NAC AD-SSO service started but client isn't doing SSO
Hi All,
We have NAC version 4.7(1) and we integrated it with Domain Controller on windows 2008. The integration is done and the service is started but the client (XP machine) access the domain without doing SSO then NAC Agent (Ver. 4.7.1.511) appears to start login with local DB only (there's no any other options rather than Local DB).
All Ports are opened to DC and CAS is listening to port 8910.
I attached some snapshots from NAM configuration.
One more thing, sometimes this error appears on NAC Agent "Invalid switch configuration-OOB Error:OOB client 00:17:42:BE:F3:CB/172.20.10.20 not found. Please contact your network administrator." what does this error mean?? Although i can connect the same client machine to another port and it's working properly.
Thanks in Advance,
Hi Faisal,
i have run the following "KTPASS.EXE -princ newadsso/[email protected] -mapuser newadsso -pass PasswordText -out c:\newadsso.keytab -ptype KRB5_NT_PRINCIPAL -crypto All" and the output was
Targeting domain controller: DC01.DOMAIN.COM
Successfully mapped newadsso/domain.com to newadsso.
Password succesfully set!
Key created.
Key created.
Key created.
Key created.
Key created.
Output keytab to c:\newadsso.keytab:
Keytab version: 0x502
keysize 53 newadsso/[email protected] ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x
1 (DES-CBC-CRC) keylength 8 (0x9be5c252a85d080b)
keysize 53 newadsso/[email protected] ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x
3 (DES-CBC-MD5) keylength 8 (0x9be5c252a85d080b)
keysize 61 newadsso/[email protected] ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x
17 (RC4-HMAC) keylength 16 (0x554e28e96389c80c975cc6f96b75fd92)
keysize 77 newadsso/[email protected] ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x
12 (AES256-SHA1) keylength 32 (0xcfc491228d9864ab4a5a0424b78b0178a686a8e1aa4ad2e
fa95890da6361006d)
keysize 61 newadsso/[email protected] ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x
11 (AES128-SHA1) keylength 16 (0xcb99b6a0e424f312b5c804d5941b04d7)
and when i enabled Agent-Based Windows Single Sign-On with Active Directory the following appeared:
Error : Could not start the SSO service. Please check the configuration. although it was enabled and started with DesOnly Command!
Thanks in advance.
Similar Messages
-
AD SSO Service Starts, But Client Not Performing SSO
Hi.
I hope someone can help me with this issue.
I have a NAC environment in which NAM and NAS are operating in high availability mode. The NAS is in Out-of-band Virtual gateway mode, and I have configured AD-SSO.
Users in local database (NAM) can authenticate as normally.
My problem is that users can not authenticate via AD-SSO functionality.
The AD-SSO service is up and running, but when a user tries to login into the domain (with the AD credentials), the attempt is unsuccessful and the user gets the NAC agent. For testing purposes, I have allowed data traffic from untrusted side (unauthenticated roll) to the DC domain to any port.
Does any body can help me to find which my problem is?
I have gotten the logs from the command “more /perfigo/access/tomcat/logs/nac_server.log”. I can not see any traffic to port 8910 (but there is traffic to port 8905). Besides, if someone knows where can I find documentation which helps to interpret the logs, I will thanks to share it with me.
I am attaching a document with the details.
I really appreciate your help.
Regards.Hi Damaso,
For your reference, here is the full procedure of how the CAS should authenticate the user with AD SSO:
1. The user logs in to Windows and obtains a Ticket-Granting Ticket (TGT) from the kerberos Authentication Service on AD.
[here the CAS is not involved]
2. The Agent starts and the CAS instructs the Agent to get a kerberos Service Ticket (ST) for the SSO Service from the AD server.
[here the CAS is involved]
3. The user sends its Ticket-Granting Ticket (TGT) to request the Service Ticket (ST) from the kerberos Ticket-Granting Service (TGS) on AD.
