Naming Service not availabe

Hi,
We are devloping Wrapper arround the Identity server sdk which is going to be placed on linux+weblogic platform. Everything is working fine without SSL enabled for access manager(identity server). When AM is running in SSL mode we are facing problem when our code is trying to create AuthContext. Following is the log trace from debug file
01/20/2005 06:00:06:750 PM MST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
authenticate...START
01/20/2005 06:00:09:586 PM MST: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
ERROR: authenticate :
com.sun.identity.authentication.spi.AuthLoginException(1):null
com.sun.identity.common.L10NMessageImpl(2):Failed to create New AuthContext: Error while processing XML request
Naming Service is not available
com.sun.identity.common.L10NMessageImpl: Failed to create New AuthContext: Error while processing XML request
Naming Service is not available
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1220)
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1142)
at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:148)
at com.abs.security.b2b.AuthenticationService.authenticate(Unknown Source)
at com.abs.security.b2b.B2BIDSInterfaceImpl.authenticate(Unknown Source)
at com.abs.security.b2b.client.B2BInitialAdminClientServlet.authenticate(Unknown Source)
at com.abs.security.b2b.client.B2BInitialAdminClientServlet.doGet(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
we took care of loading JSS libraries and AMConfig. properties file changes, trusted CA certificate import and also we added system property java.protocol.handler.pkgs=com.iplanet.services.comm
any help is appreciated.

Did you resolve this issue. I have just encountered it when I switched from non-SSL to an SSL port. The exception I get is the same as yours. The debug log indicates that the host name is incorrect:
03/25/2005 03:23:57:841 PM EST: Thread[main,5,main]
ERROR: updateNamingTable : Naming Service is not available^M
03/25/2005 03:23:57:881 PM EST: Thread[main,5,main]
ERROR: Naming service connection failed for https://dakota.abcd.com:4405/am
server/namingservice
com.iplanet.services.comm.client.SendRequestException: HTTPS hostname wrong: sh
ould be <dakota.abcd.com>^M
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:131)^M
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:71)^M
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.jav
a:335)^M
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java
:308)^M
at com.iplanet.services.naming.WebtopNaming.getServiceURL(WebtopNaming.java:12

Similar Messages

Remote Authentication Naming Service Not Found

Hey everybody,
I found this thread:
http://swforum.sun.com/jive/thread.jspa?threadID=54004
That thread mentions (or implies) there is something different that must be accomplished when performing remote authentications vs local authentications but never actually states what is different.
Anyhow, I am attempting to perform a remote authentication, and am running into problems. I have taken the code listed in the above thread and modified it for my usage, with a few modifications. However, I keep getting this error:
[#|2006-02-13T15:50:56.321-0500|INFO|sun-appserver-pe8.1_02|javax.enterprise.system.stream.out|_ThreadID=25;|ERROR: updateNamingTable : Naming Service is not available.
|#]
[#|2006-02-13T15:50:56.332-0500|WARNING|sun-appserver-pe8.1_02|javax.enterprise.system.stream.err|_ThreadID=25;|
com.sun.identity.authentication.spi.AuthLoginException(1):null
com.sun.identity.authentication.spi.AuthLoginException(2):null
com.sun.identity.authentication.spi.AuthLoginException: Failed to create new Authentication Context: Naming Service is not available.
        at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1310)
        at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1261)
        at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:178)
        at infrastructure.SessionBean1.login(SessionBean1.java:224)
        at infrastructure.login.button1_action(login.java:267)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at ...When I connect to the service via http://myserver.mydomain.tld/amserver/namingservice I recieve a message that looks like:
Webtop 2.5 Platform Low Level request servletWhich indicates it is running properly. I also am using the AMConfig.properties that is running on the server to pull my values and my code (listed below) prints out all the values it reads. I am using the base dn for the orgname as indicated in various documentation.
My code looks like:
    public boolean login(String username, String password) {
        try {
            ResourceBundle resources = ResourceBundle.getBundle("AMConfig");
            String orgname = null;
            Properties props = new Properties();
            Enumeration keyEnum = resources.getKeys();
            while ( keyEnum.hasMoreElements() ) {
                String key = (String) keyEnum.nextElement();
                String value = (String) resources.getString(key);
                props.setProperty(key, value);
                if ( key.equalsIgnoreCase("com.iplanet.am.defaultOrg") ) {
                    orgname = value;
                this.getFacesContext().addMessage(null, new FacesMessage(key + " = " + value));
            SystemProperties.initializeProperties(props);
            // Authenticate the user and obtain SSO Token
            AuthContext lc = null;
            lc = new AuthContext(orgname);
            lc.login();
            while (lc.hasMoreRequirements()) {
                Callback[] callbacks = lc.getRequirements();
                for (int i = 0; i < callbacks.length; i++) {
                    if (callbacks[i] instanceof NameCallback) {
                        NameCallback nc = (NameCallback) callbacks;
nc.setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(password.toCharArray());
} else {
log("Unknown Callback: " + callbacks[i]);
return false;
lc.submitRequirements(callbacks);
if (lc.getStatus() != AuthContext.Status.SUCCESS) {
log("Invalid credentials");
return false;
// Obtain the SSO Token
token = lc.getSSOToken();
log("SSOToken: " + token.getTokenID());
log("User DN: " +
token.getPrincipal().getName());
// Obtain AMUser object
db = new AMStoreConnection(token);
user = db.getUser(token.getPrincipal().getName());
// Get the attributes and display them
log("Attributes: " + user.getAttributes());
} catch (Exception e) {
this.getFacesContext().addMessage(null, new FacesMessage("An exception occurred, unable to login.", e.getMessage()));
e.printStackTrace();
return false;
Any ideas?
Thanks!
Joshua Preston.

The most common reason for this error is improper
communication with your LDAP server . Is your DS
setup correctly and are you able to authenticate
using amadmin ?Yes, our DS is setup correctly and I am able to authenticate using amadmin.

