Kerberos service ticket was requested

Similar Messages

• Kerberos Service tickets & Service server

  Hi,
  I've implemented a simple hello_world.java application (on Windows) that gets authentified by the KerberosLoginModule by the Kerberos Keytab (not the TGT!).
  - That Keytab was built on a Microsoft Server 2003 using "ktpass".
  - The name of the application "hello_world" was added in Active directory using setspn.exe (necessary if I want to use Kerberos Service Tickets) for an user account.
  At the moment every account can launch the application.
  But how can I:
  1- Make that application require and use the service ticket to allow just 1 user to launch the application?
  2- Prevent/Deny all the others.
  and also:
  3- From the user account, establish the communication with the KDC (TGS) to acquire Service Tickets?
  ---> I want that application to require the Kerberos Service Ticket from the user AND decrypt it by using the keytab (to finally allow access to the user).
  Any suggestions for a newbie like me are all welcome..
  Thanks !

  what do you mean "launch the application"? If it's a class or a jar readable by all, then everyone can launch it. if your "launch" means it can authenticate itself and goes on, maybe you can simply make the keytab file readable by a single user.
  Anyway this looks a little strange. Normally JGSS programs have a client and a server, the client need to authenticate itself to the server, and request the server to do something. If you have only one program, user may alter the configuration (say, appointing another KDC), trick the program to believe it passes the authentication stage, and goes on.

• Connect-SPOService : The Application ID (AppID) for which the service ticket is requested does not exist on the system.

  I am trying to connect to SharePoint in my Office 365 environment by following https://support.office.com/article/Set-up-the-SharePoint-Online-Management-Shell-environment-7b931221-63e2-45cc-9ebc-30e042f17e2c and I am getting:
  Connect-SPOService : The Application ID (AppID) for which the service ticket is requested does not exist on the system.
  Is there some setting I need to change on the O365 side? Thanks.

  Hi,
  Based on your description, my understanding is that you want connect SharePoint Online using PowerShell.
  Please make sure that the following software is installed.
  Windows Management Framework 3.0
  SharePoint Online Management Shell
  And then, open the SharePoint Online Management Shell and use the Script below to test
  whether it works.
  $User = "[username]@[tenant].onmicrosoft.com"
  $Pass = "[password]"
  $creds = New-Object System.Management.Automation.PSCredential($User,(ConvertTo-SecureString $Pass -AsPlainText -Force));
  Connect-SPOService -Url https://[tenant]-admin.sharepoint.com -Credential $creds
  Get-SPOSite
  More information:
  http://blog.falchionconsulting.com/index.php/2013/01/using-powershell-to-manage-sharepoint-2013-online/
  Thanks,
  Dennis Guo
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Dennis Guo
  TechNet Community Support

• The Kerberos/GSSAPI ticket was not accepted by the POP server. Please check that you are logged in to the Kerberos/GSSAPI realm. How do I fix this?

  I have just downloaded and installed Thunderbird on a new Windows 8 omputer. I get the message in the headline when I press the Get Mail button

  What do you have for Connection security and Authentication method in Tools(or AppMenu/Options)/Account Settings/<i>accountname</i>/Server Settings? What is the POP server - does it support Kerberos/GSSAPI?

• Java GSS API - Kerberos - Receive timed out when requesting service ticket.

  Hi,
  I'm following the following exercises about Kerberos/JGSS-API :
  http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/
  On exercise 3, I get an exception (when requesting a service ticket) from the client side:
  "+Exception in thread "main" java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: Receive timed out)
  etc.+"
  This seems to happen when the GSSContext.initSecContext(...) method is called.
  The server side receives the client connection:
  "+Waiting for incoming connection...+
  +Got connection from client /xxx.xxx.x.xxx+"
  But then displays the following exception:
  "+Exception in thread "main" java.security.PrivilegedActionException: java.net.SocketException: Connection reset
  etc.+"
  I checked my KDC (win 2003 Server SP2) and added SPNs with setspn but the error remains.
  Any suggestion are more than welcome !

