Issue with authentication of users of one domain while logging on to EPM/HFM(we have 3 domains in total)

Similar Messages

• Issue with navigate to more than one domain within the same app

  We would like to create an application for Excel, starting page of which redirects user to other domains (we have separate domain for each customer).
  We followed the instructions described here: https://msdn.microsoft.com/en-us/library/office/jj715716.aspx?ppud=4
  But they helped us only for Desktop version of Excel, in Excel Online we have problems with conversationId.
  If during redirect we keep only window.location.search - exception about null conversationId appears. 
  If during redirect we pass window.location.search and window.location.hash - we have error during call to ContextActivationManager_getAppContextAsync with message 'Failed origin check'.
  Manifest example:
  <?xml version="1.0" encoding="utf-8"?>
  <OfficeApp
  xmlns="http://schemas.microsoft.com/office/appforoffice/1.1"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:type="ContentApp">
  <Id>01eac144-e75a-45a7-b6d7-f1cc60ab0129</Id>
  <Version>1.0.0.0</Version>
  <ProviderName>XYZ</ProviderName>
  <DefaultLocale>en-US</DefaultLocale>
  <DisplayName DefaultValue="XYZ Excel app" />
  <Description DefaultValue="XYZ Excel app" />
  <AppDomains>
  <AppDomain>https://a.xyz.net</AppDomain>
  <AppDomain>https://b.xyz.net</AppDomain>
  </AppDomains>
  <Hosts>
  <Host Name="Workbook" />
  </Hosts>
  <DefaultSettings>
  <SourceLocation DefaultValue="https://xyz.net/index.html" />
  <RequestedWidth>400</RequestedWidth>
  <RequestedHeight>300</RequestedHeight>
  </DefaultSettings>
  <Permissions>ReadWriteDocument</Permissions>
  <AllowSnapshot>false</AllowSnapshot>
  </OfficeApp>

  Hi Edward,
  Thank you very much for your response.
  Main problem is that after redirect we will be on the page, that wants to behave like app for Office and have access to Office JS api. But initialization of Office JS api fails.
  Here is sample code, used bubbles application as example:
  <html>
  <head>
  <title>Redirect test</title>
  <script src="https://appsforoffice.microsoft.com/lib/1.1/hosted/office.debug.js" type="text/javascript"></script>
  <script type="text/javascript">
  Office.initialize = function (reason) {
  console.log('Office.initialize called');
  var APP_URL = "https://bubbles.azurewebsites.net";
  function redirect() {
  performRedirect(APP_URL);
  function redirectWithSearch() {
  performRedirect(APP_URL + window.location.search);
  function redirectWithHash() {
  performRedirect(APP_URL + window.location.search + window.location.hash);
  function performRedirect(url) {
  console.log('url = ' + url);
  window.location.href = url;
  </script>
  </head>
  <body>
  <button type="button" onclick="redirect()">Redirect to bubbles app</button>
  <br/>
  <button type="button" onclick="redirectWithSearch()">Redirect to bubbles app with search</button>
  <br/>
  <button type="button" onclick="redirectWithHash()">Redirect to bubbles app with search and hash</button>
  </body>
  </html>
  Beat regards,
  Mary

• Issue with authenticating a user in OBIEE Application

  We have few users all of which are able to authenticate themselves in the QA Environment. When we moved the webcatalog from DEV to QA one of the users named CAROLAIG stopped geting authenticated and hence couldnot enter in to the system. We tried deleting the CAROLAIG and CAROLAIG.atr from the Users folder present in the wecatalog but it did not help. The issue is coming up after the webcatalog migration. We are failing to understand how the webcatalog controls the authentication mechanism and make this happen. All the other users continue to work perectly.
  The OBIEE version used is 11.1.1.5. The complete webcatalog migration from dev to QA has been done.
  Edited by: 925099 on Jul 10, 2012 4:56 AM