[here the CAS is not involved, as long as all the communications from/to AD are allowed for the unauthenticated role]
This Service Ticket (ST) can be seen through the Microsoft Kerbtray.exe tool.
4. The Agent sends the Service Ticket (ST) to the CAS for the user authentication and role mapping.
[here the CAS is involved]
The Kerbtray.exe tool allows us to display the Service Ticket (ST) obtained by the user from AD, that will then be sent by the Agent to the CAS.
Could you confirm through Kerbtray whether the user is getting the right ST?
http://www.microsoft.com/download/en/details.aspx?id=17657
If a user does not have any Service Ticket (ST) at all there may be an issue with AD (considering the fact that the CAS is already allowing all the traffic to/from AD).
The user may either be unable to send the Ticket-Granting Ticket (TGT) to AD, or it may be unable to obtain the Service Ticket (ST) from AD.
The CAS during this phase is neither performing any actions nor blocking any traffic, since all the communications to/from AD are already fully open in the unauthenticated role.
Regards,
Fede
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
I am getting a service start and stop alert while doing the windows server updates.
HI
I am getting a service start and stop alert while doing the windows server updates. Services are wmiApSrv , WPDBusEnum. Can you please help me to under stand why i am getting the service start and stop alert.
Thanks & Regards
Abhilash K JoyHi,
The WMI Performance Adapter (wmiApSrv) service provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
This service is installed by default and its startup type is Manual. When started in the default configuration it will log on using the Local System account.
You can try troubleshooting the issue using Clean Boot to check if the issue is related to third-party software.
How to perform a clean boot in Windows
http://support.microsoft.com/kb/929135/en-us
Best Regards,
Mandy
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Oracle 10.2G - windows service started but instance is in nomunt mode
Hello
I have trouble with oracle 10.2G in windows 2003...
I run following command:
oradim.exe -startup -sid sid_name -usrpwd pass -starttype srvc,inst
After above command, windows service has status "started", but instance is in nomunt mode.
In alert.log I don't see any error...
Thanks for any help.
Regardsin oradim.log I found following error:
Tue Dec 18 05:00:02 2007
ORA-01017: incorrect username/password; logon refuse
but I don't change any password...
This is my alertlog:
Tue Dec 18 05:00:01 2007
ORACLE V10.2.0.2.0 - Production vsnsta=0
vsnsql=14 vsnxtr=3
Windows Server 2003 Version V5.2 Service Pack 1
CPU : 4 - type 586, 2 Physical Cores
Process Affinity : 0x00000000
Memory (Avail/Total): Ph:1468M/2047M, Ph+PgF:3527M/3947M, VA:1940M/2047M
Tue Dec 18 05:00:01 2007
Starting ORACLE instance (normal)
LICENSE_MAX_SESSION = 0
LICENSE_SESSIONS_WARNING = 0
Picked latch-free SCN scheme 2
Using LOG_ARCHIVE_DEST_1 parameter default value as D:\oracle\ora102\RDBMS
Autotune of undo retention is turned on.
IMODE=BR
ILAT =18
LICENSE_MAX_USERS = 0
SYS auditing is disabled
ksdpec: called for event 13740 prior to event group initialization
Starting up ORACLE RDBMS Version: 10.2.0.2.0.