  The TGT is already present on my Client machine because it is acquired automaticaly from the KDC during the Windows opening session.
  I use then JAAS to access the LSA and obtain the TGT - This doesn't need any further connection to the KDC.
  But the Service Ticket is requested to the KDC by my client machine..
  Here is the complete output (Client side) after I destroyed the tickets (with Kerberos MIT Leash.exe and/or kdestroy.exe ):
  Debug is  true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  Acquire TGT from Cache
  +>>>KinitOptions cache name is C:\Documents and Settings\user.MYDOMAIN\krb5cc_user+
  +>> Acquire default native Credentials+
  +>>> Obtained TGT from LSA: Credentials:+
  [email protected]
  server=krbtgt/[email protected]
  authTime=20080529135209Z
  startTime=20080529135209Z
  endTime=20080530015209Z
  renewTill=20080702135209Z
  flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
  EType (int): 23
  Principal is [email protected]
  Commit Succeeded
  +Authenticated principal: [[email protected]]+
  Connected to address host1/xxx.xxx.x.xxx
  Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri May 30 03:52:09 CEST 2008
  Entered Krb5Context.initSecContext with state=STATE_NEW
  Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri May 30 03:52:09 CEST 2008
  Service ticket not found in the subject
  +>>> Credentials acquireServiceCreds: same realm+
  Using builtin default etypes for default_tgs_enctypes
  default etypes for default_tgs_enctypes: 3 1 23 16 17.
  +>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType+
  +>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType+
  +>>> KrbKdcReq send: kdc=yyy.yyy.y.y UDP:88, timeout=30000, number of retries =3, #bytes=1262+
  +>>> KDCCommunication: kdc=yyy.yyy.y.y UDP:88, timeout=30000,Attempt =1, #bytes=1262+
  SocketTimeOutException with attempt: 1
  +>>> KDCCommunication: kdc=yyy.yyy.y.y UDP:88, timeout=30000,Attempt =2, #bytes=1262+
  SocketTimeOutException with attempt: 2
  +>>> KDCCommunication: kdc=yyy.yyy.y.y UDP:88, timeout=30000,Attempt =3, #bytes=1262+
  Exception in thread "main" java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: Receive timed out)
  +     at java.security.AccessController.doPrivileged(Native Method)+
  +     at javax.security.auth.Subject.doAs(Subject.java:396)+
  +     at SimpleAuthzz2.loginAndAction(SimpleAuthzz2.java:56)+
  +     at SimpleGssClient.main(SimpleGssClient.java:36)+
  SocketTimeOutException with attempt: 3
  Caused by: GSSException: No valid credentials provided (Mechanism level: Receive timed out)
  +     at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:659)+
  +     at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:213)+
  +     at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)+
  +     at SimpleGssClient$GssClientAction.run(SimpleGssClient.java:121)+
  +     ... 4 more+
  Caused by: java.net.SocketTimeoutException: Receive timed out
  +     at java.net.PlainDatagramSocketImpl.peekData(Native Method)+
  +     at java.net.DatagramSocket.receive(DatagramSocket.java:662)+
  +     at sun.security.krb5.internal.UDPClient.receive(UDPClient.java:77)+
  +     at sun.security.krb5.KrbKdcReq$KdcCommunication.run(KrbKdcReq.java:278)+
  +     at java.security.AccessController.doPrivileged(Native Method)+
  +     at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:195)+
  +     at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:140)+
  +     at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:106)+
  +     at sun.security.krb5.KrbTgsReq.send(KrbTgsReq.java:215)+
  +     at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:293)+
  +     at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:106)+
  +     at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:561)+
  +     at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:585)+
  +     ... 7 more+
  It seems like the TGT is still present in the cache, even if Leash displays "no tickets".
  Meanwhile, in the KDC-server side:
  -What is the correct spn to add? C:\setspn GssServer/host1 user ? (I in fact tried many possibilities)..
  -Is there any other special configuration to do in the KDC ?
  Thanks a lot!