Runtime Service not Available after Copy

Hi
OWB 10g,
Oracle DB 8.1.7.4.12
I'm trying to copy the whole database, including all OWB and Runtime Repository and reload to another server.
After that, OWB client works fine but when I try to connect Deployment Manager, the error massage shows: Runtime Service not Availabe. ( the Runtime connection properties are changed to match the new server). I then tried to manually start the runtime service, the error massage shows: Not available. And I then run Service_Doctor, it shows "Platform Service Not Available".
For what I searched from metalink and here, the solution is always saying 'Reinstall the Runtime Service'.
Is there any idea that I can make it work without reinstall because I don't want to start from scratch to redeploy and reload all of my data?
I'm waiting on line.
Thank you,
Daming

Hi Igor,
I manually change table wb_rt_servuce_nodes with the proper hostname, service name, OWB home name. Also check the value in OWBRT_SYS.OWBRTPS, no problem. But Runtime service still not started. So I give up and then try to do it from scratch.
I tried to reinstall all the repositories (OWB and runtime ) on the new server and still got the same problem.
What I've done is drop all the repositories via Runtime Assistant and then done 'drop user rtr cascade' from sqlplus for all the target schemas and rtr/rtu. Then create new reopositories again. After that I restart the database , runtime service not started. Then I tried manually start it, failed.
Anyidea? Should I reinstall the software?
Thanks,
Daming

Javax.naming.NameNotFoundException: service not bound

hi
i am trying to access web services using JNDI lookup.
this is my client code snippet
ctx=new InitialContext();
               //customerSessionRemote remote=(customerSessionRemote)ctx.lookup("customer/remote");
               Service service=(Service)ctx.lookup("java:comp/env/service/CustomerRegisteration");
               try {
                    EndpointInterface port = (EndpointInterface)service.getPort(EndpointInterface.class);
                    String user=port.validateUser(getUserName(), getPassword());
                    System.out.println(user);
               } catch (ServiceException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
          } catch (NamingException e) {
               // TODO Auto-generated catch block
               e.printStackTrace();
but i am getting following error,
javax.naming.NameNotFoundException: service not bound
17:55:56,468 ERROR [STDERR]      at org.jnp.server.NamingServer.getBinding(NamingServer.java:529)
17:55:56,468 ERROR [STDERR]      at org.jnp.server.NamingServer.getBinding(NamingServer.java:537)
17:55:56,468 ERROR [STDERR]      at org.jnp.server.NamingServer.getObject(NamingServer.java:543)
17:55:56,468 ERROR [STDERR]      at org.jnp.server.NamingServer.lookup(NamingServer.java:267)
17:55:56,468 ERROR [STDERR]      at org.jnp.server.NamingServer.lookup(NamingServer.java:270)
17:55:56,468 ERROR [STDERR]      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:625)
17:55:56,484 ERROR [STDERR]      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:716)
17:55:56,484 ERROR [STDERR]      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:587)
17:55:56,484 ERROR [STDERR]      at javax.naming.InitialContext.lookup(InitialContext.java:351)
17:55:56,484 ERROR [STDERR]      at client.UserBean.loginUser(UserBean.java:125)
17:55:56,484 ERROR [STDERR]      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
17:55:56,484 ERROR [STDERR]      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
17:55:56,484 ERROR [STDERR]      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
17:55:56,484 ERROR [STDERR]      at java.lang.reflect.Method.invoke(Method.java:585)
17:55:56,484 ERROR [STDERR]      at com.sun.faces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:126)
17:55:56,484 ERROR [STDERR]      at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)
17:55:56,484 ERROR [STDERR]      at javax.faces.component.UICommand.broadcast(UICommand.java:312)
17:55:56,484 ERROR [STDERR]      at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:267)
17:55:56,484 ERROR [STDERR]      at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:381)
17:55:56,484 ERROR [STDERR]      at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:75)
17:55:56,484 ERROR [STDERR]      at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:200)
17:55:56,484 ERROR [STDERR]      at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:90)
17:55:56,484 ERROR [STDERR]      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:197)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
17:55:56,484 ERROR [STDERR]      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
17:55:56,484 ERROR [STDERR]      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
17:55:56,484 ERROR [STDERR]      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
17:55:56,484 ERROR [STDERR]      at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
17:55:56,484 ERROR [STDERR]      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
17:55:56,484 ERROR [STDERR]      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
17:55:56,484 ERROR [STDERR]      at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
17:55:56,484 ERROR [STDERR]      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
17:55:56,484 ERROR [STDERR]      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
17:55:56,484 ERROR [STDERR]      at java.lang.Thread.run(Thread.java:595)
please help me in resolving this

hi
As i am exposing ejb3 components as web servcices there is no deployment descriptor files.its based on annotation.Even i am developing enterprise applicatoin.I am using Jboss app server.
only 2 xml files are there,
persistence.xml and web.xml
should i need to post any other file?
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet>
<description>This is the description of my J2EE component</description>
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>AccountListServlet</servlet-name>
<servlet-class>client.AccountListServlet</servlet-class>
</servlet>
<servlet>
<description>This is the description of my J2EE component</description>
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>accountDetailServlet</servlet-name>
<servlet-class>client.accountDetailServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AccountListServlet</servlet-name>
<url-pattern>/AccountListServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>accountDetailServlet</servlet-name>
<url-pattern>/accountDetailServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
persistence.xml
<?xml version="1.0" encoding="UTF-8"?>
<persistence xmlns="http://java.sun.com/xml/ns/persistence"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0">
     <persistence-unit name="customer" transaction-type="JTA">
          <jta-data-source>java:/MSSqlDS</jta-data-source>
          <properties>
     <property name="hibernate.hbm2ddl.auto" value="update" />
     <property name="hibernate.show_sql" value="true" />
     <property name="hibernate.dialect" value="org.hibernate.dialect.SQLServerDialect" />
     </properties>
     </persistence-unit>
</persistence>
could u tell me where i went wrong?

JNDI Exception : [System] not bound in naming services

Hi All,
Is there any way to resolve this JNDI exception "Invalid Path: [System/Launchers] not bound in naming service" ?
Thanks in Advance

This did not work dear. I assume when you say [Add ur datasource], you mean the name of the datasource, and I did as you told. I was wondering though that I have an independent java class which try to get data source from WSAD server, then how does web.xml help, may be I am not understanding the connection here.
Just to let you know, that same java class gets the datasource from 4.0 test server. I am running both servers now i.e. 4.0 test and 5.0 test server on different ports, and only data source from 4.0 workd good. Do you have any other solution, which I can try.
Is there any difference the way data source is accessed between 4.0 and 5.0 versions.
Thanks in advance.
Open web.xml, There will reference tab,, then take
Resource, Add ur datasourse on where the Cursor points
and then JNDI Name.
U need to restart ..

