MS Active Directory 2008 as UME datasource for AS Java
Hello,
We are running SAP EP on top of a SAP AS Java using LDAP certification, so users
from MS Active Directory 2003 domain are trusted by the Portal
I've now a problem with the version upgrade of MS Active Directory from 2003 to 2008,
it seems only SAP AS ABAP supports MS AD 2008, and our instance is JAVA only
Note 983808 - "Certified LDAP servers" also confirm this
Do you know if AD 2008 is supported, if any note has been released about this and
any document to help me wiith this issue?
thanks in advance!
Rafael
Hi Patrick, thanks for the answer
I checked the note and it refers about Windows 2008 and a scenario with SSO, that's not our case.
We just have AD as a LDAP UME datasource, users must still pass user and password which
is then checked and then login is authorized
you mentioned AD 2008 is supported for Netweaver AS Java, could you send me any document
or note with procedures or anything for configuring it ?
kind regards,
Rafael
Similar Messages
-
SAP and MS Active Directory 2008
hi all,
i want to set up a connection between our MS Active Directory 2008 and the SAP user maintenance.
what i've already done:
1. setup a RFC connection with the name LDAP_{Hostname of AD}
2. setup a ldap system user with auth. mechanism "simple bind" and credential storage "simple memory"
3. setup a LDAP connector
4. setup the LDAP server with port no. 389, product name = ms ad 2003 domain mode, protocol version = ldap version 3, ldap application = user, default = true, base entry = {highest level}, system logon = {the ldap system user}
5. done the ldap server mapping. you can see it in the screenshot here: http://imageshack.us/photo/my-images/444/mappingoverview20111017.jpg
when i now try to log in to the LDAP server, everything works fine and i get a green light.
now when i try to search something over the "find in directory" application i get an error message like that:
Operation failed
Message no. LDAPRC001
Diagnosis
This is an error message that is triggered by the directory server.
It is not possible to analyze the error in the SAP system.
Procedure
Check the log files for the directory server (if they exist), to see if they contain more information.
i get the same error message when i try the report RSLDAPSYNC_USER.
can anybody help me please?
best regards & TIA
strobbelHi...
Red light Operation failed (Message no. LDAPRC001) - This says Opeartion failed due to fail in search
Red light LDAP_SEARCH failed (Message no. LDAPACCESS101) - This says LDAP Search Failed due to Insufficient Privileges to connect from AD to SAP.
So try these ...
. While logging to the directory server did u check the option "USE SYSTEM USER" ?
. And while searching the Seacrh parameters should be as below,
Base Entry : OU=Users,OU=BDN,DC=bdn,DC=xyz
Filter : (&(objectclass=*))
. Also check for the user's privileges which is trying to connect to SAP. -
Cakll Manager 4.1 compatibility with Active Directory 2008
I need to know the compatibility
between windows 2008 Active Directory and Call Manager 4.1. I was told Call Manager
4.1 was incompatibile with windows 2008 AD. Is that Active Directory
2008 Domain and Forest functional level? I'm moving forw
ard with replacing all our windows 2003 DCs with Windows 2008 DCs. The question is will
call manager 4.1 be compatible? Need actual windows 2003 DC or can WIndows 200
3 forest and domain functional level enough?Hello gentlemen,
I just wanted to let you know that we actually got everything working again on our test bed environment.The DC is running on a virtualized Windows Server 2008 but with the forest and domain functional levels at 2003. What we had to do to resolve the ICM issues (Roggers, PGs and AW/HDS) was for all of the services that wouldn't automatically start, we had to update the 'log on as' settings to re-add those accounts and re-enter the passwords. Also, when running the ICMSetup util, it came back with an error saying that it couldn't see the 'Call Center Applications' OU even though it existed. To resolve that, we ran ICMSetup again, added the ICM instance, then upon going back to the main screen, exiting then re-running ICMSetup, everything worked again and the error did not re-occur. We were able to click on the various instance components (PG1A, CG1A, etc) where as before doing that, those instances were greyed out.