• Service ticket in servicepro profile

  Hi experts,
  I'm working with CRM 2007 and I want to know if is it possible to use service ticket in servicepro profile? How can I do that? The service ticket is only for "IC" profile?
  Best regards,
  Caíque Escaler

  Hi
  Service Ticket UI component as you mentioned is only available in ICWebclient Profile. In WebUI it is possible to  open any transactions in any UI components related to transaction because they all follow the same BOL model. ie Service Ticket can be opened in UI compoent for activity, Service Request etc..
  I have worked on a scenario where Service Ticket was opened in Service Request component. FYI, SAP recommends migrating from Service Ticket to Service Request.
  To open Service Ticket in Service Request framework (SRQM_INCIDENT_H). You have to do the following
  a. Search.
      It depends on if you are planning to use Service Request search or Worklist. In either case you will have to implement the BADI (Enhancement Spot) ES_CRM_RF_Q1O_SEARCH. This implementation is done so that instead of service Request you search for Service Ticket and return the guid.
  b. Display
    To display the Service Ticket in Service Request framework, you have to call dynamic navigation with selected entity and the UI component in the event handler on selecting item in the result list.
          CALL METHOD cl_crm_ui_descriptor_obj_srv=>create_entity_based
            EXPORTING
              ir_entity           = <ls_recent_object>-entity  "Reference to Service ticekt
              iv_ui_object_type   = <ls_recent_object>-object_type " UI Object type for Service Request
               iv_ui_object_action = <ls_recent_object>-action
            RECEIVING
              rr_result           = lr_descr_object.
        CATCH cx_root.
      ENDTRY.
    ENDIF.
    IF lr_descr_object IS NOT BOUND.
      RETURN.
    ENDIF.
    CREATE OBJECT lr_coll TYPE cl_crm_bol_bo_col.
    IF lr_coll IS BOUND.
      lr_coll->add( lr_descr_object ).
      lr_window ?= me->view_manager->get_window_controller( ).
      IF lr_window IS BOUND.
        lr_window->call_outbound_plug( iv_outbound_plug   = 'navigate' "#EC NOTEXT
                                       iv_data_collection = lr_coll ).
  c. Recent Edits
  You will need to force Recent eidts also to save appropriate UI component in CRMD_SHORTCUT Table otherwise it will open in ICWebclient UI compoent. Check UI Component CRM_BSP_RECOBJ
  You can also open service ticket in Service Order component. You will need to manually call the Time Reporting views whcih are are available in ICWebclient ptofile.

• Listening to Service ticket creation event

  Hi,
  I have a requirement to check the ticket details and populate one field as per the  ticket details. This operation has to be done on the below scenario.
  u2022 A service ticket is generated and already has a property confirmed
  u2022 A property(iObject) is confirmed for a new service ticket
  u2022 The property(iObject) is changed on the service ticket
  u2022 The service ticket is saved .
  We can handle the scenario 2 and 3 from UI. But I do not know how to handle the scenario 1 i.e. whenever a service ticket is generated. Is there an event which gets raised whenever a service ticket is generated ?
  For scenario 4, I am planning to invoke the required operation in the save button code which is available in UI. But when agent ends call, then also the service order gets saved. Is there a way I can invoke my code just before save ?
  Regards,
  Manas.
  Edited by: manas sahoo on Aug 6, 2008 9:44 AM

  Hello Manas,
  Check if this suggestions may help you.
  For scenario 1, you can check method IP_INBOUNDPLUG of your service ticket controller class. Maybe there you'll understand if a new bol entity for the service ticket was created or not.
  For scenario 4, you can use ORDER_SAVE badi. This BADI was 3 methods to manipulate a document before you saving it. See it to check if any of those three can help you.
  Kind regards.
  Bruno

• Service Ticket request failed

  Hey,
  Has anyone seen this "alert" coming from the domain controllers?
  Service ticket request failed
  I want to false positive it out because I've investigated.
  But I'd rather go to the server guys with a fix ...

  Yes your understanding is correct. The recommended approach is to tune out all the unneeded raw events at the reporting device itself.
  This will save both the network and MARS from unnecessary traffic. You can find more details about this error at the following:
  http://support.microsoft.com/kb/824905
  http://technet.microsoft.com/en-us/library/bb742435.aspx
  Regards
  Farrukh

• Service ticket creation through web request

  Hello,
  I just need to know if there is any standard CRM functionality to serve the form and to create the service ticket ?
  Regards
  Sachin

  Hi Gagan
  Could you please share with your solution, i am kind looking help in same are. We are using CRM 7.0, but i can not find BOL component which is ISUSRV.
  My requirement is to create Service Order from Webclient, example meter problem reporting, etc
  Please kindly reply or by email shankar no dot vangari at gmail com
  regards
  shankar

• Not able to edit service ticket (complaint) in CRM

  Hi,
  The service ticket (complaint) in CRM has been replicated to R/3 as credit memo request, but the document in CRM is not able to edit. The error message is " Document is being processed, not possible to edit".
  I checked in SMW01, those tickets are unprocessed status, tried to reprocess but not to edit the document. Also tried to manully send to R/3 using toolbox transacton but no luck. I tried to push stucked queues in CRM but not moving.
  Pls suggest me what is the way to reprocess the stucked BDoc in CRM.
  Regards,
  Ram.