Issue Password-less SSH: Sun OpenDS 2.0 as Naming Service

We are in the final phase of a proof of concept for Sun OpenDS as the Naming service for an important customer and facing problem with password-less ssh. We narrowed the problem down to password policy specifying a value for password maximum age. SSH succeeds with ?0? (zero) but requires password if the value is different from 0.
Any help in getting a resolution is greatly appreciated, as this is a road block now.
The following information is gathered.
The test is performed from a host thud which is setup as an ldapclient.
thud 275 ssh thud -i .ssh/thud
Password:
Last login: Tue Oct 13 06:57:01 2009 from xxx
Apparent reason (trimmed):
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying public key: .ssh/thud
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 434 lastkey 1166d0 hint 0
debug2: input_userauth_pk_ok: fp 07:15:b3:07:8d:da:b3:c8:34:d0:34:91:60:77:e0:39
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type DSA
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
Corresponding debug info from server (thud):
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: userauth-request for user doejohn service ssh-connection method publickey
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: test whether pkalg/pkblob are acceptable
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 6147/150 (e=0/1)
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: trying public key file /home/doejohn/.ssh/authorized_keys
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: matching key found: file /home/doejohn/.ssh/authorized_keys,
line 2Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.info] Found matching DSA key: 07:15:b3:07:8d:da:b3:c8:34:d0:34:91:60:77:e0:39
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: restore_uid: 0/1
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: userauth-request for user doejohn service ssh-connection method publickey
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: attempt 2 initial attempt 0 failures 1 initial failures 0
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 6147/150 (e=0/1)
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: trying public key file /home/doejohn/.ssh/authorized_keys
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: matching key found: file /home/doejohn/.ssh/authorized_keys, line 2
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.info] Found matching DSA key: 07:15:b3:07:8d:da:b3:c8:34:d0:34:91:60:77:e0:39
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: restore_uid: 0/1
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: ssh_dss_verify: signature correct
Oct 13 07:29:36 thud sshd[21187]: [ID 966290 auth.debug] PAM[21187]: pam_start(sshd-pubkey,doejohn,0:179560) - debug = 1
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:service)
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:user)
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:conv)
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:rhost)
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:tty)
Oct 13 07:29:36 thud sshd[21187]: [ID 665327 auth.debug] PAM[21187]: pam_acct_mgmt(179560, 0)
Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_roles.so.1
Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_projects.so.1
Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_unix_account.so.1
Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_ldap.so.1
Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
Oct 13 07:29:36 thud sshd[21187]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
Oct 13 07:29:36 thud sshd[21187]: [ID 267958 auth.debug] pam_unix_account: doejohn: Ignore module
Oct 13 07:29:36 thud sshd[21187]: [ID 545954 auth.debug] libsldap: more_info is empty, using default values
Oct 13 07:29:36 thud sshd[21187]: [ID 340006 auth.debug] PAM[21187]: pam_acct_mgmt(179560, 0): error Authentication failed
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.notice] Failed publickey for doejohn from 172.16.1.207 port 44363 ssh2
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: userauth-request for user doejohn service ssh-connection method keyboard-interactive
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: attempt 3 initial attempt 0 failures 3 initial failures 0
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: keyboard-interactive devs
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:conv)
Oct 13 07:29:36 thud sshd[21187]: [ID 873394 auth.debug] PAM[21187]: pam_end(179560): status = Authentication failed
Sending the Account Usability control on the server returns:
?The account is not usable?
solaris-z1 487 # ldapsearch -D 'cn=directory manager' -w xxx -b 'dc=texas,dc=net' -J "accountUsability:true" uid=doejohn
# Account Usability Response Control
# The account is not usable
dn: uid=doejohn,ou=eng,ou=People,dc=texas,dc=net
uid: doejohn
shadowLastChange: 14480
loginShell: /bin/ksh
userPassword: {CRYPT}GOUlmnz01bJbwcY69Btp2sIRJrLf+5RtAj4oug==
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: IEEPerson
objectClass: posixAccount
objectClass: top
givenName: John
cn: John Doe
sn: Doe
telephoneNumber: ...
gecos: ...
homeDirectory: /home/doejohn
mail: [email protected]
uidNumber: 6147
gidNumber: 150
manager: ...
For someone with a different password policy (max age is 0) the account is usable.
Ldapclient is running on a SPARC, Solaris 9 system; the Sun OpenDS 2.0 is running on Solaris 10 Sparc.
Password-less ssh works as expected when using a system not using LDAP.

See https://opends.dev.java.net/servlets/ProjectForumMessageView?messageID=31827&forumID=3292.
Regards,
Ludovic.

Naming Services cannot work well!!!

