the Kerberos Checking Tool for SQL Server. It's pretty new but in my testing it's been very accurate. Download, run it, and check the output:
  http://www.microsoft.com/en-us/download/details.aspx?id=39046
  Secondly, I would point you to this entry (yes, made by me):
  http://www.seangallardy.com/2014/05/using-kerberos-with-sql-server-part-1-double-hop/
  The reason why it works when you login from the 2008 server or the 2014 server and go to either or is because you're not double-hopping. You're local to the server, there is no delegation involved.
  Sean Gallardy | Blog
  MCM 2008
  MCSM:Data Platform Charter Member

• Delegation of permissions to join computers to domain

  Hi
  Am having some issues with delegating permissions to users for joining machines to the domain.
  I have delegated permissions to a group of users which allows then to join machines to the domain, they can join and disjoin but the only problem is they cannot rejoin if the computer account still exists. 
  They get the following error
  The Join operation was not successful, This could be becuase an existing computer account having name xxxxxx  was previously created
  using a different set of credentials.
  Access Denied
  Can someone tell me what extra delegation permissions i need to give to these users to be able to do this.
  Thanks

  Hello,
  please see http://support.microsoft.com/kb/932455/en-us "Users cannot reset passwords" how to configure the permission to reset the machine password which is required to rejoin machines
  to the domain where the machine name already exist in AD.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Mailflow Problem After Migrating Mailbox From 2007 to 2013

  I thought I was at the point of migrating our mailboxes from 2007 to 2013.  I had created a new test mailbox on the 2013 server and changed all the DNS and virtual directories for the legacy on the 2007 server and was able to successfully send mail
  to the test mailbox out and in both internally and externally.  Then I migrated my first mailbox from 2007 to 2013 and things went south.
  I CAN NOT:
  Send e-mail from a mailbox on the 2007 server to the migrated mailbox on the 2013 server.
  Send e-mail from migrated mailbox to external e-mail address.
  I CAN:
  Send e-mail from the migrated mailbox to a 2007 mailbox and the test mailbox on the 2013 server.
  Send e-mail from the internet to the migrated mailbox and the 2013 test mailbox.
  I unfortunately am running Exchange 2013 with CU6 (I am already aware of the activesync issue and delegation crash issue but saw the info too late).
  Suggestions please!!

  Hi,
  Before going further, I'd like to ask the following questions to troubleshoot the issue:
  1. Could you send email from 2007 mailbox to the test mailbox on 2013 server? 
  2. Did you get any NDR message when sending email to the migrated mailbox failed?
  In addition, I recommend you try the following methods to find out the root cause:
  1. Try to use message tracking tool in exchange 2007 server ,it will help us to find the email which was sent to the migrated mailbox .
  2. Run the following command to check the permission groups of the receive connector:
  Get-Receiveconnector |fl Name,PermissionGroups,Exchangeversion
  Best regards,
  Niko Cheng
  TechNet Community Support

• PTR issues once the IP address range has been delegated to our name servers

  In the past, with only a DSL line, our ISP provided our forward and reverse dns entries for our zone and we never had problems with outgoing email. Recently, we've upgraded to a managed T1 line and have decided to run our own name servers on two xserves (one on the T1 subnet and one on a DSL line). Now, many email servers won't accept mail from a mail server without a matching PTR record. We've had our ISP delegate authority of our IP address range to us.
  With DNS service on, I've checked that our named.conf file refers to the db.xxx.xxx.xxx file contained in /var/named/ which contains the correct PRT entry: xxx.xxx.xxx.xxx.in-addr.arpa. IN PTR xserve.example.com.
  However, when using an external DNS server a "host name for address" search in Network Utility using the IP address, it only replies with:
  xxx.xxx.xxx.xxx.in-addr.arpa. 166154 IN CNAME 202.192/xxx.xxx.xxx.xxx.in-addr.arpa. Which refers to the IP range that our ISP has delegated to us.
  When using our xserve as the DNS server, the host name is returned correctly, though.
  Any thoughts? I've double checked with our ISP and they say they have delegated the IP address block to us.
  Xserve G5   Mac OS X (10.4.8)  
  Xserve G5   Mac OS X (10.4.8)  
  Xserve G5   Mac OS X (10.4.8)  
  Xserve G5   Mac OS X (10.4.8)  

  We had a similar problem in the past and could not explain why it was not working. The reason simply was that our carrier (the ISP owning the IP addresses) reserved the right to set PTR records only on their systems. Therefore our PTR record was simply ignored.
  So I would recommend contacting the support of your ISP/carrier, explaining your issue and let them set up the PTR record on their DNS properly.
  Edit: Sorry, noticed that it has been solved already; for any reason I saw only your first post. So ignore my reply.