System parameters with non-default values:
processes = 150
timed_statistics = TRUE
resource_limit = TRUE
shared_pool_size = 209715200
shared_pool_reserved_size= 20971520
trace_enabled = FALSE
nls_language = POLISH
nls_territory = POLAND
nls_sort = POLISH
sga_target = 838860800
control_files = D:\ORACLE\ORA92\DATABASE\CONTROL01.CTL, D:\ORACLE\ORADATA\TETA\CONTROL02.CTL
db_block_size = 8192
compatible = 10.2.0
db_files = 100
db_file_multiblock_read_count= 8
fast_start_mttr_target = 0
undo_management = AUTO
undo_tablespace = ROLLBACK_DATA
O7_DICTIONARY_ACCESSIBILITY= TRUE
remote_login_passwordfile= EXCLUSIVE
db_domain =
instance_name = TETA
session_cached_cursors = 100
job_queue_processes = 5
parallel_min_servers = 0
parallel_max_servers = 0
background_dump_dest = D:\ORACLE\ADMIN\TETA\BDUMP
user_dump_dest = D:\ORACLE\ADMIN\TETA\UDUMP
core_dump_dest = D:\ORACLE\ADMIN\TETA\CDUMP
db_name = TETA
open_cursors = 2048
star_transformation_enabled= FALSE
pga_aggregate_target = 157286400
workarea_size_policy = AUTO
aq_tm_processes = 1
PMON started with pid=2, OS id=291912
PSP0 started with pid=3, OS id=142740
MMAN started with pid=4, OS id=656244
DBW0 started with pid=5, OS id=652136
LGWR started with pid=6, OS id=755832
CKPT started with pid=7, OS id=226276
SMON started with pid=8, OS id=661212
RECO started with pid=9, OS id=467040
CJQ0 started with pid=10, OS id=157796
MMON started with pid=11, OS id=249832
MMNL started with pid=12, OS id=795116
Tue Dec 18 05:00:02 2007
Oracle Data Guard is not available in this edition of Oracle.
Regards -
Systemd / services start but do not listen to interfaces
Hello,
In the course of migrating from initscripts to systemd (mixed systemd/sysvinit/initscripts), I am facing a strange behaviour with some services: squid, bind (named), dhcpd which start normally but do not listen to the useful interface. For instance, for named, netsat does not show 192.168.42.2:53 (which is is my LAN interface), despite the process is running (systemd status named). It seems that with systemd there is a change to the way available interfaces are reported to the services (for those services, I have not explicitly configured the interface to listen to).
If I revert back to initscripts only (removing init=/usr/lib/systemd/systemd from the kernel argument) everything is OK.
I am not running NetworkManager (relevant ?), my rc.conf is clean apart that I am still using the deprecated syntax (I need a bridge interface that NetworkManager cannot handle).
eth0="dhcp"
eth1="eth1 promisc"
br1="br1 192.168.42.2 netmask 255.255.255.0 broadcast 192.168.42.255"
INTERFACES=(eth0 eth1 br1)
Thanks for any help.mrechte wrote:
I found the cause of the problem: legacy network service starts too late, after some other network daemons which do not see yet the interfaces.
I switched to netcfg and dropped network.
Seems to be OK now.
Glad you found the problem. Would you please edit your first post and mark as "Solved" so others searching for this will see it? -
Web service hosted but client program cannot access it ERROR
hi, pls help me,
my problem is
i have hosted the WEb services successfully, i can that in the below URL
http://localhost/jbossws/services
Environment is
Jboss 4.2.2,
jdk jdk1.5.0_12
web service end point is EJB3
But i when i am trying to access it through a Client i am getting some
exceptions from JBOSS Side
14:03:31,234 ERROR [SOAPFaultHelperJAXRPC] SOAP request exception
javax.xml.rpc.soap.SOAPFaultException: Endpoint {http://test.main.i9check.source/}GreeterPort does not contain operation meta
data for: sayhello
at org.jboss.ws.core.jaxrpc.SOAPFaultHelperJAXRPC.exceptionToFaultMessage(SOAPFaultHelperJAXRPC.java:189)
at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.exceptionToFaultMessage(SOAPFaultHelperJAXWS.java:157)
at org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS.createFaultMessageFromException(SOAP11BindingJAXWS.java:104)
at org.jboss.ws.core.CommonSOAPBinding.bindFaultMessage(CommonSOAPBinding.java:645)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:430)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:272)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:189)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:122)