  Hi Sandeep,
  This happens when the document is distributed to ERP Systems. There are certain Item Categories that are sent to ERP System and only once the confirmations comes from those system you can further process those document.
  You won't find any errors there.
  You can check the BDOC Entries and then can find the target system where the document was distributed. And then logon onto that system and release that document.
  Hope this helps.
  Thanks,
  Samantak.

• Create a follow-up of a Service Ticket

  Hi,
  I need to implement a script to create a follow-up of a Service Ticket to a service contract. Therefore I need to implement an Action Class to run in the ICWebClient.
  I'm facing some problems and I didin't managed to find a suitable class / function to automate it.
  I've tried:
  Method: EH_ONCREATEFOLLOWUP of the class CL_CRM_IC_SRVTFOLLOWUP_IMPL, from the view SrvTFollowUp. I've adapted the the requested custom_controller but without sucess - somewhere during the process I was catching a missing handler exception.
  I also tried to use the functions:
  'CRM_IST_COPY_ORDER_TO_CONTRACT'
  'COM_PCAT_COPY_DOCUMENTS'
  'CRM_ORDER_READ' -> 'CRM_COPY_EXTERNAL_ORDER_OW'
  and some others but with no luck as well.
  Did anyone had the same problem before? I would apreciate some new ideas!

  Hi,
  The Service Ticket itself is Service Order. The difference between them is that the Service Ticket does not have Item Category which is present in the Service Order.
  Between your transaction code maintian the copy controls.
  Hope it helps.
  Regards,
  Rajiv

• Object for interaction records, service tickets and follow-up activities

  Hi,
  I need business objects or Function modules(anything) that contains the data realted to interaction records, service tickets, and follow-up.Please help me by mailing to my mail [email protected]

  My question was answered by Experts.
  1.I tried with the code to retirve GUID,HEADER/ITEM Guid's related to the BPnumber from CRMF_ORDER_INDEX table.
  2.I have stored header/item GUID's in different internal tables and append all the values that fetched above with in the loop.
  3. Clear header/item guid's,that they can have next value in the loop.(Important)
  4.Next step call the FM CRM_ORDER_READ with in the loop and assign import/export parameters.
  4.Display the records.
  Thanks for Everything.........

• Interaction records,Service tickets,Follow-up activities

  hi all!
  I need objects (FM, BDoc’s...Etc...) that related to interaction records, service tickets, follow-up activities of the business partners.
  can anybody help me out.
  regards
  sachin

  My question was answered by Experts.
  1.I tried with the code to retirve GUID,HEADER/ITEM Guid's related to the BPnumber from CRMF_ORDER_INDEX table.
  2.I have stored header/item GUID's in different internal tables and append all the values that fetched above with in the loop.
  3. Clear header/item guid's,that they can have next value in the loop.(Important)
  4.Next step call the FM CRM_ORDER_READ with in the loop and assign import/export parameters.
  4.Display the records.
  Thanks for Everything.........

• RRoCE v2.0 mode was requested, but it is not supported.

