Managing 100s UNIX servers through OIM using LDAP,

Hi Experts,
I have requirement where as 100s UNIX servers need to manage through OIM using LDAP,
Pls guide me how to implementing this through LDAP is best solution,
Thanks.

Take a look at:
http://www.oracle.com/technology/products/oid/oracleauthenticationservices.html
Oracle Authentication Services for Operating Systems

Similar Messages

Unable to remove manager field in AD through OIM 9.1

Hi,
I am trying to remove the manager of a user in the AD Profile without changing the Manager ID in the OIM Profile. I am getting the below error when I try to modify the attribute manager by replacing it with a null string.
LDAP: error code 21 - 00000057: LdapErr: DSID-OC090B8A, comment: Error in attribute conversion operation, data 0, v1db1)
I am getting the same error even if I am trying to change the manager field in AD without changing the manager field in OIM.
I am trying with the below code;
BasicAttributes at = new BasicAttributes();
at.put("manager","");
context.modifyAttribute(UserDN,2,at);
What could possibly be the reason for this error? Please help guys.
Edited by: User_OIM on Dec 27, 2012 7:06 PM

Check if below works for you
+// Specify the changes to make+
ModificationItem[] mods = new ModificationItem[1];
+// Remove the "manager" attribute+
mods[2] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
new BasicAttribute("manager"));
+// Perform the requested modifications on the named object+
context.modifyAttributes(UserDN, mods);

Should I assign a virtual ip to the two unix servers

          Hi,
          I want to know should I need to assign a virtual ip (e.g.
          999.99.99.99) to the two UNIX servers which are using for
          clustering of weblogic server ( assume the cluster address of
          the two weblogic server is 999.99.99.99 )?
          chris


No, you don't have to do that. Each WLS server in your cluster should
          have a unique ip address.
          Then you can have one DNS name that maps to these two address. Talk to
          your IS folks about this.
          -- Prasad
          chris lee wrote:
          > Hi,
          > I want to know should I need to assign a virtual ip (e.g.
          > 999.99.99.99) to the two UNIX servers which are using for
          > clustering of weblogic server ( assume the cluster address of
          > the two weblogic server is 999.99.99.99 )?
          >
          > chris

