Network Client-login Issues...

I have DNS running and tested successfully and Open Directory set up. However, I'm having troubles logging into a client computer from the user workgroup.
My first issue I encountered was with Directory Utility on the client machine. It wouldn't recognize my DNS to add it as a directory server. Let's say its called 'ns1.mydomain.com' ... I get 'no response from server' error. To get around this I used the IP address and it went through.
I then bound the client computer to the directory server. Then, set the login access from the server and set the client computer to allow network login.
When I start up the client computer I can see all of the users from the workgroup directory. But, when I click the name and enter the password, I get an error that the login-name or password is invalid. I am using the correct password and if they username didn't exist, it would show in the login screen.
Am I missing a step or has anyone else had this problem?
Thanks!!

Hi Corey
Client machines would need to use the Server as their DNS Server if you want to use the Server's FQDN to join clients to the Server in Directory Utility. I would not use authenticated binding either, at the point where you get presented with fields for user name and passwords etc, don't fill these in. Simply leave the client's bonjour name in the first field and progress past that point.
I'm assuming you created a Computer List (try not to use the default ones) and added the client computers to that list using their MAC addresses?
Next have you shared the sharepoint you are using for Home Folder Creation (the default one is Users) as well as enabling it for automounting home folders? Finally have you created home folders for users in the LDAP node?
If everything else checks out yet users are still failing to authenticate it could be down to a time sync issue? Kerberos tickets are timestamped and if server and client are out by 5 minutes it could explain the invalid log in problem. You could scrub the setting in Directory Utility and try again? But this time have /Library/Preferences open and see if the edu.mit.Kerberos file gets created. Inspect this file and verify that the details are correct for your KDC. Alternatively you could have the Kerberos application open (/System/Library/CoreServices) and see if the client picks up a day ticket.
Tony

Similar Messages

10.2.8 client login issues with 10.3.9 server

Hi we have just updated our computer lab to 10.2.8 client computers and a 10.3.9 server but I am having issues with the client computer loging into the server I am using LDAPv3 and when I try to have a user login to the server from the client at the login screen I get the login window shake.I can login fine from a 10.3.9 client computer.Any advice would be appreciated.Thanks in advance

Check your 10.2.8 machines Directory Access and make sure LdapV2 is not checked and also that Ldap V3 is checked and configured correctly. I found that if I had both Ldapv2 and v3 on my 10.2.8 clients could not log in. 10.3 clients only have the option for Ldap V3, so it is not an issue.

Mac OSX Lion Server Network User Login Issue

We have in the office a server running Mac OSX Lion, and several network users who've all been running happily for quite a will.
About a month ago I was added to the system, and initially we had a few issues relating to the home directory, but we changed 'something' and it all worked.
Fast forward to now, and we've added a new user - Hannah - to our system.
I've added her in the Workgroup Manager, and set her up everywhere I can find on the server. Her home directory creates on the server fine.
She appears in the Logon list on the client machines, and here's where the trouble starts...
Every time she tries to log on, it fails. The logon box just bounces or wobbles as though the password is incorrect. We've tried changing the password, to no avail. We've tried adding new test users - same problem.
We've tried sudo kinet on the Terminal as a local user, with variable results.
I'm at my wits end, and really hoping someone here can help offer some suggestions or advice we can work through to get to the bottom of this.
Thanks in advance!

Your problems are likely occurring because you added her to the directory with Workgroup Manager.
You should really start avoiding WGM when at all possible as Apple is clearly moving away from it. Because of this, things don't always work as expected when using 'legacy' tools like WGM.
My guess as to what your problem is: When you create a new user in Server.app, two things happen for you automatically that WILL NOT HAPPEN if done from WGM.
First the user is added to the default "Workgroup" group.
More importantly (and the source of much confusion), the user is automatically added to SACLs.
Check the SACL for the user in Server.app, I bet you'll notice that they aren't a member of the File Sharing group like they should be. To solve this problem, you can either delete the user and recreate them in Server.app, or manually add them to the appropriate SACL.
I would opt for recreating them in Server.app if I were you, as I don't trust user accounts that originate in WGM on Lion Server.

