Ldapbind failed over SSL  (U2 – "one way", "U3-two way") from Oracle DB to

Similar Messages

• How does one do a two way contacts sync between an iphone and outlook? Most of the community has answered as this to be "always so", but it does not work! Changes made on outlook get done in my iPhone, but it does not work the other way around!

  How does one do a two way contacts sync between an iphone and outlook? Most of the community has answered as this to be "always so", but it does not work! Changes made on outlook get done in my iPhone, but it does not work the other way around!

  Close the tab the web page is loaded in (command - W).

• Best way to retrieve data from oracle?

  Hi,
  I have a few questions.
  1.)Can a rowtype or a table type returned from oracle database can be retrieved as a dataset or datareader?
  2.)Cursors generally slow down your db(Iam from microsoft sql server back ground). But we seem to be using ref cursors quite a lot here.The only way to return a result as far as i have seen in oracle is to use a ref cursor.Is there any other way?

  Hello,
  1.)Can a rowtype or a table type returned from oracle database can be retrieved as a dataset or datareader?
  I'm not sure how complex your "table types" are -- do you mean PL/SQL Associative Arrays (formerly knowns as "index-by" tables)?
  I believe that %rowtype is a PL/SQL'ism that does not work outside of PL/SQL.
  However, the 11g version of the provider introduced User Defined Types (UDTs) which may be helpful depending on your requirements, etc.
  2.)Cursors generally slow down your db(Iam from microsoft sql server back ground). But we seem to be using ref cursors quite a lot here.The only way to return a result as far as i have seen in oracle is to use a ref cursor.Is there any other way?
  Using a ref cursor is the way to return a result set from PL/SQL to a client. If you are not using PL/SQL then you would not use a ref cursor.
  The .NET Developer Center has good information:
  http://www.oracle.com/technology/tech/dotnet/index.html
  Regards,
  Mark

• How to add a cloud machine as a node to existing windows fail over cluster having on-premise node in Windows server 2008 R2

  Hi All,
  We have a windows fail over cluster having one windows machine on local network as one of its node.
  I want to add a virtual cloud machine available on microsoft azure as another node to this existing cluster.
  Please suggest how to do this?
  Thanking all in advance,
  Raghvendra

  Before you even start working on the SQL side, you will need to create a Windows Server 2008 R2 cluster with no shared storage.  You can actually test that in-house.  Create a VM running 2008 R2 and cluster it with your physical (from your description,
  I am assuming physical) 2008 R2 machine. Create it with a file share witness for quorum. Then configure your environment to see that it works as expected.
  Once you know how to configure the cluster between physical and VM with a file share witness, build it to Azure.  The location of the FSW gets to be an interesting choice.  To have a FSW in Azure means that you will need another VM in Azure to
  host the file share, meaning you have two quorum votes in Azure and one in-house.  Or, you could create a file share witness on an in-house system, giving you two quorum votes in-house and one in Azure.
  In the FSW in Azure scenario, if you have a loss of the in-house server, automatic failover occurs because two quorum votes exist in Azure.  With FSW in-house, depending on the loss you have in-house, you might have to force quorum to get the Azure
  single-node cluster to run.  Loss of access to Azure reverses those scenarios.  Neither one is optimal, but it does provide some level of recoverability.
  . : | : . : | : . tim

• Fail over Between Gateways

  Hello Thanks in advance...
  currently we are using 2 management servers NW.contoso.com and WD.contoso.com and four gateway servers(abc.com,xyz.com,123.com,987.com)reporting to above management servers  NW.contoso.com as primary and WD.contoso.com as secondary,
  Primary Management Server(NW.contoso.com)
  abc.com,xyz.com,123.com,987.com
  Failover Management server(WD.contoso.com)
  abc.com,xyz.com,123.com,987.com
  so my aim is to change the primary management server of 123.com and 987.com to WD.contoso.com and set failover as NW.contoso.com,but when i tried to configure the WD.contoso.com as primary management server for 123.com and 987.com am getting error saying
  its not possible to set the same server as primary and fail over.
  could any one can help me out of this

  Thanks Alexis for your reply,
  i removed the fail
  over management server using
  power shell command, now the server is
  reporting to NW.contoso.com(primary MS) and there was no fail-over MS,if i changed the primary management server
  to WD.contoso.com using power shell command whether it will get communicated with its new management server,,because
  in one article i read "An issue that occurs if there is not a fail over server set up already for the Gateway Server and you change the Primary Server programmatically is that the Gateway Server becomes orphaned due to the Gateway Server still
  trying to connect to it’s previous Primary Server, since the Gateway Server does not receive it’s new configuration before the Management Servers and therefore the Management Server rejects the Gateway Server’s connection."