I am unable to start Managed Servers through Weblogic AdminConsole

Hi,
We are using Weblogic 10.3.1.0 version.
Totaly 4 Managed Severs
1 Admin Server
with Nodemanger.
In Admin Console When ever we going to Stop the Manged Servers.
1. Environment ----- > Servers ---- > Control ----------- > Mananged Server 1 -----------> Force shutdown
2. Then click refresh button ---- showing "FAILED_NOT_RESTARTABLE"
3. after that when ever we going to start the Managed Server in Admin console
First its Showing ----- Starting
and next its showing ----- FAILED_NOT_RESTARTABLE
4. its not coming to Running State.
In Logs
Domain log
-----------> <1273141345460> <BEA-000450> <Socket 8 internal data record unavailable (probable closure due idle timeout), event received 17>
####<06-May-2010 11:54:40 o'clock BST> <Alert> <WebLogicServer> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143280738> <BEA-000396> <Server shutdown has been requested by weblogic>
####<06-May-2010 11:54:40 o'clock BST> <Notice> <WebLogicServer> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143280771> <BEA-000365> <Server state changed to FORCE_SUSPENDING>
####<06-May-2010 11:54:40 o'clock BST> <Notice> <Cluster> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143280844> <BEA-000163> <Stopping "async" replication service>
####<06-May-2010 11:54:41 o'clock BST> <Notice> <WebLogicServer> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143281061> <BEA-000365> <Server state changed to ADMIN>
####<06-May-2010 11:54:41 o'clock BST> <Notice> <WebLogicServer> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143281064> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<06-May-2010 11:54:41 o'clock BST> <Notice> <Server> <ukirt156> <twpserver1> <DynamicListenThread[Default]> <<WLS Kernel>> <> <> <1273143281113> <BEA-002607> <Channel "Default" listening on 172.21.149.168:7003 was shutdown.>
####<06-May-2010 11:56:30 o'clock BST> <Error> <NodeManager> <ukirt156> <AdminServer> <[ACTIVE] ExecuteThread: '45' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273143390016> <BEA-300048> <Unable to start the server twpserver1 : Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
AdminServer log
<06-May-2010 11:56:30 o'clock BST> <Error> <NodeManager> <BEA-300048> <Unable to start the server twpserver1 : Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
<06-May-2010 11:57:33 o'clock BST> <Error> <NodeManager> <BEA-300048> <Unable to start the server twpserver1 : Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
<06-May-2010 12:07:02 o'clock BST> <Error> <NodeManager> <BEA-300048> <Unable to start the server twpserver1 : Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
ManagedServer Log
<06-May-2010 11:54:40 o'clock BST> <Alert> <WebLogicServer> <BEA-000396> <Server shutdown has been requested by weblogic>
06-May-2010 11:54:41 org.quartz.core.QuartzScheduler shutdown
INFO: Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED shutting down.
06-May-2010 11:54:41 org.quartz.core.QuartzScheduler pause
INFO: Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED paused.
06-May-2010 11:54:41 org.quartz.core.QuartzScheduler shutdown
INFO: Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED shutdown complete.
<06-May-2010 11:54:54> <Debug> <NodeManager> <Waiting for the process to die: 19316>
<06-May-2010 11:54:54> <Info> <NodeManager> <Server was shut down normally>
<06-May-2010 11:54:54> <Debug> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>
NodeManager Log
<06-May-2010 11:54:54> <Info> <twp_domain> <twpserver1> <Server was shut down normally>
<06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Boot identity properties saved to "/appl/weblogic/scripts/servers/twpserver1/data/nodemanager/boot.properties">
<06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Startup configuration properties saved to "/appl/weblogic/scripts/servers/twpserver1/data/nodemanager/startup.properties">
<06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Rotated server output log to "/appl/weblogic/scripts/servers/twpserver1/logs/twpserver1.out00020">
<06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Server error log also redirected to server log>
<06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Starting WebLogic server with command line: /appl/weblogic/oracle/middleware/jrockit_160_05_R27.6.2-20/jre/bin/java -Dweblogic.Name=twpserver1 -Djava.security.policy=/appl/weblogic/oracle/middleware/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.management.server=http://ukirt156:7001 -Djava.library.path="/appl/weblogic/oracle/middleware/jrockit_160_05_R27.6.2-20/jre/lib/i386/jrockit:/appl/weblogic/oracle/middleware/jrockit_160_05_R27.6.2-20/jre/lib/i386:/appl/weblogic/oracle/middleware/jrockit_160_05_R27.6.2-20/jre/../lib/i386::/appl/nsm/CA/UnicenterNSM/lib:/appl/nsm/CA/SharedComponents/JRE/1.4.2_09/lib/i386/client:/appl/nsm/CA/SharedComponents/JRE/1.4.2_09/lib/i386:/appl/nsm/CA/SharedComponents/ccs/dia/dna/lib:/appl/nsm/CA/SharedComponents/ccs/dia/lib:/usr/lib:/opt/CA/CAlib:/appl/nsm/CA/SharedComponents/lib:/appl/nsm/CA/SharedComponents/Csam/SockAdapter/lib:/appl/weblogic/oracle/middleware/wlserver_10.3/server/native/linux/i686:/appl/weblogic/oracle/middleware/wlserver_10.3/server/native/linux/i686/oci920_8" -Djava.class.path=/data/share/package/twp/WEB-INF/lib/ojdbc14.jar:/appl/weblogic/oracle/middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/appl/weblogic/oracle/middleware/wlserver_10.3/server/lib/weblogic.jar -Dweblogic.system.BootIdentityFile=/appl/weblogic/scripts/servers/twpserver1/data/nodemanager/boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -Dweblogic.security.SSL.ignoreHostnameVerification=false -Dweblogic.ReverseDNSAllowed=false -Xmanagement:port=7091,ssl=false,authenticate=false -Xms=1200m -Xmx=1200m -Xverbose:gc,gcpause -Dreflexis.scheduler=true -Dreflexis.server=twpserver1 -Djava.awt.headless=true -Dclient.encoding.override=UTF-8 -Doracle.jdbc.V8Compatible=true weblogic.Server >
<06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Working directory is "/appl/weblogic/scripts">
<06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Rotated server output log to "/appl/weblogic/scripts/servers/twpserver1/logs/twpserver1.out00021">
<06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Server error log also redirected to server log>
<06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Server output log file is "/appl/weblogic/scripts/servers/twpserver1/logs/twpserver1.out">
<06-May-2010 11:56:29> <Info> <twp_domain> <twpserver1> <Server failed during startup so will not be restarted>
<06-May-2010 11:56:29> <Warning> <Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
java.io.IOException: Server failed to start up. See server output log for more details.
at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:332)
at weblogic.nodemanager.server.Handler.handleStart(Handler.java:542)
at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:119)
at weblogic.nodemanager.server.Handler.run(Handler.java:66)
at java.lang.Thread.run(Thread.java:619)
Server logs
<06-May-2010 12:06:57> <Info> <NodeManager> <Server output log file is "/appl/weblogic/scripts/servers/twpserver1/logs/twpserver1.out">
[JRockit] Management server started on port 7091, ssl=false, authenticate=false.
<06-May-2010 12:06:59 o'clock BST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with BEA JRockit(R) Version R27.6.2-20_o-108500-1.6.0_05-20090120-1115-linux-ia32 from BEA Systems, Inc.>
<06-May-2010 12:07:00 o'clock BST> <Critical> <Security> <BEA-090518> <Could not decrypt the username attribute value of {AES}xvFgPysVi5b89pYwaAppoqPXQ5wFVW13yoFhzhKmuQo= from the file /appl/weblogic/scripts/servers/twpserver1/data/nodemanager/boot.properties. If you have copied an encrypted attribute from boot.properties from another domain into /appl/weblogic/scripts/servers/twpserver1/data/nodemanager/boot.properties, change the encrypted attribute to its cleartext value then reboot the server. The attribute will be re-encrypted. Otherwise, change all encrypted attributes to their cleartext values, then reboot the server. All encryptable attributes will be re-encrypted. The decryption failed with the exception <06-May-2010 12:07:01 o'clock BST> <Info> <Management> <BEA-141223> <The server name twpserver1 specified with -Dweblogic.Name does not exist. The configuration includes the
<06-May-2010 12:07:01 o'clock BST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
weblogic.management.ManagementException: [Management:141223]The server name twpserver1 specified with -Dweblogic.Name does not exist. The configuration includes the following servers {AdminServer}.
at weblogic.management.provider.internal.RuntimeAccessImpl.<init>(RuntimeAccessImpl.java:149)
at weblogic.management.provider.internal.RuntimeAccessService.start(RuntimeAccessService.java:41)
at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:749)
at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:488)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:446)
at weblogic.Server.main(Server.java:67)
>
<06-May-2010 12:07:01 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<06-May-2010 12:07:01 o'clock BST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<06-May-2010 12:07:01 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
<06-May-2010 12:07:02> <Debug> <NodeManager> <Waiting for the process to die: 19443>
<06-May-2010 12:07:02> <Info> <NodeManager> <Server failed during startup so will not be restarted>
<06-May-2010 12:07:02> <Debug> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>
Note: if i start the manged servers through WLST script its working fine.
[twpuser@ukirt156 /appl/weblogic/scripts]$ java weblogic.WLST
nmConnect('weblogic', 'w3bl0g1c', 'ukirt156', '5556', 'twp_domain', '/appl/weblogic/oracle/middleware/user_projects/domains/twp_domain', 'plain')
nmStart('twpserver1')
Please provide the solution, how to solve this issue.
Thanks
SRK