For our CallManager server 4.1(3) we didn't need to resolve anything on it. It appears to be running ok and phones are registered to it as well.
Mind you, this is a test bed environment, and the old test bed DC was created a few years ago, and with this new one being a copy of our existing production DC, there were many changes and updates done to it, so that's probably why the old accounts weren't recognized and new ones were created.
We don't think that will happen in our production environment, but even so, we're not going to upgrade our production DCs to Windows Server 2008 just yet.
Thanks for the feed back.
Joe -
Active Directory 2008 and Crystal Reporting
Hello,
My company is planning to upgrade to Active Directory 2008 R2. But before we do so, we must understand how our servers & applications interact/work with Active Directory 2008 R2. Could you please answer the following questions in regards to your application Crystal Reporting (version 10):
1. How does Crystal Reporting interact with Active Directory (AD)?
2. Is there a specific domain controller hardcoded with Crystal Reporting ?
3. Does Crystal Reporting support Active Directory 2008 R2?
Your assistance and timely response with this matter is very much appreciated. Thank you.
- PeterHi Peter,
Crystal Reports is a standalone install on the local Work Station. AD won't affect it. Unless there is some info you are telling us about how you access CR?
Thank you
Don -
Change All User Settings in Specific OU(s) In Active Directory 2008
I want to Change the Password of All the Users in Some OUs in active Directory 2008.
And Also i want to Change the Attributes of all users in specific OU(s).
What is Procedure?
Note:- My OUs names are in Arabic Language, I feel some errors whenever i user commands in Power Shell.
ThanksHello Genius
In addition to other expert advice about bulk modify I have to add that although my first language is not English, I personally prefer to name my OU's in English language. I experienced some problems with non-English OU's especially when it comes to reporting
with Powershell.
Regards.
Mahdi Tehrani Loves Powershell
Please Do not hesitate to click on Vote As Helpfull
if a post helps you or Mark As Answer
if a post answers your question.
@Mahdi,
PowerShell Integrated Scripting Environment (ISE) 3.0
supports Unicode Language (Arabic, Farsi/Persian, etc.), you do not have problem with non-english. Here is example:
New-ADUser –sAMAccountName „شنگولی“ –UserPrincipalName شنگولی@contoso.com –givenname “شنگولی” –Surname “شنگول” –displayName “شنگولی شنگول” –Name “شنگولی شنگول” –Enabled $true –Path “OU=MSFT,DC=Contoso,DC=com” –AccountPassword (ConvertTo-Securestring “Password01” –asplaintext –Force)
More Information:
Windows PowerShell 3.0 Integrated Scripting Environment (ISE)
Regards -
OIM 9.1.0 Integration with Active Directory 2008 R2
Hi,
My customer is running Root/Child AD structure based on windows 2003 w/SP2, OIM 9.1.0 deployed under one of the child domains, and integrated with child domains controllers which runs windows server 2003 as well.
My customer has decided to upgrade his AD to Windows Server 2008 R2 domain controllers across the entire AD Forest and still wants to integrate the current OIM v9.1.0 with AD for all of his Users provisioning and password synchronizations.
Am not sure if current OIM version of OIM 9.1.0 is compatible and supported by OIM v9.1.0 under active directory version 2008 / R2, and not sure if it can be integrated with such AD version.
Any guidance is really appreciated.
Also I was thinking of such scenario but also not sure of its support ability and if OIM will keep working on such scenario, the scenario is to upgrade only the AD root domain to Windows 2008 R2 while keeping the child domain holding the OIM 9.1.0 at Windows 2003 version.