Premiere network account login issues

We currently are running CS5 and having issues logging anyone in other than Admin. Is anyone else having issues looging in and dtarting Premiere with network accounts? Better yet has any found a fix if this is a common problem?

Yes, BOTH are common problems
Premiere is designed to require ALL of a computer's resources... which means running with an Admin account
Premiere is NOT designed to run on a network
Win Server is NOT supported http://forums.adobe.com/thread/851602
Not in a Network environment http://forums.adobe.com/thread/771151
-and not on a "domain" http://forums.adobe.com/thread/858977

BO4 Crystal Client Login Issues

Hi Experts,
We have recently installed BO4.0 and are using Crystal CE / 2011, and the installation went smooth [both for client and server]. What happens is when we connect to our BO server for development purpose using Crystal Client Application it gives us the error as
"SAP Business Objects Enterprise Cannot log you on now, pls try later"
Regards,
Ankeet Pujara

Hi Denis,
This is happening on the client machine... before we start development!!!
Regards,
Ankeet Pujara

QuickVPN client login issues

Hello,
I am using a RV180W router and using QuickVPN client ver 1.4.2.1 for remote access. Both the client and server are Window7.
I have create 4 users in the router. I can connect using one user logon but when I logout and try to connect with a different user it fails to connect.
Some times to user that initially connects will fail the next time a connection is tried.
Any ideas>>>>>
Thanks
Richard

Hello Richard,
Can you share what is noted in the logs of QuickVPN for the failed connection. You will find the log.txt file in Quick VPN folder.
Regards,
Kremena

Client login issue

After shutting down and restarting an emac in a classroom, I have to reenter the user/password to connect to the server in the lab again even though the keychain box was originally and still is checked. What's wrong here?
Thanks,
Mark

Perhaps the password that is saved in the keychain is not the correct password anymore. This can happen when you have a password policy that requires changing passwords periodically. Keychain can remember a password, but when you change your password, the leychain entry won't be updated to match.
I tell my users to not put their network passwords in keychain. That avoids this problem. Also, if your server is configured using Kerberos, they shouldn't need to enter a password to connect to every share.

OD client login troubleshooting

I need ideas for troubleshooting a client login issue. Client can login using local accounts and connect to the server using AFP. Client "appears" to be bound to the OD in Directory Access (I get no error message), however running "id testuser" returns, user not found. So, it clearly doesn't see the OD records. "host myserver" on the client, returns the correct DNS info fwd and backward.
I have tried deleting the LDAP record on the client and entering again. It is unable to unbind when I delete the entry, which may be a clue.
I am not sure what to try next?

Hi Philip
When you launch Directory Access from the client is Add DHCP-supplied LDAP servers to automatic search policies ticked? If it is untick it. Delete the existing entry if there is one and add a new one. This time key in the fqdn rather than the IP address. You should see a fairly quick bind process (approx no more than 4-7 seconds). After you have okayed that make sure that the server details are in the Authentication and Contacts part of Directory Access. Now log out and log in as the testuser. What happens now?
Please note: Although it has been mentioned many times in this forum as well as others, fqdn = fully qualified domain name. I know you probably know what it is but to recap an fqdn follows this form: servername.domainname.sch.uk. An fqdn does not have to be a real world domain name, it just has to follow that convention. It is not a good idea to use .local or .internal or .home. I’ve seen some installations where they have used this (strangely Windows AD environments) and it can and does work . . . initially. However major problems eventually start to surface and the only effective cure is a server rebuild. If the DNS is not right then it all goes south very quickly.
One more thing which is often overlooked. Avoid Client Admin accounts having the same name as the Server Admin account.
HTH