Just at first glance, it seems as though you have one or more configuration issues, perhaps inconsistencies between the node manager server configuration files and the domain's config.xml
nmConnect('weblogic', 'w3bl0g1c', 'ukirt156', '5556', 'twp_domain', '/appl/weblogic/oracle/middleware/user_projects/domains/twp_domain', 'plain')
nmStart('twpserver1')
implies that tmp_domain is configured in /appl/weblogic/oracle/middleware/user_projects/domains, (which is the default from the configuration wizard). However, the node manager and server output logs make it seem like it's trying to use a domain in the directory /appl/weblogic/scripts. Not sure how that happened, perhaps you had two domains? Perhaps copied or moved the domain files? Something else?
In any case, start by checking out your nodemanager.domains file and ensure that it reflects your intended domain directory.

UNIX script invocation by passing parameters through OIM

According to our requirement, we need to pass parameters (say userid) through OIM 11g R2 to a script and then execute the script for user deprovisioning/deletion in a target m/c
Please let us know how much feasible is it to use UNIX OOTB connectors to pass parameters and execute the scripts ?
Any idea is appreciated.
Thanks

Yes, you put a line in the script that looks like this:java classname parameter1 parameter2 parameter3 ...Then the JVM will call the static main(String[] args) method of "classname" and put those parameters into the "args" array.
If you are asking how to generate such a script, or how to call it from your COBOL program, sorry, I don't know how to do that.

UNIX monitoring( different domain) using gateway servers

we have a gateway server to monitor the windows servers in a domain(a.abc.com) . Can we use the same gateway server to monitor unix servers in that domain(b.abc.com) .Provide any document......If so how many agents (windows,linux mixed ) can my gateway
server withstand ?

Thanks a lot .
I enabled the port ..All the results are same except now telnet from GW to LINUX on 1270 is also fine .
On discovering from SCOM I get
The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled.
   It is possible that:
   1. The destination computer is unreachable (because it is down, or due to a firewall issue).
   2. The destination certificate is signed by another certificate authority not trusted by the management server.
   3. The destination has an invalid certificate, e.g., its common name (CN) does not match the fully qualified domain name (FQDN) used for the connection.
   4. The servers in the resource pool have not been configured to trust certificates signed by other servers in the pool.
( I added GW in my resource pool)

Cons of using LDAP Sync in OIM

Hi Experts,
We are planning to use LDAP Sync to create users into OID as soon as they get created on OIM. Can you esperts please let me know the cons/limitations of enabling LDAP Sync and a small comparision on using this against provisioning to OID from OIM.
Thanks,
Partha