• MGE - issues with pers. actions for delegation in ECC6.0 - management of global employees

  Hi experts,
  during implementation of MGE at my client we are facing issues with the personnel actions for delegation.
  We were using the standard actions as follows, without success.
  action Expatriation planning (81), IG 92 via PA40 --> new persno. has been created successfully, empl. status has been set to withdrawn, IT715 "host" has been set to "planned", IT710 has been filled (required fields only, no admin, no manager, no sending pers. assignment info), all payroll relevant ITs have been skipped (706 + 707)
  IT715 has been set to "to be activated" via PA30
  running of report RPMGE_Activation for newly created persno.(assignment nr), pers. action 82 Activation in host country, IG GE --> following ISSUES occure:
  Action can not be executed via PA40 (is this normal behaviour?)
  when running with report, employm. status changed to active
  IT715 "host" has not been changed updated in status (should have been updated to "in progress", right?)
  IT715 "home" has not been created (correct?)
  IT710 has not changed
  Background information:
  > Switch MAINS is activated
  > We are not going to use global payroll! No switch has been activated. Payroll will always run in home country, so the client does not want to use any of the py relevant ITs dealing with global employment.
  Many thanks + best wishes,
  Evelyn

  Hi experts,
  short update on our issue:
  After several times of trying the same thing, the report worked out fine as it should for 82 and also in the next step for 83. IT715 is going to be updated correctly. We need to work with the report and not with PA40.
  Some open questions remain:
  - Set home assignment to active during delegation (not to inactive for payroll reasons in home country)
  Documentation for RPMGE_Activation says
  Home Activation (Active) (84)
  Same process as described above, excpet that in the third step, the Employment Status field in infotype Action (0000) is set to Active if there are any trailing payments in the home country.
  We understand that 84 is identical to 83 but employment status is different.
  For action 84 a different IG is underlying (93) than for 83 (GE) and also it is called "Change expat.planning". The Action does not seem to work with the report as well.
  >> Is this correct? Do we need to create our own Home Activation (Active) Action by coping 83, changing the employment status setting?
  How do we need to configure Feature ACTCE then? EXPATACTHOME would need to have 2 entires at the end, no?
  - End of delegation
  Which actions are used for end of delegation? Are there standard once that we could not find?
  We would like to set the host country to withdrawn and the home country back to active (also change of employee group in this case).
  Also using the logic of IT715, is there any automatic way of changing the host country record to status completed, or would we use an exit action, including IT715 and set status manually?
  Same question for home country.
  Many Thanks,
  Evelyn

• SSRS Integrated Mode and SSAS delegation issue

  We have setup SharePoint 2010 with SSRS 2008 R2 and all the Kerberos goodies to do delegation. However, we have a small issue that I believe is due to caching. We setup roles in the cube that restricts what a user can see. If we access the report in SharePoint
  with a user who belongs to the restricted role, everything is trimmed as expected. However, if we access the report immediately as the user who is not restricted they see the restricted data. If we wait a couple of minutes and do the same steps only switch
  which user goes first, unrestricted data is displayed. If we do an IIS/SSRS reset in between the two tests, everything works as expected. Where should I be looking for caching? SharePoint, SSRS, SSAS? Any ideas are welcome.

  You can check for instance caching on the report under the report execution propertes.  With instance caching disabled for a deployed report, each user shuld get a fresh copy of the report and see the results of a new query each time.Paul Turley, MVP, www.SQLServerBIBlog.com *Please vote if helpful*

• DCDIAG reports broken delegations but not having any DNS issues.

  I am planning on moving my 2003 domain to a 2012 domain, I need to resolve all the dns issues with my current domain. When i run DCDIAG i get the following error for all of my name servers. I have 3 seperate forests. I use forwarders to forward to all my
  dns servers. I have no DNS issues as far as i know. When i run dcdiag on any of my DC's i get the following error for everyone of my Name Servers.
  DNS server: 20.26.212.204 (server.mydomain.com.)
  4 test failures on this DNS server
  This is a valid DNS server
  Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
  Delegation is broken for the domain mydomain.com.mydomain.com. on the DNS server x.x.x.x
  [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
  The only zones in my dns are the _msdcs.mydomain.com and mydomain.com. I do not understand why it is saying mydomain.com.mydomain.com in the error. I am not sure where else to look to try and resolve this error.
  Any help greatly appreciated.
  Thanks for your help