  Hi,
  Its not the catalog which takes care of authentication but its the OPSS. In OBIEE, the catalog and .rpd hold the GUID of the users in the OpenLDAP of weblogic (If not integrated with any other authentication mechanism). The GUID from the Active Directory is always cross-checked with the one stored in catalog and .rpd during authentication.
  So, in your case too the GUID (old one that was got from QA LDAP) might have conflicted with the new one from the production environment and hence the user fails to be successfully authenticated and hence needs a refresh.There are some steps to refresh the GUID in your case in oracle documentation.
  Hope this helps.
  Thank you,
  Dhar

• An issue with authentication and authorization on ISE 1.2

  Hi, I'm new to ISE.
  I have an issue with authentication and authorization.
  I have ISE 1.2 plus patch 6 installed on VMware.
  I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
  On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
  I created  authentication and authorization rules with Active Directory  as External Identity Source. Also I applied  authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for  authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
  I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
  I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
  What  should I do to resolve this issue?
  Switch configuration:
   testISE#sh runn
  Building configuration...
  Current configuration : 7103 bytes
  ! Last configuration change at 12:20:15Tue Apr 15 2014
  ! NVRAM config last updated at 10:35:02  Tue Apr 15 2014
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname testISE
  boot-start-marker
  boot-end-marker
  no logging console
  logging monitor informational
  enable secret 5 ************
  enable password ********
  username radius-test password 0 ********
  username admin privilege 15 secret 5 ******************
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
   client 172.16.0.90 server-key ********
  aaa session-id common
  clock timezone 4 0
  system mtu routing 1500
  authentication mac-move permit
  ip dhcp snooping vlan 1,22
  ip dhcp snooping
  ip domain-name elauloks
  ip device tracking probe use-svi
  ip device tracking
  epm logging
  crypto pki trustpoint TP-self-signed-1888913408
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1888913408
   revocation-check none
   rsakeypair TP-self-signed-1888913408
  crypto pki certificate chain TP-self-signed-1888913408
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  ip ssh version 2
  interface FastEthernet0/5
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/6
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/7
  interface Vlan1
   ip address 172.16.0.204 255.255.240.0
   no ip route-cache
  ip default-gateway 172.16.0.1
  ip http server
  ip http secure-server
  ip access-list extended ACL-ALLOW
   deny   icmp any host 172.16.0.1
   permit ip any any
  ip radius source-interface Vlan1
  logging origin-id ip
  logging source-interface Vlan1
  logging host 172.16.0.90 transport udp port 20514
  snmp-server community public RO
  snmp-server community ciscoro RO
  snmp-server trap-source Vlan1
  snmp-server source-interface informs Vlan1
  snmp-server enable traps snmp linkdown linkup
  snmp-server enable traps mac-notification change move
  snmp-server host 172.16.0.90 ciscoro
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  radius server ISE-Alex
   address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
   automate-tester username radius-test idle-time 15
   key ******
  ntp server 172.16.0.1
  ntp server 172.16.0.5
  end

  Yes. Tried that (several times) didn't work.  5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts.  Kept getting error message that username and password invalid.  Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick.  Think there is an issue with imap.gmail.com and IOS 6.0.1.  I'm sure the 5 of us suddently experiencing this issue aren't the only ones.  Apple will figure it out.  Thanks.

• Issue with Active Directory User Target Recon

  Hi ,
  I am facing an issue with Active Directory User Target Recon
  My environment is OIM 11g R2 with BP03 patch applied
  AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
  In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
  When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
  Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
  Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
  Checked the user profile of users processed can see AD account provisioned for users
  My query is why this job is not processing allthe users.Please point if i am missing some thing .
  thanks in advance

  Check the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
  -Bikash

• We had some accuracy issues with NI 5112 scope in one of the ATE and then I decided to perform self calibration using Labvidew vi to perform "niScope_CalSelfCalibrate(handle, "", 0);" function.

  We had some accuracy issues with NI 5112 scope in one of the ATE and then I decided to perform self calibration using Labvidew vi to perform “niScope_CalSelfCalibrate(handle, "", 0);” function.
  But it made it worse. I tried using option 2 to restore but it did not work.
  Could you pls advice me to resolve this issue.