This link may be useful
https://forums.oracle.com/thread/2482749?tstart=0

How to authenticate OIM from AD using LDAP sync

Hi Team,
We do not want to use password synchronization connector for AD password sync to OIM
After reading few article' I found two probable ways for it:
1. Authenticate OIM via AD using libOVD with OIM and LDAP sync enable
2. Authenticate OIM via AD using libOVD, OID and LDAP sync enable.
Please suggest whether theses approcahes are practicaly possible or not.
If yes then please shae related architecture docs.
Thanks,
Gaurav

Here is the one of the doc:
Configuring LDAP Authentication When LDAP Synchronization is Enabled

Getting manager hierarchy using LDAP

I have a set of oracle email ids. I would like to get their manager hierarchy as well as Job title. Is this possible using LDAP. If so can someone please explain with a code snippet.
Thanks.

Hi 711286,
I didn't knew you could insert data such as the manager of a person when you create a person in LDAP? At least I don't recall that.
Anyhow you can access data in the LDAP using the DBMS_LDAP package in PL/SQL, so if the data is there you can reach it.
The DBMS_LDAP PL/SQL Package
Although I have to say I think this data should just be kept in your own database tables, not in the LDAP, otherwise who knows what else your going to put inthere.
Regards,
Joni

Problem OIM OID Ldap Sync Configuration in 11g.

Hi Team,
I am doing OIM and OID LDAP Sync configuration There It is failed in "Configuration Process" Step.
and also in weblogic OIM Maganaged server in ADMIN mode not in running mode.
please find the both logs.
*********************************Weblogic Logs**********************************************
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<28-Sep-2012 14:07:44 o'clock BST> <Info> <Management> <BEA-141107> <Version: We
bLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<28-Sep-2012 14:07:47 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:07:47 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializi
ng self-tuning thread pool>
<28-Sep-2012 14:07:48 o'clock BST> <Notice> <Log Management> <BEA-170019> <The s
erver log file E:\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim
server1\logs\oimserver1.log is opened. All server side log events will be writ
ten to this file.>
28-Sep-2012 14:07:56 oracle.security.am.common.nap.util.NAPLogger log
SEVERE: Failed to communicate with any of configured Access Server, ensure that
it is up and running.
<28-Sep-2012 14:07:57 o'clock BST> <Notice> <Security> <BEA-090082> <Security in
itializing using security realm myrealm.>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STANDBY>
<28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to STARTING>
<28-Sep-2012 14:08:20 o'clock BST> <Warning> <oracle.jps.upgrade> <JPS-06003> <C
annot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.s
ecurity.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The c
redential with map ADF and key anonymous#oimBpelCredKey already exists..>
<28-Sep-2012 14:08:21 o'clock BST> <Warning> <oracle.adf.share.ADFContext> <BEA-
000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic initializati
on is performed improperly.
This message may be avoided by performing initADFContext before using getCurrent
To see the stack trace for thread that is initializing this, set the logging lev
el of oracle.adf.share.ADFContext to FINEST>
<28-Sep-2012 14:08:24 o'clock BST> <Error> <Deployer> <BEA-149205> <Failed to in
itialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.plat
form.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
pInitializationListener.java:145)
at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
un(BaseLifecycleFlow.java:282)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
rAction.invoke(BaseLifecycleFlow.java:199)
Truncated. see log file for complete stacktrace
>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\Oracle_IDM1\server\apps\spml-xsd.ear/META-INF/application.xml
. A version attribute is required, but this version of the Weblogic Server will
assume that the JEE5 is used. Future versions of the Weblogic Server will reject
descriptors that do not specify the JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
ttribute was not found in element application in the deployment descriptor in E:
\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim_server1\tmp\_WL_
user\spml-xsd\s8d2b9/META-INF/application.xml. A version attribute is required,
but this version of the Weblogic Server will assume that the JEE5 is used. Futur
e versions of the Weblogic Server will reject descriptors that do not specify th
e JEE version.>
<28-Sep-2012 14:08:24 o'clock BST> <Emergency> <Deployer> <BEA-149259> <Server '
oim_server1' in cluster 'OIM_Cluster' is being brought up in administration stat
e due to failed deployments.>
Loading xalan.jar for XPathAPI.
14:08:30 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] -
----------------- NEXAWEB SERVER LICENSE ------------------
- Customer ID : 122
- License type : Enterprise
- Max unique IPs : unlimited
- Max XUL sessions : unlimited
- Max CPUs/server : unlimited
- Clustering allowed : true
- Expiration date : none
Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
Nexaweb Technologies Inc.
10 Canal Park
Cambridge, MA 02141
Tel: 617.577.8100. Email: [email protected]
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Clustering is OFF.
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PD
T 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:5
2 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies
10.3 Thu Feb 3 16:30:47 EST 2011
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Servlet API Version: 2.5
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] - Nexaweb Server initialized successfully.
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Log Management> <BEA-170027> <The S
erver has established connection with the Domain level Diagnostic Service succes
sfully.>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000197> <Listening fo
r announcements from cluster using unicast cluster messaging>
<28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000133> <Waiting to s
ynchronize with other running members of OIM_Cluster.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[2]" is now listening on 127.0.0.1:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[3]" is now listening on 0:0:0:0:0:0:0:1:14000 for protocols iiop, t3, CLUSTE
R-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult[1]" is now listening on fe80:0:0:0:0:5efe:a2f:f22a:14000 for protocols iiop,
t3, CLUSTER-BROADCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "UK
SHWTOAP03A.skandia.co.uk", maps to multiple IP addresses: 10.47.242.42, 0:0:0:0:
0:0:0:1>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
ult" is now listening on 10.47.242.42:14000 for protocols iiop, t3, CLUSTER-BROA
DCAST, ldap, snmp, http.>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000330> <Start
ed WebLogic Managed Server "oim_server1" for domain "IAM_domain" running in Prod
uction Mode>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
r state changed to ADMIN>
<28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Serve
r started in ADMIN mode>
**********************************OIM OID Ldap Sync Configuration Logs****************************
[2012-09-28T14:49:11.171+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Updating Ldap Sync Configuration
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] ENTRY
[2012-09-28T14:49:11.171+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] Create the Database connection
[2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: createDBConnection] ENTRY
[2012-09-28T14:49:11.296+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] isLIBOVD:true
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] ENTRY
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.312+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
Updated LDAP Server Details in mds schema
[2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
[2012-09-28T14:49:11.812+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [OIM_CONFIG] Updated LDAPContainerRules.xml.
[2012-09-28T14:49:11.812+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: mdsMetadata] [SRC_METHOD: loadEventhandler] RETURN
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Created jobs using seedSchedulerData. Log location C:\Program Files\Oracle\Inventory\logs
[2012-09-28T14:49:14.687+01:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] File not found[[
java.io.FileNotFoundException: File not found
     at java.util.zip.ZipFile.open(Native Method)
     at java.util.zip.ZipFile.<init>(ZipFile.java:117)
     at java.util.jar.JarFile.<init>(JarFile.java:135)
     at java.util.jar.JarFile.<init>(JarFile.java:72)
     at oracle.as.install.oim.config.util.RoleSODJarUtil.updateFile(RoleSODJarUtil.java:32)
     at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:783)
     at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:538)
     at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
     at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
     at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
     at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
     at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
     at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
     at java.lang.Thread.run(Thread.java:662)
[2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
[OIM_CONFIG] Failed configuration step Configure OIM Server
[2012-09-28T14:49:14.702+01:00] [as] [ERROR] [] [oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] One or More configurations failed. Exiting
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:CONFIG
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INTERVIEW
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INSTALL
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:COPY
[2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:LINK
[2012-09-28T14:49:14.765+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:21.461+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
[2012-09-28T15:11:27.914+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
Regards,
Ravi.