  Hi,
  Base on my experience, that must be the Delegated zone issue, this issue is because the new DNS
   has duplicated the name for parent and child domain, you can try to backup your current DNS then delete the duplicate zone then restart the DNS service.
  More information:
  Back up a Zone File
  http://technet.microsoft.com/en-us/library/ee649198(v=ws.10).aspx
  Understanding Zone Delegation
  http://technet.microsoft.com/en-gb/library/cc771640.aspx
  Create a delegation for a domain controller
  http://technet.microsoft.com/en-us/library/cc757375(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Continuing delegated admin issues

  Folks,
  I have install nda on our production machine. When I try to login as ServiceAdmin (which is the mail admin in ldap) it says invalid credentials.
  I have more problems with delegated admin -- I am starting to hate it....

  The command line is your friend. Learn it, use it, love it. :-)
  Seriously, for account creation/deletion, I've written scripts for doing that. Much easier than the GUI. Besides, the GUI doesn't delete PAB entries (last I checked). I also have a script for setting a user's password.
  I do have one question: Why doesn't the iDA allow me to modify a user's mail filter? I can do other stuff, but not that.
  Roger S.

• Delegated role administration issue

  1. Created roles role 1 and role 2
  2. Created an admin role to manage membership of role 1 and role 2
  3. Created user 1 assigned to role 1
  4. Created user 2 assigned to role 2
  5. Created admin 1 assigned to admin role
  6. Created an authorization policy with:
  Permissions (Modify Role Membership, Search for Role, View Role Category Detail, View Role Detail, View Role Membership)
  Data Constraints (Role 1 and Role 2)
  Assignment (admin role)
  7. Logged in as admin 1 into OIM, can't find administration (or other) links using which i can modify role membership of role 1 or role 2
  Is there something else that i must be doing? Please help?
  Thanks in advance.

  Rajiv,
  Thanks for the help. In my authorization I had to add "create role" to the permissions, only then administration link showed up. This probably is a bug as i don't want this user account to have create role functionality, but only modify role membership. Anyways, this works for now.
  Permissions before admin link showed up
  Modify Role Membership
  Search for Role
  View Role Category Detail
  View Role Detail
  View Role Membership
  permissions after admin link showed up
  Create Role
  Modify Role Membership
  Search for Role
  View Role Category Detail
  View Role Detail
  View Role Membership
  Thanks much,
  Prasad.

• Client Internet Access Issue

  Hi,
  I just set up a leopard server 2 days back and everything seems to work properly. It is behind a router/switch. I configured my MBP as a directory client and that went fine too. Expect I'm having issues while accessing certain things:
  1) Mail can't access the Gmail IMAP server and other external servers, It DOES connect to the leopard server's mail service.
  2) Adium looses connection to AIM/MSN etc.
  3) I cannot access any web sites in Safari (Amazingly enough I found out that I can access Wikipedia.org but can't go to any other sites, even Apple.com doesn't work) this shows there is internet connection but leopard is acting goofy.
  Interestingly, Transmission works fine... It downloads & uploads torrents perfectly fine.
  Windows machines on the network seem to work fine. only Leopard clients are acting up.
  I tried making a VPN connection to the leopard server from my MBP and then I can access everything. But it's not the solution I'm looking for since VPN connection drops every now and then. Plus it doesn't really make sense to make a VPN connection while you're on the LAN.
  Any ideas what's wrong? How to go about solving this issue. This is my first Mac Server so I'm out of ideas.

  The Mac clients automatically configured themselves to use the Leopard server as the DNS server... which was causing the issue... properly delegated the DNS and everything is up and running!

• Issues with SharePoint 2013 after upgrading from windows 2012 to 2012 r2

  We have a Sharepoint with Sp1 environment on windows 2012. Recently we upgraded the windows 2012 to 2012 r2. After the upgrade sharepoint environment is completely unstable.
  At first all the sites returned 401 errors. After resolving by resetting the object cache accounts the sites are back.
  Then i see that none of the performance point dashboards work. I figured that claims to windows token service is defaulted to local system account. I previously configured with a domain account. I reconfigured to work with domain account. 
  All the dashboard pages throw error.
         Some Error logs:Failed to get document content data. System.ComponentModel.Win32Exception (0x80004005): Cannot complete this function     at Microsoft.SharePoint.SPSqlClient.GetDocumentContentRow 
  Application error when access /Dashboards/Performance Dashboard/Main.aspx, Error=The EnableScriptGlobalization property cannot be changed during async postbacks or after the Init event.   at System.Web.UI.ScriptManager.set_EnableScriptGlobalization(Boolean
  value)    
    4.  I tried to create a new dashboard and this time the performancepoint designer wont launch. After some troubleshooting i see that c2w host file didnot have the caller  C:\Program Files\Windows Identity Foundation\v3.5. 
         I added <add value="WSS_WPG" /> and now it launches
    5.  Now the Dashboard launches and peruser identity works without having kerberos enabled at IIS. I have all the spn and required delegations setup for this url . But i did not configure at the IIS level
  yet.
  It looks like lot of things got messed up and reset. Can we upgrade to windows 2012 r2 with a sharepoint application inplace. what is the recommended approach and Whats happening with Performancepoint dashboards. IS there a known issue with sharepoint 2013
  sp1.
  Raj-Shpt