at org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:595)
and in the client Side Exception is
com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl cannot be cast to com.sun.xml.messaging.saaj.soap.MessageImpl
my client code is
package source.web.user;
import java.net.URL;
import javax.xml.namespace.QName;
import javax.xml.rpc.Call;
import javax.xml.rpc.ParameterMode;
import javax.xml.rpc.Service;
import javax.xml.rpc.ServiceFactory;
import javax.xml.rpc.encoding.XMLType;
import javax.xml.rpc.soap.SOAPFaultException;
public class HelloClient
static String WSDLLoc="http://127.0.0.1/i9check/TestWebServicesBean";
static String serviceName="http://test.main.i9check.source/";
static String portType="TestWebServicesBean";
static String serviceEndPointAddress=WSDLLoc;
static String nameSpace="http://test.main.i9check.source";
public static void main(String[] args)
try {
URL wsUrl = new URL(WSDLLoc+"?wsdl");
/*QName operationName = new QName(nameSpace,serviceName);
Service service = Service.create(wsUrl,operationName);
Call call = service.createCall(portName, operationName);*/
/* Service lookup */
ServiceFactory serviceFactory = ServiceFactory.newInstance();
//Service service = serviceFactory.createService(wsUrl, new QName(serviceName));
Service service = serviceFactory.createService(wsUrl, new QName(serviceName,"Greeter"));
/* Service access */
Call call = (Call) service.createCall();
call.setProperty(Call.ENCODINGSTYLE_URI_PROPERTY, "http://schemas.xmlsoap.org/soap/encoding/");
call.setProperty(Call.OPERATION_STYLE_PROPERTY, "rpc");
call.setTargetEndpointAddress(serviceEndPointAddress);
call.removeAllParameters();
call.setPortTypeName(new QName(portType));
call.setOperationName(new QName("sayhello"));
//if (call.isParameterAndReturnSpecRequired(call.getOperationName())){
call.addParameter("in0", XMLType.XSD_STRING,ParameterMode.IN);
call.setReturnType(XMLType.XSD_STRING);
/* Service invocation */
call.invoke(new Object[] {"Rony"});
catch (SOAPFaultException sfe){
System.out.println("Detail "+sfe.getDetail());
System.out.println("getFaultCode "+sfe.getFaultCode());
System.out.println("getFaultString "+sfe.getFaultString());
System.out.println("getFaultActor "+sfe.getFaultActor());
catch (javax.xml.ws.soap.SOAPFaultException sfe){
System.out.println("getCause "+sfe.getCause());
System.out.println("getStackTrace "+sfe.getStackTrace());
System.out.println("getFaultCode "+sfe.getFault());
catch(Exception ex) {System.out.println("Exception "+ex.getMessage());}
}I think ronyjoy may fixed this exception...
the solution is :
Web Service Client incompatibility between classes from JDK 6 (rt.jar) and from saaj-impl.jar, which is part of JAX-RPC distribution, causes the exception java.lang.ClassCastException: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl cannot be cast to com.sun.xml.messaging.saaj.soap.MessageImpl
To fix this issue, please update your saaj jars from the Snapshots download at https://saaj.dev.java.net/.
source:http://www.basis.com/products/bbj/relnotes620.htm
Thanks,
--sivakumar -
Concurrent Service start but stop at once
I just install a Oracle Application is vision mode , but there is a problem in Concurrent service , when I power on the Oracle Application Server , the Oracle application can start in normal , but the Concurrent Service can not start, I had start it in manual , It can startup for a while and stop , I repeat serval times to do this , the result is the same,
Is there anyboay can tole me how to fixed it ? tks!Hi, I had check the Concurrent Service's Log , it show as following :
The Internal Concurrent Manager has encountered an error.
Review concurrent manager log file for more detailed information. : 27-APR-2006 23:13:28 -
Shutting down Internal Concurrent Manager : 27-APR-2006 23:13:28
List of errors encountered:
_ 1 _
Concurrent Manager cannot find error description for CONC-System Node
Name not Registered
Contact your support representative.