Your log files too give some hint... Please verify whether following files like .xldatabasekey are present in your environment:-
OIM application intialization failed because of the following reasons:
oim-config.xml was not found in MDS Repository.
Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
Password for OIMSchemaPassword is not seeded in CSF.
Password for xell is not seeded in CSF.
Password for DataBaseKey is not seeded in CSF.
Password for JMSKey is not seeded in CSF.
Password for .xldatabasekey is not seeded in CSF.
Password for default-keystore.jks is not seeded in CSF.
Password for SOAAdminPassword is not seeded in CSF.
I doubt whether OIM is properly installed in your environment otherwise .xldatabasekey would have been present in <DOMAIN_HOME>/config/fmwconfig..
Also, as far as Weblogic starting in ADMIN mode is concerned, you may try to do the following...
ps -eaf| grep AdminServer
Kill the process
Then remove the lok file. i.e. Lock files...
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/oim_server1/tmp/*oim_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/soa_server1/tmp/*soa_server1.lok*
rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/AdminServer/tmp/*AdminServer.lok*
After that
Take the backup of /home/oracle/Oracle/Middleware/user_projects/domains/<DOMAIN_HOME>/servers/AdminServer/data/ldap/ldapfiles (I mean CUT this folder and save it in Backup folder..
Share the result with us....