Is this a working and supported scenario by OIM v9.1.0 ?I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
-Bikash -
Weblogic with Active Directory Authentication provider problem: DN for user ....: null
I have a java application (SSO via SAML2) that uses Weblogic as a Identity Service Provider. All works well using users created directly in Weblogic. However, I need to add support for Active Directory. So, as per documentation:
- I defined an Active Directory Authentication provider
- changed it's order in the Authentication Providers list so that it comes first
- set the control flag to SUFFICIENT and configured the Provider Specific; here's the concerned part in config.xml:
<sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
<sec:name>MyOwnADAuthenticator</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:propagate-cause-for-login-exception>true</wls:propagate-cause-for-login-exception>
<wls:host>10.20.150.4</wls:host>
<wls:port>5000</wls:port>
<wls:ssl-enabled>false</wls:ssl-enabled>
<wls:principal>CN=tadmin,CN=wl,DC=at,DC=com</wls:principal>
<wls:user-base-dn>CN=wl,DC=at,DC=com</wls:user-base-dn>
<wls:credential-encrypted>{AES}deleted</wls:credential-encrypted>
<wls:cache-enabled>false</wls:cache-enabled>
<wls:group-base-dn>CN=wl,DC=at,DC=com</wls:group-base-dn>
</sec:authentication-provider>
I configured a AD LDS instance(Active Directory Lightweight Directory Services) on a Windows Server 2008 R2. I created users and one admin user "tadmin" which was added to Administrators members. I also made sure to set msDS-UserAccountDisabled property to FALSE.
After restarting Weblogic I can see that the AD LDS's users and groups are correctly fetched in Weblogic. But, when I try to connect with my application, using Username:tadmin and Password:<...> it does not work.
Here's what I see in the log file:
<BEA-000000> <LDAP Atn Login username: tadmin>
<BEA-000000> <authenticate user:tadmin>
<BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
<BEA-000000> <DN for user tadmin: null>
<BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
<BEA-000000> <DN for user tadmin: null>
<BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User tadmin denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:229)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
So, I tried to look why do I have: <DN for user tadmin: null>. Using Apache Directory Studio I reproduced the ldap search request used in Weblogic and, sure enough, I get no results. But, changing the filter to only "(&(cn=tadmin)(objectclass=user))" (NOTICE, no userAccountControl), it works; here's the result from Apache Directory Studio:
#!SEARCH REQUEST (145) OK
#!CONNECTION ldap://10.20.150.4:5000
#!DATE 2014-01-23T14:52:09.324
# LDAP URL : ldap://10.20.150.4:5000/CN=wl,DC=at,DC=com?objectClass?sub?(&(cn=tadmin)(objectclass=user))
# command line : ldapsearch -H ldap://10.20.150.4:5000 -x -D "[email protected]" -W -b "CN=wl,DC=at,DC=com" -s sub -a always -z 1000 "(&(cn=tadmin)(objectclass=user))" "objectClass"
# baseObject : CN=wl,DC=at,DC=com
# scope : wholeSubtree (2)
# derefAliases : derefAlways (3)
# sizeLimit : 1000
# timeLimit : 0
# typesOnly : False
# filter : (&(cn=tadmin)(objectclass=user))
# attributes : objectClass
#!SEARCH RESULT DONE (145) OK
#!CONNECTION ldap://10.20.150.4:5000
#!DATE 2014-01-23T14:52:09.356
# numEntries : 1
(the "[email protected]" is defined as userPrincipalName in the tadmin user on AD LDS)
As you can see, "# numEntries : 1" (and I can see as result the entry "CN=tadmin,CN=wl,DC=at,DC=com" in Apache Directory Studio's interface); if I add the userAccountControl filter I get 0.
I've read that the AD LDS does not use userAccountControl but "uses several individual attributes to hold the information that is contained in the flags of the userAccountControl attribute"; among those attributes is msDS-UserAccountDisabled which, as I said, I already set to FALSE.
So, my question is, how do I make it work? Why do I have "<DN for user tadmin: null>" ? Is it the userAccountControl ? If it is, do I need to do some other configuration on my AD LDS ? Or, how can I get rid of the userAccountControl filter in Weblogic?
I didn't seem to find it in config files or in the interface: I only have "User From Name Filter: (&(cn=%u)(objectclass=user))", there's no userAccountControl.