Hi,
I have configured the AM2005Q4 and Policy agent with apache, apache http.conf file is like
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /hzycportal http://exchange.hzliqun.com:8013/hzycportal
ProxyPassReverse /hzycportal http://exchange.hzliqun.com:8013/hzycportal
When I type http://exchange.hzliqun.com:8080/hzycportal in IE, and type the user/password, but it cannot reach at the application system. The agent debug log is like
2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: HTTP Status = 200 (OK)
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Http::Response::readAndParse(): Reading headers.
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Server: Sun-Java-System-Web-Server/6.1
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Date: Mon, 21 Nov 2005 02:22:18 GMT
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Content-type: text/html
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Connection: close
2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: Http::Response::readAndParse(): No content length in response.
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 all: Connection::waitForReply(): returns with status success.
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: Http::Response::readAndParse(): Completed processing the response with status: success
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ResponseSet vers="1.0" svcid="com.iplanet.am.naming" reqid="2922">
<Response><![CDATA[<NamingResponse vers="1.0" reqid="2916">
<GetNamingProfile>
<Exception>SessionID ---AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23---is Invalid</Exception>
</GetNamingProfile>
</NamingResponse>]]></Response>
</ResponseSet>
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: NamingService()::parseNamingResponse(): Buffer to be parsed: <NamingResponse vers="1.0" reqid="2916">
<GetNamingProfile>
<Exception>SessionID ---AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23---is Invalid</Exception>
</GetNamingProfile>
</NamingResponse>
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 NamingService: NamingService::parseNamingResponse(): Got Exception in XML.
2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: NamingService::parseNamingResponse() returning with status invalid session.
2005-11-21 10:23:07.578 Debug 460:82f3d8 NamingService: NamingService()::getProfile() returning with error code invalid session.
2005-11-21 10:23:07.578 Info 460:82f3d8 PolicyEngine: am_policy_evaluate: InternalException in Service::update_policy with error message:Naming query failed. and code:18
2005-11-21 10:23:07.578 Warning 460:82f3d8 PolicyAgent: am_web_is_access_allowed()(http://exchange.hzliqun.com:8080/hzycportal, GET) denying access: status = invalid session
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://exchange.hzliqun.com:8080/hzycportal.
2005-11-21 10:23:07.578 Info 460:82f3d8 PolicyAgent: am_web_is_access_allowed()(http://exchange.hzliqun.com:8080/hzycportal, GET) returning status: invalid session.
2005-11-21 10:23:07.578 Info 460:82f3d8 PolicyAgent: process_request(): Access check for URL http://exchange.hzliqun.com:8080/hzycportal returned invalid session.
2005-11-21 10:23:07.578 MaxDebug 460:82f3d8 PolicyAgent: am_web_get_url_to_redirect(): goto URL is http://exchange.hzliqun.com:8080/hzycportal
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_get_url_to_redirect: Before invoking find_active_login_server()
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: is_server_alive(): Connection timeout set to 2
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_get_url_to_redirect: After invoking find_active_login_server()
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: process_access_redirect(): get redirect url returned AM_SUCCESS, redirect url [http://sunam1.hzliqun.com:80/amserver/UI/Login?goto=http%3A%2F%2Fexchange.hzliqun.com%3A8080%2Fhzycportal].
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: process_access_redirect(): returning web result AM_WEB_RESULT_REDIRECT.
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_REDIRECT, data [http://sunam1.hzliqun.com:80/amserver/UI/Login?goto=http%3A%2F%2Fexchange.hzliqun.com%3A8080%2Fhzycportal]
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_REDIRECT
2005-11-21 10:23:07.578 Debug 460:82f3d8 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: get_request_url(): Host: exchange.hzliqun.com:8080
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: get_request_url(): Port is 8080.
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: get_request_url(): Returning request URL http://exchange.hzliqun.com:8080/hzycportal.
2005-11-21 10:23:07.593 Warning 460:82f3d8 PolicyAgent: get_method_num(): Apache request method number did not match method string. Setting method number to match method string GET.
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: am_web_is_notification(), http://exchange.hzliqun.com:8080/hzycportal is not notification url http://exchange.hzliqun.com:8080/amagent/UpdateAgentCacheServlet?shortcircuit=false.
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: find_cookie(): cookie found: header [JSESSIONID=D835480D9BBF3902D562A596CC05E953; iPlanetDirectoryPro=AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%253D%2540AAJTSQACMDE%253D%2523] name [iPlanetDirectoryPro=AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%253D%2540AAJTSQACMDE%253D%2523] val [AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%253D%2540AAJTSQACMDE%253D%2523] val_len [78] next_cookie [NULL]
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: am_web_is_access_allowed(): processing url http://exchange.hzliqun.com:8080/hzycportal.
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 PolicyAgent: FqdnHandler::isValidFqdnResource() Resource => http://exchange.hzliqun.com:8080/hzycportal, is valid => true
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: am_web_is_access_allowed(): client_ip 10.44.202.218 not found in client ip not enforced list
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 AM_POLICY_SERVICE_NAME: am_policy_compare_urls(): compare usePatterns=true returned 3
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: in_not_enforced_list: enforcing access control for http://exchange.hzliqun.com:8080/hzycportal
2005-11-21 10:23:07.593 Debug 460:82f3d8 PolicyAgent: set_host_ip_in_env_map: map_insert: client_ip=10.44.202.218
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 ServiceEngine: Executing update_policy(AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23, http://exchange.hzliqun.com:8080/hzycportal, GET, 2)
2005-11-21 10:23:07.593 Debug 460:82f3d8 all: cookieList is not empty
2005-11-21 10:23:07.593 Debug 460:82f3d8 all: Exit from buildCookieHeader
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="2923">
<Request><![CDATA[
<NamingRequest vers="1.0" reqid="2917" sessid="AQIC5wM2LY4SfcwdVekzKyVgAc5xMpqj1O8RFjf768vqC4w%3D%40AAJTSQACMDE%3D%23">
<GetNamingProfile>
</GetNamingProfile>
</NamingRequest>]]>
</Request>
</RequestSet>
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: BaseService::sendRequest Request line: POST /amserver/namingservice HTTP/1.0
2005-11-21 10:23:07.593 Debug 460:82f3d8 NamingService: BaseService::sendRequest Cookie and Headers =Host: sunam1.hzliqun.com
2005-11-21 10:23:07.593 Debug 460:82f3d8 NamingService: BaseService::sendRequest Content-Length =Content-Length: 346
2005-11-21 10:23:07.593 Debug 460:82f3d8 NamingService: BaseService::sendRequest Header Suffix =Accept: text/xml
Content-Type: text/xml; charset=UTF-8
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: BaseService::sendRequest(): Total chunks: 7.
2005-11-21 10:23:07.593 MaxDebug 460:82f3d8 NamingService: BaseService::sendRequest(): Sent 7 chunks.
And it will recycle these processes. From the logs, it seems that cannot get correct namingservices. But the agent configuration is correct, and likes these
# $Id: AMAgent.properties,v 1.86.2.6 2005/10/25 18:14:11 dknab Exp $
# Copyright ?2002 Sun Microsystems, Inc. All rights reserved.
# U.S. Government Rights - Commercial software. Government users are
# subject to the Sun Microsystems, Inc. standard license agreement and
# applicable provisions of the FAR and its supplements. Use is subject to
# license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
# trademarks or registered trademarks of Sun Microsystems, Inc. in the
# U.S. and other countries.
# Copyright ?2002 Sun Microsystems, Inc. Tous droits r�serv�s.
# Droits du gouvernement am�ricain, utlisateurs gouvernmentaux - logiciel
# commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
# licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
# vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl�ments
# ?celles-ci.
# Distribu?par des licences qui en restreignent l'utilisation. Sun, Sun
# Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
# marques d�pos�es de Sun Microsystems, Inc. aux Etats-Unis et dans
# d'autres pays.
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Sun [TM] ONE Identity Server
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Sun [TM] ONE Identity Server will disable the SDK.
com.sun.am.cookieName = iPlanetDirectoryPro
# The URL for the Sun [TM] ONE Identity Server Naming service.
com.sun.am.namingURL = http://sunam1.hzliqun.com:80/amserver/namingservice http://sunim1.hzliqun.com:80/amserver/namingservice
# The URL of the login page on the Sun [TM] ONE Identity Server.
com.sun.am.policy.am.loginURL = http://sunam1.hzliqun.com:80/amserver/UI/Login http://sunim1.hzliqun.com:80/amserver/UI/Login
#com.sun.am.policy.am.loginURL = http://sunam1.hzliqun.com:80/amserver/gateway http://sunim1.hzliqun.com:80/amserver/gateway
# By default the agent checks if the Access Manager AUTH server is
# active before performing the login.
# This check can be ignored by setting the following property to true.
# In this case the first server indicated in the loginURL property will
# be selected, wether it is active or not.
com.sun.am.ignore_server_check = false
# Name of the file to use for logging messages.
com.sun.am.logFile = D:/Apache/sun/Identity_Server/Agents/2.1/debug/apache_8080/amAgent
# Name of the Sun [TM] ONE Identity Server log file to use for
# logging messages to Sun [TM] ONE Identity Server.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Sun [TM] ONE Identity Server.
com.sun.am.serverLogFile = amAuthLog.exchange.hzliqun.com.8080
# Set the logging level for the specified logging categories.
# The format of the values is
#     <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
#     0     Disable logging from specified module*
#     1     Log error messages
#     2     Log warning and error messages
#     3     Log info, warning, and error messages
#     4     Log debug, info, warning, and error messages
#     5     Like level 4, but with even more debugging messages
# 128     log url access to log file on IS server.
# 256     log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.logLevels = all:5
# The org, username and password for Agent to login to IS.
#com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.username = amAdmin
com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslCertDir = D:/Apache/sun/Identity_Server/Agents/2.1/apache/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certDbPrefix =
# Should agent trust all server certificates when Sun [TM] ONE Identity Server
# is running SSL?
# Possible values are true or false.
com.sun.am.trustServerCerts = true
# Should the policy SDK use the Sun [TM] ONE Identity Server notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notificationEnabled = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notificationURL = http://exchange.hzliqun.com:8080/amagent/UpdateAgentCacheServlet?shortcircuit=false
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.urlComparison.caseIgnore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.cacheEntryLifeTime=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the identity server. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userIdParam=UserToken
# HTTP Header attributes mode
# String attribute mode to specify if additional policy response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional policy attributes will be introduced.
# HEADER - additional policy attributes will be introduced into HTTP header.
# COOKIE - additional policy attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.am.ldapattribute.mode=NONE
# The policy attributes to be added to the HTTP header. The specification is
# of the format ldap_attribute_name|http_header_name[,...]. ldap_attribute_name
# is the attribute in data store to be fetched and http_header_name
# is the name of the header to which the value needs to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.am.headerAttributes=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.ias_SLB_cookie_name = GX_jst
# indicate where a load balancer is used for Sun [TM] ONE Identity Server
# services.
# true | false
com.sun.am.loadBalancer_enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.version=2.1
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.logAccessType = LOG_DENY
# Agent prefix
com.sun.am.policy.agents.agenturiprefix = http://exchange.hzliqun.com:8080/amagent
# Locale setting.
com.sun.am.policy.agents.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.instanceName = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.do_sso_only = false
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.accessDeniedURL =
# This property allows the user to configure the URL Redirect parameter
# for different auth modules. By default this parameter is set to "goto"
com.sun.am.policy.agents.urlRedirectParam=goto
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.fqdnMap
com.sun.am.policy.agents.fqdnDefault = exchange.hzliqun.com
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.fqdnMap = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Identity Server policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdnMap = valid|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.fqdnMap =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Identity Server for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.cookie_reset_enabled=true
com.sun.am.policy.agents.cookie_reset_enabled=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Identity Server.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.cookie_reset_list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.cookie_reset_list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.cookieDomainList=.sun.com .iplanet.com
com.sun.am.policy.agents.cookieDomainList=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.unauthenticatedUser=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.anonRemoteUserEnabled=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
# com.sun.am.policy.agents.notenforcedList = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.reverse_the_meaning_of_notenforcedList = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.notenforced_client_IP_address_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.is_postdatapreserve_enabled = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.postcacheentrylifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.cdsso-enabled=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.cdcservletURL = http://sunam1.hzliqun.com:80/amserver/cdcservlet
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.client_ip_validation_enable = false
# Whether to decode the session cookie before sending it to IS.
# Set to true if the cookie value is URL encoded, false otherwise.
# For example, cookie values from browsers are URL encoded, and
# some containers always returns the cookie URL encoded.
com.sun.am.cookieEncoded = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.am.ldapattribute.cookiePrefix = HTTP_
com.sun.am.policy.am.ldapattribute.cookieMaxAge = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.logout.url=
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.logout.cookie_reset_list =
# Below property is reserved for future use. Please do not change the value.
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Identity Server.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetchFromRootResource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.getClientHostname = true
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.convertMbyteEnabled = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.overrideProtocol =
com.sun.am.policy.agents.overrideHost =
com.sun.am.policy.agents.overridePort =
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is t