Implementing Sign on for SRM Server using LDAP

Hi Guys.
I need to implement SSL sign on using LDAP Server.
1. Create the user and sign on with authentication through the LDAP server.
that means there will LDAP authentication first and then
it will logon to SRM (ITS server).
Please let us know if any one of you has done this
Regards
Pushkar Joshi

Pushkar,
Hi. We are intending on doing this through the portal.
If you want to do it directly in SRM then I think you will need to change the logon procedures in BBPSTART (See transaction SICF). I haven't tried it, but you could probably do this through 'L Alternative logon procedure'.
If your SAP database is on Unix and LDAP is on Windows you will probably need a Kerberos authentication. I have managed to read in the information from LDAP (See transaction LDAP), but not authenticate against it. Hence the portal solution.
There is a lot of information on SDN for user authentication (one Blog listed below), but at the end of the day it depends on you release and the technical infrastructure.
/people/wai-hon.lam/blog/2006/04/20/windows-integrated-authentication-via-kerberos-on-an-ldap-data-source
Good luck
Cheers
Rob

Guide to remote manage Hyper-V servers and VM's in workgroups or standalone

This guide is based on the following 3 products:
Windows server 2012 (core)
Windows 8
Hyper-V server v3 / Hyper-V server 2012
The following guide will enable you to:
1: remotely manage your Hyper-V Virtual Machines with Hyper-V manager
2: remotely manage your Hyper-V servers' firewall with a MMC snap-in.
3: remotely manage your Hyper-V server (2012) with server manager
! This should also work for Core installations of server 2012, but I haven't tried.
This guide is purely focussed on servers in a WORKGROUP, or as a stand alone.
I CAN NOT tell you what you need to do to get it working in a domain.
* You can run these commands straight from the console (Physically at the machine) or through RDP.
* You will need to be logged on as an administrator.
* Commands are listed in somewhat random order; I do however advise to follow the steps as listed.
* Commands with ? in front of them are only ment to be helpfull for troubleshooting,
* and to identify settings and changes made.
* Commands and instructions with ! in front of them are mandatory.
- server: means the server core or hyper-v server (non gui)
- client: means the machine you want to use for remote administration.
- Some commands are spread over 2 lines; be sure to copy the full syntax.
> To enable the Hyper-V manager to connect to your server, you need to perform the following 2 actions: (Assuming you have already installed the feature)
1:
! Client: Locate the C:\Windows\System32\Drivers\etc\hosts file.
! right-click --> properties --> security
! click --> edit --> add --> YOURUSERNAME or Administrator --> OK
! then select this new user, and tick the "modify"-box under the "allow"-section.
! apply the change, and close.
! doubleclick the file, and open with notepad
! add the ip-address and name of your server (no // or other crap needed)
! Save the file
# I recommend putting a shortcut to this file on the desktop.
# If you change the ip-address of your server (e.g. move the server from staging to a live environment)
# you might forget to do so in the hosts file.
# Hyper-V manager, MMC, RSAT, and Server-manager all rely on the hosts-file to resolve the name.
# some of these might connect to their respective service on an i.p.-level, but some don't.
# This is the main reason you need to modify this file.
! USE AN ELEVATED CMD/POWERSHELL PROMPT TO CONTINUE !
# the next config needs to be done on windows 8.
# It seems that it's already preconfigured under server 2012
2:
! Client: dcomcnfg
! open component services --> computers
! right-click -> my computer -> properties
! select "COM SECURITY" tab
! under "ACCESS PERMISSIONS" select "edit limits"
! select "ANONYMOUS LOGON", and tick "remote access" under ALLOW
# Without this adjustment, you can't connect to your Hyper-V server
# with the Hyper-V manager if you're not in a domain.
> And if you haven't done so already... make sure you have enabled remote management number 4 on the Hyper-V server console.
> Next, is to get the MMC firewall snap-in working.
The reason for this, is to have a GUI available to configure it.
If you're happy without it, you may skip this and use a shell instead to do so.
? server: netsh advfirewall show currentprofile
# shows the current profile (public/domain/private) and its settings
# depending on your needs, you should set the right profile to fit your needs.
# You can easily do this when the MMC snap-in is done. (after you've followed these steps)
! server: netsh advfirewall set currentprofile settings remotemanagement enable
# enables remote management of the firewall on an application level
# (In other words: allows the firewall to be remotely managed)
! server: netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes
# allows remote management of the firewall, through the required firewall ports with TCP protocol.
# 4 rules will be updated to allow access: public & Domain, dynamic and endpoint-mapper.
# You can disable/add/change the rule from the MMC snap-in after finishing this guide.
# e.g. set the firewall through the MMC-GUI to only allow specific ip-addresses etc.
? server: netsh advfirewall firewall show rule all
# Shows a list of available rules, and their current state.
# when run from cmd, the list exceeds the maximum length for review.
# (from cmd,type:) start powershell, and run the command from there.
! Client: cmdkey /add:YOURSERVERNAME /user:USERNAMEONTHESERVER /pass:THEPASSWORDOFTHATUSER
# I recommend you to use a username with enough privileges for management
# All capital letters need to be replaced with your input
# CMD answers "credential added successfully" when you're done
! Client: locate MMC, and run it as an admin.
# In windows 8/2012, go to search and type MMC. Right-click the icon,
# and choose run as admin on the bar below.
! Client: application MMC: select "file" --> Add/remove snap-in
! --> (left pane) scroll down to "windows firewall" --> select and click "add"
! select "another computer"
! type the name of the server you want to manage (NO workgroup/ or //, just same name as you typed for cmdkey)
* Part 2 is done.
# Have a look by doubleclicking the firewall icon in the left pane.
# It looks and works the same as the GUI version that you are familiar with.
! Next is the Server Manager.
# Follow the steps listed to get your server listed and manageable in the server manager.
! Client: Open the created Firewall snap-in for your server.
! Find the 3 "Remote Event Log Management" entries in the list of INBOUND rules, and enable them.
! Open powershell --> in cmd windows, type: start powershell
! run the following line in powershell
! Client: in C:\Windows\system32> set-item WSMAN:\localhost\client\trustedhosts -value YOURSERVERNAME -concatenate
# WinRM Security Configuration.
# This command modifies the TrustedHosts list for the WinRM client. The computers in the TrustedHosts list might not be
# authenticated. The client might send credential information to these computers. Are you sure that you want to modify
# this list?
# [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y
# I recommend to choose yes; unless you like to pull some more hairs...
! server: winrm qc
# WinRM service is already running on this machine.
# WinRM is not set up to allow remote access to this machine for management.
# The following changes must be made:
# Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely
# to local users.
# Make the changes? y / n
! select yes
! Client: open the server 2012 server manager
! click manage -> add server
! select the DNS tab, and type the name of your server
Done.
You can now manage your remote server through the familiar computer management GUI.
! Right-click your remote server, and select "Computer Management"
A few side notes:
? The Performance tab seems to list the local machine's performance, in stead of the remote servers'
? If you want Windows server backup, you need to right-click the server in the server manager, and select "add roles and features.
? it will then become available under the "computer management" of the remote server.
If you liked this guide you may thank my employer, Mr. Chris W.
for giving me the time to work it all out.
Cheers!