  Thanks for the above article. Few issues are solved . One of the main issue is with Performancepoint Dashboard.
   I have all the spn and required delegations setup for this url . But i did not configure at
  the IIS level yet. Still per user identity works without having kerberos enabled at IIS.
  Raj-Shpt

• Login issues with xelsysadm along with ORA-01000 (cursor exceeded) error

  Hi,
  I am facing an strange problem.
  Because of below error i am facing an intermitant issues for login to OIM web console and Design console with user xelsysadm. Some time the login in successfull else the error is generated.
  For the error -- ORA-01000: maximum open cursors exceeded
  We had talked to DB team an increased the cursor limit from 300 to 800. But still the same issue.
  So, let me know whether this can be resolved if i take bounce of the web logic server or there is some other solution?
  Thanks in advance and some respond ASAP as this is production server and this issue need to be resolved soon.
  Getting below errors in the system:
  ERROR,20 Apr 2011 08:35:19,613,[XELLERATE.WEBAPP],Class/Method: tcLogonAction/execute encounter some problems: User account is invalid. Username: xelsysadm
  ERROR,20 Apr 2011 08:40:00,056,[XELLERATE.ACCOUNTMANAGEMENT],Class/Method: Authenticate/connect encounter some problems: ORA-01000: maximum open cursors exceeded
  java.sql.SQLException: ORA-01000: maximum open cursors exceeded
  at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:70)
  at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:112)
  at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:173)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:413)
  at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1030)
  at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:194)
  at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:785)
  at oracle.jdbc.driver.T4CPreparedStatement.executeMaybeDescribe(T4CPreparedStatement.java:860)
  at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1186)
  at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3381)
  at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3425)
  at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeQuery(OraclePreparedStatementWrapper.java:1490)
  at com.thortech.xl.security.Authenticate.getPropertyValue(Authenticate.java:459)
  at com.thortech.xl.security.Authenticate.connect(Authenticate.java:117)
  at com.thortech.xl.security.Authenticate.connect(Authenticate.java:71)
  at com.thortech.xl.security.wl.XellerateLoginModuleImpl.login(XellerateLoginModuleImpl.java:159)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.GeneratedMethodAccessor7737.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
  at sun.reflect.GeneratedMethodAccessor132.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
  at $Proxy16.login(Unknown Source)
  at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(Unknown Source)
  at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
  at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
  at $Proxy34.authenticate(Unknown Source)
  at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(Unknown Source)
  at weblogic.security.service.PrincipalAuthenticator.authenticate(Unknown Source)
  at weblogic.security.acl.internal.Security.authenticateLocally(Security.java:127)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:165)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:146)
  at weblogic.security.auth.Authenticate.authenticate(Authenticate.java:112)
  at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:184)
  at sun.reflect.GeneratedMethodAccessor7746.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(Unknown Source)
  at Thor.API.tcUtilityFactory.<init>(Unknown Source)
  at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:178)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)
  ERROR,20 Apr 2011 08:40:00,058,[XELLERATE.ACCOUNTMANAGEMENT],Class/Method: XellerateLoginModuleImpl/login encounter some problems:
  com.thortech.xl.security.tcLoginException:
  at com.thortech.xl.security.tcLoginExceptionUtil.createException(tcLoginExceptionUtil.java:96)
  at com.thortech.xl.security.tcLoginExceptionUtil.createException(tcLoginExceptionUtil.java:67)
  at com.thortech.xl.security.Authenticate.connect(Authenticate.java:269)
  at com.thortech.xl.security.Authenticate.connect(Authenticate.java:71)
  at com.thortech.xl.security.wl.XellerateLoginModuleImpl.login(XellerateLoginModuleImpl.java:159)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.GeneratedMethodAccessor7737.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
  at sun.reflect.GeneratedMethodAccessor132.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
  at $Proxy16.login(Unknown Source)
  at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(Unknown Source)
  at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
  at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
  at $Proxy34.authenticate(Unknown Source)
  at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(Unknown Source)
  at weblogic.security.service.PrincipalAuthenticator.authenticate(Unknown Source)
  at weblogic.security.acl.internal.Security.authenticateLocally(Security.java:127)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:165)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:146)
  at weblogic.security.auth.Authenticate.authenticate(Authenticate.java:112)
  at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:184)
  at sun.reflect.GeneratedMethodAccessor7746.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(Unknown Source)
  at Thor.API.tcUtilityFactory.<init>(Unknown Source)
  at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:178)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)
  ERROR,20 Apr 2011 08:40:00,060,[XELLERATE.ACCOUNTMANAGEMENT],Class/Method: tcUtilityFactory/tcUtilityFactory(Hashtable env, tcSignatureMessage poUserIDMessage) encounter some problems: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
  javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
  at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)
  at sun.reflect.GeneratedMethodAccessor7746.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(Unknown Source)
  at Thor.API.tcUtilityFactory.<init>(Unknown Source)
  at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:178)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)
  ERROR,20 Apr 2011 08:40:00,060,[XELLERATE.SERVER],Class/Method: QuartzWrapper/execute encounter some problems: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
  Thor.API.Exceptions.tcAPIException: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
  at Thor.API.tcUtilityFactory.<init>(Unknown Source)
  at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:178)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)
  [CMGR WARNING] Removing connection pool siebel.tcpip.None.none://172.30.16.51:2321/UW_PROD/eCommunicationsObjMgrClone_enu/!b.3c26
  <com.siebel.common.common.CSSException>
  <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
  </com.siebel.common.common.CSSException>
  at com.siebel.om.conmgr.Connection.readPacket(Connection.java:550)
  at com.siebel.om.conmgr.Connection.run(Connection.java:286)
  at java.lang.Thread.run(Thread.java:619)
  [CMGR FATAL] Error: <com.siebel.common.common.CSSException>
  <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
  </com.siebel.common.common.CSSException> connection:d0214e
  *************************************************************************************************************