if you can add more details in your question, that'll be better.
in my case, i initially had pix515e with v6.1 on it, and cannot get a dialtone because my sip phone (ata186) is not registered on my proxy. but when i changed my pix to v6.2, it worked just fine. i didn't put any access-list though, as fixup does it for me already.

Distributed application: Networked Shared Variables, Named Services (Raw TCP/IP) or Other?

Happy New Year NI forums!
I am working on a project involving mobile interacting robots. In the future it is likely the application's components may need to run on different PCs (Targets). Note: at this point in time all the components are seperate but all running on the localhost machine. Thinking towards the future I want to pick the 'best' architecture to allow all these components (VIs performing various functions) in multiple locations. For example, several VIs on the Robots, VIs on serveral PCs.
I am currently aware of using Server/Client TCP/IP using named services. My mock up works well, but is it time efficient (my time coding) I wonder.. ?
Whereas I am aware of networked shared variables which handle connections and all the parsing for the underlying tcp/ip communication. But will this be difficult the manage? I am unsure if I can associate shared variables with a VI similar to named services. I suppose I could pro grammatically create the variable upon initialization of the server component - and the client could just search the list of avaiaible variables to connect too. Downside this would require DSC module.
As you can see, I am rather unsure. Any advice would be great!
Kind Regards,
James
Kind Regards
James Hillman
Applications Engineer 2008 to 2009 National Instruments UK & Ireland
Loughborough University UK - 2006 to 2011
Remember Kudos those who help!

Hi Jason,
Thanks for your reply. I hope your enjoying NI UK as much as I did.. fun times!
I have seen the link you posted a few times before. But today, I took a better look at it.
My issue is I need several multi-client severs, i.e. many servers which allow multiple clients to connect to them.
Now the STM does have an example of this - STM mutli-client Example - Server.vi (used with the STM mutli-client.vi)
However, when a make copies of these code (to have my second server) - it refuses to run. As in , it just stops itself.
I DID change the port number, on the lister aspect of the server code. But I Am unsure what else I would need to change to get this setup to work?
One thought I had was, the FIFOs all having the same name - this probably isn't a good idea between servers.
Any suggestions would be grateful!
*please could you provide me email support
Kind Regards,
James Hillman
Kind Regards
James Hillman
Applications Engineer 2008 to 2009 National Instruments UK & Ireland
Loughborough University UK - 2006 to 2011
Remember Kudos those who help!

Remote Desktop Management service not starting. service-specific error: %%2284126209 - Event ID: 7024