List of errors encountered:
_ 1 _
Routine AFPCAL received failure code while parsing or running your
concurrent program CPMGR
Review your concurrent request log file for more detailed information.
Make sure you are passing arguments in the correct format.
how can I do next ? -
GTX 780 Ti - CUDA selected, but GPU isn't doing anything
I know there's a bunch of posts on the 780 Ti, but I've been researching for days and I'm getting nowhere.
Disclaimer: First let me just quickly say this. I know it's not officially supported and I understand why, so please don't mention that. I'm a long time PC enthusiast and builder and I've worked in technical IT positions for 15 years. I understand liability implications of testing hardware and officially supporting something, and also the implications of using unsupported configurations (like PP maybe randomly crashing, etc). Now, with that said:
The Issue: In PP CC 2014, CUDA is available and it is selected. In fact I never had to select it. It has always been automatically selected when creating new projects. However, my cards aren't doing anything. They're idle 100% of the time.
I've read posts from users and from Adobe stating that unsupported CUDA capable cards will still work as long as the user accepts a message stating that the card isn't supported. However, I don't ever recall getting a message saying anything about my cards being unsupported. I only know about said message because it's been mentioned by Adobe and other users. I'll admit that I may have, in fact, been prompted and clicked accept, or continue, or whatever, but I'm pretty sure I would remember that. I also wouldn't have been surprised to see the 780 Ti missing from the supported cards list, which I only went looking for after learning that it wasn't using my cards.
I've messed with PP settings, NVIDIA settings, uninstalled/reinstalled drivers, older drivers, beta drivers, uninstall/reinstall PP CC 2014. I read something about deleting the CUDA file so I tried that but I think that's not supposed to be necessary anymore(?)... I'm losing my mind here.
1. I've read that exporting media "only uses the CPU and not the GPU" and I've also read "CUDA GPU acceleration will significantly reduce export times". What's the official answer on this?
2. During sped up playback and reverse playback (normal playback is fine), the CPU is pegged and the GPUs are idle. Shouldn't at least this use the GPUs?
3. I've read that not all effects will or can use CUDA. For example when applying the warp stabilizer to clips, the CPU is pegged and the GPUs are idle. Does that not use CUDA? That seems like a pretty common effect that should be able to use GPUs.
I would really appreciate an official answer as to whether the 780 Ti will work or not - completely ignoring whether it's officially supported. If the answer is "yes, it will (should) work, but something is wrong with your particular setup/configuration" I'm ok with that, but I'm hoping there's a suggestion I haven't found yet, that might help get my cards working.
Thank you very much for any input you can provide.See the thing is, I've already read that post a dozen times. It seems to be
the de facto response to all these "CUDA isn't working" questions, haha. I
know what CUDA is and how it works. My issue with that page is that it's
four years old, and the only two updates aren't dated and they're vague.
The CUDA capable effects list on that page is just outdated. I've also gone
down several rabbit holes of links starting on that page, which end on
broken links or non-CUDA-related content.
With all that said, that page does specifically mention cropping, scaling,
and exporting as GPU accelerated. In my example, I'm using the warp
stabilizer set to smooth motion - position, scale, rotation, and I'm not
using any crazy export settings, just defaults with 2-pass selected instead
of 1-pass for example. -
Yeah basically what I stated, but I have re-installed it, re-downloaded the intallation software, and everything i coudl think of to see if that would make it work, but nothing has.
Hi, i had the exact same problem with FF4, it got so bad that it would "not respond" near enough every click of the mouse, i could not find help anywhere, so many solutions from people who reproted the same problem, but none of them worked,, malwarebytes and kaspesky both reported no viruses, i started FF4 in safe mode, the same thing, i then started it over and over uninstalling one addon ata a time until i removed all of my addons, but it still kept happening, fortunately i found my own solution, i upgraded to FF5.5 Beta, that was 3 days ago, ive not had a problem since, i hope that this solution may work for you too.
it would appear that this is just a FF4 problem, good luck. -
My late 2007 MacBook Pro starts but all the screen does is flash once then go black.