  Thanks for giving me an solution..
  The cursor limit was incresed from 300 to 800 then for some hours the things went with no issues, the login was successfull and no errors in the logs. But again the same issue had arrisen.
  For now i have taken bounce of the welogic servers because of the bounce i hope the existing/stuckup connections have been released and now the application is working fine and with no issues.
  But is taking the bounce of the application server is the only solution for getting the things back to normal
  Or
  whether we need to take some other steps even after increasing the cursor limit the things don;t work.
  Thanks,

• Issues after installing Hotfix Rollup 5 for SP3

  Hi,
  Last weekend we installed Hotfix Rollup Pack 5 for SP3 on our (single) Exchange 2010 Enterprise server.
  This was needed to fix the WebApp Light issue with IE11 and to fix the problem where users were unsable to delete mails sent from multifunctionals.
  These 2 issues were fixed by installing the hotfix rollup pack, but now our users have different problems...
  Some users (not all of them, haven't found a common denominator yet) report that they don't see new mails in their Outlook 2010 box, even though they got the envelope notifier.
  When they change folder and back to the Inbox the new mail is suddenly visible.
  Same sort of "delay" happens when users mark a message for follow-up or try to change a message from unread to read.
  Some users also report that they see delegated mailboxes (mailboxes from other users that they have full mailbox access to) twice in their Outlook 2010.
  Outlook 2010 is running in online mode (because it's running on terminal/citrix servers), so it's no issue with caching as far as I understand.
  I've already checked if there are any updates for Outlook available, but we've installed them all already.
  I though I'd found something:
  Noticed a lot of errors in the application log on the Exchange Server which pointed me to this:
  http://theintegrity.co.uk/2010/08/mapi-session-exceeded-the-maximum-of-500-objects-of-type-objtfolder/
  I've added the registry values now with a value of 1500, but unfortunately this didn't help.
  The errors in the eventlog are gone, but even after restarting the IS some users still have these problems.
  One user reported that it takes about 7 minutes for a read mail to actually switch to "read" when looking at his inbox.
  Did anyone else notice these problems? And maybe have a fix for them?
  I really don't want to roll back the update :(
  I even rebooted the Exchange Server after installing the rollup even though that wasn't even necessary
  Thanks in advance!
  Regards,
  Jeroen

  Correct - http://support.microsoft.com/kb/2925273 discusses this issue.
  If you do raise a support case to request this, please ensure that you review and understand the requirements for IU installation and removal.
  For example:   You *MUST* manually remove it prior to installing Exchange 2010 SP3 RU6.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.