Hi Forum members,
We have a client that has intermittent issues with RDS on a 2012 R2 server.
As an overview of the environment, the client has a single VMWare host support 2 x Windows 2012 R2 VMs one is the File/Print/Email server and the 2nd is the RDS server used to allow the client to run MYOB Enterprise. Both servers have the AD DS role and
DNS roles amongst others.
The 1st issue is that the RD Connection Broker shows the error: "The server pool does not match the RD Connection Brokers that are in it. and then "1. Cannot connect to any of the specified RD Connection Broker servers".
The above issue seems to be caused by the RDMS service not starting. When you attempt to start it, the service stops and the error in the title is logged in the "System" event log. Full transcript below:
Log Name:      System
Source:        Service Control Manager
Date:          21/01/2015 4:50:32 PM
Event ID:      7024
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      intentionally removed.local
Description:
The Remote Desktop Management service terminated with the following service-specific error: %%2284126209
Event Xml:
<Event xmlns="
<System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7024</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-21T05:50:32.129949400Z" />
    <EventRecordID>53721</EventRecordID>
    <Correlation />
    <Execution ProcessID="568" ThreadID="12436" />
    <Channel>System</Channel>
    <Computer> intentionally removed.local</Computer>
    <Security />
</System>
<EventData>
    <Data Name="param1">Remote Desktop Management</Data>
    <Data Name="param2">%%2284126209</Data>
    <Binary>520044004D0053000000</Binary>
</EventData>
</Event>
In addition in the "Application" event log, the following error is logged:
Log Name:      Application
Source:        MSSQL$MICROSOFT##WID
Date:          21/01/2015 5:24:47 PM
Event ID:      18456
Task Category: Logon
Level:         Information
Keywords:      Classic,Audit Failure
User:          NETWORK SERVICE
Computer:      intentionally removed.local
Description:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Could not find a login matching the name provided. [CLIENT: <named pipe>]
Event Xml:
<Event xmlns="
<System>
    <Provider Name="MSSQL$MICROSOFT##WID" />
    <EventID Qualifiers="49152">18456</EventID>
    <Level>0</Level>
    <Task>4</Task>
    <Keywords>0x90000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-21T06:24:47.000000000Z" />
    <EventRecordID>4228336</EventRecordID>
    <Channel>Application</Channel>
    <Computer>intentionally removed.local</Computer>
    <Security UserID="S-1-5-20" />
</System>
<EventData>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data> Reason: Could not find a login matching the name provided.</Data>
    <Data> [CLIENT: <named pipe>]</Data>
    <Binary>184800000E0000001F00000055004E0047004500520045005200410055005300530056005200300033005C004D004900430052004F0053004F0046005400230023005700490044000000070000006D00610073007400650072000000</Binary>
</EventData>
</Event>
I have been attempting to resolve these errors for some time, without success. I have read the many KBs and forum entries related to the above and applied a number of the suggested fixes, including the one which suggests to add the NT SERVICE\ALL SERVICES
to the "Logon as a Service" in the "User Rights Assignment" of the "Default Domain Policy" which is linked to the domain level, that both servers are objects of.
My question to the forum is, can anyone come up with a solution to resolve the above issues and all the RDMS service to start which will then hopefully resolve the broker error?
Regards,
David West.

Hi David,
If virtual machines on the server are Windows Server 2012, then it is not supported to install Remote Desktop Connection Broker on a Domain Controller.
More information for you:
Remote Desktop Services role cannot co-exist with AD DS role on Windows Server 2012
http://support.microsoft.com/kb/2799605/de
Guidelines for installing the Remote Desktop Session Host role service on a computer running Windows Server 2012 without the Remote Desktop Connection Broker role service
http://support.microsoft.com/kb/2833839
If the VMs are Windows Server 2012 R2, I suggest you install RDS on a separate machine to see if the issue persists.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Error getting the server-side naming service functionality

Hi all,
we are currently setting up the CTS+ activity based transport scenario. Everything seems to be working fine, however, we have to import each transport twice...
Before I go into detail in the error we get I will first describe our landscape. All the configuration we did was done in debate with SAP.
We use the SAP Solution manager (ehp1 SP 4) as the CTS+ server as recommended by SAP and have an NWDI system of which we only use the components DTR and CBS (since CMS is not used anymore in the activity based transport). We have defined three logical ports/RFCs. CTSCONFIG points to the NWDI system. CTSDEPLOY is running on the java stack of the solution manager and is only used for portal content (=epa) transports. CTSDEPLOY_DI is pointing to the NWDI system and is used for all NWDI (=dip) changes. The NWDI is running ehp1 SP3.
In STMS I defined all the non-abap systems (and configured them to use CTSDEPLOY_DI) and created the following transport route:
upload system (IMP) -> DEV -> ACC -> QAS -> PRD
I first attached the used dependencies in a transport request (SAP_BUILDT, EP_BUILDT, etc) these imported just fine. Then I did the SCA files which contain our custom code. I extracted these from the assemble step on our current NWDI system which will be removed as soon as we switch to the new CTS+ environment.
When we import the transport into the runtime systems then we see the DTR and CBS be filled sucesfully for this specific system. However, the transport request itself always fails with errorcode 12 and the error is:
Error during export service registration: Error getting the server-side naming service functionality during getInitialContext opera
tion. com.sap.engine.services.jndi.persistent.exceptions.NamingException: Error getting the server-side naming service functionality during getInitialContext operation.
Error in execution of Web services CTSDEPLOY_DI , exception is cx_cts_file_import_failed
File import canceled
When we then reimport the same transport it will go the second time fine. This is no problem during the setup but will not be workable when we go live ofcourse. Is there anyone who had this issue before as well and have a solution for it?
Kind Regards,
Nico van der Linden...

Hello Nico,
I would need the java trace files to get more info on this issue, but you can start troubleshooting this error with these notes:
#1172252: CTS+, 'attach file': Troubleshooting Guide;
#1003674: Enhancement for non-ABAP systems in CTS;
#1155884: CTS+, configuration 'close coupling': Troubleshooting guide;
Pay special attention to parameter NON_ABAP_WBO_CLIENT, whether it's correctly set on your CTS+ system(s).
Note #1003674 is a must for any CTS+ systems to work properly, as well as having an updated version of the transport programs (tp and R3trans).
Lastly, note #1155884 goes through some JCoException exceptions that commonly take place during CTS+ transports. But again, you need to check the underlying trace files to find the root cause of your issue.
I hope this information helps.
Best regards,
Tomas Black

JApplet communication with CORBA naming service

I have an applet that needs to resolve/bind to object in the CORBA naming service (we are using Orbix2000). The applet is able to establish a socket connection to the host that is running the naming service; however it cannot find the naming service. I have done extensive research on the web (followed the tutorials from the Sun site) and google to no avail. Can anyone shed some light? We have successfully used Orbix2000 with Java apps. This is the first access via an applet.
thanks,
kat
This is the exception I get when running it from NS4.7 browser:
Initializing the ORB CORBA exception: java.lang.NullPointerException java.lang.NullPointerException      at com.iona.corba.art.artimpl.ORBDelegate.resolve_initial_references(ORBDelegate.java:835)      at com.iona.corba.art.artimpl.ORBImpl.resolve_initial_references(ORBImpl.java:203)      at CSGConsole.init(CSGConsole.java:139)      at sun.applet.AppletPanel.run(Unknown Source)      at java.lang.Thread.run(Unknown Source)
This is the applet code snippet
import CLMOperator.*;     // package contains the CORBA client stubs
import org.omg.CosNaming.*;
import org.omg.CosNaming.NamingContextPackage.*;
import org.omg.CORBA.*;
     // Create and initialize the CORBA ORB
System.setProperty("org.omg.CORBA.ORBClass","com.iona.corba.art.artimpl.ORBImpl");
     System.setProperty("org.omg.CORBA.ORBSingletonClass","com.iona.corba.art.artimpl.ORBSingleton");
     String[] args = { "-ORBInitRef", "NameService=corbaloc:iiop:sea03s20.ds.boeing.com:3075/NameService" };
     System.out.println( "Initializing the ORB" );
//      ORB orb = ORB.init(this, args);
     Properties props = new Properties();
     props.put("org.omg.CORBA.ORBInitialHost", "sea03s20.ds.boeing.com");
     props.put("org.omg.CORBA.ORBInitialPort", "3075");
     ORB orb = ORB.init(this, props);
     // Get the root naming context
     org.omg.CORBA.Object objRef = orb.resolve_initial_references("NameService");
     NamingContext ncRef = NamingContextHelper.narrow( objRef );
     // Resolve the object reference in naming
     NameComponent nc = new NameComponent("CLMOperator", "");
     NameComponent path[] = { nc };
     CLMOperator.CLMOper clmOper = CLMOperator.CLMOperHelper.narrow(ncRef.resolve(path));
     // Call the CLMOperator server object and invoke on the method
     clmOper.Notify(1, 'A');
catch(Exception e) {
     System.out.println("CORBA exception: " + e);
     e.printStackTrace(System.out);