My late MacBook Pro 07 blinks then goes black, I just replace the hard drive. What should Ido
There is a known issue with the Nvidea GeForce 8600M GT video chipset in that model. Nvidea sold Apple and other companies bad chips that failed usually from heat issues. The only fix is a complete logic board replacement, and I found new, known-good boards are hard to get.
Apple had a repair program that fixed this at no cost for four years from data of purchase; it expired in Dec 1012. Mine died at 5-1/2 year after purchase. You should plan on getting a new computer as the chances of finding a proper replacement board are now getting thin.
Some people may suggest using an external dispaly but that will not work with this failure mode.
I was able to start mine in FireWire Target Disk Mode and connected it to my iMac. I could see and recover files. -
Ipod wont start but syncs normally
I have a problem that seemed to arrive about the same time as Apple updated iTunes to 5.0. My iPod Photo 60gb wont start up to play music anymore. It shows a picture signaling some error and the URL to Apples support site (apple.com/support/ipod) for a few seconds, then shuts of. Apples site gives no clues as to what's the matter though.
The strange thing is that the iPod seems to be working ok when connected to the Mac. It syncs normally and seems to be working as a harddisk.
I have tried a hard reset holding down those two buttons but this does not resolve the problem. I have also tried to download the latest software for the iPod from Apples website, but this won't install.
Does anyone know what to do?Well... my iPod is not starting at all. even after the steps this tutorial told me to do. i was trying to pick a song on my iPod and then all of a sudden it froze for about 3 minutes and then shut off. and i havent been able to turn it on since. the battery was charged and not low. i tried toggling the hold button and hitting reset even while it was charging with the battery and still nothing. all i hear is the iPod going "vroooom beep" over and over. like its trying to start but cant. its been doing that for almost 12hrs and i dont know what else to do. please help.
-
Want to make 3d sphere, 3d revolve isn't doing what I want
So I've got illustrator CC and I'm trying to map a pattern of a golf ball on to a sphere but it isn't doing what I'd like - it's distorting my circles the wrong way. I found a blog post about using a custom plugin, but the plugin looks like it's outdated. Wondering if there is a way to get the desired effect in CC that I'm missing? Here's the post I'm talking about, and I want to make a golf ball similar to the one in the picture. Thanks for any suggestions!
http://vectorboom.com/load/tutorials/effects/how_to_allocate_flat_objects_on_a_sphere_surf ace_in_adobe_illustrator/3-1-0-431Nope.
Per the terms of service you agreed to-all sales are final. -
NAS SSO service could not started.
Hi
I have a problem that i am unable to start the SSO service onto the one of my NAS server in inline mode but the service is running fine on my two NAS which are deployed on OOB mode.
It gives error that could not start the service please chk configurations . As i checked the nas_server.log logs i get the following error does any one have some idea abt it
DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSOUser = shkcas04
2010-09-21 12:02:16.997 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSOUser = shkcas04:DURATION=0
2010-09-21 12:02:17.003 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSOPass = Cisco1234
2010-09-21 12:02:17.003 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSOPass = Cisco1234:DURATION=0
2010-09-21 12:02:17.008 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSOKdc = pkshv002.apac.ad.ici.com
2010-09-21 12:02:17.009 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSOKdc = pkshv002.apac.ad.ici.com:DURATION=1
2010-09-21 12:02:17.014 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSORealm = APAC.AD.ICI.COM
2010-09-21 12:02:17.014 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSORealm = APAC.AD.ICI.COM:DURATION=0
2010-09-21 12:02:17.019 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - invoke: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:save
2010-09-21 12:02:17.021 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - invoke: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:save:DURATION=2
2010-09-21 12:02:17.026 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - invoke: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:startSSOServer
2010-09-21 12:02:17.026 +0500 WARN com.perfigo.wlan.jmx.adsso.GSSServer - Server was not running ...