Client login to OS/X server doesn't work after upgrade to 10.9.3

I have been running a Mountian Lion Server with open directory to handle several Mac's at home. After upgrading from 10.8.x to 10.9.3 a few days ago login from the client computer with 10.9.3 does't work. If I turn off Wi-fi, login works, and I can access everything after re-enabling wi-fi.
Works with client computer and 10.9.2. It also works with login to wiki on this server, using safari from my computer.
/Casi

I have several network user set up on a server computer. This computer, macMini, is running 10.9.3 and the latent version of OS/X server.
When logging in on a MacBook PRO with 10.9.3, and the computer is on the same network as the server, wi-fi or Ethernet cable, i'm not granted access to the network accounts. The screem-shot above is from the server log.
When not connected to the local network does login work.
Same issue with two network accounts. But, when trying a MacBook Air with 10.9.2 is it working with both these networks accounts.
If disable wi-fi, login and then enable wi-fi can I access all resources on the server as shared disks and replicate home directories. Same procedure works with the 10base6 Ethernet cable, i.e. Pull out the contact, login, put in in the contact.

Wan & login issues ?

Running 6 Netware 4.2 servers, Windows Xp/Nwclient 4.9 SP2 and a few
Windows NT4/Nwclient 4.30/ Zen 1.1 Starter pack. We use Workstation
Manager and DLU. Users launch Naldesk on Windows XP and Nalexpld on
Windows nt4. Both are called from the login script and launched from the
server. We have one ROOT partition, and all the servers have a RW replica
of this partition. Although not an ideal design, this all has worked
flawlessly for years.
This weekend we moved part of our network to another building and
therefore now have a WAN IPX environment. We don't have any users at the
new location yet. Some users at our original location are now having login
issues - they get the " red N" icon like its trying to login but nothing
ever happens - there's no error message and they don't get logged in. I
let one user/workstation stay like this overnight and still nothing!
Where can I look to troubleshoot this? I can't find any error logs and
can't find any consistencies between the incidences & resolutions. It
seems a number of reboots / or reselecting the Tree/ Context / Sever in
the Advanced tab SOMETIMES helps. I saw a tid / post about settings in the
client if you are running Zen across a wan...do I need to do this (bad
address cache, server name cache, etc) We aren't really running Zen across
the wan though - users load nal/nalexpld from the server in their
location, not a server across the wan.
I know IPX across a wan is not good, but we are only running NW 4.2 so we
don't have a choice. I have the client properties set up to default to the
server in the user's location rather than across the wan, and to load NAL
from a server in their location rather than across the wan.
Thanks

Try posting in the Client Forums.
ZENworks has no role in user authentication with ZFD3.x
Automatic reply wrote:
> Susan,
>
> It appears that in the past few days you have not received a response to your
> posting. That concerns us, and has triggered this automated reply.
>
> Has your problem been resolved? If not, you might try one of the following options:
>
> - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
> - Check all of the other support tools and options available at
> http://support.novell.com.
> - You could also try posting your message again. Make sure it is posted in the
> correct newsgroup. (http://support.novell.com/forums)
>
> Be sure to read the forum FAQ about what to expect in the way of responses:
> http://support.novell.com/forums/faq_general.html
>
> If this is a reply to a duplicate posting, please ignore and accept our apologies
> and rest assured we will issue a stern reprimand to our posting bot.
>
> Good luck!
>
> Your Novell Product Support Forums Team
> http://support.novell.com/forums/
>
>
Craig Wilson
Novell Product Support Forum Sysop
Master CNE, MCSE 2003, CCN

Lync 2013 login issue

we are facing an issue with Lync 2013, while trying to login. it says DNS error.. But here we have not hosted any DNS server or Domain server in our environment, the Lync we are using is provided by our client. Adding, facing the same login issue with my
home pc too. Kindly assist.
Error:
" Lync couldnt find a Lync server for XXXXXX. there might be an issue with the DNS configuration for your domain. Please contact your support team.
Thanks
Sugadev K