• DS 6.0 - Multi Master replication over SSL

  Hello,
  Any got replication workin over SSL. I've tried both DSCC and command line, but it fails over SSL. I am able to get replication configured over non-secure LDAP port.
  I've exchanged CA certs between the two master servers involved. The admin guide on page 251 lists the following command.
  dsconf create-repl-agmt -h example1.server -p 1389 -e -i \
  --auth-protocol "ssl-simple" dc=example,dc=com example2.server:2636
  $ dsconf create-repl-agmt -h example2.server -p 2389 -e -i \
  --auth-protocol "ssl-simple" dc=example,dc=com example1.server:1636
  I believe "-e" option stands for non secure. When I run the above commands, dsconf complains that --auth-protocol is not a valid option.
  Usinf DSCC, I am able to create the replication agreement using simple SSL. When I try to initialize the suffixes, I get a bind error. I am using the built in "replication manager" account to bind.
  Thanks for your help and input.

  It took me a while to figure it out myself, but if you do what is in the documentation(Replicating Over SSL) to a T(not through DSCC), that is how I got it to work. You also have to make sure that you have valid certs, and that they are both added to each box, and trusted. I think that was where I had the most problem. The other thing I ran into, is that you have to keep the case sensitivity with the server names when you register them.
  It works, but it's a little bit of a pain.

• Sun Identity Manger 8.0 and fail over..

  We are setting up a fail/recovery site for our Sun Identity Manager solution, I had pictured a seem less fail over, but that looks near impossible to do with oracle database. I had pictured load balanced Appserver, with load balanced data bases, sort of a multi-master like LDAP allows..
  Curious what others are using for a fail over site / setup.
  Thanks

  We're using 7.0. For us failover is basically mulitple servers all using the same DB repository, with a "smart" loadbalancer in front of them (smart meaning, able to detect which back end servers are responsive).
  IdM doesn't use any inter-server temp-data synchronization, all the servers running off the same repository communicate by committing changes to the database.
  So if a specific IdM instance dies, on the next page load the user will be redirected to a new server. That server will redirect to the login page and ask the user to re-auth, with the desired page placed after login.jsp as a "nextPage" argument. After (re-)logging in, the user's returned to the page they were trying to get to. However, in-progress edits that had not been committed back to the database will be lost.
  We looked at high availability arrangements where valid sessions are shared across a new server, but fundamentally the limitation is that the app servers still don't sync in-progress edits, so the only difference between an HA environment and a more passive fail-over environment (like ours) is that in an HA environment the user doesn't have to re-login on a server failure; they still lose in-progress edits. So HA didn't seem like it added value to us.
  If you are literally talking about an off-site, completely standby, seamless failover site, I agree I don't see how you would do that. I'd expect that you'd need the offsite setup to be a cold-standby site; configured to use the replicated database, but with the apps powered down until you actually need them. Otherwise, I think you'd have problems with the standby site servers not wanting to "standby". You could ensure no users end up on the standby servers, but background processes are likely to be run across both the primary and the standby services; I don't think you can enforce an "idle but running" status for the standby servers.
  Edited by: etech on Feb 4, 2009 7:37 PM

• CSS stateful fail-over

  The current version of the CSS allows stateful fail-over using a direct connection between two CSS.
  I am working on a project for a customer where the two CSS are away from each-other. Stateful fail-over is a strong requirement for this customer. What is the Cisco position about this requirement ?
  Thank you
  Yves Haemmerli

  how far away ?
  You can use fiber for the statefull connection and I think it can go up to 10km.
  If you need the servers to be further away than 10km, you have to contact a Cisco Sales person to explain your requirements.
  Regards,
  Gilles.

• Web Service over SSL failing in BEA Workshop

  I have deployed a web service on weblogic 9.2
  I have enabled one-way ssl on it. got a trial ssl certificate from verisign. installed them on the keystore/truststore on the server as well as the jre (cacerts and jssecacerts truststores) being used by the client. the client is on different machine than the server.
  i have developed the service through 'bea weblogic workshop 9.2' now when i try to test the service through the 'web services explorer' within bea weblogic workshop i receive the following error:
  IWAB0135E An unexpected error has occurred.
  IOException
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  on server:
  <Jul 13, 2009 6:45:44 PM EDT> <Warning> <Security> <BEA-090485> <CERTIFICATE_UNKNOWN alert was received from yunus.l1id.local - 10.10.2.72. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.>
  if i try to access the web service (over ssl) through the browser (ie/firefox), it works fine. i have generated a proxy class to access this web service through the same bea workshop and that works fine too. certificates are identified and all. i also created a small .net (c#) application that calls this secure web service over ssl from another machine and it works fine too!
  of course non-secure url for the web service is working fine in every case.
  what can be the reason for this failing only in 'web services explorer' in bea workshop?
  cross posted at: http://www.coderanch.com/t/453879/Web-Services/java/Web-Service-over-SSL-failing
  thanks.

  Hello,
  I used this example, when I made my experiments with SSL and Glassfish (GF):
  http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1
  If you have problems with GF I suggest to post a message here:
  http://forums.java.net/jive/forum.jspa?forumID=56
  e.g. here is one thread:
  http://forums.java.net/jive/thread.jspa?threadID=59993&tstart=0
  Miro.

• Is there a way to config WLS to fail over from a primary RAC cluster to a DR RAC cluster?