  Customer is using N5k, connecting W2012 R2 host, as well as a W2012 R2 host acting as a SMB3 fileserver.
  They use RDMA over Converged Ethernet (RoCE), and receive the following error message
  SingleFunc_32_0_0: RRoCE v2.0 mode was requested, but it is not supported. The NIC starts in RRoCE v1.5 mode.
  NOTE: If your environment contains mix of different NIC types, you need to make sure that the whole environment is configured to use the same RoCE mode,
  otherwise the traffic between the different NICs does not work.
  interface Ethernet1/13
  priority-flow-control mode on
  flowcontrol send off
  flowcontrol receive off
  end
  Global QoS Config
  class-map type qos match-any class-rdma
    match cos 3
  class-map type queuing class-rdma
    match qos-group 4
  policy-map type qos rdma-policy
    class class-rdma
      set qos-group 4
    class class-default
  policy-map type queuing rdma-queuing-policy
    class type queuing class-rdma
      bandwidth percent 60
    class type queuing class-default
      bandwidth percent 40
  class-map type network-qos class-rdma
    match qos-group 4
  policy-map type network-qos rdma-network-policy
    class type network-qos class-rdma
      pause no-drop
    class type network-qos class-default
      multicast-optimize
  system qos
    service-policy type network-qos rdma-network-policy
  nterface Ethernet1/13
    service-policy type qos input rdma-policy
    service-policy type queuing input rdma-queuing-policy
    service-policy type queuing output rdma-queuing-policy
  The end to end link is not working ? Any hints what could be wrong ?

  http://www.mozilla.com/en-US/firefox/4.0/system-requirements/
  Mac
  Operating Systems
  * Mac OS X 10.5
  * Mac OS X 10.6
  Recommended Hardware
  * Macintosh computer with an Intel x86 processor
  * 512 MB of RAM
  * 200 MB hard drive space
  For older Macs that aren't supported in Firefox 4.0, try TenFourFox for PowerPC's running Mac 10.4.11 & 10.5.8 . <br />
  http://www.floodgap.com/software/tenfourfox/
  Or revert to Firefox 3.6.16, which is available here: <br />
  http://www.mozilla.com/en-US/firefox/all-older.html

• CRM 5.0 Incoming Email - Creation of a Service Ticket

  Hi Gurus
  For an incoming email I've managed to configure ERMS to create a Service Ticket.
  A number of values are however not correct or missing entirely.
  Is it possible to correctly populate the Multi-Level Categorization for the Service Ticket and if so how.
  Many Thanks in advance
  Regards
  Panduranga

  Hello Panduranga,
  We've implemented a requisite very similiar to yours in version 4. We've created a new class, to a new ERMS service, to be added in our ERMS profile manager.
  The way we filled the service ticket categorization was by doing the following:
  Each node at category modeler must be associated to a subject code (combination of technical fields katalogartcodegruppecode). So, all you have to do when you're creating a new service ticket is to indicate your subject code to CRM_ORDER_MAINTAIN importing parameter: it_service_os.
  Something like this:
    ls_subject-ref_handle = gv_handle.
    ls_subject-katalogart = iv_katalogart. "KATALOGART
    ls_subject-codegruppe = iv_codegruppe. "CODEGRUPPE
    ls_subject-code = iv_code.             "CODE
    ls_subject-mode = 'A'.
    APPEND ls_subject TO lt_subject.
    ls_osset-ref_handle = gv_handle + 1.
    ls_osset-subject = lt_subject.
    ls_osset-subject_profile = lv_service_h-subject_profile. "YOUR SUBJECT PROFILE - TO GET IT USE FM CRM_ORDER_SERVICE_H_SELECT_CB
    ls_osset-profile_type = 'A'.
    APPEND ls_osset TO ls_service_os-osset.
    ls_service_os-ref_handle = gv_handle.
    ls_service_os-ref_kind = 'A'.
    APPEND ls_service_os TO gt_service_os.
    ls_input_field-ref_handle = gv_handle.
    ls_input_field-ref_kind  = gc_object_kind-orderadm_h.
    ls_input_field-objectname  = gc_object_name-service_os.
    ls_input_field_names-fieldname = 'CODE'.
    INSERT ls_input_field_names INTO TABLE ls_input_field-field_names.
    ls_input_field_names-fieldname = 'CODEGRUPPE'.
    INSERT ls_input_field_names INTO TABLE ls_input_field-field_names.
    ls_input_field_names-fieldname = 'KATALOGART'.
    INSERT ls_input_field_names INTO TABLE ls_input_field-field_names.
    INSERT ls_input_field  INTO TABLE  gt_input_fields.
  Then all you have to do is to use internal table gt_service_os as it_service_os at CRM_ORDER_MAINTAIN.
  Hope that this helps. If not, just write back and If I can, I'll help you
  Kind regards and good luck.
  Bruno
  Edited by: Bruno Garcia on Aug 21, 2008 3:20 PM