You must have external DNS which is published to allow External users log in to lync from home.
For all clients except for the Lync Windows Store app During DNS lookup, SRV records are queried and returned to the client in the following order:
lyncdiscoverinternal.<domain>   A (host) record for the Autodiscover service on the internal Web services
lyncdiscover.<domain>   A (host) record for the Autodiscover service on the external Web services
_sipinternaltls._tcp.<domain>   SRV (service locator) record for internal TLS connections
_sipinternal._tcp.<domain>   SRV (service locator) record for internal TCP connections (performed only if TCP is allowed)
_sip._tls.<domain>   SRV (service locator) record for external TLS connections
sipinternal.<domain>   A (host) record for the Front End pool or Director, resolvable only on the internal network
sip.<domain>   A (host) record for the Front End pool or Director on the internal network, or the Access Edge service when the client is external
sipexternal.<domain>   A (host) record for the Access Edge service when the client is external
Verify that you configure DNS correctly as exist in below link
http://technet.microsoft.com/en-us/library/gg398758.aspx
http://expertslab.wordpress.com/2014/04/09/internal-and-external-dns-for-lync-and-phone-edition-devices/
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical | Twitter:
Mai Ali

Network clients can't log in some days...

but can on others!
Since upgrading to Mavericks and Server 3 I have an issue with local network clients not being able to log in to their accounts some days but can on others (yesterday was fine, today a problem again).
It seems that quite a few people are experiencing similar issues but I can't find a solution I am confident to try out or that replicates my situation.
Before you tart throwing techincal advice at me, I am not a networking expert nor a Mac genius, so please make your explanations clear and simple. Thank you.
I have tried rebooting the server and clients, no success (today - although three days ago that did work);
I have 'unbound' and re bound the clients (which worked four days ago, but not today - they are still showing green light);
I have verified the disk permissions on the server (there were a few errors all bar one are corrected).
Any other (simple) suggestions? Even if it is just things to check and to post more info here to help diagose the problem.
Many thanks in advacne.

I'll try to keep this simple, but network troubleshooting sometimes... isn't.   This reply will also probably get a little wordy.
There are three parts here...
First, ask the server about its own local network and DNS configuration.   Functional networking and proper local DNS being fundamental to how servers work, and how servers can authenticate with your remote clients. To do this, launch Terminal.app from Applications > Utilities and issue the following harmless, non-destructive, diagnostic command — this command will spot most of the issues that can arise with local networking and local DNS:
sudo changeip -checkhostname
The sudo will require entry of an administrative password. There may be a one-time warning displayed about the perils of using sudo. The command will then display some local network configuration output (including the IP address of the server), and finally an indication that either no changes are needed, or that there are network or configuration or DNS errors.   If changes are required, post the output. (If you want or need to obfuscate, please do so consistently here, and please switch the domain part of your host names to "example.com", "example.net" or "example.org".)
Second... On the client systems, launch System Preferences via  > System Preferences..., select Network, select the network connection (WiFi or Ethernet, most likely) that you are using, then select Advanced..., then select DNS, then confirm that the clients are referencing only the IP address of your local OS X Server or whatever DNS server you are using on your local network, and that your client systems are not referencing any ISP DNS servers, Google DNS servers, nor any other DNS servers that are not on your local network.
Third... Please also describe your network configuration in just a little detail.   For instance: are you using an all-wired Ethernet network, or are you using WiFi, or some combination of WiFi and wired networking?   Are you using a firewall? Any network switches? Do you have more than one switch?
If you are using WiFi for your connections, are you located in an area where there may be nearby WiFi networks?