  Here's the situation:
  We have two Oracle RAC clusters, one in a primary site, and the other in a DR site
  Although they run active/active using some sort of replication (Oracle Streams? not sure), we are being asked to use only the one currently being used as the primary to prevent latency & conflict issues
  We are using this only for read-only queries.
  We are not concerned with XA
  We're using WebLogic 10.3.5 with MultiDatasources, using the Oracle Thin driver (non-XA for this use case) for instances
  I know how to set up MultiDatasources for an individual RAC cluster, and I have been doing that for years.
  Question:
  Is there a way to configure MultiDatasources (mDS) in WebLogic to allow for automatic failover between the two clusters, or does the app have to be coded to failover from an mDS that's not working to one that's working (with preference to a currently labelled "primary" site).
  Note:
  We still want to have load balancing across the current "primary" cluster's members
  Is there a "best practice" here?

  Hi Steve,
  There are 2 ways to connect WLS to a Oracle RAC.
  1. Use the Oracle RAC service URL which contains the details of all the RAC nodes and the respective IP address and DNS.
  2. Connect to the primary cluster as you are currently doing and use a MDS to load-balance/failover between multiple nodes in the primary RAC (if applicable).
      In case of a primary RAC nodes failure and switch to DR RAC nodes, use WLST scripts to change the connection URL and restart the application to remove any old connections.
      Such DB fail-over tests can be conducted in a test/reference environment to set up the required log monitoring and subsequent steps to measure the timelines.
  Thanks,
  Souvik.

• 3 node cluster with 1 vInstance. vInstance can not to fail-over to one specific node.

  I have a 3 node cluster all running Windows Server 2008 R2. Roughly once a month I see my vInstance become degraded and attempt to fail-over. Everything is good as long as it fail-over to SQL01 or SQL02. However if it attempts to fail-over to SQL03, it does
  not come online
  Quick resolution is to move it manually to SQL01 or SQL02. What could be causing it to fail every time on SQL03.
  A couple points:
  I did not build the environment.
  I am not a DBA.
  I only have general knowledge of SQL clustering.
  I always get two EVENT ID's: 1069
  Cluster resource 'SQL Server (VSQL04)' in clustered service or application 'SQL Server (VSQL04)' failed.
  and then
  EVENT ID 1205
  The Cluster service failed to bring clustered service or application 'SQL Server (VSQL04)' completely online or offline. One or more resources may be in a failed state. This may impact the availability of the clustered service or application.
  Where should I begin to look for issues?

  Here is the cluster event prior to offline state. I will have to go check the cluster log.
  The Cluster service failed to bring clustered service or application 'SQL Server (VSQL04)' completely online or offline. One or more resources may be in a failed state. This may impact the availability of the clustered service or application.
  i do not think this helps.. it just says..a resource in offline state.. you need to dig more and see which one it is and why it did not come banck on ..it should be mentioned in the log and\or event viewer.
  Hope it Helps!!

• Failed to use LDAP over SSL MUTUAL AUTHENTICATION with some Directory enable SSL.

  In iPlanet Web Server, Enterprise Edition Administration's guide, chapter 5: secure your web server - Using SSL and TLS protocol specifying that the Administrator server camn communicate LDAP over SSL with some Directory enable SSL.
  Is there any way to configure iplanet Administration server to talk ldap/ssl in mutual authentication mode with some directory?

  Hi,
  Sorry, I could not understand what your are trying to do with iWS.
  Could you please berifly explain your question. So that I can help you.
  Regards,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• My iPhone just loaded 1600  emails dating back over two years from one of my accounts. Is there a way to "mark all as read"?

  My iPhone just loaded 1600  emails dating back over two years from one of my accounts. Is there a way to "mark all as read"?

  Your Comcast accounts are POP (unless you enrolled in the Comcat Beta test of Imap) so they won't sync at all. Either enroll in the Beta test or don't use Comcast.
  Your iCloud account is Imap and should sync just fine, unless you have set it up incorrectly.

• HT1206 my mom somehow ended up with totally different iTunes accounts, based on an old (dead) email address and a newer one as well. She's bought a lot of music on both accounts over time... is there some way to merge the old account into her newer one?

  my mom somehow ended up with two totally different iTunes accounts, based on an old (dead) email address and a newer one as well. She's bought a lot of music on both accounts over time... is there some way to merge the old account into her newer one?

  No. If one of those accounts is inaccessible, click here and request assistance.
  (82012)

• Difference Between One-way SSL and Two Way SSL

  Hi ,
  Can any tell difference between one way and two ssl. apache to weblogic server which type of ssl we can configure. Please provide information on this.
  thanks

  In short below is the difference:
  One Way SSL - Only the client authenticates the server
  - This means that the public cert of the server needs to configured in the trust store of the client for this to happen.
  Two Way SSL - The client authenticates the server & the server also authenticates the client.
  - This means that the public cert of the server needs to configured in the trust store of the client for this to happen.
  - Also the public cert of the client needs to be configured on the server's trust store
  Please refer to http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=%2Fcom.ibm.mq.csqzas.doc%2Fsy10660_.htm. In case of Two way SSL the step numbers 5 & 6 also occur.
  You can implement either of them between apache and weblogic.
  Hope this helps.
  Thanks,
  Patrick