Kat:
I ran into a similar problem. I was wondering if it had anything to do with a security policy between the applet and CORBA, i.e., apllet using the NamingService. To test this, I built a another CORBA Java Client (character interface, not applet) and it works fine. The applet must require something else, like setting a security policy. I sent a query off to someone who manages the Java environment. If I get an answer, I'll post it here.
bfin

Lion Server DNS service not working for locally created zones. Caching working fine.

OS Lion Server DNS service not working for local zones. Was fine under Snow leopard server but Lion server upgrade has severely broken my DNS and web sites. Zones look fine under Server Admin but keep getting "query failed (SERVFAIL) for xxxx at /SourceCache/bind9/bind9-42/bind9/bin/named/query.c:3921" in the logs. BTW - Server Admin cant seem to see the log file either.
Surely someone actually tested that DNS still worked on Lion?

I upgraded from Snow Leopard Server to Lion Server on day 01. I hit the same issue where, after the upgrade, my Lion Server stopped serving names for my private local domain.
I finally took a few minutes to figure out what was wrong. After turning on debug logging and looking through the logs, I found my particular issue, now resolved.
The issue I had was, when the domain initially was setup when I installed Snow Leopard Server, for some reason it created a zone just for the server (in my case, something like zone "s-01.mydomain.priv"), and a separate zone for all the other machines (zone "mydomain.priv", containing all the private IPs for my local domain). I never messed with it because it worked, but generally I would have put all of them in the same zone.
My zone "mydomain.priv" had a nameserver and mail exchanger entry for my server, s-01.mydomain.priv. I could see this in the Server Admin app on the DNS bubble, Zones tab, mydomain.priv selected, and the General Info panel. This was fine in Snow Leopard. This was failing the zone load in the updated bind for Lion Server, though. The issue was that the "mydomain.priv" zone was referencing the s-01.mydomain.priv server, which was not defined in the "mydomain.priv" zone but rather in the "s-01.mydomain.priv" zone.
My fix:
1. In Server Admin, add the server to the zone "mydomain.priv". I put an A record (Add Machine) in the "mydomain.priv" zone for my server named s-01.mydomain.priv.
2. shut down DNS on the OS X Lion Server (hit the Stop DNS button on Server Admin).
3. edit /etc/named.conf by hand, removing the specialized zones that contianed just the server. In this case, it would be the section titled 'zone "s-01.mydomain.priv"' and the section titled 'zone "3.10.1.10.in-addr.arpa"'. Your in-addr.arpa zone name will change based on whatever your server IP address was. My internal one happened to have s-01.mydomain.priv mapped to 10.1.10.3.
4. Once the specialized zones for just the server were removed, I started the DNS up again. Instead of serving four zones as it had in OS X Snow Leopard Server, it now servers two zones. And, now, it is resolving my local machines for the mydomain.priv zone.
YMMV. I did note that it wasn't totally necessary to do step 3, but I never really understood the need for the specialized domain, and keeping it around would have a copy of data that would just confuse things.
Hope that helps. That's been the only hiccup I've noticed updating to OS X Lion Server thus far.

DNS Named will not start

Here is my named log file error.
17-Jan-2013 14:43:32.678 general: main: notice: starting BIND 9.3.2 -u named
17-Jan-2013 14:43:32.694 general: dns/db: critical: Failed to load RRs of a zone with error 34826
17-Jan-2013 14:43:32.694 general: dns/hints: warning: Loading Root data from directory Failed
17-Jan-2013 14:43:32.695 general: server: info: loading configuration from '/etc/opt/novell/named/named.conf'
17-Jan-2013 14:43:32.695 config: isccfg/parser: error: none:0: open: /etc/opt/novell/named/named.conf: file not found
17-Jan-2013 14:43:32.698 general: server: critical: loading configuration: file not found
17-Jan-2013 14:43:32.698 general: server: critical: exiting (due to fatal error)
First was having problem CASA credentials but added them. Made sure the other things were running novell-xregd, they were. I found few older posts with the same error talking about the hosts file, checked it, I don't see anything wrong with it...as far as I can tell. Anyone have any suggestions that I could try. Thanks

Originally Posted by admin_pcs
Did all that, ran through all the steps successfully and it still doesn't create that named.conf file. Any other thoughts? Still have the same error message when I try to run it.
You've also tried starting the novell-named service after reconfiguring? Essentially, the named.conf is generated and maintained bij the service... it's not a static config file in that sense.
If the hosts file is as it should be (never hurts to triple check), I'd try removing the DNS pattern (again using the OES Install & Configure), finish that...
Then, after the packages have been removed successfully, restart the OES Install & Configure reinstall the DNS pattern.
I might have missed it in the thread, but which version of OES is this (version + service pack level), and have you checked to make sure the online update repositories are there and functional? (for OES2 post the output of ' rug sl ' , ' rug ca ' & check if ' rug ref ' refreshes the repos without errors - for OES11 post the output of ' zypper sl ' , ' zypper ca ' , and check if ' zypper ref ' refreshes the repos without errors).
Also make sure the server is patched up correctly, to rule out you are not having issues here due to mismatching package versions.
-Willem

Access Manager 6 2005Q1 naming service behind load balancer

Access Manager is running on box A & box B using the Sun Web Server as its front end web server. Box A & B both have a complete install of Sun Web Server, Access Manager, and Directory Server. The Directory servers are set up to replicate changes between each other. Our Policy Agents are running on box C & box D under the Apache web servers.
Users will access applications on box C/D via https. The policy agents on box C/D should redirect the user to box A/B (via a load balancer VIP)for authentication. The redirect will be https. Once authenticated the user should be redirected back to box C/D.
All subsequent communications between the Agents on box C/D to AM on box A/B (via load balancer VIP) are http.
The load balancer VIP is setup in active/failover mode so all requests go to one server. We implemented it this way because our load balancers do not support SSL with cookies.
The data returned to the agent from a call to the naming service contains the host name of our AM hosts instead of the load balancer VIP. Subsequent calls from the agent to AM bypass the load balancer and go directly to one of the AM hosts.
We are looking to upgrade our load balancers to a version that supports cookies with ssl in order to take advantage of the second AM host.
How do we configure AM so the values returned by the naming service contain the load balancer VIP instead of the actual AM host names?