VPN Problem: Can't route to other network clients

Hi,
I can't ping the other clients on the network when I'm connected to VPN from outside.
But accessing internet trough VPN works. (Sending all data through VPN).
So in fact, I can only ping the VPN server I'm connected to.
Maybe someone here has an idea what I'm doing wrong here.
Here is my setup:
internet
I
I
Airport Extreme (internal IP 192.168.3.1, Router with NAT Port forwarding to 192.168.3.3)
I
I
Switch----macMini (192.168.3.3, OS X Server 10.4.10 with VPN, DHCP, DNS, NAT enabled)
l
l
Other Clients on the Network (Clients have DNS entry 192.168.3.3 192.168.3.1, Router is 192.168.3.1)
The services DHCP, DNS working well for internal clients.
Has someone an idea?
Thanks a lot.
Alex
Message was edited by: Syndrome

First, ping is ICMP traffic, different from other kinds of (eg, TCP) traffic like AFP.
See http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/productstechnote09186a00800a6057.shtml
traceroute also uses some ICMP traffic but might also be using UDP, see
http://en.wikipedia.org/wiki/Traceroute
http://www.linuxplanet.com/linuxplanet/tutorials/6524/1/
However, in testing, I can indeed ping the server, when I connect to a remote Mac OS X Server via the Mac OS X supplied vpn. But there is no AP Extreme in the path. So the two big factors are: limitations and/or configuration of the AP, and firewall settings for each/any machine involved.
The Airport Extreme is really quite limited, compared to any more full-featured routing device - in terms of just how granular you can be with controlling traffic flow.
(As a total aside, I'd recommend investing in something like a Zyxel Zywall 2 Plus (or similar or better) and running the AP in bridge mode for wireless clients.)
When you've connected via VPN, please run
netstat -rn to see what your default gateway is, that's actually being used.
Finally, what led you to try these tests ? What other problems are you having, what primary issue(s) are you trying to solve ?