Another difference I noticed is that, even though in Weblogic I have set ssl-enabled flag to false, in the logs I see ldaps and not ldap ( I'm not looking to setup something production-ready and I don't want SSL for the moment ).
Here are some other things I tried but did not change anything:
- the other "msDS-" attributes were not set so I tried initializing them to some value
- I tried other users defined in AD LDS, not tadmin
- in Weblogic I added users that were imported from AD LDS in Roles and Policies> Realm Roles > Global Roles > Roles > Admin
- I removed all userAccountControl occurrences that I found in xml files in Weblogic (schema.ms.xml, schema.msad2003.xml)
Any thoughts?
Thanks.I managed to narrow it down: the AD LDS does not support the userAccountControl.
Anyone knows how I can configure my Active Directory Authentication Provider in Weblogic so that it does not implicitly use userAccountControl as filter?
<BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)> -
OIM Active Directory 2008 integration
Hi All,
Has anyone integrated (or being in the process of integrating just now) OIM 9.1 with Active Directory on a Windows 2008 Server using the AD 9.1 connector or a custom connector? Any problems or other experiences with such integration?
The 9.1.1 connector will be cerfified for AD on Windows 2008 but the current connector 9.1 (or 9.1.0.1) is only cerfified for AD on Windows 2003 or 2000.
Thanks,
AlbinI believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
-Bikash -
Active Directory as readonly UME except of user's password
Hi there,
we would like to configure the portal-datasource to connect to the active directory read-only. However, (LDAP) users must be able to change there passwords. How could the xml file look like.
We checked out http://help.sap.com/saphelp_nw70/helpdata/de/46/07a02c920f4f0fe10000000a114a6b/frameset.htm, but this doesn't work. Here the portal tries to create ldap users and fails as no mandatory fields are writeable.
Also we tried to dsitriubte the active directory in one writeable and one readable. However according to help.sap.com (http://help.sap.com/saphelp_nw70/helpdata/en/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm) it is not possible to assign users from one source to groups of another.
Does anybody know a solution or a hint?
Thanks a lot and regards
StephanHi Michael,
thanks for your help. We finally solved the issue using the "homefor"-approach:
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="account">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="team" />
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<notResponsibleFor/>
<attributeMapping />
<privateSection/>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principal type="account"/>
<principal type="user"/>
</homeFor>
<notHomeFor>
<principal type="user">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="account">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
</notHomeFor>
<responsibleFor>
Thanks and regards
Stephan -
Windows Active Directory 2008 And Java
Hi,
I need to do the following.
1. Integrate my application's authentication module with Microsoft Windows Active Directory (Server 2008 Edition).
2. Need to use Kerberos authentication.
Can you please let me know what api can I use? Is there a good tutorial for this ?
Regards,
Pradeep.
Edited by: user10502962 on Oct 9, 2011 12:51 AMFinally managed to resolve the problem.
I tried to do a lot of things reading forums. But this is what worked.
1. create a key store using $ keytool -genkey -keystore /home/rohan/mystore -keysize 1024 -keyalg RSA --- created "mystore" key store. From the cert file I got the information on RSA and encryption of 1024 bits.
2. import the certificate the keystore - $ keytool -import -keystore /home/rohan/mystore -alias primarydc -file DC2K8.cer
3. In the code just added these lines
env.put(Context.PROVIDER_URL, "ldap://myldapserver:389"); // Port 389 on Windows Domain Controller
String keystore = "/home/rohan/mystore";
System.setProperty("javax.net.ssl.trustStore",keystore);
System.setProperty("javax.net.ssl.keyStorePassword","password");
4. Change of Password (code provided by stevead )
StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
tls.negotiate();
ModificationItem[] mods = new ModificationItem[2];
String newQuotedPassword = "\""+password+"\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD)));
ctx.modifyAttributes(userName, mods);
Useful links
http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
http://blog.smartkey.co.uk/2010/09/working-around-a-sslhandshakeexception/
http://www.thinkplexx.com/learn/howto/security/tools/understanding-java-keytool-working-with-crt-files-fixing-certificate-problems
Thanks to stevead and handat for helping.