  Hi Ana10,
  Are you using this digitizer with NI VideoMaster? if not you should probably post this in the Digitizer forums. That said I would suggest using the self calibrate function in MAX for this device rather than the LabVIEW API method just so that you can rule out any errors in correctly configuring the digitizer for self cal in LabVIEW. Also you should ensure that all inputs are disconnected before performing a self cal. If this still results in an error in calibration you could refer to the following document or arrange to return the digitizer to NI for external calibration.
  http://www.ni.com/pdf/manuals/370328e.pdf
  Hope this helps,
  Nick

• How do i set the proxy user in FF 3.6.13, this entry was existing earlier its gone now. using IE with entries in user account pwds works while FF doesn't.

  How do i set the proxy user in FF 3.6.13.
  previous versions had an entry for proxy user.
  its gone now.
  using IE with entries in user account pwds works while FF doesn't.
  too bad have to change back to IE :-(

  You can find the connection settings in Tools > Options > Advanced : Network : Connection
  See "Firefox connection settings":
  *[[Firefox cannot load websites but other programs can]]

• Sync issues with photos My iPhone 6 plus has 743 pictures...Itunes shows I have 2480 photos on my phone which is not true.

  Sync issues with photos My iPhone 6 plus has 743 pictures...Itunes shows I have 2480 photos on my phone which is not true.

  There are multiple reasons that lead to issue. You should read the troubleshooting guide to get the right solution to solve the issue: iPhone, iPad, or iPod touch not recognized in iTunes for Windows - Apple Support

• TS4605 Hi, I was working in WORD on a file containing huge data. My machine just hung up one day while working and now I seem to have lost the file how do I get it back.  Please HELP me.

  Hi, I was working in WORD on a file containing huge data. My machine just hung up one day while working and now I seem to have lost the file how do I get it back.  Please HELP me.

  Well, iCloud has nothing to do with this.
  Do you have the built-in backup function Time Machine running on your Mac?
  See: http://support.apple.com/kb/ht1427

• If I buy an in app purchase with iTunes account "B" on my ipad, while logged into a different gamecenter, will it show up on Apple ID "A" email?

  If I buy an in app purchase with iTunes account "B" on my ipad, while logged into a different gamecenter, will it show up on Apple ID "A" email? I am trying to buy an in app purchase for Clash Of The Clans. My gamecenter is associated with Apple Account "A", but if I purchase the in app purchase under Apple Account "B", will it show up in Apple Account "A" email, due to it being associated via gamecenter? Please reply!

  No. An in-app purchase can only be made through the same iTunes Store account that the game was originally purchased through and will be linked only to that account. Receipts will be mailed only to the email address associated with that Apple ID. What Game Center account the game is linked to will be, to the best of my knowledge, irrelevant.
  Regards.

• Issues with only certain users under AD Auth

  Tim,
       I wanted to find out of new copies of install documents for JAVA AD Auth and SSO for Windows.  I have one from mid 2008.  I have customer that is having a ON again OFF again issues with certain users.  See error below
  While processing an AS request for target service krbtgt/ROMAMOULDING.COM, the account dbowman did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 3). The requested etypes : 17. The accounts available etypes : 23  -133  -128  3  1  -140. Changing or resetting the password of krbtgt will generate a proper key.
  I am running BOE Edge 3.1 w/ FP 1.2
  Thanks Kindly,
  Ajay Gupta

  Old post but since there was no answer and I have that case recently : here are some clue.
  your environnemnt is  the state describe here: The security principals and the services that use only DES encryption for Kerberos authentication are incompatible with the default settings on a computer that is running Windows 7 or Windows Server 2008 R2.  http://support.microsoft.com/kb/977321
  external similar post( (http://www.networksteve.com/forum/topic.php?TopicId=5574 http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/ecf15eb9-26cf-483b-b1e3-1b1c7e4901e8 )
  You should consider to apply the Microsoft fix on the 2008 Domain controller(s).
  http://support.microsoft.com/kb/978055. FIX: User accounts that use DES encryption for Kerberos authentication types cannot be authenticated in a Windows Server 2003 domain after a Windows Server 2008 R2 domain controller joins the domain
  cheers
  Christophe