Bernhard,
We have upgraded our Web PA to version 2.1-09. One of your previous replies stated the com.iplanet.am.naming.ignoreNamingservice property was not availalbe in the PA agent properties but only in the Java SKD. Indeed we do not see such a key in the new Web PA AMAgent.properties.
Can you please explain how to configure the AMAgent.properties and/or the Access Manager server (or properties) so that subsequent calls to the services (returned by the call to the naming service) get directed thru the load balancer? Below are the setting in our AMAgent and AMConfig properties files
AMAgent.properties
com.sun.am.namingURL = https://lb-mydomain.com:443/amserver/namingservice
com.sun.am.policy.am.loginURL = https://lb-mydomain.com:443/amserver/UI/Login
AMConfig.properties
com.iplanet.am.server.protocol=https
com.iplanet.am.server.host=am.mydomain.com
com.iplanet.am.server.port=443
com.iplanet.am.console.protocol=https
com.iplanet.am.console.host=lb-mydomain.com
com.iplanet.am.console.port=443
com.iplanet.am.profile.host=lb-mydomain.com
com.iplanet.am.profile.port=443
com.iplanet.am.naming.url=https://lb-mydomain.com:443/amserver/namingservice
com.iplanet.am.notification.url=https://lb-mydomain.com:443/amserver/notifica
tionservice
If we set com.iplanet.am.server.host=lb-mydomain.com we get an exception when trying to start the AM web container. I don't know if this may be partof our issue or not. Please comment.
Thanks,
Craig

How to Connect to the Visibroker Naming Service using the Servlet

Hi
I am facing Problem in finding the Initial JNDI Context.
It is giving me ClassCastException.
In our Application the Tomcat is Integrated with One of the Partitions. And the EJB' are registered on Visibroker Naming Service (on the same machine).
I want to Access one of the EJB's.
Following is my Client Code in the Servlet.
==============================================================================
public void doPost(HttpServletRequest request, HttpServletResponse res)
throws IOException, ServletException
res.setContentType("text/html");
PrintWriter pw = res.getWriter();
pw.println("<html>");
try{
Enumeration e= super.getInitParameterNames();
while(e.hasMoreElements())
String paramName= (String)super.getInitParameterNames().nextElement();
String paramValue=super.getInitParameter(paramName);
pw.println("paramName="+paramName);
Context ic;
java.util.Properties props = new java.util.Properties();
props.putContext.INITIAL_CONTEXT_FACTORY, "com.inprise.j2ee.jndi.CtxFactory");
props.put(Context.URL_PKG_PREFIXES, "com.inprise.j2ee.jndi");
ic = new InitialContext();
pw.println("Initial Context"+ ic);
========================================================================
And I am getting following Error while getting the Inital Context.
============================
ERROR - javax.naming.NoInitialContextException: Cannot instantiate class: com.inprise.j2ee.jndi.CtxFactory [Root exception is java.lang.ClassCastException]
2006-09-30 05:16:27,461 ERROR - at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
2006-09-30 05:16:27,461 ERROR - at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
2006-09-30 05:16:27,461 ERROR - at javax.naming.InitialContext.init(Unknown Source)
2006-09-30 05:16:27,461 ERROR - at javax.naming.InitialContext.<init>(Unknown Source)
2006-09-30 05:16:27,461 ERROR - at com.lucent.omcran.servlet.OmcRanTpuGuiReDirectServlet.doPost(OmcRanTpuGuiReDirectServlet.java:56)
2006-09-30 05:16:27,461 ERROR - at com.lucent.omcran.servlet.OmcRanTpuGuiReDirectServlet.doGet(OmcRanTpuGuiReDirectServlet.java:33)
2006-09-30 05:16:27,461 ERROR - at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
2006-09-30 05:16:27,461 ERROR - at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
2006-09-30 05:16:27,461 ERROR - at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:248)
2006-09-30 05:16:27,461 ERROR -
===========================================
Below are the Parameters that I use to Start my Partition
=============================================================================
-Diems.locator.localzonetype=presentation -Diems.arm.context=presentation -XX:+DisableExplicitGC= -XX:+UseCMSInitiatingOccupancyOnly= -DAPPNAME=appl1 -DContextId=1 -DCOMMONPATH=/omcsw/common -DIEMSPATH=/omcsw/28.0.1.22.00 -Djava.util.prefs.PreferencesFactory=com.lucent.iems.platform.util.prefs.spi.IEMSPreferencesFactory -Dcom.lucent.iems.prefs.PrefsDirectory=/omcsw/28.0.1.22.00/data/registry -Dorg.omg.CORBA.ORBClass=com.inprise.vbroker.orb.ORB -Dorg.omg.CORBA.ORBSingletonClass=com.inprise.vbroker.orb.ORBSingleton -Djavax.rmi.CORBA.StubClass=com.inprise.vbroker.rmi.CORBA.StubImpl -Djavax.rmi.CORBA.PortableRemoteObjectClass=com.inprise.vbroker.rmi.CORBA.PortableRemoteObjectImpl -Djavax.rmi.CORBA.UtilClass=com.inprise.vbroker.rmi.CORBA.UtilImpl -Diems.arm.factory=com.lucent.iems.platform.util.arm.impl1.ARMFactoryImpl1 -Dcom.lucent.iems.platform.util.intfc.maxnumofobjects=25 -DGUMDBPOOLNAME=GUMdb -Dvbroker.orb.enableKeyId=false
==============================================
Does Any one have Idea what is going wrong..
Ankit

You can check whether any cookies were sent in the request to your servlet:
Cookie cookies[] = request.getCookies();
if cookies is not null (cookies != null) then the browser sending you the request suppoerts cookies.
If it is null then you would need to do a little extra work. Basically add a cookie to the response going back to the browser. Then send a redirect back to this same servlet. You then would have to add code to check to see whether the cookie was sent back.
// Servlet named myServlet
String test = request.getParameter("TEST");
Cookie cookies[] = request.getCookies();
if (test == null || !test.equals("TRUE")
if (cookies == null)
response.addCookie("testCookies","testCookies");
response.sendRedirect("myServlet?TEST=TRUE");
else
// cookies were sent in the initial request, so
// browser supports cookies
else
// This is the redirect. Check the for the presence of
// our testCookie
Hope this helps.

Naming Service not availabe

Similar Messages

Maybe you are looking for