Rohan -
Microsoft Active Directory 2008 - Day CQ Integration.
Hi All,
We have integrated AD with CQ for authentication purpose (JAAS config, LDAPLoginModule).
We are registering user from our website and storing them directly on AD (using day ldap client APIs - day-commons-ldapclient-1.1.6.jar). Now the problem is that the created user are disabled by default, to overcome this we have set an attribute "userAccountControl" while registering.
This solved the disable issue, but another issue is that user can not login unless his/her password is being reset from AD admin interface.
The password is set in "userPassword" attribute and AD is not treating this as a password so it enable the flag for reset password mechanism.
There is another attribute which needs to be set for this and is called "unicodePwd", but to set this the connection should be encrypted(at least 128 bit SSL/TLS) and LDAPS should be used and not LDAP.
Please refer the MS article at http://msdn.microsoft.com/en-us/library/cc223248%28v=prot.10%29.aspx
So the question is that can it be achieved with with LDAP protocol itself, if not then how big is the effort to go via LDAPS approach.
Has anybody achieved something similar and throw some light?
Any pointer will be helpful.
Thanks in Advance,
RakeshFrom what I understand, you are attempting to synchronize your users from CQ into your active directory instance. To me, it sounds like you should really get LDAPS set up, as opposed to attempting to work aroud it.
Here is a link to the part of the document Day wrote on how to configure LDAP for CQ5:
http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html#Configuring LDAP over SSL
Additionally, if you take a look at the forum topic I posted about this very problem, there is a nice list of resources for what you are trying to do: http://forums.adobe.com/thread/1068151?tstart=0
Hope that helps! Good luck! -
I have a script which displays locked out accounts. It works great.
I'd like to display the fully qualified Active Directory Login Name instead of the LastName, First Name:
Example: Davis, Susan
Want instead: Domain\Susan.Davis
I'd also like to include an additional filter to look for only Domain\Susan.Davis OR Domain\Robin.Givens
Here is my script:
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = "(&(objectClass=User)(lockoutTime>=1))"
$colProplist = "name","samaccountname"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i) | out-null}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults) {
$domainname = $objDomain.name
$samaccountname = $objResult.Properties.samaccountname
$user = [ADSI]"WinNT://$domainname/$samaccountname"
$ADS_UF_LOCKOUT = 0x00000010
if(($user.UserFlags.Value -band $ADS_UF_LOCKOUT) -eq $ADS_UF_LOCKOUT) {
$objResult.Properties.name
John
JohnSorry, I should have mentioned that the cmdlets I'm using are part of the Active Directory module. You'll need to install the RSAT (Win7+) to use them.
If you'd rather stick with your DirectorySearcher methods instead of moving to the AD module, you can adjust your output by using something like this instead:
if(($user.UserFlags.Value -band $ADS_UF_LOCKOUT) -eq $ADS_UF_LOCKOUT) {
"$domainname\$($objResult.Properties.samaccountname)"
$domainname might not be what you're expecting, just FYI.
As for filtering, you can add to the if statement and check for your known usernames only.
Don't retire TechNet! -
(Don't give up yet - 12,700+ strong and growing) -
How can I capture delete user event in Active Directory 2008 using Powershell command
Hi,
In my Active Directory every user have own home drive in the file server. When I delete user I also need to delete folder from the server.
My target is make the process automated, so that when I delete user account form AD, the folder associate with user also delete.
Can I write any power shell script to grep the delete event and remove folder from file server.
Thanks
Tamim KhanYou can setup event viewer to provide alerts (email alerts) for event id 630.
Find an existing Event ID 630 entry, right click on it and "Attach Task To This Event...."
Follow the wizard.