As a little update to the post, I'd like to add that replication, clustering and migration will not work in workgroup environments. Unless someone can provide an additional guide for this, I'd recommend anyone to no even bother to try.
To manage the standalone hyper-v server in a remote location over the internet, I would recommend the following:
Install windows 8 pro (x86 uses less resources!) as a vm on the host, and assign 2 network connections to it.
1 external (shared with host) (be sure you have a dedicated ip-address for it!)
1 internal connection.
What I did was this:
As soon as you've installed the win8 guest, proceed with the guide as described.
For the 1st step of the guide (hosts-file) use the ip-address you will later assign to the "internal" network switch of the host!
In my example, I'm using 10.0.0.1 for the host, and 10.0.0.2 for the guest.
To be clear: I first used the guide on a LAN-environment, and did all the steps from a "real" client to server on the LAN.
Then, installed the win8 guest on the host using the "real" clients' hyper-v manager over the LAN.
Next, assigned the 2 network connections to the VM, and configured them as follows:
external - as you would to be able to make your guest reach the internet.
internal - I used the following config:
ip-address: 10.0.0.2
subnet: 255.255.255.252
gateway - blank
dns - Blank
Now, when you get to the console of the hyper-v server (host) or RDP to it, go to network settings.
You'll see that the internal card has been added here as well.
Configure it as follows:
ip-address: static - 10.0.0.1
subnet: 255.255.255.252
gateway - blank
dns - blank
You should now be able to ping your guest (win8) on 10.0.0.2 if it's running.
Don't forget to enable ping response (option 4 on the host) to test connectivity the other way around as well (guest to host)
When you're done, you'll be able to RDP to the guest OS over the internet, and then connect to the host with server manager, hyper-v manager, and MMC.
Don't forget to enable each module on the hosts' firewall to make the snap-ins work!
Remote volume management requires your guest/client firewall INcoming ports to be enabled as well! not just the host.
Either update the firewall rules from the MMC gui as described in the guide, or use the following commands on the
hosts' powershell:
Enable the firewall rules with the command Enable-NetFirewallRule -DisplayGroup "USE_THE_COMMANDS_BELOW" (include the " " in the command)
Remote Service Management
Remote Volume Management
Remote Event Log Management
Remote Scheduled Tasks Management
Windows Firewall Remote Management
Windows Remote Management
You can get the list with Get-NetFirewallRule -DisplayName *management*
You can get the list with Get-NetFirewallRule -DisplayName *remote*
Commands provided with credits to F. verstegen
Cheers,
Michael.
Sigh...