• Upgrade from 10.6.8 to Mavericks server: issue with authenticated bind

  Hello, I have tried upgrading a 10.6.8 server to 3.1.2 Mavericks server and found I can't bind 10.9.x clients.
  I need to keep using authenticated bind to manage clients in Workgroup Manager
  I have exported the 10.6.8 OD database and imported into a clean installation of Mavericks 3.1.2 server and everything went fine that far.
  I then noticed that authenticated bind in Mavericks now requires SSL and the certiicate.
  Once I have imported the 10.6.8 OD database into the new server (same name and IP), only the selfsigned certificate coming from the 10.6.8 server is being imported and OD service remains "unprotected" without any certificate assigned (it seems I can't change this)
  The problem is I can successfully bind 10.8.x clients against the 10.9 server while this seems not to be possible with 10.9.x clients when using authenticated bind.
  If I create a new OD domain, there's an intemediate certificate assigned by default and I can bind 10.9.x clients (authenticated bind).
  Am I missing something obvious?
  Many thanks for your help
  Cheers
  Carlo

  Hello and many thanks to all for your hints
  @Strontium90 I am aware I should move to profiles and I am working towards this goal, but I had mixed results as far as reliability here.
  Anyway, I took my time to perform the upgrade once again from scratch and it's defenatly something related to certificates
  The only way to (authenticated) bind a 10.9 test client is when I create a new OD domain and the server uses the intemediate certificate that it's automatically created and assigned to OD service
  Using the sefl-signed certificate (the existing one - that is imported along with the OD DB - or a new one assigne to it) does not work with the imported DB.
  This is the error I get when I try to bind with dsconfigldap
  iMac-di-admin:~ admin$ sudo /usr/sbin/dsconfigldap -vsemgx -a my.ODserver.FQDN.com
  Password:
  dsconfigldap verbose mode
  Using suggested computer ID <imac-di-admin>
  Options selected by user:
  Enforce Secure Authentication is enabled
  SSL was chosen
  Add server option selected
  Server name provided as <my.ODserver.FQDN.com>
  Computer ID provided as <imac-di-admin>
  Local username determined to be <root>
  Enforce man-in-the-middle only policy if server supports it.
  Adding new node to search policies
  Enforce packet encryption policy if server supports it.
  Enforce packet signing policy if server supports it.
  Certificates will be automatically added to your system keychain in order to talk to this server.
  Would you like to continue (y/n)? y
  Error: Description unavailable (9006)
  While this is the error I get from Directory Utility
  I think I'll seek support from a consultant... ...it all seems beyod my skills
  Many thanks again!
  Carlo

• Odd Run As issue with Windows 8.1 - Run As domain administrator not working

  I'm having an odd issue on a Windows 8.1 laptop. I log in with my standard account, but want to open things like group policy management with my special separate domain admin account. so I press shift, right click, run as a different user - fill in my username
  and password and get an access denied message. I verified I was using the right account info, verified UAC was turned off. I can run it as my non-domain admin account but of course I don't have access to everything. In the event viewer, I'm getting these messages:
  Application log:
  svchost (1648) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRU.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
  This and a few other similar messages show up in the application log, over and over again.
  Also the Application log has a couple of these, showing up only when I try to open as the domain admin account:
  Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required. 
  DETAIL -
  1 user registry handles leaked from \Registry\User\S-1-5-21-1856965257-1504725669-3833077565-143885_Classes:
  Process 1072 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1856965257-1504725669-3833077565-143885_CLASSES
  Any help would be greatly appreciated.  I'm at a complete loss.
  As a quick edit - I also am not out of space on the hard drive, I have many gigs on my partition left.

  Hi,
  This issue may occur if you do not have the appropriate permissions assigned to the folder.
  Please make sure you have the sufficient permission to access the folder:
  logon with that domain admin account to check if you could access that file.
  If it works fine, logon with that domain standard user account do it again.
  In addition, why didn't you run as administrator directly(don't use
  Run as different user)?
  Karen Hu
  TechNet Community Support

• Migrating users from one domain to another(Interforest)

  Scenario- Two Domains A & B in two different forests.
  A - holds exchange server in DMZ and 2 domain controllers in A used by exchange also in DMZ
  B holds all users and computers and 2 Domain controllers used for authentication .
  Now I want to migrate all users and computers  in B domain to A domain using ADMT
  My question here is
  1. Can I use the DCs used by exchange to authenticate if I migrate users and computers from B to A.
  2. If not what is the work around here. I want to build  an action plan on this.