Login issue in OIM11g due to oim credsmap error

We have OIM 11gR2PS1 installed on unix box. We have AD connector 11.1.1.5.0 installed on it .Also,peoplesoft recon connector PSFT_ER-11.1.1.5.0 is installed
In our scenario,we have webservice code in which using recon event we are creating users in OIM environment
This is hosted on same OIM server unix box.Inside webservice code we have refred oimclient.jar file to work with OIM APIs and Recon Service class.
When i tested webservice for first time it was unable to load OIM API classes as it was unable to find oimclient.jar in classpath.
So to resolve this issue i kept oimclient.jar in location- "WL_HOME/server/lib/" and also added following entry in setDomainEnv.sh to load oimclient.jar explicitly in classpath
CLASSPATH="WL_HOME/server/lib/oimclient.jar:${CLASSPATH}"
export CLASSPATH
and made entry in system-jazn-data.xml present in DOMAIN_HOME//config/fmwconfig/ as :
<grant>
            <grantee>
                <codesource>
                    <url>file:${domain.home}/servers/oim_server1/stage/*</url>
                </codesource>
            </grantee>
            <permissions>
   <permission>
               <class>oracle.security.jps.service.credstore.CredentialAccessPermission</class>
                     <name>context=SYSTEM,mapName=oim,keyName=*</name>
                     <actions>read,write</actions>
    </permission>
            </permissions>
        </grant>
After this change, webservice was working as expected and OIM related things were working fine.
But,when we tried to run schedule task "Active Directory Group Lookup Recon" for AD, we are getting error message as :
java.lang.LinkageError: loader constraint violation: loader (instance of com/thortech/xl/dataobj/tcADPClassLoader) previously initiated loading for a different type with name "com/thortech/xl/dataaccess/tcDataProvider"
So,to resolve this AD schedule task issue,we rolled back changes made for webservice in setDomainEnv.sh and system-jazn-data.xml file
and removed explicit classpath entry line of oimclient.jar from setDomainEnv.sh
But after restrating all admin and managed servers,we are currently facing issue in logging into OIM idenity/syadmin or design console with xelsyadm credentials
we have never made any changes of password for xelsyadm account or not made any change in any authenticatorproviders in weblogic console
we tried everything form reverting all changes to original setup without webservice or peoplesoft listener implementation
removed all explicit classpath entries or grant entry for oim credsmap from system-jazn-data.xml.
But still same issue persists
Any helpful suggestion is appreciated on this ASAP.
issue logs are:
TaskFlow Registration: TaskFlowDeployerThread.registerTaskFlowWithTask - Error while setting task display, this can happen with app loading issue, trying to load for 2
<Nov 11, 2013 11:24:20 PM EST> <Warning> <oracle.soa.services.workflow.worklist> <BEA-000000> <<.> Error while setting task display, this can happen with app loading issue, trying to load for 2>
<Nov 11, 2013 11:24:24 PM EST> <Error> <XELLERATE.ACCOUNTMANAGEMENT> <BEA-000000> <Class/Method: tcDefaultDBEncryptionImpl/initKeyStore encounter some problems: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=.xldatabasekey" "read")
java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=.xldatabasekey" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:643)
at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.containsCredential(LdapCredentialStore.java:214)
at oracle.iam.platform.utils.config.OIMPrivilegedExceptionAction.run(CSFCredentialProvider.java:236)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.iam.platform.utils.config.CSFCredentialProvider.getPassword(CSFCredentialProvider.java:79)
at oracle.iam.platform.utils.config.standalone.StandAloneCryptoConfig.getPassword(StandAloneCryptoConfig.java:76)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.initKeyStore(tcDefaultDBEncryptionImpl.java:67)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.getCipher(tcDefaultDBEncryptionImpl.java:96)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.encrypt(tcDefaultDBEncryptionImpl.java:193)
at com.thortech.xl.crypto.tcCryptoUtil.encrypt(tcCryptoUtil.java:118)
at com.thortech.xl.crypto.tcCryptoUtil.encrypt(tcCryptoUtil.java:275)
at oracle.iam.platform.auth.impl.Authenticator.encrypt(Authenticator.java:188)
at oracle.iam.platform.auth.impl.Authenticator.authenticateWithPassword(Authenticator.java:161)
at oracle.iam.platform.auth.impl.Authenticator.authenticate(Authenticator.java:134)
at oracle.iam.platform.auth.providers.wls.OIMAuthLoginModule.login(OIMAuthLoginModule.java:46)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.GeneratedMethodAccessor951.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.GeneratedMethodAccessor961.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at com.sun.proxy.$Proxy16.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at com.sun.proxy.$Proxy34.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:338)
at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:252)
at weblogic.servlet.security.ServletAuthentication.login(ServletAuthentication.java:466)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at oracle.idm.common.login.SignInBean.handleWeblogicAuthn(SignInBean.java:131)
at oracle.idm.common.login.SignInBean.doLogin(SignInBean.java:97)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.el.parser.AstValue.invoke(AstValue.java:187)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297)
at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53)
at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1256)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
<Nov 11, 2013 11:24:24 PM EST> <Error> <OIM Authenticator> <BEA-000000> <Error encrypting password>
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at oracle.idm.common.login.SignInBean.handleWeblogicAuthn(SignInBean.java:131)
at oracle.idm.common.login.SignInBean.doLogin(SignInBean.java:97)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.el.parser.AstValue.invoke(AstValue.java:187)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.GeneratedMethodAccessor951.invoke(Unknown Source)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at com.sun.proxy.$Proxy34.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:338)
at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:252)
at weblogic.servlet.security.ServletAuthentication.login(ServletAuthentication.java:466)
... 72 more