2010-09-21 12:02:17.026 +0500 INFO com.perfigo.wlan.jmx.adsso.GSSServer - Server starting server ...
2010-09-21 12:02:17.026 +0500 INFO com.perfigo.wlan.jmx.adsso.GSSServer - GSSServer - SPN : [shkcas04/[email protected]]
2010-09-21 12:02:17.026 +0500 INFO com.perfigo.wlan.jmx.adsso.GSSServer - GSSServer - building kdc list for domain pkshv002.apac.ad.ici.com
2010-09-21 12:02:18.470 +0500 DEBUG com.perfigo.wlan.ssl.SSLLog - RMISocketFactory:adding socket:d3c940[TLS_RSA_WITH_AES_128_CBC_SHA: Socket[addr=/10.92.15.1,port=15873,localport=1099]]
2010-09-21 12:02:25.695 +0500 TRACE com.perfigo.wlan.jmx.admin.FailSafeManager - FailSafeManager is running:{0.85,0.3,[0:0:15]}:DETECT_INTERVAL=20:DETECT_TIME_OUT=300
2010-09-21 12:02:25.695 +0500 TRACE com.perfigo.wlan.jmx.admin.FailSafeManager - FailSafeManager has nothing to do ...10.92.15.1:0:1
2010-09-21 12:02:25.695 +0500 TRACE com.perfigo.wlan.jmx.admin.FailSafeManager - FailSafeManager is going to sleep: {0.85,0.3,[0:0:0]} delay=20000
2010-09-21 12:02:37.022 +0500 ERROR com.perfigo.wlan.jmx.adsso.GSSServer - Unable to start server ... pkshv002.apac.ad.ici.com
2010-09-21 12:02:37.022 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - invoke: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:startSSOServer:DURATION=19996
2010-09-21 12:02:37.061 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSOState = 0
2010-09-21 12:02:37.061 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - setAttribute: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:SSOState = 0:DURATION=0
2010-09-21 12:02:37.066 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - invoke: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:save
2010-09-21 12:02:37.067 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - invoke: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:save:DURATION=1
2010-09-21 12:02:39.598 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - isRegistered: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo
2010-09-21 12:02:39.598 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - isRegistered: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:DURATION=0
2010-09-21 12:02:39.603 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - unregisterMBean: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo
2010-09-21 12:02:39.603 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - unregisterMBean: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:DURATION=0
2010-09-21 12:02:39.608 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - createMBean: com.perfigo.wlan.jmx.admin.ServerInfo:DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:CAS:type=MLet,name=casLoader
2010-09-21 12:02:39.609 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - createMBean: com.perfigo.wlan.jmx.admin.ServerInfo:DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:CAS:type=MLet,name=casLoader:DURATION=1
2010-09-21 12:02:39.615 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - invoke: DefaultDomain:type=com.perfigo.wlan.jmx.admin.ServerInfo:init
2010-09-21 12:02:39.615 +0500 DEBUG com.perfigo.wlan.jmx.BeanServerWrapper - BeanServerWrapper - invoke:
Regards
WaqasDear Faisal ,
yes i can ping my ADs .As i am not a microsoft guy but ill try to explain it as best as i can the structure of AD
we have a Parent AD and two child AD. We are creating a user on parent AD but running KTPass on child and it is running .Now this actually worked for one of our server but this server is giving us the problem.
Regards
Waqas -
SQL Service with Domain Logon fails to Auto Start but starts Manually
I have set the SQL Service Logon to a Domain account. SQL Starts manually just fine, but it fails to start on reboot.
I see these four errors in the Windows System Log:
Event 1014 (Warning), DNS Client Events:
Name resolution for the name .... timed out after none of the configured DNS servers responded.
Event 5719, NETLOGON:
This computer was not able to set up a secure session with a domain controller in domain ... due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
Event 1055, GroupPolicy:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Finally: Event 7000, Service Control Manager:
The SQL Server service failed to start due to the following error:
The account name is invalid or does not exist, or the password is invalid for the account name specified.