  After the migration users will be in Domain A.  Authentication will happen locally in Domain A using Domain A DCs.   Make sure you have correct DNS server (DNS from domain A) for these workstations. 
  Santhosh Sivarajan | Houston, TX | www.sivarajan.com
  ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
  Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
  Blogs: Blogs
  Twitter: Twitter
  LinkedIn: LinkedIn
  Facebook: Facebook
  Microsoft Virtual Academy:
  Microsoft Virtual Academy
  This posting is provided AS IS with no warranties, and confers no rights.

• Issues with starting weblogic server for my domain

  This is part of the adminserver log file:
  ####<Apr 29, 2009 3:47:18 PM EDT> <Critical> <WebLogicServer> <mycomputername> <AdminServer> <main> <<WLS Kernel>> <> <> <1241034438142> <BEA-000386> <Server subsystem failed. Reason: java.lang.AssertionError: java.lang.reflect.InvocationTargetException
  java.lang.AssertionError: java.lang.reflect.InvocationTargetException
       at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService._invokeServiceMethod(AbstractDescriptorBean.java:1011)
       at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService.decrypt(AbstractDescriptorBean.java:1039)
       at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService.access$200(AbstractDescriptorBean.java:963)
       at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:960)
  What could the issue be?

  I finally got so frustrated that I uninstall and reinstalled it. I did not import any projects at this time, but created a simple, out-of-the-box domain. Then tried to start the server under that domain, and now I get:
  Invalid table name "USERS" specified at position
  Please find part of log output below (I don't see a place in this forum to attach a file). I've copied the portions out of the log that reference exceptions. I appreciate the help!
  ava.sql.SQLException: Invalid table name "USERS" specified at position 23.
       at com.pointbase.net.netJDBCPrimitives.handleResponse(DashoA13*..:335)
       at com.pointbase.net.netJDBCPrimitives.handleJDBCObjectResponse(DashoA13*..:383)
       at com.pointbase.net.netJDBCConnection.prepareStatement(DashoA13*..:545)
       at weblogic.security.providers.authentication.DBMSSQLReadOnlyDatabaseConnectionImpl.getPreparedStatement(DBMSSQLReadOnlyDatabaseConnectionImpl.java:37)
       at weblogic.security.providers.authentication.shared.DBMSSQLRuntimeQueryImpl.passwordStringQuery(DBMSSQLRuntimeQueryImpl.java:78)
       at weblogic.security.providers.authentication.shared.DBMSSQLRuntimeQueryImpl.executeUserPassword(DBMSSQLRuntimeQueryImpl.java:71)
       at weblogic.security.providers.authentication.shared.DBMSAtnLoginModuleImpl.authenticateDBMS(DBMSAtnLoginModuleImpl.java:666)
       at weblogic.security.providers.authentication.shared.DBMSAtnLoginModuleImpl.login(DBMSAtnLoginModuleImpl.java:270)
       at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:91)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:61)
       at $Proxy17.login(Unknown Source)
       at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
       at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:80)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:61)
       at $Proxy19.authenticate(Unknown Source)
       at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:366)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:911)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1029)
       at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:854)
       at weblogic.security.SecurityService.start(SecurityService.java:141)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
  >
  ####<May 1, 2009 7:50:55 AM EDT> <Critical> <Security> <lmv25-ite89695> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1241178655172> <BEA-090403> <Authentication for user weblogic denied>
  ####<May 1, 2009 7:50:55 AM EDT> <Critical> <WebLogicServer> <mycomputername> <AdminServer> <main> <<WLS Kernel>> <> <> <1241178655172> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
  weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:947)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1029)
       at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:854)
       at weblogic.security.SecurityService.start(SecurityService.java:141)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)