** Event ID Sample **
Event ID: 630
Type: Success Audit
Description: User Account Deleted:
Target Account Name: %1 Target Domain: %2
Target Account ID: %3 Caller User Name: %4
Caller Domain: %5 Caller Logon ID: %6
Privileges: %7
- Chris Ream -
**Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.** -
Kerberos based authentication from AS 10.1.2 to Active Directory 2008
Hello,
just a short question: Has anyone achieved to authenticate via kerberos to a Windows 2008 domain?
Info: We like to continue to use the SSO and Windows Native Authentication feature. It worked with our Windows 2003 domain. But our domainserver was updated and we cannot make a connection from our Oracle application server (10.1.2.0.2) to the new domain via kerberos. The ktpass shows errors (according pType) while creating the sso.keytab. The keytab file is created. The kinit-tool (for testing the keytab file) shows errors again. Also the OPMN log shows during startup an error.
Any hint would be appreciated,
regards
Joergunzip in a new folder and start jdev, it'll ask if you want to copy the configurations from an earlier version. after that you only need to install custom extensions:
copy all files from old_version_jdev\jdev\lib\ext to new_version_jdev\jdev\lib\ext which are in old_version_jdev\jdev\lib\ext but not in new_version_jdev\jdev\lib\ext
better to first shut down jdev!
if everything works in the new version you can delete the old one.
if you are using an OC4J standalone or ias remember to update the adf version there too! -
Active Directory 2012 R2: SMB1 Access for XP / Server 2003
Hi there Experts
I'm currently planning the migration of our 2008 R2 Domain Controller to 2012 R2. We also have a few XP / Server 2003 Clients in our Environment.
I read on a few blog posts that there is a problem with XP and Server 2003 to access e.g. the NETLOGON Share on a 2012 R2 Domain Controller due missing SMB1 Support of Server 2012 R2.
see:
https://social.technet.microsoft.com/Forums/windowsserver/en-us/bca317cd-87aa-4fd7-b12a-6715e6dddfe5/cant-access-unc-share-on-windows-server-2012-r2?forum=winserver8gen
https://workinghardinit.wordpress.com/2014/04/25/windows-xp-clients-cannot-execute-logon-scripts-against-a-windows-server-2012-r2-domain-controller-workaround/
I tested this in our Lab Environment were we already migrated our Domain Controller to Server 2012 R2. In this environment i can access all shares on a 2012 R2 Server via a XP Testclient, without performing the above SMB1 Activation on the Domain Controllers.
Also the GPO and Logonscripts are applied successfully.
Can anyone tell me if i need to implement the Workarounds to enable SMB1? What i can tell is that the Feature "SMB 1.0 / CIFS File Sharing Support" is installed on the domain controllers.
Thank you in advance!
Best regards, SimonAs you long as you have no problem without applying the workaround then you can proceed without implementing it. Just keep the workaround as plan B in case if you notice some failures.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile
Maybe you are looking for
-
Performance degradation after upgrading to yosemite
I'm experiencing performance degradation on MacBook Pro 15 including number of spinning wheels, instance of dark screen, overheating after upgrading to Yosemite diminished battery life Is Yosemite the cause of this and other issues
-
Recommendation: disk drive configuration
I use my Mac Pro at work for some basic iMovie video editing, so I have very capacity requirements. I currently have multiple hard disks; my startup disk is a 500GB SATA in HDD bay 1. I have two 400GB SATA drives in HDD bays 2 & 3, RAIDed together wi
-
Capital goods purchase and return
Hi Sap guys, Can anybody give me the steps of purchasing the capital goods and return of the same.Also give me the steps of debit and credit of cenvat Best Regards. Sandeep
-
Installation of windows xp pro on mac os x lion 10.7.4
Need help. Is is possible to install windows xp pro on a mac os x lion 10.7.4 using boot camp? Just recently bought my macbook pro and the seller told me that windows xp is possible but when I used boot camp, the selections are for windows 7 only.
-
Recently at least one of my apple tv's continue to fail using the home sharing, such that I cannot complete watching a movie without homesharing failing. The signal strength is fine, and i have to manually turn on and off home sharing in itunes to re