Apparently there is a delay between NETLOGON starting and "being aware" of the Domain. Apparently it still is not resolved by the time the SQL Service tries to start. However it is resolved by the time the user logs in, so SQL Service successfully
starts manually.
For various reasons I cannot make the SQL Service DelayedAuto. Is there any way to configure NETLOGON Service or DNS Client to not return from the Startup process untl the DNS is resolved?A moderator can move it. I have no idea whether you can move it on your own. You can only delete your own post.
I would suggest that you repost manually to the Windows Server forum, so that you can change the title to something which fits better there. Maybe the text can also benefit from a review. Your original problem was that SQL Server does not start directly,
but you have already found out that you real issue is the DNS thing.
Erland Sommarskog, SQL Server MVP, [email protected] -
App Service iOS "get started" demo client
Is there a version of the iOS "get started" demo client app written in Swift?
http://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-dotnet-backend-ios-get-started-preview/#create-a-new-ios-app
It seems the only choice is Objective-C.
Thank you!
RobertThank you for getting back to me so quickly!
When I signed in to Event Viewer, I got an error message that my event services weren't running, so I downloaded this fix from Microsoft: http://support.microsoft.com/kb/2478117
That started my Event Services and allowed me to sign into Event Viewer and clear my logs. They are all clear now.
Then I repaired my version of 11G and rebooted, but am still unable to connect to the database or the Get Started URL.
Here are my statuses:
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version 11.2.0.2.0 - Produ
ction
Start Date 16-NOV-2012 16:31:35
Uptime 0 days 0 hr. 2 min. 30 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Default Service XE
Listener Parameter File C:\oraclexe\app\oracle\product\11.2.0\server\network\a
dmin\listener.ora
Listener Log File C:\oraclexe\app\oracle\diag\tnslsnr\CONNECTLAP28\liste
ner\alert\log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1ipc)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=CONNECTLAP28.awi.state.fl.us)(PORT=1
521)))
Services Summary...
Service "CLRExtProc" has 1 instance(s).
Instance "CLRExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL> exit
sqlplus / as sysdba
SQL*Plus: Release 11.2.0.2.0 Production on Fri Nov 16 16:34:42 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to an idle instance.
SQL>
At least it's a different error message now! Any ideas?
Edited by: 971714 on Nov 16, 2012 1:40 PM
Edited by: 971714 on Nov 16, 2012 1:41 PM
Edited by: 971714 on Nov 16, 2012 1:41 PM
Maybe you are looking for
-
Can't get adobe reader to install on my new laptop with windows 8
I can't get adobe reader to install onto my new laptop with windows 8. Basically what happens is that I start the download from the adobe screen by clicking the yellow download button, then I click run (I've also tried save and run), then I allow the
-
Error using a binding to get current row data
Hi, from a previous post ( Calling a stored procedure ) that has been answered i have reached to this point and cant get go on: i have a method declared on appmoduleimpl that calls to a procedure stored in the database and passes two parameters (one
-
Mail: 2 problems - Reply and SMTP setting
Hi all, never had any special issues with Lion, but after upgrading to Mountain Lion I have these 2 issues that I can't solve. I use Mac Mail , connecting and receiving/sending emails for 3 different accounts, one for my company (hosted on an externa
-
What is the benefit of using Firefox over Safari?
I am a long time PC user who just ran through her 5th laptop, 1 toshiba, 2 panasonics, and 2 dells. Finally decided to buy my first Apple product, MacBook Pro. Purchased yesterday and trying to learn the new system. My question is, what is 'wrong' wi
-
Icloud control panel version 2.0 work on Wiondows Vista 64 bit PC
I am unable to repair Icloud control panel version 2.0 work on Wiondows Vista 64 bit PC. After following instructions the same message to repair continues to appear.