Hi All,
I have tried out option of adding authwl.conf in java argument as mentioned. But,still same issue persists. I think it will be same whether we refer authwl.conf file from OIM_ORACLE_HOME/server/config or OIM_ORACLE_HOME/designconsole/config/ location.
We havent made any changes in USR table for xelsysadm user
Even system-jazn-data.xml is intact.
Actually,when i removed following classpath entry from setDomainEnv.sh file
CLASSPATH="WL_HOME/server/lib/oimclient.jar:${CLASSPATH}"
export CLASSPATH
Its working fine and i am not facing any login issue in OIM console.Also the Active Directory connector scheduled task are running fine without giving earlier error whic is becaus of explicit classpath addition in setDomainEnv.sh.This error was
java.lang.LinkageError: loader constraint violation: loader (instance of com/thortech/xl/dataobj/tcADPClassLoader) previously initiated loading for a different type with name "com/thortech/xl/dataaccess/tcDataProvider" .
This error was arising since i have explicitly mentioned oimclient.jar again in classpath and as OIM server also will load it at OIM server startup time. So it was finding two instance of tcDataProvider and was not able to decide to refer to which one of them.
But, I have to refer oimclient.jar in my webservice code to work.If we dont add classpath entry explicitly for oimclient.jar then it will throw error..that it is unable to load OIMClient class.
Webservice is deployed in OIM serveer . Is there any other way by which i can refer oimclient class in webservice code without causing this classpath conflict issue. ?
Also.is it correctthat for first time when we load Classpath explicitly like i did in my scenario,then it will always try to refer same classpath for that jar always.
For ex: in my env i made changes in setDomainEnv.sh and modifed classpath enrty as :
CLASSPATH="${OIM_ORACLE_HOME}/server/client/oimclient.jar:${CLASSPATH}"
export CLASSPATH
but this time it will start throwin the exception as :
<Nov 11, 2013 11:24:24 PM EST> <Error> <XELLERATE.ACCOUNTMANAGEMENT> <BEA-000000> <Class/Method: tcDefaultDBEncryptionImpl/initKeyStore encounter some problems: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=.xldatabasekey" "read")
java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=.xldatabasekey" "read")
Do i need to reinstall OIM setup to resolve this issue or is there any other way to refer oimclient.jar in my webservice code deployed in OIM env ?
Please suggest.
Thanks,
RPB

Worksapce login issue

Hi
I have installed Hyperion, and i think all is ok. All services are running.
My Hyperion is installed in:
Windows 2003 SP2
Oracle 11g
But when I run EPM System diagnostic I get a problem with login in the Workspace service/login.
This is the message that I get:
FAILED SSO Availability of login http://norhyperion:45000/workspace/browse/configInfo
Error: Could not login to workspace
Recommended Action: Check if all services run. Check user name and password
If I try to login to workspace in the page http://norhyperion:45000/workspace/browse/configInfo, I cannot login with the user(admin/password).
I try to login in the shared services page with this user, and all is working.
Any ideas what went wrong in my installation?
Thank You
NomrHyperion

Hi Norm,
This what I did when I had this issue.
First check if process manager and Workspace Agents are running. If you cant start process manager, or workspace agents, try to check the Listener and Oracle DB(if you are using Oracle) services if are running, if not started. If you still cant run the services, or have login issue, then you must reconfigure the Workspace and
Run EPM System Configurator
First reconfigure:
Hyperion Foundation
- Common Settings
- Configure Database
- Deploy Application Server
When this reconfiguration finish, run EPM System Configurator again, and reconfigure the rest of Workspace and Management Architect.
In my case I reconfigure:
Calculation Manager
Performance Management Architect
Workspace
After this I restart the server.
Then back to the first check again... check if Process Manager and Workspace Agents are running. If not:
Check the Listener and Oracle DB(if you are using Oracle) services if are running, if not started
Then try to start the Process Manager service(you can also try to start the Workspace agents in the menu. Windows -> Start Menu -> Oracle EPM System -> Workspace - > Start Workspace Agent Services
Try all this, then start the EPM System Diagnostic again and check if all services are ok(some times Essbase Studio is not started, start it on the menu -> Essbase Studio - Start server).
This is what I did to fix my problem, and fix all the problems Now all services and EPM are running.
Hope this can help you
JailBreak
IT Network Manager
If helpful Please award points
Thank You

Network Client-login Issues...

Similar Messages

Maybe you are looking for