How to lock the AD Account through OIM

Hi.
I am provisioning AD through OIM 11g using the AD Connector. I have done the create user, modified user provisioning through OIM in AD successfully without any issue.
I would like to lock the OIM account and also lock the respective target accounts when OIM account is locked.
I have done the following task to lock the account in OIM and also in AD through OIM. They are
Process Definition Task
I have created the Change Account Status task in process definition.
This task will populate the OIM Account lock status value to the AD Account is Locked out field in the ADUSER form using the OIM API. The same API is working for all First Name, Last Name etc modification without any issue.
Lookup Definition
I have added the following entry in the Lookup.USR_PROCESS_TRIGGERS Lookup Definition
Code Key : USR_LOCKED and Decode : Change Account Status
OIM Admin Console
I have logged into the OIM admin Console as a Administrator and I have search the user and click the Lock Account button. The OIM Account is locked , but target resource account was not locked and also Change Account Status task was not triggered by OIM.
Do i need to do any special configuration for account lock for the target resource.
Help is greatly appreciated.

In your System Configuration variables, find the value for "XLUserResource.ProvisionMode". Make sure this is set to Java and not DB.
>
This property determines whether provisioning of the Xellerate User resource to the user's organization occurs in the database layer through stored procedure, or in the Java layer via Event Handlers.
Note: See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about Event Handlers.
This property has the following allowed values:
DB: Provisioning of the Xellerate User resource to the user's organization occurs in the database layer through stored procedure. This in turn does not trigger any further process. Therefore, custom tasks associated with the Xellerate User provisioning process that is associated with the Xellerate User resource does take place.
Java: Provisioning of the Xellerate User resource to the user's organization occurs in the database layer via Event Handlers. Custom tasks associated with the Xellerate User provisioning process that is associated with the Xellerate User resource takes place. This is applicable to the upgrade scenario, where you have your own tasks associated with provisioning processes in earlier releases of Oracle Identity Manager, and you want them to run even after 11g upgrade. In such scenario, set the value of this property value to JAVA.
>
-Kevin

OIM 11g LDAP sync from different LDAP containers

Hi,
I have been setting up OIM 11g R2 (11.1.2) to use LDAP Sync to OID.
As of now the sync works (both ways) for this container:
cn=users,cn=oracleAccounts,dc=mycompany,dc=com (configured while doing the OIM config)
Would it be possible to sync users in other containers as well? For example:
cn=users,cn=otherAccounts,dc=mycompany,dc=com
cn=users,cn=moreAccounts,dc=Otherstuff,dc=com
By editing the file LDAPContainerRules.xml I can setup where the users are created when I create them through IDM.
But that will not make the sync work for those containers.
Any ideas where I should start to accomplish the above?
Thanks & Regards,
Henrik

Okay, I think I have found an answer to how to sync users from different OU:s in my OID to different OIM organizations.
Hopefully this will help others.
We can use a PostProcess Event handler like this:
1. Implement the method --> public BulkEventResult execute()
This is used during recon actions.
2. Get the user hashmap with attributes and set the "act_key" value with the OIM organizations ID.
You also needs to build the logic to fetch the users "LDAP DN", which is also fetched from the map.
From that attribute we can decide which Organization to put the user in.
This is the best solution we have found yet..
Docs & tips:
http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/oper.htm#CCHFBGAA
http://fusionsecurity.blogspot.se/2011/09/oim-11g-event-handler-example.html (thank you Daniel Gralewski)
Regards,
Henrik

Is MS Identity Management for Unix / PW Sync supported in WS 2012 R2

We need to upgrade the AD forest DC servers and the FFL and DFL levels.
The current AD domain is a one-domain forest, with WS 2003 DC servers.
Our target is to install the newest Windows servers (WS 2012 R2) as DC's.
To make the job, we are going to promote new DC's first, then de-promo the old ones, and finally raise the DFL+FFL levels to the newest possible.
However, currently there are the MS Identity Management for Unix / Password Synchronization software in each of the DC's installed. To keep passwords in sync and thus the IDM to work, the software has to be installed to each of the new DC's, too.
According to MS article
http://technet.microsoft.com/en-us/library/cc731178.aspx
the pw sync can be installed to WS 2012 server.
My question is that,
- Can we go forward with WS 2012 R2 DC installation and assume that the pw sync can be used in them, too?
- Or, do we have to install older DC servers (WS 2012)?
Br,
Kari Oikkonen
Fujitsu Finland

We found the following TechNet article:
Windows Server 2012 R2 Packages
http://technet.microsoft.com/en-us/library/dn452400.aspx
According to it, the psync package is still there.
One colleague also shortly tested with R2 server by installing it with
Dism.exe /online /enable-feature /featurename:psync /all
command, and the pw sync seemed to install OK.
So, we now are encouraged to install R2 servers for DC and psync.
Br, Kari

Managing 100s UNIX servers through OIM using LDAP,

Similar Messages

Maybe you are looking for